refactor(cdk): Inject the build identifier

This offers increased clarity.
guardian · Sep 18, 2024 · 8211507 · 8211507
1 parent 664d5c5
commit 8211507
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 6 deletions.
diff --git a/cdk/bin/cdk.ts b/cdk/bin/cdk.ts
@@ -3,9 +3,11 @@ import { App } from "aws-cdk-lib";
 import { SecurityHQ } from "../lib/security-hq";
 
 const app = new App();
+
 new SecurityHQ(app, "security-hq", {
   stack: "security",
   stage: "PROD",
   cloudFormationStackName: "security-hq-PROD",
   env: { region: "eu-west-1" },
+  buildIdentifier: process.env.BUILD_NUMBER ?? "DEV"
 });
diff --git a/cdk/jest.setup.js b/cdk/jest.setup.js
@@ -1,3 +1 @@
 jest.mock("@guardian/cdk/lib/constants/tracking-tag");
-
-process.env.BUILD_NUMBER = "TEST";
diff --git a/cdk/lib/security-hq.test.ts b/cdk/lib/security-hq.test.ts
@@ -8,6 +8,7 @@ describe("HQ stack", () => {
     const stack = new SecurityHQ(app, "security-hq", {
       stack: "security",
       stage: "PROD",
+      buildIdentifier: "TEST"
     });
     expect(Template.fromStack(stack).toJSON()).toMatchSnapshot();
   });

diff --git a/cdk/lib/security-hq.ts b/cdk/lib/security-hq.ts
@@ -41,14 +41,24 @@ import {
   StringParameter,
 } from "aws-cdk-lib/aws-ssm";
 
+interface SecurityHQProps extends GuStackProps {
+  /**
+   * Which application build to run.
+   * This will typically match the build number provided by CI.
+   */
+  buildIdentifier: string;
+}
+
 export class SecurityHQ extends GuStack {
   private static app: AppIdentity = {
     app: "security-hq",
   };
 
-  constructor(scope: App, id: string, props: GuStackProps) {
+  constructor(scope: App, id: string, props: SecurityHQProps) {
     super(scope, id, props);
 
+    const { buildIdentifier } = props;
+
     const table = new GuDynamoTable(this, "DynamoTable", {
       tableName: `security-hq-iam`,
       removalPolicy: RemovalPolicy.RETAIN,
@@ -86,15 +96,13 @@ export class SecurityHQ extends GuStack {
 
     const domainName = "security-hq.gutools.co.uk";
 
-    const buildNumber = process.env.BUILD_NUMBER ?? "DEV";
-
     const userData = UserData.forLinux();
     userData.addCommands(`# setup security-hq
     mkdir -p /etc/gu
 
     aws --region eu-west-1 s3 cp s3://${distBucket.valueAsString}/security/${this.stage}/security-hq/security-hq.conf /etc/gu
     aws --region eu-west-1 s3 cp s3://${distBucket.valueAsString}/security/${this.stage}/security-hq/security-hq-service-account-cert.json /etc/gu
-    aws --region eu-west-1 s3 cp s3://${distBucket.valueAsString}/security/${this.stage}/security-hq/security-hq-${buildNumber}.deb /tmp/installer.deb
+    aws --region eu-west-1 s3 cp s3://${distBucket.valueAsString}/security/${this.stage}/security-hq/security-hq-${buildIdentifier}.deb /tmp/installer.deb
 
     dpkg -i /tmp/installer.deb`);
Original file line number	Diff line number	Diff line change
		@@ -1,3 +1 @@
		jest.mock("@guardian/cdk/lib/constants/tracking-tag");

		process.env.BUILD_NUMBER = "TEST";