chore(release): 2.177.0 #33158
Merged
chore(release): 2.177.0 #33158
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR pulls out changes to `packages/aws-cdk` and `packages/@aws-cdk/cli-lib-alpha` from #32919 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: Momo Kornher <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…sting/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets (#32846) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/releases">path-to-regexp's releases</a>.</em></p> <blockquote> <h2>Fix backtracking (again)</h2> <p><strong>Fixed</strong></p> <ul> <li>Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: <a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j">https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j</a>)</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12">https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12</a></p> <h2>Error on bad input</h2> <p><strong>Changed</strong></p> <ul> <li>Add error on bad input values 8f09549</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11">https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/640e694c6fd971f78268439df9cf44040855e669"><code>640e694</code></a> 0.1.12</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"><code>f01c26a</code></a> Merge commit from fork</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/0c7119248b7cb528a0aea3ba45ed4e2db007cba4"><code>0c71192</code></a> 0.1.11</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/8f095497d678c2ec3495a99ab3928748731e73ee"><code>8f09549</code></a> Add error on bad input values</li> <li>See full diff in <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12">compare view</a></li> </ul> </details> <br /> Updates `express` from 4.21.1 to 4.21.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: [email protected] by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump [email protected] by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: [email protected] <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: [email protected] <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a> 4.21.2</li> <li><a href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a> deps: bump [email protected] (<a href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li> <li><a href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a> deps: [email protected] (<a href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li> <li><a href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a> docs: add funding (<a href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li> <li>See full diff in <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser for express since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.176.0/CHANGELOG.md) Co-authored-by: AWS CDK Team <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Reverts #32890 AWS Glue team is making big changes to the glue alpha module and we do not want to merge anything into glue at the moment to avoid merge conflcits that will delay their process.
…#32245) ### Issue # (if applicable) None ### Reason for this change AWS Synthetics begins supporting the NodeJS Playwright runtime. https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-cloudwatch-synthetics-playwright-runtime-canaries-nodejs/ And Python Selenium runtime v4.1 is also released. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4.1 ### Description of changes Add two runtimes to `Runtime` class - SYNTHETICS_PYTHON_SELENIUM_4_1 - SYNTHETICS_NODEJS_PLAYWRIGHT_1_0 ### Description of how you validated changes Execute describe-runtime AWS CLI. ```sh aws synthetics describe-runtime-versions --region us-east-1 | grep VersionName "VersionName": "syn-python-selenium-4.1", ..., "VersionName": "syn-nodejs-playwright-1.0", ... ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…2919) ### Description of changes Initial code for the Programmatic Toolkit. This won't be released just yet. Contains a mix of extensions and hard copies to the current CLI code. After this PR we are moving the appropriate tests over from the CLI. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes For the changes to `aws-cdk` we run the existing tests and the integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change Fixed typos in code comments. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Description of changes Removing some unintentional public exports from the deploy action. Re-organizing files to improve project structure. Making the `.gitignore` file more readable. **No functional code changes!** ### Describe any new or updated permissions being added n/a ### Description of how you validated changes It builds. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #1680. ### Reason for this change AWS S3 supports configuring [object replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html) , but the `s3.Bucket` construct does not support it. ### Description of changes Added `replicationRules` to `BucketProps`. #### Replication configuration version There are two versions of [replication configuration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html#replication-backward-compat-considerations). This PR uses only the V2 replication configuration to enable the specification of the Filter element and S3 Replication Time Control (S3 RTC). To use V2 replication configuration, this PR explicitly specifies [Filter.Prefix](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrulefilter.html#cfn-s3-bucket-replicationrulefilter-prefix) property. ```ts const prefix = rule.prefixFilter ?? ''; const filter = isAndFilter ? { and: { prefix, tagFilters: rule.tagFilter, }, } : { prefix, }; ``` V2 replication configuration has some restriction: - Must specify [DeleteMarkerReplication](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-deletemarkerreplication) ```sh ReplicationStack | 4/7 | 9:22:08 PM | CREATE_FAILED | AWS::S3::Bucket | SourceBucket (SourceBucketDDD2130A) Resource handler returned message: Delete marker replication is not supported if any Tag filter is specified. Please refer to S3 Developer Guide for more information. (Service: S3, Status Code: 400, Request ID: XXX, Extended Request ID: XXX) ``` - Must specify [Priority](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationrule.html#cfn-s3-bucket-replicationrule-priority) ```sh ReplicationStack | 4/7 | 9:12:08 PM | CREATE_FAILED | AWS::S3::Bucket | SourceBucket (SourceBucketDDD2130A) Resource handler returned message: Priority must be specified for this version of Cross Region Replication configuration schema. Please refer to S3 Developer Guide for more information. (Service: S3, Status Code: 400, Request ID: XXX, Extended Request ID: XXX) ``` These restriction is not documented but there are some posts about these points. - https://repost.aws/questions/QUiEc8wFE_Q16fX5WG-YWnrA/cloudformation-support-for-s3-replication-to-multiple-destination-buckets To resolve these problems,I made the `priority` required and explicitly set the `deleteMarkerReplication`. ```ts const prefix = rule.prefixFilter ?? ''; // set empty string to use V2 replication configuration const filter = isAndFilter ? { and: { prefix, tagFilters: rule.tagFilter, }, } : { prefix, }; return { id: rule.id, priority: rule.priority, status: 'Enabled', destination: { bucket: rule.destination.bucket.bucketArn, account: rule.destination.account, storageClass: rule.storageClass?.toString(), accessControlTranslation: rule.destination.accessControlTransition ? { owner: 'Destination', } : undefined, encryptionConfiguration: rule.kmsKey ? { replicaKmsKeyId: rule.kmsKey.keyArn, } : undefined, replicationTime: rule.replicationTimeControl !== undefined ? { status: rule.replicationTimeControl ? 'Enabled' : 'Disabled', time: { minutes: 15, }, } : undefined, metrics: rule.replicationTimeControlMetrics !== undefined ? { status: rule.replicationTimeControlMetrics ? 'Enabled' : 'Disabled', eventThreshold: { minutes: 15, }, } : undefined, }, filter, // To avoid deploy error when there are multiple replication rules with undefined deleteMarkerReplication, // CDK explicitly set the deleteMarkerReplication if it is undefined. deleteMarkerReplication: { status: rule.deleteMarkerReplication ? 'Enabled' : 'Disabled', }, sourceSelectionCriteria, }; ``` #### IAM permission There is a [documentation to setup IAM permissions for service role](https://docs.aws.amazon.com/AmazonS3/latest/userguide/setting-repl-config-perm-overview.html). ```json { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetReplicationConfiguration", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::SRC-BUCKET" ] }, { "Effect":"Allow", "Action":[ "s3:GetObjectVersionForReplication", "s3:GetObjectVersionAcl", "s3:GetObjectVersionTagging" ], "Resource":[ "arn:aws:s3:::SRC-BUCKET/*" ] }, { "Effect":"Allow", "Action":[ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ReplicateTags" ], "Resource":"arn:aws:s3:::DST-BUCKET/*" } ] } ``` However, there are discrepancies between the automatically generated IAM policies in the management console and the IAM policies in the documentation. Generated Policy: ```json { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetReplicationConfiguration", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionAcl", "s3:GetObjectVersionTagging", "s3:GetObjectRetention", "s3:GetObjectLegalHold" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::SRC-BUCKET", "arn:aws:s3:::SRC-BUCKET/*" ] }, { "Action": [ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ReplicateTags", "s3:GetObjectVersionTagging", "s3:ObjectOwnerOverrideToBucketOwner" ], "Effect": "Allow", "Condition": { "StringLikeIfExists": { "s3:x-amz-server-side-encryption": [ "aws:kms", "aws:kms:dsse", "AES256" ] } }, "Resource": [ "arn:aws:s3:::DST-BUCKET/*" ] }, { "Action": [ "kms:Decrypt" ], "Effect": "Allow", "Condition": { "StringLike": { "kms:ViaService": "s3.ap-northeast-1.amazonaws.com", "kms:EncryptionContext:aws:s3:arn": [ "arn:aws:s3:::SRC-BUCKET/*" ] } }, "Resource": [ "arn:aws:kms:ap-northeast-1:123456789012:key/hogehuga" ] }, { "Action": [ "kms:Encrypt" ], "Effect": "Allow", "Condition": { "StringLike": { "kms:ViaService": [ "s3.ap-northeast-1.amazonaws.com" ], "kms:EncryptionContext:aws:s3:arn": [ "arn:aws:s3:::DST-BUCKET*" ] } }, "Resource": [ "arn:aws:kms:ap-northeast-1:123456789012:key/hogefuga" ] } ] } ``` I adopted the policy from the document. I look forward to hearing your thoughts on this matter. ### Description of how you validated changes Added both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…or iam OIDC connection (under feature flag) (#32921) ### Issue # (if applicable) Closes #32920 ### Reason for this change Follow security best practices to disable allow unauthorized connection ### Description of changes Create a new feature flag that starting in the new feature, we will disable unauthorized connections ### Describe any new or updated permissions being added N/A ### Description of how you validated changes New integ and unit tests. Updated old tests. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Using project references in `aws-cdk-lib` improves the experience for other monorepo packages depending on `aws-cdk-lib`. A project reference to a composite package is an explicit instruction to only look at the build declaration files of the references project and not compile declarations from the .ts files again. This is opt-in from the _calling_ package, but must be allowed from the target for some reason. Practically this improves performance for the dependant package, but also means that the package do not have to share the same TS config anymore. The latter is particularly useful if a newer package wants to impose stricter rules. Previously all these packages were effectively bound to the same (low-ish) standards. The original opt-out was historically enabled in #8625 However the situation has drastically changes since then. Particularly `aws-cdk-lib` is now a single mega package, and thus much easier to handle. ### Description of this change Enables project references in `aws-cdk-lib`. This exposed that we are still using some deprecated APIs in some downstream packages. Previously we didn't notice because ts compiler of the downstream package would look at the uncompiled source, which still had the deprecated type. However as part of the jsii compilation these are then removed from the type declarations (and thus jsii bindings). With project references we are now looking at the declaration files and thus any usage of deprecated APIs causes a build failure. This PR is also fixing all of these instances. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes existing tests and build ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Fix Code Scanner issue ``` By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'. ``` ### Description of changes Create a new group and attach the user to the group. The dockerfile already gives necessary permissions with statements like `chmod 777` ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #13983. Closes #31689. ### Reason for this change When we want to receive HTTP 404 response where the requested object does not exist, s3:ListBucket permission is needed in the S3 bucket policy. Unlike `errorResponses` to convert 403 response to 404, This is useful to distinguish between responses blocked by WAF (403) and responses where the file does not exist (404). ### Description of changes Added a new `AccessLevel.LIST` to allow s3:ListBucket. ### Description of how you validated changes Unit test and integration test. The integ test also tests the response is 404. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) ### Issue #32848 Closes #32848 Reason for this change The current sample schema is incorrect and causes the stack deployment to fail. Description of changes I modified the sample GraphQL schema so that it is successfully deployed. Describe any new or updated permissions being added <!— What new or updated IAM permissions are needed to support the changes being introduced ? --> Description of how you validated changes I was able to successfully deploy the stack after making the changes I already proposed in the PR. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change Anecdotally, contributors often encounter the "This branch is out-of-date with the base branch" message, which can be confusing. Since I couldn’t find a clear explanation, I sought clarification from one of the admins in [this comment](#32889 (comment)). I’ve summarized their guidance to help other contributors navigate this issue more easily. ### Description of changes Added clarification on a common "error" in the contributor guidelines. ### Describe any new or updated permissions being added ### Description of how you validated changes An admin provided guidance on the issue, and it resolved the problem effectively in my case. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The PR linter code was a bit of a mess; evaluating rules and mutating the PR was interspersed, generic GitHub code was mixed with CDK-specific code, the linter could be triggered from multiple sources, none of them were documented very well. Try to rectify all of that in this PR to make it easier to extend the PR linter in the future: - Split the linter into clear evaluate/act responsibilities. - Split code across more than 1 file. - Document how the "PR Linter Trigger" works - Streamline how we get a PR number into the linter. - Give an example of how to run it locally to test the rule evaluation on real PRs Not every crazy design decision has been rectified yet, but at least we have a start of something a little more comprehensible. Another change I made: the old PR linter creates a comment + a review with the same content (but not quite). In this PR, make it just do reviews and don't do comments. This started from a PR that had CodeCov changes added, but I want to do a refactor without feature changes first before adding new code. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Almost every PR immediately looks like it's failing with a red cross, because the PR linter fails if it is requesting changes. The "Changes Requested" review by itself is enough to prevent a PR from getting merged by the Mergify config, so we don't actually need to fail the PR linter as well. Instead: the PR linter succeeds if it runs to the end, and it may request changes on the PR. If it fails, then it's because it was unable to do its job for some reason (that should and will still block merging, so we are not accidentally failing open if something is wrong with the linter). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue Closes #32940 ### Description of changes Define the API for the synth action. Includes DX improvements for some other APIs. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes These are the tests! ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Since the buffered console captures stdout/stderr, in some call sequences it keeps recursing forever and overflows memory. It does not repro in this repository, but it repros in a different one. The fix is to stop capturing while we print results. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
I suspect that `check_suite` is a useful event to use for the PR linter. Add a workflow that will trigger on `check_suite` and prints some relevant information, so we can spy on. This workflow was created by AI, we'll see how it does. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
In lack of a public docs page, use typedoc for now. ### Description of how you validated changes Docs only ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…dk package (#32989) Instead use local file references. We still have it listed as a dev dependency, because we do need the cli build in the monorepo before the toolkit. Also adds a script to publish a "public" version locally ### Describe any new or updated permissions being added n/a ### Description of how you validated changes It builds and the "published" package can be used successfully ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue #32994 Closes #32994 ### Reason for this change Previously it was not possible to provide external context. ### Description of changes Cloud Assembly Source Builder now optionally take a Context object that is provided to the source when the assembly is produced. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Unit tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
adds toolkit tests for deploy ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) ### Reason for this change Same as this PR #32976
Caused much confusion as to whether the docs or the code was wrong. 99% sure its the docs. Will make the same changes in toolkit in a separate PR. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
