@crossdelta/infrastructure 0.2.25 → 0.2.27

package/bin/generate-env.ts

@@ -0,0 +1,178 @@
+#!/usr/bin/env bun
+/**
+ * Generate environment variables for local development.
+ *
+ * This script:
+ * 1. Loads secrets from Pulumi config (dev stack) if available
+ * 2. Discovers services from infra/services/*.ts (parses files without importing)
+ * 3. Generates service URLs and ports for localhost
+ * 4. Writes .env.local to the workspace root
+ *
+ * Usage: generate-env [--no-pulumi]
+ */
+import { existsSync, readdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { join } from 'node:path'
+
+type PulumiConfigEntry = {
+  value?: string
+  secret?: boolean
+}
+
+interface MinimalServiceConfig {
+  name: string
+  containerPort?: number
+  httpPort?: number
+  internalPorts?: number[]
+  internalUrl?: string
+}
+
+const toEnvKey = (name: string): string => name.toUpperCase().replace(/-/g, '_')
+
+const resolveNumber = (value: string, fileContent: string): number | undefined => {
+  const literal = Number.parseInt(value, 10)
+  if (!Number.isNaN(literal)) return literal
+
+  const varMatch = fileContent.match(new RegExp(`(?:const|let|var)\\s+${value}\\s*=\\s*(\\d+)`))
+  return varMatch?.[1] ? Number.parseInt(varMatch[1], 10) : undefined
+}
+
+const extract = {
+  string: (content: string, pattern: RegExp): string | undefined =>
+    content.match(pattern)?.[1],
+
+  number: (content: string, pattern: RegExp): number | undefined => {
+    const match = content.match(pattern)?.[1]
+    return match ? resolveNumber(match, content) : undefined
+  },
+
+  numberArray: (content: string, pattern: RegExp): number[] | undefined => {
+    const match = content.match(pattern)?.[1]
+    if (!match) return undefined
+
+    const numbers = match
+      .split(',')
+      .map((v) => resolveNumber(v.trim(), content))
+      .filter((n): n is number => n !== undefined)
+
+    return numbers.length > 0 ? numbers : undefined
+  },
+}
+
+const findWorkspaceRoot = (): string => {
+  let dir = process.cwd()
+  while (!existsSync(join(dir, 'bun.lock')) && !existsSync(join(dir, 'package-lock.json'))) {
+    const parent = join(dir, '..')
+    if (parent === dir) throw new Error('Could not locate workspace root')
+    dir = parent
+  }
+  return dir
+}
+
+const loadPulumiConfig = async (infraDir: string, stack: string): Promise<string[]> => {
+  try {
+    const result = Bun.spawnSync(['pulumi', 'config', '--show-secrets', '--json', '--stack', stack, '--cwd', infraDir])
+    if (result.exitCode !== 0) return []
+    
+    const config = JSON.parse(result.stdout.toString()) as Record<string, PulumiConfigEntry>
+
+    return Object.entries(config)
+      .filter(([key]) => key.includes(':'))
+      .filter(([, entry]) => entry.value !== undefined && entry.value !== null && entry.value !== 'undefined')
+      .map(([fullKey, entry]) => {
+        const [, rawKey] = fullKey.split(':')
+        return `${rawKey}=${entry.value}`
+      })
+  } catch {
+    return []
+  }
+}
+
+const discoverServices = (servicesDir: string): MinimalServiceConfig[] => {
+  if (!existsSync(servicesDir)) return []
+  
+  const files = readdirSync(servicesDir).filter(
+    (file) => file.endsWith('.ts') && file !== 'index.ts'
+  )
+
+  return files.map((file) => {
+    const content = readFileSync(join(servicesDir, file), 'utf-8')
+
+    return {
+      name: extract.string(content, /name:\s*['"]([^'"]+)['"]/) ?? file.replace('.ts', ''),
+      containerPort: extract.number(content, /containerPort:\s*(\w+)/),
+      httpPort: extract.number(content, /httpPort:\s*(\w+)/),
+      internalPorts: extract.numberArray(content, /internalPorts:\s*\[([^\]]+)\]/),
+      internalUrl: extract.string(content, /internalUrl:\s*[`'"]([^`'"]+)[`'"]/),
+    }
+  })
+}
+
+const getServicePort = (config: MinimalServiceConfig): number | undefined => {
+  if (config.containerPort) return config.containerPort
+  if (config.httpPort) return config.httpPort
+  if (config.internalPorts?.[0]) return config.internalPorts[0]
+  return undefined
+}
+
+const getLocalUrl = (config: MinimalServiceConfig): string | undefined => {
+  const port = getServicePort(config)
+  if (!port) return undefined
+
+  if (config.internalUrl) {
+    const protocolMatch = config.internalUrl.match(/^(\w+):\/\//)
+    if (protocolMatch) {
+      return `${protocolMatch[1]}://localhost:${port}`
+    }
+  }
+
+  return `http://localhost:${port}`
+}
+
+const main = async () => {
+  const noPulumi = process.argv.includes('--no-pulumi')
+  const workspaceRootDir = findWorkspaceRoot()
+  const infraDir = join(workspaceRootDir, 'infra')
+  const servicesDir = join(infraDir, 'services')
+
+  const envLines: string[] = ['# Generated .env.local']
+
+  // Load Pulumi secrets if available and not disabled
+  if (!noPulumi && existsSync(join(infraDir, 'Pulumi.yaml'))) {
+    const pulumiEnvs = await loadPulumiConfig(infraDir, 'dev')
+    if (pulumiEnvs.length > 0) {
+      envLines.push('', '# Pulumi Secrets')
+      envLines.push(...pulumiEnvs)
+    }
+  }
+
+  // Discover services
+  const serviceConfigs = discoverServices(servicesDir)
+
+  if (serviceConfigs.length > 0) {
+    envLines.push('', '# Service URLs')
+    for (const config of serviceConfigs) {
+      const url = getLocalUrl(config)
+      if (url) {
+        envLines.push(`${toEnvKey(config.name)}_URL=${url}`)
+      }
+    }
+
+    envLines.push('', '# Service Ports')
+    for (const config of serviceConfigs) {
+      const port = getServicePort(config)
+      if (port) {
+        envLines.push(`${toEnvKey(config.name)}_PORT=${port}`)
+      }
+    }
+
+    console.log(`✅ Discovered ${serviceConfigs.length} services`)
+  }
+
+  writeFileSync(join(workspaceRootDir, '.env.local'), `${envLines.join('\n')}\n`)
+  console.log(`✅ .env.local generated at ${workspaceRootDir}`)
+}
+
+main().catch((err) => {
+  console.error('❌', err.message)
+  process.exit(1)
+})

