From 40597759dcdbf13d1e747f27c5d9e9d0a9de6305 Mon Sep 17 00:00:00 2001 From: Simon Kok Date: Sat, 18 May 2024 20:16:10 +0200 Subject: [PATCH] Require CodeBuild image from v4 onward **Why?** Issue: #626 In prior versions of ADF, the CodeBuild image default was set to `UBUNTU_14_04_PYTHON_3_7_1`. This container image was no longer supported by the AWS CodeBuild service. Hence, using this version introduces a security risk as it is no longer patched. Moving to the latest CodeBuild image `STANDARD_7_0` was proposed when we switched to CDK v2. This change of the default image to use was one of the main reasons why just upgrading to CDK v2 required a major version release. As updating the default introduces a breaking change that might impact the pipelines of ADF. **What?** In the future, if we would only update the default we would require a new major version upgrade when `STANDARD_7_0` is deprecated too. Instead, this change proposes to require the image for the CodeBuild provider in the default properties of the build and deploy (when using CodeBuild to deploy) stages. For targets, it continues to be marked optional. But in case the target does not have an image set and nor does the default deploy provider, it will raise a `ValueError`. --- CHANGELOG.md | 13 ++- docs/providers-guide.md | 8 +- .../cdk/cdk_constructs/adf_codebuild.py | 15 ++-- ...est_adf_codebuild_determine_build_image.py | 52 ++++++------ .../tests/test_default_pipeline_type.py | 4 +- .../tests/test_pipeline_creation.py | 14 ++-- .../shared/python/schema_validation.py | 80 ++++++++++++++----- .../tests/stubs/stub_deployment_map.yml | 22 +++++ .../python/tests/test_deployment_map.py | 16 +++- 9 files changed, 147 insertions(+), 77 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 38619cfcd..d19a068ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,14 +35,21 @@ these customizations to CDK v2 as well. #### CodeBuild default image -As written in the [CodeBuild provider +As was written in the [CodeBuild provider docs](./docs/providers-guide.md#properties-3), it is a best-practice to define the exact CodeBuild container image you would like to use for each pipeline. However, in case you rely on the default, in prior ADF releases it would default to `UBUNTU_14_04_PYTHON_3_7_1`. This container image is no longer -supported. With ADF v4.0, the new default is `STANDARD_7_0`. -Also referred to as: `aws/codebuild/standard:7.0`. +supported. With ADF v4.0, using the CodeBuild provider requires defining the +specific CodeBuild container image to use. This way, it will not fallback to +a default that might be secure today but deprecated in the future. + +For each pipeline definition in the deployment maps, the CodeBuild image will +need to be defined. Alternatively, upgrade ADF and check which pipelines failed +to deploy after. Most likely all pipelines already define the CodeBuild image +to use, as the previous default image is [not supported by +AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html#deprecated-images). #### ADF Parameters in AWS Systems Manager Parameter Store diff --git a/docs/providers-guide.md b/docs/providers-guide.md index 5f4fd6707..a558fd388 100644 --- a/docs/providers-guide.md +++ b/docs/providers-guide.md @@ -220,11 +220,9 @@ Provider type: `codebuild`. #### Properties -- *image* *(String|Object)* - default: `STANDARD_7_0`. - - It is recommended to specify the container image your pipeline requires. - Relying on the default value might impact the pipeline in future updates - of ADF if the default were to change. - - The Image that the AWS CodeBuild will use. Images can be found +- *image* *(String|Object)*. + - It is required to specify the container image your pipeline requires. + - Specify the Image that the AWS CodeBuild will use. Images can be found [here](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-codebuild.LinuxBuildImage.html). - Image can also take an object that contains a reference to a public docker