@jjrawlins/cdk-diff-pr-github-action 0.0.72 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/.jsii +1067 -105
  2. package/API.md +1166 -198
  3. package/README.md +194 -14
  4. package/lib/CdkDiffIamTemplate.d.ts +36 -3
  5. package/lib/CdkDiffIamTemplate.js +116 -87
  6. package/lib/CdkDiffIamTemplateStackSet.d.ts +149 -0
  7. package/lib/CdkDiffIamTemplateStackSet.js +373 -0
  8. package/lib/CdkDiffStackWorkflow.d.ts +2 -2
  9. package/lib/CdkDiffStackWorkflow.js +2 -2
  10. package/lib/CdkDriftDetectionWorkflow.d.ts +5 -2
  11. package/lib/CdkDriftDetectionWorkflow.js +20 -4
  12. package/lib/CdkDriftIamTemplate.d.ts +36 -3
  13. package/lib/CdkDriftIamTemplate.js +92 -63
  14. package/lib/index.d.ts +1 -0
  15. package/lib/index.js +2 -1
  16. package/package.json +1 -1
package/.jsii CHANGED
@@ -3549,7 +3549,7 @@
3549
3549
  },
3550
3550
  "name": "@jjrawlins/cdk-diff-pr-github-action",
3551
3551
  "readme": {
3552
- "markdown": "# cdk-diff-pr-github-action\n\nA small Projen-based helper library that wires GitHub workflows for:\n- Creating CloudFormation Change Sets for your CDK stacks on pull requests and commenting a formatted diff back on the PR.\n- Detecting CloudFormation drift on a schedule or manual trigger and producing a consolidated summary (optionally creating an issue).\n\nIt also provides ready‑to‑deploy IAM templates with the minimal permissions required for each workflow.\n\nThis package exposes four constructs:\n\n- `CdkDiffStackWorkflow` — Generates one GitHub Actions workflow per stack to create a change set and render the diff back to the PR and Step Summary.\n- `CdkDiffIamTemplate` — Emits a CloudFormation template file with minimal permissions for the Change Set workflow.\n- `CdkDriftDetectionWorkflow` — Generates a GitHub Actions workflow to detect CloudFormation drift per stack, upload machine‑readable results, and aggregate a summary.\n- `CdkDriftIamTemplate` — Emits a CloudFormation template file with minimal permissions for the Drift Detection workflow.\n\n## Quick start\n\n1) Add the constructs to your Projen project (in `.projenrc.ts`).\n2) Synthesize with `npx projen`.\n3) Commit the generated files.\n4) Open a pull request or run the drift detection workflow.\n\n## Usage: CdkDiffStackWorkflow\n\n`CdkDiffStackWorkflow` renders a workflow per stack named `diff-<StackName>.yml` under `.github/workflows/`. It also generates a helper script at `.github/workflows/scripts/describe-cfn-changeset.ts` that formats the change set output and takes care of posting the PR comment and Step Summary.\n\nExample `.projenrc.ts`:\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDiffStackWorkflow } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({\n // ... your usual settings ...\n workflowName: 'my-lib',\n defaultReleaseBranch: 'main',\n cdkVersion: '2.85.0',\n github: true,\n});\n\nnew CdkDiffStackWorkflow({\n project,\n stacks: [\n {\n stackName: 'MyAppStack',\n changesetRoleToAssumeArn: 'arn:aws:iam::123456789012:role/cdk-diff-role',\n changesetRoleToAssumeRegion: 'us-east-1',\n // Optional per‑stack OIDC override (if not using the defaults below)\n // oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n // oidcRegion: 'us-east-1',\n },\n ],\n // Default OIDC role/region used by all stacks unless overridden per‑stack\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: Node version used in the workflow (default: '24.x')\n // nodeVersion: '24.x',\n // Optional: Yarn command to run CDK (default: 'cdk')\n // cdkYarnCommand: 'cdk',\n // Optional: Where to place the helper script (default: '.github/workflows/scripts/describe-cfn-changeset.ts')\n // scriptOutputPath: '.github/workflows/scripts/describe-cfn-changeset.ts',\n});\n\nproject.synth();\n```\n\n### CdkDiffStackWorkflow props\n- `project` (required) — Your Projen project instance.\n- `stacks` (required) — Array of stack entries.\n- `oidcRoleArn` (required unless provided per‑stack) — Default OIDC role ARN.\n- `oidcRegion` (required unless provided per‑stack) — Default OIDC region.\n- `nodeVersion` (optional, default `'24.x'`) — Node.js version for the workflow runner.\n- `cdkYarnCommand` (optional, default `'cdk'`) — Yarn script/command to invoke CDK.\n- `scriptOutputPath` (optional, default `'.github/workflows/scripts/describe-cfn-changeset.ts'`) — Where to write the helper script.\n\nIf neither top‑level OIDC defaults nor all per‑stack values are supplied, the construct throws a helpful error.\n\n### Stack item fields\n- `stackName` (required) — The CDK stack name to create the change set for.\n- `changesetRoleToAssumeArn` (required) — The ARN of the role used to create the change set (role chaining after OIDC).\n- `changesetRoleToAssumeRegion` (required) — The region for that role.\n- `oidcRoleArn` (optional) — Per‑stack override for the OIDC role.\n- `oidcRegion` (optional) — Per‑stack override for the OIDC region.\n\n### What gets generated\n- `.github/workflows/diff-<StackName>.yml` — One workflow per stack, triggered on PR open/sync/reopen.\n- `.github/workflows/scripts/describe-cfn-changeset.ts` — A helper script that:\n - Polls `DescribeChangeSet` until terminal\n - Filters out ignorable logical IDs or resource types using environment variables `IGNORE_LOGICAL_IDS` and `IGNORE_RESOURCE_TYPES`\n - Renders an HTML table with actions, logical IDs, types, replacements, and changed properties\n - Prints the HTML, appends to the GitHub Step Summary, and (if `GITHUB_TOKEN` and `GITHUB_COMMENT_URL` are present) posts a PR comment\n\n### Environment variables used by the change set script\n- `STACK_NAME` (required) — Stack name to describe.\n- `CHANGE_SET_NAME` (default: same as `STACK_NAME`).\n- `AWS_REGION` — Region for CloudFormation API calls. The workflow sets this via the credentials action(s).\n- `GITHUB_TOKEN` (optional) — If set with `GITHUB_COMMENT_URL`, posts a PR comment.\n- `GITHUB_COMMENT_URL` (optional) — PR comments URL.\n- `GITHUB_STEP_SUMMARY` (optional) — When present, appends the HTML to the step summary file.\n- `IGNORE_LOGICAL_IDS` (optional) — Comma‑separated logical IDs to ignore (default includes `CDKMetadata`).\n- `IGNORE_RESOURCE_TYPES` (optional) — Comma‑separated resource types to ignore (e.g., `AWS::CDK::Metadata`).\n\n## Usage: CdkDiffIamTemplate\n\nEmit an example IAM template you can deploy in your account for the Change Set workflow:\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDiffIamTemplate } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({\n // ...\n});\n\nnew CdkDiffIamTemplate({\n project,\n roleName: 'cdk-diff-role',\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: custom output path (default: 'cdk-diff-workflow-iam-template.yaml')\n // outputPath: 'infra/cdk-diff-iam.yaml',\n});\n\nproject.synth();\n```\n\nThis writes `cdk-diff-workflow-iam-template.yaml` at the project root (or your chosen `outputPath`). The template defines:\n- Parameter `GitHubOIDCRoleArn` with a default from `oidcRoleArn` — the ARN of your existing GitHub OIDC role allowed to assume the change set role.\n- IAM role `CdkChangesetRole` with minimal permissions for:\n - CloudFormation Change Set operations\n - Access to common CDK bootstrap S3 buckets and SSM parameters\n - `iam:PassRole` to `cloudformation.amazonaws.com`\n- Outputs exporting the role name and ARN.\n\nA Projen task is also added:\n\n```bash\nnpx projen deploy-cdkdiff-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args\n```\n\nUse the created role ARN as `changesetRoleToAssumeArn` in `CdkDiffStackWorkflow`.\n\n---\n\n## Usage: CdkDriftDetectionWorkflow\n\n`CdkDriftDetectionWorkflow` creates a single workflow file (default `drift-detection.yml`) that can run on a schedule and via manual dispatch. It generates a helper script at `.github/workflows/scripts/detect-drift.ts` (by default) that uses AWS SDK v3 to run drift detection, write optional machine‑readable JSON, and print an HTML report for the Step Summary.\n\nExample `.projenrc.ts`:\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDriftDetectionWorkflow } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({ github: true, /* ... */ });\n\nnew CdkDriftDetectionWorkflow({\n project,\n workflowName: 'Drift Detection', // optional; file name derived as 'drift-detection.yml'\n schedule: '0 1 * * *', // optional cron\n createIssues: true, // default true; create/update issue when drift detected on schedule\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: Node version (default '24.x')\n // nodeVersion: '24.x',\n // Optional: Where to place the helper script (default '.github/workflows/scripts/detect-drift.ts')\n // scriptOutputPath: '.github/workflows/scripts/detect-drift.ts',\n stacks: [\n {\n stackName: 'MyAppStack-Prod',\n driftDetectionRoleToAssumeArn: 'arn:aws:iam::123456789012:role/cdk-drift-role',\n driftDetectionRoleToAssumeRegion: 'us-east-1',\n // failOnDrift: true, // optional (default true)\n },\n ],\n});\n\nproject.synth();\n```\n\n### CdkDriftDetectionWorkflow props\n- `project` (required) — Your Projen project instance.\n- `stacks` (required) — Array of stacks to check.\n- `oidcRoleArn` (required) — Default OIDC role ARN used before chaining into per‑stack drift roles.\n- `oidcRegion` (required) — Default OIDC region.\n- `workflowName` (optional, default `'drift-detection'`) — Human‑friendly workflow name; the file name is derived in kebab‑case.\n- `schedule` (optional) — Cron expression for automatic runs.\n- `createIssues` (optional, default `true`) — When true, scheduled runs will create/update a GitHub issue if drift is detected.\n- `nodeVersion` (optional, default `'24.x'`) — Node.js version for the runner.\n- `scriptOutputPath` (optional, default `'.github/workflows/scripts/detect-drift.ts'`) — Where to write the helper script.\n\n### Per‑stack fields\n- `stackName` (required) — The full CloudFormation stack name.\n- `driftDetectionRoleToAssumeArn` (required) — Role to assume (after OIDC) for making drift API calls.\n- `driftDetectionRoleToAssumeRegion` (required) — Region for that role and API calls.\n- `failOnDrift` (optional, default `true`) — Intended to fail the detection step on drift. The provided script exits with non‑zero when drift is found; the job continues to allow artifact upload and issue creation.\n\n### What gets generated\n- `.github/workflows/<kebab(workflowName)>.yml` — A workflow with one job per stack plus a final summary job.