Skip to content

Commit

Permalink
v1.1.0
Browse files Browse the repository at this point in the history
This release marks the beginning of the history of this repo.
Prior to this, the repo was littered with test commits made when
developing the CI pipeline. This really should have been in a different
repo but, oh well, here we are. The PyPI and NPM packages have been
published with prior versions and there's no undoing that. So here's
to the future. 🌱
  • Loading branch information
alukach committed Oct 25, 2022
0 parents commit 266b1dd
Showing 15 changed files with 15,911 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "VS Code DEV Container for AWS CDK development",
"image": "jsii/superchain:1-buster-slim-node16"
}
99 changes: 99 additions & 0 deletions .github/workflows/distribute.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
name: Distribute

on:
release:
types:
- released

jobs:
package:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- uses: actions/setup-node@v3
with:
node-version: 16
cache: "npm"

- name: Install Dependencies
run: npm ci

- name: Compile project
run: npm run build

- name: Generate distribution packages
run: npm run package

- name: Generate documentation
run: npm run docgen

- uses: actions/upload-artifact@v3
with:
name: docs
path: docs

- uses: actions/upload-artifact@v3
with:
name: python
path: dist/python/*

- uses: actions/upload-artifact@v3
with:
name: js
path: dist/js/*

- uses: actions/upload-artifact@v3
with:
name: jsii
path: .jsii

update-docs:
runs-on: ubuntu-latest
needs: package
steps:
- uses: actions/checkout@v3

- uses: actions/download-artifact@v3
with:
name: docs

- name: Deploy 🚀
uses: JamesIves/github-pages-deploy-action@v4
with:
folder: docs

distribute-python:
runs-on: ubuntu-latest
needs: package
steps:
- uses: actions/download-artifact@v3
with:
name: python
path: dist

- run: pip install twine

- run: twine upload dist/*
env:
github_token: ${{ secrets.GITHUB_TOKEN }}
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}

distribute-js:
runs-on: ubuntu-latest
needs: package
steps:
- uses: actions/download-artifact@v3
with:
name: js
path: dist

- uses: actions/setup-node@v3
with:
node-version: 16
registry-url: 'https://registry.npmjs.org'

- run: npm publish dist/*
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
71 changes: 71 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: Test & Build

on:
push:

jobs:
test-build:
runs-on: ubuntu-latest
steps:
# To make git commits made by semantic-release be made to our bot and not
# "github-actions" user which doesn't trigger other Action Workflows.
# https://github.com/semantic-release/semantic-release/discussions/1906#discussioncomment-656651
- name: Checkout
uses: actions/checkout@v3
with:
persist-credentials: false

- uses: actions/setup-node@v3
with:
node-version: 16
cache: "npm"

- name: Install Dependencies
run: npm ci

- name: Compile project
run: npm run build

- name: Generate distribution packages
run: npm run package

- name: Generate documentation
run: npm run docgen

- uses: actions/upload-artifact@v3
with:
name: docs
path: |
docs
- uses: actions/upload-artifact@v3
with:
name: python
path: |
dist/python/*
- uses: actions/upload-artifact@v3
with:
name: js
path: |
dist/js/*
- uses: actions/upload-artifact@v3
with:
name: jsii
path: |
.jsii
- name: Get Release Bot Token
id: get-token
uses: getsentry/action-github-app-token@v1
with:
app_id: ${{ secrets.DS_RELEASE_BOT_ID }}
private_key: ${{ secrets.DS_RELEASE_BOT_PRIVATE_KEY }}

- name: Maybe Release 🚀
if: github.ref == 'refs/heads/main'
run: |
npm run semantic-release
env:
GITHUB_TOKEN: ${{ steps.get-token.outputs.token }}
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
node_modules/
tsconfig.*
lib/**/*.js
lib/**/*.d.ts
.jsii
dist
docs
15 changes: 15 additions & 0 deletions .npmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@

# Exclude typescript source and config
*.ts
tsconfig.json

# Include javascript files and typescript declarations
!*.js
!*.d.ts

# Exclude jsii outdir
dist

# Include .jsii and .jsii.gz
!.jsii
!.jsii.gz
1 change: 1 addition & 0 deletions .nvmrc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
18
Empty file added CHANGELOG.md
Empty file.
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# pgSTAC CDK construct

## Published Packages

- https://pypi.org/project/cdk-seed.pgstac-cdk-construct/
- https://www.npmjs.com/package/pgstac-cdk-construct

## Release

Versioning is automatically handled via [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and [Semantic Release](https://semantic-release.gitbook.io/semantic-release/).

A warning: If you rebase `main`, you must ensure that the commits referenced by tags point to commits that are within the `main` branch. If a commit references a commit that is no longer on the `main` branch, Semantic Release will fail to detect the correct version of the project. [More information](https://github.com/semantic-release/semantic-release/issues/1121#issuecomment-517945233).
137 changes: 137 additions & 0 deletions lib/bootstrap-pgstac/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
import {
aws_ec2,
aws_rds,
aws_lambda,
aws_logs,
aws_secretsmanager,
CustomResource,
Duration,
Stack,
RemovalPolicy,
} from "aws-cdk-lib";
import { Construct } from "constructs";

function hasVpc(
instance: aws_rds.DatabaseInstance | aws_rds.IDatabaseInstance
): instance is aws_rds.DatabaseInstance {
return (instance as aws_rds.DatabaseInstance).vpc !== undefined;
}

/**
* Bootstraps a database instance, installing pgSTAC onto the database.
*/
export class BootstrapPgStac extends Construct {
secret: aws_secretsmanager.ISecret;

constructor(scope: Construct, id: string, props: BootstrapPgStacProps) {
super(scope, id);

const handler = new aws_lambda.Function(this, "lambda", {
handler: "handler.handler",
runtime: aws_lambda.Runtime.PYTHON_3_8,
code: aws_lambda.Code.fromDockerBuild(__dirname, {
file: "runtime/Dockerfile",
buildArgs: { PGSTAC_VERSION: props.pgstacVersion },
}),
timeout: Duration.minutes(2),
vpc: hasVpc(props.database) ? props.database.vpc : props.vpc,
logRetention: aws_logs.RetentionDays.ONE_WEEK,
});

this.secret = new aws_secretsmanager.Secret(this, "secret", {
secretName: [
props.secretsPrefix || "pgstac",
id,
this.node.addr.slice(-8),
].join("/"),
generateSecretString: {
secretStringTemplate: JSON.stringify({
dbname: props.pgstacDbName || "pgstac",
engine: "postgres",
port: 5432,
host: props.database.instanceEndpoint.hostname,
username: props.pgstacUsername || "pgstac_user",
}),
generateStringKey: "password",
excludePunctuation: true,
},
description: `PgSTAC database bootstrapped by ${
Stack.of(this).stackName
}`,
});

// Allow lambda to...
// read new user secret
this.secret.grantRead(handler);
// read database secret
props.dbSecret.grantRead(handler);
// connect to database
props.database.connections.allowFrom(handler, aws_ec2.Port.tcp(5432));

// this.connections = props.database.connections;
new CustomResource(this, "bootstrapper", {
serviceToken: handler.functionArn,
properties: {
// By setting pgstac_version in the properties assures
// that Create/Update events will be passed to the service token
pgstac_version: props.pgstacVersion,
conn_secret_arn: props.dbSecret.secretArn,
new_user_secret_arn: this.secret.secretArn,
},
removalPolicy: RemovalPolicy.RETAIN, // This retains the custom resource (which doesn't really exist), not the database
});
}
}

export interface BootstrapPgStacProps {
/**
* VPC in which the database resides.
*
* Note - Must be explicitely set if the `database` only conforms to the
* `aws_rds.IDatabaseInstace` interface (ie it is a reference to a database instance
* rather than a database instance.)
*
* @default - `vpc` property of the `database` instance provided.
*/
readonly vpc?: aws_ec2.IVpc;

/**
* Database onto which pgSTAC should be installed.
*/
readonly database: aws_rds.DatabaseInstance | aws_rds.IDatabaseInstance;

/**
* Secret containing valid connection details for the database instance. Secret must
* conform to the format of CDK's `DatabaseInstance` (i.e. a JSON object containing a
* `username`, `password`, `host`, `port`, and optionally a `dbname`). If a `dbname`
* property is not specified within the secret, the bootstrapper will attempt to
* connect to a database with the name of `"postgres"`.
*/
readonly dbSecret: aws_secretsmanager.ISecret;

/**
* Name of database that is to be created and onto which pgSTAC will be installed.
*
* @default - "pgstac"
*/
readonly pgstacDbName?: string;

/**
* Name of user that will be generated for connecting to the pgSTAC database.
*
* @default - "pgstac_user"
*/
readonly pgstacUsername?: string;

/**
* pgSTAC version to be installed.
*/
readonly pgstacVersion: string;

/**
* Prefix to assign to the generated `secrets_manager.Secret`
*
* @default - "pgstac"
*/
readonly secretsPrefix: string;
}
14 changes: 14 additions & 0 deletions lib/bootstrap-pgstac/runtime/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM lambci/lambda:build-python3.8

ARG PGSTAC_VERSION
RUN echo "Using PGSTAC Version ${PGSTAC_VERSION}"

WORKDIR /tmp

RUN pip install requests psycopg[binary,pool] pypgstac==${PGSTAC_VERSION} -t /asset

COPY runtime/handler.py /asset/handler.py

# https://stackoverflow.com/a/61746719
# Tip from eoAPI: turns out, asyncio is part of python
RUN rm -rf /asset/asyncio*
Loading

0 comments on commit 266b1dd

Please sign in to comment.