Publishing npm to AWS CodeArtifact

Hi,

I would like to publish npm packages to AWS CodeArtifact. The special point at this npm registry is the authorization token which is only valid for 12 hours. A new token can be requested using AWS CLI command aws codeartifact login (see documentation).

Would you accept a PR that implements this feature?

Proposed solution: Get a new authorization token for AWS CodeArtifact in the release workflow before publishing the artifact to the npm registry.

I did a first test with this code snipped in release.yml:

- name: Release
  run: |
    export NPM_TOKEN=`aws codeartifact get-authorization-token --domain my_domain --domain-owner 111122223333 --query authorizationToken --output text`
    npx -p jsii-release@latest jsii-release-npm
  env:
    NPM_DIST_TAG: latest
    NPM_REGISTRY: my_domain-111122223333.d.codeartifact.region.amazonaws.com/npm/my_repo/
    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

This command has to be inserted as an additional command in section run if publishing to AWS CodeArtifact is enabled:

export NPM_TOKEN=`aws codeartifact get-authorization-token --domain my_domain --domain-owner 111122223333 --query authorizationToken --output text`.

AWS CLI uses the following environment variables:

• AWS_ACCESS_KEY_ID -> new configuration in .projenrc.js
• AWS_SECRET_ACCESS_KEY -> use GitHub secrets (instead of NPM_TOKEN)
• AWS_DEFAULT_REGION -> new configuration in .projenrc.js

In addition, command aws codeartifact get-authorization-token requires values for domain and domain owner. I would try to extract them from the URL in NPM_REGISTRY.

Trigger for publishing to AWS CodeArtifact: npm registry URL that contains regex .codeartifact.*.amazonaws.com.

I would be happy to have your feedback.