cpflow 4.2.0 → 5.0.0.rc.0

data/lib/core/repo_introspection.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module RepoIntrospection
+  DEFAULT_APP_PREFIX = "my-app"
+  RUBY_VERSION_DIRECTIVE_PATTERN = /^\s*ruby\s+['"\d]/
+  RUBY_VERSION_DIRECTIVE_PREFIX = /^\s*ruby\s+/
+
+  # Pure string → version-string extractor. Strips a leading `ruby-` prefix and returns
+  # the first `MAJOR.MINOR[.PATCH]` found in the source, or nil.
+  def self.parse_ruby_version_string(source)
+    normalized = source.strip.sub(/\Aruby-/, "")
+    normalized[/\d+\.\d+(?:\.\d+)?/]
+  end
+
+  # Returns the first Ruby version string the repo declares, checked in the order Bundler
+  # itself uses: `.ruby-version`, then `.tool-versions`, then `Gemfile`. Returns nil when
+  # no source declares a version. Both `Command::Generator` and `GithubFlowReadinessService`
+  # call into this so a future format change (e.g. `.tool-versions`) only updates here.
+  def self.inferred_ruby_version_string(root)
+    ruby_version_from_ruby_version_file(root) ||
+      ruby_version_from_tool_versions(root) ||
+      ruby_version_from_gemfile(root)
+  end
+
+  def self.ruby_version_from_ruby_version_file(root)
+    path = File.join(root, ".ruby-version")
+    return unless File.file?(path)
+
+    parse_ruby_version_string(File.read(path))
+  end
+
+  def self.ruby_version_from_tool_versions(root)
+    path = File.join(root, ".tool-versions")
+    return unless File.file?(path)
+
+    ruby_line = File.readlines(path, chomp: true).find { |line| line.match?(RUBY_VERSION_DIRECTIVE_PREFIX) }
+    return unless ruby_line
+
+    parse_ruby_version_string(ruby_line.sub(RUBY_VERSION_DIRECTIVE_PREFIX, ""))
+  end
+
+  def self.ruby_version_from_gemfile(root)
+    path = File.join(root, "Gemfile")
+    return unless File.file?(path)
+
+    ruby_lines = File.readlines(path, chomp: true).select { |line| line.match?(RUBY_VERSION_DIRECTIVE_PREFIX) }
+    ruby_line = ruby_lines.find { |line| line.match?(RUBY_VERSION_DIRECTIVE_PATTERN) }
+    warn_dynamic_ruby_directive if ruby_lines.any? && ruby_line.nil?
+    return unless ruby_line
+
+    parse_ruby_version_string(ruby_line.sub(RUBY_VERSION_DIRECTIVE_PREFIX, ""))
+  end
+
+  def self.warn_dynamic_ruby_directive
+    return unless ENV["CPFLOW_DEBUG"]
+
+    warn "cpflow: Gemfile has a dynamic `ruby` directive; falling back to the default Ruby version"
+  end
+
+  # Returns a Control Plane-safe app prefix derived from the basename of `root`:
+  # lower-cased, with non-alphanumeric runs collapsed to dashes and stripped from
+  # the ends. Falls back to DEFAULT_APP_PREFIX when the result is empty.
+  def self.inferred_app_prefix(root)
+    sanitized = File.basename(root)
+                    .downcase
+                    .gsub(/[^a-z0-9]+/, "-")
+                    .gsub(/\A-+|-+\z/, "")
+
+    sanitized.empty? ? DEFAULT_APP_PREFIX : sanitized
+  end
+
+  # Returns true if `config/database.yml` under `root` configures SQLite for production.
+  # YAML merge keys such as `<<: *default` are resolved by safe_load, so only the
+  # final production hash should be inspected.
+  def self.sqlite_database_in_production?(root)
+    path = File.join(root, "config/database.yml")
+    return false unless File.file?(path)
+
+    parsed = safe_load_database_yml(File.read(path))
+    return false unless parsed.is_a?(Hash)
+
+    production = parsed["production"]
+    return false unless production.is_a?(Hash)
+
+    url = production["url"]
+    return sqlite_database_url?(url) if url.is_a?(String) && !url.strip.empty?
+
+    sqlite_adapter_in_hash?(production)
+  end
+
+  def self.safe_load_database_yml(raw_contents)
+    # ERB conditionals can change YAML structure, so avoid guessing. Output-only
+    # ERB is stubbed as a scalar so common Rails defaults like `pool: <%= ... %>`
+    # still parse, but control-flow ERB returns unknown. `<%- ... %>` is a
+    # whitespace-trimming code tag, not an output tag, so treat it as unknown too.
+    # Callers treat unknown as non-SQLite and
+    # emit the default Postgres scaffold rather than guessing wrong.
+    return nil if raw_contents.match?(/<%(?![=#])/m)
+
+    stubbed = raw_contents.gsub(/<%=.*?%>/m, "__erb__").gsub(/<%#.*?%>/m, "")
+    YAML.safe_load(stubbed, aliases: true, permitted_classes: [Symbol])
+  rescue Psych::SyntaxError
+    nil
+  end
+
+  def self.sqlite_adapter_in_hash?(config)
+    return false unless config.is_a?(Hash)
+
+    adapter = config["adapter"]
+    adapter.is_a?(String) && adapter.strip.start_with?("sqlite3")
+  end
+
+  def self.sqlite_database_url?(url)
+    url.strip.downcase.start_with?("sqlite:", "sqlite3:")
+  end
+end

