@automattic/vip 3.3.1 → 3.4.0

package/dist/bin/vip-app-deploy-validate.js

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+
+/**
+ * External dependencies
+ */
+"use strict";
+
+exports.__esModule = true;
+exports.appDeployValidateCmd = appDeployValidateCmd;
+var _chalk = _interopRequireDefault(require("chalk"));
+var _debug = _interopRequireDefault(require("debug"));
+var _path = require("path");
+var _command = _interopRequireDefault(require("../lib/cli/command"));
+var _clientFileUploader = require("../lib/client-file-uploader");
+var _customDeploy = require("../lib/custom-deploy/custom-deploy");
+var _tracker = require("../lib/tracker");
+var _customDeploy2 = require("../lib/validations/custom-deploy");
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+/**
+ * Internal dependencies
+ */
+const debug = (0, _debug.default)('@automattic/vip:bin:vip-app-deploy-validate');
+async function appDeployValidateCmd(arg = [], opts = {}) {
+  const app = opts.app;
+  const env = opts.env;
+  const [fileName] = arg;
+  const fileMeta = await (0, _clientFileUploader.getFileMeta)(fileName);
+  debug('Options: ', opts);
+  debug('Args: ', arg);
+  const track = _tracker.trackEventWithEnv.bind(null, app, env);
+  debug('Validating file...');
+  await (0, _customDeploy.validateFile)(app, env, fileMeta);
+  await track('deploy_validate_app_command_execute');
+  const ext = (0, _path.extname)(fileName);
+  if (ext === '.zip') {
+    (0, _customDeploy2.validateZipFile)(fileName);
+  } else {
+    await (0, _customDeploy2.validateTarFile)(fileName);
+  }
+  console.log(_chalk.default.green('✓ Compressed file has been successfully validated with no errors!'));
+}
+
+// Command examples for the `vip app deploy validate` help prompt
+const examples = [{
+  usage: 'vip app @mysite.develop deploy validate <file.zip|file.tar.gz>',
+  description: 'Validate the compressed file to see if it can be deployed to your site'
+}];
+void (0, _command.default)({
+  requiredArgs: 1
+}).examples(examples).option('app', 'The application name or ID').option('env', 'The environment name or ID').argv(process.argv, appDeployValidateCmd);

package/dist/bin/vip-app-deploy.js

@@ -232,4 +232,4 @@ const examples = [
 }];
 void (0, _command.default)({
   requiredArgs: 1
-}).examples(examples).option('message', 'Custom message for deploy').option('skip-confirmation', 'Skip confirmation prompt').option('force', 'Skip confirmation prompt (deprecated)').option('app', 'The application name or ID').option('env', 'The environment name or ID').argv(process.argv, appDeployCmd);
+}).command('validate', 'Validate a file before deploying in Custom Deployments').examples(examples).option('message', 'Custom message for deploy').option('skip-confirmation', 'Skip confirmation prompt').option('force', 'Skip confirmation prompt (deprecated)').option('app', 'The application name or ID').option('env', 'The environment name or ID').argv(process.argv, appDeployCmd);

package/dist/bin/vip-config-software-update.js

@@ -41,7 +41,7 @@ const cmd = (0, _command.default)({
   wildcardCommand: true,
   usage
 }).examples(examples);
-cmd.option('yes', 'Auto-confirm update');
+cmd.option('yes', 'Skip the confirmation prompt and automatically submit "y".');
 cmd.argv(process.argv, async (arg, opt) => {
   const {
     app,

package/dist/bin/vip-dev-env-create.js

@@ -33,7 +33,7 @@ const examples = [{
 }];
 const cmd = (0, _command.default)({
   usage
-}).option('slug', 'A unique name for a local environment. Default is "vip-local".', undefined, _devEnvironmentCli.processSlug).option('title', 'A descriptive value for the WordPress Site Title. Default is "VIP Dev").').option('multisite', 'Create environment as a multisite. Accepts "y" for a subdomain multisite, "subdirectory" (recommended) for a subdirectory multisite, or "false". Default is "y".', undefined, _devEnvironmentCli.processStringOrBooleanOption);
+}).option('slug', 'A unique name for a local environment. Default is "vip-local".', undefined, _devEnvironmentCli.processSlug).option('title', 'A descriptive value for the WordPress Site Title. Default is "VIP Dev".').option('multisite', 'Create environment as a multisite. Accepts "y" for a subdomain multisite, "subdirectory" (recommended) for a subdirectory multisite, or "false". Default is "y".', undefined, _devEnvironmentCli.processStringOrBooleanOption);
 (0, _devEnvironmentCli.addDevEnvConfigurationOptions)(cmd);
 cmd.examples(examples);
 cmd.argv(process.argv, async (arg, opt) => {

