Merge remote-tracking branch 'origin/main' into cdk_construct

anthony-nhs · anthony-nhs · commit 4eea72b51958 · 2025-10-24T17:39:32.000Z
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,6 +1,5 @@
 FROM mcr.microsoft.com/devcontainers/base:ubuntu
 
-
 ARG TARGETARCH
 ENV TARGETARCH=${TARGETARCH}
 
diff --git a/.github/workflows/docker_image_build.yml b/.github/workflows/docker_image_build.yml
@@ -19,17 +19,19 @@ jobs:
       packages: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           ref: ${{ env.BRANCH_NAME }}
 
       - name: Build cdk-utils-build Docker image
         id: build-cdk-utils-build-image
+        env:
+          VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
         run: |
-          docker build -t "cdk-utils-build:${{ inputs.VERSION_NUMBER }}" -f docker/Dockerfile --build-arg VERSION=${{ inputs.VERSION_NUMBER }} .
-          docker save "cdk-utils-build:${{ inputs.VERSION_NUMBER }}" -o cdk-utils-build.img   
+          docker build -t "cdk-utils-build:${VERSION_NUMBER}" -f docker/Dockerfile --build-arg VERSION="${VERSION_NUMBER}" .
+          docker save "cdk-utils-build:${VERSION_NUMBER}" -o cdk-utils-build.img
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         name: Upload docker images
         with:
           name: docker_artifact
diff --git a/.github/workflows/docker_image_upload.yml b/.github/workflows/docker_image_upload.yml
@@ -21,7 +21,7 @@ on:
     secrets:
       CDK_PUSH_IMAGE_ROLE:
         required: true
-  
+
 jobs:
   upload_docker_image:
     runs-on: ubuntu-22.04
@@ -32,22 +32,22 @@ jobs:
 
     steps:
       - name: Checkout local github actions
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           ref: ${{ env.BRANCH_NAME }}
           fetch-depth: 0
           sparse-checkout: |
             .github
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v5
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8
         with:
           aws-region: eu-west-2
           role-to-assume: ${{ secrets.CDK_PUSH_IMAGE_ROLE }}
           role-session-name: upload-cdk-utils-build
 
       - name: docker_artifact download
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0
         with:
           name: docker_artifact
           path: .
@@ -60,23 +60,28 @@ jobs:
       - name: Retrieve AWS Account ID
         id: retrieve-account-id
         run: echo "ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)" >> "$GITHUB_ENV"
-       
+
       - name: Login to Amazon ECR
         id: login-ecr
         run: |
           aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com
 
       - name: Push tagged version cdk-utils-build to Amazon ECR
+        env:
+          VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
+          DOCKER_IMAGE_TAG: ${{ inputs.DOCKER_IMAGE_TAG }}
         run: |
-          docker tag "cdk-utils-build:${{ inputs.VERSION_NUMBER }}" "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:${{ inputs.DOCKER_IMAGE_TAG }}"
-          docker push "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:${{ inputs.DOCKER_IMAGE_TAG }}"
+          docker tag "cdk-utils-build:${VERSION_NUMBER}" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:${DOCKER_IMAGE_TAG}"
+          docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:${DOCKER_IMAGE_TAG}"
 
       - name: Push latest cdk-utils-build to Amazon ECR
         if: ${{ inputs.TAG_LATEST == true }}
+        env:
+          VERSION_NUMBER: ${{ inputs.VERSION_NUMBER }}
         run: |
-          docker tag "cdk-utils-build:${{ inputs.VERSION_NUMBER }}" "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
-          docker push "${{ env.ACCOUNT_ID }}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
-    
+          docker tag "cdk-utils-build:${VERSION_NUMBER}" "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
+          docker push "${ACCOUNT_ID}.dkr.ecr.eu-west-2.amazonaws.com/cdk-utils-build-repo:latest"
+
       - name: Check cdk-utils-build scan results
         env:
           REPOSITORY_NAME: cdk-utils-build-repo
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -41,7 +41,7 @@ jobs:
       issue_number: ${{steps.get_issue_number.outputs.result}}
 
     steps:
-      - uses: actions/github-script@v8
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
         name: get issue number
         id: get_issue_number
         with:
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,44 +1,51 @@
 FROM ubuntu:24.04
 
