Appsync/fix ci

[cloutierMat]

Motivation

I realized we had security warnings related to the cdk directory. It also lead me to realise that the ci has been broken for a long time. I had assumed the pr were auto merge only when the test were green so never really bothered to have a second look.

Along with #185 this pr fixes this issue

while #185 fixes the tests themselves as no longer compatible with latest versions, this pr aims to prevent this from happening again.

Changes

• Dependabot will now also look to update packages in /cdk
• upgraded node version to match LocalStack node version
• Ensure we don't merge if tests are failing and write a message to our attention instead

[simonrw]

I trust that this is an improvement, but I think there's a simpler way to support automerging. I think the issue is more that we don't have any branch protection rules, so the "auto merge" logic sees the tests pass, that no tests are required to pass, and therefore it merges the PR. If we put a protection rule on the main branch that states that PRs must be green and jobs a, b, and c are required to pass before the PR is green then the auto-merge system should work. WDYT?

[simonrw]

IDK if this works, but...

Suggested change

	TEST_IMAGE_NAME: public.ecr.aws/lambda/nodejs:22
	NODE_VERSION: 22
	NODE_VERSION: 22
	TEST_IMAGE_NAME: public.ecr.aws/lambda/nodejs:${NODE_VERSION}

[simonrw]

This is pretty telling... 😂

[cloutierMat]

The issue with adding branch protection rules, is that the auto-merge runs on:pull-request which mean it would simply fail, as it currently auto-merges as soon as created.

Looking a bit more into it now, we can instead use on: workflow_run, which will run it only after the run as completed. Much better than my current fix to wait that it completes. Thanks for the pushback leading to more thought process 🧠 😄