New: [AEA-0000] - Create new exports for cdk migration (#2237)

## Summary

- Routine Change

### Details

- create new cdk stacks in preperation for migration
- create static exports in cdk stacks
- remove set_github_secrets as moved to repo_status repo

Author: anthony-nhs

.github/workflows/cdk_release_code.yml

@@ -21,9 +21,6 @@ on:
       CDK_APP_NAME:
         required: true
         type: string
-      DEPLOYMENT_ENVIRONMENT:
-        required: false
-        type: string
       AWS_REGION:
         required: false
         type: string
@@ -46,7 +43,7 @@ jobs:
       run:
         shell: bash
     name: "Deploy cdk app ${{ inputs.CDK_APP_NAME }} stack ${{ inputs.DEPLOYED_STACK_NAME }}"
-    environment: ${{ fromJSON(inputs.DEPLOYMENT_ENVIRONMENT != '' && format('"{0}"', inputs.DEPLOYMENT_ENVIRONMENT) || 'null') }}
+    environment: ${{ inputs.TARGET_ENVIRONMENT }}
     permissions:
       id-token: write
       contents: write

.github/workflows/release_all_stacks.yml

@@ -138,15 +138,32 @@ jobs:
       cf_create_changeset_role: ${{ secrets.cf_create_changeset_role }}
       cf_deploy_role: ${{ secrets.cf_deploy_role }}
 
-  cdk_diff_monitoring:
+  cdk_diff_iam:
     uses: ./.github/workflows/cdk_diff_code.yml
     permissions:
       id-token: write
       contents: write
     with:
-      CDK_RESOURCE_STACK_NAME: Monitoring
-      DEPLOYED_STACK_NAME: monitoring
-      TARGET_ENVIRONMENT: ${{inputs.target_environment}}-account
+      CDK_RESOURCE_STACK_NAME: IAM
+      DEPLOYED_STACK_NAME: iam-cdk
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
+      VERSION: ${{ inputs.version }}
+      COMMIT_ID: ${{ inputs.commit_id }}
+      CDK_APP_NAME: AccountResources
+      IS_PULL_REQUEST: ${{ inputs.is_pull_request }}
+      pinned_image: ${{ inputs.pinned_image }}
+    secrets:
+      CLOUD_FORMATION_DIFF_ROLE: ${{ secrets.cf_create_changeset_role }} # use create changeset role as we are just doing a diff
+
+  cdk_diff_secrets:
+    uses: ./.github/workflows/cdk_diff_code.yml
+    permissions:
+      id-token: write
+      contents: write
+    with:
+      CDK_RESOURCE_STACK_NAME: Secrets
+      DEPLOYED_STACK_NAME: secrets-cdk
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
       VERSION: ${{ inputs.version }}
       COMMIT_ID: ${{ inputs.commit_id }}
       CDK_APP_NAME: AccountResources
@@ -163,7 +180,7 @@ jobs:
     with:
       CDK_RESOURCE_STACK_NAME: AccountResources_US
       DEPLOYED_STACK_NAME: account-resources-cdk-us
-      TARGET_ENVIRONMENT: ${{inputs.target_environment}}-account
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
       VERSION: ${{ inputs.version }}
       COMMIT_ID: ${{ inputs.commit_id }}
       CDK_APP_NAME: AccountResources
@@ -182,7 +199,7 @@ jobs:
     with:
       CDK_RESOURCE_STACK_NAME: AccountResources_UK
       DEPLOYED_STACK_NAME: account-resources-cdk-uk
-      TARGET_ENVIRONMENT: ${{inputs.target_environment}}-account
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
       VERSION: ${{ inputs.version }}
       COMMIT_ID: ${{ inputs.commit_id }}
       CDK_APP_NAME: AccountResources
@@ -192,21 +209,39 @@ jobs:
     secrets:
       CLOUD_FORMATION_DIFF_ROLE: ${{ secrets.cf_create_changeset_role }} # use create changeset role as we are just doing a diff
 
