chore(release): revert #33134
Closed
chore(release): revert #33134
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR pulls out changes to `packages/aws-cdk` and `packages/@aws-cdk/cli-lib-alpha` from #32919 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: Momo Kornher <kornherm@amazon.co.uk> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…sting/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets (#32846) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/releases">path-to-regexp's releases</a>.</em></p> <blockquote> <h2>Fix backtracking (again)</h2> <p><strong>Fixed</strong></p> <ul> <li>Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: <a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j">https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j</a>)</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12">https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12</a></p> <h2>Error on bad input</h2> <p><strong>Changed</strong></p> <ul> <li>Add error on bad input values 8f09549</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11">https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/640e694c6fd971f78268439df9cf44040855e669"><code>640e694</code></a> 0.1.12</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"><code>f01c26a</code></a> Merge commit from fork</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/0c7119248b7cb528a0aea3ba45ed4e2db007cba4"><code>0c71192</code></a> 0.1.11</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/8f095497d678c2ec3495a99ab3928748731e73ee"><code>8f09549</code></a> Add error on bad input values</li> <li>See full diff in <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12">compare view</a></li> </ul> </details> <br /> Updates `express` from 4.21.1 to 4.21.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a> 4.21.2</li> <li><a href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a> deps: bump path-to-regexp@0.1.12 (<a href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li> <li><a href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a> deps: path-to-regexp@0.1.11 (<a href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li> <li><a href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a> docs: add funding (<a href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li> <li>See full diff in <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser for express since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
merge back
### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit b2b0577)
…#32245) ### Issue # (if applicable) None ### Reason for this change AWS Synthetics begins supporting the NodeJS Playwright runtime. https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-cloudwatch-synthetics-playwright-runtime-canaries-nodejs/ And Python Selenium runtime v4.1 is also released. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4.1 ### Description of changes Add two runtimes to `Runtime` class - SYNTHETICS_PYTHON_SELENIUM_4_1 - SYNTHETICS_NODEJS_PLAYWRIGHT_1_0 ### Description of how you validated changes Execute describe-runtime AWS CLI. ```sh aws synthetics describe-runtime-versions --region us-east-1 | grep VersionName "VersionName": "syn-python-selenium-4.1", ..., "VersionName": "syn-nodejs-playwright-1.0", ... ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit d68020b)
…2919) ### Description of changes Initial code for the Programmatic Toolkit. This won't be released just yet. Contains a mix of extensions and hard copies to the current CLI code. After this PR we are moving the appropriate tests over from the CLI. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes For the changes to `aws-cdk` we run the existing tests and the integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 35275c3)
### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 62a9d66)
### Description of changes Removing some unintentional public exports from the deploy action. Re-organizing files to improve project structure. Making the `.gitignore` file more readable. **No functional code changes!** ### Describe any new or updated permissions being added n/a ### Description of how you validated changes It builds. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 717d91d)
### Issue # (if applicable) Closes #1680. ### Reason for this change AWS S3 supports configuring [object replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html) , but the `s3.Bucket` construct does not support it. ### Description of changes Added `replicationRules` to `BucketProps`. #### Replication configuration version There are two versions of [replication configuration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html#replication-backward-compat-considerations). This PR uses only the V2 replication configuration to enable the specification of the Filter element and S3 Replication Time Control (S3 RTC). To use V2 replication configuration, this PR explicitly