diff --git a/.github/release-drafter-config.yml b/.github/release-drafter-config.yml new file mode 100644 index 0000000..f72741a --- /dev/null +++ b/.github/release-drafter-config.yml @@ -0,0 +1,48 @@ +name-template: '$RESOLVED_VERSION 🌈' +tag-template: '$RESOLVED_VERSION' +categories: + - title: '🚀 Features' + labels: + - 'feature' + - 'enhancement' + - title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - title: '🧰 Maintenance' + label: 'chore' +change-template: '- $TITLE @$AUTHOR (#$NUMBER)' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + patch: + labels: + - 'patch' + default: patch +autolabeler: + - label: 'chore' + files: + - '*.md' + branch: + - '/docs{0,1}\/.+/' + - label: 'bug' + branch: + - '/fix\/.+/' + title: + - '/fix/i' + - label: 'enhancement' + branch: + - '/feature\/.+/' + - '/feat\/.+/' + title: + - '/feat:.+/' +template: | + ## Changes + + $CHANGES diff --git a/.github/workflows/auto-labeler.yaml b/.github/workflows/auto-labeler.yaml new file mode 100644 index 0000000..f134cf8 --- /dev/null +++ b/.github/workflows/auto-labeler.yaml @@ -0,0 +1,21 @@ +name: Auto Labeler +on: + pull_request: + types: [opened, reopened, synchronize] + +permissions: + contents: read + +jobs: + auto-labeler: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + config-name: release-drafter-config.yml + disable-releaser: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/job-build.yaml b/.github/workflows/job-build.yaml new file mode 100644 index 0000000..1971c9a --- /dev/null +++ b/.github/workflows/job-build.yaml @@ -0,0 +1,55 @@ +name: Build +on: + workflow_call: +jobs: + build: + name: Build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-node@v4 + with: + node-version: '${{ env.NODE_VERSION }}' + registry-url: '${{ env.NODE_REGISTRY }}' + + - uses: pnpm/action-setup@v4 + name: Install pnpm + with: + version: ${{ env.PNPM_VERSION }} + run_install: false + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache@v4 + name: Setup pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Install dependencies + run: pnpm install + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Build + run: pnpm build + + - name: Run tests + run: pnpm test + + - uses: actions/upload-artifact@v4 + with: + name: lib + retention-days: 5 + path: | + packages/*/dist + extensions/*/dist + server/*/dist + package.json + README.md diff --git a/.github/workflows/job-draft-release.yaml b/.github/workflows/job-draft-release.yaml new file mode 100644 index 0000000..852935d --- /dev/null +++ b/.github/workflows/job-draft-release.yaml @@ -0,0 +1,18 @@ +name: Draft release +on: + workflow_call: +jobs: + draft-release: + name: Update release drafter + permissions: + contents: write + pull-requests: write + environment: release + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v6 + with: + config-name: release-drafter-config.yml + publish: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pipeline-default.yaml b/.github/workflows/pipeline-default.yaml new file mode 100644 index 0000000..fbca04d --- /dev/null +++ b/.github/workflows/pipeline-default.yaml @@ -0,0 +1,114 @@ +name: Build and release + +on: + push: + branches: + - main + pull_request: + types: + - opened + - synchronize + +env: + environment: test + release_channel: latest + DO_NOT_TRACK: '1' + NODE_VERSION: '23.x' + NODE_REGISTRY: 'https://registry.npmjs.org' + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + DOCKER_REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + PNPM_VERSION: 10.6.0 + +permissions: + contents: write + packages: read + pull-requests: write + id-token: write + actions: read + security-events: write +jobs: + build: + uses: ./.github/workflows/job-build.yaml + name: Build + + update-release-draft: + needs: build + if: github.ref == 'refs/heads/main' + uses: ./.github/workflows/job-draft-release.yaml + + release: + permissions: + contents: read + packages: write + attestations: write + id-token: write + pages: write + name: Release + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + needs: update-release-draft + environment: release + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: actions/setup-node@v4 + with: + node-version: '${{ env.NODE_VERSION }}' + registry-url: '${{ env.NODE_REGISTRY }}' + + - uses: pnpm/action-setup@v4 + name: Install pnpm + with: + version: ${{ env.PNPM_VERSION }} + run_install: false + + - name: Install dependencies + run: pnpm install + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - uses: actions/download-artifact@v4 + with: + name: lib + path: ./ + + - name: Publish to npm + run: | + git config user.name "Github Actions Bot" + git config user.email "<>" + node ./scripts/set-version.mjs $(git describe --tag --abbrev=0) + pnpm publish -r --no-git-checks --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # - name: Generate artifact attestation + # uses: actions/attest-build-provenance@v2 + # with: + # subject-name: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME}} + # subject-digest: ${{ steps.push.outputs.digest }} + # push-to-registry: true diff --git a/README.md b/README.md index d3684ec..541e4f9 100644 --- a/README.md +++ b/README.md @@ -186,9 +186,3 @@ with-ssm -- docker-compose up # Deploy with production secrets with-ssm --profile production -- npm run deploy ``` - ---- - -**Pro tip:** Create a `.env.with-ssm` file for your SSM references and keep your -regular `.env` file for non-sensitive local overrides. This gives you the best -of both worlds! 🎉 diff --git a/package.json b/package.json index 2ce07c3..7d1cf4e 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "typescript-eslint": "8.39.0", "vitest": "3.2.4" }, - "name": "@0north/with-ssm", + "name": "@morten-olsen/with-ssm", "version": "1.0.0", "dependencies": { "@aws-sdk/client-ssm": "^3.859.0", diff --git a/scripts/set-version.mjs b/scripts/set-version.mjs new file mode 100644 index 0000000..a929598 --- /dev/null +++ b/scripts/set-version.mjs @@ -0,0 +1,16 @@ +import { readFile, writeFile } from 'fs/promises'; +import { join } from 'path'; +import process from 'process'; + +import { findWorkspacePackages } from '@pnpm/find-workspace-packages'; + +const packages = await findWorkspacePackages(process.cwd()); + +for (const pkg of packages) { + const pkgPath = join(pkg.dir, 'package.json'); + const pkgJson = JSON.parse(await readFile(pkgPath, 'utf-8')); + + pkgJson.version = process.argv[2]; + + await writeFile(pkgPath, JSON.stringify(pkgJson, null, 2) + '\n'); +}