AWS CodeBuild now supports comment-based pull request control.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/codebuild/codebuild-2016-10-06.api.json

@@ -1419,7 +1419,8 @@
         "filterGroups":{"shape":"FilterGroups"},
         "buildType":{"shape":"WebhookBuildType"},
         "manualCreation":{"shape":"WrapperBoolean"},
-        "scopeConfiguration":{"shape":"ScopeConfiguration"}
+        "scopeConfiguration":{"shape":"ScopeConfiguration"},
+        "pullRequestBuildPolicy":{"shape":"PullRequestBuildPolicy"}
       }
     },
     "CreateWebhookOutput":{
@@ -2496,6 +2497,45 @@
         "orderedProxyRules":{"shape":"FleetProxyRules"}
       }
     },
+    "PullRequestBuildApproverRole":{
+      "type":"string",
+      "enum":[
+        "GITHUB_READ",
+        "GITHUB_TRIAGE",
+        "GITHUB_WRITE",
+        "GITHUB_MAINTAIN",
+        "GITHUB_ADMIN",
+        "GITLAB_GUEST",
+        "GITLAB_PLANNER",
+        "GITLAB_REPORTER",
+        "GITLAB_DEVELOPER",
+        "GITLAB_MAINTAINER",
+        "GITLAB_OWNER",
+        "BITBUCKET_READ",
+        "BITBUCKET_WRITE",
+        "BITBUCKET_ADMIN"
+      ]
+    },
+    "PullRequestBuildApproverRoles":{
+      "type":"list",
+      "member":{"shape":"PullRequestBuildApproverRole"}
+    },
+    "PullRequestBuildCommentApproval":{
+      "type":"string",
+      "enum":[
+        "DISABLED",
+        "ALL_PULL_REQUESTS",
+        "FORK_PULL_REQUESTS"
+      ]
+    },
+    "PullRequestBuildPolicy":{
+      "type":"structure",
+      "required":["requiresCommentApproval"],
+      "members":{
+        "requiresCommentApproval":{"shape":"PullRequestBuildCommentApproval"},
+        "approverRoles":{"shape":"PullRequestBuildApproverRoles"}
+      }
+    },
     "PutResourcePolicyInput":{
       "type":"structure",
       "required":[
@@ -3301,7 +3341,8 @@
         "branchFilter":{"shape":"String"},
         "rotateSecret":{"shape":"Boolean"},
         "filterGroups":{"shape":"FilterGroups"},
-        "buildType":{"shape":"WebhookBuildType"}
+        "buildType":{"shape":"WebhookBuildType"},
+        "pullRequestBuildPolicy":{"shape":"PullRequestBuildPolicy"}
       }
     },
     "UpdateWebhookOutput":{

