env-secrets 0.2.0 → 0.3.0

package/.devcontainer/devcontainer.json

@@ -1,9 +1,16 @@
 {
   "name": "Node.js Development",
-  "image": "mcr.microsoft.com/devcontainers/javascript-node:1-20-bullseye",
+  "build": {
+    "dockerfile": "../Dockerfile",
+    "context": ".."
+  },
   "features": {
     "ghcr.io/devcontainers/features/git:1": {},
-    "ghcr.io/devcontainers/features/github-cli:1": {}
+    "ghcr.io/devcontainers/features/aws-cli:1": {},
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+    "ghcr.io/localstack/devcontainer-feature/localstack-cli:0": {
+      "awslocal": true
+    }
   },
   "customizations": {
     "vscode": {
@@ -11,8 +18,6 @@
         "dbaeumer.vscode-eslint",
         "esbenp.prettier-vscode",
         "ms-vscode.vscode-typescript-next",
-        "eamodio.gitlens",
-        "streetsidesoftware.code-spell-checker",
         "orta.vscode-jest"
       ],
       "settings": {
@@ -24,6 +29,5 @@
       }
     }
   },
-  "postCreateCommand": "yarn install",
-  "remoteUser": "node"
+  "postAttachCommand": "yarn install"
 }

package/.dockerignore

@@ -0,0 +1,9 @@
+node_modules
+dist
+.git
+.env
+.vscode
+*.log
+tsconfig.tsbuildinfo
+yarn-error.log
+coverage/

package/.eslintignore

@@ -1,2 +1,4 @@
-node_modules
-dist
+node_modules/
+dist/
+website/build/
+website/node_modules/

package/.github/dependabot.yml

@@ -6,10 +6,14 @@ updates:
     schedule:
       interval: 'weekly'
     labels:
+      - 'npm'
       - 'dependencies'
     open-pull-requests-limit: 100
     pull-request-branch-name:
       separator: '-'
+    groups:
+      aws-sdk:
+        patterns: ['@aws-sdk/*']
     ignore:
       - dependency-name: 'fs-extra'
       - dependency-name: '*'

package/.github/workflows/build-main.yml

@@ -6,16 +6,20 @@ on:
     branches:
       - main
 
+concurrency:
+  group: build-main-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: 20.18.3
 

package/.github/workflows/deploy-docs.yml

@@ -0,0 +1,50 @@
+name: Deploy docs (GitHub Pages)
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'website/**'
+      - '.github/workflows/deploy-docs.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: deploy-docs-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
+        with:
+          node-version: 20
+          cache: 'yarn'
+          cache-dependency-path: website/package.json
+      - name: Install deps
+        working-directory: website
+        run: yarn install
+      - name: Build website
+        working-directory: website
+        run: yarn build
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: website/build
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

package/.github/workflows/e2e-tests.yaml

@@ -0,0 +1,54 @@
+name: E2E Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: e2e-tests-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  e2e:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: 24.x
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: yarn --ignore-scripts --frozen-lockfile
+
+      - name: Install awslocal
+        run: pip install awscli-local[ver1]
+
+      - name: Start localstack
+        run: docker compose up -d --wait localstack
+
+      - name: Run the tests
+        run: yarn test:e2e
+
+      - name: Notify failures
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_LINK_NAMES: true
+          SLACK_MESSAGE:
+            # prettier-ignore
+            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
+          SLACK_CHANNEL: feed-github
+          SLACK_COLOR: ${{ job.status }}

package/.github/workflows/lint.yaml

@@ -5,6 +5,10 @@ on:
     branches:
       - main
 
+concurrency:
+  group: lint-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   run-linters:
     name: Run linters
@@ -12,10 +16,10 @@ jobs:
 
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: 20.18.3
 

package/.github/workflows/release.yml

@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -35,7 +35,7 @@ jobs:
           git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: 20.18.3
           registry-url: 'https://registry.npmjs.org'

package/.github/workflows/snyk.yaml

@@ -6,11 +6,15 @@ on:
     branches:
       - main
 
+concurrency:
+  group: snyk-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/node@master
         continue-on-error: true # To make sure that SARIF upload gets called

package/.github/workflows/unittests.yaml

@@ -8,6 +8,10 @@ on:
     branches:
       - main
 
+concurrency:
+  group: unit-tests-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   unit-tests:
     runs-on: ubuntu-latest
@@ -18,10 +22,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: ${{ matrix.node-version }}
 
@@ -31,38 +35,6 @@ jobs:
       - name: Build
         run: yarn build
 
-      - name: Run the tests
-        run: yarn test:unit
-
-      - name: Notify failures
-        if: failure()
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_LINK_NAMES: true
-          SLACK_MESSAGE:
-            # prettier-ignore
-            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
-          SLACK_CHANNEL: feed-github
-          SLACK_COLOR: ${{ job.status }}
-
-  coverage:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24.x
-
-      - name: Install dependencies
-        run: yarn --ignore-scripts --frozen-lockfile
-
-      - name: Build
-        run: yarn build
-
       - name: Run the tests
         run: yarn test:unit:coverage
 
@@ -70,38 +42,9 @@ jobs:
         uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-
-      - name: Notify failures
-        if: failure()
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_LINK_NAMES: true
-          SLACK_MESSAGE:
-            # prettier-ignore
-            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
-          SLACK_CHANNEL: feed-github
-          SLACK_COLOR: ${{ job.status }}
-
-  e2e:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24.x
-
-      - name: Install dependencies
-        run: yarn --ignore-scripts --frozen-lockfile
-
-      - name: Build
-        run: yarn build
-
-      - name: Run the tests
-        run: yarn test:e2e
+          directory: ./coverage
+          flags: unittests
+          name: codecov-umbrella
 
