diff --git a/.github/workflows/postgres-build.yml b/.github/workflows/infra-build.yml similarity index 76% rename from .github/workflows/postgres-build.yml rename to .github/workflows/infra-build.yml index fbb8bdfe..7f3f9a3f 100644 --- a/.github/workflows/postgres-build.yml +++ b/.github/workflows/infra-build.yml @@ -1,11 +1,11 @@ -name: postgres-build +name: infra-build on: workflow_dispatch: push: paths: - - "postgres/**" - - ".github/workflows/postgres*" + - "../../infra/**" + - ".github/workflows/infra*" # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -19,7 +19,7 @@ jobs: pull-requests: write defaults: run: - working-directory: ./postgres/cdk + working-directory: ./infra/cdk # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -28,13 +28,16 @@ jobs: - uses: actions/setup-node@v3 with: - node-version-file: './postgres/cdk/.nvmrc' + node-version-file: './infra/cdk/.nvmrc' cache: npm - cache-dependency-path: ./postgres/cdk/package-lock.json + cache-dependency-path: ./infra/cdk/package-lock.json - name: cdk synth run: | npm ci + npm run lint + npm run test + npm run format -- --check npm run synth - uses: guardian/actions-riff-raff@v4 @@ -44,8 +47,8 @@ jobs: app: postgres contentDirectories: | cloudformation: - - ./postgres/cdk/cdk.out/pfi-giant-postgres-CODE.template.json - - ./postgres/cdk/cdk.out/pfi-giant-postgres-PROD.template.json + - ./infra/cdk/cdk.out/pfi-giant-postgres-CODE.template.json + - ./infra/cdk/cdk.out/pfi-giant-postgres-PROD.template.json config: | stacks: - pfi-giant @@ -57,7 +60,6 @@ jobs: deployments: cloudformation: type: cloud-formation - app: postgres parameters: templateStagePaths: CODE: pfi-giant-postgres-CODE.template.json diff --git a/postgres/.tool-versions b/infra/.tool-versions similarity index 100% rename from postgres/.tool-versions rename to infra/.tool-versions diff --git a/postgres/cdk/.gitignore b/infra/cdk/.gitignore similarity index 100% rename from postgres/cdk/.gitignore rename to infra/cdk/.gitignore diff --git a/postgres/cdk/.nvmrc b/infra/cdk/.nvmrc similarity index 100% rename from postgres/cdk/.nvmrc rename to infra/cdk/.nvmrc diff --git a/postgres/cdk/README.md b/infra/cdk/README.md similarity index 100% rename from postgres/cdk/README.md rename to infra/cdk/README.md diff --git a/infra/cdk/bin/cdk.ts b/infra/cdk/bin/cdk.ts new file mode 100644 index 00000000..034357bc --- /dev/null +++ b/infra/cdk/bin/cdk.ts @@ -0,0 +1,18 @@ +import 'source-map-support/register'; +import { App } from 'aws-cdk-lib'; +import { Postgres } from '../lib/postgres'; + +const app = new App(); + +const stack = 'pfi-giant'; + +new Postgres(app, 'pfi-giant-postgres-CODE', { + stack, + stage: 'CODE', + app: 'postgres', +}); +new Postgres(app, 'pfi-giant-postgres-PROD', { + stack, + stage: 'PROD', + app: 'postgres', +}); diff --git a/postgres/cdk/cdk.json b/infra/cdk/cdk.json similarity index 100% rename from postgres/cdk/cdk.json rename to infra/cdk/cdk.json diff --git a/postgres/cdk/jest.setup.js b/infra/cdk/jest.setup.js similarity index 100% rename from postgres/cdk/jest.setup.js rename to infra/cdk/jest.setup.js diff --git a/postgres/cdk/lib/__snapshots__/giant.test.ts.snap b/infra/cdk/lib/__snapshots__/postgres.test.ts.snap similarity index 93% rename from postgres/cdk/lib/__snapshots__/giant.test.ts.snap rename to infra/cdk/lib/__snapshots__/postgres.test.ts.snap index 05cdeee9..011a3154 100644 --- a/postgres/cdk/lib/__snapshots__/giant.test.ts.snap +++ b/infra/cdk/lib/__snapshots__/postgres.test.ts.snap @@ -1,6 +1,6 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`The Giant stack matches the snapshot 1`] = ` +exports[`Giant's 'postgres' stack matches the snapshot 1`] = ` { "Metadata": { "gu:cdk:constructs": [ @@ -70,7 +70,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` [ "{{resolve:secretsmanager:", { - "Ref": "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb", + "Ref": "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb", }, ":SecretString:password::}}", ], @@ -180,7 +180,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` "DatabaseSecretAttachmentE5D1B020": { "Properties": { "SecretId": { - "Ref": "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb", + "Ref": "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb", }, "TargetId": { "Ref": "DatabaseB269D8BB", @@ -191,7 +191,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "DatabaseSecurityGroup7319C0F6": { "Properties": { - "GroupDescription": "Giant/DatabaseSecurityGroup", + "GroupDescription": "postgres/DatabaseSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -223,9 +223,9 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::EC2::SecurityGroup", }, - "DatabaseSecurityGroupfromGiantdbaccess9A17AB315432E7A0126D": { + "DatabaseSecurityGroupfrompostgresdbaccessDB6F60745432B2BFF6F2": { "Properties": { - "Description": "from Giantdbaccess9A17AB31:5432", + "Description": "from postgresdbaccessDB6F6074:5432", "FromPort": 5432, "GroupId": { "Fn::GetAtt": [ @@ -275,56 +275,9 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::RDS::DBSubnetGroup", }, - "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb": { - "DeletionPolicy": "Delete", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName", - }, - ], - ], - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~\`#$&*()|[]{}:;<>?!'/@"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{"username":"giant_master"}", - }, - "Name": "pfi-playground-postgres-TEST", - "Tags": [ - { - "Key": "devx-backup-enabled", - "Value": "true", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/giant", - }, - { - "Key": "Stack", - "Value": "pfi-playground", - }, - { - "Key": "Stage", - "Value": "TEST", - }, - ], - }, - "Type": "AWS::SecretsManager::Secret", - "UpdateReplacePolicy": "Delete", - }, "dbaccess7C99761D": { "Properties": { - "GroupDescription": "Giant/db-access", + "GroupDescription": "postgres/db-access", "Tags": [ { "Key": "gu:cdk:version", @@ -349,7 +302,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::EC2::SecurityGroup", }, - "dbaccesstoGiantDatabaseSecurityGroup645117305432BE54698B": { + "dbaccesstopostgresDatabaseSecurityGroup9DCCE86B543212E6302E": { "Properties": { "Description": "Allow DB access", "DestinationSecurityGroupId": { @@ -370,6 +323,53 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::EC2::SecurityGroupEgress", }, + "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb": { + "DeletionPolicy": "Delete", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName", + }, + ], + ], + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~\`#$&*()|[]{}:;<>?!'/@"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{"username":"giant_master"}", + }, + "Name": "pfi-playground-postgres-TEST", + "Tags": [ + { + "Key": "devx-backup-enabled", + "Value": "true", + }, + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/giant", + }, + { + "Key": "Stack", + "Value": "pfi-playground", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + }, + "Type": "AWS::SecretsManager::Secret", + "UpdateReplacePolicy": "Delete", + }, }, } `; diff --git a/infra/cdk/lib/postgres.test.ts b/infra/cdk/lib/postgres.test.ts new file mode 100644 index 00000000..5a4d1f1a --- /dev/null +++ b/infra/cdk/lib/postgres.test.ts @@ -0,0 +1,15 @@ +import { App } from 'aws-cdk-lib'; +import { Template } from 'aws-cdk-lib/assertions'; +import { Postgres } from './postgres'; + +describe("Giant's 'postgres' stack", () => { + it('matches the snapshot', () => { + const app = new App(); + const stack = new Postgres(app, 'postgres', { + stack: 'pfi-playground', + stage: 'TEST', + }); + const template = Template.fromStack(stack); + expect(template.toJSON()).toMatchSnapshot(); + }); +}); diff --git a/postgres/cdk/lib/giant.ts b/infra/cdk/lib/postgres.ts similarity index 87% rename from postgres/cdk/lib/giant.ts rename to infra/cdk/lib/postgres.ts index 6437250f..ba40ebb2 100644 --- a/postgres/cdk/lib/giant.ts +++ b/infra/cdk/lib/postgres.ts @@ -1,10 +1,8 @@ import type { GuStackProps } from '@guardian/cdk/lib/constructs/core'; -import { - GuStack, -} from '@guardian/cdk/lib/constructs/core'; +import { GuStack } from '@guardian/cdk/lib/constructs/core'; import { GuVpc, SubnetType } from '@guardian/cdk/lib/constructs/ec2/vpc'; import type { App } from 'aws-cdk-lib'; -import { CfnOutput, Duration, SecretValue, Tags } from 'aws-cdk-lib'; +import { CfnOutput, Duration, Tags } from 'aws-cdk-lib'; import { InstanceClass, InstanceSize, @@ -20,14 +18,11 @@ import { StorageType, } from 'aws-cdk-lib/aws-rds'; -export class Giant extends GuStack { +export class Postgres extends GuStack { constructor(scope: App, id: string, props: GuStackProps) { super(scope, id, props); - const vpc = GuVpc.fromIdParameter( - this, - 'GiantVPC', - ); + const