@celilo/cli 0.3.30 → 0.4.0-alpha.0

package/src/cli/commands/publish/global-install.ts

@@ -0,0 +1,171 @@
+/**
+ * bun global install refresh — Phase 3 of `celilo publish`.
+ *
+ * Force-pins just-published packages into `~/.bun/install/global` so
+ * the operator's `cele2e` / `celilo` binaries end up on the version
+ * this run just shipped (rather than whatever `@latest` resolves to a
+ * moment later). For managed packages NOT published this run, runs
+ * `bun update -g <name>` to chase npm-latest (catches drift between
+ * publish events).
+ *
+ * Skipped entirely in --alpha mode unless --track-alpha is passed.
+ * When tracking alpha, only force-pins packages we just published —
+ * leaves other managed globals alone (they may already be on their
+ * own alpha streams).
+ */
+
+import { spawnSync } from 'node:child_process';
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { PACKAGES, readGlobalInstalledVersion, readPkg } from './helpers';
+import type { GlobalUpdateItem, PackageJson } from './types';
+
+// ─── Planner ───────────────────────────────────────────────────────
+
+export interface PlanGlobalUpdateInput {
+  /** Versions we just published this run (force-pin targets). */
+  justPublished: Array<{ name: string; version: string }>;
+  /** True only when `--alpha --track-alpha` was passed. */
+  trackAlpha: boolean;
+}
+
+/**
+ * Inputs the global-update decision actually depends on. Lifted out
+ * as a type so `decideGlobalUpdates` is pure and unit-testable: the
+ * disk wrapper (`planGlobalUpdate`) reads bun's global package.json
+ * and ~/.bun/install/global/node_modules/<name>/package.json then
+ * delegates here.
+ */
+export interface GlobalUpdateDecisionInputs {
+  /** Names currently installed globally (intersected with `ourNames`). */
+  installed: string[];
+  /** Names this run will publish (already filtered for managed packages). */
+  justPublished: Array<{ name: string; version: string }>;
+  /** True only when `--alpha --track-alpha` was passed. */
+  trackAlpha: boolean;
+  /**
+   * Resolver from name → currently-installed version. Pure: caller
+   * fetches versions once and hands them in; we don't re-read disk
+   * per call. `null` means "couldn't read" (treated as unknown).
+   */
+  installedVersion: (name: string) => string | null;
+}
+
+/**
+ * Pure decision function: produce the per-package `GlobalUpdateItem`
+ * list from the gathered inputs. Encodes the gating semantics of
+ * --track-alpha (filter to just-published only) and the
+ * force-pin-vs-update-pull policy (force-pin when we know the target,
+ * `bun update -g` otherwise).
+ */
+export function decideGlobalUpdates(inputs: GlobalUpdateDecisionInputs): GlobalUpdateItem[] {
+  const publishedMap = new Map(inputs.justPublished.map((p) => [p.name, p.version] as const));
+
+  let toUpdate = inputs.installed;
+  if (inputs.trackAlpha) {
+    const justPublishedNames = new Set(inputs.justPublished.map((p) => p.name));
+    toUpdate = toUpdate.filter((n) => justPublishedNames.has(n));
+  }
+
+  const items: GlobalUpdateItem[] = [];
+  for (const name of toUpdate) {
+    const before = inputs.installedVersion(name);
+    const expected = publishedMap.get(name);
+    // Force-pin to a known target when we just published it; otherwise
+    // resolve to whatever the executor's `bun update -g` lands on.
+    items.push({
+      name,
+      installed: before,
+      target: expected ?? before ?? '?',
+      forcePin: !!expected,
+    });
+  }
+  return items;
+}
+
+export function planGlobalUpdate(input: PlanGlobalUpdateInput): GlobalUpdateItem[] {
+  const globalPkgPath = join(process.env.HOME ?? '', '.bun', 'install', 'global', 'package.json');
+  if (!existsSync(globalPkgPath)) return [];
+
+  let globalPkg: PackageJson;
+  try {
+    globalPkg = JSON.parse(readFileSync(globalPkgPath, 'utf-8'));
+  } catch {
+    // Malformed global pkg — caller will surface this differently
+    // (or skip the phase entirely). Returning [] is consistent with
+    // "nothing planned".
