Showing preview only (882K chars total). Download the full file or copy to clipboard to get everything.
Repository: cdklabs/aws-delivlib
Branch: main
Commit: c7fb847b1bd4
Files: 160
Total size: 831.1 KB
Directory structure:
gitextract_j9ngj2y6/
├── .eslintrc.json
├── .gitattributes
├── .github/
│ ├── PULL_REQUEST_TEMPLATE.md
│ └── workflows/
│ ├── auto-approve.yml
│ ├── auto-queue.yml
│ ├── build.yml
│ ├── pull-request-lint.yml
│ ├── release.yml
│ ├── retry-automerge.yml
│ ├── stale.yml
│ ├── upgrade-cdklabs-projen-project-types-main.yml
│ ├── upgrade-dev-deps-main.yml
│ └── upgrade-main.yml
├── .gitignore
├── .npmignore
├── .projen/
│ ├── deps.json
│ ├── files.json
│ ├── jest-snapshot-resolver.js
│ └── tasks.json
├── .projenrc.ts
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── NOTICE
├── README.md
├── build-custom-resource-handlers.sh
├── cdk.json
├── lib/
│ ├── __tests__/
│ │ ├── auto-build.test.ts
│ │ ├── build-spec.test.ts
│ │ ├── bump.test.ts
│ │ ├── canary.test.ts
│ │ ├── change-control-lambda/
│ │ │ ├── disable-transition.test.ts
│ │ │ ├── handler.test.ts
│ │ │ └── time-window.test.ts
│ │ ├── chime-notifier.test.ts
│ │ ├── code-signing-cert.test.ts
│ │ ├── custom-resource-handlers/
│ │ │ ├── _cloud-formation.test.ts
│ │ │ ├── _exec.test.ts
│ │ │ ├── _rmrf.test.ts
│ │ │ ├── certificate-signing-request.test.ts
│ │ │ ├── pgp-secret.test.ts
│ │ │ └── private-key.test.ts
│ │ ├── delivlib-tests/
│ │ │ ├── assume-role/
│ │ │ │ └── test.sh
│ │ │ ├── linux/
│ │ │ │ ├── README
│ │ │ │ ├── test.sh
│ │ │ │ └── void.sh
│ │ │ └── windows/
│ │ │ ├── README
│ │ │ └── test.ps1
│ │ ├── expected.yml
│ │ ├── integ.delivlib.ts
│ │ ├── open-pgp-key-pair.test.ts
│ │ ├── package-integrity/
│ │ │ ├── handler/
│ │ │ │ ├── __fixtures__/
│ │ │ │ │ ├── .gitignore
│ │ │ │ │ ├── non-projen-project/
│ │ │ │ │ │ ├── package.json
│ │ │ │ │ │ └── yarn.lock
│ │ │ │ │ ├── non-yarn-project/
│ │ │ │ │ │ └── .projenrc.js
│ │ │ │ │ ├── projen-jsii-project/
│ │ │ │ │ │ └── .projenrc.js
│ │ │ │ │ └── projen-non-jsii-project/
│ │ │ │ │ └── .projenrc.js
│ │ │ │ └── integrity.test.ts
│ │ │ └── integrity.test.ts
│ │ ├── pipeline-notifications/
│ │ │ ├── chime.test.ts
│ │ │ └── slack.test.ts
│ │ ├── pipeline.test.ts
│ │ ├── pr.test.ts
│ │ ├── publishing.test.ts
│ │ ├── registry-sync/
│ │ │ ├── docker-asset/
│ │ │ │ └── Dockerfile
│ │ │ ├── ecr-mirror.test.ts
│ │ │ └── mirror-source.test.ts
│ │ ├── run-test.sh
│ │ ├── shellable.test.ts
│ │ ├── signing.test.ts
│ │ ├── test-stack.ts
│ │ ├── watcher-handler.test.ts
│ │ └── watcher.test.ts
│ ├── auto-build.ts
│ ├── build-env.ts
│ ├── build-spec.ts
│ ├── canary.ts
│ ├── change-control-lambda/
│ │ ├── disable-transition.ts
│ │ ├── index.ts
│ │ └── time-window.ts
│ ├── change-controller.ts
│ ├── chime-notifier/
│ │ ├── chime-notifier.ts
│ │ ├── handler/
│ │ │ └── notifier-handler.ts
│ │ └── index.ts
│ ├── code-signing/
│ │ ├── certificate-signing-request.ts
│ │ ├── code-signing-certificate.ts
│ │ ├── index.ts
│ │ └── private-key.ts
│ ├── constants.ts
│ ├── credential-pair.ts
│ ├── custom-resource-handlers/
│ │ ├── Dockerfile
│ │ └── src/
│ │ ├── _cloud-formation.ts
│ │ ├── _exec.ts
│ │ ├── _lambda.ts
│ │ ├── _rmrf.ts
│ │ ├── certificate-signing-request.ts
│ │ ├── pgp-secret.ts
│ │ └── private-key.ts
│ ├── index.ts
│ ├── open-pgp-key-pair.ts
│ ├── package-integrity/
│ │ ├── handler/
│ │ │ ├── JSONStream.d.ts
│ │ │ ├── integrity.ts
│ │ │ ├── repository.ts
│ │ │ ├── validate.sh
│ │ │ └── validate.ts
│ │ ├── index.ts
│ │ └── integrity.ts
│ ├── permissions.ts
│ ├── pipeline-notifications/
│ │ ├── chime.ts
│ │ ├── index.ts
│ │ └── slack.ts
│ ├── pipeline-watcher/
│ │ ├── handler/
│ │ │ └── watcher-handler.ts
│ │ ├── index.ts
│ │ └── watcher.ts
│ ├── pipeline.ts
│ ├── publishing/
│ │ ├── docs/
│ │ │ ├── publish-docs.sh
│ │ │ ├── publish.sh
│ │ │ └── update-ssm.sh
│ │ ├── github/
│ │ │ ├── create-release.ts
│ │ │ ├── package-lock.json
│ │ │ ├── package.json
│ │ │ ├── publish.sh
│ │ │ ├── sign-files.sh
│ │ │ ├── tsconfig.json
│ │ │ ├── update-ssm.sh
│ │ │ └── with-signing-key.sh
│ │ ├── golang/
│ │ │ ├── publish.sh
│ │ │ └── update-ssm.sh
│ │ ├── maven/
│ │ │ ├── publish.sh
│ │ │ ├── update-ssm.sh
│ │ │ └── with-signing-key.sh
│ │ ├── npm/
│ │ │ ├── publish-npm.sh
│ │ │ ├── publish.sh
│ │ │ └── update-ssm.sh
│ │ ├── nuget/
│ │ │ ├── publish.sh
│ │ │ ├── sign.sh
│ │ │ └── update-ssm.sh
│ │ ├── pypi/
│ │ │ ├── publish.sh
│ │ │ └── update-ssm.sh
│ │ └── s3/
│ │ ├── publish.sh
│ │ └── update-ssm.sh
│ ├── publishing.ts
│ ├── pull-request/
│ │ ├── bump.ts
│ │ ├── index.ts
│ │ ├── merge-back.ts
│ │ └── pr.ts
│ ├── registry-sync/
│ │ ├── ecr-mirror.ts
│ │ ├── index.ts
│ │ └── mirror-source.ts
│ ├── release-email.sh
│ ├── repo.ts
│ ├── shellable.ts
│ ├── signing/
│ │ └── nuget/
│ │ └── sign.sh
│ ├── signing-key.ts
│ ├── signing.ts
│ └── util.ts
├── package.json
├── tsconfig.dev.json
└── tsconfig.json
================================================
FILE CONTENTS
================================================
================================================
FILE: .eslintrc.json
================================================
// ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
{
"env": {
"jest": true,
"node": true
},
"root": true,
"plugins": [
"@typescript-eslint",
"import",
"@stylistic"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 2018,
"sourceType": "module",
"project": "./tsconfig.dev.json"
},
"extends": [
"plugin:import/typescript"
],
"settings": {
"import/parsers": {
"@typescript-eslint/parser": [
".ts",
".tsx"
]
},
"import/resolver": {
"node": {},
"typescript": {
"project": "./tsconfig.dev.json",
"alwaysTryTypes": true
}
}
},
"ignorePatterns": [
"*.js",
"*.d.ts",
"node_modules/",
"*.generated.ts",
"coverage",
"!.projenrc.ts",
"!projenrc/**/*.ts"
],
"rules": {
"@stylistic/indent": [
"error",
2
],
"@stylistic/quotes": [
"error",
"single",
{
"avoidEscape": true
}
],
"@stylistic/comma-dangle": [
"error",
"always-multiline"
],
"@stylistic/comma-spacing": [
"error",
{
"before": false,
"after": true
}
],
"@stylistic/no-multi-spaces": [
"error",
{
"ignoreEOLComments": false
}
],
"@stylistic/array-bracket-spacing": [
"error",
"never"
],
"@stylistic/array-bracket-newline": [
"error",
"consistent"
],
"@stylistic/object-curly-spacing": [
"error",
"always"
],
"@stylistic/object-curly-newline": [
"error",
{
"multiline": true,
"consistent": true
}
],
"@stylistic/object-property-newline": [
"error",
{
"allowAllPropertiesOnSameLine": true
}
],
"@stylistic/keyword-spacing": [
"error"
],
"@stylistic/brace-style": [
"error",
"1tbs",
{
"allowSingleLine": true
}
],
"@stylistic/space-before-blocks": [
"error"
],
"@stylistic/member-delimiter-style": [
"error"
],
"@stylistic/semi": [
"error",
"always"
],
"@stylistic/max-len": [
"error",
{
"code": 150,
"ignoreUrls": true,
"ignoreStrings": true,
"ignoreTemplateLiterals": true,
"ignoreComments": true,
"ignoreRegExpLiterals": true
}
],
"@stylistic/quote-props": [
"error",
"consistent-as-needed"
],
"@stylistic/key-spacing": [
"error"
],
"@stylistic/no-multiple-empty-lines": [
"error"
],
"@stylistic/no-trailing-spaces": [
"error"
],
"curly": [
"error",
"multi-line",
"consistent"
],
"@typescript-eslint/no-require-imports": "error",
"import/no-extraneous-dependencies": [
"error",
{
"devDependencies": [
"**/lib/__tests__/**",
"**/build-tools/**",
".projenrc.ts",
"projenrc/**/*.ts"
],
"optionalDependencies": false,
"peerDependencies": true
}
],
"import/no-unresolved": [
"error"
],
"import/order": [
"warn",
{
"groups": [
"builtin",
"external"
],
"alphabetize": {
"order": "asc",
"caseInsensitive": true
}
}
],
"import/no-duplicates": [
"error"
],
"no-shadow": [
"off"
],
"@typescript-eslint/no-shadow": "error",
"@typescript-eslint/no-floating-promises": "error",
"no-return-await": [
"off"
],
"@typescript-eslint/return-await": "error",
"dot-notation": [
"error"
],
"no-bitwise": [
"error"
],
"@typescript-eslint/member-ordering": [
"error",
{
"default": [
"public-static-field",
"public-static-method",
"protected-static-field",
"protected-static-method",
"private-static-field",
"private-static-method",
"field",
"constructor",
"method"
]
}
]
},
"overrides": [
{
"files": [
".projenrc.ts"
],
"rules": {
"@typescript-eslint/no-require-imports": "off",
"import/no-extraneous-dependencies": "off"
}
}
]
}
================================================
FILE: .gitattributes
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
* text=auto eol=lf
*.snap linguist-generated
/.eslintrc.json linguist-generated
/.gitattributes linguist-generated
/.github/workflows/auto-approve.yml linguist-generated
/.github/workflows/auto-queue.yml linguist-generated
/.github/workflows/build.yml linguist-generated
/.github/workflows/pull-request-lint.yml linguist-generated
/.github/workflows/release.yml linguist-generated
/.github/workflows/retry-automerge.yml linguist-generated
/.github/workflows/upgrade-cdklabs-projen-project-types-main.yml linguist-generated
/.github/workflows/upgrade-dev-deps-main.yml linguist-generated
/.github/workflows/upgrade-main.yml linguist-generated
/.gitignore linguist-generated
/.npmignore linguist-generated
/.projen/** linguist-generated
/.projen/deps.json linguist-generated
/.projen/files.json linguist-generated
/.projen/jest-snapshot-resolver.js linguist-generated
/.projen/tasks.json linguist-generated
/LICENSE linguist-generated
/package.json linguist-generated
/tsconfig.dev.json linguist-generated
/tsconfig.json linguist-generated
/yarn.lock linguist-generated
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
-----
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
================================================
FILE: .github/workflows/auto-approve.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: auto-approve
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
- ready_for_review
jobs:
approve:
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && (github.event.pull_request.user.login == 'cdklabs-automation' || github.event.pull_request.user.login == 'dependabot[bot]')
steps:
- uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/auto-queue.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: auto-queue
on:
pull_request_target:
types:
- opened
- reopened
- ready_for_review
jobs:
enableAutoQueue:
name: "Set AutoQueue on PR #${{ github.event.number }}"
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
steps:
- uses: peter-evans/enable-pull-request-automerge@v3
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
pull-request-number: ${{ github.event.number }}
merge-method: squash
================================================
FILE: .github/workflows/build.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: build
on:
pull_request: {}
workflow_dispatch: {}
merge_group: {}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files
- name: build
run: npx projen build
- name: Find mutations
id: self_mutation
run: |-
git add .
git diff --staged --patch --exit-code > repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT
shell: bash
working-directory: ./
- name: Upload patch
if: steps.self_mutation.outputs.self_mutation_happened
uses: actions/upload-artifact@v4.6.2
with:
name: repo.patch
path: repo.patch
overwrite: true
- name: Fail build on mutation
if: steps.self_mutation.outputs.self_mutation_happened
run: |-
echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
cat repo.patch
exit 1
self-mutation:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
steps:
- name: Checkout
uses: actions/checkout@v5
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download patch
uses: actions/download-artifact@v5
with:
name: repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Push changes
env:
PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }}
run: |-
git add .
git commit -s -m "chore: self mutation"
git push origin "HEAD:$PULL_REQUEST_REF"
================================================
FILE: .github/workflows/pull-request-lint.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: pull-request-lint
on:
pull_request_target:
types:
- labeled
- opened
- synchronize
- reopened
- ready_for_review
- edited
merge_group: {}
jobs:
validate:
name: Validate PR title
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target')
steps:
- uses: amannn/action-semantic-pull-request@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
types: |-
feat
fix
chore
requireScope: false
================================================
FILE: .github/workflows/release.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: release
on:
push:
branches:
- main
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
tag_exists: ${{ steps.check_tag_exists.outputs.exists }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set git identity
run: |-
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files --frozen-lockfile
- name: release
run: npx projen release
- name: Check if version has already been tagged
id: check_tag_exists
run: |-
TAG=$(cat dist/releasetag.txt)
([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT)
cat $GITHUB_OUTPUT
- name: Check for new commits
id: git_remote
run: |-
echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
shell: bash
- name: Backup artifact permissions
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
run: cd dist && getfacl -R . > permissions-backup.acl
continue-on-error: true
- name: Upload artifact
if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
uses: actions/upload-artifact@v4.6.2
with:
name: build-artifact
path: dist
overwrite: true
release_github:
name: Publish to GitHub Releases
needs:
- release
- release_npm
runs-on: ubuntu-latest
permissions:
contents: write
environment: release
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v5
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_SHA 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
release_npm:
name: Publish to npm
needs: release
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment: release
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
- uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Download build artifacts
uses: actions/download-artifact@v5
with:
name: build-artifact
path: dist
- name: Restore build artifact permissions
run: cd dist && setfacl --restore=permissions-backup.acl
continue-on-error: true
- name: Release
env:
NPM_DIST_TAG: latest
NPM_REGISTRY: registry.npmjs.org
NPM_CONFIG_PROVENANCE: "true"
NPM_TRUSTED_PUBLISHER: "true"
run: npx -p publib@latest publib-npm
================================================
FILE: .github/workflows/retry-automerge.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: retry-automerge
on:
pull_request:
types:
- auto_merge_disabled
jobs:
retry-automerge:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Print github context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
- name: Print github event file
run: jq . "$GITHUB_EVENT_PATH"
================================================
FILE: .github/workflows/stale.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen".
name: stale
on:
schedule:
- cron: 0 1 * * *
workflow_dispatch: {}
jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v4
with:
days-before-stale: -1
days-before-close: -1
days-before-pr-stale: 14
days-before-pr-close: 2
stale-pr-message: This pull request is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon. If you wish to exclude this issue from being marked as stale, add the "backlog" label.
close-pr-message: Closing this pull request as it hasn't seen activity for a while. Please add a comment @mentioning a maintainer to reopen. If you wish to exclude this issue from being marked as stale, add the "backlog" label.
stale-pr-label: stale
exempt-pr-labels: backlog
days-before-issue-stale: 60
days-before-issue-close: 7
stale-issue-message: This issue is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon. If you wish to exclude this issue from being marked as stale, add the "backlog" label.
close-issue-message: Closing this issue as it hasn't seen activity for a while. Please add a comment @mentioning a maintainer to reopen. If you wish to exclude this issue from being marked as stale, add the "backlog" label.
stale-issue-label: stale
exempt-issue-labels: backlog
================================================
FILE: .github/workflows/upgrade-cdklabs-projen-project-types-main.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: upgrade-cdklabs-projen-project-types-main
on:
workflow_dispatch: {}
jobs:
upgrade:
name: Upgrade
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
patch_created: ${{ steps.create_patch.outputs.patch_created }}
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: main
- name: Setup Node.js
uses: actions/setup-node@v5
- name: Install dependencies
run: yarn install --check-files --frozen-lockfile
- name: Upgrade dependencies
run: npx projen upgrade-cdklabs-projen-project-types
- name: Find mutations
id: create_patch
run: |-
git add .
git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT
shell: bash
working-directory: ./
- name: Upload patch
if: steps.create_patch.outputs.patch_created
uses: actions/upload-artifact@v4.6.2
with:
name: repo.patch
path: repo.patch
overwrite: true
pr:
name: Create Pull Request
needs: upgrade
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ needs.upgrade.outputs.patch_created }}
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: main
- name: Download patch
uses: actions/download-artifact@v5
with:
name: repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Create Pull Request
id: create-pr
uses: peter-evans/create-pull-request@v7
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
commit-message: |-
chore(deps): upgrade cdklabs-projen-project-types
Upgrades project dependencies. See details in [workflow run].
[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
------
*Automatically created by projen via the "upgrade-cdklabs-projen-project-types-main" workflow*
branch: github-actions/upgrade-cdklabs-projen-project-types-main
title: "chore(deps): upgrade cdklabs-projen-project-types"
labels: auto-approve
body: |-
Upgrades project dependencies. See details in [workflow run].
[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
------
*Automatically created by projen via the "upgrade-cdklabs-projen-project-types-main" workflow*
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
signoff: true
================================================
FILE: .github/workflows/upgrade-dev-deps-main.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: upgrade-dev-deps-main
on:
workflow_dispatch: {}
schedule:
- cron: 0 22 * * 1
jobs:
upgrade:
name: Upgrade
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
patch_created: ${{ steps.create_patch.outputs.patch_created }}
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: main
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files --frozen-lockfile
- name: Upgrade dependencies
run: npx projen upgrade-dev-deps
- name: Find mutations
id: create_patch
run: |-
git add .
git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT
shell: bash
working-directory: ./
- name: Upload patch
if: steps.create_patch.outputs.patch_created
uses: actions/upload-artifact@v4.6.2
with:
name: repo.patch
path: repo.patch
overwrite: true
pr:
name: Create Pull Request
needs: upgrade
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ needs.upgrade.outputs.patch_created }}
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: main
- name: Download patch
uses: actions/download-artifact@v5
with:
name: repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Create Pull Request
id: create-pr
uses: peter-evans/create-pull-request@v7
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
commit-message: |-
chore(deps): upgrade dev dependencies
Upgrades project dependencies. See details in [workflow run].
[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
------
*Automatically created by projen via the "upgrade-dev-deps-main" workflow*
branch: github-actions/upgrade-dev-deps-main
title: "chore(deps): upgrade dev dependencies"
labels: auto-approve
body: |-
Upgrades project dependencies. See details in [workflow run].
[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
------
*Automatically created by projen via the "upgrade-dev-deps-main" workflow*
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
signoff: true
================================================
FILE: .github/workflows/upgrade-main.yml
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: upgrade-main
on:
workflow_dispatch: {}
schedule:
- cron: 0 18 * * 1
jobs:
upgrade:
name: Upgrade
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
patch_created: ${{ steps.create_patch.outputs.patch_created }}
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: main
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Install dependencies
run: yarn install --check-files --frozen-lockfile
- name: Upgrade dependencies
run: npx projen upgrade
- name: Find mutations
id: create_patch
run: |-
git add .
git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT
shell: bash
working-directory: ./
- name: Upload patch
if: steps.create_patch.outputs.patch_created
uses: actions/upload-artifact@v4.6.2
with:
name: repo.patch
path: repo.patch
overwrite: true
pr:
name: Create Pull Request
needs: upgrade
runs-on: ubuntu-latest
permissions:
contents: read
if: ${{ needs.upgrade.outputs.patch_created }}
steps:
- name: Checkout
uses: actions/checkout@v5
with:
ref: main
- name: Download patch
uses: actions/download-artifact@v5
with:
name: repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: Create Pull Request
id: create-pr
uses: peter-evans/create-pull-request@v7
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
commit-message: |-
fix(deps): upgrade dependencies
Upgrades project dependencies. See details in [workflow run].
[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
------
*Automatically created by projen via the "upgrade-main" workflow*
branch: github-actions/upgrade-main
title: "fix(deps): upgrade dependencies"
labels: auto-approve
body: |-
Upgrades project dependencies. See details in [workflow run].
[Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
------
*Automatically created by projen via the "upgrade-main" workflow*
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
signoff: true
================================================
FILE: .gitignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
!/.gitattributes
!/.projen/tasks.json
!/.projen/deps.json
!/.projen/files.json
!/.github/workflows/pull-request-lint.yml
!/.github/workflows/auto-approve.yml
!/package.json
!/LICENSE
!/.npmignore
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
pids
*.pid
*.seed
*.pid.lock
lib-cov
coverage
*.lcov
.nyc_output
build/Release
node_modules/
jspm_packages/
*.tsbuildinfo
.eslintcache
*.tgz
.yarn-integrity
.cache
/test-reports/
junit.xml
/coverage/
!/.github/workflows/build.yml
/dist/changelog.md
/dist/version.txt
!/.github/workflows/release.yml
!/lib/__tests__/
!/tsconfig.json
!/tsconfig.dev.json
!/lib/
/lib/**/*.js
/lib/**/*.d.ts
/lib/**/*.d.ts.map
/dist/
!/.projen/jest-snapshot-resolver.js
!/.eslintrc.json
!/.github/workflows/retry-automerge.yml
!/.github/workflows/auto-queue.yml
!/.github/workflows/upgrade-cdklabs-projen-project-types-main.yml
!/.github/workflows/upgrade-main.yml
!/.github/workflows/upgrade-dev-deps-main.yml
cdk.out
pipeline/*.js
pipeline/*.d.ts
!lib/package-integrity/handler/JSONStream.d.ts
!/.projenrc.ts
================================================
FILE: .npmignore
================================================
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
/.projen/
/test-reports/
junit.xml
/coverage/
permissions-backup.acl
/dist/changelog.md
/dist/version.txt
/tsconfig.dev.json
!/lib/
!/lib/**/*.js
dist
/tsconfig.json
/.github/
/.vscode/
/.idea/
/.projenrc.js
/.eslintrc.json
/lib/**/*.ts
!/lib/**/*.d.ts
!/lib/**/node_modules/**
/lib/__tests__/
tsconfig.json
tsconfig.dev.json
tsconfig.tsbuildinfo
/build-*.sh
cdk.out/
cdk.json
/.gitattributes
/.projenrc.ts
/projenrc
================================================
FILE: .projen/deps.json
================================================
{
"dependencies": [
{
"name": "@aws-sdk/client-cloudwatch",
"type": "build"
},
{
"name": "@aws-sdk/client-codepipeline",
"type": "build"
},
{
"name": "@aws-sdk/client-s3",
"type": "build"
},
{
"name": "@aws-sdk/client-secrets-manager",
"type": "build"
},
{
"name": "@aws-sdk/client-ssm",
"type": "build"
},
{
"name": "@babel/plugin-transform-modules-commonjs",
"type": "build"
},
{
"name": "@stylistic/eslint-plugin",
"version": "^2",
"type": "build"
},
{
"name": "@types/adm-zip",
"type": "build"
},
{
"name": "@types/aws-lambda",
"type": "build"
},
{
"name": "@types/follow-redirects",
"type": "build"
},
{
"name": "@types/fs-extra",
"type": "build"
},
{
"name": "@types/jest",
"type": "build"
},
{
"name": "@types/node",
"version": "^18",
"type": "build"
},
{
"name": "@types/tar",
"type": "build"
},
{
"name": "@typescript-eslint/eslint-plugin",
"version": "^8",
"type": "build"
},
{
"name": "@typescript-eslint/parser",
"version": "^8",
"type": "build"
},
{
"name": "adm-zip",
"type": "build"
},
{
"name": "aws-cdk",
"type": "build"
},
{
"name": "aws-cdk-lib",
"type": "build"
},
{
"name": "cdklabs-projen-project-types",
"type": "build"
},
{
"name": "commit-and-tag-version",
"version": "^12",
"type": "build"
},
{
"name": "constructs",
"version": "^10.0.0",
"type": "build"
},
{
"name": "esbuild",
"type": "build"
},
{
"name": "eslint-import-resolver-typescript",
"type": "build"
},
{
"name": "eslint-plugin-import",
"type": "build"
},
{
"name": "eslint",
"version": "^9",
"type": "build"
},
{
"name": "follow-redirects",
"type": "build"
},
{
"name": "fs-extra",
"type": "build"
},
{
"name": "jest",
"type": "build"
},
{
"name": "jest-junit",
"version": "^16",
"type": "build"
},
{
"name": "JSONStream",
"type": "build"
},
{
"name": "minipass",
"version": "3.2.1",
"type": "build"
},
{
"name": "node-ical",
"version": "0.15.1",
"type": "build"
},
{
"name": "projen",
"type": "build"
},
{
"name": "rrule",
"type": "build"
},
{
"name": "standard-version",
"type": "build"
},
{
"name": "tar",
"type": "build"
},
{
"name": "ts-jest",
"type": "build"
},
{
"name": "ts-node",
"type": "build"
},
{
"name": "typescript",
"version": "~5.0.0",
"type": "build"
},
{
"name": "aws-cdk-lib",
"version": "^2.187.0",
"type": "peer"
},
{
"name": "constructs",
"type": "peer"
},
{
"name": "changelog-parser",
"type": "runtime"
}
],
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projen/files.json
================================================
{
"files": [
".eslintrc.json",
".gitattributes",
".github/workflows/auto-approve.yml",
".github/workflows/auto-queue.yml",
".github/workflows/build.yml",
".github/workflows/pull-request-lint.yml",
".github/workflows/release.yml",
".github/workflows/retry-automerge.yml",
".github/workflows/upgrade-cdklabs-projen-project-types-main.yml",
".github/workflows/upgrade-dev-deps-main.yml",
".github/workflows/upgrade-main.yml",
".gitignore",
".npmignore",
".projen/deps.json",
".projen/files.json",
".projen/jest-snapshot-resolver.js",
".projen/tasks.json",
"LICENSE",
"tsconfig.dev.json",
"tsconfig.json"
],
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projen/jest-snapshot-resolver.js
================================================
const path = require("path");
const libtest = "lib/__tests__";
const srctest= "lib/__tests__";
module.exports = {
resolveSnapshotPath: (test, ext) => {
const fullpath = test.replace(libtest, srctest);
return path.join(path.dirname(fullpath), "__snapshots__", path.basename(fullpath, ".js") + ".ts" + ext);
},
resolveTestPath: (snap, ext) => {
const filename = path.basename(snap, ".ts" + ext) + ".js";
const dir = path.dirname(path.dirname(snap)).replace(srctest, libtest);
return path.join(dir, filename);
},
testPathForConsistencyCheck: path.join('some', '__tests__', 'example.test.js')
};
================================================
FILE: .projen/tasks.json
================================================
{
"tasks": {
"build": {
"name": "build",
"description": "Full release build",
"steps": [
{
"spawn": "default"
},
{
"spawn": "pre-compile"
},
{
"spawn": "compile"
},
{
"spawn": "post-compile"
},
{
"spawn": "test"
},
{
"spawn": "package"
}
]
},
"build:publishing/github": {
"name": "build:publishing/github",
"steps": [
{
"exec": "yarn install --frozen-lockfile",
"cwd": "lib/publishing/github"
},
{
"exec": "yarn tsc --build",
"cwd": "lib/publishing/github"
}
]
},
"bump": {
"name": "bump",
"description": "Bumps version based on latest git tag and generates a changelog entry",
"env": {
"OUTFILE": "package.json",
"CHANGELOG": "dist/changelog.md",
"BUMPFILE": "dist/version.txt",
"RELEASETAG": "dist/releasetag.txt",
"RELEASE_TAG_PREFIX": "",
"BUMP_PACKAGE": "commit-and-tag-version@^12",
"RELEASABLE_COMMITS": "git log --no-merges --oneline $LATEST_TAG..HEAD -E --grep \"^(feat|fix){1}(\\([^()[:space:]]+\\))?(!)?:[[:blank:]]+.+\""
},
"steps": [
{
"builtin": "release/bump-version"
}
],
"condition": "git log --oneline -1 | grep -qv \"chore(release):\""
},
"bundle:package-integrity": {
"name": "bundle:package-integrity",
"description": "Bundle the package integrity script",
"steps": [
{
"exec": "esbuild --bundle lib/package-integrity/handler/validate.js --target=\"node14\" --platform=\"node\" --outfile=\"lib/package-integrity/handler/validate.bundle.js\" --sourcemap=inline"
}
]
},
"clobber": {
"name": "clobber",
"description": "hard resets to HEAD of origin and cleans the local repo",
"env": {
"BRANCH": "$(git branch --show-current)"
},
"steps": [
{
"exec": "git checkout -b scratch",
"name": "save current HEAD in \"scratch\" branch"
},
{
"exec": "git checkout $BRANCH"
},
{
"exec": "git fetch origin",
"name": "fetch latest changes from origin"
},
{
"exec": "git reset --hard origin/$BRANCH",
"name": "hard reset to origin commit"
},
{
"exec": "git clean -fdx",
"name": "clean all untracked files"
},
{
"say": "ready to rock! (unpushed commits are under the \"scratch\" branch)"
}
],
"condition": "git diff --exit-code > /dev/null"
},
"compile": {
"name": "compile",
"description": "Only compile",
"steps": [
{
"spawn": "compile:custom-resource-handlers"
},
{
"spawn": "build:publishing/github"
},
{
"exec": "tsc --build"
},
{
"spawn": "bundle:package-integrity"
}
]
},
"compile:custom-resource-handlers": {
"name": "compile:custom-resource-handlers",
"steps": [
{
"exec": "/bin/bash ./build-custom-resource-handlers.sh"
}
]
},
"default": {
"name": "default",
"description": "Synthesize project files",
"steps": [
{
"exec": "ts-node --project tsconfig.dev.json .projenrc.ts"
}
]
},
"eject": {
"name": "eject",
"description": "Remove projen from the project",
"env": {
"PROJEN_EJECTING": "true"
},
"steps": [
{
"spawn": "default"
}
]
},
"eslint": {
"name": "eslint",
"description": "Runs eslint against the codebase",
"env": {
"ESLINT_USE_FLAT_CONFIG": "false",
"NODE_NO_WARNINGS": "1"
},
"steps": [
{
"exec": "eslint --ext .ts,.tsx --fix --no-error-on-unmatched-pattern $@ lib lib/__tests__ build-tools projenrc .projenrc.ts",
"receiveArgs": true
}
]
},
"install": {
"name": "install",
"description": "Install project dependencies and update lockfile (non-frozen)",
"steps": [
{
"exec": "yarn install --check-files"
}
]
},
"install:ci": {
"name": "install:ci",
"description": "Install project dependencies using frozen lockfile",
"steps": [
{
"exec": "yarn install --check-files --frozen-lockfile"
}
]
},
"integ:diff": {
"name": "integ:diff",
"steps": [
{
"exec": "/bin/bash ./lib/__tests__/run-test.sh"
}
]
},
"integ:update": {
"name": "integ:update",
"steps": [
{
"exec": "/bin/bash ./lib/__tests__/run-test.sh update"
}
]
},
"package": {
"name": "package",
"description": "Creates the distribution package",
"steps": [
{
"exec": "mkdir -p dist/js"
},
{
"exec": "npm pack --pack-destination dist/js"
}
]
},
"post-compile": {
"name": "post-compile",
"description": "Runs after successful compilation"
},
"post-upgrade": {
"name": "post-upgrade",
"description": "Runs after upgrading dependencies"
},
"pre-compile": {
"name": "pre-compile",
"description": "Prepare the project for compilation",
"steps": [
{
"exec": "for a in lib/publishing/*/update-ssm.sh; do\n for b in lib/publishing/*/update-ssm.sh; do\n if ! diff $a $b; then\n echo \"Files should be the same but are not:\n- $a\n- $b\"\n exit 1\n fi\n done\ndone"
}
]
},
"release": {
"name": "release",
"description": "Prepare a release from \"main\" branch",
"env": {
"RELEASE": "true"
},
"steps": [
{
"exec": "rm -fr dist"
},
{
"spawn": "bump"
},
{
"spawn": "build"
},
{
"spawn": "unbump"
},
{
"exec": "git diff --ignore-space-at-eol --exit-code"
}
]
},
"test": {
"name": "test",
"description": "Run tests",
"env": {
"TZ": "UTC"
},
"steps": [
{
"exec": "jest --passWithNoTests --updateSnapshot",
"receiveArgs": true
},
{
"spawn": "eslint"
},
{
"spawn": "integ:diff"
}
]
},
"test:watch": {
"name": "test:watch",
"description": "Run jest in watch mode",
"steps": [
{
"exec": "jest --watch"
}
]
},
"unbump": {
"name": "unbump",
"description": "Restores version to 0.0.0",
"env": {
"OUTFILE": "package.json",
"CHANGELOG": "dist/changelog.md",
"BUMPFILE": "dist/version.txt",
"RELEASETAG": "dist/releasetag.txt",
"RELEASE_TAG_PREFIX": "",
"BUMP_PACKAGE": "commit-and-tag-version@^12",
"RELEASABLE_COMMITS": "git log --no-merges --oneline $LATEST_TAG..HEAD -E --grep \"^(feat|fix){1}(\\([^()[:space:]]+\\))?(!)?:[[:blank:]]+.+\""
},
"steps": [
{
"builtin": "release/reset-version"
}
]
},
"upgrade": {
"name": "upgrade",
"description": "upgrade dependencies",
"env": {
"CI": "0"
},
"steps": [
{
"exec": "npx npm-check-updates@18 --upgrade --target=minor --peer --no-deprecated --dep=prod --filter=changelog-parser"
},
{
"exec": "yarn install --check-files"
},
{
"exec": "yarn upgrade changelog-parser"
},
{
"exec": "npx projen"
},
{
"spawn": "post-upgrade"
}
]
},
"upgrade-cdklabs-projen-project-types": {
"name": "upgrade-cdklabs-projen-project-types",
"description": "upgrade cdklabs-projen-project-types",
"env": {
"CI": "0"
},
"steps": [
{
"exec": "npx npm-check-updates@18 --upgrade --target=latest --peer --no-deprecated --dep=dev,peer,prod,optional --filter=cdklabs-projen-project-types,projen"
},
{
"exec": "yarn install --check-files"
},
{
"exec": "yarn upgrade cdklabs-projen-project-types projen"
},
{
"exec": "npx projen"
},
{
"spawn": "post-upgrade"
}
]
},
"upgrade-dev-deps": {
"name": "upgrade-dev-deps",
"description": "upgrade dev dependencies",
"env": {
"CI": "0"
},
"steps": [
{
"exec": "npx npm-check-updates@18 --upgrade --target=minor --peer --no-deprecated --dep=dev --filter=@aws-sdk/client-cloudwatch,@aws-sdk/client-codepipeline,@aws-sdk/client-s3,@aws-sdk/client-secrets-manager,@aws-sdk/client-ssm,@babel/plugin-transform-modules-commonjs,@types/adm-zip,@types/aws-lambda,@types/follow-redirects,@types/fs-extra,@types/jest,@types/tar,adm-zip,aws-cdk,aws-cdk-lib,esbuild,eslint-import-resolver-typescript,eslint-plugin-import,follow-redirects,fs-extra,jest,JSONStream,rrule,standard-version,tar,ts-jest,ts-node"
},
{
"exec": "yarn install --check-files"
},
{
"exec": "yarn upgrade @aws-sdk/client-cloudwatch @aws-sdk/client-codepipeline @aws-sdk/client-s3 @aws-sdk/client-secrets-manager @aws-sdk/client-ssm @babel/plugin-transform-modules-commonjs @stylistic/eslint-plugin @types/adm-zip @types/aws-lambda @types/follow-redirects @types/fs-extra @types/jest @types/node @types/tar @typescript-eslint/eslint-plugin @typescript-eslint/parser adm-zip aws-cdk aws-cdk-lib commit-and-tag-version constructs esbuild eslint-import-resolver-typescript eslint-plugin-import eslint follow-redirects fs-extra jest jest-junit JSONStream minipass node-ical rrule standard-version tar ts-jest ts-node typescript"
},
{
"exec": "npx projen"
},
{
"spawn": "post-upgrade"
}
]
},
"watch": {
"name": "watch",
"description": "Watch & compile in the background",
"steps": [
{
"exec": "tsc --build -w"
}
]
}
},
"env": {
"PATH": "$(npx -c \"node --print process.env.PATH\")",
"RELEASE": "1"
},
"//": "~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\"."
