developmentseed
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 4 additions & 0 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/distribute.yaml‎
Lines changed: 99 additions & 0 deletions b/‎.github/workflows/distribute.yaml‎
Lines changed: 99 additions & 0 deletions
diff --git a/‎.github/workflows/test.yaml‎
Lines changed: 71 additions & 0 deletions b/‎.github/workflows/test.yaml‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 0 deletions b/‎.gitignore‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.npmignore‎
Lines changed: 15 additions & 0 deletions b/‎.npmignore‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎.nvmrc‎
Lines changed: 1 addition & 0 deletions b/‎.nvmrc‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CHANGELOG.md‎ b/‎CHANGELOG.md‎
diff --git a/‎README.md‎
Lines changed: 12 additions & 0 deletions b/‎README.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎lib/bootstrap-pgstac/index.ts‎
Lines changed: 137 additions & 0 deletions b/‎lib/bootstrap-pgstac/index.ts‎
Lines changed: 137 additions & 0 deletions
diff --git a/‎lib/bootstrap-pgstac/runtime/Dockerfile‎
Lines changed: 14 additions & 0 deletions b/‎lib/bootstrap-pgstac/runtime/Dockerfile‎
Lines changed: 14 additions & 0 deletions
@@ -0,0 +1,4 @@
+{
+    "name": "VS Code DEV Container for AWS CDK development",
+    "image": "jsii/superchain:1-buster-slim-node16"
+}
@@ -0,0 +1,99 @@
+name: Distribute
+
+on:
+  release:
+    types:
+      - released
+
+jobs:
+  package:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache: "npm"
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Compile project
+        run: npm run build
+
+      - name: Generate distribution packages
+        run: npm run package
+
+      - name: Generate documentation
+        run: npm run docgen
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: docs
+          path: docs
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: python
+          path: dist/python/*
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: js
+          path: dist/js/*
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: jsii
+          path: .jsii
+
+  update-docs:
+    runs-on: ubuntu-latest
+    needs: package
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: docs
+
+      - name: Deploy 🚀
+        uses: JamesIves/github-pages-deploy-action@v4
+        with:
+          folder: docs
+
+  distribute-python:
+    runs-on: ubuntu-latest
+    needs: package
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: python
+          path: dist
+
+      - run: pip install twine
+
+      - run: twine upload dist/*
+        env:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+
+  distribute-js:
+    runs-on: ubuntu-latest
+    needs: package
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: js
+          path: dist
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          registry-url: 'https://registry.npmjs.org'
+
+      - run: npm publish dist/*
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -0,0 +1,71 @@
+name: Test & Build
+
+on:
+  push:
+
+jobs:
+  test-build:
+    runs-on: ubuntu-latest
+    steps:
+      # To make git commits made by semantic-release be made to our bot and not
+      # "github-actions" user which doesn't trigger other Action Workflows.
+      # https://github.com/semantic-release/semantic-release/discussions/1906#discussioncomment-656651
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          cache: "npm"
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Compile project
+        run: npm run build
+
+      - name: Generate distribution packages
+        run: npm run package
+
+      - name: Generate documentation
+        run: npm run docgen
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: docs
+          path: |
+            docs
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: python
+          path: |
+            dist/python/*
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: js
+          path: |
+            dist/js/*
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: jsii
+          path: |
+            .jsii
+
+      - name: Get Release Bot Token
+        id: get-token
+        uses: getsentry/action-github-app-token@v1
+        with:
+          app_id: ${{ secrets.DS_RELEASE_BOT_ID }}
+          private_key: ${{ secrets.DS_RELEASE_BOT_PRIVATE_KEY }}
+
+      - name: Maybe Release 🚀
+        if: github.ref == 'refs/heads/main'
+        run: |
+          npm run semantic-release
+        env:
+          GITHUB_TOKEN: ${{ steps.get-token.outputs.token }}
@@ -0,0 +1,7 @@
+node_modules/
+tsconfig.*
+lib/**/*.js
+lib/**/*.d.ts
+.jsii
+dist
+docs
@@ -0,0 +1,15 @@
+
+# Exclude typescript source and config
+*.ts
+tsconfig.json
+
+# Include javascript files and typescript declarations
+!*.js
+!*.d.ts
+
+# Exclude jsii outdir
+dist
+
+# Include .jsii and .jsii.gz
+!.jsii
+!.jsii.gz
@@ -0,0 +1 @@
+18
@@ -0,0 +1,12 @@
+# pgSTAC CDK construct
+
+## Published Packages
+
+- https://pypi.org/project/cdk-seed.pgstac-cdk-construct/
+- https://www.npmjs.com/package/pgstac-cdk-construct
+
+## Release
+
+Versioning is automatically handled via [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and [Semantic Release](https://semantic-release.gitbook.io/semantic-release/).
+
+A warning: If you rebase `main`, you must ensure that the commits referenced by tags point to commits that are within the `main` branch. If a commit references a commit that is no longer on the `main` branch, Semantic Release will fail to detect the correct version of the project. [More information](https://github.com/semantic-release/semantic-release/issues/1121#issuecomment-517945233).
