@fishawack/lab-env 2.0.1 → 2.2.0

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 ## Changelog
 
+### 2.2.0 (2022-08-10)
+* [Feature] Can now skip diagnose in `fw diagnose`
+* [Feature] Can now provision AWS environments using `fw provision`
+* [Change] Now requires node > 16
+* [Change] Auditted npm dependencies
+* [Misc] Added test coverage for new AWS service
+
+### 2.1.0 (2022-05-27)
+* [Change] Bumped core `0.0.21` to `0.1.0`
+
+### 2.0.2 (2022-04-26)
+* [Change] Bumped core `0.0.20` to `0.0.21`
+* [Bug] Lock eb-cli due to breaking change
+* [Bug] Removed imagemagick from php containers as it's now included in base image
+* [Misc] Updated core publish postversion command
+
 ### 2.0.1 (2022-04-13)
 * [Bug] Explicitly set platform to fix M1 chip issues
 

package/_Test/_helpers/globals.js

@@ -0,0 +1,10 @@
+const fs = require('fs');
+const os = require('os');
+const host = "ftp-fishawack.egnyte.com";
+const creds = JSON.parse(fs.readFileSync(`${os.homedir()}/targets/.ftppass`))[host];
+
+module.exports = {
+    opts: {encoding: 'utf8', stdio: process.argv.includes('--publish') ? 'pipe' : 'inherit'},
+    host,
+    creds
+};

package/_Test/provision.js

@@ -0,0 +1,33 @@
+'use strict';
+
+const expect = require('chai').expect;
+const aws = require("../commands/create/services/aws/index.js");
+var fetch;
+
+describe('provision', async () => {
+    let config;
+    let repo = 'lab-env-test-suite';
+    let account = 'fishawack';
+
+    before(async () => {
+        fetch = (await import('node-fetch')).default;
+
+        config = await aws.static(repo, account);
+
+        await aws.s3.addFileToS3Bucket(repo, account, 'index.html', new TextEncoder().encode("test"));
+    });
+
+    it('Should provision s3 bucket', async () => {
+        expect((await fetch(config.url)).status).to.be.equal(200);
+    });
+
+    after(async () => {
+        await aws.s3.removeFileToS3Bucket(repo, account, 'index.html');
+
+        await aws.s3.removeS3Bucket(repo, account);
+        
+        await aws.cloudfront.removeCloudFrontDistribution(config.cloudfront, account);
+
+        await aws.cloudfront.removeCloudFrontFunction(repo, account);
+    });
+});

package/cli.js

@@ -4,10 +4,6 @@ process.env.CWD = process.cwd();
 
 const _ = require('./globals.js');
 
-const updateNotifier = require('update-notifier');
-const pkg = require('./package.json');
-updateNotifier({pkg, updateCheckInterval: 0}).notify();
-
 const execSync = require('child_process').execSync;
 
 const yargs = require('yargs/yargs');
@@ -16,9 +12,13 @@ const { hideBin } = require('yargs/helpers');
 const args = hideBin(process.argv);
 
 // Stop here if docker process not running and command isn't version or origin which don't require docker
-if(!_.services && !(args[0] === 'origin' || args[0] === '--version')) return;
+if(!_.services && !(args[0] === 'origin' || args[0] === '--version')) process.exit();
 
 (async () => {
+    const updateNotifier = (await import('update-notifier')).default;
+    const pkg = require('./package.json');
+    updateNotifier({pkg, updateCheckInterval: 0}).notify();
+
     process.env.REPO = _.repo;
     
     await _.ports.set();
@@ -59,7 +59,7 @@ if(!_.services && !(args[0] === 'origin' || args[0] === '--version')) return;
         ['build', 'config', 'down', 'mocha', 'rebuild', 'up', 'volumes', 'compose'].forEach(d => cli.command(...require(`./commands/docker/${d}.js`)));
 
         // Create commands
-        ['new', 'diagnose', 'delete'].forEach(d => cli.command(...require(`./commands/create/cmds/${d}.js`)));
+        ['new', 'provision', 'deprovision', 'diagnose', 'delete'].forEach(d => cli.command(...require(`./commands/create/cmds/${d}.js`)));
 
         cli.demandCommand(1, '')
             .wrap(null)

package/commands/create/cmds/deprovision.js

@@ -0,0 +1,53 @@
+const _ = require('../../../globals.js');
+const inquirer = require('inquirer');
+const aws = require('../services/aws/index.js');
+
+module.exports = [
+    ['deprovision', 'deprov'],
+    false,
+    yargs => {
+        yargs.option('branch', {
+            alias: 'b',
+            describe: 'Branch to configure',
+            type: 'string'
+        });
+    },
+    async argv => {
+        let branch = argv.branch || _.branch;
+        
+        let answer = await inquirer.prompt([
+            {
+                type: 'confirm',
+                name: 'check',
+                message: `Deprovisioning fw-auto-${_.repo}-${branch}, are you sure you want to continue?`,
+                default: 'Y'
+            }
+        ]);
+
+        if(!answer.check){
+            process.exit(1);
+        }
+
+        const answers = await inquirer.prompt([
+            {
+                type: 'input',
+                name: 'id',
+                message: 'What is the Id of the CloudFront distribution?',
+                validate: (input) => !!input.length
+            },
+            {
+                type: 'list',
+                name: 'client',
+                message: 'Which AWS account is this deployed too?',
+                choices: ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'training'],
+                default: 'fishawack'
+            }
+        ]);
+
+        try { await aws.s3.removeS3Bucket(`fw-auto-${_.repo}-${branch}`, answers.client); } catch(e) {}
+        
+        try { await aws.cloudfront.removeCloudFrontDistribution(answers.id, answers.client); } catch(e) {}
+
+        try { await aws.cloudfront.removeCloudFrontFunction(`fw-auto-${_.repo}-${branch}`, answers.client); } catch(e) {}
+    }
+];

