@absolutejs/deploy 0.13.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +37 -0
- package/dist/cloudflare.js +34 -1
- package/dist/cloudflare.js.map +2 -2
- package/dist/digitalocean.js +34 -1
- package/dist/digitalocean.js.map +2 -2
- package/dist/digitaloceanDns.js +34 -1
- package/dist/digitaloceanDns.js.map +2 -2
- package/dist/digitaloceanInfrastructure.d.ts +26 -0
- package/dist/digitaloceanInfrastructure.js +543 -0
- package/dist/digitaloceanInfrastructure.js.map +13 -0
- package/dist/dns.js +34 -1
- package/dist/dns.js.map +2 -2
- package/dist/env.js +34 -1
- package/dist/env.js.map +2 -2
- package/dist/gcp.d.ts +23 -0
- package/dist/gcp.js +10474 -0
- package/dist/gcp.js.map +90 -0
- package/dist/hetzner.js +34 -1
- package/dist/hetzner.js.map +2 -2
- package/dist/hetznerDns.js +34 -1
- package/dist/hetznerDns.js.map +2 -2
- package/dist/index.js +34 -1
- package/dist/index.js.map +2 -2
- package/dist/infrastructure.d.ts +35 -0
- package/dist/infrastructure.js +4 -0
- package/dist/infrastructure.js.map +9 -0
- package/dist/linode.js +34 -1
- package/dist/linode.js.map +2 -2
- package/dist/preview.js +34 -1
- package/dist/preview.js.map +2 -2
- package/dist/route53.js +34 -1
- package/dist/route53.js.map +2 -2
- package/dist/tls.js +34 -1
- package/dist/tls.js.map +2 -2
- package/dist/vultr.js +34 -1
- package/dist/vultr.js.map +2 -2
- package/package.json +20 -2
package/dist/dns.js
CHANGED
|
@@ -1,4 +1,37 @@
|
|
|
1
1
|
// @bun
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
4
|
+
var __defProp = Object.defineProperty;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
function __accessProp(key) {
|
|
8
|
+
return this[key];
|
|
9
|
+
}
|
|
10
|
+
var __toESMCache_node;
|
|
11
|
+
var __toESMCache_esm;
|
|
12
|
+
var __toESM = (mod, isNodeMode, target) => {
|
|
13
|
+
var canCache = mod != null && typeof mod === "object";
|
|
14
|
+
if (canCache) {
|
|
15
|
+
var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
|
|
16
|
+
var cached = cache.get(mod);
|
|
17
|
+
if (cached)
|
|
18
|
+
return cached;
|
|
19
|
+
}
|
|
20
|
+
target = mod != null ? __create(__getProtoOf(mod)) : {};
|
|
21
|
+
const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
|
|
22
|
+
for (let key of __getOwnPropNames(mod))
|
|
23
|
+
if (!__hasOwnProp.call(to, key))
|
|
24
|
+
__defProp(to, key, {
|
|
25
|
+
get: __accessProp.bind(mod, key),
|
|
26
|
+
enumerable: true
|
|
27
|
+
});
|
|
28
|
+
if (canCache)
|
|
29
|
+
cache.set(mod, to);
|
|
30
|
+
return to;
|
|
31
|
+
};
|
|
32
|
+
var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
|
|
33
|
+
var __require = import.meta.require;
|
|
34
|
+
|
|
2
35
|
// src/dns.ts
|
|
3
36
|
var ensureDnsForTarget = async (provider, options) => provider.upsert({
|
|
4
37
|
content: options.target.ipv4,
|
|
@@ -12,5 +45,5 @@ export {
|
|
|
12
45
|
ensureDnsForTarget
|
|
13
46
|
};
|
|
14
47
|
|
|
15
|
-
//# debugId=
|
|
48
|
+
//# debugId=7B62074E80B4756564756E2164756E21
|
|
16
49
|
//# sourceMappingURL=dns.js.map
|
package/dist/dns.js.map
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"sourcesContent": [
|
|
5
5
|
"/**\n * DNS provider contract for `@absolutejs/deploy`. Provider-specific\n * adapters (Cloudflare, Route 53, etc.) implement `DnsProvider`; the\n * deploy pipeline composes them with a cloud `Target` to point a\n * hostname at a freshly-provisioned IP.\n *\n * Operations are zone-scoped: a `DnsProvider` instance is bound to\n * one zone at construction time. Multi-zone hosts construct one\n * provider per zone.