├── .dockerignore ├── entrypoint.sh ├── action.yml ├── THIRD_PARTY_NOTICE.md ├── .github ├── dependabot.yml └── workflows │ └── main.yml ├── LICENSE ├── Dockerfile └── README.md /.dockerignore: -------------------------------------------------------------------------------- 1 | # ignore all files by default 2 | * 3 | # include required files with an exception 4 | !entrypoint.sh 5 | !LICENSE 6 | !README.md 7 | !THIRD_PARTY_NOTICE.md 8 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | if [ -f "requirements.txt" ]; then 6 | pip3 install -r requirements.txt 7 | fi 8 | 9 | git config --global --add safe.directory /github/workspace 10 | sh -c "cdk $*" 11 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: 'aws-cdk-action' 3 | author: 'Scott Brenner ' 4 | description: 'GitHub Action for AWS CDK' 5 | runs: 6 | using: 'docker' 7 | image: 'Dockerfile' 8 | branding: 9 | icon: 'box' 10 | color: 'yellow' 11 | -------------------------------------------------------------------------------- /THIRD_PARTY_NOTICE.md: -------------------------------------------------------------------------------- 1 | # Third Party Notices and Information 2 | 3 | Container images built with this project include third party materials. 4 | 5 | Notwithstanding any other terms, you may reverse engineer this software to the extent required to debug changes to any libraries licensed under the GNU Lesser General Public License for your own use. 6 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Basic dependabot.yml file with 3 | # minimum configuration for two package managers 4 | 5 | version: 2 6 | updates: 7 | # Enable version updates for GitHub Actions 8 | - package-ecosystem: "github-actions" 9 | # Look for GitHub Actions workflows in the `root` directory 10 | directory: "/" 11 | # Check the for updates once a week 12 | schedule: 13 | interval: "weekly" 14 | 15 | # Enable version updates for Docker 16 | - package-ecosystem: "docker" 17 | # Look for a `Dockerfile` in the `root` directory 18 | directory: "/" 19 | # Check for updates once a week 20 | schedule: 21 | interval: "weekly" 22 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Scott Brenner 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.23.2 2 | 3 | LABEL name="aws-cdk-action" 4 | LABEL repository="https://github.com/ScottBrenner/aws-cdk-action" 5 | LABEL homepage="https://github.com/ScottBrenner/aws-cdk-action" 6 | LABEL org.opencontainers.image.source="https://github.com/ScottBrenner/aws-cdk-action" 7 | 8 | LABEL "com.github.actions.name"="aws-cdk-action" 9 | LABEL "com.github.actions.description"="GitHub Action for AWS CDK" 10 | LABEL "com.github.actions.icon"="box" 11 | LABEL "com.github.actions.color"="yellow" 12 | LABEL "maintainer"="Scott Brenner " 13 | 14 | # Install dependencies 15 | RUN apk --no-cache add \ 16 | nodejs \ 17 | npm \ 18 | python3 \ 19 | py3-pip \ 20 | git \ 21 | make \ 22 | musl-dev \ 23 | go \ 24 | bash \ 25 | docker 26 | 27 | # Install AWS CDK and Python CDK library 28 | RUN npm install -g aws-cdk 29 | RUN pip3 install aws-cdk-lib --break-system-packages 30 | 31 | # Configure Go environment 32 | ENV GOROOT /usr/lib/go 33 | ENV GOPATH /go 34 | ENV PATH /go/bin:$PATH 35 | 36 | # Create necessary directories for Go 37 | RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin 38 | 39 | # Copy entrypoint script and set execute permissions 40 | COPY entrypoint.sh /entrypoint.sh 41 | RUN chmod +x /entrypoint.sh 42 | 43 | # Set entrypoint and default command 44 | ENTRYPOINT ["/entrypoint.sh"] 45 | CMD ["--help"] 46 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GitHub Action for AWS CDK 2 | 3 | This Action for [AWS CDK](https://docs.aws.amazon.com/cdk/index.html) enables arbitrary actions for interacting with the AWS Cloud Development Kit (AWS CDK) via the [AWS CDK Toolkit (`cdk` command)](https://docs.aws.amazon.com/cdk/v2/guide/cli.html). 4 | 5 | _Currently supports CDK apps created with JavaScript, Go, Python and TypeScript._ 6 | 7 | ## Usage 8 | 9 | An example workflow for synthesizing an AWS CloudFormation template for your app using `cdk synth`. 