@celilo/cli 0.1.0

package/src/services/module-build.test.ts

@@ -0,0 +1,290 @@
+import { afterEach, beforeEach, describe, expect, spyOn, test } from 'bun:test';
+import { existsSync } from 'node:fs';
+import { mkdir, rm, writeFile } from 'node:fs/promises';
+import { eq } from 'drizzle-orm';
+import { type DbClient, createDbClient } from '../db/client';
+import { moduleBuilds, modules } from '../db/schema';
+import { buildModuleFromSource, getModuleBuildStatus, verifyArtifactsExist } from './module-build';
+
+const TEST_DB_PATH = './test-module-build.db';
+const TEST_MODULE_DIR = './test-module-build-dir';
+
+describe('Module Build Service', () => {
+  let db: DbClient;
+
+  beforeEach(() => {
+    db = createDbClient({ path: TEST_DB_PATH });
+
+    // Create tables
+    db.$client.run(`
+      CREATE TABLE IF NOT EXISTS modules (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL,
+        version TEXT NOT NULL,
+        description TEXT,
+        state TEXT NOT NULL DEFAULT 'IMPORTED',
+        manifest_data TEXT NOT NULL,
+        source_path TEXT NOT NULL,
+        imported_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        updated_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        error_message TEXT
+      )
+    `);
+
+    db.$client.run(`
+      CREATE TABLE IF NOT EXISTS module_builds (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        module_id TEXT NOT NULL,
+        version TEXT NOT NULL,
+        built_at INTEGER NOT NULL DEFAULT (unixepoch()),
+        artifacts TEXT NOT NULL,
+        environment TEXT,
+        status TEXT NOT NULL,
+        build_log TEXT,
+        FOREIGN KEY (module_id) REFERENCES modules(id) ON DELETE CASCADE
+      )
+    `);
+  });
+
+  afterEach(async () => {
+    db.$client.close();
+
+    if (existsSync(TEST_DB_PATH)) {
+      await rm(TEST_DB_PATH);
+    }
+    const walPath = `${TEST_DB_PATH}-wal`;
+    const shmPath = `${TEST_DB_PATH}-shm`;
+    if (existsSync(walPath)) {
+      await rm(walPath);
+    }
+    if (existsSync(shmPath)) {
+      await rm(shmPath);
+    }
+
+    // Clean up test module directory
+    if (existsSync(TEST_MODULE_DIR)) {
+      await rm(TEST_MODULE_DIR, { recursive: true });
+    }
+  });
+
+  describe('buildModuleFromSource', () => {
+    test('should return error if module not found', async () => {
+      const result = await buildModuleFromSource('nonexistent', db);
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('Module not found');
+    });
+
+    test('should return error if module has no build section', async () => {
+      db.insert(modules)
+        .values({
+          id: 'no-build',
+          name: 'No Build Module',
+          version: '1.0.0',
+          sourcePath: '/test/no-build',
+          manifestData: {
+            id: 'no-build',
+            name: 'No Build Module',
+            version: '1.0.0',
+          },
+        })
+        .run();
+
+      const result = await buildModuleFromSource('no-build', db);
+
+      expect(result.success).toBe(false);
+      expect(result.error).toContain('does not have a build section');
+    });
+
+    test('should detect Nix environment from flake.nix', async () => {
+      // Create test module directory with flake.nix
+      await mkdir(TEST_MODULE_DIR, { recursive: true });
+      await mkdir(`${TEST_MODULE_DIR}/build`, { recursive: true });
+      await writeFile(`${TEST_MODULE_DIR}/flake.nix`, '# Nix flake');
+      await writeFile(
+        `${TEST_MODULE_DIR}/build/playbook.yml`,
+        `---
+- name: Test build
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Debug message
+      ansible.builtin.debug:
+        msg: "Nix build test"
+`,
+      );
+
+      db.insert(modules)
+        .values({
+          id: 'nix-module',
+          name: 'Nix Module',
+          version: '1.0.0',
+          sourcePath: TEST_MODULE_DIR,
+          manifestData: {
+            id: 'nix-module',
+            name: 'Nix Module',
+            version: '1.0.0',
+            build: {
+              script: 'build/playbook.yml',
+            },
+          },
+        })
+        .run();
+
+      // Mock console.log to capture output
+      const consoleLogSpy = spyOn(console, 'log').mockImplementation(() => {});
+
+      const _result = await buildModuleFromSource('nix-module', db);
+
+      // Verify Nix detection or fallback message was logged
+      // If nix is available: "ℹ Entering Nix environment"
+      // If nix not available: "⚠️  flake.nix detected but nix command not available"
+      const logCalls = consoleLogSpy.mock.calls.map((call) => call[0]);
+      const hasNixMessage = logCalls.some(
+        (msg) => msg.includes('Nix environment') || msg.includes('flake.nix detected'),
+      );
+      expect(hasNixMessage).toBe(true);
+
+      consoleLogSpy.mockRestore();
+
+      // Build result depends on whether Nix is installed
+      // We're just testing that detection happens (message logged)
+    }, 10000); // 10 second timeout
+
+    test('should record build metadata in database', async () => {
+      await mkdir(TEST_MODULE_DIR, { recursive: true });
+      await mkdir(`${TEST_MODULE_DIR}/build`, { recursive: true });
+      await writeFile(
+        `${TEST_MODULE_DIR}/build/playbook.yml`,
+        `---
+- name: Quick test build
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Echo message
+      ansible.builtin.debug:
+        msg: "Build test"
+`,
+      );
+
+      db.insert(modules)
+        .values({
+          id: 'record-test',
+          name: 'Record Test',
+          version: '1.0.0',
+          sourcePath: TEST_MODULE_DIR,
+          manifestData: {
+            id: 'record-test',
+            name: 'Record Test',
+            version: '1.0.0',
+            build: {
+              script: 'build/playbook.yml',
+            },
+          },
+        })
+        .run();
+
+      const result = await buildModuleFromSource('record-test', db);
+
+      // Build should succeed (simple debug task)
+      expect(result.success).toBe(true);
+
+      // Verify build metadata was recorded
+      const buildRecord = await db
+        .select()
+        .from(moduleBuilds)
+        .where(eq(moduleBuilds.moduleId, 'record-test'))
+        .get();
+
+      expect(buildRecord).toBeDefined();
+      expect(buildRecord?.moduleId).toBe('record-test');
+      expect(buildRecord?.version).toBe('1.0.0');
+      expect(buildRecord?.status).toBe('success');
+      expect(buildRecord?.environment).toBe('system'); // No flake.nix
+    }, 10000); // 10 second timeout for ansible execution
+  });
+
+  describe('getModuleBuildStatus', () => {
+    test('should return null if module never built', async () => {
+      const status = await getModuleBuildStatus('never-built', db);
+
+      expect(status).toBeNull();
+    });
+
+    test('should return latest build status', async () => {
+      // Create module first (for foreign key)
+      db.insert(modules)
+        .values({
+          id: 'test-module',
+          name: 'Test Module',
+          version: '1.0.0',
+          sourcePath: '/test/module',
+          manifestData: {
+            id: 'test-module',
+            name: 'Test Module',
+            version: '1.0.0',
+          },
+        })
+        .run();
+
+      db.insert(moduleBuilds)
+        .values({
+          moduleId: 'test-module',
+          version: '1.0.0',
+          artifacts: ['/path/to/artifact'],
+          status: 'success',
+          buildLog: 'Build completed',
+          environment: 'nix',
+        })
+        .run();
+
+      const status = await getModuleBuildStatus('test-module', db);
+
+      expect(status).toBeDefined();
+      expect(status?.status).toBe('success');
+      expect(status?.artifacts).toEqual(['/path/to/artifact']);
+      expect(status?.buildLog).toBe('Build completed');
+    });
+  });
+
+  describe('verifyArtifactsExist', () => {
+    test('should return true if all artifacts exist', async () => {
+      // Create test artifact
+      await mkdir(TEST_MODULE_DIR, { recursive: true });
+      const artifactPath = `${TEST_MODULE_DIR}/artifact.txt`;
+      await writeFile(artifactPath, 'test');
+
+      const result = verifyArtifactsExist([artifactPath]);
+
+      expect(result).toBe(true);
+    });
+
+    test('should return false if any artifact missing', async () => {
+      const result = verifyArtifactsExist(['/nonexistent/artifact.txt']);
+
+      expect(result).toBe(false);
+    });
+
+    test('should handle multiple artifacts', async () => {
+      await mkdir(TEST_MODULE_DIR, { recursive: true });
+      const artifact1 = `${TEST_MODULE_DIR}/artifact1.txt`;
+      const artifact2 = `${TEST_MODULE_DIR}/artifact2.txt`;
+      await writeFile(artifact1, 'test1');
+      await writeFile(artifact2, 'test2');
+
+      const result = verifyArtifactsExist([artifact1, artifact2]);
+
+      expect(result).toBe(true);
+    });
+
+    test('should return false if any artifact in list is missing', async () => {
+      await mkdir(TEST_MODULE_DIR, { recursive: true });
+      const artifact1 = `${TEST_MODULE_DIR}/exists.txt`;
+      await writeFile(artifact1, 'test');
+
+      const result = verifyArtifactsExist([artifact1, '/nonexistent/missing.txt']);
+
+      expect(result).toBe(false);
+    });
+  });
+});

package/src/services/module-build.ts

@@ -0,0 +1,431 @@
+/**
+ * Module Build Service
+ *
+ * Executes module build scripts (Ansible playbooks) in Nix environments
+ * to compile custom software binaries before deployment.
