From 204c15e9e02c581c93470a8dbe80a541ce64effd Mon Sep 17 00:00:00 2001 From: Tom Richards Date: Tue, 10 Mar 2026 09:47:16 +0000 Subject: [PATCH 1/3] rename `postgres` directory to `infra` in anticipation of defining `neo4j` there too (and hopefully everything one day) --- .../{postgres-build.yml => infra-build.yml} | 18 +++++++++--------- {postgres => infra}/.tool-versions | 0 {postgres => infra}/cdk/.gitignore | 0 {postgres => infra}/cdk/.nvmrc | 0 {postgres => infra}/cdk/README.md | 0 {postgres => infra}/cdk/bin/cdk.ts | 0 {postgres => infra}/cdk/cdk.json | 0 {postgres => infra}/cdk/jest.setup.js | 0 .../cdk/lib/__snapshots__/giant.test.ts.snap | 0 {postgres => infra}/cdk/lib/giant.test.ts | 0 {postgres => infra}/cdk/lib/giant.ts | 0 {postgres => infra}/cdk/package-lock.json | 0 {postgres => infra}/cdk/package.json | 0 {postgres => infra}/cdk/tsconfig.json | 0 {postgres => infra}/migrate-db/.gitignore | 0 {postgres => infra}/migrate-db/.nvmrc | 0 .../migrate-db/esbuild-runner.config.js | 0 .../migrate-db/package-lock.json | 0 {postgres => infra}/migrate-db/package.json | 0 {postgres => infra}/migrate-db/src/index.ts | 0 .../001.do.create_table_ingestion_events.sql | 0 .../001.undo.create_table_ingestion_events.sql | 0 {postgres => infra}/migrate-db/tsconfig.json | 0 23 files changed, 9 insertions(+), 9 deletions(-) rename .github/workflows/{postgres-build.yml => infra-build.yml} (77%) rename {postgres => infra}/.tool-versions (100%) rename {postgres => infra}/cdk/.gitignore (100%) rename {postgres => infra}/cdk/.nvmrc (100%) rename {postgres => infra}/cdk/README.md (100%) rename {postgres => infra}/cdk/bin/cdk.ts (100%) rename {postgres => infra}/cdk/cdk.json (100%) rename {postgres => infra}/cdk/jest.setup.js (100%) rename {postgres => infra}/cdk/lib/__snapshots__/giant.test.ts.snap (100%) rename {postgres => infra}/cdk/lib/giant.test.ts (100%) rename {postgres => infra}/cdk/lib/giant.ts (100%) rename {postgres => infra}/cdk/package-lock.json (100%) rename {postgres => infra}/cdk/package.json (100%) rename {postgres => infra}/cdk/tsconfig.json (100%) rename {postgres => infra}/migrate-db/.gitignore (100%) rename {postgres => infra}/migrate-db/.nvmrc (100%) rename {postgres => infra}/migrate-db/esbuild-runner.config.js (100%) rename {postgres => infra}/migrate-db/package-lock.json (100%) rename {postgres => infra}/migrate-db/package.json (100%) rename {postgres => infra}/migrate-db/src/index.ts (100%) rename {postgres => infra}/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql (100%) rename {postgres => infra}/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql (100%) rename {postgres => infra}/migrate-db/tsconfig.json (100%) diff --git a/.github/workflows/postgres-build.yml b/.github/workflows/infra-build.yml similarity index 77% rename from .github/workflows/postgres-build.yml rename to .github/workflows/infra-build.yml index fbb8bdfe..77e20ac1 100644 --- a/.github/workflows/postgres-build.yml +++ b/.github/workflows/infra-build.yml @@ -1,11 +1,11 @@ -name: postgres-build +name: infra-build on: workflow_dispatch: push: paths: - - "postgres/**" - - ".github/workflows/postgres*" + - "../../infra/**" + - ".github/workflows/infra*" # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -19,7 +19,7 @@ jobs: pull-requests: write defaults: run: - working-directory: ./postgres/cdk + working-directory: ./infra/cdk # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -28,9 +28,9 @@ jobs: - uses: actions/setup-node@v3 with: - node-version-file: './postgres/cdk/.nvmrc' + node-version-file: './infra/cdk/.nvmrc' cache: npm - cache-dependency-path: ./postgres/cdk/package-lock.json + cache-dependency-path: ./infra/cdk/package-lock.json - name: cdk synth run: | @@ -44,8 +44,8 @@ jobs: app: postgres contentDirectories: | cloudformation: - - ./postgres/cdk/cdk.out/pfi-giant-postgres-CODE.template.json - - ./postgres/cdk/cdk.out/pfi-giant-postgres-PROD.template.json + - ./infra/cdk/cdk.out/pfi-giant-postgres-CODE.template.json + - ./infra/cdk/cdk.out/pfi-giant-postgres-PROD.template.json config: | stacks: - pfi-giant @@ -55,7 +55,7 @@ jobs: - CODE - PROD deployments: - cloudformation: + cloudformation-postgres: type: cloud-formation app: postgres parameters: diff --git a/postgres/.tool-versions b/infra/.tool-versions similarity index 100% rename from postgres/.tool-versions rename to infra/.tool-versions diff --git a/postgres/cdk/.gitignore b/infra/cdk/.gitignore similarity index 100% rename from postgres/cdk/.gitignore rename to infra/cdk/.gitignore diff --git a/postgres/cdk/.nvmrc b/infra/cdk/.nvmrc similarity index 100% rename from postgres/cdk/.nvmrc rename to infra/cdk/.nvmrc diff --git a/postgres/cdk/README.md b/infra/cdk/README.md similarity index 100% rename from postgres/cdk/README.md rename to infra/cdk/README.md diff --git a/postgres/cdk/bin/cdk.ts b/infra/cdk/bin/cdk.ts similarity index 100% rename from postgres/cdk/bin/cdk.ts rename to infra/cdk/bin/cdk.ts diff --git a/postgres/cdk/cdk.json b/infra/cdk/cdk.json similarity index 100% rename from postgres/cdk/cdk.json rename to infra/cdk/cdk.json diff --git a/postgres/cdk/jest.setup.js b/infra/cdk/jest.setup.js similarity index 100% rename from postgres/cdk/jest.setup.js rename to infra/cdk/jest.setup.js diff --git a/postgres/cdk/lib/__snapshots__/giant.test.ts.snap b/infra/cdk/lib/__snapshots__/giant.test.ts.snap similarity index 100% rename from postgres/cdk/lib/__snapshots__/giant.test.ts.snap rename to infra/cdk/lib/__snapshots__/giant.test.ts.snap diff --git a/postgres/cdk/lib/giant.test.ts b/infra/cdk/lib/giant.test.ts similarity index 100% rename from postgres/cdk/lib/giant.test.ts rename to infra/cdk/lib/giant.test.ts diff --git a/postgres/cdk/lib/giant.ts b/infra/cdk/lib/giant.ts similarity index 100% rename from postgres/cdk/lib/giant.ts rename to infra/cdk/lib/giant.ts diff --git a/postgres/cdk/package-lock.json b/infra/cdk/package-lock.json similarity index 100% rename from postgres/cdk/package-lock.json rename to infra/cdk/package-lock.json diff --git a/postgres/cdk/package.json b/infra/cdk/package.json similarity index 100% rename from postgres/cdk/package.json rename to infra/cdk/package.json diff --git a/postgres/cdk/tsconfig.json b/infra/cdk/tsconfig.json similarity index 100% rename from postgres/cdk/tsconfig.json rename to infra/cdk/tsconfig.json diff --git a/postgres/migrate-db/.gitignore b/infra/migrate-db/.gitignore similarity index 100% rename from postgres/migrate-db/.gitignore rename to infra/migrate-db/.gitignore diff --git a/postgres/migrate-db/.nvmrc b/infra/migrate-db/.nvmrc similarity index 100% rename from postgres/migrate-db/.nvmrc rename to infra/migrate-db/.nvmrc diff --git a/postgres/migrate-db/esbuild-runner.config.js b/infra/migrate-db/esbuild-runner.config.js similarity index 100% rename from postgres/migrate-db/esbuild-runner.config.js rename to infra/migrate-db/esbuild-runner.config.js diff --git a/postgres/migrate-db/package-lock.json b/infra/migrate-db/package-lock.json similarity index 100% rename from postgres/migrate-db/package-lock.json rename to infra/migrate-db/package-lock.json diff --git a/postgres/migrate-db/package.json b/infra/migrate-db/package.json similarity index 100% rename from postgres/migrate-db/package.json rename to infra/migrate-db/package.json diff --git a/postgres/migrate-db/src/index.ts b/infra/migrate-db/src/index.ts similarity index 100% rename from postgres/migrate-db/src/index.ts rename to infra/migrate-db/src/index.ts diff --git a/postgres/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql b/infra/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql similarity index 100% rename from postgres/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql rename to infra/migrate-db/src/migrations/001.do.create_table_ingestion_events.sql diff --git