package/commands/create/cmds/diagnose.js

@@ -57,9 +57,11 @@ module.exports = [
                 while(!await test.bitbucket() || !await bitbucket.check()){
                     await guide.bitbucket();
                 }
-    
-                while(!await test.gitlab() || !await gitlab.check()){
-                    await guide.gitlab();
+                
+                if(!await guide.gitlabSkip()) {
+                    while(!await test.gitlab() || !await gitlab.check()){
+                        await guide.gitlab();
+                    }
                 }
     
                 const userRepoName = vars.misc.bitbucket.username.split('@')[0].replace(/\./, '-');

package/commands/create/cmds/provision.js

@@ -0,0 +1,120 @@
+const _ = require('../../../globals.js');
+const utilities = require('../libs/utilities');
+const execSync = require('child_process').execSync;
+const inquirer = require('inquirer');
+const aws = require('../services/aws/index.js');
+const generator = require('generate-password');
+
+module.exports = [
+    ['provision', 'prov'],
+    'Provisions the deployment target',
+    yargs => {
+        yargs.option('branch', {
+            alias: 'b',
+            describe: 'Branch to configure',
+            type: 'string'
+        });
+    },
+    async argv => {
+        let branch = argv.branch || _.branch;
+        
+        let answer = await inquirer.prompt([
+            {
+                type: 'confirm',
+                name: 'check',
+                message: `Provisioning the ${utilities.colorize(branch, 'success')} branch, is this correct?`,
+                default: 'Y'
+            }
+        ]);
+
+        if(!answer.check){
+            process.exit(1);
+        }
+
+        const answers = await inquirer.prompt([
+            {
+                type: 'list',
+                name: 'stack',
+                message: 'What type of project are you deploying?',
+                choices: ['static'],
+                default: 'static'
+            },
+            {
+                type: 'list',
+                name: 'client',
+                message: 'Which AWS account should this be deployed too?',
+                choices: ['fishawack', 'abbvie', 'sanofigenzyme', 'gsk', 'janssen', 'astrazeneca', 'training'],
+                default: 'fishawack'
+            },
+            {
+                type: 'confirm',
+                name: 'protected',
+                message: 'Should the site be password protected?',
+                default: true
+            }
+        ]);
+
+        let credentials = [];
+
+        if(answers.protected){
+            let user = {
+                another: true
+            };
+
+            while(user.another){
+                user = await inquirer.prompt([
+                    {
+                        type: 'input',
+                        name: 'username',
+                        message: 'Username',
+                        default: `${_.repo_safe}User${credentials.length ? `-${credentials.length}` : ''}`,
+                        validate: (input) => !!input.length
+                    },
+                    {
+                        type: 'input',
+                        name: 'password',
+                        message: 'Password (leave empty to generate)',
+                        default: generator.generate({ length: 10, numbers: true }),
+                        validate: (input) => !!input.length
+                    },
+                    {
+                        type: 'confirm',
+                        name: 'another',
+                        message: 'Add another user?',
+                        default: false
+                    }
+                ]);
+
+                credentials.push({username: user.username, password: user.password});
+            }
+        }
+
+        let config = {};
+        let infastructure;
+        
+        try{
+            infastructure = await aws.static(`fw-auto-${_.repo}-${branch}`, answers.client, [{Key: 'repository', Value: _.repo}, {Key: 'environment', Value: branch}], credentials);
+        } catch(e){
+            console.log(e.message);
+            process.exit(1);
+        }
+        
+        config[branch] = {
+            deploy: {
+                "url": infastructure.url,
+                "location": infastructure.bucket.slice(1), // Remove / from start
+                "aws-s3": answers.client,
+                "aws-cloudfront": infastructure.cloudfront
+            }
+        };
+
+        if(credentials.length){
+            config[branch].deploy.users = credentials;
+        }
+
+        let stringify = JSON.stringify(config, null, 4);
+        let output = stringify.substring(1, stringify.length-1).trim();
+        execSync(`printf '${output}' | pbcopy`);
+        console.log(utilities.colorize(`\n${output}\n\n(copied to clipboard)`, 'title'));
+    }
+];

