WiP CDK synth workflow

GeoWill · GeoWill · commit 6808f17a8afa · 2025-03-28T11:33:42.000Z
diff --git a/.github/actions/cdk-synth/action.yml b/.github/actions/cdk-synth/action.yml
@@ -0,0 +1,31 @@
+name: 'CDK Synth'
+description: 'Check CDK output is valid'
+inputs:
+  dc-environment:
+    description: 'Environment to deploy to (development, staging, production)'
+    required: true
+  aws-role-arn:
+    description: 'ARN of AWS account to assume'
+    required: true
+
+runs:
+  using: composite
+  steps:
+
+    - name: Python setup
+      uses: ./.github/actions/python-setup
+
+    - name: Node setup
+      uses: ./.github/actions/node-setup
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: eu-west-2
+        role-to-assume: ${{ inputs.aws-role-arn }}
+
+    - name: CDK Synth
+      run: scripts/cdk-synth --all
+      shell: bash
+      env:
+        DC_ENVIRONMENT: ${{ inputs.dc-environment }}
diff --git a/.github/actions/node-setup/action.yml b/.github/actions/node-setup/action.yml
@@ -0,0 +1,15 @@
+name: 'Node Setup'
+description: 'Install node/npm and dependencies'
+
+runs:
+  using: composite
+  steps:
+    - name: Install node
+      uses: actions/setup-node@v4
+      with:
+        node-version: "18"
+        cache: 'npm'
+
+    - name: Install node modules
+      run: npm ci
+      shell: bash
diff --git a/.github/actions/python-setup/action.yml b/.github/actions/python-setup/action.yml
@@ -0,0 +1,21 @@
+name: 'Python Setup'
+description: 'Install uv, python and dependencies'
+
+runs:
+  using: composite
+  steps:
+    - name: Install python
+      uses: actions/setup-python@v5
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        enable-cache: true
+        cache-suffix: "uv-cache-v1"
+        cache-dependency-glob: |
+          **/uv.lock
+          **/pyproject.toml
+
+    - name: Create venv
+      run: uv sync
+      shell: bash
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -12,22 +12,12 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Install python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-        with:
-          enable-cache: true
-          cache-suffix: "uv-cache-v1"
-          cache-dependency-glob: |
-            **/uv.lock
-            **/pyproject.toml
+
+      - name: Python setup
+        uses: ./.github/actions/python-setup
+
+      - name: Node setup
+        uses: ./.github/actions/node-setup
 
       - name: Check Workflows
         run: uvx zizmor --format sarif . > zizmor-results.sarif
@@ -40,7 +30,6 @@ jobs:
 #          sarif_file: zizmor-results.sarif
 #          category: zizmor
 
-
       - name: Pre-test checks
         run: uv run scripts/code-check
 
diff --git a/.github/workflows/cdk-synth.yml b/.github/workflows/cdk-synth.yml
@@ -0,0 +1,58 @@
+name: CDK Synth
+
+on:
+#  workflow_run:
+#    workflows: ["Build and Test"]
+#    types: [completed]
+  push:
+    branches: [github-actions-deploy]
+
+permissions:
+  id-token: write
+
+jobs:
+  cdk-synth-development:
+    name: CDK Synth (Development)
+    runs-on: ubuntu-22.04
+    environment: development
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: CDK Synth Development
+        uses: ./.github/actions/cdk-synth
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+
+  cdk-synth-staging:
+    name: CDK Synth (Staging)
+    if: ${{ github.ref == 'refs/heads/github-actions-deploy' }} # ToDo: Change to main
+    needs: cdk-synth-development
+    runs-on: ubuntu-22.04
+    environment: staging
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: CDK Synth Staging
+        uses: ./.github/actions/cdk-synth
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+
+  cdk-synth-production:
+    name: CDK Synth (Production)
+    if: ${{ github.ref == 'refs/heads/main' }}
+    needs: cdk-synth-staging
+    runs-on: ubuntu-22.04
+    environment: production
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: CDK Synth Production
+        uses: ./.github/actions/cdk-synth
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
diff --git a/scripts/cdk-synth b/scripts/cdk-synth
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -euxo pipefail
+
+# Echo environment information
+echo "Running CDK synth with DC_ENVIRONMENT=$DC_ENVIRONMENT"
+if [ -n "${AWS_PROFILE+x}" ]; then
+  echo "Using AWS_PROFILE=$AWS_PROFILE"
+fi
+
+# Check if CDK is available in node_modules
+if [ -f "./node_modules/.bin/cdk" ]; then
+  echo "Using CDK from node_modules"
+  uv run ./node_modules/.bin/cdk synth "$@"
+else
+  echo "Error: CDK not found in node_modules. Make sure it's installed with 'npm ci'"
+  exit 1
+fi