package/dist/index.cjs

@@ -334344,10 +334344,37 @@ function buildServicePortEnvs(serviceConfigs) {
 }
 // lib/runtimes/doks/cert-manager.ts
 var k8s = __toESM(require_kubernetes(), 1);
+var CERT_MANAGER_DEFAULTS = {
+  resources: {
+    requests: { cpu: "10m", memory: "32Mi" },
+    limits: { cpu: "100m", memory: "128Mi" }
+  },
+  webhook: {
+    timeoutSeconds: 25,
+    resources: {
+      requests: { cpu: "10m", memory: "32Mi" },
+      limits: { cpu: "50m", memory: "64Mi" }
+    }
+  },
+  cainjector: {
+    resources: {
+      requests: { cpu: "10m", memory: "32Mi" },
+      limits: { cpu: "50m", memory: "128Mi" }
+    }
+  }
+};
 function deployCertManager(provider, config2) {
   const namespace = "cert-manager";
   const isStaging = config2.staging ?? false;
   const issuerName = isStaging ? "letsencrypt-staging" : "letsencrypt-production";
+  const resources = config2.resources ?? CERT_MANAGER_DEFAULTS.resources;
+  const webhook = {
+    timeoutSeconds: config2.webhook?.timeoutSeconds ?? CERT_MANAGER_DEFAULTS.webhook.timeoutSeconds,
+    resources: config2.webhook?.resources ?? CERT_MANAGER_DEFAULTS.webhook.resources
+  };
+  const cainjector = {
+    resources: config2.cainjector?.resources ?? CERT_MANAGER_DEFAULTS.cainjector.resources
+  };
   const release = new k8s.helm.v3.Release("cert-manager", {
     name: "cert-manager",
     namespace,
@@ -334362,19 +334389,20 @@ function deployCertManager(provider, config2) {
         enabled: true
       },
       resources: {
-        requests: { cpu: "10m", memory: "32Mi" },
-        limits: { cpu: "100m", memory: "128Mi" }
+        requests: resources.requests,
+        limits: resources.limits
       },
       webhook: {
+        timeoutSeconds: webhook.timeoutSeconds,
         resources: {
-          requests: { cpu: "10m", memory: "32Mi" },
-          limits: { cpu: "50m", memory: "64Mi" }
+          requests: webhook.resources.requests,
+          limits: webhook.resources.limits
         }
       },
       cainjector: {
         resources: {
-          requests: { cpu: "10m", memory: "32Mi" },
-          limits: { cpu: "50m", memory: "128Mi" }
+          requests: cainjector.resources.requests,
+          limits: cainjector.resources.limits
         }
       }
     },
@@ -334539,6 +334567,20 @@ var NATS_DEFAULTS = {
   resources: {
     requests: { cpu: "100m", memory: "256Mi" },
     limits: { cpu: "500m", memory: "512Mi" }
+  },
+  reloader: {
+    enabled: true,
+    resources: {
+      requests: { cpu: "5m", memory: "16Mi" },
+      limits: { cpu: "50m", memory: "64Mi" }
+    }
+  },
+  natsBox: {
+    enabled: true,
+    resources: {
+      requests: { cpu: "5m", memory: "16Mi" },
+      limits: { cpu: "50m", memory: "64Mi" }
+    }
   }
 };
 function deployNats(provider, namespace, config2 = {}) {
@@ -334550,6 +334592,14 @@ function deployNats(provider, namespace, config2 = {}) {
     memoryStorageSize: config2.jetstream?.memoryStorageSize ?? NATS_DEFAULTS.jetstream.memoryStorageSize
   };
   const resources = config2.resources ?? NATS_DEFAULTS.resources;
+  const reloader = {
+    enabled: config2.reloader?.enabled ?? NATS_DEFAULTS.reloader.enabled,
+    resources: config2.reloader?.resources ?? NATS_DEFAULTS.reloader.resources
+  };
+  const natsBox = {
+    enabled: config2.natsBox?.enabled ?? NATS_DEFAULTS.natsBox.enabled,
+    resources: config2.natsBox?.resources ?? NATS_DEFAULTS.natsBox.resources
+  };
   const helmValues = {
     config: {
       cluster: {
@@ -334574,9 +334624,31 @@ function deployNats(provider, namespace, config2 = {}) {
       }
     },
     container: {
-      resources: {
-        requests: resources.requests,
-        limits: resources.limits
+      merge: {
+        resources: {
+          requests: resources.requests,
+          limits: resources.limits
+        }
+      }
+    },
+    reloader: {
+      enabled: reloader.enabled,
+      merge: {
+        resources: {
+          requests: reloader.resources.requests,
+          limits: reloader.resources.limits
+        }
+      }
+    },
+    natsBox: {
+      enabled: natsBox.enabled,
+      container: {
+        merge: {
+          resources: {
+            requests: natsBox.resources.requests,
+            limits: natsBox.resources.limits
+          }
+        }
       }
     },
     service: {