10 | 11 | ```yaml 12 | name: AWS CDK Synth 13 | 14 | on: [push] 15 | 16 | jobs: 17 | aws-cdk-synth: 18 | 19 | runs-on: ubuntu-latest 20 | 21 | steps: 22 | - name: Checkout 23 | uses: actions/checkout@v4 24 | 25 | - name: CDK Synth 26 | uses: scottbrenner/aws-cdk-action@v1.6.0 27 | with: 28 | args: synth 29 | env: 30 | AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} 31 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 32 | ``` 33 | 34 | ### Secrets 35 | 36 | - `AWS_ACCESS_KEY_ID` – **Required** The AWS access key part of your credentials ([more info](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)) 37 | - `AWS_SECRET_ACCESS_KEY` – **Required** The AWS secret access key part of your credentials ([more info](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)) 38 | 39 | For details on creating secrets and using them with GitHub Actions, see [Creating encrypted secrets for a repository](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository). 40 | 41 | ### Environment 42 | 43 | Each Stack instance in your AWS CDK app is explicitly or implicitly associated with an environment (`env`). An environment is the target AWS account and AWS Region into which this stack needs to be deployed. 44 | 45 | See [the CDK developer guide](https://docs.aws.amazon.com/cdk/latest/guide/environments.html) for more information. 46 | 47 | ## License 48 | 49 | The Dockerfile and associated scripts and documentation in this project are released under the [MIT License](LICENSE). 50 | 51 | Container images built with this project include third party materials. See [THIRD_PARTY_NOTICE.md](THIRD_PARTY_NOTICE.md) for details. 52 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: CI 3 | 4 | on: 5 | push: 6 | branches: 7 | - master # Push events on master branch 8 | pull_request: # Run tests for any PRs 9 | 10 | env: 11 | REGISTRY: ghcr.io 12 | IMAGE_NAME: ${{ github.repository }} 13 | 14 | jobs: 15 | # Run tests. 16 | test: 17 | runs-on: ubuntu-latest 18 | permissions: 19 | contents: read 20 | 21 | steps: 22 | - uses: actions/checkout@v6 23 | 24 | - name: Docker build 25 | run: docker build . --file Dockerfile --tag image 26 | 27 | - name: Docker run 28 | run: docker run --entrypoint cdk image --version 29 | 30 | # Push image to GitHub Packages. 31 | push: 32 | # Ensure test job passes before pushing image. 33 | needs: test 34 | 35 | runs-on: ubuntu-latest 36 | permissions: 37 | contents: read 38 | packages: write 39 | # This is used to complete the identity challenge 40 | # with sigstore/fulcio when running outside of PRs. 41 | id-token: write 42 | if: github.event_name == 'push' 43 | 44 | steps: 45 | - name: Checkout repository 46 | uses: actions/checkout@v6 47 | 48 | # Set up BuildKit Docker container builder to be able to build 49 | # multi-platform images and export cache 50 | # https://github.com/docker/setup-buildx-action 51 | - name: Set up Docker Buildx 52 | uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 53 | 54 | # Login against a Docker registry 55 | # https://github.com/docker/login-action 56 | - name: Log into registry ${{ env.REGISTRY }} 57 | uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 58 | with: 59 | registry: ${{ env.REGISTRY }} 60 | username: ${{ github.actor }} 61 | password: ${{ secrets.GITHUB_TOKEN }} 62 | 63 | # Extract metadata (tags, labels) for Docker 64 | # https://github.com/docker/metadata-action 65 | - name: Extract Docker metadata 66 | id: meta 67 | uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 68 | with: 69 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 70 | 71 | # Build and push Docker image with Buildx 72 | # https://github.com/docker/build-push-action 73 | - name: Build and push Docker image 74 | id: build-and-push 75 | uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 76 | with: 77 | context: . 78 | push: true 79 | tags: ${{ steps.meta.outputs.tags }} 80 | labels: ${{ steps.meta.outputs.labels }} 81 | cache-from: type=gha 82 | cache-to: type=gha,mode=max 83 | --------------------------------------------------------------------------------