@jjrawlins/cdk-diff-pr-github-action 1.5.7 → 1.7.0

package/.jsii

@@ -17,8 +17,7 @@
   },
   "dependencies": {
     "aws-cdk-lib": "^2.85.0",
-    "constructs": ">=10.0.5 <11.0.0",
-    "projen": "0.98.29"
+    "constructs": ">=10.0.5 <11.0.0"
   },
   "dependencyClosure": {
     "@aws-cdk/asset-awscli-v1": {
@@ -3481,47 +3480,6 @@
           "module": "constructs"
         }
       }
-    },
-    "projen": {
-      "submodules": {
-        "projen.awscdk": {},
-        "projen.build": {},
-        "projen.cdk": {},
-        "projen.cdk8s": {},
-        "projen.cdktf": {},
-        "projen.circleci": {},
-        "projen.github": {},
-        "projen.github.workflows": {},
-        "projen.gitlab": {},
-        "projen.java": {},
-        "projen.javascript": {},
-        "projen.javascript.biome_config": {},
-        "projen.python": {},
-        "projen.python.uvConfig": {},
-        "projen.release": {},
-        "projen.typescript": {},
-        "projen.vscode": {},
-        "projen.web": {}
-      },
-      "targets": {
-        "go": {
-          "moduleName": "github.com/projen/projen-go"
-        },
-        "java": {
-          "maven": {
-            "artifactId": "projen",
-            "groupId": "io.github.cdklabs"
-          },
-          "package": "io.github.cdklabs.projen"
-        },
-        "js": {
-          "npm": "projen"
-        },
-        "python": {
-          "distName": "projen",
-          "module": "projen"
-        }
-      }
     }
   },
   "description": "A GitHub Action that creates a CDK diff for a pull request.",
@@ -3557,8 +3515,20 @@
   },
   "schema": "jsii/0.10.0",
   "targets": {
+    "dotnet": {
+      "namespace": "JJRawlins.CdkDiffPrGithubAction",
+      "packageId": "JJRawlins.CdkDiffPrGithubAction"
+    },
+    "go": {
+      "moduleName": "github.com/JaysonRawlins/cdk-diff-pr-github-action",
+      "packageName": "cdkdiffprgithubaction"
+    },
     "js": {
       "npm": "@jjrawlins/cdk-diff-pr-github-action"
+    },
+    "python": {
+      "distName": "jjrawlins-cdk-diff-pr-github-action",
+      "module": "jjrawlins_cdk_diff_pr_github_action"
     }
   },
   "types": {
@@ -5393,6 +5363,6 @@
       "symbolId": "src/CdkDiffIamTemplateStackSet:StackSetRoleSelection"
     }
   },
-  "version": "1.5.7",
-  "fingerprint": "o7Ox19adrvBYuJxXAWnpT66JmRPe/XR5rN1K59Va3XY="
+  "version": "1.7.0",
+  "fingerprint": "G7v1ehT4wNtx+qXvKgJLHDSri8Ya1cTAMBXVzYSSaX0="
 }

package/cdkdiffprgithubaction/CdkDiffIamTemplate.go

@@ -0,0 +1,48 @@
+package cdkdiffprgithubaction
+
+import (
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+	_init_ "github.com/JaysonRawlins/cdk-diff-pr-github-action/cdkdiffprgithubaction/jsii"
+)
+
+// Projen construct that emits a CloudFormation template with minimal IAM permissions for the CDK Diff Stack Workflow.
+//
+// For non-Projen projects, use `CdkDiffIamTemplateGenerator` directly.
+// Experimental.
+type CdkDiffIamTemplate interface {
+}
+
+// The jsii proxy struct for CdkDiffIamTemplate
+type jsiiProxy_CdkDiffIamTemplate struct {
+	_ byte // padding
+}
+
+// Experimental.
+func NewCdkDiffIamTemplate(props *CdkDiffIamTemplateProps) CdkDiffIamTemplate {
+	_init_.Initialize()
+
+	if err := validateNewCdkDiffIamTemplateParameters(props); err != nil {
+		panic(err)
+	}
+	j := jsiiProxy_CdkDiffIamTemplate{}
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplate",
+		[]interface{}{props},
+		&j,
+	)
+
+	return &j
+}
+
+// Experimental.
+func NewCdkDiffIamTemplate_Override(c CdkDiffIamTemplate, props *CdkDiffIamTemplateProps) {
+	_init_.Initialize()
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplate",
+		[]interface{}{props},
+		c,
+	)
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateGenerator.go

