feat(projenify): modernize repository with standard tooling

.editorconfig

@@ -0,0 +1,11 @@
+# top-most EditorConfig file
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{js,ts,json}]
+indent_size = 2
+indent_style = space

.eslintrc

@@ -0,0 +1,29 @@
+{
+    "env": {
+        "browser": true,
+        "commonjs": true,
+        "es2021": true
+    },
+    "extends": [
+      // "airbnb",
+      "eslint:recommended",
+      "plugin:@typescript-eslint/recommended",
+      "prettier"
+    ],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": 12,
+        "project": "./tsconfig.json"
+    },
+    "ignorePatterns": [
+      "dist"
+    ],
+    "plugins": [
+        "@typescript-eslint",
+        "prettier"
+    ],
+    "rules": {
+      "quotes": ["warn", "single"],
+      "@typescript-eslint/no-floating-promises": ["error"]
+    }
+}

.github/workflows/actions-dev-kit-ci.yml

@@ -8,47 +8,41 @@
 # - performs vulnerabilities scan using returntocorp/semgrep GHA
 
 name: adk-ci
-
 on:
-  workflow_dispatch:
+  push:
+    branches:
+      - main
   pull_request:
-    branches: [main, gamma]
+    types: [assigned, opened, synchronize, reopened]
 
+env:
+  PROJEN_DISABLE_POST: '1'
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          # Target branch of the pull request
-          # Source https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
-          ref: ${{ github.base_ref }}
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
-      - run: npm install --global lerna yarn #install global dependencies
-      - run: yarn install #install and link depdendencies
-      - run: ./build.sh #build
-      - run: yarn run api-ref #test generate /docs
-      - run: yarn run api-ref-pre-release #test generate /pre-release-docs
-      - run: yarn run generate-attributions #test generate ./<package>/THIRD_PARTY_LICENSES
-
+          node-version: '18'
+          cache: 'yarn'
+      # We are seeing a very large slow down in startup execution in with npx (npm v9.7.2).
+      # Setting to older version of npm to speed up execution.
+      - run: npm install -g npm@6.14.13
+      - run: yarn --immutable-cache
+      - run: yarn build
+   
   secret-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+
+      - uses: actions/checkout@v3
         with:
-          fetch-depth: 0
-      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.59.0
+          fetch-depth: 1
+      - uses: trufflesecurity/trufflehog@main
         with:
-          path: ./
-          # Target branch of the pull request
-          # Source https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
-          base: ${{ github.base_ref }}
-          head: HEAD
-          extra_args: --debug
-
+          extra_args: --only-verified --debug
+
   semgrep:
     runs-on: ubuntu-latest
 

.github/workflows/actions-dev-kit-release-prod.yml

@@ -50,7 +50,7 @@ jobs:
           # - changes in changelogs
           ssh-key: ${{ env.SSH_PRIVATE_KEY }}
       # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 16
           registry-url: 'https://registry.npmjs.org/'

.github/workflows/actions-dev-kit-unpublish.yml

@@ -0,0 +1,57 @@
+# This workflow will build and run tests using node and then publish a package to the public NPM repository
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: adk-unpublish-version
+
+on: [workflow_dispatch]
+
+env:
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }}
+  SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+  GIT_COMMITTER_NAME: ActionsDevKitRelease
+  GIT_COMMITTER_EMAIL: cawsactionextensions+adk-release@amazon.com
+
+jobs:
+  unpublish-from-npm:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 16
+          registry-url: 'https://registry.npmjs.org/'
+          scope: '@aws'
+      # Install dependencies
+      - run: npm install --global lerna@5.0.0 yarn@1.22.18
+      - run: lerna --version
+      - run: yarn --version
+      - run: npm --version
+
+      # Un-Publishes ADK package from NPM (order matters)
+      # https://docs.npmjs.com/policies/unpublish
+      - run: npm unpublish @aws/codecatalyst-adk@${{ vars.UNPUBLISH_NPM_VERSION }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm unpublish @aws/codecatalyst-adk-core@${{ vars.UNPUBLISH_NPM_VERSION }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm unpublish @aws/codecatalyst-project@${{ vars.UNPUBLISH_NPM_VERSION }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      #- run: npm unpublish @aws/codecatalyst-adk-model-parser@${{ vars.UNPUBLISH_NPM_VERSION }}
+      # env:
+      #    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      #- run: npm unpublish @aws/codecatalyst-adk-utils@${{ vars.UNPUBLISH_NPM_VERSION }}
+      #  env:
+      #    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm unpublish @aws/codecatalyst-space@${{ vars.UNPUBLISH_NPM_VERSION }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm unpublish @aws/codecatalyst-run-summaries@${{ vars.UNPUBLISH_NPM_VERSION }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm unpublish @aws/codecatalyst-project@${{ vars.UNPUBLISH_NPM_VERSION }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/adk-release-to-prod-graduate.yml

