skuba 9.0.1-upgrade-cdk-template-20241002233314 → 9.0.1

package/lib/cli/lint/autofix.js

@@ -35,6 +35,7 @@ __export(autofix_exports, {
 module.exports = __toCommonJS(autofix_exports);
 var import_util = require("util");
 var import_simple_git = __toESM(require("simple-git"));
+var Buildkite = __toESM(require("../../api/buildkite"));
 var Git = __toESM(require("../../api/git"));
 var GitHub = __toESM(require("../../api/github"));
 var import_env = require("../../utils/env");
@@ -45,6 +46,7 @@ var import_eslint = require("../adapter/eslint");
 var import_prettier = require("../adapter/prettier");
 var import_project = require("../configure/analysis/project");
 var import_internal = require("./internal");
+const RENOVATE_DEFAULT_PREFIX = "renovate";
 const AUTOFIX_COMMIT_MESSAGE = "Run `skuba format`";
 const AUTOFIX_IGNORE_FILES_BASE = [
   {
@@ -76,6 +78,19 @@ const shouldPush = async ({
   if (isDefaultBuildkiteBranch || isProtectedGitHubBranch) {
     return false;
   }
+  if (currentBranch?.startsWith(RENOVATE_DEFAULT_PREFIX)) {
+    try {
+      await GitHub.getPullRequestNumber();
+    } catch {
+      const warning = "An autofix is available, but it was not pushed because an open pull request for this Renovate branch could not be found. If a pull request has since been created, retry the lint step to push the fix.";
+      import_logging.log.warn(warning);
+      try {
+        await Buildkite.annotate(Buildkite.md.terminal(warning));
+      } catch {
+      }
+      return false;
+    }
+  }
   let headCommitMessage;
   try {
     headCommitMessage = await Git.getHeadCommitMessage({ dir });