package/commands/create/libs/aws-cloudfront-auth.js

@@ -0,0 +1,77 @@
+function handler(event) {
+    // Redirect if www to non-www
+    if (event.request.headers.host.value.includes('www.')) {
+        var query = '';
+        var index = 0;
+
+        for(var key in event.request.querystring){
+            query += `${index ? '&' : '?'}${key}=${event.request.querystring[key].value}`;
+            index++;
+        }
+        
+        var response = {
+            statusCode: 301,
+            statusDescription: 'Moved Permanently',
+            headers: { "location": { "value": `${event.request.headers.host.value.split('www.')[1]}${event.request.uri}${query}` } }
+        };
+
+        return response;
+    }
+
+    // Redirect if no trailing slash
+    if(!event.request.uri.includes('.') && !event.request.uri.endsWith('/')){
+        var query = '';
+        var index = 0;
+
+        for(var key in event.request.querystring){
+            query += `${index ? '&' : '?'}${key}=${event.request.querystring[key].value}`;
+            index++;
+        }
+
+        return {
+            statusCode: 301,
+            statusDescription: 'Moved Permanently',
+            headers: { "location": { "value": `${event.request.uri}/${query}` } }
+        };
+    }
+    
+    var authHeaders = event.request.headers.authorization;
+
+    // The Base64-encoded Auth string that should be present.
+    // It is an encoding of `Basic base64([username]:[password])`
+    var expected = <%= credentials %>;
+
+    // If an Authorization header is supplied and it's an exact match, pass the
+    // request on through to CF/the origin without any modification.
+    if(authHeaders && expected.find(d => d === authHeaders.value)) {
+        // Rewrite url to append index.html if not present
+        var request = event.request;
+        var uri = request.uri;
+
+        // Check whether the URI is missing a file name.
+        if(uri.endsWith('/')) {
+            request.uri += 'index.html';
+        }
+        // Check whether the URI is missing a file extension.
+        else if(!uri.includes('.')) {
+            request.uri += '/index.html';
+        }
+
+        return request;
+    }
+
+    // But if we get here, we must either be missing the auth header or the
+    // credentials failed to match what we expected.
+    // Request the browser present the Basic Auth dialog.
+    var response = {
+        statusCode: 401,
+        statusDescription: 'Unauthorized',
+        headers: {
+            "www-authenticate": {
+                value: 'Basic'
+            }
+        },
+    };
+
+    return response;
+}

package/commands/create/libs/aws-cloudfront-simple.js

@@ -0,0 +1,51 @@
+function handler(event) {
+    // Redirect if www to non-www
+    if (event.request.headers.host.value.includes('www.')) {
+        var query = '';
+        var index = 0;
+
+        for(var key in event.request.querystring){
+            query += `${index ? '&' : '?'}${key}=${event.request.querystring[key].value}`;
+            index++;
+        }
+        
+        var response = {
+            statusCode: 301,
+            statusDescription: 'Moved Permanently',
+            headers: { "location": { "value": `${event.request.headers.host.value.split('www.')[1]}${event.request.uri}${query}` } }
+        };
+
+        return response;
+    }
+
+    // Redirect if no trailing slash
+    if(!event.request.uri.includes('.') && !event.request.uri.endsWith('/')){
+        var query = '';
+        var index = 0;
+
+        for(var key in event.request.querystring){
+            query += `${index ? '&' : '?'}${key}=${event.request.querystring[key].value}`;
+            index++;
+        }
+
+        return {
+            statusCode: 301,
+            statusDescription: 'Moved Permanently',
+            headers: { "location": { "value": `${event.request.uri}/${query}` } }
+        };
+    }
+    
+    var request = event.request;
+    var uri = request.uri;
+
+    // Check whether the URI is missing a file name.
+    if(uri.endsWith('/')) {
+        request.uri += 'index.html';
+    }
+    // Check whether the URI is missing a file extension.
+    else if(!uri.includes('.')) {
+        request.uri += '/index.html';
+    }
+
+    return request;
+}

package/commands/create/libs/utilities.js

@@ -23,9 +23,12 @@ const colorize = module.exports.colorize = (str, type) => {
     }
 };
 
+let latestSpinner = null;
+
 module.exports.Spinner = class Spinner {
-    constructor(startMessage) {
-        this.ora = ora(colorize(startMessage, 'info')).start();
+    constructor(startMessage, simple = false) {
+        this.ora = ora(simple ? startMessage : colorize(startMessage, 'info')).start();
+        latestSpinner = this;
     }
 
     update(message, status) {
@@ -37,6 +40,50 @@ module.exports.Spinner = class Spinner {
             this.ora.succeed(colorize(message, status || 'success'));
         }
     }
+
+    action(message, action, success, failure) {
+        return new Promise(async (resolve, reject) => {
+            let instance = new this.constructor(message);
+            let res;
+
+            try {
+                res = await action();
+
+                instance.update(success);
+            } catch (e){
+                instance.update(failure, 'fail');
+                reject(e);
+            }
+
+            resolve(res);
+        });
+    }
+
+    simple(message, action) {
+        return new Promise(async (resolve, reject) => {
+            let instance = new this.constructor(message, true);
+            let res;
+
+            try {
+                res = await action();
+
+                instance.ora.succeed();
+            } catch (e){
+                instance.ora.fail();
+                reject(e);
+            }
+
+            resolve(res);
+        });
+    }
+
+    ping(){
+        latestSpinner.ora.color = latestSpinner.ora.color === 'cyan' ? 'magenta' : 'cyan';
+        let message = ' - check: ';
+        let split = latestSpinner.ora.text.split(message);
+        let iteration = split[1] && +split[1].split(':')[0] || 0;
+        latestSpinner.ora.text = `${split[0]}${message}${iteration+1}`;
+    }
 };
 
