UNPKG

aws-delivlib

Version:

A fabulous library for defining continuous pipelines for building, testing and releasing code libraries.

github.com/cdklabs/aws-delivlib

cdklabs/aws-delivlib

96 lines (95 loc) 3.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import { aws_cloudwatch as cloudwatch, aws_secretsmanager as sm, Duration } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import { ShellPlatform } from '../shellable'; /** * Properties for `PackageIntegrityValidation`. */ export interface PackageIntegrityValidationProps { /** * The repository slug of the package (i.e cdklabs/jsii-docgen) */ readonly repository: string; /** * Secret containing a github token. */ readonly githubTokenSecret?: sm.ISecret; /** * The build platform to use. This platform should contain all necessary tools to package the artifacts * in the repository. Note that by default, this also means running the tests. * * @default ShellPlatform.LinuxUbuntu */ readonly buildPlatform?: ShellPlatform; /** * How often to run the validation. * * @default - once a day. */ readonly rate?: Duration; /** * How many consecutive failures should cause the monitor to go into alarm. * * @default 3 */ readonly consecutiveFailuresToAlarm?: number; /** * Wether or not the environment should be privileged, necessary to run container images. * * @default false */ readonly privileged?: boolean; /** * Tag prefix for this specific validation. Only needed for repositories that either release * multiple packages or multiple major versions. * * @default - no prefix */ readonly tagPrefix?: string; /** * The projen task that produces the local artifacts. * * @default 'release' */ readonly packTask?: string; /** * Additional environment variables to set. * * @default - No additional environment variables */ readonly environment?: { [key: string]: string | undefined; }; /** * Environment variables with secrets manager values. The values must be complete Secret Manager ARNs. * * @default no additional environment variables */ readonly environmentSecrets?: { [key: string]: string; }; /** * Environment variables with SSM parameter values. * * @default no additional environment variables */ readonly environmentParameters?: { [key: string]: string; }; } /** * Perform periodic integrity checks on published packages based on the * source code of the package. Currently supports only GitHub hosted packages. * * The check is done by downloading the published artifact, building the source code, and comparing the two. * If they differ, it means that of the following was compromised: * * - The publishing platform (for example GitHub runners) * - The artifact storage (for example npmjs.com) */ export declare class PackageIntegrityValidation extends Construct { /** * The alarm that will trigger if the validation fails. */ readonly failureAlarm: cloudwatch.Alarm; constructor(scope: Construct, id: string, props: PackageIntegrityValidationProps); }