}
================================================
FILE: .projenrc.ts
================================================
import { CdklabsTypeScriptProject } from 'cdklabs-projen-project-types';
const project = new CdklabsTypeScriptProject({
name: 'aws-delivlib',
private: false,
projenrcTs: true,
description: 'A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.',
repository: 'https://github.com/cdklabs/aws-delivlib.git',
defaultReleaseBranch: 'main',
authorName: 'Amazon Web Services',
authorUrl: 'https://aws.amazon.com',
minNodeVersion: '18.12.0',
typescriptVersion: '~5.0.0',
keywords: [
'aws-cdk',
'continuous-delivery',
'continuous-integration',
'ci-cd',
],
deps: ['changelog-parser'],
depsUpgradeOptions: {
exclude: ['aws-cdk-lib', 'constructs'],
},
devDeps: [
'@babel/plugin-transform-modules-commonjs',
'@types/aws-lambda',
'@types/fs-extra',
'@types/tar',
'@types/adm-zip',
'@types/follow-redirects',
'aws-cdk',
'constructs',
'aws-cdk-lib',
'standard-version',
'ts-jest',
'typescript@~5.0.0',
'@aws-sdk/client-s3',
'@aws-sdk/client-ssm',
'@aws-sdk/client-secrets-manager',
'@aws-sdk/client-codepipeline',
'@aws-sdk/client-cloudwatch',
'node-ical@0.15.1', // need to pin due to https://github.com/axios/axios/issues/5101
'rrule',
'esbuild',
'fs-extra',
'tar',
'adm-zip',
'JSONStream',
'follow-redirects',
'minipass@3.2.1', // temporary (hopefully) workaround for https://github.com/DefinitelyTyped/DefinitelyTyped/discussions/60901s
],
peerDeps: [
'constructs',
'aws-cdk-lib@^2.187.0',
],
srcdir: 'lib',
testdir: 'lib/__tests__',
pullRequestTemplate: false,
autoApproveOptions: {
allowedUsernames: ['cdklabs-automation'],
secret: 'GITHUB_TOKEN',
},
autoApproveUpgrades: true,
releaseToNpm: true,
enablePRAutoMerge: true,
});
// trick projen so that it doesn't override the version in package.json
project.tasks.addEnvironment('RELEASE', '1');
project.gitignore.exclude('cdk.out');
project.gitignore.exclude('pipeline/*.js');
project.gitignore.exclude('pipeline/*.d.ts');
project.setScript('cdk', 'npx cdk');
const integDiff = project.addTask('integ:diff');
integDiff.exec('/bin/bash ./lib/__tests__/run-test.sh');
const integUpdate = project.addTask('integ:update');
integUpdate.exec('/bin/bash ./lib/__tests__/run-test.sh update');
// Need to run with UTC TZ, or else node-ical does very wrong things with timestamps and fails tests...
project.testTask.env('TZ', 'UTC');
project.testTask.spawn(integDiff);
// Run yarn install in the github publisher directory
const buildGithubPublisher = project.addTask('build:publishing/github');
buildGithubPublisher.exec('yarn install --frozen-lockfile', { cwd: 'lib/publishing/github' });
buildGithubPublisher.exec('yarn tsc --build', { cwd: 'lib/publishing/github' });
project.compileTask.prependSpawn(buildGithubPublisher);
// Exclude the publisher from the root tsconfig, but add a reference to it
project.tsconfig?.addExclude('lib/publishing/github');
project.tsconfig?.file.addOverride('references', [{ path: 'lib/publishing/github' }]);
const compileCustomResourceHandlers = project.addTask('compile:custom-resource-handlers');
compileCustomResourceHandlers.exec('/bin/bash ./build-custom-resource-handlers.sh');
project.compileTask.prependSpawn(compileCustomResourceHandlers);
project.gitignore.include('lib/package-integrity/handler/JSONStream.d.ts');
const bundlePackageIntegrity = project.addTask('bundle:package-integrity', {
description: 'Bundle the package integrity script',
exec: [
'esbuild',
'--bundle',
'lib/package-integrity/handler/validate.js',
'--target="node14"',
'--platform="node"',
'--outfile="lib/package-integrity/handler/validate.bundle.js"',
'--sourcemap=inline',
].join(' '),
});
project.compileTask.spawn(bundlePackageIntegrity);
// Make sure that all "update-ssm" scripts are the same, so that they don't drift.
project.preCompileTask.exec(`for a in lib/publishing/*/update-ssm.sh; do
for b in lib/publishing/*/update-ssm.sh; do
if ! diff $a $b; then
echo "Files should be the same but are not:\n- $a\n- $b"
exit 1
fi
done
done`);
// The npmignore file includes original source files, which is undesirable.
project.npmignore?.exclude(
'/lib/**/*.ts',
);
project.npmignore?.include(
'/lib/**/*.d.ts',
'/lib/**/node_modules/**',
);
// Also includes other undesirable assets.
project.npmignore?.exclude(
'/lib/__tests__/',
'tsconfig.json',
'tsconfig.dev.json',
'tsconfig.tsbuildinfo',
'/build-*.sh',
'cdk.out/',
'cdk.json',
);
// Allow Jest to transform ESM-only dependencies
project.jest!.config.transformIgnorePatterns = [
'node_modules/(?!(@nodable/entities)/)',
];
project.jest!.config.transform = {
'node_modules/@nodable/entities/.+\\.js$': ['babel-jest', { plugins: ['@babel/plugin-transform-modules-commonjs'] }],
};
project.synth();
================================================
FILE: CHANGELOG.md
================================================
# Changelog
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
### [13.0.34](https://github.com/cdklabs/aws-delivlib/compare/v13.0.33...v13.0.34) (2021-09-03)
### [13.0.33](https://github.com/cdklabs/aws-delivlib/compare/v13.0.32...v13.0.33) (2021-09-02)
### [13.0.32](https://github.com/cdklabs/aws-delivlib/compare/v13.0.31...v13.0.32) (2021-09-01)
### [13.0.31](https://github.com/cdklabs/aws-delivlib/compare/v13.0.30...v13.0.31) (2021-08-26)
### [13.0.30](https://github.com/cdklabs/aws-delivlib/compare/v13.0.29...v13.0.30) (2021-08-25)
### [13.0.29](https://github.com/cdklabs/aws-delivlib/compare/v13.0.28...v13.0.29) (2021-08-24)
### [13.0.28](https://github.com/cdklabs/aws-delivlib/compare/v13.0.27...v13.0.28) (2021-08-23)
### [13.0.27](https://github.com/cdklabs/aws-delivlib/compare/v13.0.26...v13.0.27) (2021-08-22)
### [13.0.26](https://github.com/cdklabs/aws-delivlib/compare/v13.0.25...v13.0.26) (2021-08-21)
### [13.0.25](https://github.com/cdklabs/aws-delivlib/compare/v13.0.24...v13.0.25) (2021-08-20)
### [13.0.24](https://github.com/cdklabs/aws-delivlib/compare/v13.0.23...v13.0.24) (2021-08-19)
### [13.0.23](https://github.com/cdklabs/aws-delivlib/compare/v13.0.22...v13.0.23) (2021-08-18)
### [13.0.22](https://github.com/cdklabs/aws-delivlib/compare/v13.0.21...v13.0.22) (2021-08-17)
### [13.0.21](https://github.com/cdklabs/aws-delivlib/compare/v13.0.20...v13.0.21) (2021-08-16)
### [13.0.20](https://github.com/cdklabs/aws-delivlib/compare/v13.0.19...v13.0.20) (2021-08-15)
### [13.0.19](https://github.com/cdklabs/aws-delivlib/compare/v13.0.18...v13.0.19) (2021-08-14)
### [13.0.18](https://github.com/cdklabs/aws-delivlib/compare/v13.0.17...v13.0.18) (2021-08-13)
### [13.0.17](https://github.com/cdklabs/aws-delivlib/compare/v13.0.16...v13.0.17) (2021-08-12)
### [13.0.16](https://github.com/cdklabs/aws-delivlib/compare/v13.0.15...v13.0.16) (2021-08-11)
### [13.0.15](https://github.com/cdklabs/aws-delivlib/compare/v13.0.14...v13.0.15) (2021-08-10)
### [13.0.14](https://github.com/cdklabs/aws-delivlib/compare/v13.0.13...v13.0.14) (2021-07-28)
### [13.0.13](https://github.com/cdklabs/aws-delivlib/compare/v13.0.12...v13.0.13) (2021-07-27)
### [13.0.12](https://github.com/cdklabs/aws-delivlib/compare/v13.0.11...v13.0.12) (2021-07-26)
### [13.0.11](https://github.com/cdklabs/aws-delivlib/compare/v13.0.10...v13.0.11) (2021-07-25)
### [13.0.10](https://github.com/cdklabs/aws-delivlib/compare/v13.0.9...v13.0.10) (2021-07-24)
### [13.0.9](https://github.com/cdklabs/aws-delivlib/compare/v13.0.8...v13.0.9) (2021-07-23)
### [13.0.8](https://github.com/cdklabs/aws-delivlib/compare/v13.0.7...v13.0.8) (2021-07-22)
### [13.0.7](https://github.com/cdklabs/aws-delivlib/compare/v13.0.6...v13.0.7) (2021-07-21)
### [13.0.6](https://github.com/cdklabs/aws-delivlib/compare/v13.0.5...v13.0.6) (2021-07-20)
### [13.0.5](https://github.com/cdklabs/aws-delivlib/compare/v13.0.4...v13.0.5) (2021-07-06)
### [13.0.4](https://github.com/cdklabs/aws-delivlib/compare/v13.0.3...v13.0.4) (2021-07-05)
### [13.0.3](https://github.com/cdklabs/aws-delivlib/compare/v13.0.2...v13.0.3) (2021-06-17)
### [13.0.2](https://github.com/cdklabs/aws-delivlib/compare/v13.0.1...v13.0.2) (2021-06-16)
### Bug Fixes
* Custom Resources use end-of-life Lambda Node 10 runtime ([#834](https://github.com/cdklabs/aws-delivlib/issues/834)) ([6590e7d](https://github.com/cdklabs/aws-delivlib/commit/6590e7dd7d19c1f32b4516a45d34420cd4fe30b7))
### [13.0.1](https://github.com/cdklabs/aws-delivlib/compare/v13.0.0...v13.0.1) (2021-06-15)
## [13.0.0](https://github.com/cdklabs/aws-delivlib/compare/v12.7.2...v13.0.0) (2021-06-14)
### ⚠ BREAKING CHANGES
* `esbuild` or `docker` is required in order to bundle the change-control-lambda
* change-control-lambda migrated to `NodeJsFunction` ([#844](https://github.com/cdklabs/aws-delivlib/issues/844)) ([715446d](https://github.com/cdklabs/aws-delivlib/commit/715446d7296f3f6e2fa6172f0e73bcf012193467))
### [12.7.2](https://github.com/cdklabs/aws-delivlib/compare/v12.7.1...v12.7.2) (2021-06-07)
### [12.7.1](https://github.com/cdklabs/aws-delivlib/compare/v12.7.0...v12.7.1) (2021-05-29)
## [12.7.0](https://github.com/cdklabs/aws-delivlib/compare/v12.6.0...v12.7.0) (2021-05-12)
### Features
* **pipeline:** improved pipeline action failure metrics ([8f3783b](https://github.com/cdklabs/aws-delivlib/commit/8f3783b8a0e71542485ef91bcc281daf3c9ecb7e)), closes [#696](https://github.com/cdklabs/aws-delivlib/issues/696)
## [12.6.0](https://github.com/cdklabs/aws-delivlib/compare/v12.5.0...v12.6.0) (2021-05-08)
### Features
* **registry-sync:** docker build time variables ([a04cb1e](https://github.com/cdklabs/aws-delivlib/commit/a04cb1e8cc16a5c6176c92c555e116652bcc7efe))
## [12.5.0](https://github.com/cdklabs/aws-delivlib/compare/v12.4.3...v12.5.0) (2021-05-03)
### Features
* **auto-pr:** skip creating PR if open PR still exists ([#797](https://github.com/cdklabs/aws-delivlib/issues/797)) ([c58ded9](https://github.com/cdklabs/aws-delivlib/commit/c58ded9f3c9e7f585f53953dfaf8829f6eb38093))
### Bug Fixes
* reuse same repository for multiple tags ([194ec3a](https://github.com/cdklabs/aws-delivlib/commit/194ec3a1870d0e954616f3aa22065ddd4622682d))
### [12.4.3](https://github.com/awslabs/aws-delivlib/compare/v12.4.2...v12.4.3) (2021-04-19)
### Bug Fixes
* **ecr-mirror:** only represent non-`latest` tags in construct IDs ([6282a0c](https://github.com/awslabs/aws-delivlib/commit/6282a0ccc8f02f1c6b7a54bc0840b4d26061f27e))
### [12.4.2](https://github.com/awslabs/aws-delivlib/compare/v12.4.1...v12.4.2) (2021-04-14)
### Bug Fixes
* **ecr-mirror:** unable to mirror multiple tags from same repository ([89f3b1a](https://github.com/awslabs/aws-delivlib/commit/89f3b1a8b16843987464ac4a85f23021602dd7f7))
### [12.4.1](https://github.com/awslabs/aws-delivlib/compare/v12.4.0...v12.4.1) (2021-04-12)
### Bug Fixes
* use an atomic push when pushing bumps ([90de8cd](https://github.com/awslabs/aws-delivlib/commit/90de8cd1e12923f5cfcb877dc17ea1c0c2b30596))
## [12.4.0](https://github.com/awslabs/aws-delivlib/compare/v12.3.2...v12.4.0) (2021-04-12)
### Features
* **autobuild:** autobuild multiple branches ([125d792](https://github.com/awslabs/aws-delivlib/commit/125d7928ed70856b54d1522772300efc164b35c2))
### [12.3.2](https://github.com/awslabs/aws-delivlib/compare/v12.3.0...v12.3.2) (2021-03-25)
### Bug Fixes
* idempotencyToken is expected to be a string ([c70c50a](https://github.com/awslabs/aws-delivlib/commit/c70c50a6c68d86a8a2e87599fa65cd46e0193f7d))
### [12.3.1](https://github.com/awslabs/aws-delivlib/compare/v12.3.0...v12.3.1) (2021-03-25)
### Bug Fixes
* idempotencyToken is expected to be a string ([c70c50a](https://github.com/awslabs/aws-delivlib/commit/c70c50a6c68d86a8a2e87599fa65cd46e0193f7d))
## [12.3.0](https://github.com/awslabs/aws-delivlib/compare/v12.2.5...v12.3.0) (2021-03-08)
### Features
* support NPM publishing order ([d106fbd](https://github.com/awslabs/aws-delivlib/commit/d106fbd6b10e572aeb2e873035da5ced21bffa14))
### [12.2.5](https://github.com/awslabs/aws-delivlib/compare/v12.2.4...v12.2.5) (2021-03-08)
### [12.2.4](https://github.com/awslabs/aws-delivlib/compare/v12.2.3...v12.2.4) (2021-03-05)
### [12.2.3](https://github.com/awslabs/aws-delivlib/compare/v12.2.2...v12.2.3) (2021-03-02)
### [12.2.2](https://github.com/awslabs/aws-delivlib/compare/v12.2.1...v12.2.2) (2021-03-01)
### [12.2.1](https://github.com/awslabs/aws-delivlib/compare/v12.2.0...v12.2.1) (2021-02-24)
## [12.2.0](https://github.com/awslabs/aws-delivlib/compare/v12.1.13...v12.2.0) (2021-02-23)
### Features
* golang publishing ([96150d8](https://github.com/awslabs/aws-delivlib/commit/96150d80f5f6ff50a9ebd235d4a0127595aa6929)), closes [aws/jsii#2562](https://github.com/aws/jsii/issues/2562)
### [12.1.13](https://github.com/awslabs/aws-delivlib/compare/v12.1.12...v12.1.13) (2021-02-23)
### [12.1.12](https://github.com/awslabs/aws-delivlib/compare/v12.1.11...v12.1.12) (2021-02-22)
### [12.1.11](https://github.com/awslabs/aws-delivlib/compare/v12.1.10...v12.1.11) (2021-02-19)
### [12.1.10](https://github.com/awslabs/aws-delivlib/compare/v12.1.9...v12.1.10) (2021-02-18)
### [12.1.9](https://github.com/awslabs/aws-delivlib/compare/v12.1.8...v12.1.9) (2021-02-16)
### [12.1.8](https://github.com/awslabs/aws-delivlib/compare/v12.1.7...v12.1.8) (2021-02-15)
### [12.1.7](https://github.com/awslabs/aws-delivlib/compare/v12.1.6...v12.1.7) (2021-02-12)
### [12.1.6](https://github.com/awslabs/aws-delivlib/compare/v12.1.5...v12.1.6) (2021-02-11)
### [12.1.5](https://github.com/awslabs/aws-delivlib/compare/v12.1.4...v12.1.5) (2021-02-10)
### [12.1.4](https://github.com/awslabs/aws-delivlib/compare/v12.1.3...v12.1.4) (2021-02-09)
### Bug Fixes
* **pypi:** cryptography >= 3.4 is not supported by older pip ([4ff8cfb](https://github.com/awslabs/aws-delivlib/commit/4ff8cfbd6d9e337e39d2906b959bb064549cb887)), closes [/cryptography.io/en/3.4/changelog.html#v3-4](https://github.com/awslabs//cryptography.io/en/3.4/changelog.html/issues/v3-4)
### [12.1.3](https://github.com/awslabs/aws-delivlib/compare/v12.1.2...v12.1.3) (2021-02-09)
### [12.1.2](https://github.com/awslabs/aws-delivlib/compare/v12.1.1...v12.1.2) (2021-02-05)
### [12.1.1](https://github.com/awslabs/aws-delivlib/compare/v12.1.0...v12.1.1) (2021-02-04)
## [12.1.0](https://github.com/awslabs/aws-delivlib/compare/v12.0.0...v12.1.0) (2021-02-02)
### Features
* **autobuild:** Option to disable webhooks ([969759d](https://github.com/awslabs/aws-delivlib/commit/969759d406cbea50921d3f8c1336ed5321ce78a2))
## [12.0.0](https://github.com/awslabs/aws-delivlib/compare/v11.0.8...v12.0.0) (2021-02-02)
### ⚠ BREAKING CHANGES
* **pipeline:** delivlib `Pipeline` construct no longer produces
the `<pipelineName>_FailedStages` metric. It instead produces the
metric `PipelineActionFailures` with the pipeline name as a dimension.
### Features
* **pipeline:** improved pipeline failure metrics ([5c30ada](https://github.com/awslabs/aws-delivlib/commit/5c30adafd594ae139f9cccbeb4d0fd8c417a9c6f))
### [11.0.8](https://github.com/awslabs/aws-delivlib/compare/v11.0.7...v11.0.8) (2021-02-01)
### [11.0.7](https://github.com/awslabs/aws-delivlib/compare/v11.0.6...v11.0.7) (2021-01-29)
### [11.0.6](https://github.com/awslabs/aws-delivlib/compare/v11.0.5...v11.0.6) (2021-01-26)
### [11.0.5](https://github.com/awslabs/aws-delivlib/compare/v11.0.4...v11.0.5) (2021-01-25)
### [11.0.4](https://github.com/awslabs/aws-delivlib/compare/v11.0.3...v11.0.4) (2021-01-22)
### [11.0.3](https://github.com/awslabs/aws-delivlib/compare/v11.0.2...v11.0.3) (2021-01-21)
### [11.0.2](https://github.com/awslabs/aws-delivlib/compare/v11.0.1...v11.0.2) (2021-01-20)
### [11.0.1](https://github.com/awslabs/aws-delivlib/compare/v11.0.0...v11.0.1) (2021-01-19)
## [11.0.0](https://github.com/awslabs/aws-delivlib/compare/v10.3.12...v11.0.0) (2021-01-19)
### ⚠ BREAKING CHANGES
* **bump:** the 'stage' prop of AutoMergeBackOptions has been moved to a
new AutoMergeBackPipelineOptions interface.
### Bug Fixes
* remove repo as required property of AutoMergeBackOptions ([7eb7991](https://github.com/awslabs/aws-delivlib/commit/7eb7991171ccd64d49e3e7123cc68c3dca3d104a)), closes [#671](https://github.com/awslabs/aws-delivlib/issues/671)
* **bump:** refactor AutoMergeBackOptions ([0700bcc](https://github.com/awslabs/aws-delivlib/commit/0700bccc5cd469688ace57856086c02a6f605a94)), closes [#684](https://github.com/awslabs/aws-delivlib/issues/684)
### [10.3.12](https://github.com/awslabs/aws-delivlib/compare/v10.3.11...v10.3.12) (2021-01-18)
### [10.3.11](https://github.com/awslabs/aws-delivlib/compare/v10.3.10...v10.3.11) (2021-01-15)
### [10.3.10](https://github.com/awslabs/aws-delivlib/compare/v10.3.9...v10.3.10) (2021-01-13)
### [10.3.9](https://github.com/awslabs/aws-delivlib/compare/v10.3.8...v10.3.9) (2021-01-12)
### [10.3.8](https://github.com/awslabs/aws-delivlib/compare/v10.3.7...v10.3.8) (2021-01-11)
### [10.3.7](https://github.com/awslabs/aws-delivlib/compare/v10.3.6...v10.3.7) (2021-01-08)
### [10.3.6](https://github.com/awslabs/aws-delivlib/compare/v10.3.5...v10.3.6) (2021-01-07)
### [10.3.5](https://github.com/awslabs/aws-delivlib/compare/v10.3.4...v10.3.5) (2021-01-06)
### [10.3.4](https://github.com/awslabs/aws-delivlib/compare/v10.3.3...v10.3.4) (2021-01-05)
### [10.3.3](https://github.com/awslabs/aws-delivlib/compare/v10.3.2...v10.3.3) (2021-01-04)
### [10.3.2](https://github.com/awslabs/aws-delivlib/compare/v10.3.1...v10.3.2) (2021-01-01)
### [10.3.1](https://github.com/awslabs/aws-delivlib/compare/v10.3.0...v10.3.1) (2020-12-31)
## [10.3.0](https://github.com/awslabs/aws-delivlib/compare/v10.2.16...v10.3.0) (2020-12-30)
### Features
* **auto-build:** option to not publish build logs when build is successful ([#633](https://github.com/awslabs/aws-delivlib/issues/633)) ([0026760](https://github.com/awslabs/aws-delivlib/commit/00267602e1c14013f653b1dfb486d2a2a355027c)), closes [jlhood/github-codebuild-logs#29](https://github.com/jlhood/github-codebuild-logs/issues/29)
### [10.2.16](https://github.com/awslabs/aws-delivlib/compare/v10.2.15...v10.2.16) (2020-12-30)
### [10.2.15](https://github.com/awslabs/aws-delivlib/compare/v10.2.14...v10.2.15) (2020-12-29)
### [10.2.14](https://github.com/awslabs/aws-delivlib/compare/v10.2.13...v10.2.14) (2020-12-28)
### [10.2.13](https://github.com/awslabs/aws-delivlib/compare/v10.2.12...v10.2.13) (2020-12-25)
### [10.2.12](https://github.com/awslabs/aws-delivlib/compare/v10.2.11...v10.2.12) (2020-12-24)
### [10.2.11](https://github.com/awslabs/aws-delivlib/compare/v10.2.10...v10.2.11) (2020-12-23)
### [10.2.10](https://github.com/awslabs/aws-delivlib/compare/v10.2.9...v10.2.10) (2020-12-22)
### [10.2.9](https://github.com/awslabs/aws-delivlib/compare/v10.2.8...v10.2.9) (2020-12-21)
### [10.2.8](https://github.com/awslabs/aws-delivlib/compare/v10.2.7...v10.2.8) (2020-12-18)
### [10.2.7](https://github.com/awslabs/aws-delivlib/compare/v10.2.6...v10.2.7) (2020-12-17)
### Bug Fixes
* **ecr-mirror:** sync job fails when using MirrorSource.fromDirectory() ([3c96b03](https://github.com/awslabs/aws-delivlib/commit/3c96b03012bc5521c656b3f07eb12fd0abc11ed1))
### [10.2.6](https://github.com/awslabs/aws-delivlib/compare/v10.2.5...v10.2.6) (2020-12-17)
### [10.2.5](https://github.com/awslabs/aws-delivlib/compare/v10.2.4...v10.2.5) (2020-12-15)
### [10.2.4](https://github.com/awslabs/aws-delivlib/compare/v10.2.3...v10.2.4) (2020-12-14)
### [10.2.3](https://github.com/awslabs/aws-delivlib/compare/v10.2.2...v10.2.3) (2020-12-11)
### Bug Fixes
* **ecr-mirror:** duplicate repository names get overwritten. ([1e15730](https://github.com/awslabs/aws-delivlib/commit/1e15730800883457142ba6f58bdcc497e6f1fd85))
### [10.2.2](https://github.com/awslabs/aws-delivlib/compare/v10.2.1...v10.2.2) (2020-12-10)
### [10.2.1](https://github.com/awslabs/aws-delivlib/compare/v10.2.0...v10.2.1) (2020-12-09)
## [10.2.0](https://github.com/awslabs/aws-delivlib/compare/v10.1.6...v10.2.0) (2020-12-08)
### Features
* synchronize docker images to a local ECR repository ([e2fec0a](https://github.com/awslabs/aws-delivlib/commit/e2fec0a5a60211723b4b9317ecaef8ef00926003))
### [10.1.6](https://github.com/awslabs/aws-delivlib/compare/v10.1.5...v10.1.6) (2020-12-04)
### Bug Fixes
* **chime-notifier:** synthesis fails when webhook url is a token ([3e6e185](https://github.com/awslabs/aws-delivlib/commit/3e6e1853a9f99e427d2a471c0d0c2da8110eee3d))
### [10.1.5](https://github.com/awslabs/aws-delivlib/compare/v10.1.4...v10.1.5) (2020-12-02)
### [10.1.4](https://github.com/awslabs/aws-delivlib/compare/v10.1.3...v10.1.4) (2020-12-01)
### [10.1.3](https://github.com/awslabs/aws-delivlib/compare/v10.1.2...v10.1.3) (2020-11-28)
### [10.1.2](https://github.com/awslabs/aws-delivlib/compare/v10.1.1...v10.1.2) (2020-11-25)
### [10.1.1](https://github.com/awslabs/aws-delivlib/compare/v10.1.0...v10.1.1) (2020-11-23)
### Bug Fixes
* **pipeline-notifications:** deployment fails to replace codestar notifications resource ([13a0e2c](https://github.com/awslabs/aws-delivlib/commit/13a0e2c1081fdc74e218aa485dea5648417a2f79))
## [10.1.0](https://github.com/awslabs/aws-delivlib/compare/v10.0.7...v10.1.0) (2020-11-19)
### Features
* AutoBuild as its own feature ([b98a191](https://github.com/awslabs/aws-delivlib/commit/b98a19188032f752f03f26d9058cdea5861aa1f3))
### [10.0.7](https://github.com/awslabs/aws-delivlib/compare/v10.0.6...v10.0.7) (2020-11-18)
### [10.0.6](https://github.com/awslabs/aws-delivlib/compare/v10.0.5...v10.0.6) (2020-11-17)
### [10.0.5](https://github.com/awslabs/aws-delivlib/compare/v10.0.4...v10.0.5) (2020-11-16)
### [10.0.4](https://github.com/awslabs/aws-delivlib/compare/v10.0.3...v10.0.4) (2020-11-12)
### [10.0.3](https://github.com/awslabs/aws-delivlib/compare/v10.0.2...v10.0.3) (2020-11-11)
### [10.0.2](https://github.com/awslabs/aws-delivlib/compare/v10.0.1...v10.0.2) (2020-11-10)
### [10.0.1](https://github.com/awslabs/aws-delivlib/compare/v10.0.0...v10.0.1) (2020-11-09)
## [10.0.0](https://github.com/awslabs/aws-delivlib/compare/v9.2.0...v10.0.0) (2020-11-08)
### ⚠ BREAKING CHANGES
* `pipeline.addShellable` now returns the shellable in addition to the action. Use `.action` to retrieve the action
### Features
* expose underlying codebuild projects ([5e53749](https://github.com/awslabs/aws-delivlib/commit/5e537498b683442579c3925de647b3aded60ffb4))
## [9.2.0](https://github.com/awslabs/aws-delivlib/compare/v9.1.3...v9.2.0) (2020-11-07)
### Features
* **pipeline:** allow more details from slack notifications ([#553](https://github.com/awslabs/aws-delivlib/issues/553)) ([531308c](https://github.com/awslabs/aws-delivlib/commit/531308c6407abb3180dc6e3dfb3a1e89cfbf4d64))
### [9.1.3](https://github.com/awslabs/aws-delivlib/compare/v9.1.2...v9.1.3) (2020-11-06)
### [9.1.2](https://github.com/awslabs/aws-delivlib/compare/v9.1.1...v9.1.2) (2020-11-05)
### [9.1.1](https://github.com/awslabs/aws-delivlib/compare/v9.1.0...v9.1.1) (2020-11-04)
## [9.1.0](https://github.com/awslabs/aws-delivlib/compare/v9.0.4...v9.1.0) (2020-11-03)
### Features
* **pipeline:** notify failure on slack ([3bb46a3](https://github.com/awslabs/aws-delivlib/commit/3bb46a3d61b3187accfde7c914f04eeeae507a35))
### [9.0.4](https://github.com/awslabs/aws-delivlib/compare/v9.0.3...v9.0.4) (2020-11-02)
### [9.0.3](https://github.com/awslabs/aws-delivlib/compare/v9.0.2...v9.0.3) (2020-10-30)
### [9.0.2](https://github.com/awslabs/aws-delivlib/compare/v9.0.1...v9.0.2) (2020-10-29)
### [9.0.1](https://github.com/awslabs/aws-delivlib/compare/v9.0.0...v9.0.1) (2020-10-28)
## [9.0.0](https://github.com/awslabs/aws-delivlib/compare/v8.6.0...v9.0.0) (2020-10-27)
### ⚠ BREAKING CHANGES
* From this release on, `aws-delivlib` has a dependency
on `monocdk` instead of `monocdk-experiment`.
