@lsts_tech/infra 1.0.0

package/templates/env.example

@@ -0,0 +1,38 @@
+# Provider support in v1.0.0: AWS only
+INFRA_PROVIDER=__PROVIDER__
+
+# SST app identity
+INFRA_APP_NAME=__APP_NAME__
+
+# Core domain and repository
+INFRA_ROOT_DOMAIN=__ROOT_DOMAIN__
+INFRA_PIPELINE_REPO=__PIPELINE_REPO__
+INFRA_PIPELINE_PREFIX=__PROJECT_PREFIX__
+INFRA_PROJECT_TAG=__PROJECT_PREFIX__
+
+# Optional pipeline stages: production,dev,mobile
+INFRA_PIPELINES=__PIPELINES_DEFAULT__
+INFRA_PIPELINE_BRANCH_PROD=__BRANCH_PROD__
+INFRA_PIPELINE_BRANCH_DEV=__BRANCH_DEV__
+INFRA_PIPELINE_BRANCH_MOBILE=__BRANCH_MOBILE__
+
+# Optional Expo static site deployment
+INFRA_ENABLE_EXPO_SITE=__ENABLE_EXPO_SITE__
+
+# Optional explicit domain overrides per stage
+INFRA_WEB_DOMAIN_PRODUCTION=__ROOT_DOMAIN__
+INFRA_WEB_DOMAIN_DEV=dev.__ROOT_DOMAIN__
+INFRA_WEB_DOMAIN_MOBILE=api.__ROOT_DOMAIN__
+
+INFRA_EXPO_DOMAIN_PRODUCTION=mobile.__ROOT_DOMAIN__
+INFRA_EXPO_DOMAIN_DEV=dev.mobile.__ROOT_DOMAIN__
+INFRA_EXPO_DOMAIN_MOBILE=preview.mobile.__ROOT_DOMAIN__
+
+# Optional existing ACM cert ARNs (leave empty to let SST manage certificates)
+INFRA_WEB_CERT_ARN_PRODUCTION=
+INFRA_WEB_CERT_ARN_DEV=
+INFRA_WEB_CERT_ARN_MOBILE=
+
+INFRA_EXPO_CERT_ARN_PRODUCTION=
+INFRA_EXPO_CERT_ARN_DEV=
+INFRA_EXPO_CERT_ARN_MOBILE=

