create-aws-project 1.5.0 → 1.6.0

package/dist/commands/initialize-github.js

@@ -10,7 +10,6 @@ import prompts from 'prompts';
 import pc from 'picocolors';
 import { execSync } from 'node:child_process';
 import { requireProjectContext } from '../utils/project-context.js';
-import { createCrossAccountIAMClient, createDeploymentUserWithCredentials, createAccessKey, } from '../aws/iam.js';
 import { createGitHubClient, setEnvironmentCredentials, parseGitHubUrl, } from '../github/secrets.js';
 const VALID_ENVIRONMENTS = ['dev', 'stage', 'prod'];
 /**
@@ -151,49 +150,55 @@ async function promptForRepoInfo() {
     return parseGitHubUrl(response.repo);
 }
 /**
- * Handles AWS and GitHub errors with actionable messages
+ * Determines batch environments from CLI args
+ * @param args Command arguments
+ * @param config Project config with deployment credentials
+ * @returns Array of environments to configure
+ */
+function determineBatchEnvironments(args, config) {
+    if (args.includes('--all')) {
+        const envs = VALID_ENVIRONMENTS.filter(env => config.deploymentCredentials?.[env]);
+        if (envs.length === 0) {
+            console.error(pc.red('Error:') + ' No environments have credentials configured.');
+            console.error('Run setup-aws-envs first to create deployment credentials:');
+            console.error(`  ${pc.cyan('npx create-aws-project setup-aws-envs')}`);
+            process.exit(1);
+        }
+        return [...envs];
+    }
+    // Multiple positional arguments (filter out flags)
+    const envArgs = args.filter(arg => !arg.startsWith('--'));
+    for (const envArg of envArgs) {
+        if (envArg !== envArg.toLowerCase()) {
+            console.error(pc.red('Error:') + ` Environment must be lowercase: ${pc.bold(envArg)}`);
+            console.error(`Did you mean: ${pc.cyan(envArg.toLowerCase())}?`);
+            process.exit(1);
+        }
+        if (!isValidEnvironment(envArg)) {
+            console.error(pc.red('Error:') + ` Invalid environment: ${pc.bold(envArg)}`);
+            console.error('Valid environments: ' + VALID_ENVIRONMENTS.join(', '));
+            process.exit(1);
+        }
+        if (!config.deploymentCredentials?.[envArg]) {
+            console.error(pc.red('Error:') + ` No credentials for ${pc.bold(envArg)}.`);
+            console.error('Run setup-aws-envs first to create deployment credentials:');
+            console.error(`  ${pc.cyan('npx create-aws-project setup-aws-envs')}`);
+            process.exit(1);
+        }
+    }
+    return envArgs;
+}
+/**
+ * Handles GitHub errors with actionable messages
  * @param error The error to handle
- * @param env The environment being configured
  * @returns never - always exits
  */
-function handleError(error, env) {
+function handleError(error) {
     console.error('');
     if (!(error instanceof Error)) {
         console.error(pc.red('Error:') + ' Unknown error occurred');
         process.exit(1);
     }
-    // AWS AssumeRole errors
-    if (error.name === 'AccessDenied' || error.message.includes('AssumeRole')) {
-        console.error(pc.red('Error: Cannot assume role in target account'));
-        console.error('');
-        console.error('This command requires cross-account access via:');
-        console.error(`  arn:aws:iam::<${env}-account-id>:role/OrganizationAccountAccessRole`);
-        console.error('');
-        console.error('Ensure:');
-        console.error(`  1. The ${env} account was created via setup-aws-envs`);
-        console.error('  2. Your credentials are from the management account');
-        console.error('  3. OrganizationAccountAccessRole exists in target account');
-        process.exit(1);
-    }
-    // IAM user already exists
-    if (error.message.includes('already exists')) {
-        console.error(pc.red('Error:') + ` ${error.message}`);
-        console.error('');
-        console.error('To retry, delete the IAM user first:');
-        console.error('  1. Go to AWS Console > IAM > Users');
-        console.error(`  2. Find and delete the existing deployment user`);
-        console.error('  3. Run this command again');
-        process.exit(1);
-    }
-    // Access key limit exceeded
-    if (error.name === 'LimitExceeded' || error.message.includes('LimitExceeded')) {
-        console.error(pc.red('Error: Access key limit exceeded'));
-        console.error('');
-        console.error('IAM users can only have 2 active access keys.');
-        console.error('Delete an existing key before creating a new one:');
-        console.error('  AWS Console > IAM > Users > Security credentials > Access keys');
-        process.exit(1);
-    }
     // GitHub authentication errors
     if (error.message.includes('authentication failed') || error.name === 'HttpError') {
         console.error(pc.red('Error: GitHub authentication failed'));
@@ -222,7 +227,84 @@ export async function runInitializeGitHub(args) {
     // 1. Validate we're in a project directory
     const context = await requireProjectContext();
     const { config } = context;
-    const { projectName, awsRegion } = config;
+    // 2. Detect batch mode
+    const nonFlagArgs = args.filter(a => !a.startsWith('--'));
+    const isBatchMode = args.includes('--all') || nonFlagArgs.length > 1;
+    if (isBatchMode) {
+        // BATCH MODE: Configure multiple environments
+        const environments = determineBatchEnvironments(args, config);
+        // Get repository info once (try git remote, fallback to prompt)
+        let repoInfo = getGitRemoteOrigin();
+        if (!repoInfo) {
+            console.log('');