data/lib/core/terraform_config/dsl.rb

@@ -4,7 +4,7 @@ module TerraformConfig
   module Dsl
     extend Forwardable
 
-    EXPRESSION_PATTERN = /(var|local|cpln_\w+)\./.freeze
+    EXPRESSION_PATTERN = /(var|local|cpln_\w+)\./
 
     def_delegators :current_context, :put, :output
 

data/lib/core/terraform_config/local_variable.rb

@@ -2,7 +2,7 @@
 
 module TerraformConfig
   class LocalVariable < Base
-    VARIABLE_NAME_REGEX = /\A[a-zA-Z][a-zA-Z0-9_]*\z/.freeze
+    VARIABLE_NAME_REGEX = /\A[a-zA-Z][a-zA-Z0-9_]*\z/
 
     attr_reader :variables
 

data/lib/cpflow/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module Cpflow
-  VERSION = "4.2.0"
+  VERSION = "5.0.0.rc.0"
   MIN_CPLN_VERSION = "3.1.0"
 end

data/lib/cpflow.rb

@@ -53,9 +53,13 @@ module Cpflow
       ENV["CPLN_SKIP_UPDATE_CHECK"] = "true"
       ENV["NODE_NO_WARNINGS"] = "1"
 
-      check_cpln_version
-      check_cpflow_version
       fix_help_option
+      # Thor's `start(args = ARGV.dup, ...)` accepts an explicit argv as the first
+      # positional argument. Use that when present so the startup-check decision matches
+      # the command Thor is about to dispatch (and so test invocations don't pick up
+      # rspec's ARGV by accident).
+      argv = args.first.is_a?(Array) ? args.first : ARGV
+      run_startup_checks if requires_startup_checks?(argv)
 
       super
     end
@@ -120,13 +124,71 @@ module Cpflow
     end
     private_class_method :subcommand?
 
