feat: add upload to s3

deyton · deyton · commit 3928772ae645 · 2025-05-23T09:54:11.000-07:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: write
+  id-token: write
 
 jobs:
   install-dependencies:
@@ -103,7 +104,7 @@ jobs:
 
   publish:
     name: Publish to npm
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    # if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     needs: [install-dependencies, check-prettier, run-cypress, check-types]
     runs-on: ubuntu-latest
     steps:
@@ -123,7 +124,24 @@ jobs:
      - name: Build the package
        run: npm run build
      - name: Run semantic release bot
-       run: npx semantic-release
+       run: npx semantic-release --dry-run
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+     - name: Configure AWS credentials
+       uses: aws-actions/configure-aws-credentials@v4
+       with:
+         role-to-assume: arn:aws:iam::457031429343:role/github-actions-browser-sdk-role
+         aws-region: us-east-1
+     - name: Upload to S3 with versioning
+       run: |
+         # Create version directory based on package version
+         VERSION=$(node -p "require('./package.json').version")
+         # Upload to versioned path
+         aws s3 cp static/cdn.js s3://tbx-assets/browser-sdk/$VERSION/cdn.js --acl public-read
+         # Create a redirect object for "latest" that points to the versioned file
+         aws s3api put-object \
+           --bucket tbx-assets \
+           --key browser-sdk/latest/cdn.js \
+           --website-redirect-location /browser-sdk/$VERSION/cdn.js \
+           --acl public-read
diff --git a/terraform/.gitignore b/terraform/.gitignore
@@ -0,0 +1,2 @@
+.terraform/
+*.tfplan
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,68 @@
+provider "aws" {
+  alias   = "testbox-root"
+  region  = "us-east-1"
+  default_tags {
+    tags = {
+      terraform = "true"
+    }
+  }
+}
+
+terraform {
+  backend "s3" {
+    bucket  = "tbx-terraform"
+    key     = "browser-sdk.tfstate"
+    region  = "us-west-2"
+  }
+}
+
+resource "aws_iam_role" "github_actions_role" {
+  name = "github-actions-${var.repo_name}-role"
+  
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRoleWithWebIdentity"
+        Effect = "Allow"
+        Principal = {
+          Federated = "arn:aws:iam::${var.aws_account_id}:oidc-provider/token.actions.githubusercontent.com"
+        }
+        Condition = {
+          StringEquals = {
+            "token.actions.githubusercontent.com:aud" = "sts.amazonaws.com",
+            "token.actions.githubusercontent.com:sub" = "repo:${var.github_org}/${var.repo_name}:ref:refs/heads/main"
+          }
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_policy" "s3_deploy_policy" {
+  name        = "s3-deploy-${var.repo_name}-policy"
+  description = "Policy to allow uploading to specific S3 bucket paths"
+  
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "s3:PutObject",
+          "s3:GetObject",
+          "s3:ListBucket"
+        ]
+        Effect = "Allow"
+        Resource = [
+          "arn:aws:s3:::${var.s3_bucket_name}",
+          "arn:aws:s3:::${var.s3_bucket_name}/*"
+        ]
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "s3_deploy_attachment" {
+  role       = aws_iam_role.github_actions_role.name
+  policy_arn = aws_iam_policy.s3_deploy_policy.arn
+} 
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -0,0 +1,9 @@
+output "github_actions_role_arn" {
+  description = "ARN of the IAM role for GitHub Actions"
+  value       = aws_iam_role.github_actions_role.arn
+}
+
+output "s3_deploy_policy_arn" {
+  description = "ARN of the S3 deployment policy"
+  value       = aws_iam_policy.s3_deploy_policy.arn
+} 
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -0,0 +1,29 @@
+variable "aws_region" {
+  description = "AWS region where resources will be created"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "aws_account_id" {
+  description = "AWS account ID"
+  type        = string
+  default     = "457031429343"
+}
+
+variable "github_org" {
+  description = "GitHub organization name"
+  type        = string
+  default     = "TestBoxLab"
+}
+
+variable "repo_name" {
+  description = "GitHub repository name"
+  type        = string
+  default     = "browser-sdk"
+}
+
+variable "s3_bucket_name" {
+  description = "S3 bucket name where files will be uploaded"
+  type        = string
+  default     = "tbx-assets"
+} 