+            console.log(pc.yellow('Note:') + ' Could not detect GitHub repository from git remote.');
+            repoInfo = await promptForRepoInfo();
+        }
+        else {
+            console.log('');
+            console.log(`Detected repository: ${pc.cyan(`${repoInfo.owner}/${repoInfo.repo}`)}`);
+        }
+        // Prompt for GitHub PAT once
+        const pat = await promptForGitHubPAT();
+        // Create GitHub client once
+        const githubClient = createGitHubClient(pat);
+        // Track results for each environment
+        const results = [];
+        // Process each environment
+        for (const env of environments) {
+            const spinner = ora(`Configuring ${env} environment...`).start();
+            try {
+                const credentials = config.deploymentCredentials?.[env];
+                if (!credentials) {
+                    throw new Error(`No deployment credentials found for ${env}`);
+                }
+                const githubEnvName = GITHUB_ENV_NAMES[env];
+                spinner.text = `Configuring GitHub Environment "${githubEnvName}"...`;
+                await setEnvironmentCredentials(githubClient, repoInfo.owner, repoInfo.repo, githubEnvName, credentials.accessKeyId, credentials.secretAccessKey);
+                spinner.succeed(`Configured ${githubEnvName} environment`);
+                results.push({ env, success: true });
+            }
+            catch (error) {
+                const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                spinner.fail(`Failed ${env}`);
+                results.push({ env, success: false, error: errorMessage });
+            }
+        }
+        // Show batch summary
+        console.log('');
+        console.log(pc.bold('Batch Configuration Summary'));
+        console.log('');
+        for (const result of results) {
+            if (result.success) {
+                console.log(`  ${pc.green('✓')} Configured ${GITHUB_ENV_NAMES[result.env]} environment`);
+            }
+            else {
+                console.log(`  ${pc.red('✗')} Failed ${result.env}: ${result.error}`);
+            }
+        }
+        const successCount = results.filter(r => r.success).length;
+        console.log('');
+        console.log(`Successfully configured ${successCount} of ${results.length} environments`);
+        if (successCount < results.length) {
+            console.log('');
+            console.log('You can retry failed environments individually:');
+            for (const result of results) {
+                if (!result.success) {
+                    console.log(`  ${pc.cyan(`npx create-aws-project initialize-github ${result.env}`)}`);
+                }
+            }
+        }
+        console.log('');
+        console.log('View secrets at:');
+        console.log(`  ${pc.cyan(`https://github.com/${repoInfo.owner}/${repoInfo.repo}/settings/environments`)}`);
+        console.log('');
+        // Exit with error code if any failed
+        if (successCount < results.length) {
+            process.exit(1);
+        }
+        return;
+    }
+    // SINGLE MODE (existing behavior, unchanged)
     // 2. Determine environment
     let env;
     if (args[0]) {
@@ -245,26 +327,17 @@ export async function runInitializeGitHub(args) {
     }
     else {
         // Interactive environment selection
-        const configuredEnvs = VALID_ENVIRONMENTS.filter((e) => config.accounts?.[e]);
+        const configuredEnvs = VALID_ENVIRONMENTS.filter((e) => config.deploymentCredentials?.[e]);
         if (configuredEnvs.length === 0) {
             console.error(pc.red('Error:') + ' No environments configured.');
             console.error('');
-            console.error('Run setup-aws-envs first to create environment accounts:');
+            console.error('Run setup-aws-envs first to create deployment credentials:');
             console.error(`  ${pc.cyan('npx create-aws-project setup-aws-envs')}`);
             process.exit(1);
         }
         env = await promptForEnvironment(configuredEnvs);
     }
-    // 3. Validate account ID exists for environment
-    const accountId = config.accounts?.[env];
-    if (!accountId) {
-        console.error(pc.red('Error:') + ` No account ID for ${env}.`);
-        console.error('');
-        console.error('Run setup-aws-envs first to create environment accounts:');
-        console.error(`  ${pc.cyan('npx create-aws-project setup-aws-envs')}`);
-        process.exit(1);
-    }
-    // 4. Get repository info (try git remote, fallback to prompt)
+    // 3. Get repository info (try git remote, fallback to prompt)
     let repoInfo = getGitRemoteOrigin();
     if (!repoInfo) {
         console.log('');
@@ -275,33 +348,27 @@ export async function runInitializeGitHub(args) {
         console.log('');
         console.log(`Detected repository: ${pc.cyan(`${repoInfo.owner}/${repoInfo.repo}`)}`);
     }
-    // 5. Prompt for GitHub PAT (always interactive per CONTEXT.md)
+    // 4. Prompt for GitHub PAT (always interactive per CONTEXT.md)
     const pat = await promptForGitHubPAT();
-    // 6. Execute AWS and GitHub setup
+    // 5. Execute GitHub setup
     const spinner = ora(`Initializing ${env} environment...`).start();
     try {
-        // Step 1: Create cross-account IAM client
-        spinner.text = `Assuming role in ${env} account (${accountId})...`;
-        const iamClient = createCrossAccountIAMClient(awsRegion, accountId);
-        // Step 2: Get deployment user credentials
-        // If setup-aws-envs already created the user, just create an access key.
