1 | ;
|
2 | var _a, _b, _c;
|
3 | Object.defineProperty(exports, "__esModule", { value: true });
|
4 | exports.ProjectNotificationEvents = exports.BuildEnvironmentVariableType = exports.WindowsBuildImage = exports.WindowsImageType = exports.LinuxBuildImage = exports.ImagePullPrincipalType = exports.ComputeType = exports.Project = void 0;
|
5 | const jsiiDeprecationWarnings = require("../.warnings.jsii.js");
|
6 | const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
7 | const cloudwatch = require("@aws-cdk/aws-cloudwatch");
|
8 | const notifications = require("@aws-cdk/aws-codestarnotifications");
|
9 | const ec2 = require("@aws-cdk/aws-ec2");
|
10 | const aws_ecr_assets_1 = require("@aws-cdk/aws-ecr-assets");
|
11 | const events = require("@aws-cdk/aws-events");
|
12 | const iam = require("@aws-cdk/aws-iam");
|
13 | const kms = require("@aws-cdk/aws-kms");
|
14 | const core_1 = require("@aws-cdk/core");
|
15 | const build_spec_1 = require("./build-spec");
|
16 | const cache_1 = require("./cache");
|
17 | const codebuild_canned_metrics_generated_1 = require("./codebuild-canned-metrics.generated");
|
18 | const codebuild_generated_1 = require("./codebuild.generated");
|
19 | const codepipeline_artifacts_1 = require("./codepipeline-artifacts");
|
20 | const no_artifacts_1 = require("./no-artifacts");
|
21 | const no_source_1 = require("./no-source");
|
22 | const run_script_linux_build_spec_1 = require("./private/run-script-linux-build-spec");
|
23 | const report_group_utils_1 = require("./report-group-utils");
|
24 | const source_types_1 = require("./source-types");
|
25 | const VPC_POLICY_SYM = Symbol.for('@aws-cdk/aws-codebuild.roleVpcPolicy');
|
26 | /**
|
27 | * Represents a reference to a CodeBuild Project.
|
28 | *
|
29 | * If you're managing the Project alongside the rest of your CDK resources,
|
30 | * use the {@link Project} class.
|
31 | *
|
32 | * If you want to reference an already existing Project
|
33 | * (or one defined in a different CDK Stack),
|
34 | * use the {@link import} method.
|
35 | */
|
36 | class ProjectBase extends core_1.Resource {
|
37 | /**
|
38 | * Access the Connections object.
|
39 | * Will fail if this Project does not have a VPC set.
|
40 | */
|
41 | get connections() {
|
42 | if (!this._connections) {
|
43 | throw new Error('Only VPC-associated Projects have security groups to manage. Supply the "vpc" parameter when creating the Project');
|
44 | }
|
45 | return this._connections;
|
46 | }
|
47 | enableBatchBuilds() {
|
48 | return undefined;
|
49 | }
|
50 | /**
|
51 | * Add a permission only if there's a policy attached.
|
52 | * @param statement The permissions statement to add
|
53 | */
|
54 | addToRolePolicy(statement) {
|
55 | if (this.role) {
|
56 | this.role.addToPrincipalPolicy(statement);
|
57 | }
|
58 | }
|
59 | /**
|
60 | * Defines a CloudWatch event rule triggered when something happens with this project.
|
61 | *
|
62 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
|
63 | */
|
64 | onEvent(id, options = {}) {
|
65 | const rule = new events.Rule(this, id, options);
|
66 | rule.addTarget(options.target);
|
67 | rule.addEventPattern({
|
68 | source: ['aws.codebuild'],
|
69 | detail: {
|
70 | 'project-name': [this.projectName],
|
71 | },
|
72 | });
|
73 | return rule;
|
74 | }
|
75 | /**
|
76 | * Defines a CloudWatch event rule triggered when the build project state
|
77 | * changes. You can filter specific build status events using an event
|
78 | * pattern filter on the `build-status` detail field:
|
79 | *
|
80 | * const rule = project.onStateChange('OnBuildStarted', { target });
|
81 | * rule.addEventPattern({
|
82 | * detail: {
|
83 | * 'build-status': [
|
84 | * "IN_PROGRESS",
|
85 | * "SUCCEEDED",
|
86 | * "FAILED",
|
87 | * "STOPPED"
|
88 | * ]
|
89 | * }
|
90 | * });
|
91 | *
|
92 | * You can also use the methods `onBuildFailed` and `onBuildSucceeded` to define rules for
|
93 | * these specific state changes.
|
94 | *
|
95 | * To access fields from the event in the event target input,
|
96 | * use the static fields on the `StateChangeEvent` class.
|
97 | *
|
98 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
|
99 | */
|
100 | onStateChange(id, options = {}) {
|
101 | const rule = this.onEvent(id, options);
|
102 | rule.addEventPattern({
|
103 | detailType: ['CodeBuild Build State Change'],
|
104 | });
|
105 | return rule;
|
106 | }
|
107 | /**
|
108 | * Defines a CloudWatch event rule that triggers upon phase change of this
|
109 | * build project.
|
110 | *
|
111 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html
|
112 | */
|
113 | onPhaseChange(id, options = {}) {
|
114 | const rule = this.onEvent(id, options);
|
115 | rule.addEventPattern({
|
116 | detailType: ['CodeBuild Build Phase Change'],
|
117 | });
|
118 | return rule;
|
119 | }
|
120 | /**
|
121 | * Defines an event rule which triggers when a build starts.
|
122 | *
|
123 | * To access fields from the event in the event target input,
|
124 | * use the static fields on the `StateChangeEvent` class.
|
125 | */
|
126 | onBuildStarted(id, options = {}) {
|
127 | const rule = this.onStateChange(id, options);
|
128 | rule.addEventPattern({
|
129 | detail: {
|
130 | 'build-status': ['IN_PROGRESS'],
|
131 | },
|
132 | });
|
133 | return rule;
|
134 | }
|
135 | /**
|
136 | * Defines an event rule which triggers when a build fails.
|
137 | *
|
138 | * To access fields from the event in the event target input,
|
139 | * use the static fields on the `StateChangeEvent` class.
|
140 | */
|
141 | onBuildFailed(id, options = {}) {
|
142 | const rule = this.onStateChange(id, options);
|
143 | rule.addEventPattern({
|
144 | detail: {
|
145 | 'build-status': ['FAILED'],
|
146 | },
|
147 | });
|
148 | return rule;
|
149 | }
|
150 | /**
|
151 | * Defines an event rule which triggers when a build completes successfully.
|
152 | *
|
153 | * To access fields from the event in the event target input,
|
154 | * use the static fields on the `StateChangeEvent` class.
|
155 | */
|
156 | onBuildSucceeded(id, options = {}) {
|
157 | const rule = this.onStateChange(id, options);
|
158 | rule.addEventPattern({
|
159 | detail: {
|
160 | 'build-status': ['SUCCEEDED'],
|
161 | },
|
162 | });
|
163 | return rule;
|
164 | }
|
165 | /**
|
166 | * @returns a CloudWatch metric associated with this build project.
|
167 | * @param metricName The name of the metric
|
168 | * @param props Customization properties
|
169 | */
|
170 | metric(metricName, props) {
|
171 | return new cloudwatch.Metric({
|
172 | namespace: 'AWS/CodeBuild',
|
173 | metricName,
|
174 | dimensionsMap: { ProjectName: this.projectName },
|
175 | ...props,
|
176 | }).attachTo(this);
|
177 | }
|
178 | /**
|
179 | * Measures the number of builds triggered.
|
180 | *
|
181 | * Units: Count
|
182 | *
|
183 | * Valid CloudWatch statistics: Sum
|
184 | *
|
185 | * @default sum over 5 minutes
|
186 | */
|
187 | metricBuilds(props) {
|
188 | return this.cannedMetric(codebuild_canned_metrics_generated_1.CodeBuildMetrics.buildsSum, props);
|
189 | }
|
190 | /**
|
191 | * Measures the duration of all builds over time.
|
192 | *
|
193 | * Units: Seconds
|
194 | *
|
195 | * Valid CloudWatch statistics: Average (recommended), Maximum, Minimum
|
196 | *
|
197 | * @default average over 5 minutes
|
198 | */
|
199 | metricDuration(props) {
|
200 | return this.cannedMetric(codebuild_canned_metrics_generated_1.CodeBuildMetrics.durationAverage, props);
|
201 | }
|
202 | /**
|
203 | * Measures the number of successful builds.
|
204 | *
|
205 | * Units: Count
|
206 | *
|
207 | * Valid CloudWatch statistics: Sum
|
208 | *
|
209 | * @default sum over 5 minutes
|
210 | */
|
211 | metricSucceededBuilds(props) {
|
212 | return this.cannedMetric(codebuild_canned_metrics_generated_1.CodeBuildMetrics.succeededBuildsSum, props);
|
213 | }
|
214 | /**
|
215 | * Measures the number of builds that failed because of client error or
|
216 | * because of a timeout.
|
217 | *
|
218 | * Units: Count
|
219 | *
|
220 | * Valid CloudWatch statistics: Sum
|
221 | *
|
222 | * @default sum over 5 minutes
|
223 | */
|
224 | metricFailedBuilds(props) {
|
225 | return this.cannedMetric(codebuild_canned_metrics_generated_1.CodeBuildMetrics.failedBuildsSum, props);
|
226 | }
|
227 | notifyOn(id, target, options) {
|
228 | return new notifications.NotificationRule(this, id, {
|
229 | ...options,
|
230 | source: this,
|
231 | targets: [target],
|
232 | });
|
233 | }
|
234 | notifyOnBuildSucceeded(id, target, options) {
|
235 | return this.notifyOn(id, target, {
|
236 | ...options,
|
237 | events: [ProjectNotificationEvents.BUILD_SUCCEEDED],
|
238 | });
|
239 | }
|
240 | notifyOnBuildFailed(id, target, options) {
|
241 | return this.notifyOn(id, target, {
|
242 | ...options,
|
243 | events: [ProjectNotificationEvents.BUILD_FAILED],
|
244 | });
|
245 | }
|
246 | bindAsNotificationRuleSource(_scope) {
|
247 | return {
|
248 | sourceArn: this.projectArn,
|
249 | };
|
250 | }
|
251 | cannedMetric(fn, props) {
|
252 | return new cloudwatch.Metric({
|
253 | ...fn({ ProjectName: this.projectName }),
|
254 | ...props,
|
255 | }).attachTo(this);
|
256 | }
|
257 | }
|
258 | /**
|
259 | * A representation of a CodeBuild Project.
|
260 | */
|
261 | class Project extends ProjectBase {
|
262 | constructor(scope, id, props) {
|
263 | super(scope, id, {
|
264 | physicalName: props.projectName,
|
265 | });
|
266 | try {
|
267 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_ProjectProps(props);
|
268 | }
|
269 | catch (error) {
|
270 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
271 | Error.captureStackTrace(error, Project);
|
272 | }
|
273 | throw error;
|
274 | }
|
275 | this.role = props.role || new iam.Role(this, 'Role', {
|
276 | roleName: core_1.PhysicalName.GENERATE_IF_NEEDED,
|
277 | assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
|
278 | });
|
279 | this.grantPrincipal = this.role;
|
280 | this.buildImage = (props.environment && props.environment.buildImage) || LinuxBuildImage.STANDARD_1_0;
|
281 | // let source "bind" to the project. this usually involves granting permissions
|
282 | // for the code build role to interact with the source.
|
283 | this.source = props.source || new no_source_1.NoSource();
|
284 | const sourceConfig = this.source.bind(this, this);
|
285 | if (props.badge && !this.source.badgeSupported) {
|
286 | throw new Error(`Badge is not supported for source type ${this.source.type}`);
|
287 | }
|
288 | const artifacts = props.artifacts
|
289 | ? props.artifacts
|
290 | : (this.source.type === source_types_1.CODEPIPELINE_SOURCE_ARTIFACTS_TYPE
|
291 | ? new codepipeline_artifacts_1.CodePipelineArtifacts()
|
292 | : new no_artifacts_1.NoArtifacts());
|
293 | const artifactsConfig = artifacts.bind(this, this);
|
294 | const cache = props.cache || cache_1.Cache.none();
|
295 | // give the caching strategy the option to grant permissions to any required resources
|
296 | cache._bind(this);
|
297 | // Inject download commands for asset if requested
|
298 | const environmentVariables = props.environmentVariables || {};
|
299 | const buildSpec = props.buildSpec;
|
300 | if (this.source.type === source_types_1.NO_SOURCE_TYPE && (buildSpec === undefined || !buildSpec.isImmediate)) {
|
301 | throw new Error("If the Project's source is NoSource, you need to provide a concrete buildSpec");
|
302 | }
|
303 | this._secondarySources = [];
|
304 | this._secondarySourceVersions = [];
|
305 | this._fileSystemLocations = [];
|
306 | for (const secondarySource of props.secondarySources || []) {
|
307 | this.addSecondarySource(secondarySource);
|
308 | }
|
309 | this._secondaryArtifacts = [];
|
310 | for (const secondaryArtifact of props.secondaryArtifacts || []) {
|
311 | this.addSecondaryArtifact(secondaryArtifact);
|
312 | }
|
313 | this.validateCodePipelineSettings(artifacts);
|
314 | for (const fileSystemLocation of props.fileSystemLocations || []) {
|
315 | this.addFileSystemLocation(fileSystemLocation);
|
316 | }
|
317 | const resource = new codebuild_generated_1.CfnProject(this, 'Resource', {
|
318 | description: props.description,
|
319 | source: {
|
320 | ...sourceConfig.sourceProperty,
|
321 | buildSpec: buildSpec && buildSpec.toBuildSpec(),
|
322 | },
|
323 | artifacts: artifactsConfig.artifactsProperty,
|
324 | serviceRole: this.role.roleArn,
|
325 | environment: this.renderEnvironment(props, environmentVariables),
|
326 | fileSystemLocations: core_1.Lazy.any({ produce: () => this.renderFileSystemLocations() }),
|
327 | // lazy, because we have a setter for it in setEncryptionKey
|
328 | // The 'alias/aws/s3' default is necessary because leaving the `encryptionKey` field
|
329 | // empty will not remove existing encryptionKeys during an update (ref. t/D17810523)
|
330 | encryptionKey: core_1.Lazy.string({ produce: () => this._encryptionKey ? this._encryptionKey.keyArn : 'alias/aws/s3' }),
|
331 | badgeEnabled: props.badge,
|
332 | cache: cache._toCloudFormation(),
|
333 | name: this.physicalName,
|
334 | timeoutInMinutes: props.timeout && props.timeout.toMinutes(),
|
335 | queuedTimeoutInMinutes: props.queuedTimeout && props.queuedTimeout.toMinutes(),
|
336 | concurrentBuildLimit: props.concurrentBuildLimit,
|
337 | secondarySources: core_1.Lazy.any({ produce: () => this.renderSecondarySources() }),
|
338 | secondarySourceVersions: core_1.Lazy.any({ produce: () => this.renderSecondarySourceVersions() }),
|
339 | secondaryArtifacts: core_1.Lazy.any({ produce: () => this.renderSecondaryArtifacts() }),
|
340 | triggers: sourceConfig.buildTriggers,
|
341 | sourceVersion: sourceConfig.sourceVersion,
|
342 | vpcConfig: this.configureVpc(props),
|
343 | logsConfig: this.renderLoggingConfiguration(props.logging),
|
344 | buildBatchConfig: core_1.Lazy.any({
|
345 | produce: () => {
|
346 | const config = this._batchServiceRole ? {
|
347 | serviceRole: this._batchServiceRole.roleArn,
|
348 | } : undefined;
|
349 | return config;
|
350 | },
|
351 | }),
|
352 | });
|
353 | this.addVpcRequiredPermissions(props, resource);
|
354 | this.projectArn = this.getResourceArnAttribute(resource.attrArn, {
|
355 | service: 'codebuild',
|
356 | resource: 'project',
|
357 | resourceName: this.physicalName,
|
358 | });
|
359 | this.projectName = this.getResourceNameAttribute(resource.ref);
|
360 | this.addToRolePolicy(this.createLoggingPermission());
|
361 | // add permissions to create and use test report groups
|
362 | // with names starting with the project's name,
|
363 | // unless the customer explicitly opts out of it
|
364 | if (props.grantReportGroupPermissions !== false) {
|
365 | this.addToRolePolicy(new iam.PolicyStatement({
|
366 | actions: [
|
367 | 'codebuild:CreateReportGroup',
|
368 | 'codebuild:CreateReport',
|
369 | 'codebuild:UpdateReport',
|
370 | 'codebuild:BatchPutTestCases',
|
371 | 'codebuild:BatchPutCodeCoverages',
|
372 | ],
|
373 | resources: [report_group_utils_1.renderReportGroupArn(this, `${this.projectName}-*`)],
|
374 | }));
|
375 | }
|
376 | if (props.encryptionKey) {
|
377 | this.encryptionKey = props.encryptionKey;
|
378 | }
|
379 | // bind
|
380 | if (isBindableBuildImage(this.buildImage)) {
|
381 | this.buildImage.bind(this, this, {});
|
382 | }
|
383 | }
|
384 | static fromProjectArn(scope, id, projectArn) {
|
385 | const parsedArn = core_1.Stack.of(scope).splitArn(projectArn, core_1.ArnFormat.SLASH_RESOURCE_NAME);
|
386 | class Import extends ProjectBase {
|
387 | constructor(s, i) {
|
388 | super(s, i, {
|
389 | account: parsedArn.account,
|
390 | region: parsedArn.region,
|
391 | });
|
392 | this.projectArn = projectArn;
|
393 | this.projectName = parsedArn.resourceName;
|
394 | this.role = undefined;
|
395 | this.grantPrincipal = new iam.UnknownPrincipal({ resource: this });
|
396 | }
|
397 | }
|
398 | return new Import(scope, id);
|
399 | }
|
400 | /**
|
401 | * Import a Project defined either outside the CDK,
|
402 | * or in a different CDK Stack
|
403 | * (and exported using the {@link export} method).
|
404 | *
|
405 | * @note if you're importing a CodeBuild Project for use
|
406 | * in a CodePipeline, make sure the existing Project
|
407 | * has permissions to access the S3 Bucket of that Pipeline -
|
408 | * otherwise, builds in that Pipeline will always fail.
|
409 | *
|
410 | * @param scope the parent Construct for this Construct
|
411 | * @param id the logical name of this Construct
|
412 | * @param projectName the name of the project to import
|
413 | * @returns a reference to the existing Project
|
414 | */
|
415 | static fromProjectName(scope, id, projectName) {
|
416 | class Import extends ProjectBase {
|
417 | constructor(s, i) {
|
418 | super(s, i);
|
419 | this.role = undefined;
|
420 | this.projectArn = core_1.Stack.of(this).formatArn({
|
421 | service: 'codebuild',
|
422 | resource: 'project',
|
423 | resourceName: projectName,
|
424 | });
|
425 | this.grantPrincipal = new iam.UnknownPrincipal({ resource: this });
|
426 | this.projectName = projectName;
|
427 | }
|
428 | }
|
429 | return new Import(scope, id);
|
430 | }
|
431 | /**
|
432 | * Convert the environment variables map of string to {@link BuildEnvironmentVariable},
|
433 | * which is the customer-facing type, to a list of {@link CfnProject.EnvironmentVariableProperty},
|
434 | * which is the representation of environment variables in CloudFormation.
|
435 | *
|
436 | * @param environmentVariables the map of string to environment variables
|
437 | * @param validateNoPlainTextSecrets whether to throw an exception
|
438 | * if any of the plain text environment variables contain secrets, defaults to 'false'
|
439 | * @returns an array of {@link CfnProject.EnvironmentVariableProperty} instances
|
440 | */
|
441 | static serializeEnvVariables(environmentVariables, validateNoPlainTextSecrets = false, principal) {
|
442 | const ret = new Array();
|
443 | const ssmIamResources = new Array();
|
444 | const secretsManagerIamResources = new Set();
|
445 | const kmsIamResources = new Set();
|
446 | for (const [name, envVariable] of Object.entries(environmentVariables)) {
|
447 | const envVariableValue = envVariable.value?.toString();
|
448 | const cfnEnvVariable = {
|
449 | name,
|
450 | type: envVariable.type || BuildEnvironmentVariableType.PLAINTEXT,
|
451 | value: envVariableValue,
|
452 | };
|
453 | ret.push(cfnEnvVariable);
|
454 | // validate that the plain-text environment variables don't contain any secrets in them
|
455 | if (validateNoPlainTextSecrets && cfnEnvVariable.type === BuildEnvironmentVariableType.PLAINTEXT) {
|
456 | const fragments = core_1.Tokenization.reverseString(cfnEnvVariable.value);
|
457 | for (const token of fragments.tokens) {
|
458 | if (token instanceof core_1.SecretValue) {
|
459 | throw new Error(`Plaintext environment variable '${name}' contains a secret value! ` +
|
460 | 'This means the value of this variable will be visible in plain text in the AWS Console. ' +
|
461 | "Please consider using CodeBuild's SecretsManager environment variables feature instead. " +
|
462 | "If you'd like to continue with having this secret in the plaintext environment variables, " +
|
463 | 'please set the checkSecretsInPlainTextEnvVariables property to false');
|
464 | }
|
465 | }
|
466 | }
|
467 | if (principal) {
|
468 | const stack = core_1.Stack.of(principal);
|
469 | // save the SSM env variables
|
470 | if (envVariable.type === BuildEnvironmentVariableType.PARAMETER_STORE) {
|
471 | ssmIamResources.push(stack.formatArn({
|
472 | service: 'ssm',
|
473 | resource: 'parameter',
|
474 | // If the parameter name starts with / the resource name is not separated with a double '/'
|
475 | // arn:aws:ssm:region:1111111111:parameter/PARAM_NAME
|
476 | resourceName: envVariableValue.startsWith('/')
|
477 | ? envVariableValue.slice(1)
|
478 | : envVariableValue,
|
479 | }));
|
480 | }
|
481 | // save SecretsManager env variables
|
482 | if (envVariable.type === BuildEnvironmentVariableType.SECRETS_MANAGER) {
|
483 | // We have 3 basic cases here of what envVariableValue can be:
|
484 | // 1. A string that starts with 'arn:' (and might contain Token fragments).
|
485 | // 2. A Token.
|
486 | // 3. A simple value, like 'secret-id'.