\n- `.github/workflows/scripts/detect-drift.ts` — Helper script that:\n - Starts drift detection and polls until completion\n - Lists non‑`IN_SYNC` resources and builds an HTML report\n - Writes optional JSON to `DRIFT_DETECTION_OUTPUT` when set\n - Prints to stdout and appends to the GitHub Step Summary when available\n\n### Artifacts and summary\n- Each stack job uploads `drift-results-<stack>.json` (if produced).\n- A final `Drift Detection Summary` job downloads all artifacts and prints a consolidated summary.\n\n### Manual dispatch\n- The workflow exposes an input named `stack` with choices including each configured stack and an `all` option.\n- Choose a specific stack to run drift detection for that stack only, or select `all` (or leave the input empty) to run all stacks.\n\nNote: The default workflow does not post PR comments for drift. It can create/update an Issue on scheduled runs when `createIssues` is `true`.\n\n### Post-notification steps (e.g., Slack)\n\nYou can add your own GitHub Action steps to run after the drift detection step for each stack using `postGitHubSteps`.\nProvide your own Slack payload/markdown (this library no longer generates a payload step for you).\n\nOption A: slackapi/slack-github-action (Incoming Webhook, official syntax)\n\n```ts\nnew CdkDriftDetectionWorkflow({\n project,\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n stacks: [/* ... */],\n postGitHubSteps: ({ stack }) => {\n // Build a descriptive name per stack\n const name = `Notify Slack (${stack} post-drift)`;\n const step = {\n name,\n uses: 'slackapi/slack-github-action@v2.1.1',\n // by default, post steps run only when drift is detected; you can override `if`\n if: \"always() && steps.drift.outcome == 'failure'\",\n // Use official inputs: webhook + webhook-type, and a YAML payload with blocks\n with: {\n webhook: '${{ secrets.CDK_NOTIFICATIONS_SLACK_WEBHOOK }}',\n 'webhook-type': 'incoming-webhook',\n payload: [\n 'text: \"** ${{ env.STACK_NAME }} ** has drifted!\"',\n 'blocks:',\n ' - type: \"section\"',\n ' text:',\n ' type: \"mrkdwn\"',\n ' text: \"*Stack:* ${{ env.STACK_NAME }} (region ${{ env.AWS_REGION }}) has drifted:exclamation:\"',\n ' - type: \"section\"',\n ' fields:',\n ' - type: \"mrkdwn\"',\n ' text: \"*Stack ARN*\\\\n${{ steps.drift.outputs.stack-arn }}\"',\n ' - type: \"mrkdwn\"',\n ' text: \"*Issue*\\\\n<${{ github.server_url }}/${{ github.repository }}/issues/${{ steps.issue.outputs.result }}|#${{ steps.issue.outputs.result }}>\"',\n ].join('\\n'),\n },\n };\n return [step];\n },\n});\n```\n\nNote: The Issue link requires `createIssues: true` (default) so that the `Create Issue on Drift` step runs before this Slack step and exposes `steps.issue.outputs.result`. This library orders the steps accordingly.\n\nDetails:\n- `postGitHubSteps` can be:\n - an array of step objects, or\n - a factory function `({ stack }) => step | step[]`.\n- Each step you provide is inserted after the results are uploaded.\n- Default condition: if you do not set `if` on your step, it will default to `always() && steps.drift.outcome == 'failure'`.\n- Available context/env you can use:\n - `${{ env.STACK_NAME }}`, `${{ env.DRIFT_DETECTION_OUTPUT }}`\n - `${{ steps.drift.outcome }}` — success/failure of the detect step\n - `${{ steps.drift.outputs.stack-arn }}` — Stack ARN resolved at runtime\n - `${{ steps.issue.outputs.result }}` — Issue number if the workflow created/found one (empty when not applicable)\n```\n\n## Usage: CdkDriftIamTemplate\n\nEmit an example IAM template you can deploy in your account for the Drift Detection workflow:\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDriftIamTemplate } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({\n // ...\n});\n\nnew CdkDriftIamTemplate({\n project,\n roleName: 'cdk-drift-role',\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: custom output path (default: 'cdk-drift-workflow-iam-template.yaml')\n // outputPath: 'infra/cdk-drift-iam.yaml',\n});\n\nproject.synth();\n```\n\nThis writes `cdk-drift-workflow-iam-template.yaml` at the project root (or your chosen `outputPath`). The template defines:\n- Parameter `GitHubOIDCRoleArn` with a default from `oidcRoleArn` — the ARN of your existing GitHub OIDC role allowed to assume this drift role.\n- IAM role `CdkDriftRole` with minimal permissions for CloudFormation drift detection operations.\n- Outputs exporting the role name and ARN.\n\nA Projen task is also added:\n\n```bash\nnpx projen deploy-cdkdrift-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args\n```\n\n## Testing\n\nThis repository includes Jest tests that snapshot the synthesized outputs from Projen and assert that:\n- Diff workflows are created per stack and contain all expected steps.\n- Drift detection workflow produces one job per stack and a summary job.\n- Only one helper script file is generated per workflow type.\n- Per‑stack OIDC overrides (where supported) are respected.\n- Helpful validation errors are thrown for missing OIDC settings.\n- The IAM template files contain the expected resources and outputs.\n\nRun tests with:\n\n```bash\nyarn test\n```\n\n## Notes\n- This package assumes your repository is configured with GitHub Actions and that you have a GitHub OIDC role configured in AWS.\n- The generated scripts use the AWS SDK v3 for CloudFormation and, where applicable, the GitHub REST API.\n"
3552
+ "markdown": "# cdk-diff-pr-github-action\n\nA library that provides GitHub workflows and IAM templates for:\n- Creating CloudFormation Change Sets for your CDK stacks on pull requests and commenting a formatted diff back on the PR.\n- Detecting CloudFormation drift on a schedule or manual trigger and producing a consolidated summary (optionally creating an issue).\n- Deploying IAM roles across AWS Organizations using StackSets.\n\nIt also provides ready‑to‑deploy IAM templates with the minimal permissions required for each workflow.\n\n**Works with or without Projen** — The StackSet generator can be used standalone in any Node.js project.\n\nThis package exposes five constructs:\n\n- `CdkDiffStackWorkflow` — Generates one GitHub Actions workflow per stack to create a change set and render the diff back to the PR and Step Summary.\n- `CdkDiffIamTemplate` — Emits a CloudFormation template file with minimal permissions for the Change Set workflow.\n- `CdkDriftDetectionWorkflow` — Generates a GitHub Actions workflow to detect CloudFormation drift per stack, upload machine‑readable results, and aggregate a summary.\n- `CdkDriftIamTemplate` — Emits a CloudFormation template file with minimal permissions for the Drift Detection workflow.\n- `CdkDiffIamTemplateStackSet` — Creates a CloudFormation StackSet template for org-wide deployment of GitHub OIDC and IAM roles (Projen integration).\n- `CdkDiffIamTemplateStackSetGenerator` — Pure generator class for StackSet templates (no Projen dependency).\n\n## Quick start\n\n1) Add the constructs to your Projen project (in `.projenrc.ts`).\n2) Synthesize with `npx projen`.\n3) Commit the generated files.\n4) Open a pull request or run the drift detection workflow.\n\n## Usage: CdkDiffStackWorkflow\n\n`CdkDiffStackWorkflow` renders a workflow per stack named `diff-<StackName>.yml` under `.github/workflows/`. It also generates a helper script at `.github/workflows/scripts/describe-cfn-changeset.ts` that formats the change set output and takes care of posting the PR comment and Step Summary.\n\nExample `.projenrc.ts`:\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDiffStackWorkflow } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({\n // ... your usual settings ...\n workflowName: 'my-lib',\n defaultReleaseBranch: 'main',\n cdkVersion: '2.85.0',\n github: true,\n});\n\nnew CdkDiffStackWorkflow({\n project,\n stacks: [\n {\n stackName: 'MyAppStack',\n changesetRoleToAssumeArn: 'arn:aws:iam::123456789012:role/cdk-diff-role',\n changesetRoleToAssumeRegion: 'us-east-1',\n // Optional per‑stack OIDC override (if not using the defaults below)\n // oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n // oidcRegion: 'us-east-1',\n },\n ],\n // Default OIDC role/region used by all stacks unless overridden per‑stack\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: Node version used in the workflow (default: '24.x')\n // nodeVersion: '24.x',\n // Optional: Yarn command to run CDK (default: 'cdk')\n // cdkYarnCommand: 'cdk',\n // Optional: Where to place the helper script (default: '.github/workflows/scripts/describe-cfn-changeset.ts')\n // scriptOutputPath: '.github/workflows/scripts/describe-cfn-changeset.ts',\n});\n\nproject.synth();\n```\n\n### CdkDiffStackWorkflow props\n- `project` (required) — Your Projen project instance.\n- `stacks` (required) — Array of stack entries.\n- `oidcRoleArn` (required unless provided per‑stack) — Default OIDC role ARN.\n- `oidcRegion` (required unless provided per‑stack) — Default OIDC region.\n- `nodeVersion` (optional, default `'24.x'`) — Node.js version for the workflow runner.\n- `cdkYarnCommand` (optional, default `'cdk'`) — Yarn script/command to invoke CDK.\n- `scriptOutputPath` (optional, default `'.github/workflows/scripts/describe-cfn-changeset.ts'`) — Where to write the helper script.\n\nIf neither top‑level OIDC defaults nor all per‑stack values are supplied, the construct throws a helpful error.\n\n### Stack item fields\n- `stackName` (required) — The CDK stack name to create the change set for.\n- `changesetRoleToAssumeArn` (required) — The ARN of the role used to create the change set (role chaining after OIDC).\n- `changesetRoleToAssumeRegion` (required) — The region for that role.\n- `oidcRoleArn` (optional) — Per‑stack override for the OIDC role.\n- `oidcRegion` (optional) — Per‑stack override for the OIDC region.\n\n### What gets generated\n- `.github/workflows/diff-<StackName>.yml` — One workflow per stack, triggered on PR open/sync/reopen.\n- `.github/workflows/scripts/describe-cfn-changeset.ts` — A helper script that:\n - Polls `DescribeChangeSet` until terminal\n - Filters out ignorable logical IDs or resource types using environment variables `IGNORE_LOGICAL_IDS` and `IGNORE_RESOURCE_TYPES`\n - Renders an HTML table with actions, logical IDs, types, replacements, and changed properties\n - Prints the HTML, appends to the GitHub Step Summary, and (if `GITHUB_TOKEN` and `GITHUB_COMMENT_URL` are present) posts a PR comment\n\n### Environment variables used by the change set script\n- `STACK_NAME` (required) — Stack name to describe.\n- `CHANGE_SET_NAME` (default: same as `STACK_NAME`).\n- `AWS_REGION` — Region for CloudFormation API calls. The workflow sets this via the credentials action(s).\n- `GITHUB_TOKEN` (optional) — If set with `GITHUB_COMMENT_URL`, posts a PR comment.