       - name: Notify failures
         if: failure()

package/.lintstagedrc

@@ -1,9 +1,4 @@
 {
-  "*.{js,ts}": [
-    "prettier --write",
-    "eslint --fix"
-  ],
-  "*.{json,md,yaml}": [
-    "prettier --write"
-  ],
+  "*.{js,ts}": ["prettier --write", "eslint --fix"],
+  "*.{json,md,yaml}": ["prettier --write"]
 }

package/.prettierignore

@@ -1 +1,7 @@
+node_modules/
 dist/
+website/build/
+website/node_modules/
+website/.docusaurus/
+coverage/
+coverage-e2e/

package/AGENTS.md

@@ -0,0 +1,149 @@
+# AGENTS.md
+
+## Project Overview
+
+- **env-secrets**: A Node.js CLI tool that retrieves secrets from vaults and injects them as environment variables
+- **Repository**: https://github.com/markcallen/env-secrets
+- **Issue Tracking**: Uses GitHub issues for feature requests and bugs
+
+## Code Style Guidelines
+
+### TypeScript
+
+- **Strict Mode**: Enabled, use proper types, avoid `any`
+- **Type Definitions**: Prefer interfaces over types for object shapes
+- **Generic Types**: Use when appropriate for reusable components
+
+### Imports
+
+- **Order**: Group by: external libraries, internal modules, relative imports
+- **Style**: ES6 imports (`import`/`export`)
+- **Barrel Exports**: Use index files for clean import paths
+
+### Formatting
+
+- **Prettier**: Default config (.prettierrc), 2-space indentation
+- **Line Length**: Let Prettier handle line wrapping
+- **Trailing Commas**: Use in objects and arrays
+
+### Naming Conventions
+
+- **Variables/Functions**: camelCase
+- **Components/Types**: PascalCase
+- **Constants**: UPPER_CASE
+- **Files**: kebab-case for files, PascalCase for components
+
+## Development Workflow
+
+### Pre-commit Hooks
+
+- Husky is configured for pre-commit hooks
+- lint-staged runs prettier and eslint on staged files
+
+### Quality Checks
+
+Always run quaity checks after creating or modifing files
+
+- **Linting**: `yarn lint` - runs ESLint with TypeScript support
+- **Formatting**: `yarn prettier:fix` - formats code with Prettier
+- **Type Checking**: `yarn build` - compiles TypeScript and checks types
+
+### Testing Strategy
+
+Always run unit tests after creating or modifying files.  
+Always run end to end tests before pushing code to a remote git repository.
+
+- **Unit Tests**: Jest framework, located in `__tests__/`
+- **E2E Tests**: Located in `__e2e__/`
+- **Coverage**: Run `yarn test:unit:coverage` for coverage reports
+- **Test Commands**:
+  - `yarn test` - runs all tests
+  - `yarn test:unit` - runs unit tests only
+  - `yarn test:e2e` - builds and runs e2e tests
+
+## Project Structure
+
+```
+src/           # Source code
+├── index.ts   # Main entry point
+├── aws.ts     # AWS Secrets Manager integration
+└── types.ts   # TypeScript type definitions
+
+__tests__/     # Unit tests
+__e2e__/       # End-to-end tests
+docs/          # Documentation
+website/       # Documentation website
+dist/          # Compiled output (generated)
+```
+
+## Dependencies and Tools
+
+### Key Dependencies
+
+- **AWS SDK**: For Secrets Manager integration
+- **Commander**: CLI argument parsing
+- **Debug**: Debug logging support
+
+### Development Tools
+
+- **TypeScript**: 4.9.5 with strict mode
+- **ESLint**: Code linting with TypeScript support
+- **Prettier**: Code formatting
+- **Jest**: Testing framework
+- **Husky**: Git hooks
+- **lint-staged**: Pre-commit linting
+
+## Common Commands
+
+### Development
+
+```bash
+yarn build          # Build the project
+yarn start          # Run the built application
+yarn lint           # Run ESLint
+yarn prettier:fix   # Format code with Prettier
+yarn test           # Run all tests
+yarn test:unit      # Run unit tests only
+yarn test:e2e       # Run e2e tests
+```
+
+### Quality Assurance
+
+```bash
+yarn prettier:check # Check formatting without fixing
+yarn test:unit:coverage # Run tests with coverage
+```
+
+## Contributing
+
+### Before Submitting
+
+1. Run `yarn prettier:fix && yarn lint` to ensure code quality
+2. Run `yarn test` to ensure all tests pass
+3. Update tests for new features or bug fixes
+4. Update documentation if needed
+
+### Pull Request Process
+
+1. Create a feature branch from `main`
+2. Make your changes following the code style guidelines
+3. Add tests for new functionality
+4. Ensure all CI checks pass
+5. Submit a pull request with a clear description
+
+## Development Environment
+
+### Prerequisites
+
+- Node.js 18.0.0 or higher (see .nvmrc)
+- Yarn package manager
+- AWS CLI (for testing AWS integration)
+
+### Setup
+
+```bash
+git clone https://github.com/markcallen/env-secrets.git
+cd env-secrets
+yarn install
+yarn build
+```

package/Dockerfile

@@ -0,0 +1,14 @@
+FROM node:20-bookworm
+
+WORKDIR /app
+
+COPY package.json yarn.lock ./
+RUN yarn install --frozen-lockfile --ignore-scripts
+
+COPY tsconfig.json .
+COPY src/ src
+
+# build the code
+RUN yarn build
+
+ENTRYPOINT [ "yarn", "start" ]