feat(ci): add deploy pipeline with OIDC, dynamic stack naming, and deploy-intent artifact

[scottschreckengaust]

Summary

Adds the deployment pipeline (Phase 3 of #73) on top of PR #97 (compute_type rename).

Architecture

build.yml (single entry point for build + deploy intent)
  ├─ workflow_dispatch input: deploy = "-" (default) | "agentcore"
  │   └─ GitHub enforces choice values — no injection possible
  ├─ Resolve stack name (trigger-aware, sanitized)
  ├─ Generate cdk.context.json (stackName + compute_type + github:* tags)
  ├─ mise run build → synth → upload cdk-<type>-out artifact
  ├─ Write deploy-intent.json (validated against ALLOWED_COMPUTE_TYPES)
  └─ Upload deploy-intent artifact

deploy.yml (pure consumer — no direct triggers)
  ├─ workflow_run: fires after build succeeds
  ├─ resolve-targets: download deploy-intent.json
  │   ├─ intent = "-"      → skip (no approval prompt, instant no-op)
  │   ├─ intent = "labels" → check PR labels, validate against allowlist
  │   └─ intent = "<type>" → validate against allowlist, deploy
  └─ deploy job:
      ├─ environment: deploy (manual approval, prevent self-review)
      ├─ cancel-in-progress: false (non-cancellable once started)
      ├─ max-parallel: 3
      ├─ download exact cdk-<type>-out artifact from build run
      ├─ OIDC → CDK bootstrap role
      └─ npx cdk deploy --app cdk/cdk.out --all --require-approval never

Commits

#	Commit	Description
1	compute_type rename	computeVariant → compute_type in build.yml, context, CDK tag (from PR #97)
2	deploy.yml base	workflow_run trigger, artifact download, OIDC, cdk deploy
3	Dynamic stack naming	Trigger-aware naming with sanitization
4	Deploy-intent pattern	Move dispatch input to build.yml, deploy.yml becomes pure consumer
5	Security hardening	Allowlist validation, jq for JSON, numeric PR check, letter-prefix stacks

Stack Naming

Trigger	Pattern	Example
Push to main	main-<type>	main-agentcore
Push to branch	<branch>-<type>	feat-deploy-yml-agentcore
Pull request	pr<N>-<type>	pr42-agentcore
Merge group	mg<N>-<type>	mg42-agentcore
workflow_dispatch	<branch>-<type>	main-agentcore
Fallback	<type>-<sha7>	agentcore-abc1234

Sanitization: lowercase, /_. → -, strip non-[a-z0-9-], collapse hyphens, 60-char cap, prefix s- if starts with digit.

Deploy Intent Flow

Build trigger	Intent value	Deploy result
Push to main	agentcore	Deploy agentcore
Push to non-main branch	-	No deploy
workflow_dispatch with -	-	No deploy
workflow_dispatch with agentcore	agentcore	Deploy agentcore
pull_request	labels	Check PR labels
Unknown	-	No deploy

Label-Driven Deploy (PR only)

Label	Types deployed
deploy	All registered types
deploy:agentcore	agentcore only
deploy:*	All registered types
No deploy* label	Nothing

Label values are validated against ALLOWED_COMPUTE_TYPES. Invalid labels emit a warning and are silently dropped.

Depends on: PR #97 — must merge first.

Security

Control	Location	Mechanism
Input validation	build.yml dispatch	GitHub choice type — enforced at UI and API
Compute type allowlist	Both workflows	ALLOWED_COMPUTE_TYPES env var; validate_compute_type()
Label filtering	deploy.yml	filter_valid_types() rejects invalid deploy:<type> labels
PR number validation	build.yml naming	Regex ^[0-9]+$ check before use
Stack name sanitization	build.yml naming	Lowercase, strip unsafe chars, letter-prefix, 60-char cap
JSON encoding	build.yml intent	jq -n --arg (not shell interpolation)
No expression injection	Both workflows	All untrusted input via env:, never in run: directly
Permissions	Both workflows	permissions: {} at top; least-privilege per job
OIDC	deploy.yml	No long-lived credentials; assumes CDK bootstrap roles
Environment gate	deploy.yml	deploy environment with manual approval, prevent self-review
Non-cancellable deploys	deploy.yml	cancel-in-progress: false once deployment starts
zizmor	Both workflows	Passes with 1 documented intentional suppression

Test plan

• YAML validates on both files
• zizmor passes on both files (0 findings, 1 ignored, 8 suppressed)
• Pre-commit hooks pass (eslint, gitleaks, yaml check)
• github-tags.test.ts — 5/5 pass (compute_type tag defaults + explicit)
• TypeScript compiles clean
• End-to-end: workflow_dispatch build with deploy: agentcore
• End-to-end: PR with deploy label
• Verify stack naming for each trigger type
• Verify invalid deploy:foo label emits warning and is ignored

Not in scope (future work)

• Baseline diff step (download from latest release, compare resource types)
• cdk diff output to step summary
• Release flow (draft → deploy → tag → publish)
• Cleanup workflow (cleanup.yml)

🤖 Generated with Claude Code