package/lib/cli/lint/autofix.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/cli/lint/autofix.ts"],
-  "sourcesContent": ["import { inspect } from 'util';\n\nimport simpleGit from 'simple-git';\n\nimport * as Git from '../../api/git';\nimport * as GitHub from '../../api/github';\nimport { isCiEnv } from '../../utils/env';\nimport { createLogger, log } from '../../utils/logging';\nimport { hasNpmrcSecret } from '../../utils/npmrc';\nimport { throwOnTimeout } from '../../utils/wait';\nimport { runESLint } from '../adapter/eslint';\nimport { runPrettier } from '../adapter/prettier';\nimport { createDestinationFileReader } from '../configure/analysis/project';\n\nimport { internalLint } from './internal';\nimport type { Input } from './types';\n\nconst AUTOFIX_COMMIT_MESSAGE = 'Run `skuba format`';\n\nexport const AUTOFIX_IGNORE_FILES_BASE: Git.ChangedFile[] = [\n  {\n    path: 'Dockerfile-incunabulum',\n    state: 'added',\n  },\n];\n\nexport const AUTOFIX_IGNORE_FILES_NPMRC: Git.ChangedFile[] = [\n  {\n    path: '.npmrc',\n    state: 'added',\n  },\n  {\n    path: '.npmrc',\n    state: 'modified',\n  },\n];\n\nconst shouldPush = async ({\n  currentBranch,\n  dir,\n}: {\n  currentBranch?: string;\n  dir: string;\n}) => {\n  if (!isCiEnv()) {\n    // We're not running in a CI environment so we don't need to push autofixes.\n    // Ideally we'd drive this off of repository write permissions, but that is\n    // non-trivial to infer without attempting an actual write.\n    return false;\n  }\n\n  const isDefaultBuildkiteBranch =\n    currentBranch &&\n    [process.env.BUILDKITE_PIPELINE_DEFAULT_BRANCH, 'master', 'main'].includes(\n      currentBranch,\n    );\n\n  const isProtectedGitHubBranch = process.env.GITHUB_REF_PROTECTED === 'true';\n\n  if (isDefaultBuildkiteBranch || isProtectedGitHubBranch) {\n    // The current branch is a protected branch.\n    // We respect GitHub Flow; avoid pushing directly to the default branch.\n    return false;\n  }\n\n  let headCommitMessage;\n  try {\n    headCommitMessage = await Git.getHeadCommitMessage({ dir });\n  } catch {}\n\n  if (headCommitMessage?.startsWith(AUTOFIX_COMMIT_MESSAGE)) {\n    // Short circuit when the head commit appears to be one of our autofixes.\n    // Repeating the same operation is unlikely to correct outstanding issues.\n    return false;\n  }\n\n  // Allow the push attempt to go ahead if our guards have been cleared.\n  return true;\n};\n\nconst getIgnores = async (dir: string): Promise<Git.ChangedFile[]> => {\n  const contents = await createDestinationFileReader(dir)('.npmrc');\n\n  // If an .npmrc has secrets, we need to ignore it\n  if (hasNpmrcSecret(contents ?? '')) {\n    return [...AUTOFIX_IGNORE_FILES_BASE, ...AUTOFIX_IGNORE_FILES_NPMRC];\n  }\n\n  return AUTOFIX_IGNORE_FILES_BASE;\n};\n\ninterface AutofixParameters {\n  debug: Input['debug'];\n\n  eslint: boolean;\n  prettier: boolean;\n  internal: boolean;\n\n  eslintConfigFile?: string;\n}\n\nexport const autofix = async (params: AutofixParameters): Promise<void> => {\n  const dir = process.cwd();\n\n  if (!params.eslint && !params.prettier && !params.internal) {\n    return;\n  }\n\n  let currentBranch;\n  try {\n    currentBranch = await Git.currentBranch({ dir });\n  } catch {}\n\n  if (!(await shouldPush({ currentBranch, dir }))) {\n    return;\n  }\n\n  try {\n    log.newline();\n\n    log.warn(\n      `Attempting to autofix issues (${[\n        params.eslint ? 'ESLint' : undefined,\n        params.internal ? 'skuba' : undefined,\n        'Prettier', // Prettier is always run\n      ]\n        .filter((s) => s !== undefined)\n        .join(', ')})...`,\n    );\n\n    const logger = createLogger(params.debug);\n\n    if (params.internal) {\n      await internalLint('format');\n    }\n\n    if (params.eslint) {\n      await runESLint('format', logger, params.eslintConfigFile);\n    }\n\n    // Unconditionally re-run Prettier; reaching here means we have pre-existing\n    // format violations or may have created new ones through ESLint/internal fixes.\n    await runPrettier('format', logger);\n\n    if (process.env.GITHUB_ACTIONS) {\n      // GitHub runners have Git installed locally\n      const ref = await Git.commitAllChanges({\n        dir,\n        message: AUTOFIX_COMMIT_MESSAGE,\n\n        ignore: await getIgnores(dir),\n      });\n\n      if (!ref) {\n        return log.warn('No autofixes detected.');\n      }\n\n      await throwOnTimeout(simpleGit().push(), { s: 30 });\n      log.warn(`Pushed fix commit ${ref}.`);\n      return;\n    }\n\n    // Other CI Environments, use GitHub API\n    if (!currentBranch) {\n      log.warn('Could not determine the current branch.');\n      log.warn(\n        'Please propagate BUILDKITE_BRANCH, GITHUB_HEAD_REF, GITHUB_REF_NAME, or the .git directory to your container.',\n      );\n      return;\n    }\n\n    const ref = await throwOnTimeout(\n      GitHub.uploadAllFileChanges({\n        branch: currentBranch,\n        dir,\n        messageHeadline: AUTOFIX_COMMIT_MESSAGE,\n\n        ignore: await getIgnores(dir),\n      }),\n      { s: 30 },\n    );\n\n    if (!ref) {\n      return log.warn('No autofixes detected.');\n    }\n\n    log.warn(`Pushed fix commit ${ref}.