search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.5k stars 3.85k forks source link

pipelines: Codepipeline.add_wave does not keep the stages sperated #31023

Open SpielerNogard opened 1 month ago

SpielerNogard commented 1 month ago

Describe the bug

I added an wave to my pipeline to deploy multiple stages in paralell. Every Stage has its own Approval step in pre of it. But if i approve an single Stage the stage dont gets deployed

Expected Behavior

I expect if i press on the manual approval of the stage, to deploy the stage

Current Behavior

Bildschirmfoto 2024-08-05 um 11 23 16

I pressed the manual approval of an Stage and the deployment does not continue

Reproduction Steps

from typing import Literal

import aws_cdk
import aws_cdk.aws_codebuild as codebuild
from aws_cdk import aws_codecommit as codecommit, aws_iam as iam, pipelines
from constructs import Construct

ACCOUNT_ID = ""
REPO_ARN = ""
PIPELINE_NAME = ""

class Services(aws_cdk.Stage):
    def __init__(
        self,
        scope: aws_cdk.Stack,  # object of type Pipeline
        id_: str,
        branch: str,
        env: aws_cdk.Environment,
    ):
        super().__init__(scope=scope, id=id_, env=env)
        self.branch = branch
        aws_cdk.Stack(
            scope=self,
            id="EmptyTestStack",
        )

class PipelineStack(aws_cdk.Stack):
    def __init__(self, scope: Construct, id: str, branch: str, **kwargs):
        super().__init__(scope, id, **kwargs)
        self.branch = branch
        pipeline = self._create_pipeline(branch=branch)
        self._add_stages(pipeline=pipeline, id_suffix="Lab", branch=branch)

    def _add_stages(
        self,
        pipeline: pipelines.CodePipeline,
        id_suffix: Literal["Lab"],
        branch: str,
    ) -> None:
        wave = pipeline.add_wave(
            f"TestStage-{id_suffix}",
        )

        deployments = [
            {"account": ACCOUNT_ID, "region": "eu-central-1"},
            {"account": ACCOUNT_ID, "region": "us-east-1"},
        ]

        for deployment in deployments:
            services = Services(
                self,
                f"Services-{id_suffix}-{deployment['account']}--{deployment['region']}",
                branch,
                env=aws_cdk.Environment(
                    account=deployment["account"], region=deployment["region"]
                ),
            )
            wave.add_stage(
                stage=services,
                pre=[
                    pipelines.ManualApprovalStep(
                        f'Approve-Services-{deployment["account"]}-{deployment["region"]}'
                    )
                ],
            )

    def _create_pipeline(self, branch: str) -> pipelines.CodePipeline:
        repository = codecommit.Repository.from_repository_arn(
            scope=self,
            id="TestRepo",
            repository_arn=(REPO_ARN),
        )
        self.synth_input = pipelines.CodePipelineSource.code_commit(
            repository=repository,
            branch=branch,
        )
        synth = pipelines.CodeBuildStep(
            id="Synth",
            build_environment=codebuild.BuildEnvironment(
                build_image=codebuild.LinuxBuildImage.STANDARD_7_0, privileged=True
            ),
            input=self.synth_input,
            partial_build_spec=codebuild.BuildSpec.from_object(
                {
                    "version": "0.2",
                    "phases": {
                        "install": {
                            "runtime-versions": {"python": "3.11"},
                        }
                    },
                }
            ),
            install_commands=[],
            commands=["cdk synth"],
            role_policy_statements=[
                iam.PolicyStatement(
                    effect=iam.Effect.ALLOW,
                    resources=["*"],
                    actions=[
                        "codeartifact:GetAuthorizationToken",
                        "codeartifact:GetRepositoryEndpoint",
                        "codeartifact:PublishPackageVersion",
                        "codeartifact:PutPackageMetadata",
                        "codeartifact:ReadFromRepository",
                        "codeartifact:ListPackageVersions",
                        "ssm:*",
                        "ecr:*",
                    ],
                ),
                iam.PolicyStatement(
                    effect=iam.Effect.ALLOW,
                    resources=["*"],
                    actions=["sts:GetServiceBearerToken"],
                    conditions={
                        "StringEquals": {
                            "sts:AWSServiceName": "codeartifact.amazonaws.com"
                        }
                    },
                ),
            ],
            primary_output_directory="cdk.out",
        )
        return pipelines.CodePipeline(
            scope=self,
            id="Pipeline",
            pipeline_name=PIPELINE_NAME,
            synth=synth,
            cross_account_keys=True,
            docker_enabled_for_synth=True,
            self_mutation=True,
        )

Possible Solution

Every Stage should be kept seperate

Additional Information/Context

No response

CDK CLI Version

2.142.1 (build ed4e152)

Framework Version

No response

Node.js Version

v22.3.0

OS

Mac OS Sonoma 14.5 (23F79)

Language

Python

Language Version

3.12

Other information

No response

pahud commented 1 month ago
image

Looks like it may require all the 3 to be approved? Have you tried to approve them all?

SpielerNogard commented 1 month ago

Yes once i approve all 3 it works. But exactly this is my problem. I only want to approve one and only deploy this stage and the others later.