\n- `GITHUB_COMMENT_URL` (optional) — PR comments URL.\n- `GITHUB_STEP_SUMMARY` (optional) — When present, appends the HTML to the step summary file.\n- `IGNORE_LOGICAL_IDS` (optional) — Comma‑separated logical IDs to ignore (default includes `CDKMetadata`).\n- `IGNORE_RESOURCE_TYPES` (optional) — Comma‑separated resource types to ignore (e.g., `AWS::CDK::Metadata`).\n\n## Usage: CdkDiffIamTemplate\n\nEmit an example IAM template you can deploy in your account for the Change Set workflow.\n\n### With Projen\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDiffIamTemplate } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({\n // ...\n});\n\nnew CdkDiffIamTemplate({\n project,\n roleName: 'cdk-diff-role',\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: custom output path (default: 'cdk-diff-workflow-iam-template.yaml')\n // outputPath: 'infra/cdk-diff-iam.yaml',\n});\n\nproject.synth();\n```\n\nA Projen task is also added:\n\n```bash\nnpx projen deploy-cdkdiff-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args\n```\n\n### Without Projen (Standalone Generator)\n\n```ts\nimport { CdkDiffIamTemplateGenerator } from '@jjrawlins/cdk-diff-pr-github-action';\nimport * as fs from 'fs';\n\nconst template = CdkDiffIamTemplateGenerator.generateTemplate({\n roleName: 'cdk-diff-role',\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n});\n\nfs.writeFileSync('cdk-diff-iam-template.yaml', template);\n\n// Get the deploy command\nconst deployCmd = CdkDiffIamTemplateGenerator.generateDeployCommand('cdk-diff-iam-template.yaml');\nconsole.log('Deploy with:', deployCmd);\n```\n\n### What the template defines\n\n- Parameter `GitHubOIDCRoleArn` with a default from `oidcRoleArn` — the ARN of your existing GitHub OIDC role allowed to assume the change set role.\n- IAM role `CdkChangesetRole` with minimal permissions for:\n - CloudFormation Change Set operations\n - Access to common CDK bootstrap S3 buckets and SSM parameters\n - `iam:PassRole` to `cloudformation.amazonaws.com`\n- Outputs exporting the role name and ARN.\n\nUse the created role ARN as `changesetRoleToAssumeArn` in `CdkDiffStackWorkflow`.\n\n---\n\n## Usage: CdkDriftDetectionWorkflow\n\n`CdkDriftDetectionWorkflow` creates a single workflow file (default `drift-detection.yml`) that can run on a schedule and via manual dispatch. It generates a helper script at `.github/workflows/scripts/detect-drift.ts` (by default) that uses AWS SDK v3 to run drift detection, write optional machine‑readable JSON, and print an HTML report for the Step Summary.\n\nExample `.projenrc.ts`:\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDriftDetectionWorkflow } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({ github: true, /* ... */ });\n\nnew CdkDriftDetectionWorkflow({\n project,\n workflowName: 'Drift Detection', // optional; file name derived as 'drift-detection.yml'\n schedule: '0 1 * * *', // optional cron\n createIssues: true, // default true; create/update issue when drift detected on schedule\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: Node version (default '24.x')\n // nodeVersion: '24.x',\n // Optional: Where to place the helper script (default '.github/workflows/scripts/detect-drift.ts')\n // scriptOutputPath: '.github/workflows/scripts/detect-drift.ts',\n stacks: [\n {\n stackName: 'MyAppStack-Prod',\n driftDetectionRoleToAssumeArn: 'arn:aws:iam::123456789012:role/cdk-drift-role',\n driftDetectionRoleToAssumeRegion: 'us-east-1',\n // failOnDrift: true, // optional (default true)\n },\n ],\n});\n\nproject.synth();\n```\n\n### CdkDriftDetectionWorkflow props\n- `project` (required) — Your Projen project instance.\n- `stacks` (required) — Array of stacks to check.\n- `oidcRoleArn` (required) — Default OIDC role ARN used before chaining into per‑stack drift roles.\n- `oidcRegion` (required) — Default OIDC region.\n- `workflowName` (optional, default `'drift-detection'`) — Human‑friendly workflow name; the file name is derived in kebab‑case.\n- `schedule` (optional) — Cron expression for automatic runs.\n- `createIssues` (optional, default `true`) — When true, scheduled runs will create/update a GitHub issue if drift is detected.\n- `nodeVersion` (optional, default `'24.x'`) — Node.js version for the runner.\n- `scriptOutputPath` (optional, default `'.github/workflows/scripts/detect-drift.ts'`) — Where to write the helper script.\n\n### Per‑stack fields\n- `stackName` (required) — The full CloudFormation stack name.\n- `driftDetectionRoleToAssumeArn` (required) — Role to assume (after OIDC) for making drift API calls.\n- `driftDetectionRoleToAssumeRegion` (required) — Region for that role and API calls.\n- `failOnDrift` (optional, default `true`) — Intended to fail the detection step on drift. The provided script exits with non‑zero when drift is found; the job continues to allow artifact upload and issue creation.\n\n### What gets generated\n- `.github/workflows/<kebab(workflowName)>.yml` — A workflow with one job per stack plus a final summary job.\n- `.github/workflows/scripts/detect-drift.ts` — Helper script that:\n - Starts drift detection and polls until completion\n - Lists non‑`IN_SYNC` resources and builds an HTML report\n - Writes optional JSON to `DRIFT_DETECTION_OUTPUT` when set\n - Prints to stdout and appends to the GitHub Step Summary when available\n\n### Artifacts and summary\n- Each stack job uploads `drift-results-<stack>.json` (if produced).\n- A final `Drift Detection Summary` job downloads all artifacts and prints a consolidated summary.\n\n### Manual dispatch\n- The workflow exposes an input named `stack` with choices including each configured stack and an `all` option.\n- Choose a specific stack to run drift detection for that stack only, or select `all` (or leave the input empty) to run all stacks.\n\nNote: The default workflow does not post PR comments for drift. It can create/update an Issue on scheduled runs when `createIssues` is `true`.\n\n### Post-notification steps (e.g., Slack)\n\nYou can add your own GitHub Action steps to run after the drift detection step for each stack using `postGitHubSteps`.\nProvide your own Slack payload/markdown (this library no longer generates a payload step for you).\n\nOption A: slackapi/slack-github-action (Incoming Webhook, official syntax)\n\n```ts\nnew CdkDriftDetectionWorkflow({\n project,\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n stacks: [/* ... */],\n postGitHubSteps: ({ stack }) => {\n // Build a descriptive name per stack\n const name = `Notify Slack (${stack} post-drift)`;\n const step = {\n name,\n uses: 'slackapi/slack-github-action@v2.1.1',\n // by default, post steps run only when drift is detected; you can override `if`\n if: \"always() && steps.drift.outcome == 'failure'\",\n // Use official inputs: webhook + webhook-type, and a YAML payload with blocks\n with: {\n webhook: '${{ secrets.CDK_NOTIFICATIONS_SLACK_WEBHOOK }}',\n 'webhook-type': 'incoming-webhook',\n payload: [\n 'text: \"** ${{ env.STACK_NAME }} ** has drifted!\"',\n 'blocks:',\n ' - type: \"section\"',\n ' text:',\n ' type: \"mrkdwn\"',\n ' text: \"*Stack:* ${{ env.STACK_NAME }} (region ${{ env.AWS_REGION }}) has drifted:exclamation:\"',\n ' - type: \"section\"',\n ' fields:',\n ' - type: \"mrkdwn\"',\n ' text: \"*Stack ARN*\\\\n${{ steps.drift.outputs.stack-arn }}\"',\n ' - type: \"mrkdwn\"',\n ' text: \"*Issue*\\\\n<${{ github.server_url }}/${{ github.repository }}/issues/${{ steps.issue.outputs.result }}|#${{ steps.issue.outputs.result }}>\"',\n ].join('\\n'),\n },\n };\n return [step];\n },\n});\n```\n\nNote: The Issue link requires `createIssues: true` (default) so that the `Create Issue on Drift` step runs before this Slack step and exposes `steps.issue.outputs.result`. This library orders the steps accordingly.\n\nDetails:\n- `postGitHubSteps` can be:\n - an array of step objects, or\n - a factory function `({ stack }) => step | step[]`.\n- Each step you provide is inserted after the results are uploaded.\n- Default condition: if you do not set `if` on your step, it will default to `always() && steps.drift.outcome == 'failure'`.\n- Available context/env you can use:\n - `${{ env.STACK_NAME }}`, `${{ env.DRIFT_DETECTION_OUTPUT }}`\n - `${{ steps.drift.outcome }}` — success/failure of the detect step\n - `${{ steps.drift.outputs.stack-arn }}` — Stack ARN resolved at runtime\n - `${{ steps.issue.outputs.result }}` — Issue number if the workflow created/found one (empty when not applicable)\n```\n\n## Usage: CdkDriftIamTemplate\n\nEmit an example IAM template you can deploy in your account for the Drift Detection workflow.\n\n### With Projen\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDriftIamTemplate } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({\n // ...\n});\n\nnew CdkDriftIamTemplate({\n project,\n roleName: 'cdk-drift-role',\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n // Optional: custom output path (default: 'cdk-drift-workflow-iam-template.yaml')\n // outputPath: 'infra/cdk-drift-iam.yaml',\n});\n\nproject.synth();\n```\n\nA Projen task is also added:\n\n```bash\nnpx projen deploy-cdkdrift-iam-template -- --parameter-overrides GitHubOIDCRoleArn=... # plus any extra AWS CLI args\n```\n\n### Without Projen (Standalone Generator)\n\n```ts\nimport { CdkDriftIamTemplateGenerator } from '@jjrawlins/cdk-diff-pr-github-action';\nimport * as fs from 'fs';\n\nconst template = CdkDriftIamTemplateGenerator.generateTemplate({\n roleName: 'cdk-drift-role',\n oidcRoleArn: 'arn:aws:iam::123456789012:role/github-oidc-role',\n oidcRegion: 'us-east-1',\n});\n\nfs.writeFileSync('cdk-drift-iam-template.yaml', template);\n\n// Get the deploy command\nconst deployCmd = CdkDriftIamTemplateGenerator.generateDeployCommand('cdk-drift-iam-template.yaml');\nconsole.log('Deploy with:', deployCmd);\n```\n\n### What the template defines\n\n- Parameter `GitHubOIDCRoleArn` with a default from `oidcRoleArn` — the ARN of your existing GitHub OIDC role allowed to assume this drift role.\n- IAM role `CdkDriftRole` with minimal permissions for CloudFormation drift detection operations.\n- Outputs exporting the role name and ARN.\n\n---\n\n## Usage: CdkDiffIamTemplateStackSet (Org-Wide Deployment)\n\n`CdkDiffIamTemplateStackSet` creates a CloudFormation StackSet template for deploying GitHub OIDC provider, OIDC role, and CDK diff/drift IAM roles across an entire AWS Organization. This is the recommended approach for organizations that want to enable CDK diff/drift workflows across multiple accounts.