a/postgres/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql b/infra/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql similarity index 100% rename from postgres/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql rename to infra/migrate-db/src/migrations/001.undo.create_table_ingestion_events.sql diff --git a/postgres/migrate-db/tsconfig.json b/infra/migrate-db/tsconfig.json similarity index 100% rename from postgres/migrate-db/tsconfig.json rename to infra/migrate-db/tsconfig.json From 1574876d123ad28024d271cb76b238904ab2bbb1 Mon Sep 17 00:00:00 2001 From: Tom Richards Date: Tue, 10 Mar 2026 11:09:59 +0000 Subject: [PATCH 2/3] [infra] further renaming since postgres has its own stack (one day, if there was a 'Giant' stack that had all the infra, following a CDK migration then we could combine postgres stack into that as standalone piece of consolidation work) --- .github/workflows/infra-build.yml | 3 +- infra/cdk/bin/cdk.ts | 15 ++- ...ant.test.ts.snap => postgres.test.ts.snap} | 110 +++++++++--------- .../lib/{giant.test.ts => postgres.test.ts} | 6 +- infra/cdk/lib/{giant.ts => postgres.ts} | 2 +- 5 files changed, 69 insertions(+), 67 deletions(-) rename infra/cdk/lib/__snapshots__/{giant.test.ts.snap => postgres.test.ts.snap} (93%) rename infra/cdk/lib/{giant.test.ts => postgres.test.ts} (59%) rename infra/cdk/lib/{giant.ts => postgres.ts} (98%) diff --git a/.github/workflows/infra-build.yml b/.github/workflows/infra-build.yml index 77e20ac1..e89efc2f 100644 --- a/.github/workflows/infra-build.yml +++ b/.github/workflows/infra-build.yml @@ -55,9 +55,8 @@ jobs: - CODE - PROD deployments: - cloudformation-postgres: + cloudformation: type: cloud-formation - app: postgres parameters: templateStagePaths: CODE: pfi-giant-postgres-CODE.template.json diff --git a/infra/cdk/bin/cdk.ts b/infra/cdk/bin/cdk.ts index 8b689e0e..f2348a95 100644 --- a/infra/cdk/bin/cdk.ts +++ b/infra/cdk/bin/cdk.ts @@ -1,15 +1,18 @@ import 'source-map-support/register'; import { App } from 'aws-cdk-lib'; -import { Giant } from '../lib/giant'; +import { Postgres } from '../lib/postgres'; const app = new App(); -new Giant(app, 'pfi-giant-postgres-CODE', { - stack: 'pfi-giant', + +const stack = "pfi-giant"; + +new Postgres(app, 'pfi-giant-postgres-CODE', { + stack, stage: 'CODE', app: 'postgres', }); -new Giant(app, 'pfi-giant-postgres-PROD', { - stack: 'pfi-giant', +new Postgres(app, 'pfi-giant-postgres-PROD', { + stack, stage: 'PROD', app: 'postgres', -}); \ No newline at end of file +}); diff --git a/infra/cdk/lib/__snapshots__/giant.test.ts.snap b/infra/cdk/lib/__snapshots__/postgres.test.ts.snap similarity index 93% rename from infra/cdk/lib/__snapshots__/giant.test.ts.snap rename to infra/cdk/lib/__snapshots__/postgres.test.ts.snap index 05cdeee9..011a3154 100644 --- a/infra/cdk/lib/__snapshots__/giant.test.ts.snap +++ b/infra/cdk/lib/__snapshots__/postgres.test.ts.snap @@ -1,6 +1,6 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`The Giant stack matches the snapshot 1`] = ` +exports[`Giant's 'postgres' stack matches the snapshot 1`] = ` { "Metadata": { "gu:cdk:constructs": [ @@ -70,7 +70,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` [ "{{resolve:secretsmanager:", { - "Ref": "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb", + "Ref": "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb", }, ":SecretString:password::}}", ], @@ -180,7 +180,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` "DatabaseSecretAttachmentE5D1B020": { "Properties": { "SecretId": { - "Ref": "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb", + "Ref": "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb", }, "TargetId": { "Ref": "DatabaseB269D8BB", @@ -191,7 +191,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "DatabaseSecurityGroup7319C0F6": { "Properties": { - "GroupDescription": "Giant/DatabaseSecurityGroup", + "GroupDescription": "postgres/DatabaseSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", @@ -223,9 +223,9 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::EC2::SecurityGroup", }, - "DatabaseSecurityGroupfromGiantdbaccess9A17AB315432E7A0126D": { + "DatabaseSecurityGroupfrompostgresdbaccessDB6F60745432B2BFF6F2": { "Properties": { - "Description": "from Giantdbaccess9A17AB31:5432", + "Description": "from postgresdbaccessDB6F6074:5432", "FromPort": 5432, "GroupId": { "Fn::GetAtt": [ @@ -275,56 +275,9 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::RDS::DBSubnetGroup", }, - "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb": { - "DeletionPolicy": "Delete", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName", - }, - ], - ], - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~\`#$&*()|[]{}:;<>?!'/@"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{"username":"giant_master"}", - }, - "Name": "pfi-playground-postgres-TEST", - "Tags": [ - { - "Key": "devx-backup-enabled", - "Value": "true", - }, - { - "Key": "gu:cdk:version", - "Value": "TEST", - }, - { - "Key": "gu:repo", - "Value": "guardian/giant", - }, - { - "Key": "Stack", - "Value": "pfi-playground", - }, - { - "Key": "Stage", - "Value": "TEST", - }, - ], - }, - "Type": "AWS::SecretsManager::Secret", - "UpdateReplacePolicy": "Delete", - }, "dbaccess7C99761D": { "Properties": { - "GroupDescription": "Giant/db-access", + "GroupDescription": "postgres/db-access", "Tags": [ { "Key": "gu:cdk:version", @@ -349,7 +302,7 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::EC2::SecurityGroup", }, - "dbaccesstoGiantDatabaseSecurityGroup645117305432BE54698B": { + "dbaccesstopostgresDatabaseSecurityGroup9DCCE86B543212E6302E": { "Properties": { "Description": "Allow DB access", "DestinationSecurityGroupId": { @@ -370,6 +323,53 @@ exports[`The Giant stack matches the snapshot 1`] = ` }, "Type": "AWS::EC2::SecurityGroupEgress", }, + "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb": { + "DeletionPolicy": "Delete", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName", + }, + ], + ], + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~\`#$&*()|[]{}:;<>?!'/@"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{"username":"giant_master"}", + }, + "Name": "pfi-playground-postgres-TEST", + "Tags": [ + { + "Key": "devx-backup-enabled", + "Value": "true", + }, + { + "Key": "gu:cdk:version", + "Value": "TEST", + }, + { + "Key": "gu:repo", + "Value": "guardian/giant", + }, + { + "Key": "Stack", + "Value": "pfi-playground", + }, + { + "Key": "Stage", + "Value": "TEST", + }, + ], + }, + "Type": "AWS::SecretsManager::Secret", + "UpdateReplacePolicy": "Delete", + }, }, } `; diff --git a/infra/cdk/lib/giant.test.ts b/infra/cdk/lib/postgres.test.ts similarity index 59% rename from infra/cdk/lib/giant.test.ts rename to infra/cdk/lib/postgres.test.ts index 8f9e4a93..fdb703a9 100644 --- a/infra/cdk/lib/giant.test.ts +++ b/infra/cdk/lib/postgres.test.ts @@ -1,11 +1,11 @@ import { App } from "aws-cdk-lib"; import { Template } from "aws-cdk-lib/assertions"; -import { Giant } from "./giant"; +import { Postgres } from "./postgres"; -describe("The Giant stack", () => { +describe("Giant's 'postgres' stack", () => { it("matches the snapshot", () => { const app = new App(); - const stack = new Giant(app, "Giant", { stack: "pfi-playground", stage: "TEST" }); + const stack = new Postgres(app, "postgres", { stack: "pfi-playground", stage: "TEST" }); const template = Template.fromStack(stack); expect(template.toJSON()).toMatchSnapshot(); }); diff --git a/infra/cdk/lib/giant.ts b/infra/cdk/lib/postgres.ts similarity index 98% rename from infra/cdk/lib/giant.ts rename to infra/cdk/lib/postgres.ts index 6437250f..1c8bf3a1 100644 --- a/infra/cdk/lib/giant.ts +++ b/infra/cdk/lib/postgres.ts @@ -20,7 +20,7 @@ import { StorageType, } from 'aws-cdk-lib/aws-rds'; -export class Giant extends GuStack { +export