generator/ServiceModels/codebuild/codebuild-2016-10-06.docs.json

@@ -1493,6 +1493,31 @@
         "UpdateFleetInput$proxyConfiguration": "<p>The proxy configuration of the compute fleet.</p>"
       }
     },
+    "PullRequestBuildApproverRole": {
+      "base": null,
+      "refs": {
+        "PullRequestBuildApproverRoles$member": null
+      }
+    },
+    "PullRequestBuildApproverRoles": {
+      "base": null,
+      "refs": {
+        "PullRequestBuildPolicy$approverRoles": "<p>List of repository roles that have approval privileges for pull request builds when comment approval is required. Only users with these roles can provide valid comment approvals. If a pull request contributor is one of these roles, their pull request builds will trigger automatically. This field is only applicable when <code>requiresCommentApproval</code> is not <i>DISABLED</i>.</p>"
+      }
+    },
+    "PullRequestBuildCommentApproval": {
+      "base": null,
+      "refs": {
+        "PullRequestBuildPolicy$requiresCommentApproval": "<p>Specifies when comment-based approval is required before triggering a build on pull requests. This setting determines whether builds run automatically or require explicit approval through comments.</p> <ul> <li> <p> <i>DISABLED</i>: Builds trigger automatically without requiring comment approval</p> </li> <li> <p> <i>ALL_PULL_REQUESTS</i>: All pull requests require comment approval before builds execute (unless contributor is one of the approver roles)</p> </li> <li> <p> <i>FORK_PULL_REQUESTS</i>: Only pull requests from forked repositories require comment approval (unless contributor is one of the approver roles)</p> </li> </ul>"
+      }
+    },
+    "PullRequestBuildPolicy": {
+      "base": "<p>Configuration policy that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.</p>",
+      "refs": {
+        "CreateWebhookInput$pullRequestBuildPolicy": "<p>A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.</p>",
+        "UpdateWebhookInput$pullRequestBuildPolicy": "<p>A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.</p>"
+      }
+    },
     "PutResourcePolicyInput": {
       "base": null,
       "refs": {}
@@ -2067,7 +2092,7 @@
         "StartBuildBatchInput$idempotencyToken": "<p>A unique, case sensitive identifier you provide to ensure the idempotency of the <code>StartBuildBatch</code> request. The token is included in the <code>StartBuildBatch</code> request and is valid for five minutes. If you repeat the <code>StartBuildBatch</code> request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.</p>",
         "StartBuildInput$sourceVersion": "<p>The version of the build input to be built, for this build only. If not specified, the latest version is used. If specified, the contents depends on the source provider:</p> <dl> <dt>CodeCommit</dt> <dd> <p>The commit ID, branch, or Git tag to use.</p> </dd> <dt>GitHub</dt> <dd> <p>The commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format <code>pr/pull-request-ID</code> (for example <code>pr/25</code>). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.</p> </dd> <dt>GitLab</dt> <dd> <p>The commit ID, branch, or Git tag to use.</p> </dd> <dt>Bitbucket</dt> <dd> <p>The commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.</p> </dd> <dt>Amazon S3</dt> <dd> <p>The version ID of the object that represents the build input ZIP file to use.</p> </dd> </dl> <p>If <code>sourceVersion</code> is specified at the project level, then this <code>sourceVersion</code> (at the build level) takes precedence. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/sample-source-version.html\">Source Version Sample with CodeBuild</a> in the <i>CodeBuild User Guide</i>. </p>",
         "StartBuildInput$sourceLocationOverride": "<p>A location that overrides, for this build, the source location for the one defined in the build project.</p>",
-        "StartBuildInput$buildspecOverride": "<p>A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.</p> <p>If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in <code>CODEBUILD_SRC_DIR</code> environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, <code>arn:aws:s3:::my-codebuild-sample2/buildspec.yml</code>). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-name-storage\">Buildspec File Name and Storage Location</a>.</p> <note> <p>Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket.</p> </note>",
+        "StartBuildInput$buildspecOverride": "<p>A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.</p> <p>If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in <code>CODEBUILD_SRC_DIR</code> environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, <code>arn:aws:s3:::my-codebuild-sample2/buildspec.yml</code>). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-name-storage\">Buildspec File Name and Storage Location</a>.</p> <note> <p>Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket. Alternatively, you can restrict overrides to the buildspec by using a condition key: <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/action-context-keys.html#action-context-keys-example-overridebuildspec.html\">Prevent unauthorized modifications to project buildspec</a>.</p> </note>",
         "StartBuildInput$certificateOverride": "<p>The name of a certificate for this build that overrides the one specified in the build project.</p>",
         "StartBuildInput$idempotencyToken": "<p>A unique, case sensitive identifier you provide to ensure the idempotency of the StartBuild request. The token is included in the StartBuild request and is valid for 5 minutes. If you repeat the StartBuild request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error. </p>",
         "TestCase$testRawDataPath": "<p> The path to the raw data file that contains the test result. </p>",

