aws · texastony · Aug 29, 2022 · Aug 25, 2022 · Aug 25, 2022 · Aug 25, 2022
@@ -0,0 +1,37 @@
+Overview
+========
+This page describes the support policy for the AWS Encryption SDK. We regularly provide the AWS Encryption SDK with updates that may contain support for new or updated APIs, new features, enhancements, bug fixes, security patches, or documentation updates. Updates may also address changes with dependencies, language runtimes, and operating systems.
+
+We recommend users to stay up-to-date with Encryption SDK releases to keep up with the latest features, security updates, and underlying dependencies. Continued use of an unsupported SDK version is not recommended and is done at the user’s discretion.
+
+
+Major Version Lifecycle
+========================
+The AWS Encryption SDK follows the same major version lifecycle as the AWS SDK. For details on this lifecycle, see  `AWS SDKs and Tools Maintenance Policy`_.
+
+Version Support Matrix
+======================
+This table describes the current support status of each major version of the AWS Encryption SDK for Javascript. It also shows the next status each major version will transition to, and the date at which that transition will happen.
+
+.. list-table::
+    :widths: 30 50 50 50
+    :header-rows: 1
+
+    * - Major version
+      - Current status
+      - Next status
+      - Next status date
+    * - 1.x
+      - End of Support
+      - 
+      - 
+    * - 2.x
+      - Maintenance
+      - End of Support
+      - 2023-03-02
+    * - 3.x
+      - General Availability
+      - 
+      - 
+
+.. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle
@@ -5,5 +5,10 @@ batch:
   build-list:
     - identifier: nodejs10
       buildspec: codebuild/nodejs10.yml
+      env:
+        compute-type: BUILD_GENERAL1_MEDIUM
     - identifier: nodejs12
       buildspec: codebuild/nodejs12.yml
+      env:
+        image: aws/codebuild/standard:5.0
+        compute-type: BUILD_GENERAL1_MEDIUM
@@ -13,6 +13,7 @@ phases:
             - npm run build
     build:
         commands:
-            - npm test
+            - npm run lint
+            - npm run coverage-node
             - npm run test_conditions
             - npm run verdaccio
@@ -0,0 +1,32 @@
+version: 0.2
+
+batch:
+  fast-fail: true 
+  build-graph:
+# CI
+    - identifier: nodejs10
+      buildspec: codebuild/nodejs10.yml
+      env:
+        compute-type: BUILD_GENERAL1_MEDIUM
+    - identifier: nodejs12
+      buildspec: codebuild/nodejs12.yml
+      env:
+        image: aws/codebuild/standard:5.0
+        compute-type: BUILD_GENERAL1_MEDIUM
+
+# Version the project and push git commits and tags
+    - identifier: version
+      depend-on:
+        - nodejs10
+        - nodejs12
+      buildspec: codebuild/release/version.yml
+      env:
+        image: aws/codebuild/standard:5.0
+
+# Publish the release to npm
+    - identifier: publish
+      depend-on:
+        - version
+      buildspec: codebuild/release/publish.yml
+      env:
+        image: aws/codebuild/standard:5.0
@@ -0,0 +1,48 @@
+version: 0.2
+
+env:
+  variables:
+    NODE_OPTIONS: "--max-old-space-size=4096"
+    BRANCH: "mainline-1.x"
+  secrets-manager:
+     OTP_SECRET_KEY: npm/aws-crypto-tools-ci-bot/2FA:OTP_SECRET_KEY
+     NPM_TOKEN: npm/aws-crypto-tools-ci-bot/2FA:NPM_TOKEN
+
+phases:
+  install:
+    commands:
+      - npm ci --unsafe-perm
+      # Install `otplib` to extract the OTP from the npm 2FA secret
+      - npm install otplib --no-save
+      - npm run build
+    runtime-versions:
+      nodejs: 12
+  pre_build:
+    commands:
+      - git checkout $BRANCH
+  build:
+    commands:
+      # Extract the otp using the secrets environment variables from above.
+      # This will wait for the next token. This is because npm uses
+      # TOTP and the tokens time out after 30 seconds. If the process just
+      # extracted the token then the lifetime for this token
+      # would be very random. This will maximize the amount of time
+      # available on the OTP to publish.
+      - >-
+        OTP=`node -e "
+          auth=require('otplib').authenticator;
+          setTimeout(() =>
+            console.log(auth.generate(process.env.OTP_SECRET_KEY)),
+            auth.timeRemaining() * 1000);
+          "`
+      # npm will only expand env vars inside .npmrc
+      # NOTE the ' this is to keep the env var NPM_TOKEN from expanding!
+      - echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc
+      # Now we publish to npm.
+      # This is going to use the OTP generated above and the NPM_TOKEN
+      # environment variable. This will only publish things that are
+      # missing from npm. It is therefore safe to run repeatedly.
+      - npx lerna publish from-package --yes --otp $OTP
+      # remove after publishing
+      - rm .npmrc
+
@@ -0,0 +1,27 @@
+version: 0.2
+
+env:
+  variables:
+    NODE_OPTIONS: "--max-old-space-size=4096"
+    BRANCH: "mainline-1.x"
+    # An explicit version bump
+    VERSION_BUMP: ""
+  git-credential-helper: yes
+
+phases:
+  install:
+    commands:
+      - npm ci --unsafe-perm
+    runtime-versions:
+      nodejs: 12
+  pre_build:
+    commands:
+      - git config --global user.name "aws-crypto-tools-ci-bot"
+      - git config --global user.email "no-reply@noemail.local"
+      - git checkout $BRANCH
+  build:
+    commands:
+      # Generate new version and CHANGELOG entry and push it
+      - npx lerna version --conventional-commits --git-remote origin --yes ${VERSION_BUMP:+$VERSION_BUMP --force-publish}
+      # Log the commit for posterity
+      - git log -n 1
@@ -13,6 +13,7 @@ export * from '@aws-crypto/web-crypto-backend'
 import {
   CommitmentPolicy,
   ClientOptions,
+  EndOfSupportWarning,
 } from '@aws-crypto/material-management-browser'
 
