@jaypie/mcp 0.8.42 → 0.8.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -9,7 +9,7 @@ import { gt } from 'semver';
|
|
|
9
9
|
/**
|
|
10
10
|
* Docs Suite - Documentation services (skill, version, release_notes)
|
|
11
11
|
*/
|
|
12
|
-
const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.
|
|
12
|
+
const BUILD_VERSION_STRING = "@jaypie/mcp@0.8.43#947cd2b1"
|
|
13
13
|
;
|
|
14
14
|
const __filename$1 = fileURLToPath(import.meta.url);
|
|
15
15
|
const __dirname$1 = path.dirname(__filename$1);
|
package/package.json
CHANGED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
---
|
|
2
|
+
version: 1.2.51
|
|
3
|
+
date: 2026-04-19
|
|
4
|
+
summary: JaypieGitHubDeployRole grants ECR auth and push by default, scoped to <sponsor>-* repositories
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Changes
|
|
8
|
+
|
|
9
|
+
- `JaypieGitHubDeployRole` grants `ecr:GetAuthorizationToken` on `*` and push actions (`ecr:BatchCheckLayerAvailability`, `ecr:BatchGetImage`, `ecr:CompleteLayerUpload`, `ecr:CreateRepository`, `ecr:DescribeRepositories`, `ecr:InitiateLayerUpload`, `ecr:PutImage`, `ecr:UploadLayerPart`) scoped to `arn:aws:ecr:*:<account>:repository/<sponsor>-*` by default.
|
|
10
|
+
- Sponsor is resolved from `sponsor` prop, `PROJECT_SPONSOR`, or the organization parsed from `CDK_ENV_REPO` / `PROJECT_REPO` (same parse that produces the `repoRestriction`), keeping ECR scope aligned with the OIDC `sub` condition.
|
|
11
|
+
- New `sponsor` and `ecr` props on `JaypieGitHubDeployRoleProps`. Set `ecr: false` to opt out.
|
|
12
|
+
|
|
13
|
+
## Motivation
|
|
14
|
+
|
|
15
|
+
Any project shipping a Docker artifact (ECS/Fargate, Lambda containers) needs ECR auth + push on the GitHub Actions deploy role. Previously every consumer had to extend the role downstream. Since `JaypieGitHubDeployRole` already constrains the OIDC `sub` to the organization's repos, granting ECR by default removes boilerplate without expanding the threat surface.
|
|
16
|
+
|
|
17
|
+
## Migration
|
|
18
|
+
|
|
19
|
+
- Consumers deploying from a sponsor-scoped monorepo (`<sponsor>-*`) see no change beyond new default permissions.
|
|
20
|
+
- Consumers who previously extended the role for ECR can remove the inline statements.
|
|
21
|
+
- To keep prior behavior with no ECR permissions, pass `ecr: false`.
|
|
22
|
+
- If no sponsor can be resolved (no `sponsor` prop, `PROJECT_SPONSOR`, `CDK_ENV_REPO`, or `PROJECT_REPO`), construction throws `ConfigurationError`; set `ecr: false` to skip the check.
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
---
|
|
2
|
+
version: 0.8.43
|
|
3
|
+
date: 2026-04-19
|
|
4
|
+
summary: Release notes for @jaypie/constructs 1.2.51 (ECR defaults on JaypieGitHubDeployRole)
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Changes
|
|
8
|
+
|
|
9
|
+
- Adds release notes for `@jaypie/constructs` 1.2.51, which grants ECR auth + push permissions by default on `JaypieGitHubDeployRole`, scoped to `<sponsor>-*` repositories.
|