\n\n### Architecture\n\nEach account in your organization gets:\n- **GitHub OIDC Provider** — Authenticates GitHub Actions workflows\n- **GitHubOIDCRole** — Trusts the OIDC provider with repo/branch restrictions\n- **CdkChangesetRole** — For PR change set previews (trusts GitHubOIDCRole)\n- **CdkDriftRole** — For drift detection (trusts GitHubOIDCRole)\n\nThis is a self-contained deployment with **no role chaining required**.\n\n### With Projen\n\n```ts\nimport { awscdk } from 'projen';\nimport { CdkDiffIamTemplateStackSet } from '@jjrawlins/cdk-diff-pr-github-action';\n\nconst project = new awscdk.AwsCdkConstructLibrary({ /* ... */ });\n\nnew CdkDiffIamTemplateStackSet({\n project,\n githubOidc: {\n owner: 'my-org', // GitHub org or username\n repositories: ['infra-repo', 'app-repo'], // Repos allowed to assume roles\n branches: ['main', 'release/*'], // Branch patterns (default: ['*'])\n },\n targetOrganizationalUnitIds: ['ou-xxxx-xxxxxxxx'], // Target OUs\n regions: ['us-east-1', 'eu-west-1'], // Target regions\n // Optional settings:\n // oidcRoleName: 'GitHubOIDCRole', // default\n // changesetRoleName: 'CdkChangesetRole', // default\n // driftRoleName: 'CdkDriftRole', // default\n // roleSelection: StackSetRoleSelection.BOTH, // BOTH, CHANGESET_ONLY, or DRIFT_ONLY\n // delegatedAdmin: true, // Use --call-as DELEGATED_ADMIN (default: true)\n});\n\nproject.synth();\n```\n\nThis creates:\n- `cdk-diff-workflow-stackset-template.yaml` — CloudFormation template\n- Projen tasks for StackSet management\n\n**Projen tasks:**\n```bash\nnpx projen stackset-create # Create the StackSet\nnpx projen stackset-update # Update the StackSet template\nnpx projen stackset-deploy-instances # Deploy to target OUs/regions\nnpx projen stackset-delete-instances # Remove stack instances\nnpx projen stackset-delete # Delete the StackSet\nnpx projen stackset-describe # Show StackSet status\nnpx projen stackset-list-instances # List all instances\n```\n\n### Without Projen (Standalone Generator)\n\nFor non-Projen projects, use `CdkDiffIamTemplateStackSetGenerator` directly:\n\n```ts\nimport {\n CdkDiffIamTemplateStackSetGenerator\n} from '@jjrawlins/cdk-diff-pr-github-action';\nimport * as fs from 'fs';\n\n// Generate the CloudFormation template\nconst template = CdkDiffIamTemplateStackSetGenerator.generateTemplate({\n githubOidc: {\n owner: 'my-org',\n repositories: ['infra-repo'],\n branches: ['main'],\n },\n});\n\n// Write to file\nfs.writeFileSync('stackset-template.yaml', template);\n\n// Get AWS CLI commands for StackSet operations\nconst commands = CdkDiffIamTemplateStackSetGenerator.generateCommands({\n stackSetName: 'cdk-diff-workflow-iam-stackset',\n templatePath: 'stackset-template.yaml',\n targetOrganizationalUnitIds: ['ou-xxxx-xxxxxxxx'],\n regions: ['us-east-1'],\n});\n\nconsole.log('Create StackSet:', commands['stackset-create']);\nconsole.log('Deploy instances:', commands['stackset-deploy-instances']);\n```\n\n### GitHub Actions Workflow (Simplified)\n\nWith per-account OIDC, your workflow is simplified — no role chaining needed:\n\n```yaml\njobs:\n diff:\n runs-on: ubuntu-latest\n permissions:\n id-token: write\n contents: read\n steps:\n - uses: actions/checkout@v4\n\n - uses: aws-actions/configure-aws-credentials@v4\n with:\n role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/GitHubOIDCRole\n aws-region: us-east-1\n\n - name: Assume Changeset Role\n run: |\n CREDS=$(aws sts assume-role \\\n --role-arn arn:aws:iam::${{ env.ACCOUNT_ID }}:role/CdkChangesetRole \\\n --role-session-name changeset-session)\n # Export credentials...\n```\n\n### GitHubOidcConfig options\n\n| Property | Description |\n|----------|-------------|\n| `owner` | GitHub organization or username (required) |\n| `repositories` | Array of repo names, or `['*']` for all repos (required) |\n| `branches` | Array of branch patterns (default: `['*']`) |\n| `additionalClaims` | Extra OIDC claims like `['pull_request', 'environment:production']` |\n\n---\n\n## Testing\n\nThis repository includes Jest tests that snapshot the synthesized outputs from Projen and assert that:\n- Diff workflows are created per stack and contain all expected steps.\n- Drift detection workflow produces one job per stack and a summary job.\n- Only one helper script file is generated per workflow type.\n- Per‑stack OIDC overrides (where supported) are respected.\n- Helpful validation errors are thrown for missing OIDC settings.\n- The IAM template files contain the expected resources and outputs.\n\nRun tests with:\n\n```bash\nyarn test\n```\n\n## Notes\n- This package assumes your repository is configured with GitHub Actions and that you have a GitHub OIDC role configured in AWS.\n- The generated scripts use the AWS SDK v3 for CloudFormation and, where applicable, the GitHub REST API.\n"
3553
3553
  },
3554
3554
  "repository": {
3555
3555
  "type": "git",
@@ -3565,7 +3565,9 @@
3565
3565
  "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplate": {
3566
3566
  "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3567
3567
  "docs": {
3568
- "stability": "experimental"
3568
+ "remarks": "For non-Projen projects, use `CdkDiffIamTemplateGenerator` directly.",
3569
+ "stability": "experimental",
3570
+ "summary": "Projen construct that emits a CloudFormation template with minimal IAM permissions for the CDK Diff Stack Workflow."
3569
3571
  },
3570
3572
  "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplate",
3571
3573
  "initializer": {
@@ -3574,7 +3576,7 @@
3574
3576
  },
3575
3577
  "locationInModule": {
3576
3578
  "filename": "src/CdkDiffIamTemplate.ts",
3577
- "line": 12
3579
+ "line": 132
3578
3580
  },
3579
3581
  "parameters": [
3580
3582
  {
@@ -3588,36 +3590,493 @@
3588
3590
  "kind": "class",
3589
3591
  "locationInModule": {
3590
3592
  "filename": "src/CdkDiffIamTemplate.ts",
3591
- "line": 11
3593
+ "line": 131
3592
3594
  },
3593
3595
  "name": "CdkDiffIamTemplate",
3594
3596
  "symbolId": "src/CdkDiffIamTemplate:CdkDiffIamTemplate"
3595
3597
  },
3596
- "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateProps": {
3598
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator": {
3599
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3600
+ "docs": {
3601
+ "remarks": "No Projen dependency - can be used in any project.",
3602
+ "stability": "experimental",
3603
+ "summary": "Pure generator class for CDK Diff IAM templates."
3604
+ },
3605
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator",
3606
+ "initializer": {
3607
+ "docs": {
3608
+ "stability": "experimental"
3609
+ }
3610
+ },
3611
+ "kind": "class",
3612
+ "locationInModule": {
3613
+ "filename": "src/CdkDiffIamTemplate.ts",
3614
+ "line": 19
3615
+ },
3616
+ "methods": [
3617
+ {
3618
+ "docs": {
3619
+ "stability": "experimental",
3620
+ "summary": "Generate the AWS CLI deploy command for the IAM template."
3621
+ },
3622
+ "locationInModule": {
3623
+ "filename": "src/CdkDiffIamTemplate.ts",
3624
+ "line": 110
3625
+ },
3626
+ "name": "generateDeployCommand",
3627
+ "parameters": [
3628
+ {
3629
+ "name": "templatePath",
3630
+ "optional": true,
3631
+ "type": {
3632
+ "primitive": "string"
3633
+ }
3634
+ }
3635
+ ],
3636
+ "returns": {
3637
+ "type": {
3638
+ "primitive": "string"
3639
+ }
3640
+ },
3641
+ "static": true
3642
+ },
3643
+ {
3644
+ "docs": {
3645
+ "stability": "experimental",
3646
+ "summary": "Generate the CloudFormation IAM template as a YAML string."
3647
+ },
3648
+ "locationInModule": {
3649
+ "filename": "src/CdkDiffIamTemplate.ts",
3650
+ "line": 23
3651
+ },
3652
+ "name": "generateTemplate",
3653
+ "parameters": [
3654
+ {
3655
+ "name": "props",
3656
+ "type": {
3657
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGeneratorProps"
3658
+ }
3659
+ }
3660
+ ],
3661
+ "returns": {
3662
+ "type": {
3663
+ "primitive": "string"
3664
+ }
3665
+ },
3666
+ "static": true
3667
+ }
3668
+ ],
3669
+ "name": "CdkDiffIamTemplateGenerator",
3670
+ "symbolId": "src/CdkDiffIamTemplate:CdkDiffIamTemplateGenerator"
3671
+ },
3672
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGeneratorProps": {
3673
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3674
+ "datatype": true,
3675
+ "docs": {
3676
+ "stability": "experimental",
3677
+ "summary": "Props for generating CDK Diff IAM templates (no Projen dependency)."
3678
+ },
3679
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGeneratorProps",
3680
+ "kind": "interface",
3681
+ "locationInModule": {
3682
+ "filename": "src/CdkDiffIamTemplate.ts",
3683
+ "line": 6
3684
+ },
3685
+ "name": "CdkDiffIamTemplateGeneratorProps",
3686
+ "properties": [
3687
+ {
3688
+ "abstract": true,
3689
+ "docs": {
3690
+ "stability": "experimental",
3691
+ "summary": "Region for the OIDC trust condition."
3692
+ },
3693
+ "immutable": true,
3694
+ "locationInModule": {
3695
+ "filename": "src/CdkDiffIamTemplate.ts",
3696
+ "line": 12
3697
+ },
3698
+ "name": "oidcRegion",
3699
+ "type": {
3700
+ "primitive": "string"
3701
+ }
3702
+ },
3703
+ {
3704
+ "abstract": true,
3705
+ "docs": {
3706
+ "stability": "experimental",
3707
+ "summary": "ARN of the existing GitHub OIDC role that can assume this changeset role."
3708
+ },
3709
+ "immutable": true,
3710
+ "locationInModule": {
3711
+ "filename": "src/CdkDiffIamTemplate.ts",
3712
+ "line": 10
3713
+ },
3714
+ "name": "oidcRoleArn",
3715
+ "type": {
3716
+ "primitive": "string"
3717
+ }
3718
+ },
3719
+ {
3720
+ "abstract": true,
3721
+ "docs": {
3722
+ "stability": "experimental",
3723
+ "summary": "Name for the IAM role."
3724
+ },
3725
+ "immutable": true,
3726
+ "locationInModule": {
3727
+ "filename": "src/CdkDiffIamTemplate.ts",
3728
+ "line": 8
3729
+ },
3730
+ "name": "roleName",
3731
+ "type": {
3732
+ "primitive": "string"
3733
+ }
3734
+ }
3735
+ ],
3736
+ "symbolId": "src/CdkDiffIamTemplate:CdkDiffIamTemplateGeneratorProps"
3737
+ },
3738
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateProps": {
3739
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3740
+ "datatype": true,
3741
+ "docs": {
3742
+ "stability": "experimental",
3743
+ "summary": "Props for the Projen-integrated CDK Diff IAM template construct."
3744
+ },
3745
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateProps",
3746
+ "interfaces": [
3747
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGeneratorProps"
3748
+ ],
3749
+ "kind": "interface",
3750
+ "locationInModule": {
3751
+ "filename": "src/CdkDiffIamTemplate.ts",
3752
+ "line": 118
3753
+ },
3754
+ "name": "CdkDiffIamTemplateProps",
3755
+ "properties": [
3756
+ {
3757
+ "abstract": true,
3758
+ "docs": {
3759
+ "stability": "experimental",
3760
+ "summary": "Projen project instance."