|
487 | if (envVariableValue.startsWith('arn:')) {
|
488 | const parsedArn = stack.splitArn(envVariableValue, core_1.ArnFormat.COLON_RESOURCE_NAME);
|
489 | if (!parsedArn.resourceName) {
|
490 | throw new Error('SecretManager ARN is missing the name of the secret: ' + envVariableValue);
|
491 | }
|
492 | // the value of the property can be a complex string, separated by ':';
|
493 | // see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager
|
494 | const secretName = parsedArn.resourceName.split(':')[0];
|
495 | secretsManagerIamResources.add(stack.formatArn({
|
496 | service: 'secretsmanager',
|
497 | resource: 'secret',
|
498 | // since we don't know whether the ARN was full, or partial
|
499 | // (CodeBuild supports both),
|
500 | // stick a "*" at the end, which makes it work for both
|
501 | resourceName: `${secretName}*`,
|
502 | arnFormat: core_1.ArnFormat.COLON_RESOURCE_NAME,
|
503 | partition: parsedArn.partition,
|
504 | account: parsedArn.account,
|
505 | region: parsedArn.region,
|
506 | }));
|
507 | // if secret comes from another account, SecretsManager will need to access
|
508 | // KMS on the other account as well to be able to get the secret
|
509 | if (parsedArn.account && core_1.Token.compareStrings(parsedArn.account, stack.account) === core_1.TokenComparison.DIFFERENT) {
|
510 | kmsIamResources.add(stack.formatArn({
|
511 | service: 'kms',
|
512 | resource: 'key',
|
513 | // We do not know the ID of the key, but since this is a cross-account access,
|
514 | // the key policies have to allow this access, so a wildcard is safe here
|
515 | resourceName: '*',
|
516 | arnFormat: core_1.ArnFormat.SLASH_RESOURCE_NAME,
|
517 | partition: parsedArn.partition,
|
518 | account: parsedArn.account,
|
519 | region: parsedArn.region,
|
520 | }));
|
521 | }
|
522 | }
|
523 | else if (core_1.Token.isUnresolved(envVariableValue)) {
|
524 | // the value of the property can be a complex string, separated by ':';
|
525 | // see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager
|
526 | let secretArn = envVariableValue.split(':')[0];
|
527 | // parse the Token, and see if it represents a single resource
|
528 | // (we will assume it's a Secret from SecretsManager)
|
529 | const fragments = core_1.Tokenization.reverseString(envVariableValue);
|
530 | if (fragments.tokens.length === 1) {
|
531 | const resolvable = fragments.tokens[0];
|
532 | if (core_1.Reference.isReference(resolvable)) {
|
533 | // check the Stack the resource owning the reference belongs to
|
534 | const resourceStack = core_1.Stack.of(resolvable.target);
|
535 | if (core_1.Token.compareStrings(stack.account, resourceStack.account) === core_1.TokenComparison.DIFFERENT) {
|
536 | // since this is a cross-account access,
|
537 | // add the appropriate KMS permissions
|
538 | kmsIamResources.add(stack.formatArn({
|
539 | service: 'kms',
|
540 | resource: 'key',
|
541 | // We do not know the ID of the key, but since this is a cross-account access,
|
542 | // the key policies have to allow this access, so a wildcard is safe here
|
543 | resourceName: '*',
|
544 | arnFormat: core_1.ArnFormat.SLASH_RESOURCE_NAME,
|
545 | partition: resourceStack.partition,
|
546 | account: resourceStack.account,
|
547 | region: resourceStack.region,
|
548 | }));
|
549 | // Work around a bug in SecretsManager -
|
550 | // when the access is cross-environment,
|
551 | // Secret.secretArn returns a partial ARN!
|
552 | // So add a "*" at the end, so that the permissions work
|
553 | secretArn = `${secretArn}-??????`;
|
554 | }
|
555 | }
|
556 | }
|
557 | // if we are passed a Token, we should assume it's the ARN of the Secret
|
558 | // (as the name would not work anyway, because it would be the full name, which CodeBuild does not support)
|
559 | secretsManagerIamResources.add(secretArn);
|
560 | }
|
561 | else {
|
562 | // the value of the property can be a complex string, separated by ':';
|
563 | // see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager
|
564 | const secretName = envVariableValue.split(':')[0];
|
565 | secretsManagerIamResources.add(stack.formatArn({
|
566 | service: 'secretsmanager',
|
567 | resource: 'secret',
|
568 | resourceName: `${secretName}-??????`,
|
569 | arnFormat: core_1.ArnFormat.COLON_RESOURCE_NAME,
|
570 | }));
|
571 | }
|
572 | }
|
573 | }
|
574 | }
|
575 | if (ssmIamResources.length !== 0) {
|
576 | principal?.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
|
577 | actions: ['ssm:GetParameters'],
|
578 | resources: ssmIamResources,
|
579 | }));
|
580 | }
|
581 | if (secretsManagerIamResources.size !== 0) {
|
582 | principal?.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
|
583 | actions: ['secretsmanager:GetSecretValue'],
|
584 | resources: Array.from(secretsManagerIamResources),
|
585 | }));
|
586 | }
|
587 | if (kmsIamResources.size !== 0) {
|
588 | principal?.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
|
589 | actions: ['kms:Decrypt'],
|
590 | resources: Array.from(kmsIamResources),
|
591 | }));
|
592 | }
|
593 | return ret;
|
594 | }
|
595 | enableBatchBuilds() {
|
596 | if (!this._batchServiceRole) {
|
597 | this._batchServiceRole = new iam.Role(this, 'BatchServiceRole', {
|
598 | assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
|
599 | });
|
600 | this._batchServiceRole.addToPrincipalPolicy(new iam.PolicyStatement({
|
601 | resources: [core_1.Lazy.string({
|
602 | produce: () => this.projectArn,
|
603 | })],
|
604 | actions: [
|
605 | 'codebuild:StartBuild',
|
606 | 'codebuild:StopBuild',
|
607 | 'codebuild:RetryBuild',
|
608 | ],
|
609 | }));
|
610 | }
|
611 | return {
|
612 | role: this._batchServiceRole,
|
613 | };
|
614 | }
|
615 | /**
|
616 | * Adds a secondary source to the Project.
|
617 | *
|
618 | * @param secondarySource the source to add as a secondary source
|
619 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html
|
620 | */
|
621 | addSecondarySource(secondarySource) {
|
622 | try {
|
623 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_ISource(secondarySource);
|
624 | }
|
625 | catch (error) {
|
626 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
627 | Error.captureStackTrace(error, this.addSecondarySource);
|
628 | }
|
629 | throw error;
|
630 | }
|
631 | if (!secondarySource.identifier) {
|
632 | throw new Error('The identifier attribute is mandatory for secondary sources');
|
633 | }
|
634 | const secondarySourceConfig = secondarySource.bind(this, this);
|
635 | this._secondarySources.push(secondarySourceConfig.sourceProperty);
|
636 | if (secondarySourceConfig.sourceVersion) {
|
637 | this._secondarySourceVersions.push({
|
638 | sourceIdentifier: secondarySource.identifier,
|
639 | sourceVersion: secondarySourceConfig.sourceVersion,
|
640 | });
|
641 | }
|
642 | }
|
643 | /**
|
644 | * Adds a fileSystemLocation to the Project.
|
645 | *
|
646 | * @param fileSystemLocation the fileSystemLocation to add
|
647 | */
|
648 | addFileSystemLocation(fileSystemLocation) {
|
649 | try {
|
650 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_IFileSystemLocation(fileSystemLocation);
|
651 | }
|
652 | catch (error) {
|
653 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
654 | Error.captureStackTrace(error, this.addFileSystemLocation);
|
655 | }
|
656 | throw error;
|
657 | }
|
658 | const fileSystemConfig = fileSystemLocation.bind(this, this);
|
659 | this._fileSystemLocations.push(fileSystemConfig.location);
|
660 | }
|
661 | /**
|
662 | * Adds a secondary artifact to the Project.
|
663 | *
|
664 | * @param secondaryArtifact the artifact to add as a secondary artifact
|
665 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html
|
666 | */
|
667 | addSecondaryArtifact(secondaryArtifact) {
|
668 | try {
|
669 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_IArtifacts(secondaryArtifact);
|
670 | }
|
671 | catch (error) {
|
672 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
673 | Error.captureStackTrace(error, this.addSecondaryArtifact);
|
674 | }
|
675 | throw error;
|
676 | }
|
677 | if (!secondaryArtifact.identifier) {
|
678 | throw new Error('The identifier attribute is mandatory for secondary artifacts');
|
679 | }
|
680 | this._secondaryArtifacts.push(secondaryArtifact.bind(this, this).artifactsProperty);
|
681 | }
|
682 | /**
|
683 | * A callback invoked when the given project is added to a CodePipeline.
|
684 | *
|
685 | * @param _scope the construct the binding is taking place in
|
686 | * @param options additional options for the binding
|
687 | */
|
688 | bindToCodePipeline(_scope, options) {
|
689 | try {
|
690 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_BindToCodePipelineOptions(options);
|
691 | }
|
692 | catch (error) {
|
693 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
694 | Error.captureStackTrace(error, this.bindToCodePipeline);
|
695 | }
|
696 | throw error;
|
697 | }
|
698 | // work around a bug in CodeBuild: it ignores the KMS key set on the pipeline,
|
699 | // and always uses its own, project-level key
|
700 | if (options.artifactBucket.encryptionKey && !this._encryptionKey) {
|
701 | // we cannot safely do this assignment if the key is of type kms.Key,
|
702 | // and belongs to a stack in a different account or region than the project
|
703 | // (that would cause an illegal reference, as KMS keys don't have physical names)
|
704 | const keyStack = core_1.Stack.of(options.artifactBucket.encryptionKey);
|
705 | const projectStack = core_1.Stack.of(this);
|
706 | if (!(options.artifactBucket.encryptionKey instanceof kms.Key &&
|
707 | (keyStack.account !== projectStack.account || keyStack.region !== projectStack.region))) {
|
708 | this.encryptionKey = options.artifactBucket.encryptionKey;
|
709 | }
|
710 | }
|
711 | }
|
712 | /**
|
713 | * @override
|
714 | */
|
715 | validate() {
|
716 | const ret = new Array();
|
717 | if (this.source.type === source_types_1.CODEPIPELINE_SOURCE_ARTIFACTS_TYPE) {
|
718 | if (this._secondarySources.length > 0) {
|
719 | ret.push('A Project with a CodePipeline Source cannot have secondary sources. ' +
|
720 | "Use the CodeBuild Pipeline Actions' `extraInputs` property instead");
|
721 | }
|
722 | if (this._secondaryArtifacts.length > 0) {
|
723 | ret.push('A Project with a CodePipeline Source cannot have secondary artifacts. ' +
|
724 | "Use the CodeBuild Pipeline Actions' `outputs` property instead");
|
725 | }
|
726 | }
|
727 | return ret;
|
728 | }
|
729 | set encryptionKey(encryptionKey) {
|
730 | this._encryptionKey = encryptionKey;
|
731 | encryptionKey.grantEncryptDecrypt(this);
|
732 | }
|
733 | createLoggingPermission() {
|
734 | const logGroupArn = core_1.Stack.of(this).formatArn({
|
735 | service: 'logs',
|
736 | resource: 'log-group',
|
737 | arnFormat: core_1.ArnFormat.COLON_RESOURCE_NAME,
|
738 | resourceName: `/aws/codebuild/${this.projectName}`,
|
739 | });
|
740 | const logGroupStarArn = `${logGroupArn}:*`;
|
741 | return new iam.PolicyStatement({
|
742 | resources: [logGroupArn, logGroupStarArn],
|
743 | actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],
|
744 | });
|
745 | }
|
746 | renderEnvironment(props, projectVars = {}) {
|
747 | const env = props.environment ?? {};
|
748 | const vars = {};
|
749 | const containerVars = env.environmentVariables || {};
|
750 | // first apply environment variables from the container definition
|
751 | for (const name of Object.keys(containerVars)) {
|
752 | vars[name] = containerVars[name];
|
753 | }
|
754 | // now apply project-level vars
|
755 | for (const name of Object.keys(projectVars)) {
|
756 | vars[name] = projectVars[name];
|
757 | }
|
758 | const hasEnvironmentVars = Object.keys(vars).length > 0;
|
759 | const errors = this.buildImage.validate(env);
|
760 | if (errors.length > 0) {
|
761 | throw new Error('Invalid CodeBuild environment: ' + errors.join('\n'));
|
762 | }
|
763 | const imagePullPrincipalType = this.buildImage.imagePullPrincipalType === ImagePullPrincipalType.CODEBUILD
|
764 | ? ImagePullPrincipalType.CODEBUILD
|
765 | : ImagePullPrincipalType.SERVICE_ROLE;
|
766 | if (this.buildImage.repository) {
|
767 | if (imagePullPrincipalType === ImagePullPrincipalType.SERVICE_ROLE) {
|
768 | this.buildImage.repository.grantPull(this);
|
769 | }
|
770 | else {
|
771 | const statement = new iam.PolicyStatement({
|
772 | principals: [new iam.ServicePrincipal('codebuild.amazonaws.com')],
|
773 | actions: ['ecr:GetDownloadUrlForLayer', 'ecr:BatchGetImage', 'ecr:BatchCheckLayerAvailability'],
|
774 | });
|
775 | statement.sid = 'CodeBuild';
|
776 | this.buildImage.repository.addToResourcePolicy(statement);
|
777 | }
|
778 | }
|
779 | if (imagePullPrincipalType === ImagePullPrincipalType.SERVICE_ROLE) {
|
780 | this.buildImage.secretsManagerCredentials?.grantRead(this);
|
781 | }
|
782 | const secret = this.buildImage.secretsManagerCredentials;
|
783 | return {
|
784 | type: this.buildImage.type,
|
785 | image: this.buildImage.imageId,
|
786 | imagePullCredentialsType: imagePullPrincipalType,
|
787 | registryCredential: secret
|
788 | ? {
|
789 | credentialProvider: 'SECRETS_MANAGER',
|
790 | // Secrets must be referenced by either the full ARN (with SecretsManager suffix), or by name.
|
791 | // "Partial" ARNs (without the suffix) will fail a validation regex at deploy-time.
|
792 | credential: secret.secretFullArn ?? secret.secretName,
|
793 | }
|
794 | : undefined,
|
795 | certificate: env.certificate?.bucket.arnForObjects(env.certificate.objectKey),
|
796 | privilegedMode: env.privileged || false,
|
797 | computeType: env.computeType || this.buildImage.defaultComputeType,
|
798 | environmentVariables: hasEnvironmentVars
|
799 | ? Project.serializeEnvVariables(vars, props.checkSecretsInPlainTextEnvVariables ?? true, this)
|
800 | : undefined,
|
801 | };
|
802 | }
|
803 | renderFileSystemLocations() {
|
804 | return this._fileSystemLocations.length === 0
|
805 | ? undefined
|
806 | : this._fileSystemLocations;
|
807 | }
|
808 | renderSecondarySources() {
|
809 | return this._secondarySources.length === 0
|
810 | ? undefined
|
811 | : this._secondarySources;
|
812 | }
|
813 | renderSecondarySourceVersions() {
|
814 | return this._secondarySourceVersions.length === 0
|
815 | ? undefined
|
816 | : this._secondarySourceVersions;
|
817 | }
|
818 | renderSecondaryArtifacts() {
|
819 | return this._secondaryArtifacts.length === 0
|
820 | ? undefined
|
821 | : this._secondaryArtifacts;
|
822 | }
|
823 | /**
|
824 | * If configured, set up the VPC-related properties
|
825 | *
|
826 | * Returns the VpcConfig that should be added to the
|
827 | * codebuild creation properties.
|
828 | */
|
829 | configureVpc(props) {
|
830 | if ((props.securityGroups || props.allowAllOutbound !== undefined) && !props.vpc) {
|
831 | throw new Error('Cannot configure \'securityGroup\' or \'allowAllOutbound\' without configuring a VPC');
|
832 | }
|
833 | if (!props.vpc) {
|
834 | return undefined;
|
835 | }
|
836 | if ((props.securityGroups && props.securityGroups.length > 0) && props.allowAllOutbound !== undefined) {
|
837 | throw new Error('Configure \'allowAllOutbound\' directly on the supplied SecurityGroup.');
|
838 | }
|
839 | let securityGroups;
|
840 | if (props.securityGroups && props.securityGroups.length > 0) {
|
841 | securityGroups = props.securityGroups;
|
842 | }
|
843 | else {
|
844 | const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
|
845 | vpc: props.vpc,
|
846 | description: 'Automatic generated security group for CodeBuild ' + core_1.Names.uniqueId(this),
|
847 | allowAllOutbound: props.allowAllOutbound,
|
848 | });
|
849 | securityGroups = [securityGroup];
|
850 | }
|
851 | this._connections = new ec2.Connections({ securityGroups });
|
852 | return {
|
853 | vpcId: props.vpc.vpcId,
|
854 | subnets: props.vpc.selectSubnets(props.subnetSelection).subnetIds,
|
855 | securityGroupIds: this.connections.securityGroups.map(s => s.securityGroupId),
|
856 | };
|
857 | }
|
858 | renderLoggingConfiguration(props) {
|
859 | if (props === undefined) {
|
860 | return undefined;
|
861 | }
|
862 | let s3Config = undefined;
|
863 | let cloudwatchConfig = undefined;
|
864 | if (props.s3) {
|
865 | const s3Logs = props.s3;
|
866 | s3Config = {
|
867 | status: (s3Logs.enabled ?? true) ? 'ENABLED' : 'DISABLED',
|
868 | location: `${s3Logs.bucket.bucketName}` + (s3Logs.prefix ? `/${s3Logs.prefix}` : ''),
|
869 | encryptionDisabled: s3Logs.encrypted,
|
870 | };
|
871 | s3Logs.bucket?.grantWrite(this);
|
872 | }
|
873 | if (props.cloudWatch) {
|
874 | const cloudWatchLogs = props.cloudWatch;
|
875 | const status = (cloudWatchLogs.enabled ?? true) ? 'ENABLED' : 'DISABLED';
|
876 | if (status === 'ENABLED' && !(cloudWatchLogs.logGroup)) {
|
877 | throw new Error('Specifying a LogGroup is required if CloudWatch logging for CodeBuild is enabled');
|
878 | }
|
879 | cloudWatchLogs.logGroup?.grantWrite(this);
|
880 | cloudwatchConfig = {
|
881 | status,
|
882 | groupName: cloudWatchLogs.logGroup?.logGroupName,
|
883 | streamName: cloudWatchLogs.prefix,
|
884 | };
|
885 | }
|
886 | return {
|
887 | s3Logs: s3Config,
|
888 | cloudWatchLogs: cloudwatchConfig,
|
889 | };
|
890 | }
|
891 | addVpcRequiredPermissions(props, project) {
|
892 | if (!props.vpc || !this.role) {
|
893 | return;
|
894 | }
|
895 | this.role.addToPrincipalPolicy(new iam.PolicyStatement({
|
896 | resources: [`arn:${core_1.Aws.PARTITION}:ec2:${core_1.Aws.REGION}:${core_1.Aws.ACCOUNT_ID}:network-interface/*`],
|
897 | actions: ['ec2:CreateNetworkInterfacePermission'],
|
898 | conditions: {
|
899 | StringEquals: {
|
900 | 'ec2:Subnet': props.vpc
|
901 | .selectSubnets(props.subnetSelection).subnetIds
|
902 | .map(si => `arn:${core_1.Aws.PARTITION}:ec2:${core_1.Aws.REGION}:${core_1.Aws.ACCOUNT_ID}:subnet/${si}`),
|
903 | 'ec2:AuthorizedService': 'codebuild.amazonaws.com',
|
904 | },
|
905 | },
|
906 | }));
|
907 | // If the same Role is used for multiple Projects, always creating a new `iam.Policy`
|
908 | // will attach the same policy multiple times, probably exceeding the maximum size of the
|
909 | // Role policy. Make sure we only do it once for the same role.
|
910 | //
|
911 | // This deduplication could be a feature of the Role itself, but that feels risky and
|
912 | // is hard to implement (what with Tokens and all). Safer to fix it locally for now.
|
913 | let policy = this.role[VPC_POLICY_SYM];
|
914 | if (!policy) {
|
915 | policy = new iam.Policy(this, 'PolicyDocument', {
|
916 | statements: [
|
917 | new iam.PolicyStatement({
|
918 | resources: ['*'],
|
919 | actions: [
|
920 | 'ec2:CreateNetworkInterface',
|
921 | 'ec2:DescribeNetworkInterfaces',
|
922 | 'ec2:DeleteNetworkInterface',
|
923 | 'ec2:DescribeSubnets',
|
924 | 'ec2:DescribeSecurityGroups',
|
925 | 'ec2:DescribeDhcpOptions',
|
926 | 'ec2:DescribeVpcs',
|
927 | ],
|
928 | }),
|
929 | ],
|
930 | });
|
931 | this.role.attachInlinePolicy(policy);
|
932 | this.role[VPC_POLICY_SYM] = policy;
|
933 | }
|
934 | // add an explicit dependency between the EC2 Policy and this Project -
|
935 | // otherwise, creating the Project fails, as it requires these permissions
|
936 | // to be already attached to the Project's Role
|
937 | project.node.addDependency(policy);
|
938 | }
|
939 | validateCodePipelineSettings(artifacts) {
|
940 | const sourceType = this.source.type;
|
941 | const artifactsType = artifacts.type;
|
942 | if ((sourceType === source_types_1.CODEPIPELINE_SOURCE_ARTIFACTS_TYPE ||
|
943 | artifactsType === source_types_1.CODEPIPELINE_SOURCE_ARTIFACTS_TYPE) &&
|
944 | (sourceType !== artifactsType)) {
|
945 | throw new Error('Both source and artifacts must be set to CodePipeline');
|
946 | }
|
947 | }
|
948 | }
|
949 | exports.Project = Project;
|
950 | _a = JSII_RTTI_SYMBOL_1;
|
951 | Project[_a] = { fqn: "@aws-cdk/aws-codebuild.Project", version: "1.197.0" };
|
952 | /**
|
953 | * Build machine compute type.
|
954 | */
|
955 | var ComputeType;
|
956 | (function (ComputeType) {
|
957 | ComputeType["SMALL"] = "BUILD_GENERAL1_SMALL";
|
958 | ComputeType["MEDIUM"] = "BUILD_GENERAL1_MEDIUM";
|
959 | ComputeType["LARGE"] = "BUILD_GENERAL1_LARGE";
|
960 | ComputeType["X2_LARGE"] = "BUILD_GENERAL1_2XLARGE";
|
961 | })(ComputeType = exports.ComputeType || (exports.ComputeType = {}));
|
962 | /**
|
963 | * The type of principal CodeBuild will use to pull your build Docker image.
|
964 | */
|
965 | var ImagePullPrincipalType;
|
966 | (function (ImagePullPrincipalType) {
|
967 | /**
|
968 | * CODEBUILD specifies that CodeBuild uses its own identity when pulling the image.
|
969 | * This means the resource policy of the ECR repository that hosts the image will be modified to trust
|
970 | * CodeBuild's service principal.
|
971 | * This is the required principal type when using CodeBuild's pre-defined images.
|
972 | */
|
973 | ImagePullPrincipalType["CODEBUILD"] = "CODEBUILD";
|
974 | /**
|
975 | * SERVICE_ROLE specifies that AWS CodeBuild uses the project's role when pulling the image.
|
976 | * The role will be granted pull permissions on the ECR repository hosting the image.
|
977 | */
|
978 | ImagePullPrincipalType["SERVICE_ROLE"] = "SERVICE_ROLE";
|
979 | })(ImagePullPrincipalType = exports.ImagePullPrincipalType || (exports.ImagePullPrincipalType = {}));
|
980 | // Keep around to resolve a circular dependency until removing deprecated ARM image constants from LinuxBuildImage
|
981 | // eslint-disable-next-line no-duplicate-imports, import/order
|
982 | const linux_arm_build_image_1 = require("./linux-arm-build-image");
|
983 | /**
|
984 | * A CodeBuild image running x86-64 Linux.
|
985 | *
|
986 | * This class has a bunch of public constants that represent the most popular images.