 module.exports.encode = (username, password) => {

package/commands/create/services/aws/cloudfront.js

@@ -0,0 +1,289 @@
+const { CloudFrontClient, CreateDistributionWithTagsCommand, CreateCloudFrontOriginAccessIdentityCommand, DeleteDistributionCommand , DeleteCloudFrontOriginAccessIdentityCommand, GetDistributionCommand, UpdateDistributionCommand, GetCloudFrontOriginAccessIdentityCommand, CreateFunctionCommand, GetFunctionCommand, UpdateFunctionCommand, PublishFunctionCommand, DeleteFunctionCommand, DescribeFunctionCommand } = require("@aws-sdk/client-cloudfront");
+const fs = require('fs');
+const { Spinner } = require('../../libs/utilities');
+
+let region = `us-east-1`;
+
+const client = new CloudFrontClient({ region });
+
+module.exports.createCloudFrontDistribution = async (name, account, tags = []) => {
+    process.env.AWS_PROFILE = account;
+
+    let OAI = await Spinner.prototype.simple(`Creating CloudFront OAI`, () => {
+        return client.send(
+            new CreateCloudFrontOriginAccessIdentityCommand({ 
+                CloudFrontOriginAccessIdentityConfig: {
+                    CallerReference: name,
+                    Comment: `lab-env provisioned CloudFront OAI for s3 bucket ${name}`,
+                }
+            })
+        )
+    });
+
+    let res;
+
+    try {
+        res = await Spinner.prototype.simple(`Creating CloudFront distribution with CloudFront OAI and tags`, () => {
+            return client.send(
+                new CreateDistributionWithTagsCommand({
+                    DistributionConfigWithTags: {
+                        DistributionConfig: { 
+                            Enabled: true,
+                            CallerReference: name,
+                            Comment: `lab-env provisioned CloudFront distribution for project ${name}`,
+                            CustomErrorResponses: {
+                                Items: [
+                                    {
+                                        ErrorCachingMinTTL: 0,
+                                        ErrorCode: 403,
+                                        ResponseCode: 200,
+                                        ResponsePagePath: '/index.html'
+                                    }
+                                ],
+                                Quantity: 1
+                            },
+                            DefaultCacheBehavior: { 
+                                Compress: true,
+                                TargetOriginId: `${name}.s3.${region}.amazonaws.com`,
+                                ViewerProtocolPolicy: 'redirect-to-https',
+                                CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6' // Built in, Managed AWS Policy - Cache Optimized
+                            },
+                            Origins: {
+                                Items: [
+                                    {
+                                        DomainName: `${name}.s3.${region}.amazonaws.com`,
+                                        Id: `${name}.s3.${region}.amazonaws.com`,
+                                        S3OriginConfig: {
+                                            OriginAccessIdentity: `origin-access-identity/cloudfront/${OAI.CloudFrontOriginAccessIdentity.Id}`
+                                        }
+                                    }
+                                ],
+                                Quantity: 1
+                            }
+                        },
+                        Tags: {
+                            Items: [{Key: 'client', Value: account}].concat(tags)
+                        }
+                    }
+                })
+            )
+        });
+
+        await Spinner.prototype.simple(`Waiting for CloudFront distribution to deploy`, () => {
+            return module.exports.waitForCloudFrontDistribution(res.Distribution.Id, account);
+        });
+    } catch(e){
+        let Id = e.message.split(' ')[e.message.split(' ').length - 1];
+     
+        res = await Spinner.prototype.simple(`Retrieving the already existing CloudFront distribution`, () => {
+            return client.send(
+                new GetDistributionCommand({ Id })
+            );
+        });
+    }
+    
+    return res;
+}
+
+module.exports.removeCloudFrontDistribution = async (Id, account) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Retrieving the CloudFront distribution ${Id}`, () => {
+        return client.send(
+            new GetDistributionCommand({ Id })
+        );
+    });
+
+    let OAI = res.Distribution.DistributionConfig.Origins.Items[0].S3OriginConfig.OriginAccessIdentity.split('origin-access-identity/cloudfront/')[1];
+
+    res.Distribution.DistributionConfig.Enabled = false;
+
+    res = await Spinner.prototype.simple(`Disabling the CloudFront distribution`, () => {
+        return client.send(
+            new UpdateDistributionCommand({ DistributionConfig: res.Distribution.DistributionConfig, Id, IfMatch: res.ETag })
+        );
+    });
+
+    await Spinner.prototype.simple(`Waiting for CloudFront distribution to deploy`, () => {
+        return module.exports.waitForCloudFrontDistribution(res.Distribution.Id, account);
+    });
+
+    res = await Spinner.prototype.simple(`Deleting the CloudFront distribution`, () => {
+        return client.send(
+            new DeleteDistributionCommand({ Id, IfMatch: res.ETag })
+        );
+    });
+
+    res = await Spinner.prototype.simple(`Retrieving the CloudFront OAI`, () => {
