daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
700e9af2b8edc6499fd3e4b9c41bd05ebcc0e6b5
agent-claw/cdk/node_modules/aws-cdk-lib/aws-codebuild/lib/project.d.ts
daniel 732b00fb66 agent-claw: automated task changes
2026-05-06 18:55:16 -05:00

1194 lines
46 KiB
TypeScript
Raw Blame History

import type { Construct } from 'constructs';
import type { IArtifacts } from './artifacts';
import { BuildSpec } from './build-spec';
import { Cache } from './cache';
import { CfnProject } from './codebuild.generated';
import type { DockerServerComputeType } from './compute-type';
import { ComputeType } from './compute-type';
import type { IFileSystemLocation } from './file-location';
import type { IFleet } from './fleet';
import { ImagePullPrincipalType } from './image-pull-principal-type';
import type { LoggingOptions } from './project-logs';
import type { ISource } from './source';
import * as cloudwatch from '../../aws-cloudwatch';
import * as notifications from '../../aws-codestarnotifications';
import * as ec2 from '../../aws-ec2';
import type * as ecr from '../../aws-ecr';
import type { DockerImageAssetProps } from '../../aws-ecr-assets';
import * as events from '../../aws-events';
import * as iam from '../../aws-iam';
import * as kms from '../../aws-kms';
import type * as s3 from '../../aws-s3';
import type * as secretsmanager from '../../aws-secretsmanager';
import type { Duration, IResource } from '../../core';
import { Resource } from '../../core';
import type { IProjectRef, ProjectReference } from '../../interfaces/generated/aws-codebuild-interfaces.generated';
/**
* The type returned from `IProject#enableBatchBuilds`.
*/
export interface BatchBuildConfig {
/** The IAM batch service Role of this Project. */
readonly role: iam.IRole;
}
/**
* Location of a PEM certificate on S3
*/
export interface BuildEnvironmentCertificate {
/**
* The bucket where the certificate is
*/
readonly bucket: s3.IBucket;
/**
* The full path and name of the key file
*/
readonly objectKey: string;
}
/**
* Additional options to pass to the notification rule.
*/
export interface ProjectNotifyOnOptions extends notifications.NotificationRuleOptions {
/**
* A list of event types associated with this notification rule for CodeBuild Project.
* For a complete list of event types and IDs, see Notification concepts in the Developer Tools Console User Guide.
* @see https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#concepts-api
*/
readonly events: ProjectNotificationEvents[];
}
export interface IProject extends IResource, iam.IGrantable, ec2.IConnectable, notifications.INotificationRuleSource, IProjectRef {
/**
* The ARN of this Project.
* @attribute
*/
readonly projectArn: string;
/**
* The human-visible name of this Project.
* @attribute
*/
readonly projectName: string;
/** The IAM service Role of this Project. Undefined for imported Projects. */
readonly role?: iam.IRole;
/**
* Enable batch builds.
*
* Returns an object contining the batch service role if batch builds
* could be enabled.
*/
enableBatchBuilds(): BatchBuildConfig | undefined;
addToRolePolicy(policyStatement: iam.PolicyStatement): void;
/**
* Defines a CloudWatch event rule triggered when something happens with this project.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
*/
onEvent(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines a CloudWatch event rule triggered when the build project state
* changes. You can filter specific build status events using an event
* pattern filter on the `build-status` detail field:
*
* const rule = project.onStateChange('OnBuildStarted', { target });
* rule.addEventPattern({
* detail: {
* 'build-status': [
* "IN_PROGRESS",
* "SUCCEEDED",
* "FAILED",
* "STOPPED"
* ]
* }
* });
*
* You can also use the methods `onBuildFailed` and `onBuildSucceeded` to define rules for
* these specific state changes.
*
* To access fields from the event in the event target input,
* use the static fields on the `StateChangeEvent` class.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
*/
onStateChange(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines a CloudWatch event rule that triggers upon phase change of this
* build project.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
*/
onPhaseChange(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an event rule which triggers when a build starts.
*/
onBuildStarted(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an event rule which triggers when a build fails.
*/
onBuildFailed(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an event rule which triggers when a build completes successfully.
*/
onBuildSucceeded(id: string, options?: events.OnEventOptions): events.Rule;
/**
* @returns a CloudWatch metric associated with this build project.
* @param metricName The name of the metric
* @param props Customization properties
*/
metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the number of builds triggered.
*
* Units: Count
*
* Valid CloudWatch statistics: Sum
*
* @default sum over 5 minutes
*/
metricBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the duration of all builds over time.
*
* Units: Seconds
*
* Valid CloudWatch statistics: Average (recommended), Maximum, Minimum
*
* @default average over 5 minutes
*/
metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the number of successful builds.
*
* Units: Count
*
* Valid CloudWatch statistics: Sum
*
* @default sum over 5 minutes
*/
metricSucceededBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the number of builds that failed because of client error or
* because of a timeout.