|
987 | *
|
988 | * You can also specify a custom image using one of the static methods:
|
989 | *
|
990 | * - LinuxBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }])
|
991 | * - LinuxBuildImage.fromEcrRepository(repo[, tag])
|
992 | * - LinuxBuildImage.fromAsset(parent, id, props)
|
993 | *
|
994 | *
|
995 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
|
996 | */
|
997 | class LinuxBuildImage {
|
998 | constructor(props) {
|
999 | this.type = 'LINUX_CONTAINER';
|
1000 | this.defaultComputeType = ComputeType.SMALL;
|
1001 | this.imageId = props.imageId;
|
1002 | this.imagePullPrincipalType = props.imagePullPrincipalType;
|
1003 | this.secretsManagerCredentials = props.secretsManagerCredentials;
|
1004 | this.repository = props.repository;
|
1005 | }
|
1006 | /**
|
1007 | * @returns a x86-64 Linux build image from a Docker Hub image.
|
1008 | */
|
1009 | static fromDockerRegistry(name, options = {}) {
|
1010 | try {
|
1011 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_DockerImageOptions(options);
|
1012 | }
|
1013 | catch (error) {
|
1014 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
1015 | Error.captureStackTrace(error, this.fromDockerRegistry);
|
1016 | }
|
1017 | throw error;
|
1018 | }
|
1019 | return new LinuxBuildImage({
|
1020 | ...options,
|
1021 | imageId: name,
|
1022 | imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,
|
1023 | });
|
1024 | }
|
1025 | /**
|
1026 | * @returns A x86-64 Linux build image from an ECR repository.
|
1027 | *
|
1028 | * NOTE: if the repository is external (i.e. imported), then we won't be able to add
|
1029 | * a resource policy statement for it so CodeBuild can pull the image.
|
1030 | *
|
1031 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html
|
1032 | *
|
1033 | * @param repository The ECR repository
|
1034 | * @param tagOrDigest Image tag or digest (default "latest", digests must start with `sha256:`)
|
1035 | */
|
1036 | static fromEcrRepository(repository, tagOrDigest = 'latest') {
|
1037 | return new LinuxBuildImage({
|
1038 | imageId: repository.repositoryUriForTagOrDigest(tagOrDigest),
|
1039 | imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,
|
1040 | repository,
|
1041 | });
|
1042 | }
|
1043 | /**
|
1044 | * Uses an Docker image asset as a x86-64 Linux build image.
|
1045 | */
|
1046 | static fromAsset(scope, id, props) {
|
1047 | const asset = new aws_ecr_assets_1.DockerImageAsset(scope, id, props);
|
1048 | return new LinuxBuildImage({
|
1049 | imageId: asset.imageUri,
|
1050 | imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,
|
1051 | repository: asset.repository,
|
1052 | });
|
1053 | }
|
1054 | /**
|
1055 | * Uses a Docker image provided by CodeBuild.
|
1056 | *
|
1057 | * @returns A Docker image provided by CodeBuild.
|
1058 | *
|
1059 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
|
1060 | *
|
1061 | * @param id The image identifier
|
1062 | * @example 'aws/codebuild/standard:4.0'
|
1063 | */
|
1064 | static fromCodeBuildImageId(id) {
|
1065 | return LinuxBuildImage.codeBuildImage(id);
|
1066 | }
|
1067 | static codeBuildImage(name) {
|
1068 | return new LinuxBuildImage({
|
1069 | imageId: name,
|
1070 | imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,
|
1071 | });
|
1072 | }
|
1073 | validate(_) {
|
1074 | try {
|
1075 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_BuildEnvironment(_);
|
1076 | }
|
1077 | catch (error) {
|
1078 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
1079 | Error.captureStackTrace(error, this.validate);
|
1080 | }
|
1081 | throw error;
|
1082 | }
|
1083 | return [];
|
1084 | }
|
1085 | runScriptBuildspec(entrypoint) {
|
1086 | return run_script_linux_build_spec_1.runScriptLinuxBuildSpec(entrypoint);
|
1087 | }
|
1088 | }
|
1089 | exports.LinuxBuildImage = LinuxBuildImage;
|
1090 | _b = JSII_RTTI_SYMBOL_1;
|
1091 | LinuxBuildImage[_b] = { fqn: "@aws-cdk/aws-codebuild.LinuxBuildImage", version: "1.197.0" };
|
1092 | LinuxBuildImage.STANDARD_1_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:1.0');
|
1093 | LinuxBuildImage.STANDARD_2_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:2.0');
|
1094 | LinuxBuildImage.STANDARD_3_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:3.0');
|
1095 | /** The `aws/codebuild/standard:4.0` build image. */
|
1096 | LinuxBuildImage.STANDARD_4_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:4.0');
|
1097 | /** The `aws/codebuild/standard:5.0` build image. */
|
1098 | LinuxBuildImage.STANDARD_5_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:5.0');
|
1099 | LinuxBuildImage.AMAZON_LINUX_2 = LinuxBuildImage.codeBuildImage('aws/codebuild/amazonlinux2-x86_64-standard:1.0');
|
1100 | LinuxBuildImage.AMAZON_LINUX_2_2 = LinuxBuildImage.codeBuildImage('aws/codebuild/amazonlinux2-x86_64-standard:2.0');
|
1101 | /** The Amazon Linux 2 x86_64 standard image, version `3.0`. */
|
1102 | LinuxBuildImage.AMAZON_LINUX_2_3 = LinuxBuildImage.codeBuildImage('aws/codebuild/amazonlinux2-x86_64-standard:3.0');
|
1103 | /** @deprecated Use LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_1_0 instead. */
|
1104 | LinuxBuildImage.AMAZON_LINUX_2_ARM = linux_arm_build_image_1.LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_1_0;
|
1105 | /**
|
1106 | * Image "aws/codebuild/amazonlinux2-aarch64-standard:2.0".
|
1107 | * @deprecated Use LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_2_0 instead.
|
1108 | * */
|
1109 | LinuxBuildImage.AMAZON_LINUX_2_ARM_2 = linux_arm_build_image_1.LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_2_0;
|
1110 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1111 | LinuxBuildImage.UBUNTU_14_04_BASE = LinuxBuildImage.codeBuildImage('aws/codebuild/ubuntu-base:14.04');
|
1112 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1113 | LinuxBuildImage.UBUNTU_14_04_ANDROID_JAVA8_24_4_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/android-java-8:24.4.1');
|
1114 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1115 | LinuxBuildImage.UBUNTU_14_04_ANDROID_JAVA8_26_1_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/android-java-8:26.1.1');
|
1116 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1117 | LinuxBuildImage.UBUNTU_14_04_DOCKER_17_09_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/docker:17.09.0');
|
1118 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1119 | LinuxBuildImage.UBUNTU_14_04_DOCKER_18_09_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/docker:18.09.0');
|
1120 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1121 | LinuxBuildImage.UBUNTU_14_04_GOLANG_1_10 = LinuxBuildImage.codeBuildImage('aws/codebuild/golang:1.10');
|
1122 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1123 | LinuxBuildImage.UBUNTU_14_04_GOLANG_1_11 = LinuxBuildImage.codeBuildImage('aws/codebuild/golang:1.11');
|
1124 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1125 | LinuxBuildImage.UBUNTU_14_04_OPEN_JDK_8 = LinuxBuildImage.codeBuildImage('aws/codebuild/java:openjdk-8');
|
1126 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1127 | LinuxBuildImage.UBUNTU_14_04_OPEN_JDK_9 = LinuxBuildImage.codeBuildImage('aws/codebuild/java:openjdk-9');
|
1128 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1129 | LinuxBuildImage.UBUNTU_14_04_OPEN_JDK_11 = LinuxBuildImage.codeBuildImage('aws/codebuild/java:openjdk-11');
|
1130 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1131 | LinuxBuildImage.UBUNTU_14_04_NODEJS_10_14_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:10.14.1');
|
1132 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1133 | LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:10.1.0');
|
1134 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1135 | LinuxBuildImage.UBUNTU_14_04_NODEJS_8_11_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:8.11.0');
|
1136 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1137 | LinuxBuildImage.UBUNTU_14_04_NODEJS_6_3_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:6.3.1');
|
1138 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1139 | LinuxBuildImage.UBUNTU_14_04_PHP_5_6 = LinuxBuildImage.codeBuildImage('aws/codebuild/php:5.6');
|
1140 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1141 | LinuxBuildImage.UBUNTU_14_04_PHP_7_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/php:7.0');
|
1142 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1143 | LinuxBuildImage.UBUNTU_14_04_PHP_7_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/php:7.1');
|
1144 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1145 | LinuxBuildImage.UBUNTU_14_04_PYTHON_3_7_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.7.1');
|
1146 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1147 | LinuxBuildImage.UBUNTU_14_04_PYTHON_3_6_5 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.6.5');
|
1148 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1149 | LinuxBuildImage.UBUNTU_14_04_PYTHON_3_5_2 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.5.2');
|
1150 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1151 | LinuxBuildImage.UBUNTU_14_04_PYTHON_3_4_5 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.4.5');
|
1152 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1153 | LinuxBuildImage.UBUNTU_14_04_PYTHON_3_3_6 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.3.6');
|
1154 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1155 | LinuxBuildImage.UBUNTU_14_04_PYTHON_2_7_12 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:2.7.12');
|
1156 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1157 | LinuxBuildImage.UBUNTU_14_04_RUBY_2_5_3 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.5.3');
|
1158 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1159 | LinuxBuildImage.UBUNTU_14_04_RUBY_2_5_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.5.1');
|
1160 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1161 | LinuxBuildImage.UBUNTU_14_04_RUBY_2_3_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.3.1');
|
1162 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1163 | LinuxBuildImage.UBUNTU_14_04_RUBY_2_2_5 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.2.5');
|
1164 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1165 | LinuxBuildImage.UBUNTU_14_04_DOTNET_CORE_1_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/dot-net:core-1');
|
1166 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1167 | LinuxBuildImage.UBUNTU_14_04_DOTNET_CORE_2_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/dot-net:core-2.0');
|
1168 | /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */
|
1169 | LinuxBuildImage.UBUNTU_14_04_DOTNET_CORE_2_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/dot-net:core-2.1');
|
1170 | /**
|
1171 | * Environment type for Windows Docker images
|
1172 | */
|
1173 | var WindowsImageType;
|
1174 | (function (WindowsImageType) {
|
1175 | /**
|
1176 | * The standard environment type, WINDOWS_CONTAINER
|
1177 | */
|
1178 | WindowsImageType["STANDARD"] = "WINDOWS_CONTAINER";
|
1179 | /**
|
1180 | * The WINDOWS_SERVER_2019_CONTAINER environment type
|
1181 | */
|
1182 | WindowsImageType["SERVER_2019"] = "WINDOWS_SERVER_2019_CONTAINER";
|
1183 | })(WindowsImageType = exports.WindowsImageType || (exports.WindowsImageType = {}));
|
1184 | /**
|
1185 | * A CodeBuild image running Windows.
|
1186 | *
|
1187 | * This class has a bunch of public constants that represent the most popular images.
|
1188 | *
|
1189 | * You can also specify a custom image using one of the static methods:
|
1190 | *
|
1191 | * - WindowsBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }, imageType])
|
1192 | * - WindowsBuildImage.fromEcrRepository(repo[, tag, imageType])
|
1193 | * - WindowsBuildImage.fromAsset(parent, id, props, [, imageType])
|
1194 | *
|
1195 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
|
1196 | */
|
1197 | class WindowsBuildImage {
|
1198 | constructor(props) {
|
1199 | this.defaultComputeType = ComputeType.MEDIUM;
|
1200 | this.type = (props.imageType ?? WindowsImageType.STANDARD).toString();
|
1201 | this.imageId = props.imageId;
|
1202 | this.imagePullPrincipalType = props.imagePullPrincipalType;
|
1203 | this.secretsManagerCredentials = props.secretsManagerCredentials;
|
1204 | this.repository = props.repository;
|
1205 | }
|
1206 | /**
|
1207 | * @returns a Windows build image from a Docker Hub image.
|
1208 | */
|
1209 | static fromDockerRegistry(name, options = {}, imageType = WindowsImageType.STANDARD) {
|
1210 | try {
|
1211 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_DockerImageOptions(options);
|
1212 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_WindowsImageType(imageType);
|
1213 | }
|
1214 | catch (error) {
|
1215 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
1216 | Error.captureStackTrace(error, this.fromDockerRegistry);
|
1217 | }
|
1218 | throw error;
|
1219 | }
|
1220 | return new WindowsBuildImage({
|
1221 | ...options,
|
1222 | imageId: name,
|
1223 | imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,
|
1224 | imageType,
|
1225 | });
|
1226 | }
|
1227 | /**
|
1228 | * @returns A Windows build image from an ECR repository.
|
1229 | *
|
1230 | * NOTE: if the repository is external (i.e. imported), then we won't be able to add
|
1231 | * a resource policy statement for it so CodeBuild can pull the image.
|
1232 | *
|
1233 | * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html
|
1234 | *
|
1235 | * @param repository The ECR repository
|
1236 | * @param tagOrDigest Image tag or digest (default "latest", digests must start with `sha256:`)
|
1237 | */
|
1238 | static fromEcrRepository(repository, tagOrDigest = 'latest', imageType = WindowsImageType.STANDARD) {
|
1239 | try {
|
1240 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_WindowsImageType(imageType);
|
1241 | }
|
1242 | catch (error) {
|
1243 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
1244 | Error.captureStackTrace(error, this.fromEcrRepository);
|
1245 | }
|
1246 | throw error;
|
1247 | }
|
1248 | return new WindowsBuildImage({
|
1249 | imageId: repository.repositoryUriForTagOrDigest(tagOrDigest),
|
1250 | imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,
|
1251 | imageType,
|
1252 | repository,
|
1253 | });
|
1254 | }
|
1255 | /**
|
1256 | * Uses an Docker image asset as a Windows build image.
|
1257 | */
|
1258 | static fromAsset(scope, id, props, imageType = WindowsImageType.STANDARD) {
|
1259 | try {
|
1260 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_WindowsImageType(imageType);
|
1261 | }
|
1262 | catch (error) {
|
1263 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
1264 | Error.captureStackTrace(error, this.fromAsset);
|
1265 | }
|
1266 | throw error;
|
1267 | }
|
1268 | const asset = new aws_ecr_assets_1.DockerImageAsset(scope, id, props);
|
1269 | return new WindowsBuildImage({
|
1270 | imageId: asset.imageUri,
|
1271 | imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,
|
1272 | imageType,
|
1273 | repository: asset.repository,
|
1274 | });
|
1275 | }
|
1276 | validate(buildEnvironment) {
|
1277 | try {
|
1278 | jsiiDeprecationWarnings._aws_cdk_aws_codebuild_BuildEnvironment(buildEnvironment);
|
1279 | }
|
1280 | catch (error) {
|
1281 | if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
|
1282 | Error.captureStackTrace(error, this.validate);
|
1283 | }
|
1284 | throw error;
|
1285 | }
|
1286 | const ret = [];
|
1287 | if (buildEnvironment.computeType === ComputeType.SMALL) {
|
1288 | ret.push('Windows images do not support the Small ComputeType');
|
1289 | }
|
1290 | return ret;
|
1291 | }
|
1292 | runScriptBuildspec(entrypoint) {
|
1293 | return build_spec_1.BuildSpec.fromObject({
|
1294 | version: '0.2',
|
1295 | phases: {
|
1296 | pre_build: {
|
1297 | // Would love to do downloading here and executing in the next step,
|
1298 | // but I don't know how to propagate the value of $TEMPDIR.
|
1299 | //
|
1300 | // Punting for someone who knows PowerShell well enough.
|
1301 | commands: [],
|
1302 | },
|
1303 | build: {
|
1304 | commands: [
|
1305 | 'Set-Variable -Name TEMPDIR -Value (New-TemporaryFile).DirectoryName',
|
1306 | `aws s3 cp s3://$env:${run_script_linux_build_spec_1.S3_BUCKET_ENV}/$env:${run_script_linux_build_spec_1.S3_KEY_ENV} $TEMPDIR\\scripts.zip`,
|
1307 | 'New-Item -ItemType Directory -Path $TEMPDIR\\scriptdir',
|
1308 | 'Expand-Archive -Path $TEMPDIR/scripts.zip -DestinationPath $TEMPDIR\\scriptdir',
|
1309 | '$env:SCRIPT_DIR = "$TEMPDIR\\scriptdir"',
|
1310 | `& $TEMPDIR\\scriptdir\\${entrypoint}`,
|
1311 | ],
|
1312 | },
|
1313 | },
|
1314 | });
|
1315 | }
|
1316 | }
|
1317 | exports.WindowsBuildImage = WindowsBuildImage;
|
1318 | _c = JSII_RTTI_SYMBOL_1;
|
1319 | WindowsBuildImage[_c] = { fqn: "@aws-cdk/aws-codebuild.WindowsBuildImage", version: "1.197.0" };
|
1320 | /**
|
1321 | * Corresponds to the standard CodeBuild image `aws/codebuild/windows-base:1.0`.
|
1322 | *
|
1323 | * @deprecated `WindowsBuildImage.WINDOWS_BASE_2_0` should be used instead.
|
1324 | */
|
1325 | WindowsBuildImage.WIN_SERVER_CORE_2016_BASE = new WindowsBuildImage({
|
1326 | imageId: 'aws/codebuild/windows-base:1.0',
|
1327 | imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,
|
1328 | });
|
1329 | /**
|
1330 | * The standard CodeBuild image `aws/codebuild/windows-base:2.0`, which is
|
1331 | * based off Windows Server Core 2016.
|
1332 | */
|
1333 | WindowsBuildImage.WINDOWS_BASE_2_0 = new WindowsBuildImage({
|
1334 | imageId: 'aws/codebuild/windows-base:2.0',
|
1335 | imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,
|
1336 | });
|
1337 | /**
|
1338 | * The standard CodeBuild image `aws/codebuild/windows-base:2019-1.0`, which is
|
1339 | * based off Windows Server Core 2019.
|
1340 | */
|
1341 | WindowsBuildImage.WIN_SERVER_CORE_2019_BASE = new WindowsBuildImage({
|
1342 | imageId: 'aws/codebuild/windows-base:2019-1.0',
|
1343 | imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,
|
1344 | imageType: WindowsImageType.SERVER_2019,
|
1345 | });
|
1346 | var BuildEnvironmentVariableType;
|
1347 | (function (BuildEnvironmentVariableType) {
|
1348 | /**
|
1349 | * An environment variable in plaintext format.
|
1350 | */
|
1351 | BuildEnvironmentVariableType["PLAINTEXT"] = "PLAINTEXT";
|
1352 | /**
|
1353 | * An environment variable stored in Systems Manager Parameter Store.
|
1354 | */
|
1355 | BuildEnvironmentVariableType["PARAMETER_STORE"] = "PARAMETER_STORE";
|
1356 | /**
|
1357 | * An environment variable stored in AWS Secrets Manager.
