Add pipeline related configuration files

buildspec.yml

@@ -0,0 +1,35 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      nodejs: 16
+  pre_build:
+    commands:
+      - npm install -g [email protected]
+      - echo "Installing dependencies and executing unit tests - `pwd`"
+      - cd deployment && chmod +x ./run-unit-tests.sh && ./run-unit-tests.sh
+      - echo "Installing dependencies and executing unit tests completed `date`"
+  build:
+    commands:
+      - echo "Starting build `date` in `pwd`"
+      - chmod +x ./build-s3-dist.sh && ./build-s3-dist.sh $DIST_OUTPUT_BUCKET $SOLUTION_NAME $VERSION
+      - echo "Build completed `date`"
+      - echo "Starting open-source-dist `date` in `pwd`"
+      - chmod +x ./build-open-source-dist.sh && ./build-open-source-dist.sh $SOLUTION_NAME
+      - echo "Open Source Dist completed `date`"
+  post_build:
+    commands:
+      - echo "Retrieving next stage buildspec `date` in `pwd`"
+      - aws s3 cp s3://solutions-build-assets/changelog-spec.yml ../buildspec.yml
+      - echo "Retrieving next stage buildspec complete"
+      - echo "Post build completed on `date`"
+
+artifacts:
+  files:
+    - deployment/**/*
+    - source/**/*
+    - CHANGELOG.md
+    - buildspec.yml
+    - sonar-project.properties
+    - .gitignore

deployment/build-open-source-dist.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# This assumes all of the OS-level configuration has been completed and git repo has already been cloned
+#
+# This script should be run from the repo's deployment directory
+# cd deployment
+# ./build-open-source-dist.sh solution-name
+#
+# Parameters:
+#  - solution-name: name of the solution for consistency
+
+# Check to see if input has been provided:
+if [ -z "$1" ]; then
+    echo "Please provide the trademark approved solution name for the open source package."
+    echo "For example: ./build-open-source-dist.sh trademarked-solution-name"
+    exit 1
+fi
+
+# Get reference for all important folders
+source_template_dir="$PWD"
+dist_dir="$source_template_dir/open-source"
+dist_template_dir="$dist_dir/deployment"
+source_dir="$source_template_dir/../source"
+
+echo "------------------------------------------------------------------------------"
+echo "[Init] Clean old open-source folder"
+echo "------------------------------------------------------------------------------"
+rm -rf $dist_dir
+mkdir -p $dist_dir
+mkdir -p $dist_template_dir
+
+echo "------------------------------------------------------------------------------"
+echo "[Packing] Build Script"
+echo "------------------------------------------------------------------------------"
+cp $source_template_dir/build-s3-dist.sh $dist_template_dir
+cp $source_template_dir/run-unit-tests.sh $dist_template_dir
+
+echo "------------------------------------------------------------------------------"
+echo "[Packing] Architecture diagram"
+echo "------------------------------------------------------------------------------"
+cp $source_template_dir/../architecture.png $dist_dir
+
+echo "------------------------------------------------------------------------------"
+echo "[Packing] Source folder and clean up the pacakge"
+echo "------------------------------------------------------------------------------"
+rsync -avq --progress $source_dir $dist_dir --exclude node_modules
+find $dist_dir -iname "dist" -type d -exec rm -rf "{}" \; 2>/dev/null
+find $dist_dir -iname "node_modules" -type d -exec rm -rf "{}" \; 2>/dev/null
+find $dist_dir -iname "coverage" -type d -exec rm -rf "{}" \; 2>/dev/null
+find $dist_dir -type f -name 'package-lock.json' -delete
+find $dist_dir/source/constructs -iname "cdk.out" -type d -exec rm -rf "{}" \; 2>/dev/null
+find $dist_dir -type f -name '.DS_Store' -delete
+
+echo "------------------------------------------------------------------------------"
+echo "Removing unit test coverage files used by SonarQube"
+echo "------------------------------------------------------------------------------"
+rm -rf $dist_dir/source/test
+
+echo "------------------------------------------------------------------------------"
+echo "[Packing] Root files"
+echo "------------------------------------------------------------------------------"
+cp $source_template_dir/../LICENSE.txt $dist_dir
+cp $source_template_dir/../NOTICE.txt $dist_dir
+cp $source_template_dir/../README.md $dist_dir
+cp $source_template_dir/../CODE_OF_CONDUCT.md $dist_dir
+cp $source_template_dir/../CONTRIBUTING.md $dist_dir
+cp $source_template_dir/../CHANGELOG.md $dist_dir
+cp $source_template_dir/../.gitignore $dist_dir
+cp -r $source_template_dir/../.github $dist_dir
+
+echo "------------------------------------------------------------------------------"
+echo "Creating GitHub (open-source) zip file"
+echo "------------------------------------------------------------------------------"
+cd $dist_dir
+zip -q -r9 ../$1.zip * .github .gitignore
+rm -rf * .github .gitignore
+mv ../$1.zip .
+echo "Completed building $1.zip"

