diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst new file mode 100644 index 000000000..39c96bc20 --- /dev/null +++ b/SUPPORT_POLICY.rst @@ -0,0 +1,37 @@ +Overview +======== +This page describes the support policy for the AWS Encryption SDK. We regularly provide the AWS Encryption SDK with updates that may contain support for new or updated APIs, new features, enhancements, bug fixes, security patches, or documentation updates. Updates may also address changes with dependencies, language runtimes, and operating systems. + +We recommend users to stay up-to-date with Encryption SDK releases to keep up with the latest features, security updates, and underlying dependencies. Continued use of an unsupported SDK version is not recommended and is done at the user’s discretion. + + +Major Version Lifecycle +======================== +The AWS Encryption SDK follows the same major version lifecycle as the AWS SDK. For details on this lifecycle, see `AWS SDKs and Tools Maintenance Policy`_. + +Version Support Matrix +====================== +This table describes the current support status of each major version of the AWS Encryption SDK for Javascript. It also shows the next status each major version will transition to, and the date at which that transition will happen. + +.. list-table:: + :widths: 30 50 50 50 + :header-rows: 1 + + * - Major version + - Current status + - Next status + - Next status date + * - 1.x + - End of Support + - + - + * - 2.x + - Maintenance + - End of Support + - 2023-03-02 + * - 3.x + - General Availability + - + - + +.. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/buildspec.yml b/buildspec.yml index 9026793bc..577d88e93 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -5,5 +5,10 @@ batch: build-list: - identifier: nodejs10 buildspec: codebuild/nodejs10.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM - identifier: nodejs12 buildspec: codebuild/nodejs12.yml + env: + image: aws/codebuild/standard:5.0 + compute-type: BUILD_GENERAL1_MEDIUM diff --git a/codebuild/nodejs10.yml b/codebuild/nodejs10.yml index 1e42729c4..ec8f76914 100644 --- a/codebuild/nodejs10.yml +++ b/codebuild/nodejs10.yml @@ -13,6 +13,7 @@ phases: - npm run build build: commands: - - npm test + - npm run lint + - npm run coverage-node - npm run test_conditions - npm run verdaccio diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml new file mode 100644 index 000000000..2c5f39db3 --- /dev/null +++ b/codebuild/release/prod-release.yml @@ -0,0 +1,32 @@ +version: 0.2 + +batch: + fast-fail: true + build-graph: +# CI + - identifier: nodejs10 + buildspec: codebuild/nodejs10.yml + env: + compute-type: BUILD_GENERAL1_MEDIUM + - identifier: nodejs12 + buildspec: codebuild/nodejs12.yml + env: + image: aws/codebuild/standard:5.0 + compute-type: BUILD_GENERAL1_MEDIUM + +# Version the project and push git commits and tags + - identifier: version + depend-on: + - nodejs10 + - nodejs12 + buildspec: codebuild/release/version.yml + env: + image: aws/codebuild/standard:5.0 + +# Publish the release to npm + - identifier: publish + depend-on: + - version + buildspec: codebuild/release/publish.yml + env: + image: aws/codebuild/standard:5.0 diff --git a/codebuild/release/publish.yml b/codebuild/release/publish.yml new file mode 100644 index 000000000..332afbf73 --- /dev/null +++ b/codebuild/release/publish.yml @@ -0,0 +1,48 @@ +version: 0.2 + +env: + variables: + NODE_OPTIONS: "--max-old-space-size=4096" + BRANCH: "mainline-1.x" + secrets-manager: + OTP_SECRET_KEY: npm/aws-crypto-tools-ci-bot/2FA:OTP_SECRET_KEY + NPM_TOKEN: npm/aws-crypto-tools-ci-bot/2FA:NPM_TOKEN + +phases: + install: + commands: + - npm ci --unsafe-perm + # Install `otplib` to extract the OTP from the npm 2FA secret + - npm install otplib --no-save + - npm run build + runtime-versions: + nodejs: 12 + pre_build: + commands: + - git checkout $BRANCH + build: + commands: + # Extract the otp using the secrets environment variables from above. + # This will wait for the next token. This is because npm uses + # TOTP and the tokens time out after 30 seconds. If the process just + # extracted the token then the lifetime for this token + # would be very random. This will maximize the amount of time + # available on the OTP to publish. + - >- + OTP=`node -e " + auth=require('otplib').authenticator; + setTimeout(() => + console.log(auth.generate(process.env.OTP_SECRET_KEY)), + auth.timeRemaining() * 1000); + "` + # npm will only expand env vars inside .npmrc + # NOTE the ' this is to keep the env var NPM_TOKEN from