@flit/cdk-pipeline 2.3.0 → 2.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@flit/cdk-pipeline",
-	"version": "2.3.0",
+	"version": "2.5.0",
 	"description": "A highly customizable and extensible CI/CD pipeline intended as alternative to CDK's native CodePipeline",
 	"keywords": [
 		"aws",
@@ -51,18 +51,18 @@
 		"useTabs": true
 	},
 	"devDependencies": {
-		"@types/node": "^25.0.3",
-		"aws-cdk-lib": "^2.232.0",
-		"constructs": "^10.4.0",
-		"jsii": "^5.9.22",
-		"jsii-pacmak": "^1.125.0",
-		"prettier": "^3.7.4",
-		"prettier-plugin-packagejson": "^2.5.20",
+		"@types/node": "^25.5.0",
+		"aws-cdk-lib": "^2.244.0",
+		"constructs": "^10.6.0",
+		"jsii": "^5.9.34",
+		"jsii-pacmak": "^1.127.0",
+		"prettier": "^3.8.1",
+		"prettier-plugin-packagejson": "^3.0.2",
 		"typescript": "^5.9.3"
 	},
 	"peerDependencies": {
-		"aws-cdk-lib": "^2.232.0",
-		"constructs": "^10.4.0"
+		"aws-cdk-lib": "^2.244.0",
+		"constructs": "^10.6.0"
 	},
 	"publishConfig": {
 		"access": "public"

package/src/code-commit-source-segment.ts

@@ -11,7 +11,6 @@ import { SegmentConstructed } from "./segment";
 import { SourceSegment, SourceSegmentProps } from "./source-segment";
 
 export interface CodeCommitSourceSegmentProps extends SourceSegmentProps {
-	readonly repositoryName: string;
 	readonly repositoryArn: string;
 	readonly branch?: string;
 	readonly trigger?: CodeCommitTrigger;
@@ -28,9 +27,11 @@ export class CodeCommitSourceSegment extends SourceSegment {
 		this.props = props;
 	}
 	construct(scope: Pipeline): SegmentConstructed {
-		const name = `${this.props.repositoryName}-${
-			this.props.branch || "master"
-		}`;
+		const name = `${this.props.repositoryArn
+			.trim()
+			.replace(/\/+$/, "")
+			.split(":")
+			.pop()}-${this.props.branch || "master"}`;
 
 		return new CodeCommitSourceSegmentConstructed(scope, name, {
 			...this.props,

package/src/pipeline-segment.ts

@@ -1,6 +1,8 @@
 import {
 	BuildEnvironmentVariable,
 	BuildSpec,
+	ComputeType,
+	LinuxBuildImage,
 	mergeBuildSpecs,
 	Project,
 	ProjectProps,
@@ -8,17 +10,15 @@ import {
 import { Stack } from "aws-cdk-lib";
 import { IAction } from "aws-cdk-lib/aws-codepipeline";
 import {
-	CloudFormationCreateReplaceChangeSetAction,
 	CloudFormationExecuteChangeSetAction,
 	CodeBuildAction,
 	ManualApprovalAction,
 } from "aws-cdk-lib/aws-codepipeline-actions";
-import * as path from "path";
 
 import { Artifact } from "./artifact";
 import { Segment, SegmentConstructed } from "./segment";
 import { Pipeline } from "./pipeline";
-import { PublishAssetsAction } from "./publish-assets-action";
+import { PolicyStatement } from "aws-cdk-lib/aws-iam";
 
 export interface PipelineSegmentProps {
 	/**
@@ -105,6 +105,61 @@ export class PipelineSegmentConstructed extends SegmentConstructed {
 
 		const buildArtifact = props.output || new Artifact();
 