*
* Units: Count
*
* Valid CloudWatch statistics: Sum
*
* @default sum over 5 minutes
*/
metricFailedBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Defines a CodeStar Notification rule triggered when the project
* events emitted by you specified, it very similar to `onEvent` API.
*
* You can also use the methods `notifyOnBuildSucceeded` and
* `notifyOnBuildFailed` to define rules for these specific event emitted.
*
* @param id The logical identifier of the CodeStar Notifications rule that will be created
* @param target The target to register for the CodeStar Notifications destination.
* @param options Customization options for CodeStar Notifications rule
* @returns CodeStar Notifications rule associated with this build project.
*/
notifyOn(id: string, target: notifications.INotificationRuleTarget, options: ProjectNotifyOnOptions): notifications.INotificationRule;
/**
* Defines a CodeStar notification rule which triggers when a build completes successfully.
*/
notifyOnBuildSucceeded(id: string, target: notifications.INotificationRuleTarget, options?: notifications.NotificationRuleOptions): notifications.INotificationRule;
/**
* Defines a CodeStar notification rule which triggers when a build fails.
*/
notifyOnBuildFailed(id: string, target: notifications.INotificationRuleTarget, options?: notifications.NotificationRuleOptions): notifications.INotificationRule;
}
/**
* Represents a reference to a CodeBuild Project.
*
* If you're managing the Project alongside the rest of your CDK resources,
* use the `Project` class.
*
* If you want to reference an already existing Project
* (or one defined in a different CDK Stack),
* use the `import` method.
*/
declare abstract class ProjectBase extends Resource implements IProject {
abstract readonly grantPrincipal: iam.IPrincipal;
/** The ARN of this Project. */
abstract readonly projectArn: string;
/** The human-visible name of this Project. */
abstract readonly projectName: string;
/** The IAM service Role of this Project. */
abstract readonly role?: iam.IRole;
get projectRef(): ProjectReference;
/**
* Actual connections object for this Project.
* May be unset, in which case this Project is not configured to use a VPC.
* @internal
*/
protected _connections: ec2.Connections | undefined;
/**
* Access the Connections object.
* Will fail if this Project does not have a VPC set.
*/
get connections(): ec2.Connections;
enableBatchBuilds(): BatchBuildConfig | undefined;
/**
* Add a permission only if there's a policy attached.
* @param statement The permissions statement to add
*/
addToRolePolicy(statement: iam.PolicyStatement): void;
/**
* Defines a CloudWatch event rule triggered when something happens with this project.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
*/
onEvent(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines a CloudWatch event rule triggered when the build project state
* changes. You can filter specific build status events using an event
* pattern filter on the `build-status` detail field:
*
* const rule = project.onStateChange('OnBuildStarted', { target });
* rule.addEventPattern({
* detail: {
* 'build-status': [
* "IN_PROGRESS",
* "SUCCEEDED",
* "FAILED",
* "STOPPED"
* ]
* }
* });
*
* You can also use the methods `onBuildFailed` and `onBuildSucceeded` to define rules for
* these specific state changes.
*
* To access fields from the event in the event target input,
* use the static fields on the `StateChangeEvent` class.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
*/
onStateChange(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines a CloudWatch event rule that triggers upon phase change of this
* build project.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
*/
onPhaseChange(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an event rule which triggers when a build starts.
*
* To access fields from the event in the event target input,
* use the static fields on the `StateChangeEvent` class.
*/
onBuildStarted(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an event rule which triggers when a build fails.
*
* To access fields from the event in the event target input,
* use the static fields on the `StateChangeEvent` class.
*/
onBuildFailed(id: string, options?: events.OnEventOptions): events.Rule;
/**
* Defines an event rule which triggers when a build completes successfully.
*
* To access fields from the event in the event target input,
* use the static fields on the `StateChangeEvent` class.
*/
onBuildSucceeded(id: string, options?: events.OnEventOptions): events.Rule;
/**
* @returns a CloudWatch metric associated with this build project.
* @param metricName The name of the metric
* @param props Customization properties
*/
metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the number of builds triggered.
*
* Units: Count
*
* Valid CloudWatch statistics: Sum
*
* @default sum over 5 minutes
*/
metricBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the duration of all builds over time.
*
* Units: Seconds
*
* Valid CloudWatch statistics: Average (recommended), Maximum, Minimum
*
* @default average over 5 minutes
*/
metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the number of successful builds.
*
* Units: Count
*
* Valid CloudWatch statistics: Sum
*
* @default sum over 5 minutes
*/
metricSucceededBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
/**
* Measures the number of builds that failed because of client error or
* because of a timeout.
