Merge branch 'main' into peterwoodworth/ssltest

mergify[bot] · web-flow · commit a2fd076b750f · 2022-07-22T20:32:53.000Z
diff --git a/.github/workflows/close-stale-prs.yml b/.github/workflows/close-stale-prs.yml
@@ -2,6 +2,7 @@ on:
   schedule:
     # Cron format: min hr day month dow
     - cron: "0 0 * * *"
+  workflow_dispatch:    
 jobs:
   close-stale-prs:
     permissions:
@@ -11,7 +12,10 @@ jobs:
       - uses: rix0rrr/close-stale-prs@main
         with:
           # Required
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # Must be PROJEN_GITHUB_TOKEN because the default GHA GitHub token will not have permissions to
+          # know whether a user is a MEMBER of the organization or not, so we would not be able to filter PR reviews
+          # appropriately.
+          github-token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
           stale-days: 21
           response-days: 7
 
diff --git a/packages/@aws-cdk/aws-ecr/lib/repository.ts b/packages/@aws-cdk/aws-ecr/lib/repository.ts
@@ -561,7 +561,7 @@ export class Repository extends RepositoryBase {
       this.policyDocument = new iam.PolicyDocument();
     }
     this.policyDocument.addStatements(statement);
-    return { statementAdded: false, policyDependable: this.policyDocument };
+    return { statementAdded: true, policyDependable: this.policyDocument };
   }
 
   /**
diff --git a/packages/@aws-cdk/aws-ecr/test/repository.test.ts b/packages/@aws-cdk/aws-ecr/test/repository.test.ts
@@ -701,5 +701,43 @@ describe('repository', () => {
         repositoryName: 'a//a-a',
       })).toThrow(/must follow the specified pattern/);
     });
+
+    test('return value addToResourcePolicy', () => {
+      // GIVEN
+      const stack = new cdk.Stack();
+      const policyStmt1 = new iam.PolicyStatement({
+        actions: ['*'],
+        principals: [new iam.AnyPrincipal()],
+      });
+      const policyStmt2 = new iam.PolicyStatement({
+        effect: iam.Effect.DENY,
+        actions: ['ecr:BatchGetImage', 'ecr:GetDownloadUrlForLayer'],
+        principals: [new iam.AnyPrincipal()],
+      });
+      const policyText1 = '{"Statement": [{"Action": "*", "Effect": "Allow", "Principal": {"AWS": "*"}}], "Version": "2012-10-17"}';
+      const policyText2 = `{"Statement": [
+        {"Action": "*", "Effect": "Allow", "Principal": {"AWS": "*"}},
+        {"Action": ["ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer"], "Effect": "Deny", "Principal": {"AWS": "*"}}
+      ], "Version": "2012-10-17"}`;
+
+      // WHEN
+      const artifact1 = new ecr.Repository(stack, 'Repo1').addToResourcePolicy(policyStmt1);
+      const repo = new ecr.Repository(stack, 'Repo2');
+      repo.addToResourcePolicy(policyStmt1);
+      const artifact2 =repo.addToResourcePolicy(policyStmt2);
+
+      // THEN
+      expect(stack.resolve(artifact1.statementAdded)).toEqual(true);
+      expect(stack.resolve(artifact1.policyDependable)).toEqual(JSON.parse(policyText1));
+      Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
+        RepositoryPolicyText: JSON.parse(policyText1),
+      });
+
+      expect(stack.resolve(artifact2.statementAdded)).toEqual(true);
+      expect(stack.resolve(artifact2.policyDependable)).toEqual(JSON.parse(policyText2));
+      Template.fromStack(stack).hasResourceProperties('AWS::ECR::Repository', {
+        RepositoryPolicyText: JSON.parse(policyText2),
+      });
+    });
   });
 });
diff --git a/tools/@aws-cdk/cdk-build-tools/lib/lint.ts b/tools/@aws-cdk/cdk-build-tools/lib/lint.ts
@@ -1,7 +1,7 @@
 import * as path from 'path';
 import * as process from 'process';
 import * as fs from 'fs-extra';
-import { shell } from './os';
+import { shell, escape } from './os';
 import { CDKBuildOptions, CompilerOverrides } from './package-info';
 
 export async function lintCurrentPackage(options: CDKBuildOptions, compilers: CompilerOverrides & { fix?: boolean } = {}): Promise<void> {
@@ -27,7 +27,7 @@ export async function lintCurrentPackage(options: CDKBuildOptions, compilers: Co
 
   if (await fs.pathExists('README.md')) {
     await shell([
-      process.execPath,
+      escape(process.execPath),
       ...process.execArgv,
       '--',
       require.resolve('markdownlint-cli'),
diff --git a/tools/@aws-cdk/cdk-build-tools/lib/os.ts b/tools/@aws-cdk/cdk-build-tools/lib/os.ts
@@ -56,6 +56,16 @@ export async function shell(command: string[], options: ShellOptions = {}): Prom
   });
 }
 
+/**
+ * Escape a shell argument for the current shell
+ */
+export function escape(x: string) {
+  if (process.platform === 'win32') {
+    return windowsEscape(x);
+  }
+  return posixEscape(x);
+}
+
 /**
  * Render the given command line as a string
  *
diff --git a/tools/@aws-cdk/pkglint/test/libary-creation.test.ts b/tools/@aws-cdk/pkglint/test/libary-creation.test.ts
@@ -59,8 +59,21 @@ describe('createModuleDefinitionFromCfnNamespace', () => {
 });
 
 describe('createLibraryReadme', () => {
+  let tempDir: string | undefined;
+
+  beforeEach(() => {
+    tempDir = undefined;
+  });
+
+  afterEach(async () => {
+    if (tempDir) {
+      await fs.emptyDir(tempDir);
+      await fs.rmdir(tempDir);
+    }
+  });
+
   test('library name is valid', async () => {
-    const tempDir = fs.mkdtempSync(path.join(__dirname, 'temp'));
+    tempDir = fs.mkdtempSync(path.join(__dirname, 'temp'));
     const readmePath = path.join(tempDir, 'README.md');
     await createLibraryReadme('Alexa::ASK', readmePath);
 

Original file line number	Diff line number	Diff line change
`@@ -561,7 +561,7 @@ export class Repository extends RepositoryBase {`
`561`	`561`	`this.policyDocument = new iam.PolicyDocument();`
`562`	`562`	`}`
`563`	`563`	`this.policyDocument.addStatements(statement);`
`564`		`- return { statementAdded: false, policyDependable: this.policyDocument };`
	`564`	`+ return { statementAdded: true, policyDependable: this.policyDocument };`
`565`	`565`	`}`
`566`	`566`
`567`	`567`	`/**`