Use and publish private AWS CDK construct packages to privately hosted registry: verdaccio

[anh-rivergon]

I created the projenrc.js below to build a private CDK stack and publish it to a private registry. My private CDK stack uses private packages from a privately hosted registry. It works, but is there a cleaner solution?

In particular, I do not like having to copy'n paste the "Prepare Repository", "Install Dependencies", "Create js artifact", and "Collect js Artifact" steps from the projen project to all the constructs and stacks we plan to build. It will be hard to maintain and stay in sync with projen if those steps change or new steps added.

Also, I do not like having to hard code the registry -> registry: 'verdaccio.myabcnotrealcom.com'

publib-npm fails with registry: project.npmRegistry

Much appreciated for all insights. How do you setup projenrc.js to use private packages from private registry and publish private package to privately hosted registry such as verdaccio ?

const { awscdk } = require('projen');
const project = new awscdk.AwsCdkConstructLibrary({
  author: 'CDK Dev',
  authorAddress: 'cdkdevmyabcnotrealcom.com',
  keywords: ['aws cdk', 'aws cdk stack', 'aws cloud development kit', 'mycdk', 'ngx app'],
  cdkVersion: '2.43.1',
  defaultReleaseBranch: 'main',
  name: '@mycdk/my-app-stack',
  repositoryUrl: 'https://github.com/mycdk-notreally-real/my-app-stack.git',

  deps: [
    '@aws-solutions-constructs/aws-cloudfront-s3',
    '@aws-solutions-constructs/core',
    '@mycdk/my-cloudfront-construct',
    '@mycdk/my-route53-construct',
  ], /* Runtime dependencies of this module. */
  description: 'Construct a stack to distribute ngx app', /* The description is just a string that helps people understand the purpose of the package. */
  devDeps: [
  ], /* Build dependencies for this module. */
  // packageName: undefined,  /* The "name" in package.json. */
  releaseToNpm: true,
  releaseEveryCommit: true,
  npmDistTag: 'latest',
  npmRegistry: 'verdaccio.myabcnotrealcom.com',
  workflowBootstrapSteps: [
    {
      name: 'Install acl #1',
      run: 'sudo apt-get update -y',
    },
    {
      name: 'Install acl #2',
      run: 'sudo apt-get install -y acl',
    },
    {
      name: 'Setup npmrc #1',
      run: 'echo "@mycdk:registry=https://verdaccio.myabcnotrealcom.com" > ~/.npmrc',
    },
    {
      name: 'Setup npmrc #2',
      run: 'echo "//verdaccio.myabcnotrealcom.com/:_authToken=${NPM_TOKEN}" >> ~/.npmrc',
      env: {
        NPM_TOKEN: '${{ secrets.NPM_TOKEN }}',
      },
    },
  ],
});

project.release.publisher.publishToNpm({
  prePublishSteps: [
    {
      name: 'Setup npmrc #1',
      run: 'echo "@mycdk:registry=https://verdaccio.myabcnotrealcom.com" > ~/.npmrc',
    },
    {
      name: 'Setup npmrc #2',
      run: 'echo "//verdaccio.myabcnotrealcom.com/:_authToken=${NPM_TOKEN}" >> ~/.npmrc',
      env: {
        NPM_TOKEN: '${{ secrets.NPM_TOKEN }}',
      },
    },
    {
      name: 'Prepare Repository',
      run: 'mv dist .repo',
    },
    {
      name: 'Install Dependencies',
      run: 'cd .repo && yarn install --check-files --frozen-lockfile',
    },
    {
      name: 'Create js artifact',
      run: 'cd .repo && npx projen package:js',
    },
    {
      name: 'Collect js Artifact',
      run: 'mv .repo/dist dist',
    },
  ],
  registry: 'verdaccio.myabcnotrealcom.com',
});

project.synth();

[mrgrain]

Yes that's consistent with my expectation. release requires that the build step does not change anything in the project. The fix is to run build manually and commit and push any changes. Closing.

[anh-rivergon]

Hello @mrgrain , you probably meant your comment for #2140 and not this one?

[mrgrain]

Yes. 🤦🏻 Thank you!

[mrgrain]

Hi @anh-rivergon Sorry this took so long to respond. I don't have a ton of experience publishing to private registries with projen. So I'm mostly going of the docs here.

---

I created the projenrc.js below to build a private CDK stack and publish it to a private registry. My private CDK stack uses private packages from a privately hosted registry. It works, but is there a cleaner solution?

Unfortunately not. Only AWS CodeArtifact is supported right now. I'd love a PR that adds support for any private registry by providing a token via an env variable.

See: https://projen.io/node.html#scoped-private-packages

---

In particular, I do not like having to copy'n paste the "Prepare Repository", "Install Dependencies", "Create js artifact", and "Collect js Artifact" steps from the projen project to all the constructs and stacks we plan to build. It will be hard to maintain and stay in sync with projen if those steps change or new steps added.

The general answer to this is to publish your own "personal" projen project type that comes pre-configured with the required settings. That way you'll have to only make changes once and all projects should auto-update.

--

Also, I do not like having to hard code the registry -> registry: 'verdaccio.myabcnotrealcom.com'

publib-npm fails with registry: project.npmRegistry

I think you are looking for project.package.npmRegistry

[karlderkaefer]

I got the same problem. right now I'm using a workaround with JsonPatch, which is shorter, but ofc not better, not sure if it helps. I was able to push to a private github repository

      const buildWorkflow = project.github.tryFindWorkflow('build');
      const upgradeWorkflow = project.github.tryFindWorkflow('upgrade');
      const patch = {
        name: 'Setup NPM Token',
        run: 'echo "//npm.pkg.github.com/:_authToken=$NPM_TOKEN\n@your_company:registry=https://npm.pkg.github.com/" > ~/.npmrc',
        env: {
          // eslint-disable-next-line no-template-curly-in-string
          NPM_TOKEN: '${{ secrets.PROJEN_GITHUB_TOKEN }}',
        },
      };
      buildWorkflow?.file?.patch(JsonPatch.add('/jobs/build/steps/1', patch));
      upgradeWorkflow?.file?.patch(JsonPatch.add('/jobs/upgrade/steps/1', patch));

[mrgrain]

I believe recent releases should make this much easier. Needs checking.

We could still do with a feature that is a single option.