+    return [];
+  }
+
+  const ourNames = new Set(PACKAGES.map((p) => readPkg(p).name).filter((n): n is string => !!n));
+  const installed = Object.keys(globalPkg.dependencies ?? {}).filter((n) => ourNames.has(n));
+
+  return decideGlobalUpdates({
+    installed,
+    justPublished: input.justPublished,
+    trackAlpha: input.trackAlpha,
+    installedVersion: readGlobalInstalledVersion,
+  });
+}
+
+// ─── Executor ──────────────────────────────────────────────────────
+
+export function executeGlobalUpdate(items: GlobalUpdateItem[]): void {
+  if (items.length === 0) {
+    return;
+  }
+
+  const globalPkgPath = join(process.env.HOME ?? '', '.bun', 'install', 'global', 'package.json');
+  if (!existsSync(globalPkgPath)) {
+    console.log('\nNo bun global install found — skipping global update pass.');
+    return;
+  }
+
+  console.log('\n──────────────────────────────────────────────');
+  console.log(' Updating bun global install');
+  console.log('──────────────────────────────────────────────');
+
+  const mismatches: Array<{ name: string; expected: string; actual: string | null }> = [];
+
+  for (const item of items) {
+    const before = readGlobalInstalledVersion(item.name);
+    const cmd = item.forcePin
+      ? ['add', '-g', `${item.name}@${item.target}`]
+      : ['update', '-g', item.name];
+
+    const r = spawnSync('bun', cmd, { stdio: 'pipe', encoding: 'utf-8' });
+    const after = readGlobalInstalledVersion(item.name);
+
+    const delta =
+      before === after ? `unchanged at ${after ?? '?'}` : `${before ?? '?'} → ${after ?? '?'}`;
+
+    if (r.status !== 0) {
+      console.log(`✗ ${item.name}: ${delta}`);
+      console.log(`  bun ${cmd.join(' ')} failed (exit ${r.status})`);
+      if (r.stderr) console.log(`  ${r.stderr.trim().split('\n').join('\n  ')}`);
+      if (item.forcePin && after !== item.target) {
+        mismatches.push({ name: item.name, expected: item.target, actual: after });
+      }
+      continue;
+    }
+
+    if (item.forcePin && after !== item.target) {
+      console.log(`⚠ ${item.name}: ${delta} (expected ${item.target})`);
+      mismatches.push({ name: item.name, expected: item.target, actual: after });
+    } else {
+      console.log(`✓ ${item.name}: ${delta}`);
+    }
+  }
+
+  if (mismatches.length > 0) {
+    console.log('\n✗ Global install ended up on the wrong version for some packages:');
+    for (const m of mismatches) {
+      console.log(`    ${m.name}: have ${m.actual ?? '(missing)'}, expected ${m.expected}`);
+      console.log(`    fix:  bun add -g ${m.name}@${m.expected}`);
+    }
+    console.log(
+      '\n  Until this is resolved, your global cele2e/celilo binary is NOT the one this publish just shipped.',
+    );
+    process.exit(1);
+  }
+}

package/src/cli/commands/publish/helpers.ts

@@ -0,0 +1,227 @@
+/**
+ * Pure-read utilities shared across the publish planner + executor.
+ *
+ * Nothing here mutates state — these helpers query npm / git / fs to
+ * inform planning decisions. The planner is "logically pure" (same
+ * world state → same plan) even though it makes I/O calls, because
+ * everything in this file is a read.
+ *
+ * Write-side helpers (rewriteWorkspaceDeps, restorePackageJson, etc.)
+ * live alongside the executors in their respective phase files.