package/templates/infra.config.ts

@@ -0,0 +1,199 @@
+/**
+ * Template: infra.config.ts
+ *
+ * Generated by `npx @lsts_tech/infra init`.
+ * This file is white-label and environment-driven for public repositories.
+ */
+
+/// <reference path="./sst-env.d.ts" />
+
+import { resolveDomain, createNextSite, createExpoSite, createPipeline } from "@lsts_tech/infra";
+
+type PipelineStage = "production" | "dev" | "mobile";
+
+const secrets = {
+  DatabaseUrl: new sst.Secret("DatabaseUrl"),
+  AuthSecret: new sst.Secret("AuthSecret"),
+};
+
+const rootDomain = process.env.INFRA_ROOT_DOMAIN ?? "__ROOT_DOMAIN__";
+const pipelineRepo = process.env.INFRA_PIPELINE_REPO ?? "__PIPELINE_REPO__";
+const pipelinePrefix = process.env.INFRA_PIPELINE_PREFIX ?? "__PROJECT_PREFIX__";
+const pipelineProjectTag = process.env.INFRA_PROJECT_TAG ?? "__PROJECT_PREFIX__";
+const appName = process.env.INFRA_APP_NAME ?? "__PROJECT_PREFIX__";
+const selectedPipelinesRaw = process.env.INFRA_PIPELINES ?? "__PIPELINES_DEFAULT__";
+const enableExpoSite = (process.env.INFRA_ENABLE_EXPO_SITE ?? "__ENABLE_EXPO_SITE__") === "true";
+
+const webStageMap: Record<string, string> = {
+  production: process.env.INFRA_WEB_DOMAIN_PRODUCTION ?? rootDomain,
+  dev: process.env.INFRA_WEB_DOMAIN_DEV ?? `dev.${rootDomain}`,
+  mobile: process.env.INFRA_WEB_DOMAIN_MOBILE ?? `api.${rootDomain}`,
+};
+
+const expoStageMap: Record<string, string> = {
+  production: process.env.INFRA_EXPO_DOMAIN_PRODUCTION ?? `mobile.${rootDomain}`,
+  dev: process.env.INFRA_EXPO_DOMAIN_DEV ?? `dev.mobile.${rootDomain}`,
+  mobile: process.env.INFRA_EXPO_DOMAIN_MOBILE ?? `preview.mobile.${rootDomain}`,
+};
+
+const webCerts: Record<string, string | undefined> = {
+  production: process.env.INFRA_WEB_CERT_ARN_PRODUCTION,
+  dev: process.env.INFRA_WEB_CERT_ARN_DEV,
+  mobile: process.env.INFRA_WEB_CERT_ARN_MOBILE,
+};
+
+const expoCerts: Record<string, string | undefined> = {
+  production: process.env.INFRA_EXPO_CERT_ARN_PRODUCTION,
+  dev: process.env.INFRA_EXPO_CERT_ARN_DEV,
+  mobile: process.env.INFRA_EXPO_CERT_ARN_MOBILE,
+};
+
+const commonBuildEnv = {
+  INFRA_APP_NAME: appName,
+  INFRA_ROOT_DOMAIN: rootDomain,
+  INFRA_PIPELINE_REPO: pipelineRepo,
+  INFRA_PIPELINE_PREFIX: pipelinePrefix,
+  INFRA_PROJECT_TAG: pipelineProjectTag,
+  INFRA_PIPELINE_BRANCH_PROD: process.env.INFRA_PIPELINE_BRANCH_PROD ?? "__BRANCH_PROD__",
+  INFRA_PIPELINE_BRANCH_DEV: process.env.INFRA_PIPELINE_BRANCH_DEV ?? "__BRANCH_DEV__",
+  INFRA_PIPELINE_BRANCH_MOBILE: process.env.INFRA_PIPELINE_BRANCH_MOBILE ?? "__BRANCH_MOBILE__",
+  INFRA_WEB_DOMAIN_PRODUCTION: webStageMap.production,
+  INFRA_WEB_DOMAIN_DEV: webStageMap.dev,
+  INFRA_WEB_DOMAIN_MOBILE: webStageMap.mobile,
+  INFRA_EXPO_DOMAIN_PRODUCTION: expoStageMap.production,
+  INFRA_EXPO_DOMAIN_DEV: expoStageMap.dev,
+  INFRA_EXPO_DOMAIN_MOBILE: expoStageMap.mobile,
+  INFRA_WEB_CERT_ARN_PRODUCTION: webCerts.production ?? "",
+  INFRA_WEB_CERT_ARN_DEV: webCerts.dev ?? "",
+  INFRA_WEB_CERT_ARN_MOBILE: webCerts.mobile ?? "",
+  INFRA_EXPO_CERT_ARN_PRODUCTION: expoCerts.production ?? "",
+  INFRA_EXPO_CERT_ARN_DEV: expoCerts.dev ?? "",
+  INFRA_EXPO_CERT_ARN_MOBILE: expoCerts.mobile ?? "",
+  DOMAIN_ROOT: rootDomain,
+  PROJECT_PREFIX: pipelinePrefix,
+  PREFIX: pipelinePrefix,
+  DOMAIN_PRODUCTION: webStageMap.production,
+  DOMAIN_DEV: webStageMap.dev,
+  DOMAIN_MOBILE: webStageMap.mobile,
+};
+
+function parsePipelineStage(value: string): PipelineStage | undefined {
+  const normalized = value.trim().toLowerCase();
+  if (normalized === "production" || normalized === "prod") return "production";
+  if (normalized === "dev") return "dev";
+  if (normalized === "mobile") return "mobile";
+  return undefined;
+}
+
+const selectedPipelines = new Set<PipelineStage>(
+  selectedPipelinesRaw
+    .split(",")
+    .map((value) => parsePipelineStage(value))
+    .filter((value): value is PipelineStage => value !== undefined)
+);
+
+const pipelineSpecs: Record<PipelineStage, { suffix: string; branch: string; stage: PipelineStage }> = {
+  production: {
+    suffix: "prod",
+    branch: process.env.INFRA_PIPELINE_BRANCH_PROD ?? "__BRANCH_PROD__",
+    stage: "production",
+  },
+  dev: {
+    suffix: "dev",
+    branch: process.env.INFRA_PIPELINE_BRANCH_DEV ?? "__BRANCH_DEV__",
+    stage: "dev",
+  },
+  mobile: {
+    suffix: "mobile",
+    branch: process.env.INFRA_PIPELINE_BRANCH_MOBILE ?? "__BRANCH_MOBILE__",
+    stage: "mobile",
+  },
+};
+
+export function createInfrastructure() {
+  const stage = $app.stage;
+
+  const { domain, domainName } = resolveDomain({
+    rootDomain,
+    stage,
+    stageMap: webStageMap,
+  });
+
+  const { url } = createNextSite({
+    appPath: "../../apps/web",
+    id: `web-${stage}`,
+    domain,
+    certificateArn: webCerts[stage],
+    environment: {
+      NEXT_PUBLIC_APP_URL: `https://${domainName}`,
+      DATABASE_URL: secrets.DatabaseUrl.value,
+      AUTH_SECRET: secrets.AuthSecret.value,
+    },
+    warm: stage === "production" ? 1 : 0,
+    invalidation: {
+      paths: ["/*"],
+      wait: stage === "production",
+    },
+  });
+
+  let mobileUrl: string | undefined;
+  let mobileDomainName: string | undefined;
+
+  if (enableExpoSite) {
+    const expoDomainResult = resolveDomain({
+      rootDomain,
+      stage,
+      stageMap: expoStageMap,
+    });
+
+    mobileDomainName = expoDomainResult.domainName;
+
+    const expoSiteResult = createExpoSite({
+      appPath: "../../apps/mobile",
+      id: `mobile-${stage}`,
+      domain: expoDomainResult.domain,
+      certificateArn: expoCerts[stage],
+      environment: {
+        EXPO_PUBLIC_API_URL: `https://${domainName}/api`,
+      },
+      invalidation: {
+        paths: ["/*"],
+        wait: stage === "production" || stage === "mobile",
+      },
+    });
+
+    mobileUrl = expoSiteResult.url;
+  }
+
+  const outputs: Record<string, unknown> = {
+    siteUrl: url,
+    domain: domainName,
+  };
+
+  if (mobileUrl && mobileDomainName) {
+    outputs.mobileUrl = mobileUrl;
+    outputs.mobileDomain = mobileDomainName;
+  }
+
+  if (stage === "production" && selectedPipelines.size > 0) {
+    const pipelineOutputs: Record<string, string> = {};
+
+    for (const pipelineStage of selectedPipelines) {
+      const spec = pipelineSpecs[pipelineStage];
+      const pipeline = createPipeline({
+        name: `${pipelinePrefix}-${spec.suffix}`,
+        repo: pipelineRepo,
+        branch: spec.branch,
+        stage: spec.stage,
+        projectTag: pipelineProjectTag,
+        buildEnv: commonBuildEnv,
+      });
+
+      pipelineOutputs[`${pipelineStage}PipelineName`] = pipeline.pipelineName;
+    }
+
+    outputs.pipelines = pipelineOutputs;
+  }
+
+  return outputs;
+}