\n */\n\n/** Record types we care about for deploy workflows. */\nexport type DnsRecordType = 'A' | 'AAAA' | 'CNAME' | 'TXT' | 'MX';\n\n/** A DNS record as it exists in the provider. */\nexport type DnsRecord = {\n\t/** Provider-assigned id (Cloudflare uuid, Route 53 set name, etc.). */\n\tid: string;\n\t/** Fully-qualified record name (`api.example.com.`). */\n\tname: string;\n\ttype: DnsRecordType;\n\t/** Record value — IP for A/AAAA, hostname for CNAME, text for TXT, etc. */\n\tcontent: string;\n\tttl?: number;\n\t/**\n\t * Cloudflare's orange-cloud proxy flag. Other providers ignore this\n\t * field. Default behavior is provider-specific: Cloudflare defaults\n\t * to `true` (proxied) for new records when omitted.\n\t */\n\tproxied?: boolean;\n\tcomment?: string;\n};\n\n/** Desired state for an upsert. */\nexport type DnsRecordSpec = {\n\t/** Record name. May be `'@'` for the zone apex or relative ('api'). */\n\tname: string;\n\ttype: DnsRecordType;\n\tcontent: string;\n\tttl?: number;\n\tproxied?: boolean;\n\tcomment?: string;\n};\n\nexport type DnsRecordFilter = {\n\tname?: string;\n\ttype?: DnsRecordType;\n};\n\n/**\n * Zone-scoped DNS operations. Implementations: `cloudflareProvider`,\n * future `route53Provider`, etc.\n */\nexport type DnsProvider = {\n\t/** Human-readable description for logs (`'cloudflare zone \"example.com\"'`). */\n\treadonly description: string;\n\t/** List records, optionally filtered by name + type. */\n\tlist: (filter?: DnsRecordFilter) => Promise<DnsRecord[]>;\n\t/**\n\t * Find one record by exact (name, type). Returns undefined if absent.\n\t * Throws if multiple records share that key (drifted state — multiple\n\t * A records pointing at different IPs, etc.).\n\t */\n\tfind: (key: {\n\t\tname: string;\n\t\ttype: DnsRecordType;\n\t}) => Promise<DnsRecord | undefined>;\n\tcreate: (spec: DnsRecordSpec) => Promise<DnsRecord>;\n\tupdate: (id: string, spec: DnsRecordSpec) => Promise<DnsRecord>;\n\tdelete: (id: string) => Promise<void>;\n\t/**\n\t * Create or update so the (name, type) record matches `spec`. The\n\t * canonical \"point this DNS at this IP\" entry point — idempotent.\n\t */\n\tupsert: (spec: DnsRecordSpec) => Promise<DnsRecord>;\n};\n\n/**\n * Compose a DNS provider with a cloud Target's IPv4. Idempotently\n * ensures an A record (name → target.ipv4) exists. Returns the\n * resulting DNS record.\n *\n * Usage:\n *\n * const target = await digitalOceanTarget({ ... });\n * const dns = cloudflareProvider({ token, zoneId });\n * await ensureDnsForTarget(dns, {\n * name: 'api.example.com',\n * target,\n * ttl: 60,\n * proxied: false,\n * });\n */\nexport const ensureDnsForTarget = async (\n\tprovider: DnsProvider,\n\toptions: {\n\t\t/** Record name (FQDN, relative, or `'@'` for zone apex). */\n\t\tname: string;\n\t\t/** Cloud Target with an `ipv4` field. */\n\t\ttarget: { ipv4: string };\n\t\t/** Default 300s. */\n\t\tttl?: number;\n\t\t/** Cloudflare orange-cloud. Other providers ignore. */\n\t\tproxied?: boolean;\n\t\t/** Optional record comment for audit trails. */\n\t\tcomment?: string;\n\t}\n): Promise<DnsRecord> =>\n\tprovider.upsert({\n\t\tcontent: options.target.ipv4,\n\t\tname: options.name,\n\t\ttype: 'A',\n\t\t...(options.ttl !== undefined ? { ttl: options.ttl } : {}),\n\t\t...(options.proxied !== undefined ? { proxied: options.proxied } : {}),\n\t\t...(options.comment !== undefined ? { comment: options.comment } : {})\n\t});\n"
|
|
6
6
|
],
|
|
7
|
-
"mappings": "
|
|
8
|
-
"debugId": "
|
|
7
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6FO,IAAM,qBAAqB,OACjC,UACA,YAaA,SAAS,OAAO;AAAA,EACf,SAAS,QAAQ,OAAO;AAAA,EACxB,MAAM,QAAQ;AAAA,EACd,MAAM;AAAA,KACF,QAAQ,QAAQ,YAAY,EAAE,KAAK,QAAQ,IAAI,IAAI,CAAC;AAAA,KACpD,QAAQ,YAAY,YAAY,EAAE,SAAS,QAAQ,QAAQ,IAAI,CAAC;AAAA,KAChE,QAAQ,YAAY,YAAY,EAAE,SAAS,QAAQ,QAAQ,IAAI,CAAC;AACrE,CAAC;",
