add cfn template, remove encrypted vars

7de0f866 · mapsam · e06c977b · 7de0f866 · 7de0f866 · 7de0f866
Commit 7de0f866 authored May 16, 2018 by mapsam
Hide whitespace changes
Inline Side-by-side

Showing with 60 additions and 6 deletions

.travis.yml .travis.yml +0 -2

appveyor.yml appveyor.yml +0 -4

ci.template.js cloudformation/ci.template.js +59 -0

package.json package.json +1 -0

No files found.
--- a/.travis.yml
+++ b/.travis.yml
@@ -94,8 +94,6 @@ matrix:
 env:
  global:
    - JOBS: "8"
-    - secure: PifMOSnn+mWR1RUptXse+fLvWiTrzg0R/mazO7RWhXHWBKv0uAJ/qV3dI0GIRBLtjG10Iy+tT5RNh1TIbBzB9Y67wMcGvylUPG1+3EOKoBMEPnOD9AgCEQw4SOXfGPx0cq2N6ueSKieCgu1yKN9Wq7XCbE+zTk/DiRNIdLirVoo=
-    - secure: cc4esJY1vPXL31IeumAJoKWDDO2BTGFiltwfO1jbTbiV7QT911QUjTUasxXIVpOaHNCpxSTyevPwwTWfzt2EtF92Lli+qhQ2bbzMiDSBZstSrHdAe62Ai2M1oYYUwk/0cABB/2nO9uRyYwITCxpTSNzZBrYhn3C29WqBhPeVDmM=
 before_install:
 - export PUBLISHABLE=${PUBLISHABLE:-true}

--- a/appveyor.yml
+++ b/appveyor.yml
 environment:
-  node_pre_gyp_accessKeyId:
-    secure: 7DrSVc5eIGtmMcki5H+iRft+Tk3MJTwDBQEUuJHWaQ4=
-  node_pre_gyp_secretAccessKey:
-    secure: 1amwJJw9fu0j6dXnc5KsAQbSYf7Cjw/dapT6OZWABa6nc52grkKeLQ+DGaOfQz8i
  matrix:
    - nodejs_version: 4
      platform: x64

--- a/cloudformation/ci.template.js
+++ b/cloudformation/ci.template.js
+var cf = require('@mapbox/cloudfriend');
+var package_json = require('../package.json')
+module.exports = {
+  AWSTemplateFormatVersion: '2010-09-09',
+  Description: 'user for publishing to s3://mapbox-node-binary/' + package_json.name,
+  Resources: {
+    User: {
+      Type: 'AWS::IAM::User',
+      Properties: {
+        Policies: [
+          {
+            PolicyName: 'list',
+            PolicyDocument: {
+              Statement: [
+                {
+                  Action: ['s3:ListBucket'],
+                  Effect: 'Allow',
+                  Resource: 'arn:aws:s3:::mapbox-node-binary',
+                  Condition : {
+                    StringLike : {
+                      "s3:prefix": [ package_json.name + "/*"]
+                    }
+                  }
+                }
+              ]
+            }
+          },
+          {
+            PolicyName: 'publish',
+            PolicyDocument: {
+              Statement: [
+                {
+                  Action: ['s3:DeleteObject', 's3:GetObject', 's3:GetObjectAcl', 's3:PutObject', 's3:PutObjectAcl'],
+                  Effect: 'Allow',
+                  Resource: 'arn:aws:s3:::mapbox-node-binary/' + package_json.name + '/*'
+                }
+              ]
+            }
+          }
+        ]
+      }
+    },
+    AccessKey: {
+      Type: 'AWS::IAM::AccessKey',
+      Properties: {
+        UserName: cf.ref('User')
+      }
+    }
+  },
+  Outputs: {
+    AccessKeyId: {
+      Value: cf.ref('AccessKey')
+    },
+    SecretAccessKey: {
+      Value: cf.getAtt('AccessKey', 'SecretAccessKey')
+    }
+  }
+};
--- a/package.json
+++ b/package.json
@@ -44,6 +44,7 @@
    "node-pre-gyp"
  ],
  "devDependencies": {
+    "@mapbox/cloudfriend": "^1.9.0",
    "aws-sdk": "2.x",
    "eslint": "3.5.0",
    "mocha": "3.x"