-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This release marks the beginning of the history of this repo. Prior to this, the repo was littered with test commits made when developing the CI pipeline. This really should have been in a different repo but, oh well, here we are. The PyPI and NPM packages have been published with prior versions and there's no undoing that. So here's to the future. 🌱
- Loading branch information
0 parents
commit 266b1dd
Showing
15 changed files
with
15,911 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
{ | ||
"name": "VS Code DEV Container for AWS CDK development", | ||
"image": "jsii/superchain:1-buster-slim-node16" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
name: Distribute | ||
|
||
on: | ||
release: | ||
types: | ||
- released | ||
|
||
jobs: | ||
package: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: 16 | ||
cache: "npm" | ||
|
||
- name: Install Dependencies | ||
run: npm ci | ||
|
||
- name: Compile project | ||
run: npm run build | ||
|
||
- name: Generate distribution packages | ||
run: npm run package | ||
|
||
- name: Generate documentation | ||
run: npm run docgen | ||
|
||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: docs | ||
path: docs | ||
|
||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: python | ||
path: dist/python/* | ||
|
||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: js | ||
path: dist/js/* | ||
|
||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: jsii | ||
path: .jsii | ||
|
||
update-docs: | ||
runs-on: ubuntu-latest | ||
needs: package | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- uses: actions/download-artifact@v3 | ||
with: | ||
name: docs | ||
|
||
- name: Deploy 🚀 | ||
uses: JamesIves/github-pages-deploy-action@v4 | ||
with: | ||
folder: docs | ||
|
||
distribute-python: | ||
runs-on: ubuntu-latest | ||
needs: package | ||
steps: | ||
- uses: actions/download-artifact@v3 | ||
with: | ||
name: python | ||
path: dist | ||
|
||
- run: pip install twine | ||
|
||
- run: twine upload dist/* | ||
env: | ||
github_token: ${{ secrets.GITHUB_TOKEN }} | ||
TWINE_USERNAME: __token__ | ||
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} | ||
|
||
distribute-js: | ||
runs-on: ubuntu-latest | ||
needs: package | ||
steps: | ||
- uses: actions/download-artifact@v3 | ||
with: | ||
name: js | ||
path: dist | ||
|
||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: 16 | ||
registry-url: 'https://registry.npmjs.org' | ||
|
||
- run: npm publish dist/* | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
name: Test & Build | ||
|
||
on: | ||
push: | ||
|
||
jobs: | ||
test-build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
# To make git commits made by semantic-release be made to our bot and not | ||
# "github-actions" user which doesn't trigger other Action Workflows. | ||
# https://github.com/semantic-release/semantic-release/discussions/1906#discussioncomment-656651 | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
persist-credentials: false | ||
|
||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: 16 | ||
cache: "npm" | ||
|
||
- name: Install Dependencies | ||
run: npm ci | ||
|
||
- name: Compile project | ||
run: npm run build | ||
|
||
- name: Generate distribution packages | ||
run: npm run package | ||
|
||
- name: Generate documentation | ||
run: npm run docgen | ||
|
||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: docs | ||
path: | | ||
docs | ||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: python | ||
path: | | ||
dist/python/* | ||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: js | ||
path: | | ||
dist/js/* | ||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: jsii | ||
path: | | ||
.jsii | ||
- name: Get Release Bot Token | ||
id: get-token | ||
uses: getsentry/action-github-app-token@v1 | ||
with: | ||
app_id: ${{ secrets.DS_RELEASE_BOT_ID }} | ||
private_key: ${{ secrets.DS_RELEASE_BOT_PRIVATE_KEY }} | ||
|
||
- name: Maybe Release 🚀 | ||
if: github.ref == 'refs/heads/main' | ||
run: | | ||
npm run semantic-release | ||
env: | ||
GITHUB_TOKEN: ${{ steps.get-token.outputs.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
node_modules/ | ||
tsconfig.* | ||
lib/**/*.js | ||
lib/**/*.d.ts | ||
.jsii | ||
dist | ||
docs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
|
||
# Exclude typescript source and config | ||
*.ts | ||
tsconfig.json | ||
|
||
# Include javascript files and typescript declarations | ||
!*.js | ||
!*.d.ts | ||
|
||
# Exclude jsii outdir | ||
dist | ||
|
||
# Include .jsii and .jsii.gz | ||
!.jsii | ||
!.jsii.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
18 |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# pgSTAC CDK construct | ||
|
||
## Published Packages | ||
|
||
- https://pypi.org/project/cdk-seed.pgstac-cdk-construct/ | ||
- https://www.npmjs.com/package/pgstac-cdk-construct | ||
|
||
## Release | ||
|
||
Versioning is automatically handled via [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and [Semantic Release](https://semantic-release.gitbook.io/semantic-release/). | ||
|
||