|
1358 | */
|
1359 | BuildEnvironmentVariableType["SECRETS_MANAGER"] = "SECRETS_MANAGER";
|
1360 | })(BuildEnvironmentVariableType = exports.BuildEnvironmentVariableType || (exports.BuildEnvironmentVariableType = {}));
|
1361 | /**
|
1362 | * The list of event types for AWS Codebuild
|
1363 | * @see https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#events-ref-buildproject
|
1364 | */
|
1365 | var ProjectNotificationEvents;
|
1366 | (function (ProjectNotificationEvents) {
|
1367 | /**
|
1368 | * Trigger notification when project build state failed
|
1369 | */
|
1370 | ProjectNotificationEvents["BUILD_FAILED"] = "codebuild-project-build-state-failed";
|
1371 | /**
|
1372 | * Trigger notification when project build state succeeded
|
1373 | */
|
1374 | ProjectNotificationEvents["BUILD_SUCCEEDED"] = "codebuild-project-build-state-succeeded";
|
1375 | /**
|
1376 | * Trigger notification when project build state in progress
|
1377 | */
|
1378 | ProjectNotificationEvents["BUILD_IN_PROGRESS"] = "codebuild-project-build-state-in-progress";
|
1379 | /**
|
1380 | * Trigger notification when project build state stopped
|
1381 | */
|
1382 | ProjectNotificationEvents["BUILD_STOPPED"] = "codebuild-project-build-state-stopped";
|
1383 | /**
|
1384 | * Trigger notification when project build phase failure
|
1385 | */
|
1386 | ProjectNotificationEvents["BUILD_PHASE_FAILED"] = "codebuild-project-build-phase-failure";
|
1387 | /**
|
1388 | * Trigger notification when project build phase success
|
1389 | */
|
1390 | ProjectNotificationEvents["BUILD_PHASE_SUCCEEDED"] = "codebuild-project-build-phase-success";
|
1391 | })(ProjectNotificationEvents = exports.ProjectNotificationEvents || (exports.ProjectNotificationEvents = {}));
|
1392 | function isBindableBuildImage(x) {
|
1393 | return typeof x === 'object' && !!x && !!x.bind;
|
1394 | }
|
1395 | //# sourceMappingURL=data:application/json;base64,{"version":3,"file":"project.js","sourceRoot":"","sources":["project.ts"],"names":[],"mappings":";;;;;;AAAA,sDAAsD;AACtD,oEAAoE;AACpE,wCAAwC;AAExC,4DAAkF;AAClF,8CAA8C;AAC9C,wCAAwC;AACxC,wCAAwC;AAGxC,wCAA8K;AAG9K,6CAAyC;AACzC,mCAAgC;AAChC,6FAAwE;AACxE,+DAAmD;AACnD,qEAAiE;AAEjE,iDAA6C;AAC7C,2CAAuC;AACvC,uFAA2G;AAE3G,6DAA4D;AAE5D,iDAAoF;AAMpF,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;AAgN1E;;;;;;;;;GASG;AACH,MAAe,WAAY,SAAQ,eAAQ;IAmBzC;;;OAGG;IACH,IAAW,WAAW;QACpB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,mHAAmH,CAAC,CAAC;SACtI;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;KAC1B;IAEM,iBAAiB;QACtB,OAAO,SAAS,CAAC;KAClB;IAED;;;OAGG;IACI,eAAe,CAAC,SAA8B;QACnD,IAAI,IAAI,CAAC,IAAI,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;SAC3C;KACF;IAED;;;;OAIG;IACI,OAAO,CAAC,EAAU,EAAE,UAAiC,EAAE;QAC5D,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,eAAe,CAAC;YACnB,MAAM,EAAE,CAAC,eAAe,CAAC;YACzB,MAAM,EAAE;gBACN,cAAc,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;aACnC;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,aAAa,CAAC,EAAU,EAAE,UAAiC,EAAE;QAClE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,eAAe,CAAC;YACnB,UAAU,EAAE,CAAC,8BAA8B,CAAC;SAC7C,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAED;;;;;OAKG;IACI,aAAa,CAAC,EAAU,EAAE,UAAiC,EAAE;QAClE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,eAAe,CAAC;YACnB,UAAU,EAAE,CAAC,8BAA8B,CAAC;SAC7C,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAED;;;;;OAKG;IACI,cAAc,CAAC,EAAU,EAAE,UAAiC,EAAE;QACnE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC;YACnB,MAAM,EAAE;gBACN,cAAc,EAAE,CAAC,aAAa,CAAC;aAChC;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAED;;;;;OAKG;IACI,aAAa,CAAC,EAAU,EAAE,UAAiC,EAAE;QAClE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC;YACnB,MAAM,EAAE;gBACN,cAAc,EAAE,CAAC,QAAQ,CAAC;aAC3B;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAED;;;;;OAKG;IACI,gBAAgB,CAAC,EAAU,EAAE,UAAiC,EAAE;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,eAAe,CAAC;YACnB,MAAM,EAAE;gBACN,cAAc,EAAE,CAAC,WAAW,CAAC;aAC9B;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;KACb;IAED;;;;OAIG;IACI,MAAM,CAAC,UAAkB,EAAE,KAAgC;QAChE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC;YAC3B,SAAS,EAAE,eAAe;YAC1B,UAAU;YACV,aAAa,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE;YAChD,GAAG,KAAK;SACT,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;KACnB;IAED;;;;;;;;OAQG;IACI,YAAY,CAAC,KAAgC;QAClD,OAAO,IAAI,CAAC,YAAY,CAAC,qDAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;KAC7D;IAED;;;;;;;;OAQG;IACI,cAAc,CAAC,KAAgC;QACpD,OAAO,IAAI,CAAC,YAAY,CAAC,qDAAgB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;KACnE;IAED;;;;;;;;OAQG;IACI,qBAAqB,CAAC,KAAgC;QAC3D,OAAO,IAAI,CAAC,YAAY,CAAC,qDAAgB,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;KACtE;IAED;;;;;;;;;OASG;IACI,kBAAkB,CAAC,KAAgC;QACxD,OAAO,IAAI,CAAC,YAAY,CAAC,qDAAgB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;KACnE;IAEM,QAAQ,CACb,EAAU,EACV,MAA6C,EAC7C,OAA+B;QAE/B,OAAO,IAAI,aAAa,CAAC,gBAAgB,CAAC,IAAI,EAAE,EAAE,EAAE;YAClD,GAAG,OAAO;YACV,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,CAAC,MAAM,CAAC;SAClB,CAAC,CAAC;KACJ;IAEM,sBAAsB,CAC3B,EAAU,EACV,MAA6C,EAC7C,OAA+C;QAE/C,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE;YAC/B,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,yBAAyB,CAAC,eAAe,CAAC;SACpD,CAAC,CAAC;KACJ;IAEM,mBAAmB,CACxB,EAAU,EACV,MAA6C,EAC7C,OAA+C;QAE/C,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE;YAC/B,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,yBAAyB,CAAC,YAAY,CAAC;SACjD,CAAC,CAAC;KACJ;IAEM,4BAA4B,CAAC,MAAiB;QACnD,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;KACH;IAEO,YAAY,CAClB,EAA6D,EAC7D,KAAgC;QAChC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC;YAC3B,GAAG,EAAE,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,GAAG,KAAK;SACT,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;KACnB;CACF;AAmOD;;GAEG;AACH,MAAa,OAAQ,SAAQ,WAAW;IAwQtC,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAmB;QAC3D,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YACf,YAAY,EAAE,KAAK,CAAC,WAAW;SAChC,CAAC,CAAC;;;;;;+CA3QM,OAAO;;;;QA6QhB,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE;YACnD,QAAQ,EAAE,mBAAY,CAAC,kBAAkB;YACzC,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;SAC/D,CAAC,CAAC;QACH,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC;QAEhC,IAAI,CAAC,UAAU,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,eAAe,CAAC,YAAY,CAAC;QAEtG,+EAA+E;QAC/E,uDAAuD;QACvD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,oBAAQ,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAClD,IAAI,KAAK,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;YAC9C,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;SAC/E;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS;YAC/B,CAAC,CAAC,KAAK,CAAC,SAAS;YACjB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,iDAAkC;gBACxD,CAAC,CAAC,IAAI,8CAAqB,EAAE;gBAC7B,CAAC,CAAC,IAAI,0BAAW,EAAE,CAAC,CAAC;QACzB,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAEnD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,aAAK,CAAC,IAAI,EAAE,CAAC;QAE1C,sFAAsF;QACtF,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElB,kDAAkD;QAClD,MAAM,oBAAoB,GAAG,KAAK,CAAC,oBAAoB,IAAI,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;QAClC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,6BAAc,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE;YAC9F,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;SAClG;QAED,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC;QAC5B,IAAI,CAAC,wBAAwB,GAAG,EAAE,CAAC;QACnC,IAAI,CAAC,oBAAoB,GAAG,EAAE,CAAC;QAC/B,KAAK,MAAM,eAAe,IAAI,KAAK,CAAC,gBAAgB,IAAI,EAAE,EAAE;YAC1D,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;SAC1C;QAED,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC9B,KAAK,MAAM,iBAAiB,IAAI,KAAK,CAAC,kBAAkB,IAAI,EAAE,EAAE;YAC9D,IAAI,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;SAC9C;QAED,IAAI,CAAC,4BAA4B,CAAC,SAAS,CAAC,CAAC;QAE7C,KAAK,MAAM,kBAAkB,IAAI,KAAK,CAAC,mBAAmB,IAAI,EAAE,EAAE;YAChE,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;SAChD;QAED,MAAM,QAAQ,GAAG,IAAI,gCAAU,CAAC,IAAI,EAAE,UAAU,EAAE;YAChD,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,MAAM,EAAE;gBACN,GAAG,YAAY,CAAC,cAAc;gBAC9B,SAAS,EAAE,SAAS,IAAI,SAAS,CAAC,WAAW,EAAE;aAChD;YACD,SAAS,EAAE,eAAe,CAAC,iBAAiB;YAC5C,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;YAC9B,WAAW,EAAE,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,oBAAoB,CAAC;YAChE,mBAAmB,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YAClF,4DAA4D;YAC5D,oFAAoF;YACpF,oFAAoF;YACpF,aAAa,EAAE,WAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;YAChH,YAAY,EAAE,KAAK,CAAC,KAAK;YACzB,KAAK,EAAE,KAAK,CAAC,iBAAiB,EAAE;YAChC,IAAI,EAAE,IAAI,CAAC,YAAY;YACvB,gBAAgB,EAAE,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE;YAC5D,sBAAsB,EAAE,KAAK,CAAC,aAAa,IAAI,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;YAC9E,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;YAChD,gBAAgB,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,CAAC;YAC5E,uBAAuB,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,CAAC;YAC1F,kBAAkB,EAAE,WAAI,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,CAAC;YAChF,QAAQ,EAAE,YAAY,CAAC,aAAa;YACpC,aAAa,EAAE,YAAY,CAAC,aAAa;YACzC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YACnC,UAAU,EAAE,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC,OAAO,CAAC;YAC1D,gBAAgB,EAAE,WAAI,CAAC,GAAG,CAAC;gBACzB,OAAO,EAAE,GAAG,EAAE;oBACZ,MAAM,MAAM,GAA2D,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;wBAC9F,WAAW,EAAE,IAAI,CAAC,iBAAiB,CAAC,OAAO;qBAC5C,CAAC,CAAC,CAAC,SAAS,CAAC;oBACd,OAAO,MAAM,CAAC;gBAChB,CAAC;aACF,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEhD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,OAAO,EAAE;YAC/D,OAAO,EAAE,WAAW;YACpB,QAAQ,EAAE,SAAS;YACnB,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QACH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAE/D,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAAC;QACrD,uDAAuD;QACvD,+CAA+C;QAC/C,gDAAgD;QAChD,IAAI,KAAK,CAAC,2BAA2B,KAAK,KAAK,EAAE;YAC/C,IAAI,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBAC3C,OAAO,EAAE;oBACP,6BAA6B;oBAC7B,wBAAwB;oBACxB,wBAAwB;oBACxB,6BAA6B;oBAC7B,iCAAiC;iBAClC;gBACD,SAAS,EAAE,CAAC,yCAAoB,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;aACjE,CAAC,CAAC,CAAC;SACL;QAED,IAAI,KAAK,CAAC,aAAa,EAAE;YACvB,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC,aAAa,CAAC;SAC1C;QAED,OAAO;QACP,IAAI,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACzC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;SACtC;KACF;IAvYM,MAAM,CAAC,cAAc,CAAC,KAAgB,EAAE,EAAU,EAAE,UAAkB;QAC3E,MAAM,SAAS,GAAG,YAAK,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,gBAAS,CAAC,mBAAmB,CAAC,CAAC;QAEtF,MAAM,MAAO,SAAQ,WAAW;YAM9B,YAAY,CAAY,EAAE,CAAS;gBACjC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE;oBACV,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,MAAM,EAAE,SAAS,CAAC,MAAM;iBACzB,CAAC,CAAC;gBARW,eAAU,GAAG,UAAU,CAAC;gBACxB,gBAAW,GAAG,SAAS,CAAC,YAAa,CAAC;gBACtC,SAAI,GAAc,SAAS,CAAC;gBAO1C,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;SACF;QAED,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;KAC9B;IAED;;;;;;;;;;;;;;OAcG;IACI,MAAM,CAAC,eAAe,CAAC,KAAgB,EAAE,EAAU,EAAE,WAAmB;QAC7E,MAAM,MAAO,SAAQ,WAAW;YAM9B,YAAY,CAAY,EAAE,CAAS;gBACjC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAHE,SAAI,GAAc,SAAS,CAAC;gBAK1C,IAAI,CAAC,UAAU,GAAG,YAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;oBACzC,OAAO,EAAE,WAAW;oBACpB,QAAQ,EAAE,SAAS;oBACnB,YAAY,EAAE,WAAW;iBAC1B,CAAC,CAAC;gBAEH,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBACnE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;YACjC,CAAC;SACF;QAED,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;KAC9B;IAED;;;;;;;;;OASG;IACI,MAAM,CAAC,qBAAqB,CAAC,oBAAkE,EACpG,6BAAsC,KAAK,EAAE,SAA0B;QAEvE,MAAM,GAAG,GAAG,IAAI,KAAK,EAA0C,CAAC;QAChE,MAAM,eAAe,GAAG,IAAI,KAAK,EAAU,CAAC;QAC5C,MAAM,0BAA0B,GAAG,IAAI,GAAG,EAAU,CAAC;QACrD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;YACtE,MAAM,gBAAgB,GAAG,WAAW,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;YACvD,MAAM,cAAc,GAA2C;gBAC7D,IAAI;gBACJ,IAAI,EAAE,WAAW,CAAC,IAAI,IAAI,4BAA4B,CAAC,SAAS;gBAChE,KAAK,EAAE,gBAAgB;aACxB,CAAC;YACF,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAEzB,uFAAuF;YACvF,IAAI,0BAA0B,IAAI,cAAc,CAAC,IAAI,KAAK,4BAA4B,CAAC,SAAS,EAAE;gBAChG,MAAM,SAAS,GAAG,mBAAY,CAAC,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACnE,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,MAAM,EAAE;oBACpC,IAAI,KAAK,YAAY,kBAAW,EAAE;wBAChC,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,6BAA6B;4BAClF,0FAA0F;4BAC1F,0FAA0F;4BAC1F,4FAA4F;4BAC5F,sEAAsE,CAAC,CAAC;qBAC3E;iBACF;aACF;YAED,IAAI,SAAS,EAAE;gBACb,MAAM,KAAK,GAAG,YAAK,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;gBAElC,6BAA6B;gBAC7B,IAAI,WAAW,CAAC,IAAI,KAAK,4BAA4B,CAAC,eAAe,EAAE;oBACrE,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;wBACnC,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,WAAW;wBACrB,2FAA2F;wBAC3F,qDAAqD;wBACrD,YAAY,EAAE,gBAAgB,CAAC,UAAU,CAAC,GAAG,CAAC;4BAC5C,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;4BAC3B,CAAC,CAAC,gBAAgB;qBACrB,CAAC,CAAC,CAAC;iBACL;gBAED,oCAAoC;gBACpC,IAAI,WAAW,CAAC,IAAI,KAAK,4BAA4B,CAAC,eAAe,EAAE;oBACrE,8DAA8D;oBAC9D,2EAA2E;oBAC3E,cAAc;oBACd,uCAAuC;oBACvC,IAAI,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE;wBACvC,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,gBAAgB,EAAE,gBAAS,CAAC,mBAAmB,CAAC,CAAC;wBAClF,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE;4BAC3B,MAAM,IAAI,KAAK,CAAC,uDAAuD,GAAG,gBAAgB,CAAC,CAAC;yBAC7F;wBAED,uEAAuE;wBACvE,gHAAgH;wBAChH,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;wBACxD,0BAA0B,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC;4BAC7C,OAAO,EAAE,gBAAgB;4BACzB,QAAQ,EAAE,QAAQ;4BAClB,2DAA2D;4BAC3D,6BAA6B;4BAC7B,uDAAuD;4BACvD,YAAY,EAAE,GAAG,UAAU,GAAG;4BAC9B,SAAS,EAAE,gBAAS,CAAC,mBAAmB;4BACxC,SAAS,EAAE,SAAS,CAAC,SAAS;4BAC9B,OAAO,EAAE,SAAS,CAAC,OAAO;4BAC1B,MAAM,EAAE,SAAS,CAAC,MAAM;yBACzB,CAAC,CAAC,CAAC;wBACJ,2EAA2E;wBAC3E,gEAAgE;wBAChE,IAAI,SAAS,CAAC,OAAO,IAAI,YAAK,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,sBAAe,CAAC,SAAS,EAAE;4BAC7G,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC;gCAClC,OAAO,EAAE,KAAK;gCACd,QAAQ,EAAE,KAAK;gCACf,8EAA8E;gCAC9E,yEAAyE;gCACzE,YAAY,EAAE,GAAG;gCACjB,SAAS,EAAE,gBAAS,CAAC,mBAAmB;gCACxC,SAAS,EAAE,SAAS,CAAC,SAAS;gCAC9B,OAAO,EAAE,SAAS,CAAC,OAAO;gCAC1B,MAAM,EAAE,SAAS,CAAC,MAAM;6BACzB,CAAC,CAAC,CAAC;yBACL;qBACF;yBAAM,IAAI,YAAK,CAAC,YAAY,CAAC,gBAAgB,CAAC,EAAE;wBAC/C,uEAAuE;wBACvE,gHAAgH;wBAChH,IAAI,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;wBAE/C,8DAA8D;wBAC9D,qDAAqD;wBACrD,MAAM,SAAS,GAAG,mBAAY,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;wBAC/D,IAAI,SAAS,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE;4BACjC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;4BACvC,IAAI,gBAAS,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gCACrC,+DAA+D;gCAC/D,MAAM,aAAa,GAAG,YAAK,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;gCAClD,IAAI,YAAK,CAAC,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,KAAK,sBAAe,CAAC,SAAS,EAAE;oCAC5F,wCAAwC;oCACxC,sCAAsC;oCACtC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC;wCAClC,OAAO,EAAE,KAAK;wCACd,QAAQ,EAAE,KAAK;wCACf,8EAA8E;wCAC9E,yEAAyE;wCACzE,YAAY,EAAE,GAAG;wCACjB,SAAS,EAAE,gBAAS,CAAC,mBAAmB;wCACxC,SAAS,EAAE,aAAa,CAAC,SAAS;wCAClC,OAAO,EAAE,aAAa,CAAC,OAAO;wCAC9B,MAAM,EAAE,aAAa,CAAC,MAAM;qCAC7B,CAAC,CAAC,CAAC;oCAEJ,wCAAwC;oCACxC,wCAAwC;oCACxC,0CAA0C;oCAC1C,wDAAwD;oCACxD,SAAS,GAAG,GAAG,SAAS,SAAS,CAAC;iCACnC;6BACF;yBACF;wBAED,wEAAwE;wBACxE,2GAA2G;wBAC3G,0BAA0B,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;qBAC3C;yBAAM;wBACL,uEAAuE;wBACvE,gHAAgH;wBAChH,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;wBAClD,0BAA0B,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC;4BAC7C,OAAO,EAAE,gBAAgB;4BACzB,QAAQ,EAAE,QAAQ;4BAClB,YAAY,EAAE,GAAG,UAAU,SAAS;4BACpC,SAAS,EAAE,gBAAS,CAAC,mBAAmB;yBACzC,CAAC,CAAC,CAAC;qBACL;iBACF;aACF;SACF;QAED,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;YAChC,SAAS,EAAE,cAAc,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBACrE,OAAO,EAAE,CAAC,mBAAmB,CAAC;gBAC9B,SAAS,EAAE,eAAe;aAC3B,CAAC,CAAC,CAAC;SACL;QACD,IAAI,0BAA0B,CAAC,IAAI,KAAK,CAAC,EAAE;YACzC,SAAS,EAAE,cAAc,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBACrE,OAAO,EAAE,CAAC,+BAA+B,CAAC;gBAC1C,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC;aAClD,CAAC,CAAC,CAAC;SACL;QACD,IAAI,eAAe,CAAC,IAAI,KAAK,CAAC,EAAE;YAC9B,SAAS,EAAE,cAAc,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBACrE,OAAO,EAAE,CAAC,aAAa,CAAC;gBACxB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC;aACvC,CAAC,CAAC,CAAC;SACL;QAED,OAAO,GAAG,CAAC;KACZ;IA+JM,iBAAiB;QACtB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;YAC3B,IAAI,CAAC,iBAAiB,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,EAAE;gBAC9D,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC;aAC/D,CAAC,CAAC;YACH,IAAI,CAAC,iBAAiB,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;gBAClE,SAAS,EAAE,CAAC,WAAI,CAAC,MAAM,CAAC;wBACtB,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU;qBAC/B,CAAC,CAAC;gBACH,OAAO,EAAE;oBACP,sBAAsB;oBACtB,qBAAqB;oBACrB,sBAAsB;iBACvB;aACF,CAAC,CAAC,CAAC;SACL;QACD,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,iBAAiB;SAC7B,CAAC;KACH;IAED;;;;;OAKG;IACI,kBAAkB,CAAC,eAAwB;;;;;;;;;;QAChD,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;QACD,MAAM,qBAAqB,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAClE,IAAI,qBAAqB,CAAC,aAAa,EAAE;YACvC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC;gBACjC,gBAAgB,EAAE,eAAe,CAAC,UAAU;gBAC5C,aAAa,EAAE,qBAAqB,CAAC,aAAa;aACnD,CAAC,CAAC;SACJ;KACF;IAED;;;;OAIG;IACI,qBAAqB,CAAC,kBAAuC;;;;;;;;;;QAClE,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;KAC3D;IAED;;;;;OAKG;IACI,oBAAoB,CAAC,iBAA6B;;;;;;;;;;QACvD,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE;YACjC,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;SAClF;QACD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,iBAAiB,CAAC,CAAC;KACrF;IAED;;;;;OAKG;IACI,kBAAkB,CAAC,MAAqB,EAAE,OAAkC;;;;;;;;;;QACjF,8EAA8E;QAC9E,6CAA6C;QAC7C,IAAI,OAAO,CAAC,cAAc,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE;YAChE,qEAAqE;YACrE,2EAA2E;YAC3E,iFAAiF;YACjF,MAAM,QAAQ,GAAG,YAAK,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YAChE,MAAM,YAAY,GAAG,YAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,YAAY,GAAG,CAAC,GAAG;gBACzD,CAAC,QAAQ,CAAC,OAAO,KAAK,YAAY,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,CAAC,CAAC,EAAE;gBAC3F,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC;aAC3D;SACF;KACF;IAED;;OAEG;IACO,QAAQ;QAChB,MAAM,GAAG,GAAG,IAAI,KAAK,EAAU,CAAC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,iDAAkC,EAAE;YAC3D,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACrC,GAAG,CAAC,IAAI,CAAC,sEAAsE;oBAC7E,oEAAoE,CAAC,CAAC;aACzE;YACD,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvC,GAAG,CAAC,IAAI,CAAC,wEAAwE;oBAC/E,gEAAgE,CAAC,CAAC;aACrE;SACF;QACD,OAAO,GAAG,CAAC;KACZ;IAED,IAAY,aAAa,CAAC,aAAuB;QAC/C,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC;QACpC,aAAa,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;KACzC;IAEO,uBAAuB;QAC7B,MAAM,WAAW,GAAG,YAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;YAC3C,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE,WAAW;YACrB,SAAS,EAAE,gBAAS,CAAC,mBAAmB;YACxC,YAAY,EAAE,kBAAkB,IAAI,CAAC,WAAW,EAAE;SACnD,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,GAAG,WAAW,IAAI,CAAC;QAE3C,OAAO,IAAI,GAAG,CAAC,eAAe,CAAC;YAC7B,SAAS,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC;YACzC,OAAO,EAAE,CAAC,qBAAqB,EAAE,sBAAsB,EAAE,mBAAmB,CAAC;SAC9E,CAAC,CAAC;KACJ;IAEO,iBAAiB,CACvB,KAAmB,EACnB,cAA4D,EAAE;QAE9D,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,GAAiD,EAAE,CAAC;QAC9D,MAAM,aAAa,GAAG,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;QAErD,kEAAkE;QAClE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE;YAC7C,IAAI,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;SAClC;QAED,+BAA+B;QAC/B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE;YAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;SAChC;QAED,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAExD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrB,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;SACxE;QAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,UAAU,CAAC,sBAAsB,KAAK,sBAAsB,CAAC,SAAS;YACxG,CAAC,CAAC,sBAAsB,CAAC,SAAS;YAClC,CAAC,CAAC,sBAAsB,CAAC,YAAY,CAAC;QACxC,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YAC9B,IAAI,sBAAsB,KAAK,sBAAsB,CAAC,YAAY,EAAE;gBAClE,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;aAC5C;iBAAM;gBACL,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC;oBACxC,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC;oBACjE,OAAO,EAAE,CAAC,4BAA4B,EAAE,mBAAmB,EAAE,iCAAiC,CAAC;iBAChG,CAAC,CAAC;gBACH,SAAS,CAAC,GAAG,GAAG,WAAW,CAAC;gBAC5B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;aAC3D;SACF;QACD,IAAI,sBAAsB,KAAK,sBAAsB,CAAC,YAAY,EAAE;YAClE,IAAI,CAAC,UAAU,CAAC,yBAAyB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;SAC5D;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,yBAAyB,CAAC;QACzD,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAC1B,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO;YAC9B,wBAAwB,EAAE,sBAAsB;YAChD,kBAAkB,EAAE,MAAM;gBACxB,CAAC,CAAC;oBACA,kBAAkB,EAAE,iBAAiB;oBACrC,8FAA8F;oBAC9F,mFAAmF;oBACnF,UAAU,EAAE,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,UAAU;iBACtD;gBACD,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC;YAC7E,cAAc,EAAE,GAAG,CAAC,UAAU,IAAI,KAAK;YACvC,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB;YAClE,oBAAoB,EAAE,kBAAkB;gBACtC,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,IAAI,EAAE,KAAK,CAAC,mCAAmC,IAAI,IAAI,EAAE,IAAI,CAAC;gBAC9F,CAAC,CAAC,SAAS;SACd,CAAC;KACH;IAEO,yBAAyB;QAC/B,OAAO,IAAI,CAAC,oBAAoB,CAAC,MAAM,KAAK,CAAC;YAC3C,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC;KAC/B;IAEO,sBAAsB;QAC5B,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC;YACxC,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC;KAC5B;IAEO,6BAA6B;QACnC,OAAO,IAAI,CAAC,wBAAwB,CAAC,MAAM,KAAK,CAAC;YAC/C,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC;KACnC;IAEO,wBAAwB;QAC9B,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC;YAC1C,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;KAC9B;IAED;;;;;OAKG;IACK,YAAY