+ *
+ * Example: Caddy with RFC2136 DNS provider
+ */
+
+import { existsSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+import { eq } from 'drizzle-orm';
+import type { DbClient } from '../db/client';
+import { type BuildStatus, moduleBuilds, modules } from '../db/schema';
+import type { ModuleManifest } from '../manifest/schema';
+
+/**
+ * Build result
+ */
+export interface BuildResult {
+  success: boolean;
+  artifacts?: string[];
+  buildLog?: string;
+  error?: string;
+}
+
+/**
+ * Build artifact from manifest (simple path string)
+ */
+export type BuildArtifact = string;
+
+/**
+ * Build status record from database
+ */
+export interface BuildStatusRecord {
+  status: BuildStatus;
+  artifacts: string[];
+  builtAt: Date;
+  buildLog?: string;
+}
+
+/**
+ * Detect if module uses Nix environment
+ * Policy function - checks for flake.nix existence
+ *
+ * @param modulePath - Path to module directory
+ * @returns True if flake.nix exists
+ */
+function detectNixEnvironment(modulePath: string): boolean {
+  const flakePath = `${modulePath}/flake.nix`;
+  return existsSync(flakePath);
+}
+
+/**
+ * Check if nix command is available
+ * Policy function - validates nix availability
+ *
+ * @returns True if nix command can be executed
+ */
+async function isNixAvailable(): Promise<boolean> {
+  const { spawn } = await import('node:child_process');
+
+  return new Promise((resolve) => {
+    const child = spawn('nix', ['--version'], {
+      stdio: 'ignore',
+    });
+
+    child.on('close', (code) => {
+      resolve(code === 0);
+    });
+
+    child.on('error', () => {
+      resolve(false);
+    });
+  });
+}
+
+/**
+ * Execute build playbook with streaming progress
+ * Execution function - runs ansible-playbook with fuel-gauge progress indicator
+ *
+ * @param modulePath - Path to module directory
+ * @param playbookPath - Path to build playbook (relative to module)
+ * @param useNix - Whether to run inside Nix environment
+ * @returns Build result with output
+ */
+async function executeBuildCommand(
+  modulePath: string,
+  commandStr: string,
+  useNix: boolean,
+): Promise<{ success: boolean; output: string; error?: string }> {
+  const { executeBuildWithProgress } = await import('./build-stream');
+
+  let command: string;
+  let args: string[];
+
+  if (useNix) {
+    command = 'nix';
+    args = ['develop', '--command', 'bash', '-c', commandStr];
+  } else {
+    command = 'bash';
+    args = ['-c', commandStr];
+  }
+
+  const result = await executeBuildWithProgress({
+    command,
+    args,
+    cwd: modulePath,
+  });
+
+  return { success: result.success, output: result.output, error: result.error };
+}
+
+async function executeBuildScript(
+  modulePath: string,
+  scriptPath: string,
+  useNix: boolean,
+): Promise<{ success: boolean; output: string; error?: string }> {
+  const fullScriptPath = `${modulePath}/${scriptPath}`;
+
+  if (!existsSync(fullScriptPath)) {
+    throw new Error(`Build script not found: ${scriptPath}`);
+  }
+
+  const { executeBuildWithProgress } = await import('./build-stream');
+
+  const isShellScript = scriptPath.endsWith('.sh');
+
+  let command: string;
+  let args: string[];
+
+  if (useNix) {
+    const innerCommand = isShellScript ? 'bash' : 'ansible-playbook';
+    command = 'nix';
+    args = ['develop', '--command', innerCommand, scriptPath];
+  } else if (isShellScript) {
+    command = 'bash';
+    args = [scriptPath];
+  } else {
+    command = 'ansible-playbook';
+    args = [scriptPath];
+  }
+
+  const result = await executeBuildWithProgress({
+    command,
+    args,
+    cwd: modulePath,
+  });
+
+  return { success: result.success, output: result.output, error: result.error };
+}
+
+/**
+ * Verify build artifacts exist
