npm - @envsync-cloud/deploy-cli - Versions diffs - 0.6.13 → 0.6.15 - Mend

@envsync-cloud/deploy-cli 0.6.13 → 0.6.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -65,6 +65,8 @@ npx @envsync-cloud/deploy-cli setup
 `setup` requires an exact release version such as `0.6.2`. Channel names like `stable` and `latest` are not accepted for self-hosted installs.
+The configured target release comes from `/etc/envsync/deploy.yaml`. Running a newer CLI package with `bunx @envsync-cloud/deploy-cli@<version> ...` does not change the pinned target release by itself.
 Bootstrap infra, migrations, RustFS, and OpenFGA:
 ```bash
@@ -73,6 +75,8 @@ npx @envsync-cloud/deploy-cli bootstrap
 `bootstrap` is destructive. It removes the existing EnvSync stack, matching containers, network, and managed volumes before rebuilding, and requires typing `yes` to continue. Use `--force` to bypass the prompt in automation or other non-interactive environments.
+During destructive bootstrap, stable generated secrets are preserved, but persisted OpenFGA store/model IDs are cleared before re-initialization so a fresh OpenFGA database cannot reuse stale IDs from a previous run.
 Deploy the pending API and frontend services:
 ```bash
@@ -117,6 +121,26 @@ npx @envsync-cloud/deploy-cli bootstrap --force
 npx @envsync-cloud/deploy-cli deploy --dry-run
 ```
+## Local Smoke Testing
+Use the repo-local smoke harness to test unpublished self-hosted deploy-cli changes without publishing to GitHub or npm:
+```bash
+bun run selfhost:smoke
+```
+The smoke harness:
+- runs the local `packages/deploy-cli/src/index.ts` directly
+- uses disposable roots under `.tmp/selfhost-smoke`
+- sets `ENVSYNC_REPO_ROOT` to the current workspace so no repo clone/fetch/checkout happens
+- uses high host ports instead of `80/443`
+Advanced local test overrides supported by the deploy-cli:
+- `ENVSYNC_HOST_ROOT`
+- `ENVSYNC_ETC_ROOT`
+- `ENVSYNC_TRAEFIK_STATE_ROOT`
+- `ENVSYNC_REPO_ROOT`
 ## Links
 - Repository: https://github.com/EnvSync-Cloud/envsync

package/dist/index.js CHANGED Viewed

@@ -7,26 +7,26 @@ import fs from "fs";
 import path from "path";
 import readline from "readline";
 import chalk from "chalk";
-var HOST_ROOT = "/opt/envsync";
-var DEPLOY_ROOT = "/opt/envsync/deploy";
-var RELEASES_ROOT = "/opt/envsync/releases";
-var BACKUPS_ROOT = "/opt/envsync/backups";
-var ETC_ROOT = "/etc/envsync";
-var TRAEFIK_STATE_ROOT = "/var/lib/envsync/traefik";
-var REPO_ROOT = "/opt/envsync/repo";
-var DEPLOY_ENV = "/etc/envsync/deploy.env";
-var DEPLOY_YAML = "/etc/envsync/deploy.yaml";
-var VERSIONS_LOCK = "/opt/envsync/deploy/versions.lock.json";
-var STACK_FILE = "/opt/envsync/deploy/docker-stack.yaml";
-var BOOTSTRAP_BASE_STACK_FILE = "/opt/envsync/deploy/docker-stack.bootstrap.base.yaml";
-var BOOTSTRAP_STACK_FILE = "/opt/envsync/deploy/docker-stack.bootstrap.yaml";
-var TRAEFIK_DYNAMIC_FILE = "/opt/envsync/deploy/traefik-dynamic.yaml";
-var KEYCLOAK_REALM_FILE = "/opt/envsync/deploy/keycloak-realm.envsync.json";
-var NGINX_WEB_CONF = "/opt/envsync/deploy/nginx-web.conf";
-var NGINX_LANDING_CONF = "/opt/envsync/deploy/nginx-landing.conf";
-var OTEL_AGENT_CONF = "/opt/envsync/deploy/otel-agent.yaml";
-var CLICKSTACK_CLICKHOUSE_CONF = "/opt/envsync/deploy/clickhouse-listen.xml";
