Changed the scope packages to use code artifact options

Co-authored-by: Charlie Hart <charlie.hart@mondo.com.au> Co-authored-by: Kevin <MondoKevin@users.noreply.github.com>
projen · mergify · Apr 12, 2022 · Dec 16, 2021 · Mar 15, 2022 · Mar 15, 2022
commit 29cefc2f93000fff36ca52981715fca7a1d7f1e2
diff --git a/docs/api/API.md b/docs/api/API.md
@@ -297,14 +297,12 @@ Name|Description
 [javascript.NodePackageOptions](#projen-javascript-nodepackageoptions)|*No description*
 [javascript.NodeProjectOptions](#projen-javascript-nodeprojectoptions)|*No description*
 [javascript.NpmConfigOptions](#projen-javascript-npmconfigoptions)|Options to configure the local NPM config.
-[javascript.ParsedScopedPackagesOptions](#projen-javascript-parsedscopedpackagesoptions)|*No description*
 [javascript.PeerDependencyOptions](#projen-javascript-peerdependencyoptions)|*No description*
 [javascript.PrettierOptions](#projen-javascript-prettieroptions)|Options for Prettier.
 [javascript.PrettierOverride](#projen-javascript-prettieroverride)|*No description*
 [javascript.PrettierSettings](#projen-javascript-prettiersettings)|Options to set in Prettier directly or through overrides.
 [javascript.ProjenrcOptions](#projen-javascript-projenrcoptions)|*No description*
 [javascript.RenderWorkflowSetupOptions](#projen-javascript-renderworkflowsetupoptions)|Options for `renderInstallSteps()`.
-[javascript.ScopedPackagesBaseOptions](#projen-javascript-scopedpackagesbaseoptions)|Options for scoped packages.
 [javascript.ScopedPackagesOptions](#projen-javascript-scopedpackagesoptions)|Options for scoped packages.
 [javascript.TypeScriptCompilerOptions](#projen-javascript-typescriptcompileroptions)|*No description*
 [javascript.TypescriptConfigOptions](#projen-javascript-typescriptconfigoptions)|*No description*
@@ -8320,7 +8318,7 @@ Name | Type | Description
 **maxNodeVersion**?🔹 | <code>string</code> | Maximum node version required by this pacakge.<br/>__*Default*__: no maximum.
 **minNodeVersion**?🔹 | <code>string</code> | Minimum node.js version required by this package.<br/>__*Default*__: no minimum
 **npmTokenSecret**?🔹 | <code>string</code> | GitHub secret which contains the NPM token to use when publishing packages.<br/>__*Optional*__
-**scopedPackagesOptions**?🔹 | <code>Array<[javascript.ParsedScopedPackagesOptions](#projen-javascript-parsedscopedpackagesoptions)></code> | Options for privately hosted scoped packages.<br/>__*Default*__: undefined
+**scopedPackagesOptions**?🔹 | <code>Array<[javascript.ScopedPackagesOptions](#projen-javascript-scopedpackagesoptions)></code> | Options for privately hosted scoped packages.<br/>__*Default*__: undefined
 
 ### Methods
 
@@ -20175,23 +20173,6 @@ Name | Type | Description
 
 
 
-## struct ParsedScopedPackagesOptions 🔹 <a id="projen-javascript-parsedscopedpackagesoptions"></a>
-
-
-
-
-
-
-Name | Type | Description 
------|------|-------------
-**accessKeyIdSecret**🔹 | <code>string</code> | GitHub secret which contains the AWS access key ID to use when publishing packages to AWS CodeArtifact.
-**registryUrl**🔹 | <code>string</code> | Url of the registry for scoped packages.
-**scope**🔹 | <code>string</code> | scope of the packages.
-**secretAccessKeySecret**🔹 | <code>string</code> | GitHub secret which contains the AWS secret access key to use when publishing packages to AWS CodeArtifact.
-**roleToAssume**?🔹 | <code>string</code> | ARN of AWS role to be assumed prior to get authorization token from AWS CodeArtifact This property must be specified only when publishing to AWS CodeArtifact (`registry` contains AWS CodeArtifact URL).<br/>__*Default*__: undefined
-
-
-
 ## struct PeerDependencyOptions 🔹 <a id="projen-javascript-peerdependencyoptions"></a>
 