`);\n  } catch (err) {\n    log.warn(log.bold('Failed to push fix commit.'));\n    log.warn(\n      log.bold(\n        'Does your CI environment have write access to your Git repository?',\n      ),\n    );\n    log.subtle(inspect(err));\n  }\n};\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAwB;AAExB,wBAAsB;AAEtB,UAAqB;AACrB,aAAwB;AACxB,iBAAwB;AACxB,qBAAkC;AAClC,mBAA+B;AAC/B,kBAA+B;AAC/B,oBAA0B;AAC1B,sBAA4B;AAC5B,qBAA4C;AAE5C,sBAA6B;AAG7B,MAAM,yBAAyB;AAExB,MAAM,4BAA+C;AAAA,EAC1D;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AACF;AAEO,MAAM,6BAAgD;AAAA,EAC3D;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AACF;AAEA,MAAM,aAAa,OAAO;AAAA,EACxB;AAAA,EACA;AACF,MAGM;AACJ,MAAI,KAAC,oBAAQ,GAAG;AAId,WAAO;AAAA,EACT;AAEA,QAAM,2BACJ,iBACA,CAAC,QAAQ,IAAI,mCAAmC,UAAU,MAAM,EAAE;AAAA,IAChE;AAAA,EACF;AAEF,QAAM,0BAA0B,QAAQ,IAAI,yBAAyB;AAErE,MAAI,4BAA4B,yBAAyB;AAGvD,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI;AACF,wBAAoB,MAAM,IAAI,qBAAqB,EAAE,IAAI,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAAC;AAET,MAAI,mBAAmB,WAAW,sBAAsB,GAAG;AAGzD,WAAO;AAAA,EACT;AAGA,SAAO;AACT;AAEA,MAAM,aAAa,OAAO,QAA4C;AACpE,QAAM,WAAW,UAAM,4CAA4B,GAAG,EAAE,QAAQ;AAGhE,UAAI,6BAAe,YAAY,EAAE,GAAG;AAClC,WAAO,CAAC,GAAG,2BAA2B,GAAG,0BAA0B;AAAA,EACrE;AAEA,SAAO;AACT;AAYO,MAAM,UAAU,OAAO,WAA6C;AACzE,QAAM,MAAM,QAAQ,IAAI;AAExB,MAAI,CAAC,OAAO,UAAU,CAAC,OAAO,YAAY,CAAC,OAAO,UAAU;AAC1D;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,oBAAgB,MAAM,IAAI,cAAc,EAAE,IAAI,CAAC;AAAA,EACjD,QAAQ;AAAA,EAAC;AAET,MAAI,CAAE,MAAM,WAAW,EAAE,eAAe,IAAI,CAAC,GAAI;AAC/C;AAAA,EACF;AAEA,MAAI;AACF,uBAAI,QAAQ;AAEZ,uBAAI;AAAA,MACF,iCAAiC;AAAA,QAC/B,OAAO,SAAS,WAAW;AAAA,QAC3B,OAAO,WAAW,UAAU;AAAA,QAC5B;AAAA;AAAA,MACF,EACG,OAAO,CAAC,MAAM,MAAM,MAAS,EAC7B,KAAK,IAAI,CAAC;AAAA,IACf;AAEA,UAAM,aAAS,6BAAa,OAAO,KAAK;AAExC,QAAI,OAAO,UAAU;AACnB,gBAAM,8BAAa,QAAQ;AAAA,IAC7B;AAEA,QAAI,OAAO,QAAQ;AACjB,gBAAM,yBAAU,UAAU,QAAQ,OAAO,gBAAgB;AAAA,IAC3D;AAIA,cAAM,6BAAY,UAAU,MAAM;AAElC,QAAI,QAAQ,IAAI,gBAAgB;AAE9B,YAAMA,OAAM,MAAM,IAAI,iBAAiB;AAAA,QACrC;AAAA,QACA,SAAS;AAAA,QAET,QAAQ,MAAM,WAAW,GAAG;AAAA,MAC9B,CAAC;AAED,UAAI,CAACA,MAAK;AACR,eAAO,mBAAI,KAAK,wBAAwB;AAAA,MAC1C;AAEA,gBAAM,gCAAe,kBAAAC,SAAU,EAAE,KAAK,GAAG,EAAE,GAAG,GAAG,CAAC;AAClD,yBAAI,KAAK,qBAAqBD,IAAG,GAAG;AACpC;AAAA,IACF;AAGA,QAAI,CAAC,eAAe;AAClB,yBAAI,KAAK,yCAAyC;AAClD,yBAAI;AAAA,QACF;AAAA,MACF;AACA;AAAA,IACF;AAEA,UAAM,MAAM,UAAM;AAAA,MAChB,OAAO,qBAAqB;AAAA,QAC1B,QAAQ;AAAA,QACR;AAAA,QACA,iBAAiB;AAAA,QAEjB,QAAQ,MAAM,WAAW,GAAG;AAAA,MAC9B,CAAC;AAAA,MACD,EAAE,GAAG,GAAG;AAAA,IACV;AAEA,QAAI,CAAC,KAAK;AACR,aAAO,mBAAI,KAAK,wBAAwB;AAAA,IAC1C;AAEA,uBAAI,KAAK,qBAAqB,GAAG,GAAG;AAAA,EACtC,SAAS,KAAK;AACZ,uBAAI,KAAK,mBAAI,KAAK,4BAA4B,CAAC;AAC/C,uBAAI;AAAA,MACF,mBAAI;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,uBAAI,WAAO,qBAAQ,GAAG,CAAC;AAAA,EACzB;AACF;",
+  "sourcesContent": ["import { inspect } from 'util';\n\nimport simpleGit from 'simple-git';\n\nimport * as Buildkite from '../../api/buildkite';\nimport * as Git from '../../api/git';\nimport * as GitHub from '../../api/github';\nimport { isCiEnv } from '../../utils/env';\nimport { createLogger, log } from '../../utils/logging';\nimport { hasNpmrcSecret } from '../../utils/npmrc';\nimport { throwOnTimeout } from '../../utils/wait';\nimport { runESLint } from '../adapter/eslint';\nimport { runPrettier } from '../adapter/prettier';\nimport { createDestinationFileReader } from '../configure/analysis/project';\n\nimport { internalLint } from './internal';\nimport type { Input } from './types';\n\nconst RENOVATE_DEFAULT_PREFIX = 'renovate';\n\nconst AUTOFIX_COMMIT_MESSAGE = 'Run `skuba format`';\n\nexport const AUTOFIX_IGNORE_FILES_BASE: Git.ChangedFile[] = [\n  {\n    path: 'Dockerfile-incunabulum',\n    state: 'added',\n  },\n];\n\nexport const AUTOFIX_IGNORE_FILES_NPMRC: Git.ChangedFile[] = [\n  {\n    path: '.npmrc',\n    state: 'added',\n  },\n  {\n    path: '.npmrc',\n    state: 'modified',\n  },\n];\n\nconst shouldPush = async ({\n  currentBranch,\n  dir,\n}: {\n  currentBranch?: string;\n  dir: string;\n}) => {\n  if (!isCiEnv()) {\n    // We're not running in a CI environment so we don't need to push autofixes.\n    // Ideally we'd drive this off of repository write permissions, but that is\n    // non-trivial to infer without attempting an actual write.\n    return false;\n  }\n\n  const isDefaultBuildkiteBranch =\n    currentBranch &&\n    [process.env.BUILDKITE_PIPELINE_DEFAULT_BRANCH, 'master', 'main'].includes(\n      currentBranch,\n    );\n\n  const isProtectedGitHubBranch = process.env.GITHUB_REF_PROTECTED === 'true';\n\n  if (isDefaultBuildkiteBranch || isProtectedGitHubBranch) {\n    // The current branch is a protected branch.\n    // We respect GitHub Flow; avoid pushing directly to the default branch.\n    return false;\n  }\n\n  if (currentBranch?.startsWith(RENOVATE_DEFAULT_PREFIX)) {\n    try {\n      await GitHub.getPullRequestNumber();\n    } catch {\n      const warning =\n        'An autofix is available, but it was not pushed because an open pull request for this Renovate branch could not be found. If a pull request has since been created, retry the lint step to push the fix.';\n      log.warn(warning);\n      try {\n        await Buildkite.annotate(Buildkite.md.terminal(warning));\n      } catch {}\n\n      return false;\n    }\n  }\n\n  let headCommitMessage;\n  try {\n    headCommitMessage = await Git.getHeadCommitMessage({ dir });\n  } catch {}\n\n  if (headCommitMessage?.startsWith(AUTOFIX_COMMIT_MESSAGE)) {\n    // Short circuit when the head commit appears to be one of our autofixes.\n    // Repeating the same operation is unlikely to correct outstanding issues.\n    return false;\n  }\n\n  // Allow the push attempt to go ahead if our guards have been cleared.\n  return true;\n};\n\nconst getIgnores = async (dir: string): Promise<Git.ChangedFile[]> => {\n  const contents = await createDestinationFileReader(dir)('.npmrc');\n\n  // If an .npmrc has secrets, we need to ignore it\n  if (hasNpmrcSecret(contents ?? '')) {\n    return [...AUTOFIX_IGNORE_FILES_BASE, ...AUTOFIX_IGNORE_FILES_NPMRC];\n  }\n\n  return AUTOFIX_IGNORE_FILES_BASE;\n};\n\ninterface AutofixParameters {\n  debug: Input['debug'];\n\n  eslint: boolean;\n  prettier: boolean;\n  internal: boolean;\n\n  eslintConfigFile?: string;\n}\n\nexport const autofix = async (params: AutofixParameters): Promise<void> => {\n  const dir = process.cwd();\n\n  if (!params.eslint && !params.prettier && !params.internal) {\n    return;\n  }\n\n  let currentBranch;\n  try {\n    currentBranch = await Git.currentBranch({ dir });\n  } catch {}\n\n  if (!