add parameters to embedded-linux-pipeline: accessLoggingBucket, artifactBucket, outputBucket

Author: thomas-roos

lib/build-image-pipeline.ts

@@ -29,6 +29,10 @@ export interface BuildImagePipelineProps extends cdk.StackProps {
   readonly dataBucket: s3.IBucket;
   /** The ECR Repository to push to. */
   readonly repository: IRepository;
+  /** Access logging bucket to use */
+  accessLoggingBucket?: s3.Bucket;
+  /** Artifact bucket to use */
+  artifactBucket?: s3.Bucket;
 }
 
 /**
@@ -98,24 +102,37 @@ export class BuildImagePipelineStack extends cdk.Stack {
       input: sourceOutput,
     });
 
-    const accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
-      versioned: true,
-      enforceSSL: true,
-    });
-    const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
-      removalPolicy: RemovalPolicy.DESTROY,
-      enableKeyRotation: true,
-    });
-    const artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
-      versioned: true,
-      enforceSSL: true,
-      serverAccessLogsBucket: accessLoggingBucket,
-      encryptionKey,
-      encryption: s3.BucketEncryption.KMS,
-      blockPublicAccess: new s3.BlockPublicAccess(
-        s3.BlockPublicAccess.BLOCK_ALL
-      ),
-    });
+    let accessLoggingBucket: s3.IBucket;
+
+    if (props.accessLoggingBucket){
+      accessLoggingBucket = props.accessLoggingBucket;
+    } else {
+     accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
+        versioned: true,
+        enforceSSL: true,
+      });
+    }
+
+    let artifactBucket: s3.IBucket;
+
+    if (props.artifactBucket){
+      artifactBucket = props.artifactBucket;
+    } else {
+      const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
+       removalPolicy: RemovalPolicy.DESTROY,
+       enableKeyRotation: true,
+     });
+      artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
+        versioned: true,
+        enforceSSL: true,
+        serverAccessLogsBucket: accessLoggingBucket,
+        encryptionKey,
+        encryption: s3.BucketEncryption.KMS,
+        blockPublicAccess: new s3.BlockPublicAccess(
+          s3.BlockPublicAccess.BLOCK_ALL
+        ),
+      });
+    }
 
     const pipeline = new codepipeline.Pipeline(this, 'BuildImagePipeline', {
       artifactBucket,

lib/embedded-linux-pipeline.ts

@@ -50,7 +50,13 @@ export interface EmbeddedLinuxPipelineProps extends cdk.StackProps {
   readonly layerRepoName?: string;
   /** Additional policy statements to add to the build project. */
   readonly buildPolicyAdditions?: iam.PolicyStatement[];
-}
+  /** Access logging bucket to use */
+  readonly accessLoggingBucket?: s3.Bucket;
+  /** Artifact bucket to use */
+  readonly artifactBucket?: s3.Bucket;
+  /** Output bucket to use */
+  readonly outputBucket?: s3.Bucket | VMImportBucket;
+  }
 
 /**
  * The stack for creating a build pipeline.
@@ -80,11 +86,16 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
     let outputBucket: s3.IBucket | VMImportBucket;
     let environmentVariables = {};
     let scriptAsset!: Asset;
+    let accessLoggingBucket: s3.IBucket;
 
-    const accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
-      versioned: true,
-      enforceSSL: true,
-    });
+    if (props.accessLoggingBucket){
+      accessLoggingBucket = props.accessLoggingBucket;
+    } else {
+     accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
+        versioned: true,
+        enforceSSL: true,
+      });
+    }
 
