Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-cdk-lib.aws_codebuild.PipelineProject: Upgrade default build environment #31614

Closed
1 of 2 tasks
awerchniak opened this issue Oct 1, 2024 · 2 comments · Fixed by #31859
Closed
1 of 2 tasks

aws-cdk-lib.aws_codebuild.PipelineProject: Upgrade default build environment #31614

awerchniak opened this issue Oct 1, 2024 · 2 comments · Fixed by #31859
Labels
@aws-cdk/aws-codebuild Related to AWS CodeBuild effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@awerchniak
Copy link

Describe the feature

The BuildImage for a CodeBuild Pipeline Project currently defaults to BuildEnvironment.LinuxBuildImage.STANDARD_1_0, which is deprecated. This can cause issues for AWS CodeBuild users who don't do a deep dive, as they will be working on a super old / deprecated version of Linux. I personally have run into issues as the version of Docker installed is quite old and is missing modern functionality; I'm sure there are plenty of other issues wrong with using a deprecated Linux Image, not the least of which being security implications.

References:

  1. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codebuild.PipelineProject.html#environment
  2. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codebuild.LinuxBuildImage.html#static-standard_1_0span-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan

Use Case

Users creating a CodeBuild PipelineProject with very simple build logic should receive a linux base image that is not deprecated. The default behavior for AWS customers is to provide an old image without security patches, which is bad.

Proposed Solution

Maybe upgrade the default value to one that's not deprecated, such as https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codebuild.LinuxBuildImage.html#static-standard_7_0 ?

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.160.0

Environment details (OS name and version, etc.)

all environments
@awerchniak awerchniak added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Oct 1, 2024
@github-actions github-actions bot added the @aws-cdk/aws-codebuild Related to AWS CodeBuild label Oct 1, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Oct 2, 2024
@khushail
Copy link
Contributor

khushail commented Oct 2, 2024
edited
Loading

Hi @awerchniak , thanks for reaching out.

The code defaults to assignment of BuildEnvironment.LinuxBuildImage.STANDARD_1_0

aws-cdk/packages/aws-cdk-lib/aws-codebuild/lib/project.ts

Line 1063 in 7e80cc9

this.buildImage = (props.environment && props.environment.buildImage) || LinuxBuildImage.STANDARD_1_0;

aws-cdk/packages/aws-cdk-lib/aws-codebuild/lib/project.ts

Line 566 in 7e80cc9

* @default BuildEnvironment.LinuxBuildImage.STANDARD_1_0

while this has been mentioned here as deprecated -

aws-cdk/packages/aws-cdk-lib/aws-codebuild/lib/project.ts

Line 1797 in 7a8ae02

/** @deprecated Use {@link LinuxBuildImage.STANDARD_7_0} instead. */

Thanks for pointing this out and volunteering for contribution. Marking this as P2.

@khushail khushail added effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Oct 2, 2024
@khushail khushail mentioned this issue Oct 2, 2024
Closed
1 task
@moelasmar moelasmar mentioned this issue Oct 24, 2024
Merged
1 task
@mergify mergify bot closed this as completed in #31859 Oct 24, 2024
mergify bot pushed a commit that referenced this issue Oct 24, 2024
@leoherran-aws
chore(codebuild): update default curated Docker image used in CodeBui…
d884c7c 
…ld projects (#31859)

### Issue # (if applicable)

Closes #31614

### Reason for this change

Updates the default curated Docker image used for CodeBuild projects to the latest version. The existing default image version is deprecated. 

### Description of changes

Updated image constants in the CodeBuild project logic. 

### Description of how you validated changes

Updated and ran CodeBuild unit tests. 

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 24, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-codebuild Related to AWS CodeBuild effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
2 participants
@awerchniak @khushail