feat(scheduler-targets): CodeBuild scheduler target (#27792)

Closes #27448.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: daschaa

packages/@aws-cdk/aws-scheduler-targets-alpha/README.md

@@ -26,6 +26,7 @@ The following targets are supported:
 
 1. `targets.LambdaInvoke`: [Invoke an AWS Lambda function](#invoke-a-lambda-function))
 2. `targets.StepFunctionsStartExecution`: [Start an AWS Step Function](#start-an-aws-step-function)
+3. `targets.CodeBuildStartBuild`: [Start a CodeBuild job](#start-a-codebuild-job)
 
 ## Invoke a Lambda function
 
@@ -102,3 +103,21 @@ new Schedule(this, 'Schedule', {
   }),
 });
 ```
+
+## Start a CodeBuild job
+
+Use the `CodeBuildStartBuild` target to start a new build run on a CodeBuild project.
+
+The code snippet below creates an event rule with a CodeBuild project as target which is
+called every hour by Event Bridge Scheduler.
+
+```ts
+import * as codebuild from 'aws-cdk-lib/aws-codebuild';
+
+declare const project: codebuild.Project;
+
+new Schedule(this, 'Schedule', {
+  schedule: ScheduleExpression.rate(Duration.minutes(60)),
+  target: new targets.CodeBuildStartBuild(project),
+});
+```

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/codebuild-start-build.ts

@@ -0,0 +1,37 @@
+import { ISchedule, IScheduleTarget } from '@aws-cdk/aws-scheduler-alpha';
+import { Names } from 'aws-cdk-lib';
+import { IProject } from 'aws-cdk-lib/aws-codebuild';
+import { IRole, PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { ScheduleTargetBase, ScheduleTargetBaseProps } from './target';
+import { sameEnvDimension } from './util';
+
+/**
+ * Use an AWS CodeBuild as a target for AWS EventBridge Scheduler.
+ */
+export class CodeBuildStartBuild extends ScheduleTargetBase implements IScheduleTarget {
+  constructor(
+    private readonly project: IProject,
+    private readonly props: ScheduleTargetBaseProps = {},
+  ) {
+    super(props, project.projectArn);
+  }
+
+  protected addTargetActionToRole(schedule: ISchedule, role: IRole): void {
+    if (!sameEnvDimension(this.project.env.region, schedule.env.region)) {
+      throw new Error(`Cannot assign project in region ${this.project.env.region} to the schedule ${Names.nodeUniqueId(schedule.node)} in region ${schedule.env.region}. Both the schedule and the project must be in the same region.`);
+    }
+
+    if (!sameEnvDimension(this.project.env.account, schedule.env.account)) {
+      throw new Error(`Cannot assign project in account ${this.project.env.account} to the schedule ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.region}. Both the schedule and the project must be in the same account.`);
+    }
+
+    if (this.props.role && !sameEnvDimension(this.props.role.env.account, schedule.env.account)) {
+      throw new Error(`Cannot grant permission to execution role in account ${this.props.role.env.account} to invoke target ${Names.nodeUniqueId(schedule.node)} in account ${schedule.env.account}. Both the target and the execution role must be in the same account.`);
+    }
+
+    role.addToPrincipalPolicy(new PolicyStatement({
+      actions: ['codebuild:StartBuild'],
+      resources: [this.project.projectArn],
+    }));
+  }
+}

packages/@aws-cdk/aws-scheduler-targets-alpha/lib/index.ts

@@ -1,3 +1,4 @@
 export * from './target';
 export * from './lambda-invoke';
-export * from './stepfunctions-start-execution';
+export * from './stepfunctions-start-execution';
+export * from './codebuild-start-build';

packages/@aws-cdk/aws-scheduler-targets-alpha/package.json

@@ -114,4 +114,4 @@
       "assert/assert-dependency"
     ]
   }
-}
+}