*
* Units: Count
*
* Valid CloudWatch statistics: Sum
*
* @default sum over 5 minutes
*/
metricFailedBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;
notifyOn(id: string, target: notifications.INotificationRuleTarget, options: ProjectNotifyOnOptions): notifications.INotificationRule;
notifyOnBuildSucceeded(id: string, target: notifications.INotificationRuleTarget, options?: notifications.NotificationRuleOptions): notifications.INotificationRule;
notifyOnBuildFailed(id: string, target: notifications.INotificationRuleTarget, options?: notifications.NotificationRuleOptions): notifications.INotificationRule;
bindAsNotificationRuleSource(_scope: Construct): notifications.NotificationRuleSourceConfig;
private cannedMetric;
}
export interface CommonProjectProps {
/**
* A description of the project. Use the description to identify the purpose
* of the project.
*
* @default - No description.
*/
readonly description?: string;
/**
* Filename or contents of buildspec in JSON format.
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-example
*
* @default - Empty buildspec.
*/
readonly buildSpec?: BuildSpec;
/**
* Service Role to assume while running the build.
*
* @default - A role will be created.
*/
readonly role?: iam.IRole;
/**
* Encryption key to use to read and write artifacts.
*
* @default - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.
*/
readonly encryptionKey?: kms.IKey;
/**
* Caching strategy to use.
*
* @default Cache.none
*/
readonly cache?: Cache;
/**
* Build environment to use for the build.
*
* @default BuildEnvironment.LinuxBuildImage.STANDARD_7_0
*/
readonly environment?: BuildEnvironment;
/**
* Indicates whether AWS CodeBuild generates a publicly accessible URL for
* your project's build badge. For more information, see Build Badges Sample
* in the AWS CodeBuild User Guide.
*
* @default false
*/
readonly badge?: boolean;
/**
* The number of minutes after which AWS CodeBuild stops the build if it's
* not complete. For valid values, see the timeoutInMinutes field in the AWS
* CodeBuild User Guide.
*
* @default Duration.hours(1)
*/
readonly timeout?: Duration;
/**
* Additional environment variables to add to the build environment.
*
* @default - No additional environment variables are specified.
*/
readonly environmentVariables?: {
[name: string]: BuildEnvironmentVariable;
};
/**
* Whether to check for the presence of any secrets in the environment variables of the default type, BuildEnvironmentVariableType.PLAINTEXT.
* Since using a secret for the value of that kind of variable would result in it being displayed in plain text in the AWS Console,
* the construct will throw an exception if it detects a secret was passed there.
* Pass this property as false if you want to skip this validation,
* and keep using a secret in a plain text environment variable.
*
* @default true
*/
readonly checkSecretsInPlainTextEnvVariables?: boolean;
/**
* The physical, human-readable name of the CodeBuild Project.
*
* @default - Name is automatically generated.
*/
readonly projectName?: string;
/**
* VPC network to place codebuild network interfaces
*
* Specify this if the codebuild project needs to access resources in a VPC.
*
* @default - No VPC is specified.
*/
readonly vpc?: ec2.IVpc;
/**
* Where to place the network interfaces within the VPC.
*
* To access AWS services, your CodeBuild project needs to be in one of the following types of subnets:
*
* 1. Subnets with access to the internet (of type PRIVATE_WITH_EGRESS).
* 2. Private subnets unconnected to the internet, but with [VPC endpoints](https://docs.aws.amazon.com/codebuild/latest/userguide/use-vpc-endpoints-with-codebuild.html) for the necessary services.
*
* If you don't specify a subnet selection, the default behavior is to use PRIVATE_WITH_EGRESS subnets first if they exist,
* then PRIVATE_WITHOUT_EGRESS, and finally PUBLIC subnets. If your VPC doesn't have PRIVATE_WITH_EGRESS subnets but you need
* AWS service access, add VPC Endpoints to your private subnets.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.html
*
* @default - private subnets if available else public subnets
*/
readonly subnetSelection?: ec2.SubnetSelection;
/**
* What security group to associate with the codebuild project's network interfaces.
* If no security group is identified, one will be created automatically.
*
* Only used if 'vpc' is supplied.
*
* @default - Security group will be automatically created.
*
*/
readonly securityGroups?: ec2.ISecurityGroup[];
/**
* Whether to allow the CodeBuild to send all network traffic
*
* If set to false, you must individually add traffic rules to allow the
* CodeBuild project to connect to network targets.
*
* Only used if 'vpc' is supplied.
*
* @default true
*/
readonly allowAllOutbound?: boolean;
/**
* An ProjectFileSystemLocation objects for a CodeBuild build project.
*
* A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint,
* and type of a file system created using Amazon Elastic File System.
*
* @default - no file system locations
*/
readonly fileSystemLocations?: IFileSystemLocation[];
/**
* Add permissions to this project's role to create and use test report groups with name starting with the name of this project.
*
* That is the standard report group that gets created when a simple name
* (in contrast to an ARN)
* is used in the 'reports' section of the buildspec of this project.
* This is usually harmless, but you can turn these off if you don't plan on using test
* reports in this project.
*
* @default true
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/test-report-group-naming.html
*/
readonly grantReportGroupPermissions?: boolean;
/**
* Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.