 import { buildEncrypt } from '@aws-crypto/encrypt-browser'
@@ -21,6 +22,7 @@ import { buildDecrypt } from '@aws-crypto/decrypt-browser'
 export function buildClient(
   options: CommitmentPolicy | ClientOptions
 ): ReturnType<typeof buildEncrypt> & ReturnType<typeof buildDecrypt> {
+  console.warn(EndOfSupportWarning.v1)
   return {
     ...buildEncrypt(options),
     ...buildDecrypt(options),

@@ -12,6 +12,7 @@ export * from '@aws-crypto/raw-rsa-keyring-node'
 import {
   CommitmentPolicy,
   ClientOptions,
+  EndOfSupportWarning,
 } from '@aws-crypto/material-management-node'
 
 import { buildEncrypt } from '@aws-crypto/encrypt-node'
@@ -20,6 +21,7 @@ import { buildDecrypt, DecryptOutput } from '@aws-crypto/decrypt-node'
 export function buildClient(
   options: CommitmentPolicy | ClientOptions
 ): ReturnType<typeof buildEncrypt> & ReturnType<typeof buildDecrypt> {
+  console.warn(EndOfSupportWarning.v1)
   return {
     ...buildEncrypt(options),
     ...buildDecrypt(options),

@@ -35,4 +35,5 @@ export {
   PolicyOptions,
   MessageFormat,
   ClientOptions,
+  EndOfSupportWarning,
 } from '@aws-crypto/material-management'
@@ -38,4 +38,5 @@ export {
   PolicyOptions,
   MessageFormat,
   ClientOptions,
+  EndOfSupportWarning,
 } from '@aws-crypto/material-management'
@@ -77,3 +77,9 @@ export { needs } from './needs'
 export { cloneMaterial } from './clone_cryptographic_material'
 
 export * from './types'
+
+export enum EndOfSupportWarning {
+  'v1' = 'This major version (1.x) of the AWS Encryption SDK for JavaScript has reached End-of-Support.\n' +
+    'It will no longer receive security updates or bug fixes.\n' +
+    'Consider updating to the latest version of the AWS Encryption SDK.',
+}
@@ -19,7 +19,6 @@
     "clean": "npm run clear-build-cache && lerna clean",
     "clear-build-cache": "rimraf ./modules/*/build/*",
     "lint": "run-s lint-*",
-    "lint-eslint": "npx eslint modules/**/src/*.ts modules/**/test/**/*.ts",
     "lint-prettier": "prettier -c modules/**/src/*.ts modules/**/test/**/*.ts",
     "build-node": "tsc -b tsconfig.json",
     "build-browser": "tsc -b tsconfig.module.json",