npm - @rio-cloud/cdk-v2-constructs - Versions diffs - 2.0.6 → 2.3.0 - Mend

@rio-cloud/cdk-v2-constructs 2.0.6 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/.jsii +411 -66
package/CHANGELOG.md +35 -0
package/CONTRIBUTION.md +122 -9
package/MIGRATION_GUIDE.md +1 -1
package/lib/contributions/team-transport-two/pipeline/application-stage.d.ts +12 -0
package/lib/contributions/team-transport-two/pipeline/application-stage.js +16 -0
package/lib/contributions/team-transport-two/pipeline/build-project.d.ts +13 -0
package/lib/contributions/team-transport-two/pipeline/build-project.js +31 -0
package/lib/contributions/team-transport-two/pipeline/buildspec-vulnerability-checks.yaml +19 -0
package/lib/contributions/team-transport-two/pipeline/buildspec.yaml +58 -0
package/lib/contributions/team-transport-two/pipeline/datadog-monitors.d.ts +15 -0
package/lib/contributions/team-transport-two/pipeline/datadog-monitors.js +42 -0
package/lib/contributions/team-transport-two/pipeline/index.d.ts +1 -0
package/lib/contributions/team-transport-two/pipeline/index.js +14 -0
package/lib/contributions/team-transport-two/pipeline/pipeline-stack.d.ts +105 -0
package/lib/contributions/team-transport-two/pipeline/pipeline-stack.js +173 -0
package/lib/fargate/datadog.js +2 -2
package/lib/fargate/rio-fargate-service.d.ts +6 -0
package/lib/fargate/rio-fargate-service.js +16 -12
package/lib/index.d.ts +1 -0
package/lib/index.js +2 -1
package/lib/rio-claidometer.d.ts +4 -1
package/lib/rio-claidometer.js +4 -1
package/lib/watchful/lambda.d.ts +1 -0
package/lib/watchful/lambda.js +18 -1
package/package.json +4 -2
package/scripts/.jsii-doc.mjs +11 -0
package/version.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,41 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [2.3.0](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv2.2.0&sourceBranch=refs%2Ftags%2Fv2.3.0) (2022-06-21)
+### Features
+* **contributions:** Provide more information on contributions in general ([535b600](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/535b60081f90914b0519f8ade15b4c5b49aac01a))
+* **contributions:** Provide more information on contributions in general ([f87d671](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/f87d67157029bc5f8e9d35b7feaea205b4914e28))
+* **fargate-template:** Support ARM ([b451bc2](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/b451bc2c05b0988183288669dec79947c89a22de))
+* **fargate-template:** Support ARM ([cc3e84f](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/cc3e84f8f6521d20c110be2b3a3cd9a481b2619d))
+## [2.2.0](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv2.1.0&sourceBranch=refs%2Ftags%2Fv2.2.0) (2022-06-14)
+### Features
+* New construct - Opinionated RIO pipeline ([7f6fd07](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/7f6fd0778d498f4d62a9b5def6ac476b95f3ab4e))
+* New construct - Opinionated RIO pipeline ([a290a92](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/a290a92ace145966537e51546449fd64cddd99ad))
+* New construct - Opinionated RIO pipeline ([0e16395](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/0e16395374a83d6a5ff05abc7c68f9141a73c991))
+* New construct - Opinionated RIO pipeline ([ca831c2](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/ca831c2321c0a68ad24ecf80d76dc1d857a72868))
+* New construct - Opinionated RIO pipeline ([e1e5bbf](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/e1e5bbf7444745702fd3cee65ecbf2820e1f4d26))
+* New construct - Opinionated RIO pipeline ([c79b5ba](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/c79b5bad900db68fb06aed8606852618c58cae6f))
+* New construct - Opinionated RIO pipeline ([9a3e471](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/9a3e471508966faa9c0fa391518de6a817545698))
+* New construct - Opinionated RIO pipeline ([5bebea5](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/5bebea5ebec06fbc8c8b637310f9d98a0e98cc48))
+* New construct - Opinionated RIO pipeline ([3f6ac5d](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/3f6ac5d673c083643f5831d52b6a9ff7eacc9698))
+* New construct - Opinionated RIO pipeline ([744d9b9](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/744d9b93bd3816d1f8c588f05456cdbadbdb035f))
+* New construct - Opinionated RIO pipeline ([8872869](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/88728697b502be5e383a91627af4bdc0eff34366))
+* New construct - Opinionated RIO pipeline ([89ac4d8](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/89ac4d84315326b326b0b56e2317ec6f6af03490))
+## [2.1.0](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv2.0.6&sourceBranch=refs%2Ftags%2Fv2.1.0) (2022-06-02)
+### Features
+* :sparkles: Added log monitor error for lambda in watchful ([2e01032](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/commits/2e010327cd11b92f455aace32d10ce47f0afb503))
 ### [2.0.6](https://collaboration.msi.audi.com/stash/projects/RIODEV/repos/cdk-v2-constructs/compare/commits?targetBranch=refs%2Ftags%2Fv2.0.5&sourceBranch=refs%2Ftags%2Fv2.0.6) (2022-05-31)

package/CONTRIBUTION.md CHANGED Viewed

@@ -1,15 +1,128 @@
-## Developing CDK libraries
+# Developing CDK libraries
+We generally distinguish between two kinds of constructs: "core constructs" and "contributions".