+        return client.send(
+            new GetCloudFrontOriginAccessIdentityCommand({ Id: OAI })
+        );
+    });
+
+    res = await Spinner.prototype.simple(`Deleting the CloudFront OAI`, () => {
+        return client.send(
+            new DeleteCloudFrontOriginAccessIdentityCommand({ Id: OAI, IfMatch: res.ETag })
+        );
+    });
+}
+
+module.exports.waitForCloudFrontDistribution = async (Id, account) => {
+    process.env.AWS_PROFILE = account;
+
+    let status;
+
+    do{
+        await new Promise((resolve) => setTimeout(() => resolve(), 5000));
+
+        await Spinner.prototype.ping();
+
+        let check = await client.send(
+            new GetDistributionCommand({ Id })
+        );
+    
+        status = check.Distribution.Status;
+    } while(status !== 'Deployed')
+}
+
+module.exports.createCloudFrontFunction = async (name, account, fn, config) => {
+    process.env.AWS_PROFILE = account;
+
+    let FunctionConfig = {
+        Comment: `lab-env provisioned cloudfront function for project ${name} using code snippet ${fn}.js`,
+        Runtime: `cloudfront-js-1.0`
+    };
+
+    let res;
+
+    try{
+        res = await Spinner.prototype.simple(`Creating CloudFront function`, () => {
+            return client.send(
+                new CreateFunctionCommand({
+                    Name: name,
+                    FunctionCode: new TextEncoder().encode(" "),
+                    FunctionConfig
+                })
+            );
+        });
+    } catch (e){
+        res = await Spinner.prototype.simple(`Retrieving the already existing CloudFront function`, () => {
+            return client.send(
+                new GetFunctionCommand({
+                    Name: name
+                })
+            );
+        });
+    }
+
+    let processedFn = fs.readFileSync(`${__dirname}/../../libs/${fn}.js`).toString();
+    processedFn = processedFn.replace(/<%=.*%>/g, (el) => JSON.stringify(config[el.slice(3, el.length - 2).trim()], null, 4));
+
+    res = await Spinner.prototype.simple(`Updating CloudFront function with ${fn}.js code`, () => {
+        return client.send(
+            new UpdateFunctionCommand({
+                Name: name,
+                FunctionCode: new TextEncoder().encode(processedFn),
+                FunctionConfig,
+                IfMatch: res.ETag
+            })
+        );
+    });
+    
+    res = await Spinner.prototype.simple(`Publishing CloudFront function`, () => {
+        return client.send(
+            new PublishFunctionCommand({
+                Name: name,
+                IfMatch: res.ETag
+            })
+        );
+    });
+
+    return res;
+}
+
+module.exports.removeCloudFrontFunction = async (name, account) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Retrieving CloudFront function`, () => {
+        return client.send(
+            new GetFunctionCommand({
+                Name: name
+            })
+        );
+    });
+
+    res = await Spinner.prototype.simple(`Deleting CloudFront function`, () => {
+        return client.send(
+            new DeleteFunctionCommand({
+                Name: name,
+                IfMatch: res.ETag
+            })
+        );
+    });
+
+    return res;
+}
+
+module.exports.setCloudFrontFunctionAssociation = async (Id, account) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Retrieving CloudFront distribution`, () => {
+        return client.send(
+            new GetDistributionCommand({ Id })
+        );
+    });
+
+    let { FunctionSummary: { FunctionMetadata: { FunctionARN } } } = await Spinner.prototype.simple(`Retrieving CloudFront function`, () => {
+        return client.send(
+            new DescribeFunctionCommand({
+                Name: res.Distribution.DistributionConfig.CallerReference,
+                Stage: 'LIVE'
+            })
+        );
+    });
+
+    res.Distribution.DistributionConfig.DefaultCacheBehavior.FunctionAssociations = {
+        Items: [
+            {
+                EventType: 'viewer-request',
+                FunctionARN: FunctionARN
+            }
+        ],
+        Quantity: 1
+    };
+
+    res = await Spinner.prototype.simple(`Adding CloudFront function to CloudFront distribution`, () => {
+        return client.send(
+            new UpdateDistributionCommand({ DistributionConfig: res.Distribution.DistributionConfig, Id, IfMatch: res.ETag })
+        );
+    });
+
+    await Spinner.prototype.simple(`Waiting for CloudFront distribution to deploy`, () => {
+        return module.exports.waitForCloudFrontDistribution(res.Distribution.Id, account);
+    });
+};
+
+module.exports.removeCloudFrontFunctionAssociation = async (Id, account) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Retrieving CloudFront distribution`, () => {
+        return client.send(
+            new GetDistributionCommand({ Id })
+        );
+    });
+
+    res.Distribution.DistributionConfig.DefaultCacheBehavior.FunctionAssociations = {
+        Items: [],
+        Quantity: 0
+    };
+
+    res = await Spinner.prototype.simple(`Removing CloudFront function from CloudFront distribution`, () => {
+        return client.send(
+            new UpdateDistributionCommand({ DistributionConfig: res.Distribution.DistributionConfig, Id, IfMatch: res.ETag })
+        );
+    });
+
+    await Spinner.prototype.simple(`Waiting for CloudFront distribution to deploy`, () => {
+        return module.exports.waitForCloudFrontDistribution(res.Distribution.Id, account);
+    });
+};