-  cdk_deploy_monitoring:
+  cdk_deploy_iam:
+    uses: ./.github/workflows/cdk_release_code.yml
+    if: ${{ inputs.execute_change_set == true }}
+    needs: [cdk_diff_iam, cdk_diff_secrets, cdk_diff_account_resources_US, cdk_diff_account_resources_UK]
+    permissions:
+      id-token: write
+      contents: write
+    with:
+      CDK_RESOURCE_STACK_NAME: IAM
+      DEPLOYED_STACK_NAME: iam-cdk
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
+      VERSION: ${{ inputs.version }}
+      COMMIT_ID: ${{ inputs.commit_id }}
+      CDK_APP_NAME: AccountResources
+      AWS_REGION: eu-west-2
+      pinned_image: ${{ inputs.pinned_image }}
+    secrets:
+      CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.cf_deploy_role }}
+
+  cdk_deploy_secrets:
     uses: ./.github/workflows/cdk_release_code.yml
     if: ${{ inputs.execute_change_set == true }}
-    needs: cdk_diff_monitoring
+    needs: cdk_deploy_iam
     permissions:
       id-token: write
       contents: write
     with:
-      CDK_RESOURCE_STACK_NAME: Monitoring
-      DEPLOYED_STACK_NAME: monitoring
-      TARGET_ENVIRONMENT: ${{inputs.target_environment}}-account
+      CDK_RESOURCE_STACK_NAME: Secrets
+      DEPLOYED_STACK_NAME: secrets-cdk
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
       VERSION: ${{ inputs.version }}
       COMMIT_ID: ${{ inputs.commit_id }}
       CDK_APP_NAME: AccountResources
-      DEPLOYMENT_ENVIRONMENT: ${{ inputs.target_environment }}-account
       AWS_REGION: eu-west-2
       pinned_image: ${{ inputs.pinned_image }}
     secrets:
@@ -215,18 +250,17 @@ jobs:
   cdk_deploy_account_resources_US:
     uses: ./.github/workflows/cdk_release_code.yml
     if: ${{ inputs.execute_change_set == true }}
-    needs: cdk_diff_account_resources_US
+    needs: cdk_deploy_secrets
     permissions:
       id-token: write
       contents: write
     with:
       CDK_RESOURCE_STACK_NAME: AccountResources_US
       DEPLOYED_STACK_NAME: account-resources-cdk-us
-      TARGET_ENVIRONMENT: ${{inputs.target_environment}}-account
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
       VERSION: ${{ inputs.version }}
       COMMIT_ID: ${{ inputs.commit_id }}
       CDK_APP_NAME: AccountResources
-      DEPLOYMENT_ENVIRONMENT: ${{ inputs.target_environment }}-account
       AWS_REGION: us-east-1
       pinned_image: ${{ inputs.pinned_image }}
     secrets:
@@ -235,18 +269,17 @@ jobs:
   cdk_deploy_account_resources_UK:
     uses: ./.github/workflows/cdk_release_code.yml
     if: ${{ inputs.execute_change_set == true }}
-    needs: cdk_diff_account_resources_UK
+    needs: cdk_deploy_secrets
     permissions:
       id-token: write
       contents: write
     with:
       CDK_RESOURCE_STACK_NAME: AccountResources_UK
       DEPLOYED_STACK_NAME: account-resources-cdk-uk
-      TARGET_ENVIRONMENT: ${{inputs.target_environment}}-account
+      TARGET_ENVIRONMENT: ${{inputs.target_environment}}
       VERSION: ${{ inputs.version }}
       COMMIT_ID: ${{ inputs.commit_id }}
       CDK_APP_NAME: AccountResources
-      DEPLOYMENT_ENVIRONMENT: ${{ inputs.target_environment }}-account
       AWS_REGION: eu-west-2
       pinned_image: ${{ inputs.pinned_image }}
     secrets:

.trivyignore.yaml

@@ -107,9 +107,7 @@
       "package-lock.json",
       "node_modules",
       ".vscode"
-    ],
-    "eslint.useFlatConfig": true,
-    "eslint.format.enable": true
+    ]
   },
   "extensions": {
     "recommendations": [

.vscode/account-resources.code-workspace

@@ -156,6 +156,20 @@ cdk-synth:
 	CDK_CONFIG_lambdaConcurrencyThreshold=900 \
 	CDK_CONFIG_lambdaConcurrencyWarningThreshold=700 \
 	CDK_CONFIG_enableAlerts=false \
+	CDK_CONFIG_lambdaInsightsLogGroupName=foo_bar \
+	CDK_CONFIG_splunkHECEndpoint=https://example.com:8088/services/collector/event \
+	CDK_CONFIG_hecToken=example-token \
+	CDK_CONFIG_deploySubjectClaimFilters=foo,bar,baz \
+	CDK_CONFIG_checkVersionSubjectClaimFilters=foo,bar,baz \
+	CDK_CONFIG_prepareChangesetClaimFilters=foo,bar,baz \
+	CDK_CONFIG_releaseNotesExecuteLambdaClaimFilters=foo,bar,baz \
+	CDK_CONFIG_artilleryLoadTestRoleClaimFilters=foo,bar,baz \
+	CDK_CONFIG_proxygenPTLClaimFilters=foo,bar,baz \
+	CDK_CONFIG_proxygenProdClaimFilters=foo,bar,baz \
+	CDK_CONFIG_CDKPullImageClaimFilters=foo,bar,baz \
+	CDK_CONFIG_CDKPushImageClaimFilters=foo,bar,baz \
+	CDK_CONFIG_assistMeRegressionTestClaimFilters=foo,bar,baz \
+	CDK_CONFIG_assistMeDocumentSyncClaimFilters=foo,bar,baz \
 	npm run cdk-synth --workspace packages/cdk/
 
 compile: