@adobe/helix-deploy 7.2.1 → 7.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/package.json +13 -12
  3. package/src/deploy/AWSConfig.js +7 -19
  4. package/src/deploy/AWSDeployer.js +30 -96
package/CHANGELOG.md CHANGED
@@ -1,3 +1,17 @@
1
+ # [7.3.0](https://github.com/adobe/helix-deploy/compare/v7.2.2...v7.3.0) (2022-11-17)
2
+
3
+
4
+ ### Features
5
+
6
+ * use static deploy bucket ([#470](https://github.com/adobe/helix-deploy/issues/470)) ([dfe0a91](https://github.com/adobe/helix-deploy/commit/dfe0a91f3e8564213bfdc933a562433885c5625c)), closes [#469](https://github.com/adobe/helix-deploy/issues/469)
7
+
8
+ ## [7.2.2](https://github.com/adobe/helix-deploy/compare/v7.2.1...v7.2.2) (2022-11-12)
9
+
10
+
11
+ ### Bug Fixes
12
+
13
+ * **deps:** update external fixes ([a54668d](https://github.com/adobe/helix-deploy/commit/a54668d351fc830ab1b669db1f8204c7c50ee5f7))
14
+
1
15
  ## [7.2.1](https://github.com/adobe/helix-deploy/compare/v7.2.0...v7.2.1) (2022-11-07)
2
16
 
3
17
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@adobe/helix-deploy",
3
- "version": "7.2.1",
3
+ "version": "7.3.0",
4
4
  "description": "Library and Commandline Tools to build and deploy OpenWhisk Actions",
5
5
  "license": "Apache-2.0",
6
6
  "homepage": "https://github.com/adobe/helix-deploy#readme",
@@ -38,14 +38,15 @@
38
38
  "dependencies": {
39
39
  "@adobe/fastly-native-promises": "2.0.14",
40
40
  "@adobe/fetch": "3.3.0",
41
- "@aws-sdk/client-apigatewayv2": "3.204.0",
42
- "@aws-sdk/client-lambda": "3.204.0",
43
- "@aws-sdk/client-s3": "3.204.0",
44
- "@aws-sdk/client-secrets-manager": "3.204.0",
45
- "@aws-sdk/client-ssm": "3.204.0",
41
+ "@aws-sdk/client-apigatewayv2": "3.209.0",
42
+ "@aws-sdk/client-lambda": "3.209.0",
43
+ "@aws-sdk/client-s3": "3.209.0",
44
+ "@aws-sdk/client-secrets-manager": "3.209.0",
45
+ "@aws-sdk/client-ssm": "3.209.0",
46
+ "@aws-sdk/client-sts": "3.211.0",
46
47
  "@fastly/js-compute": "0.5.4",
47
- "@google-cloud/functions": "2.2.1",
48
- "@google-cloud/secret-manager": "4.1.3",
48
+ "@google-cloud/functions": "2.2.3",
49
+ "@google-cloud/secret-manager": "4.1.4",
49
50
  "@google-cloud/storage": "6.7.0",
50
51
  "@rollup/plugin-alias": "4.0.2",
51
52
  "@rollup/plugin-commonjs": "23.0.2",
@@ -66,7 +67,7 @@
66
67
  "rollup-plugin-terser": "7.0.2",
67
68
  "semver": "7.3.8",
68
69
  "tar": "6.1.12",
69
- "webpack": "5.74.0",
70
+ "webpack": "5.75.0",
70
71
  "yargs": "17.6.2"
71
72
  },
72
73
  "devDependencies": {
@@ -77,20 +78,20 @@
77
78
  "@semantic-release/changelog": "6.0.1",
78
79
  "@semantic-release/git": "10.0.1",
79
80
  "c8": "7.12.0",
80
- "chai": "4.3.6",
81
+ "chai": "4.3.7",
81
82
  "chai-http": "4.3.0",
82
83
  "codecov": "3.8.3",
83
84
  "eslint": "8.27.0",
84
85
  "eslint-plugin-header": "3.1.1",
85
86
  "eslint-plugin-import": "2.26.0",
86
- "husky": "8.0.1",
87
+ "husky": "8.0.2",
87
88
  "lint-staged": "13.0.3",
88
89
  "mocha": "10.1.0",
89
90
  "mocha-junit-reporter": "2.1.1",
90
91
  "mocha-multi-reporters": "1.5.1",
91
92
  "nock": "13.2.9",
92
93
  "semantic-release": "19.0.5",
93
- "sinon": "14.0.1",
94
+ "sinon": "14.0.2",
94
95
  "yauzl": "2.10.0"
95
96
  },
96
97
  "engines": {
package/src/deploy/AWSConfig.js CHANGED
@@ -19,7 +19,6 @@ export default class AWSConfig {
19
19
  region: '',
20
20
  role: '',
21
21
  apiId: '',
22
- cleanUpBuckets: false,
23
22
  cleanUpIntegrations: false,
24
23
  createRoutes: false,
25
24
  lambdaFormat: DEFAULT_LAMBDA_FORMAT,
@@ -28,7 +27,7 @@ export default class AWSConfig {
28
27
  attachAuthorizer: '',
29
28
  arch: 'x86_64',
30
29
  identitySources: ['$request.header.Authorization'],
31
- deployTemplate: 'helix-deploy-template',
30
+ deployBucket: '',
32
31
  });
33
32
  }
34
33
 