+Core constructs are officially provided and maintained by team CLAID while contributions are provided and maintained by teams/groups of developers at RIO/MAN.
+## Difference between core constructs and contributions
+### Core constructs
+* Are officially provided and maintained by team CLAID.
+* You can safely use any of them if there is no explicit deprecation and beta warning available.
+* If you miss a feature or functionality, simply create a ticket at [team CLAID's feature request board](https://collaboration.msi.audi.com/jira/secure/RapidBoard.jspa?rapidView=7682).
+* If you find a bug or have general question on the usage of the constructs, please create a platform support request in the [#rio-platform-support Slack channel](https://my-rio.slack.com/archives/C034WAG3QUA).
+### Contributions
+* Are provided by third parties, e.g., teams or groups of developer at RIO.
+* Usage of these constructs is at you own risk. Get in contact with the owning team/group to find out if the construct stable and thus ready to use for you.
+* For any feedback, improvements, or bug tickets, please read the construct's `CONTRIBUTION.md` file.
+* Team CLAID does not guarantee any backward compatibility/stability for these constructs. We will try our very best to avoid any breaking changes, but if we are blocked by such a construct, we will simply (temporarily) remove it from a new version.
+## Committing code
 Provide commit messages according to [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). This library uses [standard-version](https://github.com/conventional-changelog/standard-version) to generate the changelog and publish a new version.
-Example commit message:
-```shell
-fix(watchful): :bug: removing toggle rioclaid-1857-datadog-threshold; removed threshold
-rioclaid-1857
+Example commit message are
+```text
+feat(pipeline): added new stage for secrets deployment
+* RIOCLAID-1932 RIOCLAID-1934
+```
+and
+```text
+chore: Relax CDK dependency resolution to ease usage for customers
+* Now the teams can use their own CDK version (at least 2.20.0) and must not explicitly use ours
+* RIOCLAID-2510
 ```
-## Releasing a new version
+Moreover, you need to sign your commits using GPG, see the [Bitbucket documentation](https://confluence.atlassian.com/bitbucketserver/using-gpg-keys-913477014.html#UsingGPGkeys-SigncommitsandtagswithaGPGkey).
+## Contributions
+First of all, thank you for considering a contribution to the CDK constructs library.
+We as team CLAID welcome any contribution and are happy to help you with building the construct.
+We support providing custom constructs provided by you.
+You can, of course, always use any other mechanism to share commonly used constructs, but adding them to the RIO CDK constructs removes some burden from you.
+* We take care of the release process for you, i.e., we release the project to `npm` and make sure that the construct is `jsii`-compatible (which allows us to eventually release the constructs in another language, e.g., Java, later if needed).
+* We run all the tests in our CI/CD pipeline and make sure that the construct works well with core constructs.
+* You can use our Claidometer infrastructure to track the usage of your constructs for free, e.g., how often is it currently being used and which versions are out there.
+* If needed, we consult you in building the construct as early as in the design phase.
+* You get a peer review by a developer from team CLAID.
+There is no free lunch and thus providing contributions also comes with some (hopefully neglectable) costs compared to the benefits.
+In the case of contributions, we ask you to follow some rules.
+### Respect the folder structure
+We require you to define a team/group owning the construct and use that name as the top-level folder in the `src/contributions` folder.
+For each high-level construct you provide, we recommend adding a separate folder named by the construct.
+As an example, you team/group's folder structure might look as follows (only showing the mandatory files).
+```text
+src/contributions                           # the place for all contributions
+└── team-super-awesome                      # the name of the team/group providing the construct
+    ├── CONTRIBUTION.md                     # contribution information, e.g., contact details
+    ├── super-awesome-construct             # the name of the construct
+    │   ├── .
+    │   ├── .
+    │   ├── .
+    │   ├── CHANGELOG.md                    # a changelog for the semantically versioned releases
+    │   └── README.md                       # general information for the construct, e.g., how to use it
+    └── yet-another-construct               # the name of the construct
+        ├── .
+        ├── .
+        ├── .
+        ├── CHANGELOG.md                    # a changelog for the semantically versioned releases
+        └── README.md                       # general information for the construct, e.g., how to use it
+```
+#### Provide a `CONTRIBUTION.md` file
+The file must contain the following information.
+* Who are you?
+* How can persons contact you if they want to contribute to the construct?
+* What is the preferred way of contributing? Do you, e.g., prefer PRs or a ticket?
+#### Provide a `CHANGELOG.md` file
+* Use [semantic versioning](https://semver.org/) (make sure to update the `Claidometer` construct accordingly on new relases)
+* Describe the changes, e.g.,
+  > * 🎉 new feature released
+  > * 🐛 bug squashed
+  > * 📚 documentation improved
+  > * ⚠️ deprecation warning/breaking change including steps how to resolve it
+### Use Claidometer to track the usage of your constructs
+Simply add the `Claidometer` construct and provide the following information.
