chore: rewrite project structure

.github/workflows/deploy.yml

@@ -57,14 +57,13 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Set up node
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      - name: Set up uv
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
         with:
-          node-version: 20
-          cache: 'npm'
+          enable-cache: true
 
       - name: Install dependencies
-        run: npm ci
+        run: uv sync --locked
 
       - name: Assume Github OIDC role
         uses: aws-actions/configure-aws-credentials@99214aa6889fcddfa57764031d71add364327e59 # v6.1.3
@@ -98,8 +97,8 @@ jobs:
           echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV
 
       - name: Run CDK synth
-        run: npm run cdk -- synth
+        run: uv run npx cdk synth "*"
 
       - name: Run CDK deploy
         if: github.event_name == 'workflow_dispatch'
-        run: npm run cdk -- deploy --all --require-approval never
+        run: uv run npx cdk deploy "*" --require-approval never

.github/workflows/tests.yml

@@ -10,28 +10,6 @@ on:
   workflow_dispatch:
 
 jobs:
-  node-tests:
-    name: node-tests
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
-        with:
-          node-version: "20"
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run tests
-        run: npm test
-
   python-runtime-tests:
     name: pytest (${{ matrix.runtime.name }})
     runs-on: ubuntu-latest
@@ -54,11 +32,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version: "3.12"
-
       - name: Set up uv
         uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
         with:

.gitignore

@@ -5,6 +5,7 @@ node_modules
 
 .pyc
 __pycache__
+.pytest_cache
 .venv
 .env
 .envrc

README.md

@@ -5,7 +5,7 @@
 
 ## Overview
 
-This repository contains the AWS CDK code (written in typescript) used to deploy the MAAP project eoapi infrastructure. It is based on the [eoapi-template example](https://github.com/developmentseed/eoapi-template). For the MAAP use case, we use a subset of the eoapi CDK constructs to define a database, an ingestion API, a STAC API, a raster API (i.e a tiling API) and a pgbouncer instance to manage connections to the database. Here, we deploy all these components into a custom VPC.
+This repository contains the AWS CDK code (written in Python) used to deploy the MAAP project eoapi infrastructure. It is based on the [eoapi-template example](https://github.com/developmentseed/eoapi-template). For the MAAP use case, we use a subset of the eoapi CDK constructs to define a database, an ingestion API, a STAC API, a raster API (i.e a tiling API) and a pgbouncer instance to manage connections to the database. Here, we deploy all these components into a custom VPC.
 