(await shouldPush({ currentBranch, dir }))) {\n    return;\n  }\n\n  try {\n    log.newline();\n\n    log.warn(\n      `Attempting to autofix issues (${[\n        params.eslint ? 'ESLint' : undefined,\n        params.internal ? 'skuba' : undefined,\n        'Prettier', // Prettier is always run\n      ]\n        .filter((s) => s !== undefined)\n        .join(', ')})...`,\n    );\n\n    const logger = createLogger(params.debug);\n\n    if (params.internal) {\n      await internalLint('format');\n    }\n\n    if (params.eslint) {\n      await runESLint('format', logger, params.eslintConfigFile);\n    }\n\n    // Unconditionally re-run Prettier; reaching here means we have pre-existing\n    // format violations or may have created new ones through ESLint/internal fixes.\n    await runPrettier('format', logger);\n\n    if (process.env.GITHUB_ACTIONS) {\n      // GitHub runners have Git installed locally\n      const ref = await Git.commitAllChanges({\n        dir,\n        message: AUTOFIX_COMMIT_MESSAGE,\n\n        ignore: await getIgnores(dir),\n      });\n\n      if (!ref) {\n        return log.warn('No autofixes detected.');\n      }\n\n      await throwOnTimeout(simpleGit().push(), { s: 30 });\n      log.warn(`Pushed fix commit ${ref}.`);\n      return;\n    }\n\n    // Other CI Environments, use GitHub API\n    if (!currentBranch) {\n      log.warn('Could not determine the current branch.');\n      log.warn(\n        'Please propagate BUILDKITE_BRANCH, GITHUB_HEAD_REF, GITHUB_REF_NAME, or the .git directory to your container.',\n      );\n      return;\n    }\n\n    const ref = await throwOnTimeout(\n      GitHub.uploadAllFileChanges({\n        branch: currentBranch,\n        dir,\n        messageHeadline: AUTOFIX_COMMIT_MESSAGE,\n\n        ignore: await getIgnores(dir),\n      }),\n      { s: 30 },\n    );\n\n    if (!ref) {\n      return log.warn('No autofixes detected.');\n    }\n\n    log.warn(`Pushed fix commit ${ref}.`);\n  } catch (err) {\n    log.warn(log.bold('Failed to push fix commit.'));\n    log.warn(\n      log.bold(\n        'Does your CI environment have write access to your Git repository?',\n      ),\n    );\n    log.subtle(inspect(err));\n  }\n};\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAwB;AAExB,wBAAsB;AAEtB,gBAA2B;AAC3B,UAAqB;AACrB,aAAwB;AACxB,iBAAwB;AACxB,qBAAkC;AAClC,mBAA+B;AAC/B,kBAA+B;AAC/B,oBAA0B;AAC1B,sBAA4B;AAC5B,qBAA4C;AAE5C,sBAA6B;AAG7B,MAAM,0BAA0B;AAEhC,MAAM,yBAAyB;AAExB,MAAM,4BAA+C;AAAA,EAC1D;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AACF;AAEO,MAAM,6BAAgD;AAAA,EAC3D;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,OAAO;AAAA,EACT;AACF;AAEA,MAAM,aAAa,OAAO;AAAA,EACxB;AAAA,EACA;AACF,MAGM;AACJ,MAAI,KAAC,oBAAQ,GAAG;AAId,WAAO;AAAA,EACT;AAEA,QAAM,2BACJ,iBACA,CAAC,QAAQ,IAAI,mCAAmC,UAAU,MAAM,EAAE;AAAA,IAChE;AAAA,EACF;AAEF,QAAM,0BAA0B,QAAQ,IAAI,yBAAyB;AAErE,MAAI,4BAA4B,yBAAyB;AAGvD,WAAO;AAAA,EACT;AAEA,MAAI,eAAe,WAAW,uBAAuB,GAAG;AACtD,QAAI;AACF,YAAM,OAAO,qBAAqB;AAAA,IACpC,QAAQ;AACN,YAAM,UACJ;AACF,yBAAI,KAAK,OAAO;AAChB,UAAI;AACF,cAAM,UAAU,SAAS,UAAU,GAAG,SAAS,OAAO,CAAC;AAAA,MACzD,QAAQ;AAAA,MAAC;AAET,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,wBAAoB,MAAM,IAAI,qBAAqB,EAAE,IAAI,CAAC;AAAA,EAC5D,QAAQ;AAAA,EAAC;AAET,MAAI,mBAAmB,WAAW,sBAAsB,GAAG;AAGzD,WAAO;AAAA,EACT;AAGA,SAAO;AACT;AAEA,MAAM,aAAa,OAAO,QAA4C;AACpE,QAAM,WAAW,UAAM,4CAA4B,GAAG,EAAE,QAAQ;AAGhE,UAAI,6BAAe,YAAY,EAAE,GAAG;AAClC,WAAO,CAAC,GAAG,2BAA2B,GAAG,0BAA0B;AAAA,EACrE;AAEA,SAAO;AACT;AAYO,MAAM,UAAU,OAAO,WAA6C;AACzE,QAAM,MAAM,QAAQ,IAAI;AAExB,MAAI,CAAC,OAAO,UAAU,CAAC,OAAO,YAAY,CAAC,OAAO,UAAU;AAC1D;AAAA,EACF;AAEA,MAAI;AACJ,MAAI;AACF,oBAAgB,MAAM,IAAI,cAAc,EAAE,IAAI,CAAC;AAAA,EACjD,QAAQ;AAAA,EAAC;AAET,MAAI,CAAE,MAAM,WAAW,EAAE,eAAe,IAAI,CAAC,GAAI;AAC/C;AAAA,EACF;AAEA,MAAI;AACF,uBAAI,QAAQ;AAEZ,uBAAI;AAAA,MACF,iCAAiC;AAAA,QAC/B,OAAO,SAAS,WAAW;AAAA,QAC3B,OAAO,WAAW,UAAU;AAAA,QAC5B;AAAA;AAAA,MACF,EACG,OAAO,CAAC,MAAM,MAAM,MAAS,EAC7B,KAAK,IAAI,CAAC;AAAA,IACf;AAEA,UAAM,aAAS,6BAAa,OAAO,KAAK;AAExC,QAAI,OAAO,UAAU;AACnB,gBAAM,8BAAa,QAAQ;AAAA,IAC7B;AAEA,QAAI,OAAO,QAAQ;AACjB,gBAAM,yBAAU,UAAU,QAAQ,OAAO,gBAAgB;AAAA,IAC3D;AAIA,cAAM,6BAAY,UAAU,MAAM;AAElC,QAAI,QAAQ,IAAI,gBAAgB;AAE9B,YAAMA,OAAM,MAAM,IAAI,iBAAiB;AAAA,QACrC;AAAA,QACA,SAAS;AAAA,QAET,QAAQ,MAAM,WAAW,GAAG;AAAA,MAC9B,CAAC;AAED,UAAI,CAACA,MAAK;AACR,eAAO,mBAAI,KAAK,wBAAwB;AAAA,MAC1C;AAEA,gBAAM,gCAAe,kBAAAC,SAAU,EAAE,KAAK,GAAG,EAAE,GAAG,GAAG,CAAC;AAClD,yBAAI,KAAK,qBAAqBD,IAAG,GAAG;AACpC;AAAA,IACF;AAGA,QAAI,CAAC,eAAe;AAClB,yBAAI,KAAK,yCAAyC;AAClD,yBAAI;AAAA,QACF;AAAA,MACF;AACA;AAAA,IACF;AAEA,UAAM,MAAM,UAAM;AAAA,MAChB,OAAO,qBAAqB;AAAA,QAC1B,QAAQ;AAAA,QACR;AAAA,QACA,iBAAiB;AAAA,QAEjB,QAAQ,MAAM,WAAW,GAAG;AAAA,MAC9B,CAAC;AAAA,MACD,EAAE,GAAG,GAAG;AAAA,IACV;AAEA,QAAI,CAAC,KAAK;AACR,aAAO,mBAAI,KAAK,wBAAwB;AAAA,IAC1C;AAEA,uBAAI,KAAK,qBAAqB,GAAG,GAAG;AAAA,EACtC,SAAS,KAAK;AACZ,uBAAI,KAAK,mBAAI,KAAK,4BAA4B,CAAC;AAC/C,uBAAI;AAAA,MACF,mBAAI;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,uBAAI,WAAO,qBAAQ,GAAG,CAAC;AAAA,EACzB;AACF;",
   "names": ["ref", "simpleGit"]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skuba",
-  "version": "9.0.1-upgrade-cdk-template-20241002233314",
+  "version": "9.0.1",
   "private": false,
   "description": "SEEK development toolkit for backend applications and packages",
   "homepage": "https://github.com/seek-oss/skuba#readme",