+* `product`: Use `ClaidometerProduct.CDK_CONTRIBUTION` here
+* `packageName`: We recommend to use the owning team/group here
+* `feature`: We recommend to use the name of the feature
+* `version`: The current version of the construct (should be aligned with the `CHANGELOG.md`)
+If you follow the recommended folder structure, you can derive both the `packageName` and the `feature` from it, e.g.
+```typescript
+const [feature, packageName] = __dirname.split(path.sep).reverse();
+new Claidometer(this, 'Claidometer', {
+  product: ClaidometerProduct.CDK_CONTRIBUTION,
+  packageName,
+  feature,
+  version: '0.0.1',
+});
+```
+This enables you to track the usage of the construct and the versions in use over time.
+Claidometer makes sure that each usage of the construct is stored in the data lake and allows CLAID to query/visualize the Data in Athena and/or Quicksight.
+Contact team CLAID if you want to get insights into the data or need access to it.
+### Think about your commitment
-Make sure that the parameter store `/config/npm/token` having the npm token to publish is added before releasing.
+Be aware that, even though it is hopefully quite easy to release a CDK contribution, other developers can see the code and might want to use it or improve upon it.
+Therefore, clearly state the usage and your expectations in the `README.md` and `CONTRIBUTION.md`.
+If your intention is to share some highly team-specific code between your team's CDK services but do not want others to use that solution, clearly state it there.
+(Though we highly discourage you from doing that as we think that the option to collaborate and share constructs is one of the key benefits from CDK.)
+Please also react to any feedback of developers using the stated feedback channels.
-1. Create locally a new release by running `npm run release`. (e.g. `npm run release -- --release-as minor`)
-2. Check the generated `CHANGELOG.md` file and adjust thing when necessary
+Finally, we as team CLAID might need to change or even remove your constructs in future CDK releases if it blocks us, e.g., to release a critical feature.
+We will try to contact you upfront in case of non-trivial changes and do our best to avoid removing the construct.

package/MIGRATION_GUIDE.md CHANGED Viewed

@@ -13,7 +13,7 @@
    3. **add `constructs`**: `npm install constructs@10`
    4. **replace imports**: `$ npx -p aws-cdk-migration rewrite-imports-v2 <your-source-root-here>/**/*.ts`
    5. update `cdk.json` (e.g., by generating a new CDKv2 app in another folder with `npx cdk@2 init app --language=typescript` and comparing its `cdk.json` with yours)
-   6. replace `@aws-cdk/assert` with `aws-cdk-lib/assertions` ando migrate expectations to `Template.fromStack(...).hasResource`
+   6. replace `@aws-cdk/assert` with `aws-cdk-lib/assertions` and migrate expectations to `Template.fromStack(...).hasResource`
    * additional information: [Official Migration Guide](https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html)
 5. Replace `@rioclaid/cdk-constructs` with `@rio-cloud/cdk-v2-constructs`
    * **add `@rio-cloud/cdk-v2-constructs`**: `npm install @rio-cloud/cdk-v2-constructs`

package/lib/contributions/team-transport-two/pipeline/application-stage.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { Stage, StageProps } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import { IAppStackFactory } from './pipeline-stack';
+interface ApplicationProps extends StageProps {
+    readonly serviceName: string;
+    readonly version: string;
+    readonly appStackFactory: IAppStackFactory;
+}
+export declare class Application extends Stage {
+    constructor(scope: Construct, id: string, props: ApplicationProps);
+}
+export {};

package/lib/contributions/team-transport-two/pipeline/application-stage.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Application = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+class Application extends aws_cdk_lib_1.Stage {
+    constructor(scope, id, props) {
+        super(scope, id, props);
+        props.appStackFactory.create(this, {
+            serviceName: props.serviceName,
+            stackName: props.serviceName,