package/commands/create/services/aws/index.js

@@ -0,0 +1,22 @@
+module.exports.s3 = require("./s3.js");
+module.exports.cloudfront = require("./cloudfront.js");
+
+module.exports.static = async (name, account, tags = [], credentials = []) => {
+    let s3 = await module.exports.s3.createS3Bucket(name, account, tags);
+
+    let cloudfront = await module.exports.cloudfront.createCloudFrontDistribution(name, account, tags);
+
+    await module.exports.s3.setS3BucketPolicy(name, account, cloudfront.Distribution.DistributionConfig.Origins.Items[0].S3OriginConfig.OriginAccessIdentity.split('origin-access-identity/cloudfront/')[1]);
+
+    await module.exports.cloudfront.createCloudFrontFunction(name, account, credentials.length ? 'aws-cloudfront-auth' : 'aws-cloudfront-simple', {credentials: credentials.map(d => `Basic ${Buffer.from(`${d.username}:${d.password}`).toString('base64')}`)});
+
+    await module.exports.cloudfront.setCloudFrontFunctionAssociation(cloudfront.Distribution.Id, account);
+
+    let config = {
+        "bucket": s3.Location,
+        "url": `https://${cloudfront.Distribution.DomainName}`,
+        "cloudfront": cloudfront.Distribution.Id,
+    };
+
+    return config;
+}

package/commands/create/services/aws/s3.js

@@ -0,0 +1,100 @@
+const { S3Client, CreateBucketCommand, DeleteBucketCommand, PutPublicAccessBlockCommand, PutBucketTaggingCommand, PutBucketPolicyCommand, PutObjectCommand, DeleteObjectCommand } = require("@aws-sdk/client-s3");
+const { Spinner } = require('../../libs/utilities');
+
+let region = `us-east-1`;
+
+const client = new S3Client({ region });
+
+module.exports.createS3Bucket = async (bucket, account, tags = []) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Creating s3 bucket ${bucket}`, () => {
+        return client.send(
+            new CreateBucketCommand({ Bucket: bucket })
+        );
+    });
+
+    await Spinner.prototype.simple(`Blocking all public access to s3 bucket`, () => {
+        return client.send(
+            new PutPublicAccessBlockCommand({ Bucket: bucket, PublicAccessBlockConfiguration: { BlockPublicAcls: true, BlockPublicPolicy: true, IgnorePublicAcls: true, RestrictPublicBuckets: true } })
+        );
+    });
+
+    await Spinner.prototype.simple(`Adding tags to s3 bucket`, () => {
+        return client.send(
+            new PutBucketTaggingCommand({ Bucket: bucket, Tagging: {TagSet: [{Key: 'client', Value: account}].concat(tags)} })
+        );
+    });
+    
+    return res;
+}
+
+module.exports.removeS3Bucket = async (bucket, account) => {
+    process.env.AWS_PROFILE = account;
+
+    await Spinner.prototype.simple(`Removing s3 bucket ${bucket}`, () => {
+        return client.send(
+            new DeleteBucketCommand({ Bucket: bucket })
+        );
+    });
+}
+
+module.exports.setS3BucketPolicy = async (bucket, account, OAI) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Updating s3 bucket policy`, () => {
+        return client.send(
+            new PutBucketPolicyCommand({
+                Bucket: bucket,
+                Policy: JSON.stringify({
+                    "Version": "2008-10-17",
+                    "Id": "PolicyForCloudFrontPrivateContent",
+                    "Statement": [
+                        {
+                            "Sid": "1",
+                            "Effect": "Allow",
+                            "Principal": {
+                                "AWS": `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${OAI}`
+                            },
+                            "Action": "s3:GetObject",
+                            "Resource": `arn:aws:s3:::${bucket}/*`
+                        }
+                    ]
+                })
+            })
+        );
+    });
+
+    return res;
+}
+
+module.exports.addFileToS3Bucket = async (bucket, account, filepath, file) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Adding file to s3 bucket`, () => {
+        return client.send(
+            new PutObjectCommand({
+                Bucket: bucket,
+                Body: file,
+                Key: filepath
+            })
+        );
+    });
+    
+    return res;
+};
+
+module.exports.removeFileToS3Bucket = async (bucket, account, filepath) => {
+    process.env.AWS_PROFILE = account;
+
+    let res = await Spinner.prototype.simple(`Removing file from s3 bucket`, () => {
+        return client.send(
+            new DeleteObjectCommand({
+                Bucket: bucket,
+                Key: filepath
+            })
+        );
+    });
+    
+    return res;
+}

package/commands/create/services/guide.js

@@ -194,6 +194,19 @@ module.exports.preset = async () => {
     return inputs.preset;
 }
 
+module.exports.gitlabSkip = async () => {
+    let inputs = await inquirer.prompt([
+        {
+            type: 'confirm',
+            name: 'confirm',
+            message: 'Do you want to test gitlab setup? (VPN required)',
+            default: true
+        }
+    ]);
+
+    return !inputs.confirm;
+}
+
 module.exports.config = async () => {
     let inputs = await inquirer.prompt([
         {

package/core/{0.0.20 → 0.1.0}/Dockerfile

@@ -132,13 +132,19 @@ RUN apt-get install -y locales
 # Install AWS Elastic Beanstalk cli
 RUN apt-get install -y zlib1g-dev libssl-dev libncurses-dev libffi-dev libsqlite3-dev libreadline-dev libbz2-dev
 
-RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
+RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git --depth 1 --branch v0.1.2
 RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
 RUN rm -rf ./aws-elastic-beanstalk-cli-setup
 
 RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
     locale-gen
 
+# Install AWS-CLI@2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+RUN unzip awscliv2.zip
+RUN ./aws/install
+RUN rm -rf ./aws && rm -rf awscliv2.zip
+
 # Cleanup apt-get install folders
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

package/core/CHANGELOG.md

@@ -0,0 +1,4 @@
+## Changelog
+
+### 0.1.0 (2022-05-27)
+* [Feature] Added aws-cli@2 to core container

package/core/package.json

@@ -1,9 +1,9 @@
 {
   "name": "core",
-  "version": "0.0.20",
+  "version": "0.1.0",
   "description": "lab-env docker config for the @fishawack/core npm module",
   "scripts": {
-    "postversion": "docker tag fishawack/core:$npm_package_version fishawack/core:latest && docker push fishawack/core:$npm_package_version fishawack/core:latest"
+    "postversion": "mv ./*/ ./$npm_package_version && docker build ./*/ -t fishawack/core:$npm_package_version -t fishawack/core:latest && docker push fishawack/core:$npm_package_version && docker push fishawack/core:latest && git add . && git commit -m 'Bumped core to $npm_package_version'"
   },
   "author": "Mike Mellor",
   "license": "ISC"

package/craftcms/3/docker-compose.yml

@@ -28,7 +28,7 @@ services:
     build: 
       context: ./php/
       dockerfile: Dockerfile
-    image: lab-env/craftcms/3/php:0.0.1
+    image: lab-env/craftcms/3/php:0.0.2
     init: true
     working_dir: /app
     networks:
@@ -36,6 +36,7 @@ services:
     volumes:
       - $CWD/:/app
       - ./php/custom.conf:/opt/bitnami/php/etc/custom.conf
+      - ./php/policy.xml:/etc/ImageMagick-6/policy.xml
       - vendor:/app/vendor
 networks:
   default:

package/craftcms/3/php/Dockerfile

@@ -6,11 +6,8 @@ MAINTAINER Mike Mellor
 RUN apt-get update && \
     apt-get install -y mariadb-client
 
-# Install Imagemagick
-RUN apt-get install -y libmagickwand-dev --no-install-recommends
-
-# PHP Imagick ext
-RUN pecl install imagick && docker-php-ext-enable imagick
+# Install ghostscript
+RUN apt-get install -y ghostscript
 
 # Cleanup apt-get install folders
 RUN apt-get clean && \

package/craftcms/3/php/policy.xml

@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+  <!ELEMENT policymap (policy)*>
+  <!ATTLIST policymap xmlns CDATA #FIXED ''>
+  <!ELEMENT policy EMPTY>
+  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
+    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
+    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
+]>
+<!--
+  Configure ImageMagick policies.
+
+  Domains include system, delegate, coder, filter, path, or resource.
+
+  Rights include none, read, write, execute and all.  Use | to combine them,
+  for example: "read | write" to permit read from, or write to, a path.
+
+  Use a glob expression as a pattern.
+
+  Suppose we do not want users to process MPEG video images:
+
+    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+  Here we do not want users reading images from HTTP:
+
+    <policy domain="coder" rights="none" pattern="HTTP" />
+
+  The /repository file system is restricted to read only.  We use a glob
+  expression to match all paths that start with /repository:
+
+    <policy domain="path" rights="read" pattern="/repository/*" />
+
+  Lets prevent users from executing any image filters:
+
+    <policy domain="filter" rights="none" pattern="*" />
+
+  Any large image is cached to disk rather than memory:
+
+    <policy domain="resource" name="area" value="1GP"/>
+
+  Use the default system font unless overwridden by the application:
+
+    <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
+
+  Define arguments for the memory, map, area, width, height and disk resources
+  with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
+  for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+  exceeds policy maximum so memory limit is 1GB).
+
+  Rules are processed in order.  Here we want to restrict ImageMagick to only
+  read or write a small subset of proven web-safe image types:
+
+    <policy domain="delegate" rights="none" pattern="*" />
+    <policy domain="filter" rights="none" pattern="*" />
+    <policy domain="coder" rights="none" pattern="*" />
+    <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
+-->
+<policymap>
+  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+  <policy domain="resource" name="memory" value="256MiB"/>
+  <policy domain="resource" name="map" value="512MiB"/>
+  <policy domain="resource" name="width" value="16KP"/>
+  <policy domain="resource" name="height" value="16KP"/>
+  <!-- <policy domain="resource" name="list-length" value="128"/> -->
+  <policy domain="resource" name="area" value="128MP"/>
+  <policy domain="resource" name="disk" value="1GiB"/>
+  <!-- <policy domain="resource" name="file" value="768"/> -->
+  <!-- <policy domain="resource" name="thread" value="4"/> -->
+  <!-- <policy domain="resource" name="throttle" value="0"/> -->
+  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
+  <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+  <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+  <!-- <policy domain="cache" name="synchronize" value="True"/> -->
+  <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
+  <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+  <!-- <policy domain="system" name="shred" value="2"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- <policy domain="system" name="font" value="/path/to/font.ttf"/> -->
+  <!-- <policy domain="system" name="pixel-cache-memory" value="anonymous"/> -->
+  <!-- <policy domain="system" name="shred" value="2"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- not needed due to the need to use explicitly by mvg: -->
+  <!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
+  <!-- use curl -->
+  <policy domain="delegate" rights="none" pattern="URL" />
+  <policy domain="delegate" rights="none" pattern="HTTPS" />
+  <policy domain="delegate" rights="none" pattern="HTTP" />
+  <!-- in order to avoid to get image with password text -->
+  <policy domain="path" rights="none" pattern="@*"/>
+  <!-- disable ghostscript format types -->
+  <!-- <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="PS2" />
+  <policy domain="coder" rights="none" pattern="PS3" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <policy domain="coder" rights="none" pattern="PDF" />
+  <policy domain="coder" rights="none" pattern="XPS" /> -->
+</policymap>