@@ -42,11 +41,10 @@ export default class AWSConfig {
42
41
  .withAWSCreateAuthorizer(argv.awsCreateAuthorizer)
43
42
  .withAWSAttachAuthorizer(argv.awsAttachAuthorizer)
44
43
  .withAWSIdentitySources(argv.awsIdentitySource)
45
- .withAWSCleanUpBuckets(argv.awsCleanupBuckets)
46
44
  .withAWSCleanUpIntegrations(argv.awsCleanupIntegrations)
47
45
  .withAWSCreateRoutes(argv.awsCreateRoutes)
48
46
  .withAWSParamsManager(argv.awsParameterManager)
49
- .withAWSDeployTemplate(argv.awsDeployTemplate);
47
+ .withAWSDeployBucket(argv.awsDeployBucket);
50
48
  }
51
49
 
52
50
  withAWSRegion(value) {
@@ -77,11 +75,6 @@ export default class AWSConfig {
77
75
  return this;
78
76
  }
79
77
 
80
- withAWSCleanUpBuckets(value) {
81
- this.cleanUpBuckets = value;
82
- return this;
83
- }
84
-
85
78
  withAWSCleanUpIntegrations(value) {
86
79
  this.cleanUpIntegrations = value;
87
80
  return this;
@@ -112,8 +105,8 @@ export default class AWSConfig {
112
105
  return this;
113
106
  }
114
107
 
115
- withAWSDeployTemplate(value) {
116
- this.deployTemplate = value;
108
+ withAWSDeployBucket(value) {
109
+ this.deployBucket = value;
117
110
  return this;
118
111
  }
119
112
 
@@ -175,20 +168,15 @@ export default class AWSConfig {
175
168
  description: 'Attach specified authorizer to routes during linking.',
176
169
  type: 'string',
177
170
  })
178
- .option('aws-cleanup-buckets', {
179
- description: 'Cleans up stray temporary S3 buckets',
180
- type: 'boolean',
181
- default: false,
182
- })
183
171
  .option('aws-cleanup-integrations', {
184
172
  description: 'Cleans up unused integrations',
185
173
  type: 'boolean',
186
174
  default: false,
187
175
  })
188
- .option('aws-deploy-template', {
189
- description: 'Name of the deploy S3 bucket template to use',
176
+ .option('aws-deploy-bucket', {
177
+ description: 'Name of the deploy S3 bucket to use (default is helix-deploy-bucket-{accountId})',
190
178
  type: 'string',
191
- default: 'helix-deploy-template',
179
+ default: '',
192
180
  });
193
181
  }
194
182
  }
package/src/deploy/AWSDeployer.js CHANGED
@@ -12,13 +12,16 @@
12
12
  /* eslint-disable no-await-in-loop,no-restricted-syntax */
13
13
  import chalk from 'chalk-template';
14
14
  import {
15
- CreateBucketCommand, DeleteBucketCommand, DeleteObjectCommand, DeleteObjectsCommand,
16
- GetBucketTaggingCommand, ListBucketsCommand,
17
- ListObjectsV2Command, PutObjectCommand,
18
- PutPublicAccessBlockCommand, PutBucketTaggingCommand,
15
+ DeleteObjectCommand,
16
+ PutObjectCommand,
19
17
  S3Client,
20
18
  } from '@aws-sdk/client-s3';
21
19
 