+ */
+
+import { execSync, spawnSync } from 'node:child_process';
+import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
+import { join, resolve } from 'node:path';
+import type { PackageJson, WorkspaceVersionMap } from './types';
+
+// Publish in dependency order: leaves first, then consumers.
+// Exported so tests can construct a synthetic packages list against the
+// same shape; runtime always uses these in this exact order.
+export const PACKAGES = [
+  'packages/cli-display',
+  'packages/capabilities',
+  'packages/event-bus',
+  'apps/celilo',
+  'packages/e2e',
+] as const;
+
+// REPO_ROOT discovery — this file lives at
+// apps/celilo/src/cli/commands/publish/helpers.ts, six dirs deep.
+// Kept as a relative path (matches existing convention in
+// services/module-types-drift.test.ts and friends) rather than
+// `git rev-parse` to avoid a subprocess on every publish startup.
+export const REPO_ROOT = resolve(import.meta.dir, '../../../../../..');
+
+export const ENV_FILE = join(REPO_ROOT, '.env');
+
+export function readPkg(dir: string): PackageJson {
+  return JSON.parse(readFileSync(join(REPO_ROOT, dir, 'package.json'), 'utf-8'));
+}
+
+export function isPublished(name: string, version: string): boolean {
+  const r = spawnSync('npm', ['view', `${name}@${version}`, 'version'], {
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  return r.status === 0;
+}
+
+export function currentGitHead(): string {
+  return execSync('git rev-parse HEAD', { encoding: 'utf-8', cwd: REPO_ROOT }).trim();
+}
+
+/**
+ * Find the most recent commit touching any of the given pathspecs. Used
+ * by the stale-version check to compare "last src change" vs "last
+ * package.json change."
+ */
+export function lastCommitTouching(pathspec: string[]): string | null {
+  const r = spawnSync('git', ['log', '-1', '--format=%H', '--', ...pathspec], {
+    cwd: REPO_ROOT,
+    stdio: ['ignore', 'pipe', 'ignore'],
+    encoding: 'utf-8',
+  });
+  if (r.status !== 0) return null;
+  const sha = r.stdout.trim();
+  return sha || null;
+}
+
+export function isAncestor(maybeAncestor: string, descendant: string): boolean {
+  const r = spawnSync('git', ['merge-base', '--is-ancestor', maybeAncestor, descendant], {
+    cwd: REPO_ROOT,
+    stdio: 'ignore',
+  });
+  return r.status === 0;
+}
+
+export function buildWorkspaceVersionMap(): WorkspaceVersionMap {
+  const m = new Map<string, string>();
+  for (const pkg of PACKAGES) {
+    const { name, version } = readPkg(pkg);
+    if (name && version) m.set(name, version);
+  }
+  return m;
+}
+
+/**
+ * List every publishable module under modules/. Excludes `archive/`
+ * (operator-confirmed: not publishable) and any dir lacking a
+ * manifest.yml.
+ */
+export function listModuleDirs(): string[] {
+  const modulesRoot = join(REPO_ROOT, 'modules');
+  if (!existsSync(modulesRoot)) return [];
+  const out: string[] = [];
+  for (const name of readdirSync(modulesRoot)) {
+    if (name === 'archive') continue;
+    const dir = join(modulesRoot, name);
+    let st: ReturnType<typeof statSync>;
+    try {
+      st = statSync(dir);
+    } catch {
+      continue;
+    }
+    if (!st.isDirectory()) continue;
+    if (!existsSync(join(dir, 'manifest.yml'))) continue;
+    out.push(dir);
+  }
+  return out;
+}
+
+/**
+ * Read `EXTERNAL_PROJECT_PATHS` from .env (space-separated absolute paths).
+ * Returns [] if the file is absent or the var is unset — bumping just
+ * the in-repo modules is still useful on its own.
