feat!: use toolkit-lib for diff (#125)

This PR refactors the diff and assembly processing to use the new
`@aws-cdk/toolkit-lib` library.

This allows us to greatly simplify the logic that we have to maintain
and offload more work to the core library.
For example, this allows us to use the default CDK authentication
instead of trying to replicate it ourselves (see #62).

Couple of other changes that I've included in this PR since v2 allows me
a chance to make breaking changes.

BREAKING CHANGE: several breaking changes with details below

There are several breaking changes in this release.
1. Replace `noDiffForStages` with `stackSelectionStrategy` &
`stackSelectorPatterns`
This uses the native selection stack filtering capability of
`toolkit-lib` and should be a more robust option for users to filter
stacks. `stackSelectorPatterns` also uses a multi-line input instead of
a comma delimited string input. To migrate from `noDiffForStages` to
`stackSelectorPatterns` you can do this:
```yaml
# from this
- name: Diff
   uses: corymhall/cdk-diff-action@v1
   with:
     noDiffForStages: "Stage1,Stage2"
     githubToken: ${{ secrets.GITHUB_TOKEN }}

# to this
- name: Diff
   uses: corymhall/cdk-diff-action@v2-beta
   with:
     stackSelectorPatterns: |
       !Stage1/*
       !Stage2/*
     githubToken: ${{ secrets.GITHUB_TOKEN }}
```
2. The default `diffMethod` is changed to `change-set` to match the cdk
default behavior. This also changes the IAM Role used for diff from the
`lookup-role` to the `deploy-role`. To keep the old behavior you can
specify `diffMethod: template-only`
3. `allowDestroyTypes` and `noFailOnDestructiveChanges` input types were
changed from a comma delimited string to a multi-line string.
```yaml
# from this
- name: Diff
   uses: corymhall/cdk-diff-action@v1
   with:
     noFailOnDestructiveChanges: "Stage1,Stage2"
     githubToken: ${{ secrets.GITHUB_TOKEN }}

# to this
- name: Diff
   uses: corymhall/cdk-diff-action@v2-beta
   with:
     noFailOnDestructiveChanges: |
       Stage1
       Stage2
     githubToken: ${{ secrets.GITHUB_TOKEN }}
```


Closes #44
Fixes #62

---------

Signed-off-by: github-actions <github-actions@github.com>
Co-authored-by: github-actions <github-actions@github.com>

Author: corymhall

.github/workflows/release.yml

@@ -47,52 +47,89 @@ const project = new GitHubActionTypeScriptProject({
         required: false,
         default: 'true',
       },
-      noDiffForStages: {
-        description: 'List of stages to ignore and not show a diff for',
+      stackSelectorPatterns: {
+        description: 'Comma delimited list of stack selector patterns. Use this to control which stages/stacks to diff. By default all stages & stacks are diffed\n\n'+
+        '@see https://github.com/aws/aws-cdk-cli/tree/main/packages/%40aws-cdk/toolkit-lib#stack-selection',
         required: false,
         default: '',
       },
+      stackSelectionStrategy: {
+        description: [
+          'Used in combination with "stackSelectorPatterns" to control which stacks to diff.',
+          '',
+          'Valid values are "all-stacks", "main-assembly", "only-single", "pattern-match",',
+          '"pattern-must-match", "pattern-must-match-single"',
+          '',
+          '@default pattern-must-match if "stackSelectorPatterns" is provided, otherwise "all-stacks"',
+          '@see https://github.com/aws/aws-cdk-cli/tree/main/packages/%40aws-cdk/toolkit-lib#stack-selection',
+        ].join('\n'),
+        default: 'all-stacks',
+        required: false,
+      },
       noFailOnDestructiveChanges: {
-        description: '',
+        description: 'List of stages where breaking changes will not fail the build',
         required: false,
-        default: 'List of stages where breaking changes will not fail the build',
+        default: '',
       },
       cdkOutDir: {
         description: 'The location of the CDK output directory',
         required: false,
         default: 'cdk.out',
       },
+      diffMethod: {
+        description: ['The method to create a stack diff.',
+          '',
+          "Valid values are 'change-set' or 'template-only'.",
+          '',
+          'Use changeset diff for the highest fidelity, including analyze resource replacements.',
+          'In this method, diff will use the deploy role instead of the lookup role.',
+          '',
+          "Use template-only diff for a faster, less accurate diff that doesn't require",
+          'permissions to create a change-set.'].join('\n'),
+        required: false,
+        default: 'change-set',
+      },
     },
     runs: {
       using: RunsUsing.NODE_20,
       main: 'dist/index.js',
     },
   },
   deps: [
-    '@octokit/webhooks-definitions',
     '@aws-cdk/cloudformation-diff',
+    '@aws-cdk/cx-api',
+    '@aws-cdk/toolkit-lib',
+    '@octokit/webhooks-definitions',
     '@aws-cdk/cloud-assembly-schema',
     '@actions/exec@^1.1.1',
     '@actions/io@^1.1.3',
     '@actions/tool-cache@^2.0.0',
     'fs-extra',
-    '@aws-sdk/client-cloudformation',
-    '@aws-sdk/client-sts',
-    '@smithy/types',
     'chalk@^4',
-    '@aws-sdk/credential-providers',
   ],
   devDeps: [
-    'aws-sdk',
     'mock-fs@^5',
-    'aws-sdk-client-mock',
     '@types/mock-fs@^4',
     'projen-github-action-typescript',
     '@types/fs-extra',
     'action-docs',
     '@swc/core',
     '@swc/jest',
   ],
+  tsconfig: {
+    compilerOptions: {
+      lib: ['es2022', 'esnext'],
+      // TODO: https://github.com/aws/aws-cdk-cli/issues/418
+      skipLibCheck: true,
+    },
+  },
+  tsconfigDev: {
+    compilerOptions: {
+      lib: ['es2022', 'esnext'],
+      // TODO: https://github.com/aws/aws-cdk-cli/issues/418
+      skipLibCheck: true,
+    },
+  },
   jestOptions: {
     configFilePath: 'jest.config.json',
   },
@@ -215,6 +252,6 @@ workflow?.on({
 });
 
