rds_ssm_connect 1.5.3 → 1.7.0

package/.github/workflows/npm-publish.yml

@@ -3,16 +3,19 @@ on:
   release:
     types: [published]
   workflow_dispatch:
+
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version: '20.x'
+          node-version: '22.x'
           registry-url: 'https://registry.npmjs.org'
+      - run: npm install -g npm@latest
       - run: npm ci
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm publish --provenance --access public

package/.github/workflows/release.yml

@@ -0,0 +1,114 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  CARGO_INCREMENTAL: 0
+
+jobs:
+  build:
+    permissions:
+      contents: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: macos-latest
+            rust_target: aarch64-apple-darwin
+            sidecar_target: node22-macos-arm64
+            sidecar_triple: aarch64-apple-darwin
+          - platform: macos-latest
+            rust_target: x86_64-apple-darwin
+            sidecar_target: node22-macos-x64
+            sidecar_triple: x86_64-apple-darwin
+          - platform: ubuntu-22.04
+            rust_target: x86_64-unknown-linux-gnu
+            sidecar_target: node22-linux-x64
+            sidecar_triple: x86_64-unknown-linux-gnu
+          - platform: windows-latest
+            rust_target: x86_64-pc-windows-msvc
+            sidecar_target: node22-win-x64
+            sidecar_triple: x86_64-pc-windows-msvc
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.rust_target }}
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install dependencies (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
+
+      - name: Install frontend dependencies
+        run: npm ci
+
+      - name: Build sidecar for current platform
+        run: |
+          mkdir -p src-tauri/binaries
+          npx esbuild gui-adapter.js --bundle --platform=node --target=node22 --outfile=src-tauri/binaries/gui-adapter-bundle.cjs --format=cjs --external:inquirer
+          npx @yao-pkg/pkg src-tauri/binaries/gui-adapter-bundle.cjs --target ${{ matrix.sidecar_target }} -o src-tauri/binaries/gui-adapter-${{ matrix.sidecar_triple }}
+          rm src-tauri/binaries/gui-adapter-bundle.cjs
+
+      - name: Build Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+        with:
+          tagName: v__VERSION__
+          releaseName: 'RDS SSM Connect v__VERSION__'
+          releaseBody: 'See the assets to download this version and install.'
+          releaseDraft: true
+          prerelease: false
+          args: --target ${{ matrix.rust_target }}
+
+  # Generate update manifest after all builds complete
+  update-manifest:
+    needs: build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Get version from tag
+        id: version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+
+      - name: Generate latest.json
+        run: |
+          node scripts/generate-update-json.js ${{ steps.version.outputs.VERSION }} https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION }}
+
+      - name: Upload latest.json to release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: latest.json
+          tag_name: v${{ steps.version.outputs.VERSION }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package/CLAUDE.md

@@ -16,20 +16,22 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
   - Establishes SSM port forwarding session
 
 ### Configuration
-- `envPortMapping.js` - Environment-to-port mapping configuration
-  - Maps environment suffixes (dev, stage, prod, team1-5, qa1-5, etc.) to local port numbers (5433-5452)
-  - Defines default database name: `emr`
-  - Defines AWS region: `us-east-2`
-  - **Critical**: When adding new environments, update this mapping to assign unique ports
+- `envPortMapping.js` - Multi-project configuration
+  - `PROJECT_CONFIGS` - Object containing per-project settings:
+    - `tln`: TLN/EMR project (us-east-2, Aurora clusters, `rds!cluster` secrets)
+    - `covered`: Covered Healthcare project (us-west-1, RDS instances, `rds!db` secrets)
+  - Each project defines: region, database, secretPrefix, rdsType, rdsPattern, profileFilter, envPortMapping
+  - Legacy exports maintained for backward compatibility
 
 ### Core Flow
 1. Read AWS profiles from `~/.aws/config`
-2. Prompt user to select environment (AWS profile)
-3. Query Secrets Manager for RDS credentials (secrets starting with `rds!cluster`)
-4. Find running bastion instance (tagged with `Name=*bastion*`)
-5. Get RDS Aurora cluster endpoint (cluster IDs ending with `-rds-aurora`)
-6. Start SSM port forwarding session
-7. Display connection details for database client
+2. Prompt user to select project (TLN or Covered)
+3. Filter and prompt for environment (AWS profile) based on project
+4. Query Secrets Manager for RDS credentials (project-specific prefix)
+5. Find running bastion instance (tagged with `Name=*bastion*`)
+6. Get RDS endpoint (cluster or instance based on project config)
+7. Start SSM port forwarding session with correct remote port
+8. Display connection details for database client
 
 ## Development Commands
 
@@ -71,17 +73,27 @@ Package is published to npm via GitHub Actions workflow (`.github/workflows/npm-
 
 ## AWS Resource Naming Conventions
 
-The application relies on specific AWS resource naming patterns:
+The application relies on specific AWS resource naming patterns (per project):
+
+**TLN Project:**
 - **Secrets**: Must start with `rds!cluster`
 - **Bastion instances**: Must be tagged with `Name=*bastion*` and in `running` state
 - **RDS clusters**: DBClusterIdentifier must end with `-rds-aurora` and be in `available` state
+- **Region**: us-east-2
+
+**Covered Project:**
+- **Secrets**: Must start with `rds!db`
+- **Bastion instances**: Must be tagged with `Name=*bastion*` and in `running` state
+- **RDS instances**: DBInstanceIdentifier must contain `covered-db` and be in `available` state
+- **Region**: us-west-1
+- **AWS Profiles**: Must start with `covered` (e.g., `covered`, `covered-staging`)
 
 ## Important Notes
 
-- Port assignment is based on longest-matching environment suffix (e.g., `my-team-dev` matches `dev` → port 5433)
+- Port assignment is based on project-specific port mappings
 - The tool keeps the SSM session running until Ctrl+C is pressed
-- Default port is 5432 if no environment suffix matches
-- All AWS operations use the `us-east-2` region by default
+- Each project has its own default port if no environment suffix matches
+- AWS region is determined by the selected project
 
 ## Error Handling & Recovery