3761
+ },
3762
+ "immutable": true,
3763
+ "locationInModule": {
3764
+ "filename": "src/CdkDiffIamTemplate.ts",
3765
+ "line": 120
3766
+ },
3767
+ "name": "project",
3768
+ "type": {
3769
+ "primitive": "any"
3770
+ }
3771
+ },
3772
+ {
3773
+ "abstract": true,
3774
+ "docs": {
3775
+ "stability": "experimental",
3776
+ "summary": "Output path for the template file (default: 'cdk-diff-workflow-iam-template.yaml')."
3777
+ },
3778
+ "immutable": true,
3779
+ "locationInModule": {
3780
+ "filename": "src/CdkDiffIamTemplate.ts",
3781
+ "line": 122
3782
+ },
3783
+ "name": "outputPath",
3784
+ "optional": true,
3785
+ "type": {
3786
+ "primitive": "string"
3787
+ }
3788
+ }
3789
+ ],
3790
+ "symbolId": "src/CdkDiffIamTemplate:CdkDiffIamTemplateProps"
3791
+ },
3792
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSet": {
3793
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3794
+ "docs": {
3795
+ "remarks": "This provides a self-contained per-account deployment with no role chaining required.\n\nFor non-Projen projects, use `CdkDiffIamTemplateStackSetGenerator` directly.",
3796
+ "stability": "experimental",
3797
+ "summary": "Projen construct that creates a CloudFormation StackSet template for org-wide deployment of GitHub OIDC provider, OIDC role, and CDK Diff/Drift IAM roles."
3798
+ },
3799
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSet",
3800
+ "initializer": {
3801
+ "docs": {
3802
+ "stability": "experimental"
3803
+ },
3804
+ "locationInModule": {
3805
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3806
+ "line": 526
3807
+ },
3808
+ "parameters": [
3809
+ {
3810
+ "name": "props",
3811
+ "type": {
3812
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetProps"
3813
+ }
3814
+ }
3815
+ ]
3816
+ },
3817
+ "kind": "class",
3818
+ "locationInModule": {
3819
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3820
+ "line": 525
3821
+ },
3822
+ "name": "CdkDiffIamTemplateStackSet",
3823
+ "symbolId": "src/CdkDiffIamTemplateStackSet:CdkDiffIamTemplateStackSet"
3824
+ },
3825
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetCommandsProps": {
3826
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3827
+ "datatype": true,
3828
+ "docs": {
3829
+ "stability": "experimental",
3830
+ "summary": "Props for generating StackSet CLI commands (no Projen dependency)."
3831
+ },
3832
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetCommandsProps",
3833
+ "kind": "interface",
3834
+ "locationInModule": {
3835
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3836
+ "line": 87
3837
+ },
3838
+ "name": "CdkDiffIamTemplateStackSetCommandsProps",
3839
+ "properties": [
3840
+ {
3841
+ "abstract": true,
3842
+ "docs": {
3843
+ "stability": "experimental",
3844
+ "summary": "Auto-deployment configuration."
3845
+ },
3846
+ "immutable": true,
3847
+ "locationInModule": {
3848
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3849
+ "line": 101
3850
+ },
3851
+ "name": "autoDeployment",
3852
+ "optional": true,
3853
+ "type": {
3854
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.StackSetAutoDeployment"
3855
+ }
3856
+ },
3857
+ {
3858
+ "abstract": true,
3859
+ "docs": {
3860
+ "remarks": "If true, adds --call-as DELEGATED_ADMIN to commands.\nDefault: true",
3861
+ "stability": "experimental",
3862
+ "summary": "Whether to use delegated admin mode for StackSet operations."
3863
+ },
3864
+ "immutable": true,
3865
+ "locationInModule": {
3866
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3867
+ "line": 108
3868
+ },
3869
+ "name": "delegatedAdmin",
3870
+ "optional": true,
3871
+ "type": {
3872
+ "primitive": "boolean"
3873
+ }
3874
+ },
3875
+ {
3876
+ "abstract": true,
3877
+ "docs": {
3878
+ "stability": "experimental",
3879
+ "summary": "Target regions for deployment (e.g., ['us-east-1', 'eu-west-1'])."
3880
+ },
3881
+ "immutable": true,
3882
+ "locationInModule": {
3883
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3884
+ "line": 98
3885
+ },
3886
+ "name": "regions",
3887
+ "optional": true,
3888
+ "type": {
3889
+ "collection": {
3890
+ "elementtype": {
3891
+ "primitive": "string"
3892
+ },
3893
+ "kind": "array"
3894
+ }
3895
+ }
3896
+ },
3897
+ {
3898
+ "abstract": true,
3899
+ "docs": {
3900
+ "stability": "experimental",
3901
+ "summary": "Name of the StackSet (default: 'cdk-diff-workflow-iam-stackset')."
3902
+ },
3903
+ "immutable": true,
3904
+ "locationInModule": {
3905
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3906
+ "line": 89
3907
+ },
3908
+ "name": "stackSetName",
3909
+ "optional": true,
3910
+ "type": {
3911
+ "primitive": "string"
3912
+ }
3913
+ },
3914
+ {
3915
+ "abstract": true,
3916
+ "docs": {
3917
+ "stability": "experimental",
3918
+ "summary": "Target OUs for deployment (e.g., ['ou-xxxx-xxxxxxxx', 'r-xxxx'])."
3919
+ },
3920
+ "immutable": true,
3921
+ "locationInModule": {
3922
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3923
+ "line": 95
3924
+ },
3925
+ "name": "targetOrganizationalUnitIds",
3926
+ "optional": true,
3927
+ "type": {
3928
+ "collection": {
3929
+ "elementtype": {
3930
+ "primitive": "string"
3931
+ },
3932
+ "kind": "array"
3933
+ }
3934
+ }
3935
+ },
3936
+ {
3937
+ "abstract": true,
3938
+ "docs": {
3939
+ "stability": "experimental",
3940
+ "summary": "Path to the template file (default: 'cdk-diff-workflow-stackset-template.yaml')."
3941
+ },
3942
+ "immutable": true,
3943
+ "locationInModule": {
3944
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3945
+ "line": 92
3946
+ },
3947
+ "name": "templatePath",
3948
+ "optional": true,
3949
+ "type": {
3950
+ "primitive": "string"
3951
+ }
3952
+ }
3953
+ ],
3954
+ "symbolId": "src/CdkDiffIamTemplateStackSet:CdkDiffIamTemplateStackSetCommandsProps"
3955
+ },
3956
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGenerator": {
3957
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3958
+ "docs": {
3959
+ "remarks": "No Projen dependency - can be used in any project.",
3960
+ "stability": "experimental",
3961
+ "summary": "Pure generator class for StackSet templates and commands."
3962
+ },
3963
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGenerator",
3964
+ "initializer": {
3965
+ "docs": {
3966
+ "stability": "experimental"
3967
+ }
3968
+ },
3969
+ "kind": "class",
3970
+ "locationInModule": {
3971
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3972
+ "line": 115
3973
+ },
3974
+ "methods": [
3975
+ {
3976
+ "docs": {
3977
+ "remarks": "Returns a map of command names to shell commands.",
3978
+ "stability": "experimental",
3979
+ "summary": "Generate AWS CLI commands for StackSet operations."
3980
+ },
3981
+ "locationInModule": {
3982
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
3983
+ "line": 143
3984
+ },
3985
+ "name": "generateCommands",
3986
+ "parameters": [
3987
+ {
3988
+ "name": "props",
3989
+ "optional": true,
3990
+ "type": {
3991
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetCommandsProps"
3992
+ }
3993
+ }
3994
+ ],
3995
+ "returns": {
3996
+ "type": {
3997
+ "collection": {
3998
+ "elementtype": {
3999
+ "primitive": "string"
4000
+ },
4001
+ "kind": "map"
4002
+ }
4003
+ }
4004
+ },
4005
+ "static": true
4006
+ },
4007
+ {
4008
+ "docs": {
4009
+ "stability": "experimental",
4010
+ "summary": "Generate the CloudFormation StackSet template as a YAML string."
4011
+ },
4012
+ "locationInModule": {
4013
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4014
+ "line": 119
4015
+ },
4016
+ "name": "generateTemplate",
4017
+ "parameters": [
4018
+ {
4019
+ "name": "props",
4020
+ "type": {
4021
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGeneratorProps"
4022
+ }
4023
+ }
4024
+ ],
4025
+ "returns": {
4026
+ "type": {
4027
+ "primitive": "string"
4028
+ }
4029
+ },
4030
+ "static": true
4031
+ }
4032
+ ],
4033
+ "name": "CdkDiffIamTemplateStackSetGenerator",
4034
+ "symbolId": "src/CdkDiffIamTemplateStackSet:CdkDiffIamTemplateStackSetGenerator"
4035
+ },
4036
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGeneratorProps": {
3597
4037
  "assembly": "@jjrawlins/cdk-diff-pr-github-action",
3598
4038
  "datatype": true,
3599
4039
  "docs": {
3600
- "stability": "experimental"
4040
+ "stability": "experimental",
4041
+ "summary": "Props for generating StackSet templates (no Projen dependency)."
3601
4042
  },
3602
- "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateProps",
4043
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGeneratorProps",
3603
4044
  "kind": "interface",
3604
4045
  "locationInModule": {
3605
- "filename": "src/CdkDiffIamTemplate.ts",
3606
- "line": 3
4046
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4047
+ "line": 56
3607
4048
  },
3608
- "name": "CdkDiffIamTemplateProps",
4049
+ "name": "CdkDiffIamTemplateStackSetGeneratorProps",
3609
4050
  "properties": [
3610
4051
  {
3611
4052
  "abstract": true,
3612
4053
  "docs": {
3613
- "stability": "experimental"
4054
+ "stability": "experimental",
4055
+ "summary": "GitHub OIDC configuration for repo/branch restrictions."
3614
4056
  },
3615
4057
  "immutable": true,
3616
4058
  "locationInModule": {
3617
- "filename": "src/CdkDiffIamTemplate.ts",
3618
- "line": 8
4059
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4060
+ "line": 58
3619
4061
  },
3620
- "name": "oidcRegion",
4062
+ "name": "githubOidc",
4063
+ "type": {
4064
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.GitHubOidcConfig"
4065
+ }
4066
+ },
4067
+ {
4068
+ "abstract": true,
4069
+ "docs": {
4070
+ "stability": "experimental",
4071
+ "summary": "Name of the CdkChangesetRole (default: 'CdkChangesetRole')."
4072
+ },
4073
+ "immutable": true,
4074
+ "locationInModule": {
4075
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4076
+ "line": 64
4077
+ },
4078
+ "name": "changesetRoleName",
4079
+ "optional": true,
3621
4080
  "type": {
3622
4081
  "primitive": "string"
3623
4082
  }
@@ -3625,14 +4084,16 @@
3625
4084
  {
3626
4085
  "abstract": true,
3627
4086
  "docs": {
3628
- "stability": "experimental"
4087
+ "stability": "experimental",
4088
+ "summary": "Description for the StackSet."
