@cloudcommerce/cli 0.0.58 → 0.0.61

package/.turbo/turbo-build.log

@@ -1,5 +1,5 @@
-@cloudcommerce/cli:build: cache hit, replaying output 1af9adb434178e30
-@cloudcommerce/cli:build: 
-@cloudcommerce/cli:build: > @cloudcommerce/cli@0.0.57 build /home/leo/code/ecomplus/cloud-commerce/packages/cli
-@cloudcommerce/cli:build: > sh ../../scripts/build-lib.sh
-@cloudcommerce/cli:build: 
+@cloudcommerce/cli:build: cache hit, replaying output fd1e9d1edc462db0
+@cloudcommerce/cli:build: 
+@cloudcommerce/cli:build: > @cloudcommerce/cli@0.0.60 build /home/leo/code/ecomplus/cloud-commerce/packages/cli
+@cloudcommerce/cli:build: > sh ../../scripts/build-lib.sh
+@cloudcommerce/cli:build: 

package/config/firebase.json

@@ -40,15 +40,18 @@
     "rewrites": [
       {
         "source": "/api/modules/**",
-        "function": "modules"
+        "function": "modules",
+        "region": "southamerica-east1"
       },
       {
         "source": "/api/passport/**",
-        "function": "passport"
+        "function": "passport",
+        "region": "southamerica-east1"
       },
       {
         "source": "**/!(*(*.)js|*(*.)css|*(*.)ico|*(*.)png|*(*.)gif|*(*.)jpg|*(*.)jpeg|*(*.)webp|*(*.)avif|*(*.)svg|*(*.)woff|*(*.)woff2|*(*.)otf|*(*.)ttf|*(*.)eot)",
-        "function": "ssr"
+        "function": "ssr",
+        "region": "southamerica-east1"
       }
     ],
     "cleanUrls": true

package/lib/index.js

@@ -5,9 +5,10 @@ import {
 } from 'zx';
 import login from './login.js';
 import build from './build.js';
-import { siginGcloudAndSetIAM, createKeyServiceAccount } from './config-gcloud.js';
+import { siginGcloudAndSetIAM, createServiceAccountKey } from './setup-gcloud.js';
+import createGhSecrets from './setup-gh.js';
 
-const { FIREBASE_PROJECT_ID, GOOGLE_APPLICATION_CREDENTIALS } = process.env;
+const { FIREBASE_PROJECT_ID, GOOGLE_APPLICATION_CREDENTIALS, GITHUB_TOKEN } = process.env;
 const __dirname = url.fileURLToPath(new URL('.', import.meta.url));
 const pwd = process.cwd();
 let projectId = FIREBASE_PROJECT_ID;
@@ -29,7 +30,7 @@ if (projectId) {
       const firebaserc = fs.readJSONSync(path.join(pwd, '.firebaserc'));
       projectId = firebaserc.projects.default;
     } catch (e) {
-      projectId = 'ecom2-001';
+      projectId = 'ecom2-002';
     }
   }
 }
@@ -102,11 +103,29 @@ ECOM_STORE_ID=${storeId}
     if (argv.gcloud !== false) {
       try {
         await siginGcloudAndSetIAM(projectId, pwd);
-        serviceAccountJSON = await createKeyServiceAccount(projectId, pwd);
+        serviceAccountJSON = await createServiceAccountKey(projectId, pwd);
       } catch (e) {
         //
       }
     }
+    let hasCreatedAllSecrets = false;
+    if (GITHUB_TOKEN && argv.github !== false) {
+      try {
+        hasCreatedAllSecrets = await createGhSecrets(apiKey, authenticationId, serviceAccountJSON, GITHUB_TOKEN);
+      } catch (e) {
+        //
+      }
+    }
+    if (hasCreatedAllSecrets) {
+      return echo`
+      ****
+
+CloudCommerce setup completed successfully.
+Your store repository on GitHub is ready, the first deploy will automatically start with GH Actions.
+
+-- More info at https://github.com/ecomplus/store#getting-started
+`;
+    }
     return echo`
     ****
 

package/lib/{config-gcloud.js → setup-gcloud.js}

@@ -78,7 +78,7 @@ const siginGcloudAndSetIAM = async (projectId, pwd) => {
   }
   return null;
 };
-const createKeyServiceAccount = async (projectId, pwd) => {
+const createServiceAccountKey = async (projectId, pwd) => {
   try {
     const pathFileKey = path.join(pwd, '.cloudcommerce', 'serviceAccountKey.json');
     await $`gcloud iam service-accounts keys create ${pathFileKey} \
@@ -91,4 +91,4 @@ const createKeyServiceAccount = async (projectId, pwd) => {
 
 export default siginGcloudAndSetIAM;
 
