WIP

Author: GeoWill

.github/actions/cdk-deploy/action.yml

@@ -0,0 +1,31 @@
+name: 'CDK Synth'
+description: 'Check CDK output is valid'
+inputs:
+  dc-environment:
+    description: 'Environment to deploy to (development, staging, production)'
+    required: true
+  aws-role-arn:
+    description: 'ARN of AWS account to assume'
+    required: true
+
+runs:
+  using: composite
+  steps:
+
+    - name: Python setup
+      uses: ./.github/actions/python-setup
+
+    - name: Node setup
+      uses: ./.github/actions/node-setup
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: eu-west-2
+        role-to-assume: ${{ inputs.aws-role-arn }}
+
+    - name: CDK Deploy
+      run: scripts/cdk-deploy --all --concurrency 3 --require-approval never --asset-parallelism true
+      shell: bash
+      env:
+        DC_ENVIRONMENT: ${{ inputs.dc-environment }}

.github/actions/cdk-synth/action.yml

@@ -18,14 +18,22 @@ runs:
     - name: Node setup
       uses: ./.github/actions/node-setup
 
-    - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
-      with:
-        aws-region: eu-west-2
-        role-to-assume: ${{ inputs.aws-role-arn }}
+#    - name: Configure AWS Credentials
+#      uses: aws-actions/configure-aws-credentials@v4
+#      with:
+#        aws-region: eu-west-2
+#        role-to-assume: ${{ inputs.aws-role-arn }}
 
     - name: CDK Synth
       run: scripts/cdk-synth --all
       shell: bash
       env:
         DC_ENVIRONMENT: ${{ inputs.dc-environment }}
+
+#   ToDo: This produces changes on CI, but not when run locally.
+#    - name: Check Diagram
+#      shell: bash
+#      run: |
+#        sudo apt install -y graphviz
+#        uv run make_graph.py
+#        git diff --exit-code || (echo "Please update graph and commit changes." && exit 1)

.github/workflows/build-and-test.yml

@@ -1,9 +1,6 @@
 name: Build and Test
 
-on:
-  push:
-    branches: [github-actions-deploy]
-
+on: push
 
 jobs:
   build-and-test:
@@ -32,8 +29,3 @@ jobs:
 
       - name: Pre-test checks
         run: uv run scripts/code-check
-
-      # ToDo a check for whether the graph needs to be updated.
-        # Install graphviz
-        # uv run make_graph.py
-        # git diff --exit-code || (echo "Please update graph and commit changes." && exit 1)

.github/workflows/cdk-deploy.yml

@@ -0,0 +1,58 @@
+name: CDK Deploy
+
+on:
+#  workflow_run:
+#    workflows: ["Build and Test"]
+#    types: [completed]
+  push:
+    branches: [github-actions-deploy]
+
+permissions:
+  id-token: write
+
+jobs:
+  cdk-deploy-development:
+    name: CDK Deploy (Development)
+    runs-on: ubuntu-22.04
+    environment: development
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: CDK Deploy Development
+        uses: ./.github/actions/cdk-deploy
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+
+  cdk-deploy-staging:
+    name: CDK Deploy (Staging)
+    if: ${{ github.ref == 'refs/heads/github-actions-deploy' }} # ToDo: Change to main
+    needs: cdk-deploy-development
+    runs-on: ubuntu-22.04
+    environment: staging
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: CDK Deploy Staging
+        uses: ./.github/actions/cdk-deploy
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+
+  cdk-deploy-production:
+    name: CDK Deploy (Production)
+    if: ${{ github.ref == 'refs/heads/main' }}
+    needs: cdk-deploy-staging
+    runs-on: ubuntu-22.04
+    environment: production
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: CDK Deploy Production
+        uses: ./.github/actions/cdk-deploy
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}

scripts/cdk-deploy

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -euxo pipefail
+
+# Echo environment information
+echo "Running CDK synth with DC_ENVIRONMENT=$DC_ENVIRONMENT"
+
+# If AWS_PROFILE exists (+x) then see if it's set.
+# Useful if calling script locally.
+if [ -n "${AWS_PROFILE+x}" ]; then
+  echo "Using AWS_PROFILE=$AWS_PROFILE"
+fi
+
+# Check if CDK is available in node_modules
+if [ -f "./node_modules/.bin/cdk" ]; then
+  echo "Using CDK from node_modules"
+  uv run ./node_modules/.bin/cdk deploy "$@"
+else
+  echo "Error: CDK not found in node_modules. Make sure it's installed with 'npm ci'"
+  exit 1
+fi

scripts/cdk-synth

@@ -3,9 +3,6 @@ set -euxo pipefail
 
 # Echo environment information
 echo "Running CDK synth with DC_ENVIRONMENT=$DC_ENVIRONMENT"
-if [ -n "${AWS_PROFILE+x}" ]; then
-  echo "Using AWS_PROFILE=$AWS_PROFILE"
-fi
 
 # Check if CDK is available in node_modules
 if [ -f "./node_modules/.bin/cdk" ]; then