@hot-updater/aws 0.24.5 → 0.24.7

package/dist/iac/index.cjs

@@ -7561,7 +7561,7 @@ var SSMKeyPairManager = class {
 
 //#endregion
 //#region iac/templates.ts
-const getConfigTemplate = (build, { sessionToken }) => {
+const getConfigTemplate = (build, { profile }) => {
 	const storageConfig = {
 		imports: [{
 			pkg: "@hot-updater/aws",
@@ -7580,16 +7580,11 @@ const getConfigTemplate = (build, { sessionToken }) => {
   })`
 	};
 	let intermediate = "";
-	if (sessionToken) intermediate = `
+	if (profile) intermediate = `
 const commonOptions = {
   bucketName: process.env.HOT_UPDATER_S3_BUCKET_NAME!,
   region: process.env.HOT_UPDATER_S3_REGION!,
-  credentials: {
-    accessKeyId: process.env.HOT_UPDATER_S3_ACCESS_KEY_ID!,
-    secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
-    // This token may expire. For permanent use, it's recommended to use a key with S3FullAccess and CloudFrontFullAccess permission and remove this field.
-    sessionToken: process.env.HOT_UPDATER_S3_SESSION_TOKEN!,
-  },
+  credentials: fromSSO({ profile: process.env.HOT_UPDATER_AWS_PROFILE! }),
 };`.trim();
 	else intermediate = `
 const commonOptions = {
@@ -7600,7 +7595,12 @@ const commonOptions = {
     secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
   },
 };`.trim();
-	return new __hot_updater_cli_tools.ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig).setIntermediateCode(intermediate).getResult();
+	const builder = new __hot_updater_cli_tools.ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig);
+	if (profile) builder.addImport({
+		pkg: "@aws-sdk/credential-provider-sso",
+		named: ["fromSSO"]
+	});
+	return builder.setIntermediateCode(intermediate).getResult();
 };
 const SOURCE_TEMPLATE = `// Add this to your App.tsx
 import { HotUpdater } from "@hot-updater/react-native";
@@ -7634,11 +7634,11 @@ const runInit = async ({ build }) => {
 	const mode = await __hot_updater_cli_tools.p.select({
 		message: "Select the mode to login to AWS",
 		options: [{
-			label: "AWS Access Key ID & Secret Access Key (Recommend)",
-			value: "account"
-		}, {
 			label: "AWS SSO Login",
 			value: "sso"
+		}, {
+			label: "AWS Access Key ID & Secret Access Key",
+			value: "account"
 		}]
 	});
 	if (__hot_updater_cli_tools.p.isCancel(mode)) process.exit(1);
@@ -7648,6 +7648,7 @@ const runInit = async ({ build }) => {
 	__hot_updater_cli_tools.p.log.message(`${__hot_updater_cli_tools.colors.blue("CloudFrontFullAccess")}: Create and update CloudFront distributions`);
 	__hot_updater_cli_tools.p.log.message(`${__hot_updater_cli_tools.colors.blue("IAMFullAccess")}: Get or create IAM roles for Lambda@Edge`);
 	__hot_updater_cli_tools.p.log.message(`${__hot_updater_cli_tools.colors.blue("AmazonSSMFullAccess")}: Access to SSM Parameters for storing CloudFront key pairs`);
+	let ssoProfile = null;
 	if (mode === "sso") try {
 		const profile = await __hot_updater_cli_tools.p.text({
 			message: "Enter the SSO profile name",
@@ -7655,6 +7656,7 @@ const runInit = async ({ build }) => {
 			placeholder: "default"
 		});
 		if (__hot_updater_cli_tools.p.isCancel(profile)) process.exit(1);
+		ssoProfile = profile;
 		await execa("aws", [
 			"sso",
 			"login",
@@ -7764,23 +7766,24 @@ const runInit = async ({ build }) => {
 		distributionId,
 		accountId
 	});
-	if (mode === "sso") await fs.default.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: true }));
-	else await fs.default.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: false }));
-	const comment = mode === "account" ? "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key." : "This key was generated via SSO login and may expire. Update it with an S3FullAccess and CloudFrontFullAccess key.";
+	await fs.default.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { profile: ssoProfile }));
 	await (0, __hot_updater_cli_tools.makeEnv)({
 		HOT_UPDATER_S3_BUCKET_NAME: bucketName,
 		HOT_UPDATER_S3_REGION: bucketRegion,
-		HOT_UPDATER_S3_ACCESS_KEY_ID: {
-			comment,
-			value: credentials.accessKeyId
-		},
-		HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
-			comment,
-			value: credentials.secretAccessKey
-		},
-		...mode === "sso" && { HOT_UPDATER_S3_SESSION_TOKEN: credentials.sessionToken },
+		...mode === "account" ? {
+			HOT_UPDATER_S3_ACCESS_KEY_ID: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.accessKeyId
+			},
+			HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.secretAccessKey
+			}
+		} : {},
+		...ssoProfile !== null ? { HOT_UPDATER_AWS_PROFILE: ssoProfile } : {},
 		HOT_UPDATER_CLOUDFRONT_DISTRIBUTION_ID: distributionId
 	});
+	if (mode === "sso") await (0, __hot_updater_cli_tools.ensureInstallPackages)({ devDependencies: ["@aws-sdk/credential-provider-sso"] });
 	__hot_updater_cli_tools.p.log.success("Generated '.env.hotupdater' file with AWS settings.");
 	__hot_updater_cli_tools.p.log.success("Generated 'hot-updater.config.ts' file with AWS settings.");
 	const sourceUrl = `https://${distributionDomain}/api/check-update`;