+    def self.run_startup_checks
+      check_cpln_version
+      check_cpflow_version
+    end
+    private_class_method :run_startup_checks
+
+    def self.requires_startup_checks?(argv = ARGV)
+      return false if argv.empty?
+      return false if help_request?(argv)
+      return false if version_flag?(argv)
+
+      command_class = command_class_for_argv(argv)
+      # Default to true when the command name is unrecognized so a typo still gets the
+      # version check (Thor's "unknown command" error then surfaces). Pre-PR behavior
+      # was always-on; only known commands explicitly opt out.
+      command_class ? command_class::REQUIRES_STARTUP_CHECKS : true
+    end
+    private_class_method :requires_startup_checks?
+
+    def self.help_request?(argv)
+      help_mappings = Thor::HELP_MAPPINGS + ["help"]
+      help_mappings.include?(argv.first)
+    end
+    private_class_method :help_request?
+
+    def self.version_flag?(argv)
+      %w[--version -v].include?(argv.first)
+    end
+    private_class_method :version_flag?
+
+    def self.command_class_for_argv(argv)
+      first_arg = argv[0]
+      return if first_arg.nil?
+
+      return subcommand_class_for_argv(first_arg, argv[1]) if subcommand_names.include?(first_arg)
+
+      top_level_command_class_for(first_arg)
+    end
+    private_class_method :command_class_for_argv
+
+    def self.subcommand_class_for_argv(subcommand_name, command_name)
+      return if command_name.nil?
+
+      all_base_commands[:"#{subcommand_name}_#{command_name.tr('-', '_')}"] ||
+        all_base_commands.values.find do |command_class|
+          subcommand_name == command_class::SUBCOMMAND_NAME && command_name == command_class::NAME
+        end
+    end
+    private_class_method :subcommand_class_for_argv
+
+    def self.top_level_command_class_for(command_name)
+      all_base_commands[command_name.tr("-", "_").to_sym] ||
+        all_base_commands.values.find do |command_class|
+          command_class::SUBCOMMAND_NAME.nil? && command_name == command_class::NAME
+        end
+    end
+    private_class_method :top_level_command_class_for
+
     # Needed to silence deprecation warning
     def self.exit_on_failure?
       true
     end
 
     # Needed to be able to use "run" as a command
-    def self.is_thor_reserved_word?(word, type) # rubocop:disable Naming/PredicateName
+    def self.is_thor_reserved_word?(word, type) # rubocop:disable Naming/PredicatePrefix
       return false if word == "run"
 
       super

data/lib/generator_templates/Dockerfile

@@ -1,23 +1,79 @@
-FROM ruby:3.1.2
+ARG RUBY_VERSION=__RUBY_VERSION__
 
-RUN apt-get update
+# Node and Ruby base images share the same Debian release so that glibc, libssl, and
+# other system libraries line up between stages.
+FROM docker.io/library/node:22-bookworm-slim AS node
+FROM ruby:$RUBY_VERSION-slim-bookworm
+
+# Yarn Classic / pnpm fallbacks for projects that haven't adopted corepack via
+# `packageManager` in package.json. Override at build time (`--build-arg=YARN_CLASSIC_VERSION=...`)
+# rather than editing this file so regenerating the Dockerfile keeps your pin.
+ARG YARN_CLASSIC_VERSION=1.22.22
+ARG PNPM_FALLBACK_VERSION=9.12.3
 
 WORKDIR /app
 
+# Keep Node.js available both for asset compilation and for SSR runtimes that
+# rely on ExecJS in production. Narrowed to just what the node stage actually
+# ships under /usr/local so we don't drag in unused Debian libs from that image.
+COPY --from=node /usr/local/bin/node /usr/local/bin/node
+COPY --from=node /usr/local/bin/npm /usr/local/bin/npm
+COPY --from=node /usr/local/bin/npx /usr/local/bin/npx
+COPY --from=node /usr/local/bin/corepack /usr/local/bin/corepack
+COPY --from=node /usr/local/lib/node_modules /usr/local/lib/node_modules
+COPY --from=node /usr/local/include/node /usr/local/include/node
+
+# Expose Corepack-managed shims so later build steps can call yarn/pnpm
+# directly during asset precompilation hooks.
+RUN printf '%s\n' '#!/bin/sh' 'exec corepack yarn "$@"' > /usr/bin/yarn && \
+    chmod +x /usr/bin/yarn && \
+    printf '%s\n' '#!/bin/sh' 'exec corepack pnpm "$@"' > /usr/bin/pnpm && \
+    chmod +x /usr/bin/pnpm
+
 # install ruby gems
 COPY Gemfile* ./
 
 RUN bundle config set without 'development test' && \
-    bundle config set with 'staging production' && \
+    bundle config set with 'production' && \
     bundle install --jobs=3 --retry=3
 