+ * Policy function - validates file existence
+ *
+ * @param artifacts - List of artifact paths from manifest (relative to module directory)
+ * @param modulePath - Module directory path
+ * @returns Array of [artifactPath, exists, size]
+ */
+function verifyBuildArtifacts(
+  artifacts: BuildArtifact[],
+  modulePath: string,
+): Array<{ path: string; exists: boolean; size?: number }> {
+  const results: Array<{ path: string; exists: boolean; size?: number }> = [];
+
+  for (const artifactPath of artifacts) {
+    // Resolve relative to module directory
+    const fullPath = join(modulePath, artifactPath);
+    const exists = existsSync(fullPath);
+    let size: number | undefined;
+
+    if (exists) {
+      const stats = statSync(fullPath);
+      size = stats.size;
+    }
+
+    results.push({ path: fullPath, exists, size });
+  }
+
+  return results;
+}
+
+/**
+ * Format bytes to human-readable size
+ * Policy function - formatting
+ *
+ * @param bytes - Size in bytes
+ * @returns Formatted string (e.g., "48.2 MB")
+ */
+function formatBytes(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+}
+
+/**
+ * Record build metadata in database
+ * Execution function - database write
+ *
+ * @param moduleId - Module identifier
+ * @param version - Module version
+ * @param artifacts - List of artifact paths
+ * @param status - Build status
+ * @param buildLog - Build output log
+ * @param environment - Build environment (nix or system)
+ * @param db - Database client
+ */
+async function recordBuildMetadata(
+  moduleId: string,
+  version: string,
+  artifacts: string[],
+  status: BuildStatus,
+  buildLog: string,
+  environment: 'nix' | 'system' | null,
+  db: DbClient,
+): Promise<void> {
+  await db.insert(moduleBuilds).values({
+    moduleId,
+    version,
+    artifacts,
+    status,
+    buildLog,
+    environment,
+  });
+}
+
+/**
+ * Build module from source
+ * Orchestrator function - coordinates build workflow
+ *
+ * @param moduleId - Module identifier
+ * @param db - Database client
+ * @returns Build result
+ */
+export async function buildModuleFromSource(moduleId: string, db: DbClient): Promise<BuildResult> {
+  // Fetch module from database
+  const module = await db.select().from(modules).where(eq(modules.id, moduleId)).get();
+
+  if (!module) {
+    return {
+      success: false,
+      error: `Module not found: ${moduleId}`,
+    };
+  }
+
+  const manifest = module.manifestData as ModuleManifest;
+
+  // Check if module has build section
+  if (!manifest.build) {
+    return {
+      success: false,
+      error: `Module ${moduleId} does not have a build section in manifest`,
+    };
+  }
+
+  const { command, script, artifacts } = manifest.build;
+  const modulePath = module.sourcePath;
+
+  if (!command && !script) {
+    return {
+      success: false,
+      error: `Module ${moduleId} build section must specify either "command" or "script"`,
+    };
+  }
+
+  // Detect Nix environment and verify availability
+  const nixDetected = detectNixEnvironment(modulePath);
+  const nixAvailable = nixDetected ? await isNixAvailable() : false;
+  const useNix = nixDetected && nixAvailable;
+  const environment: 'nix' | 'system' = useNix ? 'nix' : 'system';
+
+  if (useNix) {
+    console.log('ℹ Entering Nix environment (flake.nix detected)...');
+  } else if (nixDetected && !nixAvailable) {
+    console.log('⚠️  flake.nix detected but nix command not available - using system Ansible');
+  }
+
+  try {
+    // Execute build script with streaming progress
+    const buildResult = command
+      ? await executeBuildCommand(modulePath, command, useNix)
+      : await executeBuildScript(modulePath, script as string, useNix);
+
+    // Check if build command failed
