passing build arguments to docker when using aws-cdk-lib/pipelines/CodePipeline

To me the most efficient and native way to pass Docker build arguments in a CDK Pipeline is to define them directly within your CDK infrastructure code where you declare the Lambda function.

You do not need to modify the pipeline's BuildSpec or use partialBuildSpec.

When using aws-cdk-lib/pipelines, the pipeline automatically handles the compilation, building, and pushing of Docker images during its automated Asset Publishing phase. By defining the arguments in your construct, CDK ensures they are passed to the Docker CLI under the hood.

Here is how you can achieve this, I guess:

Pass the buildArgs property to the DockerImageCode.fromImageAsset method when defining your Lambda function:

import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as path from 'path';
import { Construct } from 'constructs';

export class MyLambdaStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const myDockerLambda = new lambda.DockerImageFunction(this, 'MyDockerLambda', {
      // Point to the directory containing your Dockerfile
      code: lambda.DockerImageCode.fromImageAsset(path.join(__dirname, '../docker-src'), {
        // Define your Docker build arguments here
        buildArgs: {
          FOO: 'BAR',
          ENV_NAME: 'production',
        },
      }),
    });
  }
}

How this works within CodePipeline

1. Synthesis: When your pipeline runs the synth step, CDK generates an asset manifest containing the configuration for your Docker image, including the buildArgs.
2. Asset Publishing: CodePipeline then automatically spins up a dedicated, privileged AWS CodeBuild project tasked with building and deploying your assets.
3. Docker Build: This project reads the manifest and runs the native docker build --build-arg FOO=BAR ... command automatically, pushes the resulting image to Amazon ECR, and links it to your Lambda function. This approach keeps your pipeline definition clean and leverages CDK's built-in asset management without the need for manual orchestration.

Yes, using codeBuildDefaults.partialBuildSpec is a valid approach to pass build arguments to Docker in your CDK pipeline. You can specify Docker build commands with build arguments in the buildspec's build phase commands.

When you provide phases.build.commands: ['docker build --build-arg FOO=BAR ...'] through the partialBuildSpec parameter, CodeBuild will execute these commands during the build phase, allowing you to pass your required build arguments to the Docker build process.

If you need to pass AWS credentials or environment variables to your Docker build, you should be aware that you'll need to pass them through properly. For Docker builds that require AWS credentials (for example, to download files from S3), you would:

1. Define ARG instructions in your Dockerfile for the variables you need (like ARG FOO)
2. Use the --build-arg option in your docker build command to pass the values

For environment variables that need to be available during the build, you can also use the EnvironmentVariables configuration parameter in CodeBuild. This allows you to set environment variables as a JSON array of objects, where each object specifies the name, value, and optionally the type (PLAINTEXT, PARAMETER_STORE, or SECRETS_MANAGER).

Your approach with partialBuildSpec should work without needing to drop down to lower-level constructs, as it gives you the flexibility to customize the build commands while still using the higher-level CodePipeline construct.
Sources
Troubleshooting AWS CodeBuild - AWS CodeBuild
CodeBuild rule - AWS CodePipeline
AWS CodeBuild build and test action reference - AWS CodePipeline