diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index adcd35f4..1c0c1310 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -578,13 +578,18 @@ jobs: deploy: needs: [install-deps] runs-on: ubuntu-latest - environment: ghpublic + environment: + name: ghpublic + url: https://lambdadispatch${{ steps.getDeployUrl.outputs.stack-url-suffix }}.ghpublic.pwrdrvr.com/ping permissions: id-token: write contents: read concurrency: group: deploy-${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: false + outputs: + stack-url-suffix: ${{ steps.getDeployUrl.outputs.stack-url-suffix }} + url: https://lambdadispatch${{ steps.getDeployUrl.outputs.stack-url-suffix }}.ghpublic.pwrdrvr.com if: ${{ always() && needs.install-deps.result != 'failed' }} env: DEMO_APP_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-demo-app${{ github.event_name == 'pull_request' && '-dev' || '' }} @@ -607,6 +612,15 @@ jobs: run: | yarn build + - name: Get Deploy URL + id: getDeployUrl + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo stack-url-suffix="-pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT + else + echo stack-url-suffix="" >> $GITHUB_OUTPUT + fi + - name: Deploy Stack env: PR_NUMBER: ${{ github.event.pull_request.number }} @@ -628,7 +642,7 @@ jobs: STACK_SUFFIX="" fi - BASE_URL="https://lambdadispatch${STACK_SUFFIX}.ghpublic.pwrdrvr.com" + BASE_URL="${{ needs.deploy.outputs.url }}" echo "Smoke testing ${BASE_URL}" for i in {1..5}; do diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f81e8ca9..c5fc22b3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,10 @@ name: Release Packages on: + # pull_request: + # branches: [main] + # paths: + # - '**' + # - '!**/README.md' release: types: [published] jobs: @@ -37,6 +42,7 @@ jobs: contents: write outputs: latest_commit: ${{ steps.git_remote.outputs.latest_commit }} + tag_exists: ${{ steps.check_tag_exists.outputs.exists }} env: CI: 'true' steps: @@ -56,50 +62,67 @@ jobs: - name: Run Node Tests env: NODE_ENV: test + working-directory: src/cdk-construct run: yarn test - name: Prepare the Release - working-directory: src/cdk-construct/ + working-directory: src/cdk-construct run: npx projen release + - name: Check if version has already been tagged + id: check_tag_exists + working-directory: src/cdk-construct + run: |- + TAG=$(cat dist/releasetag.txt) + ([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT) + cat $GITHUB_OUTPUT # - name: Apply Version to Everything (Deployer / Datalib) # run: | # echo "Version is ${{needs.version.outputs.version }}" # node scripts/version.js ${{needs.version.outputs.version }} - name: Check for new commits id: git_remote - run: echo latest_commit="$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT + run: |- + echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + - name: Backup artifact permissions + if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} + working-directory: src/cdk-construct + run: cd dist && getfacl -R . > permissions-backup.acl + continue-on-error: true - name: Upload CDK Construct Artifact if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v4.4.0 with: name: build-artifact path: src/cdk-construct/dist + overwrite: true release_github: name: Publish to GitHub Releases - needs: release + needs: + - release + - release_npm runs-on: ubuntu-latest permissions: contents: write - if: needs.release.outputs.latest_commit == github.sha + if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha steps: - uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 18.x - name: Download build artifacts uses: actions/download-artifact@v4 with: name: build-artifact path: dist - - name: Prepare Repository - run: mv dist .repo - - name: Collect GitHub Metadata - run: mv .repo/dist dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true - name: Release - run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY: ${{ github.repository }} - GITHUB_REF: ${{ github.ref }} + GITHUB_REF: ${{ github.sha }} + run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi release_npm: name: Publish to npm @@ -107,130 +130,36 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - if: needs.release.outputs.latest_commit == github.sha + if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha steps: - uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 18.x - name: Download build artifacts uses: actions/download-artifact@v4 with: name: build-artifact path: dist - - name: Prepare Repository - run: mv dist .repo + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Checkout + uses: actions/checkout@v4 + with: + path: .repo - name: Install Dependencies run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Extract build artifact + run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo/src/cdk-construct + - name: Move build artifact out of the way + run: mv dist dist.old - name: Create js artifact - run: cd .repo && npx projen package:js - - name: Collect js Artifact - run: mv .repo/dist dist + run: cd .repo/src/cdk-construct/ && npx projen package:js + - name: Collect js artifact + run: mv .repo/src/cdk-construct/dist dist - name: Release - run: npx -p publib@latest publib-npm env: NPM_DIST_TAG: latest NPM_REGISTRY: registry.npmjs.org NPM_TOKEN: ${{ secrets.NPMJSORG_PUBLISH_TOKEN }} # publib requires NPM_TOKEN as an env var - - release_maven: - name: Publish to Maven Central - needs: release - runs-on: ubuntu-latest - permissions: - contents: read - if: needs.release.outputs.latest_commit == github.sha - steps: - - uses: actions/setup-java@v4 - with: - distribution: temurin - java-version: 11.x - - uses: actions/setup-node@v4 - with: - node-version: 18 - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: build-artifact - path: dist - - name: Prepare Repository - run: mv dist .