@hot-updater/aws 0.24.4 → 0.24.6

package/dist/iac/index.cjs

@@ -7561,7 +7561,7 @@ var SSMKeyPairManager = class {
 
 //#endregion
 //#region iac/templates.ts
-const getConfigTemplate = (build, { sessionToken }) => {
+const getConfigTemplate = (build, { profile }) => {
 	const storageConfig = {
 		imports: [{
 			pkg: "@hot-updater/aws",
@@ -7580,16 +7580,11 @@ const getConfigTemplate = (build, { sessionToken }) => {
   })`
 	};
 	let intermediate = "";
-	if (sessionToken) intermediate = `
+	if (profile) intermediate = `
 const commonOptions = {
   bucketName: process.env.HOT_UPDATER_S3_BUCKET_NAME!,
   region: process.env.HOT_UPDATER_S3_REGION!,
-  credentials: {
-    accessKeyId: process.env.HOT_UPDATER_S3_ACCESS_KEY_ID!,
-    secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
-    // This token may expire. For permanent use, it's recommended to use a key with S3FullAccess and CloudFrontFullAccess permission and remove this field.
-    sessionToken: process.env.HOT_UPDATER_S3_SESSION_TOKEN!,
-  },
+  credentials: fromSSO({ profile: process.env.HOT_UPDATER_AWS_PROFILE! }),
 };`.trim();
 	else intermediate = `
 const commonOptions = {
@@ -7600,7 +7595,12 @@ const commonOptions = {
     secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
   },
 };`.trim();
-	return new __hot_updater_cli_tools.ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig).setIntermediateCode(intermediate).getResult();
+	const builder = new __hot_updater_cli_tools.ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig);
+	if (profile) builder.addImport({
+		pkg: "@aws-sdk/credential-provider-sso",
+		named: ["fromSSO"]
+	});
+	return builder.setIntermediateCode(intermediate).getResult();
 };
 const SOURCE_TEMPLATE = `// Add this to your App.tsx
 import { HotUpdater } from "@hot-updater/react-native";
@@ -7634,11 +7634,11 @@ const runInit = async ({ build }) => {
 	const mode = await __hot_updater_cli_tools.p.select({
 		message: "Select the mode to login to AWS",
 		options: [{
-			label: "AWS Access Key ID & Secret Access Key (Recommend)",
-			value: "account"
-		}, {
 			label: "AWS SSO Login",
 			value: "sso"
+		}, {
+			label: "AWS Access Key ID & Secret Access Key",
+			value: "account"
 		}]
 	});
 	if (__hot_updater_cli_tools.p.isCancel(mode)) process.exit(1);
@@ -7648,6 +7648,7 @@ const runInit = async ({ build }) => {
 	__hot_updater_cli_tools.p.log.message(`${__hot_updater_cli_tools.colors.blue("CloudFrontFullAccess")}: Create and update CloudFront distributions`);
 	__hot_updater_cli_tools.p.log.message(`${__hot_updater_cli_tools.colors.blue("IAMFullAccess")}: Get or create IAM roles for Lambda@Edge`);
 	__hot_updater_cli_tools.p.log.message(`${__hot_updater_cli_tools.colors.blue("AmazonSSMFullAccess")}: Access to SSM Parameters for storing CloudFront key pairs`);
+	let ssoProfile = null;
 	if (mode === "sso") try {
 		const profile = await __hot_updater_cli_tools.p.text({
 			message: "Enter the SSO profile name",
@@ -7655,6 +7656,7 @@ const runInit = async ({ build }) => {
 			placeholder: "default"
 		});
 		if (__hot_updater_cli_tools.p.isCancel(profile)) process.exit(1);
+		ssoProfile = profile;
 		await execa("aws", [
 			"sso",
 			"login",
@@ -7764,23 +7766,24 @@ const runInit = async ({ build }) => {
 		distributionId,
 		accountId
 	});
-	if (mode === "sso") await fs.default.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: true }));
-	else await fs.default.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: false }));
-	const comment = mode === "account" ? "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key." : "This key was generated via SSO login and may expire. Update it with an S3FullAccess and CloudFrontFullAccess key.";
+	await fs.default.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { profile: ssoProfile }));
 	await (0, __hot_updater_cli_tools.makeEnv)({
 		HOT_UPDATER_S3_BUCKET_NAME: bucketName,
 		HOT_UPDATER_S3_REGION: bucketRegion,
-		HOT_UPDATER_S3_ACCESS_KEY_ID: {
-			comment,
-			value: credentials.accessKeyId
-		},
-		HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
-			comment,
-			value: credentials.secretAccessKey
-		},
-		...mode === "sso" && { HOT_UPDATER_S3_SESSION_TOKEN: credentials.sessionToken },
+		...mode === "account" ? {
+			HOT_UPDATER_S3_ACCESS_KEY_ID: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.accessKeyId
+			},
+			HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.secretAccessKey
+			}
+		} : {},
+		...ssoProfile !== null ? { HOT_UPDATER_AWS_PROFILE: ssoProfile } : {},
 		HOT_UPDATER_CLOUDFRONT_DISTRIBUTION_ID: distributionId
 	});
+	if (mode === "sso") await (0, __hot_updater_cli_tools.ensureInstallPackages)({ devDependencies: ["@aws-sdk/credential-provider-sso"] });
 	__hot_updater_cli_tools.p.log.success("Generated '.env.hotupdater' file with AWS settings.");
 	__hot_updater_cli_tools.p.log.success("Generated 'hot-updater.config.ts' file with AWS settings.");
 	const sourceUrl = `https://${distributionDomain}/api/check-update`;