hub image with a prefix of `docker-hub://`, such as diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py index 68548bf80..b6112c10e 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/adf_codebuild.py @@ -22,7 +22,6 @@ ADF_DEPLOYMENT_REGION = os.environ["AWS_REGION"] ADF_DEPLOYMENT_ACCOUNT_ID = os.environ["ACCOUNT_ID"] -DEFAULT_CODEBUILD_IMAGE = "STANDARD_7_0" DEFAULT_BUILD_SPEC_FILENAME = 'buildspec.yml' DEFAULT_DEPLOY_SPEC_FILENAME = 'deployspec.yml' ADF_DEFAULT_BUILD_ROLE_NAME = 'adf-codebuild-role' @@ -339,14 +338,9 @@ def determine_build_spec(codebuild_id, default_props, target=None): @staticmethod def get_image_by_name(specific_image: str): - image_name = ( - ( - specific_image - or DEFAULT_CODEBUILD_IMAGE - ).upper() - ) - if hasattr(_codebuild.LinuxBuildImage, image_name): - return getattr(_codebuild.LinuxBuildImage, image_name) + cdk_image_name = specific_image.upper() + if hasattr(_codebuild.LinuxBuildImage, cdk_image_name): + return getattr(_codebuild.LinuxBuildImage, cdk_image_name) if specific_image.startswith('docker-hub://'): specific_image = specific_image.split('docker-hub://')[-1] return _codebuild.LinuxBuildImage.from_docker_registry( @@ -399,6 +393,9 @@ def determine_build_image(codebuild_id, scope, target, map_params): specific_image.get('tag', 'latest'), ) + if not specific_image: + raise ValueError("Required CodeBuild image property is not configured") + return CodeBuild.get_image_by_name(specific_image) @staticmethod diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/tests/test_adf_codebuild_determine_build_image.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/tests/test_adf_codebuild_determine_build_image.py index 564468588..e649d9bad 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/tests/test_adf_codebuild_determine_build_image.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_constructs/tests/test_adf_codebuild_determine_build_image.py @@ -9,11 +9,8 @@ aws_codebuild as _codebuild, Stack, ) -from cdk_constructs.adf_codebuild import CodeBuild, DEFAULT_CODEBUILD_IMAGE +from cdk_constructs.adf_codebuild import CodeBuild -SIMPLE_TARGET = { - 'properties': {}, -} SPECIFIC_CODEBUILD_IMAGE_STR = 'STANDARD_7_0' SPECIFIC_CODEBUILD_IMAGE_ALT_STR = 'STANDARD_6_0' SPECIFIC_CODEBUILD_IMAGE_ALT2_STR = 'STANDARD_5_0' @@ -21,11 +18,8 @@ 'repository_arn': 'arn:aws:ecr:region:111111111111:repository/test', 'tag': 'specific', } -CODEBUILD_SPECIFIC_MAP_PARAMS_STR = { - 'provider': 'codebuild', - 'properties': { - 'image': SPECIFIC_CODEBUILD_IMAGE_STR, - } +SIMPLE_TARGET = { + 'properties': {}, } CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR = { 'provider': 'codebuild', @@ -48,8 +42,16 @@ CODEBUILD_BASE_MAP_PARAMS = { 'default_providers': { - 'build': {}, - 'deploy': {}, + 'build': { + 'properties': { + 'image': SPECIFIC_CODEBUILD_IMAGE_STR, + }, + }, + 'deploy': { + 'properties': { + 'image': SPECIFIC_CODEBUILD_IMAGE_STR, + }, + }, }, } @@ -85,7 +87,7 @@ def test_determine_build_image_build_defaults(ecr_repo, build_image): assert result == getattr( _codebuild.LinuxBuildImage, - DEFAULT_CODEBUILD_IMAGE, + SPECIFIC_CODEBUILD_IMAGE_STR, ) ecr_repo.from_repository_arn.assert_not_called() build_image.from_ecr_repository.assert_not_called() @@ -109,11 +111,11 @@ def test_determine_build_image_build_str(ecr_repo, build_image): target = None map_params = deepcopy(CODEBUILD_BASE_MAP_PARAMS) map_params['default_providers']['build'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_STR + CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR # Set deploy one to alternative, so we can test # that it is not using this in build steps map_params['default_providers']['deploy'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR + CODEBUILD_SPECIFIC_MAP_PARAMS_ALT2_STR result = CodeBuild.determine_build_image( codebuild_id='some_id', @@ -124,7 +126,7 @@ def test_determine_build_image_build_str(ecr_repo, build_image): assert result == getattr( _codebuild.LinuxBuildImage, - SPECIFIC_CODEBUILD_IMAGE_STR, + SPECIFIC_CODEBUILD_IMAGE_ALT_STR, ) ecr_repo.from_repository_arn.assert_not_called() build_image.from_ecr_repository.assert_not_called() @@ -266,7 +268,7 @@ def test_determine_build_image_deploy_defaults(ecr_repo, build_image): assert result == getattr( _codebuild.LinuxBuildImage, - DEFAULT_CODEBUILD_IMAGE, + SPECIFIC_CODEBUILD_IMAGE_STR, ) ecr_repo.from_repository_arn.assert_not_called() build_image.from_ecr_repository.assert_not_called() @@ -288,12 +290,12 @@ def test_determine_build_image_deploy_target_str(ecr_repo, build_image): not the default deploy specific config. """ scope = Stack() - target = CODEBUILD_SPECIFIC_MAP_PARAMS_STR + target = CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR map_params = deepcopy(CODEBUILD_BASE_MAP_PARAMS) # Set build one to alternative, so we can test # that it is not using this in deploy steps map_params['default_providers']['build'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR + CODEBUILD_SPECIFIC_MAP_PARAMS_ALT2_STR result = CodeBuild.determine_build_image( codebuild_id='some_id', @@ -304,7 +306,7 @@ def test_determine_build_image_deploy_target_str(ecr_repo, build_image): assert result == getattr( _codebuild.LinuxBuildImage, - SPECIFIC_CODEBUILD_IMAGE_STR, + SPECIFIC_CODEBUILD_IMAGE_ALT_STR, ) ecr_repo.from_repository_arn.assert_not_called() build_image.from_ecr_repository.assert_not_called() @@ -328,11 +330,11 @@ def test_determine_build_image_deploy_str(ecr_repo, build_image): target = SIMPLE_TARGET map_params = deepcopy(CODEBUILD_BASE_MAP_PARAMS) map_params['default_providers']['deploy'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_STR + CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR # Set build one to alternative, so we can test # that it is not using this in deploy steps map_params['default_providers']['build'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR + CODEBUILD_SPECIFIC_MAP_PARAMS_ALT2_STR result = CodeBuild.determine_build_image( codebuild_id='some_id', @@ -343,7 +345,7 @@ def test_determine_build_image_deploy_str(ecr_repo, build_image): assert result == getattr( _codebuild.LinuxBuildImage, - SPECIFIC_CODEBUILD_IMAGE_STR, + SPECIFIC_CODEBUILD_IMAGE_ALT_STR, ) ecr_repo.from_repository_arn.assert_not_called() build_image.from_ecr_repository.assert_not_called() @@ -366,12 +368,6 @@ def test_determine_build_image_deploy_target_str_too(ecr_repo, build_image): scope = Stack() target = CODEBUILD_SPECIFIC_MAP_PARAMS_ALT2_STR map_params = deepcopy(CODEBUILD_BASE_MAP_PARAMS) - map_params['default_providers']['deploy'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_STR - # Set build one to alternative, so we can test - # that it is not using this in deploy steps - map_params['default_providers']['build'] = \ - CODEBUILD_SPECIFIC_MAP_PARAMS_ALT_STR result = CodeBuild.determine_build_image( codebuild_id='some_id', diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_default_pipeline_type.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_default_pipeline_type.py index 3fc7c6594..8a9a2adbe 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_default_pipeline_type.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_default_pipeline_type.py @@ -46,7 +46,7 @@ def test_pipeline_creation_outputs_as_expected_when_input_has_1_target_with_2_wa } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -113,7 +113,7 @@ def test_pipeline_creation_outputs_as_expected_when_input_has_2_targets_with_2_w } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_pipeline_creation.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_pipeline_creation.py index 4c73f5921..a6e3b90f6 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_pipeline_creation.