add cfn template, remove encrypted vars

mapsam · mapsam · commit 7de0f86671f5 · 2018-05-16T17:15:56.000-07:00
diff --git a/.travis.yml b/.travis.yml
@@ -94,8 +94,6 @@ matrix:
 env:
   global:
     - JOBS: "8"
-    - secure: PifMOSnn+mWR1RUptXse+fLvWiTrzg0R/mazO7RWhXHWBKv0uAJ/qV3dI0GIRBLtjG10Iy+tT5RNh1TIbBzB9Y67wMcGvylUPG1+3EOKoBMEPnOD9AgCEQw4SOXfGPx0cq2N6ueSKieCgu1yKN9Wq7XCbE+zTk/DiRNIdLirVoo=
-    - secure: cc4esJY1vPXL31IeumAJoKWDDO2BTGFiltwfO1jbTbiV7QT911QUjTUasxXIVpOaHNCpxSTyevPwwTWfzt2EtF92Lli+qhQ2bbzMiDSBZstSrHdAe62Ai2M1oYYUwk/0cABB/2nO9uRyYwITCxpTSNzZBrYhn3C29WqBhPeVDmM=
 
 before_install:
 - export PUBLISHABLE=${PUBLISHABLE:-true}
diff --git a/appveyor.yml b/appveyor.yml
@@ -1,8 +1,4 @@
 environment:
-  node_pre_gyp_accessKeyId:
-    secure: 7DrSVc5eIGtmMcki5H+iRft+Tk3MJTwDBQEUuJHWaQ4=
-  node_pre_gyp_secretAccessKey:
-    secure: 1amwJJw9fu0j6dXnc5KsAQbSYf7Cjw/dapT6OZWABa6nc52grkKeLQ+DGaOfQz8i
   matrix:
     - nodejs_version: 4
       platform: x64
diff --git a/cloudformation/ci.template.js b/cloudformation/ci.template.js
@@ -0,0 +1,59 @@
+var cf = require('@mapbox/cloudfriend');
+var package_json = require('../package.json')
+
+module.exports = {
+  AWSTemplateFormatVersion: '2010-09-09',
+  Description: 'user for publishing to s3://mapbox-node-binary/' + package_json.name,
+  Resources: {
+    User: {
+      Type: 'AWS::IAM::User',
+      Properties: {
+        Policies: [
+          {
+            PolicyName: 'list',
+            PolicyDocument: {
+              Statement: [
+                {
+                  Action: ['s3:ListBucket'],
+                  Effect: 'Allow',
+                  Resource: 'arn:aws:s3:::mapbox-node-binary',
+                  Condition : {
+                    StringLike : {
+                      "s3:prefix": [ package_json.name + "/*"]
+                    }
+                  }
+                }
+              ]
+            }
+          },
+          {
+            PolicyName: 'publish',
+            PolicyDocument: {
+              Statement: [
+                {
+                  Action: ['s3:DeleteObject', 's3:GetObject', 's3:GetObjectAcl', 's3:PutObject', 's3:PutObjectAcl'],
+                  Effect: 'Allow',
+                  Resource: 'arn:aws:s3:::mapbox-node-binary/' + package_json.name + '/*'
+                }
+              ]
+            }
+          }
+        ]
+      }
+    },
+    AccessKey: {
+      Type: 'AWS::IAM::AccessKey',
+      Properties: {
+        UserName: cf.ref('User')
+      }
+    }
+  },
+  Outputs: {
+    AccessKeyId: {
+      Value: cf.ref('AccessKey')
+    },
+    SecretAccessKey: {
+      Value: cf.getAtt('AccessKey', 'SecretAccessKey')
+    }
+  }
+};
diff --git a/package.json b/package.json
@@ -44,6 +44,7 @@
     "node-pre-gyp"
   ],
   "devDependencies": {
+    "@mapbox/cloudfriend": "^1.9.0",
     "aws-sdk": "2.x",
     "eslint": "3.5.0",
     "mocha": "3.x"