|
|
8
|
+
"debugId": "7B62074E80B4756564756E2164756E21",
|
|
9
9
|
"names": []
|
|
10
10
|
}
|
package/dist/env.js
CHANGED
|
@@ -1,4 +1,37 @@
|
|
|
1
1
|
// @bun
|
|
2
|
+
var __create = Object.create;
|
|
3
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
4
|
+
var __defProp = Object.defineProperty;
|
|
5
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
7
|
+
function __accessProp(key) {
|
|
8
|
+
return this[key];
|
|
9
|
+
}
|
|
10
|
+
var __toESMCache_node;
|
|
11
|
+
var __toESMCache_esm;
|
|
12
|
+
var __toESM = (mod, isNodeMode, target) => {
|
|
13
|
+
var canCache = mod != null && typeof mod === "object";
|
|
14
|
+
if (canCache) {
|
|
15
|
+
var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
|
|
16
|
+
var cached = cache.get(mod);
|
|
17
|
+
if (cached)
|
|
18
|
+
return cached;
|
|
19
|
+
}
|
|
20
|
+
target = mod != null ? __create(__getProtoOf(mod)) : {};
|
|
21
|
+
const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
|
|
22
|
+
for (let key of __getOwnPropNames(mod))
|
|
23
|
+
if (!__hasOwnProp.call(to, key))
|
|
24
|
+
__defProp(to, key, {
|
|
25
|
+
get: __accessProp.bind(mod, key),
|
|
26
|
+
enumerable: true
|
|
27
|
+
});
|
|
28
|
+
if (canCache)
|
|
29
|
+
cache.set(mod, to);
|
|
30
|
+
return to;
|
|
31
|
+
};
|
|
32
|
+
var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
|
|
33
|
+
var __require = import.meta.require;
|
|
34
|
+
|
|
2
35
|
// src/env.ts
|
|
3
36
|
var KEY_PATTERN = /^[A-Z_][A-Z0-9_]*$/;
|
|
4
37
|
var NEEDS_QUOTING = /[\s"'`$\\#&|;<>(){}*?!]/;
|
|
@@ -199,5 +232,5 @@ export {
|
|
|
199
232
|
deploymentsUsing
|
|
200
233
|
};
|
|
201
234
|
|
|
202
|
-
//# debugId=
|
|
235
|
+
//# debugId=17F0F914F6CFDD7764756E2164756E21
|
|
203
236
|
//# sourceMappingURL=env.js.map
|
package/dist/env.js.map
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"sourcesContent": [
|
|
5
5
|
"/**\n * @absolutejs/deploy/env — push environment-variable files to remote\n * targets and fan-out secret rotations across the fleet.\n *\n * Composes with `@absolutejs/secrets`: that library handles the\n * in-process side (resolve, rotate, redact, in-process listeners);\n * this module handles the deploy-side (push values to remote env\n * files, atomic swap, conditional service reload).\n *\n * Narrow `SecretSource` interface — `@absolutejs/secrets`'\n * `SecretBroker` satisfies it structurally without a hard dep\n * either direction.\n *\n * Standard format: a remote env file at\n * `/etc/<appName>.env` (or wherever you choose) that systemd reads\n * via `EnvironmentFile=`, Docker reads via `--env-file`, and most\n * shell start scripts source. One `KEY=value` per line, no\n * newlines inside values.\n */\n\nimport type { Target } from './targets';\n\n// =============================================================================\n// SecretSource — narrow interface @absolutejs/secrets' broker satisfies\n// =============================================================================\n\n/**\n * Minimal interface this module needs to read secret values. The\n * `SecretBroker` from `@absolutejs/secrets` satisfies it structurally;\n * any other implementation (a Map, an AWS Secrets Manager client\n * wrapper, etc.) works as long as it exposes `resolve(name)`.\n */\nexport type SecretSource = {\n\tresolve: (\n\t\tname: string\n\t) => Promise<{ value: string; fingerprint?: string } | null>;\n};\n\n// =============================================================================\n// Env-file (de)serialization\n// =============================================================================\n\nconst KEY_PATTERN = /^[A-Z_][A-Z0-9_]*$/;\nconst NEEDS_QUOTING = /[\\s\"'`$\\\\#&|;<>(){}*?!]/;\n\nconst validateKey = (key: string): void => {\n\tif (!KEY_PATTERN.test(key)) {\n\t\tthrow new Error(\n\t\t\t`[deploy/env] invalid env key \"${key}\" — must match /^[A-Z_][A-Z0-9_]*$/`\n\t\t);\n\t}\n};\n\nconst serializeLine = (key: string, value: string): string => {\n\tvalidateKey(key);\n\tif (value.includes('\\n') || value.includes('\\r')) {\n\t\tthrow new Error(\n\t\t\t`[deploy/env] value for \"${key}\" contains a newline — env files cannot represent multi-line values. Use a separate file path for multi-line secrets.`\n\t\t);\n\t}\n\tif (NEEDS_QUOTING.test(value) || value.startsWith('=') || value === '') {\n\t\tconst escaped = value.replaceAll('\\\\', '\\\\\\\\').replaceAll('\"', '\\\\\"');\n\t\treturn `${key}=\"${escaped}\"`;\n\t}\n\treturn `${key}=${value}`;\n};\n\nexport const serializeEnvFile = (values: Record<string, string>): string => {\n\tconst lines: string[] = [];\n\tfor (const key of Object.keys(values).sort()) {\n\t\tconst value = values[key];\n\t\tif (value === undefined) continue;\n\t\tlines.push(serializeLine(key, value));\n\t}\n\treturn `${lines.join('\\n')}\\n`;\n};\n\nconst unquoteValue = (raw: string): string => {\n\tif (\n\t\traw.length >= 2 &&\n\t\traw.startsWith('\"') &&\n\t\traw.endsWith('\"')\n\t) {\n\t\tconst inner = raw.slice(1, -1);\n\t\treturn inner.replaceAll('\\\\\"', '\"').replaceAll('\\\\\\\\', '\\\\');\n\t}\n\tif (\n\t\traw.length >= 2 &&\n\t\traw.startsWith(\"'\") &&\n\t\traw.endsWith(\"'\")\n\t) {\n\t\treturn raw.slice(1, -1);\n\t}\n\treturn raw;\n};\n\n/**\n * Parse a remote env file's contents. Ignores blank lines and `#`\n * comments. Lines that don't match `KEY=VALUE` throw — the deploy\n * primitive owns the file, so unknown content is loud, not silent.\n */\nexport const parseEnvFile = (text: string): Record<string, string> => {\n\tconst result: Record<string, string> = {};\n\tfor (const rawLine of text.split('\\n')) {\n\t\tconst line = rawLine.trim();\n\t\tif (line.length === 0 || line.startsWith('#')) continue;\n\t\tconst eq = line.indexOf('=');\n\t\tif (eq <= 0) {\n\t\t\tthrow new Error(`[deploy/env] malformed env line: \"${rawLine}\"`);\n\t\t}\n\t\tconst key = line.slice(0, eq).trim();\n\t\tconst value = unquoteValue(line.slice(eq + 1).trim());\n\t\tvalidateKey(key);\n\t\tresult[key] = value;\n\t}\n\treturn result;\n};\n\n// =============================================================================\n// Deployment spec + sync primitive\n// =============================================================================\n\nexport type EnvDeployment = {\n\t/** The cloud Target whose remote filesystem we write to. */\n\ttarget: Target;\n\t/** Remote path for the env file (e.g. `/etc/myapp.env`). */\n\tremotePath: string;\n\t/**\n\t * Names of secrets this deployment consumes from the SecretSource.\n\t * Each name is resolved before the file is written.\n\t */\n\tsecretNames?: ReadonlyArray<string>;\n\t/**\n\t * Non-secret env vars to merge in (NODE_ENV, PORT, LOG_LEVEL).\n\t * If an `extras` key collides with a `secretNames` entry, throws —\n\t * silent overrides are worse than a loud rejection.\n\t */\n\textras?: Record<string, string>;\n\t/** chmod for the file. Default `'600'`. */\n\tmode?: string;\n\t/** chown for the file. Default unchanged. */\n\towner?: string;\n\t/**\n\t * Command to run after the file changes. Skipped when the diff is\n\t * empty — bouncing a service for an identical file is the wrong\n\t * default.