aws-codebuild : secondary source don't seem to register webhook

[npvisual]

Describe the bug

While trying to leverage the ability to attach 2 or more GitHub sources, using codebuild.Source.git_hub(), to a project I found that the webhooks in the secondary source array are never registered.

Modifications to the code in the first source will trigger a new build, however nothing will happen if any of the secondary sources are modified.

Expected Behavior

Because the secondary source array expects a ISource and I didn't find any documented restrictions, I would have expected the secondary source to behave similar to the primary source : i.e. it would register a webhook with the source and trigger a build when the source is updated.

Current Behavior

A look at the resulting Project in the console shows the secondary source being created as a GitHub source, but a few things seems weird :

• instead of showing "Repository in my GitHub account" as it does for the primary source, the secondary source shows "Public repository"
• the only webhook group configuration presented in the UI is the one for the primary source

I can confirm that the secondary source is properly defined by switching it to being the primary -- in that case the webhook gets registered properly and I receive the notifications from that source.

Reproduction Steps

Unfortunately don't have a self-contained snippet or something that would work against a public repo but here's a snippet of what I am using :

        # Source action 1 : will trigger when the buildspec and dockerfile
        # for building the target images are modified (primary source)
        source1 = codebuild.Source.git_hub(
            owner=connection_owner,
            repo="source1",
            branch_or_ref=branch_source1,
            clone_depth=1,
            fetch_submodules=False,
            report_build_status=True,
            webhook=True,
            webhook_filters=[
                codebuild.FilterGroup.in_event_of(
                    codebuild.EventAction.PULL_REQUEST_CREATED,
                    codebuild.EventAction.PULL_REQUEST_UPDATED,
                    codebuild.EventAction.PULL_REQUEST_REOPENED,
                )
                .and_base_ref_is(f"^refs/heads/{branch_source1}.*$")
                .and_file_path_is("^app/.*$"),
                codebuild.FilterGroup.in_event_of(codebuild.EventAction.PUSH)
                .and_head_ref_is(f"^refs/heads/{branch_source1}.*$")
                .and_file_path_is("^app/.*$"),
            ],
        )

        # Source action #2 : will trigger when the app code is modified
        source2 = codebuild.Source.git_hub(
            owner=connection_owner,
            repo="source2",
            branch_or_ref=branch_source2,
            clone_depth=1,
            fetch_submodules=False,
            report_build_status=True,
            webhook=True,
            webhook_filters=[
                codebuild.FilterGroup.in_event_of(codebuild.EventAction.PUSH).and_head_ref_is(
                    f"^refs/heads/{branch_source2}.*$"
                ),
                codebuild.FilterGroup.in_event_of(
                    codebuild.EventAction.PULL_REQUEST_CREATED,
                    codebuild.EventAction.PULL_REQUEST_UPDATED,
                    codebuild.EventAction.PULL_REQUEST_REOPENED,
                ).and_base_ref_is(f"^refs/heads/{branch_source2}.*$"),
            ],
            identifier="source2",
        )
...
            app_project = codebuild.Project(
                self,
                "codebuild-app",
                source=source1,
                secondary_sources=[source2],
                badge=True,
                build_spec=build_spec_source1,
                description=f"Builds target images from {branch_source2} branch.",
                environment=common_build_env,
                logging=logging_app,
                project_name=f"builds-app-{branch_source2}",
            )

Possible Solution

Not sure but the source declared as the primary source works well, so not sure why that's not happening for the ones in the secondary sources array.

Additional Information/Context

No response

CDK CLI Version

2.99.1 (build b2a895e)

Framework Version

2.95.1

Node.js Version

v20.6.0

OS

Debian slim bookworm (12.0)

Language

Python

Language Version

3.11

Other information

No response

[indrora]

I suspect this is a limitation of CodeBuild, not the CDK: https://docs.aws.amazon.com/codebuild/latest/userguide/github-webhook.html#github-webhook-events-cfn

If you can produce CloudFormation that deploys webhooks to two repositories at once, please paste it here; if it is possible to do with both CloudFormation and the AWS SDK (or console) then please describe how to here.

[npvisual]

Ok. I'll take a look. If it's a CF or CodeBuild issue, how do I log an issue with them ?

[npvisual]

Well, I tried through the console and couldn't get the second source to create a webhook. As you can see below, there are 2 sources defined but only 1 webhook shown (and one set of event filter groups) :

So would appreciate any help escalating this to CodeBuild. Thanks !

[tim-finnigan]

For CF roadmap issues you can create those here: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues