From f3315d896139ac4fb08963da13a9452f5b275ac3 Mon Sep 17 00:00:00 2001 From: Nick Lynch Date: Tue, 21 Jul 2020 13:49:33 +0100 Subject: [PATCH] fix(pipelines): prevent self-mutation on asset updates (#9183) Currently, changes to the asset hashes of content results in changes to the definitions of the pipeline, causing the self-mutate state to trigger. This can cause infinite loops for systems where build artifacts change on each build. The cause for this looping is that the asset hash was embedded as the pipeline action name. By replacing the asset hash with a simple asset counter (already used for the action CloudFormation id), the pipeline definition should remain stable on asset changes. _Testing:_ Due to the pipeline executing the current version of CDK within the pipeline, it's impossible to actual verify that this corrects the issue. To test + verify, created a sample app where the asset hash changed on each build. Then ran subsequent 'cdk synth' commands and diff'ed the output. Prior to this change, there were numerous changes related to the asset hash in the pipeline stack. After, only the buildspec of the CodeBuild project that referenced the hash changed. This does not change the definition of the CodePipeline itself. fixes #9080 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/pipelines/lib/pipeline.ts | 2 +- packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/pipelines/lib/pipeline.ts b/packages/@aws-cdk/pipelines/lib/pipeline.ts index 75fb655560c6b..09de29bedb663 100644 --- a/packages/@aws-cdk/pipelines/lib/pipeline.ts +++ b/packages/@aws-cdk/pipelines/lib/pipeline.ts @@ -279,7 +279,7 @@ class AssetPublishing extends Construct { const id = command.assetType === AssetType.FILE ? `FileAsset${this._fileAssetCtr++}` : `DockerAsset${this._dockerAssetCtr++}`; action = this.publishers[command.assetId] = new PublishAssetsAction(this, id, { - actionName: command.assetId, + actionName: id, cloudAssemblyInput: this.props.cloudAssemblyInput, cdkCliVersion: this.props.cdkCliVersion, assetType: command.assetType, diff --git a/packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts b/packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts index e0d4119c326db..084fe467413bb 100644 --- a/packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts +++ b/packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts @@ -82,7 +82,7 @@ test('assets are also published when using the lower-level addStackArtifactDeplo Name: 'Assets', Actions: [ objectLike({ - Name: FILE_ASSET_SOURCE_HASH, + Name: 'FileAsset1', RunOrder: 1, }), ],