package/template/express-rest-api/package.json

@@ -28,7 +28,7 @@
     "skuba": "*",
     "supertest": "^7.0.0"
   },
-  "packageManager": "pnpm@9.11.0",
+  "packageManager": "pnpm@9.12.0",
   "engines": {
     "node": ">=20"
   }

package/template/greeter/package.json

@@ -17,9 +17,9 @@
   },
   "devDependencies": {
     "@types/node": "^20.9.0",
-    "skuba": "9.0.1-upgrade-cdk-template-20241002233314"
+    "skuba": "*"
   },
-  "packageManager": "pnpm@9.11.0",
+  "packageManager": "pnpm@9.12.0",
   "engines": {
     "node": ">=20"
   }

package/template/koa-rest-api/package.json

@@ -44,7 +44,7 @@
     "skuba": "*",
     "supertest": "^7.0.0"
   },
-  "packageManager": "pnpm@9.11.0",
+  "packageManager": "pnpm@9.12.0",
   "engines": {
     "node": ">=20"
   }

package/template/lambda-sqs-worker/package.json

@@ -38,7 +38,7 @@
     "serverless-prune-plugin": "^2.0.0",
     "skuba": "*"
   },
-  "packageManager": "pnpm@9.11.0",
+  "packageManager": "pnpm@9.12.0",
   "engines": {
     "node": ">=20"
   }

package/template/lambda-sqs-worker/serverless.yml

@@ -173,7 +173,7 @@ resources:
     #   Properties:
     #     Endpoint: !GetAtt MessageQueue.Arn
     #     Protocol: sqs
-    #     RawMessageDelivery: true # Remove this property if you require end to end datadog tracing
+    #     RawMessageDelivery: true
     #     TopicArn: 'TODO: sourceSnsTopicArn'
 