+            version: props.version,
+        });
+    }
+}
+exports.Application = Application;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBwbGljYXRpb24tc3RhZ2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvY29udHJpYnV0aW9ucy90ZWFtLXRyYW5zcG9ydC10d28vcGlwZWxpbmUvYXBwbGljYXRpb24tc3RhZ2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQWdEO0FBVWhELE1BQWEsV0FBWSxTQUFRLG1CQUFLO0lBQ3BDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBdUI7UUFDL0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsS0FBSyxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFO1lBQ2pDLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztZQUM5QixTQUFTLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDNUIsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1NBQ3ZCLENBQUMsQ0FBQztJQUNMLENBQUM7Q0FDRjtBQVZELGtDQVVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgU3RhZ2UsIFN0YWdlUHJvcHMgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IElBcHBTdGFja0ZhY3RvcnkgfSBmcm9tICcuL3BpcGVsaW5lLXN0YWNrJztcblxuaW50ZXJmYWNlIEFwcGxpY2F0aW9uUHJvcHMgZXh0ZW5kcyBTdGFnZVByb3BzIHtcbiAgcmVhZG9ubHkgc2VydmljZU5hbWU6IHN0cmluZztcbiAgcmVhZG9ubHkgdmVyc2lvbjogc3RyaW5nO1xuICByZWFkb25seSBhcHBTdGFja0ZhY3Rvcnk6IElBcHBTdGFja0ZhY3Rvcnk7XG59XG5cbmV4cG9ydCBjbGFzcyBBcHBsaWNhdGlvbiBleHRlbmRzIFN0YWdlIHtcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEFwcGxpY2F0aW9uUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHByb3BzKTtcblxuICAgIHByb3BzLmFwcFN0YWNrRmFjdG9yeS5jcmVhdGUodGhpcywge1xuICAgICAgc2VydmljZU5hbWU6IHByb3BzLnNlcnZpY2VOYW1lLFxuICAgICAgc3RhY2tOYW1lOiBwcm9wcy5zZXJ2aWNlTmFtZSxcbiAgICAgIHZlcnNpb246IHByb3BzLnZlcnNpb24sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==

package/lib/contributions/team-transport-two/pipeline/build-project.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import * as pipelines from 'aws-cdk-lib/pipelines';
+import { Construct } from 'constructs';
+export interface RioGradleCodeBuildProjectProps {
+    input: pipelines.IFileSetProducer;
+    cdkOutDirectory?: string;
+    buildSpecPath: string;
+    serviceName: string;
+    hostedZoneName: string;
+    env?: Record<string, string>;
+}
+export declare class RioGradleCodeBuildProject extends pipelines.CodeBuildStep {
+    constructor(scope: Construct, id: string, props: RioGradleCodeBuildProjectProps);
+}

package/lib/contributions/team-transport-two/pipeline/build-project.js ADDED Viewed

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RioGradleCodeBuildProject = void 0;
+const fs = require("fs");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const codebuild = require("aws-cdk-lib/aws-codebuild");
+const pipelines = require("aws-cdk-lib/pipelines");
+const yaml = require("js-yaml");
+class RioGradleCodeBuildProject extends pipelines.CodeBuildStep {
+    constructor(scope, id, props) {
+        var _a;
+        super(id, {
+            input: props.input,
+            partialBuildSpec: codebuild.BuildSpec.fromObject(yaml.load(fs.readFileSync(props.buildSpecPath, { encoding: 'utf-8' }))),
+            commands: [],
+            buildEnvironment: {
+                buildImage: codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                computeType: codebuild.ComputeType.LARGE,
+                environmentVariables: {
+                    AWS_ACCOUNT_ID: { value: aws_cdk_lib_1.Stack.of(scope).account },
+                    SERVICE_NAME: { value: props.serviceName },
+                    HOSTED_ZONE: { value: props.hostedZoneName },
+                },
+            },
+            primaryOutputDirectory: (_a = props.cdkOutDirectory) !== null && _a !== void 0 ? _a : './',
+            env: props.env,
+        });
+    }
+}