### Bug Fixes
* untracked files preventing checkout ([#530](https://github.com/awslabs/aws-delivlib/issues/530)) ([77a7bc2](https://github.com/awslabs/aws-delivlib/commit/77a7bc237f66ceb66244b95f20859bf25bef6b52))
* upgrade to `monocdk` 1.70.0 ([7b7e9dd](https://github.com/awslabs/aws-delivlib/commit/7b7e9dd0a0c006f159c8cd669519c8f829d50a94))
## [8.6.0](https://github.com/awslabs/aws-delivlib/compare/v8.4.8...v8.6.0) (2020-10-26)
### Features
* **bump:** skip push & PR if head is behind base ([4af1774](https://github.com/awslabs/aws-delivlib/commit/4af1774886ff05c74e8c781526f13c43665aaf24))
### Bug Fixes
* **bump:** a branch named '<branch>' already exists ([ba5e600](https://github.com/awslabs/aws-delivlib/commit/ba5e60030c6d52473db3108a3e33c4f6c6f11984))
* **bump:** specify remote branch name in 'git push' ([53ea149](https://github.com/awslabs/aws-delivlib/commit/53ea149027c497350a91dafb0b6ea1695afafc7c))
## [8.5.0](https://github.com/awslabs/aws-delivlib/compare/v8.4.8...v8.5.0) (2020-10-26)
### Features
* **bump:** skip push & PR if head is behind base ([4af1774](https://github.com/awslabs/aws-delivlib/commit/4af1774886ff05c74e8c781526f13c43665aaf24))
### Bug Fixes
* **bump:** a branch named '<branch>' already exists ([ba5e600](https://github.com/awslabs/aws-delivlib/commit/ba5e60030c6d52473db3108a3e33c4f6c6f11984))
* **bump:** specify remote branch name in 'git push' ([53ea149](https://github.com/awslabs/aws-delivlib/commit/53ea149027c497350a91dafb0b6ea1695afafc7c))
### [8.4.8](https://github.com/awslabs/aws-delivlib/compare/v8.4.7...v8.4.8) (2020-10-22)
### [8.4.7](https://github.com/awslabs/aws-delivlib/compare/v8.4.6...v8.4.7) (2020-10-21)
### [8.4.6](https://github.com/awslabs/aws-delivlib/compare/v8.4.5...v8.4.6) (2020-10-20)
### [8.4.5](https://github.com/awslabs/aws-delivlib/compare/v8.4.4...v8.4.5) (2020-10-19)
### [8.4.4](https://github.com/awslabs/aws-delivlib/compare/v8.4.3...v8.4.4) (2020-10-16)
### [8.4.3](https://github.com/awslabs/aws-delivlib/compare/v8.4.2...v8.4.3) (2020-10-15)
### [8.4.2](https://github.com/awslabs/aws-delivlib/compare/v8.4.1...v8.4.2) (2020-10-14)
### [8.4.1](https://github.com/awslabs/aws-delivlib/compare/v8.4.0...v8.4.1) (2020-10-13)
## [8.4.0](https://github.com/awslabs/aws-delivlib/compare/v8.3.18...v8.4.0) (2020-10-12)
### Features
* build timeout ([82df7bf](https://github.com/awslabs/aws-delivlib/commit/82df7bf9ce336e0ae65f8834d7e620040fe6f885))
### [8.3.18](https://github.com/awslabs/aws-delivlib/compare/v8.3.17...v8.3.18) (2020-10-12)
### [8.3.17](https://github.com/awslabs/aws-delivlib/compare/v8.3.16...v8.3.17) (2020-10-09)
### [8.3.16](https://github.com/awslabs/aws-delivlib/compare/v8.3.15...v8.3.16) (2020-10-08)
### [8.3.15](https://github.com/awslabs/aws-delivlib/compare/v8.3.14...v8.3.15) (2020-10-07)
### [8.3.14](https://github.com/awslabs/aws-delivlib/compare/v8.3.13...v8.3.14) (2020-10-06)
### [8.3.13](https://github.com/awslabs/aws-delivlib/compare/v8.3.12...v8.3.13) (2020-10-05)
### [8.3.12](https://github.com/awslabs/aws-delivlib/compare/v8.3.11...v8.3.12) (2020-10-01)
### [8.3.11](https://github.com/awslabs/aws-delivlib/compare/v8.3.10...v8.3.11) (2020-09-30)
### [8.3.10](https://github.com/awslabs/aws-delivlib/compare/v8.3.9...v8.3.10) (2020-09-28)
### [8.3.9](https://github.com/awslabs/aws-delivlib/compare/v8.3.8...v8.3.9) (2020-09-25)
### [8.3.8](https://github.com/awslabs/aws-delivlib/compare/v8.3.7...v8.3.8) (2020-09-21)
### [8.3.7](https://github.com/awslabs/aws-delivlib/compare/v8.3.6...v8.3.7) (2020-09-18)
### [8.3.6](https://github.com/awslabs/aws-delivlib/compare/v8.3.5...v8.3.6) (2020-09-17)
### [8.3.5](https://github.com/awslabs/aws-delivlib/compare/v8.3.4...v8.3.5) (2020-09-16)
### [8.3.4](https://github.com/awslabs/aws-delivlib/compare/v8.3.3...v8.3.4) (2020-09-15)
### [8.3.3](https://github.com/awslabs/aws-delivlib/compare/v8.3.2...v8.3.3) (2020-09-14)
### [8.3.2](https://github.com/awslabs/aws-delivlib/compare/v8.3.1...v8.3.2) (2020-09-11)
### [8.3.1](https://github.com/awslabs/aws-delivlib/compare/v8.3.0...v8.3.1) (2020-09-09)
### Bug Fixes
* auto bump does not work for delivlib's own pipeline ([dcc6d5c](https://github.com/awslabs/aws-delivlib/commit/dcc6d5c443c94138da8b7cdbda81a54a5bda9372))
## [8.3.0](https://github.com/awslabs/aws-delivlib/compare/v8.2.7...v8.3.0) (2020-09-09)
### Features
* support assume role profiles ([1565302](https://github.com/awslabs/aws-delivlib/commit/1565302fe48e8189cb68a5af3bc1398c9fd473f2))
### Bug Fixes
* **pr:** AutoPR handle repos without master branch ([#451](https://github.com/awslabs/aws-delivlib/issues/451)) ([9adf11e](https://github.com/awslabs/aws-delivlib/commit/9adf11e94578f1e8031a7ef667eeb9717080ed23))
### [8.2.7](https://github.com/awslabs/aws-delivlib/compare/v8.2.6...v8.2.7) (2020-08-23)
### [8.2.6](https://github.com/awslabs/aws-delivlib/compare/v8.2.5...v8.2.6) (2020-08-21)
### [8.2.5](https://github.com/awslabs/aws-delivlib/compare/v8.2.4...v8.2.5) (2020-08-19)
### [8.2.4](https://github.com/awslabs/aws-delivlib/compare/v8.2.3...v8.2.4) (2020-08-18)
### [8.2.3](https://github.com/awslabs/aws-delivlib/compare/v8.2.2...v8.2.3) (2020-08-15)
### [8.2.2](https://github.com/awslabs/aws-delivlib/compare/v8.2.1...v8.2.2) (2020-08-13)
### [8.2.1](https://github.com/awslabs/aws-delivlib/compare/v8.2.0...v8.2.1) (2020-08-11)
### Bug Fixes
* make changes to RSA key construct path backwards compatible ([#431](https://github.com/awslabs/aws-delivlib/issues/431)) ([7ac1675](https://github.com/awslabs/aws-delivlib/commit/7ac1675bb177e9b4edc4a92af4f7c17d50e6bd97))
## [8.2.0](https://github.com/awslabs/aws-delivlib/compare/v8.1.12...v8.2.0) (2020-08-11)
### Features
* expose STS endpoint type ([#377](https://github.com/awslabs/aws-delivlib/issues/377)) ([3f83f12](https://github.com/awslabs/aws-delivlib/commit/3f83f12b42f3a8273eb3856257c98c16ea649a41))
### [8.1.12](https://github.com/awslabs/aws-delivlib/compare/v8.1.11...v8.1.12) (2020-08-08)
### [8.1.11](https://github.com/awslabs/aws-delivlib/compare/v8.1.10...v8.1.11) (2020-08-06)
### [8.1.10](https://github.com/awslabs/aws-delivlib/compare/v8.1.9...v8.1.10) (2020-08-01)
### [8.1.9](https://github.com/awslabs/aws-delivlib/compare/v8.1.8...v8.1.9) (2020-07-31)
### [8.1.8](https://github.com/awslabs/aws-delivlib/compare/v8.1.7...v8.1.8) (2020-07-29)
### [8.1.7](https://github.com/awslabs/aws-delivlib/compare/v8.1.6...v8.1.7) (2020-07-24)
### [8.1.6](https://github.com/awslabs/aws-delivlib/compare/v8.1.5...v8.1.6) (2020-07-23)
### [8.1.5](https://github.com/awslabs/aws-delivlib/compare/v8.1.4...v8.1.5) (2020-07-21)
### [8.1.4](https://github.com/awslabs/aws-delivlib/compare/v8.1.3...v8.1.4) (2020-07-19)
### [8.1.3](https://github.com/awslabs/aws-delivlib/compare/v8.1.2...v8.1.3) (2020-07-17)
### [8.1.2](https://github.com/awslabs/aws-delivlib/compare/v8.1.1...v8.1.2) (2020-07-14)
### [8.1.1](https://github.com/awslabs/aws-delivlib/compare/v8.1.0...v8.1.1) (2020-07-12)
## [8.1.0](https://github.com/awslabs/aws-delivlib/compare/v8.0.3...v8.1.0) (2020-07-10)
### Features
* add support for reports in buildspec ([#401](https://github.com/awslabs/aws-delivlib/issues/401)) ([1570ab5](https://github.com/awslabs/aws-delivlib/commit/1570ab58f53c1f05b857ac0c590806073aad0638))
### [8.0.3](https://github.com/awslabs/aws-delivlib/compare/v8.0.2...v8.0.3) (2020-07-08)
### [8.0.2](https://github.com/awslabs/aws-delivlib/compare/v8.0.1...v8.0.2) (2020-07-07)
### [8.0.1](https://github.com/awslabs/aws-delivlib/compare/v8.0.0...v8.0.1) (2020-07-06)
## [8.0.0](https://github.com/awslabs/aws-delivlib/compare/v7.6.4...v8.0.0) (2020-07-05)
### ⚠ BREAKING CHANGES
* **bump:** `AutoBump` API has significantly changed. Refer to the docstrings for guidance.
* **bump:** refactor AutoBump to support more use-case more cleanly ([#324](https://github.com/awslabs/aws-delivlib/issues/324)) ([6a754bb](https://github.com/awslabs/aws-delivlib/commit/6a754bb1f222b0189453c4a598c794ed0f05552a)), closes [/github.com/awslabs/aws-delivlib/blob/master/lib/bump/bump.ts#L254](https://github.com/awslabs//github.com/awslabs/aws-delivlib/blob/master/lib/bump/bump.ts/issues/L254)
### [7.6.4](https://github.com/awslabs/aws-delivlib/compare/v7.6.3...v7.6.4) (2020-07-03)
### [7.6.3](https://github.com/awslabs/aws-delivlib/compare/v7.6.2...v7.6.3) (2020-07-02)
### [7.6.2](https://github.com/awslabs/aws-delivlib/compare/v7.6.1...v7.6.2) (2020-07-01)
### [7.6.1](https://github.com/awslabs/aws-delivlib/compare/v7.6.0...v7.6.1) (2020-06-25)
## [7.6.0](https://github.com/awslabs/aws-delivlib/compare/v7.5.3...v7.6.0) (2020-06-24)
### Features
* allow setting a timeout for Shellable ([#375](https://github.com/awslabs/aws-delivlib/issues/375)) ([e729021](https://github.com/awslabs/aws-delivlib/commit/e729021e26baae864c7c6506322cb0a2dae87d0f))
### [7.5.3](https://github.com/awslabs/aws-delivlib/compare/v7.5.2...v7.5.3) (2020-06-23)
### [7.5.2](https://github.com/awslabs/aws-delivlib/compare/v7.5.1...v7.5.2) (2020-06-11)
### [7.5.1](https://github.com/awslabs/aws-delivlib/compare/v7.5.0...v7.5.1) (2020-06-10)
## [7.5.0](https://github.com/awslabs/aws-delivlib/compare/v7.4.0...v7.5.0) (2020-06-09)
### Features
* rename "env" to "environment" in BuildEnvironmentProps ([#359](https://github.com/awslabs/aws-delivlib/issues/359)) ([836e5e0](https://github.com/awslabs/aws-delivlib/commit/836e5e032e0f85afe513c8e59111be8df6d16bca))
## [7.4.0](https://github.com/awslabs/aws-delivlib/compare/v7.3.2...v7.4.0) (2020-06-07)
### Features
* **auto-build:** delete previous links to build logs ([#301](https://github.com/awslabs/aws-delivlib/issues/301)) ([6607d6a](https://github.com/awslabs/aws-delivlib/commit/6607d6a09a5d1b550208c0c00f82bc748e3b920f))
### [7.3.2](https://github.com/awslabs/aws-delivlib/compare/v7.3.1...v7.3.2) (2020-06-05)
### [7.3.1](https://github.com/awslabs/aws-delivlib/compare/v7.3.0...v7.3.1) (2020-06-02)
## [7.3.0](https://github.com/awslabs/aws-delivlib/compare/v7.2.2...v7.3.0) (2020-05-29)
### Features
* recurring event support for change controller ([#333](https://github.com/awslabs/aws-delivlib/issues/333)) ([8bc157a](https://github.com/awslabs/aws-delivlib/commit/8bc157afe63bbb32394162103beb94f400867264)), closes [#331](https://github.com/awslabs/aws-delivlib/issues/331)
### [7.2.2](https://github.com/awslabs/aws-delivlib/compare/v7.2.1...v7.2.2) (2020-05-28)
### [7.2.1](https://github.com/awslabs/aws-delivlib/compare/v7.2.0...v7.2.1) (2020-05-23)
## [7.2.0](https://github.com/awslabs/aws-delivlib/compare/v7.1.26...v7.2.0) (2020-05-22)
### Features
* **autobump:** expose more config options ([#337](https://github.com/awslabs/aws-delivlib/issues/337)) ([6587579](https://github.com/awslabs/aws-delivlib/commit/6587579a0e53b5d0e0913191941874f2317086aa))
### [7.1.26](https://github.com/awslabs/aws-delivlib/compare/v7.1.25...v7.1.26) (2020-05-21)
### [7.1.25](https://github.com/awslabs/aws-delivlib/compare/v7.1.24...v7.1.25) (2020-05-19)
### [7.1.24](https://github.com/awslabs/aws-delivlib/compare/v7.1.23...v7.1.24) (2020-05-14)
### [7.1.23](https://github.com/awslabs/aws-delivlib/compare/v7.1.22...v7.1.23) (2020-05-08)
### [7.1.22](https://github.com/awslabs/aws-delivlib/compare/v7.1.21...v7.1.22) (2020-05-07)
### [7.1.21](https://github.com/awslabs/aws-delivlib/compare/v7.1.20...v7.1.21) (2020-05-06)
### [7.1.20](https://github.com/awslabs/aws-delivlib/compare/v7.1.19...v7.1.20) (2020-05-05)
### [7.1.19](https://github.com/awslabs/aws-delivlib/compare/v7.1.18...v7.1.19) (2020-05-02)
### [7.1.18](https://github.com/awslabs/aws-delivlib/compare/v7.1.17...v7.1.18) (2020-05-01)
### [7.1.17](https://github.com/awslabs/aws-delivlib/compare/v7.1.16...v7.1.17) (2020-04-30)
### [7.1.16](https://github.com/awslabs/aws-delivlib/compare/v7.1.15...v7.1.16) (2020-04-29)
### [7.1.15](https://github.com/awslabs/aws-delivlib/compare/v7.1.14...v7.1.15) (2020-04-27)
### [7.1.14](https://github.com/awslabs/aws-delivlib/compare/v7.1.13...v7.1.14) (2020-04-25)
### [7.1.13](https://github.com/awslabs/aws-delivlib/compare/v7.1.12...v7.1.13) (2020-04-22)
### [7.1.12](https://github.com/awslabs/aws-delivlib/compare/v7.1.11...v7.1.12) (2020-04-21)
### [7.1.11](https://github.com/awslabs/aws-delivlib/compare/v7.1.10...v7.1.11) (2020-04-20)
### [7.1.10](https://github.com/awslabs/aws-delivlib/compare/v7.1.9...v7.1.10) (2020-04-14)
### [7.1.9](https://github.com/awslabs/aws-delivlib/compare/v7.1.8...v7.1.9) (2020-04-10)
### [7.1.8](https://github.com/awslabs/aws-delivlib/compare/v7.1.7...v7.1.8) (2020-04-09)
### [7.1.7](https://github.com/awslabs/aws-delivlib/compare/v7.1.6...v7.1.7) (2020-04-08)
### [7.1.6](https://github.com/awslabs/aws-delivlib/compare/v7.1.5...v7.1.6) (2020-04-04)
### [7.1.5](https://github.com/awslabs/aws-delivlib/compare/v7.1.4...v7.1.5) (2020-04-03)
### [7.1.4](https://github.com/awslabs/aws-delivlib/compare/v7.1.3...v7.1.4) (2020-04-02)
### [7.1.3](https://github.com/awslabs/aws-delivlib/compare/v7.1.2...v7.1.3) (2020-03-30)
### [7.1.2](https://github.com/awslabs/aws-delivlib/compare/v7.1.1...v7.1.2) (2020-03-27)
### [7.1.1](https://github.com/awslabs/aws-delivlib/compare/v7.1.0...v7.1.1) (2020-03-26)
## [7.1.0](https://github.com/awslabs/aws-delivlib/compare/v7.0.7...v7.1.0) (2020-03-25)
### Features
* **pipeline:** configure projectName and environment for AutoBuild ([#274](https://github.com/awslabs/aws-delivlib/issues/274)) ([f857464](https://github.com/awslabs/aws-delivlib/commit/f85746407992c27bf275426a0219a87408b6294c))
### [7.0.7](https://github.com/awslabs/aws-delivlib/compare/v7.0.6...v7.0.7) (2020-03-19)
### [7.0.6](https://github.com/awslabs/aws-delivlib/compare/v7.0.5...v7.0.6) (2020-03-17)
### [7.0.5](https://github.com/awslabs/aws-delivlib/compare/v7.0.4...v7.0.5) (2020-03-14)
### [7.0.4](https://github.com/awslabs/aws-delivlib/compare/v7.0.3...v7.0.4) (2020-03-12)
### [7.0.3](https://github.com/awslabs/aws-delivlib/compare/v7.0.2...v7.0.3) (2020-03-10)
### Bug Fixes
* **pipeline:** cyclic dependency between CodePipeline::Pipeline and CodeBuild::Project ([#261](https://github.com/awslabs/aws-delivlib/issues/261)) ([6b42d0f](https://github.com/awslabs/aws-delivlib/commit/6b42d0f6a21082dfe100f0ccc5b34023173ff1cf))
### [7.0.2](https://github.com/awslabs/aws-delivlib/compare/v7.0.1...v7.0.2) (2020-03-07)
### [7.0.1](https://github.com/awslabs/aws-delivlib/compare/v7.0.0...v7.0.1) (2020-03-05)
## [7.0.0](https://github.com/awslabs/aws-delivlib/compare/v6.1.1...v7.0.0) (2020-03-01)
### ⚠ BREAKING CHANGES
* to use this version, your application must depend on
monocdk-experiment.
### Features
* switch to MonoCDK (-experiment) ([#245](https://github.com/awslabs/aws-delivlib/issues/245)) ([f0863de](https://github.com/awslabs/aws-delivlib/commit/f0863de0029a50d4c1d9bb35254e44eb14a766fe))
### [6.1.1](https://github.com/awslabs/aws-delivlib/compare/v6.1.0...v6.1.1) (2020-02-27)
### Bug Fixes
* Grant env var access in shellable when needed ([#253](https://github.com/awslabs/aws-delivlib/issues/253)) ([99b7288](https://github.com/awslabs/aws-delivlib/commit/99b7288b648409b3631db917689b2af4ea0e611b))
## [6.1.0](https://github.com/awslabs/aws-delivlib/compare/v6.0.2...v6.1.0) (2020-02-27)
### Features
* Support Env Var Types in Shellable ([#251](https://github.com/awslabs/aws-delivlib/issues/251)) ([329abd5](https://github.com/awslabs/aws-delivlib/commit/329abd583dd14a29acaba9be858c3d6be6cfc94a))
### [6.0.2](https://github.com/awslabs/aws-delivlib/compare/v6.0.1...v6.0.2) (2020-02-26)
### [6.0.1](https://github.com/awslabs/aws-delivlib/compare/v6.0.0...v6.0.1) (2020-02-20)
## [6.0.0](https://github.com/awslabs/aws-delivlib/compare/v5.7.3...v6.0.0) (2020-02-19)
### ⚠ BREAKING CHANGES
* **bump:** `repo.token` is now `tokenSecretArn` to enforce that the token is kept in AWS SecretsManager. Also, the API for `IRepo.createBuildSource` was modified.
### Features
* **bump:** create pull request for bumps ([#247](https://github.com/awslabs/aws-delivlib/issues/247)) ([4b00fa3](https://github.com/awslabs/aws-delivlib/commit/4b00fa34229db30e2a2f601f308a27f101ade69b))
### [5.7.3](https://github.com/awslabs/aws-delivlib/compare/v5.7.2...v5.7.3) (2020-02-14)
### [5.7.2](https://github.com/awslabs/aws-delivlib/compare/v5.7.1...v5.7.2) (2020-02-13)
### Bug Fixes
* public build logs are broken ([#243](https://github.com/awslabs/aws-delivlib/issues/243)) ([114abfc](https://github.com/awslabs/aws-delivlib/commit/114abfcafb23376f0f915f754025ce82a56c26c3))
### [5.7.1](https://github.com/awslabs/aws-delivlib/compare/v5.7.0...v5.7.1) (2020-02-12)
### Bug Fixes
* **chime:** make Chime notifier actually deploy ([#240](https://github.com/awslabs/aws-delivlib/issues/240)) ([15c8b41](https://github.com/awslabs/aws-delivlib/commit/15c8b41cea0ee42aa5d82cc700230e8062c40bbc))
## [5.7.0](https://github.com/awslabs/aws-delivlib/compare/v5.6.0...v5.7.0) (2020-02-12)
### Features
* **chime:** make the Chime notifier look up the failing action ([#239](https://github.com/awslabs/aws-delivlib/issues/239)) ([66152b3](https://github.com/awslabs/aws-delivlib/commit/66152b3c9ba1d71802bb87fa5c252b89d2fc16ea))
## [5.6.0](https://github.com/awslabs/aws-delivlib/compare/v5.5.0...v5.6.0) (2020-02-09)
### Features
* add Chime notifications on failure ([#237](https://github.com/awslabs/aws-delivlib/issues/237)) ([8b95c62](https://github.com/awslabs/aws-delivlib/commit/8b95c625108e1897c667c6c8e511c1f296df104f))
## [5.5.0](https://github.com/awslabs/aws-delivlib/compare/v5.4.2...v5.5.0) (2020-02-08)
### Features
* Change Maven Container to Superchain ([#224](https://github.com/awslabs/aws-delivlib/issues/224)) ([e0eeceb](https://github.com/awslabs/aws-delivlib/commit/e0eeceb6c4c991b9de8d3fbc7f3adb5b6508c4dc)), closes [#217](https://github.com/awslabs/aws-delivlib/issues/217)
### [5.4.2](https://github.com/awslabs/aws-delivlib/compare/v5.4.1...v5.4.2) (2020-02-07)
### [5.4.1](https://github.com/awslabs/aws-delivlib/compare/v5.4.0...v5.4.1) (2020-01-30)
## [5.4.0](https://github.com/awslabs/aws-delivlib/compare/v5.3.0...v5.4.0) (2020-01-29)
### Features
* upgrade Custom Resources to use Lambda's Node10 runtime ([#226](https://github.com/awslabs/aws-delivlib/issues/226)) ([67c18e0](https://github.com/awslabs/aws-delivlib/commit/67c18e0693da8b9813374ffd40967ce561104a09)), closes [#220](https://github.com/awslabs/aws-delivlib/issues/220)
## [5.3.0](https://github.com/awslabs/aws-delivlib/compare/v5.2.0...v5.3.0) (2020-01-24)
### Features
* try switching dependabot to automatic merging ([75b686e](https://github.com/awslabs/aws-delivlib/commit/75b686e19f9541b3cfac03d6f0ab8169f2a4e26a))
## [5.2.0](https://github.com/awslabs/aws-delivlib/compare/v5.1.0...v5.2.0) (2020-01-10)
### Features
* allow branch-filtering on Pipeline auto-builds ([#210](https://github.com/awslabs/aws-delivlib/issues/210)) ([37ea238](https://github.com/awslabs/aws-delivlib/commit/37ea2380131acbc72920bcffa01cf06abbdf1611))
## [5.1.0](https://github.com/awslabs/aws-delivlib/compare/v5.0.0...v5.1.0) (2020-01-04)
### Features
* update to CDK version 1.19.0 ([#209](https://github.com/awslabs/aws-delivlib/issues/209)) ([5e7cad2](https://github.com/awslabs/aws-delivlib/commit/5e7cad2))
## [5.0.0](https://github.com/awslabs/aws-delivlib/compare/v4.6.0...v5.0.0) (2020-01-03)
### ⚠ BREAKING CHANGES
* AutoBuildOptions.buildSpec is now of type codebuild.BuildSpec
* CanaryProps.scheduleExpression is now of type events.Schedule, and was renamed to 'schedule'
* ChangeControllerProps.scheduleExpression is now of type events.Schedule, and was renamed to 'schedule'
* RsaPrivateKeySecretProps.deletionPolicy has been renamed to 'removalPolicy'
* PipelineProps.buildSpec is now of type codebuild.BuildSpec
* GitHubRepo.tokenParameterName is now of type cdk.SecretValue, and was renamed to 'token'
* ShellableOptions.alarmPeriodSec is now of type cdk.Duration, and was renamed to 'alarmPeriod'
### Features
* migrate library to General Availability CDK version ([e6602c1](https://github.com/awslabs/aws-delivlib/commit/e6602c1))
## [4.6.0](https://github.com/awslabs/aws-delivlib/compare/v4.5.1...v4.6.0) (2019-12-11)
### Features
* migrate library to General Availability CDK version ([#184](https://github.com/awslabs/aws-delivlib/issues/184)) ([65a707d](https://github.com/awslabs/aws-delivlib/commit/65a707d))
### [4.5.1](https://github.com/awslabs/aws-delivlib/compare/v4.5.0...v4.5.1) (2019-10-26)
## [4.5.0](https://github.com/awslabs/aws-delivlib/compare/v4.4.4...v4.5.0) (2019-10-23)
### Features
* configure buildspec for AutoBuild project ([#169](https://github.com/awslabs/aws-delivlib/issues/169)) ([c9066f8](https://github.com/awslabs/aws-delivlib/commit/c9066f8))
### [4.4.4](https://github.com/awslabs/aws-delivlib/compare/v4.4.3...v4.4.4) (2019-10-17)
### [4.4.3](https://github.com/awslabs/aws-delivlib/compare/v4.4.2...v4.4.3) (2019-10-01)
### [4.4.2](https://github.com/awslabs/aws-delivlib/compare/v4.4.1...v4.4.2) (2019-09-30)
### [4.4.1](https://github.com/awslabs/aws-delivlib/compare/v4.4.0...v4.4.1) (2019-09-30)
### Bug Fixes
* **nuget:** migrate to snupkg symbols package format ([#153](https://github.com/awslabs/aws-delivlib/issues/153)) ([422c512](https://github.com/awslabs/aws-delivlib/commit/422c512))
## [4.4.0](https://github.com/awslabs/aws-delivlib/compare/v4.3.0...v4.4.0) (2019-09-23)
### Features
* **maven:** allow configuring Maven endpoint ([#151](https://github.com/awslabs/aws-delivlib/issues/151)) ([d659f9c](https://github.com/awslabs/aws-delivlib/commit/d659f9c))
## [4.3.0](https://github.com/awslabs/aws-delivlib/compare/v4.2.0...v4.3.0) (2019-09-13)
### Bug Fixes
* **bump:** add known_hosts before pushing to github ([047ca55](https://github.com/awslabs/aws-delivlib/commit/047ca55))
### Features
* auto-build (with public logs) ([4cbc8ab](https://github.com/awslabs/aws-delivlib/commit/4cbc8ab)), closes [#42](https://github.com/awslabs/aws-delivlib/issues/42)
* update "github-codebuild-logs" sar app to 1.0.4 ([1d0a90d](https://github.com/awslabs/aws-delivlib/commit/1d0a90d))
## 4.2.0 (2019-09-12)
### Features
* auto-build (with public logs) ([#146](https://github.com/awslabs/aws-delivlib/issues/146)) ([c3cac7e](https://github.com/awslabs/aws-delivlib/commit/c3cac7e)), closes [#42](https://github.com/awslabs/aws-delivlib/issues/42)
## [4.1.0](https://github.com/awslabs/aws-delivlib/compare/v4.0.0...v4.1.0) (2019-08-26)
### Features
* use mono's signcode to sign .NET assemblies ([#133](https://github.com/awslabs/aws-delivlib/issues/133)) ([630f3c6](https://github.com/awslabs/aws-delivlib/commit/630f3c6))
## [4.0.0](https://github.com/awslabs/aws-delivlib/compare/v3.9.5...v4.0.0) (2019-08-06)
### ⚠ BREAKING CHANGES
* The `Superchain` construct was removed. The default
build image was changed to `jsii/superchain` instead of being a bundled
image staged in an ECR registry.