,CAAC,KAAmB;QACtC,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;YAChF,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAC;SACzG;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE;YAAE,OAAO,SAAS,CAAC;SAAE;QAErC,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,SAAS,EAAE;YACrG,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;SAC3F;QAED,IAAI,cAAoC,CAAC;QACzC,IAAI,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE;YAC3D,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;SACvC;aAAM;YACL,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,eAAe,EAAE;gBACjE,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,WAAW,EAAE,mDAAmD,GAAG,YAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACvF,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;aACzC,CAAC,CAAC;YACH,cAAc,GAAG,CAAC,aAAa,CAAC,CAAC;SAClC;QACD,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QAE5D,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,KAAK;YACtB,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,SAAS;YACjE,gBAAgB,EAAE,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;SAC9E,CAAC;KACH;IAEO,0BAA0B,CAAC,KAAiC;QAClE,IAAI,KAAK,KAAK,SAAS,EAAE;YACvB,OAAO,SAAS,CAAC;SAClB;QAED,IAAI,QAAQ,GAAgD,SAAS,CAAC;QACtE,IAAI,gBAAgB,GAAwD,SAAS,CAAC;QAEtF,IAAI,KAAK,CAAC,EAAE,EAAE;YACZ,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,CAAC;YACxB,QAAQ,GAAG;gBACT,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;gBACzD,QAAQ,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpF,kBAAkB,EAAE,MAAM,CAAC,SAAS;aACrC,CAAC;YACF,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;SACjC;QAED,IAAI,KAAK,CAAC,UAAU,EAAE;YACpB,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC;YACxC,MAAM,MAAM,GAAG,CAAC,cAAc,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC;YAEzE,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,kFAAkF,CAAC,CAAC;aACrG;YACD,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;YAE1C,gBAAgB,GAAG;gBACjB,MAAM;gBACN,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE,YAAY;gBAChD,UAAU,EAAE,cAAc,CAAC,MAAM;aAClC,CAAC;SACH;QAED,OAAO;YACL,MAAM,EAAE,QAAQ;YAChB,cAAc,EAAE,gBAAgB;SACjC,CAAC;KACH;IAEO,yBAAyB,CAAC,KAAmB,EAAE,OAAmB;QACxE,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAC5B,OAAO;SACR;QAED,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC;YACrD,SAAS,EAAE,CAAC,OAAO,UAAG,CAAC,SAAS,QAAQ,UAAG,CAAC,MAAM,IAAI,UAAG,CAAC,UAAU,sBAAsB,CAAC;YAC3F,OAAO,EAAE,CAAC,sCAAsC,CAAC;YACjD,UAAU,EAAE;gBACV,YAAY,EAAE;oBACZ,YAAY,EAAE,KAAK,CAAC,GAAG;yBACpB,aAAa,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,SAAS;yBAC9C,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,UAAG,CAAC,SAAS,QAAQ,UAAG,CAAC,MAAM,IAAI,UAAG,CAAC,UAAU,WAAW,EAAE,EAAE,CAAC;oBACrF,uBAAuB,EAAE,yBAAyB;iBACnD;aACF;SACF,CAAC,CAAC,CAAC;QAEJ,qFAAqF;QACrF,yFAAyF;QACzF,+DAA+D;QAC/D,EAAE;QACF,qFAAqF;QACrF,oFAAoF;QACpF,IAAI,MAAM,GAA4B,IAAI,CAAC,IAAY,CAAC,cAAc,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,gBAAgB,EAAE;gBAC9C,UAAU,EAAE;oBACV,IAAI,GAAG,CAAC,eAAe,CAAC;wBACtB,SAAS,EAAE,CAAC,GAAG,CAAC;wBAChB,OAAO,EAAE;4BACP,4BAA4B;4BAC5B,+BAA+B;4BAC/B,4BAA4B;4BAC5B,qBAAqB;4BACrB,4BAA4B;4BAC5B,yBAAyB;4BACzB,kBAAkB;yBACnB;qBACF,CAAC;iBACH;aACF,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,CAAC,IAAY,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC;SAC7C;QAED,uEAAuE;QACvE,0EAA0E;QAC1E,+CAA+C;QAC/C,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;KACpC;IAEO,4BAA4B,CAAC,SAAqB;QACxD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;QACpC,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC;QAErC,IAAI,CAAC,UAAU,KAAK,iDAAkC;YAClD,aAAa,KAAK,iDAAkC,CAAC;YACrD,CAAC,UAAU,KAAK,aAAa,CAAC,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;KACF;;AA5uBH,0BA6uBC;;;AAED;;GAEG;AACH,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,6CAA8B,CAAA;IAC9B,+CAAgC,CAAA;IAChC,6CAA8B,CAAA;IAC9B,kDAAmC,CAAA;AACrC,CAAC,EALW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAKtB;AAED;;GAEG;AACH,IAAY,sBAcX;AAdD,WAAY,sBAAsB;IAChC;;;;;OAKG;IACH,iDAAuB,CAAA;IAEvB;;;OAGG;IACH,uDAA6B,CAAA;AAC/B,CAAC,EAdW,sBAAsB,GAAtB,8BAAsB,KAAtB,8BAAsB,QAcjC;AA+ID,kHAAkH;AAClH,8DAA8D;AAC9D,mEAA6D;AAE7D;;;;;;;;;;;;;GAaG;AACH,MAAa,eAAe;IAyJ1B,YAAoB,KAA2B;QAP/B,SAAI,GAAG,iBAAiB,CAAC;QACzB,uBAAkB,GAAG,WAAW,CAAC,KAAK,CAAC;QAOrD,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,sBAAsB,GAAG,KAAK,CAAC,sBAAsB,CAAC;QAC3D,IAAI,CAAC,yBAAyB,GAAG,KAAK,CAAC,yBAAyB,CAAC;QACjE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;KACpC;IA3ED;;OAEG;IACI,MAAM,CAAC,kBAAkB,CAAC,IAAY,EAAE,UAA8B,EAAE;;;;;;;;;;QAC7E,OAAO,IAAI,eAAe,CAAC;YACzB,GAAG,OAAO;YACV,OAAO,EAAE,IAAI;YACb,sBAAsB,EAAE,sBAAsB,CAAC,YAAY;SAC5D,CAAC,CAAC;KACJ;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,iBAAiB,CAAC,UAA2B,EAAE,cAAsB,QAAQ;QACzF,OAAO,IAAI,eAAe,CAAC;YACzB,OAAO,EAAE,UAAU,CAAC,2BAA2B,CAAC,WAAW,CAAC;YAC5D,sBAAsB,EAAE,sBAAsB,CAAC,YAAY;YAC3D,UAAU;SACX,CAAC,CAAC;KACJ;IAED;;OAEG;IACI,MAAM,CAAC,SAAS,CAAC,KAAgB,EAAE,EAAU,EAAE,KAA4B;QAChF,MAAM,KAAK,GAAG,IAAI,iCAAgB,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,IAAI,eAAe,CAAC;YACzB,OAAO,EAAE,KAAK,CAAC,QAAQ;YACvB,sBAAsB,EAAE,sBAAsB,CAAC,YAAY;YAC3D,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC,CAAC;KACJ;IAED;;;;;;;;;OASG;IACI,MAAM,CAAC,oBAAoB,CAAC,EAAU;QAC3C,OAAO,eAAe,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;KAC3C;IAEO,MAAM,CAAC,cAAc,CAAC,IAAY;QACxC,OAAO,IAAI,eAAe,CAAC;YACzB,OAAO,EAAE,IAAI;YACb,sBAAsB,EAAE,sBAAsB,CAAC,SAAS;SACzD,CAAC,CAAC;KACJ;IAgBM,QAAQ,CAAC,CAAmB;;;;;;;;;;QACjC,OAAO,EAAE,CAAC;KACX;IAEM,kBAAkB,CAAC,UAAkB;QAC1C,OAAO,qDAAuB,CAAC,UAAU,CAAC,CAAC;KAC5C;;AAtKH,0CAuKC;;;AAtKwB,4BAAY,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAC5E,4BAAY,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAC5E,4BAAY,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AACnG,oDAAoD;AAC7B,4BAAY,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AACnG,oDAAoD;AAC7B,4BAAY,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAE5E,8BAAc,GAAG,eAAe,CAAC,cAAc,CAAC,gDAAgD,CAAC,CAAC;AAClG,gCAAgB,GAAG,eAAe,CAAC,cAAc,CAAC,gDAAgD,CAAC,CAAC;AAC3H,+DAA+D;AACxC,gCAAgB,GAAG,eAAe,CAAC,cAAc,CAAC,gDAAgD,CAAC,CAAC;AAE3H,8EAA8E;AACvD,kCAAkB,GAAG,0CAAkB,CAAC,2BAA2B,CAAC;AAC3F;;;KAGK;AACkB,oCAAoB,GAAG,0CAAkB,CAAC,2BAA2B,CAAC;AAE7F,qGAAqG;AAC9E,iCAAiB,GAAG,eAAe,CAAC,cAAc,CAAC,iCAAiC,CAAC,CAAC;AAC7G,qGAAqG;AAC9E,iDAAiC,GAAG,eAAe,CAAC,cAAc,CAAC,qCAAqC,CAAC,CAAC;AACjI,qGAAqG;AAC9E,iDAAiC,GAAG,eAAe,CAAC,cAAc,CAAC,qCAAqC,CAAC,CAAC;AACjI,qGAAqG;AAC9E,2CAA2B,GAAG,eAAe,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC;AACpH,qGAAqG;AAC9E,2CAA2B,GAAG,eAAe,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC;AACpH,qGAAqG;AAC9E,wCAAwB,GAAG,eAAe,CAAC,cAAc,CAAC,2BAA2B,CAAC,CAAC;AAC9G,qGAAqG;AAC9E,wCAAwB,GAAG,eAAe,CAAC,cAAc,CAAC,2BAA2B,CAAC,CAAC;AAC9G,qGAAqG;AAC9E,uCAAuB,GAAG,eAAe,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,uCAAuB,GAAG,eAAe,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,wCAAwB,GAAG,eAAe,CAAC,cAAc,CAAC,+BAA+B,CAAC,CAAC;AAClH,qGAAqG;AAC9E,2CAA2B,GAAG,eAAe,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC;AACpH,qGAAqG;AAC9E,0CAA0B,GAAG,eAAe,CAAC,cAAc,CAAC,6BAA6B,CAAC,CAAC;AAClH,qGAAqG;AAC9E,0CAA0B,GAAG,eAAe,CAAC,cAAc,CAAC,6BAA6B,CAAC,CAAC;AAClH,qGAAqG;AAC9E,yCAAyB,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,oCAAoB,GAAG,eAAe,CAAC,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtG,qGAAqG;AAC9E,oCAAoB,GAAG,eAAe,CAAC,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtG,qGAAqG;AAC9E,oCAAoB,GAAG,eAAe,CAAC,cAAc,CAAC,uBAAuB,CAAC,CAAC;AACtG,qGAAqG;AAC9E,yCAAyB,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,yCAAyB,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,yCAAyB,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,yCAAyB,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,yCAAyB,GAAG,eAAe,CAAC,cAAc,CAAC,4BAA4B,CAAC,CAAC;AAChH,qGAAqG;AAC9E,0CAA0B,GAAG,eAAe,CAAC,cAAc,CAAC,6BAA6B,CAAC,CAAC;AAClH,qGAAqG;AAC9E,uCAAuB,GAAG,eAAe,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC;AAC5G,qGAAqG;AAC9E,uCAAuB,GAAG,eAAe,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC;AAC5G,qGAAqG;AAC9E,uCAAuB,GAAG,eAAe,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC;AAC5G,qGAAqG;AAC9E,uCAAuB,GAAG,eAAe,CAAC,cAAc,CAAC,0BAA0B,CAAC,CAAC;AAC5G,qGAAqG;AAC9E,4CAA4B,GAAG,eAAe,CAAC,cAAc,CAAC,8BAA8B,CAAC,CAAC;AACrH,qGAAqG;AAC9E,4CAA4B,GAAG,eAAe,CAAC,cAAc,CAAC,gCAAgC,CAAC,CAAC;AACvH,qGAAqG;AAC9E,4CAA4B,GAAG,eAAe,CAAC,cAAc,CAAC,gCAAgC,CAAC,CAAC;AAwFzH;;GAEG;AACH,IAAY,gBAUX;AAVD,WAAY,gBAAgB;IAC1B;;OAEG;IACH,kDAA8B,CAAA;IAE9B;;OAEG;IACH,iEAA6C,CAAA;AAC/C,CAAC,EAVW,gBAAgB,GAAhB,wBAAgB,KAAhB,wBAAgB,QAU3B;AAcD;;;;;;;;;;;;GAYG;AACH,MAAa,iBAAiB;IA+F5B,YAAoB,KAA6B;QANjC,uBAAkB,GAAG,WAAW,CAAC,MAAM,CAAC;QAOtD,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtE,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,sBAAsB,GAAG,KAAK,CAAC,sBAAsB,CAAC;QAC3D,IAAI,CAAC,yBAAyB,GAAG,KAAK,CAAC,yBAAyB,CAAC;QACjE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;KACpC;IAvED;;OAEG;IACI,MAAM,CAAC,kBAAkB,CAC9B,IAAY,EACZ,UAA8B,EAAE,EAChC,YAA8B,gBAAgB,CAAC,QAAQ;;;;;;;;;;;QAEvD,OAAO,IAAI,iBAAiB,CAAC;YAC3B,GAAG,OAAO;YACV,OAAO,EAAE,IAAI;YACb,sBAAsB,EAAE,sBAAsB,CAAC,YAAY;YAC3D,SAAS;SACV,CAAC,CAAC;KACJ;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,iBAAiB,CAC7B,UAA2B,EAC3B,cAAsB,QAAQ,EAC9B,YAA8B,gBAAgB,CAAC,QAAQ;;;;;;;;;;QAEvD,OAAO,IAAI,iBAAiB,CAAC;YAC3B,OAAO,EAAE,UAAU,CAAC,2BAA2B,CAAC,WAAW,CAAC;YAC5D,sBAAsB,EAAE,sBAAsB,CAAC,YAAY;YAC3D,SAAS;YACT,UAAU;SACX,CAAC,CAAC;KACJ;IAED;;OAEG;IACI,MAAM,CAAC,SAAS,CACrB,KAAgB,EAChB,EAAU,EACV,KAA4B,EAC5B,YAA8B,gBAAgB,CAAC,QAAQ;;;;;;;;;;QAEvD,MAAM,KAAK,GAAG,IAAI,iCAAgB,CAAC,KAAK,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,IAAI,iBAAiB,CAAC;YAC3B,OAAO,EAAE,KAAK,CAAC,QAAQ;YACvB,sBAAsB,EAAE,sBAAsB,CAAC,YAAY;YAC3D,SAAS;YACT,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC,CAAC;KACJ;IAiBM,QAAQ,CAAC,gBAAkC;;;;;;;;;;QAChD,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,IAAI,gBAAgB,CAAC,WAAW,KAAK,WAAW,CAAC,KAAK,EAAE;YACtD,GAAG,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;SACjE;QACD,OAAO,GAAG,CAAC;KACZ;IAEM,kBAAkB,CAAC,UAAkB;QAC1C,OAAO,sBAAS,CAAC,UAAU,CAAC;YAC1B,OAAO,EAAE,KAAK;YACd,MAAM,EAAE;gBACN,SAAS,EAAE;oBACT,oEAAoE;oBACpE,2DAA2D;oBAC3D,EAAE;oBACF,wDAAwD;oBACxD,QAAQ,EAAE,EAAE;iBACb;gBACD,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,qEAAqE;wBACrE,uBAAuB,2CAAa,SAAS,wCAAU,wBAAwB;wBAC/E,wDAAwD;wBACxD,gFAAgF;wBAChF,yCAAyC;wBACzC,0BAA0B,UAAU,EAAE;qBACvC;iBACF;aACF;SACF,CAAC,CAAC;KACJ;;AAtIH,8CAuIC;;;AAtIC;;;;GAIG;AACoB,2CAAyB,GAAgB,IAAI,iBAAiB,CAAC;IACpF,OAAO,EAAE,gCAAgC;IACzC,sBAAsB,EAAE,sBAAsB,CAAC,SAAS;CACzD,CAAC,CAAC;AAEH;;;GAGG;AACoB,kCAAgB,GAAgB,IAAI,iBAAiB,CAAC;IAC3E,OAAO,EAAE,gCAAgC;IACzC,sBAAsB,EAAE,sBAAsB,CAAC,SAAS;CACzD,CAAC,CAAC;AAEH;;;GAGG;AACoB,2CAAyB,GAAgB,IAAI,iBAAiB,CAAC;IACpF,OAAO,EAAE,qCAAqC;IAC9C,sBAAsB,EAAE,sBAAsB,CAAC,SAAS;IACxD,SAAS,EAAE,gBAAgB,CAAC,WAAW;CACxC,CAAC,CAAC;AAgIL,IAAY,4BAeX;AAfD,WAAY,4BAA4B;IACtC;;OAEG;IACH,uDAAuB,CAAA;IAEvB;;OAEG;IACH,mEAAmC,CAAA;IAEnC;;OAEG;IACH,mEAAmC,CAAA;AACrC,CAAC,EAfW,4BAA4B,GAA5B,oCAA4B,KAA5B,oCAA4B,QAevC;AAED;;;GAGG;AACH,IAAY,yBA8BX;AA9BD,WAAY,yBAAyB;IACnC;;OAEG;IACH,kFAAqD,CAAA;IAErD;;OAEG;IACH,wFAA2D,CAAA;IAE3D;;OAEG;IACH,4FAA+D,CAAA;IAE/D;;OAEG;IACH,oFAAuD,CAAA;IAEvD;;OAEG;IACH,yFAA4D,CAAA;IAE5D;;OAEG;IACH,4FAA+D,CAAA;AACjE,CAAC,EA9BW,yBAAyB,GAAzB,iCAAyB,KAAzB,iCAAyB,QA8BpC;AAED,SAAS,oBAAoB,CAAC,CAAU;IACtC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAE,CAAS,CAAC,IAAI,CAAC;AAC3D,CAAC","sourcesContent":["import * as cloudwatch from '@aws-cdk/aws-cloudwatch';\nimport * as notifications from '@aws-cdk/aws-codestarnotifications';\nimport * as ec2 from '@aws-cdk/aws-ec2';\nimport * as ecr from '@aws-cdk/aws-ecr';\nimport { DockerImageAsset, DockerImageAssetProps } from '@aws-cdk/aws-ecr-assets';\nimport * as events from '@aws-cdk/aws-events';\nimport * as iam from '@aws-cdk/aws-iam';\nimport * as kms from '@aws-cdk/aws-kms';\nimport * as s3 from '@aws-cdk/aws-s3';\nimport * as secretsmanager from '@aws-cdk/aws-secretsmanager';\nimport { ArnFormat, Aws, Duration, IResource, Lazy, Names, PhysicalName, Reference, Resource, SecretValue, Stack, Token, TokenComparison, Tokenization } from '@aws-cdk/core';\nimport { Construct } from 'constructs';\nimport { IArtifacts } from './artifacts';\nimport { BuildSpec } from './build-spec';\nimport { Cache } from './cache';\nimport { CodeBuildMetrics } from './codebuild-canned-metrics.generated';\nimport { CfnProject } from './codebuild.generated';\nimport { CodePipelineArtifacts } from './codepipeline-artifacts';\nimport { IFileSystemLocation } from './file-location';\nimport { NoArtifacts } from './no-artifacts';\nimport { NoSource } from './no-source';\nimport { runScriptLinuxBuildSpec, S3_BUCKET_ENV, S3_KEY_ENV } from './private/run-script-linux-build-spec';\nimport { LoggingOptions } from './project-logs';\nimport { renderReportGroupArn } from './report-group-utils';\nimport { ISource } from './source';\nimport { CODEPIPELINE_SOURCE_ARTIFACTS_TYPE, NO_SOURCE_TYPE } from './source-types';\n\n// v2 - keep this import as a separate section to reduce merge conflict when forward merging with the v2 branch.\n// eslint-disable-next-line\nimport { Construct as CoreConstruct } from '@aws-cdk/core';\n\nconst VPC_POLICY_SYM = Symbol.for('@aws-cdk/aws-codebuild.roleVpcPolicy');\n\n/**\n * The type returned from {@link IProject#enableBatchBuilds}.\n */\nexport interface BatchBuildConfig {\n  /** The IAM batch service Role of this Project. */\n  readonly role: iam.IRole;\n}\n\n/**\n * Location of a PEM certificate on S3\n */\nexport interface BuildEnvironmentCertificate {\n  /**\n   * The bucket where the certificate is\n   */\n  readonly bucket: s3.IBucket;\n  /**\n   * The full path and name of the key file\n   */\n  readonly objectKey: string;\n}\n\n/**\n * Additional options to pass to the notification rule.\n */\nexport interface ProjectNotifyOnOptions extends notifications.NotificationRuleOptions {\n  /**\n   * A list of event types associated with this notification rule for CodeBuild Project.\n   * For a complete list of event types and IDs, see Notification concepts in the Developer Tools Console User Guide.\n   * @see https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#concepts-api\n   */\n  readonly events: ProjectNotificationEvents[];\n}\n\nexport interface IProject extends IResource, iam.IGrantable, ec2.IConnectable, notifications.INotificationRuleSource {\n  /**\n   * The ARN of this Project.\n   * @attribute\n   */\n  readonly projectArn: string;\n\n  /**\n   * The human-visible name of this Project.\n   * @attribute\n   */\n  readonly projectName: string;\n\n  /** The IAM service Role of this Project. Undefined for imported Projects. */\n  readonly role?: iam.IRole;\n\n  /**\n   * Enable batch builds.\n   *\n   * Returns an object contining the batch service role if batch builds\n   * could be enabled.\n   */\n  enableBatchBuilds(): BatchBuildConfig | undefined;\n\n  addToRolePolicy(policyStatement: iam.PolicyStatement): void;\n\n  /**\n   * Defines a CloudWatch event rule triggered when something happens with this project.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html\n   */\n  onEvent(id: string, options?: events.OnEventOptions): events.Rule;\n\n  /**\n   * Defines a CloudWatch event rule triggered when the build project state\n   * changes. You can filter specific build status events using an event\n   * pattern filter on the `build-status` detail field:\n   *\n   *    const rule = project.onStateChange('OnBuildStarted', { target });\n   *    rule.addEventPattern({\n   *      detail: {\n   *        'build-status': [\n   *          \"IN_PROGRESS\",\n   *          \"SUCCEEDED\",\n   *          \"FAILED\",\n   *          \"STOPPED\"\n   *        ]\n   *      }\n   *    });\n   *\n   * You can also use the methods `onBuildFailed` and `onBuildSucceeded` to define rules for\n   * these specific state changes.\n   *\n   * To access fields from the event in the event target input,\n   * use the static fields on the `StateChangeEvent` class.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html\n   */\n  onStateChange(id: string, options?: events.OnEventOptions): events.Rule;\n\n  /**\n   * Defines a CloudWatch event rule that triggers upon phase change of this\n   * build project.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html\n   */\n  onPhaseChange(id: string, options?: events.OnEventOptions): events.Rule;\n\n  /**\n   * Defines an event rule which triggers when a build starts.\n   */\n  onBuildStarted(id: string, options?: events.OnEventOptions): events.Rule;\n\n  /**\n   * Defines an event rule which triggers when a build fails.\n   */\n  onBuildFailed(id: string, options?: events.OnEventOptions): events.Rule;\n\n  /**\n   * Defines an event rule which triggers when a build completes successfully.\n   */\n  onBuildSucceeded(id: string, options?: events.OnEventOptions): events.Rule;\n\n  /**\n   * @returns a CloudWatch metric associated with this build project.\n   * @param metricName The name of the metric\n   * @param props Customization properties\n   */\n  metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric;\n\n  /**\n   * Measures the number of builds triggered.\n   *\n   * Units: Count\n   *\n   * Valid CloudWatch statistics: Sum\n   *\n   * @default sum over 5 minutes\n   */\n  metricBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;\n\n  /**\n   * Measures the duration of all builds over time.\n   *\n   * Units: Seconds\n   *\n   * Valid CloudWatch statistics: Average (recommended), Maximum, Minimum\n   *\n   * @default average over 5 minutes\n   */\n  metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric;\n\n  /**\n   * Measures the number of successful builds.\n   *\n   * Units: Count\n   *\n   * Valid CloudWatch statistics: Sum\n   *\n   * @default sum over 5 minutes\n   */\n  metricSucceededBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;\n\n  /**\n   * Measures the number of builds that failed because of client error or\n   * because of a timeout.\n   *\n   * Units: Count\n   *\n   * Valid CloudWatch statistics: Sum\n   *\n   * @default sum over 5 minutes\n   */\n  metricFailedBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric;\n\n  /**\n   * Defines a CodeStar Notification rule triggered when the project\n   * events emitted by you specified, it very similar to `onEvent` API.\n   *\n   * You can also use the methods `notifyOnBuildSucceeded` and\n   * `notifyOnBuildFailed` to define rules for these specific event emitted.\n   *\n   * @param id The logical identifier of the CodeStar Notifications rule that will be created\n   * @param target The target to register for the CodeStar Notifications destination.\n   * @param options Customization options for CodeStar Notifications rule\n   * @returns CodeStar Notifications rule associated with this build project.\n   */\n  notifyOn(\n    id: string,\n    target: notifications.INotificationRuleTarget,\n    options: ProjectNotifyOnOptions,\n  ): notifications.INotificationRule;\n\n  /**\n   * Defines a CodeStar notification rule which triggers when a build completes successfully.\n   */\n  notifyOnBuildSucceeded(\n    id: string,\n    target: notifications.INotificationRuleTarget,\n    options?: notifications.NotificationRuleOptions,\n  ): notifications.INotificationRule;\n\n  /**\n   * Defines a CodeStar notification rule which triggers when a build fails.\n   */\n  notifyOnBuildFailed(\n    id: string,\n    target: notifications.INotificationRuleTarget,\n    options?: notifications.NotificationRuleOptions,\n  ): notifications.INotificationRule;\n}\n\n/**\n * Represents a reference to a CodeBuild Project.\n *\n * If you're managing the Project alongside the rest of your CDK resources,\n * use the {@link Project} class.\n *\n * If you want to reference an already existing Project\n * (or one defined in a different CDK Stack),\n * use the {@link import} method.\n */\nabstract class ProjectBase extends Resource implements IProject {\n  public abstract readonly grantPrincipal: iam.IPrincipal;\n\n  /** The ARN of this Project. */\n  public abstract readonly projectArn: string;\n\n  /** The human-visible name of this Project. */\n  public abstract readonly projectName: string;\n\n  /** The IAM service Role of this Project. */\n  public abstract readonly role?: iam.IRole;\n\n  /**\n   * Actual connections object for this Project.\n   * May be unset, in which case this Project is not configured to use a VPC.\n   * @internal\n   */\n  protected _connections: ec2.Connections | undefined;\n\n  /**\n   * Access the Connections object.\n   * Will fail if this Project does not have a VPC set.\n   */\n  public get connections(): ec2.Connections {\n    if (!this._connections) {\n      throw new Error('Only VPC-associated Projects have security groups to manage. Supply the \"vpc\" parameter when creating the Project');\n    }\n    return this._connections;\n  }\n\n  public enableBatchBuilds(): BatchBuildConfig | undefined {\n    return undefined;\n  }\n\n  /**\n   * Add a permission only if there's a policy attached.\n   * @param statement The permissions statement to add\n   */\n  public addToRolePolicy(statement: iam.PolicyStatement) {\n    if (this.role) {\n      this.role.addToPrincipalPolicy(statement);\n    }\n  }\n\n  /**\n   * Defines a CloudWatch event rule triggered when something happens with this project.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html\n   */\n  public onEvent(id: string, options: events.OnEventOptions = {}): events.Rule {\n    const rule = new events.Rule(this, id, options);\n    rule.addTarget(options.target);\n    rule.addEventPattern({\n      source: ['aws.codebuild'],\n      detail: {\n        'project-name': [this.projectName],\n      },\n    });\n    return rule;\n  }\n\n  /**\n   * Defines a CloudWatch event rule triggered when the build project state\n   * changes. You can filter specific build status events using an event\n   * pattern filter on the `build-status` detail field:\n   *\n   *    const rule = project.onStateChange('OnBuildStarted', { target });\n   *    rule.addEventPattern({\n   *      detail: {\n   *        'build-status': [\n   *          \"IN_PROGRESS\",\n   *          \"SUCCEEDED\",\n   *          \"FAILED\",\n   *          \"STOPPED\"\n   *        ]\n   *      }\n   *    });\n   *\n   * You can also use the methods `onBuildFailed` and `onBuildSucceeded` to define rules for\n   * these specific state changes.