+exports.RioGradleCodeBuildProject = RioGradleCodeBuildProject;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYnVpbGQtcHJvamVjdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9jb250cmlidXRpb25zL3RlYW0tdHJhbnNwb3J0LXR3by9waXBlbGluZS9idWlsZC1wcm9qZWN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlCQUF5QjtBQUN6Qiw2Q0FBb0M7QUFDcEMsdURBQXVEO0FBQ3ZELG1EQUFtRDtBQUVuRCxnQ0FBZ0M7QUFXaEMsTUFBYSx5QkFBMEIsU0FBUSxTQUFTLENBQUMsYUFBYTtJQUNwRSxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXFDOztRQUM3RSxLQUFLLENBQUMsRUFBRSxFQUFFO1lBQ1IsS0FBSyxFQUFFLEtBQUssQ0FBQyxLQUFLO1lBQ2xCLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsYUFBYSxFQUFFLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQVcsQ0FBQztZQUNsSSxRQUFRLEVBQUUsRUFBRTtZQUNaLGdCQUFnQixFQUFFO2dCQUNoQixVQUFVLEVBQUUsU0FBUyxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0I7Z0JBQ3RELFdBQVcsRUFBRSxTQUFTLENBQUMsV0FBVyxDQUFDLEtBQUs7Z0JBQ3hDLG9CQUFvQixFQUFFO29CQUNwQixjQUFjLEVBQUUsRUFBRSxLQUFLLEVBQUUsbUJBQUssQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsT0FBTyxFQUFFO29CQUNsRCxZQUFZLEVBQUUsRUFBRSxLQUFLLEVBQUUsS0FBSyxDQUFDLFdBQVcsRUFBRTtvQkFDMUMsV0FBVyxFQUFFLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxjQUFjLEVBQUU7aUJBQzdDO2FBQ0Y7WUFDRCxzQkFBc0IsUUFBRSxLQUFLLENBQUMsZUFBZSxtQ0FBSSxJQUFJO1lBQ3JELEdBQUcsRUFBRSxLQUFLLENBQUMsR0FBRztTQUNmLENBQ0EsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQXBCRCw4REFvQkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBmcyBmcm9tICdmcyc7XG5pbXBvcnQgeyBTdGFjayB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGNvZGVidWlsZCBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY29kZWJ1aWxkJztcbmltcG9ydCAqIGFzIHBpcGVsaW5lcyBmcm9tICdhd3MtY2RrLWxpYi9waXBlbGluZXMnO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgKiBhcyB5YW1sIGZyb20gJ2pzLXlhbWwnO1xuXG5leHBvcnQgaW50ZXJmYWNlIFJpb0dyYWRsZUNvZGVCdWlsZFByb2plY3RQcm9wcyB7XG4gIGlucHV0OiBwaXBlbGluZXMuSUZpbGVTZXRQcm9kdWNlcjtcbiAgY2RrT3V0RGlyZWN0b3J5Pzogc3RyaW5nO1xuICBidWlsZFNwZWNQYXRoOiBzdHJpbmc7XG4gIHNlcnZpY2VOYW1lOiBzdHJpbmc7XG4gIGhvc3RlZFpvbmVOYW1lOiBzdHJpbmc7XG4gIGVudj86IFJlY29yZDxzdHJpbmcsIHN0cmluZz47XG59XG5cbmV4cG9ydCBjbGFzcyBSaW9HcmFkbGVDb2RlQnVpbGRQcm9qZWN0IGV4dGVuZHMgcGlwZWxpbmVzLkNvZGVCdWlsZFN0ZXAge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogUmlvR3JhZGxlQ29kZUJ1aWxkUHJvamVjdFByb3BzKSB7XG4gICAgc3VwZXIoaWQsIHtcbiAgICAgIGlucHV0OiBwcm9wcy5pbnB1dCxcbiAgICAgIHBhcnRpYWxCdWlsZFNwZWM6IGNvZGVidWlsZC5CdWlsZFNwZWMuZnJvbU9iamVjdCh5YW1sLmxvYWQoZnMucmVhZEZpbGVTeW5jKHByb3BzLmJ1aWxkU3BlY1BhdGgsIHsgZW5jb2Rpbmc6ICd1dGYtOCcgfSkpIGFzIE9iamVjdCksXG4gICAgICBjb21tYW5kczogW10sXG4gICAgICBidWlsZEVudmlyb25tZW50OiB7XG4gICAgICAgIGJ1aWxkSW1hZ2U6IGNvZGVidWlsZC5MaW51eEJ1aWxkSW1hZ2UuQU1BWk9OX0xJTlVYXzJfMyxcbiAgICAgICAgY29tcHV0ZVR5cGU6IGNvZGVidWlsZC5Db21wdXRlVHlwZS5MQVJHRSxcbiAgICAgICAgZW52aXJvbm1lbnRWYXJpYWJsZXM6IHtcbiAgICAgICAgICBBV1NfQUNDT1VOVF9JRDogeyB2YWx1ZTogU3RhY2sub2Yoc2NvcGUpLmFjY291bnQgfSxcbiAgICAgICAgICBTRVJWSUNFX05BTUU6IHsgdmFsdWU6IHByb3BzLnNlcnZpY2VOYW1lIH0sXG4gICAgICAgICAgSE9TVEVEX1pPTkU6IHsgdmFsdWU6IHByb3BzLmhvc3RlZFpvbmVOYW1lIH0sXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgICAgcHJpbWFyeU91dHB1dERpcmVjdG9yeTogcHJvcHMuY2RrT3V0RGlyZWN0b3J5ID8/ICcuLycsXG4gICAgICBlbnY6IHByb3BzLmVudixcbiAgICB9LFxuICAgICk7XG4gIH1cbn1cbiJdfQ==

package/lib/contributions/team-transport-two/pipeline/buildspec-vulnerability-checks.yaml ADDED Viewed

@@ -0,0 +1,19 @@
+version: 0.2
+env:
+  variables:
+    LANG: C.UTF-8
+    JAVA_HOME: /usr/lib/jvm/java-17-amazon-corretto.x86_64
+phases:
+  pre_build:
+    commands:
+      - yum install --assumeyes --quiet java-17-amazon-corretto-devel
+      - alternatives --set java /usr/lib/jvm/java-17-amazon-corretto.x86_64/bin/java
+  build:
+    commands:
+      - ./gradlew dependencyCheckAnalyze
+cache:
+  paths:
+    - /root/.cache/**/*
+    - /root/.gradle/caches/**/*
+    - /root/.gradle/wrapper/**/*
+    - /root/.gradle/dependency-check-data/**/*

package/lib/contributions/team-transport-two/pipeline/buildspec.yaml ADDED Viewed

@@ -0,0 +1,58 @@
+version: '0.2'
+env:
+  parameter-store:
+    SERVICE_KEYSTORE_PASSWORD: /config/${SERVICE_NAME}/service-keystore-password
+    LICENSE_BUCKET_NAME: /config/oss-licenses/bucket-name
+    ACCOUNT_NAME: /config/account/name
+  variables:
+    JAVA_HOME: /usr/lib/jvm/java-17-amazon-corretto.x86_64
+phases:
+  pre_build:
+    commands:
+      - yum install --assumeyes --quiet java-17-amazon-corretto-devel
+      - alternatives --set java /usr/lib/jvm/java-17-amazon-corretto.x86_64/bin/java
+  build:
+    commands:
+      # Keep this echo statement for identifying the default buildspec in our test
+      - echo "Using standard gradle build spec..."
