Is it possible to 'FAIL'/'Abort' a pipeline based on CodeGuru analysis (review/profiler)?

When we use SonarQube, we can define rigor and a gate in Sonar. This helps to fail or abort a pipeline if the quality gate is not achieved.

Can this be done with AWS CodeGuru as well? Can we define some kind of gate in AWS CodePipeline that can see the quality outcome from CodeGuru to decide on the fate of the pipeline progress?

Yes this is possible. Though today there is no direct integration between AWS CodePipeline and Amazon CodeGuru, this can be achieved through the functionality exposed via the services APIs.

CodeGuru Usage

Before discussing on how we would want to implement this, it’s important to ensure that we are aligned on when and where CodeGuru should be leveraged in your development experience. When we work on building new or existing projects we look for validation of our code (does it match security best practices, does it fulfil the business objective etc) before it is merged into our mainline branch. The idea is that once it has made its way into the mainline branch it can progress along our environments with further automation used to identify through integration testing whether the functionality operates as expected. We call this style of software delivery trunk-based development.

This is where we want to be using the CodeGuru Reviewer to assist in preventing code making its way into the delivery pipeline that does not match your organisations standards. Once that code is merged in it becomes expensive, with patching and rollbacks being used as mechanisms to allow the delivery of others deployments. Therefore CodeGuru Reviewer would act to inform the reviewers not to approve before recommendations have been resolved.

On the other hand, CodeGuru Profiler provides validation of workloads that are operating. This creates a feedback loop of where adjustments could be made to further fine-tune your applications performance. For the remainder of this answer we will focus on CodeGuru Reviewer.

CodePipeline Integration

With services in AWS, one of the core benefits that organisations see are the exposure of APIs that can be integrated either directly via HTTP interaction or abstracted in an SDK. CodeGuru is no different, many of the actions that you can perform in the console are available within the official SDKs that are published.

Given that everyones delivery pipelines can vary, having the ability to call custom logic in a stage can help to tailor the pipeline to meet your requirements which in this scenario are to trigger a CodeGuru Reviewer analysis. This is achieved through the integration of an AWS Lambda function which is a supported action within CodePipeline. From this Lambda you could trigger a script (or series of scripts) through the usage of compute and orchestration such as either an AWS Step Functions state machine or AWS CodeBuild project.

Once the workflow takes places, it then becomes a task to trigger the correct API calls in the correct order. For simplicity the following API calls can be used to get the results you are looking for:

• Either CreateCodeReview if you want to trigger a new one, or ListCodeReviews if you want to find a previous one.
• DescribeCodeReview to understand the status of the code review, i.e. has it completed. You could poll this API once a minute to determine whether it has entered the “Completed” status.
• ListRecommendations to get the output of the review. You might add some business logic here to discount particular severities or to include a threshold for how many of a particular severity are allowed.

With the results processed by yourself, the final step is to return one of the two below actions to CodePipeline by passing in the JobId that was specified within the original Lambda function.

• PutJobSuccessResult - Confirming to CodePipeline it can now resume with the remainder of its execution.
• PutJobFailureResult - Instructing CodePipeline that the action failed, and therefore the pipeline should be halted.

Through this process, the pipeline will now either proceed or continue as a result of your CodeGuru Reviewers recommendation. This approach provides you with the flexibility to be able to tailor the workflow to your organisations needs, whilst leveraging existing integrations and SDKs to do some of the heavy lifting.