Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Creating a codepipeline.Pipeline with a codebuild.PipelineProject in a different stack results in a circular reference

See original GitHub issue

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository’s issues are intended for feature requests and bug reports.

I’m submitting a …
- 🪲 bug report
What is the current behavior? If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

I am trying to follow the example on this feature https://github.com/aws/aws-cdk/pull/1924 to create a codepipeline with codebuild actions that are created in a separate stack. When I do, I get this error:

Error: 'BuildStack' depends on 'PipelineStack' (BuildStack/CodeBuildProject/Role/DefaultPolicy/Resource -> PipelineStack/Pipeline/ArtifactsBucket/Resource.Arn). Adding this dependency (PipelineStack/Pipeline/ArtifactsBucketEncryptionKey/Resource -> BuildStack/CodeBuildProject/Role/Resource.Arn) would create a cyclic reference.

Here is my sample code that I am working with

#!/usr/bin/env node
import 'source-map-support/register';
import cdk = require('@aws-cdk/core');
import commit = require('@aws-cdk/aws-codecommit');
import pipeline = require('@aws-cdk/aws-codepipeline');
import pipeline_actions = require('@aws-cdk/aws-codepipeline-actions');
import codebuild = require ('@aws-cdk/aws-codebuild');

const region = 'us-east-2';
const account = '12345678';

const app = new cdk.App();

const pipelineStack = new cdk.Stack(app, `PipelineStack`, {
  env: {
    account: account,
    region: region
  }
});

const repo = new commit.Repository(pipelineStack, 'Repo', {
  repositoryName: 'test'
});

const sourceOutput = new pipeline.Artifact();
const sourceAction = new pipeline_actions.CodeCommitSourceAction({
  actionName: 'CodeCommit',
  repository: repo,
  output: sourceOutput,
  branch: 'master'
});

const codePipeline = new pipeline.Pipeline(pipelineStack, 'Pipeline', {
  pipelineName: 'test',
  stages: [
    {
      stageName: 'Source',
      actions: [sourceAction],
    }
  ],
});

const buildStack = new cdk.Stack(app, `BuildStack`, {
  env: {
    account: account,
    region: region
  }
});

const buildProject = new codebuild.PipelineProject(buildStack, 'CodeBuildProject', {
  projectName: 'test-build',
});

const buildAction = new pipeline_actions.CodeBuildAction({
  project: buildProject,
  actionName: 'CodeBuild',
  input: sourceOutput,
});

codePipeline.addStage({
  stageName: `Deploy-Environment`,
  actions: [buildAction]
});

What is the expected behavior (or behavior of feature suggested)?

Based off the feature https://github.com/aws/aws-cdk/pull/1924, I would expect to be able to create a codepipeline in one stack and then add a codebuild project created in a separate stack as a stage. Currently I am trying everything within the same account.

What is the motivation / use case for changing the behavior or adding this feature?

The use case is to be able to create a codepipeline in one account with build/deploy actions in a separate account. Most of the motivation is described in the feature https://github.com/aws/aws-cdk/pull/1924

Please tell us about your environment:
- CDK CLI Version: 1.0.0
- Module Version: 1.0.0
- OS: [OSX Mojave ]
- Language: [TypeScript ]
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

Full error:

/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/stack.ts:272
        throw new Error(`'${stack.node.path}' depends on '${this.node.path}' (${dep.join(', ')}). Adding this dependency (${reason}) would create a cyclic reference.`);
              ^
Error: 'BuildStack' depends on 'PipelineStack' (BuildStack/CodeBuildProject/Role/DefaultPolicy/Resource -> PipelineStack/Pipeline/ArtifactsBucket/Resource.Arn). Adding this dependency (PipelineStack/Pipeline/ArtifactsBucketEncryptionKey/Resource -> BuildStack/CodeBuildProject/Role/Resource.Arn) would create a cyclic reference.
    at Stack.addDependency (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/stack.ts:272:15)
    at CfnReference.consumeFromStack (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/private/cfn-reference.ts:125:22)
    at Stack.prepare (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/stack.ts:489:23)
    at Function.prepare (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/construct.ts:84:28)
    at Function.synth (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/construct.ts:41:10)
    at App.synth (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/app.ts:128:36)
    at process.<anonymous> (/Users/user/cdk/demo/node_modules/@aws-cdk/core/lib/app.ts:111:45)
    at Object.onceWrapper (events.js:284:20)
    at process.emit (events.js:196:13)
    at process.EventEmitter.emit (domain.js:471:20)