+      # BUILD AND TEST
+      - ./gradlew clean build
+      # LICENSE CHECKING
+      - set -u; aws s3 cp s3://${LICENSE_BUCKET_NAME}/whitelist-gradle.txt licenses/approved_licenses.txt
+      - ./gradlew checkLicenses
+      - set -u; aws s3 cp licenses/licenses.txt s3://${LICENSE_BUCKET_NAME}/reports/${ACCOUNT_NAME}/${SERVICE_NAME}.txt
+      # SELF CERT SIGNING
+      - keytool -genkey -alias InternalServiceCertificate -keyalg RSA -keystore containerfiles/service-keystore.p12 -validity 3650 -storetype PKCS12 -dname "CN=internal.service.${SERVICE_NAME}.${HOSTED_ZONE_NAME}, OU=Logistics, O=Rio, L=Munich, ST=BY, C=DE" -keypass ${SERVICE_KEYSTORE_PASSWORD} -storepass ${SERVICE_KEYSTORE_PASSWORD}
+      # DOCKER IMAGE BUILD
+      - ./gradlew jibBuildTar --quiet
+      # npm synth action
+      - cd infrastructure
+      - npm install npm@8.12.1 --global
+      - npm ci
+      # mute stdout of cdk synth to not dump the resulting Cfn template in logs
+      - npm run cdk synth 1> /dev/null
+      # In pipeline: Error parsing reference: is not a valid repository/tag: invalid reference format.
+      # workaround due to https://github.com/aws/aws-cdk/issues/18044',
+      - find ./ -type f -name "*DeployApplicationStacks*.assets.json" -print0 | xargs -0  sed --in-place 's|docker load -i asset.|docker load -i ../asset.|g'
+      - cd ..
+reports:
+  JunitTestResults:
+    files:
+      - '**/*'
+    base-directory: build/test-results
+cache:
+  paths:
+    - /cert/**/*
+    - /root/.cache/**/*
+    - /root/.gradle/caches/**/*
+    - /root/.gradle/wrapper/**/*
+    - /root/google-cloud-tools-java/jib/**/*
+    - target/jib-cache/**/*

package/lib/contributions/team-transport-two/pipeline/datadog-monitors.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { Reference } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import { DatadogMonitor } from '../../../datadog/datadogMonitor';
+interface DatadogPipelineMonitorProps {
+    pipelineName: string | Reference;
+    serviceName: string;
+    accountId: string;
+}
+export declare class DatadogPipelineErrorAlert extends DatadogMonitor {
+    constructor(scope: Construct, id: string, props: DatadogPipelineMonitorProps);
+}
+export declare class DataDogPipelineErrorAlertForVulnerabilityChecks extends DatadogMonitor {
+    constructor(scope: Construct, id: string, props: DatadogPipelineMonitorProps);
+}
+export {};

package/lib/contributions/team-transport-two/pipeline/datadog-monitors.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataDogPipelineErrorAlertForVulnerabilityChecks = exports.DatadogPipelineErrorAlert = void 0;
+const datadogMonitor_1 = require("../../../datadog/datadogMonitor");
+class DatadogPipelineErrorAlert extends datadogMonitor_1.DatadogMonitor {
+    constructor(scope, id, props) {
+        super(scope, id, {
+            serviceName: props.serviceName,
+            monitor: {
+                type: 'query alert',
+                tags: ['cicd'],
+                query: `min(last_5m):min:deployment.codepipeline.executions{pipeline_name:${props.pipelineName},account_id:${props.accountId}} < 1`,
+                name: 'CI pipeline status',
+                message: '[P5] {{#is_alert}}\\nThe CI build is broken\\n{{/is_alert}} \\n\\n{{#is_alert_recovery}}\\nThe CI build works again.\\n{{/is_alert_recovery}}',
+                options: {
+                    require_full_window: false,
+                },
+            },
+        });
+    }
+}
+exports.DatadogPipelineErrorAlert = DatadogPipelineErrorAlert;
+class DataDogPipelineErrorAlertForVulnerabilityChecks extends datadogMonitor_1.DatadogMonitor {
+    constructor(scope, id, props) {
+        super(scope, id, {
+            serviceName: props.serviceName,
+            alertTypes: ['opsgenie'],
+            monitor: {
+                type: 'query alert',
+                tags: ['cicd'],
+                query: `min(last_5m):min:deployment.codepipeline.executions{pipeline_name:${props.pipelineName},account_id:${props.accountId}} < 1`,
+                name: 'Vulnerability checks',
+                message: '[P3] Vulnerabilities detected',
+                options: {
+                    require_full_window: false,
+                },
+            },
+        });
+    }
+}