*
* @default - no log configuration is set
*/
readonly logging?: LoggingOptions;
/**
* The number of minutes after which AWS CodeBuild stops the build if it's
* still in queue. For valid values, see the timeoutInMinutes field in the AWS
* CodeBuild User Guide.
*
* @default - no queue timeout is set
*/
readonly queuedTimeout?: Duration;
/**
* Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit.
*
* @default - no explicit limit is set
*/
readonly concurrentBuildLimit?: number;
/**
* Add the permissions necessary for debugging builds with SSM Session Manager
*
* If the following prerequisites have been met:
*
* - The necessary permissions have been added by setting this flag to true.
* - The build image has the SSM agent installed (true for default CodeBuild images).
* - The build is started with [debugSessionEnabled](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_StartBuild.html#CodeBuild-StartBuild-request-debugSessionEnabled) set to true.
*
* Then the build container can be paused and inspected using Session Manager
* by invoking the `codebuild-breakpoint` command somewhere during the build.
*
* `codebuild-breakpoint` commands will be ignored if the build is not started
* with `debugSessionEnabled=true`.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/session-manager.html
* @default false
*/
readonly ssmSessionPermissions?: boolean;
/**
* Specifies the visibility of the project's builds.
*
* @default - no visibility is set
*/
readonly visibility?: ProjectVisibility;
/**
* CodeBuild will automatically call retry build using the project's service role up to the auto-retry limit.
* `autoRetryLimit` must be between 0 and 10.
*
* @default - no retry
*/
readonly autoRetryLimit?: number;
}
export interface ProjectProps extends CommonProjectProps {
/**
* The source of the build.
* *Note*: if `NoSource` is given as the source,
* then you need to provide an explicit `buildSpec`.
*
* @default - NoSource
*/
readonly source?: ISource;
/**
* Defines where build artifacts will be stored.
* Could be: PipelineBuildArtifacts, NoArtifacts and S3Artifacts.
*
* @default NoArtifacts
*/
readonly artifacts?: IArtifacts;
/**
* The secondary sources for the Project.
* Can be also added after the Project has been created by using the `Project#addSecondarySource` method.
*
* @default - No secondary sources.
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html
*/
readonly secondarySources?: ISource[];
/**
* The secondary artifacts for the Project.
* Can also be added after the Project has been created by using the `Project#addSecondaryArtifact` method.
*
* @default - No secondary artifacts.
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html
*/
readonly secondaryArtifacts?: IArtifacts[];
}
/**
* The extra options passed to the `IProject.bindToCodePipeline` method.
*/
export interface BindToCodePipelineOptions {
/**
* The artifact bucket that will be used by the action that invokes this project.
*/
readonly artifactBucket: s3.IBucket;
}
/**
* A representation of a CodeBuild Project.
*/
export declare class Project extends ProjectBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
static fromProjectArn(scope: Construct, id: string, projectArn: string): IProject;
/**
* Import a Project defined either outside the CDK,
* or in a different CDK Stack
* (and exported using the `export` method).
*
* @note if you're importing a CodeBuild Project for use
* in a CodePipeline, make sure the existing Project
* has permissions to access the S3 Bucket of that Pipeline -
* otherwise, builds in that Pipeline will always fail.
*
* @param scope the parent Construct for this Construct
* @param id the logical name of this Construct
* @param projectName the name of the project to import
* @returns a reference to the existing Project
*/
static fromProjectName(scope: Construct, id: string, projectName: string): IProject;
/**
* Convert the environment variables map of string to `BuildEnvironmentVariable`,
* which is the customer-facing type, to a list of `CfnProject.EnvironmentVariableProperty`,
* which is the representation of environment variables in CloudFormation.
*
* @param environmentVariables the map of string to environment variables
* @param validateNoPlainTextSecrets whether to throw an exception
* if any of the plain text environment variables contain secrets, defaults to 'false'
* @returns an array of `CfnProject.EnvironmentVariableProperty` instances
*/
static serializeEnvVariables(environmentVariables: {
[name: string]: BuildEnvironmentVariable;
}, validateNoPlainTextSecrets?: boolean, principal?: iam.IGrantable): CfnProject.EnvironmentVariableProperty[];
readonly grantPrincipal: iam.IPrincipal;
/**
* The IAM role for this project.
*/
readonly role?: iam.IRole;
/**
* The ARN of the project.
*/
get projectArn(): string;
/**
* The name of the project.
*/
get projectName(): string;
private readonly source;
private readonly buildImage;
private readonly _secondarySources;
private readonly _secondarySourceVersions;
private readonly resource;
private readonly _secondaryArtifacts;
private _encryptionKey?;
private readonly _fileSystemLocations;
private _batchServiceRole?;
constructor(scope: Construct, id: string, props: ProjectProps);
enableBatchBuilds(): BatchBuildConfig | undefined;
/**
* Adds a secondary source to the Project.