package/dist/index.js

@@ -334266,10 +334266,37 @@ function buildServicePortEnvs(serviceConfigs) {
 }
 // lib/runtimes/doks/cert-manager.ts
 var k8s = __toESM(require_kubernetes(), 1);
+var CERT_MANAGER_DEFAULTS = {
+  resources: {
+    requests: { cpu: "10m", memory: "32Mi" },
+    limits: { cpu: "100m", memory: "128Mi" }
+  },
+  webhook: {
+    timeoutSeconds: 25,
+    resources: {
+      requests: { cpu: "10m", memory: "32Mi" },
+      limits: { cpu: "50m", memory: "64Mi" }
+    }
+  },
+  cainjector: {
+    resources: {
+      requests: { cpu: "10m", memory: "32Mi" },
+      limits: { cpu: "50m", memory: "128Mi" }
+    }
+  }
+};
 function deployCertManager(provider, config2) {
   const namespace = "cert-manager";
   const isStaging = config2.staging ?? false;
   const issuerName = isStaging ? "letsencrypt-staging" : "letsencrypt-production";
+  const resources = config2.resources ?? CERT_MANAGER_DEFAULTS.resources;
+  const webhook = {
+    timeoutSeconds: config2.webhook?.timeoutSeconds ?? CERT_MANAGER_DEFAULTS.webhook.timeoutSeconds,
+    resources: config2.webhook?.resources ?? CERT_MANAGER_DEFAULTS.webhook.resources
+  };
+  const cainjector = {
+    resources: config2.cainjector?.resources ?? CERT_MANAGER_DEFAULTS.cainjector.resources
+  };
   const release = new k8s.helm.v3.Release("cert-manager", {
     name: "cert-manager",
     namespace,
@@ -334284,19 +334311,20 @@ function deployCertManager(provider, config2) {
         enabled: true
       },
       resources: {
-        requests: { cpu: "10m", memory: "32Mi" },
-        limits: { cpu: "100m", memory: "128Mi" }
+        requests: resources.requests,
+        limits: resources.limits
       },
       webhook: {
+        timeoutSeconds: webhook.timeoutSeconds,
         resources: {
-          requests: { cpu: "10m", memory: "32Mi" },
-          limits: { cpu: "50m", memory: "64Mi" }
+          requests: webhook.resources.requests,
+          limits: webhook.resources.limits
         }
       },
       cainjector: {
         resources: {
-          requests: { cpu: "10m", memory: "32Mi" },
-          limits: { cpu: "50m", memory: "128Mi" }
+          requests: cainjector.resources.requests,
+          limits: cainjector.resources.limits
         }
       }
     },
@@ -334461,6 +334489,20 @@ var NATS_DEFAULTS = {
   resources: {
     requests: { cpu: "100m", memory: "256Mi" },
     limits: { cpu: "500m", memory: "512Mi" }
+  },
+  reloader: {
+    enabled: true,
+    resources: {
+      requests: { cpu: "5m", memory: "16Mi" },
+      limits: { cpu: "50m", memory: "64Mi" }
+    }
+  },
+  natsBox: {
+    enabled: true,
+    resources: {
+      requests: { cpu: "5m", memory: "16Mi" },
+      limits: { cpu: "50m", memory: "64Mi" }
+    }
   }
 };
 function deployNats(provider, namespace, config2 = {}) {
@@ -334472,6 +334514,14 @@ function deployNats(provider, namespace, config2 = {}) {
     memoryStorageSize: config2.jetstream?.memoryStorageSize ?? NATS_DEFAULTS.jetstream.memoryStorageSize
   };
   const resources = config2.resources ?? NATS_DEFAULTS.resources;
+  const reloader = {
+    enabled: config2.reloader?.enabled ?? NATS_DEFAULTS.reloader.enabled,
+    resources: config2.reloader?.resources ?? NATS_DEFAULTS.reloader.resources
+  };
+  const natsBox = {
+    enabled: config2.natsBox?.enabled ?? NATS_DEFAULTS.natsBox.enabled,
+    resources: config2.natsBox?.resources ?? NATS_DEFAULTS.natsBox.resources
+  };
   const helmValues = {
     config: {
       cluster: {
@@ -334496,9 +334546,31 @@ function deployNats(provider, namespace, config2 = {}) {
       }
     },
     container: {
-      resources: {
-        requests: resources.requests,
-        limits: resources.limits
+      merge: {
+        resources: {
+          requests: resources.requests,
+          limits: resources.limits
+        }
+      }
+    },
+    reloader: {
+      enabled: reloader.enabled,
+      merge: {
+        resources: {
+          requests: reloader.resources.requests,
+          limits: reloader.resources.limits
+        }
+      }
+    },
+    natsBox: {
+      enabled: natsBox.enabled,
+      container: {
+        merge: {
+          resources: {
+            requests: natsBox.resources.requests,
+            limits: natsBox.resources.limits
+          }
+        }
       }
     },
     service: {

