Issue 227 - Publish CDK Construct to NPM

.github/workflows/build.yaml

@@ -578,13 +578,18 @@ jobs:
   deploy:
     needs: [install-deps]
     runs-on: ubuntu-latest
-    environment: ghpublic
+    environment:
+      name: ghpublic
+      url: https://lambdadispatch${{ steps.getDeployUrl.outputs.stack-url-suffix }}.ghpublic.pwrdrvr.com/ping
     permissions:
       id-token: write
       contents: read
     concurrency:
       group: deploy-${{ github.workflow }}-${{ github.event.pull_request.number }}
       cancel-in-progress: false
+    outputs:
+      stack-url-suffix: ${{ steps.getDeployUrl.outputs.stack-url-suffix }}
+      url: https://lambdadispatch${{ steps.getDeployUrl.outputs.stack-url-suffix }}.ghpublic.pwrdrvr.com
     if: ${{ always() && needs.install-deps.result != 'failed' }}
     env:
       DEMO_APP_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-demo-app${{ github.event_name == 'pull_request' && '-dev' || '' }}
@@ -607,6 +612,15 @@ jobs:
         run: |
           yarn build
 
+      - name: Get Deploy URL
+        id: getDeployUrl
+        run: |
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            echo stack-url-suffix="-pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
+          else
+            echo stack-url-suffix="" >> $GITHUB_OUTPUT
+          fi
+
       - name: Deploy Stack
         env:
           PR_NUMBER: ${{ github.event.pull_request.number }}
@@ -628,7 +642,7 @@ jobs:
             STACK_SUFFIX=""
           fi
 
-          BASE_URL="https://lambdadispatch${STACK_SUFFIX}.ghpublic.pwrdrvr.com"
+          BASE_URL="${{ needs.deploy.outputs.url }}"
           echo "Smoke testing ${BASE_URL}"
 
           for i in {1..5}; do

.github/workflows/release.yml

@@ -1,5 +1,10 @@
 name: Release Packages
 on:
+  # pull_request:
+  #   branches: [main]
+  #   paths:
+  #     - '**'
+  #     - '!**/README.md'
   release:
     types: [published]
 jobs:
@@ -37,6 +42,7 @@ jobs:
       contents: write
     outputs:
       latest_commit: ${{ steps.git_remote.outputs.latest_commit }}
+      tag_exists: ${{ steps.check_tag_exists.outputs.exists }}
     env:
       CI: 'true'
     steps:
@@ -56,181 +62,104 @@ jobs:
       - name: Run Node Tests
         env:
           NODE_ENV: test
+        working-directory: src/cdk-construct
         run: yarn test
       - name: Prepare the Release
-        working-directory: src/cdk-construct/
+        working-directory: src/cdk-construct
         run: npx projen release
+      - name: Check if version has already been tagged
+        id: check_tag_exists
+        working-directory: src/cdk-construct
+        run: |-
+          TAG=$(cat dist/releasetag.txt)
+          ([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT)
+          cat $GITHUB_OUTPUT
       # - name: Apply Version to Everything (Deployer / Datalib)
       #   run: |
       #     echo "Version is ${{needs.version.outputs.version }}"
       #     node scripts/version.js ${{needs.version.outputs.version }}
       - name: Check for new commits
         id: git_remote
-        run: echo latest_commit="$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
+        run: |-
+          echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
+      - name: Backup artifact permissions
+        if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
+        working-directory: src/cdk-construct
+        run: cd dist && getfacl -R . > permissions-backup.acl
+        continue-on-error: true
       - name: Upload CDK Construct Artifact
         if: ${{ steps.git_remote.outputs.latest_commit == github.sha }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v4.4.0
         with:
           name: build-artifact
           path: src/cdk-construct/dist
+          overwrite: true
 
   release_github:
     name: Publish to GitHub Releases
-    needs: release
+    needs:
+      - release
+      - release_npm
     runs-on: ubuntu-latest
     permissions:
       contents: write
-    if: needs.release.outputs.latest_commit == github.sha
+    if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
     steps:
       - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 18.x
       - name: Download build artifacts
         uses: actions/download-artifact@v4
         with:
           name: build-artifact
           path: dist
-      - name: Prepare Repository
-        run: mv dist .repo
-      - name: Collect GitHub Metadata
-        run: mv .repo/dist dist
+      - name: Restore build artifact permissions
+        run: cd dist && setfacl --restore=permissions-backup.acl
+        continue-on-error: true
       - name: Release
-        run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_REPOSITORY: ${{ github.repository }}
-          GITHUB_REF: ${{ github.ref }}
+          GITHUB_REF: ${{ github.sha }}
+        run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi
 
