rename postgres directory to infra in anticipation of defining neo4j there too

.github/workflows/postgres-build.yml → .github/workflows/infra-build.yml

@@ -1,11 +1,11 @@
-name: postgres-build
+name: infra-build
 
 on:
   workflow_dispatch:
   push:
     paths:
-      - "postgres/**"
-      - ".github/workflows/postgres*"
+      - "../../infra/**"
+      - ".github/workflows/infra*"
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -19,7 +19,7 @@ jobs:
       pull-requests: write
     defaults:
       run:
-        working-directory: ./postgres/cdk
+        working-directory: ./infra/cdk
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
@@ -28,13 +28,16 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version-file: './postgres/cdk/.nvmrc'
+          node-version-file: './infra/cdk/.nvmrc'
           cache: npm
-          cache-dependency-path: ./postgres/cdk/package-lock.json
+          cache-dependency-path: ./infra/cdk/package-lock.json
 
       - name: cdk synth
         run: |
           npm ci
+          npm run lint
+          npm run test
+          npm run format -- --check
           npm run synth
 
       - uses: guardian/actions-riff-raff@v4
@@ -44,8 +47,8 @@ jobs:
           app: postgres
           contentDirectories: |
             cloudformation:
-              - ./postgres/cdk/cdk.out/pfi-giant-postgres-CODE.template.json
-              - ./postgres/cdk/cdk.out/pfi-giant-postgres-PROD.template.json
+              - ./infra/cdk/cdk.out/pfi-giant-postgres-CODE.template.json
+              - ./infra/cdk/cdk.out/pfi-giant-postgres-PROD.template.json
           config: |
             stacks:
               - pfi-giant
@@ -57,7 +60,6 @@ jobs:
             deployments:
               cloudformation:
                 type: cloud-formation
-                app: postgres
                 parameters:
                   templateStagePaths:
                     CODE: pfi-giant-postgres-CODE.template.json

infra/cdk/bin/cdk.ts

@@ -0,0 +1,18 @@
+import 'source-map-support/register';
+import { App } from 'aws-cdk-lib';
+import { Postgres } from '../lib/postgres';
+
+const app = new App();
+
+const stack = 'pfi-giant';
+
+new Postgres(app, 'pfi-giant-postgres-CODE', {
+	stack,
+	stage: 'CODE',
+	app: 'postgres',
+});
+new Postgres(app, 'pfi-giant-postgres-PROD', {
+	stack,
+	stage: 'PROD',
+	app: 'postgres',
+});

postgres/cdk/lib/__snapshots__/giant.test.ts.snap → infra/cdk/lib/__snapshots__/postgres.test.ts.snap

@@ -1,6 +1,6 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`The Giant stack matches the snapshot 1`] = `
+exports[`Giant's 'postgres' stack matches the snapshot 1`] = `
 {
   "Metadata": {
     "gu:cdk:constructs": [
@@ -70,7 +70,7 @@ exports[`The Giant stack matches the snapshot 1`] = `
             [
               "{{resolve:secretsmanager:",
               {
-                "Ref": "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb",
+                "Ref": "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb",
               },
               ":SecretString:password::}}",
             ],
@@ -180,7 +180,7 @@ exports[`The Giant stack matches the snapshot 1`] = `
     "DatabaseSecretAttachmentE5D1B020": {
       "Properties": {
         "SecretId": {
-          "Ref": "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb",
+          "Ref": "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb",
         },
         "TargetId": {
           "Ref": "DatabaseB269D8BB",
@@ -191,7 +191,7 @@ exports[`The Giant stack matches the snapshot 1`] = `
     },
     "DatabaseSecurityGroup7319C0F6": {
       "Properties": {
-        "GroupDescription": "Giant/DatabaseSecurityGroup",
+        "GroupDescription": "postgres/DatabaseSecurityGroup",
         "SecurityGroupEgress": [
           {
             "CidrIp": "0.0.0.0/0",
@@ -223,9 +223,9 @@ exports[`The Giant stack matches the snapshot 1`] = `
       },
       "Type": "AWS::EC2::SecurityGroup",
     },
-    "DatabaseSecurityGroupfromGiantdbaccess9A17AB315432E7A0126D": {
+    "DatabaseSecurityGroupfrompostgresdbaccessDB6F60745432B2BFF6F2": {
       "Properties": {
-        "Description": "from Giantdbaccess9A17AB31:5432",
+        "Description": "from postgresdbaccessDB6F6074:5432",
         "FromPort": 5432,
         "GroupId": {
           "Fn::GetAtt": [
@@ -275,56 +275,9 @@ exports[`The Giant stack matches the snapshot 1`] = `
       },
       "Type": "AWS::RDS::DBSubnetGroup",
     },
-    "GiantDatabaseSecret51D228833fdaad7efa858a3daf9490cf0a702aeb": {
-      "DeletionPolicy": "Delete",
-      "Properties": {
-        "Description": {
-          "Fn::Join": [
-            "",
-            [
-              "Generated by the CDK for stack: ",
-              {
-                "Ref": "AWS::StackName",
-              },
-            ],
-          ],
-        },
-        "GenerateSecretString": {
-          "ExcludeCharacters": " %+~\`#$&*()|[]{}:;<>?!'/@"\\",
-          "GenerateStringKey": "password",
-          "PasswordLength": 30,
-          "SecretStringTemplate": "{"username":"giant_master"}",
-        },
-        "Name": "pfi-playground-postgres-TEST",
-        "Tags": [
-          {
-            "Key": "devx-backup-enabled",
-            "Value": "true",
-          },
-          {
-            "Key": "gu:cdk:version",
-            "Value": "TEST",
-          },
-          {
-            "Key": "gu:repo",
-            "Value": "guardian/giant",
-          },
-          {
-            "Key": "Stack",
-            "Value": "pfi-playground",
-          },
-          {
-            "Key": "Stage",
-            "Value": "TEST",
-          },
-        ],
-      },
-      "Type": "AWS::SecretsManager::Secret",
-      "UpdateReplacePolicy": "Delete",
-    },
     "dbaccess7C99761D": {
       "Properties": {
-        "GroupDescription": "Giant/db-access",
+        "GroupDescription": "postgres/db-access",
         "Tags": [
           {
             "Key": "gu:cdk:version",
@@ -349,7 +302,7 @@ exports[`The Giant stack matches the snapshot 1`] = `
       },
       "Type": "AWS::EC2::SecurityGroup",
     },
-    "dbaccesstoGiantDatabaseSecurityGroup645117305432BE54698B": {
+    "dbaccesstopostgresDatabaseSecurityGroup9DCCE86B543212E6302E": {
       "Properties": {
         "Description": "Allow DB access",
         "DestinationSecurityGroupId": {
@@ -370,6 +323,53 @@ exports[`The Giant stack matches the snapshot 1`] = `
       },
       "Type": "AWS::EC2::SecurityGroupEgress",
     },
+    "postgresDatabaseSecretCA51D0AC3fdaad7efa858a3daf9490cf0a702aeb": {
+      "DeletionPolicy": "Delete",
+      "Properties": {
+        "Description": {
+          "Fn::Join": [
+            "",
+            [
+              "Generated by the CDK for stack: ",
+              {
+                "Ref": "AWS::StackName",
+              },
+            ],
+          ],
+        },
+        "GenerateSecretString": {
+          "ExcludeCharacters": " %+~\`#$&*()|[]{}:;<>?!'/@"\\",
+          "GenerateStringKey": "password",
+          "PasswordLength": 30,
+          "SecretStringTemplate": "{"username":"giant_master"}",
+        },
+        "Name": "pfi-playground-postgres-TEST",
+        "Tags": [
+          {
+            "Key": "devx-backup-enabled",
+            "Value": "true",
+          },
+          {
+            "Key": "gu:cdk:version",
+            "Value": "TEST",
+          },
+          {
+            "Key": "gu:repo",
+            "Value": "guardian/giant",
+          },
+          {
+            "Key": "Stack",
+            "Value": "pfi-playground",
+          },
+          {
+            "Key": "Stage",
+            "Value": "TEST",
+          },
+        ],
+      },
+      "Type": "AWS::SecretsManager::Secret",
+      "UpdateReplacePolicy": "Delete",
+    },
   },
 }
 `;

