Merge pull request #1 from umccr/feat/add-role

feat: refactor deployment and add additional props
umccr · Dec 6, 2024 · 980564a · 980564a
2 parents 367617d + 3b456e2
commit 980564a
Show file tree

Hide file tree

Showing 23 changed files with 945 additions and 665 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,20 @@
+name: build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: "pnpm"
+      - run: pnpm install
+      - run: pnpm run build
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,22 @@
+name: release
+
+on:
+  release:
+    types: [released]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: "pnpm"
+          registry-url: "https://registry.npmjs.org"
+      - run: pnpm install
+      - run: pnpm run build
+      - run: pnpm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.HTSGET_RS_DEPLOY_PUBLISH_TOKEN }}
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,9 @@
 node_modules
 .DS_Store
 volume
-package-lock.json
 .build
 cdk.context.json
 cdk.out
+*.js
+*.d.ts
+dist
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,18 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: detect-private-key
+      - id: no-commit-to-branch
+        args: [--branch, main]
+      - id: check-yaml
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: pretty-format-json
+        args: ["--autofix"]
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
diff --git a/.prettierignore b/.prettierignore
@@ -0,0 +1 @@
+**/*.md
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,133 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    },
+    {
+      "path": "detect_secrets.filters.regex.should_exclude_file",
+      "pattern": [
+        "pnpm-lock.yaml"
+      ]
+    }
+  ],
+  "results": {},
+  "generated_at": "2024-12-05T23:39:24Z"
+}
diff --git a/DEPLOY.md b/DEPLOY.md
@@ -75,7 +75,7 @@ npm install
 
 ### Deploy to AWS
 
-> [!IMPORTANT]  
+> [!IMPORTANT]
 > The default deployment is designed to work out of the box. A bucket with a CDK-generated name is created with test
 > data from the [`data`][data] directory. All deployment settings can be tweaked using the [`settings.ts`][htsget-settings].
 > The only option that must be specified in the `domain`, which determines the domain name to serve htsget-rs at.
@@ -92,7 +92,7 @@ Then to deploy the stack, run:
 npx cdk deploy
 ```
 
-> [!WARNING]  
+> [!WARNING]
 > By default this deployment will create a public instance of htsget-rs. Anyone will be able to query the server
 > without authorizing unless you modify the `HtsgetJwtAuthSettings` settings.
 
@@ -190,4 +190,4 @@ and a [MinIO][minio] deployment.
 [rust]: https://www.rust-lang.org/tools/install
 [zig]: https://ziglang.org/
 [zig-getting-started]: https://ziglang.org/learn/getting-started/
-[data]: ../data
+[data]: ../data
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,23 @@
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
@@ -40,4 +40,4 @@ Should return a response similar to the following one (some fields elided for br
 }
 ```
 
-Please note that the example above assumes a publicly accessible endpoint. If you have an authz'd deployment, please use `-H "Authorization: $JWT_TOKEN"` flags added to your `curl` command.
+Please note that the example above assumes a publicly accessible endpoint. If you have an authz'd deployment, please use `-H "Authorization: $JWT_TOKEN"` flags added to your `curl` command.
diff --git a/bin/htsget-lambda.js b/bin/htsget-lambda.js
diff --git a/bin/htsget-lambda.ts b/bin/htsget-lambda.ts
@@ -1,32 +1,32 @@
-import * as cdk from 'aws-cdk-lib';
-import { Construct } from 'constructs';
+import * as cdk from "aws-cdk-lib";
+import { Construct } from "constructs";
 import { HtsgetLambdaConstruct } from "../lib/htsget-lambda-construct";
-import { SETTINGS } from "../bin/settings"
-import { HtsgetStatefulSettings } from "../lib/htsget-lambda-construct"
-import { HtsgetStatelessSettings } from "../lib/htsget-lambda-construct"
+import { SETTINGS } from "../bin/settings";
+import { HtsgetStatefulSettings } from "../lib/htsget-lambda-construct";
+import { HtsgetStatelessSettings } from "../lib/htsget-lambda-construct";
 
 export class HtsgetTestStack extends cdk.Stack {
-  constructor(scope: Construct, id: string, settings: HtsgetStatefulSettings & HtsgetStatelessSettings, props?: cdk.StackProps) {
+  constructor(
+    scope: Construct,
+    id: string,
+    settings: HtsgetStatefulSettings & HtsgetStatelessSettings,
+    props?: cdk.StackProps,
+  ) {
     super(scope, id, props);
 
-    new HtsgetLambdaConstruct(this, 'Htsget-rs', SETTINGS);
+    new HtsgetLambdaConstruct(this, "Htsget-rs", SETTINGS);
   }
 }
 
 const app = new cdk.App();
-new HtsgetTestStack(
-  app,
-  "HtsgetTestStack",
-  SETTINGS,
-  {
-    stackName: "HtsgetTestStack",
-    description: "HtsgetTestStack",
-    tags: {
-      Stack: "HtsgetTestStack",
-    },
-    env: {
-      account: process.env.CDK_DEFAULT_ACCOUNT,
-      region: process.env.CDK_DEFAULT_REGION,
-    },
+new HtsgetTestStack(app, "HtsgetTestStack", SETTINGS, {
+  stackName: "HtsgetTestStack",
+  description: "HtsgetTestStack",
+  tags: {
+    Stack: "HtsgetTestStack",
   },
-);
+  env: {
+    account: process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_DEFAULT_REGION,
+  },
+});
diff --git a/bin/settings.js b/bin/settings.js
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     ```
-    Please note that the example above assumes a publicly accessible endpoint. If you have an authz'd deployment, please use `-H "Authorization: $JWT_TOKEN"` flags added to your `curl` command.
+    Please note that the example above assumes a publicly accessible endpoint. If you have an authz'd deployment, please use `-H "Authorization: $JWT_TOKEN"` flags added to your `curl` command.