### Features
* use `jsii/superchain` image instead of bundling own ([#121](https://github.com/awslabs/aws-delivlib/issues/121)) ([59aeb80](https://github.com/awslabs/aws-delivlib/commit/59aeb80)), closes [aws/jsii#653](https://github.com/aws/jsii/issues/653)
### [3.9.5](https://github.com/awslabs/aws-delivlib/compare/v3.9.4...v3.9.5) (2019-07-17)
### [3.9.4](https://github.com/awslabs/aws-delivlib/compare/v3.9.3...v3.9.4) (2019-07-16)
### [3.9.3](https://github.com/awslabs/aws-delivlib/compare/v3.9.2...v3.9.3) (2019-06-06)
## [3.9.2](https://github.com/awslabs/aws-delivlib/compare/v3.9.1...v3.9.2) (2019-06-04)
## [3.9.1](https://github.com/awslabs/aws-delivlib/compare/v3.9.0...v3.9.1) (2019-06-03)
### Bug Fixes
* Stop pulling GPG keys from the internets ([#96](https://github.com/awslabs/aws-delivlib/issues/96)) ([87db0da](https://github.com/awslabs/aws-delivlib/commit/87db0da))
# [3.9.0](https://github.com/awslabs/aws-delivlib/compare/v3.8.2...v3.9.0) (2019-05-29)
### Features
* **shellable:** support privileged mode ([#95](https://github.com/awslabs/aws-delivlib/issues/95)) ([2558c6e](https://github.com/awslabs/aws-delivlib/commit/2558c6e))
## [3.8.2](https://github.com/awslabs/aws-delivlib/compare/v3.8.0...v3.8.2) (2019-05-21)
# [3.8.1](https://github.com/awslabs/aws-delivlib/compare/v3.8.0...v3.8.1) (2019-05-20)
### Build
* Upgraded contents of Superchain Docker image
# [3.8.0](https://github.com/awslabs/aws-delivlib/compare/v3.7.0...v3.8.0) (2019-04-11)
### Features
* support npm disttags ([#91](https://github.com/awslabs/aws-delivlib/issues/91)) ([90aa1d0](https://github.com/awslabs/aws-delivlib/commit/90aa1d0))
<a name="3.7.1"></a>
# [3.7.1](https://github.com/awslabs/aws-delivlib/compare/v3.7.0...v3.7.1) (2019-04-11)
### Bug Fixes
* **nuget-sign:** Use osslsigncode for now, so SHA256 signatures can be used ([#92](https://github.com/awslabs/aws-delivlib/pull/92)) ([e2855af](https://github.com/awslabs/aws-delivlib/commit/e2855af))
<a name="3.7.0"></a>
# [3.7.0](https://github.com/awslabs/aws-delivlib/compare/v3.6.3...v3.7.0) (2019-04-10)
### Features
* upgrade superchain to dotnet to 2.2.202 ([#87](https://github.com/awslabs/aws-delivlib/issues/87)) ([1b74842](https://github.com/awslabs/aws-delivlib/commit/1b74842))
<a name="3.6.3"></a>
## [3.6.3](https://github.com/awslabs/aws-delivlib/compare/v3.6.2...v3.6.3) (2019-04-09)
### Bug Fixes
* **autobump:** stop AutoBump from releasing 0 changes ([#89](https://github.com/awslabs/aws-delivlib/issues/89)) ([a271016](https://github.com/awslabs/aws-delivlib/commit/a271016))
<a name="3.6.2"></a>
## [3.6.2](https://github.com/awslabs/aws-delivlib/compare/v3.6.1...v3.6.2) (2019-04-09)
<a name="3.6.1"></a>
## [3.6.1](https://github.com/awslabs/aws-delivlib/compare/v3.6.0...v3.6.1) (2019-04-09)
<a name="3.6.0"></a>
# [3.6.0](https://github.com/awslabs/aws-delivlib/compare/v3.5.18...v3.6.0) (2019-04-09)
### Features
* shellable alarm configuration ([#88](https://github.com/awslabs/aws-delivlib/issues/88)) ([4beddad](https://github.com/awslabs/aws-delivlib/commit/4beddad)), closes [awslabs/cdk-ops#329](https://github.com/awslabs/cdk-ops/issues/329)
<a name="3.5.18"></a>
## [3.5.18](https://github.com/awslabs/aws-delivlib/compare/v3.5.17...v3.5.18) (2019-04-08)
<a name="3.5.17"></a>
## [3.5.17](https://github.com/awslabs/aws-delivlib/compare/v3.5.16...v3.5.17) (2019-04-07)
<a name="3.5.16"></a>
## [3.5.16](https://github.com/awslabs/aws-delivlib/compare/v3.5.15...v3.5.16) (2019-04-06)
<a name="3.5.15"></a>
## [3.5.15](https://github.com/awslabs/aws-delivlib/compare/v3.5.14...v3.5.15) (2019-04-05)
<a name="3.5.14"></a>
## [3.5.14](https://github.com/awslabs/aws-delivlib/compare/v3.5.13...v3.5.14) (2019-04-04)
<a name="3.5.13"></a>
## [3.5.13](https://github.com/awslabs/aws-delivlib/compare/v3.5.12...v3.5.13) (2019-04-03)
<a name="3.5.12"></a>
## [3.5.12](https://github.com/awslabs/aws-delivlib/compare/v3.5.11...v3.5.12) (2019-04-02)
<a name="3.5.11"></a>
## [3.5.11](https://github.com/awslabs/aws-delivlib/compare/v3.5.10...v3.5.11) (2019-04-01)
<a name="3.5.10"></a>
## [3.5.10](https://github.com/awslabs/aws-delivlib/compare/v3.5.9...v3.5.10) (2019-03-31)
<a name="3.5.9"></a>
## [3.5.9](https://github.com/awslabs/aws-delivlib/compare/v3.5.8...v3.5.9) (2019-03-30)
<a name="3.5.8"></a>
## [3.5.8](https://github.com/awslabs/aws-delivlib/compare/v3.5.7...v3.5.8) (2019-03-29)
<a name="3.5.7"></a>
## [3.5.7](https://github.com/awslabs/aws-delivlib/compare/v3.5.6...v3.5.7) (2019-03-28)
<a name="3.5.6"></a>
## [3.5.6](https://github.com/awslabs/aws-delivlib/compare/v3.5.5...v3.5.6) (2019-03-27)
<a name="3.5.5"></a>
## [3.5.5](https://github.com/awslabs/aws-delivlib/compare/v3.5.4...v3.5.5) (2019-03-26)
<a name="3.5.4"></a>
## [3.5.4](https://github.com/awslabs/aws-delivlib/compare/v3.5.3...v3.5.4) (2019-03-25)
<a name="3.5.3"></a>
## [3.5.3](https://github.com/awslabs/aws-delivlib/compare/v3.5.2...v3.5.3) (2019-03-24)
<a name="3.5.2"></a>
## [3.5.2](https://github.com/awslabs/aws-delivlib/compare/v3.5.1...v3.5.2) (2019-03-23)
<a name="3.5.1"></a>
## [3.5.1](https://github.com/awslabs/aws-delivlib/compare/v3.5.0...v3.5.1) (2019-03-22)
<a name="3.5.0"></a>
# [3.5.0](https://github.com/awslabs/aws-delivlib/compare/v3.4.9...v3.5.0) (2019-03-21)
### Features
* PyPI publisher ([#84](https://github.com/awslabs/aws-delivlib/issues/84)) ([9ccce36](https://github.com/awslabs/aws-delivlib/commit/9ccce36))
<a name="3.4.9"></a>
## [3.4.9](https://github.com/awslabs/aws-delivlib/compare/v3.4.8...v3.4.9) (2019-03-20)
<a name="3.4.8"></a>
## [3.4.8](https://github.com/awslabs/aws-delivlib/compare/v3.4.7...v3.4.8) (2019-03-19)
<a name="3.4.7"></a>
## [3.4.7](https://github.com/awslabs/aws-delivlib/compare/v3.4.6...v3.4.7) (2019-03-18)
<a name="3.4.6"></a>
## [3.4.6](https://github.com/awslabs/aws-delivlib/compare/v3.4.5...v3.4.6) (2019-03-17)
<a name="3.4.5"></a>
## [3.4.5](https://github.com/awslabs/aws-delivlib/compare/v3.4.4...v3.4.5) (2019-03-16)
<a name="3.4.4"></a>
## [3.4.4](https://github.com/awslabs/aws-delivlib/compare/v3.4.3...v3.4.4) (2019-03-15)
<a name="3.4.3"></a>
## [3.4.3](https://github.com/awslabs/aws-delivlib/compare/v3.4.2...v3.4.3) (2019-03-14)
<a name="3.4.2"></a>
## [3.4.2](https://github.com/awslabs/aws-delivlib/compare/v3.4.1...v3.4.2) (2019-03-13)
<a name="3.4.1"></a>
## [3.4.1](https://github.com/awslabs/aws-delivlib/compare/v3.4.0...v3.4.1) (2019-03-12)
<a name="3.4.0"></a>
# [3.4.0](https://github.com/awslabs/aws-delivlib/compare/v3.2.13...v3.4.0) (2019-03-11)
### Features
* **s3:** make S3 publisher idempotent ([#81](https://github.com/awslabs/aws-delivlib/issues/81)) ([d8bc2d8](https://github.com/awslabs/aws-delivlib/commit/d8bc2d8))
<a name="3.3.0"></a>
# [3.3.0](https://github.com/awslabs/aws-delivlib/compare/v3.2.13...v3.3.0) (2019-03-11)
### Features
* **s3:** make S3 publisher idempotent ([#81](https://github.com/awslabs/aws-delivlib/issues/81)) ([d8bc2d8](https://github.com/awslabs/aws-delivlib/commit/d8bc2d8))
<a name="3.2.13"></a>
## [3.2.13](https://github.com/awslabs/aws-delivlib/compare/v3.2.12...v3.2.13) (2019-03-10)
<a name="3.2.12"></a>
## [3.2.12](https://github.com/awslabs/aws-delivlib/compare/v3.2.11...v3.2.12) (2019-03-09)
<a name="3.2.11"></a>
## [3.2.11](https://github.com/awslabs/aws-delivlib/compare/v3.2.10...v3.2.11) (2019-03-08)
<a name="3.2.10"></a>
## [3.2.10](https://github.com/awslabs/aws-delivlib/compare/v3.2.9...v3.2.10) (2019-03-07)
<a name="3.2.9"></a>
## [3.2.9](https://github.com/awslabs/aws-delivlib/compare/v3.2.8...v3.2.9) (2019-03-06)
<a name="3.2.8"></a>
## [3.2.8](https://github.com/awslabs/aws-delivlib/compare/v3.2.7...v3.2.8) (2019-03-05)
<a name="3.2.7"></a>
## [3.2.7](https://github.com/awslabs/aws-delivlib/compare/v3.2.6...v3.2.7) (2019-03-04)
<a name="3.2.6"></a>
## [3.2.6](https://github.com/awslabs/aws-delivlib/compare/v3.2.5...v3.2.6) (2019-03-03)
<a name="3.2.5"></a>
## [3.2.5](https://github.com/awslabs/aws-delivlib/compare/v3.2.4...v3.2.5) (2019-03-02)
<a name="3.2.4"></a>
## [3.2.4](https://github.com/awslabs/aws-delivlib/compare/v3.2.3...v3.2.4) (2019-03-01)
<a name="3.2.3"></a>
## [3.2.3](https://github.com/awslabs/aws-delivlib/compare/v3.2.2...v3.2.3) (2019-02-28)
<a name="3.2.2"></a>
## [3.2.2](https://github.com/awslabs/aws-delivlib/compare/v3.2.1...v3.2.2) (2019-02-27)
<a name="3.2.1"></a>
## [3.2.1](https://github.com/awslabs/aws-delivlib/compare/v3.2.0...v3.2.1) (2019-02-26)
<a name="3.2.0"></a>
# [3.2.0](https://github.com/awslabs/aws-delivlib/compare/v3.0.0...v3.2.0) (2019-02-25)
### Features
* **superchain:** add MSBuild to Superchain image ([#76](https://github.com/awslabs/aws-delivlib/issues/76)) ([b2f1dfa](https://github.com/awslabs/aws-delivlib/commit/b2f1dfa))
* automatic bumps ([#12](https://github.com/awslabs/aws-delivlib/issues/12)) ([39ea8a0](https://github.com/awslabs/aws-delivlib/commit/39ea8a0)), closes [awslabs/cdk-ops#103](https://github.com/awslabs/cdk-ops/issues/103)
* make it possible to add arbitrary processing steps ([#77](https://github.com/awslabs/aws-delivlib/issues/77)) ([f2ceb8a](https://github.com/awslabs/aws-delivlib/commit/f2ceb8a))
<a name="3.1.0"></a>
# [3.1.0](https://github.com/awslabs/aws-delivlib/compare/v3.0.0...v3.1.0) (2019-02-25)
### Features
* make it possible to add arbitrary processing steps ([#77](https://github.com/awslabs/aws-delivlib/issues/77)) ([f2ceb8a](https://github.com/awslabs/aws-delivlib/commit/f2ceb8a))
* **superchain:** add MSBuild to Superchain image ([#76](https://github.com/awslabs/aws-delivlib/issues/76)) ([b2f1dfa](https://github.com/awslabs/aws-delivlib/commit/b2f1dfa))
<a name="3.0.0"></a>
## [3.0.0](https://github.com/awslabs/aws-delivlib/compare/v2.0.1...v3.0.0) (2019-02-20)
### Bug Fixes
* Correctly set environment before using gpg ([#69](https://github.com/awslabs/aws-delivlib/issues/69)) ([19aeed5](https://github.com/awslabs/aws-delivlib/commit/19aeed5))
* Don't attempt deleting OpenPGP keys' secrets ([#70](https://github.com/awslabs/aws-delivlib/issues/70)) ([de02f7c](https://github.com/awslabs/aws-delivlib/commit/de02f7c))
* Upgrade npm if 'npm ci' is unsupported ([#72](https://github.com/awslabs/aws-delivlib/issues/72)) ([e8a19ca](https://github.com/awslabs/aws-delivlib/commit/e8a19ca))
### Features
* Rename PGPSecret to OpenPGPKeyPair ([#67](https://github.com/awslabs/aws-delivlib/issues/67)) ([c540def](https://github.com/awslabs/aws-delivlib/commit/c540def))
* Support Change Control Policies ([#71](https://github.com/awslabs/aws-delivlib/issues/71)) ([82acca9](https://github.com/awslabs/aws-delivlib/commit/82acca9)), closes [awslabs/cdk-ops#231](https://github.com/awslabs/cdk-ops/issues/231)
### BREAKING CHANGES
* The `PGPSecret` class was renamed to `OpenPGPKeyPair`.
<a name="2.0.1"></a>
## [2.0.1](https://github.com/awslabs/aws-delivlib/compare/v2.0.0...v2.0.1) (2019-02-11)
### Bug Fixes
* Add missing permission to PGPSecret CustomResource
<a name="2.0.0"></a>
## [2.0.0](https://github.com/awslabs/aws-delivlib/compare/v1.0.0...v2.0.0) (2019-02-11)
### Features
* Create OpenPGP Public Key parameter using SSM resource ([#63](https://github.com/awslabs/aws-delivlib/issues/63)) ([a3510f1](https://github.com/awslabs/aws-delivlib/commit/a3510f1))
* Move permission grant function to PGPSecret ([#62](https://github.com/awslabs/aws-delivlib/issues/62)) ([7c6809a](https://github.com/awslabs/aws-delivlib/commit/7c6809a))
### BREAKING CHANGES
* `ICredentialPair` now conveys `ssm.IStringParameter` and `secretsManager.ISecret` instead of the ARNs and related attributes of those.
<a name="1.0.0"></a>
## [1.0.0](https://github.com/awslabs/aws-delivlib/compare/v0.4.0...v1.0.0) (2019-01-29)
### Bug Fixes
* Correctly model accepted/required attributes ([#35](https://github.com/awslabs/aws-delivlib/issues/35)) ([52bdccb](https://github.com/awslabs/aws-delivlib/commit/52bdccb))
* pgp-secret did not store passphrase in secrets manager ([#45](https://github.com/awslabs/aws-delivlib/issues/45)) ([d8f9dbc](https://github.com/awslabs/aws-delivlib/commit/d8f9dbc))
* Stop surfacing and using secret VersionIds ([#33](https://github.com/awslabs/aws-delivlib/issues/33)) ([afbd204](https://github.com/awslabs/aws-delivlib/commit/afbd204))
### Code Refactoring
* improvements to shellable, testable and canary ([#46](https://github.com/awslabs/aws-delivlib/issues/46)) ([2446bd1](https://github.com/awslabs/aws-delivlib/commit/2446bd1))
### Features
* wrap the superchain image in a Superchain construct. ([#38](https://github.com/awslabs/aws-delivlib/issues/38)) ([5713727](https://github.com/awslabs/aws-delivlib/commit/5713727))
* **shallable:** assume-role ([#47](https://github.com/awslabs/aws-delivlib/issues/47)) ([1b9ef5d](https://github.com/awslabs/aws-delivlib/commit/1b9ef5d))
### BREAKING CHANGES
* `Testable` has been removed, `environmentVariables`
has been renamed to `env` and changed schema; `pipeline.env` renamed to `environment`.
<a name="0.5.0"></a>
## [0.5.0](https://github.com/awslabs/aws-delivlib/compare/v0.4.0...v0.5.0) (2019-01-15)
### Bug Fixes
* Correctly model accepted/required attributes ([#35](https://github.com/awslabs/aws-delivlib/issues/35)) ([52bdccb](https://github.com/awslabs/aws-delivlib/commit/52bdccb))
* Stop surfacing and using secret VersionIds ([#33](https://github.com/awslabs/aws-delivlib/issues/33)) ([afbd204](https://github.com/awslabs/aws-delivlib/commit/afbd204))
### Features
* wrap the superchain image in a Superchain construct. ([#38](https://github.com/awslabs/aws-delivlib/issues/38)) ([5713727](https://github.com/awslabs/aws-delivlib/commit/5713727))
<a name="0.4.0"></a>
## [0.4.0](https://github.com/awslabs/aws-delivlib/compare/v0.3.2...v0.4.0) (2019-01-07)
### Features
* Allow update of PGPSecret and PrivateKey ([#20](https://github.com/awslabs/aws-delivlib/issues/20)) ([bfc6225](https://github.com/awslabs/aws-delivlib/commit/bfc6225))
### BREAKING CHANGES
* This changes the API of the PGPSecret and CodeSigningCertificate constructs to offer a consistent API for accessing the name
and ARNs of the secret and parameters associated with the secrets, through the `ICredentialPair` interface.
<a name="0.3.2"></a>
## [0.3.2](https://github.com/awslabs/aws-delivlib/compare/v0.3.1...v0.3.2) (2018-12-20)
### Bug Fixes
* upgrade changelog parser ([#28](https://github.com/awslabs/aws-delivlib/issues/28)) ([813e837](https://github.com/awslabs/aws-delivlib/commit/813e837))
<a name="0.3.1"></a>
## [0.3.1](https://github.com/awslabs/aws-delivlib/compare/v0.3.0...v0.3.1) (2018-12-19)
### Bug Fixes
* do not assume executable permissions on publishing scripts ([#25](https://github.com/awslabs/aws-delivlib/issues/25)) ([6832ebe](https://github.com/awslabs/aws-delivlib/commit/6832ebe))
### Features
* **pgp-secret:** Surface parameterName attribute ([#17](https://github.com/awslabs/aws-delivlib/issues/17)) ([972a1c9](https://github.com/awslabs/aws-delivlib/commit/972a1c9))
<a name="0.3.0"></a>
## 0.3.0 (2018-12-18)
### Bug Fixes
* Correctly import requests ([#15](https://github.com/awslabs/aws-delivlib/issues/15)) ([637290e](https://github.com/awslabs/aws-delivlib/commit/637290e))
* Custom resource behavior ([40885c0](https://github.com/awslabs/aws-delivlib/commit/40885c0))
* Logger reference in CSC custom resources ([#14](https://github.com/awslabs/aws-delivlib/issues/14)) ([4c0bca6](https://github.com/awslabs/aws-delivlib/commit/4c0bca6))
### Features
* **gh-pages-publisher:** force-push without history ([#7](https://github.com/awslabs/aws-delivlib/issues/7)) ([e062ab7](https://github.com/awslabs/aws-delivlib/commit/e062ab7))
* **github-releases:** if changelog doesn't exist, don't include release notes ([#8](https://github.com/awslabs/aws-delivlib/issues/8)) ([ab0d58c](https://github.com/awslabs/aws-delivlib/commit/ab0d58c))
* **pipeline:** concurrency limit ([#9](https://github.com/awslabs/aws-delivlib/issues/9)) ([268a128](https://github.com/awslabs/aws-delivlib/commit/268a128))
* **pipeline:** send email notifications on any action failure ([#10](https://github.com/awslabs/aws-delivlib/issues/10)) ([dab2348](https://github.com/awslabs/aws-delivlib/commit/dab2348))
* expose failure alarm to allow developers to configure hooks ([#18](https://github.com/awslabs/aws-delivlib/issues/18)) ([2ed0f16](https://github.com/awslabs/aws-delivlib/commit/2ed0f16))
* NuGet assemblies code signing ([#2](https://github.com/awslabs/aws-delivlib/issues/2)) ([e715c65](https://github.com/awslabs/aws-delivlib/commit/e715c65))
# Change log
## [0.2.1](https://github.com/awslabs/aws-cdk/compare/v0.2.0...v0.2.1) (2018-12-17)
### Fixes
* **code-signing-certificate**: fix behavior of custom resources ([#15](https://github.com/awslabs/aws-delivlib/pull/15) and [40885c0](https://github.com/awslabs/aws-delivlib/commit/40885c01b0a75fd9a41e64264fce7afcc1337194))
## [0.2.0](https://github.com/awslabs/aws-cdk/compare/v0.1.2...v0.2.0) (2018-12-13)
### Features
* **pipeline**: concurrency limit ([#9](https://github.com/awslabs/aws-delivlib/pull/9))
* **gh-pages-publisher**: force-push without history ([#7](https://github.com/awslabs/aws-delivlib/pull/7))
* **pipeline**: send email notifications on any action failure ([#10](https://github.com/awslabs/aws-delivlib/pull/10))
* **github-releases**: if changelog doesn't exist, don't include release notes ([#8](https://github.com/awslabs/aws-delivlib/pull/8))
* **pipeline**: raise an alarm when any stages are in a Failed state ([#6](https://github.com/awslabs/aws-delivlib/pull/6))
## [0.1.2](https://github.com/awslabs/aws-cdk/compare/v0.1.1...v0.1.2) (2018-12-12)
### Features
* NuGet publisher now supports X509 code signing ([#2](https://github.com/awslabs/aws-delivlib/pull/2)) ([e715c65](https://github.com/awslabs/aws-delivlib/commit/e715c65))
* The CodePipeline can be phyiscal-named ([#3](https://github.com/awslabs/aws-delivlib/pull/3)) ([f38a8a3](https://github.com/awslabs/aws-delivlib/commit/f38a8a3))
================================================
FILE: CODE_OF_CONDUCT.md
================================================
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing Guidelines
Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
documentation, we greatly value feedback and contributions from our community.
Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
information to effectively respond to your bug report or contribution.
## Reporting Bugs/Feature Requests
We welcome you to use the GitHub issue tracker to report bugs or suggest features.
When filing an issue, please check [existing open](https://github.com/awslabs/aws-delivlib/issues), or [recently closed](https://github.com/awslabs/aws-delivlib/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
* A reproducible test case or series of steps
* The version of our code being used
* Any modifications you've made relevant to the bug
* Anything unusual about your environment or deployment
## Contributing via Pull Requests
Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
1. You are working against the latest source on the *main* branch.
2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
To send us a pull request, please:
1. Fork the repository.
2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
3. Ensure local tests pass.
4. Commit to your fork using clear commit messages.
5. Send us a pull request, answering any default questions in the pull request interface.
6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
## Finding contributions to work on
Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/awslabs/aws-delivlib/labels/help%20wanted) issues is a great place to start.
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.
## Security issue notifications
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
## Development Environment
To setup a development environment:
1. Clone the repo
2. Run `yarn install`
3. Run `yarn build` (or `yarn watch`) to compile typescript
4. Run `yarn test`
## Testing
We have good coverage of unit tests that should be testing the bulk of the logic in delivlib. For every contribution and change,
we expect them to be covered by unit tests, where appropriate.
You can run the tests by executing:
```console
yarn compile
yarn test
```
Besides this, there is a delivlib instance deployed to an AWS account (712950704752) that configures a delivlib pipeline for
the package [aws-delivlib-sample](https://github.com/awslabs/aws-delivlib-sample).
You should use this code to validate more elaborate changes to the Delivlib code base. To do this,
1. Setup credentials to our AWS account: 712950704752
2. Execute `yarn integ:update`. This will update the delivlib instance.
At this point, you will find the resources created by delivlib in the stack whose ARN is printed to the console. Wait for the
deployment to complete, and are then free to test and verify that your changes had the intended effect.
> NOTE: you might need to manually replicate the CDKlabs credentials to the publishing account. We don't do
> this often enough to make it worthwhile investing into automation for it.
## Releasing a New Version
Every commit pushed to main will be picked up by the build & release pipeline automatically,
so there's nothing manual you need to do to release a new version.
## Licensing
See the [LICENSE](https://github.com/awslabs/aws-delivlib/blob/main/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: NOTICE
================================================
AWS Delivlib
Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
================================================
FILE: README.md
================================================
## aws-delivlib
[](http://github.com/badges/stability-badges)
**aws-delivlib** is a fabulous library for defining continuous pipelines for
building, testing and publishing code libraries through AWS CodeBuild and AWS
CodePipeline.
**aws-delivlib** is used by the [AWS Cloud Development Kit](https://github.com/awslabs/aws-cdk) and was
designed to support simultaneous delivery of the AWS CDK in multiple programming languages
packaged via [jsii](https://github.com/awslabs/jsii).
## Pipeline Structure
A delivlib pipeline consists of the following sequential stages. Each stage will
execute all tasks concurrently:
```
+-----------+ +-----------+ +-----------+ +----------------+
| Source +---->+ Build +---->+ Test +---->+ Publish |
+-----------+ +-----------+ +-----+-----+ +-------+--------+
| |
v v
+-----+-----+ +-------+-------+
| Test1 | | npm |
+-----------+ +---------------+
| Test2 | | NuGet |
+-----------+ +---------------+
| Test3 | | Maven Central |
+-----------+ +---------------+
| ... | | PyPI |
+-----------+ +---------------+
| GitHub Pages |
+---------------+
|GitHub Releases|
+---------------+
```
The following sections describe each stage and the configuration options
available:
- [aws-delivlib](#aws-delivlib)
- [Pipeline Structure](#pipeline-structure)
- [Installation](#installation)
- [Source](#source)
- [`repo`: Source Repository (required)](#repo-source-repository-required)
- [`branch`: Source Control Branch (optional)](#branch-source-control-branch-optional)
- [Pull Request Builds](#pull-request-builds)
- [Build](#build)
- [`buildSpec`: Build Script (optional)](#buildspec-build-script-optional)
- [`buildImage`: Build container image (optional)](#buildimage-build-container-image-optional)
- [`env`: Build environment variables (optional)](#env-build-environment-variables-optional)
- [Other Build Options](#other-build-options)
- [Tests](#tests)
- [Publish](#publish)
- [npm.js (JavaScript)](#npmjs-javascript)
- [NuGet (.NET)](#nuget-net)
- [Maven Central (Java)](#maven-central-java)
- [PyPI (Python)](#pypi-python)
- [GitHub Releases](#github-releases)
- [GitHub Pages](#github-pages)
- [Metrics](#metrics)
- [Automatic Bumps and Pull Request Builds](#automatic-bumps-and-pull-request-builds)
- [GitHub Access](#github-access)
- [Automatic Bumps](#automatic-bumps)
- [Failure Notifications](#failure-notifications)
- [ECR Mirror](#ecr-mirror)
- [Contributing](#contributing)
- [License](#license)
## Installation
To install, use npm / yarn:
```console
$ npm i aws-delivlib
```
or:
```console
$ yarn add aws-delivlib
```
and import the library to your project:
```ts
import delivlib = require('aws-delivlib');
```
The next step is to add a pipeline to your app. When you define a pipeline, the
minimum requirement is to specify the source repository. All other settings are
optional.
```ts
const pipeline = new delivlib.Pipeline(this, 'MyPipeline', {
// options
});
```
The following sections will describe the various options available in your
pipeline.
You can also take a look at the
[pipeline definition releasing the delivlib library itself](pipeline/delivlib.ts)
for a real-world, working example.
## Source
The only required option when defining a pipeline is to specify a source
repository for your project.
### `repo`: Source Repository (required)
The `repo` option specifies your source code repository for your project. You
could use either CodeCommit or GitHub.
#### CodeCommit
To use an existing repository:
```ts
import codecommit = require('@aws-cdk/aws-codecommit');
// import an existing repository
const myRepo = codecommit.Repository.fromRepositoryName(this, 'TestRepo',
'delivlib-test-repo');
// ...or define a new repository (probably not what you want)
const myRepo = new codecommit.Repository(this, 'TestRepo');
// create a delivlib pipeline associated with this codebuild repo
new delivlib.Pipeline(this, 'MyPipeline', {
repo: new delivlib.CodeCommitRepo(myRepo),
// ...
});
```
#### GitHub
To connect to GitHub, you will need to store a [Personal GitHub Access
Token](https://github.com/settings/tokens) as an SSM Parameter and provide the
name of the SSM parameter.
```ts
import cdk = require('@aws-cdk/core');
new delivlib.Pipeline(this, 'MyPipeline', {
repo: new delivlib.GitHubRepo({
repository: 'cdklabs/aws-delivlib',
token: cdk.SecretValue.secretsManager('my-github-token'),
}),
// ...
})
```
### `branch`: Source Control Branch (optional)
The `branch` option can be used to specify the git branch to build from. The
default is `master`.
```ts
new delivlib.Pipeline(this, 'MyPipeline', {
repo: // ...
branch: 'dev',
})
```
## Pull Request Builds
Pull Request Builds can be used to validate if changes submitted via a pull request
successfully build and pass tests. They are triggered automatically by GitHub or
CodeCommit when pull requests are submitted or updated.
Known in delivlib as AutoBuild, they can be enabled on the Pipeline and further
configured -
```ts
new delivlib.Pipeline(this, 'MyPipeline', {
// ...
autoBuild: true,
autoBuildOptions: {
publicLogs: true,
},
});
```
Delivlib also separately exports the `AutoBuild` construct that can be used to configure
AutoBuild on a project that doesn't have a pipeline associated, or for jobs that can be
run outside of a pipeline.
```ts
new delivlib.AutoBuild(this, 'MyAutoBuild', {
repo: // ...
});
```
## Build
The second stage of a pipeline is to build your code. The following options
allow you to do customize your build environment and scripts:
### `buildSpec`: Build Script (optional)
The default behavior will use the `buildspec.yaml` file from the root of your
source repository to determine the build steps.
See the the [buildspec reference documentation](https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html)
in the CodeBuild User Guide.
Note that if you don't have an "__artifacts__" section in your buildspec, you won't
be able to run any tests against the build outputs or publish them to package
managers.
If you wish, you can use the `buildSpec` option, in which case CodeBuild will not
use the checked-in `buildspec.yaml`:
```ts
import codebuild = require('@aws-cdk/aws-codebuild');
new delivlib.Pipeline(this, 'MyPipeline', {
// ...
buildSpec: codebuild.BuildSpec.fromObject({
version: '0.2',
phases: {
build: {
commands: [
'echo "Hello, world!"'
]
}
},
artifacts: {
files: [ '**/*' ],
'base-directory': 'dist'
}
}),
});
```
### `buildImage`: Build container image (optional)
The Docker image to use for the build container.
Default: the default image (if none is specified) is a custom Docker image which
is provided as part of the [jsii] distribution called [jsii/superchain]. It is
an environment that supports building libraries that target all programming
languages supported by [jsii]. Find more information on the contents of the
[jsii/superchain] image on the [jsii] homepage.
[jsii]: https://github.com/aws/jsii
[jsii/superchain]: https://hub.docker.com/r/jsii/superchain
You can use the AWS CodeBuild API to specify any Linux/Windows Docker image for
your build. Here are some examples:
* `codebuild.LinuxBuildImage.fromDockerRegistry('golang:1.11')` - use an image from Docker Hub
* `codebuild.LinuxBuildImage.UBUNTU_14_04_OPEN_JDK_9` - OpenJDK 9 available from AWS CodeBuild
* `codebuild.WindowsBuildImage.WIN_SERVER_CORE_2016_BASE` - Windows Server Core 2016 available from AWS CodeBuild
* `codebuild.LinuxBuildImage.fromEcrRepository(myRepo)` - use an image from an ECR repository
### `env`: Build environment variables (optional)
Allows adding environment variables to the build environment:
```ts
new delivlib.Pipeline(this, 'MyPipeline', {
// ...
environment: {
FOO: 'bar'
}
});
```
### Other Build Options
* `computeType`: size of the AWS CodeBuild compute capacity (default: SMALL)
* `privileged`: run in privileged mode (default: `false`)
## Tests
The third stage of a delivlib pipeline is to execute tests. Tests are executed
in parallel only after a successful build and can access build artifacts as
defined in your `buildspec.yaml`.
The `pipeline.addTest` method can be used to add tests to your pipeline. Test
scripts are packaged as part of your delivlib CDK app.
```ts
delivlib.addTest('MyTest', {
platform: delivlib.ShellPlatform.LinuxUbuntu(), // or `ShellPlatform.Windows()`
scriptDirectory: 'path/to/local/directory/with/tests',
entrypoint: 'run.sh',
});
```
`scriptDirectory` refers to a directory on the local file system which must
contain the `entrypoint` file.
Preferably make this path relative to the current file using `path.join(__dirname, ...)`.
The test container will be populated the build output artifacts as well as all
the files from the test directory.
Then, the entry-point will be executed. If it fails, the test failed.
## Publish
The last step of the pipeline is to publish your artifacts to one or more
package managers. Delivlib is shipped with a bunch of built-in publishing
tasks, but you could add your own if you like.
To add a publishing target to your pipeline, you can either use the
`pipeline.addPublish(publisher)` method or one of the built-in
`pipeline.publishToXxx` methods. The first option is useful if you wish to
define your own publisher, which is class the implements the
`delivlib.IPublisher` interface.
Built-in publishers are designed to be idempotent: if the artifacts version is
already published to the package manager, the publisher __will succeed__. This
means that in order to publish a new version, all you need to do is bump the
version of your package artifact (e.g. change `package.json`) and the publisher
will kick in.
You can use the `dryRun: true` option when creating a publisher to tell the
publisher to do as much as it can without actually making the package publicly
available. This is useful for testing.
The following sections describe how to use each one of the built-in publishers.
### npm.js (JavaScript)
The method `pipeline.publishToNpm` will add a publisher to your pipeline which
can publish JavaScript modules to [npmjs](https://www.npmjs.com/).
The publisher will search for `js/*.tgz` in your build artifacts and will `npm
publish` each of them.
