s3_asset_deploy 0.1.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d1f14b5addc89b2dcb33d380636458e467a74397d3733032035d33906b5e78b
-  data.tar.gz: 829e2b62c558ea4692fd4447cef95f8e901d309849065c321654de8fbdc959a7
+  metadata.gz: 482b049a3ae897a8b60fdca1931da6de0fe4558ad5c6e958a0d474bdb6e2439c
+  data.tar.gz: 41232f6389b851e70dd95970052bfb3d8a7eb90561cfc613a72cdc2973e21d07
 SHA512:
-  metadata.gz: c469bd3c5b39c0547ab3d455a601a3a36bf3e27f2b100739781aa11dbdff3355948c3157d0636c750c4f654364625448dce420b96ea4bde045efc339217ebec4
-  data.tar.gz: dd0b2291255821f71790a0b78ded052e00ec53fb7e42f5d680fadb758ef6ecd0efa1fda534a1102a3749e65dd0e38d114eba3dd2eca9b46b819a6a4966b1d4b1
+  metadata.gz: e8bc7982759a34dbcac1c7b97ff34d3e2ed2a5657465394e4a5c3fdbb9c92deac254b0e27750729fc6d7c99486d4963475785e9f0fa8b6fbaad344993416a440
+  data.tar.gz: cc8788fc2dea4b4742c69c7fbc3f042b93eea65f06a79af361e8c5fd6ed83eea5b696448ba2265888fca085d8a89bc9ff5ea83b8c57963493619277fc17927de

data/CHANGELOG.md

@@ -1,4 +1,14 @@
 # Changelog
 
+## [v1.0.2](https://github.com/Loomly/s3_asset_deploy/compare/v1.0.1...v1.0.2) - 2022-09-12
+- Remove `acl` specification when saving removal manifest. Bucket policies should be used instead.
+
+## [v1.0.1](https://github.com/Loomly/s3_asset_deploy/compare/v1.0.0...v1.0.1) - 2022-02-23
+- Batch delete API calls with max 1000 keys - [PR #32](https://github.com/Loomly/s3_asset_deploy/pull/32)
+
+## [v1.0.0](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.1...v1.0.0) - 2021-05-13
+### Breaking Changes
+- Remove default `acl` setting when uploading assets to bucket - [PR #25](https://github.com/Loomly/s3_asset_deploy/pull/25)
+
 ## [v0.1.1](https://github.com/Loomly/s3_asset_deploy/compare/v0.1.0...v0.1.1) - 2021-03-22
 - Fix bug in AssetHelper.remove_fingerprint referencing asset_path - [4f370ad](https://github.com/Loomly/s3_asset_deploy/commit/4f370ad9c0c1c274acb9b1d8585b878f47020277)

data/Gemfile.lock

@@ -1,43 +1,48 @@
 PATH
   remote: .
   specs:
-    s3_asset_deploy (0.1.1)
+    s3_asset_deploy (1.0.2)
       aws-sdk-s3 (~> 1.0)
       mime-types (~> 3.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    aws-eventstream (1.1.0)
-    aws-partitions (1.422.0)
-    aws-sdk-core (3.111.2)
+    aws-eventstream (1.2.0)
+    aws-partitions (1.628.0)
+    aws-sdk-core (3.145.0)
       aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.239.0)
+      aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
-    aws-sdk-kms (1.41.0)
-      aws-sdk-core (~> 3, >= 3.109.0)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.58.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.87.0)
-      aws-sdk-core (~> 3, >= 3.109.0)
+    aws-sdk-s3 (1.114.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.2.2)
+      aws-sigv4 (~> 1.4)
+    aws-sigv4 (1.5.1)
       aws-eventstream (~> 1, >= 1.0.2)
     byebug (11.1.3)
     coderay (1.1.3)
     diff-lcs (1.4.4)
-    jmespath (1.4.0)
+    jmespath (1.6.1)
     method_source (1.0.0)
-    mime-types (3.3.1)
+    mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.1104)
+    mime-types-data (3.2022.0105)
+    mini_portile2 (2.8.0)
+    nokogiri (1.13.3)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pry-byebug (3.9.0)
       byebug (~> 11.0)
       pry (~> 0.13.0)
+    racc (1.6.0)
     rake (13.0.3)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
@@ -60,6 +65,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  nokogiri (~> 1.13)
   pry (~> 0.13)
   pry-byebug (~> 3.9)
   rake (~> 13.0)
@@ -69,4 +75,4 @@ DEPENDENCIES
   timecop (~> 0.9)
 
 BUNDLED WITH
-   2.2.7
+   2.2.32

data/README.md

@@ -42,7 +42,7 @@ Before using `S3AssetDeploy` you want to make sure to compile your assets. Asset
 