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/cdk_stacks/tests/test_pipeline_creation.py @@ -60,7 +60,7 @@ def test_pipeline_creation_outputs_as_expected_when_source_is_s3_and_build_is_co } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -117,7 +117,7 @@ def test_pipeline_creation_outputs_as_expected_when_source_is_codecommit_and_bui } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -179,7 +179,7 @@ def test_pipeline_creation_outputs_as_expected_when_source_is_codecommit_with_co } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -252,7 +252,7 @@ def test_pipeline_creation_outputs_with_codeartifact_trigger(): } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -313,7 +313,7 @@ def test_pipeline_creation_outputs_with_codeartifact_trigger_with_package_name() } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -381,7 +381,7 @@ def test_pipeline_creation_outputs_with_invalid_trigger_type(): } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { @@ -434,7 +434,7 @@ def test_pipeline_creation_outputs_as_expected_when_notification_endpoint_is_cha } stack_input["pipeline_input"]["default_providers"]["build"] = { "provider": "codebuild", - "properties": {"account_id": "123456789012"}, + "properties": {"image": "STANDARD_7_0"}, } stack_input["ssm_params"][region_name] = { diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/schema_validation.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/schema_validation.py index 99c9083dc..3289db7f0 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/schema_validation.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/schema_validation.py @@ -103,15 +103,17 @@ # CodeBuild CODEBUILD_IMAGE_PROPS = { - Optional("repository_arn"): str, # arn:aws:ecr:region:111111111111:repository/test - Optional("repository_name"): str, # hello-world - Optional("tag"): str, # defaults to latest -} -CODEBUILD_PROPS = { + # repository_arn: arn:aws:ecr:region:111111111111:repository/test + Optional("repository_arn"): str, + # repository_name: hello-world + Optional("repository_name"): str, + # tag defaults to latest + Optional("tag"): str, +} +CODEBUILD_BASE_PROPS = { Optional("vpc_id"): str, Optional("subnet_ids"): [str], Optional("security_group_ids"): [str], - Optional("image"): Or(str, CODEBUILD_IMAGE_PROPS), Optional("size"): Or('small', 'medium', 'large'), Optional("spec_filename"): str, Optional("environment_variables"): { @@ -122,14 +124,31 @@ Optional("privileged"): bool, Optional("spec_inline"): object, } +CODEBUILD_PROPS = { + **CODEBUILD_BASE_PROPS, + "image": Or(str, CODEBUILD_IMAGE_PROPS), +} +CODEBUILD_STAGE_PROPS = { + **CODEBUILD_BASE_PROPS, + Optional("image"): Or(str, CODEBUILD_IMAGE_PROPS), +} +DEFAULT_CODEBUILD_DISABLED = { + Optional("provider"): 'codebuild', + "enabled": False, + Optional("properties"): CODEBUILD_PROPS +} DEFAULT_CODEBUILD_BUILD = { Optional("provider"): 'codebuild', Optional("enabled"): bool, - Optional("properties"): CODEBUILD_PROPS + "properties": CODEBUILD_PROPS } -STAGE_CODEBUILD_BUILD = { +DEFAULT_CODEBUILD_DEPLOY = { Optional("provider"): 'codebuild', - Optional("properties"): CODEBUILD_PROPS + "properties": CODEBUILD_PROPS +} +STAGE_CODEBUILD_DEPLOY = { + Optional("provider"): 'codebuild', + Optional("properties"): CODEBUILD_STAGE_PROPS } # Jenkins @@ -261,13 +280,14 @@ 'codebuild': Schema(DEFAULT_CODEBUILD_BUILD), 'jenkins': Schema(JENKINS_BUILD), } +PROVIDER_BUILD_DISABLED_SCHEMA = Schema(DEFAULT_CODEBUILD_DISABLED) PROVIDER_DEPLOY_SCHEMAS = { 'cloudformation': Schema(DEFAULT_CLOUDFORMATION_DEPLOY), 's3': Schema(DEFAULT_S3_DEPLOY), 'codedeploy': Schema(DEFAULT_CODEDEPLOY_DEPLOY), 'lambda': Schema(DEFAULT_LAMBDA_INVOKE), 'service_catalog': Schema(DEFAULT_SERVICECATALOG_DEPLOY), - 'codebuild': Schema(DEFAULT_CODEBUILD_BUILD), + 'codebuild': Schema(DEFAULT_CODEBUILD_DEPLOY), } PROVIDER_SCHEMA = { 'source': Or( @@ -288,16 +308,34 @@ lambda x: PROVIDER_SOURCE_SCHEMAS[x['provider']].validate(x), ), ), - Optional('build'): And( - { - Optional('provider'): Or('codebuild', 'jenkins'), - Optional('enabled'): bool, - Optional('properties'): dict, - }, - # pylint: disable=W0108 - lambda x: PROVIDER_BUILD_SCHEMAS[ - x.get('provider', 'codebuild') - ].validate(x), + 'build': Or( + And( + { + Optional("provider"): 