\n\t */\n\treload?: string;\n};\n\nexport type EnvSyncResult = {\n\t/** Keys present in the new spec but not the existing file. */\n\tadded: string[];\n\t/** Keys whose values changed (fingerprints, NOT plaintext, for safety). */\n\tchanged: string[];\n\t/** Keys removed from the spec (still in the existing file). */\n\tremoved: string[];\n\t/** Keys whose values matched — file wasn't rewritten for these. */\n\tunchanged: string[];\n\t/** True iff `deployment.reload` was invoked. */\n\treloaded: boolean;\n\t/** True iff the file content changed (atomic-write happened). */\n\twrote: boolean;\n\t/** Remote path that was synced. */\n\tremotePath: string;\n};\n\nconst shellQuote = (value: string): string =>\n\t`'${value.replaceAll(\"'\", \"'\\\\''\")}'`;\n\nconst tryReadRemoteFile = async (\n\ttarget: Target,\n\tremotePath: string\n): Promise<string | undefined> => {\n\tconst result = await target.exec(\n\t\t`if [ -f ${shellQuote(remotePath)} ]; then cat ${shellQuote(remotePath)}; else echo __ABS_DEPLOY_ENV_ABSENT__; fi`\n\t);\n\tif (result.exitCode !== 0) {\n\t\tthrow new Error(\n\t\t\t`[deploy/env] failed to read ${remotePath}: exit ${result.exitCode}: ${result.stderr || result.stdout}`\n\t\t);\n\t}\n\tif (result.stdout.trim() === '__ABS_DEPLOY_ENV_ABSENT__') return undefined;\n\treturn result.stdout;\n};\n\nconst mergeValues = (\n\tdeployment: EnvDeployment,\n\tresolved: Record<string, string>\n): Record<string, string> => {\n\tconst out: Record<string, string> = {};\n\tfor (const [key, value] of Object.entries(deployment.extras ?? {})) {\n\t\tvalidateKey(key);\n\t\tout[key] = value;\n\t}\n\tfor (const [key, value] of Object.entries(resolved)) {\n\t\tif (out[key] !== undefined) {\n\t\t\tthrow new Error(\n\t\t\t\t`[deploy/env] \"${key}\" defined in BOTH extras and secretNames for ${deployment.remotePath} — remove one`\n\t\t\t);\n\t\t}\n\t\tout[key] = value;\n\t}\n\treturn out;\n};\n\nconst diffEnv = (\n\tprevious: Record<string, string>,\n\tnext: Record<string, string>\n): Pick<EnvSyncResult, 'added' | 'changed' | 'removed' | 'unchanged'> => {\n\tconst added: string[] = [];\n\tconst changed: string[] = [];\n\tconst removed: string[] = [];\n\tconst unchanged: string[] = [];\n\tconst allKeys = new Set([...Object.keys(previous), ...Object.keys(next)]);\n\tfor (const key of [...allKeys].sort()) {\n\t\tconst prev = previous[key];\n\t\tconst curr = next[key];\n\t\tif (curr === undefined) removed.push(key);\n\t\telse if (prev === undefined) added.push(key);\n\t\telse if (prev === curr) unchanged.push(key);\n\t\telse changed.push(key);\n\t}\n\treturn { added, changed, removed, unchanged };\n};\n\nconst writeRemoteFileAtomically = async (\n\ttarget: Target,\n\tremotePath: string,\n\tcontents: string,\n\tmode: string,\n\towner?: string\n): Promise<void> => {\n\tconst tempPath = `${remotePath}.new.${Math.floor(Date.now() / 1000)}`;\n\tconst dir = remotePath.split('/').slice(0, -1).join('/') || '/';\n\tconst mkdir = await target.exec(`mkdir -p ${shellQuote(dir)}`);\n\tif (mkdir.exitCode !== 0) {\n\t\tthrow new Error(\n\t\t\t`[deploy/env] mkdir ${dir} failed: ${mkdir.stderr || mkdir.stdout}`\n\t\t);\n\t}\n\t// Write via stdin redirect — no shell escaping of the env file content.\n\tconst writeResult = await target.exec(`cat > ${shellQuote(tempPath)}`, {\n\t\tstdin: contents\n\t});\n\tif (writeResult.exitCode !== 0) {\n\t\tthrow new Error(\n\t\t\t`[deploy/env] write to ${tempPath} failed: ${writeResult.stderr || writeResult.stdout}`\n\t\t);\n\t}\n\tconst chmod = await target.exec(\n\t\t`chmod ${shellQuote(mode)} ${shellQuote(tempPath)}`\n\t);\n\tif (chmod.exitCode !== 0) {\n\t\tthrow new Error(\n\t\t\t`[deploy/env] chmod failed: ${chmod.stderr || chmod.stdout}`\n\t\t);\n\t}\n\tif (owner !== undefined) {\n\t\tconst chown = await target.exec(\n\t\t\t`chown ${shellQuote(owner)} ${shellQuote(tempPath)}`\n\t\t);\n\t\tif (chown.exitCode !