Skip to content

Commit

Permalink
feat(cdk): require minCdkVersion 2.119.0 [SEC-8843]
Browse files Browse the repository at this point in the history
Support shared buckets in pipelines.
  • Loading branch information
ahammond committed Apr 8, 2024
1 parent 2527d6e commit e684aa5
Show file tree
Hide file tree
Showing 8 changed files with 40 additions and 75 deletions.
16 changes: 10 additions & 6 deletions src/clickup-cdk.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,12 @@ import { slackAlert } from './slack-alert';
import { updateProjen } from './update-projen';

export module clickupCdk {
// We added support for x-region replication bucket sharing
// in https://github.com/aws/aws-cdk/pull/28447 which was released in v2.119.0
// Security needs us to start reaping the orphaned buckets: SEC-8843
const minCdkVersion = '2.119.0';
const defaultCdkVersion = '2.135.0'; // Arbitrary newish version. Most developers will want the latest.

export const deps = [
...clickupTs.deps,
'@time-loop/cdk-library',
Expand Down Expand Up @@ -205,16 +211,14 @@ export module clickupCdk {
throw new Error('pnpm not supported by cdkPipelines: https://staging.clickup.com/t/333/CLK-252116');
}

// AWS turned off node12 support. cdk changed the node version for their asset bundling in
// https://github.com/aws/aws-cdk/releases/tag/v2.64.0
// This cdkVersion is actually the minimum version that's compatible. It only affects devDeps.
// This cdkVersion is actually the minimum version that's compatible. This only affects devDeps.
// This really only affects users when they try to deploy directly from their laptop.
// When deploying from cdkPipelines, it will use whatever version the library is currently on per yarn.lock.
let cdkVersion = undefined;
if (semver.lt(options.cdkVersion, '2.64.0')) {
cdkVersion = '2.87.0'; // Arbitrary newish version. Most developers will want the latest.
if (semver.lt(options.cdkVersion, minCdkVersion)) {
cdkVersion = defaultCdkVersion;
console.warn(
`Your cdkVersion of ${options.cdkVersion} is less than 2.64.0. We recommend using latest, which you can find at https://github.com/aws/aws-cdk/releases . Until you explicitly set something, we are pushing to ${cdkVersion}`,
`Your cdkVersion of ${options.cdkVersion} is less than ${minCdkVersion}. We recommend using latest, which you can find at https://github.com/aws/aws-cdk/releases . Until you explicitly set something the is compliant, we are pushing to ${defaultCdkVersion}`,
);
}

Expand Down
4 changes: 2 additions & 2 deletions test/__snapshots__/cdk-context-json.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 8 additions & 8 deletions test/__snapshots__/clickup-cdk.test.ts.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 3 additions & 10 deletions test/cdk-context-json.test.ts
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
import { awscdk, Testing } from 'projen';
import { requiredParams } from './requiredParams';
import { cdkContextJson } from '../src/cdk-context-json';

describe('injectAwsAuthIntoBuild', () => {
const project = new awscdk.AwsCdkTypeScriptApp({
cdkVersion: '2.1.0',
defaultReleaseBranch: 'main',
name: 'foo',
});
const project = new awscdk.AwsCdkTypeScriptApp(requiredParams);
const lookupAccountId = '123412341234';
cdkContextJson.injectAwsAuthIntoBuild(project, {
lookupAccountId,
Expand All @@ -23,11 +20,7 @@ describe('injectAwsAuthIntoBuild', () => {
});

describe('addOidcRoleStack', () => {
const project = new awscdk.AwsCdkTypeScriptApp({
cdkVersion: '2.1.0',
defaultReleaseBranch: 'main',
name: 'foo',
});
const project = new awscdk.AwsCdkTypeScriptApp(requiredParams);
cdkContextJson.addOidcRoleStack(project);
const synth = Testing.synth(project);
test('adds stack definition', () => {
Expand Down
35 changes: 7 additions & 28 deletions test/cdk-diff-workflow.test.ts
Original file line number Diff line number Diff line change
@@ -1,16 +1,13 @@
import { Testing } from 'projen';
// import * as Yaml from 'yaml';

import { requiredParams } from './requiredParams';
import { cdkDiffWorkflow } from '../src/cdk-diff-workflow';
import { clickupCdk } from '../src/clickup-cdk';

describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
test('a single env to diff', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
envsToDiff: [
{
Expand All @@ -26,11 +23,7 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
});

test('diff with roleDuration value set', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
envsToDiff: [
{
Expand All @@ -48,9 +41,7 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {

test('node20', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
...requiredParams,
workflowNodeVersion: '20.5.1',
});
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
Expand All @@ -68,11 +59,7 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
});

test('a single env to diff - single explicit stack given to diff', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
envsToDiff: [
{
Expand All @@ -88,11 +75,7 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
});

test('a single env to diff - multiple stacks given to diff', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
envsToDiff: [
{
Expand All @@ -108,11 +91,7 @@ describe('addCdkDiffWorkflowYml - cdk diff.yml file added', () => {
});

test('multiple envs to diff', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
cdkDiffWorkflow.addCdkDiffWorkflowYml(project, {
envsToDiff: [
{
Expand Down
7 changes: 1 addition & 6 deletions test/clickup-cdk.test.ts
Original file line number Diff line number Diff line change
@@ -1,14 +1,9 @@
import path from 'path';
import { Testing, javascript } from 'projen';
import { requiredParams } from './requiredParams';
import { clickupCdk } from '../src';
import { datadogServiceCatalog } from '../src/datadog-service-catalog';

const requiredParams = {
name: 'test',
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
};

describe('ClickUpCdkTypeScriptApp', () => {
describe('defaults', () => {
const p = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
Expand Down
19 changes: 4 additions & 15 deletions test/codecov-bypass-workflow.test.ts
Original file line number Diff line number Diff line change
@@ -1,26 +1,19 @@
import { Testing } from 'projen';

import { requiredParams } from './requiredParams';
import { clickupCdk } from '../src/clickup-cdk';
import { codecovBypassWorkflow } from '../src/codecov-bypass-workflow';

describe('addCodecovBypassWorkflowYml - codecov-bypass .yml file added', () => {
test('all default options', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
codecovBypassWorkflow.addCodecovBypassWorkflowYml(project);
const synth = Testing.synth(project);
expect(synth['.github/workflows/codecov-bypass.yml']).toMatchSnapshot();
});

test('all options provided', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
codecovBypassWorkflow.addCodecovBypassWorkflowYml(project, {
workflowName: 'workflowName',
githubAppId: '${{ vars.GH_APP_ID_VAR_NAME }}',
Expand All @@ -35,11 +28,7 @@ describe('addCodecovBypassWorkflowYml - codecov-bypass .yml file added', () => {
});

test('disabled', () => {
const project = new clickupCdk.ClickUpCdkTypeScriptApp({
cdkVersion: '2.91.0',
defaultReleaseBranch: 'main',
name: 'test',
});
const project = new clickupCdk.ClickUpCdkTypeScriptApp(requiredParams);
codecovBypassWorkflow.addCodecovBypassWorkflowYml(project, {
disabled: true,
});
Expand Down
5 changes: 5 additions & 0 deletions test/requiredParams.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
export const requiredParams = {
name: 'test',
cdkVersion: '2.135.0',
defaultReleaseBranch: 'main',
};

0 comments on commit e684aa5

Please sign in to comment.