 COPY . ./
 
+# Install JavaScript dependencies only when the project actually has them.
+# Pin `packageManager` in package.json to take the corepack path and avoid the
+# YARN_CLASSIC_VERSION / PNPM_FALLBACK_VERSION fallbacks below; the fallbacks exist for
+# projects that haven't adopted corepack and should be reviewed periodically as they go stale.
+RUN if [ -f package.json ]; then \
+      package_manager="$(node -p "require('./package.json').packageManager || ''")"; \
+      if [ -f yarn.lock ]; then \
+        if printf '%s' "$package_manager" | grep -q '^yarn@'; then \
+          corepack prepare "$package_manager" --activate && \
+            (corepack yarn install --immutable || corepack yarn install --frozen-lockfile); \
+        else \
+          npm install -g "yarn@${YARN_CLASSIC_VERSION}" && \
+            (yarn install --immutable || yarn install --frozen-lockfile); \
+        fi; \
+      elif [ -f pnpm-lock.yaml ]; then \
+        if printf '%s' "$package_manager" | grep -q '^pnpm@'; then \
+          corepack prepare "$package_manager" --activate && \
+            corepack pnpm install --frozen-lockfile; \
+        else \
+          corepack prepare "pnpm@${PNPM_FALLBACK_VERSION}" --activate && \
+            corepack pnpm install --frozen-lockfile; \
+        fi; \
+      elif [ -f package-lock.json ]; then \
+        npm ci; \
+      else \
+        npm install; \
+      fi; \
+    fi
+
 ENV RAILS_ENV=production
 
 # compiling assets requires any value for ENV of SECRET_KEY_BASE
 ENV SECRET_KEY_BASE=NOT_USED_NON_BLANK
 
+__ASSET_PRECOMPILE_HOOK_RUN__
 RUN rails assets:precompile
 
 # add entrypoint

data/lib/generator_templates/controlplane.yml

@@ -1,62 +1,50 @@
 # Keys beginning with "cpln_" correspond to your settings in Control Plane.
+#
+# Generated baseline for a Rails app that uses PostgreSQL in production.
+# Rename the app keys below if you want something other than the repo name.
 
-# You can opt out of allowing the use of CPLN_ORG and CPLN_APP env vars
-# to avoid any accidents with the wrong org / app.
 allow_org_override_by_env: true
 allow_app_override_by_env: true
 
 aliases:
   common: &common
-    # Organization name for staging (customize to your needs).
-    # Production apps will use a different organization, specified below, for security.
     cpln_org: my-org-staging
-
-    # Example apps use only one location. Control Plane offers the ability to use multiple locations.
-    # TODO: Allow specification of multiple locations.
     default_location: aws-us-east-2
+    setup_app_templates:
+      - app
+      - postgres
+      - rails
 
-    # Configure the workload name used as a template for one-off scripts, like a Heroku one-off dyno.
     one_off_workload: rails
-
-    # Workloads that are for the application itself and are using application Docker images.
-    # These are updated with the new image when running the `deploy-image` command,
-    # and are also used by the `info` and `ps:` commands in order to get all of the defined workloads.
-    # On the other hand, if you have a workload for Redis, that would NOT use the application Docker image
-    # and not be listed here.
     app_workloads:
       - rails
-
-    # Additional "service type" workloads, using non-application Docker images.
-    # These are only used by the `info` and `ps:` commands in order to get all of the defined workloads.
     additional_workloads:
       - postgres
 
-    # Configure the workload name used when maintenance mode is on (defaults to "maintenance")
     maintenance_workload: maintenance
+    release_script: release_script.sh
 
-apps:
-  my-app-staging:
-    # Use the values from the common section above.
-    <<: *common
-  my-app-review:
-    <<: *common
-    # If `match_if_app_name_starts_with` is `true`, then use this config for app names starting with this name,
-    # e.g., "my-app-review-pr123", "my-app-review-anything-goes", etc.
-    match_if_app_name_starts_with: true
-  my-app-production:
-    <<: *common
+    stale_app_image_deployed_days: 5
+    image_retention_days: 7
 