+ARG TARGETARCH
+ENV TARGETARCH=${TARGETARCH}
+
+ARG ASDF_VERSION
+COPY .tool-versions.asdf /tmp/.tool-versions.asdf
+
 ARG VERSION
 
 RUN apt-get update \
     && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y upgrade
-
-RUN export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y upgrade \
     && apt-get -y install --no-install-recommends ca-certificates curl git jq make unzip wget \
     && apt-get clean
 
 # install aws stuff
-ADD https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip /tmp/awscliv2.zip
-RUN unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
+# Download correct AWS CLI for arch
+RUN if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; \
+    else \
+      wget -O /tmp/awscliv2.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; \
+    fi && \
+    unzip /tmp/awscliv2.zip -d /tmp/aws-cli && \
     /tmp/aws-cli/aws/install && \
-    rm tmp/awscliv2.zip && \
-    rm -rf /tmp/aws-cli
+    rm /tmp/awscliv2.zip && rm -rf /tmp/aws-cli
+
+# Install ASDF
+RUN ASDF_VERSION=$(awk '!/^#/ && NF {print $1; exit}' /tmp/.tool-versions.asdf) && \
+    if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" = "aarch64" ]; then \
+        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-arm64.tar.gz; \
+    else \
+        wget -O /tmp/asdf.tar.gz https://github.com/asdf-vm/asdf/releases/download/v${ASDF_VERSION}/asdf-v${ASDF_VERSION}-linux-amd64.tar.gz; \
+    fi && \
+    tar -xvzf /tmp/asdf.tar.gz && \
+    mv asdf /usr/bin
 
 RUN useradd -ms /bin/bash cdkuser
 RUN chown -R cdkuser /home/cdkuser
 WORKDIR /home/cdkuser
 USER cdkuser
-# Install ASDF
-RUN git clone https://github.com/asdf-vm/asdf.git /home/cdkuser/.asdf --branch v0.14.1; \
-    echo '. /home/cdkuser/.asdf/asdf.sh' >> ~/.bashrc; \
-    echo '. /home/cdkuser/.asdf/completions/asdf.bash' >> ~/.bashrc; \
-    echo 'PATH="$PATH:/home/cdkuser/.asdf/bin/"' >> ~/.bashrc;
 
-ENV PATH="$PATH:/home/cdkuser/.asdf/bin/:/home/cdkuser/node_modules/.bin"
+ENV PATH="$PATH:/home/cdkuser/.asdf/shims/:/home/cdkuser/node_modules/.bin"
 
 # Install ASDF plugins
 RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git
 # install some common node versions that are used in builds to speed things up
-RUN asdf install nodejs 20.19.1; \
-    asdf install nodejs 23.9.0
-# update npm
-RUN export ASDF_DIR=/home/cdkuser/.asdf && \
-    . /home/cdkuser/.asdf/asdf.sh && \
-    asdf shell nodejs 20.19.1 && \
-    cd ~/.asdf/installs/nodejs/20.19.1/lib && npm update npm
+RUN asdf install nodejs 22.20.0; 
 
 # copy files needed for deployment
 COPY --chown=cdkuser docker/entrypoint.sh /home/cdkuser/
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -9,27 +9,24 @@ echo "**************************************"
 echo
 echo
 
-if [ -z "${CDK_APP_PATH}" ]; then
+if [[ -z "${CDK_APP_PATH}" ]]; then
     echo "CDK_APP_PATH is unset or set to the empty string"
     exit 1
 fi
 
-# shellcheck source=/dev/null
-source /home/cdkuser/.asdf/asdf.sh
-
 sed -i -n '/nodejs/p'  /home/cdkuser/workspace/.tool-versions
 cd /home/cdkuser/workspace/ || exit
 
 asdf install
 asdf reshim nodejs
 
-if [ "${SHOW_DIFF}" = "true" ]
+if [[ "${SHOW_DIFF}" = "true" ]]
 then
     echo "Running diff"
     npx cdk diff \
 		--app "npx ts-node --prefer-ts-exts ${CDK_APP_PATH}"
 fi
-if [ "${DEPLOY_CODE}" = "true" ]
+if [[ "${DEPLOY_CODE}" = "true" ]]
 then
     echo "Running deploy"
     npx cdk deploy \
