@ossy/deployment-tools 0.0.94 → 0.0.98

package/CHANGELOG.md

@@ -0,0 +1,32 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## 0.0.98 (2026-03-28)
+
+**Note:** Version bump only for package @ossy/deployment-tools
+
+
+
+
+
+## 0.0.97 (2026-03-28)
+
+**Note:** Version bump only for package @ossy/deployment-tools
+
+
+
+
+
+## 0.0.96 (2026-03-28)
+
+**Note:** Version bump only for package @ossy/deployment-tools
+
+
+
+
+
+## 0.0.95 (2026-03-28)
+
+**Note:** Version bump only for package @ossy/deployment-tools

package/README.md

@@ -1,7 +1,7 @@
 # @ossy/deployment-tools
 
 Collection of scripts and tools to aid deployment of
-containers and static files to Amazon Web Services through GitHub Actions
+containers and static files to Amazon Web Services through GitHub Actions.
 
 ## Server
 
@@ -26,22 +26,45 @@ npx @ossy/deployment-tools server status
 
 ## Deployment
 
-### deploy
-Sends a deployment request to the aws sqs deployment queue.
+The first argument after the package name is the **handler** (`deployment`). Commands are **`deployment deploy`** (one site) and **`deployment deploy-all`** (every deployment entry for a platform).
+
+Deployments are read from a **glob** of JSON files (e.g. `deployments.json`), and platform definitions from a **platforms** JSON file. Domain and platform for a given site are **not** taken from `ossy.json`; they live in those deployment records (and, in app workflows, mirror **`domain` / `platform` in `src/config.js`** when you use **`@ossy/cli publish`**).
+
+### deploy (single domain)
+
 ```bash
-npx --yes @ossy/deployment-tools deploy \
-  --username ${{ github.actor }} \
-  --authentication ${{ secrets.GITHUB_TOKEN }} \
-  --target-env ${{ github.event.inputs.environmentName }} \
-  --platforms packages/infrastructure/bin/deployment-platforms.json \
-  --ossyfile packages/${{ github.event.inputs.packageName }}/ossy.json \
+npx --yes @ossy/deployment-tools deployment deploy \
+  --username "${{ github.actor }}" \
+  --authentication "${{ secrets.GITHUB_TOKEN }}" \
+  --domain example.com \
+  --platform my-platform \
+  --platforms-path packages/infrastructure/bin/deployment-platforms.json \
+  --deployments-path "packages/infrastructure/deployments/**/*.json"
+```
+
+| Flag | Alias | Description |
+|------|--------|-------------|
+| `--username` | `-u` | User recorded on the deployment request |
+| `--authentication` | `-a` | Token used to authorize the request |
+| `--domain` | `-d` | Target site domain (must match an entry under that platform in the deployments glob) |
+| `--platform` | `-p` | Target deployment platform name |
+| `--platforms-path` | `-pp` | Path to platforms JSON (AWS / queue config) |
+| `--deployments-path` | `-dp` | Glob of deployment JSON files |
+
+### deploy-all (whole platform)
+
+```bash
+npx --yes @ossy/deployment-tools deployment deploy-all \
+  --username "${{ github.actor }}" \
+  --authentication "${{ secrets.GITHUB_TOKEN }}" \
+  --platform my-platform \
+  --platforms-path packages/infrastructure/bin/deployment-platforms.json \
+  --deployments-path "packages/infrastructure/deployments/**/*.json"
 ```
 
-The `cdk.json` file tells the CDK Toolkit how to execute your app.
+### Apps: use @ossy/cli publish
 
-* `cdk deploy`      deploy this stack to your default AWS account/region
-* `cdk diff`        compare deployed stack with current state
-* `cdk synth`       emits the synthesized CloudFormation template
+For Ossy apps, prefer **`npx @ossy/cli publish`** from the website package: it resolves **`--domain` / `--platform`** from **`src/config.js`** (or **`--config`**) when possible, calls **`deployment deploy`** (or **`deploy-all`** with **`--all`**), then can upload **resource templates** from the same config. See **`packages/cli/README.md`**.
 
 ## Useful commands
 
@@ -84,7 +107,7 @@ journalctl -u docker.service -n 200 -f
  - 1 release new version of the npm package with `npm publish`
  - 2 ssh into the instance with `ssh -i path/to/keys ubuntu@<ip>`
  - 3 stop the deployment-tools services with `sudo systemctl stop deployment-tools.service`
- - 4 remove the old version of the tool woth `rm -rf ~/.npm/_npx`
+ - 4 remove the old version of the tool with `rm -rf ~/.npm/_npx`
  - 5 start the deployment-tools services again with `sudo systemctl start deployment-tools.service`
 
