@automattic/vip 3.3.1 → 3.4.1

package/assets/dev-env.lando.template.yml.ejs

@@ -39,6 +39,8 @@ services:
       command: nginx -g "daemon off;"
       environment:
         LANDO_NEEDS_EXEC: 1
+        LANDO_WEBROOT_USER: nginx
+        LANDO_WEBROOT_GROUP: nginx
       volumes:
         - ./nginx/extra.conf:/etc/nginx/conf.extra/extra.conf
 <% wpVolumes() %>

package/dist/bin/vip-app-deploy-validate.js

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+
+/**
+ * External dependencies
+ */
+"use strict";
+
+exports.__esModule = true;
+exports.appDeployValidateCmd = appDeployValidateCmd;
+var _chalk = _interopRequireDefault(require("chalk"));
+var _debug = _interopRequireDefault(require("debug"));
+var _path = require("path");
+var _command = _interopRequireDefault(require("../lib/cli/command"));
+var _clientFileUploader = require("../lib/client-file-uploader");
+var _customDeploy = require("../lib/custom-deploy/custom-deploy");
+var _tracker = require("../lib/tracker");
+var _customDeploy2 = require("../lib/validations/custom-deploy");
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+/**
+ * Internal dependencies
+ */
+const debug = (0, _debug.default)('@automattic/vip:bin:vip-app-deploy-validate');
+async function appDeployValidateCmd(arg = [], opts = {}) {
+  const app = opts.app;
+  const env = opts.env;
+  const [fileName] = arg;
+  const fileMeta = await (0, _clientFileUploader.getFileMeta)(fileName);
+  debug('Options: ', opts);
+  debug('Args: ', arg);
+  const track = _tracker.trackEventWithEnv.bind(null, app, env);
+  debug('Validating file...');
+  await (0, _customDeploy.validateFile)(app, env, fileMeta);
+  await track('deploy_validate_app_command_execute');
+  const ext = (0, _path.extname)(fileName);
+  if (ext === '.zip') {
+    (0, _customDeploy2.validateZipFile)(fileName);
+  } else {
+    await (0, _customDeploy2.validateTarFile)(fileName);
+  }
+  console.log(_chalk.default.green('✓ Compressed file has been successfully validated with no errors!'));
+}
+
+// Command examples for the `vip app deploy validate` help prompt
+const examples = [{
+  usage: 'vip app @mysite.develop deploy validate <file.zip|file.tar.gz>',
+  description: 'Validate the compressed file to see if it can be deployed to your site'
+}];
+void (0, _command.default)({
+  requiredArgs: 1
+}).examples(examples).option('app', 'The application name or ID').option('env', 'The environment name or ID').argv(process.argv, appDeployValidateCmd);

package/dist/bin/vip-app-deploy.js

@@ -232,4 +232,4 @@ const examples = [
 }];
 void (0, _command.default)({
   requiredArgs: 1
-}).examples(examples).option('message', 'Custom message for deploy').option('skip-confirmation', 'Skip confirmation prompt').option('force', 'Skip confirmation prompt (deprecated)').option('app', 'The application name or ID').option('env', 'The environment name or ID').argv(process.argv, appDeployCmd);
+}).command('validate', 'Validate a file before deploying in Custom Deployments').examples(examples).option('message', 'Custom message for deploy').option('skip-confirmation', 'Skip confirmation prompt').option('force', 'Skip confirmation prompt (deprecated)').option('app', 'The application name or ID').option('env', 'The environment name or ID').argv(process.argv, appDeployCmd);

package/dist/bin/vip-cache-purge-url.js

@@ -11,12 +11,14 @@ var _tracker = require("../lib/tracker");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const usage = 'vip cache purge-url';
+const exampleUsage = 'vip @example-app.develop cache purge-url';
 const examples = [{
-  usage: 'vip cache purge-url <URL>',
-  description: 'Purge a URL from page cache'
+  usage: `${exampleUsage} https://example-app-develop.go-vip.co/sample-page/` + '\n    - Purged URL: https://example-app.develop.go-vip.co/sample-page/',
+  description: 'Purge the page cache for a single URL.'
 }, {
-  usage: 'vip cache purge-url --from-file=/dev/vip/urls.txt',
-  description: 'Purge multiple URLs from page cache'
+  usage: `${exampleUsage} --from-file=./urls.txt`,
+  description: 'Purge the page cache for multiple URLs, each listed on a single line in a local file.'
 }];
 async function cachePurgeCommand(urls = [], opt = {}) {
   const trackingParams = {
@@ -59,5 +61,5 @@ async function cachePurgeCommand(urls = [], opt = {}) {
   appQuery: _cachePurge.appQuery,
   envContext: true,
   wildcardCommand: true,
-  usage: 'vip cache purge-url <URL>'
-}).option('from-file', 'Read URLs from file (useful to purge multiple URLs)').examples(examples).argv(process.argv, cachePurgeCommand);
+  usage
+}).option('from-file', 'Read one or more URLs from a file, each listed on a single line.').examples(examples).argv(process.argv, cachePurgeCommand);

package/dist/bin/vip-cache.js

@@ -3,6 +3,16 @@
 
 var _command = _interopRequireDefault(require("../lib/cli/command"));
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const usage = 'vip cache';
+const exampleUsage = 'vip @example-app.develop cache';
+const examples = [{
+  usage: `${exampleUsage} purge-url https://example-app-develop.go-vip.co/sample-page/` + '\n    - Purged URL: https://example-app.develop.go-vip.co/sample-page/',
+  description: 'Purge the page cache for a single URL.'
+}, {
+  usage: `${exampleUsage} purge-url --from-file=./urls.txt`,
+  description: 'Purge the page cache for multiple URLs, each listed on a single line in a local file.'
+}];
 (0, _command.default)({
-  requiredArgs: 1
-}).command('purge-url', 'Purge page cache').argv(process.argv);
+  requiredArgs: 1,
+  usage
+}).command('purge-url', 'Purge page cache for one or more URLs.').examples(examples).argv(process.argv);

package/dist/bin/vip-config-software-update.js

@@ -41,7 +41,7 @@ const cmd = (0, _command.default)({
   wildcardCommand: true,
   usage
 }).examples(examples);
-cmd.option('yes', 'Auto-confirm update');
+cmd.option('yes', 'Skip the confirmation prompt and automatically submit "y".');
 cmd.argv(process.argv, async (arg, opt) => {
   const {
     app,

package/dist/bin/vip-dev-env-create.js

@@ -33,7 +33,7 @@ const examples = [{
 }];
 const cmd = (0, _command.default)({
   usage
-}).option('slug', 'A unique name for a local environment. Default is "vip-local".', undefined, _devEnvironmentCli.processSlug).option('title', 'A descriptive value for the WordPress Site Title. Default is "VIP Dev").').option('multisite', 'Create environment as a multisite. Accepts "y" for a subdomain multisite, "subdirectory" (recommended) for a subdirectory multisite, or "false". Default is "y".', undefined, _devEnvironmentCli.processStringOrBooleanOption);
+}).option('slug', 'A unique name for a local environment. Default is "vip-local".', undefined, _devEnvironmentCli.processSlug).option('title', 'A descriptive value for the WordPress Site Title. Default is "VIP Dev".').option('multisite', 'Create environment as a multisite. Accepts "y" for a subdomain multisite, "subdirectory" (recommended) for a subdirectory multisite, or "false". Default is "y".', undefined, _devEnvironmentCli.processStringOrBooleanOption);
 (0, _devEnvironmentCli.addDevEnvConfigurationOptions)(cmd);
 cmd.examples(examples);
 cmd.argv(process.argv, async (arg, opt) => {

package/dist/bin/vip-sync.js

@@ -82,10 +82,10 @@ const appQuery = `id,name,environments{
   let environment = application.environments.find(env => env.id === opts.env.id);
   if (syncing) {
     if (environment.syncProgress.status === 'running') {
-      console.log(_chalk.default.yellow('Note:'), 'A data sync is already running');
+      console.log(_chalk.default.yellow('Note:'), 'A data sync is already running.');
     } else {
-      console.log(_chalk.default.yellow('Note:'), 'Someone recently ran a data sync on this site');
-      console.log(_chalk.default.yellow('Note:'), 'Please wait a few minutes before trying again');
+      console.log(_chalk.default.yellow('Note:'), 'Someone recently ran a data sync on this site.');
+      console.log(_chalk.default.yellow('Note:'), 'Please wait a few minutes before trying again.');
     }
   }
   console.log();
@@ -157,14 +157,14 @@ const appQuery = `id,name,environments{
         await (0, _tracker.trackEvent)('sync_command_error', {
           error: 'API returned `failed` status'
         });
-        out.push(`${marks.failed} Data Sync is finished for ${opts.app.name}`);
+        out.push(`${marks.failed} Data Sync is finished for ${opts.app.name}.`);
         out.push('');
         break;
       case 'success':
       default:
         clearInterval(progress);
         await (0, _tracker.trackEvent)('sync_command_success');
-        out.push(`${marks.success} Data Sync is finished for ${opts.app.name}`);
+        out.push(`${marks.success} Data Sync is finished for ${opts.app.name}.`);
         out.push('');
         break;
     }