package/dist/bin/vip-sync.js

@@ -82,10 +82,10 @@ const appQuery = `id,name,environments{
   let environment = application.environments.find(env => env.id === opts.env.id);
   if (syncing) {
     if (environment.syncProgress.status === 'running') {
-      console.log(_chalk.default.yellow('Note:'), 'A data sync is already running');
+      console.log(_chalk.default.yellow('Note:'), 'A data sync is already running.');
     } else {
-      console.log(_chalk.default.yellow('Note:'), 'Someone recently ran a data sync on this site');
-      console.log(_chalk.default.yellow('Note:'), 'Please wait a few minutes before trying again');
+      console.log(_chalk.default.yellow('Note:'), 'Someone recently ran a data sync on this site.');
+      console.log(_chalk.default.yellow('Note:'), 'Please wait a few minutes before trying again.');
     }
   }
   console.log();
@@ -157,14 +157,14 @@ const appQuery = `id,name,environments{
         await (0, _tracker.trackEvent)('sync_command_error', {
           error: 'API returned `failed` status'
         });
-        out.push(`${marks.failed} Data Sync is finished for ${opts.app.name}`);
+        out.push(`${marks.failed} Data Sync is finished for ${opts.app.name}.`);
         out.push('');
         break;
       case 'success':
       default:
         clearInterval(progress);
         await (0, _tracker.trackEvent)('sync_command_success');
-        out.push(`${marks.success} Data Sync is finished for ${opts.app.name}`);
+        out.push(`${marks.success} Data Sync is finished for ${opts.app.name}.`);
         out.push('');
         break;
     }

package/dist/lib/cli/command.js

@@ -426,7 +426,7 @@ _args.default.argv = async function (argv, cb) {
         });
         options.exportFileErrorsToJson = Object.hasOwn(options, 'exportFileErrorsToJson') && Boolean(options.exportFileErrorsToJson) && !['false', 'no'].includes(options.exportFileErrorsToJson);
         info.push({
-          key: 'Export any file errors encountered to a JSON file instead of a plain text file',
+          key: 'Export any file errors encountered to a JSON file instead of a plain text file.',
           value: options.exportFileErrorsToJson ? '✅ Yes' : `${_chalk.default.red('x')} No`
         });
         break;
@@ -508,22 +508,22 @@ function _default(opts) {
     ...opts
   };
   if (_opts.appContext || _opts.requireConfirm) {
-    _args.default.option('app', 'Specify the app');
+    _args.default.option('app', 'Target an application. Accepts a string value for the application name or an integer for the application ID.');
   }
   if (_opts.envContext || _opts.childEnvContext) {
-    _args.default.option('env', 'Specify the environment');
+    _args.default.option('env', 'Target an environment. Accepts a string value for the environment type.');
   }
   if (_opts.requireConfirm) {
-    _args.default.option('force', 'Skip confirmation', false);
+    _args.default.option('force', 'Skip confirmation.', false);
   }
   if (_opts.format) {
-    _args.default.option('format', 'Format results', 'table');
+    _args.default.option('format', 'Render output in a particular format. Accepts "table" (default), "csv", and "json".', 'table');
   }
 
   // Add help and version to all subcommands
-  _args.default.option('help', 'Output the help for the (sub)command');
-  _args.default.option('version', 'Output the version number');
-  _args.default.option('debug', 'Activate debug output');
+  _args.default.option('help', 'Retrieve a description, examples, and available options for a (sub)command.');
+  _args.default.option('version', 'Retrieve the version number of VIP-CLI currently installed on the local machine.');
+  _args.default.option('debug', 'Generate verbose output during command execution to help identify or fix errors or bugs.');
   return _args.default;
 }
 function getEnvIdentifier(env) {