package/dist/iac/index.js

@@ -1,6 +1,6 @@
 import { createRequire } from "node:module";
 import { fromSSO } from "@aws-sdk/credential-providers";
-import { ConfigBuilder, colors, copyDirToTmp, createZip, getCwd, link, makeEnv, p, transformEnv, transformTemplate } from "@hot-updater/cli-tools";
+import { ConfigBuilder, colors, copyDirToTmp, createZip, ensureInstallPackages, getCwd, link, makeEnv, p, transformEnv, transformTemplate } from "@hot-updater/cli-tools";
 import { fileURLToPath } from "node:url";
 import { ChildProcess, execFile, spawn, spawnSync } from "node:child_process";
 import { StringDecoder } from "node:string_decoder";
@@ -7535,7 +7535,7 @@ var SSMKeyPairManager = class {
 
 //#endregion
 //#region iac/templates.ts
-const getConfigTemplate = (build, { sessionToken }) => {
+const getConfigTemplate = (build, { profile }) => {
 	const storageConfig = {
 		imports: [{
 			pkg: "@hot-updater/aws",
@@ -7554,16 +7554,11 @@ const getConfigTemplate = (build, { sessionToken }) => {
   })`
 	};
 	let intermediate = "";
-	if (sessionToken) intermediate = `
+	if (profile) intermediate = `
 const commonOptions = {
   bucketName: process.env.HOT_UPDATER_S3_BUCKET_NAME!,
   region: process.env.HOT_UPDATER_S3_REGION!,
-  credentials: {
-    accessKeyId: process.env.HOT_UPDATER_S3_ACCESS_KEY_ID!,
-    secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
-    // This token may expire. For permanent use, it's recommended to use a key with S3FullAccess and CloudFrontFullAccess permission and remove this field.
-    sessionToken: process.env.HOT_UPDATER_S3_SESSION_TOKEN!,
-  },
+  credentials: fromSSO({ profile: process.env.HOT_UPDATER_AWS_PROFILE! }),
 };`.trim();
 	else intermediate = `
 const commonOptions = {
@@ -7574,7 +7569,12 @@ const commonOptions = {
     secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
   },
 };`.trim();
-	return new ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig).setIntermediateCode(intermediate).getResult();
+	const builder = new ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig);
+	if (profile) builder.addImport({
+		pkg: "@aws-sdk/credential-provider-sso",
+		named: ["fromSSO"]
+	});
+	return builder.setIntermediateCode(intermediate).getResult();
 };
 const SOURCE_TEMPLATE = `// Add this to your App.tsx
 import { HotUpdater } from "@hot-updater/react-native";
@@ -7608,11 +7608,11 @@ const runInit = async ({ build }) => {
 	const mode = await p.select({
 		message: "Select the mode to login to AWS",
 		options: [{
-			label: "AWS Access Key ID & Secret Access Key (Recommend)",
-			value: "account"
-		}, {
 			label: "AWS SSO Login",
 			value: "sso"
+		}, {
+			label: "AWS Access Key ID & Secret Access Key",
+			value: "account"
 		}]
 	});
 	if (p.isCancel(mode)) process.exit(1);
@@ -7622,6 +7622,7 @@ const runInit = async ({ build }) => {
 	p.log.message(`${colors.blue("CloudFrontFullAccess")}: Create and update CloudFront distributions`);
 	p.log.message(`${colors.blue("IAMFullAccess")}: Get or create IAM roles for Lambda@Edge`);
 	p.log.message(`${colors.blue("AmazonSSMFullAccess")}: Access to SSM Parameters for storing CloudFront key pairs`);
+	let ssoProfile = null;
 	if (mode === "sso") try {
 		const profile = await p.text({
 			message: "Enter the SSO profile name",
@@ -7629,6 +7630,7 @@ const runInit = async ({ build }) => {
 			placeholder: "default"
 		});
 		if (p.isCancel(profile)) process.exit(1);
+		ssoProfile = profile;
 		await execa("aws", [
 			"sso",
 			"login",
@@ -7738,23 +7740,24 @@ const runInit = async ({ build }) => {
 		distributionId,
 		accountId
 	});
-	if (mode === "sso") await fs.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: true }));
-	else await fs.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: false }));
-	const comment = mode === "account" ? "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key." : "This key was generated via SSO login and may expire. Update it with an S3FullAccess and CloudFrontFullAccess key.";
+	await fs.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { profile: ssoProfile }));
 	await makeEnv({
 		HOT_UPDATER_S3_BUCKET_NAME: bucketName,
 		HOT_UPDATER_S3_REGION: bucketRegion,
-		HOT_UPDATER_S3_ACCESS_KEY_ID: {
-			comment,
-			value: credentials.accessKeyId
-		},
-		HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
-			comment,
-			value: credentials.secretAccessKey
-		},
-		...mode === "sso" && { HOT_UPDATER_S3_SESSION_TOKEN: credentials.sessionToken },
+		...mode === "account" ? {
+			HOT_UPDATER_S3_ACCESS_KEY_ID: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.accessKeyId
+			},
+			HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.secretAccessKey
+			}
+		} : {},
+		...ssoProfile !== null ? { HOT_UPDATER_AWS_PROFILE: ssoProfile } : {},
 		HOT_UPDATER_CLOUDFRONT_DISTRIBUTION_ID: distributionId
 	});
+	if (mode === "sso") await ensureInstallPackages({ devDependencies: ["@aws-sdk/credential-provider-sso"] });
 	p.log.success("Generated '.env.hotupdater' file with AWS settings.");
 	p.log.success("Generated 'hot-updater.config.ts' file with AWS settings.");
 	const sourceUrl = `https://${distributionDomain}/api/check-update`;