3629
4089
  },
3630
4090
  "immutable": true,
3631
4091
  "locationInModule": {
3632
- "filename": "src/CdkDiffIamTemplate.ts",
3633
- "line": 7
4092
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4093
+ "line": 73
3634
4094
  },
3635
- "name": "oidcRoleArn",
4095
+ "name": "description",
4096
+ "optional": true,
3636
4097
  "type": {
3637
4098
  "primitive": "string"
3638
4099
  }
@@ -3640,12 +4101,103 @@
3640
4101
  {
3641
4102
  "abstract": true,
3642
4103
  "docs": {
3643
- "stability": "experimental"
4104
+ "stability": "experimental",
4105
+ "summary": "Name of the CdkDriftRole (default: 'CdkDriftRole')."
3644
4106
  },
3645
4107
  "immutable": true,
3646
4108
  "locationInModule": {
3647
- "filename": "src/CdkDiffIamTemplate.ts",
3648
- "line": 4
4109
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4110
+ "line": 67
4111
+ },
4112
+ "name": "driftRoleName",
4113
+ "optional": true,
4114
+ "type": {
4115
+ "primitive": "string"
4116
+ }
4117
+ },
4118
+ {
4119
+ "abstract": true,
4120
+ "docs": {
4121
+ "stability": "experimental",
4122
+ "summary": "Name of the GitHub OIDC role (default: 'GitHubOIDCRole')."
4123
+ },
4124
+ "immutable": true,
4125
+ "locationInModule": {
4126
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4127
+ "line": 61
4128
+ },
4129
+ "name": "oidcRoleName",
4130
+ "optional": true,
4131
+ "type": {
4132
+ "primitive": "string"
4133
+ }
4134
+ },
4135
+ {
4136
+ "abstract": true,
4137
+ "docs": {
4138
+ "stability": "experimental",
4139
+ "summary": "Which roles to include (default: BOTH)."
4140
+ },
4141
+ "immutable": true,
4142
+ "locationInModule": {
4143
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4144
+ "line": 70
4145
+ },
4146
+ "name": "roleSelection",
4147
+ "optional": true,
4148
+ "type": {
4149
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.StackSetRoleSelection"
4150
+ }
4151
+ },
4152
+ {
4153
+ "abstract": true,
4154
+ "docs": {
4155
+ "remarks": "Set to true if accounts already have a GitHub OIDC provider.\nThe template will reference the existing provider by ARN.\nDefault: false",
4156
+ "stability": "experimental",
4157
+ "summary": "Skip creating the OIDC provider (use existing one)."
4158
+ },
4159
+ "immutable": true,
4160
+ "locationInModule": {
4161
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4162
+ "line": 81
4163
+ },
4164
+ "name": "skipOidcProviderCreation",
4165
+ "optional": true,
4166
+ "type": {
4167
+ "primitive": "boolean"
4168
+ }
4169
+ }
4170
+ ],
4171
+ "symbolId": "src/CdkDiffIamTemplateStackSet:CdkDiffIamTemplateStackSetGeneratorProps"
4172
+ },
4173
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetProps": {
4174
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
4175
+ "datatype": true,
4176
+ "docs": {
4177
+ "stability": "experimental",
4178
+ "summary": "Props for the Projen-integrated StackSet construct."
4179
+ },
4180
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetProps",
4181
+ "interfaces": [
4182
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGeneratorProps"
4183
+ ],
4184
+ "kind": "interface",
4185
+ "locationInModule": {
4186
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4187
+ "line": 489
4188
+ },
4189
+ "name": "CdkDiffIamTemplateStackSetProps",
4190
+ "properties": [
4191
+ {
4192
+ "abstract": true,
4193
+ "docs": {
4194
+ "stability": "experimental",
4195
+ "summary": "Projen project instance."
4196
+ },
4197
+ "immutable": true,
4198
+ "locationInModule": {
4199
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4200
+ "line": 491
3649
4201
  },
3650
4202
  "name": "project",
3651
4203
  "type": {
@@ -3655,36 +4207,118 @@
3655
4207
  {
3656
4208
  "abstract": true,
3657
4209
  "docs": {
3658
- "stability": "experimental"
4210
+ "stability": "experimental",
4211
+ "summary": "Auto-deployment configuration."
3659
4212
  },
3660
4213
  "immutable": true,
3661
4214
  "locationInModule": {
3662
- "filename": "src/CdkDiffIamTemplate.ts",
3663
- "line": 5
4215
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4216
+ "line": 506
3664
4217
  },
3665
- "name": "roleName",
4218
+ "name": "autoDeployment",
4219
+ "optional": true,
3666
4220
  "type": {
3667
- "primitive": "string"
4221
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.StackSetAutoDeployment"
3668
4222
  }
3669
4223
  },
3670
4224
  {
3671
4225
  "abstract": true,
3672
4226
  "docs": {
3673
- "stability": "experimental"
4227
+ "remarks": "If true, adds --call-as DELEGATED_ADMIN to commands.\nIf false, assumes running from the management account.\nDefault: true",
4228
+ "stability": "experimental",
4229
+ "summary": "Whether to use delegated admin mode for StackSet operations."
3674
4230
  },
3675
4231
  "immutable": true,
3676
4232
  "locationInModule": {
3677
- "filename": "src/CdkDiffIamTemplate.ts",
3678
- "line": 6
4233
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4234
+ "line": 514
4235
+ },
4236
+ "name": "delegatedAdmin",
4237
+ "optional": true,
4238
+ "type": {
4239
+ "primitive": "boolean"
4240
+ }
4241
+ },
4242
+ {
4243
+ "abstract": true,
4244
+ "docs": {
4245
+ "stability": "experimental",
4246
+ "summary": "Output path for the template file (default: 'cdk-diff-workflow-stackset-template.yaml')."
4247
+ },
4248
+ "immutable": true,
4249
+ "locationInModule": {
4250
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4251
+ "line": 497
3679
4252
  },
3680
4253
  "name": "outputPath",
3681
4254
  "optional": true,
3682
4255
  "type": {
3683
4256
  "primitive": "string"
3684
4257
  }
4258
+ },
4259
+ {
4260
+ "abstract": true,
4261
+ "docs": {
4262
+ "stability": "experimental",
4263
+ "summary": "Target regions for deployment (e.g., ['us-east-1', 'eu-west-1'])."
4264
+ },
4265
+ "immutable": true,
4266
+ "locationInModule": {
4267
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4268
+ "line": 503
4269
+ },
4270
+ "name": "regions",
4271
+ "optional": true,
4272
+ "type": {
4273
+ "collection": {
4274
+ "elementtype": {
4275
+ "primitive": "string"
4276
+ },
4277
+ "kind": "array"
4278
+ }
4279
+ }
4280
+ },
4281
+ {
4282
+ "abstract": true,
4283
+ "docs": {
4284
+ "stability": "experimental",
4285
+ "summary": "Name of the StackSet (default: 'cdk-diff-workflow-iam-stackset')."
4286
+ },
4287
+ "immutable": true,
4288
+ "locationInModule": {
4289
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4290
+ "line": 494
4291
+ },
4292
+ "name": "stackSetName",
4293
+ "optional": true,
4294
+ "type": {
4295
+ "primitive": "string"
4296
+ }
4297
+ },
4298
+ {
4299
+ "abstract": true,
4300
+ "docs": {
4301
+ "stability": "experimental",
4302
+ "summary": "Target OUs for deployment (e.g., ['ou-xxxx-xxxxxxxx', 'r-xxxx'])."
4303
+ },
4304
+ "immutable": true,
4305
+ "locationInModule": {
4306
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
4307
+ "line": 500
4308
+ },
4309
+ "name": "targetOrganizationalUnitIds",
4310
+ "optional": true,
4311
+ "type": {
4312
+ "collection": {
4313
+ "elementtype": {
4314
+ "primitive": "string"
4315
+ },
4316
+ "kind": "array"
4317
+ }
4318
+ }
3685
4319
  }
3686
4320
  ],
3687
- "symbolId": "src/CdkDiffIamTemplate:CdkDiffIamTemplateProps"
4321
+ "symbolId": "src/CdkDiffIamTemplateStackSet:CdkDiffIamTemplateStackSetProps"
3688
4322
  },
3689
4323
  "@jjrawlins/cdk-diff-pr-github-action.CdkDiffStack": {
3690
4324
  "assembly": "@jjrawlins/cdk-diff-pr-github-action",
@@ -3833,11 +4467,11 @@
3833
4467
  "immutable": true,
3834
4468
  "locationInModule": {
3835
4469
  "filename": "src/CdkDiffStackWorkflow.ts",
3836
- "line": 21
4470
+ "line": 18
3837
4471
  },
3838
- "name": "oidcRegion",
4472
+ "name": "project",
3839
4473
  "type": {
3840
- "primitive": "string"
4474
+ "primitive": "any"
3841
4475
  }
3842
4476
  },
3843
4477
  {
@@ -3848,11 +4482,16 @@
3848
4482
  "immutable": true,
3849
4483
  "locationInModule": {
3850
4484
  "filename": "src/CdkDiffStackWorkflow.ts",
3851
- "line": 20
4485
+ "line": 19
3852
4486
  },
3853
- "name": "oidcRoleArn",
4487
+ "name": "stacks",
3854
4488
  "type": {
3855
- "primitive": "string"
4489
+ "collection": {
4490
+ "elementtype": {
4491
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffStack"
4492
+ },
4493
+ "kind": "array"
4494
+ }
3856
4495
  }
3857
4496
  },
3858
4497
  {
@@ -3863,11 +4502,12 @@
3863
4502
  "immutable": true,
3864
4503
  "locationInModule": {
3865
4504
  "filename": "src/CdkDiffStackWorkflow.ts",
3866
- "line": 18
4505
+ "line": 23
3867
4506
  },
3868
- "name": "project",
4507
+ "name": "cdkYarnCommand",
4508
+ "optional": true,
3869
4509
  "type": {
3870
- "primitive": "any"
4510
+ "primitive": "string"
3871
4511
  }
3872
4512
  },
3873
4513
  {
@@ -3878,16 +4518,12 @@
3878
4518
  "immutable": true,
3879
4519
  "locationInModule": {
3880
4520
  "filename": "src/CdkDiffStackWorkflow.ts",
3881
- "line": 19
4521
+ "line": 22
3882
4522
  },
3883
- "name": "stacks",
4523
+ "name": "nodeVersion",
4524
+ "optional": true,
3884
4525
  "type": {
3885
- "collection": {
3886
- "elementtype": {
3887
- "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDiffStack"
3888
- },
3889
- "kind": "array"
3890
- }
4526
+ "primitive": "string"
3891
4527
  }
3892
4528
  },
3893
4529
  {
@@ -3898,9 +4534,9 @@
3898
4534
  "immutable": true,
3899
4535
  "locationInModule": {
3900
4536
  "filename": "src/CdkDiffStackWorkflow.ts",
3901
- "line": 23
4537
+ "line": 21
3902
4538
  },
3903
- "name": "cdkYarnCommand",
4539
+ "name": "oidcRegion",
3904
4540
  "optional": true,
3905
4541
  "type": {
3906
4542
  "primitive": "string"
@@ -3914,9 +4550,9 @@
3914
4550
  "immutable": true,
3915
4551
  "locationInModule": {
3916
4552
  "filename": "src/CdkDiffStackWorkflow.ts",
3917
- "line": 22
4553
+ "line": 20
3918
4554
  },
3919