20
+ import {
21
+ GetCallerIdentityCommand,
22
+ STSClient,
23
+ } from '@aws-sdk/client-sts';
24
+
22
25
  import {
23
26
  AddPermissionCommand,
24
27
  CreateAliasCommand,
@@ -52,12 +55,17 @@ import ActionBuilder from '../ActionBuilder.js';
52
55
  import AWSConfig from './AWSConfig.js';
53
56
 
54
57
  export default class AWSDeployer extends BaseDeployer {
58
+ /**
59
+ * @param {BaseConfig} baseConfig
60
+ * @param {AWSConfig} config
61
+ */
55
62
  constructor(baseConfig, config) {
56
63
  super(baseConfig);
57
64
 
58
65
  Object.assign(this, {
59
66
  id: 'aws',
60
67
  name: 'AmazonWebServices',
68
+ /** @type AWSConfig */
61
69
  _cfg: config,
62
70
  _functionARN: '',
63
71
  _aliasARN: '',
@@ -127,7 +135,6 @@ export default class AWSDeployer extends BaseDeployer {
127
135
  }
128
136
 
129
137
  async init() {
130
- this._bucket = `poly-func-maker-temp-${crypto.randomBytes(16).toString('hex')}`;
131
138
  if (this._cfg.region) {
132
139
  this._s3 = new S3Client({
133
140
  region: this._cfg.region,
@@ -147,77 +154,39 @@ export default class AWSDeployer extends BaseDeployer {
147
154
  }
148
155
  }
149
156
 
150
- async createS3Bucket() {
151
- const data = await this._s3.send(new CreateBucketCommand({
152
- Bucket: this._bucket,
153
- }));
154
- this.log.info(chalk`{green ok:} bucket ${data.Location} created`);
155
-
156
- const { deployTemplate } = this._cfg;
157
- if (!deployTemplate) {
158
- return;
159
- }
160
-
161
- let tags;
162
- try {
163
- // Obtain tags from template bucket
164
- const result = await this._s3.send(new GetBucketTaggingCommand({
165
- Bucket: deployTemplate,
166
- }));
167
- tags = result.TagSet;
168
- } catch (e) {
169
- this.log.warn(`Unable to obtain default tags from template bucket: ${this.bucket}`, e);
170
- return;
171
- }
172
-
173
- // Block public access
174
- await this._s3.send(new PutPublicAccessBlockCommand({
175
- Bucket: this._bucket,
176
- PublicAccessBlockConfiguration: {
177
- BlockPublicAcls: true,
178
- IgnorePublicAcls: true,
179
- BlockPublicPolicy: true,
180
- RestrictPublicBuckets: true,
181
- },
182
- }));
183
- this.log.info(chalk`{green ok:} bucket ${data.Location} hidden from public`);
184
-
185
- // Put required tags
186
- await this._s3.send(new PutBucketTaggingCommand({
187
- Bucket: this._bucket,
188
- Tagging: {
189
- TagSet: tags,
190
- },
191
- }));
192
- this.log.info(chalk`{green ok:} added tags to bucket ${data.Location}`);
157
+ async initAccountId() {
158
+ const sts = new STSClient({
159
+ region: this._cfg.region,
160
+ });
161
+ const ret = await sts.send(new GetCallerIdentityCommand());
162
+ this._accountId = ret.Account;
163
+ this.log.info(chalk`{green ok:} initialized AWS deployer for account {yellow ${ret.Account}}`);
193
164
  }
194
165
 
195
166
  async uploadZIP() {
196
167
  const { cfg } = this;
197
168
  const relZip = path.relative(process.cwd(), cfg.zipFile);
198
169
 
199
- this.log.info(`--: uploading ${relZip} to S3 bucket ${this._bucket} ...`);
170
+ // ensure upload key is unique
171
+ this._bucket = this._cfg.deployBucket || `helix-deploy-bucket-${this._accountId}`;
172
+ this._key = `${path.basename(relZip)}-${crypto.randomBytes(16).toString('hex')}`;
200
173
  const uploadParams = {
201
174
  Bucket: this._bucket,
202
- Key: relZip,
175
+ Key: this._key,
203
176
  Body: await fse.readFile(cfg.zipFile),
204
177
  };
205
178
 