     DestinationTopic:

package/template/lambda-sqs-worker-cdk/infra/__snapshots__/appStack.test.ts.snap

@@ -10,40 +10,6 @@ exports[`returns expected CloudFormation stack for dev 1`] = `
     },
   },
   "Resources": {
-    "datadogapikeysecret046FEF06": {
-      "DeletionPolicy": "Delete",
-      "Properties": {
-        "GenerateSecretString": {},
-      },
-      "Type": "AWS::SecretsManager::Secret",
-      "UpdateReplacePolicy": "Delete",
-    },
-    "destinationtopicDCE2E0B8": {
-      "Properties": {
-        "KmsMasterKeyId": {
-          "Fn::Join": [
-            "",
-            [
-              "arn:",
-              {
-                "Ref": "AWS::Partition",
-              },
-              ":kms:",
-              {
-                "Ref": "AWS::Region",
-              },
-              ":",
-              {
-                "Ref": "AWS::AccountId",
-              },
-              ":alias/aws/sns",
-            ],
-          ],
-        },
-        "TopicName": "serviceName",
-      },
-      "Type": "AWS::SNS::Topic",
-    },
     "kmskey49FBC3B3": {
       "DeletionPolicy": "Retain",
       "Properties": {
@@ -139,6 +105,17 @@ exports[`returns expected CloudFormation stack for dev 1`] = `
               },
               "Resource": "*",
             },
+            {
+              "Action": [
+                "kms:Decrypt",
+                "kms:GenerateDataKey",
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "sns.amazonaws.com",
+              },
+              "Resource": "*",
+            },
           ],
           "Version": "2012-10-17",
         },
@@ -158,6 +135,9 @@ exports[`returns expected CloudFormation stack for dev 1`] = `
       },
       "Type": "AWS::KMS::Alias",
     },
+    "sourcetopic7C3DC892": {
+      "Type": "AWS::SNS::Topic",
+    },
     "worker28EA3E30": {
       "DependsOn": [
         "workerServiceRoleDefaultPolicyBA498553",
@@ -176,9 +156,6 @@ exports[`returns expected CloudFormation stack for dev 1`] = `
         "Description": "Updated at 1212-12-12T12:12:12.121Z",
         "Environment": {
           "Variables": {
-            "DESTINATION_SNS_TOPIC_ARN": {
-              "Ref": "destinationtopicDCE2E0B8",
-            },
             "ENVIRONMENT": "dev",
             "NODE_ENV": "production",
             "NODE_OPTIONS": "--enable-source-maps",
@@ -194,20 +171,6 @@ exports[`returns expected CloudFormation stack for dev 1`] = `
             "Arn",
           ],
         },
-        "Layers": [
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:aws:lambda:",
-                {
-                  "Ref": "AWS::Region",
-                },
-                ":464622532012:layer:Datadog-Extension-ARM:58",
-              ],
-            ],
-          },
-        ],
         "ReservedConcurrentExecutions": 2,
         "Role": {
           "Fn::GetAtt": [
@@ -648,6 +611,59 @@ exports[`returns expected CloudFormation stack for dev 1`] = `
       "Type": "AWS::SQS::Queue",
       "UpdateReplacePolicy": "Delete",
     },
+    "workerqueuePolicy97054CB4": {
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sqs:SendMessage",
+              "Condition": {
+                "ArnEquals": {
+                  "aws:SourceArn": {
+                    "Ref": "sourcetopic7C3DC892",
+                  },
+                },
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "sns.amazonaws.com",
+              },
+              "Resource": {
+                "Fn::GetAtt": [
+                  "workerqueueA05CE5C6",
+                  "Arn",
+                ],
+              },
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "Queues": [
+          {
+            "Ref": "workerqueueA05CE5C6",
+          },
+        ],
+      },
+      "Type": "AWS::SQS::QueuePolicy",
+    },
+    "workerqueueappStacksourcetopic613C6BDBD2F224F5": {
+      "DependsOn": [
+        "workerqueuePolicy97054CB4",
+      ],
+      "Properties": {
+        "Endpoint": {
+          "Fn::GetAtt": [
+            "workerqueueA05CE5C6",
+            "Arn",
+          ],
+        },
+        "Protocol": "sqs",
+        "TopicArn": {
+          "Ref": "sourcetopic7C3DC892",
+        },
+      },
+      "Type": "AWS::SNS::Subscription",
+    },
     "workerqueuedeadletters83F3505C": {
       "DeletionPolicy": "Delete",
       "Properties": {
@@ -703,40 +719,6 @@ exports[`returns expected CloudFormation stack for prod 1`] = `
     },
   },
   "Resources": {
-    "datadogapikeysecret046FEF06": {
-      "DeletionPolicy": "Delete",
-      "Properties": {
-        "GenerateSecretString": {},
-      },
-      "Type": "AWS::SecretsManager::Secret",
-      "UpdateReplacePolicy": "Delete",
-    },
-    "destinationtopicDCE2E0B8": {
-      "Properties": {
-        "KmsMasterKeyId": {
-          "Fn::Join": [
-            "",
-            [
-              "arn:",
-              {
-                "Ref": "AWS::Partition",
-              },
-              ":kms:",
-              {
-                "Ref": "AWS::Region",
-              },
-              ":",
-              {
-                "Ref": "AWS::AccountId",
-              },
-              ":alias/aws/sns",
-            ],
-          ],
-        },
-        "TopicName": "serviceName",
-      },
-      "Type": "AWS::SNS::Topic",
-    },
     "kmskey49FBC3B3": {
       "DeletionPolicy": "Retain",
       "Properties": {
@@ -832,6 +814,17 @@ exports[`returns expected CloudFormation stack for prod 1`] = `
               },
               "Resource": "*",
             },
+            {
+              "Action": [
+                "kms:Decrypt",
+                "kms:GenerateDataKey",
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "sns.amazonaws.com",
+              },
+              "Resource": "*",
+            },
           ],
           "Version": "2012-10-17",
         },
@@ -851,6 +844,9 @@ exports[`returns expected CloudFormation stack for prod 1`] = `
       },
       "Type": "AWS::KMS::Alias",
     },
+    "sourcetopic7C3DC892": {
+      "Type": "AWS::SNS::Topic",
+    },
     "worker28EA3E30": {
       "DependsOn": [
         "workerServiceRoleDefaultPolicyBA498553",
@@ -869,9 +865,6 @@ exports[`returns expected CloudFormation stack for prod 1`] = `
         "Description": "Updated at 1212-12-12T12:12:12.121Z",
         "Environment": {
           "Variables": {
-            "DESTINATION_SNS_TOPIC_ARN": {
-              "Ref": "destinationtopicDCE2E0B8",
-            },
             "ENVIRONMENT": "prod",
             "NODE_ENV": "production",
             "NODE_OPTIONS": "--enable-source-maps",
@@ -887,20 +880,6 @@ exports[`returns expected CloudFormation stack for prod 1`] = `
             "Arn",
           ],
         },
-        "Layers": [
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:aws:lambda:",
-                {
-                  "Ref": "AWS::Region",
-                },
-                ":464622532012:layer:Datadog-Extension-ARM:58",
-              ],
-            ],
-          },
-        ],
         "ReservedConcurrentExecutions": 20,
         "Role": {
           "Fn::GetAtt": [
@@ -1341,6 +1320,59 @@ exports[`returns expected CloudFormation stack for prod 1`] = `
       "Type": "AWS::SQS::Queue",
       "UpdateReplacePolicy": "Delete",
     },
+    "workerqueuePolicy97054CB4": {
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sqs:SendMessage",
+              "Condition": {
+                "ArnEquals": {
+                  "aws:SourceArn": {
+                    "Ref": "sourcetopic7C3DC892",
+                  },
+                },
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "sns.amazonaws.com",
+              },
+              "Resource": {
+                "Fn::GetAtt": [
+                  "workerqueueA05CE5C6",
+                  "Arn",
+                ],
+              },
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "Queues": [
+          {
+            "Ref": "workerqueueA05CE5C6",
+          },
+        ],
+      },
+      "Type": "AWS::SQS::QueuePolicy",
+    },
+    "workerqueueappStacksourcetopic613C6BDBD2F224F5": {
+      "DependsOn": [
+        "workerqueuePolicy97054CB4",
+      ],
+      "Properties": {
+        "Endpoint": {
+          "Fn::GetAtt": [
+            "workerqueueA05CE5C6",
+            "Arn",
+          ],
+        },
+        "Protocol": "sqs",
+        "TopicArn": {
+          "Ref": "sourcetopic7C3DC892",
+        },
+      },
+      "Type": "AWS::SNS::Subscription",
+    },
     "workerqueuedeadletters83F3505C": {
       "DeletionPolicy": "Delete",
       "Properties": {

