(codebuild): AWS CDK 2.0 still defaults to LinuxBuildImage.STANDARD_1_0

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

https://aws.amazon.com/cdk

Apache License 2.0

11.61k stars 3.91k forks source link

(codebuild): AWS CDK 2.0 still defaults to LinuxBuildImage.STANDARD_1_0 #16707

Open markusl opened 3 years ago

markusl commented 3 years ago

AWS CDK 2.0 still defaults to LinuxBuildImage.STANDARD_1_0

Reproduction Steps

Define a codebuild.Project in a pipeline.

What did you expect to happen?

The default build image should be something that AWS actually supports.

What actually happened?

CDK 2.0 defaults to an outdated build image.

Environment

CDK CLI Version : 2.0.0-rc.23 (build 1e54fb9)
Framework Version: 2.0.0-rc.23 (build 1e54fb9)
Node.js Version: 14
OS :
Language (Version): all

Other

This is :bug: Bug Report

markusl commented 2 years ago

@peterwoodworth do you know if this is going to be included in AWS CDK 2.0?

peterwoodworth commented 2 years ago

I'm not sure - @skinny85 might know

skinny85 commented 2 years ago

@markusl unfortunately, I don't have the bandwidth to take care of this. Unless you submit a PR to the v2-main branch making buildImage required, unfortunately this will probably not happen 😕.

markusl commented 2 years ago

@skinny85 well, it is a security consideration to use supported platforms, instead of old, insecure, and deprecated platforms by default.

I totally understand that there's a huge amount of different kinds of issues in your issue tracker but to me, it sounds weird that you expect library customers to take care of lifecycle updates of platform-level dependencies. In our company, we would like the library to default to the AWS recommended, standard and secure versions at all times.

skinny85 commented 2 years ago

In our company, we would like the library to default to the AWS recommended, standard and secure versions at all times.

Unfortunately, that's kind of at odds with semantic versioning of a client-side library, so we're between a rock and a hard place (breaking backwards compatibility vs staying up to date).

markusl commented 2 years ago

@peterwoodworth any news on this? Could you consider this for CDK v3? :)

peterwoodworth commented 2 years ago

There are currently no plans for v3, so we can't really consider this for v3 quite yet. Also, we don't have an ETA on this.

I wonder if we could include this in v2 with feature flags?

markusl commented 2 years ago

@peterwoodworth Yep, I think that's the least you can do. It's really important that CDK libraries have sane defaults to officially supported CodeBuild images.

markusl commented 1 year ago

@peterwoodworth Hello again!

This issue still exists and a lot of people are seriously struggling with the AWS-provided default values that are not supported by AWS. Support for aws/codebuild/standard:5.0 is ending in a month and would be good to mark it as deprecated.

See also other related issues #23617 #23096 and #11960 which demonstrate why people are not having first-class experience at the moment.

skinny85 commented 1 year ago

Maybe a feature flag? 😃

markusl commented 1 year ago

Maybe a feature flag? 😃

Sounds good. A feature flag to opt out of using the latest build image? :)

skinny85 commented 1 year ago

Maybe a feature flag? 😃

Sounds good. A feature flag to opt out of using the latest build image? :)

I was actually thinking a feature flag that makes buildImage required 🙂.

hoegertn commented 1 year ago

Not sure that is a good idea. This would also mean that the buildImage needs to be required in all constructs using this like CDK pipelines or it would not change anything. For me one of the benefits of the CDK is having proven defaults instead of setting my own properties.

But I totally see that changing it also is a problem as it could be a breaking change.

jsamuel1 commented 1 year ago

I definitely expected my new CDK pipeline to use a new image - so I was surprised when I got an AWS Health warning about the deprecation of standard/5.0 image on my new pipeline.

vumdao commented 1 year ago

Fixed by https://github.com/aws/aws-cdk/pull/24544/ ?

markusl commented 1 year ago

Fixed by #24544 ?

Unfortunately no: https://github.com/aws/aws-cdk/blob/236ecde4378a3ac307d662a3f3e28b14b44468fe/packages/%40aws-cdk/aws-codebuild/lib/project.ts#L560 https://github.com/aws/aws-cdk/blob/236ecde4378a3ac307d662a3f3e28b14b44468fe/packages/%40aws-cdk/aws-codebuild/lib/project.ts#L1042 https://github.com/aws/aws-cdk/blob/cea1039e3664fdfa89c6f00cdaeb1a0185a12678/packages/%40aws-cdk/aws-codebuild/lib/project.ts#L1022

vumdao commented 1 year ago

@markusl your ticket mentions cdk 2.0 and you're pointing issue from 1.0

vumdao commented 1 year ago

Just recognize that #24544 fixed for CDK pipeline only

shellscape commented 9 months ago

Landed here today with the same exact issue. Would love to see the team prioritize a good default here.