Uncommented code and cleaned up

.github/workflows/main-pipeline-cdk.yml

@@ -19,11 +19,6 @@ on:
     branches:
       - main
 
-  # TEMP DEBUG!!!:
-  push:
-    branches:
-      - main
-
 #### Overall Strategy:
 # If Open a PR: Make sure everything can Synth (No deploy)
 # If Merge a PR: Deploy to your account (No synth, it just passed)
@@ -59,71 +54,71 @@ jobs:
           echo "deploy-config-files=$json_list" >> "$GITHUB_OUTPUT"
 
 
-  # cdk-synth:
-  #   if: ( github.event_name == 'pull_request' && github.event.action != 'closed' ) ||
-  #       ( github.event_name == 'workflow_dispatch' )
-  #   runs-on: ubuntu-latest
-  #   needs:
-  #     - setup-matrix
-  #   strategy:
-  #     matrix:
-  #       example-config: ${{ fromJson(needs.setup-matrix.outputs.synth-matrix) }}
-  #   steps:
-  #     - uses: actions/checkout@v4
-
-  #     - name: Setup CDK
-  #       uses: ./.github/workflows/composite-setup-cdk
-
-  #     - name: "Synthesize: ${{ matrix.example-config }}"
-  #       run: make cdk-synth config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.example-config }}"
-
-  # cdk-deploy-base:
-  #   ## If the PR is merged, or if we manually trigger it (MAIN ONLY):
-  #   # !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped.
-  #   #   (it'll skip when PR is merged. No point in synthing again since it has to pass TO merge)
-  #   if: |
-  #     !failure() && !cancelled() && (
-  #       ( github.event_name == 'pull_request' && github.event.pull_request.merged ) ||
-  #       ( github.event_name == 'workflow_dispatch' )
-  #     )
-  #   runs-on: ubuntu-latest
-  #   needs:
-  #     - setup-matrix
-  #     - cdk-synth
-  #   permissions:
-  #     id-token: write
-  #     contents: read
-  #   steps:
-  #     # Moved this check away from the job-level 'if', so it actually fails if you're
-  #     # not on main. Failure is easier to see than a skipped job.
-  #     - name: Fail if not 'main' (else skips this step)
-  #       # Yes the pull_request line is redundant with the 'branch' trigger at the top of the
-  #       # file, but better safe than sorry. Keeps the logic uniform with workflow_dispatch too.
-  #       if: ( github.event_name == 'pull_request' && github.base_ref != 'main' ) ||
-  #           ( github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' )
-  #       run: exit -1
-
-  #     - uses: actions/checkout@v4
-
-  #     # Install everything:
-  #     - name: Setup CDK
-  #       uses: ./.github/workflows/composite-setup-cdk
-
-  #     # Log into AWS:
-  #     - uses: aws-actions/configure-aws-credentials@v4
-  #       with:
-  #         aws-region: "${{ vars.AWS_REGION }}"
-  #         role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}"
-
-  #     # Deploy the Base Stack:
-  #     - name: Deploy Base Stack
-  #       run: make cdk-deploy-base
+  cdk-synth:
+    if: ( github.event_name == 'pull_request' && github.event.action != 'closed' ) ||
+        ( github.event_name == 'workflow_dispatch' )
+    runs-on: ubuntu-latest
+    needs:
+      - setup-matrix
+    strategy:
+      matrix:
+        example-config: ${{ fromJson(needs.setup-matrix.outputs.synth-matrix) }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup CDK
+        uses: ./.github/workflows/composite-setup-cdk
+
+      - name: "Synthesize: ${{ matrix.example-config }}"
+        run: make cdk-synth config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.example-config }}"
+
+  cdk-deploy-base:
+    ## If the PR is merged, or if we manually trigger it (MAIN ONLY):
+    # !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped.
+    #   (it'll skip when PR is merged. No point in synthing again since it has to pass TO merge)
+    if: |
+      !failure() && !cancelled() && (
+        ( github.event_name == 'pull_request' && github.event.pull_request.merged ) ||
+        ( github.event_name == 'workflow_dispatch' )
+      )
+    runs-on: ubuntu-latest
+    needs:
+      - setup-matrix
+      - cdk-synth
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      # Moved this check away from the job-level 'if', so it actually fails if you're
+      # not on main. Failure is easier to see than a skipped job.
+      - name: Fail if not 'main' (else skips this step)
+        # Yes the pull_request line is redundant with the 'branch' trigger at the top of the
+        # file, but better safe than sorry. Keeps the logic uniform with workflow_dispatch too.
+        if: ( github.event_name == 'pull_request' && github.base_ref != 'main' ) ||
+            ( github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' )
+        run: exit -1
+
+      - uses: actions/checkout@v4
+
+      # Install everything:
+      - name: Setup CDK
+        uses: ./.github/workflows/composite-setup-cdk
+
+      # Log into AWS:
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: "${{ vars.AWS_REGION }}"
+          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}"
+
+      # Deploy the Base Stack:
+      - name: Deploy Base Stack
+        run: make cdk-deploy-base
 