\n   *\n   * To access fields from the event in the event target input,\n   * use the static fields on the `StateChangeEvent` class.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html\n   */\n  public onStateChange(id: string, options: events.OnEventOptions = {}) {\n    const rule = this.onEvent(id, options);\n    rule.addEventPattern({\n      detailType: ['CodeBuild Build State Change'],\n    });\n    return rule;\n  }\n\n  /**\n   * Defines a CloudWatch event rule that triggers upon phase change of this\n   * build project.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html\n   */\n  public onPhaseChange(id: string, options: events.OnEventOptions = {}) {\n    const rule = this.onEvent(id, options);\n    rule.addEventPattern({\n      detailType: ['CodeBuild Build Phase Change'],\n    });\n    return rule;\n  }\n\n  /**\n   * Defines an event rule which triggers when a build starts.\n   *\n   * To access fields from the event in the event target input,\n   * use the static fields on the `StateChangeEvent` class.\n   */\n  public onBuildStarted(id: string, options: events.OnEventOptions = {}) {\n    const rule = this.onStateChange(id, options);\n    rule.addEventPattern({\n      detail: {\n        'build-status': ['IN_PROGRESS'],\n      },\n    });\n    return rule;\n  }\n\n  /**\n   * Defines an event rule which triggers when a build fails.\n   *\n   * To access fields from the event in the event target input,\n   * use the static fields on the `StateChangeEvent` class.\n   */\n  public onBuildFailed(id: string, options: events.OnEventOptions = {}) {\n    const rule = this.onStateChange(id, options);\n    rule.addEventPattern({\n      detail: {\n        'build-status': ['FAILED'],\n      },\n    });\n    return rule;\n  }\n\n  /**\n   * Defines an event rule which triggers when a build completes successfully.\n   *\n   * To access fields from the event in the event target input,\n   * use the static fields on the `StateChangeEvent` class.\n   */\n  public onBuildSucceeded(id: string, options: events.OnEventOptions = {}) {\n    const rule = this.onStateChange(id, options);\n    rule.addEventPattern({\n      detail: {\n        'build-status': ['SUCCEEDED'],\n      },\n    });\n    return rule;\n  }\n\n  /**\n   * @returns a CloudWatch metric associated with this build project.\n   * @param metricName The name of the metric\n   * @param props Customization properties\n   */\n  public metric(metricName: string, props?: cloudwatch.MetricOptions) {\n    return new cloudwatch.Metric({\n      namespace: 'AWS/CodeBuild',\n      metricName,\n      dimensionsMap: { ProjectName: this.projectName },\n      ...props,\n    }).attachTo(this);\n  }\n\n  /**\n   * Measures the number of builds triggered.\n   *\n   * Units: Count\n   *\n   * Valid CloudWatch statistics: Sum\n   *\n   * @default sum over 5 minutes\n   */\n  public metricBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.cannedMetric(CodeBuildMetrics.buildsSum, props);\n  }\n\n  /**\n   * Measures the duration of all builds over time.\n   *\n   * Units: Seconds\n   *\n   * Valid CloudWatch statistics: Average (recommended), Maximum, Minimum\n   *\n   * @default average over 5 minutes\n   */\n  public metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.cannedMetric(CodeBuildMetrics.durationAverage, props);\n  }\n\n  /**\n   * Measures the number of successful builds.\n   *\n   * Units: Count\n   *\n   * Valid CloudWatch statistics: Sum\n   *\n   * @default sum over 5 minutes\n   */\n  public metricSucceededBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.cannedMetric(CodeBuildMetrics.succeededBuildsSum, props);\n  }\n\n  /**\n   * Measures the number of builds that failed because of client error or\n   * because of a timeout.\n   *\n   * Units: Count\n   *\n   * Valid CloudWatch statistics: Sum\n   *\n   * @default sum over 5 minutes\n   */\n  public metricFailedBuilds(props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return this.cannedMetric(CodeBuildMetrics.failedBuildsSum, props);\n  }\n\n  public notifyOn(\n    id: string,\n    target: notifications.INotificationRuleTarget,\n    options: ProjectNotifyOnOptions,\n  ): notifications.INotificationRule {\n    return new notifications.NotificationRule(this, id, {\n      ...options,\n      source: this,\n      targets: [target],\n    });\n  }\n\n  public notifyOnBuildSucceeded(\n    id: string,\n    target: notifications.INotificationRuleTarget,\n    options?: notifications.NotificationRuleOptions,\n  ): notifications.INotificationRule {\n    return this.notifyOn(id, target, {\n      ...options,\n      events: [ProjectNotificationEvents.BUILD_SUCCEEDED],\n    });\n  }\n\n  public notifyOnBuildFailed(\n    id: string,\n    target: notifications.INotificationRuleTarget,\n    options?: notifications.NotificationRuleOptions,\n  ): notifications.INotificationRule {\n    return this.notifyOn(id, target, {\n      ...options,\n      events: [ProjectNotificationEvents.BUILD_FAILED],\n    });\n  }\n\n  public bindAsNotificationRuleSource(_scope: Construct): notifications.NotificationRuleSourceConfig {\n    return {\n      sourceArn: this.projectArn,\n    };\n  }\n\n  private cannedMetric(\n    fn: (dims: { ProjectName: string }) => cloudwatch.MetricProps,\n    props?: cloudwatch.MetricOptions): cloudwatch.Metric {\n    return new cloudwatch.Metric({\n      ...fn({ ProjectName: this.projectName }),\n      ...props,\n    }).attachTo(this);\n  }\n}\n\nexport interface CommonProjectProps {\n  /**\n   * A description of the project. Use the description to identify the purpose\n   * of the project.\n   *\n   * @default - No description.\n   */\n  readonly description?: string;\n\n  /**\n   * Filename or contents of buildspec in JSON format.\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-example\n   *\n   * @default - Empty buildspec.\n   */\n  readonly buildSpec?: BuildSpec;\n\n  /**\n   * Service Role to assume while running the build.\n   *\n   * @default - A role will be created.\n   */\n  readonly role?: iam.IRole;\n\n  /**\n   * Encryption key to use to read and write artifacts.\n   *\n   * @default - The AWS-managed CMK for Amazon Simple Storage Service (Amazon S3) is used.\n   */\n  readonly encryptionKey?: kms.IKey;\n\n  /**\n   * Caching strategy to use.\n   *\n   * @default Cache.none\n   */\n  readonly cache?: Cache;\n\n  /**\n   * Build environment to use for the build.\n   *\n   * @default BuildEnvironment.LinuxBuildImage.STANDARD_1_0\n   */\n  readonly environment?: BuildEnvironment;\n\n  /**\n   * Indicates whether AWS CodeBuild generates a publicly accessible URL for\n   * your project's build badge. For more information, see Build Badges Sample\n   * in the AWS CodeBuild User Guide.\n   *\n   * @default false\n   */\n  readonly badge?: boolean;\n\n  /**\n   * The number of minutes after which AWS CodeBuild stops the build if it's\n   * not complete. For valid values, see the timeoutInMinutes field in the AWS\n   * CodeBuild User Guide.\n   *\n   * @default Duration.hours(1)\n   */\n  readonly timeout?: Duration;\n\n  /**\n   * Additional environment variables to add to the build environment.\n   *\n   * @default - No additional environment variables are specified.\n   */\n  readonly environmentVariables?: { [name: string]: BuildEnvironmentVariable };\n\n  /**\n   * Whether to check for the presence of any secrets in the environment variables of the default type, BuildEnvironmentVariableType.PLAINTEXT.\n   * Since using a secret for the value of that kind of variable would result in it being displayed in plain text in the AWS Console,\n   * the construct will throw an exception if it detects a secret was passed there.\n   * Pass this property as false if you want to skip this validation,\n   * and keep using a secret in a plain text environment variable.\n   *\n   * @default true\n   */\n  readonly checkSecretsInPlainTextEnvVariables?: boolean;\n\n  /**\n   * The physical, human-readable name of the CodeBuild Project.\n   *\n   * @default - Name is automatically generated.\n   */\n  readonly projectName?: string;\n\n  /**\n   * VPC network to place codebuild network interfaces\n   *\n   * Specify this if the codebuild project needs to access resources in a VPC.\n   *\n   * @default - No VPC is specified.\n   */\n  readonly vpc?: ec2.IVpc;\n\n  /**\n   * Where to place the network interfaces within the VPC.\n   *\n   * Only used if 'vpc' is supplied.\n   *\n   * @default - All private subnets.\n   */\n  readonly subnetSelection?: ec2.SubnetSelection;\n\n  /**\n   * What security group to associate with the codebuild project's network interfaces.\n   * If no security group is identified, one will be created automatically.\n   *\n   * Only used if 'vpc' is supplied.\n   *\n   * @default - Security group will be automatically created.\n   *\n   */\n  readonly securityGroups?: ec2.ISecurityGroup[];\n\n  /**\n   * Whether to allow the CodeBuild to send all network traffic\n   *\n   * If set to false, you must individually add traffic rules to allow the\n   * CodeBuild project to connect to network targets.\n   *\n   * Only used if 'vpc' is supplied.\n   *\n   * @default true\n   */\n  readonly allowAllOutbound?: boolean;\n\n  /**\n   * An  ProjectFileSystemLocation objects for a CodeBuild build project.\n   *\n   * A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint,\n   * and type of a file system created using Amazon Elastic File System.\n   *\n   * @default - no file system locations\n   */\n  readonly fileSystemLocations?: IFileSystemLocation[];\n\n  /**\n   * Add permissions to this project's role to create and use test report groups with name starting with the name of this project.\n   *\n   * That is the standard report group that gets created when a simple name\n   * (in contrast to an ARN)\n   * is used in the 'reports' section of the buildspec of this project.\n   * This is usually harmless, but you can turn these off if you don't plan on using test\n   * reports in this project.\n   *\n   * @default true\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/test-report-group-naming.html\n   */\n  readonly grantReportGroupPermissions?: boolean;\n\n  /**\n   * Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.\n   *\n   * @default - no log configuration is set\n   */\n  readonly logging?: LoggingOptions;\n\n  /**\n   * The number of minutes after which AWS CodeBuild stops the build if it's\n   * still in queue. For valid values, see the timeoutInMinutes field in the AWS\n   * CodeBuild User Guide.\n   *\n   * @default - no queue timeout is set\n   */\n  readonly queuedTimeout?: Duration\n\n  /**\n   * Maximum number of concurrent builds. Minimum value is 1 and maximum is account build limit.\n   *\n   * @default - no explicit limit is set\n   */\n  readonly concurrentBuildLimit?: number\n}\n\nexport interface ProjectProps extends CommonProjectProps {\n  /**\n   * The source of the build.\n   * *Note*: if {@link NoSource} is given as the source,\n   * then you need to provide an explicit `buildSpec`.\n   *\n   * @default - NoSource\n   */\n  readonly source?: ISource;\n\n  /**\n   * Defines where build artifacts will be stored.\n   * Could be: PipelineBuildArtifacts, NoArtifacts and S3Artifacts.\n   *\n   * @default NoArtifacts\n   */\n  readonly artifacts?: IArtifacts;\n\n  /**\n   * The secondary sources for the Project.\n   * Can be also added after the Project has been created by using the {@link Project#addSecondarySource} method.\n   *\n   * @default - No secondary sources.\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html\n   */\n  readonly secondarySources?: ISource[];\n\n  /**\n   * The secondary artifacts for the Project.\n   * Can also be added after the Project has been created by using the {@link Project#addSecondaryArtifact} method.\n   *\n   * @default - No secondary artifacts.\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html\n   */\n  readonly secondaryArtifacts?: IArtifacts[];\n}\n\n/**\n * The extra options passed to the {@link IProject.bindToCodePipeline} method.\n */\nexport interface BindToCodePipelineOptions {\n  /**\n   * The artifact bucket that will be used by the action that invokes this project.\n   */\n  readonly artifactBucket: s3.IBucket;\n}\n\n/**\n * A representation of a CodeBuild Project.\n */\nexport class Project extends ProjectBase {\n\n  public static fromProjectArn(scope: Construct, id: string, projectArn: string): IProject {\n    const parsedArn = Stack.of(scope).splitArn(projectArn, ArnFormat.SLASH_RESOURCE_NAME);\n\n    class Import extends ProjectBase {\n      public readonly grantPrincipal: iam.IPrincipal;\n      public readonly projectArn = projectArn;\n      public readonly projectName = parsedArn.resourceName!;\n      public readonly role?: iam.Role = undefined;\n\n      constructor(s: Construct, i: string) {\n        super(s, i, {\n          account: parsedArn.account,\n          region: parsedArn.region,\n        });\n        this.grantPrincipal = new iam.UnknownPrincipal({ resource: this });\n      }\n    }\n\n    return new Import(scope, id);\n  }\n\n  /**\n   * Import a Project defined either outside the CDK,\n   * or in a different CDK Stack\n   * (and exported using the {@link export} method).\n   *\n   * @note if you're importing a CodeBuild Project for use\n   *   in a CodePipeline, make sure the existing Project\n   *   has permissions to access the S3 Bucket of that Pipeline -\n   *   otherwise, builds in that Pipeline will always fail.\n   *\n   * @param scope the parent Construct for this Construct\n   * @param id the logical name of this Construct\n   * @param projectName the name of the project to import\n   * @returns a reference to the existing Project\n   */\n  public static fromProjectName(scope: Construct, id: string, projectName: string): IProject {\n    class Import extends ProjectBase {\n      public readonly grantPrincipal: iam.IPrincipal;\n      public readonly projectArn: string;\n      public readonly projectName: string;\n      public readonly role?: iam.Role = undefined;\n\n      constructor(s: Construct, i: string) {\n        super(s, i);\n\n        this.projectArn = Stack.of(this).formatArn({\n          service: 'codebuild',\n          resource: 'project',\n          resourceName: projectName,\n        });\n\n        this.grantPrincipal = new iam.UnknownPrincipal({ resource: this });\n        this.projectName = projectName;\n      }\n    }\n\n    return new Import(scope, id);\n  }\n\n  /**\n   * Convert the environment variables map of string to {@link BuildEnvironmentVariable},\n   * which is the customer-facing type, to a list of {@link CfnProject.EnvironmentVariableProperty},\n   * which is the representation of environment variables in CloudFormation.\n   *\n   * @param environmentVariables the map of string to environment variables\n   * @param validateNoPlainTextSecrets whether to throw an exception\n   *   if any of the plain text environment variables contain secrets, defaults to 'false'\n   * @returns an array of {@link CfnProject.EnvironmentVariableProperty} instances\n   */\n  public static serializeEnvVariables(environmentVariables: { [name: string]: BuildEnvironmentVariable },\n    validateNoPlainTextSecrets: boolean = false, principal?: iam.IGrantable): CfnProject.EnvironmentVariableProperty[] {\n\n    const ret = new Array<CfnProject.EnvironmentVariableProperty>();\n    const ssmIamResources = new Array<string>();\n    const secretsManagerIamResources = new Set<string>();\n    const kmsIamResources = new Set<string>();\n\n    for (const [name, envVariable] of Object.entries(environmentVariables)) {\n      const envVariableValue = envVariable.value?.toString();\n      const cfnEnvVariable: CfnProject.EnvironmentVariableProperty = {\n        name,\n        type: envVariable.type || BuildEnvironmentVariableType.PLAINTEXT,\n        value: envVariableValue,\n      };\n      ret.push(cfnEnvVariable);\n\n      // validate that the plain-text environment variables don't contain any secrets in them\n      if (validateNoPlainTextSecrets && cfnEnvVariable.type === BuildEnvironmentVariableType.PLAINTEXT) {\n        const fragments = Tokenization.reverseString(cfnEnvVariable.value);\n        for (const token of fragments.tokens) {\n          if (token instanceof SecretValue) {\n            throw new Error(`Plaintext environment variable '${name}' contains a secret value! ` +\n              'This means the value of this variable will be visible in plain text in the AWS Console. ' +\n              \"Please consider using CodeBuild's SecretsManager environment variables feature instead. \" +\n              \"If you'd like to continue with having this secret in the plaintext environment variables, \" +\n              'please set the checkSecretsInPlainTextEnvVariables property to false');\n          }\n        }\n      }\n\n      if (principal) {\n        const stack = Stack.of(principal);\n\n        // save the SSM env variables\n        if (envVariable.type === BuildEnvironmentVariableType.PARAMETER_STORE) {\n          ssmIamResources.push(stack.formatArn({\n            service: 'ssm',\n            resource: 'parameter',\n            // If the parameter name starts with / the resource name is not separated with a double '/'\n            // arn:aws:ssm:region:1111111111:parameter/PARAM_NAME\n            resourceName: envVariableValue.startsWith('/')\n              ? envVariableValue.slice(1)\n              : envVariableValue,\n          }));\n        }\n\n        // save SecretsManager env variables\n        if (envVariable.type === BuildEnvironmentVariableType.SECRETS_MANAGER) {\n          // We have 3 basic cases here of what envVariableValue can be:\n          // 1. A string that starts with 'arn:' (and might contain Token fragments).\n          // 2. A Token.\n          // 3. A simple value, like 'secret-id'.\n          if (envVariableValue.startsWith('arn:')) {\n            const parsedArn = stack.splitArn(envVariableValue, ArnFormat.COLON_RESOURCE_NAME);\n            if (!parsedArn.resourceName) {\n              throw new Error('SecretManager ARN is missing the name of the secret: ' + envVariableValue);\n            }\n\n            // the value of the property can be a complex string, separated by ':';\n            // see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager\n            const secretName = parsedArn.resourceName.split(':')[0];\n            secretsManagerIamResources.add(stack.formatArn({\n              service: 'secretsmanager',\n              resource: 'secret',\n              // since we don't know whether the ARN was full, or partial\n              // (CodeBuild supports both),\n              // stick a \"*\" at the end, which makes it work for both\n              resourceName: `${secretName}*`,\n              arnFormat: ArnFormat.COLON_RESOURCE_NAME,\n              partition: parsedArn.partition,\n              account: parsedArn.account,\n              region: parsedArn.region,\n            }));\n            // if secret comes from another account, SecretsManager will need to access\n            // KMS on the other account as well to be able to get the secret\n            if (parsedArn.account && Token.compareStrings(parsedArn.account, stack.account) === TokenComparison.DIFFERENT) {\n              kmsIamResources.add(stack.formatArn({\n                service: 'kms',\n                resource: 'key',\n                // We do not know the ID of the key, but since this is a cross-account access,\n                // the key policies have to allow this access, so a wildcard is safe here\n                resourceName: '*',\n                arnFormat: ArnFormat.SLASH_RESOURCE_NAME,\n                partition: parsedArn.partition,\n                account: parsedArn.account,\n                region: parsedArn.region,\n              }));\n            }\n          } else if (Token.isUnresolved(envVariableValue)) {\n            // the value of the property can be a complex string, separated by ':';\n            // see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager\n            let secretArn = envVariableValue.split(':')[0];\n\n            // parse the Token, and see if it represents a single resource\n            // (we will assume it's a Secret from SecretsManager)\n            const fragments = Tokenization.reverseString(envVariableValue);\n            if (fragments.tokens.length === 1) {\n              const resolvable = fragments.tokens[0];\n              if (Reference.isReference(resolvable)) {\n                // check the Stack the resource owning the reference belongs to\n                const resourceStack = Stack.of(resolvable.target);\n                if (Token.compareStrings(stack.account, resourceStack.account) === TokenComparison.DIFFERENT) {\n                  // since this is a cross-account access,\n                  // add the appropriate KMS permissions\n                  kmsIamResources.add(stack.formatArn({\n                    service: 'kms',\n                    resource: 'key',\n                    // We do not know the ID of the key, but since this is a cross-account access,\n                    // the key policies have to allow this access, so a wildcard is safe here\n                    resourceName: '*',\n                    arnFormat: ArnFormat.SLASH_RESOURCE_NAME,\n                    partition: resourceStack.partition,\n                    account: resourceStack.account,\n                    region: resourceStack.region,\n                  }));\n\n                  // Work around a bug in SecretsManager -\n                  // when the access is cross-environment,\n                  // Secret.secretArn returns a partial ARN!\n                  // So add a \"*\" at the end, so that the permissions work\n                  secretArn = `${secretArn}-??????