- "name": "nodeVersion",
4555
+ "name": "oidcRoleArn",
3920
4556
  "optional": true,
3921
4557
  "type": {
3922
4558
  "primitive": "string"
@@ -3953,7 +4589,7 @@
3953
4589
  },
3954
4590
  "locationInModule": {
3955
4591
  "filename": "src/CdkDriftDetectionWorkflow.ts",
3956
- "line": 61
4592
+ "line": 63
3957
4593
  },
3958
4594
  "parameters": [
3959
4595
  {
@@ -3967,7 +4603,7 @@
3967
4603
  "kind": "class",
3968
4604
  "locationInModule": {
3969
4605
  "filename": "src/CdkDriftDetectionWorkflow.ts",
3970
- "line": 58
4606
+ "line": 60
3971
4607
  },
3972
4608
  "name": "CdkDriftDetectionWorkflow",
3973
4609
  "symbolId": "src/CdkDriftDetectionWorkflow:CdkDriftDetectionWorkflow"
@@ -3982,7 +4618,7 @@
3982
4618
  "kind": "interface",
3983
4619
  "locationInModule": {
3984
4620
  "filename": "src/CdkDriftDetectionWorkflow.ts",
3985
- "line": 19
4621
+ "line": 21
3986
4622
  },
3987
4623
  "name": "CdkDriftDetectionWorkflowProps",
3988
4624
  "properties": [
@@ -3994,11 +4630,11 @@
3994
4630
  "immutable": true,
3995
4631
  "locationInModule": {
3996
4632
  "filename": "src/CdkDriftDetectionWorkflow.ts",
3997
- "line": 26
4633
+ "line": 23
3998
4634
  },
3999
- "name": "oidcRegion",
4635
+ "name": "project",
4000
4636
  "type": {
4001
- "primitive": "string"
4637
+ "primitive": "any"
4002
4638
  }
4003
4639
  },
4004
4640
  {
@@ -4009,11 +4645,16 @@
4009
4645
  "immutable": true,
4010
4646
  "locationInModule": {
4011
4647
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4012
- "line": 25
4648
+ "line": 29
4013
4649
  },
4014
- "name": "oidcRoleArn",
4650
+ "name": "stacks",
4015
4651
  "type": {
4016
- "primitive": "string"
4652
+ "collection": {
4653
+ "elementtype": {
4654
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.Stack"
4655
+ },
4656
+ "kind": "array"
4657
+ }
4017
4658
  }
4018
4659
  },
4019
4660
  {
@@ -4024,11 +4665,12 @@
4024
4665
  "immutable": true,
4025
4666
  "locationInModule": {
4026
4667
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4027
- "line": 21
4668
+ "line": 26
4028
4669
  },
4029
- "name": "project",
4670
+ "name": "createIssues",
4671
+ "optional": true,
4030
4672
  "type": {
4031
- "primitive": "any"
4673
+ "primitive": "boolean"
4032
4674
  }
4033
4675
  },
4034
4676
  {
@@ -4039,16 +4681,12 @@
4039
4681
  "immutable": true,
4040
4682
  "locationInModule": {
4041
4683
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4042
- "line": 27
4684
+ "line": 30
4043
4685
  },
4044
- "name": "stacks",
4686
+ "name": "nodeVersion",
4687
+ "optional": true,
4045
4688
  "type": {
4046
- "collection": {
4047
- "elementtype": {
4048
- "fqn": "@jjrawlins/cdk-diff-pr-github-action.Stack"
4049
- },
4050
- "kind": "array"
4051
- }
4689
+ "primitive": "string"
4052
4690
  }
4053
4691
  },
4054
4692
  {
@@ -4059,12 +4697,12 @@
4059
4697
  "immutable": true,
4060
4698
  "locationInModule": {
4061
4699
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4062
- "line": 24
4700
+ "line": 28
4063
4701
  },
4064
- "name": "createIssues",
4702
+ "name": "oidcRegion",
4065
4703
  "optional": true,
4066
4704
  "type": {
4067
- "primitive": "boolean"
4705
+ "primitive": "string"
4068
4706
  }
4069
4707
  },
4070
4708
  {
@@ -4075,9 +4713,9 @@
4075
4713
  "immutable": true,
4076
4714
  "locationInModule": {
4077
4715
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4078
- "line": 28
4716
+ "line": 27
4079
4717
  },
4080
- "name": "nodeVersion",
4718
+ "name": "oidcRoleArn",
4081
4719
  "optional": true,
4082
4720
  "type": {
4083
4721
  "primitive": "string"
@@ -4093,7 +4731,7 @@
4093
4731
  "immutable": true,
4094
4732
  "locationInModule": {
4095
4733
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4096
- "line": 43
4734
+ "line": 45
4097
4735
  },
4098
4736
  "name": "postGitHubSteps",
4099
4737
  "optional": true,
@@ -4109,7 +4747,7 @@
4109
4747
  "immutable": true,
4110
4748
  "locationInModule": {
4111
4749
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4112
- "line": 23
4750
+ "line": 25
4113
4751
  },
4114
4752
  "name": "schedule",
4115
4753
  "optional": true,
@@ -4125,7 +4763,7 @@
4125
4763
  "immutable": true,
4126
4764
  "locationInModule": {
4127
4765
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4128
- "line": 20
4766
+ "line": 22
4129
4767
  },
4130
4768
  "name": "scriptOutputPath",
4131
4769
  "optional": true,
@@ -4141,7 +4779,7 @@
4141
4779
  "immutable": true,
4142
4780
  "locationInModule": {
4143
4781
  "filename": "src/CdkDriftDetectionWorkflow.ts",
4144
- "line": 22
4782
+ "line": 24
4145
4783
  },
4146
4784
  "name": "workflowName",
4147
4785
  "optional": true,
@@ -4155,7 +4793,9 @@
4155
4793
  "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplate": {
4156
4794
  "assembly": "@jjrawlins/cdk-diff-pr-github-action",
4157
4795
  "docs": {
4158
- "stability": "experimental"
4796
+ "remarks": "For non-Projen projects, use `CdkDriftIamTemplateGenerator` directly.",
4797
+ "stability": "experimental",
4798
+ "summary": "Projen construct that emits a CloudFormation template with minimal IAM permissions for the CDK Drift Detection Workflow."
4159
4799
  },
4160
4800
  "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplate",
4161
4801
  "initializer": {
@@ -4164,7 +4804,7 @@
4164
4804
  },
4165
4805
  "locationInModule": {
4166
4806
  "filename": "src/CdkDriftIamTemplate.ts",
4167
- "line": 12
4807
+ "line": 108
4168
4808
  },
4169
4809
  "parameters": [
4170
4810
  {
@@ -4178,34 +4818,110 @@
4178
4818
  "kind": "class",
4179
4819
  "locationInModule": {
4180
4820
  "filename": "src/CdkDriftIamTemplate.ts",
4181
- "line": 11
4821
+ "line": 107
4182
4822
  },
4183
4823
  "name": "CdkDriftIamTemplate",
4184
4824
  "symbolId": "src/CdkDriftIamTemplate:CdkDriftIamTemplate"
4185
4825
  },
4186
- "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateProps": {
4826
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateGenerator": {
4827
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
4828
+ "docs": {
4829
+ "remarks": "No Projen dependency - can be used in any project.",
4830
+ "stability": "experimental",
4831
+ "summary": "Pure generator class for CDK Drift IAM templates."
4832
+ },
4833
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateGenerator",
4834
+ "initializer": {
4835
+ "docs": {
4836
+ "stability": "experimental"
4837
+ }
4838
+ },
4839
+ "kind": "class",
4840
+ "locationInModule": {
4841
+ "filename": "src/CdkDriftIamTemplate.ts",
4842
+ "line": 19
4843
+ },
4844
+ "methods": [
4845
+ {
4846
+ "docs": {
4847
+ "stability": "experimental",
4848
+ "summary": "Generate the AWS CLI deploy command for the IAM template."
4849
+ },
4850
+ "locationInModule": {
4851
+ "filename": "src/CdkDriftIamTemplate.ts",
4852
+ "line": 86
4853
+ },
4854
+ "name": "generateDeployCommand",
4855
+ "parameters": [
4856
+ {
4857
+ "name": "templatePath",
4858
+ "optional": true,
4859
+ "type": {
4860
+ "primitive": "string"
4861
+ }
4862
+ }
4863
+ ],
4864
+ "returns": {
4865
+ "type": {
4866
+ "primitive": "string"
4867
+ }
4868
+ },
4869
+ "static": true
4870
+ },
4871
+ {
4872
+ "docs": {
4873
+ "stability": "experimental",
4874
+ "summary": "Generate the CloudFormation IAM template as a YAML string."
4875
+ },
4876
+ "locationInModule": {
4877
+ "filename": "src/CdkDriftIamTemplate.ts",
4878
+ "line": 23
4879
+ },
4880
+ "name": "generateTemplate",
4881
+ "parameters": [
4882
+ {
4883
+ "name": "props",
4884
+ "type": {
4885
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateGeneratorProps"
4886
+ }
4887
+ }
4888
+ ],
4889
+ "returns": {
4890
+ "type": {
4891
+ "primitive": "string"
4892
+ }
4893
+ },
4894
+ "static": true
4895
+ }
4896
+ ],
4897
+ "name": "CdkDriftIamTemplateGenerator",
4898
+ "symbolId": "src/CdkDriftIamTemplate:CdkDriftIamTemplateGenerator"
4899
+ },
4900
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateGeneratorProps": {
4187
4901
  "assembly": "@jjrawlins/cdk-diff-pr-github-action",
4188
4902
  "datatype": true,
4189
4903
  "docs": {
4190
- "stability": "experimental"
4904
+ "stability": "experimental",
4905
+ "summary": "Props for generating CDK Drift IAM templates (no Projen dependency)."
4191
4906
  },
4192
- "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateProps",
4907
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateGeneratorProps",
4193
4908
  "kind": "interface",
4194
4909
  "locationInModule": {
4195
4910
  "filename": "src/CdkDriftIamTemplate.ts",
4196
- "line": 3
4911
+ "line": 6
4197
4912
  },
4198
- "name": "CdkDriftIamTemplateProps",
4913
+ "name": "CdkDriftIamTemplateGeneratorProps",
4199
4914
  "properties": [
4200
4915
  {
4201
4916
  "abstract": true,
4202
4917
  "docs": {
4203
- "stability": "experimental"
4918
+ "stability": "experimental",
4919
+ "summary": "Region for the OIDC trust condition."
4204
4920
  },
4205
4921
  "immutable": true,
4206
4922
  "locationInModule": {
4207
4923
  "filename": "src/CdkDriftIamTemplate.ts",
4208
- "line": 8
4924
+ "line": 12
4209
4925
  },
4210
4926
  "name": "oidcRegion",
4211
4927
  "type": {
@@ -4215,12 +4931,13 @@
4215
4931
  {
4216
4932
  "abstract": true,
4217
4933
  "docs": {
4218
- "stability": "experimental"
4934
+ "stability": "experimental",
4935
+ "summary": "ARN of the existing GitHub OIDC role that can assume this drift role."
4219
4936
  },
4220
4937
  "immutable": true,
4221
4938
  "locationInModule": {
4222
4939
  "filename": "src/CdkDriftIamTemplate.ts",
4223
- "line": 7
4940
+ "line": 10
4224
4941
  },
4225
4942
  "name": "oidcRoleArn",
4226
4943
  "type": {
@@ -4230,42 +4947,66 @@
4230
4947
  {
4231
4948
  "abstract": true,
4232
4949
  "docs": {
4233
- "stability": "experimental"
4950
+ "stability": "experimental",
4951
+ "summary": "Name for the IAM role."