To create npm tarballs, you can use `npm pack` as part of your build and emit
them to the `js/` directory in your build artifacts. The version of the module
is deduced from the name of the tarball.
To use this publisher, you will first need to store an [npm.js publishing
token](https://docs.npmjs.com/creating-and-viewing-authentication-tokens) in AWS
Secrets Manager and supply the secret ARN when you add the publisher.
```ts
pipeline.publishToNpm({
npmTokenSecret: { secretArn: 'my-npm-token-secret-arn' }
});
```
### NuGet (.NET)
This publisher can publish .NET NuGet packages to [nuget.org](https://www.nuget.org/).
The publisher will search `dotnet/**/*.nuget` in your build artifacts and will
publish each package to NuGet. To create .nupkg files, see [Creating NuGet
Packages](https://docs.microsoft.com/en-us/nuget/create-packages/creating-a-package).
Make sure you output the artifacts under the `dotnet/` directory.
To use this publisher, you will first need to store a [NuGet API
Key](https://www.nuget.org/account/apikeys) with "Push" permissions in AWS
Secrets Manager and supply the secret ARN when you add the publisher.
Use `pipeline.publishToNuGet` will add a publisher to your pipeline:
```ts
pipeline.publishToNuGet({
nugetApiKeySecret: { secretArn: 'my-nuget-token-secret-arn' }
});
```
#### Assembly Signature
**Important:** Limitations in the `mono` tools restrict the hash algorithms that
can be used in the signature to `SHA-1`. This limitation will be removed in the
future.
You can enable digital signatures for the `.dll` files enclosed in your NuGet
packages. In order to do so, you need to procure a Code-Signing Certificate
(also known as a Software Publisher Certificate, or SPC). If you don't have one
yet, you can refer to
[Obtaining a new Code Signing Certificate](#obtaining-a-new-code-signing-certificate)
for a way to create a new certificate entirely in the Cloud.
In order to enable code signature, change the way the NuGet publisher is added
by adding an `ICodeSigningCertificate` for the `codeSign` key (it could be a
`CodeSigningCertificate` construct, or you may bring your own implementation if
you wish to use a pre-existing certificate):
```ts
pipeline.publishToNuGet({
nugetApiKeySecret: { secretArn: 'my-nuget-token-secret-arn' },
codeSign: codeSigningCertificate
});
```
##### Obtaining a new Code Signing Certificate
If you want to create a new certificate, the `CodeSigningCertificate` construct
will provision a new RSA Private Key and emit a Certificate Signing Request in
an `Output` so you can pass it to your Certificate Authority (CA) of choice:
1. Add a `CodeSigningCertificate` to your stack:
```ts
new delivlib.CodeSigningCertificate(stack, 'CodeSigningCertificate', {
distinguishedName: {
commonName: '<a name your customers would recognize>',
emailAddress: '<your@email.address>',
country: '<two-letter ISO country code>',
stateOrProvince: '<state or province>',
locality: '<city>',
organizationName: '<name of your company or organization>',
organizationalUnitName: '<name of your department within the origanization>',
}
});
```
2. Deploy the stack:
```console
$ cdk deploy $stack_name
...
Outputs:
$stack_name.CodeSigningCertificateXXXXXX = -----BEGIN CERTIFICATE REQUEST-----
...
-----END CERTIFICATE REQUEST-----
```
3. Forward the Certificate Signing Request (the value of the stack output that
starts with `-----BEGIN CERTIFICATE REQUEST-----` and ends with
`-----END CERTIFICATE REQUEST-----`) to a Certificate Authority, so they can
provde you with a signed certificate.
4. Update your stack with the signed certificate obtained from the CA. The below
example assumes you palced the PEM-encoded certificate in a file named
`certificate.pem` that is in the same folder as file that uses the code:
```ts
// Import utilities at top of file:
import fs = require('fs');
import path = require('path');
// ...
new delivlib.CodeSigningCertificate(stack, 'CodeSigningCertificate', {
distinguishedName: {
commonName: '<a name your customers would recognize>',
emailAddress: '<your@email.address>',
country: '<two-letter ISO country code>',
stateOrProvince: '<state or province>',
locality: '<city>',
organizationName: '<name of your company or organization>',
organizationalUnitName: '<name of your department within the origanization>',
},
// Addin the signed certificate
pemCertificate: fs.readFileSync(path.join(__dirname, 'certificate.pem'))
});
```
5. Redeploy your stack, so the self-signed certificate is replaced with the one
received from your CA:
```console
$ cdk deploy $stackName
```
### Maven Central (Java)
This publisher can publish Java packages to [Maven
Central](https://search.maven.org/).
This publisher expects to find a local maven repository under the `java/`
directory in your build output artifacts. You can create one using the
`altDeploymentRepository` option for `mvn deploy` (this assumes `dist` if the
root of your artifacts tree):
```console
$ mvn deploy -D altDeploymentRepository=local::default::file://${PWD}/dist/java
```
Use `pipeline.publishToMaven` to add this publisher to your pipeline:
```ts
pipeline.publishToMaven({
mavenLoginSecret: { secretArn: 'my-maven-credentials-secret-arn' },
signingKey: mavenSigningKey,
stagingProfileId: '11a33451234521'
});
```
In order to configure the Maven publisher, you will need at least three pieces
of information:
1. __Maven Central credentials__ (`mavenLoginSecret`) stored in AWS Secrets Manager
2. __GPG signing key__ (`signingKey`) to sign your Maven packages
3. __Staging profile ID__ (`stagingProfileId`) assigned to your account in Maven Central.
The following sections will describe how to obtain this information.
#### GPG Signing Key
Since Maven Central requires that you sign your packages you will need to
create a GPG key pair and publish it's public key to a well-known server:
This library includes a GPG key construct:
```ts
const mavenSigningKey = new delivlib.OpenPGPKeyPair(this, 'MavenCodeSign', {
email: 'your-email@domain.com',
identity: 'your-identity',
secretName: 'maven-code-sign',
pubKeyParameterName: 'mavenPublicKey',
keySizeBits: 4096,
expiry: '1y',
version: 1.0
});
```
After you've deployed your stack once, you can go to the SSM Parameter Store
console and copy the public key from the new parameter created by your stack
under the specified secret name. Then, you should paste this key to any of the
supported key servers (recommended: https://keyserver.ubuntu.com).
#### Sonatype Credentials
In order to publish to Maven Central, you'll need to follow the instructions in
Maven Central's [OSSRH Guide](http://central.sonatype.org/pages/ossrh-guide.html)
and create a Sonatype account and project via JIRA:
1. [Create JIRA
account](https://issues.sonatype.org/secure/Signup!default.jspa)
2. [Create new project
ticket](https://issues.sonatype.org/secure/CreateIssue.jspa?issuetype=21&pid=10134)
3. Once you have the user name and password of your Sonatype account, create an
AWS Secrets Manager secret with a `username` and `password` key/value fields
that correspond to your account's credentials.
#### Staging Profile ID
After you've obtained a Sonatype account and Maven Central project:
1. Log into https://oss.sonatype.org
2. Select "Staging Profiles" from the side bar (under "Build Promotion")
3. Click on the "Releases" staging profile that you registered
4. The URL of the page should change and include your profile ID. For example: `https://oss.sonatype.org/#stagingProfiles;11a33451234521`
This is the value you should assign to the `stagingProfileId` option.
### PyPI (Python)
This publisher can publish modules to [PyPI](https://pypi.org/).
This publisher will publish all files under the `python/` directory in your
build output artifacts to PyPI using the following command:
```sh
twine upload --skip-existing python/**
```
To use this publisher, you will need to an
[account](https://pypi.org/account/register/) with PyPI. Then store your
credentials in an AWS Secrets Manager secret, under the `username` and
`password` fields.
Now, use `pipeline.publishToPyPi` to add this publisher to your pipeline:
```ts
pipeline.publishToPyPi({
loginSecret: { secretArn: 'my-pypi-credentials-secret-arn' }
});
```
### GitHub Releases
This publisher can package all your build artifacts, sign them and publish them
to the "Releases" section of a GitHub project.
This publisher relies on two files to produce the release:
- `build.json` a manifest that contains metadata about the release.
- `CHANGELOG.md` (optional) the changelog of your project, from which the
release notes are extracted. If not provided, no release notes are added
to the release.
<a id="manifest"/>
The file `build.json` is read from the root of your artifact tree. It should
include the following fields:
```json
{
"name": "<project name>",
"version": "<project version>",
"commit": "<sha of commit>"
}
```
This publisher does the following:
1. Create a zip archive that contains the entire build artifacts tree under the
name `${name}-${version}.zip`.
2. Sign the archive using a GPG key and store it under
`${name}-${version}.zip.sig`
3. Check if there is already a git tag with `v${version}` in the GitHub
repository. If there is, bail out successfully.
4. If there's a `CHANGELOG.md` file, and extract the release notes for
`${version}` (uses [changelog-parser](https://www.npmjs.com/package/changelog-parser))
5. Create a GitHub release named `v${version}`, tag the specified `${commit}`
with the release notes from the changelog.
6. Attach the zip archive and signature to the release.
To add a GitHub release publisher to your pipeline, use the
`pipeline.publishToGitHub` method:
```ts
pipeline.publishToGitHub({
githubRepo: targetRepository,
signingKey: releaseSigningKey
});
```
The publisher requires the following information:
- The target GitHub project (`githubRepo`): see [instructions](#github) on how to connect
to a GitHub repository. It doesn't have to be the same repository as the source repository,
but it can be.
- A GPG signing key (`signingKey`): a `delivlib.SigningKey` object used to sign the
zip bundle. Make sure to publish the public key to a well-known server so your users
can validate the authenticity of your release (see [GPG Signing Key](#gpg-signing-key) for
details on how to create a signing key pair and extract it's public key). You can either use
### GitHub Pages
This publisher allows you to publish versioned static web-site content to GitHub Pages.
The publisher commits the entire contents of the `docs/` directory into the root of the specified
GitHub repository, and also under the `${version}/` directory of the repo (which allows users
to access old versions of the docs if they wish).
NOTE: static website content can grow big. Therefore, this publisher will always force-push
to the branch without history (history is preserved via the `versions/` directory). Make sure
you don't protect this branch against force-pushing or otherwise the publisher will fail.
This publisher depends on the following artifacts:
1. `build.json`: build manifest (see [schema](#manifest) above)
2. `docs/**`: the static website contents
This is how this publisher works:
1. Read the `version` field from `build.json`
2. Clone the `gh-pages` branch of the target repository to a local working directory
3. Rsync the contents of `docs/**` both to `versions/${version}` and to `/` of the working copy.
5. Commit and push to the `gh-pages` branch on GitHub
> NOTE: if `docs/` contains a fully rendered static website, you should also include
> a `.nojekyll` file to [bypass](https://blog.github.com/2009-12-29-bypassing-jekyll-on-github-pages/)
> Jekyll rendering.
To add this publisher to your pipeline, use the `pipeline.publishToGitHubPages` method:
```ts
pipeline.publishToGitHubPages({
githubRepo,
sshKeySecret: { secretArn: 'github-ssh-key-secret-arn' },
commitEmail: 'foo@bar.com',
commitUsername: 'foobar',
branch: 'gh-pages' // default
});
```
In order to publish to GitHub Pages, you will need the following pieces of information:
1. The target GitHub repository (`githubRepo`). See [instructions](#github) on
how to connect to a GitHub repository. It doesn't have to be the same
repository as the source repository, but it can be.
2. SSH private key (`sshKeySecret`) for pushing to that repository stored in AWS
Secrets Manager which is configured in your GitHub repository as a deploy key
with write permissions.
3. Committer email (`commitEmail`) and username (`commitUsername`).
To create an ssh deploy key for your repository:
1. Follow [this
guide](https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys)
to produce a private/public key pair on your machine.
1. Add the deploy key to your repository with write permissions.
1. Create an AWS Secrets Manager secret and paste the private key as plaintext
(not key/value).
1. Use the name of the AWS Secrets Manager secret in the `sshKeySecret` option.
## Metrics
The `Pipeline` construct automatically creates the following metrics in CloudWatch
for the configured pipelines. These are published under the namespace 'CDK/Delivlib'.
- Execution Failures: The number of failures of the pipeline execution.
When a pipeline execution fails, a '1' is recorded and forevery success, a '0' is
recorded.
Metric Name: *Failures*
Dimensions:
- *Pipeline*: The pipeline name in CodePipeline.
- Action Failures: The number of failures per action per pipeline. An execution
failure can be due to multiple actions failing.
For every action failure, a '1' is recorded and for every success, a '0' is recorded.
Metric Name: *Failures*
Dimensions:
- *Pipeline*: The pipeline name in CodePipeline.
- *Action*: THe name of the action that succeeded or failed.
## Automatic Bumps and Pull Request Builds
### GitHub Access
If your source repository is GitHub, in order to enable these features you will
need to manually connect AWS CodeBuild to your GitHub account. Otherwise, you
will receive the following error message:
```
No Access token found, please visit AWS CodeBuild console to connect to GitHub
(Service: AWSCodeBuild; Status Code: 400; Error Code: InvalidInputException;
Request ID: ab458603-6fd4-11e8-9310-ff116e0423f9)
```
To connect, go to the AWS CodeBuild console, click "Create Project", select a
GitHub source and hit "Connect". There is no need to save the new project. This
needs to be done once per account/region.
### Automatic Bumps
A bump is the process of incrementing the version number of the project. When
the version number is incremented and a commit is pushed to the master branch,
the publishing actions will release the new version to all repositories.
This feature enables achieving full continuous delivery for libraries.
To enable automatic bumps, you will first need to determine how to perform a
bump in your repository. What command should be executed in order to increment
the version number, update change log, etc.
The bump command is expected to perform the bump and issue a **commit** and a
**tag** to the local repository with the version number.
For JavaScript projects, the
[standard-version](https://github.com/conventional-changelog/standard-version)
tool will do exactly that, so it is the recommended mechanism for such projects.
Once a bump is committed, the commit will be pushed either to a dedicated branch
called `bumps/VERSION` or to a branch of your choosing such as `master`.
To set up bumps, simply call `autoBump` on your pipeline. The following example
sets up a bump on the default schedule (12pm UTC daily) which will automatically
push the to "master" (which will trigger a release).
```ts
const bump = pipeline.autoBump({
bumpCommand: 'npm i && npm run bump',
branch: 'master'
});
```
You can customize the environment used for running the bump script.
If a bump fails, the `bump.alarm` CloudWatch alarm will be triggered.
NOTE: there is currently no way for the bump command to indicate to the
system that a bump is not needed (i.e. no changes have been made to the
library).
## Failure Notifications
Pipelines can be configured with notifications that will be sent on any failure in pipeline's stages. Notifications can
be sent to either a Slack channel or a Chime room. The following code configures one of each -
```ts
// Slack
const teamChannel = new chatbot.SlackChannelConfiguration(this, {
// ...
});
pipeline.notifyOnFailure(PipelineNotification.slack({
channels: [teamChannel]
}));
// Chime
const teamRoomWebhook = 'https://hooks.chime.aws/incomingwebhooks/1c3588c7-623d-4799-af9b-8b1818fca779?token=cUMzOVA4OXl8MXxCaHJlZ0RUVm03TmZVMkpoTzlwa3NVbXJCam8tNWF3UGdzemVqZndsZERV';
pipeline.notifyOnFailure(PipelineNotification.chime({
webhookUrl: [ teamRoomWebhook ]
}));
```
## ECR Mirror
Builds commonly use Docker images from DockerHub as their base image. In fact, delivlib defaults its build
image to `jsii/superchain`. However, DockerHub has throttles in place for the volume of unauthenticated and
authenticated pulls. This can cause CodeBuild jobs that run frequently to fail from DockerHub's throttling.
The `EcrMirror` construct can be used to synchronize, on a specific schedule, Docker images between DockerHub and
a local ECR registry in the AWS account.
```ts
new EcrMirror(this, 'RegistrySync', {
sources: [
MirrorSource.fromDockerHub('jsii/superchain:1-bullseye-slim'),
MirrorSource.fromDockerHub('python:3.6'),
],
dockerhubCredentials: // ...
schedule: events.Schedule.cron( ... ),
})
```
You can also use the `MirrorSource.fromDirectory()` API if you would like to build a new Docker image based on a
Dockerfile. The Dockerfile should be placed at the top level of the specified directory.
In addition to this, an `EcrMirrorAspect` is available that can walk the construct tree and replace all occurrences
of Docker images in CodeBuild projects with ECR equivalents if they are found in the provided `EcrMirror` construct.
This can be applied to an entire stack as so -
```ts
const stack = new MyStack(...);
// ...
Aspects.of(stack).add(new EcrMirrorAspect(ecrMirrorStack.mirror));
```
## Package Integrity
To ensure the artifacts published into package managers exactly correspond to your source code, delivlib offers a `PackageIntegrityValidation` construct.
It will perform periodic integrity checks, comparing the published artifact against an artifact directly build from source code.
This can help detect scenarios where your publishing platform may have been compromised, and your packages no longer contain the expected bits.
```ts
// first import the secret containing your github token secret.
// the secret value should be the token in plain text.
const token = sm.Secret.fromSecretCompleteArn(stack, 'GitHubSecret', '<sercet-arn>');
// validate integrity of your package, hosted in a github repository.
new PackageIntegrityValidation(stack, 'PackageValidation', {
repository: '<repository-slug>',
buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('<docker-image>'),
githubTokenSecret: token,
});
```
At a high level, the validation is performed like so:
1. Clone the GitHub repository and checkout to the latest tag.
2. Build the repository to produce local artifacts from the source code.
3. Download the corresponding artifacts from package managers.
4. Compare.
By default the validation will run once a day, but you can configure its schedule using the `schedule` option.
If the validation fails, a CloudWatch alarm will be triggered, which is accessible via the `failureAlarm` property.
## Contributing
See the [contribution guide](./CONTRIBUTING.md) for details on how to submit
issues, pull requests, setup a development environment and publish new releases
of this library.
## License
This library is licensed under the Apache 2.0 License.
================================================
FILE: build-custom-resource-handlers.sh
================================================
#!/bin/bash
set -euo pipefail
compile="tsc --alwaysStrict
--inlineSourceMap
--lib ES2017
--module CommonJS
--moduleResolution Node
--noFallthroughCasesInSwitch
--noImplicitAny
--noImplicitReturns
--noImplicitThis
--noUnusedLocals
--noUnusedParameters
--removeComments
--strict
--target ES2017
--types node"
for handler in pgp-secret private-key certificate-signing-request
do
echo "Building CustomResource handler ${handler}"
${compile} \
--incremental \
--tsBuildInfoFile "./lib/custom-resource-handlers/src/${handler}.tsbuildinfo" \
--outDir "./lib/custom-resource-handlers/bin/${handler}" \
"./lib/custom-resource-handlers/src/${handler}.ts" \
./lib/custom-resource-handlers/src/_*.ts
cp "./lib/custom-resource-handlers/bin/${handler}/${handler}.js" "./lib/custom-resource-handlers/bin/${handler}/index.js"
done
================================================
FILE: cdk.json
================================================
{
"context": {
"@aws-cdk/core:newStyleStackSynthesis": "true"
}
}
================================================
FILE: lib/__tests__/auto-build.test.ts
================================================
import { App, Stack } from 'aws-cdk-lib';
import { Template } from 'aws-cdk-lib/assertions';
import { Artifacts } from 'aws-cdk-lib/aws-codebuild';
import { Bucket } from 'aws-cdk-lib/aws-s3';
import { AutoBuild, GitHubRepo } from '../../lib';
let app: App;
let stack: Stack;
beforeEach(() => {
app = new App();
stack = new Stack(app, 'Stack');
});
test('webhooks are enabled by default', () => {
new AutoBuild(stack, 'AutoBuild', {
repo: new GitHubRepo({
repository: 'some-owner/some-repo',
tokenSecretArn: 'arn:aws:secretsmanager:someregion:someaccount:secret:sometoken',
}),
});
const template = Template.fromStack(stack);
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
FilterGroups: [
[
{
Pattern: 'PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED',
Type: 'EVENT',
},
],
],
Webhook: true,
},
});
});
test('webhooks for a single branch', () => {
new AutoBuild(stack, 'AutoBuild', {
repo: new GitHubRepo({
repository: 'some-owner/some-repo',
tokenSecretArn: 'arn:aws:secretsmanager:someregion:someaccount:secret:sometoken',
}),
branch: 'banana',
});
const template = Template.fromStack(stack);
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
FilterGroups: [
[
{
Pattern: 'PUSH',
Type: 'EVENT',
},
{
Pattern: '^refs/heads/banana$',
Type: 'HEAD_REF',
},
],
[
{
Pattern: 'PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED',
Type: 'EVENT',
},
{
Pattern: '^refs/heads/banana$',
Type: 'BASE_REF',
},
],
],
Webhook: true,
},
});
});
test('webhooks for multiple branches', () => {
new AutoBuild(stack, 'AutoBuild', {
repo: new GitHubRepo({
repository: 'some-owner/some-repo',
tokenSecretArn: 'arn:aws:secretsmanager:someregion:someaccount:secret:sometoken',
}),
branches: ['banana', 'grapefruit'],
});
const template = Template.fromStack(stack);
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
FilterGroups: [
[
{
Pattern: 'PUSH',
Type: 'EVENT',
},
{
Pattern: '^refs/heads/banana$|^refs/heads/grapefruit$',
Type: 'HEAD_REF',
},
],
[
{
Pattern: 'PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED',
Type: 'EVENT',
},
{
Pattern: '^refs/heads/banana$|^refs/heads/grapefruit$',
Type: 'BASE_REF',
},
],
],
Webhook: true,
},
});
});
test('can disable webhooks', () => {
new AutoBuild(stack, 'AutoBuild', {
repo: new GitHubRepo({
repository: 'some-owner/some-repo',
tokenSecretArn: 'arn:aws:secretsmanager:someregion:someaccount:secret:sometoken',
}),
webhook: false,
});
const template = Template.fromStack(stack);
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
Webhook: false,
},
});
});
test('can enable artifacts', () => {
new AutoBuild(stack, 'AutoBuild', {
repo: new GitHubRepo({
repository: 'some-owner/some-repo',
tokenSecretArn: 'arn:aws:secretsmanager:someregion:someaccount:secret:sometoken',
}),
artifacts: Artifacts.s3({
bucket: new Bucket(stack, 'artifactBucket'),
name: 'artifact-name',
}),
});
const template = Template.fromStack(stack);
template.hasResourceProperties('AWS::CodeBuild::Project', {
Artifacts: {
Location: { Ref: 'artifactBucket27548F83' },
Name: 'artifact-name',
NamespaceType: 'BUILD_ID',
Packaging: 'ZIP',
Type: 'S3',
},
});
});
================================================
FILE: lib/__tests__/build-spec.test.ts
================================================
import * as delivlib from '../../lib';
test('buildspec single artifact goes to "artifacts"', () => {
const bs = delivlib.BuildSpec.simple({
build: ['echo hello > foo/file.txt'],
artifactDirectory: 'foo',
});
const rendered = bs.render();
expect(rendered).toEqual({
artifacts: {
'base-directory': 'foo',
'files': [
'**/*',
],
},
phases: {
build: {
commands: [
'echo hello > foo/file.txt',
],
},
},
version: '0.2',
});
});
test('buildspec multiple artifacts all go into "secondary-artifacts"', () => {
const bs = delivlib.BuildSpec.simple({
build: ['echo hello > foo/file.txt'],
artifactDirectory: 'foo',
additionalArtifactDirectories: {
artifact2: 'boo',
},
});
const rendered = bs.render({ primaryArtifactName: 'primrose' });
expect(rendered).toEqual({
artifacts: {
'secondary-artifacts': {
primrose: {
'base-directory': 'foo',
'files': [
'**/*',
],
},
artifact2: {
'base-directory': 'boo',
'files': [
'**/*',
],
},
},
},
phases: {
build: {
commands: [
'echo hello > foo/file.txt',
],
},
},
version: '0.2',
});
});
test('buildspec empty creates minimal structure', () => {
const bs = delivlib.BuildSpec.empty();
const rendered = bs.render();
expect(rendered).toEqual({
version: '0.2',
});
});
test('buildspec literal accepts raw structure', () => {
const struct = {
version: '0.2' as const,
phases: {
build: {
commands: ['echo test'],
},
},
};
const bs = delivlib.BuildSpec.literal(struct);
const rendered = bs.render();
expect(rendered).toEqual(struct);
});
test('buildspec simple with all phases', () => {
const bs = delivlib.BuildSpec.simple({
install: ['npm install'],
preBuild: ['npm run lint'],
build: ['npm run build'],
artifactDirectory: 'dist',
});
const rendered = bs.render();
expect(rendered).toEqual({
version: '0.2',
phases: {
install: {
commands: ['npm install'],
},
pre_build: {
commands: ['npm run lint'],
},
build: {
commands: ['npm run build'],
},
},
artifacts: {
'base-directory': 'dist',
'files': ['**/*'],
},
});
});
test('buildspec simple with reports', () => {
const bs = delivlib.BuildSpec.simple({
build: ['npm test'],
reports: {
jest: {
'files': ['coverage/clover.xml'],
'file-format': 'CucumberJson',
},
},
});
const rendered = bs.render();
expect(rendered.reports).toEqual({
jest: {
'files': ['coverage/clover.xml'],
'file-format': 'CucumberJson',
},
});
});
test('additionalArtifactNames returns correct names', () => {
const bs = delivlib.BuildSpec.simple({
build: ['echo test'],
artifactDirectory: 'dist',
additionalArtifactDirectories: {
docs: 'documentation',
assets: 'static',
},
});
expect(bs.additionalArtifactNames).toEqual(['docs', 'assets']);
});
test('additionalArtifactNames excludes PRIMARY', () => {
const bs = delivlib.BuildSpec.simple({
build: ['echo test'],
artifactDirectory: 'dist',
});
expect(bs.additionalArtifactNames).toEqual([]);
});
test('merge combines two buildspecs', () => {
const bs1 = delivlib.BuildSpec.simple({
install: ['npm install'],
build: ['npm run build'],
});
const bs2 = delivlib.BuildSpec.simple({
preBuild: ['npm run lint'],
build: ['npm run test'],
});
const merged = bs1.merge(bs2);
const rendered = merged.render();
expect(rendered.phases).toEqual({
install: {
commands: ['npm install'],
},
pre_build: {
commands: ['npm run lint'],
},
build: {
commands: ['npm run build', 'npm run test'],
},
});
});
test('merge throws on duplicate artifact names', () => {
const bs1 = delivlib.BuildSpec.simple({
additionalArtifactDirectories: { docs: 'docs1' },
});
const bs2 = delivlib.BuildSpec.simple({
additionalArtifactDirectories: { docs: 'docs2' },
});
expect(() => bs1.merge(bs2)).toThrow('There is already an artifact with name docs');
});
test('merge throws on duplicate report names', () => {
const bs1 = delivlib.BuildSpec.simple({
reports: { test: { files: ['test1.xml'] } },
});
const bs2 = delivlib.BuildSpec.simple({
reports: { test: { files: ['test2.xml'] } },
});
expect(() => bs1.merge(bs2)).toThrow('Reports must have unique names');
});
test('render throws when PRIMARY artifact name not supplied', () => {
const bs = delivlib.BuildSpec.simple({
artifactDirectory: 'dist',
additionalArtifactDirectories: { docs: 'documentation' },
});
expect(() => bs.render()).toThrow('Replacement name for PRIMARY artifact not supplied');
});
test('merge handles environment variables', () => {
const bs1 = delivlib.BuildSpec.literal({
version: '0.2',
env: {
variables: { NODE_ENV: 'production' },
},
});
const bs2 = delivlib.BuildSpec.literal({
version: '0.2',
env: {
variables: { DEBUG: 'true' },
},
});
const merged = bs1.merge(bs2);
const rendered = merged.render();
expect(rendered.env?.variables).toEqual({
NODE_ENV: 'production',
DEBUG: 'true',
});
});
test('merge handles cache paths', () => {
const bs1 = delivlib.BuildSpec.literal({
version: '0.2',
cache: { paths: ['node_modules/**/*'] },
});
const bs2 = delivlib.BuildSpec.literal({
version: '0.2',
cache: { paths: ['.npm/**/*'] },
});
const merged = bs1.merge(bs2);
const rendered = merged.render();
expect(rendered.cache?.paths).toEqual(['node_modules/**/*', '.npm/**/*']);
});
test('merge handles install phase runtime-versions', () => {
const bs1 = delivlib.BuildSpec.literal({
version: '0.2',
phases: {
install: {
'commands': ['echo install'],
'runtime-versions': { nodejs: '18' },
},
},
});
const bs2 = delivlib.BuildSpec.literal({
version: '0.2',
phases: {
install: {
'commands': ['npm install'],
'runtime-versions': { python: '3.9' },
},
},
});
const merged = bs1.merge(bs2);
const rendered = merged.render();
expect(rendered.phases?.install).toEqual({
'commands': ['echo install', 'npm install'],
'runtime-versions': { nodejs: '18', python: '3.9' },
});
});
================================================
FILE: lib/__tests__/bump.test.ts
================================================
// tslint:disable: max-line-length
import * as cdk from 'aws-cdk-lib';
import { Template } from 'aws-cdk-lib/assertions';
import { AutoBump, WritableGitHubRepo } from '../../lib';
const Stack = cdk.Stack;
const MOCK_REPO = new WritableGitHubRepo({
sshKeySecret: { secretArn: 'ssh-key-secret-arn' },
commitUsername: 'user',
commitEmail: 'email@email',
repository: 'owner/repo',
tokenSecretArn: 'token-secret-arn',
});
test('autoBump', () => {
// GIVEN
const stack = new Stack(new cdk.App(), 'TestStack');
// WHEN
new AutoBump(stack, 'MyAutoBump', {
repo: MOCK_REPO,
});
const template = Template.fromStack(stack);
// THEN
// build project
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
Webhook: false,
},
Source: {
Type: 'GITHUB',
GitCloneDepth: 0,
Location: 'https://github.com/owner/repo.git',
ReportBuildStatus: false,
BuildSpec: JSON.stringify({
version: '0.2',
phases: {
pre_build: {
commands: [
'git config --global user.email "email@email"',
'git config --global user.name "user"',
],
},
build: {
commands: [
'export SKIP=false',
'$SKIP || { aws secretsmanager get-secret-value --secret-id "ssh-key-secret-arn" --output=text --query=SecretString > ~/.ssh/id_rsa ; }',
'$SKIP || { mkdir -p ~/.ssh ; }',
'$SKIP || { chmod 0600 ~/.ssh/id_rsa ~/.ssh/config ; }',
'$SKIP || { ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts ; }',
'$SKIP || { ls .git && { echo ".git directory exists"; } || { echo ".git directory doesnot exist - cloning..." && git init . && git remote add origin git@github.com:owner/repo.git && git fetch && git reset --hard origin/master && git branch -M master && git clean -fqdx; } ; }',
"$SKIP || { git describe --exact-match master && { echo 'Skip condition is met, skipping...' && export SKIP=true; } || { echo 'Skip condition is not met, continuing...' && export SKIP=false; } ; }",