+exports.DataDogPipelineErrorAlertForVulnerabilityChecks = DataDogPipelineErrorAlertForVulnerabilityChecks;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGF0YWRvZy1tb25pdG9ycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9jb250cmlidXRpb25zL3RlYW0tdHJhbnNwb3J0LXR3by9waXBlbGluZS9kYXRhZG9nLW1vbml0b3JzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUVBLG9FQUFpRTtBQVFqRSxNQUFhLHlCQUEwQixTQUFRLCtCQUFjO0lBQzNELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBa0M7UUFDMUUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUU7WUFDZixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsT0FBTyxFQUFFO2dCQUNQLElBQUksRUFBRSxhQUFhO2dCQUNuQixJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUM7Z0JBQ2QsS0FBSyxFQUFFLHFFQUFxRSxLQUFLLENBQUMsWUFBWSxlQUFlLEtBQUssQ0FBQyxTQUFTLE9BQU87Z0JBQ25JLElBQUksRUFBRSxvQkFBb0I7Z0JBQzFCLE9BQU8sRUFBRSwrSUFBK0k7Z0JBQ3hKLE9BQU8sRUFBRTtvQkFDUCxtQkFBbUIsRUFBRSxLQUFLO2lCQUMzQjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBaEJELDhEQWdCQztBQUVELE1BQWEsK0NBQWdELFNBQVEsK0JBQWM7SUFDakYsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFrQztRQUMxRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztZQUM5QixVQUFVLEVBQUUsQ0FBQyxVQUFVLENBQUM7WUFDeEIsT0FBTyxFQUFFO2dCQUNQLElBQUksRUFBRSxhQUFhO2dCQUNuQixJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUM7Z0JBQ2QsS0FBSyxFQUFFLHFFQUFxRSxLQUFLLENBQUMsWUFBWSxlQUFlLEtBQUssQ0FBQyxTQUFTLE9BQU87Z0JBQ25JLElBQUksRUFBRSxzQkFBc0I7Z0JBQzVCLE9BQU8sRUFBRSwrQkFBK0I7Z0JBQ3hDLE9BQU8sRUFBRTtvQkFDUCxtQkFBbUIsRUFBRSxLQUFLO2lCQUMzQjthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGO0FBakJELDBHQWlCQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFJlZmVyZW5jZSB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgRGF0YWRvZ01vbml0b3IgfSBmcm9tICcuLi8uLi8uLi9kYXRhZG9nL2RhdGFkb2dNb25pdG9yJztcblxuaW50ZXJmYWNlIERhdGFkb2dQaXBlbGluZU1vbml0b3JQcm9wcyB7XG4gIHBpcGVsaW5lTmFtZTogc3RyaW5nIHwgUmVmZXJlbmNlO1xuICBzZXJ2aWNlTmFtZTogc3RyaW5nO1xuICBhY2NvdW50SWQ6IHN0cmluZztcbn1cblxuZXhwb3J0IGNsYXNzIERhdGFkb2dQaXBlbGluZUVycm9yQWxlcnQgZXh0ZW5kcyBEYXRhZG9nTW9uaXRvciB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBEYXRhZG9nUGlwZWxpbmVNb25pdG9yUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIHNlcnZpY2VOYW1lOiBwcm9wcy5zZXJ2aWNlTmFtZSxcbiAgICAgIG1vbml0b3I6IHtcbiAgICAgICAgdHlwZTogJ3F1ZXJ5IGFsZXJ0JyxcbiAgICAgICAgdGFnczogWydjaWNkJ10sXG4gICAgICAgIHF1ZXJ5OiBgbWluKGxhc3RfNW0pOm1pbjpkZXBsb3ltZW50LmNvZGVwaXBlbGluZS5leGVjdXRpb25ze3BpcGVsaW5lX25hbWU6JHtwcm9wcy5waXBlbGluZU5hbWV9LGFjY291bnRfaWQ6JHtwcm9wcy5hY2NvdW50SWR9fSA8IDFgLFxuICAgICAgICBuYW1lOiAnQ0kgcGlwZWxpbmUgc3RhdHVzJyxcbiAgICAgICAgbWVzc2FnZTogJ1tQNV0ge3sjaXNfYWxlcnR9fVxcXFxuVGhlIENJIGJ1aWxkIGlzIGJyb2tlblxcXFxue3svaXNfYWxlcnR9fSBcXFxcblxcXFxue3sjaXNfYWxlcnRfcmVjb3Zlcnl9fVxcXFxuVGhlIENJIGJ1aWxkIHdvcmtzIGFnYWluLlxcXFxue3svaXNfYWxlcnRfcmVjb3Zlcnl9fScsXG4gICAgICAgIG9wdGlvbnM6IHtcbiAgICAgICAgICByZXF1aXJlX2Z1bGxfd2luZG93OiBmYWxzZSxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cbn1cblxuZXhwb3J0IGNsYXNzIERhdGFEb2dQaXBlbGluZUVycm9yQWxlcnRGb3JWdWxuZXJhYmlsaXR5Q2hlY2tzIGV4dGVuZHMgRGF0YWRvZ01vbml0b3Ige1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogRGF0YWRvZ1BpcGVsaW5lTW9uaXRvclByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICBzZXJ2aWNlTmFtZTogcHJvcHMuc2VydmljZU5hbWUsXG4gICAgICBhbGVydFR5cGVzOiBbJ29wc2dlbmllJ10sXG4gICAgICBtb25pdG9yOiB7XG4gICAgICAgIHR5cGU6ICdxdWVyeSBhbGVydCcsXG4gICAgICAgIHRhZ3M6IFsnY2ljZCddLFxuICAgICAgICBxdWVyeTogYG1pbihsYXN0XzVtKTptaW46ZGVwbG95bWVudC5jb2RlcGlwZWxpbmUuZXhlY3V0aW9uc3twaXBlbGluZV9uYW1lOiR7cHJvcHMucGlwZWxpbmVOYW1lfSxhY2NvdW50X2lkOiR7cHJvcHMuYWNjb3VudElkfX0gPCAxYCxcbiAgICAgICAgbmFtZTogJ1Z1bG5lcmFiaWxpdHkgY2hlY2tzJyxcbiAgICAgICAgbWVzc2FnZTogJ1tQM10gVnVsbmVyYWJpbGl0aWVzIGRldGVjdGVkJyxcbiAgICAgICAgb3B0aW9uczoge1xuICAgICAgICAgIHJlcXVpcmVfZnVsbF93aW5kb3c6IGZhbHNlLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxufVxuIl19

package/lib/contributions/team-transport-two/pipeline/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './pipeline-stack';

package/lib/contributions/team-transport-two/pipeline/index.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !exports.hasOwnProperty(p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./pipeline-stack"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvY29udHJpYnV0aW9ucy90ZWFtLXRyYW5zcG9ydC10d28vcGlwZWxpbmUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7O0FBQUEsbURBQWlDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSAnLi9waXBlbGluZS1zdGFjayc7XG4iXX0=

package/lib/contributions/team-transport-two/pipeline/pipeline-stack.d.ts ADDED Viewed