package/templates/secrets.schema.json

@@ -0,0 +1,20 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "title": "Secrets Schema",
+    "description": "Define the required secrets for your web app deployment. Use with the ensure-secrets.sh script to provision placeholders or real values via `sst secret set`.",
+    "type": "object",
+    "properties": {
+        "DatabaseUrl": {
+            "type": "string",
+            "description": "Database connection string"
+        },
+        "AuthSecret": {
+            "type": "string",
+            "description": "Application auth secret (for session signing, JWT, etc.)"
+        }
+    },
+    "required": [
+        "DatabaseUrl",
+        "AuthSecret"
+    ]
+}

package/templates/sst-env.d.ts

@@ -0,0 +1,50 @@
+/**
+ * SST v3 (Ion) Global Type Declarations
+ *
+ * Lightweight stubs for standalone TypeScript compilation.
+ * Replace or regenerate this file with SST-generated types in your project if needed.
+ */
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+declare const sst: {
+  aws: {
+    Nextjs: new (id: string, props: any) => any;
+    StaticSite: new (id: string, props: any) => any;
+    [key: string]: any;
+  };
+  Secret: new (name: string) => { value: any };
+  [key: string]: any;
+};
+
+declare const aws: {
+  codestarconnections: {
+    Connection: new (name: string, props: any) => { arn: any };
+  };
+  s3: {
+    BucketV2: new (name: string, props: any) => { id: any; arn: any; bucket: any };
+    BucketLifecycleConfigurationV2: new (name: string, props: any) => any;
+  };
+  iam: {
+    Role: new (name: string, props: any) => { id: any; arn: any; name: any };
+    RolePolicy: new (name: string, props: any) => any;
+    RolePolicyAttachment: new (name: string, props: any) => any;
+  };
+  codebuild: {
+    Project: new (name: string, props: any) => { arn: any; name: any };
+  };
+  codepipeline: {
+    Pipeline: new (name: string, props: any) => { name: any; arn: any };
+  };
+  [key: string]: any;
+};
+
+declare const $app: {
+  stage: string;
+  name: string;
+  [key: string]: any;
+};
+
+declare function $interpolate(strings: TemplateStringsArray, ...values: any[]): any;
+declare function $jsonStringify(obj: any): any;
+declare function $config(config: any): any;

package/templates/sst.config.ts

@@ -0,0 +1,28 @@
+/// <reference path="./sst-env.d.ts" />
+
+/**
+ * Template: sst.config.ts
+ *
+ * Generated by `npx @lsts_tech/infra init`.
+ * Provider support in v1.0.0: AWS only.
+ */
+
+export default $config({
+  app(input: any) {
+    return {
+      name: process.env.INFRA_APP_NAME ?? "__APP_NAME__",
+      removal: input?.stage === "production" ? "retain" : "remove",
+      protect: ["production"].includes(input?.stage),
+      home: "aws",
+      providers: {
+        aws: {
+          region: process.env.AWS_REGION ?? "us-east-1",
+        },
+      },
+    };
+  },
+  async run() {
+    const { createInfrastructure } = await import("./infra.config.js");
+    return createInfrastructure();
+  },
+});