package/dist/iac/index.js

@@ -1,6 +1,6 @@
 import { createRequire } from "node:module";
 import { fromSSO } from "@aws-sdk/credential-providers";
-import { ConfigBuilder, colors, copyDirToTmp, createZip, getCwd, link, makeEnv, p, transformEnv, transformTemplate } from "@hot-updater/cli-tools";
+import { ConfigBuilder, colors, copyDirToTmp, createZip, ensureInstallPackages, getCwd, link, makeEnv, p, transformEnv, transformTemplate } from "@hot-updater/cli-tools";
 import { fileURLToPath } from "node:url";
 import { ChildProcess, execFile, spawn, spawnSync } from "node:child_process";
 import { StringDecoder } from "node:string_decoder";
@@ -7535,7 +7535,7 @@ var SSMKeyPairManager = class {
 
 //#endregion
 //#region iac/templates.ts
-const getConfigTemplate = (build, { sessionToken }) => {
+const getConfigTemplate = (build, { profile }) => {
 	const storageConfig = {
 		imports: [{
 			pkg: "@hot-updater/aws",
@@ -7554,16 +7554,11 @@ const getConfigTemplate = (build, { sessionToken }) => {
   })`
 	};
 	let intermediate = "";
-	if (sessionToken) intermediate = `
+	if (profile) intermediate = `
 const commonOptions = {
   bucketName: process.env.HOT_UPDATER_S3_BUCKET_NAME!,
   region: process.env.HOT_UPDATER_S3_REGION!,
-  credentials: {
-    accessKeyId: process.env.HOT_UPDATER_S3_ACCESS_KEY_ID!,
-    secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
-    // This token may expire. For permanent use, it's recommended to use a key with S3FullAccess and CloudFrontFullAccess permission and remove this field.
-    sessionToken: process.env.HOT_UPDATER_S3_SESSION_TOKEN!,
-  },
+  credentials: fromSSO({ profile: process.env.HOT_UPDATER_AWS_PROFILE! }),
 };`.trim();
 	else intermediate = `
 const commonOptions = {
@@ -7574,7 +7569,12 @@ const commonOptions = {
     secretAccessKey: process.env.HOT_UPDATER_S3_SECRET_ACCESS_KEY!,
   },
 };`.trim();
-	return new ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig).setIntermediateCode(intermediate).getResult();
+	const builder = new ConfigBuilder().setBuildType(build).setStorage(storageConfig).setDatabase(databaseConfig);
+	if (profile) builder.addImport({
+		pkg: "@aws-sdk/credential-provider-sso",
+		named: ["fromSSO"]
+	});
+	return builder.setIntermediateCode(intermediate).getResult();
 };
 const SOURCE_TEMPLATE = `// Add this to your App.tsx
 import { HotUpdater } from "@hot-updater/react-native";
@@ -7608,11 +7608,11 @@ const runInit = async ({ build }) => {
 	const mode = await p.select({
 		message: "Select the mode to login to AWS",
 		options: [{
-			label: "AWS Access Key ID & Secret Access Key (Recommend)",
-			value: "account"
-		}, {
 			label: "AWS SSO Login",
 			value: "sso"
+		}, {
+			label: "AWS Access Key ID & Secret Access Key",
+			value: "account"
 		}]
 	});
 	if (p.isCancel(mode)) process.exit(1);
@@ -7622,6 +7622,7 @@ const runInit = async ({ build }) => {
 	p.log.message(`${colors.blue("CloudFrontFullAccess")}: Create and update CloudFront distributions`);
 	p.log.message(`${colors.blue("IAMFullAccess")}: Get or create IAM roles for Lambda@Edge`);
 	p.log.message(`${colors.blue("AmazonSSMFullAccess")}: Access to SSM Parameters for storing CloudFront key pairs`);