`;\n                }\n              }\n            }\n\n            // if we are passed a Token, we should assume it's the ARN of the Secret\n            // (as the name would not work anyway, because it would be the full name, which CodeBuild does not support)\n            secretsManagerIamResources.add(secretArn);\n          } else {\n            // the value of the property can be a complex string, separated by ':';\n            // see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager\n            const secretName = envVariableValue.split(':')[0];\n            secretsManagerIamResources.add(stack.formatArn({\n              service: 'secretsmanager',\n              resource: 'secret',\n              resourceName: `${secretName}-??????`,\n              arnFormat: ArnFormat.COLON_RESOURCE_NAME,\n            }));\n          }\n        }\n      }\n    }\n\n    if (ssmIamResources.length !== 0) {\n      principal?.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({\n        actions: ['ssm:GetParameters'],\n        resources: ssmIamResources,\n      }));\n    }\n    if (secretsManagerIamResources.size !== 0) {\n      principal?.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({\n        actions: ['secretsmanager:GetSecretValue'],\n        resources: Array.from(secretsManagerIamResources),\n      }));\n    }\n    if (kmsIamResources.size !== 0) {\n      principal?.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({\n        actions: ['kms:Decrypt'],\n        resources: Array.from(kmsIamResources),\n      }));\n    }\n\n    return ret;\n  }\n\n  public readonly grantPrincipal: iam.IPrincipal;\n\n  /**\n   * The IAM role for this project.\n   */\n  public readonly role?: iam.IRole;\n\n  /**\n   * The ARN of the project.\n   */\n  public readonly projectArn: string;\n\n  /**\n   * The name of the project.\n   */\n  public readonly projectName: string;\n\n  private readonly source: ISource;\n  private readonly buildImage: IBuildImage;\n  private readonly _secondarySources: CfnProject.SourceProperty[];\n  private readonly _secondarySourceVersions: CfnProject.ProjectSourceVersionProperty[];\n  private readonly _secondaryArtifacts: CfnProject.ArtifactsProperty[];\n  private _encryptionKey?: kms.IKey;\n  private readonly _fileSystemLocations: CfnProject.ProjectFileSystemLocationProperty[];\n  private _batchServiceRole?: iam.Role;\n\n  constructor(scope: Construct, id: string, props: ProjectProps) {\n    super(scope, id, {\n      physicalName: props.projectName,\n    });\n\n    this.role = props.role || new iam.Role(this, 'Role', {\n      roleName: PhysicalName.GENERATE_IF_NEEDED,\n      assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),\n    });\n    this.grantPrincipal = this.role;\n\n    this.buildImage = (props.environment && props.environment.buildImage) || LinuxBuildImage.STANDARD_1_0;\n\n    // let source \"bind\" to the project. this usually involves granting permissions\n    // for the code build role to interact with the source.\n    this.source = props.source || new NoSource();\n    const sourceConfig = this.source.bind(this, this);\n    if (props.badge && !this.source.badgeSupported) {\n      throw new Error(`Badge is not supported for source type ${this.source.type}`);\n    }\n\n    const artifacts = props.artifacts\n      ? props.artifacts\n      : (this.source.type === CODEPIPELINE_SOURCE_ARTIFACTS_TYPE\n        ? new CodePipelineArtifacts()\n        : new NoArtifacts());\n    const artifactsConfig = artifacts.bind(this, this);\n\n    const cache = props.cache || Cache.none();\n\n    // give the caching strategy the option to grant permissions to any required resources\n    cache._bind(this);\n\n    // Inject download commands for asset if requested\n    const environmentVariables = props.environmentVariables || {};\n    const buildSpec = props.buildSpec;\n    if (this.source.type === NO_SOURCE_TYPE && (buildSpec === undefined || !buildSpec.isImmediate)) {\n      throw new Error(\"If the Project's source is NoSource, you need to provide a concrete buildSpec\");\n    }\n\n    this._secondarySources = [];\n    this._secondarySourceVersions = [];\n    this._fileSystemLocations = [];\n    for (const secondarySource of props.secondarySources || []) {\n      this.addSecondarySource(secondarySource);\n    }\n\n    this._secondaryArtifacts = [];\n    for (const secondaryArtifact of props.secondaryArtifacts || []) {\n      this.addSecondaryArtifact(secondaryArtifact);\n    }\n\n    this.validateCodePipelineSettings(artifacts);\n\n    for (const fileSystemLocation of props.fileSystemLocations || []) {\n      this.addFileSystemLocation(fileSystemLocation);\n    }\n\n    const resource = new CfnProject(this, 'Resource', {\n      description: props.description,\n      source: {\n        ...sourceConfig.sourceProperty,\n        buildSpec: buildSpec && buildSpec.toBuildSpec(),\n      },\n      artifacts: artifactsConfig.artifactsProperty,\n      serviceRole: this.role.roleArn,\n      environment: this.renderEnvironment(props, environmentVariables),\n      fileSystemLocations: Lazy.any({ produce: () => this.renderFileSystemLocations() }),\n      // lazy, because we have a setter for it in setEncryptionKey\n      // The 'alias/aws/s3' default is necessary because leaving the `encryptionKey` field\n      // empty will not remove existing encryptionKeys during an update (ref. t/D17810523)\n      encryptionKey: Lazy.string({ produce: () => this._encryptionKey ? this._encryptionKey.keyArn : 'alias/aws/s3' }),\n      badgeEnabled: props.badge,\n      cache: cache._toCloudFormation(),\n      name: this.physicalName,\n      timeoutInMinutes: props.timeout && props.timeout.toMinutes(),\n      queuedTimeoutInMinutes: props.queuedTimeout && props.queuedTimeout.toMinutes(),\n      concurrentBuildLimit: props.concurrentBuildLimit,\n      secondarySources: Lazy.any({ produce: () => this.renderSecondarySources() }),\n      secondarySourceVersions: Lazy.any({ produce: () => this.renderSecondarySourceVersions() }),\n      secondaryArtifacts: Lazy.any({ produce: () => this.renderSecondaryArtifacts() }),\n      triggers: sourceConfig.buildTriggers,\n      sourceVersion: sourceConfig.sourceVersion,\n      vpcConfig: this.configureVpc(props),\n      logsConfig: this.renderLoggingConfiguration(props.logging),\n      buildBatchConfig: Lazy.any({\n        produce: () => {\n          const config: CfnProject.ProjectBuildBatchConfigProperty | undefined = this._batchServiceRole ? {\n            serviceRole: this._batchServiceRole.roleArn,\n          } : undefined;\n          return config;\n        },\n      }),\n    });\n\n    this.addVpcRequiredPermissions(props, resource);\n\n    this.projectArn = this.getResourceArnAttribute(resource.attrArn, {\n      service: 'codebuild',\n      resource: 'project',\n      resourceName: this.physicalName,\n    });\n    this.projectName = this.getResourceNameAttribute(resource.ref);\n\n    this.addToRolePolicy(this.createLoggingPermission());\n    // add permissions to create and use test report groups\n    // with names starting with the project's name,\n    // unless the customer explicitly opts out of it\n    if (props.grantReportGroupPermissions !== false) {\n      this.addToRolePolicy(new iam.PolicyStatement({\n        actions: [\n          'codebuild:CreateReportGroup',\n          'codebuild:CreateReport',\n          'codebuild:UpdateReport',\n          'codebuild:BatchPutTestCases',\n          'codebuild:BatchPutCodeCoverages',\n        ],\n        resources: [renderReportGroupArn(this, `${this.projectName}-*`)],\n      }));\n    }\n\n    if (props.encryptionKey) {\n      this.encryptionKey = props.encryptionKey;\n    }\n\n    // bind\n    if (isBindableBuildImage(this.buildImage)) {\n      this.buildImage.bind(this, this, {});\n    }\n  }\n\n  public enableBatchBuilds(): BatchBuildConfig | undefined {\n    if (!this._batchServiceRole) {\n      this._batchServiceRole = new iam.Role(this, 'BatchServiceRole', {\n        assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),\n      });\n      this._batchServiceRole.addToPrincipalPolicy(new iam.PolicyStatement({\n        resources: [Lazy.string({\n          produce: () => this.projectArn,\n        })],\n        actions: [\n          'codebuild:StartBuild',\n          'codebuild:StopBuild',\n          'codebuild:RetryBuild',\n        ],\n      }));\n    }\n    return {\n      role: this._batchServiceRole,\n    };\n  }\n\n  /**\n   * Adds a secondary source to the Project.\n   *\n   * @param secondarySource the source to add as a secondary source\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html\n   */\n  public addSecondarySource(secondarySource: ISource): void {\n    if (!secondarySource.identifier) {\n      throw new Error('The identifier attribute is mandatory for secondary sources');\n    }\n    const secondarySourceConfig = secondarySource.bind(this, this);\n    this._secondarySources.push(secondarySourceConfig.sourceProperty);\n    if (secondarySourceConfig.sourceVersion) {\n      this._secondarySourceVersions.push({\n        sourceIdentifier: secondarySource.identifier,\n        sourceVersion: secondarySourceConfig.sourceVersion,\n      });\n    }\n  }\n\n  /**\n   * Adds a fileSystemLocation to the Project.\n   *\n   * @param fileSystemLocation the fileSystemLocation to add\n   */\n  public addFileSystemLocation(fileSystemLocation: IFileSystemLocation): void {\n    const fileSystemConfig = fileSystemLocation.bind(this, this);\n    this._fileSystemLocations.push(fileSystemConfig.location);\n  }\n\n  /**\n   * Adds a secondary artifact to the Project.\n   *\n   * @param secondaryArtifact the artifact to add as a secondary artifact\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-multi-in-out.html\n   */\n  public addSecondaryArtifact(secondaryArtifact: IArtifacts): void {\n    if (!secondaryArtifact.identifier) {\n      throw new Error('The identifier attribute is mandatory for secondary artifacts');\n    }\n    this._secondaryArtifacts.push(secondaryArtifact.bind(this, this).artifactsProperty);\n  }\n\n  /**\n   * A callback invoked when the given project is added to a CodePipeline.\n   *\n   * @param _scope the construct the binding is taking place in\n   * @param options additional options for the binding\n   */\n  public bindToCodePipeline(_scope: CoreConstruct, options: BindToCodePipelineOptions): void {\n    // work around a bug in CodeBuild: it ignores the KMS key set on the pipeline,\n    // and always uses its own, project-level key\n    if (options.artifactBucket.encryptionKey && !this._encryptionKey) {\n      // we cannot safely do this assignment if the key is of type kms.Key,\n      // and belongs to a stack in a different account or region than the project\n      // (that would cause an illegal reference, as KMS keys don't have physical names)\n      const keyStack = Stack.of(options.artifactBucket.encryptionKey);\n      const projectStack = Stack.of(this);\n      if (!(options.artifactBucket.encryptionKey instanceof kms.Key &&\n          (keyStack.account !== projectStack.account || keyStack.region !== projectStack.region))) {\n        this.encryptionKey = options.artifactBucket.encryptionKey;\n      }\n    }\n  }\n\n  /**\n   * @override\n   */\n  protected validate(): string[] {\n    const ret = new Array<string>();\n    if (this.source.type === CODEPIPELINE_SOURCE_ARTIFACTS_TYPE) {\n      if (this._secondarySources.length > 0) {\n        ret.push('A Project with a CodePipeline Source cannot have secondary sources. ' +\n          \"Use the CodeBuild Pipeline Actions' `extraInputs` property instead\");\n      }\n      if (this._secondaryArtifacts.length > 0) {\n        ret.push('A Project with a CodePipeline Source cannot have secondary artifacts. ' +\n          \"Use the CodeBuild Pipeline Actions' `outputs` property instead\");\n      }\n    }\n    return ret;\n  }\n\n  private set encryptionKey(encryptionKey: kms.IKey) {\n    this._encryptionKey = encryptionKey;\n    encryptionKey.grantEncryptDecrypt(this);\n  }\n\n  private createLoggingPermission() {\n    const logGroupArn = Stack.of(this).formatArn({\n      service: 'logs',\n      resource: 'log-group',\n      arnFormat: ArnFormat.COLON_RESOURCE_NAME,\n      resourceName: `/aws/codebuild/${this.projectName}`,\n    });\n\n    const logGroupStarArn = `${logGroupArn}:*`;\n\n    return new iam.PolicyStatement({\n      resources: [logGroupArn, logGroupStarArn],\n      actions: ['logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents'],\n    });\n  }\n\n  private renderEnvironment(\n    props: ProjectProps,\n    projectVars: { [name: string]: BuildEnvironmentVariable } = {}): CfnProject.EnvironmentProperty {\n\n    const env = props.environment ?? {};\n    const vars: { [name: string]: BuildEnvironmentVariable } = {};\n    const containerVars = env.environmentVariables || {};\n\n    // first apply environment variables from the container definition\n    for (const name of Object.keys(containerVars)) {\n      vars[name] = containerVars[name];\n    }\n\n    // now apply project-level vars\n    for (const name of Object.keys(projectVars)) {\n      vars[name] = projectVars[name];\n    }\n\n    const hasEnvironmentVars = Object.keys(vars).length > 0;\n\n    const errors = this.buildImage.validate(env);\n    if (errors.length > 0) {\n      throw new Error('Invalid CodeBuild environment: ' + errors.join('\\n'));\n    }\n\n    const imagePullPrincipalType = this.buildImage.imagePullPrincipalType === ImagePullPrincipalType.CODEBUILD\n      ? ImagePullPrincipalType.CODEBUILD\n      : ImagePullPrincipalType.SERVICE_ROLE;\n    if (this.buildImage.repository) {\n      if (imagePullPrincipalType === ImagePullPrincipalType.SERVICE_ROLE) {\n        this.buildImage.repository.grantPull(this);\n      } else {\n        const statement = new iam.PolicyStatement({\n          principals: [new iam.ServicePrincipal('codebuild.amazonaws.com')],\n          actions: ['ecr:GetDownloadUrlForLayer', 'ecr:BatchGetImage', 'ecr:BatchCheckLayerAvailability'],\n        });\n        statement.sid = 'CodeBuild';\n        this.buildImage.repository.addToResourcePolicy(statement);\n      }\n    }\n    if (imagePullPrincipalType === ImagePullPrincipalType.SERVICE_ROLE) {\n      this.buildImage.secretsManagerCredentials?.grantRead(this);\n    }\n\n    const secret = this.buildImage.secretsManagerCredentials;\n    return {\n      type: this.buildImage.type,\n      image: this.buildImage.imageId,\n      imagePullCredentialsType: imagePullPrincipalType,\n      registryCredential: secret\n        ? {\n          credentialProvider: 'SECRETS_MANAGER',\n          // Secrets must be referenced by either the full ARN (with SecretsManager suffix), or by name.\n          // \"Partial\" ARNs (without the suffix) will fail a validation regex at deploy-time.\n          credential: secret.secretFullArn ?? secret.secretName,\n        }\n        : undefined,\n      certificate: env.certificate?.bucket.arnForObjects(env.certificate.objectKey),\n      privilegedMode: env.privileged || false,\n      computeType: env.computeType || this.buildImage.defaultComputeType,\n      environmentVariables: hasEnvironmentVars\n        ? Project.serializeEnvVariables(vars, props.checkSecretsInPlainTextEnvVariables ?? true, this)\n        : undefined,\n    };\n  }\n\n  private renderFileSystemLocations(): CfnProject.ProjectFileSystemLocationProperty[] | undefined {\n    return this._fileSystemLocations.length === 0\n      ? undefined\n      : this._fileSystemLocations;\n  }\n\n  private renderSecondarySources(): CfnProject.SourceProperty[] | undefined {\n    return this._secondarySources.length === 0\n      ? undefined\n      : this._secondarySources;\n  }\n\n  private renderSecondarySourceVersions(): CfnProject.ProjectSourceVersionProperty[] | undefined {\n    return this._secondarySourceVersions.length === 0\n      ? undefined\n      : this._secondarySourceVersions;\n  }\n\n  private renderSecondaryArtifacts(): CfnProject.ArtifactsProperty[] | undefined {\n    return this._secondaryArtifacts.length === 0\n      ? undefined\n      : this._secondaryArtifacts;\n  }\n\n  /**\n   * If configured, set up the VPC-related properties\n   *\n   * Returns the VpcConfig that should be added to the\n   * codebuild creation properties.\n   */\n  private configureVpc(props: ProjectProps): CfnProject.VpcConfigProperty | undefined {\n    if ((props.securityGroups || props.allowAllOutbound !== undefined) && !props.vpc) {\n      throw new Error('Cannot configure \\'securityGroup\\' or \\'allowAllOutbound\\' without configuring a VPC');\n    }\n\n    if (!props.vpc) { return undefined; }\n\n    if ((props.securityGroups && props.securityGroups.length > 0) && props.allowAllOutbound !== undefined) {\n      throw new Error('Configure \\'allowAllOutbound\\' directly on the supplied SecurityGroup.');\n    }\n\n    let securityGroups: ec2.ISecurityGroup[];\n    if (props.securityGroups && props.securityGroups.length > 0) {\n      securityGroups = props.securityGroups;\n    } else {\n      const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {\n        vpc: props.vpc,\n        description: 'Automatic generated security group for CodeBuild ' + Names.uniqueId(this),\n        allowAllOutbound: props.allowAllOutbound,\n      });\n      securityGroups = [securityGroup];\n    }\n    this._connections = new ec2.Connections({ securityGroups });\n\n    return {\n      vpcId: props.vpc.vpcId,\n      subnets: props.vpc.selectSubnets(props.subnetSelection).subnetIds,\n      securityGroupIds: this.connections.securityGroups.map(s => s.securityGroupId),\n    };\n  }\n\n  private renderLoggingConfiguration(props: LoggingOptions | undefined): CfnProject.LogsConfigProperty | undefined {\n    if (props === undefined) {\n      return undefined;\n    }\n\n    let s3Config: CfnProject.S3LogsConfigProperty | undefined = undefined;\n    let cloudwatchConfig: CfnProject.CloudWatchLogsConfigProperty | undefined = undefined;\n\n    if (props.s3) {\n      const s3Logs = props.s3;\n      s3Config = {\n        status: (s3Logs.enabled ?? true) ? 'ENABLED' : 'DISABLED',\n        location: `${s3Logs.bucket.bucketName}` + (s3Logs.prefix ? `/${s3Logs.prefix}` : ''),\n        encryptionDisabled: s3Logs.encrypted,\n      };\n      s3Logs.bucket?.grantWrite(this);\n    }\n\n    if (props.cloudWatch) {\n      const cloudWatchLogs = props.cloudWatch;\n      const status = (cloudWatchLogs.enabled ?? true) ? 'ENABLED' : 'DISABLED';\n\n      if (status === 'ENABLED' && !(cloudWatchLogs.logGroup)) {\n        throw new Error('Specifying a LogGroup is required if CloudWatch logging for CodeBuild is enabled');\n      }\n      cloudWatchLogs.logGroup?.grantWrite(this);\n\n      cloudwatchConfig = {\n        status,\n        groupName: cloudWatchLogs.logGroup?.logGroupName,\n        streamName: cloudWatchLogs.prefix,\n      };\n    }\n\n    return {\n      s3Logs: s3Config,\n      cloudWatchLogs: cloudwatchConfig,\n    };\n  }\n\n  private addVpcRequiredPermissions(props: ProjectProps, project: CfnProject): void {\n    if (!props.vpc || !this.role) {\n      return;\n    }\n\n    this.role.addToPrincipalPolicy(new iam.PolicyStatement({\n      resources: [`arn:${Aws.PARTITION}:ec2:${Aws.REGION}:${Aws.ACCOUNT_ID}:network-interface/*`],\n      actions: ['ec2:CreateNetworkInterfacePermission'],\n      conditions: {\n        StringEquals: {\n          'ec2:Subnet': props.vpc\n            .selectSubnets(props.subnetSelection).subnetIds\n            .map(si => `arn:${Aws.PARTITION}:ec2:${Aws.REGION}:${Aws.ACCOUNT_ID}:subnet/${si}`),\n          'ec2:AuthorizedService': 'codebuild.amazonaws.com',\n        },\n      },\n    }));\n\n    // If the same Role is used for multiple Projects, always creating a new `iam.Policy`\n    // will attach the same policy multiple times, probably exceeding the maximum size of the\n    // Role policy. Make sure we only do it once for the same role.\n    //\n    // This deduplication could be a feature of the Role itself, but that feels risky and\n    // is hard to implement (what with Tokens and all). Safer to fix it locally for now.\n    let policy: iam.Policy | undefined = (this.role as any)[VPC_POLICY_SYM];\n    if (!policy) {\n      policy = new iam.Policy(this, 'PolicyDocument', {\n        statements: [\n          new iam.PolicyStatement({\n            resources: ['*'],\n            actions: [\n              'ec2:CreateNetworkInterface',\n              'ec2:DescribeNetworkInterfaces',\n              'ec2:DeleteNetworkInterface',\n              'ec2:DescribeSubnets',\n              'ec2:DescribeSecurityGroups',\n              'ec2:DescribeDhcpOptions',\n              'ec2:DescribeVpcs',\n            ],\n          }),\n        ],\n      });\n      this.role.attachInlinePolicy(policy);\n      (this.role as any)[VPC_POLICY_SYM] = policy;\n    }\n\n    // add an explicit dependency between the EC2 Policy and this Project -\n    // otherwise, creating the Project fails, as it requires these permissions\n    // to be already attached to the Project's Role\n    project.node.addDependency(policy);\n  }\n\n  private validateCodePipelineSettings(artifacts: IArtifacts) {\n    const sourceType = this.source.type;\n    const artifactsType = artifacts.type;\n\n    if ((sourceType === CODEPIPELINE_SOURCE_ARTIFACTS_TYPE ||\n        artifactsType === CODEPIPELINE_SOURCE_ARTIFACTS_TYPE) &&\n        (sourceType !== artifactsType)) {\n      throw new Error('Both source and artifacts must be set to CodePipeline');\n    }\n  }\n}\n\n/**\n * Build machine compute type.\n */\nexport enum ComputeType {\n  SMALL = 'BUILD_GENERAL1_SMALL',\n  MEDIUM = 'BUILD_GENERAL1_MEDIUM',\n  LARGE = 'BUILD_GENERAL1_LARGE',\n  X2_LARGE = 'BUILD_GENERAL1_2XLARGE'\n}\n\n/**\n * The type of principal CodeBuild will use to pull your build Docker image.\n */\nexport enum ImagePullPrincipalType {\n  /**\n   * CODEBUILD specifies that CodeBuild uses its own identity when pulling the image.\n   * This means the resource policy of the ECR repository that hosts the image will be modified to trust\n   * CodeBuild's service principal.\n   * This is the required principal type when using CodeBuild's pre-defined images.\n   */\n  CODEBUILD = 'CODEBUILD',\n\n  /**\n   * SERVICE_ROLE specifies that AWS CodeBuild uses the project's role when pulling the image.\n   * The role will be granted pull permissions on the ECR repository hosting the image.\n   */\n  SERVICE_ROLE = 'SERVICE_ROLE'\n}\n\nexport interface BuildEnvironment {\n  /**\n   * The image used for the builds.