'$SKIP || { export GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id "token-secret-arn" --output=text --query=SecretString) ; }',
'$SKIP || { git rev-parse --verify origin/bump/$VERSION && { git checkout bump/$VERSION && git merge master && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands; } || { git checkout master && git checkout -b temp && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands && git branch -M bump/$VERSION; } ; }',
'$SKIP || { git merge-base --is-ancestor bump/$VERSION origin/master && { echo "Skipping: bump/$VERSION is an ancestor of origin/master"; export SKIP=true; } || { echo "Pushing: bump/$VERSION is ahead of origin/master"; export SKIP=false; } ; }',
'$SKIP || { git remote add origin_ssh git@github.com:owner/repo.git ; }',
'$SKIP || { git push --atomic --follow-tags origin_ssh bump/$VERSION:bump/$VERSION ; }',
"$SKIP || { curl --fail -X POST -o pr.json --header \"Authorization: token $GITHUB_TOKEN\" --header \"Content-Type: application/json\" -d \"{\\\"title\\\":\\\"chore(release): $VERSION\\\",\\\"base\\\":\\\"master\\\",\\\"head\\\":\\\"bump/$VERSION\\\"}\" https://api.github.com/repos/owner/repo/pulls && export PR_NUMBER=$(node -p 'require(\"./pr.json\").number') ; }",
'$SKIP || { curl --fail -X PATCH --header "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" -d "{\\"body\\":\\"See [CHANGELOG](https://github.com/owner/repo/blob/bump/$VERSION/CHANGELOG.md)\\"}" https://api.github.com/repos/owner/repo/pulls/$PR_NUMBER ; }',
],
},
},
}, undefined, 2),
},
});
});
test('autoBump with schedule', () => {
const stack = new Stack(new cdk.App(), 'TestStack');
// WHEN
new AutoBump(stack, 'MyAutoBump', {
repo: MOCK_REPO,
scheduleExpression: 'cron(0 12 * * ? *)',
});
const template = Template.fromStack(stack);
// default schedule
template.hasResourceProperties('AWS::Events::Rule', {
ScheduleExpression: 'cron(0 12 * * ? *)',
});
});
test('autoBump with custom cloneDepth', () => {
// GIVEN
const stack = new Stack(new cdk.App(), 'TestStack');
// WHEN
new AutoBump(stack, 'MyAutoBump', {
repo: MOCK_REPO,
cloneDepth: 10,
});
const template = Template.fromStack(stack);
// THEN
// build project
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
Webhook: false,
},
Source: {
Type: 'GITHUB',
GitCloneDepth: 10,
Location: 'https://github.com/owner/repo.git',
ReportBuildStatus: false,
BuildSpec: JSON.stringify({
version: '0.2',
phases: {
pre_build: {
commands: [
'git config --global user.email "email@email"',
'git config --global user.name "user"',
],
},
build: {
commands: [
'export SKIP=false',
'$SKIP || { aws secretsmanager get-secret-value --secret-id "ssh-key-secret-arn" --output=text --query=SecretString > ~/.ssh/id_rsa ; }',
'$SKIP || { mkdir -p ~/.ssh ; }',
'$SKIP || { chmod 0600 ~/.ssh/id_rsa ~/.ssh/config ; }',
'$SKIP || { ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts ; }',
'$SKIP || { ls .git && { echo ".git directory exists"; } || { echo ".git directory doesnot exist - cloning..." && git init . && git remote add origin git@github.com:owner/repo.git && git fetch && git reset --hard origin/master && git branch -M master && git clean -fqdx; } ; }',
"$SKIP || { git describe --exact-match master && { echo 'Skip condition is met, skipping...' && export SKIP=true; } || { echo 'Skip condition is not met, continuing...' && export SKIP=false; } ; }",
'$SKIP || { export GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id "token-secret-arn" --output=text --query=SecretString) ; }',
'$SKIP || { git rev-parse --verify origin/bump/$VERSION && { git checkout bump/$VERSION && git merge master && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands; } || { git checkout master && git checkout -b temp && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands && git branch -M bump/$VERSION; } ; }',
'$SKIP || { git merge-base --is-ancestor bump/$VERSION origin/master && { echo "Skipping: bump/$VERSION is an ancestor of origin/master"; export SKIP=true; } || { echo "Pushing: bump/$VERSION is ahead of origin/master"; export SKIP=false; } ; }',
'$SKIP || { git remote add origin_ssh git@github.com:owner/repo.git ; }',
'$SKIP || { git push --atomic --follow-tags origin_ssh bump/$VERSION:bump/$VERSION ; }',
"$SKIP || { curl --fail -X POST -o pr.json --header \"Authorization: token $GITHUB_TOKEN\" --header \"Content-Type: application/json\" -d \"{\\\"title\\\":\\\"chore(release): $VERSION\\\",\\\"base\\\":\\\"master\\\",\\\"head\\\":\\\"bump/$VERSION\\\"}\" https://api.github.com/repos/owner/repo/pulls && export PR_NUMBER=$(node -p 'require(\"./pr.json\").number') ; }",
'$SKIP || { curl --fail -X PATCH --header "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" -d "{\\"body\\":\\"See [CHANGELOG](https://github.com/owner/repo/blob/bump/$VERSION/CHANGELOG.md)\\"}" https://api.github.com/repos/owner/repo/pulls/$PR_NUMBER ; }',
],
},
},
}, undefined, 2),
},
});
});
test('autoBump with schedule disabled', () => {
// GIVEN
const stack = new Stack(new cdk.App(), 'TestStack');
// WHEN
new AutoBump(stack, 'MyAutoBump', {
repo: MOCK_REPO,
scheduleExpression: 'disable',
});
const template = Template.fromStack(stack);
// THEN
template.hasResourceProperties('AWS::Events::Rule', {
ScheduleExpression: 'disable',
});
});
test('autoBump with push only', () => {
// GIVEN
const stack = new Stack(new cdk.App(), 'TestStack');
const repo = new WritableGitHubRepo({
sshKeySecret: { secretArn: 'ssh-key-secret-arn' },
commitUsername: 'user',
commitEmail: 'email@email',
repository: 'owner/repo',
tokenSecretArn: 'token-secret-arn',
});
// WHEN
new AutoBump(stack, 'MyAutoBump', {
repo,
pushOnly: true,
});
const template = Template.fromStack(stack);
// THEN
// build project
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
Webhook: false,
},
Source: {
Type: 'GITHUB',
GitCloneDepth: 0,
Location: 'https://github.com/owner/repo.git',
ReportBuildStatus: false,
BuildSpec: JSON.stringify({
version: '0.2',
phases: {
pre_build: {
commands: [
'git config --global user.email "email@email"',
'git config --global user.name "user"',
],
},
build: {
commands: [
'export SKIP=false',
'$SKIP || { aws secretsmanager get-secret-value --secret-id "ssh-key-secret-arn" --output=text --query=SecretString > ~/.ssh/id_rsa ; }',
'$SKIP || { mkdir -p ~/.ssh ; }',
'$SKIP || { chmod 0600 ~/.ssh/id_rsa ~/.ssh/config ; }',
'$SKIP || { ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts ; }',
'$SKIP || { ls .git && { echo ".git directory exists"; } || { echo ".git directory doesnot exist - cloning..." && git init . && git remote add origin git@github.com:owner/repo.git && git fetch && git reset --hard origin/master && git branch -M master && git clean -fqdx; } ; }',
"$SKIP || { git describe --exact-match master && { echo 'Skip condition is met, skipping...' && export SKIP=true; } || { echo 'Skip condition is not met, continuing...' && export SKIP=false; } ; }",
'$SKIP || { git rev-parse --verify origin/bump/$VERSION && { git checkout bump/$VERSION && git merge master && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands; } || { git checkout master && git checkout -b temp && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands && git branch -M bump/$VERSION; } ; }',
'$SKIP || { git merge-base --is-ancestor bump/$VERSION origin/master && { echo "Skipping: bump/$VERSION is an ancestor of origin/master"; export SKIP=true; } || { echo "Pushing: bump/$VERSION is ahead of origin/master"; export SKIP=false; } ; }',
'$SKIP || { git remote add origin_ssh git@github.com:owner/repo.git ; }',
'$SKIP || { git push --atomic --follow-tags origin_ssh bump/$VERSION:bump/$VERSION ; }',
],
},
},
}, undefined, 2),
},
});
});
test('autoBump with pull request with custom options', () => {
// GIVEN
const stack = new Stack(new cdk.App(), 'TestStack');
// WHEN
new AutoBump(stack, 'MyAutoBump', {
repo: MOCK_REPO,
title: 'custom title',
body: 'custom body',
base: {
name: 'release',
},
});
const template = Template.fromStack(stack);
// THEN
// build project
template.hasResourceProperties('AWS::CodeBuild::Project', {
Triggers: {
Webhook: false,
},
Source: {
Type: 'GITHUB',
GitCloneDepth: 0,
Location: 'https://github.com/owner/repo.git',
ReportBuildStatus: false,
BuildSpec: JSON.stringify({
version: '0.2',
phases: {
pre_build: {
commands: [
'git config --global user.email "email@email"',
'git config --global user.name "user"',
],
},
build: {
commands: [
'export SKIP=false',
'$SKIP || { aws secretsmanager get-secret-value --secret-id "ssh-key-secret-arn" --output=text --query=SecretString > ~/.ssh/id_rsa ; }',
'$SKIP || { mkdir -p ~/.ssh ; }',
'$SKIP || { chmod 0600 ~/.ssh/id_rsa ~/.ssh/config ; }',
'$SKIP || { ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts ; }',
'$SKIP || { ls .git && { echo ".git directory exists"; } || { echo ".git directory doesnot exist - cloning..." && git init . && git remote add origin git@github.com:owner/repo.git && git fetch && git reset --hard origin/release && git branch -M release && git clean -fqdx; } ; }',
"$SKIP || { git describe --exact-match release && { echo 'Skip condition is met, skipping...' && export SKIP=true; } || { echo 'Skip condition is not met, continuing...' && export SKIP=false; } ; }",
'$SKIP || { export GITHUB_TOKEN=$(aws secretsmanager get-secret-value --secret-id "token-secret-arn" --output=text --query=SecretString) ; }',
'$SKIP || { git rev-parse --verify origin/bump/$VERSION && { git checkout bump/$VERSION && git merge release && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands; } || { git checkout release && git checkout -b temp && /bin/sh ./bump.sh && export VERSION=$(git describe) && echo Finished running user commands && git branch -M bump/$VERSION; } ; }',
'$SKIP || { git merge-base --is-ancestor bump/$VERSION origin/release && { echo "Skipping: bump/$VERSION is an ancestor of origin/release"; export SKIP=true; } || { echo "Pushing: bump/$VERSION is ahead of origin/release"; export SKIP=false; } ; }',
'$SKIP || { git remote add origin_ssh git@github.com:owner/repo.git ; }',
'$SKIP || { git push --atomic --follow-tags origin_ssh bump/$VERSION:bump/$VERSION ; }',
"$SKIP || { curl --fail -X POST -o pr.json --header \"Authorization: token $GITHUB_TOKEN\" --header \"Content-Type: application/json\" -d \"{\\\"title\\\":\\\"custom title\\\",\\\"base\\\":\\\"release\\\",\\\"head\\\":\\\"bump/$VERSION\\\"}\" https://api.github.com/repos/owner/repo/pulls && export PR_NUMBER=$(node -p 'require(\"./pr.json\").number') ; }",
'$SKIP || { curl --fail -X PATCH --header "Authorization: token $GITHUB_TOKEN" --header "Content-Type: application/json" -d "{\\"body\\":\\"custom body\\"}" https://api.github.com/repos/owner/repo/pulls/$PR_NUMBER ; }',
],
},
},
}, undefined, 2),
},
});
});
test('autoBump with pull request fails when head=base', () => {
// GIVEN
const stack = new Stack(new cdk.App(), 'TestStack');
// WHEN
expect(() => new AutoBump(stack, 'MyAutoBump', {
repo: MOCK_REPO,
base: {
name: 'master',
},
head: {
name: 'master',
},
})).toThrow();
});
================================================
FILE: lib/__tests__/canary.test.ts
================================================
import * as path from 'path';
import { App, Stack, aws_events as events } from 'aws-cdk-lib';
import { Template } from 'aws-cdk-lib/assertions';
import { Canary } from '../../lib';
const testDir = path.join(__dirname, 'delivlib-tests', 'linux');
test('correctly creates canary', () => {
// GIVEN
const stack = new Stack(new App(), 'TestStack');
// WHEN
new Canary(stack, 'Canary', {
schedule: events.Schedule.expression('rate(1 minute)'),
scriptDirectory: testDir,
entrypoint: 'test.sh',
});
const template = Template.fromStack(stack);
// THEN
template.hasResourceProperties('AWS::CloudWatch::Alarm', {
ComparisonOperator: 'GreaterThanOrEqualToThreshold',
EvaluationPeriods: 1,
Threshold: 1,
Dimensions: [{
Name: 'ProjectName',
Value: {
Ref: 'CanaryShellableA135E79C',
},
}],
MetricName: 'FailedBuilds',
Namespace: 'AWS/CodeBuild',
Statistic: 'Sum',
TreatMissingData: 'ignore',
Period: 300,
});
template.hasResourceProperties('AWS::Events::Rule', {
ScheduleExpression: 'rate(1 minute)',
State: 'ENABLED',
Targets: [{
Arn: {
'Fn::GetAtt': [
'CanaryShellableA135E79C',
'Arn',
],
},
Id: 'Target0',
RoleArn: {
'Fn::GetAtt': [
'CanaryShellableEventsRoleC4030D0D',
'Arn',
],
},
}],
});
template.hasResourceProperties('AWS::CodeBuild::Project', {
Artifacts: {
Type: 'NO_ARTIFACTS',
},
Environment: {
ComputeType: 'BUILD_GENERAL1_MEDIUM',
Image: 'aws/codebuild/standard:7.0',
PrivilegedMode: false,
Type: 'LINUX_CONTAINER',
EnvironmentVariables: [
{
Name: 'SCRIPT_S3_BUCKET',
Type: 'PLAINTEXT',
Value: {
'Fn::Sub': 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}',
},
},
{
Name: 'SCRIPT_S3_KEY',
Type: 'PLAINTEXT',
Value: '3d34b07ba871989d030649c646b3096ba7c78ca531897bcdb0670774d2f9d3e4.zip',
},
{
Name: 'IS_CANARY',
Type: 'PLAINTEXT',
Value: 'true',
},
],
},
ServiceRole: {
'Fn::GetAtt': [
'CanaryShellableRole063BC07D',
'Arn',
],
},
Source: {
// tslint:disable-next-line:max-line-length
BuildSpec: '{\n "version": "0.2",\n "phases": {\n "install": {\n "commands": [\n "command -v yarn > /dev/null || npm install --global yarn"\n ]\n },\n "pre_build": {\n "commands": [\n "echo \\"Downloading scripts from s3://${SCRIPT_S3_BUCKET}/${SCRIPT_S3_KEY}\\"",\n "aws s3 cp s3://${SCRIPT_S3_BUCKET}/${SCRIPT_S3_KEY} /tmp",\n "mkdir -p /tmp/scriptdir",\n "unzip /tmp/$(basename $SCRIPT_S3_KEY) -d /tmp/scriptdir"\n ]\n },\n "build": {\n "commands": [\n "export SCRIPT_DIR=/tmp/scriptdir",\n "echo \\"Running test.sh\\"",\n "/bin/bash /tmp/scriptdir/test.sh"\n ]\n }\n }\n}',
},
});
});
================================================
FILE: lib/__tests__/change-control-lambda/disable-transition.test.ts
================================================
// eslint-disable-next-line @typescript-eslint/no-require-imports
const pipelineName = 'MyPipeline';
const stageName = 'MyStage';
const mockCodePipelineClient = {
disableStageTransition: jest.fn().mockName('CodePipeline.disableStageTransition'),
enableStageTransition: jest.fn().mockName('CodePipeline.enableStageTransition'),
};
jest.mock('@aws-sdk/client-codepipeline', () => {
return {
CodePipeline: jest.fn().mockImplementation(() => {
return mockCodePipelineClient;
}),
};
});
beforeEach(() => {
mockCodePipelineClient.disableStageTransition.mockImplementation(() => Promise.resolve({}));
mockCodePipelineClient.enableStageTransition.mockImplementation(() => Promise.resolve({}));
});
describe('disableTransition', () => {
// eslint-disable-next-line @typescript-eslint/no-require-imports
const disableTransition = require('../../change-control-lambda/disable-transition').disableTransition;
test('with a simple reason', async () => {
// GIVEN
const reason = 'Just Because';
// WHEN
await expect(disableTransition(pipelineName, stageName, reason))
.resolves.toBeUndefined();
// THEN
expect(mockCodePipelineClient.disableStageTransition)
.toHaveBeenCalledWith({ pipelineName, stageName, reason, transitionType: 'Inbound' });
});
test('with a reason that needs cleaning up', async () => {
// GIVEN
const reason = 'It\'s so cool!';
// WHEN
await expect(disableTransition(pipelineName, stageName, reason))
.resolves.toBeUndefined();
// THEN
const cleanReason = reason.replace(/[^a-zA-Z0-9!@ \(\)\.\*\?\-]/g, '-');
expect(mockCodePipelineClient.disableStageTransition)
.toHaveBeenCalledWith({ pipelineName, stageName, reason: cleanReason, transitionType: 'Inbound' });
});
test('with a reason that is too long', async () => {
// GIVEN
const reason = 'Reason '.repeat(300);
// WHEN
await expect(disableTransition(pipelineName, stageName, reason))
.resolves.toBeUndefined();
// THEN
const cleanReason = reason.slice(0, 300);
expect(mockCodePipelineClient.disableStageTransition)
.toHaveBeenCalledWith({ pipelineName, stageName, reason: cleanReason, transitionType: 'Inbound' });
});
});
test('enableTransition', async () => {
// GIVEN
// eslint-disable-next-line @typescript-eslint/no-require-imports
const enableTransition = require('../../change-control-lambda/disable-transition').enableTransition;
// WHEN
expect(() => enableTransition(pipelineName, stageName))
.not.toThrow();
// THEN
expect(mockCodePipelineClient.enableStageTransition)
.toHaveBeenCalledWith({ pipelineName, stageName, transitionType: 'Inbound' });
});
================================================
FILE: lib/__tests__/change-control-lambda/handler.test.ts
================================================
import type * as timeWindow from '../../change-control-lambda/time-window';
// _____ _ _
// | __ \ | | (_)
// | |__) | __ ___ _ __ __ _ _ __ __ _| |_ _ ___ _ __
// | ___/ '__/ _ \ '_ \ / _` | '__/ _` | __| |/ _ \| '_ \
// | | | | | __/ |_) | (_| | | | (_| | |_| | (_) | | | |
// |_| |_| \___| .__/ \__,_|_| \__,_|\__|_|\___/|_| |_|
// | |
// |_|
const mockS3Client = {
getObject: jest.fn().mockName('S3.GetObject'),
};
jest.mock('@aws-sdk/client-s3', () => {
return {
S3: jest.fn().mockImplementation(() => {
return mockS3Client;
}),
};
});
jest.mock('../../change-control-lambda/disable-transition');
jest.mock('../../change-control-lambda/time-window');
// eslint-disable-next-line @typescript-eslint/no-require-imports
const transitions = require('../../change-control-lambda/disable-transition');
// eslint-disable-next-line @typescript-eslint/no-require-imports
const timeWindowModule = require('../../change-control-lambda/time-window');
const mockEnableTransition =
jest.fn((_pipeline: string, _stage: string) => Promise.resolve(undefined))
.mockName('enableTransition');
const mockDisableTransition =
jest.fn((_pipeline: string, _stage: string, _reason: string) => Promise.resolve(undefined))
.mockName('disableTransition');
const mockShouldBlockPipeline = jest.fn((_icsData: string | Buffer, _now?: Date): timeWindow.CalendarEvent | undefined => undefined)
.mockName('shouldBlockPipeline');
const initialEnv = process.env;
beforeEach(() => {
jest.restoreAllMocks();
process.env = { ...testEnv };
transitions.enableTransition = mockEnableTransition;
transitions.disableTransition = mockDisableTransition;
timeWindowModule.shouldBlockPipeline = mockShouldBlockPipeline;
});
const mockConsoleLog = jest.fn().mockName('console.log');
console.log = mockConsoleLog;
const bucketName = 'BucketName';
const objectKey = 'ObjectKey';
const stageName = 'StageName';
const pipelineName = 'PipelineName';
const testEnv = {
CHANGE_CONTROL_BUCKET_NAME: bucketName,
CHANGE_CONTROL_OBJECT_KEY: objectKey,
STAGE_NAME: stageName,
PIPELINE_NAME: pipelineName,
};
// _______ _
// |__ __| | |
// | | ___ ___| |_ ___
// | |/ _ \/ __| __/ __|
// | | __/\__ \ |_\__ \
// |_|\___||___/\__|___/
describe('handler', () => {
// eslint-disable-next-line @typescript-eslint/no-require-imports
const handler = require('../../change-control-lambda/index').handler;
describe('failing conditions', () => {
for (const variable of Object.keys(testEnv)) {
test(`when ${variable} is not set`, () => {
// GIVEN
delete process.env[variable];
// THEN
return expect(handler())
.rejects.toThrow(`Environment variable "${variable}" is required`);
});
}
test('when S3 access fails', async () => {
// GIVEN
const e = new Error('S3 Not Working - the apocalypse has begun');
mockS3Client.getObject.mockImplementationOnce(() => Promise.reject(e));
// THEN
return expect(handler()).rejects.toThrow(e);
});
});
for (const cause of ['NoSuchKey', 'NoSuchBucket']) {
test(`when no calendar is found (due to ${cause})`, async () => {
// GIVEN
mockS3Client.getObject.mockImplementationOnce(() => Promise.reject({ code: cause, message: cause }));
mockShouldBlockPipeline.mockReturnValueOnce({
summary: 'Blocked by default',
// Other properties - values irrelevant
start: new Date(),
end: new Date(),
dtstamp: new Date(),
type: 'VEVENT',
datetype: 'date-time',
params: [],
});
// WHEN
await expect(handler()).resolves.toBeUndefined();
// THEN
expect(mockS3Client.getObject)
.toHaveBeenCalledWith({ Bucket: bucketName, Key: objectKey });
expect(mockShouldBlockPipeline)
.toHaveBeenCalledWith(expect.stringContaining('No change control calendar was found'),
expect.any(Date));
return expect(mockDisableTransition)
.toHaveBeenCalledWith(pipelineName, stageName, 'Blocked by default');
});
}
test('when the window is open', async () => {
// GIVEN
const iCalBody = 'Some iCal document (obviously, this is a fake one!)';
mockS3Client.getObject.mockImplementationOnce(() => Promise.resolve({ Body: iCalBody }));
mockShouldBlockPipeline.mockReturnValueOnce(undefined);
// WHEN
await expect(handler()).resolves.toBeUndefined();
// THEN
expect(mockS3Client.getObject)
.toHaveBeenCalledWith({ Bucket: bucketName, Key: objectKey });
expect(mockShouldBlockPipeline)
.toHaveBeenCalledWith(iCalBody, expect.any(Date));
return expect(mockEnableTransition)
.toHaveBeenCalledWith(pipelineName, stageName);
});
});
afterAll(() => {
process.env = initialEnv;
});
================================================
FILE: lib/__tests__/change-control-lambda/time-window.test.ts
================================================
import { shouldBlockPipeline } from '../../change-control-lambda/time-window';
// tslint:disable:no-console
const ics = `
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Events Calendar//iCal4j 1.0//EN
BEGIN:VEVENT
UID:2017-04-12T07:00:00.000Z to 2017-04-19T06:59:59.000Z
DTSTAMP:20190114T161956Z
DTSTART:20170412T070000Z
DTEND:20170419T065959Z
SUMMARY:Block1
END:VEVENT
BEGIN:VEVENT
UID:2017-11-23T08:00:00.000Z to 2017-11-27T08:00:00.000Z
DTSTAMP:20190114T161956Z
DTSTART:20171123T080000Z
DTEND:20171127T080000Z
SUMMARY:Block2
END:VEVENT
BEGIN:VEVENT
UID:2019-02-03T08:00:00.000Z to 2019-02-04T07:59:00.000Z
DTSTAMP:20190114T161956Z
DTSTART:20190203T080000Z
DTEND:20190204T075900Z
SUMMARY:Block3
END:VEVENT
END:VCALENDAR
`;
/**
* An event with an 'RRULE' property will be recurring. Events follow
gitextract_j9ngj2y6/ ├── .eslintrc.json ├── .gitattributes ├── .github/ │ ├── PULL_REQUEST_TEMPLATE.md │ └── workflows/ │ ├── auto-approve.yml │ ├── auto-queue.yml │ ├── build.yml │ ├── pull-request-lint.yml │ ├── release.yml │ ├── retry-automerge.yml │ ├── stale.yml │ ├── upgrade-cdklabs-projen-project-types-main.yml │ ├── upgrade-dev-deps-main.yml │ └── upgrade-main.yml ├── .gitignore ├── .npmignore ├── .projen/ │ ├── deps.json │ ├── files.json │ ├── jest-snapshot-resolver.js │ └── tasks.json ├── .projenrc.ts ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── NOTICE ├── README.md ├── build-custom-resource-handlers.sh ├── cdk.json ├── lib/ │ ├── __tests__/ │ │ ├── auto-build.test.ts │ │ ├── build-spec.test.ts │ │ ├── bump.test.ts │ │ ├── canary.test.ts │ │ ├── change-control-lambda/ │ │ │ ├── disable-transition.test.ts │ │ │ ├── handler.test.ts │ │ │ └── time-window.test.ts │ │ ├── chime-notifier.test.ts │ │ ├── code-signing-cert.test.ts │ │ ├── custom-resource-handlers/ │ │ │ ├── _cloud-formation.test.ts │ │ │ ├── _exec.test.ts │ │ │ ├── _rmrf.test.ts │ │ │ ├── certificate-signing-request.test.ts │ │ │ ├── pgp-secret.test.ts │ │ │ └── private-key.test.ts │ │ ├── delivlib-tests/ │ │ │ ├── assume-role/ │ │ │ │ └── test.sh │ │ │ ├── linux/ │ │ │ │ ├── README │ │ │ │ ├── test.sh │ │ │ │ └── void.sh │ │ │ └── windows/ │ │ │ ├── README │ │ │ └── test.ps1 │ │ ├── expected.yml │ │ ├── integ.delivlib.ts │ │ ├── open-pgp-key-pair.test.ts │ │ ├── package-integrity/ │ │ │ ├── handler/ │ │ │ │ ├── __fixtures__/ │ │ │ │ │ ├── .gitignore │ │ │ │ │ ├── non-projen-project/ │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ └── yarn.lock │ │ │ │ │ ├── non-yarn-project/ │ │ │ │ │ │ └── .projenrc.js │ │ │ │ │ ├── projen-jsii-project/ │ │ │ │ │ │ └── .projenrc.js │ │ │ │ │ └── projen-non-jsii-project/ │ │ │ │ │ └── .projenrc.js │ │ │ │ └── integrity.test.ts │ │ │ └── integrity.test.ts │ │ ├── pipeline-notifications/ │ │ │ ├── chime.test.ts │ │ │ └── slack.test.ts │ │ ├── pipeline.test.ts │ │ ├── pr.test.ts │ │ ├── publishing.test.ts │ │ ├── registry-sync/ │ │ │ ├── docker-asset/ │ │ │ │ └── Dockerfile │ │ │ ├── ecr-mirror.test.ts │ │ │ └── mirror-source.test.ts │ │ ├── run-test.sh │ │ ├── shellable.test.ts │ │ ├── signing.test.ts │ │ ├── test-stack.ts │ │ ├── watcher-handler.test.ts │ │ └── watcher.test.ts │ ├── auto-build.ts │ ├── build-env.ts │ ├── build-spec.ts │ ├── canary.ts │ ├── change-control-lambda/ │ │ ├── disable-transition.ts │ │ ├── index.ts │ │ └── time-window.ts │ ├── change-controller.ts │ ├── chime-notifier/ │ │ ├── chime-notifier.ts │ │ ├── handler/ │ │ │ └── notifier-handler.ts │ │ └── index.ts │ ├── code-signing/ │ │ ├── certificate-signing-request.ts │ │ ├── code-signing-certificate.ts │ │ ├── index.ts │ │ └── private-key.ts │ ├── constants.ts │ ├── credential-pair.ts │ ├── custom-resource-handlers/ │ │ ├── Dockerfile │ │ └── src/ │ │ ├── _cloud-formation.ts │ │ ├── _exec.ts │ │ ├── _lambda.ts │ │ ├── _rmrf.ts │ │ ├── certificate-signing-request.ts │ │ ├── pgp-secret.ts │ │ └── private-key.ts │ ├── index.ts │ ├── open-pgp-key-pair.ts │ ├── package-integrity/ │ │ ├── handler/ │ │ │ ├── JSONStream.d.ts │ │ │ ├── integrity.ts │ │ │ ├── repository.ts │ │ │ ├── validate.sh │ │ │ └── validate.ts │ │ ├── index.ts │ │ └── integrity.ts │ ├── permissions.ts │ ├── pipeline-notifications/ │ │ ├── chime.ts │ │ ├── index.ts │ │ └── slack.ts │ ├── pipeline-watcher/ │ │ ├── handler/ │ │ │ └── watcher-handler.ts │ │ ├── index.ts │ │ └── watcher.ts │ ├── pipeline.ts │ ├── publishing/ │ │ ├── docs/ │ │ │ ├── publish-docs.sh │ │ │ ├── publish.sh │ │ │ └── update-ssm.sh │ │ ├── github/ │ │ │ ├── create-release.ts │ │ │ ├── package-lock.json │ │ │ ├── package.json │ │ │ ├── publish.sh │ │ │ ├── sign-files.sh │ │ │ ├── tsconfig.json │ │ │ ├── update-ssm.sh │ │ │ └── with-signing-key.sh │ │ ├── golang/ │ │ │ ├── publish.sh │ │ │ └── update-ssm.sh │ │ ├── maven/ │ │ │ ├── publish.sh │ │ │ ├── update-ssm.sh │ │ │ └── with-signing-key.sh │ │ ├── npm/ │ │ │ ├── publish-npm.sh │ │ │ ├── publish.sh │ │ │ └── update-ssm.sh │ │ ├── nuget/ │ │ │ ├── publish.sh │ │ │ ├── sign.sh │ │ │ └── update-ssm.sh │ │ ├── pypi/ │ │ │ ├── publish.sh │ │ │ └── update-ssm.sh │ │ └── s3/ │ │ ├── publish.sh │ │ └── update-ssm.sh │ ├── publishing.ts │ ├── pull-request/ │ │ ├── bump.ts │ │ ├── index.ts │ │ ├── merge-back.ts │ │ └── pr.ts │ ├── registry-sync/ │ │ ├── ecr-mirror.ts │ │ ├── index.ts │ │ └── mirror-source.ts │ ├── release-email.sh │ ├── repo.ts │ ├── shellable.ts │ ├── signing/ │ │ └── nuget/ │ │ └── sign.sh │ ├── signing-key.ts │ ├── signing.ts │ └── util.ts ├── package.json ├── tsconfig.dev.json └── tsconfig.json
SYMBOL INDEX (395 symbols across 53 files)
FILE: lib/__tests__/bump.test.ts
constant MOCK_REPO (line 8) | const MOCK_REPO = new WritableGitHubRepo({
FILE: lib/__tests__/chime-notifier.test.ts
class FakeSourceAction (line 129) | class FakeSourceAction extends aws_codepipeline_actions.Action {
method constructor (line 130) | constructor() {
method bound (line 146) | protected bound(_scope: Construct, _stage: aws_codepipeline.IStage, _o...
FILE: lib/__tests__/custom-resource-handlers/_cloud-formation.test.ts
method on (line 35) | on(evt: string, callback: (...args: any[]) => void) {
method once (line 39) | once(evt: string, callback: (...args: any[]) => void) {
method write (line 43) | write(str: string) {
method on (line 79) | on(evt: string, callback: (...args: any[]) => void) {
method once (line 83) | once(evt: string, callback: (...args: any[]) => void) {
method write (line 87) | write(str: string) {
FILE: lib/__tests__/package-integrity/handler/integrity.test.ts
function fixturePath (line 13) | function fixturePath(name: string) {
type Download (line 17) | type Download = (pkg: PublishedPackage, target: string) => void;
type IntegrityInputs (line 19) | interface IntegrityInputs {
function generateProject (line 25) | function generateProject(fixture: string): string {
function createIntegrity (line 54) | function createIntegrity(inputs: IntegrityInputs) {
class Repositories (line 67) | class Repositories {
method jsii (line 72) | public async jsii(): Promise<Repository> {
method ts (line 81) | public async ts(): Promise<Repository> {
method clean (line 90) | public clean() {
FILE: lib/__tests__/pipeline.test.ts
function testCase (line 66) | function testCase({ actionCount, concurrency }: { actionCount: number; c...
function createTestPipelineForConcurrencyTests (line 440) | function createTestPipelineForConcurrencyTests(stack: Stack, props?: del...
function createTestRepo (line 472) | function createTestRepo(stack: Stack) {
class TestPublishable (line 476) | class TestPublishable extends Construct implements delivlib.IPublisher {
method constructor (line 479) | constructor(scope: Construct, id: string, props: { project: codebuild....
method addToPipeline (line 485) | public addToPipeline(stage: cpipeline.IStage, id: string, options: del...
class Pub (line 495) | class Pub extends Construct implements delivlib.IPublisher {
method constructor (line 498) | constructor(scope: Construct, id: string) {
method addToPipeline (line 504) | public addToPipeline(stage: cpipeline.IStage, id: string, options: del...
FILE: lib/__tests__/pr.test.ts
constant MOCK_REPO (line 6) | const MOCK_REPO = new WritableGitHubRepo({
FILE: lib/__tests__/test-stack.ts
class TestStack (line 14) | class TestStack extends Stack {
method constructor (line 15) | constructor(parent: App, id: string, props: StackProps = { }) {
FILE: lib/__tests__/watcher-handler.test.ts
function actionExecutionEvent (line 160) | function actionExecutionEvent(
function pipelineExecutionEvent (line 180) | function pipelineExecutionEvent(
FILE: lib/auto-build.ts
type AutoBuildOptions (line 11) | interface AutoBuildOptions {
type AutoBuildProps (line 75) | interface AutoBuildProps extends AutoBuildOptions {
class AutoBuild (line 103) | class AutoBuild extends Construct {
method constructor (line 110) | constructor(scope: Construct, id: string, props: AutoBuildProps) {
FILE: lib/build-env.ts
type BuildEnvironmentProps (line 4) | interface BuildEnvironmentProps {
function createBuildEnvironment (line 13) | function createBuildEnvironment(props: BuildEnvironmentProps) {
function renderEnvironmentVariables (line 24) | function renderEnvironmentVariables(env?: { [key: string]: string }) {
FILE: lib/build-spec.ts
constant MAGIC_ARTIFACT_NAME (line 4) | const MAGIC_ARTIFACT_NAME = 'PRIMARY';
class BuildSpec (line 25) | class BuildSpec {
method literal (line 26) | public static literal(struct: BuildSpecStruct) {
method simple (line 30) | public static simple(props: SimpleBuildSpecProps) {
method empty (line 60) | public static empty() {
method constructor (line 64) | private constructor(private readonly spec: BuildSpecStruct) {
method additionalArtifactNames (line 67) | public get additionalArtifactNames(): string[] {
method merge (line 71) | public merge(other: BuildSpec): BuildSpec {
method render (line 154) | public render(options: BuildSpecRenderOptions = {}): BuildSpecStruct {
method renderArtifacts (line 158) | private renderArtifacts(options: BuildSpecRenderOptions): PrimaryArtif...
type SimpleBuildSpecProps (line 178) | interface SimpleBuildSpecProps {
type BuildSpecStruct (line 194) | interface BuildSpecStruct {
type EnvStruct (line 209) | interface EnvStruct {
type PhaseStruct (line 215) | interface PhaseStruct {
type InstallPhaseStruct (line 222) | interface InstallPhaseStruct extends PhaseStruct {
type ReportStruct (line 226) | interface ReportStruct {
type ArtifactStruct (line 233) | interface ArtifactStruct {
type PrimaryArtifactStruct (line 240) | interface PrimaryArtifactStruct extends ArtifactStruct {
type CacheStruct (line 244) | interface CacheStruct {
type BuildSpecRenderOptions (line 248) | interface BuildSpecRenderOptions {
function dictSingletonValue (line 262) | function dictSingletonValue<T>(xs: { [key: string]: T }): T | undefined {
function renameKey (line 270) | function renameKey<T>(xs: { [key: string]: T }, orig: string, rename: st...
