aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.64k stars 3.91k forks source link

aws-cdk-lib/pipelines: CodePipelineSource.github documentation evokes questions #23237

Open papiro opened 1 year ago

papiro commented 1 year ago

Describe the issue

CodePipelineSource.gitHub says "This is no longer the recommended method." but why not?

I tracked down the comment in question to this PR and specifically to this commit.

The odd thing is that the comment was added with the wording as such at the time the feature was being added. But the wording seems to imply that at one point the method was the recommended method, but the method didn't exist before the PR which introduced both it and the comment.

I am wondering why it wouldn't be a good idea to use this method, seeing as I am already using the GitHubSourceAction in one of my stacks and it is using the owner/repo/branch with the oauthToken as a SecretValue?

Links

https://github.com/aws/aws-cdk/blob/main/packages/%40aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts#L24

peterwoodworth commented 1 year ago

This is a recommendation from CodePipeline - see this page for more info. We should expand upon this in our own docs, so thank you for bringing this up 🙂

papiro commented 1 year ago

Hmmm, haven't seen this before! In my app, I am using CDK version 2 and I have this import:

import { GitHubSourceAction } from "aws-cdk-lib/aws-codepipeline-actions";

But that construct has owner, branch, etc as required properties. Where is the construct which is mentioned in the docs above? I see that the "version 2" of the GithubSourceAction is actually the CodeStarConnectionsSourceAction. Is that correct? It seems odd to call the first "version 1" and the second "version 2".

Edit: Also I wonder if the recommendation might not be as strong now that Github has fine-grained personal access tokens?

Edit: After digging into this, it looks like in order to create a CodeStarConnection, you are forced to create a CodeStarProject. If this is the case then I don't see how the connection can be the preferred method to connect to an existing github repo, like in the case of a bespoke code pipeline or cdk pipeline. Creation of the CodeStarProject ends up creating a repo for you, from what I can tell, which is too heavy-handed of a solution.

peterwoodworth commented 1 year ago

Yes, CodePipeline's v1 matches with GithubSourceAction while v2 matches with CodeStarConnectionsSourceAction. This is CodePipeline's way of referring to these functionalities, I don't know if I agree with it either

You shouldn't be forced to create a project. You should be able to go to the codesuite console (CodeBuild, CodePipeline, etc) and go to settings -> connections to create a connection without any other setup other than what's necessary to link AWS with GitHub

Screen Shot 2022-12-07 at 1 44 28 PM
papiro commented 1 year ago

oh jeez... definitely never noticed that before! Sorry about the fuss above. I was quite confused.