specifies [Filter.Prefix](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html#cfn-s3-bucket-replicationrulefilter-prefix) property. ```ts const prefix = rule.prefixFilter ?? ''; const filter = isAndFilter ? { and: { prefix, tagFilters: rule.tagFilter, }, } : { prefix, }; ``` V2 replication configuration has some restriction: - Must specify [DeleteMarkerReplication](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-deletemarkerreplication) ```sh ReplicationStack | 4/7 | 9:22:08 PM | CREATE_FAILED | AWS::S3::Bucket | SourceBucket (SourceBucketDDD2130A) Resource handler returned message: Delete marker replication is not supported if any Tag filter is specified. Please refer to S3 Developer Guide for more information. (Service: S3, Status Code: 400, Request ID: XXX, Extended Request ID: XXX) ``` - Must specify [Priority](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-priority) ```sh ReplicationStack | 4/7 | 9:12:08 PM | CREATE_FAILED | AWS::S3::Bucket | SourceBucket (SourceBucketDDD2130A) Resource handler returned message: Priority must be specified for this version of Cross Region Replication configuration schema. Please refer to S3 Developer Guide for more information. (Service: S3, Status Code: 400, Request ID: XXX, Extended Request ID: XXX) ``` These restriction is not documented but there are some posts about these points. - https://repost.aws/questions/QUiEc8wFE_Q16fX5WG-YWnrA/cloudformation-support-for-s3-replication-to-multiple-destination-buckets To resolve these problems,I made the `priority` required and explicitly set the `deleteMarkerReplication`. ```ts const prefix = rule.prefixFilter ?? ''; // set empty string to use V2 replication configuration const filter = isAndFilter ? { and: { prefix, tagFilters: rule.tagFilter, }, } : { prefix, }; return { id: rule.id, priority: rule.priority, status: 'Enabled', destination: { bucket: rule.destination.bucket.bucketArn, account: rule.destination.account, storageClass: rule.storageClass?.toString(), accessControlTranslation: rule.destination.accessControlTransition ? { owner: 'Destination', } : undefined, encryptionConfiguration: rule.kmsKey ? { replicaKmsKeyId: rule.kmsKey.keyArn, } : undefined, replicationTime: rule.replicationTimeControl !== undefined ? { status: rule.replicationTimeControl ? 'Enabled' : 'Disabled', time: { minutes: 15, }, } : undefined, metrics: rule.replicationTimeControlMetrics !== undefined ? { status: rule.replicationTimeControlMetrics ? 'Enabled' : 'Disabled', eventThreshold: { minutes: 15, }, } : undefined, }, filter, // To avoid deploy error when there are multiple replication rules with undefined deleteMarkerReplication, // CDK explicitly set the deleteMarkerReplication if it is undefined. deleteMarkerReplication: { status: rule.deleteMarkerReplication ? 'Enabled' : 'Disabled', }, sourceSelectionCriteria, }; ``` #### IAM permission There is a [documentation to setup IAM permissions for service role](https://docs.aws.amazon.com/AmazonS3/latest/userguide/setting-repl-config-perm-overview.html). ```json { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetReplicationConfiguration", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::SRC-BUCKET" ] }, { "Effect":"Allow", "Action":[ "s3:GetObjectVersionForReplication", "s3:GetObjectVersionAcl", "s3:GetObjectVersionTagging" ], "Resource":[ "arn:aws:s3:::SRC-BUCKET/*" ] }, { "Effect":"Allow", "Action":[ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ReplicateTags" ], "Resource":"arn:aws:s3:::DST-BUCKET/*" } ] } ``` However, there are discrepancies between the automatically generated IAM policies in the management console and the IAM policies in the documentation. Generated Policy: ```json { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetReplicationConfiguration", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionAcl", "s3:GetObjectVersionTagging", "s3:GetObjectRetention", "s3:GetObjectLegalHold" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::SRC-BUCKET", "arn:aws:s3:::SRC-BUCKET/*" ] }, { "Action": [ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ReplicateTags", "s3:GetObjectVersionTagging", "s3:ObjectOwnerOverrideToBucketOwner" ], "Effect": "Allow", "Condition": { "StringLikeIfExists": { "s3:x-amz-server-side-encryption": [ "aws:kms", "aws:kms:dsse", "AES256" ] } }, "Resource": [ "arn:aws:s3:::DST-BUCKET/*" ] }, { "Action": [ "kms:Decrypt" ], "Effect": "Allow", "Condition": { "StringLike": { "kms:ViaService": "s3.ap-northeast-1.amazonaws.com", "kms:EncryptionContext:aws:s3:arn": [ "arn:aws:s3:::SRC-BUCKET/*" ] } }, "Resource": [ "arn:aws:kms:ap-northeast-1:123456789012:key/hogehuga" ] }, { "Action": [ "kms:Encrypt" ], "Effect": "Allow", "Condition": { "StringLike": { "kms:ViaService": [ "s3.ap-northeast-1.amazonaws.com" ], "kms:EncryptionContext:aws:s3:arn": [ "arn:aws:s3:::DST-BUCKET*" ] } }, "Resource": [ "arn:aws:kms:ap-northeast-1:123456789012:key/hogefuga" ] } ] } ``` I adopted the policy from the document. I look forward to hearing your thoughts on this matter. ### Description of how you validated changes Added both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 9d8a7e2)
…or iam OIDC connection (under feature flag) (#32921) ### Issue # (if applicable) Closes #32920 ### Reason for this change Follow security best practices to disable allow unauthorized connection ### Description of changes Create a new feature flag that starting in the new feature, we will disable unauthorized connections ### Describe any new or updated permissions being added N/A ### Description of how you validated changes New integ and unit tests. Updated old tests. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 3e4f377)