A warning: If you rebase `main`, you must ensure that the commits referenced by tags point to commits that are within the `main` branch. If a commit references a commit that is no longer on the `main` branch, Semantic Release will fail to detect the correct version of the project. [More information](https://github.com/semantic-release/semantic-release/issues/1121#issuecomment-517945233). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
import { | ||
aws_ec2, | ||
aws_rds, | ||
aws_lambda, | ||
aws_logs, | ||
aws_secretsmanager, | ||
CustomResource, | ||
Duration, | ||
Stack, | ||
RemovalPolicy, | ||
} from "aws-cdk-lib"; | ||
import { Construct } from "constructs"; | ||
|
||
function hasVpc( | ||
instance: aws_rds.DatabaseInstance | aws_rds.IDatabaseInstance | ||
): instance is aws_rds.DatabaseInstance { | ||
return (instance as aws_rds.DatabaseInstance).vpc !== undefined; | ||
} | ||
|
||
/** | ||
* Bootstraps a database instance, installing pgSTAC onto the database. | ||
*/ | ||
export class BootstrapPgStac extends Construct { | ||
secret: aws_secretsmanager.ISecret; | ||
|
||
constructor(scope: Construct, id: string, props: BootstrapPgStacProps) { | ||
super(scope, id); | ||
|
||
const handler = new aws_lambda.Function(this, "lambda", { | ||
handler: "handler.handler", | ||
runtime: aws_lambda.Runtime.PYTHON_3_8, | ||
code: aws_lambda.Code.fromDockerBuild(__dirname, { | ||
file: "runtime/Dockerfile", | ||
buildArgs: { PGSTAC_VERSION: props.pgstacVersion }, | ||
}), | ||
timeout: Duration.minutes(2), | ||
vpc: hasVpc(props.database) ? props.database.vpc : props.vpc, | ||
logRetention: aws_logs.RetentionDays.ONE_WEEK, | ||
}); | ||
|
||
this.secret = new aws_secretsmanager.Secret(this, "secret", { | ||
secretName: [ | ||
props.secretsPrefix || "pgstac", | ||
id, | ||
this.node.addr.slice(-8), | ||
].join("/"), | ||
generateSecretString: { | ||
secretStringTemplate: JSON.stringify({ | ||
dbname: props.pgstacDbName || "pgstac", | ||
engine: "postgres", | ||
port: 5432, | ||
host: props.database.instanceEndpoint.hostname, | ||
username: props.pgstacUsername || "pgstac_user", | ||
}), | ||
generateStringKey: "password", | ||
excludePunctuation: true, | ||
}, | ||
description: `PgSTAC database bootstrapped by ${ | ||
Stack.of(this).stackName | ||
}`, | ||
}); | ||
|
||
// Allow lambda to... | ||
// read new user secret | ||
this.secret.grantRead(handler); | ||
// read database secret | ||
props.dbSecret.grantRead(handler); | ||
// connect to database | ||
props.database.connections.allowFrom(handler, aws_ec2.Port.tcp(5432)); | ||
|
||
// this.connections = props.database.connections; | ||
new CustomResource(this, "bootstrapper", { | ||
serviceToken: handler.functionArn, | ||
properties: { | ||
// By setting pgstac_version in the properties assures | ||
// that Create/Update events will be passed to the service token | ||
pgstac_version: props.pgstacVersion, | ||
conn_secret_arn: props.dbSecret.secretArn, | ||
new_user_secret_arn: this.secret.secretArn, | ||
}, | ||
removalPolicy: RemovalPolicy.RETAIN, // This retains the custom resource (which doesn't really exist), not the database | ||
}); | ||
} | ||
} | ||
|
||
export interface BootstrapPgStacProps { | ||
/** | ||
* VPC in which the database resides. | ||
* | ||
* Note - Must be explicitely set if the `database` only conforms to the | ||
* `aws_rds.IDatabaseInstace` interface (ie it is a reference to a database instance | ||
* rather than a database instance.) | ||
* | ||
* @default - `vpc` property of the `database` instance provided. | ||
*/ | ||
readonly vpc?: aws_ec2.IVpc; | ||
|
||
/** | ||
* Database onto which pgSTAC should be installed. | ||
*/ | ||
readonly database: aws_rds.DatabaseInstance | aws_rds.IDatabaseInstance; | ||
|
||
/** | ||
* Secret containing valid connection details for the database instance. Secret must | ||
* conform to the format of CDK's `DatabaseInstance` (i.e. a JSON object containing a | ||
* `username`, `password`, `host`, `port`, and optionally a `dbname`). If a `dbname` | ||
* property is not specified within the secret, the bootstrapper will attempt to | ||
* connect to a database with the name of `"postgres"`. | ||
*/ | ||
readonly dbSecret: aws_secretsmanager.ISecret; | ||
|
||
/** | ||
* Name of database that is to be created and onto which pgSTAC will be installed. | ||
* | ||
* @default - "pgstac" | ||
*/ | ||
readonly pgstacDbName?: string; | ||
|
||
/** | ||
* Name of user that will be generated for connecting to the pgSTAC database. | ||
* | ||
* @default - "pgstac_user" | ||
*/ | ||
readonly pgstacUsername?: string; | ||
|
||
/** | ||
* pgSTAC version to be installed. | ||
*/ | ||
readonly pgstacVersion: string; | ||
|
||
/** | ||
* Prefix to assign to the generated `secrets_manager.Secret` | ||
* | ||
* @default - "pgstac" | ||
*/ | ||
readonly secretsPrefix: string; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
FROM lambci/lambda:build-python3.8 | ||
|
||
ARG PGSTAC_VERSION | ||
RUN echo "Using PGSTAC Version ${PGSTAC_VERSION}" | ||
|
||
WORKDIR /tmp | ||
|
||
RUN pip install requests psycopg[binary,pool] pypgstac==${PGSTAC_VERSION} -t /asset | ||
|
||
COPY runtime/handler.py /asset/handler.py | ||
|
||
# https://stackoverflow.com/a/61746719 | ||
# Tip from eoAPI: turns out, asyncio is part of python | ||
RUN rm -rf /asset/asyncio* |
Oops, something went wrong.