+ */
+export function readExternalProjectPaths(): string[] {
+  if (!existsSync(ENV_FILE)) return [];
+  const content = readFileSync(ENV_FILE, 'utf-8');
+  for (const line of content.split('\n')) {
+    const m = line.match(/^\s*EXTERNAL_PROJECT_PATHS\s*=\s*(.+?)\s*$/);
+    if (!m) continue;
+    const raw = m[1].replace(/^["']|["']$/g, '');
+    return raw.split(/\s+/).filter(Boolean);
+  }
+  return [];
+}
+
+/**
+ * Recursively find every package.json under a root, skipping
+ * node_modules and common build-output dirs (so we don't try to rewrite
+ * lock-installed copies — those get refreshed by `bun install`).
+ */
+export function findPackageJsons(root: string): string[] {
+  const out: string[] = [];
+  const SKIP_DIRS = new Set(['node_modules', '.bun', 'dist', '.nx', '.git']);
+
+  function walk(dir: string): void {
+    let entries: string[];
+    try {
+      entries = readdirSync(dir);
+    } catch {
+      return;
+    }
+    for (const name of entries) {
+      if (SKIP_DIRS.has(name)) continue;
+      const full = join(dir, name);
+      let st: ReturnType<typeof statSync>;
+      try {
+        st = statSync(full);
+      } catch {
+        continue;
+      }
+      if (st.isDirectory()) {
+        walk(full);
+      } else if (name === 'package.json') {
+        out.push(full);
+      }
+    }
+  }
+  walk(root);
+  return out;
+}
+
+/** Strip semver operators (^, ~, =, >=, etc.) to get the bare version. */
+export function bareVersion(spec: string): string {
+  return spec.replace(/^[\s^~=><]+/, '').trim();
+}
+
+/**
+ * Re-apply the same operator that was on the old spec. An exact pin
+ * (`"0.1.9"`) stays exact (`"0.1.10"`). A caret pin (`"^0.1.9"`) stays
+ * caret (`"^0.1.10"`). Don't widen exact pins to caret silently —
+ * that masks a deliberate operator choice.
+ */
+export function withOperator(oldSpec: string, newVersion: string): string {
+  if (oldSpec.startsWith('workspace:')) return oldSpec;
+  if (/^[a-z]+:/.test(oldSpec) && !oldSpec.startsWith('npm:')) return oldSpec;
+  const m = oldSpec.match(/^(\^|~|>=|<=|=|>|<)?/);
+  const op = m?.[1] ?? '';
+  return `${op}${newVersion}`;
+}
+
+/**
+ * Read the installed version of `<name>` from bun's global node_modules.
+ * Returns null if the package isn't installed there (or its package.json
+ * is unreadable/malformed — we'd rather warn loudly later than crash here).
+ */
+export function readGlobalInstalledVersion(name: string): string | null {
+  const pkgJsonPath = join(
+    process.env.HOME ?? '',
+    '.bun',
+    'install',
+    'global',
+    'node_modules',
+    ...name.split('/'),
+    'package.json',
+  );
+  if (!existsSync(pkgJsonPath)) return null;
+  try {
+    const pkg = JSON.parse(readFileSync(pkgJsonPath, 'utf-8')) as PackageJson;
+    return pkg.version ?? null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Look up the npm-latest version of every package we manage. Runs
+ * regardless of whether anything was published this session — the
+ * goal is to drag consumers up to current head, not just to apply
+ * the deltas from this run.
+ */
+export function fetchLatestVersions(): Map<string, string> {
+  const out = new Map<string, string>();
+  for (const pkg of PACKAGES) {
+    const { name } = readPkg(pkg);
+    if (!name) continue;
+    const r = spawnSync('npm', ['view', name, 'version'], {
+      stdio: ['ignore', 'pipe', 'ignore'],
+      encoding: 'utf-8',
+    });
+    if (r.status !== 0) continue;
+    const version = r.stdout.trim();
+    if (version) out.set(name, version);
+  }
+  return out;
+}