### Reason for this change Using project references in `aws-cdk-lib` improves the experience for other monorepo packages depending on `aws-cdk-lib`. A project reference to a composite package is an explicit instruction to only look at the build declaration files of the references project and not compile declarations from the .ts files again. This is opt-in from the _calling_ package, but must be allowed from the target for some reason. Practically this improves performance for the dependant package, but also means that the package do not have to share the same TS config anymore. The latter is particularly useful if a newer package wants to impose stricter rules. Previously all these packages were effectively bound to the same (low-ish) standards. The original opt-out was historically enabled in #8625 However the situation has drastically changes since then. Particularly `aws-cdk-lib` is now a single mega package, and thus much easier to handle. ### Description of this change Enables project references in `aws-cdk-lib`. This exposed that we are still using some deprecated APIs in some downstream packages. Previously we didn't notice because ts compiler of the downstream package would look at the uncompiled source, which still had the deprecated type. However as part of the jsii compilation these are then removed from the type declarations (and thus jsii bindings). With project references we are now looking at the declaration files and thus any usage of deprecated APIs causes a build failure. This PR is also fixing all of these instances. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes existing tests and build ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit b049fa8)
### Reason for this change Fix Code Scanner issue ``` By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'. ``` ### Description of changes Create a new group and attach the user to the group. The dockerfile already gives necessary permissions with statements like `chmod 777` ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit ddaad47)
### Issue # (if applicable) Closes #13983. Closes #31689. ### Reason for this change When we want to receive HTTP 404 response where the requested object does not exist, s3:ListBucket permission is needed in the S3 bucket policy. Unlike `errorResponses` to convert 403 response to 404, This is useful to distinguish between responses blocked by WAF (403) and responses where the file does not exist (404). ### Description of changes Added a new `AccessLevel.LIST` to allow s3:ListBucket. ### Description of how you validated changes Unit test and integration test. The integ test also tests the response is 404. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 2b2443d)
) ### Issue #32848 Closes #32848 Reason for this change The current sample schema is incorrect and causes the stack deployment to fail. Description of changes I modified the sample GraphQL schema so that it is successfully deployed. Describe any new or updated permissions being added <!— What new or updated IAM permissions are needed to support the changes being introduced ? --> Description of how you validated changes I was able to successfully deploy the stack after making the changes I already proposed in the PR. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit e8e058c)
### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change Anecdotally, contributors often encounter the "This branch is out-of-date with the base branch" message, which can be confusing. Since I couldn’t find a clear explanation, I sought clarification from one of the admins in [this comment](#32889 (comment)). I’ve summarized their guidance to help other contributors navigate this issue more easily. ### Description of changes Added clarification on a common "error" in the contributor guidelines. ### Describe any new or updated permissions being added ### Description of how you validated changes An admin provided guidance on the issue, and it resolved the problem effectively in my case. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 74bd8ce)