expanding! + - echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc + # Now we publish to npm. + # This is going to use the OTP generated above and the NPM_TOKEN + # environment variable. This will only publish things that are + # missing from npm. It is therefore safe to run repeatedly. + - npx lerna publish from-package --yes --otp $OTP + # remove after publishing + - rm .npmrc + diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml new file mode 100644 index 000000000..7b9a7ff79 --- /dev/null +++ b/codebuild/release/version.yml @@ -0,0 +1,27 @@ +version: 0.2 + +env: + variables: + NODE_OPTIONS: "--max-old-space-size=4096" + BRANCH: "mainline-1.x" + # An explicit version bump + VERSION_BUMP: "" + git-credential-helper: yes + +phases: + install: + commands: + - npm ci --unsafe-perm + runtime-versions: + nodejs: 12 + pre_build: + commands: + - git config --global user.name "aws-crypto-tools-ci-bot" + - git config --global user.email "no-reply@noemail.local" + - git checkout $BRANCH + build: + commands: + # Generate new version and CHANGELOG entry and push it + - npx lerna version --conventional-commits --git-remote origin --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish} + # Log the commit for posterity + - git log -n 1 diff --git a/modules/client-browser/src/index.ts b/modules/client-browser/src/index.ts index b35bc31fd..31448fee2 100644 --- a/modules/client-browser/src/index.ts +++ b/modules/client-browser/src/index.ts @@ -13,6 +13,7 @@ export * from '@aws-crypto/web-crypto-backend' import { CommitmentPolicy, ClientOptions, + EndOfSupportWarning, } from '@aws-crypto/material-management-browser' import { buildEncrypt } from '@aws-crypto/encrypt-browser' @@ -21,6 +22,7 @@ import { buildDecrypt } from '@aws-crypto/decrypt-browser' export function buildClient( options: CommitmentPolicy | ClientOptions ): ReturnType & ReturnType { + console.warn(EndOfSupportWarning.v1) return { ...buildEncrypt(options), ...buildDecrypt(options), diff --git a/modules/client-node/src/index.ts b/modules/client-node/src/index.ts index a216222ae..7f5828e97 100644 --- a/modules/client-node/src/index.ts +++ b/modules/client-node/src/index.ts @@ -12,6 +12,7 @@ export * from '@aws-crypto/raw-rsa-keyring-node' import { CommitmentPolicy, ClientOptions, + EndOfSupportWarning, } from '@aws-crypto/material-management-node' import { buildEncrypt } from '@aws-crypto/encrypt-node' @@ -20,6 +21,7 @@ import { buildDecrypt, DecryptOutput } from '@aws-crypto/decrypt-node' export function buildClient( options: CommitmentPolicy | ClientOptions ): ReturnType & ReturnType { + console.warn(EndOfSupportWarning.v1) return { ...buildEncrypt(options), ...buildDecrypt(options), diff --git a/modules/material-management-browser/src/index.ts b/modules/material-management-browser/src/index.ts index 49e7f3355..1c8f9f407 100644 --- a/modules/material-management-browser/src/index.ts +++ b/modules/material-management-browser/src/index.ts @@ -35,4 +35,5 @@ export { PolicyOptions, MessageFormat, ClientOptions, + EndOfSupportWarning, } from '@aws-crypto/material-management' diff --git a/modules/material-management-node/src/index.ts b/modules/material-management-node/src/index.ts index fb8d67b2b..6786f0fca 100644 --- a/modules/material-management-node/src/index.ts +++ b/modules/material-management-node/src/index.ts @@ -38,4 +38,5 @@ export { PolicyOptions, MessageFormat, ClientOptions, + EndOfSupportWarning, } from '@aws-crypto/material-management' diff --git a/modules/material-management/src/index.ts b/modules/material-management/src/index.ts index 7bda51ae8..6f2118d12 100644 --- a/modules/material-management/src/index.ts +++ b/modules/material-management/src/index.ts @@ -77,3 +77,9 @@ export { needs } from './needs' export { cloneMaterial } from './clone_cryptographic_material' export * from './types' + +export enum EndOfSupportWarning { + 'v1' = 'This major version (1.x) of the AWS Encryption SDK for JavaScript has reached End-of-Support.\n' + + 'It will no longer receive security updates or bug fixes.\n' + + 'Consider updating to the latest version of the AWS Encryption SDK.', +} diff --git a/package.json b/package.json index 240dc57f7..2abc3afc6 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,6 @@ "clean": "npm run clear-build-cache && lerna clean", "clear-build-cache": "rimraf ./modules/*/build/*", "lint": "run-s lint-*", - "lint-eslint": "npx eslint modules/**/src/*.ts modules/**/test/**/*.ts", "lint-prettier": "prettier -c modules/**/src/*.ts modules/**/test/**/*.ts", "build-node": "tsc -b tsconfig.json", "build-browser": "tsc -b tsconfig.module.json",