 That's it, the service will download the latest version of the package.
@@ -103,4 +126,4 @@ sudo apt-get install -y nodejs
 # Verify the installation
 node --version
 npm --version
-```
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ossy/deployment-tools",
-  "version": "0.0.94",
+  "version": "0.0.98",
   "description": "Collection of scripts and tools to aid deployment of containers and static files to Amazon Web Services through GitHub Actions",
   "source": "./src/index.js",
   "main": "./src/index.js",
@@ -30,5 +30,6 @@
   "devDependencies": {
     "jest": "^27.5.1",
     "jsdoc": "^4.0.2"
-  }
+  },
+  "gitHead": "f9c6ce7e08475bc0c96cae92e1eff3404964e315"
 }

package/src/deploy/cli.js

@@ -11,7 +11,7 @@ const deploy = options => {
     '-u': '--username',
 
     '--authentication': String,
-    '--a': '--authentication',
+    '-a': '--authentication',
 
     '--domain': String,
     '-d': '--domain',
@@ -46,7 +46,7 @@ const deployAll = options => {
     '-u': '--username',
 
     '--authentication': String,
-    '--a': '--authentication',
+    '-a': '--authentication',
 
     '--platform': String,
     '-p': '--platform',

package/src/infrastructure/container-deployment-target/container-deployment-target.js

@@ -76,7 +76,9 @@ class ContainerDeploymentTarget extends Construct {
 
     const platformConfigDeployment = new BucketDeployment(this, 'PlatformConfigDeployment', {
       sources: [Source.jsonData('platform-config.json', { ...props.config, awsRoleToAssume: undefined })],
-      destinationBucket: props.bucket
+      destinationBucket: props.bucket,
+      // Default prune:true would delete every other object (e.g. media/*) on each infra deploy.
+      prune: false
     })
 
     const role = new Role(this, 'role', {

package/src/infrastructure/deployment-target-stack.js

@@ -1,9 +1,9 @@
 /* eslint-disable no-new */
-const { nanoid } = require('nanoid')
 const { CfnOutput, Stack, RemovalPolicy } = require('aws-cdk-lib')
+const { BackupPlan, BackupVault, BackupResource } = require('aws-cdk-lib/aws-backup')
 const { Bucket, BlockPublicAccess } = require('aws-cdk-lib/aws-s3')
-const { Distribution, PriceClass } = require('aws-cdk-lib/aws-cloudfront')
-const { S3BucketOrigin,  } = require('aws-cdk-lib/aws-cloudfront-origins')
+const { Distribution, PriceClass, ResponseHeadersPolicy } = require('aws-cdk-lib/aws-cloudfront')
+const { S3BucketOrigin } = require('aws-cdk-lib/aws-cloudfront-origins')
 const { ContainerDeploymentTarget } = require('./container-deployment-target')
 
 /**
@@ -17,11 +17,6 @@ class DeploymentTargetStack extends Stack {
       throw ('[DeploymentTargetStack] No template provided')
     }
 
-    // create a bucket name before running cdk deploy and put it in config
-    // so that it won't change when updating resources
-    // const bucketId = nanoid().toLowerCase().replaceAll('_', '').replaceAll('-', '')
-    // const bucketName = `${props.config.platformName}-${bucketId}`
-
     // TODO: Check if the bucket already exists and use it
     // instead of having the whole deployment fail
     const staticDeploymentTarget =
@@ -30,6 +25,7 @@ class DeploymentTargetStack extends Stack {
         blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
         removalPolicy: RemovalPolicy.RETAIN,
         autoDeleteObjects: false,
+        versioned: true,
         cors: [{
           allowedHeaders: ['*'],
           allowedMethods: ['GET', 'PUT', 'POST' ],
@@ -38,9 +34,26 @@ class DeploymentTargetStack extends Stack {
         }]
       })
 
+    const mediaBackupVault = new BackupVault(this, 'StaticMediaBackupVault', {
+      backupVaultName: `${props.config.platformName}-static-media`,
+      removalPolicy: RemovalPolicy.RETAIN
+    })
+
+    const mediaBackupPlan = BackupPlan.daily35DayRetention(this, 'StaticMediaBackupPlan', mediaBackupVault)
+
+    mediaBackupPlan.addSelection('StaticDeploymentTargetBucket', {
+      backupSelectionName: `${props.config.platformName}-s3-static-media`,
+      resources: [BackupResource.fromArn(staticDeploymentTarget.bucketArn)],
+      allowRestores: true
+    })
+
     const mediaCDN = new Distribution(this, 'Media', {
         defaultBehavior: {
-          origin: S3BucketOrigin.withOriginAccessControl(staticDeploymentTarget, { originPath: '/media' })
+          origin: S3BucketOrigin.withOriginAccessControl(staticDeploymentTarget, { originPath: '/media' }),
+          // S3 bucket CORS does not add headers on viewer responses; without this, browser fetch()
+          // to the CDN is cross-origin and Chrome may block with net::ERR_BLOCKED_BY_ORB.
+          responseHeadersPolicy:
+            ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT
         },
         priceClass: PriceClass.PRICE_CLASS_100
       })