@kirschbaum-development/sst-laravel 0.1.5 → 0.1.6

package/README.md

@@ -137,6 +137,8 @@ There are multiple ways to configure environment variables. If you want SST Lara
 
 The below configuration would copy a file named `.env.$STAGE` (e.g. `.env.production`) into the deployment containers as your `.env` file.
 
+### Environment File
+
 ```js
 const app = new LaravelService('MyLaravelApp', {
   // ...
@@ -161,6 +163,21 @@ const app = new LaravelService('MyLaravelApp', {
 });
 ```
 
+### SST Secrets
+
+You can also use SST Secrets to store your environment variables. This is a more secure way to store your environment variables.
+
+```js
+const APP_KEY = new sst.Secret("APP_KEY");
+const DB_PASSWORD = new sst.Secret("DB_PASSWORD");
+
+const app = new LaravelService('MyLaravelApp', {
+  link: [APP_KEY, DB_PASSWORD],
+});
+```
+
+This will automatically inject the environment variables into the `.env` file of your Laravel application. Read more about SST Secrets [here](https://sst.dev/docs/component/secret/).
+
 ### Resources
 
 In SST, you can [link resources](https://sst.dev/docs/linking). If you link resources to your Laravel component, SST Laravel will automatically inject and configure environment variables using sensible defaults for all the linked resources.
@@ -345,11 +362,20 @@ In case you get the following error when running SST commands, run `npx sst-lara
    - node_modules/@kirschbaum-development/sst-laravel/laravel-sst.ts:6:26 Could not resolve "../../../.sst/platform/src/components/component.js"
 ```
 
+**CD: AWS credentials are not configured**
+
+If you are getting the following error when deploying (usually via CI/CD), the issue is usually that you have a `.env` or `.env.{stage}` that contains the `AWS_ACCESS_KEY_ID` and 
+`AWS_SECRET_ACCESS_KEY` keys. They should be removed from the environment file and you should be relying on the IAM role to give your app permissions to access AWS resources (which is more secure anyway).
+
+```
+✕  AWS credentials are not configured. Try configuring your profile in `~/.aws/config` and setting the `AWS_PROFILE` environment variable or specifying `providers.aws.profile` in your sst.config.ts
+   aws: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, failed to get API token, operation error ec2imds: getToken, http response error StatusCode: 400, request to EC2 IMDS failed
+```
+
 ***
 
 ### Roadmap
 
-* Support for [SST Secrets](https://sst.dev/docs/component/secret/);
 * Extend base Docker images;
 * Add support for Inertia SSR;
 * Add support for Octane with FrankedPHP;

package/laravel-sst.ts

@@ -9,7 +9,7 @@ import { Input } from "../../../.sst/platform/src/components/input.js";
 import { ClusterArgs } from "../../../.sst/platform/src/components/aws/cluster.js";
 import { ServiceArgs } from "../../../.sst/platform/src/components/aws/service.js";
 import { Dns } from "../../../.sst/platform/src/components/dns.js";
-import { applyLinkedResourcesEnv, EnvCallback, EnvCallbacks } from "./src/laravel-env";
+import { applyLinkedResourcesEnv, EnvCallback, EnvCallbacks, extractSecrets } from "./src/laravel-env";
 
 // duplicate from cluster.ts
 type Port = `${number}/${"http" | "https" | "tcp" | "udp" | "tcp_udp" | "tls"}`;
@@ -516,6 +516,13 @@ export class LaravelService extends Component {
           fs.appendFileSync(envFilePath, '\n' + envContent);
         }
       });
+
+      const secrets = extractSecrets(resources);
+      secrets.forEach(secret => {
+        all([secret.name, secret.value]).apply(([name, value]) => {
+          fs.appendFileSync(envFilePath, `\n${name}=${value}`);
+        });
+      });
     };
 
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kirschbaum-development/sst-laravel",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "type": "module",
   "description": "An unofficial extension of SST to deploy containerized Laravel applications to AWS Fargate.",
   "main": "laravel-sst.ts",

package/src/laravel-env.ts

@@ -7,10 +7,11 @@ import * as pulumiAws from "@pulumi/aws";
 import { Queue } from "../../../../.sst/platform/src/components/aws/queue.js";
 import { Aurora } from "../../../../.sst/platform/src/components/aws/aurora.js";
 import { Bucket } from "../../../../.sst/platform/src/components/aws/bucket.js";
+import { Secret } from "../../../../.sst/platform/src/components/secret.js";
 
 type EnvType = Record<string, string | Output<string>>|Record<string, string | Output<string | undefined> | undefined>;
 type Database = Postgres | Mysql | Aurora | pulumiAws.rds.Instance;
-type LinkSupportedTypes = Database | Email | Queue | Redis | Bucket;
+type LinkSupportedTypes = Database | Email | Queue | Redis | Bucket | Secret;
 
 export type EnvCallback = (resource: any) => EnvType;
 export type EnvCallbacks = {
@@ -73,11 +74,16 @@ export function applyLinkedResourcesEnv(links: LinkSupportedTypes[], callbacks?:
         ...defaultEnv,
       };
     }
+
   });
 
   return environment;
 }
 
+export function extractSecrets(links: LinkSupportedTypes[]): Secret[] {
+  return links.filter((link): link is Secret => link instanceof Secret);
+}
+
 function applyDatabaseEnv(database: Database, callbacks?: EnvCallbacks): EnvType {
   let port: number | undefined;
 database.port.apply(value => port = value);