当前位置: 文江博客 话题详情

CDKV2等效的ShellScriptAction

发布于 2025-01-17 12:58:49 字数 3091 浏览 1 评论 0 原文

我有一个 CDKv1 项目,我正在升级到 CDKv2。我的 AWS CodePipeline 中有一个使用 CDKv1 的 Gitleaks 阶段。现在我想将此功能移至 CDKv2,但 ShellScriptAction 已弃用。我尝试使用 ShellStep 但 ShellStep 没有项目属性 - 链接

export class GitleaksReviewAction extends Construct {
  public readonly action: ShellScriptAction;
  public readonly gitleaksImage: DockerImageAsset;

  constructor(scope: Construct, id: string, props: GitleaksReviewActionProps) {
    super(scope, id);
    this.gitleaksImage = new DockerImageAsset(this, "gitleaksDockerAsset", {
      directory: path.join(__dirname, "../assets/gitleaks"),
    });
    this.action = new ShellScriptAction({
      actionName: "Gitleaks",
      additionalArtifacts: [props.sourceArtifact],
      commands: [
        "find . -type d -exec chmod 777 {} \\;",
        "find . -type f -exec chmod 666 {} \\;",
        `aws ecr get-login-password --region $AWS_REGION | docker login -u AWS --password-stdin ${this.gitleaksImage.imageUri}`,
        `docker run -v $(pwd):/repo ${this.gitleaksImage.imageUri} --path=/repo --repo-config-path=config/gitleaks/gitleaks.toml --verbose`,
      ],
      environment: {
        buildImage: codebuild.LinuxBuildImage.STANDARD_5_0,
        privileged: true,
      },
    });
  }
}

用于用此调用类 -

gitleaksReviewAction.gitleaksImage.repository.grantPull(
      gitleaksReviewAction.action.project
    );

CDKv2 中是否有返回项目属性的等效项?

管道代码-

export class Pipeline extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    ...

    const pipeline = new CodePipeline(this, "Pipeline", {
      pipelineName: "pipeline",
      synth: new CodeBuildStep("SynthStep", {
        input: CodePipelineSource.codeCommit(repo, "mainline"),
        buildEnvironment: {
          computeType: CodeBuild.ComputeType.MEDIUM,
          buildImage: CodeBuild.LinuxBuildImage.STANDARD_5_0,
        },
        partialBuildSpec: buildSpec,
        commands: [],
        role: codeBuildSynthRole,
        primaryOutputDirectory: "cdk/cdk.out",
      }),
      crossAccountKeys: true,
      selfMutation: true,
      dockerEnabledForSelfMutation: true,
    });

    const review = new ReviewPipelineStage(this, "Review", {
      sourceFileSet: pipeline.cloudAssemblyFileSet,
    });

    const reviewStage = pipeline.addStage(review);

    const gitleaksReviewAction = new GitleaksReviewAction(
      this,
      "GitleaksReviewAction",
      {
        sourceFileSet: pipeline.cloudAssemblyFileSet,
      }
    );

    reviewStage.addPost(gitleaksReviewAction.action);
    gitleaksReviewAction.gitleaksImage.repository.grantPull(
      gitleaksReviewAction.action.project
    );
  }
}
原文

I have a project in CDKv1 which i am upgrading to CDKv2. I have a Gitleaks stage in my AWS CodePipeline using CDKv1. Now i want to move this functionality to CDKv2 but the ShellScriptAction is deprecated. I tried out with ShellStep but ShellStep does not have the project property - LINK.

export class GitleaksReviewAction extends Construct {
  public readonly action: ShellScriptAction;
  public readonly gitleaksImage: DockerImageAsset;

  constructor(scope: Construct, id: string, props: GitleaksReviewActionProps) {
    super(scope, id);
    this.gitleaksImage = new DockerImageAsset(this, "gitleaksDockerAsset", {
      directory: path.join(__dirname, "../assets/gitleaks"),
    });
    this.action = new ShellScriptAction({
      actionName: "Gitleaks",
      additionalArtifacts: [props.sourceArtifact],
      commands: [
        "find . -type d -exec chmod 777 {} \\;",
        "find . -type f -exec chmod 666 {} \\;",
        `aws ecr get-login-password --region $AWS_REGION | docker login -u AWS --password-stdin ${this.gitleaksImage.imageUri}`,
        `docker run -v $(pwd):/repo ${this.gitleaksImage.imageUri} --path=/repo --repo-config-path=config/gitleaks/gitleaks.toml --verbose`,
      ],
      environment: {
        buildImage: codebuild.LinuxBuildImage.STANDARD_5_0,
        privileged: true,
      },
    });
  }
}

Used to call the class with this -

gitleaksReviewAction.gitleaksImage.repository.grantPull(
      gitleaksReviewAction.action.project
    );

Is there an equivalent in the CDKv2 which returns the project property?

Pipeline code -

export class Pipeline extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    ...

    const pipeline = new CodePipeline(this, "Pipeline", {
      pipelineName: "pipeline",
      synth: new CodeBuildStep("SynthStep", {
        input: CodePipelineSource.codeCommit(repo, "mainline"),
        buildEnvironment: {
          computeType: CodeBuild.ComputeType.MEDIUM,
          buildImage: CodeBuild.LinuxBuildImage.STANDARD_5_0,
        },
        partialBuildSpec: buildSpec,
        commands: [],
        role: codeBuildSynthRole,
        primaryOutputDirectory: "cdk/cdk.out",
      }),
      crossAccountKeys: true,
      selfMutation: true,
      dockerEnabledForSelfMutation: true,
    });

    const review = new ReviewPipelineStage(this, "Review", {
      sourceFileSet: pipeline.cloudAssemblyFileSet,
    });

    const reviewStage = pipeline.addStage(review);

    const gitleaksReviewAction = new GitleaksReviewAction(
      this,
      "GitleaksReviewAction",
      {
        sourceFileSet: pipeline.cloudAssemblyFileSet,
      }
    );

    reviewStage.addPost(gitleaksReviewAction.action);
    gitleaksReviewAction.gitleaksImage.repository.grantPull(
      gitleaksReviewAction.action.project
    );
  }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

黯然 2025-01-24 12:58:49

我假设您要切换到CDK管道的新API,这不仅需要为步骤使用不同的类。

如果确实如此,那么新API中的等效是使用 codebuildstep 

gitleaksReviewAction.gitleaksImage.repository.grantPull(
    gitleaksReviewAction.action.grantPrincipal
);

这是假设 gitleaksreviewAction.action.action 是类型 code> codebuildstep

参考:

I'm assuming you're switching to the new API for CDK pipelines, which requires more than just using different classes for the steps.

If that's true, the equivalent in the new API is to use CodeBuildStep:

gitleaksReviewAction.gitleaksImage.repository.grantPull(
    gitleaksReviewAction.action.grantPrincipal
);

This is assuming that gitleaksReviewAction.action is of type CodeBuildStep.

Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.pipelines.CodeBuildStep.html#grantprincipal

回复 原文
~没有更多了~

关于作者

誰認得朕

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文