 
@@ -20298,20 +20279,6 @@ Name | Type | Description
 
 
 
-## struct ScopedPackagesBaseOptions 🔹 <a id="projen-javascript-scopedpackagesbaseoptions"></a>
-
-
-Options for scoped packages.
-
-
-
-Name | Type | Description 
------|------|-------------
-**registryUrl**🔹 | <code>string</code> | Url of the registry for scoped packages.
-**scope**🔹 | <code>string</code> | scope of the packages.
-
-
-
 ## struct ScopedPackagesOptions 🔹 <a id="projen-javascript-scopedpackagesoptions"></a>
 
 
@@ -20323,9 +20290,6 @@ Name | Type | Description
 -----|------|-------------
 **registryUrl**🔹 | <code>string</code> | Url of the registry for scoped packages.
 **scope**🔹 | <code>string</code> | scope of the packages.
-**accessKeyIdSecret**?🔹 | <code>string</code> | GitHub secret which contains the AWS access key ID to use when publishing packages to AWS CodeArtifact.<br/>__*Default*__: "AWS_ACCESS_KEY_ID"
-**roleToAssume**?🔹 | <code>string</code> | ARN of AWS role to be assumed prior to get authorization token from AWS CodeArtifact This property must be specified only when publishing to AWS CodeArtifact (`registry` contains AWS CodeArtifact URL).<br/>__*Default*__: undefined
-**secretAccessKeySecret**?🔹 | <code>string</code> | GitHub secret which contains the AWS secret access key to use when publishing packages to AWS CodeArtifact.<br/>__*Default*__: "AWS_SECRET_ACCESS_KEY"
 
 
 

diff --git a/src/javascript/node-package.ts b/src/javascript/node-package.ts
@@ -17,6 +17,7 @@ import { Project } from "../project";
 import { isAwsCodeArtifactRegistry } from "../release";
 import { Task } from "../task";
 import { exec, isTruthy, sorted, writeFile } from "../util";
+import { extractCodeArtifactDetails } from "./util";
 
 const UNLICENSED = "UNLICENSED";
 const DEFAULT_NPM_REGISTRY_URL = "https://registry.npmjs.org/";
@@ -324,7 +325,7 @@ export interface CodeArtifactOptions {
 /**
  * Options for scoped packages
  */
-export interface ScopedPackagesBaseOptions {
+export interface ScopedPackagesOptions {
   /**
    * scope of the packages
    *
@@ -338,39 +339,6 @@ export interface ScopedPackagesBaseOptions {
   readonly registryUrl: string;
 }
 
-/**
- * Options for scoped packages
- */
-export interface ScopedPackagesOptions
-  extends ScopedPackagesBaseOptions,
-    CodeArtifactOptions {}
-
-export interface ParsedScopedPackagesOptions extends ScopedPackagesBaseOptions {
-  /**
-   * GitHub secret which contains the AWS access key ID to use when publishing packages to AWS CodeArtifact.
-   * This property must be specified only when publishing to AWS CodeArtifact (`npmRegistryUrl` contains AWS CodeArtifact URL).
-   *
-   * @default "AWS_ACCESS_KEY_ID"
-   */
-  readonly accessKeyIdSecret: string;
-
-  /**
-   * GitHub secret which contains the AWS secret access key to use when publishing packages to AWS CodeArtifact.
-   * This property must be specified only when publishing to AWS CodeArtifact (`npmRegistryUrl` contains AWS CodeArtifact URL).
-   *
-   * @default "AWS_SECRET_ACCESS_KEY"
-   */
-  readonly secretAccessKeySecret: string;
-
-  /**
-   * ARN of AWS role to be assumed prior to get authorization token from AWS CodeArtifact
-   * This property must be specified only when publishing to AWS CodeArtifact (`registry` contains AWS CodeArtifact URL).
-   *
-   * @default undefined
-   */
-  readonly roleToAssume?: string;
-}
-
 /**
  * Represents the npm `package.json` file.
  */
@@ -444,7 +412,7 @@ export class NodePackage extends Component {
    *
    * @default undefined
    */
-  readonly scopedPackagesOptions?: ParsedScopedPackagesOptions[];
+  readonly scopedPackagesOptions?: ScopedPackagesOptions[];
 