vpc = GuVpc.fromIdParameter(this, 'GiantVPC'); const dbStorage = 20; @@ -50,9 +45,9 @@ export class Giant extends GuStack { }), }, engine: DatabaseInstanceEngine.postgres({ - version: PostgresEngineVersion.VER_15 + version: PostgresEngineVersion.VER_15, }), - allowMajorVersionUpgrade: true, + allowMajorVersionUpgrade: true, allocatedStorage: dbStorage, maxAllocatedStorage: dbStorage + 20, autoMinorVersionUpgrade: true, @@ -79,7 +74,7 @@ export class Giant extends GuStack { }); // Enable nightly backups (via https://github.com/guardian/aws-backup) - Tags.of(database).add("devx-backup-enabled", "true"); + Tags.of(database).add('devx-backup-enabled', 'true'); const dbAccessSecurityGroup = new SecurityGroup(this, 'db-access', { vpc: vpc, diff --git a/postgres/cdk/package-lock.json b/infra/cdk/package-lock.json similarity index 100% rename from postgres/cdk/package-lock.json rename to infra/cdk/package-lock.json diff --git a/postgres/cdk/package.json b/infra/cdk/package.json similarity index 100% rename from postgres/cdk/package.json rename to infra/cdk/package.json diff --git a/postgres/cdk/tsconfig.json b/infra/cdk/tsconfig.json similarity index 100% rename from postgres/cdk/tsconfig.json rename to infra/cdk/tsconfig.json diff --git a/postgres/migrate-db/.gitignore b/infra/migrate-db/.gitignore similarity index 100% rename from postgres/migrate-db/.gitignore rename to infra/migrate-db/.gitignore diff --git a/postgres/migrate-db/.nvmrc b/infra/migrate-db/.nvmrc similarity index 100% rename from postgres/migrate-db/.nvmrc rename to infra/migrate-db/.nvmrc diff --git a/postgres/migrate-db/esbuild-runner.config.js b/infra/migrate-db/esbuild-runner.config.js similarity index 100% rename from postgres/migrate-db/esbuild-runner.config.js rename to infra/migrate-db/esbuild-runner.config.js diff --git a/postgres/migrate-db/package-lock.json b/infra/migrate-db/package-lock.json similarity index 100% rename from postgres/migrate-db/package-lock.json rename to infra/migrate-db/package-lock.json diff --git a/postgres/migrate-db/package.json b/infra/migrate-db/package.json similarity index 100% rename from postgres/migrate-db/package.json rename to infra/migrate-db/package.json diff --git a/postgres/migrate-db/src/index.ts b/infra/migrate-db/src/index.ts similarity index 100% rename from postgres/migrate-db/src/index.ts rename to infra/migrate-db/src/index.ts diff --git a/postgres/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql b/infra/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql similarity index 100% rename from postgres/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql rename to infra/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql diff --git a/postgres/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql b/infra/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql similarity index 100% rename from postgres/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql rename to infra/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql diff --git a/postgres/migrate-db/tsconfig.json b/infra/migrate-db/tsconfig.json similarity index 100% rename from postgres/migrate-db/tsconfig.json rename to infra/migrate-db/tsconfig.json diff --git a/postgres/cdk/bin/cdk.ts b/postgres/cdk/bin/cdk.ts deleted file mode 100644 index 8b689e0e..00000000 --- a/postgres/cdk/bin/cdk.ts +++ /dev/null @@ -1,15 +0,0 @@ -import 'source-map-support/register'; -import { App } from 'aws-cdk-lib'; -import { Giant } from '../lib/giant'; - -const app = new App(); -new Giant(app, 'pfi-giant-postgres-CODE', { - stack: 'pfi-giant', - stage: 'CODE', - app: 'postgres', -}); -new Giant(app, 'pfi-giant-postgres-PROD', { - stack: 'pfi-giant', - stage: 'PROD', - app: 'postgres', -}); \ No newline at end of file diff --git a/postgres/cdk/lib/giant.test.ts b/postgres/cdk/lib/giant.test.ts deleted file mode 100644 index 8f9e4a93..00000000 --- a/postgres/cdk/lib/giant.test.ts +++ /dev/null @@ -1,12 +0,0 @@ -import { App } from "aws-cdk-lib"; -import { Template } from "aws-cdk-lib/assertions"; -import { Giant } from "./giant"; - -describe("The Giant stack", () => { - it("matches the snapshot", () => { - const app = new App(); - const stack = new Giant(app, "Giant", { stack: "pfi-playground", stage: "TEST" }); - const template = Template.fromStack(stack); - expect(template.toJSON()).toMatchSnapshot(); - }); -});