@@ -0,0 +1,105 @@
+import { Stack, StackProps } from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+/**
+  * @struct
+ */
+export interface PipelineStackProps extends StackProps {
+    /**
+     * The name of the service
+     * - This has to be the same name as the repository as the s3 trigger file created by the bitbucket-integration uses this as a prefix
+     * - The serviceName is available as an environment variable SERVICE_NAME in the CodeBuildStep
+     * - The serviceName is available in the AppStackProps in the appStackFactory
+     * - The serviceName is available as stackName property in the AppStackProps in the appStackFactory. I.e. the stack is named after the service
+     * - The serviceName is handed over to all Datadog monitors
+     * - RIO convention is that uploaded license-check-files are named after the service, i.e. serviceName.txt
+     */
+    readonly serviceName: string;
+    /**
+     * Provider for appStack to be deployed.
+     *
+     * This acts as a wrapper for all resources you want to deploy via the pipeline.
+     */
+    readonly appStackFactory: IAppStackFactory;
+    /**
+     * Defines which kind of pipeline is deployed.
+     */
+    readonly pipelineType: PipelineType;
+    /**
+     * Path to a custom buildspec.yaml that is used if provided.
+     *
+     * A pre-defined buildspec.yaml fitting the pipelineType is used if not provided.
+     */
+    readonly customBuildspecPath?: string;
+    /**
+     * Path to secrets file containing encrypted secrets.
+     *
+     * The RioSecretsDeployStep is added prior to deployment of the AppStack if a path is provided.
+     *
+     * No secrets are deployed if no path is provided.
+     */
+    readonly secretsDeployStepProps?: PipelineStackRioSecretsDeployStepProps;
+}
+/**
+ * Provider interface to create the AppStack within the specific scope
+ *
+ * Simply place the AppStack creation into the create-method:
+ * @example
+ *
+ * // Use e.g. within ApplicationProps as JSONObject:
+ * { create: (construct, props) => new Stack(construct, 'AppStack', props) }
+ *
+ * // or simply as class interface within your stack implementation:
+ * class PipelineStage extends Stage implements IAppStackFactory {
+ *   constructor(scope: Construct, id: string, props: StageProps) {
+ *     super(scope, id, props);
+ *     // your stage definitiom
+ *   }
+ *
+ *   create(scope: Construct, props: AppStackProps): void {
+ *     // app stack initiation goes in here
+ *   }
+ * }
+ */
+export interface IAppStackFactory {
+    /**
+     * Factory method, being invoked with the specific scope during pipeline instantiation
+     *
+     * @param scope the parent construct for the app stack
+     * @param props the app stacks properties
+     */
+    create(scope: Construct, props: AppStackProps): void;
+}
+export interface AppStackProps extends StackProps {
+    readonly serviceName: string;
+    readonly version: string;
+}
+/**
+ * Selected properties being handed over to RioSecretsDeployStep.
+ *
+ * @see rio.RioSecretsDeployStep
+ * @see rio.RioSecretsDeployStepProps
+ */
+export interface PipelineStackRioSecretsDeployStepProps {
+    readonly secretsFilePath: string;
+}
+export declare enum PipelineType {
+    /**
+     * Self-mutating codepipeline deploying the provided AppStack. Be aware: The provided service won't have access to Kafka.
+     *
+     * Comes with a pre-defined buildspec.yaml for a gradle project. This buildspec.yaml is used for both the main and
+     * branch pipeline and includes the following steps
+     * - build and test of the artifact via command "./gradlew clean build".
+     * <p> This gradle command must be provided by the gradle project.
+     * - license-check and upload of license-check-file via command "./gradlew checkLicenses".
+     * <p> This gradle command must be provided by the gradle project.
+     * - create a self-signed certificate to make TLS communication possible, e.g. with a loadbalancer.
+     * - build the container image via command "./gradlew jibBuildTar".
+     * <p> This gradle command must be provided by the gradle project.
+     */
+    STANDARD_GRADLE = "STANDARD_GRADLE"
+}
+export declare class PipelineStack extends Stack {
+    private static addLifecycleRuleArtifactBucket;
+    constructor(scope: Construct, id: string, props: PipelineStackProps);
+    private renamePipelineToLowerCase;
+}