feat: support CodePipeline V2 (#120)

Author: moritzzimmer

examples/deployment/complete/README.md

@@ -32,14 +32,14 @@ aws s3api put-object --bucket example-ci-{account_id}-{region} --key deployment-
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_archive"></a> [archive](#requirement\_archive) | >= 2.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.32 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_archive"></a> [archive](#provider\_archive) | >= 2.2 |
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.32 |
 
 ## Modules
 

examples/deployment/complete/main.tf

@@ -98,12 +98,24 @@ module "deployment" {
   codedeploy_deployment_group_alarm_configuration_alarms          = [aws_cloudwatch_metric_alarm.error_rate.id]
   codedeploy_deployment_group_auto_rollback_configuration_enabled = true
   codedeploy_deployment_group_auto_rollback_configuration_events  = ["DEPLOYMENT_FAILURE", "DEPLOYMENT_STOP_ON_ALARM"]
-  codepipeline_artifact_store_bucket                              = aws_s3_bucket.source.bucket                // example to (optionally) use the same bucket for deployment packages and pipeline artifacts
+  codepipeline_artifact_store_bucket                              = aws_s3_bucket.source.bucket // example to (optionally) use the same bucket for deployment packages and pipeline artifacts
+  codepipeline_type                                               = "V2"
   deployment_config_name                                          = aws_codedeploy_deployment_config.canary.id // optionally use custom deployment configuration or a different default deployment configuration like `CodeDeployDefault.LambdaLinear10PercentEvery1Minute` from https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations.html
   function_name                                                   = local.function_name
   s3_bucket                                                       = aws_s3_bucket.source.bucket
   s3_key                                                          = local.s3_key
 
+  codepipeline_variables = [
+    {
+      name          = "FOO"
+      default_value = "BAR"
+      description   = "test with all config values"
+    },
+    {
+      name = "BAR"
+    }
+  ]
+
   codepipeline_post_deployment_stages = [
     {
       name = "Custom"
@@ -161,7 +173,7 @@ module "traffic_hook" {
   filename         = data.archive_file.traffic_hook.output_path
   function_name    = "codedeploy-hook-example"
   handler          = "hook.handler"
-  runtime          = "python3.9"
+  runtime          = "python3.12"
   source_code_hash = data.archive_file.traffic_hook.output_base64sha256
 }
 

examples/deployment/complete/versions.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.0"
+      version = ">= 5.32"
     }
     archive = {
       source  = "hashicorp/archive"

modules/deployment/README.md

@@ -422,6 +422,8 @@ No modules.
 | <a name="input_codepipeline_artifact_store_encryption_key_id"></a> [codepipeline\_artifact\_store\_encryption\_key\_id](#input\_codepipeline\_artifact\_store\_encryption\_key\_id) | The KMS key ARN or ID of a key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don't specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). | `string` | `""` | no |
 | <a name="input_codepipeline_post_deployment_stages"></a> [codepipeline\_post\_deployment\_stages](#input\_codepipeline\_post\_deployment\_stages) | A map of post deployment stages to execute after the Lambda function has been deployed. The following stages are supported: `CodeBuild`, `CodeDeploy`, `CodePipeline`, `CodeStarNotifications`. | <pre>list(object({<br>    name = string<br>    actions = list(object({<br>      name             = string<br>      category         = string<br>      owner            = string<br>      provider         = string<br>      version          = string<br>      input_artifacts  = optional(list(any))<br>      output_artifacts = optional(list(any))<br>      configuration    = optional(map(string))<br>    }))<br>  }))</pre> | `[]` | no |
 | <a name="input_codepipeline_role_arn"></a> [codepipeline\_role\_arn](#input\_codepipeline\_role\_arn) | ARN of an existing IAM role for CodePipeline execution. If empty, a dedicated role for your Lambda function with minimal required permissions will be created. | `string` | `""` | no |
+| <a name="input_codepipeline_type"></a> [codepipeline\_type](#input\_codepipeline\_type) | Type of the CodePipeline. Possible values are: `V1` and `V2`. | `string` | `"V1"` | no |
+| <a name="input_codepipeline_variables"></a> [codepipeline\_variables](#input\_codepipeline\_variables) | CodePipeline variables. Valid only when `codepipeline_type` is `V2`. | <pre>list(object({<br>    name          = string<br>    default_value = optional(string)<br>    description   = optional(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_codestar_notifications_detail_type"></a> [codestar\_notifications\_detail\_type](#input\_codestar\_notifications\_detail\_type) | The level of detail to include in the notifications for this resource. Possible values are BASIC and FULL. | `string` | `"BASIC"` | no |
 | <a name="input_codestar_notifications_enabled"></a> [codestar\_notifications\_enabled](#input\_codestar\_notifications\_enabled) | Enable CodeStar notifications for your pipeline. | `bool` | `true` | no |
 | <a name="input_codestar_notifications_event_type_ids"></a> [codestar\_notifications\_event\_type\_ids](#input\_codestar\_notifications\_event\_type\_ids) | A list of event types associated with this notification rule. For list of allowed events see https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#events-ref-pipeline. | `list(string)` | <pre>[<br>  "codepipeline-pipeline-pipeline-execution-succeeded",<br>  "codepipeline-pipeline-pipeline-execution-failed"<br>]</pre> | no |

modules/deployment/main.tf

@@ -25,9 +25,10 @@ locals {
 resource "aws_codepipeline" "this" {
   depends_on = [aws_iam_role.codepipeline_role]
 
-  name     = local.pipeline_name
-  role_arn = var.codepipeline_role_arn == "" ? aws_iam_role.codepipeline_role[0].arn : var.codepipeline_role_arn
-  tags     = var.tags
+  name          = local.pipeline_name
+  pipeline_type = var.codepipeline_type
+  role_arn      = var.codepipeline_role_arn == "" ? aws_iam_role.codepipeline_role[0].arn : var.codepipeline_role_arn
+  tags          = var.tags
 
   artifact_store {
     location = local.artifact_store_bucket
@@ -157,6 +158,15 @@ resource "aws_codepipeline" "this" {
       }
     }
   }
+
+  dynamic "variable" {
+    for_each = var.codepipeline_variables
+    content {
+      name          = variable.value.name
+      default_value = variable.value.default_value
+      description   = variable.value.description
+    }
+  }
 }
 
 resource "aws_s3_bucket" "pipeline" {

modules/deployment/variables.tf

@@ -30,6 +30,12 @@ variable "codepipeline_artifact_store_encryption_key_id" {
   type        = string
 }
 
+variable "codepipeline_type" {
+  description = "Type of the CodePipeline. Possible values are: `V1` and `V2`."
+  default     = "V1"
+  type        = string
+}
+
 variable "codepipeline_role_arn" {
   description = "ARN of an existing IAM role for CodePipeline execution. If empty, a dedicated role for your Lambda function with minimal required permissions will be created."
   default     = ""
@@ -42,6 +48,16 @@ variable "codebuild_role_arn" {
   type        = string
 }
 
+variable "codepipeline_variables" {
+  description = "CodePipeline variables. Valid only when `codepipeline_type` is `V2`."
+  default     = []
+  type = list(object({
+    name          = string
+    default_value = optional(string)
+    description   = optional(string)
+  }))
+}
+
 variable "codebuild_cloudwatch_logs_retention_in_days" {
   description = "Specifies the number of days you want to retain log events in the CodeBuild log group."
   default     = 14