'codebuild', + Optional('enabled'): bool, + Optional('properties'): dict, + }, + # pylint: disable=W0108 + lambda x: PROVIDER_BUILD_DISABLED_SCHEMA.validate(x) + ), + And( + { + Optional("provider"): 'codebuild', + Optional('enabled'): bool, + 'properties': dict, + }, + # pylint: disable=W0108 + lambda x: PROVIDER_BUILD_SCHEMAS['codebuild'].validate(x), + ), + And( + { + 'provider': Or('jenkins'), + Optional('enabled'): bool, + Optional('properties'): dict, + }, + # pylint: disable=W0108 + lambda x: PROVIDER_BUILD_SCHEMAS[x['provider']].validate(x), + ), ), Optional('deploy'): And( { @@ -349,7 +387,7 @@ 'jenkins', ), Optional("properties"): Or( - CODEBUILD_PROPS, + CODEBUILD_STAGE_PROPS, JENKINS_PROPS, CLOUDFORMATION_PROPS, CODEDEPLOY_PROPS, diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/stubs/stub_deployment_map.yml b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/stubs/stub_deployment_map.yml index 3f9bd2c34..e995339e9 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/stubs/stub_deployment_map.yml +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/stubs/stub_deployment_map.yml @@ -10,6 +10,8 @@ pipelines: account_id: 111111111111 build: provider: codebuild + properties: + image: STANDARD_7_0 deploy: provider: cloudformation params: @@ -38,6 +40,7 @@ pipelines: build: provider: codebuild properties: + image: STANDARD_7_0 role: packer size: medium # Resource allocation for the build stage -> small | medium | large params: @@ -56,6 +59,10 @@ pipelines: repository: example-vpc-adf # Optional, above name property will be used if this is not specified owner: awslabs codeconnections_param_path: /path/to/parameter # The path in AWS Systems Manager Parameter Store that holds the AWS CodeConnections ARN + build: + provider: codebuild + properties: + image: STANDARD_7_0 deploy: provider: cloudformation properties: @@ -74,6 +81,10 @@ pipelines: repository: my-ecs-app # Optional, the name of the pipeline will be used if this is not specified owner: github-enterprise-team-org codeconnections_param_path: /path/to/parameter # The path in AWS Systems Manager Parameter Store that holds the AWS CodeConnections ARN + build: + properties: + image: + repository_arn: 'arn:aws:ecr:region:012345678910:repository-namespace/repository-name' params: notification_endpoint: team@example.com targets: @@ -85,8 +96,14 @@ pipelines: provider: codecommit properties: account_id: 333333333333 # A different account id as this pipeline is owned by a different team + build: + properties: + image: STANDARD_7_0 deploy: provider: codebuild + properties: + image: + repository_name: 'some-repo-name' targets: # Targets looks for the deploy defaults above to determine parameters - properties: spec_filename: custom-spec-one.yml @@ -103,6 +120,8 @@ pipelines: provider: codecommit properties: account_id: 333333333333 # A different account id as this pipeline is owned by a different team + build: + provider: jenkins targets: - 222222222222 @@ -134,6 +153,9 @@ pipelines: provider: codecommit properties: account_id: 111111111111 + build: + properties: + image: docker-hub://some-image targets: - target: 222222222222 properties: diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/test_deployment_map.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/test_deployment_map.py index 387dfdbe1..e1932722f 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/test_deployment_map.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/test_deployment_map.py @@ -38,7 +38,13 @@ def test_update_deployment_parameters(cls): "properties": { "account_id": 111111111111, }, - } + }, + "build": { + "name": "codebuild", + "properties": { + "image": "STANDARD_7_0", + }, + }, }, } ) @@ -83,7 +89,13 @@ def test_update_deployment_parameters_waves(cls): "properties": { "account_id": 111111111111, } - } + }, + "build": { + "name": "codebuild", + "properties": { + "image": "STANDARD_7_0", + }, + }, } }) pipeline.template_dictionary = {