   cdk-deploy-leaf:
     runs-on: ubuntu-latest
     needs:
       - setup-matrix
-      # - cdk-deploy-base
+      - cdk-deploy-base
     strategy:
       matrix:
         deploy-config: ${{ fromJson(needs.setup-matrix.outputs.deploy-matrix) }}
@@ -134,46 +129,25 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      # # Install everything:
-      # - name: Setup CDK
-      #   uses: ./.github/workflows/composite-setup-cdk
+      # Install everything:
+      - name: Setup CDK
+        uses: ./.github/workflows/composite-setup-cdk
 
-      # # Log into AWS:
-      # - uses: aws-actions/configure-aws-credentials@v4
-      #   with:
-      #     aws-region: "${{ vars.AWS_REGION }}"
-      #     role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}"
+      # Log into AWS:
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: "${{ vars.AWS_REGION }}"
+          role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}"
 
       # Deploy the Leaf Stack:
       - name: "Deploying: ${{ matrix.deploy-config }}"
+        ## Load and mask the container-specific variables, then deploy.
         # container-id: Take off the beginning './' and the end '-example.yaml'
         run: |
-          for key_var in $( echo "${{ vars.CONTAINER_VARS }}" | tr '\n' ' ' ); do
-            echo "::add-mask::${key_var#*=}"
-            echo "$key_var"
-            export ${key_var}
+          for key_val in $( echo "${{ vars.CONTAINER_VARS }}" | tr '\n' ' ' ); do
+            echo "::add-mask::${key_val#*=}"
+            export ${key_val}
           done
-          echo "OUTSIDE! ${TEST_1}"
-        env:
-          # TODO: I hate how we have to expose ALL secrets to ALL containers...
-          #       Is there a better way to select which matrixes get which secrets?
-          #       I know environments do it, maybe that's the route to go...
-          #       BUT how do you not have to manage this list? It'd be nice if
-          #       I can find a way to "make everything in the environment available".
-
-          #       One idea, have a env-var that stores a list of all the variables. Source
-          #       that list before deploying, and each environment can hold specific env-vars.
-          #       (there'll be secrets though... maybe mask all values?)
-          MINECRAFT_RCRON_PASSWORD: "${{ secrets.MINECRAFT_RCRON_PASSWORD }}"
-          VALHEIM_SERVER_PASS: "${{ secrets.VALHEIM_SERVER_PASS }}"
-
-
-
-          # while IFS= read -r line || [[ -n $line ]]; do
-          #     echo "... $line ..."
-          # done < <(printf '%s' "${{ vars.CONTAINER_VARS }}")
-
-
-          # make cdk-deploy-leaf \
-          #   config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.deploy-config }}" \
-          #   container-id=$(echo "${{ matrix.deploy-config }}" | sed -E 's/^\.\///' | sed -E 's/-example\.ya?ml$//i')
+          make cdk-deploy-leaf \
+            config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.deploy-config }}" \
+            container-id=$(echo "${{ matrix.deploy-config }}" | sed -E 's/^\.\///' | sed -E 's/-example\.ya?ml$//i')