sonar-project.properties

@@ -0,0 +1,70 @@
+# Customize sonar.sources, sonar.exclusions, sonar.coverage.exclusions, sonar.tests and sonar
+# unit test coverage reports based on your solutions
+
+# Refer to https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
+# for details on sources and exclusions. Note also .gitignore
+#
+sonar.sources=source, deployment
+
+# Focusing sonarqube analysis on non test code first and reducing noise from analysis of test code. Projects
+# can customize the exclusions to include analyzing of test code if desired
+sonar.exclusions= **/dist/**, \
+  deployment/**
+
+# Code coverage Specific Properties
+sonar.coverage.exclusions= **/jest.config.js, \
+  **/test/**, \
+  **/test*, \
+  source/demo-ui/**, \
+  source/constructs/bin/constructs.ts
+
+# Ignoring duplications
+sonar.cpd.exclusions=source/image-handler/test/**/*.ts, \
+  source/custom-resource/test/*.ts
+
+# Ignoring following issues, false warnings
+sonar.issue.ignore.multicriteria=e1, e2, e3, e4, e5, e6, e7, e8
+
+# Enabling Cross-Origin Resource Sharing is security-sensitive.
+sonar.issue.ignore.multicriteria.e1.ruleKey=typescript:S5122
+sonar.issue.ignore.multicriteria.e1.resourceKey=source/image-handler/test/index.spec.ts
+
+# Enabling Cross-Origin Resource Sharing is security-sensitive.
+sonar.issue.ignore.multicriteria.e2.ruleKey=typescript:S5122
+sonar.issue.ignore.multicriteria.e2.resourceKey=source/constructs/lib/serverless-image-stack.ts
+
+# Enabling Cross-Origin Resource Sharing is security-sensitive.
+sonar.issue.ignore.multicriteria.e3.ruleKey=typescript:S5122
+sonar.issue.ignore.multicriteria.e3.resourceKey=source/image-handler/index.ts
+
+# Using regular expressions is security-sensitive.
+sonar.issue.ignore.multicriteria.e4.ruleKey=typescript:S4784
+sonar.issue.ignore.multicriteria.e4.resourceKey=source/image-handler/thumbor-mapper.ts
+
+# Hashing data is security-sensitive
+sonar.issue.ignore.multicriteria.e5.ruleKey=typescript:S4790
+sonar.issue.ignore.multicriteria.e5.resourceKey=source/custom-resource/index.ts
+
+# Hashing data is security-sensitive
+sonar.issue.ignore.multicriteria.e6.ruleKey=typescript:S4790
+sonar.issue.ignore.multicriteria.e6.resourceKey=source/demo-ui/scripts.js
+
+# Using regular expressions is security-sensitive.
+sonar.issue.ignore.multicriteria.e7.ruleKey=typescript:S4784
+sonar.issue.ignore.multicriteria.e7.resourceKey=source/image-handler/image-request.ts
+
+# Using regular expressions is security-sensitive.
+sonar.issue.ignore.multicriteria.e8.ruleKey=javascript:S4784
+sonar.issue.ignore.multicriteria.e8.resourceKey=source/demo-ui/scripts.js
+
+# Sensor SonarJS Coverage [javascript] was not allowing globbing
+# for sonar.javascript.lcov.reportPaths such as this
+#    source/test/coverage-reports/jest/*/lcov.info
+# so we have to provide an explicit list of reportPaths
+sonar.javascript.lcov.reportPaths= \
+  source/test/coverage-reports/jest/constructs/lcov.info, \
+  source/test/coverage-reports/jest/custom-resource/lcov.info, \
+  source/test/coverage-reports/jest/image-handler/lcov.info
+
+# Encoding of the source files
+sonar.sourceEncoding=UTF-8