-export { siginGcloudAndSetIAM, createKeyServiceAccount };
+export { siginGcloudAndSetIAM, createServiceAccountKey };

package/lib/setup-gh.js

@@ -0,0 +1,59 @@
+import { fetch, $ } from 'zx';
+import libsodium from 'libsodium-wrappers';
+
+const getRemoteRepo = async () => {
+  try {
+    return (await $`git config --get remote.origin.url`).stdout
+      .replace(/.*github.com[/:]/, '')
+      .replace('.git', '')
+      .replace('\n', '');
+  } catch (e) {
+    return null;
+  }
+};
+const createGhSecrets = async (ecomApiKey, ecomAuthentication, firebaseServiceAccount, ghToken, ghRepo) => {
+  const remoteRepo = ghRepo || await getRemoteRepo();
+  if (!remoteRepo) {
+    throw new Error("Can't define remote Git repository");
+  }
+  const baseUrl = `https://api.github.com/repos/${remoteRepo}/actions/secrets`;
+  const fetchGhSecrets = async (resource, body, method = 'GET') => {
+    const url = `${baseUrl}${resource}`;
+    const headers = {
+      Accept: 'application/vnd.github+json',
+      Authorization: `token ${ghToken}`,
+    };
+    return fetch(url, {
+      method,
+      headers,
+      body,
+    });
+  };
+    // https:// docs.github.com/pt/rest/actions/secrets#get-a-repository-public-key
+  const ghPublicKey = await (await fetchGhSecrets('/public-key')).json();
+  const ghKeyBuffer = Buffer.from(ghPublicKey.key, 'base64');
+  await libsodium.ready;
+  const createGhSecret = async (secretName, secretValue) => {
+    // https://docs.github.com/pt/rest/actions/secrets#example-encrypting-a-secret-using-nodejs
+    // Encryption example: https://github.com/github/tweetsodium
+    const encryptedBytes = libsodium.crypto_box_seal(Buffer.from(secretValue), ghKeyBuffer);
+    const body = {
+      encrypted_value: Buffer.from(encryptedBytes).toString('base64'),
+      key_id: ghPublicKey.key_id,
+    };
+    return fetchGhSecrets(`/${secretName}`, JSON.stringify(body), 'PUT');
+  };
+  try {
+    await createGhSecret('ECOM_API_KEY', ecomApiKey);
+    await createGhSecret('ECOM_AUTHENTICATION_ID', ecomAuthentication);
+    if (firebaseServiceAccount) {
+      await createGhSecret('FIREBASE_SERVICE_ACCOUNT', firebaseServiceAccount);
+      return true;
+    }
+  } catch (e) {
+    //
+  }
+  return false;
+};
+
+export default createGhSecrets;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@cloudcommerce/cli",
   "type": "module",
-  "version": "0.0.58",
+  "version": "0.0.61",
   "description": "E-Com Plus Cloud Commerce CLI tools",
   "bin": {
     "cloudcommerce": "./bin/run.mjs"
@@ -23,7 +23,8 @@
   },
   "homepage": "https://github.com/ecomplus/cloud-commerce/tree/main/packages/cli#readme",
   "dependencies": {
-    "@cloudcommerce/api": "0.0.58",
+    "@cloudcommerce/api": "0.0.61",
+    "libsodium-wrappers": "^0.7.10",
     "md5": "^2.3.0",
     "zx": "^7.0.8"
   },

package/src/index.ts

@@ -9,11 +9,13 @@ import {
 } from 'zx';
 import login from './login';
 import build from './build';
-import { siginGcloudAndSetIAM, createKeyServiceAccount } from './config-gcloud';
+import { siginGcloudAndSetIAM, createServiceAccountKey } from './setup-gcloud';
+import createGhSecrets from './setup-gh';
 
 const {
   FIREBASE_PROJECT_ID,
   GOOGLE_APPLICATION_CREDENTIALS,
+  GITHUB_TOKEN,
 } = process.env;
 
 const __dirname = url.fileURLToPath(new URL('.', import.meta.url));
@@ -41,7 +43,7 @@ if (projectId) {
       const firebaserc = fs.readJSONSync(path.join(pwd, '.firebaserc'));
       projectId = firebaserc.projects.default;
     } catch (e) {
-      projectId = 'ecom2-001';
+      projectId = 'ecom2-002';
     }
   }
 }
@@ -103,6 +105,7 @@ ECOM_API_KEY=${apiKey}
 ECOM_STORE_ID=${storeId}
 `,
     );
+
     if (argv.deploy !== false) {
       await $firebase('deploy');
     }
@@ -111,6 +114,7 @@ ECOM_STORE_ID=${storeId}
         path.join(pwd, 'functions', 'config.json'),
         JSON.stringify({ storeId }, null, 2),
       );
+
       await build();
       try {
         await $`git add .firebaserc functions/config.json`;
@@ -124,12 +128,35 @@ ECOM_STORE_ID=${storeId}
     if (argv.gcloud !== false) {
       try {
         await siginGcloudAndSetIAM(projectId as string, pwd);
-        serviceAccountJSON = await createKeyServiceAccount(projectId as string, pwd);
+        serviceAccountJSON = await createServiceAccountKey(projectId as string, pwd);
+      } catch (e) {
+        //
+      }
+    }
+    let hasCreatedAllSecrets = false;
+    if (GITHUB_TOKEN && argv.github !== false) {
+      try {
+        hasCreatedAllSecrets = await createGhSecrets(
+          apiKey,
+          authenticationId,
+          serviceAccountJSON,
+          GITHUB_TOKEN,
+        );
       } catch (e) {
         //
       }
     }
 