Issue Analytics

State:
Created 4 years ago
Reactions:6
Comments:30 (17 by maintainers)

Top GitHub Comments

5reactions

skinny85commented, Jan 27, 2022

@AreebSiddiqui there are a few ways you can break this dependency. The simplest might be to move the CodePipeline’s S3 Bucket to the same Stack as your CodeBuild Project:

export class CodeBuildStack extends Stack {
    public readonly projectABC: codebuild.IProject;
    public readonly artifactBucket: s3.IBucket;

    constructor(scope: Construct, id: string, props?: StackProps) {
        super(scope, id, props);

        this.projectABC = new codebuild.PipelineProject(this, 'PipelineProject');
        this.artifactBucket = new s3.Bucket(this, 'ArtifactBucket');
    }
}

export class CodePipelineStack extends Stack {
    public readonly SourceStage: codepipeline.IStage;
    public readonly BuildStage: codepipeline.IStage;
    public readonly DeployStage: codepipeline.IStage;
    public readonly codePipelineRole: iam.Role;

    constructor(scope: Construct, id: string, codeBuild: CodeBuildStack, props?: StackProps) {
        super(scope, id, props)
        this.codePipelineRole = new iam.Role(this, `CodePipelineRole`, {
            roleName: `CodePipelineRole`,
            assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
            managedPolicies: [
                iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryPowerUser'),
            ],
        });

        const pipeline = new codepipeline.Pipeline(this, `MyCodePipeline`, {
            pipelineName: 'my-codepipeline',
            role: this.codePipelineRole,
            crossAccountKeys: false,
            artifactBucket: codeBuild.artifactBucket,
        });

        const sourceOutput = new codepipeline.Artifact();
        this.SourceStage = pipeline.addStage({
            stageName: 'Source',
            actions: [
                new codepipelineActions.CodeStarConnectionsSourceAction({
                    actionName: 'Source',
                    owner: `onwername`,
                    repo: 'reponame',
                    connectionArn:'my-arn',
                    triggerOnPush:true,
                    output: sourceOutput,
                }),
            ],
        });
        this.BuildStage = pipeline.addStage({
            stageName: 'Build',
            actions: [
                new codepipelineActions.CodeBuildAction({
                    actionName: 'CodeBuild',
                    input: sourceOutput,
                    project: codeBuild.projectABC,
                }),
            ],
        });
    }
}

const app = new App();
const codebuildStack = new CodeBuildStack(app, 'CodeBuildAppStack');
new CodePipelineStack(app, 'CodePipelineAppStack', codebuildStack);

1reaction

AreebSiddiquicommented, Jan 28, 2022

@skinny85 This was a lifesaver, thank you so much. It’s because of people like you that the aws community is ever going, keep up the good work really appreciate it. Thanks again!

Top Results From Across the Web

Use AWS CodePipeline with AWS CodeBuild to test code and ...

You can automate your release process by using AWS CodePipeline to test your code and run your builds with AWS CodeBuild. The following...

CodePipeline for Serverless Applications With ... - Levi9

CodePipeline using Cloudformation. Building a pipeline in AWS's CodePipeline is pretty simple and conceptually similar to other CI\CD tools out there, but ...

Cross-Account Inception Pipeline with AWS CDK

const cdkBuild = new codebuild.PipelineProject(this, "CdkBuild", { buildSpec ...

How can I reference an existing codebuild project in ...

What I am current doing is to create codebuild in one cloudformation stack and reference the codebuild in the codepipeline in a different...

Deploying updates to ECS Fargate services for every ECR ...

Using AWS CDK, this can be achieved by creating a CodeBuild pipeline project with custom CodePipeline artifacts. First, the pipeline is ...