@@ -0,0 +1,82 @@
+package cdkdiffprgithubaction
+
+import (
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+	_init_ "github.com/JaysonRawlins/cdk-diff-pr-github-action/cdkdiffprgithubaction/jsii"
+)
+
+// Pure generator class for CDK Diff IAM templates.
+//
+// No Projen dependency - can be used in any project.
+// Experimental.
+type CdkDiffIamTemplateGenerator interface {
+}
+
+// The jsii proxy struct for CdkDiffIamTemplateGenerator
+type jsiiProxy_CdkDiffIamTemplateGenerator struct {
+	_ byte // padding
+}
+
+// Experimental.
+func NewCdkDiffIamTemplateGenerator() CdkDiffIamTemplateGenerator {
+	_init_.Initialize()
+
+	j := jsiiProxy_CdkDiffIamTemplateGenerator{}
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator",
+		nil, // no parameters
+		&j,
+	)
+
+	return &j
+}
+
+// Experimental.
+func NewCdkDiffIamTemplateGenerator_Override(c CdkDiffIamTemplateGenerator) {
+	_init_.Initialize()
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator",
+		nil, // no parameters
+		c,
+	)
+}
+
+// Generate the AWS CLI deploy command for the IAM template.
+// Experimental.
+func CdkDiffIamTemplateGenerator_GenerateDeployCommand(templatePath *string) *string {
+	_init_.Initialize()
+
+	var returns *string
+
+	_jsii_.StaticInvoke(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator",
+		"generateDeployCommand",
+		[]interface{}{templatePath},
+		&returns,
+	)
+
+	return returns
+}
+
+// Generate the CloudFormation IAM template as a YAML string.
+// Experimental.
+func CdkDiffIamTemplateGenerator_GenerateTemplate(props *CdkDiffIamTemplateGeneratorProps) *string {
+	_init_.Initialize()
+
+	if err := validateCdkDiffIamTemplateGenerator_GenerateTemplateParameters(props); err != nil {
+		panic(err)
+	}
+	var returns *string
+
+	_jsii_.StaticInvoke(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateGenerator",
+		"generateTemplate",
+		[]interface{}{props},
+		&returns,
+	)
+
+	return returns
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateGeneratorProps.go

@@ -0,0 +1,45 @@
+package cdkdiffprgithubaction
+
+
+// Props for generating CDK Diff IAM templates (no Projen dependency).
+// Experimental.
+type CdkDiffIamTemplateGeneratorProps struct {
+	// Name for the changeset IAM role.
+	// Experimental.
+	RoleName *string `field:"required" json:"roleName" yaml:"roleName"`
+	// Create a GitHub OIDC role within this template instead of using an existing one.
+	//
+	// When true, githubOidc configuration is required and oidcRoleArn is ignored.
+	// Default: false.
+	// Experimental.
+	CreateOidcRole *bool `field:"optional" json:"createOidcRole" yaml:"createOidcRole"`
+	// GitHub OIDC configuration for repo/branch restrictions.
+	//
+	// Required when createOidcRole is true.
+	// Experimental.
+	GithubOidc *GitHubOidcConfig `field:"optional" json:"githubOidc" yaml:"githubOidc"`
+	// Region for the OIDC trust condition.
+	//
+	// Only used when oidcRoleArn is provided (external OIDC role).
+	// Experimental.
+	OidcRegion *string `field:"optional" json:"oidcRegion" yaml:"oidcRegion"`
+	// ARN of the existing GitHub OIDC role that can assume this changeset role.
+	//
+	// Required when createOidcRole is false or undefined.
+	// Experimental.
+	OidcRoleArn *string `field:"optional" json:"oidcRoleArn" yaml:"oidcRoleArn"`
+	// Name of the GitHub OIDC role to create.
+	//
+	// Only used when createOidcRole is true.
+	// Default: 'GitHubOIDCRole'.
+	// Experimental.
+	OidcRoleName *string `field:"optional" json:"oidcRoleName" yaml:"oidcRoleName"`
+	// Skip creating the OIDC provider (use existing one).
+	//
+	// Set to true if the account already has a GitHub OIDC provider.
+	// Only used when createOidcRole is true.
+	// Default: false.
+	// Experimental.
+	SkipOidcProviderCreation *bool `field:"optional" json:"skipOidcProviderCreation" yaml:"skipOidcProviderCreation"`
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateGenerator__checks.go