package/dist/bin/vip.js

@@ -22,7 +22,7 @@ const tokenURL = 'https://dashboard.wpvip.com/me/cli/token';
 const customDeployToken = process.env.WPVIP_DEPLOY_TOKEN;
 const runCmd = async function () {
   const cmd = (0, _command.default)();
-  cmd.command('logout', 'Log out the current authenticated VIP-CLI user.').command('app', 'List and modify your VIP applications').command('backup', 'Generate a backup of an environment.').command('cache', 'Manage page cache for your VIP applications').command('config', 'Manage environment configurations.').command('dev-env', 'Create and manage VIP Local Development Environments.').command('export', 'Export a copy of data associated with an environment.').command('import', 'Import media or SQL files into your VIP applications').command('logs', 'Get logs from your VIP applications').command('search-replace', 'Perform search and replace tasks on files').command('slowlogs', 'Retrieve MySQL slow query logs from an environment.').command('db', "Access an environment's database.").command('sync', 'Sync production to a development environment').command('whoami', 'Retrieve details about the current authenticated VIP-CLI user.').command('validate', 'Validate your VIP application and environment').command('wp', 'Run WP CLI commands against an environment');
+  cmd.command('logout', 'Log out the current authenticated VIP-CLI user.').command('app', 'List and modify your VIP applications').command('backup', 'Generate a backup of an environment.').command('cache', 'Manage page cache for an environment.').command('config', 'Manage environment configurations.').command('dev-env', 'Create and manage VIP Local Development Environments.').command('export', 'Export a copy of data associated with an environment.').command('import', 'Import media or SQL files into your VIP applications').command('logs', 'Get logs from your VIP applications').command('search-replace', 'Perform search and replace tasks on files').command('slowlogs', 'Retrieve MySQL slow query logs from an environment.').command('db', "Access an environment's database.").command('sync', 'Sync production to a development environment').command('whoami', 'Retrieve details about the current authenticated VIP-CLI user.').command('validate', 'Validate your VIP application and environment').command('wp', 'Run WP CLI commands against an environment');
   cmd.argv(process.argv);
 };
 

package/dist/lib/cli/command.js

@@ -426,7 +426,7 @@ _args.default.argv = async function (argv, cb) {
         });
         options.exportFileErrorsToJson = Object.hasOwn(options, 'exportFileErrorsToJson') && Boolean(options.exportFileErrorsToJson) && !['false', 'no'].includes(options.exportFileErrorsToJson);
         info.push({
-          key: 'Export any file errors encountered to a JSON file instead of a plain text file',
+          key: 'Export any file errors encountered to a JSON file instead of a plain text file.',
           value: options.exportFileErrorsToJson ? '✅ Yes' : `${_chalk.default.red('x')} No`
         });
         break;
@@ -508,22 +508,22 @@ function _default(opts) {
     ...opts
   };
   if (_opts.appContext || _opts.requireConfirm) {
-    _args.default.option('app', 'Specify the app');
+    _args.default.option('app', 'Target an application. Accepts a string value for the application name or an integer for the application ID.');
   }
   if (_opts.envContext || _opts.childEnvContext) {
-    _args.default.option('env', 'Specify the environment');
+    _args.default.option('env', 'Target an environment. Accepts a string value for the environment type.');
   }
   if (_opts.requireConfirm) {
-    _args.default.option('force', 'Skip confirmation', false);
+    _args.default.option('force', 'Skip confirmation.', false);
   }
   if (_opts.format) {
-    _args.default.option('format', 'Format results', 'table');
+    _args.default.option('format', 'Render output in a particular format. Accepts "table" (default), "csv", and "json".', 'table');
   }
 
