leanstacks · mwarman · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026
diff --git a/.env.example b/.env.example
@@ -10,6 +10,7 @@ VITE_BUILD_TS=1970-01-01T00:00:00Z
 VITE_BUILD_COMMIT_SHA=local
 VITE_BUILD_ENV_CODE=local
 VITE_BUILD_WORKFLOW_NAME=local
+VITE_BUILD_WORKFLOW_RUNNER=local
 VITE_BUILD_WORKFLOW_RUN_NUMBER=1
 VITE_BUILD_WORKFLOW_RUN_ATTEMPT=1
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -52,14 +52,40 @@ jobs:
         run: npm run test:ci
 
       # --- Infrastructure Checks ---
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v6
+      - name: Install infrastructure dependencies
+        working-directory: ./infrastructure
+        run: npm ci
+
+      - name: Build infrastructure
+        working-directory: ./infrastructure
+        run: npm run build
+
+      - name: Run infrastructure tests with coverage
+        working-directory: ./infrastructure
+        run: npm run test:coverage
+
+      - name: Create infrastructure .env file
+        working-directory: ./infrastructure
+        run: |
+          echo "${{ vars.CDK_ENV_DEV }}" > .env
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v6.0.0
         with:
-          aws-region: ${{ vars.AWS_REGION }}
           role-to-assume: ${{ vars.AWS_ROLE_ARN_DEV }}
           role-session-name: ci-ionic8-starter
+          aws-region: ${{ vars.AWS_REGION }}
 
-      - name: Validate AWS CloudFormation Template
-        run: |-
-          aws cloudformation validate-template \
-          --template-body file://template.yml
+      - name: Synthesize CDK stacks
+        working-directory: ./infrastructure
+        run: npm run synth
+
+      # Final Step: Clean up sensitive infrastructure files
+      - name: Clean up sensitive files
+        if: always()
+        working-directory: ./infrastructure
+        run: |
+          echo "🧹 Cleaning up sensitive files..."
+          rm -f .env
+          rm -rf cdk.out
+          echo "✅ Sensitive files cleaned up"
diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml
@@ -144,85 +144,88 @@ jobs:
             echo "✅ All packages are up to date" >> $GITHUB_STEP_SUMMARY
           fi
 