 projenProject.packageTask.reset();
-projenProject.packageTask.exec('cp node_modules/@aws-cdk/aws-service-spec/db.json.gz ./ && ncc build --source-map --license licenses.txt');
+projenProject.packageTask.exec('cp node_modules/@aws-cdk/aws-service-spec/db.json.gz ./ && ncc build src/index.ts --source-map --transpile-only --license licenses.txt');
 workflow?.addJobs({ enableAutoMerge: autoMergeJob });
 project.synth();

.projen/deps.json

@@ -53,7 +53,7 @@ jobs:
           role-to-assume: arn:aws:iam::1234567891012:role/cdk_github_actions
           role-session-name: github
       - name: Diff
-        uses: corymhall/cdk-diff-action@v1
+        uses: corymhall/cdk-diff-action@v2-beta
         with:
           githubToken: ${{ secrets.GITHUB_TOKEN }}
 ```
@@ -82,25 +82,33 @@ jobs:
   Synth:
     steps:
       - name: Diff
-        uses: corymhall/cdk-diff-action@v1
+        uses: corymhall/cdk-diff-action@v2-beta
         with:
-          allowedDestroyTypes: "AWS::ECS::TaskDefinition,AWS::CloudWatch::Dashboard"
+          allowedDestroyTypes: |
+            AWS::ECS::TaskDefinition
+            AWS::CloudWatch::Dashboard
           githubToken: ${{ secrets.GITHUB_TOKEN }}
 
 ```
 
 ### Disable showing diff for stages
 
-You can disable displaying the diff for certain stages by using `noDiffForStages`
+You can disable displaying the diff for certain stages or stacks by using
+`stackSelectorPatterns`. `stackSelectorPatterns` using `glob` patterns to filter
+which stacks to diff. To exclude stacks you can use an exclude pattern (e.g.
+`!SomeStage/SampleStack`). To exclude an entire stage you would provide
+`!SomeStage/*`.
 
 ```yml
 jobs:
   Synth:
     steps:
       - name: Diff
-        uses: corymhall/cdk-diff-action@v1
+        uses: corymhall/cdk-diff-action@v2-beta
         with:
-          noDiffForStages: "Stage1,Stage2"
+          StackSelectorPatterns: |
+            !Stage1/*
+            !Stage2/*
           githubToken: ${{ secrets.GITHUB_TOKEN }}
 ```
 
@@ -114,9 +122,11 @@ jobs:
   Synth:
     steps:
       - name: Diff
-        uses: corymhall/cdk-diff-action@v1
+        uses: corymhall/cdk-diff-action@v2-beta
         with:
-          noFailOnDestructiveChanges: "Stage1,Stage2"
+          noFailOnDestructiveChanges: |
+            Stage1
+            Stage2
           githubToken: ${{ secrets.GITHUB_TOKEN }}
 ```
 
@@ -130,7 +140,7 @@ jobs:
   Synth:
     steps:
       - name: Diff
-        uses: corymhall/cdk-diff-action@v1
+        uses: corymhall/cdk-diff-action@v2-beta
         with:
           failOnDestructiveChanges: false
           githubToken: ${{ secrets.GITHUB_TOKEN }}