+    if (!buildResult.success) {
+      const errorMsg = buildResult.error || 'Build command failed';
+
+      // Record failed build
+      await recordBuildMetadata(
+        moduleId,
+        manifest.version,
+        [],
+        'failed',
+        buildResult.output,
+        environment,
+        db,
+      );
+
+      return {
+        success: false,
+        error: errorMsg,
+        buildLog: buildResult.output,
+      };
+    }
+
+    const buildLog = buildResult.output.trim();
+
+    // Verify artifacts
+    if (artifacts && artifacts.length > 0) {
+      console.log('Verifying build artifacts...');
+      const verification = verifyBuildArtifacts(artifacts, modulePath);
+      const allExist = verification.every((v) => v.exists);
+
+      if (!allExist) {
+        const missing = verification.filter((v) => !v.exists);
+        const errorMsg = `Build failed: Missing artifacts:\n${missing.map((m) => `  - ${m.path}`).join('\n')}`;
+
+        // Record failed build
+        await recordBuildMetadata(
+          moduleId,
+          manifest.version,
+          [],
+          'failed',
+          `${buildLog}\n\n${errorMsg}`,
+          environment,
+          db,
+        );
+
+        return {
+          success: false,
+          error: errorMsg,
+          buildLog,
+        };
+      }
+
+      // Display artifact info
+      for (const result of verification) {
+        const sizeStr = result.size ? ` (${formatBytes(result.size)})` : '';
+        console.log(`✓ Artifact verified: ${result.path}${sizeStr}`);
+      }
+
+      // Record successful build
+      const artifactPaths = verification.map((v) => v.path);
+      await recordBuildMetadata(
+        moduleId,
+        manifest.version,
+        artifactPaths,
+        'success',
+        buildLog,
+        environment,
+        db,
+      );
+
+      return {
+        success: true,
+        artifacts: artifactPaths,
+        buildLog,
+      };
+    }
+
+    // No artifacts defined, just record success
+    await recordBuildMetadata(moduleId, manifest.version, [], 'success', buildLog, environment, db);
+
+    return {
+      success: true,
+      artifacts: [],
+      buildLog,
+    };
+  } catch (error) {
+    const errorMsg = error instanceof Error ? error.message : 'Unknown error';
+    const buildLog = `Build failed: ${errorMsg}`;
+
+    // Record failed build
+    await recordBuildMetadata(moduleId, manifest.version, [], 'failed', buildLog, environment, db);
+
+    return {
+      success: false,
+      error: errorMsg,
+      buildLog,
+    };
+  }
+}
+
+/**
+ * Get module build status
+ * Execution function - database query
+ *
+ * @param moduleId - Module identifier
+ * @param db - Database client
+ * @returns Build status record or null if never built
+ */
+export async function getModuleBuildStatus(
+  moduleId: string,
+  db: DbClient,
+): Promise<BuildStatusRecord | null> {
+  const build = await db
+    .select()
+    .from(moduleBuilds)
+    .where(eq(moduleBuilds.moduleId, moduleId))
+    .orderBy(moduleBuilds.builtAt)
+    .limit(1)
+    .get();
+
+  if (!build) {
+    return null;
+  }
+
+  return {
+    status: build.status,
+    artifacts: build.artifacts as string[],
+    builtAt: new Date(build.builtAt),
+    buildLog: build.buildLog || undefined,
+  };
+}
+
+/**
+ * Verify build artifacts still exist
+ * Policy function - validates current state of artifacts
+ *
+ * @param artifactPaths - List of full artifact paths (from database)
+ * @returns True if all artifacts exist
+ */
+export function verifyArtifactsExist(artifactPaths: string[]): boolean {
+  for (const path of artifactPaths) {
+    if (!existsSync(path)) {
+      return false;
+    }
+  }
+  return true;
+}