FILE: lib/canary.ts
type CanaryProps (line 11) | interface CanaryProps extends ShellableProps {
class Canary (line 26) | class Canary extends Construct {
method constructor (line 30) | constructor(scope: Construct, id: string, props: CanaryProps) {
FILE: lib/change-control-lambda/disable-transition.ts
function disableTransition (line 14) | async function disableTransition(pipelineName: string, stageName: string...
function enableTransition (line 31) | async function enableTransition(pipelineName: string, stageName: string)...
FILE: lib/change-control-lambda/index.ts
function handler (line 21) | async function handler(/*_event: any, _context: any*/) {
function env (line 49) | function env(name: string) {
function tryGetCalendarData (line 57) | async function tryGetCalendarData(Bucket: string, Key: string) {
FILE: lib/change-control-lambda/time-window.ts
type CalendarEvent (line 9) | interface CalendarEvent {
type Events (line 27) | type Events = { [uuid: string]: CalendarEvent };
function shouldBlockPipeline (line 41) | function shouldBlockPipeline(icalData: string | Buffer, now = new Date()...
function buildEventForDuration (line 55) | function buildEventForDuration(start: Date, duration: number, summary: s...
function flattenEvent (line 78) | function flattenEvent(event: CalendarEvent, date: Date): CalendarEvent[] {
function containingEventsWithMargin (line 105) | function containingEventsWithMargin(events: Events, date: Date, advanceM...
function overlaps (line 131) | function overlaps(left: { start: Date; end: Date }, right: { start: Date...
function isBetween (line 141) | function isBetween(date: Date, left: Date, right: Date): boolean {
function validateTz (line 145) | function validateTz() {
FILE: lib/change-controller.ts
type ChangeControllerProps (line 16) | interface ChangeControllerProps {
class ChangeController (line 57) | class ChangeController extends Construct {
method constructor (line 63) | constructor(scope: Construct, id: string, props: ChangeControllerProps) {
FILE: lib/chime-notifier/chime-notifier.ts
type ChimeNotifierOptions (line 12) | interface ChimeNotifierOptions {
type ChimeNotifierProps (line 36) | interface ChimeNotifierProps extends ChimeNotifierOptions {
class ChimeNotifier (line 46) | class ChimeNotifier extends Construct {
method constructor (line 47) | constructor(scope: Construct, id: string, props: ChimeNotifierProps) {
FILE: lib/chime-notifier/handler/notifier-handler.ts
function handler (line 31) | async function handler(event: any) {
function sendChimeNotification (line 73) | async function sendChimeNotification(url: string, message: string) {
FILE: lib/code-signing/certificate-signing-request.ts
type CertificateSigningRequestProps (line 15) | interface CertificateSigningRequestProps {
class CertificateSigningRequest (line 46) | class CertificateSigningRequest extends Construct {
method constructor (line 62) | constructor(parent: Construct, id: string, props: CertificateSigningRe...
type DistinguishedName (line 136) | interface DistinguishedName {
FILE: lib/code-signing/code-signing-certificate.ts
type CodeSigningCertificateProps (line 19) | interface CodeSigningCertificateProps {
type ICodeSigningCertificate (line 73) | interface ICodeSigningCertificate extends IConstruct, ICredentialPair {
class CodeSigningCertificate (line 101) | class CodeSigningCertificate extends Construct implements ICodeSigningCe...
method constructor (line 117) | constructor(parent: Construct, id: string, props: CodeSigningCertifica...
method grantDecrypt (line 207) | public grantDecrypt(principal?: iam.IPrincipal) {
FILE: lib/code-signing/private-key.ts
type RsaPrivateKeySecretProps (line 15) | interface RsaPrivateKeySecretProps {
class RsaPrivateKeySecret (line 54) | class RsaPrivateKeySecret extends Construct {
method constructor (line 64) | constructor(parent: Construct, id: string, props: RsaPrivateKeySecretP...
method newCertificateSigningRequest (line 174) | public newCertificateSigningRequest(id: string, dn: DistinguishedName,...
method grantGetSecretValue (line 188) | public grantGetSecretValue(grantee: iam.IPrincipal): void {
FILE: lib/constants.ts
constant DEFAULT_SUPERCHAIN_IMAGE (line 4) | const DEFAULT_SUPERCHAIN_IMAGE = 'public.ecr.aws/jsii/superchain:1-bookw...
FILE: lib/credential-pair.ts
type ICredentialPair (line 17) | interface ICredentialPair {
FILE: lib/custom-resource-handlers/src/_cloud-formation.ts
type LambdaHandler (line 5) | type LambdaHandler = (event: Event, context: lambda.Context) => Promise<...
type ResourceHandler (line 6) | type ResourceHandler = (event: Event, context: lambda.Context) => Promis...
function customResourceHandler (line 15) | function customResourceHandler(handleEvent: ResourceHandler): LambdaHand...
type ResourceAttributes (line 38) | interface ResourceAttributes {
function sendResponse (line 49) | function sendResponse(event: Event,
type Status (line 99) | enum Status {
type RequestType (line 104) | enum RequestType {
type Event (line 111) | type Event = CreateEvent | UpdateEvent | DeleteEvent;
type CloudFormationEventBase (line 113) | interface CloudFormationEventBase {
type CreateEvent (line 123) | interface CreateEvent extends CloudFormationEventBase {
type UpdateEvent (line 128) | interface UpdateEvent extends CloudFormationEventBase {
type DeleteEvent (line 134) | interface DeleteEvent extends CloudFormationEventBase {
function validateProperties (line 145) | function validateProperties(props: { [name: string]: any }, validProps: ...
FILE: lib/custom-resource-handlers/src/_lambda.ts
type Context (line 4) | interface Context {
FILE: lib/custom-resource-handlers/src/certificate-signing-request.ts
type ResourceAttributes (line 25) | interface ResourceAttributes extends cfn.ResourceAttributes {
function handleEvent (line 30) | async function handleEvent(event: cfn.Event, _context: lambda.Context): ...
function _createSelfSignedCertificate (line 57) | async function _createSelfSignedCertificate(event: cfn.Event): Promise<R...
function _makeCsrConfig (line 99) | async function _makeCsrConfig(event: cfn.Event, dir: string): Promise<st...
function _retrievePrivateKey (line 127) | async function _retrievePrivateKey(event: cfn.Event, dir: string): Promi...
FILE: lib/custom-resource-handlers/src/pgp-secret.ts
constant GPG_BIN (line 26) | const GPG_BIN = 'gpg';
type ResourceAttributes (line 29) | interface ResourceAttributes extends cfn.ResourceAttributes {
function handleEvent (line 34) | async function handleEvent(event: cfn.Event, context: lambda.Context): P...
function _createNewKey (line 77) | async function _createNewKey(event: cfn.CreateEvent | cfn.UpdateEvent, c...
function _updateExistingKey (line 123) | async function _updateExistingKey(event: cfn.UpdateEvent, context: lambd...
function _getPublicKey (line 152) | async function _getPublicKey(secretArn: string): Promise<string> {
function _deleteSecret (line 169) | async function _deleteSecret(event: cfn.DeleteEvent): Promise<cfn.Resour...
FILE: lib/custom-resource-handlers/src/private-key.ts
function handleEvent (line 22) | async function handleEvent(event: cfn.Event, context: lambda.Context): P...
type ResourceAttributes (line 42) | interface ResourceAttributes extends cfn.ResourceAttributes {
function _createSecret (line 46) | async function _createSecret(event: cfn.CreateEvent, context: lambda.Con...
function _deleteSecret (line 67) | async function _deleteSecret(event: cfn.DeleteEvent): Promise<cfn.Resour...
function _updateSecret (line 77) | async function _updateSecret(event: cfn.UpdateEvent, context: lambda.Con...
FILE: lib/open-pgp-key-pair.ts
type OpenPGPKeyPairRemovalPolicy (line 20) | enum OpenPGPKeyPairRemovalPolicy {
type OpenPGPKeyPairProps (line 41) | interface OpenPGPKeyPairProps {
class OpenPGPKeyPair (line 109) | class OpenPGPKeyPair extends Construct implements ICredentialPair {
method constructor (line 113) | constructor(parent: Construct, name: string, props: OpenPGPKeyPairProp...
method grantRead (line 202) | public grantRead(grantee: iam.IPrincipal): void {
function openPgpKeyPairRemovalPolicyToCoreRemovalPolicy (line 225) | function openPgpKeyPairRemovalPolicyToCoreRemovalPolicy(removalPolicy?: ...
FILE: lib/package-integrity/handler/JSONStream.d.ts
type JSONStream (line 13) | interface JSONStream extends NodeJS.ReadWriteStream {
FILE: lib/package-integrity/handler/integrity.ts
type PublishedPackage (line 21) | interface PublishedPackage {
method validate (line 75) | public async validate(localArtifactDir: string) {
method log (line 120) | protected log(message: string) {
method findOne (line 124) | private findOne(dir: string): string {
type RepositoryIntegrityProps (line 141) | interface RepositoryIntegrityProps {
class RepositoryIntegrity (line 158) | class RepositoryIntegrity {
method constructor (line 160) | public constructor(private readonly props: RepositoryIntegrityProps) {}
method validate (line 165) | public async validate() {
class NpmArtifactIntegrity (line 201) | class NpmArtifactIntegrity extends ArtifactIntegrity {
method download (line 205) | protected async download(pkg: PublishedPackage, target: string): Promi...
method extract (line 210) | public async extract(file: string, targetDir: string): Promise<void> {
method parseArtifactName (line 214) | protected parseArtifactName(artifactName: string): PublishedPackage {
class PyPIArtifactIntegrity (line 239) | class PyPIArtifactIntegrity extends ArtifactIntegrity {
method download (line 243) | protected async download(pkg: PublishedPackage, target: string): Promi...
method extract (line 259) | public async extract(artifact: string, target: string): Promise<void> {
method parseArtifactName (line 264) | protected parseArtifactName(artifactName: string): PublishedPackage {
function jsonGet (line 280) | function jsonGet(url: string, jsonPath?: string[]): Promise<any> {
function download (line 290) | async function download(url: string, targetFile: string): Promise<any> {
function get (line 299) | async function get(
FILE: lib/package-integrity/handler/repository.ts
type RepositoryProps (line 11) | interface RepositoryProps {
type Artifact (line 21) | interface Artifact {
type RepositoryFromGitHubOptions (line 36) | interface RepositoryFromGitHubOptions {
type RepositoryFromDirOptions (line 70) | interface RepositoryFromDirOptions {
class Repository (line 82) | class Repository {
method fromDir (line 87) | public static async fromDir(options: RepositoryFromDirOptions): Promis...
method fromGitHub (line 94) | public static async fromGitHub(options: RepositoryFromGitHubOptions): ...
method constructor (line 119) | private constructor(public readonly repoDir: string) {
method pack (line 147) | public pack(command: string): Artifact[] {
method _shell (line 176) | private _shell(command: string) {
function findLatestTag (line 182) | function findLatestTag(repoDir: string, prefix?: string) {
FILE: lib/package-integrity/handler/validate.ts
function requiredEnv (line 5) | function requiredEnv(name: string): string {
function optionalEnv (line 11) | function optionalEnv(name: string, defaultValue?: string) {
constant GITHUB_REPOSITORY (line 15) | const GITHUB_REPOSITORY = requiredEnv('GITHUB_REPOSITORY');
constant GITHUB_TOKEN_ARN (line 16) | const GITHUB_TOKEN_ARN = optionalEnv('GITHUB_TOKEN_ARN');
constant TAG_PREFIX (line 17) | const TAG_PREFIX = optionalEnv('TAG_PREFIX');
constant PACK_TASK (line 18) | const PACK_TASK = optionalEnv('PACK_TASK');
function main (line 20) | async function main() {
FILE: lib/package-integrity/integrity.ts
type PackageIntegrityValidationProps (line 15) | interface PackageIntegrityValidationProps {
class PackageIntegrityValidation (line 103) | class PackageIntegrityValidation extends Construct {
method constructor (line 110) | constructor(scope: Construct, id: string, props: PackageIntegrityValid...
FILE: lib/permissions.ts
type ExternalSecret (line 7) | interface ExternalSecret {
type Region (line 35) | type Region =
function grantSecretRead (line 58) | function grantSecretRead(secret: ExternalSecret, identity: iam.IPrincipa...
function grantAssumeRole (line 75) | function grantAssumeRole(roleToAssumeArn: string, identity: iam.IPrincip...
FILE: lib/pipeline-notifications/chime.ts
type ChimeNotificationProps (line 7) | interface ChimeNotificationProps extends ChimeNotifierOptions {
class ChimeNotification (line 13) | class ChimeNotification implements IPipelineNotification {
method constructor (line 14) | constructor(private readonly props: ChimeNotificationProps) {
method bind (line 17) | public bind(options: PipelineNotificationBindOptions): void {
FILE: lib/pipeline-notifications/index.ts
class PipelineNotification (line 5) | class PipelineNotification {
method slack (line 6) | public static slack(props: SlackNotificationProps): IPipelineNotificat...
method chime (line 10) | public static chime(props: ChimeNotificationProps): IPipelineNotificat...
FILE: lib/pipeline-notifications/slack.ts
type SlackNotificationProps (line 12) | interface SlackNotificationProps {
type SlackNotificationDetailLevel (line 28) | enum SlackNotificationDetailLevel {
class SlackNotification (line 42) | class SlackNotification implements IPipelineNotification {
method constructor (line 43) | constructor(private readonly props: SlackNotificationProps) {
method bind (line 49) | public bind(options: PipelineNotificationBindOptions): void {
FILE: lib/pipeline-watcher/handler/watcher-handler.ts
type ExecutionStateChangeEvent (line 9) | interface ExecutionStateChangeEvent {
type ActionStateChangeEvent (line 16) | interface ActionStateChangeEvent extends ExecutionStateChangeEvent {
type LambdaExecutionStateChangeEvent (line 20) | type LambdaExecutionStateChangeEvent = AWSLambda.EventBridgeEvent<'CodeP...
type LambdaActionStateChangeEvent (line 21) | type LambdaActionStateChangeEvent = AWSLambda.EventBridgeEvent<'CodePipe...
type EventType (line 22) | type EventType = LambdaExecutionStateChangeEvent | LambdaActionStateChan...
function handler (line 34) | async function handler(event: EventType) {
function handleExecutionChange (line 44) | async function handleExecutionChange(event: LambdaExecutionStateChangeEv...
function handleActionChange (line 64) | async function handleActionChange(event: LambdaActionStateChangeEvent) {
function putMetric (line 85) | async function putMetric(event: EventType, value: number, dimensions: Ar...
FILE: lib/pipeline-watcher/watcher.ts
type PipelineWatcherProps (line 12) | interface PipelineWatcherProps {
class PipelineWatcher (line 48) | class PipelineWatcher extends Construct {
method constructor (line 51) | constructor(parent: Construct, name: string, props: PipelineWatcherPro...
FILE: lib/pipeline.ts
constant PUBLISH_STAGE_NAME (line 29) | const PUBLISH_STAGE_NAME = 'Publish';
constant SIGNING_STAGE_NAME (line 30) | const SIGNING_STAGE_NAME = 'Sign';
constant TEST_STAGE_NAME (line 31) | const TEST_STAGE_NAME = 'Test';
constant METRIC_NAMESPACE (line 32) | const METRIC_NAMESPACE = 'CDK/Delivlib';
constant FAILURE_METRIC_NAME (line 33) | const FAILURE_METRIC_NAME = 'Failures';
type PipelineProps (line 35) | interface PipelineProps {
type PipelineNotificationBindOptions (line 171) | interface PipelineNotificationBindOptions {
type IPipelineNotification (line 175) | interface IPipelineNotification {
type AutoBumpOptions (line 182) | interface AutoBumpOptions extends Omit<AutoBumpProps, 'repo'> {
class Pipeline (line 188) | class Pipeline extends Construct {
method constructor (line 222) | constructor(parent: Construct, name: string, props: PipelineProps) {
method signingOutput (line 298) | public get signingOutput() {
method notifyOnFailure (line 302) | public notifyOnFailure(notification: IPipelineNotification) {
method addShellable (line 313) | public addShellable(
method addTest (line 334) | public addTest(id: string, props: ShellableProps): { shellable: Shella...
method addCanary (line 347) | public addCanary(id: string, props: CanaryProps) {
method addPublish (line 351) | public addPublish(publisher: IPublisher, options: AddPublishOptions = ...
method addChangeControl (line 368) | public addChangeControl(options: AddChangeControlOptions = { }): Chang...
method addSigning (line 380) | public addSigning(signer: signing.ISigner, options: signing.AddSigning...
method signNuGetWithSigner (line 391) | public signNuGetWithSigner(options: signing.SignNuGetWithSignerProps &...
method publishToNpm (line 397) | public publishToNpm(options: publishing.PublishToNpmProjectProps & Add...
method publishToMaven (line 405) | public publishToMaven(options: publishing.PublishToMavenProjectProps &...
method publishToNuGet (line 413) | public publishToNuGet(options: publishing.PublishToNuGetProjectProps &...
method publishToGitHubPages (line 421) | public publishToGitHubPages(options: publishing.PublishDocsToGitHubPro...
method publishToGitHub (line 429) | public publishToGitHub(options: publishing.PublishToGitHubProps & AddP...
method publishToPyPI (line 437) | public publishToPyPI(options: publishing.PublishToPyPiProps & AddPubli...
method publishToS3 (line 445) | public publishToS3(id: string, options: publishing.PublishToS3Props & ...
method publishToGolang (line 456) | public publishToGolang(options: publishing.PublishToGolangProps) {
method autoBump (line 468) | public autoBump(options?: AutoBumpOptions): AutoBump {
method autoMergeBack (line 485) | public autoMergeBack(options?: AutoMergeBackPipelineOptions) {
method autoBuild (line 517) | public autoBuild(options: AutoBuildOptions = { }): AutoBuild {
method metricFailures (line 529) | public metricFailures(options: cloudwatch.MetricOptions): cloudwatch.M...
method metricActionFailures (line 544) | public metricActionFailures(options: cloudwatch.MetricOptions): cloudw...
method addManualApprovalToStage (line 559) | public addManualApprovalToStage(stageName: string, props?: cpipeline_a...
method addFailureAlarm (line 566) | private addFailureAlarm(title?: string): cloudwatch.Alarm {
method addBuildFailureNotification (line 575) | private addBuildFailureNotification(buildProject: cbuild.IProject, mes...
method getStage (line 588) | private getStage(stageName: string): cpipeline.IStage | undefined {
method getOrCreateStage (line 592) | private getOrCreateStage(stageName: string, placement?: cpipeline.Stag...
method determineRunOrderForNewAction (line 605) | private determineRunOrderForNewAction(stage: cpipeline.IStage): number...
type IPublisher (line 610) | interface IPublisher extends IConstruct {
type AddToPipelineOptions (line 614) | interface AddToPipelineOptions {
type AddChangeControlOptions (line 619) | interface AddChangeControlOptions {
type AddPublishOptions (line 642) | interface AddPublishOptions {
type AddShellableOptions (line 667) | interface AddShellableOptions extends ShellableProps {
FILE: lib/publishing.ts
type NpmAccess (line 23) | enum NpmAccess {
type PublishToMavenProjectProps (line 35) | interface PublishToMavenProjectProps {
class PublishToMavenProject (line 108) | class PublishToMavenProject extends Construct implements IPublisher {
method constructor (line 112) | constructor(parent: Construct, id: string, props: PublishToMavenProjec...
method addToPipeline (line 147) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishToNpmProjectProps (line 157) | interface PublishToNpmProjectProps {
class PublishToNpmProject (line 209) | class PublishToNpmProject extends Construct implements IPublisher {
method constructor (line 213) | constructor(parent: Construct, id: string, props: PublishToNpmProjectP...
method addToPipeline (line 244) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishToNuGetProjectProps (line 254) | interface PublishToNuGetProjectProps {
class PublishToNuGetProject (line 301) | class PublishToNuGetProject extends Construct implements IPublisher {
method constructor (line 305) | constructor(parent: Construct, id: string, props: PublishToNuGetProjec...
method addToPipeline (line 358) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishDocsToGitHubProjectProps (line 368) | interface PublishDocsToGitHubProjectProps {
class PublishDocsToGitHubProject (line 413) | class PublishDocsToGitHubProject extends Construct implements IPublisher {
method constructor (line 417) | constructor(parent: Construct, id: string, props: PublishDocsToGitHubP...
method addToPipeline (line 450) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishToGitHubProps (line 460) | interface PublishToGitHubProps {
class PublishToGitHub (line 531) | class PublishToGitHub extends Construct implements IPublisher {
method constructor (line 536) | constructor(parent: Construct, id: string, props: PublishToGitHubProps) {
method addToPipeline (line 580) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishToS3Props (line 591) | interface PublishToS3Props {
class PublishToS3 (line 615) | class PublishToS3 extends Construct implements IPublisher {
method constructor (line 619) | constructor(scope: Construct, id: string, props: PublishToS3Props) {
method addToPipeline (line 645) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishToPyPiProps (line 655) | interface PublishToPyPiProps {
class PublishToPyPi (line 685) | class PublishToPyPi extends Construct {
method constructor (line 690) | constructor(scope: Construct, id: string, props: PublishToPyPiProps) {
method addToPipeline (line 717) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
type PublishToGolangProps (line 730) | interface PublishToGolangProps {
class PublishToGolang (line 797) | class PublishToGolang extends Construct {
method constructor (line 801) | constructor(scope: Construct, id: string, props: PublishToGolangProps) {
method addToPipeline (line 833) | public addToPipeline(stage: cpipeline.IStage, id: string, options: Add...
function grantSsmPrefix (line 843) | function grantSsmPrefix(role: iam.IRole, ssmPrefix?: string) {
FILE: lib/publishing/github/create-release.ts
function read_release_notes (line 18) | async function read_release_notes() {
function read_changelog (line 25) | async function read_changelog(version: string) {
function main (line 40) | async function main() {
FILE: lib/pull-request/bump.ts
type AutoBumpHead (line 8) | interface AutoBumpHead {
type AutoBumpProps (line 28) | interface AutoBumpProps extends AutoPullRequestOptions {
class AutoBump (line 87) | class AutoBump extends Construct {
method constructor (line 94) | constructor(parent: Construct, id: string, props: AutoBumpProps) {
FILE: lib/pull-request/merge-back.ts
type AutoMergeBackHead (line 9) | interface AutoMergeBackHead {
type MergeBackStage (line 25) | interface MergeBackStage {
type AutoMergeBackOptions (line 40) | interface AutoMergeBackOptions extends pr.AutoPullRequestOptions {
type AutoMergeBackPipelineOptions (line 93) | interface AutoMergeBackPipelineOptions extends AutoMergeBackOptions {
type AutoMergeBackProps (line 102) | interface AutoMergeBackProps extends AutoMergeBackOptions {
class AutoMergeBack (line 109) | class AutoMergeBack extends Construct {
method constructor (line 116) | constructor(parent: Construct, id: string, props: AutoMergeBackProps) {
FILE: lib/pull-request/pr.ts
type AutoPullRequestOptions (line 17) | interface AutoPullRequestOptions {
type AutoPullRequestProps (line 109) | interface AutoPullRequestProps extends AutoPullRequestOptions {
type Base (line 159) | interface Base {
type Head (line 174) | interface Head {
class AutoPullRequest (line 201) | class AutoPullRequest extends Construct {
method constructor (line 219) | constructor(parent: Construct, id: string, props: AutoPullRequestProps) {
method createHead (line 326) | private createHead(): string[] {
method cloneIfNeeded (line 342) | private cloneIfNeeded(): string[] {
method runCommands (line 358) | private runCommands(): string {
method configureSshAccess (line 376) | private configureSshAccess(): string[] {
method pushHead (line 389) | private pushHead(): string[] {
method skipIfOpenPrs (line 401) | private skipIfOpenPrs(labels: string[]): string[] {
method createPullRequest (line 417) | private createPullRequest(): string[] {
method githubCurl (line 449) | private githubCurl(uri: string, command: string, request: any): string {
method githubCurlGet (line 460) | private githubCurlGet(uri: string, command: string): string {
FILE: lib/registry-sync/ecr-mirror.ts
type DockerHubCredentials (line 22) | interface DockerHubCredentials {
type EcrMirrorProps (line 50) | interface EcrMirrorProps {
class EcrMirror (line 90) | class EcrMirror extends Construct {
method constructor (line 97) | constructor(scope: Construct, id: string, props: EcrMirrorProps) {
method createMirrorRepo (line 230) | private createMirrorRepo(ecrRepositoryName: string) {
method ecrRepository (line 246) | public ecrRepository(repositoryName: string): ecr.IRepository | undefi...
class EcrMirrorAspect (line 255) | class EcrMirrorAspect implements IAspect {
method constructor (line 256) | constructor(private readonly mirror: EcrMirror) {}
method visit (line 258) | public visit(construct: IConstruct) {
FILE: lib/registry-sync/mirror-source.ts
type MirrorSourceBindOptions (line 8) | interface MirrorSourceBindOptions {
type MirrorSourceConfig (line 25) | interface MirrorSourceConfig {
type MirrorSourceDirectoryOptions (line 44) | interface MirrorSourceDirectoryOptions {
method fromDockerHub (line 74) | public static fromDockerHub(image: string, tag: string = 'latest'): Mirr...
method fromPublicImage (line 85) | public static fromPublicImage(image: string, tag: string = 'latest', ecr...
method fromDirectory (line 116) | public static fromDirectory(directory: string, repositoryName: string, t...
method fromDir (line 127) | public static fromDir(directory: string, repositoryName: string, opts: M...
method constructor (line 172) | private constructor(
FILE: lib/repo.ts
type IRepo (line 9) | interface IRepo {
type BuildSourceOptions (line 19) | interface BuildSourceOptions {
class CodeCommitRepo (line 41) | class CodeCommitRepo implements IRepo {
method constructor (line 45) | constructor(private readonly repository: ccommit.IRepository) {
method createSourceStage (line 49) | public createSourceStage(pipeline: cpipeline.Pipeline, branch: string)...
method repositoryUrlHttp (line 63) | public get repositoryUrlHttp() {
method repositoryUrlSsh (line 67) | public get repositoryUrlSsh() {
method createBuildSource (line 71) | public createBuildSource(_: Construct, _webhook: boolean, options: Bui...
method describe (line 78) | public describe(): any {
type GitHubRepoProps (line 83) | interface GitHubRepoProps {
class GitHubRepo (line 100) | class GitHubRepo implements IRepo {
method constructor (line 107) | constructor(props: GitHubRepoProps) {
method repositoryUrlHttp (line 120) | public get repositoryUrlHttp() {
method repositoryUrlSsh (line 124) | public get repositoryUrlSsh() {
method createSourceStage (line 128) | public createSourceStage(pipeline: cpipeline.Pipeline, branch: string)...
method createBuildSource (line 143) | public createBuildSource(_: Construct, webhook: boolean, options: Buil...
method describe (line 161) | public describe() {
method createWebhookFilters (line 165) | private createWebhookFilters(branches: string[]) {
type WritableGitHubRepoProps (line 187) | interface WritableGitHubRepoProps extends GitHubRepoProps {
class WritableGitHubRepo (line 208) | class WritableGitHubRepo extends GitHubRepo {
method isWritableGitHubRepo (line 210) | public static isWritableGitHubRepo(repo: IRepo): repo is WritableGitHu...
method constructor (line 222) | constructor(props: WritableGitHubRepoProps) {
FILE: lib/shellable.ts
constant S3_BUCKET_ENV (line 14) | const S3_BUCKET_ENV = 'SCRIPT_S3_BUCKET';
constant S3_KEY_ENV (line 15) | const S3_KEY_ENV = 'SCRIPT_S3_KEY';
type ShellableOptions (line 17) | interface ShellableOptions {
type ShellableProps (line 169) | interface ShellableProps extends ShellableOptions {
type AssumeRole (line 197) | interface AssumeRole {
class Shellable (line 281) | class Shellable extends Construct {
method constructor (line 295) | constructor(parent: Construct, id: string, private readonly props: She...
method addToPipeline (line 378) | public addToPipeline(stage: cpipeline.IStage, name: string, inputArtif...
method convertEnvironmentSecretArnsToSecretNames (line 403) | private convertEnvironmentSecretArnsToSecretNames(environmentSecrets?:...
type PlatformType (line 420) | enum PlatformType {
method LinuxUbuntu (line 432) | public static get LinuxUbuntu(): ShellPlatform {
method Windows (line 440) | public static get Windows(): ShellPlatform {
method constructor (line 445) | constructor(public readonly buildImage: cbuild.IBuildImage) {
class LinuxPlatform (line 472) | class LinuxPlatform extends ShellPlatform {
method installCommands (line 475) | public installCommands(): string[] | undefined {
method prebuildCommands (line 481) | public prebuildCommands(assumeRole?: AssumeRole, useRegionalStsEndpoin...
method buildCommands (line 534) | public buildCommands(entrypoint: string, args?: string[]): string[] {
type WindowsPlatformOptions (line 546) | interface WindowsPlatformOptions {
class WindowsPlatform (line 558) | class WindowsPlatform extends ShellPlatform {
method constructor (line 562) | constructor(buildImage: cbuild.IBuildImage, options: WindowsPlatformOp...
method installCommands (line 567) | public installCommands(): string[] | undefined {
method prebuildCommands (line 579) | public prebuildCommands(assumeRole?: AssumeRole, _useRegionalStsEndpoi...
method buildCommands (line 592) | public buildCommands(entrypoint: string, args?: string[]): string[] {
FILE: lib/signing-key.ts
type SigningKeyProps (line 9) | interface SigningKeyProps {
class OpenPgpKey (line 38) | class OpenPgpKey extends Construct {
method constructor (line 44) | constructor(parent: Construct, name: string, props: SigningKeyProps) {
method grantRead (line 69) | public grantRead(identity: iam.IPrincipal) {
FILE: lib/signing.ts
type ISigner (line 14) | interface ISigner extends IConstruct {
type AddSigningOptions (line 18) | interface AddSigningOptions {
type SignNuGetWithSignerProps (line 34) | interface SignNuGetWithSignerProps {
class SignNuGetWithSigner (line 82) | class SignNuGetWithSigner extends Construct implements ISigner {
method constructor (line 86) | public constructor(scope: Construct, id: string, props: SignNuGetWithS...
method addToPipeline (line 122) | public addToPipeline(stage: IStage, id: string, options: AddToPipeline...
FILE: lib/util.ts
function determineRunOrder (line 12) | function determineRunOrder(index: number, concurrency?: number): number ...
function hashFileOrDirectory (line 29) | function hashFileOrDirectory(fileOrDir: string): string {
function renderEnvironmentVariables (line 43) | function renderEnvironmentVariables(env?: { [key: string]: string | unde...
function noUndefined (line 57) | function noUndefined<T extends object>(xs: T): { [k in keyof T]: NonNull...
function mapValues (line 67) | function mapValues<T, U>(xs: { [key: string]: T }, fn: (x: T) => U): { [...
function flatMap (line 75) | function flatMap<T, U>(xs: T[], fn: (x: T) => U[]): U[] {
Condensed preview — 160 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (895K chars).
