New: [AEA-6515] - Add a stateful CDK stack

.github/actions/install_dependencies/action.yml

@@ -0,0 +1,28 @@
+name: "Install dependencies"
+description: "Install dependencies defined in .tool-versions using asdf and npm packages"
+
+inputs:
+  npm-required:
+    description: "Set to true if npm dependencies are already installed"
+    required: false
+    default: "true"
+  GITHUB_TOKEN:
+    description: "GitHub token to access private npm packages"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setting up .npmrc
+      shell: bash
+      env:
+        NODE_AUTH_TOKEN: ${{ inputs.GITHUB_TOKEN }}
+      run: |
+        echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
+        echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+    - name: Run make install
+      if: inputs.npm-required == 'true'
+      shell: bash
+      run: |
+        make install-node

.github/instructions/languages/cdk.instructions.md

@@ -33,6 +33,7 @@ This file provides instructions for generating, reviewing, and maintaining AWS C
 - Variables: camelCase
 - Stacks: Suffix with `Stack` (e.g., `CptsApiAppStack`)
 - Entry points: Suffix with `App` (e.g., `CptsApiApp.ts`)
+- CDK app entry points must follow `<app acronym><Api|Ui>[Sandbox]App` naming (e.g., `PsuApiApp`, `PsuApiSandboxApp`)
 
 ### File Organization
 

.github/scripts/delete_stacks.sh

@@ -6,11 +6,12 @@
 REPO_NAME=eps-prescription-status-update-api
 
 # this should be a regex used in jq command that parses the output from aws cloudformation list-stacks and just captures stacks we are interested in
-CAPTURE_REGEX="^psu-pr-(\\d+)(-sandbox)?$"
+CAPTURE_REGEX="^psu-(cdk-)?pr-([0-9]+)(-sandbox|-stateful)?$"
 
+# TODO: no longer needed?
 # this should be a regex that is used to get the pull request id from the cloud formation stack name
 # this is used in a replace command to replace the stack name so what is left is just the pull request id
-PULL_REQUEST_STACK_REGEX=psu-pr-
+#PULL_REQUEST_STACK_REGEX=psu-pr-
 
 CNAME_QUERY=psu-pr-
 
@@ -29,8 +30,9 @@ delete_cloudformation_stacks() {
   for i in "${ACTIVE_STACKS_ARRAY[@]}"
   do 
     echo "Checking if stack $i has open pull request"
-    PULL_REQUEST=${i//${PULL_REQUEST_STACK_REGEX}/}
-    PULL_REQUEST=${PULL_REQUEST//-sandbox/}
+    # Extract PR number from stack names like psu-pr-123, psu-pr-123-sandbox,
+    # psu-cdk-pr-123, or psu-cdk-pr-123-stateful
+    PULL_REQUEST=$(echo "${i}" | sed 's/.*-pr-//' | sed 's/-.*//')
     echo "Checking pull request id ${PULL_REQUEST}"
     URL="https://api.github.com/repos/NHSDigital/${REPO_NAME}/pulls/${PULL_REQUEST}"
     RESPONSE=$(curl "${URL}" 2>/dev/null)

.github/workflows/cdk_package_code.yml

@@ -0,0 +1,66 @@
+name: cdk package code
+
+on:
+  workflow_call:
+    inputs:
+      BRANCH_NAME:
+        required: true
+        type: string
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+      pinned_image:
+        required: true
+        type: string
+
+permissions: {}
+
+jobs:
+  package_code:
+    runs-on: ubuntu-22.04
+    container:
+      image: ${{ inputs.pinned_image }}
+      options: --user 1001:1001 --group-add 128
+    defaults:
+      run:
+        shell: bash
+    permissions:
+      id-token: write
+      contents: read
+      packages: read
+    steps:
+      - name: copy .tool-versions
+        run: |
+          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          ref: ${{ inputs.BRANCH_NAME }}
+          persist-credentials: false
+
+      - name: install dependencies
+        uses: ./.github/actions/install_dependencies
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: make compile
+        run: make compile
+
+      - name: "Tar files"
+        run: |
+          tar -rf artifact.tar \
+            .github \
+            packages \
+            node_modules \
+            package.json \
+            package-lock.json \
+            tsconfig.defaults.json
+
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        name: upload build artifact
+        with:
+          name: build_artifact
+          path: artifact.tar