*
* @param secondarySource the source to add as a secondary source
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html
*/
addSecondarySource(secondarySource: ISource): void;
/**
* Adds a fileSystemLocation to the Project.
*
* @param fileSystemLocation the fileSystemLocation to add
*/
addFileSystemLocation(fileSystemLocation: IFileSystemLocation): void;
/**
* Adds a secondary artifact to the Project.
*
* @param secondaryArtifact the artifact to add as a secondary artifact
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html
*/
addSecondaryArtifact(secondaryArtifact: IArtifacts): void;
/**
* A callback invoked when the given project is added to a CodePipeline.
*
* @param _scope the construct the binding is taking place in
* @param options additional options for the binding
*/
bindToCodePipeline(_scope: Construct, options: BindToCodePipelineOptions): void;
private validateProject;
private set encryptionKey(value);
private createLoggingPermission;
private renderEnvironment;
private renderFileSystemLocations;
private renderSecondarySources;
private renderSecondarySourceVersions;
private renderSecondaryArtifacts;
private configureFleet;
/**
* If configured, set up the VPC-related properties
*
* Returns the VpcConfig that should be added to the
* codebuild creation properties.
*/
private configureVpc;
private renderLoggingConfiguration;
private addVpcRequiredPermissions;
private validateCodePipelineSettings;
private isLambdaBuildImage;
/**
* Validates a Lambda build image given the project properties.
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/lambda.html#lambda.limitations
*/
private validateLambdaBuildImage;
}
export interface BuildEnvironment {
/**
* The image used for the builds.
*
* @default LinuxBuildImage.STANDARD_7_0
*/
readonly buildImage?: IBuildImage;
/**
* The type of compute to use for this build.
* See the `ComputeType` enum for the possible values.
*
* @default taken from `#buildImage#defaultComputeType`
*/
readonly computeType?: ComputeType;
/**
* The Docker server configuration CodeBuild use to build your Docker image.
*
* @note Security groups configured for Docker servers should allow ingress network traffic
* from the VPC configured in the project. They should allow ingress on port 9876.
* @default - Doesn't use remote docker server
*/
readonly dockerServer?: DockerServerOptions;
/**
* Fleet resource for a reserved capacity CodeBuild project.
*
* Fleets allow for process builds or tests to run immediately and reduces build durations,
* by reserving compute resources for your projects.
*
* You will be charged for the resources in the fleet, even if they are idle.
*
* @default - No fleet will be attached to the project, which will remain on-demand.
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/fleets.html
*/
readonly fleet?: IFleet;
/**
* Indicates how the project builds Docker images. Specify true to enable
* running the Docker daemon inside a Docker container. This value must be
* set to true only if this build project will be used to build Docker
* images, and the specified build environment image is not one provided by
* AWS CodeBuild with Docker support. Otherwise, all associated builds that
* attempt to interact with the Docker daemon will fail.
*
* @default false
*/
readonly privileged?: boolean;
/**
* The location of the PEM-encoded certificate for the build project
*
* @default - No external certificate is added to the project
*/
readonly certificate?: BuildEnvironmentCertificate;
/**
* The environment variables that your builds can use.
*/
readonly environmentVariables?: {
[name: string]: BuildEnvironmentVariable;
};
}
/**
* The Docker server configuration CodeBuild use to build your Docker image.
*/
export interface DockerServerOptions {
/**
* The type of compute to use for the docker server.
* See the `DockerServerComputeType` enum for the possible values.
*/
readonly computeType: DockerServerComputeType;
/**
* A list of maximum 5 security groups.
*
* @note Security groups configured for Docker servers should allow ingress network traffic
* from the VPC configured in the project. They should allow ingress on port 9876.
* @default - no security group
*/
readonly securityGroups?: ec2.ISecurityGroup[];
}
/**
* Represents a Docker image used for the CodeBuild Project builds.
* Use the concrete subclasses, either:
* `LinuxBuildImage` or `WindowsBuildImage`.
*/
export interface IBuildImage {
/**
* The type of build environment.
*/
readonly type: string;
/**
* The Docker image identifier that the build environment uses.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
*/
readonly imageId: string;
/**
* The default `ComputeType` to use with this image,
* if one was not specified in `BuildEnvironment#computeType` explicitly.
*/
readonly defaultComputeType: ComputeType;
/**
* The type of principal that CodeBuild will use to pull this build Docker image.
*
* @default ImagePullPrincipalType.SERVICE_ROLE
*/
readonly imagePullPrincipalType?: ImagePullPrincipalType;
/**
* The secretsManagerCredentials for access to a private registry.
*
* @default no credentials will be used
*/
readonly secretsManagerCredentials?: secretsmanager.ISecret;
/**
* An optional ECR repository that the image is hosted in.
*
* @default no repository
*/
readonly repository?: ecr.IRepository;
/**
* Allows the image a chance to validate whether the passed configuration is correct.