package/dist/index.d.cts

@@ -1,4 +1,4 @@
-import * as _hot_updater_plugin_core0 from "@hot-updater/plugin-core";
+import * as _hot_updater_plugin_core1 from "@hot-updater/plugin-core";
 import { S3ClientConfig } from "@aws-sdk/client-s3";
 
 //#region src/s3Database.d.ts
@@ -14,7 +14,7 @@ interface S3DatabaseConfig extends S3ClientConfig {
   cloudfrontDistributionId?: string;
   apiBasePath?: string;
 }
-declare const s3Database: (config: S3DatabaseConfig, hooks?: _hot_updater_plugin_core0.DatabasePluginHooks) => () => _hot_updater_plugin_core0.DatabasePlugin;
+declare const s3Database: (config: S3DatabaseConfig, hooks?: _hot_updater_plugin_core1.DatabasePluginHooks) => () => _hot_updater_plugin_core1.DatabasePlugin;
 //#endregion
 //#region src/s3Storage.d.ts
 interface S3StorageConfig extends S3ClientConfig {
@@ -24,6 +24,6 @@ interface S3StorageConfig extends S3ClientConfig {
    */
   basePath?: string;
 }
-declare const s3Storage: (config: S3StorageConfig, hooks?: _hot_updater_plugin_core0.StoragePluginHooks) => () => _hot_updater_plugin_core0.StoragePlugin;
+declare const s3Storage: (config: S3StorageConfig, hooks?: _hot_updater_plugin_core1.StoragePluginHooks) => () => _hot_updater_plugin_core1.StoragePlugin;
 //#endregion
 export { S3DatabaseConfig, S3StorageConfig, s3Database, s3Storage };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hot-updater/aws",
   "type": "module",
-  "version": "0.24.4",
+  "version": "0.24.6",
   "description": "React Native OTA solution for self-hosted",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -44,9 +44,9 @@
     "execa": "9.5.2",
     "hono": "^4.6.3",
     "mime": "^4.0.4",
-    "@hot-updater/core": "0.24.4",
-    "@hot-updater/js": "0.24.4",
-    "@hot-updater/test-utils": "0.24.4"
+    "@hot-updater/core": "0.24.6",
+    "@hot-updater/js": "0.24.6",
+    "@hot-updater/test-utils": "0.24.6"
   },
   "dependencies": {
     "@aws-sdk/client-cloudfront": "3.772.0",
@@ -59,8 +59,8 @@
     "@aws-sdk/credential-providers": "3.772.0",
     "@aws-sdk/lib-storage": "3.772.0",
     "aws-lambda": "1.0.7",
-    "@hot-updater/cli-tools": "0.24.4",
-    "@hot-updater/plugin-core": "0.24.4"
+    "@hot-updater/cli-tools": "0.24.6",
+    "@hot-updater/plugin-core": "0.24.6"
   },
   "scripts": {
     "build": "tsdown",