chore: update workflows

.github/workflows/build.yml

@@ -1,74 +0,0 @@
-
-name: build
-on:
-  pull_request: {}
-  workflow_dispatch: {}
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    outputs:
-      self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
-    env:
-      CI: "true"
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 14.0.0
-      - name: Install dependencies
-        run: npm install
-      - name: build
-        run: scripts/run-task build
-      - name: Find mutations
-        id: self_mutation
-        run: |-
-          git add .
-          git diff --staged --patch --exit-code > .repo.patch || echo "::set-output name=self_mutation_happened::true"
-      - name: Upload patch
-        if: steps.self_mutation.outputs.self_mutation_happened
-        uses: actions/upload-artifact@v2
-        with:
-          name: .repo.patch
-          path: .repo.patch
-      - name: Fail build on mutation
-        if: steps.self_mutation.outputs.self_mutation_happened
-        run: |-
-          echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
-          cat .repo.patch
-          exit 1
-  self-mutation:
-    needs: build
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
-          ref: ${{ github.event.pull_request.head.ref }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-      - name: Download patch
-        uses: actions/download-artifact@v3
-        with:
-          name: .repo.patch
-          path: ${{ runner.temp }}
-      - name: Apply patch
-        run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."'
-      - name: Set git identity
-        run: |-
-          git config user.name "github-actions"
-          git config user.email "github-actions@github.com"
-      - name: Push changes
-        run: |2-
-            git add .
-            git commit -s -m "chore: self mutation"
-            git push origin HEAD:${{ github.event.pull_request.head.ref }}

.github/workflows/codeql-analysis.yml

@@ -1,27 +0,0 @@
-name: "CodeQL"
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-  schedule:
-    - cron: '0 0 * * 2'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-    strategy:
-      fail-fast: false
-  steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-    - name: Initalize CodeQL
-      uses: github/codeql-actions/init@v2
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2

.github/workflows/package.yml

@@ -1,10 +1,9 @@
-name: Update dist files on target branch
+name: Update dist files on main branch
 
 on:
   push:
     branches:
       - main
-      - v1-node16
     paths-ignore:
       - 'dist/**'
 
@@ -16,8 +15,19 @@ jobs:
       id-token: write
       contents: read
     steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref_name }}
+          persist-credentials: false
+      - name: Package
+        run: |
+          npm ci
+          npm test
+          npm run package
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
+        uses: aws-actions/configure-aws-credentials@v3
         with:
           aws-region: us-west-2
           role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
@@ -29,21 +39,12 @@ jobs:
           parse-json-secrets: true
           secret-ids: |
             OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.ref_name }}
-          token: ${{ env.OSDS_ACCESS_TOKEN }}
-      - name: Package
-        run: |
-          npm ci
-          npm test
-          npm run package
       - name: Commit
         run: |
-          echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}}"
+          echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
-          git config --global user.name "GitHub Actions"
+          git config user.name "GitHub Actions"
-          git add dist/
+          git config user.email "github-aws-sdk-osds-automation@amazon.com"
+          git remote set-url origin https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git
+          git add dist
           git commit -m "chore: Update dist" || echo "No changes to commit"
-          git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git
+          git push origin

