npm - @cloudcommerce/cli - Versions diffs - 0.0.48 → 0.0.51 - Mend

@cloudcommerce/cli 0.0.48 → 0.0.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,5 +1,5 @@
-[32m@cloudcommerce/cli:build[0m: cache hit, replaying output [2m1d924682dc793266[0m
+[32m@cloudcommerce/cli:build[0m: cache hit, replaying output [2m2cc60bd241fc5476[0m
 [32m@cloudcommerce/cli:build: [0m
-[32m@cloudcommerce/cli:build: [0m> @cloudcommerce/cli@0.0.47 build /home/leo/code/ecomplus/cloud-commerce/packages/cli
+[32m@cloudcommerce/cli:build: [0m> @cloudcommerce/cli@0.0.50 build /home/leo/code/ecomplus/cloud-commerce/packages/cli
 [32m@cloudcommerce/cli:build: [0m> sh ../../scripts/build-lib.sh
 [32m@cloudcommerce/cli:build: [0m

package/config/firebase.json CHANGED Viewed

@@ -9,6 +9,11 @@
       "source": "functions/core",
       "codebase": "core"
     },
+    {
+      "predeploy": "npm run build -- --codebase events --dir \"$RESOURCE_DIR\"",
+      "source": "functions/events",
+      "codebase": "events"
+    },
     {
       "predeploy": "npm run build -- --codebase modules --dir \"$RESOURCE_DIR\"",
       "source": "functions/modules",

package/lib/config-gcloud.js ADDED Viewed

@@ -0,0 +1,79 @@
+import path from 'path';
+import { $, echo, fs } from 'zx';
+const serviceAccountId = 'cloud-commerce-gh-actions';
+const serviceAccountEmail = (projectId) => {
+  return `${serviceAccountId}@${projectId}.iam.gserviceaccount.com`;
+};
+const checkServiceAccountExists = async (projectId) => {
+  try {
+    return $`gcloud iam service-accounts describe ${serviceAccountEmail(projectId)}`;
+  } catch (e) {
+    return null;
+  }
+};
+const siginGcloudAndSetIAM = async (projectId, pwd) => {
+  await $`gcloud auth login`;
+  await $`gcloud config set project ${projectId} `;
+  const roles = [
+    'roles/cloudconfig.admin',
+    'roles/appengine.appAdmin',
+    'roles/appengine.appCreator',
+    'roles/artifactregistry.admin',
+    'roles/cloudfunctions.admin',
+    'roles/cloudscheduler.admin',
+    'roles/iam.serviceAccountUser',
+    'roles/run.viewer',
+    'roles/serviceusage.apiKeysViewer',
+  ];
+  const serviceAccount = await checkServiceAccountExists(projectId);
+  if (!serviceAccount) {
+    await $`gcloud iam service-accounts create ${serviceAccountId} \
+        --description="A service account with permission to deploy Cloud Commerce from the GitHub repository to Firebase" \
+        --display-name="Cloud Commerce GH Actions"`;
+  }
+  const pathPolicyIAM = path.join(pwd, 'policyIAM.json');
+  await $`gcloud projects get-iam-policy ${projectId} --format json > ${pathPolicyIAM}`;
+  const policyIAM = fs.readJSONSync(pathPolicyIAM);
+  const { bindings } = policyIAM;
+  let updatePolicy = false;
+  roles.forEach((role) => {
+    const roleFound = bindings.find((binding) => binding.role === role);
+    const memberServiceAccount = `serviceAccount:${serviceAccountEmail(projectId)}`;
+    if (!roleFound) {
+      const newBinding = {
+        members: [
+          memberServiceAccount,
+        ],
+        role,
+      };
+      bindings.push(newBinding);
+      updatePolicy = true;
+    } else {
+      const serviceAccountHavePermission = roleFound.members.find((account) => account === memberServiceAccount);
+      if (!serviceAccountHavePermission) {
+        roleFound.members.push(memberServiceAccount);
+        updatePolicy = true;
+      }
+    }
+  });
+  if (updatePolicy) {
+    fs.writeJSONSync(pathPolicyIAM, policyIAM);
+    return $`gcloud projects set-iam-policy ${projectId} ${pathPolicyIAM}`;
+  }
+  return echo``;
+};
+const createKeyServiceAccount = async (projectId, pwd) => {
+  try {
+    const pathFileKey = path.join(pwd, 'serviceAccountKey.json');
+    await $`gcloud iam service-accounts keys create ${pathFileKey} \
+      --iam-account=${serviceAccountEmail(projectId)}`;
+    return JSON.stringify(fs.readJSONSync(pathFileKey));
+  } catch (e) {
+    return null;
+  }
+};
+export default siginGcloudAndSetIAM;
+export { siginGcloudAndSetIAM, createKeyServiceAccount };