package/drupal/9/docker-compose.yml

@@ -36,7 +36,7 @@ services:
     build: 
       context: ./php/
       dockerfile: Dockerfile
-    image: lab-env/drupal/9/php:0.0.2
+    image: lab-env/drupal/9/php:0.0.3
     init: true
     working_dir: /app
     networks:

package/drupal/9/php/Dockerfile

@@ -6,12 +6,6 @@ MAINTAINER Mike Mellor
 RUN apt-get update && \
     apt-get install -y mariadb-client
 
-# Install Imagemagick
-RUN apt-get install -y libmagickwand-dev --no-install-recommends
-
-# PHP Imagick ext
-RUN pecl install imagick && docker-php-ext-enable imagick
-
 # Install ghostscript
 RUN apt-get install -y ghostscript
 

package/globals.js

@@ -20,8 +20,15 @@ var run;
 var exec;
 var running;
 var services;
+var branch;
 var opts = {encoding: 'utf8', stdio: 'inherit', shell: '/bin/bash'};
 
+try{
+    branch = process.env.BRANCH || process.env.CI_COMMIT_REF_NAME || require('git-branch').sync();
+} catch(e){
+    branch = 'unknown';
+}
+
 try{
     repo = execSync('basename "$(git rev-parse --show-toplevel)"', {encoding: 'utf8', stdio: 'pipe'}).trim() || path.basename(process.cwd());
 } catch(e){
@@ -113,6 +120,7 @@ module.exports = {
     services,
     platform,
     repo,
+    branch,
     repo_safe: repo.replace(/\./g, ''),
     pkg,
     docker,

package/laravel/8/docker-compose.yml

@@ -28,7 +28,7 @@ services:
     build: 
       context: ./php/
       dockerfile: Dockerfile
-    image: lab-env/laravel/8/php:0.0.1
+    image: lab-env/laravel/8/php:0.0.2
     init: true
     working_dir: /app
     networks:

package/laravel/8/php/Dockerfile

@@ -2,15 +2,9 @@ FROM chialab/php:7.4-fpm
 
 MAINTAINER Mike Mellor
 
-# Install Imagemagick
-RUN apt-get update && \
-    apt-get install -y libmagickwand-dev --no-install-recommends
-
-# PHP Imagick ext
-RUN pecl install imagick && docker-php-ext-enable imagick
-
 # Install ghostscript
-RUN apt-get install -y ghostscript
+RUN apt-get update && \
+    apt-get install -y ghostscript
 
 # Cleanup apt-get install folders
 RUN apt-get clean && \

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@fishawack/lab-env",
-  "version": "2.0.1",
+  "version": "2.2.0",
   "description": "Docker manager for FW",
   "main": "cli.js",
   "scripts": {
-    "test": "rm -rf _Test/_fixtures && mkdir _Test/_fixtures && mocha _Test/*.js --timeout 120s --bail",
+    "test": "rm -rf _Test/_fixtures/boilerplate*; mocha _Test/*.js --timeout 1200s --bail",
     "preversion": "npm test",
     "postversion": "git push && git push --tags && npm publish",
     "postpublish": "git checkout development && git merge master && git push"
@@ -16,23 +16,33 @@
   "author": "",
   "license": "ISC",
   "homepage": "https://bitbucket.org/fishawackdigital/lab-env#readme",
+  "type": "commonjs",
   "bin": {
     "lab-env": "./cli.js",
     "fw": "./cli.js"
   },
   "dependencies": {
-    "axios": "0.21.1",
+    "@aws-sdk/client-cloudfront": "^3.141.0",
+    "@aws-sdk/client-s3": "^3.141.0",
+    "axios": "^0.21.4",
     "chalk": "4.1.0",
+    "generate-password": "^1.7.0",
     "get-port": "5.1.1",
+    "git-branch": "^2.0.1",
     "glob": "7.1.7",
     "inquirer": "8.1.2",
     "ora": "5.4.1",
     "semver": "7.3.4",
-    "update-notifier": "5.1.0",
+    "update-notifier": "^6.0.2",
     "yargs": "16.2.0"
   },
   "devDependencies": {
     "chai": "4.3.4",
-    "mocha": "9.1.2"
+    "mocha": "^9.2.2",
+    "node-fetch": "^3.2.10"
+  },
+  "engines": {
+    "npm": ">=8",
+    "node": ">=18"
   }
 }