+		const prepareChangesProject = new Project(this, "PrepareChanges", {
+			environment: {
+				computeType: ComputeType.MEDIUM,
+				buildImage: LinuxBuildImage.AMAZON_LINUX_2_ARM_3,
+			},
+			buildSpec: BuildSpec.fromObject({
+				version: 0.2,
+				phases: {
+					install: {
+						"runtime-versions": {
+							nodejs: "24",
+						},
+						commands: "npm install -g aws-cdk",
+					},
+					build: {
+						commands: `npx cdk deploy ${props.stackName ? props.stackName : props.stack.stackName} --app ./ --method prepare-change-set --change-set-name pipeline-${props.stackName ? props.stackName : props.stack.stackName}-${this.name} --require-approval never`,
+					},
+				},
+				cache: {
+					paths: ["/root/.npm/**/*"],
+				},
+			}),
+		});
+
+		prepareChangesProject.addToRolePolicy(
+			new PolicyStatement({
+				actions: [
+					"ssm:GetParameter",
+					"cloudformation:CreateChangeSet",
+					"cloudformation:DescribeChangeSet",
+					"cloudformation:DescribeStacks",
+					"cloudformation:GetTemplate",
+					"cloudformation:DeleteChangeSet",
+					"iam:PassRole",
+				],
+				resources: ["*"],
+			}),
+		);
+
+		prepareChangesProject.addToRolePolicy(
+			new PolicyStatement({
+				actions: ["sts:AssumeRole"],
+				resources: [`arn:*:iam::${Stack.of(this).account}:role/*`],
+				conditions: {
+					"ForAnyValue:StringEquals": {
+						"iam:ResourceTag/aws-cdk:bootstrap-role": [
+							"image-publishing",
+							"file-publishing",
+							"deploy",
+						],
+					},
+				},
+			}),
+		);
+
 		this.actions = [
 			new CodeBuildAction({
 				actionName: "Build",
@@ -120,50 +175,40 @@ export class PipelineSegmentConstructed extends SegmentConstructed {
 								props.project.buildSpec,
 								BuildSpec.fromObject({
 									artifacts: {
-										files: [path.join(scope.buildDir, "**/*")],
+										"base-directory": scope.buildDir,
+										files: ["**/*"],
 									},
 								}),
-						  )
+							)
 						: BuildSpec.fromObject({
 								artifacts: {
-									files: [path.join(scope.buildDir, "**/*")],
+									"base-directory": scope.buildDir,
+									files: ["**/*"],
 								},
-						  }),
+							}),
 				}),
 			}),
-			new PublishAssetsAction(this, "PublishAssets", {
-				actionName: "PublishAssets",
+			new CodeBuildAction({
+				actionName: "PrepareChanges",
 				runOrder: 2,
 				input: buildArtifact,
-				manifestPath: scope.buildDir,
-			}),
-			new CloudFormationCreateReplaceChangeSetAction({
-				actionName: "PrepareChanges",
-				runOrder: 3,
-				stackName: props.stackName ? props.stackName : props.stack.stackName,
-				account: props.stack.account,
-				region: props.stack.region,
-				changeSetName: `${this.name}Changes`,
-				adminPermissions: true,
-				templatePath: buildArtifact.atPath(
-					path.join(scope.buildDir, props.stack.templateFile),
-				),
+				project: prepareChangesProject,
 			}),
 			...(props.manualApproval
 				? [
 						new ManualApprovalAction({
 							actionName: "ApproveChanges",
-							runOrder: 4,
+							runOrder: 3,
 						}),
-				  ]
+					]
 				: []),
 			new CloudFormationExecuteChangeSetAction({
 				actionName: "ExecuteChanges",
-				runOrder: props.manualApproval ? 5 : 4,
+				runOrder: props.manualApproval ? 3 : 4,
 				stackName: props.stackName ? props.stackName : props.stack.stackName,
 				account: props.stack.account,
 				region: props.stack.region,
-				changeSetName: `${this.name}Changes`,
+				changeSetName: `pipeline-${props.stackName ? props.stackName : props.stack.stackName}-${this.name}`,
 			}),
 		];
 	}

package/src/stack-segment.ts

@@ -3,13 +3,14 @@ import {
 	BuildEnvironmentVariable,
 	BuildEnvironmentVariableType,
 	BuildSpec,
+	ComputeType,
+	LinuxBuildImage,
 	mergeBuildSpecs,
 	Project,
 	ProjectProps,
 } from "aws-cdk-lib/aws-codebuild";
 import { IAction } from "aws-cdk-lib/aws-codepipeline";
 import {
-	CloudFormationCreateReplaceChangeSetAction,
 	CloudFormationExecuteChangeSetAction,
 	CodeBuildAction,
 	ManualApprovalAction,
@@ -20,7 +21,6 @@ import * as path from "path";
 import { Artifact } from "./artifact";
 import { Segment, SegmentConstructed } from "./segment";
 import { Pipeline } from "./pipeline";
-import { PublishAssetsAction } from "./publish-assets-action";
 
 export interface StackSegmentProps {
 	/**
@@ -136,12 +136,12 @@ export class StackSegmentConstructed extends SegmentConstructed {
 								files: [path.join(scope.buildDir, "**/*")],
 							},
 						}),
-				  )
+					)
 				: BuildSpec.fromObject({
 						artifacts: {
 							files: [path.join(scope.buildDir, "**/*")],
 						},
-				  }),
+					}),
 		});
 
