PipelineProjectProps

class aws_cdk.aws_codebuild.PipelineProjectProps(*, allow_all_outbound=None, badge=None, build_spec=None, cache=None, check_secrets_in_plain_text_env_variables=None, concurrent_build_limit=None, description=None, encryption_key=None, environment=None, environment_variables=None, file_system_locations=None, grant_report_group_permissions=None, logging=None, project_name=None, queued_timeout=None, role=None, security_groups=None, ssm_session_permissions=None, subnet_selection=None, timeout=None, visibility=None, vpc=None)

Bases: CommonProjectProps

Parameters:
  • allow_all_outbound (Optional[bool]) – Whether to allow the CodeBuild to send all network traffic. If set to false, you must individually add traffic rules to allow the CodeBuild project to connect to network targets. Only used if ‘vpc’ is supplied. Default: true

  • badge (Optional[bool]) – Indicates whether AWS CodeBuild generates a publicly accessible URL for your project’s build badge. For more information, see Build Badges Sample in the AWS CodeBuild User Guide. Default: false

  • build_spec (Optional[BuildSpec]) – Filename or contents of buildspec in JSON format. Default: - Empty buildspec.

  • cache (Optional[Cache]) – Caching strategy to use. Default: Cache.none

  • check_secrets_in_plain_text_env_variables (Optional[bool]) – Whether to check for the presence of any secrets in the environment variables of the default type, BuildEnvironmentVariableType.PLAINTEXT. Since using a secret for the value of that kind of variable would result in it being displayed in plain text in the AWS Console, the construct will throw an exception if it detects a secret was passed there. Pass this property as false if you want to skip this validation, and keep using a secret in a plain text environment variable. Default: true

  • concurrent_build_limit (Union[int, float, None]) – Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit. Default: - no explicit limit is set

  • description (Optional[str]) – A description of the project. Use the description to identify the purpose of the project. Default: - No description.

  • encryption_key (Optional[IKey]) – Encryption key to use to read and write artifacts. Default: - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.

  • environment (Union[BuildEnvironment, Dict[str, Any], None]) – Build environment to use for the build. Default: BuildEnvironment.LinuxBuildImage.STANDARD_7_0

  • environment_variables (Optional[Mapping[str, Union[BuildEnvironmentVariable, Dict[str, Any]]]]) – Additional environment variables to add to the build environment. Default: - No additional environment variables are specified.

  • file_system_locations (Optional[Sequence[IFileSystemLocation]]) – An ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System. Default: - no file system locations

  • grant_report_group_permissions (Optional[bool]) – Add permissions to this project’s role to create and use test report groups with name starting with the name of this project. That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the ‘reports’ section of the buildspec of this project. This is usually harmless, but you can turn these off if you don’t plan on using test reports in this project. Default: true

  • logging (Union[LoggingOptions, Dict[str, Any], None]) – Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both. Default: - no log configuration is set

  • project_name (Optional[str]) – The physical, human-readable name of the CodeBuild Project. Default: - Name is automatically generated.

  • queued_timeout (Optional[Duration]) – The number of minutes after which AWS CodeBuild stops the build if it’s still in queue. For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide. Default: - no queue timeout is set

  • role (Optional[IRole]) – Service Role to assume while running the build. Default: - A role will be created.

  • security_groups (Optional[Sequence[ISecurityGroup]]) – What security group to associate with the codebuild project’s network interfaces. If no security group is identified, one will be created automatically. Only used if ‘vpc’ is supplied. Default: - Security group will be automatically created.

  • ssm_session_permissions (Optional[bool]) – Add the permissions necessary for debugging builds with SSM Session Manager. If the following prerequisites have been met: - The necessary permissions have been added by setting this flag to true. - The build image has the SSM agent installed (true for default CodeBuild images). - The build is started with debugSessionEnabled set to true. Then the build container can be paused and inspected using Session Manager by invoking the codebuild-breakpoint command somewhere during the build. codebuild-breakpoint commands will be ignored if the build is not started with debugSessionEnabled=true. Default: false

  • subnet_selection (Union[SubnetSelection, Dict[str, Any], None]) – Where to place the network interfaces within the VPC. To access AWS services, your CodeBuild project needs to be in one of the following types of subnets: 1. Subnets with access to the internet (of type PRIVATE_WITH_EGRESS). 2. Private subnets unconnected to the internet, but with VPC endpoints for the necessary services. If you don’t specify a subnet selection, the default behavior is to use PRIVATE_WITH_EGRESS subnets first if they exist, then PRIVATE_WITHOUT_EGRESS, and finally PUBLIC subnets. If your VPC doesn’t have PRIVATE_WITH_EGRESS subnets but you need AWS service access, add VPC Endpoints to your private subnets. Default: - private subnets if available else public subnets

  • timeout (Optional[Duration]) – The number of minutes after which AWS CodeBuild stops the build if it’s not complete. For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide. Default: Duration.hours(1)

  • visibility (Optional[ProjectVisibility]) – Specifies the visibility of the project’s builds. Default: - no visibility is set

  • vpc (Optional[IVpc]) – VPC network to place codebuild network interfaces. Specify this if the codebuild project needs to access resources in a VPC. Default: - No VPC is specified.

