Fix use of separate container image per target

**Why?** As reported by awslabs#382, setting a specific container image to use by the CodeBuild provider to deploy to a target resulted in an error. The CDK stack would fail to synthesize as the 'custom_repo' resource name was already present in the stack. **What?** This fix ensures a unique identifier is used for custom container repositories.
sbkok · Aug 25, 2022 · 214a00d · 214a00d
1 parent 8706cd7
commit 214a00d
Show file tree

Hide file tree

Showing 6 changed files with 124 additions and 10 deletions.
diff --git a/samples/sample-rdk-rules/buildspec_BACKUP_63974.yml b/samples/sample-rdk-rules/buildspec_BACKUP_63974.yml
@@ -0,0 +1,26 @@
+version: 0.2
+phases:
+  install:
+    runtime-versions:
+      python: 3.9
+<<<<<<< HEAD
+      nodejs: 14
+=======
+      nodejs: 16
+>>>>>>> fix/codebuild-docker-deploy-stages
+    commands:
+      - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet
+      - pip install -r adf-build/requirements.txt -q
+      - python adf-build/generate_params.py
+
+  build:
+    commands:
+      - pip install rdk
+      - cd config-rules
+      - rdk create-rule-template --rules-only -a  -o ../template-config-rules.json
+      - cd ..
+      - pip install -r requirements.txt
+      - python lambda_helper.py --template-name template-lambda.json
+
+artifacts:
+  files: '**/*'
diff --git a/samples/sample-rdk-rules/buildspec_BASE_63974.yml b/samples/sample-rdk-rules/buildspec_BASE_63974.yml
@@ -0,0 +1,22 @@
+version: 0.2
+phases:
+  install:
+    runtime-versions:
+      python: 3.8
+      nodejs: 16
+    commands:
+      - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet
+      - pip install -r adf-build/requirements.txt -q
+      - python adf-build/generate_params.py
+
+  build:
+    commands:
+      - pip install rdk
+      - cd config-rules
+      - rdk create-rule-template --rules-only -a  -o ../template-config-rules.json
+      - cd ..
+      - pip install -r requirements.txt
+      - python lambda_helper.py --template-name template-lambda.json
+
+artifacts:
+  files: '**/*'
diff --git a/samples/sample-rdk-rules/buildspec_LOCAL_63974.yml b/samples/sample-rdk-rules/buildspec_LOCAL_63974.yml
@@ -0,0 +1,22 @@
+version: 0.2
+phases:
+  install:
+    runtime-versions:
+      python: 3.9
+      nodejs: 14
+    commands:
+      - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet
+      - pip install -r adf-build/requirements.txt -q
+      - python adf-build/generate_params.py
+
+  build:
+    commands:
+      - pip install rdk
+      - cd config-rules
+      - rdk create-rule-template --rules-only -a  -o ../template-config-rules.json
+      - cd ..
+      - pip install -r requirements.txt
+      - python lambda_helper.py --template-name template-lambda.json
+
+artifacts:
+  files: '**/*'
diff --git a/samples/sample-rdk-rules/buildspec_REMOTE_63974.yml b/samples/sample-rdk-rules/buildspec_REMOTE_63974.yml
@@ -0,0 +1,22 @@
+version: 0.2
+phases:
+  install:
+    runtime-versions:
+      python: 3.9
+      nodejs: 16
+    commands:
+      - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet
+      - pip install -r adf-build/requirements.txt -q
+      - python adf-build/generate_params.py
+
+  build:
+    commands:
+      - pip install rdk
+      - cd config-rules
+      - rdk create-rule-template --rules-only -a  -o ../template-config-rules.json
+      - cd ..
+      - pip install -r requirements.txt
+      - python lambda_helper.py --template-name template-lambda.json
+
+artifacts:
+  files: '**/*'
diff --git a/.../initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py b/.../initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py
@@ -39,7 +39,12 @@ def __init__(self, scope: core.Construct, id: str, shared_modules_bucket: str, d
             _build_role = f'arn:{stack.partition}:iam::{ADF_DEPLOYMENT_ACCOUNT_ID}:role/{_role_name}' if _role_name else ADF_DEFAULT_BUILD_ROLE
             _timeout = target.get('properties', {}).get('timeout') or map_params['default_providers']['deploy'].get('properties', {}).get('timeout') or ADF_DEFAULT_BUILD_TIMEOUT
             _env = _codebuild.BuildEnvironment(
-                build_image=CodeBuild.determine_build_image(scope, target, map_params),
+                build_image=CodeBuild.determine_build_image(
+                    codebuild_id=id,
+                    scope=scope,
+                    target=target,
+                    map_params=map_params,
+                ),
                 compute_type=target.get(
                     'properties', {}).get(
                         'size') or getattr(
@@ -86,7 +91,12 @@ def __init__(self, scope: core.Construct, id: str, shared_modules_bucket: str, d
             _build_role = f'arn:{stack.partition}:iam::{ADF_DEPLOYMENT_ACCOUNT_ID}:role/{_role_name}' if _role_name else ADF_DEFAULT_BUILD_ROLE
             _timeout = map_params['default_providers']['build'].get('properties', {}).get('timeout') or ADF_DEFAULT_BUILD_TIMEOUT
             _env = _codebuild.BuildEnvironment(
-                build_image=CodeBuild.determine_build_image(scope, target, map_params),
+                build_image=CodeBuild.determine_build_image(
+                    codebuild_id=id,
+                    scope=scope,
+                    target=target,
+                    map_params=map_params
+                ),
                 compute_type=getattr(_codebuild.ComputeType, map_params['default_providers']['build'].get('properties', {}).get('size', "SMALL").upper()),
                 environment_variables=CodeBuild.generate_build_env_variables(_codebuild, shared_modules_bucket, map_params),
                 privileged=map_params['default_providers']['build'].get('properties', {}).get('privileged', False)
@@ -177,7 +187,7 @@ def get_image_by_name(specific_image: str):
         )
 