-var INTERNAL_CONFIG_JSON = "/opt/envsync/deploy/config.json";
+var HOST_ROOT = process.env.ENVSYNC_HOST_ROOT ?? "/opt/envsync";
+var ETC_ROOT = process.env.ENVSYNC_ETC_ROOT ?? "/etc/envsync";
+var TRAEFIK_STATE_ROOT = process.env.ENVSYNC_TRAEFIK_STATE_ROOT ?? "/var/lib/envsync/traefik";
+var DEPLOY_ROOT = path.join(HOST_ROOT, "deploy");
+var RELEASES_ROOT = path.join(HOST_ROOT, "releases");
+var BACKUPS_ROOT = path.join(HOST_ROOT, "backups");
+var REPO_ROOT = process.env.ENVSYNC_REPO_ROOT ?? path.join(HOST_ROOT, "repo");
+var DEPLOY_ENV = path.join(ETC_ROOT, "deploy.env");
+var DEPLOY_YAML = path.join(ETC_ROOT, "deploy.yaml");
+var VERSIONS_LOCK = path.join(DEPLOY_ROOT, "versions.lock.json");
+var STACK_FILE = path.join(DEPLOY_ROOT, "docker-stack.yaml");
+var BOOTSTRAP_BASE_STACK_FILE = path.join(DEPLOY_ROOT, "docker-stack.bootstrap.base.yaml");
+var BOOTSTRAP_STACK_FILE = path.join(DEPLOY_ROOT, "docker-stack.bootstrap.yaml");
+var TRAEFIK_DYNAMIC_FILE = path.join(DEPLOY_ROOT, "traefik-dynamic.yaml");
+var KEYCLOAK_REALM_FILE = path.join(DEPLOY_ROOT, "keycloak-realm.envsync.json");
+var NGINX_WEB_CONF = path.join(DEPLOY_ROOT, "nginx-web.conf");
+var NGINX_LANDING_CONF = path.join(DEPLOY_ROOT, "nginx-landing.conf");
+var OTEL_AGENT_CONF = path.join(DEPLOY_ROOT, "otel-agent.yaml");
+var CLICKSTACK_CLICKHOUSE_CONF = path.join(DEPLOY_ROOT, "clickhouse-listen.xml");
+var INTERNAL_CONFIG_JSON = path.join(DEPLOY_ROOT, "config.json");
 var STACK_VOLUMES = [
   "postgres_data",
   "redis_data",
@@ -109,6 +109,28 @@ function commandSucceeds(cmd, args, opts = {}) {
   });
   return result.status === 0;
 }
+function runIgnoringAbsent(cmd, args, opts = {}) {
+  const result = spawnSync(cmd, args, {
+    cwd: opts.cwd,
+    env: { ...process.env, ...opts.env },
+    stdio: "pipe",
+    encoding: "utf8"
+  });
+  if (result.status === 0) {
+    const stdout = typeof result.stdout === "string" ? result.stdout.trim() : "";
+    if (stdout) console.log(stdout);
+    return true;
+  }
+  const combined = `${typeof result.stdout === "string" ? result.stdout : ""}
+${typeof result.stderr === "string" ? result.stderr : ""}`.toLowerCase();
+  const absentPatterns = (opts.absentPatterns ?? []).map((pattern) => pattern.toLowerCase());
+  if (absentPatterns.some((pattern) => combined.includes(pattern))) {
+    return false;
+  }
+  const stderr = typeof result.stderr === "string" ? result.stderr : "";
+  throw new Error(`Command failed: ${cmd} ${args.join(" ")}${stderr ? `
+${stderr}` : ""}`);
+}
 function ensureDir(dir) {
   fs.mkdirSync(dir, { recursive: true });
 }
@@ -256,6 +278,19 @@ function getDeployCliVersion() {
     return process.env.npm_package_version ?? "0.0.0";
   }
 }
+function hasExplicitRepoOverride() {
+  return typeof process.env.ENVSYNC_REPO_ROOT === "string" && process.env.ENVSYNC_REPO_ROOT.length > 0;
+}
+function logReleaseContext(config) {
+  const cliVersion = getDeployCliVersion();
+  logInfo(`Configured release version from ${DEPLOY_YAML}: ${config.release.version}`);
+  logInfo(`Running deploy-cli version: ${cliVersion}`);
+  if (cliVersion !== config.release.version) {
+    logWarn(
+      `The running deploy-cli version does not change the configured release target. This run will deploy the version pinned in ${DEPLOY_YAML}.`