package/lib/create-auth.js CHANGED Viewed

@@ -26,15 +26,15 @@ export default async (storeId, accessToken) => {
       username: `cloudcomm${Date.now()}`,
       permissions: {
         applications: ['all'],
-        brands: ['GET'],
-        carts: ['all'],
-        categories: ['GET'],
-        collections: ['GET'],
+        brands: ['all'],
+        categories: ['all'],
+        collections: ['all'],
+        grids: ['all'],
+        products: ['all'],
         customers: ['all'],
-        grids: ['GET'],
+        carts: ['all'],
         orders: ['GET', 'POST', 'PATCH'],
-        products: ['GET', 'PATCH'],
-        stores: ['GET'],
+        stores: ['GET', 'PATCH'],
       },
     }, apiConfig);
     authenticationId = _id;

package/lib/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ import {
 } from 'zx';
 import login from './login.js';
 import build from './build.js';
+import { siginGcloudAndSetIAM, createKeyServiceAccount } from './config-gcloud.js';
 const { FIREBASE_PROJECT_ID, GOOGLE_APPLICATION_CREDENTIALS } = process.env;
 const __dirname = url.fileURLToPath(new URL('.', import.meta.url));
@@ -43,6 +44,9 @@ export default async () => {
     return opts;
   }, '');
   const $firebase = (cmd) => {
+    if (cmd === 'deploy') {
+      return $`firebase --project=${projectId} ${cmd}${options} --force`;
+    }
     return $`firebase --project=${projectId} ${cmd}${options}`;
   };
   if (argv._.includes('serve')) {
@@ -94,6 +98,13 @@ ECOM_STORE_ID=${storeId}
         //
       }
     }
+    let serviceAccountJSON = null;
+    try {
+      await siginGcloudAndSetIAM(projectId, pwd);
+      serviceAccountJSON = await createKeyServiceAccount(projectId, pwd);
+    } catch (e) {
+      //
+    }
     return echo`
     ****
@@ -103,7 +114,7 @@ Finish by saving the following secrets to your GitHub repository:
   ${chalk.bold('ECOM_API_KEY')} = ${chalk.bgMagenta(apiKey)}
-  ${chalk.bold('FIREBASE_SERVICE_ACCOUNT')} = {YOUR_SERVICE_ACCOUNT_JSON}
+  ${chalk.bold('FIREBASE_SERVICE_ACCOUNT')} = ${chalk.bgMagenta(serviceAccountJSON || '{YOUR_SERVICE_ACCOUNT_JSON}')}
 -- More info at https://github.com/ecomplus/store#getting-started
 `;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@cloudcommerce/cli",
   "type": "module",
-  "version": "0.0.48",
+  "version": "0.0.51",
   "description": "E-Com Plus Cloud Commerce CLI tools",
   "bin": {
     "cloudcommerce": "./bin/run.mjs"
@@ -23,9 +23,9 @@
   },
   "homepage": "https://github.com/ecomplus/cloud-commerce/tree/main/packages/cli#readme",
   "dependencies": {
-    "@cloudcommerce/api": "0.0.48",
+    "@cloudcommerce/api": "0.0.51",
     "md5": "^2.3.0",
-    "zx": "^7.0.7"
+    "zx": "^7.0.8"
   },
   "scripts": {
     "build": "sh ../../scripts/build-lib.sh"