4234
4952
  },
4235
4953
  "immutable": true,
4236
4954
  "locationInModule": {
4237
4955
  "filename": "src/CdkDriftIamTemplate.ts",
4238
- "line": 4
4956
+ "line": 8
4239
4957
  },
4240
- "name": "project",
4958
+ "name": "roleName",
4241
4959
  "type": {
4242
- "primitive": "any"
4960
+ "primitive": "string"
4243
4961
  }
4244
- },
4962
+ }
4963
+ ],
4964
+ "symbolId": "src/CdkDriftIamTemplate:CdkDriftIamTemplateGeneratorProps"
4965
+ },
4966
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateProps": {
4967
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
4968
+ "datatype": true,
4969
+ "docs": {
4970
+ "stability": "experimental",
4971
+ "summary": "Props for the Projen-integrated CDK Drift IAM template construct."
4972
+ },
4973
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateProps",
4974
+ "interfaces": [
4975
+ "@jjrawlins/cdk-diff-pr-github-action.CdkDriftIamTemplateGeneratorProps"
4976
+ ],
4977
+ "kind": "interface",
4978
+ "locationInModule": {
4979
+ "filename": "src/CdkDriftIamTemplate.ts",
4980
+ "line": 94
4981
+ },
4982
+ "name": "CdkDriftIamTemplateProps",
4983
+ "properties": [
4245
4984
  {
4246
4985
  "abstract": true,
4247
4986
  "docs": {
4248
- "stability": "experimental"
4987
+ "stability": "experimental",
4988
+ "summary": "Projen project instance."
4249
4989
  },
4250
4990
  "immutable": true,
4251
4991
  "locationInModule": {
4252
4992
  "filename": "src/CdkDriftIamTemplate.ts",
4253
- "line": 5
4993
+ "line": 96
4254
4994
  },
4255
- "name": "roleName",
4995
+ "name": "project",
4256
4996
  "type": {
4257
- "primitive": "string"
4997
+ "primitive": "any"
4258
4998
  }
4259
4999
  },
4260
5000
  {
4261
5001
  "abstract": true,
4262
5002
  "docs": {
4263
- "stability": "experimental"
5003
+ "stability": "experimental",
5004
+ "summary": "Output path for the template file (default: 'cdk-drift-workflow-iam-template.yaml')."
4264
5005
  },
4265
5006
  "immutable": true,
4266
5007
  "locationInModule": {
4267
5008
  "filename": "src/CdkDriftIamTemplate.ts",
4268
- "line": 6
5009
+ "line": 98
4269
5010
  },
4270
5011
  "name": "outputPath",
4271
5012
  "optional": true,
@@ -4276,6 +5017,105 @@
4276
5017
  ],
4277
5018
  "symbolId": "src/CdkDriftIamTemplate:CdkDriftIamTemplateProps"
4278
5019
  },
5020
+ "@jjrawlins/cdk-diff-pr-github-action.GitHubOidcConfig": {
5021
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
5022
+ "datatype": true,
5023
+ "docs": {
5024
+ "stability": "experimental",
5025
+ "summary": "GitHub repository restrictions for OIDC authentication."
5026
+ },
5027
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.GitHubOidcConfig",
5028
+ "kind": "interface",
5029
+ "locationInModule": {
5030
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5031
+ "line": 28
5032
+ },
5033
+ "name": "GitHubOidcConfig",
5034
+ "properties": [
5035
+ {
5036
+ "abstract": true,
5037
+ "docs": {
5038
+ "stability": "experimental",
5039
+ "summary": "GitHub organization or username (e.g., 'my-org' or 'my-username')."
5040
+ },
5041
+ "immutable": true,
5042
+ "locationInModule": {
5043
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5044
+ "line": 32
5045
+ },
5046
+ "name": "owner",
5047
+ "type": {
5048
+ "primitive": "string"
5049
+ }
5050
+ },
5051
+ {
5052
+ "abstract": true,
5053
+ "docs": {
5054
+ "stability": "experimental",
5055
+ "summary": "Repository names allowed to assume the role (e.g., ['repo1', 'repo2']) Use ['*'] to allow all repos in the organization."
5056
+ },
5057
+ "immutable": true,
5058
+ "locationInModule": {
5059
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5060
+ "line": 38
5061
+ },
5062
+ "name": "repositories",
5063
+ "type": {
5064
+ "collection": {
5065
+ "elementtype": {
5066
+ "primitive": "string"
5067
+ },
5068
+ "kind": "array"
5069
+ }
5070
+ }
5071
+ },
5072
+ {
5073
+ "abstract": true,
5074
+ "docs": {
5075
+ "stability": "experimental",
5076
+ "summary": "Additional subject claims for fine-grained access e.g., ['pull_request', 'environment:production']."
5077
+ },
5078
+ "immutable": true,
5079
+ "locationInModule": {
5080
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5081
+ "line": 50
5082
+ },
5083
+ "name": "additionalClaims",
5084
+ "optional": true,
5085
+ "type": {
5086
+ "collection": {
5087
+ "elementtype": {
5088
+ "primitive": "string"
5089
+ },
5090
+ "kind": "array"
5091
+ }
5092
+ }
5093
+ },
5094
+ {
5095
+ "abstract": true,
5096
+ "docs": {
5097
+ "stability": "experimental",
5098
+ "summary": "Branch patterns allowed (e.g., ['main', 'release/*']) Default: ['*'] (all branches)."
5099
+ },
5100
+ "immutable": true,
5101
+ "locationInModule": {
5102
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5103
+ "line": 44
5104
+ },
5105
+ "name": "branches",
5106
+ "optional": true,
5107
+ "type": {
5108
+ "collection": {
5109
+ "elementtype": {
5110
+ "primitive": "string"
5111
+ },
5112
+ "kind": "array"
5113
+ }
5114
+ }
5115
+ }
5116
+ ],
5117
+ "symbolId": "src/CdkDiffIamTemplateStackSet:GitHubOidcConfig"
5118
+ },
4279
5119
  "@jjrawlins/cdk-diff-pr-github-action.Stack": {
4280
5120
  "assembly": "@jjrawlins/cdk-diff-pr-github-action",
4281
5121
  "datatype": true,
@@ -4350,11 +5190,133 @@
4350
5190
  "type": {
4351
5191
  "primitive": "boolean"
4352
5192
  }
5193
+ },
5194
+ {
5195
+ "abstract": true,
5196
+ "docs": {
5197
+ "stability": "experimental"
5198
+ },
5199
+ "immutable": true,
5200
+ "locationInModule": {
5201
+ "filename": "src/CdkDriftDetectionWorkflow.ts",
5202
+ "line": 18
5203
+ },
5204
+ "name": "oidcRegion",
5205
+ "optional": true,
5206
+ "type": {
5207
+ "primitive": "string"
5208
+ }
5209
+ },
5210
+ {
5211
+ "abstract": true,
5212
+ "docs": {
5213
+ "stability": "experimental"
5214
+ },
5215
+ "immutable": true,
5216
+ "locationInModule": {
5217
+ "filename": "src/CdkDriftDetectionWorkflow.ts",
5218
+ "line": 17
5219
+ },
5220
+ "name": "oidcRoleArn",
5221
+ "optional": true,
5222
+ "type": {
5223
+ "primitive": "string"
5224
+ }
4353
5225
  }
4354
5226
  ],
4355
5227
  "symbolId": "src/CdkDriftDetectionWorkflow:Stack"
5228
+ },
5229
+ "@jjrawlins/cdk-diff-pr-github-action.StackSetAutoDeployment": {
5230
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
5231
+ "datatype": true,
5232
+ "docs": {
5233
+ "stability": "experimental",
5234
+ "summary": "Configuration for StackSet auto-deployment."
5235
+ },
5236
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.StackSetAutoDeployment",
5237
+ "kind": "interface",
5238
+ "locationInModule": {
5239
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5240
+ "line": 18
5241
+ },
5242
+ "name": "StackSetAutoDeployment",
5243
+ "properties": [
5244
+ {
5245
+ "abstract": true,
5246
+ "docs": {
5247
+ "stability": "experimental",
5248
+ "summary": "Enable auto-deployment to new accounts in target OUs (default: true)."
5249
+ },
5250
+ "immutable": true,
5251
+ "locationInModule": {
5252
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5253
+ "line": 20
5254
+ },
5255
+ "name": "enabled",
5256
+ "optional": true,
5257
+ "type": {
5258
+ "primitive": "boolean"
5259
+ }
5260
+ },
5261
+ {
5262
+ "abstract": true,
5263
+ "docs": {
5264
+ "stability": "experimental",
5265
+ "summary": "Retain stacks when account leaves OU (default: false)."
5266
+ },
5267
+ "immutable": true,
5268
+ "locationInModule": {
5269
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5270
+ "line": 22
5271
+ },
5272
+ "name": "retainStacksOnAccountRemoval",
5273
+ "optional": true,
5274
+ "type": {
5275
+ "primitive": "boolean"
5276
+ }
5277
+ }
5278
+ ],
5279
+ "symbolId": "src/CdkDiffIamTemplateStackSet:StackSetAutoDeployment"
5280
+ },
5281
+ "@jjrawlins/cdk-diff-pr-github-action.StackSetRoleSelection": {
5282
+ "assembly": "@jjrawlins/cdk-diff-pr-github-action",
5283
+ "docs": {
5284
+ "stability": "experimental",
5285
+ "summary": "Which roles to include in the StackSet."
5286
+ },
5287
+ "fqn": "@jjrawlins/cdk-diff-pr-github-action.StackSetRoleSelection",
5288
+ "kind": "enum",
5289
+ "locationInModule": {
5290
+ "filename": "src/CdkDiffIamTemplateStackSet.ts",
5291
+ "line": 6
5292
+ },
5293
+ "members": [
5294
+ {
5295
+ "docs": {
5296
+ "stability": "experimental",
5297
+ "summary": "Include only the changeset role (CdkChangesetRole)."
5298
+ },
5299
+ "name": "CHANGESET_ONLY"
5300
+ },
5301
+ {
5302
+ "docs": {
5303
+ "stability": "experimental",
5304
+ "summary": "Include only the drift role (CdkDriftRole)."
5305
+ },
5306
+ "name": "DRIFT_ONLY"
5307
+ },
5308
+ {
5309
+ "docs": {
5310
+ "stability": "experimental",
5311
+ "summary": "Include both roles (default)."
5312
+ },
5313
+ "name": "BOTH"
5314
+ }
5315
+ ],
5316
+ "name": "StackSetRoleSelection",
5317
+ "symbolId": "src/CdkDiffIamTemplateStackSet:StackSetRoleSelection"
4356
5318
  }
4357
5319
  },
4358
- "version": "0.0.72",
4359
- "fingerprint": "WOeSrMNsE4tsIMyTo8iOq0QgIUj37Ow0yH7my4hROc0="
5320
+ "version": "1.1.0",
5321
+ "fingerprint": "zLOs0LRCmcOE27+rRcCD7+HfsdQTKvLx+BP17zKxqi0="
4360
5322
  }