.github/workflows/cdk_release_code.yml

@@ -0,0 +1,231 @@
+name: cdk release code
+
+on:
+  workflow_call:
+    inputs:
+      BRANCH_NAME:
+        required: true
+        type: string
+      STACK_NAME:
+        required: true
+        type: string
+      AWS_ENVIRONMENT:
+        required: true
+        type: string
+      VERSION_NUMBER:
+        required: true
+        type: string
+      COMMIT_ID:
+        required: true
+        type: string
+      STACK_MODE:
+        required: false
+        type: string
+        default: "stateless"
+      APP_NAME:
+        required: false
+        type: string
+        default: "PsuApiApp"
+      TRUST_STORE_VERSION:
+        type: string
+        required: false
+        default: "none"
+      ENABLE_MUTUAL_TLS:
+        type: boolean
+        required: false
+        default: false
+      ENABLE_SPLUNK:
+        type: boolean
+        required: false
+        default: false
+      LOG_RETENTION_IN_DAYS:
+        required: true
+        type: string
+      LOG_LEVEL:
+        type: string
+        required: false
+        default: "DEBUG"
+      IS_PULL_REQUEST:
+        type: boolean
+        required: true
+      TRUSTSTORE_FILE:
+        type: string
+        required: false
+        default: ""
+      FORWARD_CSOC_LOGS:
+        type: boolean
+        required: false
+        default: false
+      DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE:
+        type: boolean
+        required: false
+        default: false
+      EXPOSE_GET_STATUS_UPDATES:
+        type: boolean
+        required: false
+        default: false
+      SAM_STACK_NAME:
+        type: string
+        required: false
+        default: ""
+      ENABLE_POST_DATED_NOTIFICATIONS:
+        type: boolean
+        required: false
+        default: false
+      REQUIRE_APPLICATION_NAME:
+        type: boolean
+        required: false
+        default: false
+      ENABLE_BACKUP:
+        type: boolean
+        required: true
+      ENABLE_DYNAMODB_AUTO_SCALING:
+        type: boolean
+        required: false
+        default: false
+      ENABLED_SITE_ODS_CODES:
+        type: string
+        required: false
+        default: " "
+      ENABLED_SYSTEMS:
+        type: string
+        required: false
+        default: " "
+      ENABLED_SUPPLIER_APPLICATION_IDS:
+        type: string
+        required: false
+        default: " "
+      BLOCKED_SITE_ODS_CODES:
+        type: string
+        required: false
+        default: " "
+      NOTIFY_ROUTING_PLAN_ID:
+        type: string
+        required: false
+        default: " "
+      NOTIFY_API_BASE_URL:
+        type: string
+        required: false
+        default: " "
+      ENABLE_NOTIFICATIONS_EXTERNAL:
+        type: boolean
+        required: false
+        default: false
+      ENABLE_NOTIFICATIONS_INTERNAL:
+        type: boolean
+        required: false
+        default: false
+      TEST_PRESCRIPTIONS_1:
+        type: string
+        required: false
+        default: "PLACEHOLDER"
+      TEST_PRESCRIPTIONS_2:
+        type: string
+        required: false
+        default: "PLACEHOLDER"
+      TEST_PRESCRIPTIONS_3:
+        type: string
+        required: false
+        default: "PLACEHOLDER"
+      TEST_PRESCRIPTIONS_4:
+        type: string
+        required: false
+        default: "PLACEHOLDER"
+      RUN_DIFF:
+        type: boolean
+        required: false
+        default: false
+      pinned_image:
+        required: true
+        type: string
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE:
+        required: true
+permissions: {}
+
+jobs:
+  release_code:
+    runs-on: ubuntu-22.04
+    environment: ${{ inputs.AWS_ENVIRONMENT }}
+    container:
+      image: ${{ inputs.pinned_image }}
+      options: --user 1001:1001 --group-add 128
+    defaults:
+      run:
