diff --git a/.evergreen.yml b/.evergreen.yml index 278feed0b..dc9c7cffb 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -4295,10 +4295,17 @@ functions: params: file: tmp/expansions.yaml redacted: true + - command: ec2.assume_role + params: + role_arn: "arn:aws:iam::119629040606:role/s3-access.cdn-origin-compass" - command: shell.exec params: working_dir: src shell: bash + env: + DOWNLOAD_CENTER_AWS_KEY_NEW: ${AWS_ACCESS_KEY_ID} + DOWNLOAD_CENTER_AWS_SECRET_NEW: ${AWS_SECRET_ACCESS_KEY} + DOWNLOAD_CENTER_AWS_SESSION_TOKEN_NEW: ${AWS_SESSION_TOKEN} script: | set -e { @@ -4362,6 +4369,9 @@ functions: params: file: tmp/expansions.yaml redacted: true + - command: ec2.assume_role + params: + role_arn: "arn:aws:iam::119629040606:role/s3-access.cdn-origin-compass" - command: shell.exec # silent: true params: @@ -4370,6 +4380,9 @@ functions: env: devtoolsbot_npm_token: ${devtoolsbot_npm_token} node_js_version: ${node_js_version} + DOWNLOAD_CENTER_AWS_KEY_NEW: ${AWS_ACCESS_KEY_ID} + DOWNLOAD_CENTER_AWS_SECRET_NEW: ${AWS_SECRET_ACCESS_KEY} + DOWNLOAD_CENTER_AWS_SESSION_TOKEN_NEW: ${AWS_SESSION_TOKEN} script: | set -e export PUPPETEER_SKIP_DOWNLOAD="true" diff --git a/.github/workflows/update-cta.yml b/.github/workflows/update-cta.yml index 369134d29..4225631a5 100644 --- a/.github/workflows/update-cta.yml +++ b/.github/workflows/update-cta.yml @@ -1,5 +1,8 @@ name: Update greeting CTA on: + pull_request: + branches: + - main push: branches: - main @@ -19,6 +22,7 @@ on: default: CTA-Production permissions: + id-token: write contents: read jobs: @@ -33,17 +37,25 @@ jobs: DOWNLOAD_CENTER_AWS_KEY: ${{ secrets.DOWNLOAD_CENTER_AWS_KEY }} DOWNLOAD_CENTER_AWS_SECRET: ${{ secrets.DOWNLOAD_CENTER_AWS_SECRET }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + # - uses: actions/checkout@v4 + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v4.1.0 with: - node-version: ^20.x - cache: "npm" - - - name: Install Dependencies and Compile + role-to-assume: arn:aws:iam::119629040606:role/s3-access.cdn-origin-compass + aws-region: us-east-1 + - name: Sts GetCallerIdentity run: | - npm ci - npm run compile + aws sts get-caller-identity + # - uses: actions/setup-node@v4 + # with: + # node-version: ^20.x + # cache: "npm" - - name: Update greeting CTA - run: | - npm run update-cta ${{ github.event.inputs.dry-run && '-- --dry-run' || '' }} + # - name: Install Dependencies and Compile + # run: | + # npm ci + # npm run compile + + # - name: Update greeting CTA + # run: | + # npm run update-cta ${{ github.event.inputs.dry-run && '-- --dry-run' || '' }} diff --git a/config/build.conf.js b/config/build.conf.js index a45ae8bf0..bdfd3d574 100644 --- a/config/build.conf.js +++ b/config/build.conf.js @@ -97,6 +97,9 @@ module.exports = { evgAwsSecret: process.env.AWS_SECRET, downloadCenterAwsKey: process.env.DOWNLOAD_CENTER_AWS_KEY, downloadCenterAwsSecret: process.env.DOWNLOAD_CENTER_AWS_SECRET, + downloadCenterAwsKeyNew: process.env.DOWNLOAD_CENTER_AWS_KEY_NEW, + downloadCenterAwsSecretNew: process.env.DOWNLOAD_CENTER_AWS_SECRET_NEW, + downloadCenterAwsSessionTokenNew: process.env.DOWNLOAD_CENTER_AWS_SESSION_TOKEN_NEW, injectedJsonFeedFile: path.join(ROOT, 'config', 'mongosh-versions.json'), githubToken: process.env.GITHUB_TOKEN, segmentKey: process.env.SEGMENT_API_KEY, diff --git a/packages/build/src/download-center/artifacts.ts b/packages/build/src/download-center/artifacts.ts index 013c11173..1e7a0ef2d 100644 --- a/packages/build/src/download-center/artifacts.ts +++ b/packages/build/src/download-center/artifacts.ts @@ -1,7 +1,11 @@ import { DownloadCenter as DownloadCenterCls } from '@mongodb-js/dl-center'; import * as fs from 'fs'; import path from 'path'; -import { ARTIFACTS_BUCKET, ARTIFACTS_FOLDER } from './constants'; +import { + ARTIFACTS_BUCKET, + ARTIFACTS_BUCKET_NEW, + ARTIFACTS_FOLDER, +} from './constants'; export async function uploadArtifactToDownloadCenter( filePath: string, @@ -20,3 +24,23 @@ export async function uploadArtifactToDownloadCenter( fs.createReadStream(filePath) ); } + +export async function uploadArtifactToDownloadCenterNew( + filePath: string, + awsAccessKeyId: string, + awsSecretAccessKey: string, + awsSessionToken: string, + DownloadCenter: typeof DownloadCenterCls = DownloadCenterCls +): Promise { + const dlcenter = new DownloadCenter({ + bucket: ARTIFACTS_BUCKET_NEW, + accessKeyId: awsAccessKeyId, + secretAccessKey: awsSecretAccessKey, + sessionToken: awsSessionToken, + }); + + await dlcenter.uploadAsset( + `${ARTIFACTS_FOLDER}/${path.basename(filePath)}`, + fs.createReadStream(filePath) + ); +} diff --git a/packages/build/src/download-center/config.ts b/packages/build/src/download-center/config.ts index 09e0d7548..b3c325dd5 100644 --- a/packages/build/src/download-center/config.ts +++ b/packages/build/src/download-center/config.ts @@ -9,6 +9,7 @@ import type { } from '@mongodb-js/dl-center/dist/download-center-config'; import { ARTIFACTS_BUCKET, + ARTIFACTS_BUCKET_NEW, JSON_FEED_ARTIFACT_KEY, ARTIFACTS_URL_PUBLIC_BASE, CONFIGURATION_KEY, @@ -55,6 +56,9 @@ export async function createAndPublishDownloadCenterConfig( packageInformation: PackageInformationProvider, awsAccessKeyId: string, awsSecretAccessKey: string, + awsAccessKeyIdNew: string, + awsSecretAccessKeyNew: string, + awsSessionTokenNew: string, injectedJsonFeedFile: string, isDryRun: boolean, ctaConfig: CTAConfig, @@ -100,6 +104,13 @@ export async function createAndPublishDownloadCenterConfig( secretAccessKey: awsSecretAccessKey, }); + const dlcenterArtifactsNew = new DownloadCenter({ + bucket: ARTIFACTS_BUCKET_NEW, + accessKeyId: awsAccessKeyIdNew, + secretAccessKey: awsSecretAccessKeyNew, + sessionToken: awsSessionTokenNew, + }); + const existingJsonFeed = await getCurrentJsonFeed(dlcenterArtifacts); const injectedJsonFeed: JsonFeed | undefined = injectedJsonFeedFile ? JSON.parse(await fs.readFile(injectedJsonFeedFile, 'utf8')) @@ -135,12 +146,20 @@ export async function createAndPublishDownloadCenterConfig( JSON.stringify(newJsonFeed, null, 2) ), ]); + + await dlcenterArtifactsNew.uploadAsset( + JSON_FEED_ARTIFACT_KEY, + JSON.stringify(newJsonFeed, null, 2) + ); } export async function updateJsonFeedCTA( config: CTAConfig, awsAccessKeyId: string, awsSecretAccessKey: string, + awsAccessKeyIdNew: string, + awsSecretAccessKeyNew: string, + awsSessionTokenNew: string, isDryRun: boolean, DownloadCenter: typeof DownloadCenterCls = DownloadCenterCls ) { @@ -150,6 +169,13 @@ export async function updateJsonFeedCTA( secretAccessKey: awsSecretAccessKey, }); + const dlcenterArtifactsNew = new DownloadCenter({ + bucket: ARTIFACTS_BUCKET_NEW, + accessKeyId: awsAccessKeyIdNew, + secretAccessKey: awsSecretAccessKeyNew, + sessionToken: awsSessionTokenNew, + }); + const jsonFeed = await getCurrentJsonFeed(dlcenterArtifacts); if (!jsonFeed) { throw new Error('No existing JSON feed found'); @@ -165,6 +191,10 @@ export async function updateJsonFeedCTA( } await dlcenterArtifacts.uploadAsset(JSON_FEED_ARTIFACT_KEY, patchedJsonFeed); + await dlcenterArtifactsNew.uploadAsset( + JSON_FEED_ARTIFACT_KEY, + patchedJsonFeed + ); } function populateJsonFeedCTAs(jsonFeed: JsonFeed, ctas: CTAConfig) { diff --git a/packages/build/src/download-center/constants.ts