== 0) {\n\t\t\tthrow new Error(\n\t\t\t\t`[deploy/env] chown failed: ${chown.stderr || chown.stdout}`\n\t\t\t);\n\t\t}\n\t}\n\tconst mv = await target.exec(\n\t\t`mv ${shellQuote(tempPath)} ${shellQuote(remotePath)}`\n\t);\n\tif (mv.exitCode !== 0) {\n\t\tthrow new Error(`[deploy/env] mv failed: ${mv.stderr || mv.stdout}`);\n\t}\n};\n\n/**\n * Push an env file to a single target. Atomic: write to a `.new`\n * tempfile, chmod / chown, then `mv` into place. Diffs the merged\n * values against the existing file content and skips the\n * write+reload when nothing changed.\n */\nexport const syncEnvToTarget = async (\n\tdeployment: EnvDeployment,\n\tvalues: Record<string, string>\n): Promise<EnvSyncResult> => {\n\tconst mode = deployment.mode ?? '600';\n\tconst merged = mergeValues(deployment, values);\n\tconst previousText = await tryReadRemoteFile(\n\t\tdeployment.target,\n\t\tdeployment.remotePath\n\t);\n\tconst previous = previousText === undefined ? {} : parseEnvFile(previousText);\n\tconst diff = diffEnv(previous, merged);\n\tconst changed = diff.added.length + diff.changed.length + diff.removed.length;\n\n\tif (changed === 0) {\n\t\treturn {\n\t\t\t...diff,\n\t\t\treloaded: false,\n\t\t\tremotePath: deployment.remotePath,\n\t\t\twrote: false\n\t\t};\n\t}\n\n\tconst nextText = serializeEnvFile(merged);\n\tawait writeRemoteFileAtomically(\n\t\tdeployment.target,\n\t\tdeployment.remotePath,\n\t\tnextText,\n\t\tmode,\n\t\tdeployment.owner\n\t);\n\n\tlet reloaded = false;\n\tif (deployment.reload !== undefined) {\n\t\tconst reload = await deployment.target.exec(deployment.reload);\n\t\tif (reload.exitCode !== 0) {\n\t\t\tthrow new Error(\n\t\t\t\t`[deploy/env] reload command failed: ${reload.stderr || reload.stdout}`\n\t\t\t);\n\t\t}\n\t\treloaded = true;\n\t}\n\n\treturn {\n\t\t...diff,\n\t\treloaded,\n\t\tremotePath: deployment.remotePath,\n\t\twrote: true\n\t};\n};\n\n// =============================================================================\n// Multi-target fan-out via a SecretSource\n// =============================================================================\n\nconst resolveSecrets = async (\n\tsource: SecretSource,\n\tnames: ReadonlyArray<string>\n): Promise<Record<string, string>> => {\n\tconst out: Record<string, string> = {};\n\tfor (const name of names) {\n\t\tconst resolved = await source.resolve(name);\n\t\tif (resolved === null) {\n\t\t\tthrow new Error(\n\t\t\t\t`[deploy/env] secret \"${name}\" not found in source`\n\t\t\t);\n\t\t}\n\t\tout[name] = resolved.value;\n\t}\n\treturn out;\n};\n\nexport type DeploymentSyncResult = {\n\tdeployment: EnvDeployment;\n\tresult?: EnvSyncResult;\n\terror?: Error;\n};\n\n/**\n * Fan-out push: for each deployment, resolve its `secretNames` via\n * the source, merge with `extras`, and push to the target. Resolves\n * are fresh every call — so calling this again after\n * `broker.rotate(name)` propagates the new value to every\n * deployment that uses it.\n *\n * Best-effort across the fan-out: a per-target failure is captured\n * in the result, but doesn't stop the rest. Operator inspects the\n * returned array, fixes the broken target, re-runs.\n */\nexport const syncSecretsToDeployments = async (\n\tsource: SecretSource,\n\tdeployments: ReadonlyArray<EnvDeployment>\n): Promise<DeploymentSyncResult[]> => {\n\tconst results: DeploymentSyncResult[] = [];\n\tfor (const deployment of deployments) {\n\t\ttry {\n\t\t\tconst resolved = await resolveSecrets(\n\t\t\t\tsource,\n\t\t\t\tdeployment.secretNames ?? []\n\t\t\t);\n\t\t\tconst result = await syncEnvToTarget(deployment, resolved);\n\t\t\tresults.push({ deployment, result });\n\t\t} catch (error) {\n\t\t\tresults.push({\n\t\t\t\tdeployment,\n\t\t\t\terror: error instanceof Error ? error : new Error(String(error))\n\t\t\t});\n\t\t}\n\t}\n\treturn results;\n};\n\n/**\n * Returns just the deployments that use a given secret name. Useful\n * for \"rotate one secret and propagate ONLY to the consumers\" —\n * `syncSecretsToDeployments(source, deploymentsUsing(name, deployments))`.\n */\nexport const deploymentsUsing = (\n\tname: string,\n\tdeployments: ReadonlyArray<EnvDeployment>\n): EnvDeployment[] =>\n\tdeployments.filter((d) => (d.secretNames ?? []).includes(name));\n"