*
* @param buildEnvironment the current build environment
*/
validate(buildEnvironment: BuildEnvironment): string[];
/**
* Make a buildspec to run the indicated script
*/
runScriptBuildspec(entrypoint: string): BuildSpec;
}
/** Optional arguments to `IBuildImage.binder` - currently empty. */
export interface BuildImageBindOptions {
}
/** The return type from `IBuildImage.binder` - currently empty. */
export interface BuildImageConfig {
}
/** A variant of `IBuildImage` that allows binding to the project. */
export interface IBindableBuildImage extends IBuildImage {
/** Function that allows the build image access to the construct tree. */
bind(scope: Construct, project: IProject, options: BuildImageBindOptions): BuildImageConfig;
}
/**
* The options when creating a CodeBuild Docker build image
* using `LinuxBuildImage.fromDockerRegistry`,
* `WindowsBuildImage.fromDockerRegistry`,
* or `MacBuildImage.fromDockerRegistry`
*/
export interface DockerImageOptions {
/**
* The credentials, stored in Secrets Manager,
* used for accessing the repository holding the image,
* if the repository is private.
*
* @default no credentials will be used (we assume the repository is public)
*/
readonly secretsManagerCredentials?: secretsmanager.ISecret;
}
/**
* A CodeBuild image running x86-64 Linux.
*
* This class has a bunch of public constants that represent the most popular images.
*
* You can also specify a custom image using one of the static methods:
*
* - LinuxBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }])
* - LinuxBuildImage.fromEcrRepository(repo[, tag])
* - LinuxBuildImage.fromAsset(parent, id, props)
*
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
*/
export declare class LinuxBuildImage implements IBuildImage {
/** @deprecated Use {@link LinuxBuildImage.STANDARD_7_0} instead. */
static readonly STANDARD_1_0: IBuildImage;
/** @deprecated Use {@link LinuxBuildImage.STANDARD_7_0} instead. */
static readonly STANDARD_2_0: IBuildImage;
/** @deprecated Use {@link LinuxBuildImage.STANDARD_7_0} instead. */
static readonly STANDARD_3_0: IBuildImage;
/**
* The `aws/codebuild/standard:4.0` build image.
* @deprecated Use {@link LinuxBuildImage.STANDARD_7_0} instead.
* */
static readonly STANDARD_4_0: IBuildImage;
/** The `aws/codebuild/standard:5.0` build image. */
static readonly STANDARD_5_0: IBuildImage;
/** The `aws/codebuild/standard:6.0` build image. */
static readonly STANDARD_6_0: IBuildImage;
/** The `aws/codebuild/standard:7.0` build image. */
static readonly STANDARD_7_0: IBuildImage;
/** @deprecated Use {@link LinuxBuildImage.AMAZON_LINUX_2_5} instead. */
static readonly AMAZON_LINUX_2: IBuildImage;
/** @deprecated Use {@link LinuxBuildImage.AMAZON_LINUX_2_5} instead. */
static readonly AMAZON_LINUX_2_2: IBuildImage;
/**
* The Amazon Linux 2 x86_64 standard image, version `3.0`.
* @deprecated Use {@link LinuxBuildImage.AMAZON_LINUX_2_5} instead.
* */
static readonly AMAZON_LINUX_2_3: IBuildImage;
/** The Amazon Linux 2 x86_64 standard image, version `4.0`. */
static readonly AMAZON_LINUX_2_4: IBuildImage;
/** The Amazon Linux 2023 x86_64 standard image, version `5.0`. */
static readonly AMAZON_LINUX_2_5: IBuildImage;
/** The Amazon Linux 2023 x86_64 standard image, version `4.0`. */
static readonly AMAZON_LINUX_2023_4: IBuildImage;
/** The Amazon Linux 2023 x86_64 standard image, version `5.0`. */
static readonly AMAZON_LINUX_2023_5: IBuildImage;
/** The Amazon Coretto 8 image x86_64, based on Amazon Linux 2. */
static readonly AMAZON_LINUX_2_CORETTO_8: IBuildImage;
/** The Amazon Coretto 11 image x86_64, based on Amazon Linux 2. */
static readonly AMAZON_LINUX_2_CORETTO_11: IBuildImage;
/** The Amazon Coretto 8 image x86_64, based on Amazon Linux 2023. */
static readonly AMAZON_LINUX_2023_CORETTO_8: IBuildImage;
/** The Amazon Coretto 11 image x86_64, based on Amazon Linux 2023. */
static readonly AMAZON_LINUX_2023_CORETTO_11: IBuildImage;
/**
* Image "aws/codebuild/amazonlinux2-aarch64-standard:1.0".
* @see {LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_1_0}
*
* @deprecated Use {@link LinuxArmBuildImage.AMAZON_LINUX_2_ARM_3} instead.
**/
static readonly AMAZON_LINUX_2_ARM: IBuildImage;
/**
* Image "aws/codebuild/amazonlinux2-aarch64-standard:2.0".
