feat(pipelines): add support for CodePipeline namespaced variables

packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts

@@ -98,6 +98,7 @@ export interface CodeBuildFactoryProps {
 
   readonly env?: Record<string, string>;
   readonly envFromCfnOutputs?: Record<string, StackOutputReference>;
+  readonly variablesNamespace?: string;
 
   /**
    * If given, override the scope from the produce call with this scope.
@@ -146,6 +147,7 @@ export class CodeBuildFactory implements ICodePipelineActionFactory {
         subnetSelection: step.subnetSelection,
         ...additional?.projectOptions,
       },
+      variablesNamespace: step.variablesNamespace,
       ...additional,
     });
 
@@ -308,6 +310,7 @@ export class CodeBuildFactory implements ICodePipelineActionFactory {
       outputs: outputArtifacts,
       project,
       runOrder: options.runOrder,
+      variablesNamespace: this.props.variablesNamespace,
 
       // Inclusion of the hash here will lead to the pipeline structure for any changes
       // made the config of the underlying CodeBuild Project.
@@ -510,4 +513,4 @@ function filterBuildSpecCommands(buildSpec: codebuild.BuildSpec, osType: ec2.Ope
     }
     return [undefined, x];
   }
-}
+}

packages/@aws-cdk/pipelines/lib/codepipeline/codebuild-step.ts

@@ -130,6 +130,13 @@ export class CodeBuildStep extends ShellStep {
    */
   public readonly role?: iam.IRole;
 
+  /**
+   * The name of the namespace to use for variables emitted by this action.
+   *
+   * @default The projectName will be used if it is defined. Otherwise, the construct ID will be used.
+   */
+  public readonly variablesNamespace: string;
+
   /**
    * Build environment
    *
@@ -155,6 +162,7 @@ export class CodeBuildStep extends ShellStep {
     this.vpc = props.vpc;
     this.subnetSelection = props.subnetSelection;
     this.role = props.role;
+    this.variablesNamespace = this.projectName ?? this.id;
     this.rolePolicyStatements = props.rolePolicyStatements;
     this.securityGroups = props.securityGroups;
   }
@@ -178,6 +186,17 @@ export class CodeBuildStep extends ShellStep {
     return this.project.grantPrincipal;
   }
 
+  /**
+   * Reference a CodePipeline variable defined by the CodeBuildStep.
+   *
+   * Variables in CodeBuild actions are defined using the 'exported-variables' subsection of the 'env' section of the buildspec.
+   *
+   * @param variableName the name of the variable for reference.
+   */
+  public variable(variableName: string): string {
+    return `#{${this.variablesNamespace}.${variableName}}`;
+  }
+
   /**
    * Set the internal project value
    *

packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json

@@ -832,6 +832,7 @@
                   }
                 ],
                 "Name": "SelfMutate",
+                "Namespace": "SelfMutate",
                 "RoleArn": {
                   "Fn::GetAtt": [
                     "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF",
@@ -863,6 +864,7 @@
                   }
                 ],
                 "Name": "FileAsset1",
+                "Namespace": "FileAsset1",
                 "RoleArn": {
                   "Fn::GetAtt": [
                     "PipelineAssetsFileAsset1CodePipelineActionRoleC0EC649A",
@@ -889,6 +891,7 @@
                   }
                 ],
                 "Name": "FileAsset2",
+                "Namespace": "FileAsset2",
                 "RoleArn": {
                   "Fn::GetAtt": [
                     "PipelineAssetsFileAsset2CodePipelineActionRole06965A59",
@@ -2398,4 +2401,4 @@
       ]
     }
   }
-}
+}

packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json

@@ -298,6 +298,7 @@
                   }
                 ],
                 "Name": "SelfMutate",
+                "Namespace": "SelfMutate",
                 "RoleArn": {
                   "Fn::GetAtt": [
                     "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF",
@@ -2333,4 +2334,4 @@
       ]
     }
   }
-}
+}