   // Add help and version to all subcommands
-  _args.default.option('help', 'Output the help for the (sub)command');
-  _args.default.option('version', 'Output the version number');
-  _args.default.option('debug', 'Activate debug output');
+  _args.default.option('help', 'Retrieve a description, examples, and available options for a (sub)command.');
+  _args.default.option('version', 'Retrieve the version number of VIP-CLI currently installed on the local machine.');
+  _args.default.option('debug', 'Generate verbose output during command execution to help identify or fix errors or bugs.');
   return _args.default;
 }
 function getEnvIdentifier(env) {

package/dist/lib/dev-environment/dev-environment-cli.js

@@ -512,7 +512,10 @@ async function promptForWordPress(defaultObject) {
 
   // image with selection
   const tagChoices = await getTagChoices();
-  let option = defaultObject?.tag ?? tagChoices[0].value;
+  if (typeof defaultObject === 'string' && !tagChoices.find(choice => choice.value === defaultObject)) {
+    throw new Error(`Unknown or unsupported WordPress version: ${defaultObject}.`);
+  }
+  let option = typeof defaultObject === 'string' ? defaultObject : defaultObject?.tag ?? tagChoices[0].value;
   if (isStdinTTY) {
     const message = `${messagePrefix}Which version would you like`;
     const selectTag = new _enquirer.Select({
@@ -620,9 +623,10 @@ function processVersionOption(value) {
   }
   return value?.toString() ?? '';
 }
+const phpVersionsSupported = Object.keys(_devEnvironment.DEV_ENVIRONMENT_PHP_VERSIONS).join(', ');
 function addDevEnvConfigurationOptions(command) {
   // We leave the third parameter to undefined on some because the defaults are handled in preProcessInstanceData()
-  return command.option('wordpress', 'Use a specific WordPress version', undefined, processVersionOption).option(['u', 'mu-plugins'], 'Use a specific mu-plugins changeset or local directory').option('app-code', 'Use the application code from a local directory or use "demo" for VIP skeleton code').option('phpmyadmin', 'Enable PHPMyAdmin component. By default it is disabled', undefined, processBooleanOption).option('xdebug', 'Enable XDebug. By default it is disabled', undefined, processBooleanOption).option('xdebug_config', 'Extra configuration to pass to xdebug via XDEBUG_CONFIG environment variable').option('elasticsearch', 'Enable Elasticsearch (needed by Enterprise Search)', undefined, processBooleanOption).option(['r', 'media-redirect-domain'], 'Domain to redirect for missing media files. This can be used to still have images without the need to import them locally.', undefined, processMediaRedirectDomainOption).option('php', 'Explicitly choose PHP version to use', undefined, processVersionOption).option(['A', 'mailpit'], 'Enable Mailpit. By default it is disabled', undefined, processBooleanOption).option(['H', 'photon'], 'Enable Photon. By default it is disabled', undefined, processBooleanOption);
+  return command.option('wordpress', 'Manage the version of WordPress. Accepts a string value for major versions (6.x). Defaults to the most recent version of WordPress.', undefined, processVersionOption).option(['u', 'mu-plugins'], 'Manage the source for VIP MU plugins. Accepts "demo" (default) for a read-only image of the staging branch, or a path to a built copy of VIP MU plugins on the local machine.').option('app-code', 'Manage the source for application code. Accepts "demo" (default) for a read-only image of WordPress VIP skeleton application code, or a path to a VIP formatted application repo on the local machine.').option('phpmyadmin', 'Enable or disable phpMyAdmin, disabled by default. Accepts "y" (default value) to enable or "n" to disable. When enabled, refer to the value of "PHPMYADMIN URLS" in the information output for a local environment for the URL to access phpMyAdmin.', undefined, processBooleanOption).option('xdebug', 'Enable or disable XDebug, disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption).option('xdebug_config', 'Override some default configuration settings for Xdebug. Accepts a string value that is assigned to the XDEBUG_CONFIG environment variable.').option('elasticsearch', 'Enable or disable Elasticsearch (required by Enterprise Search), disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption).option(['r', 'media-redirect-domain'], 'Configure media files to be proxied from a VIP Platform environment. Accepts a string value for the primary domain of the VIP Platform environment or "n" to disable the media proxy.', undefined, processMediaRedirectDomainOption).option('php', `Manage the version of PHP. Accepts a string value for minor versions: ${phpVersionsSupported}`, undefined, processVersionOption).option(['A', 'mailpit'], 'Enable or disable Mailpit, disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption).option(['H', 'photon'], 'Enable or disable Photon, disabled by default. Accepts "y" (default value) to enable or "n" to disable.', undefined, processBooleanOption);
 }
 