+    if (hasCreatedAllSecrets) {
+      return echo`
+      ****
+
+CloudCommerce setup completed successfully.
+Your store repository on GitHub is ready, the first deploy will automatically start with GH Actions.
+
+-- More info at https://github.com/ecomplus/store#getting-started
+`;
+    }
     return echo`
     ****
 

package/src/{config-gcloud.ts → setup-gcloud.ts}

@@ -84,7 +84,7 @@ const siginGcloudAndSetIAM = async (projectId: string, pwd: string) => {
   return null;
 };
 
-const createKeyServiceAccount = async (projectId: string, pwd: string) => {
+const createServiceAccountKey = async (projectId: string, pwd: string) => {
   try {
     const pathFileKey = path.join(pwd, '.cloudcommerce', 'serviceAccountKey.json');
     await $`gcloud iam service-accounts keys create ${pathFileKey} \
@@ -99,5 +99,5 @@ export default siginGcloudAndSetIAM;
 
 export {
   siginGcloudAndSetIAM,
-  createKeyServiceAccount,
+  createServiceAccountKey,
 };

package/src/setup-gh.ts

@@ -0,0 +1,83 @@
+import { fetch, $ } from 'zx';
+import libsodium from 'libsodium-wrappers';
+
+const getRemoteRepo = async () => {
+  try {
+    return (await $`git config --get remote.origin.url`).stdout
+      .replace(/.*github.com[/:]/, '')
+      .replace('.git', '')
+      .replace('\n', '');
+  } catch (e) {
+    return null;
+  }
+};
+
+const createGhSecrets = async (
+  ecomApiKey: string,
+  ecomAuthentication: string,
+  firebaseServiceAccount: string | null,
+  ghToken: string,
+  ghRepo?: string,
+) => {
+  const remoteRepo = ghRepo || await getRemoteRepo();
+  if (!remoteRepo) {
+    throw new Error("Can't define remote Git repository");
+  }
+  const baseUrl = `https://api.github.com/repos/${remoteRepo}/actions/secrets`;
+
+  const fetchGhSecrets = async (
+    resource: string,
+    body?: string,
+    method: string = 'GET',
+  ) => {
+    const url = `${baseUrl}${resource}`;
+    const headers = {
+      Accept: 'application/vnd.github+json',
+      Authorization: `token ${ghToken}`,
+    };
+    return fetch(url, {
+      method,
+      headers,
+      body,
+    });
+  };
+
+  // https:// docs.github.com/pt/rest/actions/secrets#get-a-repository-public-key
+  const ghPublicKey = await (await fetchGhSecrets('/public-key')).json() as {
+    key_id: string,
+    key: string,
+  };
+  const ghKeyBuffer = Buffer.from(ghPublicKey.key, 'base64');
+  await libsodium.ready;
+
+  const createGhSecret = async (
+    secretName: string,
+    secretValue: string,
+  ) => {
+    // https://docs.github.com/pt/rest/actions/secrets#example-encrypting-a-secret-using-nodejs
+    // Encryption example: https://github.com/github/tweetsodium
+    const encryptedBytes = libsodium.crypto_box_seal(
+      Buffer.from(secretValue),
+      ghKeyBuffer,
+    );
+    const body = {
+      encrypted_value: Buffer.from(encryptedBytes).toString('base64'),
+      key_id: ghPublicKey.key_id,
+    };
+    return fetchGhSecrets(`/${secretName}`, JSON.stringify(body), 'PUT');
+  };
+
+  try {
+    await createGhSecret('ECOM_API_KEY', ecomApiKey);
+    await createGhSecret('ECOM_AUTHENTICATION_ID', ecomAuthentication);
+    if (firebaseServiceAccount) {
+      await createGhSecret('FIREBASE_SERVICE_ACCOUNT', firebaseServiceAccount);
+      return true;
+    }
+  } catch (e) {
+    //
+  }
+  return false;
+};
+
+export default createGhSecrets;