-      # - name: Install infrastructure dependencies
-      #   working-directory: ./infrastructure
-      #   run: npm ci
-
-      # - name: Run infrastructure tests with detailed coverage
-      #   working-directory: ./infrastructure
-      #   run: |
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     echo "## Infrastructure Test Coverage Analysis" >> $GITHUB_STEP_SUMMARY
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     npm run test:coverage
-
-      #     # Extract coverage summary
-      #     if [ -f coverage/coverage-summary.json ]; then
-      #       echo "### Infrastructure Coverage Summary:" >> $GITHUB_STEP_SUMMARY
-      #       echo "" >> $GITHUB_STEP_SUMMARY
-
-      #       # Use Node.js to parse JSON and create a table
-      #       node -e "
-      #         const fs = require('fs');
-      #         const coverage = JSON.parse(fs.readFileSync('coverage/coverage-summary.json', 'utf8'));
-      #         const total = coverage.total;
-
-      #         console.log('| Metric | Percentage | Covered/Total |');
-      #         console.log('|--------|------------|---------------|');
-      #         console.log(\`| Lines | \${total.lines.pct}% | \${total.lines.covered}/\${total.lines.total} |\`);
-      #         console.log(\`| Functions | \${total.functions.pct}% | \${total.functions.covered}/\${total.functions.total} |\`);
-      #         console.log(\`| Branches | \${total.branches.pct}% | \${total.branches.covered}/\${total.branches.total} |\`);
-      #         console.log(\`| Statements | \${total.statements.pct}% | \${total.statements.covered}/\${total.statements.total} |\`);
-      #       " >> $GITHUB_STEP_SUMMARY
-      #     fi
-
-      # - name: Infrastructure build check
-      #   run: |
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     echo "## Infrastructure Build" >> $GITHUB_STEP_SUMMARY
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     npm run build > infra-tsc-output.txt 2>&1
-      #     if [ $? -eq 0 ]; then
-      #       echo "✅ Build successful" >> $GITHUB_STEP_SUMMARY
-      #     else
-      #       echo "❌ Build failed:" >> $GITHUB_STEP_SUMMARY
-      #       echo '```' >> $GITHUB_STEP_SUMMARY
-      #       cat infra-tsc-output.txt >> $GITHUB_STEP_SUMMARY
-      #       echo '```' >> $GITHUB_STEP_SUMMARY
-      #     fi
-
-      # - name: Infrastructure security audit
-      #   run: |
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     echo "## Infrastructure Security Audit" >> $GITHUB_STEP_SUMMARY
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     npm audit --audit-level=moderate --omit=dev > infra-security-output.txt 2>&1 || true
-
-      #     if grep -q "found 0 vulnerabilities" infra-security-output.txt; then
-      #       echo "✅ No security vulnerabilities found" >> $GITHUB_STEP_SUMMARY
-      #     else
-      #       echo "⚠️ Security vulnerabilities detected:" >> $GITHUB_STEP_SUMMARY
-      #       echo '```' >> $GITHUB_STEP_SUMMARY
-      #       cat infra-security-output.txt >> $GITHUB_STEP_SUMMARY
-      #       echo '```' >> $GITHUB_STEP_SUMMARY
-      #     fi
-
-      # - name: Infrastructure package analysis
-      #   run: |
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-      #     echo "## Infrastructure Package Analysis" >> $GITHUB_STEP_SUMMARY
-      #     echo "" >> $GITHUB_STEP_SUMMARY
-
-      #     # Check for outdated packages
-      #     echo "### Outdated Packages:" >> $GITHUB_STEP_SUMMARY
-      #     npm outdated > infra-outdated-output.txt 2>&1 || true
-      #     if [ -s infra-outdated-output.txt ]; then
-      #       echo '```' >> $GITHUB_STEP_SUMMARY
-      #       cat infra-outdated-output.txt >> $GITHUB_STEP_SUMMARY
-      #       echo '```' >> $GITHUB_STEP_SUMMARY
-      #     else
-      #       echo "✅ All packages are up to date" >> $GITHUB_STEP_SUMMARY
-      #     fi
+      - name: Install infrastructure dependencies
+        working-directory: ./infrastructure
+        run: npm ci
+
+      - name: Run infrastructure tests with detailed coverage
+        working-directory: ./infrastructure
+        run: |
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "## Infrastructure Test Coverage Analysis" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          npm run test:coverage
+
+          # Extract coverage summary
+          if [ -f coverage/coverage-summary.json ]; then
+            echo "### Infrastructure Coverage Summary:" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+
+            # Use Node.js to parse JSON and create a table
+            node -e "
+              const fs = require('fs');
+              const coverage = JSON.parse(fs.readFileSync('coverage/coverage-summary.json', 'utf8'));
+              const total = coverage.total;
+
+              console.log('| Metric | Percentage | Covered/Total |');
+              console.log('|--------|------------|---------------|');
+              console.log(\`| Lines | \${total.lines.pct}% | \${total.lines.covered}/\${total.lines.total} |\`);
+              console.log(\`| Functions | \${total.functions.pct}% | \${total.functions.covered}/\${total.functions.total} |\`);
+              console.log(\`| Branches | \${total.branches.pct}% | \${total.branches.covered}/\${total.branches.total} |\`);
+              console.log(\`| Statements | \${total.statements.pct}% | \${total.statements.covered}/\${total.statements.total} |\`);
+            " >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: Infrastructure build check
+        working-directory: ./infrastructure
+        run: |
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "## Infrastructure Build" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          npm run build > infra-tsc-output.txt 2>&1
+          if [ $? -eq 0 ]; then
+            echo "✅ Build successful" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "❌ Build failed:" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            cat infra-tsc-output.txt >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: Infrastructure security audit
+        working-directory: ./infrastructure
+        run: |
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "## Infrastructure Security Audit" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          npm audit --audit-level=moderate --omit=dev > infra-security-output.txt 2>&1 || true
+
+          if grep -q "found 0 vulnerabilities" infra-security-output.txt; then
+            echo "✅ No security vulnerabilities found" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "⚠️ Security vulnerabilities detected:" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            cat infra-security-output.txt >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: Infrastructure package analysis
+        working-directory: ./infrastructure
+        run: |
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "## Infrastructure Package Analysis" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          # Check for outdated packages
+          echo "### Outdated Packages:" >> $GITHUB_STEP_SUMMARY
+          npm outdated > infra-outdated-output.txt 2>&1 || true
+          if [ -s infra-outdated-output.txt ]; then
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            cat infra-outdated-output.txt >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+          else
+            echo "✅ All packages are up to date" >> $GITHUB_STEP_SUMMARY
+          fi
 