The PR linter code was a bit of a mess; evaluating rules and mutating the PR was interspersed, generic GitHub code was mixed with CDK-specific code, the linter could be triggered from multiple sources, none of them were documented very well. Try to rectify all of that in this PR to make it easier to extend the PR linter in the future: - Split the linter into clear evaluate/act responsibilities. - Split code across more than 1 file. - Document how the "PR Linter Trigger" works - Streamline how we get a PR number into the linter. - Give an example of how to run it locally to test the rule evaluation on real PRs Not every crazy design decision has been rectified yet, but at least we have a start of something a little more comprehensible. Another change I made: the old PR linter creates a comment + a review with the same content (but not quite). In this PR, make it just do reviews and don't do comments. This started from a PR that had CodeCov changes added, but I want to do a refactor without feature changes first before adding new code. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 680b6ba)
Almost every PR immediately looks like it's failing with a red cross, because the PR linter fails if it is requesting changes. The "Changes Requested" review by itself is enough to prevent a PR from getting merged by the Mergify config, so we don't actually need to fail the PR linter as well. Instead: the PR linter succeeds if it runs to the end, and it may request changes on the PR. If it fails, then it's because it was unable to do its job for some reason (that should and will still block merging, so we are not accidentally failing open if something is wrong with the linter). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 2afdf25)
### Issue Closes #32940 ### Description of changes Define the API for the synth action. Includes DX improvements for some other APIs. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes These are the tests! ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 63b0936)
Since the buffered console captures stdout/stderr, in some call sequences it keeps recursing forever and overflows memory. It does not repro in this repository, but it repros in a different one. The fix is to stop capturing while we print results. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 776620d)
I suspect that `check_suite` is a useful event to use for the PR linter. Add a workflow that will trigger on `check_suite` and prints some relevant information, so we can spy on. This workflow was created by AI, we'll see how it does. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit c9d1684)
In lack of a public docs page, use typedoc for now. ### Description of how you validated changes Docs only ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 88fe797)
…dk package (#32989) Instead use local file references. We still have it listed as a dev dependency, because we do need the cli build in the monorepo before the toolkit. Also adds a script to publish a "public" version locally ### Describe any new or updated permissions being added n/a ### Description of how you validated changes It builds and the "published" package can be used successfully ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit d16482f)
### Issue #32994 Closes #32994 ### Reason for this change Previously it was not possible to provide external context. ### Description of changes Cloud Assembly Source Builder now optionally take a Context object that is provided to the source when the assembly is produced. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Unit tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit ebe9580)
adds toolkit tests for deploy ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 794520c)
Caused much confusion as to whether the docs or the code was wrong. 99% sure its the docs. Will make the same changes in toolkit in a separate PR. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 4a76fee)
These are tests ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 8c1be1e)
…ions (#32838) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change When you update multiple aspects of a Lambda function by modifying an `aws-cdk-lib.aws-lambda` L2 construct and deploying in a single CDK deployment, you may encounter a short period of time where errors occur due to all aspects not being updated together. ### Description of changes Add documentation in `aws-cdk-lib.aws-lambda` to explain this potential situation. ### Describe any new or updated permissions being added None ### Description of how you validated changes None. Only updated README.md ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com> (cherry picked from commit 6c5accd)