package/dist/lib/dev-environment/dev-environment-cli.js

@@ -620,9 +620,10 @@ function processVersionOption(value) {
   }
   return value?.toString() ?? '';
 }
+const phpVersionsSupported = Object.keys(_devEnvironment.DEV_ENVIRONMENT_PHP_VERSIONS).join(', ');
 function addDevEnvConfigurationOptions(command) {
   // We leave the third parameter to undefined on some because the defaults are handled in preProcessInstanceData()
-  return command.option('wordpress', 'Use a specific WordPress version', undefined, processVersionOption).option(['u', 'mu-plugins'], 'Use a specific mu-plugins changeset or local directory').option('app-code', 'Use the application code from a local directory or use "demo" for VIP skeleton code').option('phpmyadmin', 'Enable PHPMyAdmin component. By default it is disabled', undefined, processBooleanOption).option('xdebug', 'Enable XDebug. By default it is disabled', undefined, processBooleanOption).option('xdebug_config', 'Extra configuration to pass to xdebug via XDEBUG_CONFIG environment variable').option('elasticsearch', 'Enable Elasticsearch (needed by Enterprise Search)', undefined, processBooleanOption).option(['r', 'media-redirect-domain'], 'Domain to redirect for missing media files. This can be used to still have images without the need to import them locally.', undefined, processMediaRedirectDomainOption).option('php', 'Explicitly choose PHP version to use', undefined, processVersionOption).option(['A', 'mailpit'], 'Enable Mailpit. By default it is disabled', undefined, processBooleanOption).option(['H', 'photon'], 'Enable Photon. By default it is disabled', undefined, processBooleanOption);
+  return command.option('wordpress', 'Manage the version of WordPress. Accepts a string value for major versions (6.x). Defaults to the most recent version of WordPress.', undefined, processVersionOption).option(['u', 'mu-plugins'], 'Manage the source for VIP MU plugins. Accepts "demo" (default) for a read-only image of the staging branch, or a path to a built copy of VIP MU plugins on the local machine.').option('app-code', 'Manage the source for application code. Accepts "demo" (default) for a read-only image of WordPress VIP skeleton application code, or a path to a VIP formatted application repo on the local machine.').option('phpmyadmin', 'Enable or disable phpMyAdmin, disabled by default. Accepts "y" (default value) to enable or "n" to disable. When enabled, refer to the value of "PHPMYADMIN URLS" in the information output for a local environment for the URL to access phpMyAdmin.', undefined, processBooleanOption).option('xdebug', 'Enable or disable XDebug, disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption).option('xdebug_config', 'Override some default configuration settings for Xdebug. Accepts a string value that is assigned to the XDEBUG_CONFIG environment variable.').option('elasticsearch', 'Enable or disable Elasticsearch (required by Enterprise Search), disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption).option(['r', 'media-redirect-domain'], 'Configure media files to be proxied from a VIP Platform environment. Accepts a string value for the primary domain of the VIP Platform environment or "n" to disable the media proxy.', undefined, processMediaRedirectDomainOption).option('php', `Manage the version of PHP. Accepts a string value for minor versions: ${phpVersionsSupported}`, undefined, processVersionOption).option(['A', 'mailpit'], 'Enable or disable Mailpit, disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption).option(['H', 'photon'], 'Enable or disable Photon, disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption);
 }
 
 /**

package/dist/lib/dev-environment/dev-environment-core.js

@@ -611,6 +611,7 @@ async function maybeUpdateVersion(lando, slug) {
   const currentVersion = envData.version;
   console.log('Current local environment version is: ' + _chalk.default.yellow(currentVersion));
   if (!currentVersion || _semver.default.lt(currentVersion, _devEnvironment.DEV_ENVIRONMENT_VERSION)) {
+    envData.pullAfter = undefined;
     await updateEnvironment(lando, envData);
     console.log('Local environment version updated to: ' + _chalk.default.green(_devEnvironment.DEV_ENVIRONMENT_VERSION));
     return true;

package/dist/lib/dev-environment/dev-environment-lando.js

@@ -180,13 +180,11 @@ async function bootstrapLando() {
         registryResolvable = false;
       }
       const pull = registryResolvable && (instanceData.pullAfter ?? 0) < Date.now();
-      console.log(pull);
       if (Array.isArray(data.opts.pullable) && Array.isArray(data.opts.local) && data.opts.local.length === 0 && !pull) {
         // Setting `data.opts.pullable` to an empty array prevents Lando from pulling images with `docker pull`.
         // Note that if some of the images are not available, they will still be pulled by `docker-compose`.
         data.opts.local = data.opts.pullable;
         data.opts.pullable = [];
-        console.log(data.opts);
       }
       if (pull || !instanceData.pullAfter) {
         instanceData.pullAfter = Date.now() + 7 * 24 * 60 * 60 * 1000;

