Build: [AEA-6516] - Move the stateless stack to a CDK deployment#2952
Build: [AEA-6516] - Move the stateless stack to a CDK deployment#2952
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces an initial AWS CDK workspace and deployment pipeline for the PSU “stateless” infrastructure, alongside existing SAM-based deployments, to support a phased migration.
Changes:
- Adds a new
packages/cdkworkspace with a placeholderPsuStatelessStackand app entrypoint. - Extends CI/PR/release GitHub Actions pipelines to package and deploy the CDK app.
- Updates repository tooling (Makefile targets,
.gitignore, VS Code workspace) to support CDK development and outputs.
Reviewed changes
Copilot reviewed 14 out of 17 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/cdk/tsconfig.json | Adds TypeScript config for the new CDK workspace. |
| packages/cdk/stacks/PsuStatelessStack.ts | Introduces an empty CDK stack placeholder for future SAM-to-CDK migration. |
| packages/cdk/package.json | Defines CDK scripts and dependencies for synth/diff/deploy/watch. |
| packages/cdk/nagSuppressions.ts | Adds a placeholder for cdk-nag suppressions. |
| packages/cdk/bin/PsuStatelessApp.ts | Adds CDK app entrypoint wiring config/env into the stack. |
| package.json | Registers packages/cdk as an npm workspace. |
| package-lock.json | Locks new CDK workspace dependencies. |
| Makefile | Adds CDK targets and cleans CDK outputs; includes CDK lint in lint-node. |
| .vscode/eps-prescription-status-update-api.code-workspace | Adds the CDK package folder to the workspace. |
| .pre-commit-config.yaml | Comments out a local Grype scanning hook. |
| .gitignore | Ignores cdk.out and .npmrc. |
| .github/workflows/release.yml | Adds CDK package/deploy jobs and renames SAM packaging job references. |
| .github/workflows/pull_request.yml | Adds CDK package/deploy jobs for PR environments and renames SAM job references. |
| .github/workflows/ci.yml | Adds CDK package/deploy jobs on merge to main and renames SAM job references. |
| .github/workflows/cdk_release_code.yml | New reusable workflow to deploy the CDK app. |
| .github/workflows/cdk_package_code.yml | New reusable workflow to package build artifacts for CDK deployment. |
| .github/actions/install_dependencies/action.yml | New composite action to centralize npm auth + dependency installation. |
| "module": "commonjs", | ||
| "rootDir": ".", | ||
| "outDir": "lib", | ||
| "allowImportingTsExtensions": true, |
There was a problem hiding this comment.
allowImportingTsExtensions is enabled while this tsconfig extends tsconfig.defaults.json, which sets moduleResolution to node. TypeScript requires allowImportingTsExtensions to be used with moduleResolution set to bundler, node16, or nodenext (and noEmit/emitDeclarationOnly). As-is, tsc -p packages/cdk will fail. Either remove allowImportingTsExtensions (if you don’t need .ts import specifiers) or override moduleResolution accordingly in this tsconfig.
| "allowImportingTsExtensions": true, |
| cdk-deploy: | ||
| REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \ | ||
| npm run cdk-deploy --workspace packages/cdk | ||
|
|
There was a problem hiding this comment.
In this recipe, REQUIRE_APPROVAL="..." && npm run ... only sets a shell variable and does not pass it through to the npm run process environment. As a result, ${REQUIRE_APPROVAL} in the cdk-deploy script may expand to an empty string. Use an env assignment directly on the command (e.g., REQUIRE_APPROVAL=... npm run ...) or export it before invoking npm.
| cdk-watch: | ||
| REQUIRE_APPROVAL="$${REQUIRE_APPROVAL:-any-change}" && \ | ||
| npm run cdk-watch --workspace packages/cdk |
There was a problem hiding this comment.
Same issue as cdk-deploy: REQUIRE_APPROVAL="..." && npm run ... does not export the variable to the npm run environment, so --require-approval ${REQUIRE_APPROVAL} may not receive the intended value. Pass it as an environment variable on the npm run invocation (or export it).
|
|
||
| inputs: | ||
| npm-required: | ||
| description: "Set to true if npm dependencies are already installed" |
There was a problem hiding this comment.
The npm-required input description is inverted relative to how it’s used. The action runs make install-node when npm-required == 'true', so the description should indicate that setting it to true installs npm dependencies (or the condition should be flipped). As written, callers are likely to pass the wrong value.
| description: "Set to true if npm dependencies are already installed" | |
| description: "Set to true to install npm dependencies" |
…ack so that it can access the stateful resources, e.g. tables, SQS, params.
|
At this point in development, the stateless stack is partially migrated. However, I need to pass in the SAM stack name, as the stateless stack needs to access resources on the stateful stack as well. Later, this needs to be removed! |
|
Summary
Details
I will migrate the stateless stack to CDK, but I will not be removing any of the SAM template deployments in this PR just yet. I may do that later, depending on how challenging the stateful migration is.