+	let ssoProfile = null;
 	if (mode === "sso") try {
 		const profile = await p.text({
 			message: "Enter the SSO profile name",
@@ -7629,6 +7630,7 @@ const runInit = async ({ build }) => {
 			placeholder: "default"
 		});
 		if (p.isCancel(profile)) process.exit(1);
+		ssoProfile = profile;
 		await execa("aws", [
 			"sso",
 			"login",
@@ -7738,23 +7740,24 @@ const runInit = async ({ build }) => {
 		distributionId,
 		accountId
 	});
-	if (mode === "sso") await fs.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: true }));
-	else await fs.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { sessionToken: false }));
-	const comment = mode === "account" ? "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key." : "This key was generated via SSO login and may expire. Update it with an S3FullAccess and CloudFrontFullAccess key.";
+	await fs.promises.writeFile("hot-updater.config.ts", getConfigTemplate(build, { profile: ssoProfile }));
 	await makeEnv({
 		HOT_UPDATER_S3_BUCKET_NAME: bucketName,
 		HOT_UPDATER_S3_REGION: bucketRegion,
-		HOT_UPDATER_S3_ACCESS_KEY_ID: {
-			comment,
-			value: credentials.accessKeyId
-		},
-		HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
-			comment,
-			value: credentials.secretAccessKey
-		},
-		...mode === "sso" && { HOT_UPDATER_S3_SESSION_TOKEN: credentials.sessionToken },
+		...mode === "account" ? {
+			HOT_UPDATER_S3_ACCESS_KEY_ID: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.accessKeyId
+			},
+			HOT_UPDATER_S3_SECRET_ACCESS_KEY: {
+				comment: "The current key may have excessive permissions. Update it with an S3FullAccess and CloudFrontFullAccess key.",
+				value: credentials.secretAccessKey
+			}
+		} : {},
+		...ssoProfile !== null ? { HOT_UPDATER_AWS_PROFILE: ssoProfile } : {},
 		HOT_UPDATER_CLOUDFRONT_DISTRIBUTION_ID: distributionId
 	});
+	if (mode === "sso") await ensureInstallPackages({ devDependencies: ["@aws-sdk/credential-provider-sso"] });
 	p.log.success("Generated '.env.hotupdater' file with AWS settings.");
 	p.log.success("Generated 'hot-updater.config.ts' file with AWS settings.");
 	const sourceUrl = `https://${distributionDomain}/api/check-update`;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@hot-updater/aws",
   "type": "module",
-  "version": "0.24.5",
+  "version": "0.24.7",
   "description": "React Native OTA solution for self-hosted",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
@@ -44,9 +44,9 @@
     "execa": "9.5.2",
     "hono": "^4.6.3",
     "mime": "^4.0.4",
-    "@hot-updater/core": "0.24.5",
-    "@hot-updater/js": "0.24.5",
-    "@hot-updater/test-utils": "0.24.5"
+    "@hot-updater/core": "0.24.7",
+    "@hot-updater/js": "0.24.7",
+    "@hot-updater/test-utils": "0.24.7"
   },
   "dependencies": {
     "@aws-sdk/client-cloudfront": "3.772.0",
@@ -59,8 +59,8 @@
     "@aws-sdk/credential-providers": "3.772.0",
     "@aws-sdk/lib-storage": "3.772.0",
     "aws-lambda": "1.0.7",
-    "@hot-updater/plugin-core": "0.24.5",
-    "@hot-updater/cli-tools": "0.24.5"
+    "@hot-updater/plugin-core": "0.24.7",
+    "@hot-updater/cli-tools": "0.24.7"
   },
   "scripts": {
     "build": "tsdown",