### Description of changes We currently have to maintain a global singleton `CliIoHost` until we have passed the ioHost through all the layers for logging. Previously the global settings for this `IoHost` were all over the place using setter functions and global variables. This refactor unifies all these APIs on the `CliIoHost`, through the global instance. We also need the ability to register a _different_ `IoHost` that must be used for reporting. This is the case when a Toolkit integrator provides a custom implemenation. ### Describe any new or updated permissions being added no ### Description of how you validated changes Existing and updated test cases. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 72e089b)
…33079) ### Issue `aws-synthetics` for #32569 ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is basically a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit e4703c1)
Add a CLI integ test to validate that `cdk deploy` works in a fully network-isolated environment, with only a proxy to go through. This validates that no parts of the CLI setup ignore the proxy configuration, which would otherwise be hard to test. We achieve the network isolation by running the code inside a Docker container where we use `iptables` to drop all network traffic that doesn't go through the Docker host, where we run a proxy. I temporarily bumped the `tsconfig` `target` to try out the `using` syntax (didn't work out with Jest), but that caused some compiler errors around class member initialization that I fixed as well. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> (cherry picked from commit 9e220c8)
### Reason for this change This file is completely unused in our code base. The test also doesn't test anything by indirection. ### Description of changes Removed the unused file and test. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Searched for the function on GitHub and internally. All found references are copies of the CDK code base and don't represent actual usage of the exported function. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 8506d31)
### Reason for this change Cleaning up the CLI code base in preparation for splitting out the library parts. It's currently quite hard to reason about the existing api code as its spread across many files and deep subpath imports. This change attempts to partly rectify the situation by grouping files with strong interdependencies together and creating a unified import location. The change deliberately gives up on potential feature reusability of some helpers in order to create locality. ### Description of changes Collating existing files and APIs into a new submodule `api/deployments`. Updated imports accordingly. No functional changes. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes exiting tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit ac90399)
…rops (#32841) ### Issue #32840 Closes #32840 ### Reason for this change When initializing a new RDS DB Cluster, the [current implementation](https://github.com/aws/aws-cdk/pull/32151/files#diff-49b4a9e1bf0b7db3ab71f4f08580da0cb2191d84605dc82a70c324bd122d5cf7R805-R828) fails on the first validation error, making it possible for the user to encounter another failure after fixing known validation issues. ### Description of changes Implemented a [validation function](https://github.com/aws/aws-cdk/pull/32841/files#diff-5d08d37e744e173239879212c59fd45cb9a279349f3dfb1c66923cb015ed3a3a) that collects all validation errors and presents them to the user. Used this function in RDS Database Cluster initialization. I will implement this separately for SQS Queue initialization as a POC for usability. There are several other places that can make use of this shared code, to show users all validation errors at once. Here's a non-exhaustive list: - [aws-ec2](https://github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-ec2/lib/volume.ts#L672-L743) - [eventbridge-scheduler](https://github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/eventbridge-scheduler/create-schedule.ts#L324-L362) - [aws-fsx](https://github.com/aws/aws-cdk/blob/3e4f3773bfa48b75bf0adc7d53d46bbec7714a9e/packages/aws-cdk-lib/aws-fsx/lib/lustre-file-system.ts#L360-L380) ### Describe any new or updated permissions being added No permissions changes. ### Description of how you validated changes Added unit tests and modified existing unit tests. <img width="698" alt="Screenshot 2025-01-16 at 14 51 47" src="https://github.com/user-attachments/assets/a724a16a-7ccc-43b6-8fee-599ec007566d" /> ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 344d916)
Add a new option, `--untrust`, to the `bootstrap` command. Passing a list of account IDs as values to this option removes those account IDs from the trust relationships in the bootstrap roles. Closes #22703. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 4713bdd)
introduces rollback to the programatic toolkit, plus tests ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 6a9cbc2)
enforces spacing at beginning of comments. we are exempting situations that have `///` because they are special comments that jsii recognizes, and situations that have `////////` to delineate a split of some sport. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 1e2c1ae)