infra/cdk/lib/postgres.test.ts

@@ -0,0 +1,15 @@
+import { App } from 'aws-cdk-lib';
+import { Template } from 'aws-cdk-lib/assertions';
+import { Postgres } from './postgres';
+
+describe("Giant's 'postgres' stack", () => {
+	it('matches the snapshot', () => {
+		const app = new App();
+		const stack = new Postgres(app, 'postgres', {
+			stack: 'pfi-playground',
+			stage: 'TEST',
+		});
+		const template = Template.fromStack(stack);
+		expect(template.toJSON()).toMatchSnapshot();
+	});
+});

postgres/cdk/lib/giant.ts → infra/cdk/lib/postgres.ts

@@ -1,10 +1,8 @@
 import type { GuStackProps } from '@guardian/cdk/lib/constructs/core';
-import {
-	GuStack,
-} from '@guardian/cdk/lib/constructs/core';
+import { GuStack } from '@guardian/cdk/lib/constructs/core';
 import { GuVpc, SubnetType } from '@guardian/cdk/lib/constructs/ec2/vpc';
 import type { App } from 'aws-cdk-lib';
-import { CfnOutput, Duration, SecretValue, Tags } from 'aws-cdk-lib';
+import { CfnOutput, Duration, Tags } from 'aws-cdk-lib';
 import {
 	InstanceClass,
 	InstanceSize,
@@ -20,14 +18,11 @@ import {
 	StorageType,
 } from 'aws-cdk-lib/aws-rds';
 
-export class Giant extends GuStack {
+export class Postgres extends GuStack {
 	constructor(scope: App, id: string, props: GuStackProps) {
 		super(scope, id, props);
 
-		const vpc = GuVpc.fromIdParameter(
-			this,
-			'GiantVPC',
-		);
+		const vpc = GuVpc.fromIdParameter(this, 'GiantVPC');
 
 		const dbStorage = 20;
 
@@ -50,9 +45,9 @@ export class Giant extends GuStack {
 				}),
 			},
 			engine: DatabaseInstanceEngine.postgres({
-				version: PostgresEngineVersion.VER_15
+				version: PostgresEngineVersion.VER_15,
 			}),
-            allowMajorVersionUpgrade: true,
+			allowMajorVersionUpgrade: true,
 			allocatedStorage: dbStorage,
 			maxAllocatedStorage: dbStorage + 20,
 			autoMinorVersionUpgrade: true,
@@ -79,7 +74,7 @@ export class Giant extends GuStack {
 		});
 
 		// Enable nightly backups (via https://github.com/guardian/aws-backup)
-		Tags.of(database).add("devx-backup-enabled", "true");
+		Tags.of(database).add('devx-backup-enabled', 'true');
 
 		const dbAccessSecurityGroup = new SecurityGroup(this, 'db-access', {
 			vpc: vpc,