 /**

package/dist/lib/dev-environment/dev-environment-core.js

@@ -577,7 +577,7 @@ async function maybeUpdateWordPressImage(lando, slug) {
     type: 'select',
     name: 'upgrade',
     message: 'Would you like to upgrade WordPress? ',
-    choices: ['no', 'yes', "no (don't ask anymore)"]
+    choices: ['yes', 'no', "no (don't ask anymore)"]
   });
 
   // If the user takes the new WP version path
@@ -585,7 +585,7 @@ async function maybeUpdateWordPressImage(lando, slug) {
     console.log('Upgrading from: ' + _chalk.default.yellow(currentWordPressTag) + ' to:');
 
     // Select a new image
-    const choice = await (0, _devEnvironmentCli.promptForWordPress)(null);
+    const choice = await (0, _devEnvironmentCli.promptForWordPress)(newestWordPressImage?.tag ?? null);
     const version = versions.find(({
       tag
     }) => tag.trim() === choice.tag.trim());
@@ -611,6 +611,7 @@ async function maybeUpdateVersion(lando, slug) {
   const currentVersion = envData.version;
   console.log('Current local environment version is: ' + _chalk.default.yellow(currentVersion));
   if (!currentVersion || _semver.default.lt(currentVersion, _devEnvironment.DEV_ENVIRONMENT_VERSION)) {
+    envData.pullAfter = undefined;
     await updateEnvironment(lando, envData);
     console.log('Local environment version updated to: ' + _chalk.default.green(_devEnvironment.DEV_ENVIRONMENT_VERSION));
     return true;

package/dist/lib/dev-environment/dev-environment-lando.js

@@ -180,13 +180,11 @@ async function bootstrapLando() {
         registryResolvable = false;
       }
       const pull = registryResolvable && (instanceData.pullAfter ?? 0) < Date.now();
-      console.log(pull);
       if (Array.isArray(data.opts.pullable) && Array.isArray(data.opts.local) && data.opts.local.length === 0 && !pull) {
         // Setting `data.opts.pullable` to an empty array prevents Lando from pulling images with `docker pull`.
         // Note that if some of the images are not available, they will still be pulled by `docker-compose`.
         data.opts.local = data.opts.pullable;
         data.opts.pullable = [];
-        console.log(data.opts);
       }
       if (pull || !instanceData.pullAfter) {
         instanceData.pullAfter = Date.now() + 7 * 24 * 60 * 60 * 1000;
@@ -406,7 +404,8 @@ async function checkEnvHealth(lando, instancePath) {
   }
   if (urlsToScan.length) {
     scanResults = scanResults.concat(await app.scanUrls(urlsToScan, {
-      max: 1
+      max: 1,
+      waitCodes: [502, 504]
     }));
   }
   const result = {};

package/dist/lib/validations/custom-deploy.js

@@ -3,11 +3,27 @@
 exports.__esModule = true;
 exports.validateDeployFileExt = validateDeployFileExt;
 exports.validateFilename = validateFilename;
+exports.validateName = validateName;
+exports.validateTarFile = validateTarFile;
+exports.validateZipFile = validateZipFile;
+var _admZip = _interopRequireDefault(require("adm-zip"));
+var _nodeFs = require("node:fs");
 var _path = _interopRequireDefault(require("path"));
+var tar = _interopRequireWildcard(require("tar"));
 var exit = _interopRequireWildcard(require("../../lib/cli/exit"));
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const errorMessages = {
+  missingThemes: 'Missing `themes` directory from root folder!',
+  symlink: 'Symlink detected: ',
+  singleRootDir: 'The compressed file must contain a single root directory!',
+  invalidExt: 'Invalid file extension. Please provide a .zip, .tar.gz, or a .tgz file.',
+  invalidChars: (filename, invalidChars) => `Filename ${filename} contains disallowed characters: ${invalidChars}`
+};
+const symlinkIgnorePattern = /\/node_modules\/[^/]+\/\.bin\//;
+const macosxDir = '__MACOSX';
+
 /**
  * Check if a file has a valid extension
  *
@@ -20,7 +36,7 @@ function validateDeployFileExt(filename) {
     ext = '.tar.gz';
   }
   if (!['.zip', '.tar.gz', '.tgz'].includes(ext)) {
-    exit.withError('Invalid file extension. Please provide a .zip, .tar.gz, or a .tgz file.');
+    exit.withError(errorMessages.invalidExt);
   }
 }
 