-    # You can also opt out of allowing the use of CPLN_ORG and CPLN_APP env vars per app.
-    # It's recommended to leave this off for production, to avoid any accidents.
+  production: &production
+    <<: *common
     allow_org_override_by_env: false
     allow_app_override_by_env: false
-
-    # Use a different organization for production.
     cpln_org: my-org-production
-    # Allows running the command `cpflow promote-app-from-upstream -a my-app-production`
-    # to promote the staging app to production.
-    upstream: my-app-staging
-  my-app-other:
+    upstream: __APP_PREFIX__-staging
+
+apps:
+  __APP_PREFIX__-staging:
     <<: *common
-    # You can specify a different `Dockerfile` relative to the `.controlplane/` directory (defaults to "Dockerfile").
-    dockerfile: ../some_other/Dockerfile
+
+  __APP_PREFIX__-review:
+    <<: *common
+    match_if_app_name_starts_with: true
+    # Uncomment to automatically initialize and tear down review-app databases:
+    # hooks:
+    #   post_creation: bundle exec rails db:prepare
+    #   pre_deletion: bundle exec rails db:drop
+
+  __APP_PREFIX__-production:
+    <<: *production

data/lib/generator_templates/entrypoint.sh

@@ -4,5 +4,5 @@
 echo " -- Preparing database"
 rails db:prepare
 
-echo " -- Finishing entrypoint.sh, executing '$@'"
+echo " -- Finishing entrypoint.sh, executing command"
 exec "$@"

data/lib/generator_templates/release_script.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+
+log() {
+  echo "[$(date +%Y-%m-%d:%H:%M:%S)]: $1"
+}
+
+error_exit() {
+  log "$1" 1>&2
+  exit 1
+}
+
+log "Running release_script.sh per controlplane.yml"
+
+if [ -x ./bin/rails ]; then
+  log "Run DB migrations"
+  SECRET_KEY_BASE="${SECRET_KEY_BASE:-precompile_placeholder}" ./bin/rails db:prepare || \
+    error_exit "Failed to run DB migrations"
+else
+  error_exit "./bin/rails does not exist or is not executable"
+fi
+
+log "Completed release_script.sh per controlplane.yml"

data/lib/generator_templates/templates/app.yml

@@ -2,20 +2,17 @@
 kind: gvc
 name: {{APP_NAME}}
 spec:
-  # For using templates for test apps, put ENV values here, stored in git repo.
-  # Production apps will have values configured manually after app creation.
   env:
     - name: DATABASE_URL
-      # Password does not matter because host postgres.{{APP_NAME}}.cpln.local can only be accessed
-      # locally within CPLN GVC, and postgres running on a CPLN workload is something only for a
-      # test app that lacks persistence.
       value: 'postgres://the_user:the_password@postgres.{{APP_NAME}}.cpln.local:5432/{{APP_NAME}}'
     - name: RAILS_ENV
       value: production
+    - name: RAILS_LOG_TO_STDOUT
+      value: "true"
     - name: RAILS_SERVE_STATIC_FILES
-      value: 'true'
-
-  # Part of standard configuration
+      value: "true"
+    - name: SECRET_KEY_BASE
+      value: cpln://secret/{{APP_SECRETS}}.SECRET_KEY_BASE
   staticPlacement:
     locationLinks:
       - {{APP_LOCATION_LINK}}

data/lib/generator_templates/templates/rails.yml

@@ -6,31 +6,22 @@ spec:
   type: standard
   containers:
     - name: rails
-      # 300m is a good starting place for a test app. You can experiment with CPU configuration
-      # once your app is running.
       cpu: 300m
-      env:
-        - name: LOG_LEVEL
-          value: debug
-      # Inherit other ENV values from GVC
       inheritEnv: true
       image: {{APP_IMAGE_LINK}}
-      # 512 corresponds to a standard 1x dyno type
       memory: 512Mi
       ports:
         - number: 3000
           protocol: http
   defaultOptions:
-    # Start out like this for "test apps"
     autoscaling:
-      # Max of 1 effectively disables autoscaling, so a like a Heroku dyno count of 1
+      minScale: 1
       maxScale: 1
     capacityAI: false
+    timeoutSeconds: 60
   firewallConfig:
     external:
-      # Default to allow public access to Rails server
       inboundAllowCIDR:
         - 0.0.0.0/0
-      # Could configure outbound for more security
       outboundAllowCIDR:
         - 0.0.0.0/0