@@ -0,0 +1,137 @@
+import {
+  aws_ec2,
+  aws_rds,
+  aws_lambda,
+  aws_logs,
+  aws_secretsmanager,
+  CustomResource,
+  Duration,
+  Stack,
+  RemovalPolicy,
+} from "aws-cdk-lib";
+import { Construct } from "constructs";
+
+function hasVpc(
+  instance: aws_rds.DatabaseInstance | aws_rds.IDatabaseInstance
+): instance is aws_rds.DatabaseInstance {
+  return (instance as aws_rds.DatabaseInstance).vpc !== undefined;
+}
+
+/**
+ * Bootstraps a database instance, installing pgSTAC onto the database.
+ */
+export class BootstrapPgStac extends Construct {
+  secret: aws_secretsmanager.ISecret;
+
+  constructor(scope: Construct, id: string, props: BootstrapPgStacProps) {
+    super(scope, id);
+
+    const handler = new aws_lambda.Function(this, "lambda", {
+      handler: "handler.handler",
+      runtime: aws_lambda.Runtime.PYTHON_3_8,
+      code: aws_lambda.Code.fromDockerBuild(__dirname, {
+        file: "runtime/Dockerfile",
+        buildArgs: { PGSTAC_VERSION: props.pgstacVersion },
+      }),
+      timeout: Duration.minutes(2),
+      vpc: hasVpc(props.database) ? props.database.vpc : props.vpc,
+      logRetention: aws_logs.RetentionDays.ONE_WEEK,
+    });
+
+    this.secret = new aws_secretsmanager.Secret(this, "secret", {
+      secretName: [
+        props.secretsPrefix || "pgstac",
+        id,
+        this.node.addr.slice(-8),
+      ].join("/"),
+      generateSecretString: {
+        secretStringTemplate: JSON.stringify({
+          dbname: props.pgstacDbName || "pgstac",
+          engine: "postgres",
+          port: 5432,
+          host: props.database.instanceEndpoint.hostname,
+          username: props.pgstacUsername || "pgstac_user",
+        }),
+        generateStringKey: "password",
+        excludePunctuation: true,
+      },
+      description: `PgSTAC database bootstrapped by ${
+        Stack.of(this).stackName
+      }`,
+    });
+
+    // Allow lambda to...
+    // read new user secret
+    this.secret.grantRead(handler);
+    // read database secret
+    props.dbSecret.grantRead(handler);
+    // connect to database
+    props.database.connections.allowFrom(handler, aws_ec2.Port.tcp(5432));
+
+    // this.connections = props.database.connections;
+    new CustomResource(this, "bootstrapper", {
+      serviceToken: handler.functionArn,
+      properties: {
+        // By setting pgstac_version in the properties assures
+        // that Create/Update events will be passed to the service token
+        pgstac_version: props.pgstacVersion,
+        conn_secret_arn: props.dbSecret.secretArn,
+        new_user_secret_arn: this.secret.secretArn,
+      },
+      removalPolicy: RemovalPolicy.RETAIN, // This retains the custom resource (which doesn't really exist), not the database
+    });
+  }
+}
+
+export interface BootstrapPgStacProps {
+  /**
+   * VPC in which the database resides.
+   *
+   * Note - Must be explicitely set if the `database` only conforms to the
+   * `aws_rds.IDatabaseInstace` interface (ie it is a reference to a database instance
+   * rather than a database instance.)
+   *
+   * @default - `vpc` property of the `database` instance provided.
+   */
+  readonly vpc?: aws_ec2.IVpc;
+
+  /**
+   * Database onto which pgSTAC should be installed.
+   */
+  readonly database: aws_rds.DatabaseInstance | aws_rds.IDatabaseInstance;
+
+  /**
+   * Secret containing valid connection details for the database instance. Secret must
+   * conform to the format of CDK's `DatabaseInstance` (i.e. a JSON object containing a
+   * `username`, `password`, `host`, `port`, and optionally a `dbname`). If a `dbname`
+   * property is not specified within the secret, the bootstrapper will attempt to
+   * connect to a database with the name of `"postgres"`.
+   */
+  readonly dbSecret: aws_secretsmanager.ISecret;
+
+  /**
+   * Name of database that is to be created and onto which pgSTAC will be installed.
+   *
+   * @default - "pgstac"
+   */
+  readonly pgstacDbName?: string;
+
+  /**
+   * Name of user that will be generated for connecting to the pgSTAC database.
+   *
+   * @default - "pgstac_user"
+   */
+  readonly pgstacUsername?: string;
+
+  /**
+   * pgSTAC version to be installed.
+   */
+  readonly pgstacVersion: string;
+
+  /**
+   * Prefix to assign to the generated `secrets_manager.Secret`
+   *
+   * @default - "pgstac"
+   */
+  readonly secretsPrefix: string;
+}
@@ -0,0 +1,14 @@
+FROM lambci/lambda:build-python3.8
+
+ARG PGSTAC_VERSION
+RUN echo "Using PGSTAC Version ${PGSTAC_VERSION}"
+
+WORKDIR /tmp
+
+RUN pip install requests psycopg[binary,pool] pypgstac==${PGSTAC_VERSION} -t /asset
+
+COPY runtime/handler.py /asset/handler.py
+
+# https://stackoverflow.com/a/61746719
+# Tip from eoAPI: turns out, asyncio is part of python
+RUN rm -rf /asset/asyncio*
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +    "name": "VS Code DEV Container for AWS CDK development",
 +    "image": "jsii/superchain:1-buster-slim-node16"
 +}