 
 ```ruby
-manager = S3AssetDeploy::Manager("my-s3-bucket")
+manager = S3AssetDeploy::Manager.new("my-s3-bucket")
 manager.deploy do
   # Perform deploy to web instances in this block
 end
@@ -61,7 +61,7 @@ You'll need to initialize `S3AssetDeploy::Manager` with an S3 bucket name and **
 - **s3_client_options** (Hash) -> A hash that is passed directly to [`Aws::S3::Client#initialize`](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#initialize-instance_method) to configure the S3 client. By default the region is set to `us-east-1`.
 - **logger** (Logger) -> A custom logger. By default things are logged to `STDOUT`.
 - **local_asset_collector** (S3AssetDeploy::LocalAssetCollector) -> A custom instance of `S3AssetDeploy::LocalAssetCollector`. This allows you to customize how locally compiled assets are collected.
-- **upload_options** (Hash) -> A hash consisting of options that are passed directly to [`Aws::S3::Client#put_object`](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_object-instance_method) when each asset is uploaded. By default `acl` is set to `public-read` and `cache_control` is set to `public, max-age=31536000`.
+- **upload_options** (Hash) -> A hash consisting of options that are passed directly to [`Aws::S3::Client#put_object`](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_object-instance_method) when each asset is uploaded. By default `cache_control` is set to `public, max-age=31536000`.
 - **remove_fingerprint** (Lambda) -> Lambda for overriding how fingerprints are removed from asset paths. Fingerprints need to be removed during the cleaning process in order to group versions of the same file. If no Lambda is provided, [`S3AssetDeploy::AssetHelper.remove_fingerprint`](https://github.com/Loomly/s3_asset_deploy/blob/main/lib/s3_asset_deploy/asset_helper.rb#L8) is used by default.
 
 Here's an example:
@@ -108,6 +108,46 @@ manager.clean
 `S3AssetDeploy::Manager#deploy` and `S3AssetDeploy::Manager#clean` both accept `dry_run` as a keyword argument.
 `S3AssetDeploy::Manager#clean` also accepts `version_limit`, `version_ttl`, and `removed_ttl` just like `S3AssetDeploy::Manager#deploy`.
 
+### Practical Example of Usage
+There are many ways to use and invoke `S3AssetDeploy`. How you use it will depend on your deploy process and pipeline. At Loomly, we have some rake tasks that are invoked from our CI/CD pipeline to perform deploys.
+Here's a basic example of how we use `S3AssetDeploy`:
+
+
+```ruby
+# lib/tasks/deploy.rake
+
+require "s3_asset_deploy"
+
+namespace :deploy do
+  task precompile: :environment do
+    puts "Precompiling assets..."
+    sh("RAILS_ENV=production SECRET_KEY_BASE='secret key' bundle exec rake assets:precompile")
+  end
+
+  task clobber_assets: :environment do
+    puts "Clobbering assets..."
+    sh("RAILS_ENV=production SECRET_KEY_BASE='secret key' bundle exec rake assets:clobber")
+  end
+
+  task :production do
+    Rake::Task["deploy:precompile"].invoke
+
+    manager = S3AssetDeploy::Manager.new("my-s3-bucket")
+    manager.deploy do
+      # Perform deploy to web instances in this block.
+      # How you do this will depend on where you are hosting your application and what tools you use to deploy.
+    end
+
+    Rake::Task["deploy:clobber_assets"].invoke # <-- If you are running on CI where the precompiled assets directory is ephemeral, this may be unnecessary
+  end
+end
+```
+
+Given the example above, we can perform a deploy by running `bundle exec rake deploy:production`. This task will:
+1. Precompile assets
+2. Upload any new assets to S3 using `S3AssetDeploy`
+3. Deploy a new version of our application
+4. Clean any outdated or unused assets from S3 using `S3AssetDeploy`
 
 ## Customizing local asset collection
 By default, `S3AssetDeploy::Manager` will use [`S3AssetDeploy::RailsLocalAssetCollector`](https://github.com/Loomly/s3_asset_deploy/blob/main/lib/s3_asset_deploy/rails_local_asset_collector.rb) to collect locally compiled assets. This will use the `Sprockets::Manifest` and `Webpacker` config (if `Webpacker` is installed) to locate the compiled assets. `S3AssetDeploy::RailsLocalAssetCollector` inherits from the [`S3AssetDeploy::LocalAssetCollector`](https://github.com/Loomly/s3_asset_deploy/blob/main/lib/s3_asset_deploy/local_asset_collector.rb) base class. You can completely customize how your local assets are collected for deploys by creating your own class that inherits from `S3AssetDeploy::LocalAssetCollector` and passing it into the manager. You'll want override `S3AssetDeploy::LocalAssetCollector#assets` in your custom collector such that it returns an array of `S3AssetDeploy::LocalAsset` instances. Here's a basic example:
@@ -134,7 +174,7 @@ This will skip any write or delete operations and only perform read opeartions w
 This is helpful for debugging or planning purposes.
 