-        // Otherwise fall back to full user creation (backward compat with older projects).
-        const existingUserName = config.deploymentUsers?.[env];
-        let userName;
-        let credentials;
-        if (existingUserName) {
-            spinner.text = `Using existing deployment user: ${existingUserName}`;
-            userName = existingUserName;
-            credentials = await createAccessKey(iamClient, userName);
-            spinner.succeed(`Created access key for ${userName}`);
-        }
-        else {
-            spinner.text = `Creating IAM deployment user...`;
-            const fullCredentials = await createDeploymentUserWithCredentials(iamClient, projectName, env, accountId);
-            userName = fullCredentials.userName;
-            credentials = fullCredentials;
+        // Step 1: Validate deployment credentials exist in config
+        const credentials = config.deploymentCredentials?.[env];
+        if (!credentials) {
+            spinner.fail(`No deployment credentials found for ${env}`);
+            console.error('');
+            // Check if user exists but credentials don't (migration case)
+            if (config.deploymentUsers?.[env]) {
+                console.error(pc.yellow('Note:') + ' Deployment user exists but credentials were not found.');
+                console.error('Your project may have been set up with an older version.');
+                console.error('');
+            }
+            console.error('Run setup-aws-envs first to create deployment credentials:');
+            console.error(`  ${pc.cyan('npx create-aws-project setup-aws-envs')}`);
+            process.exit(1);
         }
-        // Step 3: Configure GitHub
+        // Step 2: Configure GitHub environment
         const githubEnvName = GITHUB_ENV_NAMES[env];
         spinner.text = `Configuring GitHub Environment "${githubEnvName}"...`;
         const githubClient = createGitHubClient(pat);
@@ -311,20 +378,16 @@ export async function runInitializeGitHub(args) {
         console.log('');
         console.log(pc.green(`${env} environment setup complete!`));
         console.log('');
-        console.log('Resources created:');
-        console.log(`  Deployment User: ${pc.cyan(userName)}`);
+        console.log('Credentials pushed to GitHub:');
+        console.log(`  Deployment User: ${pc.cyan(credentials.userName)}`);
+        console.log(`  Access Key ID: ${pc.cyan(credentials.accessKeyId)}`);
         console.log(`  GitHub Environment: ${pc.cyan(githubEnvName)}`);
-        // Add note if using existing user from setup-aws-envs
-        if (existingUserName) {
-            console.log('');
-            console.log(pc.dim('Note: Deployment user was created by setup-aws-envs. Access key created for GitHub.'));
-        }
         console.log('');
         console.log('View secrets at:');
         console.log(`  ${pc.cyan(`https://github.com/${repoInfo.owner}/${repoInfo.repo}/settings/environments`)}`);
         console.log('');
         // Show next steps (other environments if any remain)
-        const remainingEnvs = VALID_ENVIRONMENTS.filter((e) => e !== env && config.accounts?.[e]);
+        const remainingEnvs = VALID_ENVIRONMENTS.filter((e) => e !== env && config.deploymentCredentials?.[e]);
         if (remainingEnvs.length > 0) {
             console.log(pc.bold('Next steps:'));
             console.log('');
@@ -337,13 +400,29 @@ export async function runInitializeGitHub(args) {
         else {
             console.log(pc.bold('All environments configured!'));
             console.log('');
-            console.log('Deploy your application by pushing to the main branch:');
-            console.log(`  ${pc.cyan('git push origin main')}`);
+            console.log(pc.bold('Get started:'));
             console.log('');
+            console.log(`  ${pc.cyan('npm install')}`);
+            console.log('');
+            if (config.platforms?.includes('web')) {
+                console.log(`  ${pc.gray('# Start web app')}`);
+                console.log(`  ${pc.cyan('npm run web')}`);
+                console.log('');
+            }
+            if (config.platforms?.includes('mobile')) {
+                console.log(`  ${pc.gray('# Start mobile app')}`);
+                console.log(`  ${pc.cyan('npm run mobile')}`);
+                console.log('');
+            }
+            if (config.platforms?.includes('api')) {
+                console.log(`  ${pc.gray('# Deploy API')}`);
+                console.log(`  ${pc.cyan('npm run cdk:deploy')}`);
+                console.log('');
+            }
         }
     }
     catch (error) {
         spinner.fail(`Failed to configure ${env} environment`);
-        handleError(error, env);
+        handleError(error);
     }
 }