 
 ## Automated Deployment

app.py

@@ -0,0 +1,137 @@
+#!/usr/bin/env python3
+import aws_cdk as cdk
+
+from cdk.config import Config
+from cdk.maap_eoapi_common import MaapEoapiCommon
+from cdk.patch_manager import PatchManagerStack
+from cdk.pgstac_infra import (
+    DpsStacItemGenConfig,
+    IngestorConfig,
+    PgStacDbConfig,
+    PgStacInfra,
+    StacApiConfig,
+    StacBrowserConfig,
+    TitilerPgstacConfig,
+)
+from cdk.vpc import VpcStack
+
+config = Config()
+
+app = cdk.App()
+
+vpc_stack = VpcStack(
+    app,
+    config.build_stack_name("vpc"),
+    termination_protection=False,
+    tags=config.tags,
+    nat_gateway_count=None if config.stage == "prod" else 1,
+)
+
+# Create common resources to be shared by pgSTAC and userSTAC stacks
+common = MaapEoapiCommon(
+    app,
+    config.build_stack_name("common"),
+    tags=config.tags,
+    stage=config.stage,
+    termination_protection=False,
+)
+
+core_infrastructure = PgStacInfra(
+    app,
+    config.build_stack_name("pgSTAC"),
+    vpc=vpc_stack.vpc,
+    tags=config.tags,
+    stage=config.stage,
+    type="public",
+    version=config.version,
+    certificate_arn=config.certificate_arn,
+    web_acl_arn=config.web_acl_arn,
+    logging_bucket_arn=common.logging_bucket.bucket_arn,
+    pgstac_db_config=PgStacDbConfig(
+        instance_type=config.db_instance_type,
+        pgstac_version=config.pgstac_version,
+        allocated_storage=config.db_allocated_storage,
+        subnet_public=False,
+    ),
+    stac_api_config=StacApiConfig(
+        custom_domain_name=config.stac_api_custom_domain_name,
+        integration_api_arn=config.stac_api_integration_api_arn,
+    ),
+    titiler_pgstac_config=TitilerPgstacConfig(
+        mosaic_host=config.mosaic_host,
+        buckets_path="./titiler_buckets.yaml",
+        custom_domain_name=config.titiler_pg_stac_api_custom_domain_name,
+        data_access_role_arn=config.titiler_data_access_role_arn,
+    ),
+    stac_browser_config=StacBrowserConfig(
+        repo_tag=config.stac_browser_repo_tag,
+        custom_domain_name=config.stac_browser_custom_domain_name,
+        certificate_arn=config.stac_browser_certificate_arn,
+    ),
+    ingestor_config=IngestorConfig(
+        jwks_url=config.jwks_url,
+        data_access_role_arn=config.ingestor_data_access_role_arn,
+        domain_name=config.ingestor_domain_name,
+        user_data_path="./userdata.yaml",
+    ),
+    add_stactools_item_generator=True,
+    termination_protection=False,
+)
+
+user_infrastructure = PgStacInfra(
+    app,
+    config.build_stack_name("userSTAC"),
+    vpc=vpc_stack.vpc,
+    tags=config.tags,
+    stage=config.stage,
+    type="internal",
+    version=config.version,
+    certificate_arn=config.certificate_arn,
+    web_acl_arn=config.web_acl_arn,
+    logging_bucket_arn=common.logging_bucket.bucket_arn,
+    pgstac_db_config=PgStacDbConfig(
+        instance_type=config.db_instance_type,
+        pgstac_version=config.pgstac_version,
+        allocated_storage=config.db_allocated_storage,
+        subnet_public=False,
+    ),
+    stac_api_config=StacApiConfig(
+        custom_domain_name=config.user_stac_stac_api_custom_domain_name,
+        transactions=(
+            config.user_stac_collection_transactions  # type: ignore[arg-type]
+        ),
+    ),
+    titiler_pgstac_config=TitilerPgstacConfig(
+        mosaic_host=config.mosaic_host,
+        buckets_path="./titiler_buckets.yaml",
+        custom_domain_name=config.user_stac_titiler_pgstac_api_custom_domain_name,
+        data_access_role_arn=config.titiler_data_access_role_arn,
+    ),
+    add_stactools_item_generator=False,
+    **(
+        {
+            "dps_stac_item_gen_config": DpsStacItemGenConfig(
+                item_gen_role_arn=config.user_stac_item_gen_role_arn,
+                inbound_topic_arns=config.user_stac_inbound_topic_arns,
+                user_stac_collection_id_registry=config.user_stac_collection_id_registry,
+            )
+        }
+        if config.user_stac_item_gen_role_arn
+        else {}
+    ),
+    termination_protection=False,
+)
+
+patch_manager = PatchManagerStack(
+    app,
+    config.build_stack_name("patch-manager"),
+    pgbouncer_param_names=[
+        f"/maap-eoapi/{config.stage}/public/pgbouncer-instance-id",
+        f"/maap-eoapi/{config.stage}/internal/pgbouncer-instance-id",
+    ],
+    termination_protection=False,
+)
+patch_manager.add_dependency(core_infrastructure)
+patch_manager.add_dependency(user_infrastructure)
+
+app.synth()

cdk.json

@@ -1,17 +1,17 @@
 {
-  "app": "npx ts-node --prefer-ts-exts cdk/app.ts",
+  "app": "python app.py",
   "watch": {
     "include": ["**"],
     "exclude": [
       "README.md",
       "cdk*.json",
       "**/*.d.ts",
       "**/*.js",
-      "tsconfig.json",
-      "package*.json",
-      "yarn.lock",
       "node_modules",
-      "test"
+      "tests",
+      "**/__pycache__",
+      "**/.venv",
+      "uv.lock"
     ]
   },
   "context": {