@@ -0,0 +1,77 @@
+# This workflow will build and run tests using node and then publish a package to the public NPM repository
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: adk-release-to-prod-graduate
+
+on: [workflow_dispatch]
+
+env:
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }}
+  SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+  GIT_COMMITTER_NAME: ActionsDevKitRelease
+  GIT_COMMITTER_EMAIL: cawsactionextensions+adk-release@amazon.com
+
+jobs:
+  release-to-prod-graduate:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      # Allows to push to the main branch for
+      - name: Git & SSH auth setup
+        run: |
+          sudo git config --system --add safe.directory "*"
+          if [[  -n $SSH_PUBLIC_KEY && -n $SSH_PRIVATE_KEY ]]; then
+              echo "SSH Key pair found, configuring signing..."
+              mkdir ~/.ssh
+              echo -e "$SSH_PRIVATE_KEY" >> ~/.ssh/signing_key
+              cat ~/.ssh/signing_key
+              echo -e "$SSH_PUBLIC_KEY" >> ~/.ssh/signing_key.pub
+              cat ~/.ssh/signing_key.pub
+              chmod 600 ~/.ssh/signing_key && chmod 600 ~/.ssh/signing_key.pub
+              eval "$(ssh-agent)"
+              ssh-add ~/.ssh/signing_key
+              git config --global gpg.format ssh
+              git config --global user.signingKey ~/.ssh/signing_key
+              git config --global commit.gpgsign true
+              git config --global user.email $GIT_COMMITTER_EMAIL
+              git config --global user.name $GIT_COMMITTER_NAME
+              touch ~/.ssh/allowed_signers
+              echo "$GIT_COMMITTER_EMAIL $SSH_PUBLIC_KEY" > ~/.ssh/allowed_signers
+              git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
+          fi
+      # Checkout main branch
+      - uses: actions/checkout@v4
+        with:
+          # Checkout with ssh key to be able to push changes back to the branch.
+          # The expected changes are:
+          # - a version bump in the package.json files
+          # - and ./lerna.json
+          # - changes in changelogs
+          ssh-key: ${{ env.SSH_PRIVATE_KEY }}
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 16
+          registry-url: 'https://registry.npmjs.org/'
+          scope: '@aws'
+      # Install dependencies
+      - run: npm install --global lerna@5.0.0 yarn@1.22.18
+      - run: lerna --version
+      - run: yarn --version
+      - run: npm --version
+
+      # Runs `yarn install` and prepare all the packages in this monorepo for the build
+      - run: yarn install
+      # Builds and tests all the packages
+      - run: yarn run all
+      # Upgrades major|minor|patch version for all the packages even if there's no changes in some or all of them.
+      # Publishes the version as a preview using conventional-prelease
+      # Follows https://www.conventionalcommits.org/en/v1.0.0/
+      - run: lerna version --conventional-commits --conventional-graduate --force-publish --yes
+      - run: git status
+      - run: git pull
+      # Publishes ADK packages to CodeArtifact
+      - run: lerna publish from-package --yes
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/adk-release-to-prod-preview.yml

