Merge pull request #155 from co-cddo/fixmystreet-scenario

feat: Add FixMyStreet scenario

Author: chrisns

.github/workflows/deploy-blueprints.yml

@@ -11,6 +11,7 @@ on:
       - 'cloudformation/scenarios/simply-readable/cdk/**'
       - 'cloudformation/scenarios/simply-readable/scripts/**'
       - 'cloudformation/scenarios/minute/cdk/**'
+      - 'cloudformation/scenarios/fixmystreet/cdk/**'
       - 'cloudformation/isb-hub/**'
   workflow_dispatch:
 
@@ -292,8 +293,64 @@ jobs:
           path: cloudformation/scenarios/minute/template.yaml
           retention-days: 1
 
+  synth-fixmystreet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: '22'
+          cache: 'npm'
+          cache-dependency-path: cloudformation/scenarios/fixmystreet/cdk/package-lock.json
+
+      - name: Build and synth fixmystreet CDK
+        working-directory: cloudformation/scenarios/fixmystreet/cdk
+        run: |
+          npm ci
+          npm run build
+          npx cdk synth
+
+      - name: Strip bootstrap cruft and validate template
+        working-directory: cloudformation/scenarios/fixmystreet/cdk
+        run: |
+          node -e "
+            const fs = require('fs');
+            const t = JSON.parse(fs.readFileSync('../cdk.out/FixMyStreetStack.template.json', 'utf8'));
+            delete t.Parameters?.BootstrapVersion;
+            delete t.Resources?.CDKMetadata;
+            delete t.Rules?.CheckBootstrapVersion;
+            const str = JSON.stringify(t);
+            const errors = [];
+            if (str.includes('AssetParameters') || str.includes('cdk-bootstrap')) {
+              errors.push('Template contains CDK bootstrap/asset dependencies');
+            }
+            const deletionPolicies = str.match(/\"DeletionPolicy\":\s*\"(Snapshot|Retain)\"/g);
+            if (deletionPolicies) {
+              errors.push('Template contains non-DESTROY deletion policies: ' + deletionPolicies.join(', '));
+            }
+            const size = Buffer.byteLength(JSON.stringify(t, null, 2));
+            if (size > 400000) {
+              errors.push('Template size ' + size + ' bytes approaching CloudFormation S3 limit (460,800)');
+            }
+            if (errors.length > 0) {
+              errors.forEach(e => console.error('ERROR: ' + e));
+              process.exit(1);
+            }
+            // Write JSON content to .yaml — CloudFormation accepts both formats regardless of extension
+            const content = '# Auto-generated from CDK synthesis. Do not edit.\n' + JSON.stringify(t, null, 2);
+            fs.writeFileSync('../template.yaml', content);
+            console.log('Wrote template.yaml (' + size + ' bytes, ' + Object.keys(t.Resources || {}).length + ' resources)');
+          "
+
+      - uses: actions/upload-artifact@v7
+        with:
+          name: fixmystreet-template
+          path: cloudformation/scenarios/fixmystreet/template.yaml
+          retention-days: 1
+
   deploy:
-    needs: [synth-localgov-drupal, synth-localgov-ims, synth-simply-readable, synth-minute]
+    needs: [synth-localgov-drupal, synth-localgov-ims, synth-simply-readable, synth-minute, synth-fixmystreet]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
@@ -313,6 +370,11 @@ jobs:
           name: minute-template
           path: cloudformation/scenarios/minute
 
+      - uses: actions/download-artifact@v8
+        with:
+          name: fixmystreet-template
+          path: cloudformation/scenarios/fixmystreet
+
       - uses: actions/download-artifact@v8
         with:
           name: simply-readable-template

