pipelines: optionally provide access to the environment configuration for the self mutate stage

[mrpackethead]

Currently there is no exposed method for modifying the environment of the self mutate stage. In my use-case of pipeline i need to allow the self-mutate codebuild to run in privldiged mode. This is because my source stages use lambdas that are based on docker backed executables. ( in particuallar i do this so i can have a native integration with AzureDevops. )... I also set the compute_type to LARGE rather than SMALL as this improves the build times.. (

I currently do this by using escape hatches to set the Environment of the SelfMutation

mutating_codebuild = self.pipeline.node.find_child(id ='UpdatePipeline')
            codebuild_project = mutating_codebuild.node.find_child(id ='SelfMutation')
            raw_code_build = codebuild_project.node.default_child    
            raw_code_build.add_override("Properties.Environment.PrivilegedMode", "True")
            raw_code_build.add_override("Properties.Environment.ComputeType", compute_type[pipeline_synth_cfg['Environment']['ComputeType']])

I would propose creating something similar to pipelines.SimpleSynthAction , perhaps pipelines.SimpleMutateAction, which could be optionally added to the cdkpipeline.. There may be a case for providing a way to pass build/install commands similar to the simple synth..

mutate_action = pipelines.SimpleMutateAction(
            environment = codebuild.BuildEnvironment(
                build_image = typing.cast(codebuild.IBuildImage, codebuild.LinuxBuildImage.AMAZON_LINUX_2_3),
                privileged = pipeline_synth_cfg['Environment']['Privileged'],
                compute_type = codebuild.ComputeType(pipeline_synth_cfg['Environment']['ComputeType'])
            )
            ]
        )

 # Create the Pipeline
        self.pipeline = pipelines.CdkPipeline(self, project_name + 'cdkPipeline',
            cloud_assembly_artifact = cloud_assembly_artifact,
            pipeline_name = f'{project_name}pipeline',
            source_action = pipeline_source_action,
            synth_action = synth_action,
           mutate_action = mutate_action       #  Add this here. 
            self_mutating = pipeline_cfg['Pipeline']['SelfMutate']
        )

[rix0rrr]

Would be addressed by #15169

[hoegertn]

As #15169 only touches the BuildSpec I will implement this in a separate PR to not mix too many things.

[hoegertn]

I think the specific use case mentioned in this issue is already possible with the supportDockerAssets option of the pipeline.

@mrpackethead can you test if this solves the problem?

[mrpackethead]

Not sure if i missed that when i first setup my pipelines or if supportDockerAssets has been added in subsequent versions.. For that specific issue, it would resolve the issue and makes the container run in a prividlged mode ( so docker can run ). However it doestn allow me to adjust the other parameters of the environment ( such as size )..

Additinally ( a new want/requirement ) is that i want to specifiy the images that both the synth and update codebuilds will use, so that they use pre-canned images with all our dependancies already installed to speed up pipeline times..

[mrpackethead]

I think all of this is addressed with the migration to the new cdk pipeline api

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.