Merge pull request #8 from wesreid/feature/gh-oidc-setup-utility

add utility script to deploy the Github OIDC stack in an AWS account

Author: wesreid

bin/bootstrap-iam.js

@@ -5,7 +5,8 @@
   "main": "dist/index.js",
   "bin": {
     "generate-oas": "./bin/generate-swagger.js",
-    "gh-oidc-iam": "./bin/bootstrap-iam.js"
+    "aws-lambda-api-tools": "./bin/cli.js",
+    "create-gha-iam-stack": "./bin/bootstrap-iam.js"
   },
   "types": "dist/index.d.ts",
   "scripts": {
@@ -49,9 +50,10 @@
     "@types/minimist": "^1.2.2",
     "@types/node-fetch": "^2.5.12",
     "atob": "^2.1.2",
-    "aws-cdk": "^2.178.2",
+    "aws-cdk": "^2.0.0",
     "aws-cdk-lib": "^2.0.0",
     "axios": "^1.6.3",
+    "commander": "^11.1.0",
     "joi": "^17.12.3",
     "joi-to-swagger": "6.2.0",
     "joi-to-typescript": "^4.11.0",

bin/cli.js

@@ -1,26 +1,39 @@
 import { build } from 'esbuild';
-import { chmod, writeFile } from 'fs/promises';
+import { chmod } from 'fs/promises';
 import { join } from 'path';
 
 async function buildBinary() {
-  const outFile = join(process.cwd(), 'bin/bootstrap-iam.js');
-  
-  await build({
-    entryPoints: ['src/bin/bootstrap-iam.ts'],
-    bundle: true,
-    platform: 'node',
-    target: 'node16',
-    outfile: outFile,
-    format: 'cjs',
-    minify: true,
-    sourcemap: false,
-    external: ['aws-cdk-lib', 'aws-cdk-lib/*'],
-    banner: {
-      js: '#!/usr/bin/env node',
+  const files = [
+    {
+      entry: 'src/bin/bootstrap-iam.ts',
+      out: 'bin/bootstrap-iam.js'
     },
-  });
+    {
+      entry: 'src/bin/cli.ts',
+      out: 'bin/cli.js'
+    }
+  ];
 
-  await chmod(outFile, '755');
+  for (const file of files) {
+    const outFile = join(process.cwd(), file.out);
+    
+    await build({
+      entryPoints: [file.entry],
+      bundle: true,
+      platform: 'node',
+      target: 'node16',
+      outfile: outFile,
+      format: 'cjs',
+      minify: true,
+      sourcemap: false,
+      external: ['aws-cdk-lib', 'aws-cdk-lib/*', 'aws-cdk', 'commander'],
+      banner: {
+        js: '#!/usr/bin/env node',
+      },
+    });
+
+    await chmod(outFile, '755');
+  }
 }
 
 buildBinary().catch((err) => {

package-lock.json

@@ -12,8 +12,8 @@ const policyArg = args.find(t => t.startsWith("--policy="));
 
 if (!repoArg) {
   console.error("Error: --repo argument is required");
-  console.error("Usage: gh-oidc-iam --repo=owner/repo-name [--policy=PolicyName]");
-  console.error("Example: gh-oidc-iam --repo=myorg/my-repo --policy=AdministratorAccess");
+  console.error("Usage: create-gha-iam-stack --repo=owner/repo-name [--policy=PolicyName]");
+  console.error("Example: create-gha-iam-stack --repo=myorg/my-repo --policy=AdministratorAccess");
   process.exit(1);
 }
 

package.json

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+import { program } from 'commander';
+import { join } from 'path';
+
+program
+  .name('aws-lambda-api-tools')
+  .description('CLI tools for AWS Lambda and API Gateway')
+  .version('0.1.5');
+
+program.command('create-gha-iam-stack')
+  .description('Create IAM stack for GitHub Actions OIDC authentication')
+  .requiredOption('--repo <owner/repo>', 'GitHub repository (owner/repo)')
+  .option('--policy <name>', 'AWS managed policy name', 'AdministratorAccess')
+  .action(async (options) => {
+    process.argv = [
+      process.argv[0],
+      process.argv[1],
+      `--repo=${options.repo}`,
+      `--policy=${options.policy}`
+    ];
+    require(join(__dirname, 'bootstrap-iam.js'));
+  });
+
+program.parse();