* @see {LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_2_0}
* */
static readonly AMAZON_LINUX_2_ARM_2: IBuildImage;
/**
* Image "aws/codebuild/amazonlinux2-aarch64-standard:3.0".
* @see {LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_3_0}
* */
static readonly AMAZON_LINUX_2_ARM_3: IBuildImage;
/**
* @returns a x86-64 Linux build image from a Docker Hub image.
*/
static fromDockerRegistry(name: string, options?: DockerImageOptions): IBuildImage;
/**
* @returns A x86-64 Linux build image from an ECR repository.
*
* NOTE: if the repository is external (i.e. imported), then we won't be able to add
* a resource policy statement for it so CodeBuild can pull the image.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html
*
* @param repository The ECR repository
* @param tagOrDigest Image tag or digest (default "latest", digests must start with `sha256:`)
*/
static fromEcrRepository(repository: ecr.IRepository, tagOrDigest?: string): IBuildImage;
/**
* Uses an Docker image asset as a x86-64 Linux build image.
*/
static fromAsset(scope: Construct, id: string, props: DockerImageAssetProps): IBuildImage;
/**
* Uses a Docker image provided by CodeBuild.
*
* @returns A Docker image provided by CodeBuild.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
*
* @param id The image identifier
* @example 'aws/codebuild/standard:4.0'
*/
static fromCodeBuildImageId(id: string): IBuildImage;
private static codeBuildImage;
readonly type: string;
readonly defaultComputeType = ComputeType.SMALL;
readonly imageId: string;
readonly imagePullPrincipalType?: ImagePullPrincipalType;
readonly secretsManagerCredentials?: secretsmanager.ISecret;
readonly repository?: ecr.IRepository;
private constructor();
validate(env: BuildEnvironment): string[];
runScriptBuildspec(entrypoint: string): BuildSpec;
}
/**
* Environment type for Windows Docker images
*/
export declare enum WindowsImageType {
/**
* The standard environment type, WINDOWS_CONTAINER
*/
STANDARD = "WINDOWS_CONTAINER",
/**
* The WINDOWS_SERVER_2019_CONTAINER environment type
*/
SERVER_2019 = "WINDOWS_SERVER_2019_CONTAINER",
/**
* The WINDOWS_SERVER_2022_CONTAINER environment type
*
* Notice: Cannot be used with on-demand compute, only with a {@link BuildEnvironment.fleet}.
*
* @see https://github.com/aws/aws-cdk/issues/29617
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/fleets.html
*/
SERVER_2022 = "WINDOWS_SERVER_2022_CONTAINER"
}
/**
* A CodeBuild image running Windows.
*
* This class has a bunch of public constants that represent the most popular images.
*
* You can also specify a custom image using one of the static methods:
*
* - WindowsBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }, imageType])
* - WindowsBuildImage.fromEcrRepository(repo[, tag, imageType])
* - WindowsBuildImage.fromAsset(parent, id, props, [, imageType])
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
*/
export declare class WindowsBuildImage implements IBuildImage {
/**
* The standard CodeBuild image `aws/codebuild/windows-base:2.0`, which is
* based off Windows Server Core 2016.
*
* @deprecated {@link WindowsBuildImage.WIN_SERVER_CORE_2019_BASE_3_0} should be used instead.
*/
static readonly WINDOWS_BASE_2_0: IBuildImage;
/**
* The standard CodeBuild image `aws/codebuild/windows-base:2019-1.0`, which is
* based off Windows Server Core 2019.
*/
static readonly WIN_SERVER_CORE_2019_BASE: IBuildImage;
/**
* The standard CodeBuild image `aws/codebuild/windows-base:2019-2.0`, which is
* based off Windows Server Core 2019.
*/
static readonly WIN_SERVER_CORE_2019_BASE_2_0: IBuildImage;
/**
* The standard CodeBuild image `aws/codebuild/windows-base:2019-3.0`, which is
* based off Windows Server Core 2019.
*/
static readonly WIN_SERVER_CORE_2019_BASE_3_0: IBuildImage;
/**
* The standard CodeBuild image `aws/codebuild/windows-base:2022-1.0`, which is
* based off Windows Server Core 2022.
*
* Notice: Cannot be used with on-demand compute, only with a {@link BuildEnvironment.fleet}.
*
* @see https://github.com/aws/aws-cdk/issues/29617
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/fleets.html
*/
static readonly WIN_SERVER_CORE_2022_BASE_3_0: IBuildImage;
/**
* @returns a Windows build image from a Docker Hub image.
*/
static fromDockerRegistry(name: string, options?: DockerImageOptions, imageType?: WindowsImageType): IBuildImage;
/**
* @returns A Windows build image from an ECR repository.
*
* NOTE: if the repository is external (i.e. imported), then we won't be able to add
* a resource policy statement for it so CodeBuild can pull the image.