package/dist/lib/validations/custom-deploy.js

@@ -3,11 +3,27 @@
 exports.__esModule = true;
 exports.validateDeployFileExt = validateDeployFileExt;
 exports.validateFilename = validateFilename;
+exports.validateName = validateName;
+exports.validateTarFile = validateTarFile;
+exports.validateZipFile = validateZipFile;
+var _admZip = _interopRequireDefault(require("adm-zip"));
+var _nodeFs = require("node:fs");
 var _path = _interopRequireDefault(require("path"));
+var tar = _interopRequireWildcard(require("tar"));
 var exit = _interopRequireWildcard(require("../../lib/cli/exit"));
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const errorMessages = {
+  missingThemes: 'Missing `themes` directory from root folder!',
+  symlink: 'Symlink detected: ',
+  singleRootDir: 'The compressed file must contain a single root directory!',
+  invalidExt: 'Invalid file extension. Please provide a .zip, .tar.gz, or a .tgz file.',
+  invalidChars: (filename, invalidChars) => `Filename ${filename} contains disallowed characters: ${invalidChars}`
+};
+const symlinkIgnorePattern = /\/node_modules\/[^/]+\/\.bin\//;
+const macosxDir = '__MACOSX';
+
 /**
  * Check if a file has a valid extension
  *
@@ -20,7 +36,7 @@ function validateDeployFileExt(filename) {
     ext = '.tar.gz';
   }
   if (!['.zip', '.tar.gz', '.tgz'].includes(ext)) {
-    exit.withError('Invalid file extension. Please provide a .zip, .tar.gz, or a .tgz file.');
+    exit.withError(errorMessages.invalidExt);
   }
 }
 