|
|
6
6
|
],
|
|
7
|
-
"mappings": "
|
|
8
|
-
"debugId": "
|
|
7
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0CA,IAAM,cAAc;AACpB,IAAM,gBAAgB;AAEtB,IAAM,cAAc,CAAC,QAAsB;AAAA,EAC1C,IAAI,CAAC,YAAY,KAAK,GAAG,GAAG;AAAA,IAC3B,MAAM,IAAI,MACT,iCAAiC,6CAClC;AAAA,EACD;AAAA;AAGD,IAAM,gBAAgB,CAAC,KAAa,UAA0B;AAAA,EAC7D,YAAY,GAAG;AAAA,EACf,IAAI,MAAM,SAAS;AAAA,CAAI,KAAK,MAAM,SAAS,IAAI,GAAG;AAAA,IACjD,MAAM,IAAI,MACT,2BAA2B,+HAC5B;AAAA,EACD;AAAA,EACA,IAAI,cAAc,KAAK,KAAK,KAAK,MAAM,WAAW,GAAG,KAAK,UAAU,IAAI;AAAA,IACvE,MAAM,UAAU,MAAM,WAAW,MAAM,MAAM,EAAE,WAAW,KAAK,MAAK;AAAA,IACpE,OAAO,GAAG,QAAQ;AAAA,EACnB;AAAA,EACA,OAAO,GAAG,OAAO;AAAA;AAGX,IAAM,mBAAmB,CAAC,WAA2C;AAAA,EAC3E,MAAM,QAAkB,CAAC;AAAA,EACzB,WAAW,OAAO,OAAO,KAAK,MAAM,EAAE,KAAK,GAAG;AAAA,IAC7C,MAAM,QAAQ,OAAO;AAAA,IACrB,IAAI,UAAU;AAAA,MAAW;AAAA,IACzB,MAAM,KAAK,cAAc,KAAK,KAAK,CAAC;AAAA,EACrC;AAAA,EACA,OAAO,GAAG,MAAM,KAAK;AAAA,CAAI;AAAA;AAAA;AAG1B,IAAM,eAAe,CAAC,QAAwB;AAAA,EAC7C,IACC,IAAI,UAAU,KACd,IAAI,WAAW,GAAG,KAClB,IAAI,SAAS,GAAG,GACf;AAAA,IACD,MAAM,QAAQ,IAAI,MAAM,GAAG,EAAE;AAAA,IAC7B,OAAO,MAAM,WAAW,QAAO,GAAG,EAAE,WAAW,QAAQ,IAAI;AAAA,EAC5D;AAAA,EACA,IACC,IAAI,UAAU,KACd,IAAI,WAAW,GAAG,KAClB,IAAI,SAAS,GAAG,GACf;AAAA,IACD,OAAO,IAAI,MAAM,GAAG,EAAE;AAAA,EACvB;AAAA,EACA,OAAO;AAAA;AAQD,IAAM,eAAe,CAAC,SAAyC;AAAA,EACrE,MAAM,SAAiC,CAAC;AAAA,EACxC,WAAW,WAAW,KAAK,MAAM;AAAA,CAAI,GAAG;AAAA,IACvC,MAAM,OAAO,QAAQ,KAAK;AAAA,IAC1B,IAAI,KAAK,WAAW,KAAK,KAAK,WAAW,GAAG;AAAA,MAAG;AAAA,IAC/C,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,MAAM,GAAG;AAAA,MACZ,MAAM,IAAI,MAAM,qCAAqC,UAAU;AAAA,IAChE;AAAA,IACA,MAAM,MAAM,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,IACnC,MAAM,QAAQ,aAAa,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,IACpD,YAAY,GAAG;AAAA,IACf,OAAO,OAAO;AAAA,EACf;AAAA,EACA,OAAO;AAAA;AAoDR,IAAM,aAAa,CAAC,UACnB,IAAI,MAAM,WAAW,KAAK,OAAO;AAElC,IAAM,oBAAoB,OACzB,QACA,eACiC;AAAA,EACjC,MAAM,SAAS,MAAM,OAAO,KAC3B,WAAW,WAAW,UAAU,iBAAiB,WAAW,UAAU,4CACvE;AAAA,EACA,IAAI,OAAO,aAAa,GAAG;AAAA,IAC1B,MAAM,IAAI,MACT,+BAA+B,oBAAoB,OAAO,aAAa,OAAO,UAAU,OAAO,QAChG;AAAA,EACD;AAAA,EACA,IAAI,OAAO,OAAO,KAAK,MAAM;AAAA,IAA6B;AAAA,EAC1D,OAAO,OAAO;AAAA;AAGf,IAAM,cAAc,CACnB,YACA,aAC4B;AAAA,EAC5B,MAAM,MAA8B,CAAC;AAAA,EACrC,YAAY,KAAK,UAAU,OAAO,QAAQ,WAAW,UAAU,CAAC,CAAC,GAAG;AAAA,IACnE,YAAY,GAAG;AAAA,IACf,IAAI,OAAO;AAAA,EACZ;AAAA,EACA,YAAY,KAAK,UAAU,OAAO,QAAQ,QAAQ,GAAG;AAAA,IACpD,IAAI,IAAI,SAAS,WAAW;AAAA,MAC3B,MAAM,IAAI,MACT,iBAAiB,mDAAmD,WAAW,8BAChF;AAAA,IACD;AAAA,IACA,IAAI,OAAO;AAAA,EACZ;AAAA,EACA,OAAO;AAAA;AAGR,IAAM,UAAU,CACf,UACA,SACwE;AAAA,EACxE,MAAM,QAAkB,CAAC;AAAA,EACzB,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,UAAoB,CAAC;AAAA,EAC3B,MAAM,YAAsB,CAAC;AAAA,EAC7B,MAAM,UAAU,IAAI,IAAI,CAAC,GAAG,OAAO,KAAK,QAAQ,GAAG,GAAG,OAAO,KAAK,IAAI,CAAC,CAAC;AAAA,EACxE,WAAW,OAAO,CAAC,GAAG,OAAO,EAAE,KAAK,GAAG;AAAA,IACtC,MAAM,OAAO,SAAS;AAAA,IACtB,MAAM,OAAO,KAAK;AAAA,IAClB,IAAI,SAAS;AAAA,MAAW,QAAQ,KAAK,GAAG;AAAA,IACnC,SAAI,SAAS;AAAA,MAAW,MAAM,KAAK,GAAG;AAAA,IACtC,SAAI,SAAS;AAAA,MAAM,UAAU,KAAK,GAAG;AAAA,IACrC;AAAA,cAAQ,KAAK,GAAG;AAAA,EACtB;AAAA,EACA,OAAO,EAAE,OAAO,SAAS,SAAS,UAAU;AAAA;AAG7C,IAAM,4BAA4B,OACjC,QACA,YACA,UACA,MACA,UACmB;AAAA,EACnB,MAAM,WAAW,GAAG,kBAAkB,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