package/dist/runtimes/doks/cert-manager.d.ts

@@ -5,11 +5,26 @@
  * with Let's Encrypt.
  */
 import * as k8s from '@pulumi/kubernetes';
+import type { K8sResourceConfig } from './types';
 export interface CertManagerConfig {
     /** Email for Let's Encrypt notifications */
     email: string;
     /** Use Let's Encrypt staging (for testing) or production */
     staging?: boolean;
+    /** Resource configuration for main cert-manager controller */
+    resources?: K8sResourceConfig;
+    /** Webhook configuration */
+    webhook?: {
+        /** Timeout in seconds (must be 1-29 for DOKS compatibility, defaults to 25) */
+        timeoutSeconds?: number;
+        /** Resource configuration */
+        resources?: K8sResourceConfig;
+    };
+    /** CA Injector configuration */
+    cainjector?: {
+        /** Resource configuration */
+        resources?: K8sResourceConfig;
+    };
 }
 export interface CertManagerResult {
     /** The Helm release */

package/dist/runtimes/doks/types.d.ts

@@ -291,8 +291,22 @@ export interface NatsConfig {
         /** Password for client connections */
         password?: pulumi.Input<string>;
     };
-    /** Resource configuration */
+    /** Resource configuration for main NATS container */
     resources?: K8sResourceConfig;
+    /** Reloader sidecar configuration */
+    reloader?: {
+        /** Enable reloader sidecar (defaults to true) */
+        enabled?: boolean;
+        /** Resource configuration */
+        resources?: K8sResourceConfig;
+    };
+    /** NATS Box configuration (debugging tool) */
+    natsBox?: {
+        /** Enable NATS Box (defaults to true) */
+        enabled?: boolean;
+        /** Resource configuration */
+        resources?: K8sResourceConfig;
+    };
 }
 /**
  * Deployment result for a K8s service.

package/package.json

@@ -1,15 +1,19 @@
 {
   "name": "@crossdelta/infrastructure",
-  "version": "0.2.25",
+  "version": "0.2.27",
   "type": "module",
   "license": "MIT",
   "publishConfig": {
     "access": "public"
   },
+  "bin": {
+    "generate-env": "./bin/generate-env.ts"
+  },
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",
   "files": [
-    "dist"
+    "dist",
+    "bin"
   ],
   "exports": {
     ".": {