Merge branch 'kaizen3031593-sfn-tasks/null' into sfn-tasks/null

aws · Feb 17, 2022 · ec4beb7 · ec4beb7
2 parents d0dd2da + 122357b
commit ec4beb7
Show file tree

Hide file tree

Showing 3,386 changed files with 304,800 additions and 151,373 deletions.
diff --git a/.devcontainer.json b/.devcontainer.json
@@ -1,8 +1,8 @@
 {
     "name": "Dev Container Definition - AWS CDK",
-    "image": "jsii/superchain",
+    "image": "jsii/superchain:1-buster-slim",
     "postCreateCommand": "yarn build --skip-test --no-bail --skip-prereqs --skip-compat",
     "extensions": [
         "dbaeumer.vscode-eslint@2.1.5"
     ]
-}
+}
diff --git a/.gitallowed b/.gitallowed
@@ -23,10 +23,14 @@ account: '856666278305'
 account: '840364872350'
 account: '422531588944'
 account: '924023996002'
+account: '919366029133' #cn-north-1
+account: '919830735681' #cn-northwest-1
 
 # The account IDs of password rotation applications of Serverless Application Repository
 # https://docs.aws.amazon.com/secretsmanager/latest/userguide/enable-rotation-rds.html
 # partition aws
 account: '297356227824'
 # partition aws-cn
 account: '193023089310'
+# partition aws-us-gov
+account: '023102451235'
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,5 +9,12 @@ updates:
     schedule:
       interval: "weekly"
     labels:
-      - "pr/auto-approve"
+      - "auto-approve"
+    open-pull-requests-limit: 5
+  - package-ecosystem: "pip"
+    directory: "/packages/@aws-cdk/lambda-layer-awscli"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "auto-approve"
     open-pull-requests-limit: 5
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -6,7 +6,7 @@ These workflows and actions are configured in the AWS CDK GitHub repository.
 
 ### Auto Approve
 [auto-approve.yml](auto-approve.yml): Approves merging PRs with the
-`pr/auto-approve` label.
+`auto-approve` label.
 Owner: Core CDK team
 
 ### PR Linter

diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -1,4 +1,4 @@
-# Approve PRs with "pr/auto-approve". mergify takes care of the actual merge.
+# Approve PRs with "auto-approve". mergify takes care of the actual merge.
 
 name: auto-approve
 on:
@@ -7,11 +7,7 @@ on:
 
 jobs:
   auto-approve:
-    if: >
-       github.event.pull_request.user.login == 'dependabot[bot]'
-        || github.event.pull_request.user.login == 'dependabot-preview[bot]'
-        || (contains(github.event.pull_request.labels.*.name, 'pr/auto-approve')
-            && github.event.pull_request.user.login == 'aws-cdk-automation')
+    if: contains(github.event.pull_request.labels.*.name, 'auto-approve')
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write

diff --git a/.github/workflows/cr-checklist.yml b/.github/workflows/cr-checklist.yml
@@ -0,0 +1,19 @@
+name: "Custom resources checklist"
+on:
+  pull_request:
+    types: [ opened ]
+
+jobs:
+  checklist_job:
+    runs-on: ubuntu-latest
+    name: Creates a checklist for PRs that contain changes to custom resources
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+      - name: Dynamic checklist action
+        uses: vishalsinha21/dynamic-checklist@v1
+        with:
+          mappingFile: './.github/workflows/cr-mapping.json'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/.github/workflows/cr-mapping.json b/.github/workflows/cr-mapping.json
@@ -0,0 +1,8 @@
+{
+  "mappings": [
+    {
+      "keywords": ["CustomResourceProvider", "CustomResource", "CloudFormationCustomResourceDeleteEvent", "CloudFormationCustomResourceUpdateEvent", "CloudFormationCustomResourceCreateEvent"],
+      "comment": "I have read the guidelines on the [important cases to handle](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/custom-resources#important-cases-to-handle) when implementing the custom resource."
+    }
+  ]
+}
diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
@@ -0,0 +1,18 @@
+# Apply various labels on PRs
+
+name: pr-labeler
+on:
+  pull_request:
+    types: [ opened ]
+
+jobs:
+  auto-approve:
+    if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'dependabot-preview[bot]'
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write
+    steps:
+    - run: gh pr edit ${{ github.event.pull_request.number }} --add-label "auto-approve" -R ${{ github.repository }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Install & Build prlint
-        run: cd tools/@aws-cdk/prlint && yarn install --frozen-lockfile && yarn build+test
+        run: yarn install --frozen-lockfile && cd tools/@aws-cdk/prlint && yarn build+test
 
       - name: Validate
         uses: ./tools/@aws-cdk/prlint

diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Set up Node
-        uses: actions/setup-node@v2.4.1
+        uses: actions/setup-node@v2.5.1
         with:
           node-version: 12
 
@@ -27,7 +27,7 @@ jobs:
         run: echo "::set-output name=dir::$(yarn cache dir)"
 