package/src/config-gcloud.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import path from 'path';
+import { $, echo, fs } from 'zx';
+const serviceAccountId = 'cloud-commerce-gh-actions';
+const serviceAccountEmail = (projectId: string) => {
+  return `${serviceAccountId}@${projectId}.iam.gserviceaccount.com`;
+};
+const checkServiceAccountExists = async (projectId: string) => {
+  try {
+    return $`gcloud iam service-accounts describe ${serviceAccountEmail(projectId)}`;
+  } catch (e) {
+    return null;
+  }
+};
+const siginGcloudAndSetIAM = async (
+  projectId: string,
+  pwd: string,
+) => {
+  await $`gcloud auth login`;
+  await $`gcloud config set project ${projectId} `;
+  const roles = [
+    'roles/cloudconfig.admin',
+    'roles/appengine.appAdmin',
+    'roles/appengine.appCreator',
+    'roles/artifactregistry.admin',
+    'roles/cloudfunctions.admin',
+    'roles/cloudscheduler.admin',
+    'roles/iam.serviceAccountUser',
+    'roles/run.viewer',
+    'roles/serviceusage.apiKeysViewer',
+  ];
+  const serviceAccount = await checkServiceAccountExists(projectId);
+  if (!serviceAccount) {
+    await $`gcloud iam service-accounts create ${serviceAccountId} \
+        --description="A service account with permission to deploy Cloud Commerce from the GitHub repository to Firebase" \
+        --display-name="Cloud Commerce GH Actions"`;
+  }
+  const pathPolicyIAM = path.join(pwd, 'policyIAM.json');
+  await $`gcloud projects get-iam-policy ${projectId} --format json > ${pathPolicyIAM}`;
+  const policyIAM = fs.readJSONSync(pathPolicyIAM);
+  const { bindings } = policyIAM;
+  let updatePolicy = false;
+  roles.forEach((role) => {
+    const roleFound = bindings.find(
+      (binding: { [key: string]: string | string[] }) => binding.role === role,
+    );
+    const memberServiceAccount = `serviceAccount:${serviceAccountEmail(projectId)}`;
+    if (!roleFound) {
+      const newBinding = {
+        members: [
+          memberServiceAccount,
+        ],
+        role,
+      };
+      bindings.push(newBinding);
+      updatePolicy = true;
+    } else {
+      const serviceAccountHavePermission = roleFound.members.find(
+        (account: string) => account === memberServiceAccount,
+      );
+      if (!serviceAccountHavePermission) {
+        roleFound.members.push(memberServiceAccount);
+        updatePolicy = true;
+      }
+    }
+  });
+  if (updatePolicy) {
+    fs.writeJSONSync(pathPolicyIAM, policyIAM);
+    return $`gcloud projects set-iam-policy ${projectId} ${pathPolicyIAM}`;
+  }
+  return echo``;
+};
+const createKeyServiceAccount = async (projectId: string, pwd: string) => {
+  try {
+    const pathFileKey = path.join(pwd, 'serviceAccountKey.json');
+    await $`gcloud iam service-accounts keys create ${pathFileKey} \
+      --iam-account=${serviceAccountEmail(projectId)}`;
+    return JSON.stringify(fs.readJSONSync(pathFileKey));
+  } catch (e) {
+    return null;
+  }
+};
+export default siginGcloudAndSetIAM;
+export {
+  siginGcloudAndSetIAM,
+  createKeyServiceAccount,
+};

package/src/create-auth.ts CHANGED Viewed

@@ -27,15 +27,15 @@ export default async (storeId: number, accessToken: string) => {
       username: `cloudcomm${Date.now()}`,
       permissions: {
         applications: ['all'],
-        brands: ['GET'],
-        carts: ['all'],
-        categories: ['GET'],
-        collections: ['GET'],
+        brands: ['all'],
+        categories: ['all'],
+        collections: ['all'],
+        grids: ['all'],
+        products: ['all'],
         customers: ['all'],
-        grids: ['GET'],
+        carts: ['all'],
         orders: ['GET', 'POST', 'PATCH'],
-        products: ['GET', 'PATCH'],
-        stores: ['GET'],
+        stores: ['GET', 'PATCH'],
       },
     }, apiConfig);
     authenticationId = _id;

package/src/index.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import {
 } from 'zx';
 import login from './login';
 import build from './build';
+import { siginGcloudAndSetIAM, createKeyServiceAccount } from './config-gcloud';
 const {
   FIREBASE_PROJECT_ID,
@@ -56,6 +57,9 @@ export default async () => {
     return opts;
   }, '');
   const $firebase = (cmd: string) => {
+    if (cmd === 'deploy') {
+      return $`firebase --project=${projectId} ${cmd}${options} --force`;
+    }
     return $`firebase --project=${projectId} ${cmd}${options}`;
   };
@@ -116,6 +120,14 @@ ECOM_STORE_ID=${storeId}
         //
       }
     }
+    let serviceAccountJSON : string | null = null;
+    try {
+      await siginGcloudAndSetIAM(projectId as string, pwd);
+      serviceAccountJSON = await createKeyServiceAccount(projectId as string, pwd);
+    } catch (e) {
+      //
+    }
     return echo`
     ****
@@ -125,11 +137,10 @@ Finish by saving the following secrets to your GitHub repository:
   ${chalk.bold('ECOM_API_KEY')} = ${chalk.bgMagenta(apiKey)}
-  ${chalk.bold('FIREBASE_SERVICE_ACCOUNT')} = {YOUR_SERVICE_ACCOUNT_JSON}
+  ${chalk.bold('FIREBASE_SERVICE_ACCOUNT')} = ${chalk.bgMagenta(serviceAccountJSON || '{YOUR_SERVICE_ACCOUNT_JSON}')}
 -- More info at https://github.com/ecomplus/store#getting-started
 `;
   }
   return $`echo 'Hello from @cloudcommerce/cli'`;
 };