@@ -31,9 +47,183 @@ function validateDeployFileExt(filename) {
  */
 function validateFilename(filename) {
   const re = /^[a-z0-9\-_.]+$/i;
-
-  // Exits if filename contains anything outside a-z A-Z - _ .
   if (!re.test(filename)) {
-    exit.withError('Error: The characters used in the name of a file for custom deploys are limited to [0-9,a-z,A-Z,-,_,.]');
+    exit.withError(errorMessages.invalidChars(filename, '[0-9,a-z,A-Z,-,_,.]'));
+  }
+}
+
+/**
+ * Validate the name of a file for disallowed characters
+ *
+ * @param {string} name The name of the file
+ * @param {bool} isDirectory Whether the file is a directory
+ */
+function validateName(name, isDirectory) {
+  if (name.startsWith('._')) {
+    return;
+  }
+  const invalidCharsPattern = isDirectory ? /[!:*?"<>|']|^\.\..*$/ : /[!/:*?"<>|']|^\.\..*$/;
+  const errorMessage = errorMessages.invalidChars(name, isDirectory ? '[!:*?"<>|\'/^..]+' : '[!/:*?"<>|\'/^..]+');
+  if (invalidCharsPattern.test(name)) {
+    exit.withError(errorMessage);
+  }
+}
+
+/**
+ * Validate the existence of a symlink in a zip file. Ignores symlinks in node_modules/.bin/
+ *
+ * @param {IZipEntry} entry The zip entry to validate
+ */
+function validateZipSymlink(entry) {
+  if (symlinkIgnorePattern.test(entry.entryName)) {
+    return;
+  }
+  const madeBy = entry.header.made >> 8; // eslint-disable-line no-bitwise
+  const errorMsg = errorMessages.symlink + entry.name;
+
+  // DOS
+  /* eslint-disable no-bitwise */
+  if (madeBy === 0 && (entry.attr & 0x0400) === 0x0400) {
+    exit.withError(errorMsg);
+  }
+
+  // Unix
+  if (madeBy === 3 && (entry.attr >>> 16 & _nodeFs.constants.S_IFLNK) === _nodeFs.constants.S_IFLNK) {
+    /* eslint-enable no-bitwise */
+    exit.withError(errorMsg);
+  }
+}
+
+/**
+ * Validate a zip entry for disallowed characters and symlinks.
+ * Ignores __MACOSX directories.
+ *
+ * @param {IZipEntry} entry The zip entry to validate
+ */
+function validateZipEntry(entry) {
+  if (entry.entryName.startsWith(macosxDir)) {
+    return;
+  }
+  validateName(entry.isDirectory ? entry.entryName : entry.name, entry.isDirectory);
+  validateZipSymlink(entry);
+}
+
+/**
+ * Validate the existence of a themes directory in the root folder.
+ *
+ * @param {IZipEntry[]} zipEntries The zip entries to validate
+ */
+function validateZipThemes(rootFolder, zipEntries) {
+  const hasThemesDir = zipEntries.some(entry => entry.isDirectory && entry.entryName.startsWith(_path.default.join(rootFolder, 'themes/')));
+  if (!hasThemesDir) {
+    exit.withError(errorMessages.missingThemes);
+  }
+}
+
+/**
+ * Validate a zip file for Custom Deployments.
+ *
+ * @param {string} filePath The path to the zip file
+ */
+function validateZipFile(filePath) {
+  try {
+    const zipFile = new _admZip.default(filePath);
+    const zipEntries = zipFile.getEntries();
+    const rootDirs = zipEntries.filter(entry => entry.isDirectory && !entry.entryName.startsWith(macosxDir) && (entry.entryName.match(/\//g) || []).length === 1);
+    if (rootDirs.length !== 1) {
+      exit.withError(errorMessages.singleRootDir);
+    }
+    const rootFolder = rootDirs[0].entryName;
+    validateZipThemes(rootFolder, zipEntries);
+    zipEntries.forEach(entry => validateZipEntry(entry));
+  } catch (error) {
+    const err = error;
+    exit.withError(`Error reading file: ${err.message}`);
+  }
+}
+
+/**
+ * Validate the existence of a themes directory in the root folder in a tar file.
+ *
+ * @param {string} rootFolder The root folder of the tar file