The following models are now legacy for all regions: * Claude v2, Claude v2.1 * Claude Instant Ref: https://docs.aws.amazon.com/bedrock/latest/userguide/model-lifecycle.html Note: Since Claude 3 Sonnet is legacy only in specific regions, I did not add a deprecated label. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit c0ed449)
### Issue #33098 Closes #33098. ### Reason for this change When initializing a new SQS Queue, props validation throws an error at the first validation issue encountered. If there are multiple validation issues, the user is only informed of the first one. ### Description of changes Using `validateAllProps` presents all validation errors to the user at once. If `redriveAllowPolicy` is enabled, the policy will also be evaluated in the same way. ### Describe any new or updated permissions being added No permissions changes. ### Description of how you validated changes Adjusted and added unit tests. Ran integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit b77e937)
PR linter now checks for lowercase scope. Valid: `fix(s3): blah` Invalid: `fix(S3): blah` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 6409246)
#33102) Updates the PR linter to remove `Revert` as a valid title prefix, in favor of `revert`. To be fair, this is a stylistic change, but I think its unclean to have every other valid prefix as lowercase except for `Revert`. The reason is because github automatically titles revert PRs with `Revert`, but I don't think it's much effort for engineers to update the title so it fits in the style with everything else. In addition, I've updated the failure message to make it clear what it's looking for, rather than a link to conventionalcommits. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 809a7f0)
…nts (#33105) Many changes here: - The PR linter now removes the text of previous reviews, so that they are not distracting. - The PR linter now deletes old comments; before the rewrite, it used to create both comments and reviews. The comments should be deleted. - There were a bunch of missing `await`s, add those. - The missing `await`s slipped in because in the past someone tried to turn off *some* linter rules, and in doing so disabled *all* linter rules. For now, just re-enable the ones that have to do with promises. - Fix a typo in a global constant - Only log the relevant details of reviews, instead of the entire GitHub object ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 7b9f6c8)
### Issue `aws-s3*` for #32569 ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is basically a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit aea8f3b)
…typed errors (#33076) ### Issue `aws-apigatewayv2-authorizers` for #32569 ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is basically a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit dd34d2e)
Investigation has shown that `check_suite` only triggers on main repo events, never on forks. Let's see what `check_run` does. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit c0a2cbf)
### Reason for this change
When running the CDK CLI in trace mode (with `-vv`), e.g. `cdk deploy -vv` we log all SDK calls and their inputs. For file uploads, the input contains the buffer of the file to be uploaded. This results in really bad output:
```
[20:14:31] [sdk info] S3.PutObject({"Bucket":"cdk-hnb659fds-assets-us-east-1","Key":"220c435f80d2dd2cfc5dd0e8e29bfbb6ec58892bd813f5d6a008fdda38f6c02f.zip","Body":{"type":"Buffer","data":[80,75,3,4,20,0,8,0,8,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,100,97,116,97,46,116,120,116,75,73,44,73,52,227,2,0,80,75,7,8,165,92,116,66,8,0,0,0,6,0,0,0,80,75,1,2,45,3,20,0,8,0,8,0,0,0,33,0,165,92,116,66,8,0,0,0,6,0,0,0,8,0,0,0,0,0,0,0,0,0,32,0,164,129,0,0,0,0,100,97,116,97,46,116,120,116,80,75,5,6,0,0,0,0,1,0,1,0,54,0,0,0,62,0,0,0,0,0]},"ContentType":"application/zip","ChecksumAlgorithm":"SHA256","ServerSideEncryption":"aws:kms"}) -> OK
```
Now in this case we are only uploading 138 bytes. Imagine what this log looks like for files of 10MiB or 100MiB. Reportedly this also crashed every terminal.
### Description of changes
There's no need to log the buffer bytes. Instead replace it with a string indicating its a buffer and the buffer length:
```
[20:14:31] [sdk info] S3.PutObject({"Body":"<Buffer 138 Bytes>"}) -> OK
```
### Describe any new or updated permissions being added
n/a
### Description of how you validated changes
Tests
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
(cherry picked from commit d95add3)
This triggers a bazillion times. Let's save some money. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 4eb87b6)
This has the advantage that failing CodeCov checks can be ignored with a label. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* (cherry picked from commit 34ae997)
Closed
moelasmar
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
moelasmar
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.