[LG-5520] chore: Add AWS CodeArtifact publishing (#3125)

* feat(scripts): add login script for AWS CodeArtifact authentication

* feat(release): update AWS CodeArtifact publishing workflow and npm configuration

* fix(settings): add CODEARTIFACT to cSpell words for spell checking

* add todo

* Update .github/workflows/release.yml

Co-authored-by: Copilot <[email protected]>

* Update .gitignore

---------

Co-authored-by: Copilot <[email protected]>

Author: TheSonOfThomp

.github/workflows/release.yml

@@ -160,14 +160,6 @@ jobs:
       - name: Install Dependencies
         run: pnpm install --frozen-lockfile --prefer-offline
 
-      - name: Updating .npmrc
-        run: |
-          cat << EOF > "$HOME/.npmrc"
-            //registry.npmjs.org/:_authToken=$NPM_TOKEN
-          EOF
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
       - uses: actions/cache/restore@v4
         name: Restore build cache
         id: build-cache
@@ -187,6 +179,14 @@ jobs:
             tools/*/stories.js
           key: ${{needs.build.outputs.cache-primary-key}}
 
+      - name: Updating .npmrc
+        run: |
+          cat << EOF > "$HOME/.npmrc"
+            //registry.npmjs.org/:_authToken=$NPM_TOKEN
+          EOF
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
       - name: Version packages
         id: changesets
         uses: changesets/action@v1
@@ -198,6 +198,61 @@ jobs:
           GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
           NPM_TOKEN: '${{ secrets.NPM_TOKEN }}'
 
+  release-aws:
+    name: Publish to AWS CodeArtifact
+    runs-on: ubuntu-latest
+    needs: [build, release]
+    if: ${{ needs.release.outputs.published == 'true' }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9.15.0
+
+      - name: Use Node 18
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+          cache: 'pnpm'
+          cache-dependency-path: 'pnpm-lock.yaml'
+
+      - name: Install Dependencies
+        run: pnpm install --frozen-lockfile --prefer-offline
+      
+      - uses: actions/cache/restore@v4
+        name: Restore build cache
+        id: build-cache
+        with:
+          path: |
+            charts/*/dist/*
+            charts/*/tsdoc.json
+            charts/*/stories.js
+            chat/*/dist/*
+            chat/*/tsdoc.json
+            chat/*/stories.js
+            packages/*/dist/*
+            packages/*/tsdoc.json
+            packages/*/stories.js
+            tools/*/dist/*
+            tools/*/tsdoc.json
+            tools/*/stories.js
+          key: ${{needs.build.outputs.cache-primary-key}}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_CODEARTIFACT_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to CodeArtifact
+        run: scripts/login-codeartifact.sh
+
+      - name: Publish to CodeArtifact
+        run: pnpm publish -r --no-git-checks
+
   notify:
     name: Notify Slack & Website
     runs-on: ubuntu-latest

.gitignore

@@ -29,6 +29,7 @@ ts-trace/
 
 # Environment variables
 .env
+.secrets
 
 # test coverage 
 coverage/
@@ -55,3 +56,4 @@ TODO.md
 # PR train config (https://github.com/realyze/pr-train)
 .pr-train.yml
 migration-storybook.log
+

.vscode/settings.json

@@ -14,7 +14,11 @@
   "eslint.runtime": "node",
   "eslint.workingDirectories": ["./"],
   "typescript.preferences.importModuleSpecifier": "project-relative",
-  "cSpell.words": ["leafygreen", "svgrrc"],
+  "cSpell.words": [
+    "CODEARTIFACT",
+    "leafygreen",
+    "svgrrc"
+  ],
   "workbench.editorAssociations": {
     "*.svg": "default"
   },

scripts/login-codeartifact.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+# Based on https://docs.aws.amazon.com/codeartifact/latest/ug/npm-auth.html#configuring-npm-without-using-the-login-command
+
+# TODO: Create a shared script for lg-private
+
+# Declare our scope, domain, and repository
+DOMAIN="mongodb"
+REPOSITORY="leafygreen-ui"
+# Define our scopes
+SCOPES=(
+  "@leafygreen-ui"
+  "@lg-charts"
+  "@lg-chat" 
+  "@lg-tools"
+)
+
+# Check if aws command is available
+if ! command -v aws &> /dev/null; then
+  echo "Error: aws CLI is not installed or not in PATH"
+  exit 1
+fi
+
+echo "Logging into CodeArtifact repository $REPOSITORY..."
+
+CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain $DOMAIN --query authorizationToken --output text`
+
+# Check if the token retrieval was successful
+if [ -z "$CODEARTIFACT_AUTH_TOKEN" ] || [ "$CODEARTIFACT_AUTH_TOKEN" == "None" ]; then
+  echo "\nFailed to retrieve authorization token from AWS"
+  echo "Ensure that your AWS profile is configured correctly in ~/.aws/config (and has access to CodeArtifact)"
+  echo "Login to AWS in OKTA to get your current credentials: https://corp.mongodb.com/"
+  exit 1
+fi
+
+# Get the endpoint data, and extract the repository URL from the JSON output
+CODEARTIFACT_ENDPOINT_JSON=`aws codeartifact get-repository-endpoint --domain $DOMAIN --repository $REPOSITORY --format npm`
+CODEARTIFACT_REGISTRY=$(echo $CODEARTIFACT_ENDPOINT_JSON | jq -r '.repositoryEndpoint')
+
+# Check if jq extraction was successful
+if [ -z "$CODEARTIFACT_REGISTRY" ] || [ "$CODEARTIFACT_REGISTRY" == "null" ]; then
+  echo "Error: Failed to extract repository endpoint from AWS response"
+  exit 1
+fi
+
+# Remove the https:// prefix from the endpoint URL for npm config
+CODEARTIFACT_REGISTRY_URI=$(echo $CODEARTIFACT_REGISTRY | sed 's|^https:||')
+
+echo "CodeArtifact Endpoint: $CODEARTIFACT_REGISTRY"
+
+# Update the user's global npm config (~/.npmrc) with the new registry and auth token
+
+# Configure each scope to use our CodeArtifact registry
+for SCOPE in "${SCOPES[@]}"; do
+  echo "Configuring $SCOPE to use CodeArtifact registry..."
+  npm config set "${SCOPE}:registry" $CODEARTIFACT_REGISTRY
+done
+
+npm config set $CODEARTIFACT_REGISTRY_URI:_authToken=$CODEARTIFACT_AUTH_TOKEN
+echo "Updated global ~/.npmrc"
+
+# Verify by pinging the registry
+npm -d ping --registry=$CODEARTIFACT_REGISTRY
+
+echo "✅ Successfully logged into CodeArtifact repository"