WiP CDK synth workflow

Author: GeoWill

.github/actions/cdk-synth/action.yml

@@ -0,0 +1,31 @@
+name: 'CDK Synth'
+description: 'Check CDK output is valid'
+inputs:
+  dc-environment:
+    description: 'Environment to deploy to (development, staging, production)'
+    required: true
+  aws-role-arn:
+    description: 'ARN of AWS account to assume'
+    required: true
+
+runs:
+  using: composite
+  steps:
+
+    - name: Python setup
+      uses: ./.github/actions/python-setup
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: eu-west-2
+        role-to-assume: ${{ inputs.aws-role-arn }}
+
+    - name: Node setup
+      uses: ./.github/actions/node-setup
+
+    - name: CDK Synth
+      run: scripts/cdk-synth --all
+      shell: bash
+      env:
+        DC_ENVIRONMENT: ${{ inputs.dc-environment }}

.github/actions/node-setup/action.yml

@@ -0,0 +1,15 @@
+name: 'Node Setup'
+description: 'Install node/npm and dependencies'
+
+runs:
+  using: composite
+  steps:
+    - name: Install node
+      uses: actions/setup-node@v4
+      with:
+        node-version: "18"
+        cache: 'npm'
+
+    - name: Install node modules
+      run: npm ci
+      shell: bash

.github/actions/python-setup/action.yml

@@ -0,0 +1,21 @@
+name: 'Python Setup'
+description: 'Install uv, python and dependencies'
+
+runs:
+  using: composite
+  steps:
+    - name: Install python
+      uses: actions/setup-python@v5
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        enable-cache: true
+        cache-suffix: "uv-cache-v1"
+        cache-dependency-glob: |
+          **/uv.lock
+          **/pyproject.toml
+
+    - name: Create venv
+      run: uv sync
+      shell: bash

.github/workflows/build-and-test.yml

@@ -15,19 +15,8 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Install python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-        with:
-          enable-cache: true
-          cache-suffix: "uv-cache-v1"
-          cache-dependency-glob: |
-            **/uv.lock
-            **/pyproject.toml
+      - name: Python setup
+        uses: ./.github/actions/python-setup
 
       - name: Check Workflows
         run: uvx zizmor --format sarif . > zizmor-results.sarif

.github/workflows/cdk-synth.yml

@@ -0,0 +1,30 @@
+name: CDK Synth
+
+on:
+#  workflow_run:
+#    workflows: ["Build and Test"]
+#    types: [completed]
+  push:
+    branches: [github-actions-deploy]
+
+permissions:
+  id-token: write
+
+jobs:
+  cdk-synth-development:
+    name: CDK Synth (Dev)
+    runs-on: ubuntu-22.04
+    environment: development
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+
+      - name: CDK Synth Dev
+        uses: ./.github/actions/cdk-synth
+        with:
+          dc-environment: ${{ vars.DC_ENVIRONMENT }}
+          aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}

scripts/cdk-synth

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -euxo pipefail
+
+# Echo environment information
+echo "Running CDK synth with DC_ENVIRONMENT=$DC_ENVIRONMENT"
+if [ -n "${AWS_PROFILE+x}" ]; then
+  echo "Using AWS_PROFILE=$AWS_PROFILE"
+fi
+
+# Check if CDK is available in node_modules
+if [ -f "./node_modules/.bin/cdk" ]; then
+  echo "Using CDK from node_modules"
+  uv run ./node_modules/.bin/cdk synth "$@"
+else
+  echo "Error: CDK not found in node_modules. Make sure it's installed with 'npm ci'"
+  exit 1
+fi