   release_npm:
     name: Publish to npm
     needs: release
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    if: needs.release.outputs.latest_commit == github.sha
+    if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
     steps:
       - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 18.x
       - name: Download build artifacts
         uses: actions/download-artifact@v4
         with:
           name: build-artifact
           path: dist
-      - name: Prepare Repository
-        run: mv dist .repo
+      - name: Restore build artifact permissions
+        run: cd dist && setfacl --restore=permissions-backup.acl
+        continue-on-error: true
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: .repo
       - name: Install Dependencies
         run: cd .repo && yarn install --check-files --frozen-lockfile
+      - name: Extract build artifact
+        run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo/src/cdk-construct
+      - name: Move build artifact out of the way
+        run: mv dist dist.old
       - name: Create js artifact
-        run: cd .repo && npx projen package:js
-      - name: Collect js Artifact
-        run: mv .repo/dist dist
+        run: cd .repo/src/cdk-construct/ && npx projen package:js
+      - name: Collect js artifact
+        run: mv .repo/src/cdk-construct/dist dist
       - name: Release
-        run: npx -p publib@latest publib-npm
         env:
           NPM_DIST_TAG: latest
           NPM_REGISTRY: registry.npmjs.org
           NPM_TOKEN: ${{ secrets.NPMJSORG_PUBLISH_TOKEN }} # publib requires NPM_TOKEN as an env var
-
-  release_maven:
-    name: Publish to Maven Central
-    needs: release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    if: needs.release.outputs.latest_commit == github.sha
-    steps:
-      - uses: actions/setup-java@v4
-        with:
-          distribution: temurin
-          java-version: 11.x
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 18
-      - name: Download build artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: build-artifact
-          path: dist
-      - name: Prepare Repository
-        run: mv dist .repo
-      - name: Install Dependencies
-        run: cd .repo && yarn install --check-files --frozen-lockfile
-      - name: Create java artifact
-        run: cd .repo && npx projen package:java
-      - name: Collect java Artifact
-        run: mv .repo/dist dist
-      - name: Release
-        run: npx -p publib@latest publib-maven
-        env:
-          MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
-          MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }}
-          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
-          MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
-          MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }}
-          MAVEN_ENDPOINT: https://s01.oss.sonatype.org
-
-  release_pypi:
-    name: Publish to PyPI
-    needs: release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    if: needs.release.outputs.latest_commit == github.sha
-    steps:
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 18
-      - uses: actions/setup-python@v5
-        with:
-          python-version: 3.x
-      - name: Download build artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: build-artifact
-          path: dist
-      - name: Prepare Repository
-        run: mv dist .repo
-      - name: Install Dependencies
-        run: cd .repo && yarn install --check-files --frozen-lockfile
-      - name: Create python artifact
-        run: cd .repo && npx projen package:python
-      - name: Collect python Artifact
-        run: mv .repo/dist dist
-      - name: Release
-        run: npx -p publib@latest publib-pypi
-        env:
-          TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
-
-  release_nuget:
-    name: Publish to NuGet Gallery
-    needs: release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    if: needs.release.outputs.latest_commit == github.sha
-    steps:
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 18
-      - uses: actions/setup-dotnet@v4
-        with:
-          dotnet-version: 3.x
-      - name: Download build artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: build-artifact
-          path: dist
-      - name: Prepare Repository
-        run: mv dist .repo
-      - name: Install Dependencies
-        run: cd .repo && yarn install --check-files --frozen-lockfile
-      - name: Create dotnet artifact
-        run: cd .repo && npx projen package:dotnet
-      - name: Collect dotnet Artifact
-        run: mv .repo/dist dist
-      - name: Release
-        run: npx -p publib@latest publib-nuget
-        env:
-          NUGET_API_KEY: ${{ secrets.NUGET_MICROAPPS }}
+        run: npx -p publib@latest publib-npm

src/cdk-construct/.projenrc.ts

@@ -1,13 +1,16 @@
-import { awscdk } from 'projen';
+import { awscdk, javascript } from 'projen';
 const project = new awscdk.AwsCdkConstructLibrary({
-  author: 'Harold Hunt',
+  author: 'PwrDrvr LLC',
   authorAddress: 'harold@pwrdrvr.com',
   cdkVersion: '2.130.0',
   defaultReleaseBranch: 'main',
+  description: 'CDK construct for setting up lambda-dispatch ECS service',
+  license: 'MIT',
   jsiiVersion: '~5.5.0',
   name: '@pwrdrvr/lambda-dispatch-cdk',
   projenrcTs: true,
   repositoryUrl: 'https://github.com/pwrdrvr/lambda-dispatch.git',
+  npmAccess: javascript.NpmAccess.PUBLIC,
 
   // deps: [],                /* Runtime dependencies of this module. */
   // description: undefined,  /* The description is just a string that helps people understand the purpose of the package. */