b/packages/build/src/download-center/constants.ts index 5ba6a4d77..f31e7acc1 100644 --- a/packages/build/src/download-center/constants.ts +++ b/packages/build/src/download-center/constants.ts @@ -16,6 +16,11 @@ export const CONFIGURATION_KEY = */ export const ARTIFACTS_BUCKET = 'downloads.10gen.com'; +/** + * The S3 bucket for download center artifacts. + */ +export const ARTIFACTS_BUCKET_NEW = 'cdn-origin-compass'; + /** * The S3 "folder" for uploaded artifacts. */ diff --git a/packages/build/src/index.ts b/packages/build/src/index.ts index f818ee6ed..7b8477324 100644 --- a/packages/build/src/index.ts +++ b/packages/build/src/index.ts @@ -81,6 +81,9 @@ if (require.main === module) { ctaConfig, downloadCenterAwsKey, downloadCenterAwsSecret, + downloadCenterAwsKeyNew, + downloadCenterAwsSecretNew, + downloadCenterAwsSessionTokenNew, isDryRun, } = getBuildConfig(); @@ -92,6 +95,9 @@ if (require.main === module) { ctaConfig, downloadCenterAwsKey, downloadCenterAwsSecret, + downloadCenterAwsKeyNew, + downloadCenterAwsSecretNew, + downloadCenterAwsSessionTokenNew, !!isDryRun ); break; diff --git a/packages/build/src/release.ts b/packages/build/src/release.ts index dddea420f..ca50e64d2 100644 --- a/packages/build/src/release.ts +++ b/packages/build/src/release.ts @@ -2,7 +2,10 @@ import { Octokit } from '@octokit/rest'; import { runCompile } from './compile'; import type { Config } from './config'; import { getReleaseVersionFromTag, redactConfig } from './config'; -import { uploadArtifactToDownloadCenter } from './download-center'; +import { + uploadArtifactToDownloadCenter, + uploadArtifactToDownloadCenterNew, +} from './download-center'; import { downloadArtifactFromEvergreen, uploadArtifactToEvergreen, @@ -95,6 +98,7 @@ export async function release( githubRepo, new PackageBumper(), uploadArtifactToDownloadCenter, + uploadArtifactToDownloadCenterNew, downloadArtifactFromEvergreen ); } else if (command === 'download-and-list-artifacts') { diff --git a/packages/build/src/run-draft.ts b/packages/build/src/run-draft.ts index ac4ea7fcd..afb3c2f65 100644 --- a/packages/build/src/run-draft.ts +++ b/packages/build/src/run-draft.ts @@ -3,6 +3,7 @@ import path from 'path'; import type { Config } from './config'; import { ALL_PACKAGE_VARIANTS, getReleaseVersionFromTag } from './config'; import { uploadArtifactToDownloadCenter as uploadArtifactToDownloadCenterFn } from './download-center'; +import { uploadArtifactToDownloadCenterNew as uploadArtifactToDownloadCenterFnNew } from './download-center'; import { downloadArtifactFromEvergreen as downloadArtifactFromEvergreenFn } from './evergreen'; import { generateChangelog as generateChangelogFn } from './git'; import { getPackageFile } from './packaging'; @@ -14,6 +15,7 @@ export async function runDraft( githubRepo: GithubRepo, packageBumper: PackageBumper, uploadToDownloadCenter: typeof uploadArtifactToDownloadCenterFn = uploadArtifactToDownloadCenterFn, + uploadToDownloadCenterNew: typeof uploadArtifactToDownloadCenterFnNew = uploadArtifactToDownloadCenterFnNew, downloadArtifactFromEvergreen: typeof downloadArtifactFromEvergreenFn = downloadArtifactFromEvergreenFn, ensureGithubReleaseExistsAndUpdateChangelog: typeof ensureGithubReleaseExistsAndUpdateChangelogFn = ensureGithubReleaseExistsAndUpdateChangelogFn ): Promise { @@ -88,6 +90,13 @@ export async function runDraft( contentType, }), ]); + + await uploadToDownloadCenterNew( + downloadedArtifact, + config.downloadCenterAwsKeyNew as string, + config.downloadCenterAwsSecretNew as string, + config.downloadCenterAwsSessionTokenNew as string + ); }) ); }