From bbfb3d8c08649af74d13c960bd977d3752198af2 Mon Sep 17 00:00:00 2001
From: Andrea Amorosi <dreamorosi@gmail.com>
Date: Mon, 10 Feb 2025 12:18:40 +0100
Subject: [PATCH 1/4] chore(ci): remove pinned actions & pkg versions

---
 .github/workflows/bootstrap_region.yml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml
index 630921edbd..36cb753739 100644
--- a/.github/workflows/bootstrap_region.yml
+++ b/.github/workflows/bootstrap_region.yml
@@ -53,11 +53,16 @@ jobs:
         name: Create Workdir
         run: |
           mkdir -p build/project
-      - id: cdk-install
-        name: Install CDK
-        working-directory: build
-        run: |
-          npm i aws-cdk@2.178.0
+      - name: checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+        with:
+          ref: ${{ github.sha }}
+      - name: Setup Node.js
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: "22"
+      - name: Setup dependencies
+        uses: aws-powertools/actions/.github/actions/cached-node-modules@29979bc5339bf54f76a11ac36ff67701986bb0f0
       - id: cdk-project
         name: CDK Project
         working-directory: build/project
@@ -90,7 +95,7 @@ jobs:
         run: go env
       - id: go-install-pkg
         name: Install
-        run: go install github.com/aws-powertools/actions/layer-balancer/cmd/balance@latest
+        run: go install github.com/aws-powertools/actions/layer-balancer/cmd/balance@@29979bc5339bf54f76a11ac36ff67701986bb0f0
       - id: run-balance
         name: Run Balance
         run: balance -read-region us-east-1 -write-region ${{ inputs.region }} -write-role ${{ secrets.BALANCE_ROLE_ARN }} -layer-name AWSLambdaPowertoolsTypeScriptV2 -dry-run=false
\ No newline at end of file

From bc338e5a85b7f6c745a4184c3bab8ee8ee51edfc Mon Sep 17 00:00:00 2001
From: Andrea Amorosi <dreamorosi@gmail.com>
Date: Mon, 10 Feb 2025 12:23:27 +0100
Subject: [PATCH 2/4] chore: make steps dependant

---
 .github/workflows/bootstrap_region.yml | 37 +++++++++++++-------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml
index 36cb753739..aa4662af8e 100644
--- a/.github/workflows/bootstrap_region.yml
+++ b/.github/workflows/bootstrap_region.yml
@@ -34,25 +34,14 @@ permissions:
   contents: read
 
 jobs:
-  cdk:
-    name: Install CDK
+  bootstrap:
+    name: Bootstrap Region
     runs-on: ubuntu-latest
     permissions:
       contents: write
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps:
-      - id: credentials
-        name: AWS Credentials
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
-        with:
-          aws-region: ${{ inputs.region }}
-          role-to-assume: ${{ secrets.REGION_IAM_ROLE }}
-          mask-aws-account-id: true
-      - id: workdir
-        name: Create Workdir
-        run: |
-          mkdir -p build/project
       - name: checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
@@ -63,16 +52,28 @@ jobs:
           node-version: "22"
       - name: Setup dependencies
         uses: aws-powertools/actions/.github/actions/cached-node-modules@29979bc5339bf54f76a11ac36ff67701986bb0f0
-      - id: cdk-project
-        name: CDK Project
-        working-directory: build/project
+      - id: credentials
+        name: AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+        with:
+          aws-region: ${{ inputs.region }}
+          role-to-assume: ${{ secrets.REGION_IAM_ROLE }}
+          mask-aws-account-id: true
+      - id: workdir
+        name: Create Workdir
         run: |
-          npx cdk init app --language=typescript
-          AWS_REGION="${{ inputs.region }}" npx cdk bootstrap
+          mkdir -p build/project
+          - id: cdk-project
+          name: CDK Project
+          working-directory: build/project
+          run: |
+            npx cdk init app --language=typescript
+            AWS_REGION="${{ inputs.region }}" npx cdk bootstrap
 
   copy_layers:
     name: Copy Layers
     runs-on: ubuntu-latest
+    needs: bootstrap
     permissions:
       contents: write
       id-token: write

From b4d1811226a1153d08425af72cc4e2c9ab672357 Mon Sep 17 00:00:00 2001
From: Andrea Amorosi <dreamorosi@gmail.com>
Date: Mon, 10 Feb 2025 12:27:21 +0100
Subject: [PATCH 3/4] chore: restore indentation

---
 .github/workflows/bootstrap_region.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml
index aa4662af8e..dd5a4ba4ce 100644
--- a/.github/workflows/bootstrap_region.yml
+++ b/.github/workflows/bootstrap_region.yml
@@ -63,12 +63,12 @@ jobs:
         name: Create Workdir
         run: |
           mkdir -p build/project
-          - id: cdk-project
-          name: CDK Project
-          working-directory: build/project
-          run: |
-            npx cdk init app --language=typescript
-            AWS_REGION="${{ inputs.region }}" npx cdk bootstrap
+      - id: cdk-project
+        name: CDK Project
+        working-directory: build/project
+        run: |
+          npx cdk init app --language=typescript
+          AWS_REGION="${{ inputs.region }}" npx cdk bootstrap
 
   copy_layers:
     name: Copy Layers

From 22102b44cfd5aa6e9b3d5d35f59da064dbf1b2a4 Mon Sep 17 00:00:00 2001
From: Andrea Amorosi <dreamorosi@gmail.com>
Date: Mon, 10 Feb 2025 16:54:28 +0100
Subject: [PATCH 4/4] chore: remove excessive permissions

---
 .github/workflows/bootstrap_region.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml
index dd5a4ba4ce..a9d7db8bcd 100644
--- a/.github/workflows/bootstrap_region.yml
+++ b/.github/workflows/bootstrap_region.yml
@@ -38,7 +38,6 @@ jobs:
     name: Bootstrap Region
     runs-on: ubuntu-latest
     permissions:
-      contents: write
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps:
@@ -75,7 +74,6 @@ jobs:
     runs-on: ubuntu-latest
     needs: bootstrap
     permissions:
-      contents: write
       id-token: write
     environment: layer-${{ inputs.environment }}
     steps:
@@ -99,4 +97,4 @@ jobs:
         run: go install github.com/aws-powertools/actions/layer-balancer/cmd/balance@@29979bc5339bf54f76a11ac36ff67701986bb0f0
       - id: run-balance
         name: Run Balance
-        run: balance -read-region us-east-1 -write-region ${{ inputs.region }} -write-role ${{ secrets.BALANCE_ROLE_ARN }} -layer-name AWSLambdaPowertoolsTypeScriptV2 -dry-run=false
\ No newline at end of file
+        run: balance -read-region us-east-1 -write-region ${{ inputs.region }} -write-role ${{ secrets.BALANCE_ROLE_ARN }} -layer-name AWSLambdaPowertoolsTypeScriptV2 -dry-run=false