+    );
+  }
+}
 function assertSemverVersion(version, label = "release version") {
   if (!SEMVER_VERSION_RE.test(version)) {
     throw new Error(`Invalid ${label} '${version}'. Expected an exact semver like 0.6.2.`);
@@ -332,6 +367,8 @@ function normalizeConfig(raw) {
     services: {
       stack_name: requireDefined(raw.services?.stack_name, "services.stack_name"),
       api_port: requireDefined(raw.services?.api_port, "services.api_port"),
+      public_http_port: raw.services?.public_http_port ?? 80,
+      public_https_port: raw.services?.public_https_port ?? 443,
       clickstack_ui_port: requireDefined(raw.services?.clickstack_ui_port, "services.clickstack_ui_port"),
       clickstack_otlp_http_port: requireDefined(raw.services?.clickstack_otlp_http_port, "services.clickstack_otlp_http_port"),
       clickstack_otlp_grpc_port: requireDefined(raw.services?.clickstack_otlp_grpc_port, "services.clickstack_otlp_grpc_port"),
@@ -475,6 +512,18 @@ function ensureGeneratedRuntimeState(generated) {
     bootstrap: generated.bootstrap
   });
 }
+function resetBootstrapGeneratedState(generated) {
+  return normalizeGeneratedState({
+    openfga: {
+      store_id: "",
+      model_id: ""
+    },
+    secrets: generated.secrets,
+    bootstrap: {
+      completed_at: ""
+    }
+  });
+}
 function keycloakImageTag(image) {
   return image.split(":").slice(1).join(":") || "local";
 }
@@ -805,11 +854,11 @@ services:
       - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
     ports:
       - target: 80
-        published: 80
+        published: ${config.services.public_http_port}
         protocol: tcp
         mode: host
       - target: 443
-        published: 443
+        published: ${config.services.public_https_port}
         protocol: tcp
         mode: host
     volumes:
@@ -1058,6 +1107,14 @@ function ensureRepoCheckout(config) {
     logDryRun(`Would ensure repo checkout at ${REPO_ROOT}`);
     return;
   }
+  if (hasExplicitRepoOverride()) {
+    if (!exists(path.join(REPO_ROOT, ".git"))) {
+      throw new Error(`ENVSYNC_REPO_ROOT is set but no git repo was found at ${REPO_ROOT}`);
+    }
+    logInfo(`Using local repo override at ${REPO_ROOT}`);
+    logSuccess("Local repo override is ready");
+    return;
+  }
   ensureDir(REPO_ROOT);
   if (!exists(path.join(REPO_ROOT, ".git"))) {
     logCommand("git", ["clone", config.source.repo_url, REPO_ROOT]);
@@ -1495,16 +1552,31 @@ function cleanupBootstrapState(config) {
   const refreshedContainers = listManagedContainers(config);
   if (refreshedContainers.length > 0) {
     logCommand("docker", ["rm", "-f", ...refreshedContainers]);
-    run("docker", ["rm", "-f", ...refreshedContainers]);
+    const removed = runIgnoringAbsent("docker", ["rm", "-f", ...refreshedContainers], {
+      absentPatterns: ["no such container", "not found"]
+    });
+    if (!removed) {
+      logInfo("Managed containers were already absent");
+    }
   }
   if (commandSucceeds("docker", ["network", "inspect", networkName])) {
     logCommand("docker", ["network", "rm", networkName]);
-    run("docker", ["network", "rm", networkName]);
+    const removed = runIgnoringAbsent("docker", ["network", "rm", networkName], {
+      absentPatterns: ["network", "not found", "no such network"]