@@ -0,0 +1,21 @@
+//go:build !no_runtime_type_checking
+
+package cdkdiffprgithubaction
+
+import (
+	"fmt"
+
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+)
+
+func validateCdkDiffIamTemplateGenerator_GenerateTemplateParameters(props *CdkDiffIamTemplateGeneratorProps) error {
+	if props == nil {
+		return fmt.Errorf("parameter props is required, but nil was provided")
+	}
+	if err := _jsii_.ValidateStruct(props, func() string { return "parameter props" }); err != nil {
+		return err
+	}
+
+	return nil
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateGenerator__no_checks.go

@@ -0,0 +1,10 @@
+//go:build no_runtime_type_checking
+
+package cdkdiffprgithubaction
+
+// Building without runtime type checking enabled, so all the below just return nil
+
+func validateCdkDiffIamTemplateGenerator_GenerateTemplateParameters(props *CdkDiffIamTemplateGeneratorProps) error {
+	return nil
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateProps.go

@@ -0,0 +1,51 @@
+package cdkdiffprgithubaction
+
+
+// Props for the Projen-integrated CDK Diff IAM template construct.
+// Experimental.
+type CdkDiffIamTemplateProps struct {
+	// Name for the changeset IAM role.
+	// Experimental.
+	RoleName *string `field:"required" json:"roleName" yaml:"roleName"`
+	// Create a GitHub OIDC role within this template instead of using an existing one.
+	//
+	// When true, githubOidc configuration is required and oidcRoleArn is ignored.
+	// Default: false.
+	// Experimental.
+	CreateOidcRole *bool `field:"optional" json:"createOidcRole" yaml:"createOidcRole"`
+	// GitHub OIDC configuration for repo/branch restrictions.
+	//
+	// Required when createOidcRole is true.
+	// Experimental.
+	GithubOidc *GitHubOidcConfig `field:"optional" json:"githubOidc" yaml:"githubOidc"`
+	// Region for the OIDC trust condition.
+	//
+	// Only used when oidcRoleArn is provided (external OIDC role).
+	// Experimental.
+	OidcRegion *string `field:"optional" json:"oidcRegion" yaml:"oidcRegion"`
+	// ARN of the existing GitHub OIDC role that can assume this changeset role.
+	//
+	// Required when createOidcRole is false or undefined.
+	// Experimental.
+	OidcRoleArn *string `field:"optional" json:"oidcRoleArn" yaml:"oidcRoleArn"`
+	// Name of the GitHub OIDC role to create.
+	//
+	// Only used when createOidcRole is true.
+	// Default: 'GitHubOIDCRole'.
+	// Experimental.
+	OidcRoleName *string `field:"optional" json:"oidcRoleName" yaml:"oidcRoleName"`
+	// Skip creating the OIDC provider (use existing one).
+	//
+	// Set to true if the account already has a GitHub OIDC provider.
+	// Only used when createOidcRole is true.
+	// Default: false.
+	// Experimental.
+	SkipOidcProviderCreation *bool `field:"optional" json:"skipOidcProviderCreation" yaml:"skipOidcProviderCreation"`
+	// Projen project instance.
+	// Experimental.
+	Project interface{} `field:"required" json:"project" yaml:"project"`
+	// Output path for the template file (default: 'cdk-diff-workflow-iam-template.yaml').
+	// Experimental.
+	OutputPath *string `field:"optional" json:"outputPath" yaml:"outputPath"`
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSet.go