,EAClE,MAAM,MAAM,WAAW,MAAM,GAAG,EAAE,MAAM,GAAG,EAAE,EAAE,KAAK,GAAG,KAAK;AAAA,EAC5D,MAAM,QAAQ,MAAM,OAAO,KAAK,YAAY,WAAW,GAAG,GAAG;AAAA,EAC7D,IAAI,MAAM,aAAa,GAAG;AAAA,IACzB,MAAM,IAAI,MACT,sBAAsB,eAAe,MAAM,UAAU,MAAM,QAC5D;AAAA,EACD;AAAA,EAEA,MAAM,cAAc,MAAM,OAAO,KAAK,SAAS,WAAW,QAAQ,KAAK;AAAA,IACtE,OAAO;AAAA,EACR,CAAC;AAAA,EACD,IAAI,YAAY,aAAa,GAAG;AAAA,IAC/B,MAAM,IAAI,MACT,yBAAyB,oBAAoB,YAAY,UAAU,YAAY,QAChF;AAAA,EACD;AAAA,EACA,MAAM,QAAQ,MAAM,OAAO,KAC1B,SAAS,WAAW,IAAI,KAAK,WAAW,QAAQ,GACjD;AAAA,EACA,IAAI,MAAM,aAAa,GAAG;AAAA,IACzB,MAAM,IAAI,MACT,8BAA8B,MAAM,UAAU,MAAM,QACrD;AAAA,EACD;AAAA,EACA,IAAI,UAAU,WAAW;AAAA,IACxB,MAAM,QAAQ,MAAM,OAAO,KAC1B,SAAS,WAAW,KAAK,KAAK,WAAW,QAAQ,GAClD;AAAA,IACA,IAAI,MAAM,aAAa,GAAG;AAAA,MACzB,MAAM,IAAI,MACT,8BAA8B,MAAM,UAAU,MAAM,QACrD;AAAA,IACD;AAAA,EACD;AAAA,EACA,MAAM,KAAK,MAAM,OAAO,KACvB,MAAM,WAAW,QAAQ,KAAK,WAAW,UAAU,GACpD;AAAA,EACA,IAAI,GAAG,aAAa,GAAG;AAAA,IACtB,MAAM,IAAI,MAAM,2BAA2B,GAAG,UAAU,GAAG,QAAQ;AAAA,EACpE;AAAA;AASM,IAAM,kBAAkB,OAC9B,YACA,WAC4B;AAAA,EAC5B,MAAM,OAAO,WAAW,QAAQ;AAAA,EAChC,MAAM,SAAS,YAAY,YAAY,MAAM;AAAA,EAC7C,MAAM,eAAe,MAAM,kBAC1B,WAAW,QACX,WAAW,UACZ;AAAA,EACA,MAAM,WAAW,iBAAiB,YAAY,CAAC,IAAI,aAAa,YAAY;AAAA,EAC5E,MAAM,OAAO,QAAQ,UAAU,MAAM;AAAA,EACrC,MAAM,UAAU,KAAK,MAAM,SAAS,KAAK,QAAQ,SAAS,KAAK,QAAQ;AAAA,EAEvE,IAAI,YAAY,GAAG;AAAA,IAClB,OAAO;AAAA,SACH;AAAA,MACH,UAAU;AAAA,MACV,YAAY,WAAW;AAAA,MACvB,OAAO;AAAA,IACR;AAAA,EACD;AAAA,EAEA,MAAM,WAAW,iBAAiB,MAAM;AAAA,EACxC,MAAM,0BACL,WAAW,QACX,WAAW,YACX,UACA,MACA,WAAW,KACZ;AAAA,EAEA,IAAI,WAAW;AAAA,EACf,IAAI,WAAW,WAAW,WAAW;AAAA,IACpC,MAAM,SAAS,MAAM,WAAW,OAAO,KAAK,WAAW,MAAM;AAAA,IAC7D,IAAI,OAAO,aAAa,GAAG;AAAA,MAC1B,MAAM,IAAI,MACT,uCAAuC,OAAO,UAAU,OAAO,QAChE;AAAA,IACD;AAAA,IACA,WAAW;AAAA,EACZ;AAAA,EAEA,OAAO;AAAA,OACH;AAAA,IACH;AAAA,IACA,YAAY,WAAW;AAAA,IACvB,OAAO;AAAA,EACR;AAAA;AAOD,IAAM,iBAAiB,OACtB,QACA,UACqC;AAAA,EACrC,MAAM,MAA8B,CAAC;AAAA,EACrC,WAAW,QAAQ,OAAO;AAAA,IACzB,MAAM,WAAW,MAAM,OAAO,QAAQ,IAAI;AAAA,IAC1C,IAAI,aAAa,MAAM;AAAA,MACtB,MAAM,IAAI,MACT,wBAAwB,2BACzB;AAAA,IACD;AAAA,IACA,IAAI,QAAQ,SAAS;AAAA,EACtB;AAAA,EACA,OAAO;AAAA;AAoBD,IAAM,2BAA2B,OACvC,QACA,gBACqC;AAAA,EACrC,MAAM,UAAkC,CAAC;AAAA,EACzC,WAAW,cAAc,aAAa;AAAA,IACrC,IAAI;AAAA,MACH,MAAM,WAAW,MAAM,eACtB,QACA,WAAW,eAAe,CAAC,CAC5B;AAAA,MACA,MAAM,SAAS,MAAM,gBAAgB,YAAY,QAAQ;AAAA,MACzD,QAAQ,KAAK,EAAE,YAAY,OAAO,CAAC;AAAA,MAClC,OAAO,OAAO;AAAA,MACf,QAAQ,KAAK;AAAA,QACZ;AAAA,QACA,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AAAA,MAChE,CAAC;AAAA;AAAA,EAEH;AAAA,EACA,OAAO;AAAA;AAQD,IAAM,mBAAmB,CAC/B,MACA,gBAEA,YAAY,OAAO,CAAC,OAAO,EAAE,eAAe,CAAC,GAAG,SAAS,IAAI,CAAC;",
|
|
8
|
+
"debugId": "17F0F914F6CFDD7764756E2164756E21",
|
|
9
9
|
"names": []
|
|
10
10
|
}
|
package/dist/gcp.d.ts
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { InfrastructureProvider } from "./infrastructure";
|
|
2
|
+
export type GcpComputeRequest = <T>(options: {
|
|
3
|
+
data?: unknown;
|
|
4
|
+
method?: string;
|
|
5
|
+
url: string;
|
|
6
|
+
}) => Promise<{
|
|
7
|
+
data: T;
|
|
8
|
+
}>;
|
|
9
|
+
export type GcpInfrastructureProviderOptions = {
|
|
10
|
+
agentAudience?: string;
|
|
11
|
+
agentAudienceMetadataKey?: string;
|
|
12
|
+
agentUrlMetadataKey?: string;
|
|
13
|
+
authRequest?: GcpComputeRequest;
|
|
14
|
+
instanceTemplate: string;
|
|
15
|
+
labelKey?: string;
|
|
16
|
+
labelValue?: string;
|
|
17
|
+
projectId: string;
|
|
18
|
+
zones: readonly string[];
|
|
19
|
+
};
|
|
20
|
+
export declare class GcpInfrastructureError extends Error {
|
|
21
|
+
}
|
|
22
|
+
export declare const createGcpInfrastructureProvider: (options: GcpInfrastructureProviderOptions) => InfrastructureProvider;
|
|
23
|
+
export declare const createGcpNodeName: (prefix?: string) => string;
|