+    });
+    if (!removed) {
+      logInfo(`Network ${networkName} was already absent`);
+    }
   }
   for (const volumeName of volumeNames) {
     if (commandSucceeds("docker", ["volume", "inspect", volumeName])) {
       logCommand("docker", ["volume", "rm", "-f", volumeName]);
-      run("docker", ["volume", "rm", "-f", volumeName]);
+      const removed = runIgnoringAbsent("docker", ["volume", "rm", "-f", volumeName], {
+        absentPatterns: ["no such volume", "not found"]
+      });
+      if (!removed) {
+        logInfo(`Volume ${volumeName} was already absent`);
+      }
     }
   }
   logSuccess("Existing EnvSync deployment resources removed");
@@ -1575,6 +1647,8 @@ async function cmdSetup() {
     services: {
       stack_name: "envsync",
       api_port: 4e3,
+      public_http_port: 80,
+      public_https_port: 443,
       clickstack_ui_port: 8080,
       clickstack_otlp_http_port: 4318,
       clickstack_otlp_grpc_port: 4317,
@@ -1623,9 +1697,9 @@ async function cmdSetup() {
 async function cmdBootstrap() {
   logSection("Bootstrap");
   const { config, generated } = loadState();
-  const nextGenerated = ensureGeneratedRuntimeState(generated);
+  const nextGenerated = ensureGeneratedRuntimeState(resetBootstrapGeneratedState(generated));
   const runtimeEnv = buildRuntimeEnv(config, nextGenerated);
-  logInfo(`Release version: ${config.release.version}`);
+  logReleaseContext(config);
   assertSwarmManager();
   if (currentOptions.dryRun) {
     logWarn("Dry-run mode: bootstrap reset will be previewed but not executed.");
@@ -1664,7 +1738,6 @@ async function cmdBootstrap() {
   waitForHttpService(config, "keycloak management readiness", "http://keycloak:9000/health/ready", 180);
   waitForHttpService(config, "openfga", "http://openfga:8090/stores");
   waitForTcpService(config, "minikms", "minikms", 50051);
-  waitForTcpService(config, "clickstack ui", "clickstack", 8080, 180);
   const initResult = runBootstrapInit(config);
   const persistedGenerated = normalizeGeneratedState({
     openfga: {
@@ -1699,7 +1772,7 @@ async function cmdBootstrap() {
 async function cmdDeploy() {
   logSection("Deploy");
   const { config, generated } = loadState();
-  logInfo(`Release version: ${config.release.version}`);
+  logReleaseContext(config);
   assertSwarmManager();
   assertBootstrapState(generated);
   if (!currentOptions.dryRun) {
@@ -1796,6 +1869,7 @@ async function cmdHealth(asJson) {
 async function cmdUpgrade() {
   logSection("Upgrade");
   const { config } = loadState();
+  logReleaseContext(config);
   config.images = {
     ...config.images,
     ...versionedImages(config.release.version)
@@ -1809,6 +1883,7 @@ async function cmdUpgrade() {
 async function cmdUpgradeDeps() {
   logSection("Upgrade Dependencies");
   const { config } = loadState();
+  logReleaseContext(config);
   config.images.traefik = "traefik:v3.6.6";
   config.images.clickstack = "clickhouse/clickstack-all-in-one:latest";
   config.images.otel_agent = "otel/opentelemetry-collector-contrib:0.111.0";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@envsync-cloud/deploy-cli",
-  "version": "0.6.13",
+  "version": "0.6.15",
   "description": "CLI for self-hosted EnvSync deployment on Docker Swarm",
   "type": "module",
   "bin": {