@@ -31,9 +47,183 @@ function validateDeployFileExt(filename) {
  */
 function validateFilename(filename) {
   const re = /^[a-z0-9\-_.]+$/i;
-
-  // Exits if filename contains anything outside a-z A-Z - _ .
   if (!re.test(filename)) {
-    exit.withError('Error: The characters used in the name of a file for custom deploys are limited to [0-9,a-z,A-Z,-,_,.]');
+    exit.withError(errorMessages.invalidChars(filename, '[0-9,a-z,A-Z,-,_,.]'));
+  }
+}
+
+/**
+ * Validate the name of a file for disallowed characters
+ *
+ * @param {string} name The name of the file
+ * @param {bool} isDirectory Whether the file is a directory
+ */
+function validateName(name, isDirectory) {
+  if (name.startsWith('._')) {
+    return;
+  }
+  const invalidCharsPattern = isDirectory ? /[!:*?"<>|']|^\.\..*$/ : /[!/:*?"<>|']|^\.\..*$/;
+  const errorMessage = errorMessages.invalidChars(name, isDirectory ? '[!:*?"<>|\'/^..]+' : '[!/:*?"<>|\'/^..]+');
+  if (invalidCharsPattern.test(name)) {
+    exit.withError(errorMessage);
+  }
+}
+
+/**
+ * Validate the existence of a symlink in a zip file. Ignores symlinks in node_modules/.bin/
+ *
+ * @param {IZipEntry} entry The zip entry to validate
+ */
+function validateZipSymlink(entry) {
+  if (symlinkIgnorePattern.test(entry.entryName)) {
+    return;
+  }
+  const madeBy = entry.header.made >> 8; // eslint-disable-line no-bitwise
+  const errorMsg = errorMessages.symlink + entry.name;
+
+  // DOS
+  /* eslint-disable no-bitwise */
+  if (madeBy === 0 && (entry.attr & 0x0400) === 0x0400) {
+    exit.withError(errorMsg);
+  }
+
+  // Unix
+  if (madeBy === 3 && (entry.attr >>> 16 & _nodeFs.constants.S_IFLNK) === _nodeFs.constants.S_IFLNK) {
+    /* eslint-enable no-bitwise */
+    exit.withError(errorMsg);
+  }
+}
+
+/**
+ * Validate a zip entry for disallowed characters and symlinks.
+ * Ignores __MACOSX directories.
+ *
+ * @param {IZipEntry} entry The zip entry to validate
+ */
+function validateZipEntry(entry) {
+  if (entry.entryName.startsWith(macosxDir)) {
+    return;
+  }
+  validateName(entry.isDirectory ? entry.entryName : entry.name, entry.isDirectory);
+  validateZipSymlink(entry);
+}
+
+/**
+ * Validate the existence of a themes directory in the root folder.
+ *
+ * @param {IZipEntry[]} zipEntries The zip entries to validate
+ */
+function validateZipThemes(rootFolder, zipEntries) {
+  const hasThemesDir = zipEntries.some(entry => entry.isDirectory && entry.entryName.startsWith(_path.default.join(rootFolder, 'themes/')));
+  if (!hasThemesDir) {
+    exit.withError(errorMessages.missingThemes);
+  }
+}
+
+/**
+ * Validate a zip file for Custom Deployments.
+ *
+ * @param {string} filePath The path to the zip file
+ */
+function validateZipFile(filePath) {
+  try {
+    const zipFile = new _admZip.default(filePath);
+    const zipEntries = zipFile.getEntries();
+    const rootDirs = zipEntries.filter(entry => entry.isDirectory && !entry.entryName.startsWith(macosxDir) && (entry.entryName.match(/\//g) || []).length === 1);
+    if (rootDirs.length !== 1) {
+      exit.withError(errorMessages.singleRootDir);
+    }
+    const rootFolder = rootDirs[0].entryName;
+    validateZipThemes(rootFolder, zipEntries);
+    zipEntries.forEach(entry => validateZipEntry(entry));
+  } catch (error) {
+    const err = error;
+    exit.withError(`Error reading file: ${err.message}`);
+  }
+}
+
+/**
+ * Validate the existence of a themes directory in the root folder in a tar file.
+ *
+ * @param {string} rootFolder The root folder of the tar file
+ * @param {TarEntry[]} tarEntries The list of tar entries
+ */
+function validateTarThemes(rootFolder, tarEntries) {
+  const themesFolderPath = _path.default.join(rootFolder, 'themes/');
+  const themesFolderExists = tarEntries.some(entry => entry.path === themesFolderPath && entry.type === 'Directory');
+  if (!themesFolderExists) {
+    exit.withError(errorMessages.missingThemes);
+  }
+}
+
+/**
+ * Validate a tar entry for disallowed characters and symlinks.
+ *
+ * @param {TarEntry} entry The tar entry to validate
+ */
+function validateTarEntry(entry) {
+  if (entry.path.startsWith(macosxDir)) {
+    return;
+  }
+  validateTarSymlink(entry);
+  validateName(_path.default.basename(entry.path), entry.type === 'Directory');
+}
+
+/**
+ * Validate the existence of a symlink in a tar file. Ignores symlinks in node_modules/.bin/
+ *
+ * @param {TarEntry} entry The tar entry to validate for symlinks
+ */
+function validateTarSymlink(entry) {
+  if (symlinkIgnorePattern.test(entry.path)) {
+    return;
+  }
+  if (entry.type === 'SymbolicLink') {
+    exit.withError(errorMessages.symlink + entry.path);
+  }
+}
+
+/**
+ * Validate a tar file for Custom Deployments.
+ *
+ * @param {string} filePath The path to the tar file
+ */
+async function validateTarFile(filePath) {
+  const tarEntries = [];
+  let rootFolder = null;
+  try {
+    await tar.list({
+      file: filePath,
+      onReadEntry: entry => {
+        if (entry.path.startsWith(macosxDir)) {
+          return;
+        }
+        if (entry.type !== 'File' && entry.type !== 'Directory' && entry.type !== 'SymbolicLink') {
+          return;
+        }
+        const isRootFolder = entry.type === 'Directory' && entry.path.endsWith('/') && (entry.path.match(/\//g) || []).length === 1;
+        if (isRootFolder) {
+          if (rootFolder === null) {
+            rootFolder = entry.path;
+          } else if (rootFolder !== entry.path) {
+            exit.withError(errorMessages.singleRootDir);
+          }
+        }
+        const entryInfo = {
+          path: entry.path,
+          type: entry.type,
+          mode: entry.mode
+        };
+        validateTarEntry(entryInfo);
+        tarEntries.push(entryInfo);
+      }
+    });
+    if (!rootFolder) {
+      exit.withError(errorMessages.singleRootDir);
+    }
+    validateTarThemes(rootFolder, tarEntries);
+  } catch (error) {
+    const err = error;
+    exit.withError(err.message);
   }
 }

package/docs/CHANGELOG.md

@@ -1,5 +1,16 @@
 ## Changelog
 
+### 3.4.0
+
+* Updating command option descriptions to follow the VIP-CLI style guide
+* build(deps-dev): bump @types/node from 18.19.34 to 18.19.36
+* Add `vip app deploy validate` command for Custom Deployments
+* fix(dev-env): remove debug code
+* fix(dev-env): force pull images on environment version update
+* chore(deps): update `ws` to fix CVE-2024-37890
+
+**Full Changelog**: https://github.com/Automattic/vip-cli/compare/3.3.1...3.4.0
+
 ### 3.3.1
 
 * build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1