@@ -0,0 +1,77 @@
+# This workflow will build and run tests using node and then publish a package to the public NPM repository
+# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
+
+name: adk-release-to-prod-preview
+
+on: [workflow_dispatch]
+
+env:
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }}
+  SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+  GIT_COMMITTER_NAME: ActionsDevKitRelease
+  GIT_COMMITTER_EMAIL: cawsactionextensions+adk-release@amazon.com
+
+jobs:
+  release-to-prod:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    steps:
+      # Allows to push to the main branch for
+      - name: Git & SSH auth setup
+        run: |
+          sudo git config --system --add safe.directory "*"
+          if [[  -n $SSH_PUBLIC_KEY && -n $SSH_PRIVATE_KEY ]]; then
+              echo "SSH Key pair found, configuring signing..."
+              mkdir ~/.ssh
+              echo -e "$SSH_PRIVATE_KEY" >> ~/.ssh/signing_key
+              cat ~/.ssh/signing_key
+              echo -e "$SSH_PUBLIC_KEY" >> ~/.ssh/signing_key.pub
+              cat ~/.ssh/signing_key.pub
+              chmod 600 ~/.ssh/signing_key && chmod 600 ~/.ssh/signing_key.pub
+              eval "$(ssh-agent)"
+              ssh-add ~/.ssh/signing_key
+              git config --global gpg.format ssh
+              git config --global user.signingKey ~/.ssh/signing_key
+              git config --global commit.gpgsign true
+              git config --global user.email $GIT_COMMITTER_EMAIL
+              git config --global user.name $GIT_COMMITTER_NAME
+              touch ~/.ssh/allowed_signers
+              echo "$GIT_COMMITTER_EMAIL $SSH_PUBLIC_KEY" > ~/.ssh/allowed_signers
+              git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
+          fi
+      # Checkout main branch
+      - uses: actions/checkout@v4
+        with:
+          # Checkout with ssh key to be able to push changes back to the branch.
+          # The expected changes are:
+          # - a version bump in the package.json files
+          # - and ./lerna.json
+          # - changes in changelogs
+          ssh-key: ${{ env.SSH_PRIVATE_KEY }}
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 16
+          registry-url: 'https://registry.npmjs.org/'
+          scope: '@aws'
+      # Install dependencies
+      - run: npm install --global lerna@5.0.0 yarn@1.22.18
+      - run: lerna --version
+      - run: yarn --version
+      - run: npm --version
+
+      # Runs `yarn install` and prepare all the packages in this monorepo for the build
+      - run: yarn install
+      # Builds and tests all the packages
+      - run: yarn run all
+      # Upgrades major|minor|patch version for all the packages even if there's no changes in some or all of them.
+      # Publishes the version as a preview using conventional-prelease
+      # Follows https://www.conventionalcommits.org/en/v1.0.0/
+      - run: lerna version --conventional-commits --conventional-prerelease --force-publish --yes
+      - run: git status
+      - run: git pull
+      # Publishes ADK packages to CodeArtifact
+      - run: lerna publish from-package --yes
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.nvmrc

@@ -0,0 +1 @@
+v18.16.1

.prettierignore

@@ -0,0 +1,8 @@
+*.js
+*.json
+*.yaml
+*.yml
+.eslintrc
+**/templates/**
+coverage
+dist

.prettierrc

@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json.schemastore.org/prettierrc",
+  "arrowParens": "avoid",
+  "bracketSpacing": true,
+  "printWidth": 150,
+  "proseWrap": "always",
+  "quoteProps": "consistent",
+  "semi": true,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "all",
+  "useTabs": false
+}

.semgrepignore

@@ -24,6 +24,7 @@
 # To ignore a file with a literal ':' character, escape it with
 # a backslash, e.g. "\:foo".
 
-/packages/adk/lib/util/template.ts
+/packages/adk/adk/src/util/template.ts
 /docs/index.html
-/scripts/generate-attributions.ts
+/scripts/generate-attributions.ts
+/packages/workflows/workflows-sdk/**.ts