data/lib/generator_templates_sqlite/controlplane.yml

@@ -0,0 +1,46 @@
+# Keys beginning with "cpln_" correspond to your settings in Control Plane.
+#
+# Generated baseline for a Rails app that uses SQLite in production. This setup
+# keeps `/app/db` and `/app/storage` on persistent volumes.
+
+allow_org_override_by_env: true
+allow_app_override_by_env: true
+
+aliases:
+  common: &common
+    cpln_org: my-org-staging
+    default_location: aws-us-east-2
+    setup_app_templates:
+      - app
+      - db
+      - storage
+      - rails
+
+    one_off_workload: rails
+    app_workloads:
+      - rails
+    additional_workloads: []
+
+    maintenance_workload: maintenance
+    release_script: release_script.sh
+
+    stale_app_image_deployed_days: 5
+    image_retention_days: 7
+
+  production: &production
+    <<: *common
+    allow_org_override_by_env: false
+    allow_app_override_by_env: false
+    cpln_org: my-org-production
+    upstream: __APP_PREFIX__-staging
+
+apps:
+  __APP_PREFIX__-staging:
+    <<: *common
+
+  __APP_PREFIX__-review:
+    <<: *common
+    match_if_app_name_starts_with: true
+
+  __APP_PREFIX__-production:
+    <<: *production

data/lib/generator_templates_sqlite/release_script.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+log() {
+  echo "[$(date +%Y-%m-%d:%H:%M:%S)]: $1"
+}
+
+error_exit() {
+  log "$1" 1>&2
+  exit 1
+}
+
+log "Running release_script.sh per controlplane.yml"
+
+mkdir -p db storage
+
+if [ -x ./bin/rails ]; then
+  log "Run DB migrations"
+  SECRET_KEY_BASE="${SECRET_KEY_BASE:-precompile_placeholder}" ./bin/rails db:prepare || \
+    error_exit "Failed to run DB migrations"
+else
+  error_exit "./bin/rails does not exist or is not executable"
+fi
+
+log "Completed release_script.sh per controlplane.yml"

data/lib/generator_templates_sqlite/templates/app.yml

@@ -0,0 +1,15 @@
+kind: gvc
+name: {{APP_NAME}}
+spec:
+  env:
+    - name: RAILS_ENV
+      value: production
+    - name: RAILS_LOG_TO_STDOUT
+      value: "true"
+    - name: RAILS_SERVE_STATIC_FILES
+      value: "true"
+    - name: SECRET_KEY_BASE
+      value: cpln://secret/{{APP_SECRETS}}.SECRET_KEY_BASE
+  staticPlacement:
+    locationLinks:
+      - {{APP_LOCATION_LINK}}

data/lib/generator_templates_sqlite/templates/db.yml

@@ -0,0 +1,6 @@
+kind: volumeset
+name: app-db
+spec:
+  fileSystemType: ext4
+  initialCapacity: 5
+  performanceClass: general-purpose-ssd

data/lib/generator_templates_sqlite/templates/rails.yml

@@ -0,0 +1,32 @@
+kind: workload
+name: rails
+spec:
+  type: standard
+  containers:
+    - name: rails
+      cpu: 300m
+      inheritEnv: true
+      image: {{APP_IMAGE_LINK}}
+      memory: 512Mi
+      ports:
+        - number: 3000
+          protocol: http
+      volumes:
+        - path: /app/db
+          recoveryPolicy: retain
+          uri: cpln://volumeset/app-db
+        - path: /app/storage
+          recoveryPolicy: retain
+          uri: cpln://volumeset/app-storage
+  defaultOptions:
+    autoscaling:
+      minScale: 1
+      maxScale: 1
+    capacityAI: false
+    timeoutSeconds: 60
+  firewallConfig:
+    external:
+      inboundAllowCIDR:
+        - 0.0.0.0/0
+      outboundAllowCIDR:
+        - 0.0.0.0/0

data/lib/generator_templates_sqlite/templates/storage.yml

@@ -0,0 +1,6 @@
+kind: volumeset
+name: app-storage
+spec:
+  fileSystemType: ext4
+  initialCapacity: 10
+  performanceClass: general-purpose-ssd