|
| 1 | +version: 0.2 |
| 2 | + |
| 3 | +env: |
| 4 | + variables: |
| 5 | + NODE_OPTIONS: "--max-old-space-size=4096" |
| 6 | + BRANCH: "master" |
| 7 | + secrets-manager: |
| 8 | + OTP_SECRET_KEY: npm/aws-crypto-tools-ci-bot/2FA:OTP_SECRET_KEY |
| 9 | + NPM_TOKEN: npm/aws-crypto-tools-ci-bot/2FA:NPM_TOKEN |
| 10 | + git-credential-helper: yes |
| 11 | + |
| 12 | +phases: |
| 13 | + install: |
| 14 | + commands: |
| 15 | + - npm ci --unsafe-perm |
| 16 | + # Install `otplib` to extract the OTP from the npm 2FA secret |
| 17 | + - npm install otplib --no-save |
| 18 | + - npm run build |
| 19 | + runtime-versions: |
| 20 | + nodejs: 14 |
| 21 | + pre_build: |
| 22 | + commands: |
| 23 | + - git config --global user.name "aws-crypto-tools-ci-bot" |
| 24 | + - git config --global user.email "[email protected]" |
| 25 | + - git checkout $BRANCH |
| 26 | + build: |
| 27 | + commands: |
| 28 | + # Pre-check, make sure everything is happy |
| 29 | + - npm test |
| 30 | + - npm run test_conditions |
| 31 | + # Publish to a local verdaccio server and run all tests against it |
| 32 | + - npm run verdaccio |
| 33 | + # Generate new version and CHANGELOG entry and push it |
| 34 | + - npx lerna version --conventional-commits --git-remote origin --yes |
| 35 | + # Log the commit for posterity |
| 36 | + - git log -n 1 |
| 37 | + # Extract the otp using the secrets environment variables from above. |
| 38 | + # This will wait for the next token. This is because npm uses |
| 39 | + # TOTP and the tokens time out after 30 seconds. If the process just |
| 40 | + # extracted the token then the lifetime for this token |
| 41 | + # would be very random. This will maximize the amount of time |
| 42 | + # available on the OTP to publish. |
| 43 | + - >- |
| 44 | + OTP=`node -e " |
| 45 | + auth=require('otplib').authenticator; |
| 46 | + setTimeout(() => |
| 47 | + console.log(auth.generate(process.env.OTP_SECRET_KEY)), |
| 48 | + auth.timeRemaining() * 1000); |
| 49 | + "` |
| 50 | + # Now we publish to npm. |
| 51 | + # This is going to use the OTP generated above and the NPM_TOKEN |
| 52 | + # environment variable. This will only publish things that are |
| 53 | + # missing from npm. It is therefore safe to run repeatedly. |
| 54 | + - npx lerna publish from-package --yes --otp $OTP |
| 55 | + # Clear out the verdaccio cache so that we get the latest version |
| 56 | + # of everything from public npm |
| 57 | + - rm -rf verdaccio/storage/ |
| 58 | + # Since the cache is empty, and we don't call `verdaccio-publish` |
| 59 | + # this will run the integrations from the public code in npm |
| 60 | + - npx run-s verdaccio-publish-* |
| 61 | + |
| 62 | + |
| 63 | +# Batching is technically unnecessary for now since we have just the one |
| 64 | +# buildspec, but leaving it in place makes it easier to extend later on |
| 65 | +batch: |
| 66 | + fast-fail: true |
| 67 | + build-graph: |
| 68 | + - identifier: release_to_prod |
0 commit comments