     if (props.projectKind && props.projectKind == ProjectKind.PokyAmi) {
       scriptAsset = new Asset(this, 'CreateAMIScript', {
@@ -99,14 +110,17 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
           enableKeyRotation: true,
         }
       );
-
-      outputBucket = new VMImportBucket(this, 'PipelineOutput', {
-        versioned: true,
-        enforceSSL: true,
-        encryptionKey: outputBucketEncryptionKey,
-        encryptionKeyArn: outputBucketEncryptionKey.keyArn,
-        serverAccessLogsBucket: accessLoggingBucket,
-      });
+      if (props.outputBucket){
+        outputBucket = props.outputBucket;
+      } else {
+        outputBucket = new VMImportBucket(this, 'PipelineOutput', {
+          versioned: true,
+          enforceSSL: true,
+          encryptionKey: outputBucketEncryptionKey,
+          encryptionKeyArn: outputBucketEncryptionKey.keyArn,
+          serverAccessLogsBucket: accessLoggingBucket,
+        });
+      }
       environmentVariables = {
         IMPORT_BUCKET: {
           type: BuildEnvironmentVariableType.PLAINTEXT,
@@ -122,28 +136,38 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
         },
       };
     } else {
-      outputBucket = new s3.Bucket(this, 'PipelineOutput', {
+      if (props.outputBucket){
+        outputBucket = props.outputBucket;
+      } else {
+        outputBucket = new s3.Bucket(this, 'PipelineOutput', {
+          versioned: true,
+          enforceSSL: true,
+          serverAccessLogsBucket: accessLoggingBucket,
+        });
+      }
+    }
+
+    let artifactBucket: s3.IBucket;
+
+    if (props.artifactBucket){
+      artifactBucket = props.artifactBucket;
+    } else {
+      const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
+       removalPolicy: RemovalPolicy.DESTROY,
+       enableKeyRotation: true,
+     });
+      artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
         versioned: true,
         enforceSSL: true,
         serverAccessLogsBucket: accessLoggingBucket,
+        encryptionKey,
+        encryption: s3.BucketEncryption.KMS,
+        blockPublicAccess: new s3.BlockPublicAccess(
+          s3.BlockPublicAccess.BLOCK_ALL
+        ),
       });
     }
 
-    const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
-      removalPolicy: RemovalPolicy.DESTROY,
-      enableKeyRotation: true,
-    });
-    const artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
-      versioned: true,
-      enforceSSL: true,
-      serverAccessLogsBucket: accessLoggingBucket,
-      encryptionKey,
-      encryption: s3.BucketEncryption.KMS,
-      blockPublicAccess: new s3.BlockPublicAccess(
-        s3.BlockPublicAccess.BLOCK_ALL
-      ),
-    });
-
     /** Create our CodePipeline Actions. */
     const sourceRepo = new SourceRepo(this, 'SourceRepo', {
       ...props,

source-repo/kas/build.buildspec.yml

@@ -39,6 +39,7 @@ phases:
 
 artifacts:
   discard-paths: true
+  base-directory: kas/
   files:
     - $TMP_DIR/build/tmp/deploy/images/qemux86-64/aws-biga-image-qemux86-64*
     - $TMP_DIR/build/tmp/log/cve/cve-summary*

source-repo/meta-aws-demo/build.buildspec.yml

@@ -46,6 +46,7 @@ phases:
 
 artifacts:
   discard-paths: true
+  base-directory: meta-aws-demo/
   files:
     - $TMP_DIR/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64*
     - $TMP_DIR/tmp/log/cve/cve-summary*

source-repo/nxp-imx/build.buildspec.yml

@@ -52,6 +52,7 @@ phases:
 
 artifacts:
   discard-paths: true
+  base-directory: nxp-imx/
   files:
     # $TMP_DIR is not supported by imx bsp / distro
     - build/tmp/deploy/images/imx93evk/*

source-repo/poky-ami/build.buildspec.yml

@@ -65,6 +65,7 @@ phases:
       - find /downloads -atime +30 -type d -empty -delete
 artifacts:
   discard-paths: true
+  base-directory: poky-ami/
   files:
     - $TMP_DIR/tmp/deploy/images/aws-ec2-arm64/core-image-minimal*
     - $TMP_DIR/tmp/log/cve/cve-summary*

source-repo/poky/build.buildspec.yml

@@ -46,6 +46,7 @@ phases:
 
 artifacts:
   discard-paths: true
+  base-directory: poky/
   files:
     - $TMP_DIR/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64*
     - $TMP_DIR/tmp/log/cve/cve-summary*

source-repo/renesas/build.buildspec.yml

@@ -41,5 +41,6 @@ phases:
 
 artifacts:
   discard-paths: true
+  base-directory: renesas/
   files:
     - h3ulcb/build/tmp/deploy/images/h3ulcb/*