add deployment

.github/release-drafter-config.yml

@@ -0,0 +1,48 @@
+name-template: '$RESOLVED_VERSION 🌈'
+tag-template: '$RESOLVED_VERSION'
+categories:
+  - title: '🚀 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+  - title: '🐛 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧰 Maintenance'
+    label: 'chore'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
+autolabeler:
+  - label: 'chore'
+    files:
+      - '*.md'
+    branch:
+      - '/docs{0,1}\/.+/'
+  - label: 'bug'
+    branch:
+      - '/fix\/.+/'
+    title:
+      - '/fix/i'
+  - label: 'enhancement'
+    branch:
+      - '/feature\/.+/'
+      - '/feat\/.+/'
+    title:
+      - '/feat:.+/'
+template: |
+  ## Changes
+
+  $CHANGES

.github/workflows/auto-labeler.yaml

@@ -0,0 +1,21 @@
+name: Auto Labeler
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+
+jobs:
+  auto-labeler:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter-config.yml
+          disable-releaser: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/job-build.yaml

@@ -0,0 +1,55 @@
+name: Build
+on:
+  workflow_call:
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '${{ env.NODE_VERSION }}'
+          registry-url: '${{ env.NODE_REGISTRY }}'
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          version: ${{ env.PNPM_VERSION }}
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - uses: actions/cache@v4
+        name: Setup pnpm cache
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Build
+        run: pnpm build
+
+      - name: Run tests
+        run: pnpm test
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: lib
+          retention-days: 5
+          path: |
+            packages/*/dist 
+            extensions/*/dist 
+            server/*/dist 
+            package.json
+            README.md

.github/workflows/job-draft-release.yaml

@@ -0,0 +1,18 @@
+name: Draft release
+on:
+  workflow_call:
+jobs:
+  draft-release:
+    name: Update release drafter
+    permissions:
+      contents: write
+      pull-requests: write
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter-config.yml
+          publish: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pipeline-default.yaml

@@ -0,0 +1,114 @@
+name: Build and release
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+env:
+  environment: test
+  release_channel: latest
+  DO_NOT_TRACK: '1'
+  NODE_VERSION: '23.x'
+  NODE_REGISTRY: 'https://registry.npmjs.org'
+  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+  DOCKER_REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  PNPM_VERSION: 10.6.0
+
+permissions:
+  contents: write
+  packages: read
+  pull-requests: write
+  id-token: write
+  actions: read
+  security-events: write
+jobs:
+  build:
+    uses: ./.github/workflows/job-build.yaml
+    name: Build
+
+  update-release-draft:
+    needs: build
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/job-draft-release.yaml
+
+  release:
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+      pages: write
+    name: Release
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    needs: update-release-draft
+    environment: release
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '${{ env.NODE_VERSION }}'
+          registry-url: '${{ env.NODE_REGISTRY }}'
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          version: ${{ env.PNPM_VERSION }}
+          run_install: false
+
+      - name: Install dependencies
+        run: pnpm install
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: lib
+          path: ./
+
+      - name: Publish to npm
+        run: |
+          git config user.name "Github Actions Bot"
+          git config user.email "<>"
+          node ./scripts/set-version.mjs $(git describe --tag --abbrev=0)
+          pnpm publish -r --no-git-checks --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.DOCKER_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # - name: Generate artifact attestation
+      #   uses: actions/attest-build-provenance@v2
+      #   with:
+      #     subject-name: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME}}
+      #     subject-digest: ${{ steps.push.outputs.digest }}
+      #     push-to-registry: true

README.md

@@ -186,9 +186,3 @@ with-ssm -- docker-compose up
 # Deploy with production secrets
 with-ssm --profile production -- npm run deploy
 ```
-
----
-
-**Pro tip:** Create a `.env.with-ssm` file for your SSM references and keep your
-regular `.env` file for non-sensitive local overrides. This gives you the best
-of both worlds! 🎉

package.json

@@ -30,7 +30,7 @@
     "typescript-eslint": "8.39.0",
     "vitest": "3.2.4"
   },
-  "name": "@0north/with-ssm",
+  "name": "@morten-olsen/with-ssm",
   "version": "1.0.0",
   "dependencies": {
     "@aws-sdk/client-ssm": "^3.859.0",

scripts/set-version.mjs

@@ -0,0 +1,16 @@
+import { readFile, writeFile } from 'fs/promises';
+import { join } from 'path';
+import process from 'process';
+
+import { findWorkspacePackages } from '@pnpm/find-workspace-packages';
+
+const packages = await findWorkspacePackages(process.cwd());
+
+for (const pkg of packages) {
+  const pkgPath = join(pkg.dir, 'package.json');
+  const pkgJson = JSON.parse(await readFile(pkgPath, 'utf-8'));
+
+  pkgJson.version = process.argv[2];
+
+  await writeFile(pkgPath, JSON.stringify(pkgJson, null, 2) + '\n');
+}