chore: add verdaccio publishing tests to CI

resolves #123

To validate that everything always works,
running the integration tests directly from npm
will replicate exactly how customers would use this.
It will also verify that all dependencies of the clients
can be satisfied from npm.
Finally, it exercises the publishing process
to make sure that each release could be published automatically.

Author: seebees

.gitignore

@@ -31,3 +31,6 @@ coverage
 /tsconfig.json
 /tsconfig.module.json
 package.json.decrypt
+
+# verdaccio
+/verdaccio/storage

buildspec.yml

@@ -1,14 +1,18 @@
-version: 0.2
+version: 0.3
 
 phases:
     install:
         runtime-versions:
             nodejs: 10
         commands:
             - npm ci
-            - npm run build
     build:
+        commands:
+            - npm run build
+    unit_test:
         commands:
             - npm test
             - npm run test_conditions
-            - npm run integration
+    integration_tests:
+        commands:
+            - npm run verdaccio

package.json

@@ -36,6 +36,12 @@
     "integration-node-encrypt": "npm run build; integration-node encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle -c 20",
     "node-integration": "run-s integration-node-*",
     "integration": "run-s integration-*",
+    "verdaccio": "run-s verdaccio-*",
+    "verdaccio-publish": "./util/local_verdaccio_publish",
+    "verdaccio-publish-browser-decrypt": "./util/npx_verdaccio @aws-crypto/integration-browser decrypt -v $npm_package_config_localTestVectors --karma",
+    "verdaccio-publish-browser-encrypt": "./util/npx_verdaccio @aws-crypto/integration-browser encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle --karma",
+    "verdaccio-publish-node-decrypt": "./util/npx_verdaccio @aws-crypto/integration-node decrypt -v $npm_package_config_localTestVectors -c 10",
+    "verdaccio-publish-node-encrypt": "./util/npx_verdaccio @aws-crypto/integration-node encrypt -m $npm_package_config_encryptManifestList -k $npm_package_config_encryptKeyManifest -o $npm_package_config_decryptOracle -c 20",
     "test_conditions": "./util/test_conditions"
   },
   "config": {
@@ -125,6 +131,7 @@
     "lerna": "^3.13.3",
     "source-map-support": "^0.5.12",
     "tslib": "^1.9.3",
-    "rimraf": "^2.6.2"
+    "rimraf": "^2.6.2",
+    "verdaccio": "^4.5.1"
   }
 }

util/local_verdaccio_publish

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Always clear storage so the latest versions are published
+# I am not worried about _what_ version number is published
+# Only that it is the latest code
+rm -rf verdaccio/storage/@aws-crypto
+
+# Start verdaccio in the background
+verdaccio -c verdaccio/config.yaml &
+
+# Publish all changed packages the local verdaccio server.
+# Anything that has not been changed will match what is in npm
+npx lerna publish prepatch \
+  --registry http://localhost:4873/ \
+  --yes \
+  --no-changelog \
+  --no-git-tag-version \
+  --no-push \
+  --no-git-reset \
+  --ignore-scripts \
+  --preid ci \
+  --no-verify-access
+
+# The above command will make some modifications,
+# Roll them back
+# Idealy, we would find a way to not have to do this
+git checkout -- modules/**/package-lock.json
+git checkout -- modules/**/package.json
+
+# Kill everying
+# Especialy the background verdaccio server
+kill $(jobs -pr)

util/npx_verdaccio

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# I am assumeing that you used `local_verdaccio_publish`
+# But either way,
+# this is to facilitate running `npx`
+# and interacting with a local verdaccio server
+# So... I need a running server
+verdaccio -c verdaccio/config.yaml &
+
+# run npx, and stuff an rc file that has _valid_ tokens
+# that match the local htpassword
+
+npm_config_registry=http://localhost:4873/ npx \
+  --userconfig verdaccio/npmrc \
+  --ignore-existing \
+  "$@"
+
+# Kill everying
+# Especialy the background verdaccio server
+kill $(jobs -pr)

verdaccio/config.yaml

@@ -0,0 +1,88 @@
+#
+# This is the default config file. It allows all users to do anything,
+# so don't use it on production systems.
+#
+# Look here for more config file examples:
+# https://github.com/verdaccio/verdaccio/tree/master/conf
+#
+
+# path to a directory with all packages
+storage: ./storage
+# path to a directory with plugins to include
+plugins: ./plugins
+
+web:
+  title: Verdaccio
+  # comment out to disable gravatar support
+  # gravatar: false
+  # by default packages are ordercer ascendant (asc|desc)
+  # sort_packages: asc
+
+auth:
+  htpasswd:
+    file: ./htpasswd
+    # Maximum amount of users allowed to register, defaults to "+inf".
+    # You can set this to -1 to disable registration.
+    # max_users: 1000
+
+security:
+  api:
+    jwt:
+      sign:
+        expiresIn: 60d
+        notBefore: 1
+  web:
+    sign:
+      expiresIn: 7d
+      notBefore: 1
+
+# a list of other known repositories we can talk to
+uplinks:
+  npmjs:
+    url: https://registry.npmjs.org/
+
+packages:
+  '@aws-crypto/*':
+    # scoped packages
+    access: $all
+    publish: $all
+    unpublish: $all
+    proxy: npmjs
+  '@*/*':
+    # scoped packages
+    access: $all
+    publish: $authenticated
+    unpublish: $authenticated
+    proxy: npmjs
+
+  '**':
+    # allow all users (including non-authenticated users) to read and
+    # publish all packages
+    #
+    # you can specify usernames/groupnames (depending on your auth plugin)
+    # and three keywords: "$all", "$anonymous", "$authenticated"
+    access: $all
+
+    # allow all known users to publish/publish packages
+    # (anyone can register by default, remember?)
+    publish: $authenticated
+    unpublish: $authenticated
+
+    # if package is not available locally, proxy requests to 'npmjs' registry
+    proxy: npmjs
+
+# You can specify HTTP/1.1 server keep alive timeout in seconds for incomming connections.
+# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
+# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enought.
+server:
+  keepAliveTimeout: 60
+
+middlewares:
+  audit:
+    enabled: true
+
+# log settings
+logs:
+  - { type: stdout, format: pretty, level: http }
+  #- {type: file, path: verdaccio.log, level: info}
+

verdaccio/htpasswd

@@ -0,0 +1,2 @@
+loglevel=warn
+registry=http://localhost:4873/