These are tests ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ions (#32838) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change When you update multiple aspects of a Lambda function by modifying an `aws-cdk-lib.aws-lambda` L2 construct and deploying in a single CDK deployment, you may encounter a short period of time where errors occur due to all aspects not being updated together. ### Description of changes Add documentation in `aws-cdk-lib.aws-lambda` to explain this potential situation. ### Describe any new or updated permissions being added None ### Description of how you validated changes None. Only updated README.md ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Grace Luo <[email protected]>
### Description of changes We currently have to maintain a global singleton `CliIoHost` until we have passed the ioHost through all the layers for logging. Previously the global settings for this `IoHost` were all over the place using setter functions and global variables. This refactor unifies all these APIs on the `CliIoHost`, through the global instance. We also need the ability to register a _different_ `IoHost` that must be used for reporting. This is the case when a Toolkit integrator provides a custom implemenation. ### Describe any new or updated permissions being added no ### Description of how you validated changes Existing and updated test cases. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
If we don't know the result of the CodeCov results yet, we used to ask for changes, because it prevents merging while the check might still fail in the future. The following sequence of events happens because of this: 1. PR is ready to be merged (approved, everything passes) 2. Mergify enqueues it and merges from main 3. CodeCov needs to run again 4. PR linter requests changes because CodeCov result is uncertain 5. Mergify dequeues the PR because PR linter requests changes This looks very confusing and noisy, and also will never fix itself, so the PR ends up unmerged. You can see it happening here: #33129 The better solution would probably be not to do a "Request Changes" review, but leave a comment and create a GitHub "status" on the PR to say 'success/pending/failure', and make it required. (#33136) For now, not doing anything with a 'waiting' status is a smaller delta, and the race condition posed by it is unlikely to happen given that there are much slower jobs that the merge is blocked on anyway. See also #33136. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
There is a race condition between multiple runs of the PR linter: it finds a review that it wants to dismiss, but if that already has been dismissed by another PR linter running in parallel the API call fails and the linter does too. Catch this specific case. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Reverts #33092 This test hadn't gone through the testing pipeline successfully yet.
### Issue `aws-elasticloadbalancing*` for #32569 ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is basically a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…#33072) ### Issue `aws-apigatewayv2` for #32569 ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is basically a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
#33141) ### Issue `aws-amplify-alpha` for #32569 ### Description of changes ValidationErrors everywhere ### Describe any new or updated permissions being added n/a ### Description of how you validated changes Existing tests. Exemptions granted as this is basically a refactor of existing code. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…3145) ### Reason for this change We bundle `aws-cdk` into that file and if we don't load everything through it, imports will fail. ### Description of changes Fix the wrong import and add a linter rule to enforce it. ### Describe any new or updated permissions being added n/a ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…32738) ### Issue # (if applicable) None ### Reason for this change For the Lambda and Layer used in Canary, the deletion of related resources is [handled by a custom resource](#26580), but this functionality is now supported natively by CloudFormation. https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-synthetics-canary.html#cfn-synthetics-canary-provisionedresourcecleanup ### Description of changes - Add `provisionedResourceCleanup` prop to `CanaryProps` - deprecate `cleanup` prop which uses custom resource ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… a folder (#33138) ### Reason for this change This PR is separating the code that should only be used by the CLI into a specific folder. It's currently quite hard to reason about the existing api code as its spread across many files and deep subpath imports. The change deliberately gives up on potential feature reusability of some helpers in order to create locality. Similar to #33094 ### Description of changes Collating existing files and APIs that should only be used by the CLI into a new `cli` folder. Updated imports accordingly. No functional changes. ### Describe any new or updated permissions being added n/a ### Description of how you validated changes exiting tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change Cognito supports for the managed login for the user pool domain. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html However, this feature is not supported by UserPoolDomain L2 construct. ### Description of changes - add `ManagedLoginVersion` enum - add `managedLoginVersion` prop to `UserpoolDomainOptions` ### Describe any new or updated permissions being added None ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change The prioritization workflows should not run in forks. ### Description of changes Added a condition to when the workflows should run. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
temporarily deployed
to
test-pipeline
GitHub Actions
Inactive
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
moelasmar
temporarily deployed
to
test-pipeline
GitHub Actions
Inactive
|
➡️ PR build request submitted to A maintainer must now check the pipeline and add the |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG