aws-cdk: [aws-codepipeline-actions] EcrSourceAction with ECR as a source does not trigger pipeline change when the source is updated

When creating a code pipeline and using EcrSourceAction, I would expect when the latest tag is updated, for this to update the pipeline that is using this as a source. This is how it works when I create this manually but I cannot get the CDK to do this.

I am thinking this is a bug because this is not what happens when I build the pipeline manually.

Reproduction Steps

I have a pretty large construct to build our pipeline so I will only post the part I think is relevant to the issue.

This is how I define the source action for the pipeline to use the Repository as a source:

new EcrSourceAction({
  actionName: 'BaseImage',
  repository: this._props.projectSourceEcrRepo, // This is an ECR Repository object
  imageTag: 'latest',
  output: this._artifactProjectBaseECR,
}),

Whenever I update the ECR repo, this does not trigger the pipeline to update at all. Basically, adding this as a source is pointless as the entire purpose is to allow this to update the pipeline when this is changed. Otherwise, I can simply pull the image when the project code is update.

To give a better idea of what I am doing:

I have 2 sources (ECR, and BitBucket)
- When ECR is updated, nothing happens
- When BitBucket is updated, the pipeline works as expected (pulling the latest ECR image)
Build, just builds a new image using the ECR source latest and the code from the BitBucket branch
Deploy, since blue/green is not working, I have a rolling update in place currently.

The only part of the pipeline not working is the ECR source does not trigger the pipeline to build when it is updated.

What did you expect to happen?

I expected that when I update the ECR source, for it to trigger the pipeline to build as this is what it does when I build this manually.

What actually happened?

When the ECR source is updated, nothing happens. No errors that I could find, simply nothing. Like it is not aware of the connection to the repo. For me to trigger a change, I need to update the code to force the pipeline to trigger

Environment

CLI Version : 1.67.0 (build 2b4dd71)
Framework Version: 1.67.0 (build 2b4dd71)
Node.js Version: v12.18.3
OS : Linux Zeus 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Language (Version): TypeScript (3.9.7)

This is 🐛 Bug Report

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 2
Comments: 27 (10 by maintainers)

Commits related to this issue

fix(codepipeline-actions): ecr source action doesn't trigger the pipeline (#21580) When the ECR source action was initially released, ECR did not yet integrate with EventBridge so it was necessary to... — committed to aws/aws-cdk by corymhall 2 years ago
fix(codepipeline-actions): ecr source action doesn't trigger the pipeline (#21580) When the ECR source action was initially released, ECR did not yet integrate with EventBridge so it was necessary to... — committed to josephedward/aws-cdk by corymhall 2 years ago

Most upvoted comments

I have the same issue, checked CloudWatch events, and found different events. CDK creates an event that doesn’t work

CDK created event (it doesn’t work):

{
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "source": [
    "aws.ecr"
  ],
  "detail": {
    "requestParameters": {
      "repositoryName": [
        "ecr-repo-name"
      ],
      "imageTag": [
        "latest"
      ]
    },
    "eventName": [
      "PutImage"
    ]
  }
}

Web console created such event (it works well):

{
  "source": [
    "aws.ecr"
  ],
  "detail": {
    "action-type": [
      "PUSH"
    ],
    "image-tag": [
      "latest"
    ],
    "repository-name": [
      "ecr-repo-name"
    ],
    "result": [
      "SUCCESS"
    ]
  },
  "detail-type": [
    "ECR Image Action"
  ]
}

My fix for this issue (python):

        ecr_repo = ecr.Repository.from_repository_name(self, "ecr-repo", settings.backend_ecr_name)
        source_output_ecr = pipeline.Artifact()
        source_action_ecr = actions.EcrSourceAction(
            action_name="ECR",
            repository=ecr_repo,
            image_tag="latest",  # optional, default: 'latest'
            output=source_output_ecr
        )
        rule = events.Rule(
            self, "ecr-rule",
            event_pattern=events.EventPattern(
                source=["aws.ecr"],
                detail={
                    "action-type": [
                        "PUSH"
                    ],
                    "image-tag": [
                        "latest"
                    ],
                    "repository-name": [
                        settings.backend_ecr_name
                    ],
                    "result": [
                        "SUCCESS"
                    ]
                }
            ),
        )
        ......pipeline_backend creation
        rule.add_target(targets.CodePipeline(pipeline_backend))

solovievv on Dec 18, 2020

I was able to get the base image to trigger the pipeline with Typescript using:

      const eventRule = new Rule(this, 'base-ecr-rule', {
        eventPattern: {
          source: ['aws.ecr'],
          detail: {
            'action-type': ['PUSH'],
            'image-tag': ['latest'],
            'repository-name': [this._props.projectSourceEcrRepo.repositoryName],
            result: ['SUCCESS'],
          },
        },
      });
      eventRule.addTarget(new CodePipelineTarget(this._codepipelinePipeline));

So far, this seems to work as expected.

jpSimkins on Jan 12, 2021