package/template/lambda-sqs-worker-cdk/infra/appStack.test.ts

@@ -1,4 +1,4 @@
-import { App, aws_secretsmanager, aws_sns } from 'aws-cdk-lib';
+import { App, aws_sns } from 'aws-cdk-lib';
 import { Template } from 'aws-cdk-lib/assertions';
 
 const currentDate = '1212-12-12T12:12:12.121Z';
@@ -36,12 +36,6 @@ it.each(['dev', 'prod'])(
       .spyOn(aws_sns.Topic, 'fromTopicArn')
       .mockImplementation((scope, id) => new aws_sns.Topic(scope, id));
 
-    jest
-      .spyOn(aws_secretsmanager.Secret, 'fromSecretPartialArn')
-      .mockImplementation(
-        (scope, id) => new aws_secretsmanager.Secret(scope, id),
-      );
-
     const app = new App();
 
     const stack = new AppStack(app, 'appStack');
@@ -53,18 +47,13 @@ it.each(['dev', 'prod'])(
         /"S3Key":"([0-9a-f]+)\.zip"/g,
         (_, hash) => `"S3Key":"${'x'.repeat(hash.length)}.zip"`,
       )
-      .replace(
+      .replaceAll(
         /workerCurrentVersion([0-9a-zA-Z]+)"/g,
         (_, hash) => `workerCurrentVersion${'x'.repeat(hash.length)}"`,
       )
       .replaceAll(
         /"Value":"\d+\.\d+\.\d+-([^"]+)"/g,
         (_, hash) => `"Value": "x.x.x-${'x'.repeat(hash.length)}"`,
-      )
-      .replace(
-        /"DD_TAGS":"git.commit.sha:([0-9a-f]+),git.repository_url:([^\"]+)"/g,
-        (_, sha, url) =>
-          `"DD_TAGS":"git.commit.sha:${'x'.repeat(sha.length)},git.repository_url:${'x'.repeat(url.length)}"`,
       );
     expect(JSON.parse(json)).toMatchSnapshot();
   },

package/template/lambda-sqs-worker-cdk/infra/appStack.ts

@@ -8,12 +8,11 @@ import {
   aws_lambda,
   aws_lambda_event_sources,
   aws_lambda_nodejs,
-  aws_secretsmanager,
   aws_sns,
+  aws_sns_subscriptions,
   aws_sqs,
 } from 'aws-cdk-lib';
 import type { Construct } from 'constructs';
-import { Datadog, getExtensionLayerArn } from 'datadog-cdk-constructs-v2';
 
 import { config } from './config';
 
