[pipelines] Self mutation deploys everything not just the pipeline

[jonny-rimek]

The update pipeline deploys changes that are made outside of the pipeline, e.g. creating a s3 bucket

this is the pipeline that got created

to my surprise it doesn't contain deploy stages, which is what I expected from the documentation and examples

#!/usr/bin/env node
import 'source-map-support/register';
import cdk = require('@aws-cdk/core');
import { V2 } from '../lib/v2';
import { Construct, Stage, Stack, StackProps, StageProps, SecretValue } from '@aws-cdk/core';
import { CdkPipeline, SimpleSynthAction } from '@aws-cdk/pipelines';
import * as codepipeline from '@aws-cdk/aws-codepipeline';
import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'

class Wowmate extends Stage {
	constructor(scope: Construct, id: string, props?: StageProps) {
		super(scope, id, props);

		new V2(this, 'V2')
		// new Frontend(this, 'frontend')
	}
}

class WowmatePipelineStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const sourceArtifact = new codepipeline.Artifact();
    const cloudAssemblyArtifact = new codepipeline.Artifact();

    const pipeline = new CdkPipeline(this, 'Pipeline', {
      pipelineName: 'WowmatePipeline',
      cloudAssemblyArtifact,

      sourceAction: new codepipeline_actions.GitHubSourceAction({
		actionName: 'GitHub',
		output: sourceArtifact,
		branch: 'master',
		oauthToken: SecretValue.secretsManager('github-personal-access-token'),
		//TODO: switch to webhook, might need to update the oath token
        trigger: codepipeline_actions.GitHubTrigger.POLL,
        owner: 'jonny-rimek',
        repo: 'wowmate',
      }),
      synthAction: SimpleSynthAction.standardNpmSynth({
        sourceArtifact,
        cloudAssemblyArtifact,

        buildCommand: 'npm run build',
      }),
    });

	const wmp = pipeline.addApplicationStage(new Wowmate(this, 'Prod'));
	wmp.addManualApprovalAction();
  }
}


const app = new cdk.App();
new WowmatePipelineStack(app, 'WoWM', {
	env: {region: "us-east-1"}
});

Currently the v2 stack only contains 2 buckets, if I add an ApplicationLoadBalancedFargateService, it tried to build docker in this stage too, instead of creating a dedicated stage, which is the desired behaviour, afaik.

Environment

• **Framework Version:1.58

This is 🐛 Bug Report

as far as I can tell I followed all the tutorials to the letter, I have no idea whats wrong

[rix0rrr]

As far as I can tell this ticket contains 3 bug reports:

The update pipeline deploys changes that are made outside of the pipeline, e.g. creating a s3 bucket

I don't know what that means. Can you explain what you mean by "made outside of the pipeline"?

to my surprise it doesn't contain deploy stages

That is odd. I'm suprised by the fact that you didn't add an account, even if only to look like account: process.env.CDK_DEFAULT_ACCOUNT, and I'm even more suprised by the fact that you didn't get yelled at for not supplying an account. Can you verify whether that makes a difference?

Other than that, is there a place I can find this code to play with it for myself?

Currently the v2 stack only contains 2 buckets, if I add an ApplicationLoadBalancedFargateService, it tried to build docker in this stage too, instead of creating a dedicated stage, which is the desired behaviour, afaik.

It will not be a dedicated stage; Stages contain Stacks contain Constructs. If you put the ApplicationLoadBalancedFargateService into the same stack as your S3 buckets, that's where it will go. I don't understand what "it tried to build docker" means.

[jonny-rimek]

I don't know what that means. Can you explain what you mean by "made outside of the pipeline"?

My understanding is that the UpdatePipeline Part of the Pipeline is where the pipeline rebuilds itself. One problem is that it not only adjusts the pipeline, but deploys all the infrastructure inside the UpdatePipeline part, i.e. the Bucket and tries to build the docker image and deploy it, but that fails, which is probably not really a problem because it shouldn't run at this point anyway.

That is odd. I'm surprised by the fact that you didn't add an account, even if only to look like account: process.env.CDK_DEFAULT_ACCOUNT, and I'm even more surprised by the fact that you didn't get yelled at for not supplying an account. Can you verify whether that makes a difference?

I'm adding my account ID and will check if that changes anything.

It will not be a dedicated stage; Stages contain Stacks contain Constructs. If you put the ApplicationLoadBalancedFargateService into the same stack as your S3 buckets, that's where it will go. I don't understand what "it tried to build docker" means.

with stage, I meant a dedicated step inside the Code Pipeline, not a stage in CDK ^^

Other than that, is there a place I can find this code to play with it for myself?

@rix0rrr I'll extract the code and post the repo soon

If the pipeline construct will go stable, having a somewhat complex example would go a long way to understanding how it all works

[jonny-rimek]

As far as I can tell, adding the account ID didn't change anything. I still don't have the deploy step in CodePipeline and the UpdatePipeline step still applies infrastructure changes besides the pipeline itself (e.g. a new bucket inside the v2 construct).

repo with the code:
https://github.com/jonny-rimek/jonny

[jonny-rimek]

Not sure if I missed some news, but is it possible to publish assets(ecs/lambda) during synth and deploy it with Code Deploy, without the pipelines construct. I used Circle CI in the past, but running cdk deploy as a last step in the pipeline has a couple of problems.

[rix0rrr]

This needs to be a Stack:

https://github.com/jonny-rimek/jonny/blob/master/lib/v2.ts#L5

[rix0rrr]

Not sure if I missed some news, but is it possible to publish assets(ecs/lambda) during synth and deploy it with Code Deploy, without the pipelines construct. I used Circle CI in the past, but running cdk deploy as a last step in the pipeline has a couple of problems.

It might be possible, but has some assembly required. After cdk synth, you run cdk-assets to upload the assets. Not sure there's a flag to do the template deploy without assets, so you might need to use the AWS CLI to do the actual deploy.

[jonny-rimek]

@rix0rrr such a silly mistake^^ thanks for the help. It definitely creates the prepare and the deploy step.

I'm stopping using this construct for now until it is stable.