\n   *\n   * @default LinuxBuildImage.STANDARD_1_0\n   */\n  readonly buildImage?: IBuildImage;\n\n  /**\n   * The type of compute to use for this build.\n   * See the {@link ComputeType} enum for the possible values.\n   *\n   * @default taken from {@link #buildImage#defaultComputeType}\n   */\n  readonly computeType?: ComputeType;\n\n  /**\n   * Indicates how the project builds Docker images. Specify true to enable\n   * running the Docker daemon inside a Docker container. This value must be\n   * set to true only if this build project will be used to build Docker\n   * images, and the specified build environment image is not one provided by\n   * AWS CodeBuild with Docker support. Otherwise, all associated builds that\n   * attempt to interact with the Docker daemon will fail.\n   *\n   * @default false\n   */\n  readonly privileged?: boolean;\n\n  /**\n   * The location of the PEM-encoded certificate for the build project\n   *\n   * @default - No external certificate is added to the project\n   */\n  readonly certificate?: BuildEnvironmentCertificate;\n\n  /**\n   * The environment variables that your builds can use.\n   */\n  readonly environmentVariables?: { [name: string]: BuildEnvironmentVariable };\n}\n\n/**\n * Represents a Docker image used for the CodeBuild Project builds.\n * Use the concrete subclasses, either:\n * {@link LinuxBuildImage} or {@link WindowsBuildImage}.\n */\nexport interface IBuildImage {\n  /**\n   * The type of build environment.\n   */\n  readonly type: string;\n\n  /**\n   * The Docker image identifier that the build environment uses.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html\n   */\n  readonly imageId: string;\n\n  /**\n   * The default {@link ComputeType} to use with this image,\n   * if one was not specified in {@link BuildEnvironment#computeType} explicitly.\n   */\n  readonly defaultComputeType: ComputeType;\n\n  /**\n   * The type of principal that CodeBuild will use to pull this build Docker image.\n   *\n   * @default ImagePullPrincipalType.SERVICE_ROLE\n   */\n  readonly imagePullPrincipalType?: ImagePullPrincipalType;\n\n  /**\n   * The secretsManagerCredentials for access to a private registry.\n   *\n   * @default no credentials will be used\n   */\n  readonly secretsManagerCredentials?: secretsmanager.ISecret;\n\n  /**\n   * An optional ECR repository that the image is hosted in.\n   *\n   * @default no repository\n   */\n  readonly repository?: ecr.IRepository;\n\n  /**\n   * Allows the image a chance to validate whether the passed configuration is correct.\n   *\n   * @param buildEnvironment the current build environment\n   */\n  validate(buildEnvironment: BuildEnvironment): string[];\n\n  /**\n   * Make a buildspec to run the indicated script\n   */\n  runScriptBuildspec(entrypoint: string): BuildSpec;\n}\n\n/** Optional arguments to {@link IBuildImage.binder} - currently empty. */\nexport interface BuildImageBindOptions { }\n\n/** The return type from {@link IBuildImage.binder} - currently empty. */\nexport interface BuildImageConfig { }\n\n// @deprecated(not in tsdoc on purpose): add bind() to IBuildImage\n// and get rid of IBindableBuildImage\n\n/** A variant of {@link IBuildImage} that allows binding to the project. */\nexport interface IBindableBuildImage extends IBuildImage {\n  /** Function that allows the build image access to the construct tree. */\n  bind(scope: CoreConstruct, project: IProject, options: BuildImageBindOptions): BuildImageConfig;\n}\n\n/**\n * The options when creating a CodeBuild Docker build image\n * using {@link LinuxBuildImage.fromDockerRegistry}\n * or {@link WindowsBuildImage.fromDockerRegistry}.\n */\nexport interface DockerImageOptions {\n  /**\n   * The credentials, stored in Secrets Manager,\n   * used for accessing the repository holding the image,\n   * if the repository is private.\n   *\n   * @default no credentials will be used (we assume the repository is public)\n   */\n  readonly secretsManagerCredentials?: secretsmanager.ISecret;\n}\n\n/**\n * Construction properties of {@link LinuxBuildImage}.\n * Module-private, as the constructor of {@link LinuxBuildImage} is private.\n */\ninterface LinuxBuildImageProps {\n  readonly imageId: string;\n  readonly imagePullPrincipalType?: ImagePullPrincipalType;\n  readonly secretsManagerCredentials?: secretsmanager.ISecret;\n  readonly repository?: ecr.IRepository;\n}\n\n// Keep around to resolve a circular dependency until removing deprecated ARM image constants from LinuxBuildImage\n// eslint-disable-next-line no-duplicate-imports, import/order\nimport { LinuxArmBuildImage } from './linux-arm-build-image';\n\n/**\n * A CodeBuild image running x86-64 Linux.\n *\n * This class has a bunch of public constants that represent the most popular images.\n *\n * You can also specify a custom image using one of the static methods:\n *\n * - LinuxBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }])\n * - LinuxBuildImage.fromEcrRepository(repo[, tag])\n * - LinuxBuildImage.fromAsset(parent, id, props)\n *\n *\n * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html\n */\nexport class LinuxBuildImage implements IBuildImage {\n  public static readonly STANDARD_1_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:1.0');\n  public static readonly STANDARD_2_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:2.0');\n  public static readonly STANDARD_3_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:3.0');\n  /** The `aws/codebuild/standard:4.0` build image. */\n  public static readonly STANDARD_4_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:4.0');\n  /** The `aws/codebuild/standard:5.0` build image. */\n  public static readonly STANDARD_5_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/standard:5.0');\n\n  public static readonly AMAZON_LINUX_2 = LinuxBuildImage.codeBuildImage('aws/codebuild/amazonlinux2-x86_64-standard:1.0');\n  public static readonly AMAZON_LINUX_2_2 = LinuxBuildImage.codeBuildImage('aws/codebuild/amazonlinux2-x86_64-standard:2.0');\n  /** The Amazon Linux 2 x86_64 standard image, version `3.0`. */\n  public static readonly AMAZON_LINUX_2_3 = LinuxBuildImage.codeBuildImage('aws/codebuild/amazonlinux2-x86_64-standard:3.0');\n\n  /** @deprecated Use LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_1_0 instead. */\n  public static readonly AMAZON_LINUX_2_ARM = LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_1_0;\n  /**\n   * Image \"aws/codebuild/amazonlinux2-aarch64-standard:2.0\".\n   * @deprecated Use LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_2_0 instead.\n   * */\n  public static readonly AMAZON_LINUX_2_ARM_2 = LinuxArmBuildImage.AMAZON_LINUX_2_STANDARD_2_0;\n\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_BASE = LinuxBuildImage.codeBuildImage('aws/codebuild/ubuntu-base:14.04');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_ANDROID_JAVA8_24_4_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/android-java-8:24.4.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_ANDROID_JAVA8_26_1_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/android-java-8:26.1.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_DOCKER_17_09_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/docker:17.09.0');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_DOCKER_18_09_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/docker:18.09.0');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_GOLANG_1_10 = LinuxBuildImage.codeBuildImage('aws/codebuild/golang:1.10');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_GOLANG_1_11 = LinuxBuildImage.codeBuildImage('aws/codebuild/golang:1.11');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_OPEN_JDK_8 = LinuxBuildImage.codeBuildImage('aws/codebuild/java:openjdk-8');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_OPEN_JDK_9 = LinuxBuildImage.codeBuildImage('aws/codebuild/java:openjdk-9');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_OPEN_JDK_11 = LinuxBuildImage.codeBuildImage('aws/codebuild/java:openjdk-11');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_NODEJS_10_14_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:10.14.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_NODEJS_10_1_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:10.1.0');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_NODEJS_8_11_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:8.11.0');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_NODEJS_6_3_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/nodejs:6.3.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PHP_5_6 = LinuxBuildImage.codeBuildImage('aws/codebuild/php:5.6');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PHP_7_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/php:7.0');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PHP_7_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/php:7.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PYTHON_3_7_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.7.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PYTHON_3_6_5 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.6.5');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PYTHON_3_5_2 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.5.2');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PYTHON_3_4_5 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.4.5');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PYTHON_3_3_6 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:3.3.6');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_PYTHON_2_7_12 = LinuxBuildImage.codeBuildImage('aws/codebuild/python:2.7.12');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_RUBY_2_5_3 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.5.3');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_RUBY_2_5_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.5.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_RUBY_2_3_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.3.1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_RUBY_2_2_5 = LinuxBuildImage.codeBuildImage('aws/codebuild/ruby:2.2.5');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_DOTNET_CORE_1_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/dot-net:core-1');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_DOTNET_CORE_2_0 = LinuxBuildImage.codeBuildImage('aws/codebuild/dot-net:core-2.0');\n  /** @deprecated Use {@link STANDARD_2_0} and specify runtime in buildspec runtime-versions section */\n  public static readonly UBUNTU_14_04_DOTNET_CORE_2_1 = LinuxBuildImage.codeBuildImage('aws/codebuild/dot-net:core-2.1');\n\n  /**\n   * @returns a x86-64 Linux build image from a Docker Hub image.\n   */\n  public static fromDockerRegistry(name: string, options: DockerImageOptions = {}): IBuildImage {\n    return new LinuxBuildImage({\n      ...options,\n      imageId: name,\n      imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,\n    });\n  }\n\n  /**\n   * @returns A x86-64 Linux build image from an ECR repository.\n   *\n   * NOTE: if the repository is external (i.e. imported), then we won't be able to add\n   * a resource policy statement for it so CodeBuild can pull the image.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html\n   *\n   * @param repository The ECR repository\n   * @param tagOrDigest Image tag or digest (default \"latest\", digests must start with `sha256:`)\n   */\n  public static fromEcrRepository(repository: ecr.IRepository, tagOrDigest: string = 'latest'): IBuildImage {\n    return new LinuxBuildImage({\n      imageId: repository.repositoryUriForTagOrDigest(tagOrDigest),\n      imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,\n      repository,\n    });\n  }\n\n  /**\n   * Uses an Docker image asset as a x86-64 Linux build image.\n   */\n  public static fromAsset(scope: Construct, id: string, props: DockerImageAssetProps): IBuildImage {\n    const asset = new DockerImageAsset(scope, id, props);\n    return new LinuxBuildImage({\n      imageId: asset.imageUri,\n      imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,\n      repository: asset.repository,\n    });\n  }\n\n  /**\n   * Uses a Docker image provided by CodeBuild.\n   *\n   * @returns A Docker image provided by CodeBuild.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html\n   *\n   * @param id The image identifier\n   * @example 'aws/codebuild/standard:4.0'\n   */\n  public static fromCodeBuildImageId(id: string): IBuildImage {\n    return LinuxBuildImage.codeBuildImage(id);\n  }\n\n  private static codeBuildImage(name: string): IBuildImage {\n    return new LinuxBuildImage({\n      imageId: name,\n      imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,\n    });\n  }\n\n  public readonly type = 'LINUX_CONTAINER';\n  public readonly defaultComputeType = ComputeType.SMALL;\n  public readonly imageId: string;\n  public readonly imagePullPrincipalType?: ImagePullPrincipalType;\n  public readonly secretsManagerCredentials?: secretsmanager.ISecret;\n  public readonly repository?: ecr.IRepository;\n\n  private constructor(props: LinuxBuildImageProps) {\n    this.imageId = props.imageId;\n    this.imagePullPrincipalType = props.imagePullPrincipalType;\n    this.secretsManagerCredentials = props.secretsManagerCredentials;\n    this.repository = props.repository;\n  }\n\n  public validate(_: BuildEnvironment): string[] {\n    return [];\n  }\n\n  public runScriptBuildspec(entrypoint: string): BuildSpec {\n    return runScriptLinuxBuildSpec(entrypoint);\n  }\n}\n\n/**\n * Environment type for Windows Docker images\n */\nexport enum WindowsImageType {\n  /**\n   * The standard environment type, WINDOWS_CONTAINER\n   */\n  STANDARD = 'WINDOWS_CONTAINER',\n\n  /**\n   * The WINDOWS_SERVER_2019_CONTAINER environment type\n   */\n  SERVER_2019 = 'WINDOWS_SERVER_2019_CONTAINER'\n}\n\n/**\n * Construction properties of {@link WindowsBuildImage}.\n * Module-private, as the constructor of {@link WindowsBuildImage} is private.\n */\ninterface WindowsBuildImageProps {\n  readonly imageId: string;\n  readonly imagePullPrincipalType?: ImagePullPrincipalType;\n  readonly secretsManagerCredentials?: secretsmanager.ISecret;\n  readonly repository?: ecr.IRepository;\n  readonly imageType?: WindowsImageType;\n}\n\n/**\n * A CodeBuild image running Windows.\n *\n * This class has a bunch of public constants that represent the most popular images.\n *\n * You can also specify a custom image using one of the static methods:\n *\n * - WindowsBuildImage.fromDockerRegistry(image[, { secretsManagerCredentials }, imageType])\n * - WindowsBuildImage.fromEcrRepository(repo[, tag, imageType])\n * - WindowsBuildImage.fromAsset(parent, id, props, [, imageType])\n *\n * @see https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html\n */\nexport class WindowsBuildImage implements IBuildImage {\n  /**\n   * Corresponds to the standard CodeBuild image `aws/codebuild/windows-base:1.0`.\n   *\n   * @deprecated `WindowsBuildImage.WINDOWS_BASE_2_0` should be used instead.\n   */\n  public static readonly WIN_SERVER_CORE_2016_BASE: IBuildImage = new WindowsBuildImage({\n    imageId: 'aws/codebuild/windows-base:1.0',\n    imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,\n  });\n\n  /**\n   * The standard CodeBuild image `aws/codebuild/windows-base:2.0`, which is\n   * based off Windows Server Core 2016.\n   */\n  public static readonly WINDOWS_BASE_2_0: IBuildImage = new WindowsBuildImage({\n    imageId: 'aws/codebuild/windows-base:2.0',\n    imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,\n  });\n\n  /**\n   * The standard CodeBuild image `aws/codebuild/windows-base:2019-1.0`, which is\n   * based off Windows Server Core 2019.\n   */\n  public static readonly WIN_SERVER_CORE_2019_BASE: IBuildImage = new WindowsBuildImage({\n    imageId: 'aws/codebuild/windows-base:2019-1.0',\n    imagePullPrincipalType: ImagePullPrincipalType.CODEBUILD,\n    imageType: WindowsImageType.SERVER_2019,\n  });\n\n  /**\n   * @returns a Windows build image from a Docker Hub image.\n   */\n  public static fromDockerRegistry(\n    name: string,\n    options: DockerImageOptions = {},\n    imageType: WindowsImageType = WindowsImageType.STANDARD): IBuildImage {\n\n    return new WindowsBuildImage({\n      ...options,\n      imageId: name,\n      imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,\n      imageType,\n    });\n  }\n\n  /**\n   * @returns A Windows build image from an ECR repository.\n   *\n   * NOTE: if the repository is external (i.e. imported), then we won't be able to add\n   * a resource policy statement for it so CodeBuild can pull the image.\n   *\n   * @see https://docs.aws.amazon.com/codebuild/latest/userguide/sample-ecr.html\n   *\n   * @param repository The ECR repository\n   * @param tagOrDigest Image tag or digest (default \"latest\", digests must start with `sha256:`)\n   */\n  public static fromEcrRepository(\n    repository: ecr.IRepository,\n    tagOrDigest: string = 'latest',\n    imageType: WindowsImageType = WindowsImageType.STANDARD): IBuildImage {\n\n    return new WindowsBuildImage({\n      imageId: repository.repositoryUriForTagOrDigest(tagOrDigest),\n      imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,\n      imageType,\n      repository,\n    });\n  }\n\n  /**\n   * Uses an Docker image asset as a Windows build image.\n   */\n  public static fromAsset(\n    scope: Construct,\n    id: string,\n    props: DockerImageAssetProps,\n    imageType: WindowsImageType = WindowsImageType.STANDARD): IBuildImage {\n\n    const asset = new DockerImageAsset(scope, id, props);\n    return new WindowsBuildImage({\n      imageId: asset.imageUri,\n      imagePullPrincipalType: ImagePullPrincipalType.SERVICE_ROLE,\n      imageType,\n      repository: asset.repository,\n    });\n  }\n\n  public readonly type: string;\n  public readonly defaultComputeType = ComputeType.MEDIUM;\n  public readonly imageId: string;\n  public readonly imagePullPrincipalType?: ImagePullPrincipalType;\n  public readonly secretsManagerCredentials?: secretsmanager.ISecret;\n  public readonly repository?: ecr.IRepository;\n\n  private constructor(props: WindowsBuildImageProps) {\n    this.type = (props.imageType ?? WindowsImageType.STANDARD).toString();\n    this.imageId = props.imageId;\n    this.imagePullPrincipalType = props.imagePullPrincipalType;\n    this.secretsManagerCredentials = props.secretsManagerCredentials;\n    this.repository = props.repository;\n  }\n\n  public validate(buildEnvironment: BuildEnvironment): string[] {\n    const ret: string[] = [];\n    if (buildEnvironment.computeType === ComputeType.SMALL) {\n      ret.push('Windows images do not support the Small ComputeType');\n    }\n    return ret;\n  }\n\n  public runScriptBuildspec(entrypoint: string): BuildSpec {\n    return BuildSpec.fromObject({\n      version: '0.2',\n      phases: {\n        pre_build: {\n          // Would love to do downloading here and executing in the next step,\n          // but I don't know how to propagate the value of $TEMPDIR.\n          //\n          // Punting for someone who knows PowerShell well enough.\n          commands: [],\n        },\n        build: {\n          commands: [\n            'Set-Variable -Name TEMPDIR -Value (New-TemporaryFile).DirectoryName',\n            `aws s3 cp s3://$env:${S3_BUCKET_ENV}/$env:${S3_KEY_ENV} $TEMPDIR\\\\scripts.zip`,\n            'New-Item -ItemType Directory -Path $TEMPDIR\\\\scriptdir',\n            'Expand-Archive -Path $TEMPDIR/scripts.zip -DestinationPath $TEMPDIR\\\\scriptdir',\n            '$env:SCRIPT_DIR = \"$TEMPDIR\\\\scriptdir\"',\n            `& $TEMPDIR\\\\scriptdir\\\\${entrypoint}`,\n          ],\n        },\n      },\n    });\n  }\n}\n\nexport interface BuildEnvironmentVariable {\n  /**\n   * The type of environment variable.\n   * @default PlainText\n   */\n  readonly type?: BuildEnvironmentVariableType;\n\n  /**\n   * The value of the environment variable.\n   * For plain-text variables (the default), this is the literal value of variable.\n   * For SSM parameter variables, pass the name of the parameter here (`parameterName` property of `IParameter`).\n   * For SecretsManager variables secrets, pass either the secret name (`secretName` property of `ISecret`)\n   * or the secret ARN (`secretArn` property of `ISecret`) here,\n   * along with optional SecretsManager qualifiers separated by ':', like the JSON key, or the version or stage\n   * (see https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec.env.secrets-manager for details).\n   */\n  readonly value: any;\n}\n\nexport enum BuildEnvironmentVariableType {\n  /**\n   * An environment variable in plaintext format.\n   */\n  PLAINTEXT = 'PLAINTEXT',\n\n  /**\n   * An environment variable stored in Systems Manager Parameter Store.\n   */\n  PARAMETER_STORE = 'PARAMETER_STORE',\n\n  /**\n   * An environment variable stored in AWS Secrets Manager.\n   */\n  SECRETS_MANAGER = 'SECRETS_MANAGER'\n}\n\n/**\n * The list of event types for AWS Codebuild\n * @see https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#events-ref-buildproject\n */\nexport enum ProjectNotificationEvents {\n  /**\n   * Trigger notification when project build state failed\n   */\n  BUILD_FAILED = 'codebuild-project-build-state-failed',\n\n  /**\n   * Trigger notification when project build state succeeded\n   */\n  BUILD_SUCCEEDED = 'codebuild-project-build-state-succeeded',\n\n  /**\n   * Trigger notification when project build state in progress\n   */\n  BUILD_IN_PROGRESS = 'codebuild-project-build-state-in-progress',\n\n  /**\n   * Trigger notification when project build state stopped\n   */\n  BUILD_STOPPED = 'codebuild-project-build-state-stopped',\n\n  /**\n   * Trigger notification when project build phase failure\n   */\n  BUILD_PHASE_FAILED = 'codebuild-project-build-phase-failure',\n\n  /**\n   * Trigger notification when project build phase success\n   */\n  BUILD_PHASE_SUCCEEDED = 'codebuild-project-build-phase-success',\n}\n\nfunction isBindableBuildImage(x: unknown): x is IBindableBuildImage {\n  return typeof x === 'object' && !!x && !!(x as any).bind;\n}\n"]} |
\ | No newline at end of file |