@@ -0,0 +1,50 @@
+package cdkdiffprgithubaction
+
+import (
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+	_init_ "github.com/JaysonRawlins/cdk-diff-pr-github-action/cdkdiffprgithubaction/jsii"
+)
+
+// Projen construct that creates a CloudFormation StackSet template for org-wide deployment of GitHub OIDC provider, OIDC role, and CDK Diff/Drift IAM roles.
+//
+// This provides a self-contained per-account deployment with no role chaining required.
+//
+// For non-Projen projects, use `CdkDiffIamTemplateStackSetGenerator` directly.
+// Experimental.
+type CdkDiffIamTemplateStackSet interface {
+}
+
+// The jsii proxy struct for CdkDiffIamTemplateStackSet
+type jsiiProxy_CdkDiffIamTemplateStackSet struct {
+	_ byte // padding
+}
+
+// Experimental.
+func NewCdkDiffIamTemplateStackSet(props *CdkDiffIamTemplateStackSetProps) CdkDiffIamTemplateStackSet {
+	_init_.Initialize()
+
+	if err := validateNewCdkDiffIamTemplateStackSetParameters(props); err != nil {
+		panic(err)
+	}
+	j := jsiiProxy_CdkDiffIamTemplateStackSet{}
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSet",
+		[]interface{}{props},
+		&j,
+	)
+
+	return &j
+}
+
+// Experimental.
+func NewCdkDiffIamTemplateStackSet_Override(c CdkDiffIamTemplateStackSet, props *CdkDiffIamTemplateStackSetProps) {
+	_init_.Initialize()
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSet",
+		[]interface{}{props},
+		c,
+	)
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSetCommandsProps.go

@@ -0,0 +1,29 @@
+package cdkdiffprgithubaction
+
+
+// Props for generating StackSet CLI commands (no Projen dependency).
+// Experimental.
+type CdkDiffIamTemplateStackSetCommandsProps struct {
+	// Auto-deployment configuration.
+	// Experimental.
+	AutoDeployment *StackSetAutoDeployment `field:"optional" json:"autoDeployment" yaml:"autoDeployment"`
+	// Whether to use delegated admin mode for StackSet operations.
+	//
+	// If true, adds --call-as DELEGATED_ADMIN to commands.
+	// Default: true.
+	// Experimental.
+	DelegatedAdmin *bool `field:"optional" json:"delegatedAdmin" yaml:"delegatedAdmin"`
+	// Target regions for deployment (e.g., ['us-east-1', 'eu-west-1']).
+	// Experimental.
+	Regions *[]*string `field:"optional" json:"regions" yaml:"regions"`
+	// Name of the StackSet (default: 'cdk-diff-workflow-iam-stackset').
+	// Experimental.
+	StackSetName *string `field:"optional" json:"stackSetName" yaml:"stackSetName"`
+	// Target OUs for deployment (e.g., ['ou-xxxx-xxxxxxxx', 'r-xxxx']).
+	// Experimental.
+	TargetOrganizationalUnitIds *[]*string `field:"optional" json:"targetOrganizationalUnitIds" yaml:"targetOrganizationalUnitIds"`
+	// Path to the template file (default: 'cdk-diff-workflow-stackset-template.yaml').
+	// Experimental.
+	TemplatePath *string `field:"optional" json:"templatePath" yaml:"templatePath"`
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSetGenerator.go

@@ -0,0 +1,87 @@
+package cdkdiffprgithubaction
+
+import (
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+	_init_ "github.com/JaysonRawlins/cdk-diff-pr-github-action/cdkdiffprgithubaction/jsii"
+)
+
+// Pure generator class for StackSet templates and commands.
+//
+// No Projen dependency - can be used in any project.
+// Experimental.
+type CdkDiffIamTemplateStackSetGenerator interface {
+}
+
+// The jsii proxy struct for CdkDiffIamTemplateStackSetGenerator
+type jsiiProxy_CdkDiffIamTemplateStackSetGenerator struct {
+	_ byte // padding
+}
+
+// Experimental.
+func NewCdkDiffIamTemplateStackSetGenerator() CdkDiffIamTemplateStackSetGenerator {
+	_init_.Initialize()
+
+	j := jsiiProxy_CdkDiffIamTemplateStackSetGenerator{}
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGenerator",
+		nil, // no parameters
+		&j,
+	)
+
+	return &j
+}
+
+// Experimental.
+func NewCdkDiffIamTemplateStackSetGenerator_Override(c CdkDiffIamTemplateStackSetGenerator) {
+	_init_.Initialize()
+
+	_jsii_.Create(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGenerator",
+		nil, // no parameters
+		c,
+	)
+}
+
+// Generate AWS CLI commands for StackSet operations.
+//
+// Returns a map of command names to shell commands.
+// Experimental.
+func CdkDiffIamTemplateStackSetGenerator_GenerateCommands(props *CdkDiffIamTemplateStackSetCommandsProps) *map[string]*string {
+	_init_.Initialize()
+
+	if err := validateCdkDiffIamTemplateStackSetGenerator_GenerateCommandsParameters(props); err != nil {
+		panic(err)
+	}
+	var returns *map[string]*string
+
+	_jsii_.StaticInvoke(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGenerator",
+		"generateCommands",
+		[]interface{}{props},
+		&returns,
+	)
+
+	return returns
+}
+
+// Generate the CloudFormation StackSet template as a YAML string.
+// Experimental.
+func CdkDiffIamTemplateStackSetGenerator_GenerateTemplate(props *CdkDiffIamTemplateStackSetGeneratorProps) *string {
+	_init_.Initialize()
+
+	if err := validateCdkDiffIamTemplateStackSetGenerator_GenerateTemplateParameters(props); err != nil {
+		panic(err)
+	}
+	var returns *string
+
+	_jsii_.StaticInvoke(
+		"@jjrawlins/cdk-diff-pr-github-action.CdkDiffIamTemplateStackSetGenerator",
+		"generateTemplate",
+		[]interface{}{props},
+		&returns,
+	)
+
+	return returns
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSetGeneratorProps.go