 ```ruby
-> manager = S3AssetDeploy::Manager("my-s3-bucket")
+> manager = S3AssetDeploy::Manager.new("my-s3-bucket")
 > manager.deploy(dry_run: true)
 
 I, [2021-02-17T16:12:23.703677 #65335]  INFO -- : S3AssetDeploy::Manager: Cleaning assets from test-bucket S3 bucket. Dry run: true
@@ -143,7 +183,7 @@ I, [2021-02-17T16:12:23.703677 #65335]  INFO -- : S3AssetDeploy::Manager: Determ
 ```
 
 ## AWS IAM Permissions
-`S3AsetDeploy` requires the following AWS IAM permissions:
+`S3AsetDeploy` requires the following AWS IAM permissions to list, put, and delete objects in your S3 Bucket:
 
 ```json
 "Statement": [
@@ -162,6 +202,65 @@ I, [2021-02-17T16:12:23.703677 #65335]  INFO -- : S3AssetDeploy::Manager: Determ
 ]
 ```
 
+## Configuration with Cloudfront
+
+### Restricting Access with Origin Access Identity
+If you want to setup Cloudfront to serve your assets, you can [restrict access to the bucket by using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-granting-permissions-to-oai) so that only Cloudfront can access the objects in your bucket.
+
+If you do this, your bucket policy will look something like this:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowGetObject",
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": [
+                  "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
+                ]
+            },
+            "Action": "s3:GetObject",
+            "Resource": "arn:aws:s3:::#{YOUR_BUCKET}/*"
+        },
+        {
+            "Sid": "DenyGetObject",
+            "Effect": "Deny",
+            "Principal": {
+                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity #{YOUR_OAI_ID}"
+            },
+            "Action": "s3:GetObject",
+            "Resource": "arn:aws:s3:::#{YOUR_BUCKET}/s3-asset-deploy-removal-manifest.json"
+        }
+    ]
+}
+```
+
+This policy allows Cloudfront to access everything **except** the removal manifest uploaded and maintained by this gem since this manifest does not need to be served to clients.
+
+### CORS
+Your CORS configuration on the bucket might look something like this:
+
+```json
+[
+    {
+        "AllowedHeaders": [
+            "Authorization"
+        ],
+        "AllowedMethods": [
+            "GET",
+            "HEAD"
+        ],
+        "AllowedOrigins": [
+            "https://*.#{YOUR_SITE}.com"
+        ],
+        "ExposeHeaders": [],
+        "MaxAgeSeconds": 3000
+    }
+]
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/s3_asset_deploy/manager.rb

@@ -168,7 +168,6 @@ class S3AssetDeploy::Manager
       bucket: bucket_name,
       key: asset.path,
       body: file_handle,
-      acl: "public-read",
       content_type: asset.mime_type,
       cache_control: "public, max-age=31536000"
     }.merge(@upload_options)
@@ -194,10 +193,12 @@ class S3AssetDeploy::Manager
 
   def delete_objects(keys = [])
     return if keys.empty?
-    s3.delete_objects(
-      bucket: bucket_name,
-      delete: { objects: keys.map { |key| { key: key }} }
-    )
+    keys.each_slice(1000) do |key_slice|
+      s3.delete_objects(
+        bucket: bucket_name,
+        delete: { objects: key_slice.map { |key| { key: key }} }
+      )
+    end
   end
 
   def log(msg)

data/lib/s3_asset_deploy/removal_manifest.rb

@@ -45,7 +45,6 @@ class S3AssetDeploy::RemovalManifest
       bucket: bucket_name,
       key: PATH,
       body: @manifest.to_json,
-      acl: "private",
       content_type: "application/json"
     })
 

data/lib/s3_asset_deploy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module S3AssetDeploy
-  VERSION = "0.1.1"
+  VERSION = "1.0.2"
 end

data/s3_asset_deploy.gemspec

@@ -36,6 +36,10 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "pry-byebug", "~> 3.9"
   spec.add_development_dependency "rspec_junit_formatter", "~> 0.4"
 
+  # Required for aws-sdk-ruby.
+  # See https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-core/lib/aws-sdk-core/xml/parser.rb#L74
+  spec.add_development_dependency "nokogiri", "~> 1.13"
+
   # For more information and examples about making a new gem, checkout our
   # guide at: https://bundler.io/guides/creating_gem.html
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3_asset_deploy
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Loomly
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-22 00:00:00.000000000 Z
+date: 2022-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-s3
@@ -122,6 +122,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
 description:
 email:
 - contact@loomly.com
@@ -176,7 +190,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: Deploy & manage static assets on S3 with rolling deploys & rollbacks in mind.