 		Object.entries(
@@ -174,7 +174,7 @@ export class StackSegmentConstructed extends SegmentConstructed {
 									? v.value.split(":").slice(0, 7).join(":")
 									: `arn:aws:secretsmanager:*:${
 											Stack.of(this).account
-									  }:secret:${v.value}-*`,
+										}:secret:${v.value}-*`,
 							],
 						}),
 					);
@@ -182,6 +182,61 @@ export class StackSegmentConstructed extends SegmentConstructed {
 			}
 		});
 
+		const prepareChangesProject = new Project(this, "PrepareChanges", {
+			environment: {
+				computeType: ComputeType.MEDIUM,
+				buildImage: LinuxBuildImage.AMAZON_LINUX_2_ARM_3,
+			},
+			buildSpec: BuildSpec.fromObject({
+				version: 0.2,
+				phases: {
+					install: {
+						"runtime-versions": {
+							nodejs: "24",
+						},
+						commands: "npm install -g aws-cdk",
+					},
+					build: {
+						commands: `npx cdk deploy ${props.stackName ? props.stackName : props.stack.stackName} --app ./ --method prepare-change-set --change-set-name pipeline-${props.stackName ? props.stackName : props.stack.stackName}-${this.name} --require-approval never`,
+					},
+				},
+				cache: {
+					paths: ["/root/.npm/**/*"],
+				},
+			}),
+		});
+
+		prepareChangesProject.addToRolePolicy(
+			new PolicyStatement({
+				actions: [
+					"ssm:GetParameter",
+					"cloudformation:CreateChangeSet",
+					"cloudformation:DescribeChangeSet",
+					"cloudformation:DescribeStacks",
+					"cloudformation:GetTemplate",
+					"cloudformation:DeleteChangeSet",
+					"iam:PassRole",
+				],
+				resources: ["*"],
+			}),
+		);
+
+		prepareChangesProject.addToRolePolicy(
+			new PolicyStatement({
+				actions: ["sts:AssumeRole"],
+				resources: [`arn:*:iam::${Stack.of(this).account}:role/*`],
+				conditions: {
+					"ForAnyValue:StringEquals": {
+						"iam:ResourceTag/aws-cdk:bootstrap-role": [
+							"image-publishing",
+							"file-publishing",
+							"deploy",
+						],
+					},
+				},
+			}),
+		);
+
 		this.actions = [
 			...(buildArtifact
 				? [
@@ -194,53 +249,41 @@ export class StackSegmentConstructed extends SegmentConstructed {
 							environmentVariables: props.environmentVariables,
 							project: codeBuildProject,
 						}),
-						new PublishAssetsAction(this, "PublishAssets", {
-							actionName: `${this.name}PublishAssets`,
-							runOrder: 2,
-							input: buildArtifact,
-							manifestPath: scope.buildDir,
-						}),
-				  ]
+					]
 				: []),
-			new CloudFormationCreateReplaceChangeSetAction({
+			new CodeBuildAction({
 				actionName: `${this.name}PrepareChanges`,
-				runOrder: buildArtifact ? 3 : 1,
-				stackName: props.stackName ? props.stackName : props.stack.stackName,
-				account: props.stack.account,
-				region: props.stack.region,
-				changeSetName: `${this.name}Changes`,
-				adminPermissions: true,
-				templatePath: (buildArtifact ? buildArtifact : props.input).atPath(
-					path.join(scope.buildDir, props.stack.templateFile),
-				),
+				runOrder: buildArtifact ? 2 : 1,
+				input: buildArtifact ? buildArtifact : props.input,
+				project: prepareChangesProject,
 			}),
 			...(props.manualApproval
 				? [
 						new ManualApprovalAction({
 							actionName: `${this.name}ApproveChanges`,
-							runOrder: buildArtifact ? 4 : 2,
+							runOrder: buildArtifact ? 3 : 2,
 						}),
-				  ]
+					]
 				: []),
 			new CloudFormationExecuteChangeSetAction({
 				actionName: `${this.name}ExecuteChanges`,
 				runOrder: props.manualApproval
 					? buildArtifact
-						? 5
+						? 4
 						: 3
 					: buildArtifact
-					  ? 4
-					  : 2,
+						? 3
+						: 2,
 				stackName: props.stackName ? props.stackName : props.stack.stackName,
 				account: props.stack.account,
 				region: props.stack.region,
-				changeSetName: `${this.name}Changes`,
+				changeSetName: `pipeline-${props.stackName ? props.stackName : props.stack.stackName}-${this.name}`,
 				output: props.stackOutput,
 				outputFileName: props.outputFileName
 					? props.outputFileName
 					: props.stackOutput
-					  ? "artifact.json"
-					  : undefined,
+						? "artifact.json"
+						: undefined,
 			}),
 		];
 	}