ExampleMetadata:

infused

Example:

# Create a Cloudfront Web Distribution
import aws_cdk.aws_cloudfront as cloudfront
# distribution: cloudfront.Distribution


# Create the build project that will invalidate the cache
invalidate_build_project = codebuild.PipelineProject(self, "InvalidateProject",
    build_spec=codebuild.BuildSpec.from_object({
        "version": "0.2",
        "phases": {
            "build": {
                "commands": ["aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_ID} --paths "/*""
                ]
            }
        }
    }),
    environment_variables={
        "CLOUDFRONT_ID": codebuild.BuildEnvironmentVariable(value=distribution.distribution_id)
    }
)

# Add Cloudfront invalidation permissions to the project
distribution_arn = f"arn:aws:cloudfront::{this.account}:distribution/{distribution.distributionId}"
invalidate_build_project.add_to_role_policy(iam.PolicyStatement(
    resources=[distribution_arn],
    actions=["cloudfront:CreateInvalidation"
    ]
))

# Create the pipeline (here only the S3 deploy and Invalidate cache build)
deploy_bucket = s3.Bucket(self, "DeployBucket")
deploy_input = codepipeline.Artifact()
codepipeline.Pipeline(self, "Pipeline",
    stages=[codepipeline.StageProps(
        stage_name="Deploy",
        actions=[
            codepipeline_actions.S3DeployAction(
                action_name="S3Deploy",
                bucket=deploy_bucket,
                input=deploy_input,
                run_order=1
            ),
            codepipeline_actions.CodeBuildAction(
                action_name="InvalidateCache",
                project=invalidate_build_project,
                input=deploy_input,
                run_order=2
            )
        ]
    )
    ]
)

Attributes

allow_all_outbound

Whether to allow the CodeBuild to send all network traffic.

If set to false, you must individually add traffic rules to allow the CodeBuild project to connect to network targets.

Only used if ‘vpc’ is supplied.

Default:

true

badge

Indicates whether AWS CodeBuild generates a publicly accessible URL for your project’s build badge.

For more information, see Build Badges Sample in the AWS CodeBuild User Guide.

Default:

false

build_spec

Filename or contents of buildspec in JSON format.

Default:
  • Empty buildspec.

See:

https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-example

cache

Caching strategy to use.

Default:

Cache.none

check_secrets_in_plain_text_env_variables

Whether to check for the presence of any secrets in the environment variables of the default type, BuildEnvironmentVariableType.PLAINTEXT. Since using a secret for the value of that kind of variable would result in it being displayed in plain text in the AWS Console, the construct will throw an exception if it detects a secret was passed there. Pass this property as false if you want to skip this validation, and keep using a secret in a plain text environment variable.

Default:

true

concurrent_build_limit

Maximum number of concurrent builds.

Minimum value is 1 and maximum is account build limit.

Default:
  • no explicit limit is set

description

A description of the project.

Use the description to identify the purpose of the project.

Default:
  • No description.

encryption_key

Encryption key to use to read and write artifacts.

Default:
  • The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.

environment

Build environment to use for the build.

Default:

BuildEnvironment.LinuxBuildImage.STANDARD_7_0

environment_variables

Additional environment variables to add to the build environment.

Default:
  • No additional environment variables are specified.

file_system_locations

An ProjectFileSystemLocation objects for a CodeBuild build project.

A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.

Default:
  • no file system locations

grant_report_group_permissions

Add permissions to this project’s role to create and use test report groups with name starting with the name of this project.

That is the standard report group that gets created when a simple name (in contrast to an ARN) is used in the ‘reports’ section of the buildspec of this project. This is usually harmless, but you can turn these off if you don’t plan on using test reports in this project.

Default:

true

See:

https://docs.aws.amazon.com/codebuild/latest/userguide/test-report-group-naming.html

logging

Information about logs for the build project.

A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.

Default:
  • no log configuration is set

project_name

The physical, human-readable name of the CodeBuild Project.

Default:
  • Name is automatically generated.

queued_timeout

The number of minutes after which AWS CodeBuild stops the build if it’s still in queue.

For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide.

Default:
  • no queue timeout is set

role

Service Role to assume while running the build.

Default:
  • A role will be created.

security_groups

What security group to associate with the codebuild project’s network interfaces.

If no security group is identified, one will be created automatically.

Only used if ‘vpc’ is supplied.

Default:
  • Security group will be automatically created.

ssm_session_permissions

Add the permissions necessary for debugging builds with SSM Session Manager.

If the following prerequisites have been met:

  • The necessary permissions have been added by setting this flag to true.

  • The build image has the SSM agent installed (true for default CodeBuild images).

  • The build is started with debugSessionEnabled set to true.

Then the build container can be paused and inspected using Session Manager by invoking the codebuild-breakpoint command somewhere during the build.

codebuild-breakpoint commands will be ignored if the build is not started with debugSessionEnabled=true.

Default:

false

See:

https://docs.aws.amazon.com/codebuild/latest/userguide/session-manager.html

subnet_selection

Where to place the network interfaces within the VPC.

To access AWS services, your CodeBuild project needs to be in one of the following types of subnets:

  1. Subnets with access to the internet (of type PRIVATE_WITH_EGRESS).

  2. Private subnets unconnected to the internet, but with VPC endpoints for the necessary services.

If you don’t specify a subnet selection, the default behavior is to use PRIVATE_WITH_EGRESS subnets first if they exist, then PRIVATE_WITHOUT_EGRESS, and finally PUBLIC subnets. If your VPC doesn’t have PRIVATE_WITH_EGRESS subnets but you need AWS service access, add VPC Endpoints to your private subnets.

Default:
  • private subnets if available else public subnets

See:

https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.html

timeout

The number of minutes after which AWS CodeBuild stops the build if it’s not complete.

For valid values, see the timeoutInMinutes field in the AWS CodeBuild User Guide.

Default:

Duration.hours(1)

visibility

Specifies the visibility of the project’s builds.

Default:
  • no visibility is set

vpc

VPC network to place codebuild network interfaces.

Specify this if the codebuild project needs to access resources in a VPC.

Default:
  • No VPC is specified.