.github/workflows/release.yml

@@ -1,81 +0,0 @@
-name: Update release tags
-
-on:
-  workflow_dispatch:
-    inputs:
-      v1:
-        description: 'Update v1 release tag to the tip of the selected branch'
-        required: false
-        type: boolean
-      v1-versioned:
-        description: 'Push a new release semantic versioned tag to the selected branch'
-        required: false
-        type: boolean
-
-jobs:
-  v1:
-    name: Update v1 release tag
-    if: ${{ v1 }}
-    timeout-minutes: 15
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
-        with:
-          aws-region: us-west-2
-          role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
-          role-session-name: SecretsManagerFetch
-          role-duration-seconds: 900
-      - name: Get bot user token
-        uses: aws-actions/aws-secretsmanager-get-secrets@v1
-        with:
-          parse-json-secrets: true
-          secret-ids: |
-            OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.ref_name }}
-          token: ${{ env.OSDS_ACCESS_TOKEN }}
-      - name: Push tag
-        run: |
-          echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
-          git config --global user.name "GitHub Actions"
-          git tag -f -a v1 -m "Update v1 to ${{ github.sha }}"
-          git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git -f --tags
-  v1-versioned:
-    description: 'Push a new semantic version tag'
-    if: ${{ v1-versioned }}
-    timeout-minutes: 15
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
-        with:
-          aws-region: us-west-2
-          role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
-          role-session-name: SecretsManagerFetch
-          role-duration-seconds: 900
-      - name: Get bot user token
-        uses: aws-actions/aws-secretsmanager-get-secrets@v1
-        with:
-          parse-json-secrets: true
-          secret-ids: |
-            OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.ref_name }}
-          token: ${{ env.OSDS_ACCESS_TOKEN }}
-      - name: Get new semantic version
-        id: semver
-        uses: paulhatch/semantic-version@v4.0.2
-        with:
-          tag_prefix: 'v'
-          major_pattern: '!'
-      - name: Push semantic tag
-        run: |
-          echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
-          git config --global user.name "GitHub Actions"
-          git tag -f -a ${{ steps.semver.version_tag }} -m "New ${{ steps.semver.version_tag }} release"
-          git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git -f --tags

.github/workflows/tests-integ.yml

@@ -66,38 +66,3 @@ jobs:
           aws-region: us-west-2
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  lint:
-    name: Ensure code standards
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - name: "Checkout repostiory"
-        uses: actions/checkout@v3
-      - name: "Setup node"
-        uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: "Install dependencies"
-        uses: bahmutov/npm-install@v1
-      - name: "Lint code"
-        run: npm run lint --if-present
-  unit-test:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [windows-latest, ubuntu-latest, macos-latest]
-        node: [14, 16, 18]
-    name: Run unit tests
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 5
-    steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@v3
-      - name: "Setup node"
-        uses: actions/setup-node@v3
-        with:
-          node-version: ${{ matrix.node }}
-      - name: "Install dependencies"
-        uses: bahmutov/npm-install@v1
-      - name: "Run tests"
-        run: npm run test --if-present

.github/workflows/tests-unit.yml

@@ -24,3 +24,18 @@ jobs:
         uses: bahmutov/npm-install@v1
       - name: "Run tests"
         run: npm run test --if-present
+  lint:
+    name: Ensure code standards
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: "Checkout repostiory"
+        uses: actions/checkout@v3
+      - name: "Setup node"
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: "Install dependencies"
+        uses: bahmutov/npm-install@v1
+      - name: "Lint code"
+        run: npm run lint --if-present

.github/workflows/v1-node16.yml

@@ -1,39 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - 'dist/**'
-
-name: Update v1-node16 branch with changes from main
-
-jobs:
-  v1-node16-update:
-    name: Update v1-node16
-    runs-on: ubuntu-latest
-    steps:
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
-        with:
-          aws-region: us-west-2
-          role-to-assume: ${{ secrets.SECRETS_AWS_ROLE_TO_ASSUME }}
-          role-duration-seconds: 900
-          role-session-name: SecretsManagerFetch
-      - name: Get bot user token
-        uses: aws-actions/aws-secretsmanager-get-secrets@v1
-        with:
-          parse-json-secrets: true
-          secret-ids: |
-            OSDS,arn:aws:secretsmanager:us-west-2:294535624312:secret:github-aws-sdk-osds-automation-ZHNalp
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.ref_name }}
-          token: ${{ env.OSDS_ACCESS_TOKEN }}
-      - name: Merge commit and push
-        run: |
-          echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}}"
-          git config --global user.name "GitHub Actions"
-          git merge --no-ff -m "Merge branch main into v1-node16"
-          git push https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git