   /**
    * npm package access level.
@@ -495,6 +463,8 @@ export class NodePackage extends Component {
 
     this.processDeps(options);
 
+    this.addCodeArtifactLoginScript();
+
     const prev = this.readPackageJson() ?? {};
 
     // empty objects are here to preserve order for backwards compatibility
@@ -858,6 +828,10 @@ export class NodePackage extends Component {
     }
 
     const isAwsCodeArtifact = isAwsCodeArtifactRegistry(npmRegistryUrl);
+    const hasScopedPackage =
+      options.scopedPackagesOptions &&
+      options.scopedPackagesOptions.length !== 0;
+
     if (isAwsCodeArtifact) {
       if (options.npmTokenSecret) {
         throw new Error(
@@ -866,19 +840,20 @@ export class NodePackage extends Component {
       }
     } else {
       if (
-        options.codeArtifactOptions?.accessKeyIdSecret ||
-        options.codeArtifactOptions?.secretAccessKeySecret ||
-        options.codeArtifactOptions?.roleToAssume
+        (options.codeArtifactOptions?.accessKeyIdSecret ||
+          options.codeArtifactOptions?.secretAccessKeySecret ||
+          options.codeArtifactOptions?.roleToAssume) &&
+        !hasScopedPackage
       ) {
         throw new Error(
-          "codeArtifactOptions must only be specified when publishing AWS CodeArtifact."
+          "codeArtifactOptions must only be specified when publishing AWS CodeArtifact or used in scoped packages."
         );
       }
     }
 
     // apply defaults for AWS CodeArtifact
     let codeArtifactOptions: CodeArtifactOptions | undefined;
-    if (isAwsCodeArtifact) {
+    if (isAwsCodeArtifact || hasScopedPackage) {
       codeArtifactOptions = {
         accessKeyIdSecret:
           options.codeArtifactOptions?.accessKeyIdSecret ?? "AWS_ACCESS_KEY_ID",
@@ -903,12 +878,12 @@ export class NodePackage extends Component {
 
   private parseScopedPackagesOptions(
     scopedPackagesOptions?: ScopedPackagesOptions[]
-  ): ParsedScopedPackagesOptions[] {
+  ): ScopedPackagesOptions[] | undefined {
     if (!scopedPackagesOptions) {
-      return [];
+      return undefined;
     }
 
-    return scopedPackagesOptions.map((option): ParsedScopedPackagesOptions => {
+    return scopedPackagesOptions.map((option): ScopedPackagesOptions => {
       if (!isScoped(option.scope)) {
         throw new Error(
           `Scope must start with "@" in options, found ${option.scope}`
@@ -921,19 +896,41 @@ export class NodePackage extends Component {
         );
       }
 
-      const result: ParsedScopedPackagesOptions = {
+      const result: ScopedPackagesOptions = {
         registryUrl: option.registryUrl,
         scope: option.scope,
-        accessKeyIdSecret: option.accessKeyIdSecret ?? "AWS_ACCESS_KEY_ID",
-        secretAccessKeySecret:
-          option.secretAccessKeySecret ?? "AWS_SECRET_ACCESS_KEY",
-        roleToAssume: option.roleToAssume,
       };
 
       return result;
     });
   }
 
+  private addCodeArtifactLoginScript() {
+    if (
+      !this.scopedPackagesOptions ||
+      this.scopedPackagesOptions.length === 0
+    ) {
+      return;
+    }
+
+    this.project.addTask("ca:login", {
+      requiredEnv: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"],
+      steps: this.scopedPackagesOptions.map((scopedPackagesOption) => {
+        const { registryUrl, scope } = scopedPackagesOption;
+        const { domain, repository } = extractCodeArtifactDetails(registryUrl);
+        const commands = [
+          `npm config set ${scope}:registry ${registryUrl}`,
+          `CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-repository-endpoint --domain ${domain} --repository ${repository})`,
+          `npm config set //${registryUrl}:_authToken=$CODEARTIFACT_AUTH_TOKEN`,
+          `npm config set //${registryUrl}:always-auth=true`,
+        ];
+        return {
+          exec: commands.join("; "),
+        };
+      }),
+    });
+  }
+
   private addNodeEngine() {
     if (!this.minNodeVersion && !this.maxNodeVersion) {
       return;