+ * @param {TarEntry[]} tarEntries The list of tar entries
+ */
+function validateTarThemes(rootFolder, tarEntries) {
+  const themesFolderPath = _path.default.join(rootFolder, 'themes/');
+  const themesFolderExists = tarEntries.some(entry => entry.path === themesFolderPath && entry.type === 'Directory');
+  if (!themesFolderExists) {
+    exit.withError(errorMessages.missingThemes);
+  }
+}
+
+/**
+ * Validate a tar entry for disallowed characters and symlinks.
+ *
+ * @param {TarEntry} entry The tar entry to validate
+ */
+function validateTarEntry(entry) {
+  if (entry.path.startsWith(macosxDir)) {
+    return;
+  }
+  validateTarSymlink(entry);
+  validateName(_path.default.basename(entry.path), entry.type === 'Directory');
+}
+
+/**
+ * Validate the existence of a symlink in a tar file. Ignores symlinks in node_modules/.bin/
+ *
+ * @param {TarEntry} entry The tar entry to validate for symlinks
+ */
+function validateTarSymlink(entry) {
+  if (symlinkIgnorePattern.test(entry.path)) {
+    return;
+  }
+  if (entry.type === 'SymbolicLink') {
+    exit.withError(errorMessages.symlink + entry.path);
+  }
+}
+
+/**
+ * Validate a tar file for Custom Deployments.
+ *
+ * @param {string} filePath The path to the tar file
+ */
+async function validateTarFile(filePath) {
+  const tarEntries = [];
+  let rootFolder = null;
+  try {
+    await tar.list({
+      file: filePath,
+      onReadEntry: entry => {
+        if (entry.path.startsWith(macosxDir)) {
+          return;
+        }
+        if (entry.type !== 'File' && entry.type !== 'Directory' && entry.type !== 'SymbolicLink') {
+          return;
+        }
+        const isRootFolder = entry.type === 'Directory' && entry.path.endsWith('/') && (entry.path.match(/\//g) || []).length === 1;
+        if (isRootFolder) {
+          if (rootFolder === null) {
+            rootFolder = entry.path;
+          } else if (rootFolder !== entry.path) {
+            exit.withError(errorMessages.singleRootDir);
+          }
+        }
+        const entryInfo = {
+          path: entry.path,
+          type: entry.type,
+          mode: entry.mode
+        };
+        validateTarEntry(entryInfo);
+        tarEntries.push(entryInfo);
+      }
+    });
+    if (!rootFolder) {
+      exit.withError(errorMessages.singleRootDir);
+    }
+    validateTarThemes(rootFolder, tarEntries);
+  } catch (error) {
+    const err = error;
+    exit.withError(err.message);
   }
 }

package/docs/CHANGELOG.md

@@ -1,5 +1,26 @@
 ## Changelog
 
+### 3.4.1
+
+* Updating vip cache commands descriptions and examples to follow the VIP-CLI style guide
+* Dev-env: Upgrade WordPress upgrade prompt to "yes" and pre-select latest version not trunk
+* build(deps-dev): bump @types/node from 18.19.36 to 18.19.37
+* fix(dev-env): retry healthcheck only on 502 and 504 status codes
+* fix(dev-env): set the user/group for `nginx` container to `nginx:nginx`
+
+**Full Changelog**: https://github.com/Automattic/vip-cli/compare/3.4.0...3.4.1
+
+### 3.4.0
+
+* Updating command option descriptions to follow the VIP-CLI style guide
+* build(deps-dev): bump @types/node from 18.19.34 to 18.19.36
+* Add `vip app deploy validate` command for Custom Deployments
+* fix(dev-env): remove debug code
+* fix(dev-env): force pull images on environment version update
+* chore(deps): update `ws` to fix CVE-2024-37890
+
+**Full Changelog**: https://github.com/Automattic/vip-cli/compare/3.3.1...3.4.0
+
 ### 3.3.1
 
 * build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1