@@ -0,0 +1,33 @@
+package cdkdiffprgithubaction
+
+
+// Props for generating StackSet templates (no Projen dependency).
+// Experimental.
+type CdkDiffIamTemplateStackSetGeneratorProps struct {
+	// GitHub OIDC configuration for repo/branch restrictions.
+	// Experimental.
+	GithubOidc *GitHubOidcConfig `field:"required" json:"githubOidc" yaml:"githubOidc"`
+	// Name of the CdkChangesetRole (default: 'CdkChangesetRole').
+	// Experimental.
+	ChangesetRoleName *string `field:"optional" json:"changesetRoleName" yaml:"changesetRoleName"`
+	// Description for the StackSet.
+	// Experimental.
+	Description *string `field:"optional" json:"description" yaml:"description"`
+	// Name of the CdkDriftRole (default: 'CdkDriftRole').
+	// Experimental.
+	DriftRoleName *string `field:"optional" json:"driftRoleName" yaml:"driftRoleName"`
+	// Name of the GitHub OIDC role (default: 'GitHubOIDCRole').
+	// Experimental.
+	OidcRoleName *string `field:"optional" json:"oidcRoleName" yaml:"oidcRoleName"`
+	// Which roles to include (default: BOTH).
+	// Experimental.
+	RoleSelection StackSetRoleSelection `field:"optional" json:"roleSelection" yaml:"roleSelection"`
+	// Skip creating the OIDC provider (use existing one).
+	//
+	// Set to true if accounts already have a GitHub OIDC provider.
+	// The template will reference the existing provider by ARN.
+	// Default: false.
+	// Experimental.
+	SkipOidcProviderCreation *bool `field:"optional" json:"skipOidcProviderCreation" yaml:"skipOidcProviderCreation"`
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSetGenerator__checks.go

@@ -0,0 +1,29 @@
+//go:build !no_runtime_type_checking
+
+package cdkdiffprgithubaction
+
+import (
+	"fmt"
+
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+)
+
+func validateCdkDiffIamTemplateStackSetGenerator_GenerateCommandsParameters(props *CdkDiffIamTemplateStackSetCommandsProps) error {
+	if err := _jsii_.ValidateStruct(props, func() string { return "parameter props" }); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func validateCdkDiffIamTemplateStackSetGenerator_GenerateTemplateParameters(props *CdkDiffIamTemplateStackSetGeneratorProps) error {
+	if props == nil {
+		return fmt.Errorf("parameter props is required, but nil was provided")
+	}
+	if err := _jsii_.ValidateStruct(props, func() string { return "parameter props" }); err != nil {
+		return err
+	}
+
+	return nil
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSetGenerator__no_checks.go

@@ -0,0 +1,14 @@
+//go:build no_runtime_type_checking
+
+package cdkdiffprgithubaction
+
+// Building without runtime type checking enabled, so all the below just return nil
+
+func validateCdkDiffIamTemplateStackSetGenerator_GenerateCommandsParameters(props *CdkDiffIamTemplateStackSetCommandsProps) error {
+	return nil
+}
+
+func validateCdkDiffIamTemplateStackSetGenerator_GenerateTemplateParameters(props *CdkDiffIamTemplateStackSetGeneratorProps) error {
+	return nil
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSetProps.go