@@ -50,42 +49,13 @@ export class AppStack extends Stack {
       encryptionMasterKey: kmsKey,
     });
 
-    // const topic = aws_sns.Topic.fromTopicArn(
-    //   this,
-    //   'source-topic',
-    //   config.sourceSnsTopicArn,
-    // );
-
-    // topic.addSubscription(
-    //   new aws_sns_subscriptions.SqsSubscription(queue, {
-    //     rawMessageDelivery: true, // Remove this property if you require end to end datadog tracing
-    //   }),
-    // );
-
-    const snsKey = aws_kms.Alias.fromAliasName(
+    const topic = aws_sns.Topic.fromTopicArn(
       this,
-      'alias-aws-sns',
-      'alias/aws/sns',
+      'source-topic',
+      config.sourceSnsTopicArn,
     );
 
-    const destinationTopic = new aws_sns.Topic(this, 'destination-topic', {
-      masterKey: snsKey,
-      topicName: '<%- serviceName %>',
-    });
-
-    const datadogSecret = aws_secretsmanager.Secret.fromSecretPartialArn(
-      this,
-      'datadog-api-key-secret',
-      config.datadogApiKeySecretArn,
-    );
-
-    const datadog = new Datadog(this, 'datadog', {
-      apiKeySecret: datadogSecret,
-      addLayers: false,
-      enableDatadogLogs: false,
-      flushMetricsToLogs: false,
-      extensionLayerVersion: 58,
-    });
+    topic.addSubscription(new aws_sns_subscriptions.SqsSubscription(queue));
 
     const architecture = '<%- lambdaCdkArchitecture %>';
 
@@ -115,33 +85,17 @@ export class AppStack extends Stack {
       ...defaultWorkerConfig,
       entry: './src/app.ts',
       timeout: Duration.seconds(30),
-      bundling: {
-        ...defaultWorkerBundlingConfig,
-        nodeModules: ['datadog-lambda-js', 'dd-trace'],
-      },
+      bundling: defaultWorkerBundlingConfig,
       functionName: '<%- serviceName %>',
       environment: {
         ...defaultWorkerEnvironment,
         ...config.workerLambda.environment,
-        DESTINATION_SNS_TOPIC_ARN: destinationTopic.topicArn,
       },
       // https://github.com/aws/aws-cdk/issues/28237
       // This forces the lambda to be updated on every deployment
       // If you do not wish to use hotswap, you can remove the new Date().toISOString() from the description
       description: `Updated at ${new Date().toISOString()}`,
       reservedConcurrentExecutions: config.workerLambda.reservedConcurrency,
-      layers: [
-        // Workaround for https://github.com/DataDog/datadog-cdk-constructs/issues/201
-        aws_lambda.LayerVersion.fromLayerVersionArn(
-          this,
-          'datadog-layer',
-          getExtensionLayerArn(
-            this.region,
-            datadog.props.extensionLayerVersion as number,
-            defaultWorkerConfig.architecture === aws_lambda.Architecture.ARM_64,
-          ),
-        ),
-      ],
     });
 
     const workerDeployment = new LambdaDeployment(this, 'workerDeployment', {

package/template/lambda-sqs-worker-cdk/infra/config.ts

@@ -16,7 +16,6 @@ interface Config {
       VERSION: string;
     };
   };
-  datadogApiKeySecretArn: string;
   sourceSnsTopicArn: string;
 }
 
@@ -31,7 +30,6 @@ const configs: Record<Environment, Config> = {
         VERSION: Env.string('VERSION', { default: 'local' }),
       },
     },
-    datadogApiKeySecretArn: 'TODO: datadogApiKeySecretArn',
     sourceSnsTopicArn: 'TODO: sourceSnsTopicArn',
   },
   prod: {
@@ -44,7 +42,6 @@ const configs: Record<Environment, Config> = {
         VERSION: Env.string('VERSION', { default: 'local' }),
       },
     },
-    datadogApiKeySecretArn: 'TODO: datadogApiKeySecretArn',
     sourceSnsTopicArn: 'TODO: sourceSnsTopicArn',
   },
 };

package/template/lambda-sqs-worker-cdk/package.json

@@ -17,27 +17,20 @@
     "@aws-sdk/client-lambda": "^3.363.0",
     "@aws-sdk/client-sns": "^3.363.0",
     "@seek/logger": "^9.0.0",
-    "datadog-lambda-js": "^8.0.0",
-    "dd-trace": "^5.0.0",
     "skuba-dive": "^2.0.0",
     "zod": "^3.19.1"
   },
   "devDependencies": {
     "@seek/aws-codedeploy-infra": "^2.1.0",
     "@types/aws-lambda": "^8.10.82",
-    "@types/chance": "^1.1.3",
     "@types/node": "^20.16.5",
     "aws-cdk": "^2.109.0",
     "aws-cdk-lib": "^2.109.0",
-    "aws-sdk-client-mock": "^4.0.0",
-    "aws-sdk-client-mock-jest": "^4.0.0",
-    "chance": "^1.1.8",
     "constructs": "^10.0.17",
-    "datadog-cdk-constructs-v2": "^1.13.0",
     "pino-pretty": "^11.0.0",
-    "skuba": "9.0.1-upgrade-cdk-template-20241002233314"
+    "skuba": "*"
   },
-  "packageManager": "pnpm@9.11.0",
+  "packageManager": "pnpm@9.12.0",
   "engines": {
     "node": ">=20"
   }