feat(codepipeline-actions): support InspectorEcrImageScanAction and InspectorSourceCodeScanAction actions
#33378
Conversation
github-actions
bot
added
feature-request
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #33378 +/- ##
==========================================
+ Coverage 80.92% 81.00% +0.07%
==========================================
Files 236 238 +2
Lines 14256 14271 +15
Branches 2491 2492 +1
==========================================
+ Hits 11537 11560 +23
+ Misses 2434 2425 -9
- Partials 285 286 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
|
go-to-k
changed the title
go-to-k
changed the title
EcrImageScanAction and SourceCodeScanAction action
go-to-k
changed the title
EcrImageScanAction and SourceCodeScanAction actionEcrImageScanAction and SourceCodeScanAction actions
go-to-k
changed the title
EcrImageScanAction and SourceCodeScanAction actionsInspectorEcrImageScanAction and InspectorSourceCodeScanAction actions
github-actions
bot
added
the
effort/medium
| test('can get variables', () => { | ||
| // WHEN | ||
| const inspectorEcrImageScanAction = new cpactions.InspectorEcrImageScanAction({ | ||
| actionName: 'InspectorScan', | ||
| output: scanOutput, | ||
| repository, | ||
| }); | ||
|
|
||
| // THEN | ||
| expect(inspectorEcrImageScanAction.variables.highestScannedSeverity).toMatch(/^#{\${Token\[TOKEN\.[0-9]*\]}.HighestScannedSeverity}$/); | ||
| }); |
There was a problem hiding this comment.
This and other common code are about the common behavior of the base class.
But as users are not aware of the base class because they call the subclasses directly, and in case there are any changes by contributors, it is also confirmation for regressions in the subclasses. Therefore, the tests in inspector-ecr-image-scan-action.test.ts and inspector-source-code-scan-action.test.ts are partially identical.
This also makes the test useful even if the base class is deleted and each class is implemented independently in the future.
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
Exemption Request:
Should already have written unit tests that cover the code I have added. |
aws-cdk-automation
added
the
pr-linter/exemption-requested
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ CodeCov is indicating a drop in code coverage
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
✅ A exemption request has been requested. Please wait for a maintainer's review.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-community-review
| * Valid values are medium | high | critical. | ||
| */ | ||
| readonly highestScannedSeverity: string; |
There was a problem hiding this comment.
This is not input to the construct, but output from the pipeline, which is a string formatted with the variableExpression method. Therefore, it cannot be an enum.
| // This permission was not listed in the above reference, but without it, | ||
| // an error would occur since `ecr get-login-password` is executed in the action. | ||
| options.role.addToPrincipalPolicy(new iam.PolicyStatement({ | ||
| resources: ['*'], | ||
| actions: [ | ||
| 'ecr:GetAuthorizationToken', | ||
| ], |
There was a problem hiding this comment.
The error message by CFn requested a wildcard for resources.
Issue # (if applicable)
Closes #33377.
Reason for this change
AWS CodePipeline introduces new build action: InspectorScan action.
Description of changes
Add
InspectorEcrImageScanActionandInspectorSourceCodeScanActionclasses that extendsBaseInspectorScanclass.The
BaseInspectorScanclass that extendsActionclass to aws-codepipeline-actions module.Describe any new or updated permissions being added
Description of how you validated changes
Both unit and integ tests
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license