-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinfra.ts
More file actions
75 lines (67 loc) · 1.79 KB
/
infra.ts
File metadata and controls
75 lines (67 loc) · 1.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";
import * as saws from "@stackattack/aws";
export default () => {
const ctx = saws.context();
const config = new pulumi.Config();
const dnsName = config.require("dns-name");
const docsDnsName = config.require("docs-dns-name");
const demoBucket = saws.bucket(ctx.prefix("demo"), {
paths: [
"dist/demo",
"dist/chrome.zip",
"dist/firefox.zip",
"dist/firefox-mv2.zip",
],
});
saws.staticSite(ctx.prefix("demo"), {
bucket: demoBucket,
domain: dnsName,
adapter: {
index: "demo-history.html",
defaultHeaders: {
"Cross-Origin-Opener-Policy": "same-origin",
"Cross-Origin-Embedder-Policy": "require-corp",
},
},
});
const docsBucket = saws.bucket(ctx.prefix("docs"), {
paths: ["dist/docs/html"],
});
saws.staticSite(ctx.prefix("docs"), {
bucket: docsBucket,
domain: docsDnsName,
adapter: {
index: "index.html",
},
});
const githubRole = saws.githubRole(ctx, {
repo: "cfeenstra67/egghead",
policy: aws.iam.getPolicyDocumentOutput({
statements: [
{
actions: ["iam", "s3", "acm", "route53", "cloudfront"].flatMap(
(service) => [
`${service}:Get*`,
`${service}:List*`,
`${service}:Describe*`,
],
),
resources: ["*"],
},
{
actions: ["s3:PutObject*", "s3:DeleteObject"],
resources: [demoBucket.arn, docsBucket.arn].flatMap((arn) => [
arn,
pulumi.interpolate`${arn}/*`,
]),
},
],
}).json,
});
return {
demoUrl: `https://${dnsName}`,
docsUrl: `https://${docsDnsName}`,
githubRoleArn: githubRole.arn,
};
};