+        shell: bash
+    name: deploy cdk app ${{ inputs.APP_NAME }} ${{ inputs.STACK_MODE }}
+    env:
+      CDK_APP_NAME: "${{ inputs.APP_NAME }}"
+      CDK_CONFIG_stackMode: "${{ inputs.STACK_MODE }}"
+      CDK_CONFIG_stackName: "${{ inputs.STACK_NAME }}"
+      CDK_CONFIG_versionNumber: "${{ inputs.VERSION_NUMBER }}"
+      CDK_CONFIG_commitId: "${{ inputs.COMMIT_ID }}"
+      CDK_CONFIG_isPullRequest: "${{ inputs.IS_PULL_REQUEST }}"
+      CDK_CONFIG_environment: "${{ inputs.AWS_ENVIRONMENT }}"
+      CDK_CONFIG_logRetentionInDays: "${{ inputs.LOG_RETENTION_IN_DAYS }}"
+      CDK_CONFIG_logLevel: "${{ inputs.LOG_LEVEL }}"
+      CDK_CONFIG_trustStoreFile: "${{ inputs.TRUSTSTORE_FILE }}"
+      CDK_CONFIG_trustStoreVersion: "${{ inputs.TRUST_STORE_VERSION }}"
+      CDK_CONFIG_enableMutualTls: "${{ inputs.ENABLE_MUTUAL_TLS }}"
+      CDK_CONFIG_enableSplunk: "${{ inputs.ENABLE_SPLUNK }}"
+      CDK_CONFIG_forwardCsocLogs: "${{ inputs.FORWARD_CSOC_LOGS }}"
+      CDK_CONFIG_deployCheckPrescriptionStatusUpdate: "${{ inputs.DEPLOY_CHECK_PRESCRIPTION_STATUS_UPDATE }}"
+      CDK_CONFIG_exposeGetStatusUpdates: "${{ inputs.EXPOSE_GET_STATUS_UPDATES }}"
+      CDK_CONFIG_samStackName: "${{ inputs.SAM_STACK_NAME }}"
+      CDK_CONFIG_enablePostDatedNotifications: "${{ inputs.ENABLE_POST_DATED_NOTIFICATIONS }}"
+      CDK_CONFIG_requireApplicationName: "${{ inputs.REQUIRE_APPLICATION_NAME }}"
+      CDK_CONFIG_enableBackup: "${{ inputs.ENABLE_BACKUP }}"
+      CDK_CONFIG_enableDynamoDBAutoScaling: "${{ inputs.ENABLE_DYNAMODB_AUTO_SCALING }}"
+      CDK_CONFIG_enabledSiteOdsCodes: "${{ inputs.ENABLED_SITE_ODS_CODES }}"
+      CDK_CONFIG_enabledSystems: "${{ inputs.ENABLED_SYSTEMS }}"
+      CDK_CONFIG_enabledSupplierApplicationIds: "${{ inputs.ENABLED_SUPPLIER_APPLICATION_IDS }}"
+      CDK_CONFIG_blockedSiteOdsCodes: "${{ inputs.BLOCKED_SITE_ODS_CODES }}"
+      CDK_CONFIG_notifyRoutingPlanId: "${{ inputs.NOTIFY_ROUTING_PLAN_ID }}"
+      CDK_CONFIG_notifyApiBaseUrl: "${{ inputs.NOTIFY_API_BASE_URL }}"
+      CDK_CONFIG_enableNotificationsExternal: "${{ inputs.ENABLE_NOTIFICATIONS_EXTERNAL }}"
+      CDK_CONFIG_enableNotificationsInternal: "${{ inputs.ENABLE_NOTIFICATIONS_INTERNAL }}"
+      CDK_CONFIG_testPrescriptions1: "${{ inputs.TEST_PRESCRIPTIONS_1 }}"
+      CDK_CONFIG_testPrescriptions2: "${{ inputs.TEST_PRESCRIPTIONS_2 }}"
+      CDK_CONFIG_testPrescriptions3: "${{ inputs.TEST_PRESCRIPTIONS_3 }}"
+      CDK_CONFIG_testPrescriptions4: "${{ inputs.TEST_PRESCRIPTIONS_4 }}"
+      REQUIRE_APPROVAL: "never"
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: copy .tool-versions
+        run: |
+          cp /home/vscode/.tool-versions "$HOME/.tool-versions"
+
+      - name: build_artifact download
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
+        with:
+          name: build_artifact
+
+      - name: extract build_artifact
+        run: tar -xf artifact.tar
+
+      - name: install dependencies
+        uses: ./.github/actions/install_dependencies
+        with:
+          npm-required: false
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure AWS Credentials
+        id: connect-aws-deploy
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7
+        with:
+          aws-region: eu-west-2
+          role-to-assume: ${{ secrets.CLOUD_FORMATION_DEPLOY_ROLE }}
+          role-session-name: psu-deployment
+
+      - name: Show diff
+        if: ${{ inputs.RUN_DIFF }}
+        run: npm run cdk-diff --workspace packages/cdk
+
+      - name: Deploy AWS infrastructure and code
+        run: npm run cdk-deploy --workspace packages/cdk
+        shell: bash
+
+# later, there will be API deployment steps c.f. https://github.com/NHSDigital/electronic-prescription-service-clinical-prescription-tracker/blob/main/.github/workflows/cdk_release_code.yml