     @staticmethod
-    def determine_build_image(scope, target, map_params):
+    def determine_build_image(codebuild_id, scope, target, map_params):
         specific_image = None
         if target:
             specific_image = (
@@ -193,7 +203,7 @@ def determine_build_image(scope, target, map_params):
         if isinstance(specific_image, dict):
             repo_arn = _ecr.Repository.from_repository_arn(
                 scope,
-                'custom_repo',
+                f'custom_repo_{codebuild_id}',
                 specific_image.get('repository_arn', ''),
             )
             return _codebuild.LinuxBuildImage.from_ecr_repository(

diff --git a/...ory/adf-build/shared/cdk/cdk_constructs/tests/test_adf_codebuild_determine_build_image.py b/...ory/adf-build/shared/cdk/cdk_constructs/tests/test_adf_codebuild_determine_build_image.py
@@ -77,6 +77,7 @@ def test_determine_build_image_build_defaults(ecr_repo, build_image):
         CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -115,6 +116,7 @@ def test_determine_build_image_build_str(ecr_repo, build_image):
         CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -160,6 +162,7 @@ def test_determine_build_image_build_ecr(ecr_repo, build_image):
     build_image.from_ecr_repository.return_value = from_ecr_repo_return_value
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -168,7 +171,7 @@ def test_determine_build_image_build_ecr(ecr_repo, build_image):
     assert result == from_ecr_repo_return_value
     ecr_repo.from_repository_arn.assert_called_once_with(
         scope,
-        'custom_repo',
+        'custom_repo_some_id',
         SPECIFIC_CODEBUILD_IMAGE_ECR.get('repository_arn'),
     )
     build_image.from_ecr_repository.assert_called_once_with(
@@ -212,6 +215,7 @@ def test_determine_build_image_build_ecr_no_tag(ecr_repo, build_image):
     build_image.from_ecr_repository.return_value = from_ecr_repo_return_value
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -220,7 +224,7 @@ def test_determine_build_image_build_ecr_no_tag(ecr_repo, build_image):
     assert result == from_ecr_repo_return_value
     ecr_repo.from_repository_arn.assert_called_once_with(
         scope,
-        'custom_repo',
+        'custom_repo_some_id',
         SPECIFIC_CODEBUILD_IMAGE_ECR.get('repository_arn'),
     )
     build_image.from_ecr_repository.assert_called_once_with(
@@ -254,6 +258,7 @@ def test_determine_build_image_deploy_defaults(ecr_repo, build_image):
         CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -291,6 +296,7 @@ def test_determine_build_image_deploy_target_str(ecr_repo, build_image):
         CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -329,6 +335,7 @@ def test_determine_build_image_deploy_str(ecr_repo, build_image):
         CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -367,6 +374,7 @@ def test_determine_build_image_deploy_target_str_too(ecr_repo, build_image):
         CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -412,6 +420,7 @@ def test_determine_build_image_deploy_ecr(ecr_repo, build_image):
     build_image.from_ecr_repository.return_value = from_ecr_repo_return_value
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -420,7 +429,7 @@ def test_determine_build_image_deploy_ecr(ecr_repo, build_image):
     assert result == from_ecr_repo_return_value
     ecr_repo.from_repository_arn.assert_called_once_with(
         scope,
-        'custom_repo',
+        'custom_repo_some_id',
         SPECIFIC_CODEBUILD_IMAGE_ECR.get('repository_arn'),
     )
     build_image.from_ecr_repository.assert_called_once_with(
@@ -462,6 +471,7 @@ def test_determine_build_image_deploy_ecr_too(ecr_repo, build_image):
     build_image.from_ecr_repository.return_value = from_ecr_repo_return_value
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -470,7 +480,7 @@ def test_determine_build_image_deploy_ecr_too(ecr_repo, build_image):
     assert result == from_ecr_repo_return_value
     ecr_repo.from_repository_arn.assert_called_once_with(
         scope,
-        'custom_repo',
+        'custom_repo_some_id',
         target['properties']['image']['repository_arn'],
     )
     build_image.from_ecr_repository.assert_called_once_with(
@@ -514,6 +524,7 @@ def test_determine_build_image_deploy_ecr_no_tag(ecr_repo, build_image):
     build_image.from_ecr_repository.return_value = from_ecr_repo_return_value
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -522,7 +533,7 @@ def test_determine_build_image_deploy_ecr_no_tag(ecr_repo, build_image):
     assert result == from_ecr_repo_return_value
     ecr_repo.from_repository_arn.assert_called_once_with(
         scope,
-        'custom_repo',
+        'custom_repo_some_id',
         SPECIFIC_CODEBUILD_IMAGE_ECR.get('repository_arn'),
     )
     build_image.from_ecr_repository.assert_called_once_with(
@@ -567,6 +578,7 @@ def test_determine_build_image_deploy_ecr_no_tag_too(ecr_repo, build_image):
     build_image.from_ecr_repository.return_value = from_ecr_repo_return_value
 
     result = CodeBuild.determine_build_image(
+        codebuild_id='some_id',
         scope=scope,
         target=target,
         map_params=map_params,
@@ -575,7 +587,7 @@ def test_determine_build_image_deploy_ecr_no_tag_too(ecr_repo, build_image):
     assert result == from_ecr_repo_return_value
     ecr_repo.from_repository_arn.assert_called_once_with(
         scope,
-        'custom_repo',
+        'custom_repo_some_id',
         target['properties']['image']['repository_arn'],
     )
     build_image.from_ecr_repository.assert_called_once_with(