       - name: Restore Yarn cache
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v2.1.7
         with:
           path: ${{ steps.yarn-cache.outputs.dir }}
           key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
@@ -49,6 +49,7 @@ jobs:
         # We special-case typescript because it's not semantically versionned
         # We special-case constructs because we want to stay in control of the minimum compatible version
         # We special-case lerna because we have a patch on it that stops applying if Lerna upgrades. Remove this once https://github.com/lerna/lerna/pull/2874 releases.
+        # We special-case aws-sdk-mock because of breaking changes in type exports https://github.com/dwyl/aws-sdk-mock/pull/260. We are not respecting `@ts-ignore`
         run: |-
           # Upgrade dependencies at repository root
           ncu --upgrade --filter=@types/node,@types/fs-extra --target=minor
@@ -57,7 +58,7 @@ jobs:
           # Upgrade all the packages
           lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor
           lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch
-          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/fs-extra,constructs,typescript,aws-sdk,${{ steps.list-packages.outputs.list }}'  --target=minor
+          lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/fs-extra,constructs,typescript,aws-sdk,aws-sdk-mock,${{ steps.list-packages.outputs.list }}'  --target=minor
       # This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run)
       - name: Run "yarn install"
         run: yarn install
@@ -110,7 +111,7 @@ jobs:
           title: 'chore: npm-check-updates && yarn upgrade'
           body: |-
             Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
-          labels: contribution/core,dependencies,pr/auto-approve
+          labels: contribution/core,dependencies,auto-approve
           team-reviewers: aws-cdk-team
           # Github prevents further Github actions to be run if the default Github token is used.
           # Instead use a privileged token here, so further GH actions can be triggered on this PR.

diff --git a/.gitignore b/.gitignore
@@ -23,6 +23,7 @@ coverage/
 *.sw[a-z]
 *~
 .idea
+*.iml
 junit.xml
 
 # We don't want tsconfig at the root

diff --git a/.mergify.yml b/.mergify.yml
@@ -1,22 +1,27 @@
 # See https://doc.mergify.io
+queue_rules:
+  - name: default
+    conditions:
+      - status-success~=AWS CodeBuild us-east-1
 
 pull_request_rules:
   - name: label core
     actions:
       label:
         add: [ contribution/core ]
     conditions:
-      - author~=^(eladb|RomainMuller|garnaat|nija-at|skinny85|rix0rrr|NGL321|Jerry-AWS|MrArnoldPalmer|NetaNir|iliapolo|njlynch|ericzbeard|ccfife|fulghum|pkandasamy91|SoManyHs|uttarasridhar|otaviomacedo|BenChaimberg|madeline-k|BryanPan342|kaizen3031593|comcalvi)$
+      - author~=^(eladb|RomainMuller|garnaat|nija-at|skinny85|rix0rrr|NGL321|Jerry-AWS|MrArnoldPalmer|NetaNir|iliapolo|njlynch|ericzbeard|ccfife|fulghum|pkandasamy91|SoManyHs|uttarasridhar|otaviomacedo|BenChaimberg|madeline-k|BryanPan342|kaizen3031593|comcalvi|Chriscbr|corymhall|peterwoodworth|ryparker)$
       - -label~="contribution/core"
   - name: automatic merge
     actions:
       comment:
         message: Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
-      merge:
-        strict: smart
+      queue:
+        name: default
         method: squash
-        strict_method: merge
-        commit_message: title+body
+        commit_message_template: |-
+          {{ title }} (#{{ number }})
+          {{ body }}
     conditions:
       - base!=release
       - -title~=(WIP|wip)
@@ -34,11 +39,12 @@ pull_request_rules:
     actions:
       comment:
         message: Thank you for contributing! Your pull request will be automatically updated and merged (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
-      merge:
-        strict: smart
+      queue:
+        name: default
         method: squash
-        strict_method: merge
-        commit_message: title+body
+        commit_message_template: |-
+          {{ title }} (#{{ number }})
+          {{ body }}
     conditions:
       - base!=release
       - -title~=(WIP|wip)
@@ -57,12 +63,12 @@ pull_request_rules:
     actions:
       comment:
         message: Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to [allow changes to be pushed to your fork](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)).
-      merge:
-        strict: smart
-        # Merge instead of squash
+      queue:
+        name: default
         method: merge
-        strict_method: merge
-        commit_message: title+body
+        commit_message_template: |-
+          {{ title }} (#{{ number }})
+          {{ body }}
     conditions:
       - -title~=(WIP|wip)
       - -label~=(blocked|do-not-merge)
@@ -103,12 +109,12 @@ pull_request_rules:
     actions:
       comment:
         message: Thanks Dependabot!
-      merge:
-        # 'strict: false' disables Mergify keeping the branch up-to-date from master.
-        # It's not necessary: Dependabot will do that itself.
-        # It's not dangerous: GitHub branch protection settings prevent merging stale branches.
-        strict: false
+      queue:
+        name: default
         method: squash
+        commit_message_template: |-
+          {{ title }} (#{{ number }})
+          {{ body }}
     conditions:
       - -title~=(WIP|wip)
       - -label~=(blocked|do-not-merge)
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,6 +23,7 @@ coverage/ @@
     *.sw[a-z]
     *~
     .idea
+    *.iml
     junit.xml
     # We don't want tsconfig at the root
@@ Expand Down @@