[
{
"path": ".eslintrc.json",
"chars": 4421,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n{\n \"env\": {\n \"jest\": true,\n \"node\":"
},
{
"path": ".gitattributes",
"chars": 1145,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\n* text=auto eol=lf\n*.snap linguist-generat"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 122,
"preview": "\n-----\n\nBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 licens"
},
{
"path": ".github/workflows/auto-approve.yml",
"chars": 675,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: auto-approve\non:\n pull_request_targ"
},
{
"path": ".github/workflows/auto-queue.yml",
"chars": 593,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: auto-queue\non:\n pull_request_target"
},
{
"path": ".github/workflows/build.yml",
"chars": 2841,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: build\non:\n pull_request: {}\n workf"
},
{
"path": ".github/workflows/pull-request-lint.yml",
"chars": 719,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: pull-request-lint\non:\n pull_request"
},
{
"path": ".github/workflows/release.yml",
"chars": 4021,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: release\non:\n push:\n branches:\n "
},
{
"path": ".github/workflows/retry-automerge.yml",
"chars": 451,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: retry-automerge\non:\n pull_request:\n"
},
{
"path": ".github/workflows/stale.yml",
"chars": 1616,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\".\n\nname: stale\non:\n schedule:\n - cron: 0 "
},
{
"path": ".github/workflows/upgrade-cdklabs-projen-project-types-main.yml",
"chars": 3223,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: upgrade-cdklabs-projen-project-types"
},
{
"path": ".github/workflows/upgrade-dev-deps-main.yml",
"chars": 3178,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: upgrade-dev-deps-main\non:\n workflow"
},
{
"path": ".github/workflows/upgrade-main.yml",
"chars": 3121,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n\nname: upgrade-main\non:\n workflow_dispatch"
},
{
"path": ".gitignore",
"chars": 1178,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n!/.gitattributes\n!/.projen/tasks.json\n!/.pr"
},
{
"path": ".npmignore",
"chars": 494,
"preview": "# ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n/.projen/\n/test-reports/\njunit.xml\n/coverag"
},
{
"path": ".projen/deps.json",
"chars": 3346,
"preview": "{\n \"dependencies\": [\n {\n \"name\": \"@aws-sdk/client-cloudwatch\",\n \"type\": \"build\"\n },\n {\n \"name\":"
},
{
"path": ".projen/files.json",
"chars": 777,
"preview": "{\n \"files\": [\n \".eslintrc.json\",\n \".gitattributes\",\n \".github/workflows/auto-approve.yml\",\n \".github/workfl"
},
{
"path": ".projen/jest-snapshot-resolver.js",
"chars": 673,
"preview": "const path = require(\"path\");\nconst libtest = \"lib/__tests__\";\nconst srctest= \"lib/__tests__\";\nmodule.exports = {\n reso"
},
{
"path": ".projen/tasks.json",
"chars": 10748,
"preview": "{\n \"tasks\": {\n \"build\": {\n \"name\": \"build\",\n \"description\": \"Full release build\",\n \"steps\": [\n "
},
{
"path": ".projenrc.ts",
"chars": 4946,
"preview": "import { CdklabsTypeScriptProject } from 'cdklabs-projen-project-types';\n\nconst project = new CdklabsTypeScriptProject({"
},
{
"path": "CHANGELOG.md",
"chars": 60438,
"preview": "# Changelog\n\nAll notable changes to this project will be documented in this file. See [standard-version](https://github."
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 311,
"preview": "## Code of Conduct\nThis project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-condu"
},
{
"path": "CONTRIBUTING.md",
"chars": 5068,
"preview": "# Contributing Guidelines\n\nThank you for your interest in contributing to our project. Whether it's a bug report, new fe"
},
{
"path": "LICENSE",
"chars": 11358,
"preview": "\n Apache License\n Version 2.0, January 2004\n "
},
{
"path": "NOTICE",
"chars": 86,
"preview": "AWS Delivlib\nCopyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. \n"
},
{
"path": "README.md",
"chars": 31467,
"preview": "## aws-delivlib\n\n[](http://github.com/bad"
},
{
"path": "build-custom-resource-handlers.sh",
"chars": 1208,
"preview": "#!/bin/bash\nset -euo pipefail\n\ncompile=\"tsc --alwaysStrict\n --inlineSourceMap\n --lib ES2017\n "
},
{
"path": "cdk.json",
"chars": 74,
"preview": "{\n \"context\": {\n \"@aws-cdk/core:newStyleStackSynthesis\": \"true\"\n }\n}\n"
},
{
"path": "lib/__tests__/auto-build.test.ts",
"chars": 3936,
"preview": "import { App, Stack } from 'aws-cdk-lib';\nimport { Template } from 'aws-cdk-lib/assertions';\nimport { Artifacts } from '"
},
{
"path": "lib/__tests__/build-spec.test.ts",
"chars": 6569,
"preview": "import * as delivlib from '../../lib';\n\ntest('buildspec single artifact goes to \"artifacts\"', () => {\n const bs = deliv"
},
{
"path": "lib/__tests__/bump.test.ts",
"chars": 14973,
"preview": "// tslint:disable: max-line-length\nimport * as cdk from 'aws-cdk-lib';\nimport { Template } from 'aws-cdk-lib/assertions'"
},
{
"path": "lib/__tests__/canary.test.ts",
"chars": 3086,
"preview": "import * as path from 'path';\nimport { App, Stack, aws_events as events } from 'aws-cdk-lib';\nimport { Template } from '"
},
{
"path": "lib/__tests__/change-control-lambda/disable-transition.test.ts",
"chars": 2715,
"preview": "// eslint-disable-next-line @typescript-eslint/no-require-imports\n\n\nconst pipelineName = 'MyPipeline';\nconst stageName ="
},
{
"path": "lib/__tests__/change-control-lambda/handler.test.ts",
"chars": 4948,
"preview": "import type * as timeWindow from '../../change-control-lambda/time-window';\n\n// _____ _ "
},
{
"path": "lib/__tests__/change-control-lambda/time-window.test.ts",
"chars": 4636,
"preview": "import { shouldBlockPipeline } from '../../change-control-lambda/time-window';\n// tslint:disable:no-console\n\nconst ics ="
},
{
"path": "lib/__tests__/chime-notifier.test.ts",
"chars": 4762,
"preview": "import https from 'https';\nimport {\n App, Lazy, Stack,\n aws_codepipeline as aws_codepipeline,\n aws_codepipeline_actio"
},
{
"path": "lib/__tests__/code-signing-cert.test.ts",
"chars": 1849,
"preview": "import {\n App, Stack,\n aws_kms as kms,\n} from 'aws-cdk-lib';\nimport { Template } from 'aws-cdk-lib/assertions';\nimport"
},
{
"path": "lib/__tests__/custom-resource-handlers/_cloud-formation.test.ts",
"chars": 3492,
"preview": "/* eslint-disable @typescript-eslint/no-require-imports */\nimport { EventEmitter } from 'events';\nimport https = require"
},
{
"path": "lib/__tests__/custom-resource-handlers/_exec.test.ts",
"chars": 734,
"preview": "/* eslint-disable @typescript-eslint/no-require-imports */\nimport _exec = require('../../custom-resource-handlers/src/_e"
},
{
"path": "lib/__tests__/custom-resource-handlers/_rmrf.test.ts",
"chars": 451,
"preview": "/* eslint-disable @typescript-eslint/no-require-imports */\nimport fs = require('fs');\nimport os = require('os');\nimport "
},
{
"path": "lib/__tests__/custom-resource-handlers/certificate-signing-request.test.ts",
"chars": 9094,
"preview": "/* eslint-disable @typescript-eslint/no-require-imports */\nimport fs = require('fs');\nimport path = require('path');\nimp"
},
{
"path": "lib/__tests__/custom-resource-handlers/pgp-secret.test.ts",
"chars": 6815,
"preview": "/* eslint-disable @typescript-eslint/no-require-imports */\nimport crypto = require('crypto');\nimport fs = require('fs');"
},
{
"path": "lib/__tests__/custom-resource-handlers/private-key.test.ts",
"chars": 7553,
"preview": "/* eslint-disable @typescript-eslint/no-require-imports */\nimport fs = require('fs');\nimport cfn = require('../../custom"
},
{
"path": "lib/__tests__/delivlib-tests/assume-role/test.sh",
"chars": 516,
"preview": "#!/bin/bash\nset -euo pipefail\nset -x\nidentity=\"$(aws sts get-caller-identity --output text | xargs)\"\nrole_arn=$(echo \"${"
},
{
"path": "lib/__tests__/delivlib-tests/linux/README",
"chars": 140,
"preview": "## README\n\nThis file is bundled with the test and will be deployed as part of the test environment.\n\n-------------------"
},
{
"path": "lib/__tests__/delivlib-tests/linux/test.sh",
"chars": 331,
"preview": "#!/bin/bash\nset -e\nscriptdir=$(cd $(dirname $0) && pwd)\n\n# Some diagnostics output\necho \"| Workdir:\"\npwd\n\necho \"| Files "
},
{
"path": "lib/__tests__/delivlib-tests/linux/void.sh",
"chars": 33,
"preview": "#!/bin/bash\nset -e\necho ALL GOOD\n"
},
{
"path": "lib/__tests__/delivlib-tests/windows/README",
"chars": 120,
"preview": "Hello, first Windows test\nThis README file will be bundled with the test\n----------------------------------------------\n"
},
{
"path": "lib/__tests__/delivlib-tests/windows/test.ps1",
"chars": 122,
"preview": "\"Hello, World!\"\n\n# Verify test artifacts are bundled with the test script\nGet-Content -Path $PSScriptRoot\\README\n\nDIR /s"
},
{
"path": "lib/__tests__/expected.yml",
"chars": 189548,
"preview": "Transform: AWS::Serverless-2016-10-31\nResources:\n CodeCommitPipelineBuildPipelineArtifactsBucketEncryptionKey05A62A83:\n"
},
{
"path": "lib/__tests__/integ.delivlib.ts",
"chars": 335,
"preview": "import * as cdk from 'aws-cdk-lib';\nimport { TestStack } from './test-stack';\n\n\nconst stackName = process.env.TEST_STACK"
},
{
"path": "lib/__tests__/open-pgp-key-pair.test.ts",
"chars": 3645,
"preview": "import {\n App, Stack,\n aws_kms as kms,\n} from 'aws-cdk-lib';\nimport { Template, Match } from 'aws-cdk-lib/assertions';"
},
{
"path": "lib/__tests__/package-integrity/handler/__fixtures__/.gitignore",
"chars": 15,
"preview": "!.projenrc.js\n\n"
},
{
"path": "lib/__tests__/package-integrity/handler/__fixtures__/non-projen-project/package.json",
"chars": 118,
"preview": "{\n \"name\": \"non-project-project\",\n \"private\": true,\n \"comment\": \"Should fail because no .projen directory exists\"\n}"
},
{
"path": "lib/__tests__/package-integrity/handler/__fixtures__/non-projen-project/yarn.lock",
"chars": 98,
"preview": "This file is only validated for existence, not content.\nSo it doesn't matter what we put here for."
},
{
"path": "lib/__tests__/package-integrity/handler/__fixtures__/non-yarn-project/.projenrc.js",
"chars": 574,
"preview": "const path = require('path');\nconst { cdk, javascript } = require('projen');\n\n// see https://github.com/projen/projen/is"
},
{
"path": "lib/__tests__/package-integrity/handler/__fixtures__/projen-jsii-project/.projenrc.js",
"chars": 692,
"preview": "const path = require('path');\nconst { cdk } = require('projen');\n\n// see https://github.com/projen/projen/issues/1356\nco"
},
{
"path": "lib/__tests__/package-integrity/handler/__fixtures__/projen-non-jsii-project/.projenrc.js",
"chars": 599,
"preview": "const path = require('path');\nconst { typescript } = require('projen');\n\n// see https://github.com/projen/projen/issues/"
},
{
"path": "lib/__tests__/package-integrity/handler/integrity.test.ts",
"chars": 6589,
"preview": "import * as child from 'child_process';\nimport * as os from 'os';\nimport * as path from 'path';\nimport AdmZip from 'adm-"
},
{
"path": "lib/__tests__/package-integrity/integrity.test.ts",
"chars": 3868,
"preview": "import {\n App, Duration, Stack,\n aws_codebuild as codebuild,\n aws_secretsmanager as sm,\n} from 'aws-cdk-lib';\nimport "
},
{
"path": "lib/__tests__/pipeline-notifications/chime.test.ts",
"chars": 2542,
"preview": "import {\n App, Stack,\n aws_codecommit as codecommit,\n} from 'aws-cdk-lib';\nimport { Capture, Template, Match } from 'a"
},
{
"path": "lib/__tests__/pipeline-notifications/slack.test.ts",
"chars": 3112,
"preview": "import {\n App, Stack,\n aws_codecommit as codecommit,\n aws_chatbot as chatbot,\n} from 'aws-cdk-lib';\nimport { Template"
},
{
"path": "lib/__tests__/pipeline.test.ts",
"chars": 15797,
"preview": "import * as path from 'path';\nimport {\n App, Duration, Stack,\n aws_codebuild as codebuild,\n aws_codecommit as codecom"
},
{
"path": "lib/__tests__/pr.test.ts",
"chars": 1683,
"preview": "// tslint:disable: max-line-length\nimport * as cdk from 'aws-cdk-lib';\nimport { Template, Match } from 'aws-cdk-lib/asse"
},
{
"path": "lib/__tests__/publishing.test.ts",
"chars": 4902,
"preview": "import {\n App, Stack,\n aws_codebuild as codebuild,\n aws_codecommit as codecommit,\n aws_kms as kms,\n assertions,\n} f"
},
{
"path": "lib/__tests__/registry-sync/docker-asset/Dockerfile",
"chars": 7,
"preview": "# empty"
},
{
"path": "lib/__tests__/registry-sync/ecr-mirror.test.ts",
"chars": 11553,
"preview": "import * as path from 'path';\nimport {\n Aspects, Duration, Stack,\n aws_codebuild as codebuild,\n aws_events as events,"
},
{
"path": "lib/__tests__/registry-sync/mirror-source.test.ts",
"chars": 10128,
"preview": "import * as path from 'path';\nimport {\n Stack, App,\n aws_codebuild as codebuild,\n} from 'aws-cdk-lib';\nimport { Templa"
},
{
"path": "lib/__tests__/run-test.sh",
"chars": 505,
"preview": "#!/bin/bash\nset -euo pipefail\nscriptdir=$(cd $(dirname $0) && pwd)\n\ncdk_app=\"npx ts-node lib/__tests__/integ.delivlib.ts"
},
{
"path": "lib/__tests__/shellable.test.ts",
"chars": 17036,
"preview": "import * as path from 'path';\nimport * as cdk from 'aws-cdk-lib';\nimport { Template, Match } from 'aws-cdk-lib/assertion"
},
{
"path": "lib/__tests__/signing.test.ts",
"chars": 11656,
"preview": "import { App, Stack } from 'aws-cdk-lib';\nimport { Match, Template } from 'aws-cdk-lib/assertions';\nimport { Repository "
},
{
"path": "lib/__tests__/test-stack.ts",
"chars": 6377,
"preview": "import * as path from 'path';\nimport {\n App, Stack, StackProps,\n aws_events as events,\n aws_iam as iam,\n aws_kms as "
},
{
"path": "lib/__tests__/watcher-handler.test.ts",
"chars": 5869,
"preview": "import { LambdaActionStateChangeEvent, LambdaExecutionStateChangeEvent, cloudwatch, handler } from '../../lib/pipeline-w"
},
{
"path": "lib/__tests__/watcher.test.ts",
"chars": 2967,
"preview": "import { Stack } from 'aws-cdk-lib';\nimport { Template } from 'aws-cdk-lib/assertions';\nimport { Pipeline } from 'aws-cd"
},
{
"path": "lib/auto-build.ts",
"chars": 4202,
"preview": "import {\n SecretValue,\n aws_codebuild as codebuild,\n aws_iam as iam,\n aws_sam as serverless,\n} from 'aws-cdk-lib';\ni"
},
{
"path": "lib/build-env.ts",
"chars": 1079,
"preview": "import { aws_codebuild as cbuild } from 'aws-cdk-lib';\nimport { DEFAULT_SUPERCHAIN_IMAGE } from './constants';\n\nexport i"
},
{
"path": "lib/build-spec.ts",
"chars": 9247,
"preview": "import { mapValues, noUndefined } from './util';\n\n\nconst MAGIC_ARTIFACT_NAME = 'PRIMARY';\n\n/**\n * Class to model a build"
},
{
"path": "lib/canary.ts",
"chars": 1368,
"preview": "import {\n aws_cloudwatch as cloudwatch,\n aws_codebuild as cbuild,\n aws_events as events,\n aws_events_targets as even"
},
{
"path": "lib/change-control-lambda/disable-transition.ts",
"chars": 1480,
"preview": "// eslint-disable-next-line import/no-extraneous-dependencies\n\n\n// eslint-disable-next-line import/no-extraneous-depende"
},
{
"path": "lib/change-control-lambda/index.ts",
"chars": 3046,
"preview": "// eslint-disable-next-line import/no-extraneous-dependencies\n\n\n// eslint-disable-next-line import/no-extraneous-depende"
},
{
"path": "lib/change-control-lambda/time-window.ts",
"chars": 5800,
"preview": "// eslint-disable-next-line import/no-extraneous-dependencies\nimport { RRule } from 'rrule';\n// eslint-disable-next-line"
},
{
"path": "lib/change-controller.ts",
"chars": 4309,
"preview": "import * as path from 'path';\nimport {\n CfnOutput, Duration, RemovalPolicy,\n aws_cloudwatch as cloudwatch,\n aws_codep"
},
{
"path": "lib/chime-notifier/chime-notifier.ts",
"chars": 2562,
"preview": "import * as path from 'path';\nimport {\n Duration,\n aws_codepipeline as cpipeline,\n aws_iam as iam,\n aws_lambda as la"
},
{
"path": "lib/chime-notifier/handler/notifier-handler.ts",
"chars": 3482,
"preview": "import * as https from 'https';\n// eslint-disable-next-line import/no-extraneous-dependencies\nimport { ArtifactRevision,"
},
{
"path": "lib/chime-notifier/index.ts",
"chars": 33,
"preview": "export * from './chime-notifier';"
},
{
"path": "lib/code-signing/certificate-signing-request.ts",
"chars": 5215,
"preview": "import * as path from 'path';\nimport {\n Duration,\n CustomResource,\n aws_lambda as lambda,\n aws_s3 as s3,\n RemovalPo"
},
{
"path": "lib/code-signing/code-signing-certificate.ts",
"chars": 8380,
"preview": "import {\n CfnOutput, RemovalPolicy, Stack,\n aws_iam as iam,\n aws_kms as kms,\n aws_s3 as s3,\n aws_secretsmanager as "
},
{
"path": "lib/code-signing/index.ts",
"chars": 44,
"preview": "export * from './code-signing-certificate';\n"
},
{
"path": "lib/code-signing/private-key.ts",
"chars": 8205,
"preview": "import * as path from 'path';\nimport {\n Duration, RemovalPolicy, Stack,\n ArnFormat, CustomResource,\n aws_iam as iam,\n"
},
{
"path": "lib/constants.ts",
"chars": 202,
"preview": "/**\n * The default superchain image that will be used all across delivlib if no override is supplied.\n */\nexport const D"
},
{
"path": "lib/credential-pair.ts",
"chars": 709,
"preview": "import {\n aws_ssm as ssm,\n aws_secretsmanager as secretsManager,\n} from 'aws-cdk-lib';\n\n\n/**\n * A Credential Pair comb"
},
{
"path": "lib/custom-resource-handlers/Dockerfile",
"chars": 524,
"preview": "# Use a NodeJS 20.x runtime\nFROM public.ecr.aws/lambda/nodejs:20-x86_64\n\nARG FUN_SRC_DIR\n\n# install openssel\nRUN dnf ins"
},
{
"path": "lib/custom-resource-handlers/src/_cloud-formation.ts",
"chars": 5340,
"preview": "import * as https from 'https';\nimport * as url from 'url';\nimport * as lambda from './_lambda';\n\nexport type LambdaHand"
},
{
"path": "lib/custom-resource-handlers/src/_exec.ts",
"chars": 718,
"preview": "import * as childProcess from 'child_process';\nimport * as process from 'process';\n\nexport = function _exec(command: str"
},
{
"path": "lib/custom-resource-handlers/src/_lambda.ts",
"chars": 2149,
"preview": "/**\n * @see https://docs.aws.amazon.com/lambda/latest/dg/nodejs-prog-model-context.html\n */\nexport interface Context {\n "
},
{
"path": "lib/custom-resource-handlers/src/_rmrf.ts",
"chars": 679,
"preview": "import * as fs from 'fs';\nimport * as path from 'path';\nimport * as util from 'util';\n\nconst readdir = util.promisify(fs"
},
{
"path": "lib/custom-resource-handlers/src/certificate-signing-request.ts",
"chars": 4792,
"preview": "import * as fs from 'fs';\nimport * as os from 'os';\nimport * as path from 'path';\nimport * as util from 'util';\n// eslin"
},
{
"path": "lib/custom-resource-handlers/src/pgp-secret.ts",
"chars": 6553,
"preview": "import * as crypto from 'crypto';\nimport * as fs from 'fs';\nimport * as os from 'os';\nimport * as path from 'path';\nimpo"
},
{
"path": "lib/custom-resource-handlers/src/private-key.ts",
"chars": 3207,
"preview": "import * as fs from 'fs';\nimport * as os from 'os';\nimport * as path from 'path';\nimport * as util from 'util';\n// eslin"
},
{
"path": "lib/index.ts",
"chars": 609,
"preview": "export * from './auto-build';\nexport * from './canary';\nexport * from './build-spec';\nexport * from './code-signing';\nex"
},
{
"path": "lib/open-pgp-key-pair.ts",
"chars": 7161,
"preview": "import * as path from 'path';\nimport {\n Duration, Stack, RemovalPolicy,\n CustomResource,\n aws_iam as iam,\n aws_kms a"
},
{
"path": "lib/package-integrity/handler/JSONStream.d.ts",
"chars": 1093,
"preview": "/**\n * Partial hand-written declarations for the JSONStream module. Refer to the JS\n * module's documentation for additi"
},
{
"path": "lib/package-integrity/handler/integrity.ts",
"chars": 9689,
"preview": "import { execSync } from 'child_process';\nimport type { RequestOptions, IncomingMessage } from 'http';\nimport * as os fr"
},
{
"path": "lib/package-integrity/handler/repository.ts",
"chars": 5274,
"preview": "import { execSync } from 'child_process';\nimport * as fs from 'fs';\nimport * as os from 'os';\nimport * as path from 'pat"
},
{
"path": "lib/package-integrity/handler/validate.sh",
"chars": 69,
"preview": "#!/bin/bash\n\nset -euo pipefail\n\nnode ${SCRIPT_DIR}/validate.bundle.js"
},
{
"path": "lib/package-integrity/handler/validate.ts",
"chars": 1005,
"preview": "#!/usr/bin/env node\nimport { RepositoryIntegrity } from './integrity';\nimport { Repository } from './repository';\n\nfunct"
},
{
"path": "lib/package-integrity/index.ts",
"chars": 28,
"preview": "export * from './integrity';"
},
{
"path": "lib/package-integrity/integrity.ts",
"chars": 4199,
"preview": "import * as path from 'path';\nimport {\n aws_cloudwatch as cloudwatch,\n aws_events as events,\n aws_events_targets as t"
},
{
"path": "lib/permissions.ts",
"chars": 1941,
"preview": "import { aws_iam as iam } from 'aws-cdk-lib';\n\n\n/**\n * Describe a Secrets Manager secret external to the CDK app\n */\nexp"
},
{
"path": "lib/pipeline-notifications/chime.ts",
"chars": 798,
"preview": "import * as crypto from 'crypto';\nimport { ChimeNotifier, ChimeNotifierOptions, IPipelineNotification, PipelineNotificat"
},
{
"path": "lib/pipeline-notifications/index.ts",
"chars": 527,
"preview": "import { ChimeNotification, ChimeNotificationProps } from './chime';\nimport { SlackNotification, SlackNotificationProps "
},
{
"path": "lib/pipeline-notifications/slack.ts",
"chars": 2159,
"preview": "import * as crypto from 'crypto';\nimport {\n aws_chatbot as chatbot,\n aws_codestarnotifications as starnotifs,\n Stack,"
},
{
"path": "lib/pipeline-watcher/handler/watcher-handler.ts",
"chars": 4006,
"preview": "// eslint-disable-next-line import/no-extraneous-dependencies\n\n\n// eslint-disable-next-line import/no-extraneous-depende"
},
{
"path": "lib/pipeline-watcher/index.ts",
"chars": 26,
"preview": "export * from './watcher';"
},
{
"path": "lib/pipeline-watcher/watcher.ts",
"chars": 3291,
"preview": "import * as path from 'path';\nimport {\n aws_cloudwatch as cloudwatch,\n aws_codepipeline as cpipeline,\n aws_events as "
},
{
"path": "lib/pipeline.ts",
"chars": 22123,
"preview": "import {\n Duration,\n aws_cloudwatch as cloudwatch,\n aws_codebuild as cbuild,\n aws_codepipeline as cpipeline,\n aws_c"
},
{
"path": "lib/publishing/docs/publish-docs.sh",
"chars": 2023,
"preview": "#!/bin/bash\nset -euo pipefail\nartifacts=$PWD\n\n###\n# Usage: ./publish-docs.sh\n#\n# Publishes the documentation from the cu"
},
{
"path": "lib/publishing/docs/publish.sh",
"chars": 639,
"preview": "#!/bin/bash\nset -euo pipefail\necho ----------------------------------------\necho \"Sources:\"\nls\necho --------------------"
},
{
"path": "lib/publishing/docs/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/github/create-release.ts",
"chars": 3523,
"preview": "import { createReadStream, existsSync, promises as fs } from 'fs';\nimport path from 'path';\nimport parseChangelog from '"
},
{
"path": "lib/publishing/github/package-lock.json",
"chars": 26062,
"preview": "{\n \"name\": \"github\",\n \"version\": \"1.0.0\",\n \"lockfileVersion\": 3,\n \"requires\": true,\n \"packages\": {\n \"\": {\n "
},
{
"path": "lib/publishing/github/package.json",
"chars": 436,
"preview": "{\n \"name\": \"github\",\n \"version\": \"1.0.0\",\n \"description\": \"\",\n \"main\": \"parse-changelog.js\",\n \"scripts\": {\n \"tes"
},
{
"path": "lib/publishing/github/publish.sh",
"chars": 2991,
"preview": "#!/bin/bash\nset -euo pipefail\nscriptdir=\"$(cd $(dirname $0) && pwd)\"\nworkdir=\"$(mktemp -d)\"\n\nheading() {\n echo\n ec"
},
{
"path": "lib/publishing/github/sign-files.sh",
"chars": 822,
"preview": "#!/bin/bash\nset -euo pipefail\n\nif [[ \"${1:-}\" == \"\" ]]; then\n echo \"Usage: sign-files.sh FILE [FILE...]\" >&2\n echo"
},
{
"path": "lib/publishing/github/tsconfig.json",
"chars": 749,
"preview": "{\n \"compilerOptions\": {\n \"alwaysStrict\": true,\n \"esModuleInterop\": true,\n \"experimentalDecorators\": true,\n "
},
{
"path": "lib/publishing/github/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/github/with-signing-key.sh",
"chars": 2137,
"preview": "#!/bin/bash\n# Run another command with the signing key for the current scope,\n# if set.\n#\n# Upon running the subcommand,"
},
{
"path": "lib/publishing/golang/publish.sh",
"chars": 499,
"preview": "#!/bin/bash\nset -euo pipefail\necho ----------------------------------------\necho \"Sources:\"\nls\necho --------------------"
},
{
"path": "lib/publishing/golang/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/maven/publish.sh",
"chars": 1046,
"preview": "#!/bin/bash\nset -euo pipefail\necho ----------------------------------------\necho \"Sources:\"\nls\necho --------------------"
},
{
"path": "lib/publishing/maven/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/maven/with-signing-key.sh",
"chars": 1510,
"preview": "#!/bin/bash\n# Run another command with the signing key for the current scope,\n# if set.\n#\n# Upon running the subcommand,"
},
{
"path": "lib/publishing/npm/publish-npm.sh",
"chars": 2541,
"preview": "#!/bin/bash\nset -euo pipefail\n\n###\n# Usage: ./publish-mvn.sh\n#\n# Publishes the content of a release bundle (current dire"
},
{
"path": "lib/publishing/npm/publish.sh",
"chars": 662,
"preview": "#!/bin/bash\nset -euo pipefail\necho ----------------------------------------\necho \"Sources:\"\nls\necho --------------------"
},
{
"path": "lib/publishing/npm/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/nuget/publish.sh",
"chars": 5267,
"preview": "#!/bin/bash\nset -euo pipefail\n\necho \"Installing required CLI tools: jq, openssl...\"\nif command -v yum &>/dev/null; then\n"
},
{
"path": "lib/publishing/nuget/sign.sh",
"chars": 1256,
"preview": "#!/bin/bash\nset -euo pipefail\n\nif [ $# -ne 4 ]\nthen\n echo \"Usage: $0 <nuget-package.nupkg> <certificate.spc> <privateke"
},
{
"path": "lib/publishing/nuget/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/pypi/publish.sh",
"chars": 976,
"preview": "#!/bin/bash\nset -euo pipefail\n\n# load login credentials from secrets manager\ncredentials=$(aws secretsmanager get-secret"
},
{
"path": "lib/publishing/pypi/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing/s3/publish.sh",
"chars": 1599,
"preview": "#!/bin/bash\nset -euo pipefail\necho ----------------------------------------\necho \"Sources:\"\nls\necho --------------------"
},
{
"path": "lib/publishing/s3/update-ssm.sh",
"chars": 882,
"preview": "#!/bin/bash\n# Write the current version and timestamp to SSM, if the current version is new\nset -eu\n\nif [[ \"${SSM_PREFIX"
},
{
"path": "lib/publishing.ts",
"chars": 25202,
"preview": "import * as path from 'path';\nimport {\n Stack,\n aws_codebuild as cbuild,\n aws_codepipeline as cpipeline,\n aws_codepi"
},
{
"path": "lib/pull-request/bump.ts",
"chars": 3366,
"preview": "import { Construct } from 'constructs';\nimport { AutoPullRequest, AutoPullRequestOptions } from './pr';\nimport { Writabl"
},
{
"path": "lib/pull-request/index.ts",
"chars": 76,
"preview": "export * from './bump';\nexport * from './merge-back';\nexport * from './pr';\n"
},
{
"path": "lib/pull-request/merge-back.ts",
"chars": 3599,
"preview": "import { Construct } from 'constructs';\nimport * as pr from './pr';\nimport { WritableGitHubRepo } from '../repo';\n\n/**\n "
},
{
"path": "lib/pull-request/pr.ts",
"chars": 14528,
"preview": "import {\n Duration,\n aws_cloudwatch as cloudwatch,\n aws_codebuild as cbuild,\n aws_events as events,\n aws_events_tar"
},
{
"path": "lib/registry-sync/ecr-mirror.ts",
"chars": 9670,
"preview": "import {\n IAspect, Lazy, Stack, Token,\n aws_ecr as ecr,\n aws_codebuild as codebuild,\n aws_events as events,\n aws_ev"
},
{
"path": "lib/registry-sync/index.ts",
"chars": 62,
"preview": "export * from './ecr-mirror';\nexport * from './mirror-source';"
},
{
"path": "lib/registry-sync/mirror-source.ts",
"chars": 5852,
"preview": "import * as path from 'node:path';\nimport {\n aws_codebuild as codebuild,\n aws_s3_assets as s3Assets,\n} from 'aws-cdk-l"
},
{
"path": "lib/release-email.sh",
"chars": 445,
"preview": "#!/bin/bash\nset -euo pipefail\n\nfiles=\"$(find . -type f | cut -d'/' -f2-)\"\n\necho \"<html>\"\necho \"<body>\"\necho \"<h3>Release"
},
{
"path": "lib/repo.ts",
"chars": 6388,
"preview": "import {\n SecretValue, SecretsManagerSecretOptions,\n aws_codebuild as cbuild, aws_codecommit as ccommit,\n aws_codepip"
},
{
"path": "lib/shellable.ts",
"chars": 20425,
"preview": "import * as fs from 'fs';\nimport * as path from 'path';\nimport {\n Duration,\n aws_cloudwatch as cloudwatch, aws_codebui"
},
{
"path": "lib/signing/nuget/sign.sh",
"chars": 2475,
"preview": "#!/bin/bash\nset -euo pipefail\n\necho \"Installing required CLI tools: jq\"\nif command -v yum &>/dev/null; then\n yum inst"
},
{
"path": "lib/signing-key.ts",
"chars": 1849,
"preview": "import { aws_iam as iam, aws_kms as kms } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\nimport { OpenPGPKe"
},
{
"path": "lib/signing.ts",
"chars": 3799,
"preview": "import * as path from 'path';\nimport { IBuildImage, LinuxBuildImage, Project } from 'aws-cdk-lib/aws-codebuild';\nimport "
},
{
"path": "lib/util.ts",
"chars": 2334,
"preview": "import * as crypto from 'crypto';\nimport * as fs from 'fs';\nimport * as path from 'path';\nimport { aws_codebuild as cbui"
},
{
"path": "package.json",
"chars": 4709,
"preview": "{\n \"name\": \"aws-delivlib\",\n \"description\": \"A fabulous library for defining continuous pipelines for building, testing"
},
{
"path": "tsconfig.dev.json",
"chars": 879,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n{\n \"compilerOptions\": {\n \"alwaysStrict"
},
{
"path": "tsconfig.json",
"chars": 931,
"preview": "// ~~ Generated by projen. To modify, edit .projenrc.ts and run \"npx projen\".\n{\n \"compilerOptions\": {\n \"rootDir\": \"l"
}
]
About this extraction
This page contains the full source code of the cdklabs/aws-delivlib GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 160 files (831.1 KB), approximately 224.6k tokens, and a symbol index with 395 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.