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html
*
* @param repository The ECR repository
* @param tagOrDigest Image tag or digest (default "latest", digests must start with `sha256:`)
*/
static fromEcrRepository(repository: ecr.IRepository, tagOrDigest?: string, imageType?: WindowsImageType): IBuildImage;
/**
* Uses an Docker image asset as a Windows build image.
*/
static fromAsset(scope: Construct, id: string, props: DockerImageAssetProps, imageType?: WindowsImageType): IBuildImage;
readonly type: string;
readonly defaultComputeType = ComputeType.MEDIUM;
readonly imageId: string;
readonly imagePullPrincipalType?: ImagePullPrincipalType;
readonly secretsManagerCredentials?: secretsmanager.ISecret;
readonly repository?: ecr.IRepository;
private constructor();
validate(buildEnvironment: BuildEnvironment): string[];
runScriptBuildspec(entrypoint: string): BuildSpec;
}
/**
* A CodeBuild image running ARM MacOS.
*
* This class has a bunch of public constants that represent the most popular images.
*
* You can also specify a custom image using one of the static methods:
*
* - MacBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }])
* - MacBuildImage.fromEcrRepository(repo[, tag])
* - MacBuildImage.fromAsset(parent, id, props)
*
*
* @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
*/
export declare class MacBuildImage implements IBuildImage {
/**
* Corresponds to the standard CodeBuild image `aws/codebuild/macos-arm-base:14`.
*/
static readonly BASE_14: IBuildImage;
/**
* Corresponds to the CodeBuild image `aws/codebuild/macos-arm-base:15`.
*/
static readonly BASE_15: IBuildImage;
/**
* Corresponds to the CodeBuild image `aws/codebuild/macos-arm-base:26`.
*/
static readonly BASE_26: IBuildImage;
/**
* Makes an ARM MacOS build image from a Docker Hub image.
*/
static fromDockerRegistry(name: string, options?: DockerImageOptions): IBuildImage;
/**
* Makes an ARM MacOS build image from an ECR repository.
*/
static fromEcrRepository(repository: ecr.IRepository, tagOrDigest?: string): IBuildImage;
/**
* Uses an Docker image asset as a ARM MacOS build image.
*/
static fromAsset(scope: Construct, id: string, props: DockerImageAssetProps): IBuildImage;
readonly type: string;
readonly defaultComputeType = ComputeType.MEDIUM;
readonly imageId: string;
readonly imagePullPrincipalType?: ImagePullPrincipalType;
readonly secretsManagerCredentials?: secretsmanager.ISecret;
readonly repository?: ecr.IRepository;
private constructor();
validate(buildEnvironment: BuildEnvironment): string[];
runScriptBuildspec(entrypoint: string): BuildSpec;
}
export interface BuildEnvironmentVariable {
/**
* The type of environment variable.
* @default PlainText
*/
readonly type?: BuildEnvironmentVariableType;
/**
* The value of the environment variable.
* For plain-text variables (the default), this is the literal value of variable.
* For SSM parameter variables, pass the name of the parameter here (`parameterName` property of `IParameter`).
* For SecretsManager variables secrets, pass either the secret name (`secretName` property of `ISecret`)
* or the secret ARN (`secretArn` property of `ISecret`) here,
* along with optional SecretsManager qualifiers separated by ':', like the JSON key, or the version or stage
* (see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager for details).
*/
readonly value: any;
}
export declare enum BuildEnvironmentVariableType {
/**
* An environment variable in plaintext format.
*/
PLAINTEXT = "PLAINTEXT",
/**
* An environment variable stored in Systems Manager Parameter Store.
*/
PARAMETER_STORE = "PARAMETER_STORE",
/**
* An environment variable stored in AWS Secrets Manager.
*/
SECRETS_MANAGER = "SECRETS_MANAGER"
}
/**
* Specifies the visibility of the project's builds.
*/
export declare enum ProjectVisibility {
/**
* The project builds are visible to the public.
*/
PUBLIC_READ = "PUBLIC_READ",
/**
* The project builds are not visible to the public.
*/
PRIVATE = "PRIVATE"
}
/**
* The list of event types for AWS Codebuild
* @see https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#events-ref-buildproject
*/
export declare enum ProjectNotificationEvents {
/**
* Trigger notification when project build state failed
*/
BUILD_FAILED = "codebuild-project-build-state-failed",
/**
* Trigger notification when project build state succeeded
*/
BUILD_SUCCEEDED = "codebuild-project-build-state-succeeded",
/**
* Trigger notification when project build state in progress
*/
BUILD_IN_PROGRESS = "codebuild-project-build-state-in-progress",
/**
* Trigger notification when project build state stopped
*/
BUILD_STOPPED = "codebuild-project-build-state-stopped",
/**
* Trigger notification when project build phase failure
*/
BUILD_PHASE_FAILED = "codebuild-project-build-phase-failure",
/**
* Trigger notification when project build phase success
*/
BUILD_PHASE_SUCCEEDED = "codebuild-project-build-phase-success"
}
export {};
Reference in New Issue View Git Blame Copy Permalink