.github/workflows/docker-build-fixmystreet.yml

@@ -0,0 +1,103 @@
+# Build and publish FixMyStreet container image to ghcr.io
+#
+# Triggers on:
+# - Push to main branch affecting docker files
+# - All pull requests (skips build if no relevant files changed)
+# - Manual workflow_dispatch
+
+name: Build FixMyStreet Container
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'cloudformation/scenarios/fixmystreet/docker/**'
+      - '.github/workflows/docker-build-fixmystreet.yml'
+  pull_request:
+  workflow_dispatch:
+    inputs:
+      push_image:
+        description: 'Push image to registry'
+        required: false
+        default: true
+        type: boolean
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: co-cddo/ndx_try_aws_scenarios-fixmystreet
+
+jobs:
+  changes:
+    name: Check for Docker changes
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    outputs:
+      docker: ${{ steps.filter.outputs.docker }}
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dorny/paths-filter@v4
+        id: filter
+        with:
+          filters: |
+            docker:
+              - 'cloudformation/scenarios/fixmystreet/docker/**'
+              - '.github/workflows/docker-build-fixmystreet.yml'
+
+  build:
+    name: Build and Push Container
+    runs-on: ubuntu-latest
+    needs: [changes]
+    # Run if: push/dispatch (changes job skipped), OR PR with docker changes
+    if: |
+      always() &&
+      (needs.changes.result == 'skipped' || needs.changes.outputs.docker == 'true')
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v4
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=sha-
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch,enable=${{ github.ref != 'refs/heads/main' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v7
+        with:
+          context: cloudformation/scenarios/fixmystreet/docker
+          file: cloudformation/scenarios/fixmystreet/docker/Dockerfile
+          push: ${{ (github.ref == 'refs/heads/main' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image != 'false')) }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64
+
+      - name: Output image details
+        run: |
+          echo "## Docker Image Built" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Registry:** ${{ env.REGISTRY }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Image:** ${{ env.IMAGE_NAME }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Tags:**" >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY
+          echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
+          echo '```' >> $GITHUB_STEP_SUMMARY

cloudformation/isb-hub/lib/isb-hub-stack.ts

@@ -32,6 +32,7 @@ const SCENARIOS: ScenarioConfig[] = [
   { name: 'simply-readable', description: 'NDX:Try Simply Readable - Document Translation & Easy Read, built by Swindon Borough Council' },
   { name: 'localgov-ims', description: 'NDX:Try LocalGov IMS - Income Management System with GOV.UK Pay', parameterKeys: ['GovUkPayApiKey'] },
   { name: 'minute', description: 'Minute AI - Meeting transcription and AI-powered minute generation' },
+  { name: 'fixmystreet', description: 'NDX:Try FixMyStreet - Citizen problem reporting platform for UK councils' },
   { name: 'all-demo', description: 'NDX:Try All Demo - Deploys all 7 scenarios as nested stacks' },
 ];
 

cloudformation/scenarios/fixmystreet/cdk/bin/app.ts

@@ -0,0 +1,12 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { FixMyStreetStack } from '../lib/fixmystreet-stack';
+
+const app = new cdk.App();
+
+new FixMyStreetStack(app, 'FixMyStreetStack', {
+  // No env — produces environment-agnostic template using CloudFormation intrinsics
+  // (Fn::GetAZs, Ref: AWS::Region) so the same template works in any account/region via StackSets
+  description: 'FixMyStreet - Citizen Problem Reporting Platform for UK Councils',
+});

cloudformation/scenarios/fixmystreet/cdk/cdk.json

@@ -0,0 +1,34 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/app.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test",
+      "dist"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws"
+    ],
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true
+  },
+  "output": "../cdk.out"
+}

cloudformation/scenarios/fixmystreet/cdk/jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/test'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};

cloudformation/scenarios/fixmystreet/cdk/lib/constructs/cloudfront.ts

@@ -0,0 +1,32 @@
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
+import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import { Construct } from 'constructs';
+
+export interface CloudFrontConstructProps {
+  readonly loadBalancer: elbv2.IApplicationLoadBalancer;
+}
+
+export class CloudFrontConstruct extends Construct {
+  public readonly distribution: cloudfront.Distribution;
+  public readonly domainName: string;
+
+  constructor(scope: Construct, id: string, props: CloudFrontConstructProps) {
+    super(scope, id);
+
+    this.distribution = new cloudfront.Distribution(this, 'Distribution', {
+      comment: 'FixMyStreet - HTTPS Termination',
+      defaultBehavior: {
+        origin: new origins.LoadBalancerV2Origin(props.loadBalancer, {
+          protocolPolicy: cloudfront.OriginProtocolPolicy.HTTP_ONLY,
+        }),
+        viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+        allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
+        cachePolicy: cloudfront.CachePolicy.CACHING_DISABLED,
+        originRequestPolicy: cloudfront.OriginRequestPolicy.ALL_VIEWER,
+      },
+    });
+
+    this.domainName = this.distribution.distributionDomainName;
+  }
+}