generator/ServiceModels/codebuild/codebuild-2016-10-06.normal.json

@@ -2122,6 +2122,10 @@
         "scopeConfiguration":{
           "shape":"ScopeConfiguration",
           "documentation":"<p>The scope configuration for global or organization webhooks.</p> <note> <p>Global or organization webhooks are only available for GitHub and Github Enterprise webhooks.</p> </note>"
+        },
+        "pullRequestBuildPolicy":{
+          "shape":"PullRequestBuildPolicy",
+          "documentation":"<p>A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.</p>"
         }
       }
     },
@@ -4012,6 +4016,52 @@
       },
       "documentation":"<p>Information about the proxy configurations that apply network access control to your reserved capacity instances.</p>"
     },
+    "PullRequestBuildApproverRole":{
+      "type":"string",
+      "enum":[
+        "GITHUB_READ",
+        "GITHUB_TRIAGE",
+        "GITHUB_WRITE",
+        "GITHUB_MAINTAIN",
+        "GITHUB_ADMIN",
+        "GITLAB_GUEST",
+        "GITLAB_PLANNER",
+        "GITLAB_REPORTER",
+        "GITLAB_DEVELOPER",
+        "GITLAB_MAINTAINER",
+        "GITLAB_OWNER",
+        "BITBUCKET_READ",
+        "BITBUCKET_WRITE",
+        "BITBUCKET_ADMIN"
+      ]
+    },
+    "PullRequestBuildApproverRoles":{
+      "type":"list",
+      "member":{"shape":"PullRequestBuildApproverRole"}
+    },
+    "PullRequestBuildCommentApproval":{
+      "type":"string",
+      "enum":[
+        "DISABLED",
+        "ALL_PULL_REQUESTS",
+        "FORK_PULL_REQUESTS"
+      ]
+    },
+    "PullRequestBuildPolicy":{
+      "type":"structure",
+      "required":["requiresCommentApproval"],
+      "members":{
+        "requiresCommentApproval":{
+          "shape":"PullRequestBuildCommentApproval",
+          "documentation":"<p>Specifies when comment-based approval is required before triggering a build on pull requests. This setting determines whether builds run automatically or require explicit approval through comments.</p> <ul> <li> <p> <i>DISABLED</i>: Builds trigger automatically without requiring comment approval</p> </li> <li> <p> <i>ALL_PULL_REQUESTS</i>: All pull requests require comment approval before builds execute (unless contributor is one of the approver roles)</p> </li> <li> <p> <i>FORK_PULL_REQUESTS</i>: Only pull requests from forked repositories require comment approval (unless contributor is one of the approver roles)</p> </li> </ul>"
+        },
+        "approverRoles":{
+          "shape":"PullRequestBuildApproverRoles",
+          "documentation":"<p>List of repository roles that have approval privileges for pull request builds when comment approval is required. Only users with these roles can provide valid comment approvals. If a pull request contributor is one of these roles, their pull request builds will trigger automatically. This field is only applicable when <code>requiresCommentApproval</code> is not <i>DISABLED</i>.</p>"
+        }
+      },
+      "documentation":"<p>Configuration policy that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.</p>"
+    },
     "PutResourcePolicyInput":{
       "type":"structure",
       "required":[
@@ -4968,7 +5018,7 @@
         },
         "buildspecOverride":{
           "shape":"String",
-          "documentation":"<p>A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.</p> <p>If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in <code>CODEBUILD_SRC_DIR</code> environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, <code>arn:aws:s3:::my-codebuild-sample2/buildspec.yml</code>). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-name-storage\">Buildspec File Name and Storage Location</a>.</p> <note> <p>Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket.</p> </note>"
+          "documentation":"<p>A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.</p> <p>If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in <code>CODEBUILD_SRC_DIR</code> environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, <code>arn:aws:s3:::my-codebuild-sample2/buildspec.yml</code>). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-name-storage\">Buildspec File Name and Storage Location</a>.</p> <note> <p>Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket. Alternatively, you can restrict overrides to the buildspec by using a condition key: <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/action-context-keys.html#action-context-keys-example-overridebuildspec.html\">Prevent unauthorized modifications to project buildspec</a>.</p> </note>"
         },
         "insecureSslOverride":{
           "shape":"WrapperBoolean",
@@ -5572,6 +5622,10 @@
         "buildType":{
           "shape":"WebhookBuildType",
           "documentation":"<p>Specifies the type of build this webhook will trigger.</p> <note> <p> <code>RUNNER_BUILDKITE_BUILD</code> is only available for <code>NO_SOURCE</code> source type projects configured for Buildkite runner builds. For more information about CodeBuild-hosted Buildkite runner builds, see <a href=\"https://docs.aws.amazon.com/codebuild/latest/userguide/sample-runner-buildkite.html\">Tutorial: Configure a CodeBuild-hosted Buildkite runner</a> in the <i>CodeBuild user guide</i>.</p> </note>"
+        },
+        "pullRequestBuildPolicy":{
+          "shape":"PullRequestBuildPolicy",
+          "documentation":"<p>A PullRequestBuildPolicy object that defines comment-based approval requirements for triggering builds on pull requests. This policy helps control when automated builds are executed based on contributor permissions and approval workflows.</p>"
         }
       }
     },

sdk/src/Services/CodeBuild/Generated/Model/CreateWebhookRequest.cs

@@ -54,6 +54,7 @@ public partial class CreateWebhookRequest : AmazonCodeBuildRequest
         private List<List<WebhookFilter>> _filterGroups = AWSConfigs.InitializeCollections ? new List<List<WebhookFilter>>() : null;
         private bool? _manualCreation;
         private string _projectName;
+        private PullRequestBuildPolicy _pullRequestBuildPolicy;
         private ScopeConfiguration _scopeConfiguration;
 
         /// <summary>
@@ -178,6 +179,26 @@ internal bool IsSetProjectName()
             return this._projectName != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property PullRequestBuildPolicy. 
+        /// <para>
+        /// A PullRequestBuildPolicy object that defines comment-based approval requirements for
+        /// triggering builds on pull requests. This policy helps control when automated builds
+        /// are executed based on contributor permissions and approval workflows.
+        /// </para>
+        /// </summary>
+        public PullRequestBuildPolicy PullRequestBuildPolicy
+        {
+            get { return this._pullRequestBuildPolicy; }
+            set { this._pullRequestBuildPolicy = value; }
+        }
+
+        // Check to see if PullRequestBuildPolicy property is set
+        internal bool IsSetPullRequestBuildPolicy()
+        {
+            return this._pullRequestBuildPolicy != null;
+        }
+
         /// <summary>
         /// Gets and sets the property ScopeConfiguration. 
         /// <para>

sdk/src/Services/CodeBuild/Generated/Model/Internal/MarshallTransformations/CreateWebhookRequestMarshaller.cs

@@ -114,6 +114,17 @@ public IRequest Marshall(CreateWebhookRequest publicRequest)
                     context.Writer.Write(publicRequest.ProjectName);
                 }
 
+                if(publicRequest.IsSetPullRequestBuildPolicy())
+                {
+                    context.Writer.WritePropertyName("pullRequestBuildPolicy");
+                    context.Writer.WriteObjectStart();
+
+                    var marshaller = PullRequestBuildPolicyMarshaller.Instance;
+                    marshaller.Marshall(publicRequest.PullRequestBuildPolicy, context);
+
+                    context.Writer.WriteObjectEnd();
+                }
+
                 if(publicRequest.IsSetScopeConfiguration())
                 {
                     context.Writer.WritePropertyName("scopeConfiguration");