@@ -0,0 +1,58 @@
+package cdkdiffprgithubaction
+
+
+// Props for the Projen-integrated StackSet construct.
+// Experimental.
+type CdkDiffIamTemplateStackSetProps struct {
+	// GitHub OIDC configuration for repo/branch restrictions.
+	// Experimental.
+	GithubOidc *GitHubOidcConfig `field:"required" json:"githubOidc" yaml:"githubOidc"`
+	// Name of the CdkChangesetRole (default: 'CdkChangesetRole').
+	// Experimental.
+	ChangesetRoleName *string `field:"optional" json:"changesetRoleName" yaml:"changesetRoleName"`
+	// Description for the StackSet.
+	// Experimental.
+	Description *string `field:"optional" json:"description" yaml:"description"`
+	// Name of the CdkDriftRole (default: 'CdkDriftRole').
+	// Experimental.
+	DriftRoleName *string `field:"optional" json:"driftRoleName" yaml:"driftRoleName"`
+	// Name of the GitHub OIDC role (default: 'GitHubOIDCRole').
+	// Experimental.
+	OidcRoleName *string `field:"optional" json:"oidcRoleName" yaml:"oidcRoleName"`
+	// Which roles to include (default: BOTH).
+	// Experimental.
+	RoleSelection StackSetRoleSelection `field:"optional" json:"roleSelection" yaml:"roleSelection"`
+	// Skip creating the OIDC provider (use existing one).
+	//
+	// Set to true if accounts already have a GitHub OIDC provider.
+	// The template will reference the existing provider by ARN.
+	// Default: false.
+	// Experimental.
+	SkipOidcProviderCreation *bool `field:"optional" json:"skipOidcProviderCreation" yaml:"skipOidcProviderCreation"`
+	// Projen project instance.
+	// Experimental.
+	Project interface{} `field:"required" json:"project" yaml:"project"`
+	// Auto-deployment configuration.
+	// Experimental.
+	AutoDeployment *StackSetAutoDeployment `field:"optional" json:"autoDeployment" yaml:"autoDeployment"`
+	// Whether to use delegated admin mode for StackSet operations.
+	//
+	// If true, adds --call-as DELEGATED_ADMIN to commands.
+	// If false, assumes running from the management account.
+	// Default: true.
+	// Experimental.
+	DelegatedAdmin *bool `field:"optional" json:"delegatedAdmin" yaml:"delegatedAdmin"`
+	// Output path for the template file (default: 'cdk-diff-workflow-stackset-template.yaml').
+	// Experimental.
+	OutputPath *string `field:"optional" json:"outputPath" yaml:"outputPath"`
+	// Target regions for deployment (e.g., ['us-east-1', 'eu-west-1']).
+	// Experimental.
+	Regions *[]*string `field:"optional" json:"regions" yaml:"regions"`
+	// Name of the StackSet (default: 'cdk-diff-workflow-iam-stackset').
+	// Experimental.
+	StackSetName *string `field:"optional" json:"stackSetName" yaml:"stackSetName"`
+	// Target OUs for deployment (e.g., ['ou-xxxx-xxxxxxxx', 'r-xxxx']).
+	// Experimental.
+	TargetOrganizationalUnitIds *[]*string `field:"optional" json:"targetOrganizationalUnitIds" yaml:"targetOrganizationalUnitIds"`
+}
+

package/cdkdiffprgithubaction/CdkDiffIamTemplateStackSet__checks.go

@@ -0,0 +1,21 @@
+//go:build !no_runtime_type_checking
+
+package cdkdiffprgithubaction
+
+import (
+	"fmt"
+
+	_jsii_ "github.com/aws/jsii-runtime-go/runtime"
+)
+
+func validateNewCdkDiffIamTemplateStackSetParameters(props *CdkDiffIamTemplateStackSetProps) error {
+	if props == nil {
+		return fmt.Errorf("parameter props is required, but nil was provided")
+	}
+	if err := _jsii_.ValidateStruct(props, func() string { return "parameter props" }); err != nil {
+		return err
+	}
+
+	return nil
+}
+