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create java artifact - run: cd .repo && npx projen package:java - - name: Collect java Artifact - run: mv .repo/dist dist - - name: Release - run: npx -p publib@latest publib-maven - env: - MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} - MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }} - MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} - MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} - MAVEN_ENDPOINT: https://s01.oss.sonatype.org - - release_pypi: - name: Publish to PyPI - needs: release - runs-on: ubuntu-latest - permissions: - contents: read - if: needs.release.outputs.latest_commit == github.sha - steps: - - uses: actions/setup-node@v4 - with: - node-version: 18 - - uses: actions/setup-python@v5 - with: - python-version: 3.x - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: build-artifact - path: dist - - name: Prepare Repository - run: mv dist .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create python artifact - run: cd .repo && npx projen package:python - - name: Collect python Artifact - run: mv .repo/dist dist - - name: Release - run: npx -p publib@latest publib-pypi - env: - TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} - TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - - release_nuget: - name: Publish to NuGet Gallery - needs: release - runs-on: ubuntu-latest - permissions: - contents: read - if: needs.release.outputs.latest_commit == github.sha - steps: - - uses: actions/setup-node@v4 - with: - node-version: 18 - - uses: actions/setup-dotnet@v4 - with: - dotnet-version: 3.x - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: build-artifact - path: dist - - name: Prepare Repository - run: mv dist .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create dotnet artifact - run: cd .repo && npx projen package:dotnet - - name: Collect dotnet Artifact - run: mv .repo/dist dist - - name: Release - run: npx -p publib@latest publib-nuget - env: - NUGET_API_KEY: ${{ secrets.NUGET_MICROAPPS }} + run: npx -p publib@latest publib-npm diff --git a/src/cdk-construct/.github/workflows/release.yml b/src/cdk-construct/.github/workflows/release.yml index acf91249..e44c17ad 100644 --- a/src/cdk-construct/.github/workflows/release.yml +++ b/src/cdk-construct/.github/workflows/release.yml @@ -90,6 +90,7 @@ jobs: needs: release runs-on: ubuntu-latest permissions: + id-token: write contents: read if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha steps: @@ -122,5 +123,6 @@ jobs: env: NPM_DIST_TAG: latest NPM_REGISTRY: registry.npmjs.org + NPM_CONFIG_PROVENANCE: "true" NPM_TOKEN: ${{ secrets.NPM_TOKEN }} run: npx -p publib@latest publib-npm diff --git a/src/cdk-construct/.projenrc.ts b/src/cdk-construct/.projenrc.ts index 66f1041d..59316423 100644 --- a/src/cdk-construct/.projenrc.ts +++ b/src/cdk-construct/.projenrc.ts @@ -1,13 +1,16 @@ -import { awscdk } from 'projen'; +import { awscdk, javascript } from 'projen'; const project = new awscdk.AwsCdkConstructLibrary({ - author: 'Harold Hunt', + author: 'PwrDrvr LLC', authorAddress: 'harold@pwrdrvr.com', cdkVersion: '2.130.0', defaultReleaseBranch: 'main', + description: 'CDK construct for setting up lambda-dispatch ECS service', + license: 'MIT', jsiiVersion: '~5.5.0', name: '@pwrdrvr/lambda-dispatch-cdk', projenrcTs: true, repositoryUrl: 'https://github.com/pwrdrvr/lambda-dispatch.git', + npmAccess: javascript.NpmAccess.PUBLIC, // deps: [], /* Runtime dependencies of this module. */ // description: undefined, /* The description is just a string that helps people understand the purpose of the package. */ diff --git a/src/cdk-construct/LICENSE b/src/cdk-construct/LICENSE index d6456956..70e9be36 100644 --- a/src/cdk-construct/LICENSE +++ b/src/cdk-construct/LICENSE @@ -1,202 +1,19 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +Copyright (c) 2025 PwrDrvr LLC + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/src/cdk-construct/package.json b/src/cdk-construct/package.json index 4091f54e..d9533e28 100644 --- a/src/cdk-construct/package.json +++ b/src/cdk-construct/package.json @@ -1,5 +1,6 @@ { "name": "@pwrdrvr/lambda-dispatch-cdk", + "description": "CDK construct for setting up lambda-dispatch ECS service", "repository": { "type": "git", "url": "https://github.com/pwrdrvr/lambda-dispatch.git" @@ -29,7 +30,7 @@ "projen": "npx projen" }, "author": { - "name": "Harold Hunt", + "name": "PwrDrvr LLC", "email": "harold@pwrdrvr.com", "organization": false }, @@ -64,7 +65,10 @@ "cdk" ], "main": "lib/index.js", - "license": "Apache-2.0", + "license": "MIT", + "publishConfig": { + "access": "public" + }, "version": "0.0.0", "jest": { "coverageProvider": "v8",