class Postgres extends GuStack { constructor(scope: App, id: string, props: GuStackProps) { super(scope, id, props); From 8ec84b1d760d9df88c5966ef4c37bb413b050a6b Mon Sep 17 00:00:00 2001 From: Tom Richards Date: Tue, 10 Mar 2026 11:34:34 +0000 Subject: [PATCH 3/3] [infra] add cdk `lint`, 'format checking' and `test` steps to `infra-build` CI job --- .github/workflows/infra-build.yml | 3 +++ infra/cdk/bin/cdk.ts | 2 +- infra/cdk/lib/postgres.test.ts | 21 ++++++++++++--------- infra/cdk/lib/postgres.ts | 17 ++++++----------- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/.github/workflows/infra-build.yml b/.github/workflows/infra-build.yml index e89efc2f..7f3f9a3f 100644 --- a/.github/workflows/infra-build.yml +++ b/.github/workflows/infra-build.yml @@ -35,6 +35,9 @@ jobs: - name: cdk synth run: | npm ci + npm run lint + npm run test + npm run format -- --check npm run synth - uses: guardian/actions-riff-raff@v4 diff --git a/infra/cdk/bin/cdk.ts b/infra/cdk/bin/cdk.ts index f2348a95..034357bc 100644 --- a/infra/cdk/bin/cdk.ts +++ b/infra/cdk/bin/cdk.ts @@ -4,7 +4,7 @@ import { Postgres } from '../lib/postgres'; const app = new App(); -const stack = "pfi-giant"; +const stack = 'pfi-giant'; new Postgres(app, 'pfi-giant-postgres-CODE', { stack, diff --git a/infra/cdk/lib/postgres.test.ts b/infra/cdk/lib/postgres.test.ts index fdb703a9..5a4d1f1a 100644 --- a/infra/cdk/lib/postgres.test.ts +++ b/infra/cdk/lib/postgres.test.ts @@ -1,12 +1,15 @@ -import { App } from "aws-cdk-lib"; -import { Template } from "aws-cdk-lib/assertions"; -import { Postgres } from "./postgres"; +import { App } from 'aws-cdk-lib'; +import { Template } from 'aws-cdk-lib/assertions'; +import { Postgres } from './postgres'; describe("Giant's 'postgres' stack", () => { - it("matches the snapshot", () => { - const app = new App(); - const stack = new Postgres(app, "postgres", { stack: "pfi-playground", stage: "TEST" }); - const template = Template.fromStack(stack); - expect(template.toJSON()).toMatchSnapshot(); - }); + it('matches the snapshot', () => { + const app = new App(); + const stack = new Postgres(app, 'postgres', { + stack: 'pfi-playground', + stage: 'TEST', + }); + const template = Template.fromStack(stack); + expect(template.toJSON()).toMatchSnapshot(); + }); }); diff --git a/infra/cdk/lib/postgres.ts b/infra/cdk/lib/postgres.ts index 1c8bf3a1..ba40ebb2 100644 --- a/infra/cdk/lib/postgres.ts +++ b/infra/cdk/lib/postgres.ts @@ -1,10 +1,8 @@ import type { GuStackProps } from '@guardian/cdk/lib/constructs/core'; -import { - GuStack, -} from '@guardian/cdk/lib/constructs/core'; +import { GuStack } from '@guardian/cdk/lib/constructs/core'; import { GuVpc, SubnetType } from '@guardian/cdk/lib/constructs/ec2/vpc'; import type { App } from 'aws-cdk-lib'; -import { CfnOutput, Duration, SecretValue, Tags } from 'aws-cdk-lib'; +import { CfnOutput, Duration, Tags } from 'aws-cdk-lib'; import { InstanceClass, InstanceSize, @@ -24,10 +22,7 @@ export class Postgres extends GuStack { constructor(scope: App, id: string, props: GuStackProps) { super(scope, id, props); - const vpc = GuVpc.fromIdParameter( - this, - 'GiantVPC', - ); + const vpc = GuVpc.fromIdParameter(this, 'GiantVPC'); const dbStorage = 20; @@ -50,9 +45,9 @@ export class Postgres extends GuStack { }), }, engine: DatabaseInstanceEngine.postgres({ - version: PostgresEngineVersion.VER_15 + version: PostgresEngineVersion.VER_15, }), - allowMajorVersionUpgrade: true, + allowMajorVersionUpgrade: true, allocatedStorage: dbStorage, maxAllocatedStorage: dbStorage + 20, autoMinorVersionUpgrade: true, @@ -79,7 +74,7 @@ export class Postgres extends GuStack { }); // Enable nightly backups (via https://github.com/guardian/aws-backup) - Tags.of(database).add("devx-backup-enabled", "true"); + Tags.of(database).add('devx-backup-enabled', 'true'); const dbAccessSecurityGroup = new SecurityGroup(this, 'db-access', { vpc: vpc,