179
+ this.log.info(`--: uploading ${relZip} to S3 bucket ${this._bucket} ...`);
206
180
  await this._s3.send(new PutObjectCommand(uploadParams));
207
-
208
- this._key = relZip;
209
- this.log.info(chalk`{green ok:} file uploaded`);
181
+ this.log.info(chalk`{green ok:} uploaded deploy package {blueBright s3://${this._bucket}/${this._key}}`);
210
182
  }
211
183
 
212
- async deleteS3Bucket() {
184
+ async deleteZIP() {
213
185
  await this._s3.send(new DeleteObjectCommand({
214
186
  Bucket: this._bucket,
215
187
  Key: this._key,
216
188
  }));
217
- await this._s3.send(new DeleteBucketCommand({
218
- Bucket: this._bucket,
219
- }));
220
- this.log.info(chalk`{green ok:} bucket ${this._bucket} emptied and deleted`);
189
+ this.log.info(chalk`{green ok:} deleted deploy package {blueBright s3://${this._bucket}/${this._key}}.`);
221
190
  }
222
191
 
223
192
  async createLambda() {
@@ -255,7 +224,6 @@ export default class AWSDeployer extends BaseDeployer {
255
224
  ],
256
225
  };
257
226
 
258
- console.log(functionConfig);
259
227
  this.log.info(`--: using lambda role "${this._cfg.role}"`);
260
228
 
261
229
  // check if function already exists
@@ -547,37 +515,6 @@ export default class AWSDeployer extends BaseDeployer {
547
515
  this.log.info(chalk`{green ok}: parameters updated.`);
548
516
  }
549
517
 
550
- async cleanUpBuckets() {
551
- this.log.info('--: cleaning up stray temporary S3 buckets ...');
552
- let res = await this._s3.send(new ListBucketsCommand({}));
553
- const helixBuckets = res.Buckets.filter((b) => b.Name.startsWith('poly-func-maker-temp-'));
554
- if (helixBuckets.length === 0) {
555
- this.log.info(chalk`{green ok}: no stray buckets found.`);
556
- } else {
557
- await Promise.all(helixBuckets.map(async (b) => {
558
- // get all objects
559
- res = await this._s3.send(new ListObjectsV2Command({
560
- Bucket: b.Name,
561
- }));
562
- const keys = (res.Contents || []).map((c) => ({
563
- Key: c.Key,
564
- }));
565
- if (keys.length) {
566
- await this._s3.send(new DeleteObjectsCommand({
567
- Bucket: b.Name,
568
- Delete: {
569
- Objects: keys,
570
- },
571
- }));
572
- }
573
- await this._s3.send(new DeleteBucketCommand({
574
- Bucket: b.Name,
575
- }));
576
- this.log.info(chalk`{green ok}: deleted temporary bucket: ${b.Name}.`);
577
- }));
578
- }
579
- }
580
-
581
518
  async cleanUpIntegrations(filter) {
582
519
  this.log.info('Clean up Integrations');
583
520
  const { ApiId } = await this.initApiId();
@@ -890,7 +827,7 @@ export default class AWSDeployer extends BaseDeployer {
890
827
  }
891
828
 
892
829
  async validateAdditionalTasks() {
893
- if (this._cfg.cleanUpBuckets || this._cfg.cleanUpIntegrations) {
830
+ if (this._cfg.cleanUpIntegrations) {
894
831
  // disable auto build if no deploy
895
832
  if (!this.cfg.deploy) {
896
833
  this.cfg.build = false;
@@ -900,9 +837,6 @@ export default class AWSDeployer extends BaseDeployer {
900
837
  }
901
838
 
902
839
  async runAdditionalTasks() {
903
- if (this._cfg.cleanUpBuckets) {
904
- await this.cleanUpBuckets();
905
- }
906
840
  if (this._cfg.cleanUpIntegrations) {
907
841
  await this.cleanUpIntegrations();
908
842
  }
@@ -911,11 +845,11 @@ export default class AWSDeployer extends BaseDeployer {
911
845
  async deploy() {
912
846
  try {
913
847
  this.log.info(`--: using aws region "${this._cfg.region}"`);
914
- await this.createS3Bucket();
848
+ await this.initAccountId();
915
849
  await this.uploadZIP();
916
850
  await this.createLambda();
851
+ await this.deleteZIP();
917
852
  await this.createAPI();
918
- await this.deleteS3Bucket();
919
853
  await this.checkFunctionReady();
920
854
  } catch (err) {
921
855
  this.log.error(`Unable to deploy Lambda function: ${err.message}`, err);