       - name: Archive test results
         if: always()

diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -13,13 +13,7 @@ concurrency:
   cancel-in-progress: false
 
 env:
-  APP_NAME: ionic8-playground.leanstacks.net
-  AWS_CFN_STACK_NAME: ls-ui-ionic8playground-resources-dev
-  AWS_CFN_TEMPLATE: template.yml
   AWS_ENV_CODE: dev
-  AWS_REGION: ${{ vars.AWS_REGION }}
-  AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN_DEV }}
-  ENV_FILE: ${{ vars.ENV_DEV }}
 
 jobs:
   deploy:
@@ -47,7 +41,7 @@ jobs:
 
       - name: Create Environment Configuration
         run: |
-          echo "${{ env.ENV_FILE }}" > .env
+          echo "${{ vars.ENV_DEV }}" > .env
           echo "VITE_BUILD_DATE=$(date -u +'%Y-%m-%d')" >> .env
           echo "VITE_BUILD_TIME=$(date -u +'%H:%M:%S')" >> .env
           echo "VITE_BUILD_TS=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> .env
@@ -64,28 +58,49 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v6
         with:
-          aws-region: ${{ env.AWS_REGION }}
-          role-to-assume: ${{ env.AWS_ROLE_ARN }}
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: ${{ vars.AWS_ROLE_ARN_DEV }}
           role-session-name: deploy-ionic8-starter-dev
 
-      - name: Deploy AWS CloudFormation Stack
-        run: |-
-          aws cloudformation deploy \
-          --stack-name ${{ env.AWS_CFN_STACK_NAME }} \
-          --template-file ${{ env.AWS_CFN_TEMPLATE }} \
-          --parameter-overrides EnvironmentCode=${{ env.AWS_ENV_CODE }} \
-          --tags App=${{ env.APP_NAME }} Env=${{ env.AWS_ENV_CODE }} OU=leanstacks Owner='Matthew Warman'
-
-      - name: Get CloudFormation Stack Outputs
-        id: cloudformation
-        run: |-
-          APP_BUCKET_NAME=$(
-            aws cloudformation describe-stacks \
-            --stack-name ${{ env.AWS_CFN_STACK_NAME }} \
-            --query "Stacks[0].Outputs[?OutputKey=='AppBucketName'].OutputValue | [0]"
-          )
-          echo "APP_BUCKET_NAME=$APP_BUCKET_NAME" >> "$GITHUB_OUTPUT"
-
-      - name: Deploy to AWS S3
+      - name: Install infrastructure dependencies
+        working-directory: ./infrastructure
+        run: npm ci
+
+      - name: Create infrastructure .env file
+        working-directory: ./infrastructure
+        run: |
+          echo "${{ vars.CDK_ENV_DEV }}" > .env
+          echo "✅ Infrastructure .env file created"
+
+      - name: Build infrastructure
+        working-directory: ./infrastructure
+        run: npm run build
+
+      - name: Bootstrap CDK
+        working-directory: ./infrastructure
+        run: |
+          echo "⚡ Checking if CDK bootstrap is needed..."
+          # Try to describe the bootstrap stack to see if it exists
+          if ! aws cloudformation describe-stacks --stack-name CDKToolkit --region ${{ vars.AWS_REGION }} >/dev/null 2>&1; then
+            echo "🚀 CDK not bootstrapped, bootstrapping now..."
+            npm run bootstrap
+          else
+            echo "✅ CDK already bootstrapped, skipping..."
+          fi
+
+      - name: Synthesize CDK stacks
+        working-directory: ./infrastructure
+        run: npm run synth
+
+      - name: Deploy CDK stacks
+        working-directory: ./infrastructure
+        run: npm run deploy:all -- --require-approval never
+
+      - name: Clean up sensitive files
+        if: always()
+        working-directory: ./infrastructure
         run: |
-          aws s3 sync dist s3://${{ steps.cloudformation.outputs.APP_BUCKET_NAME }} --delete
+          echo "🧹 Cleaning up sensitive files..."
+          rm -f .env
+          rm -rf cdk.out
+          echo "✅ Sensitive files cleaned up"