@everystack/cli 0.1.0

package/src/cli/commands/update.ts

@@ -0,0 +1,432 @@
+import fs from 'fs/promises';
+import path from 'path';
+import crypto from 'node:crypto';
+import zlib from 'node:zlib';
+import { pipeline } from 'node:stream/promises';
+import { createWriteStream } from 'node:fs';
+import { spawn } from 'node:child_process';
+import { resolveConfig } from '../config.js';
+import { uploadToS3, invokeAction } from '../aws.js';
+import { step, success, warn, fail, info } from '../output.js';
+import { exportApp } from '../utils/export.js';
+import { walkDirectory } from '../utils/walk.js';
+
+export interface UpdateFlags {
+  channel?: string;
+  branch?: string;
+  message?: string;
+  platform?: string;
+  export?: string;
+}
+
+export async function updateCommand(flags: UpdateFlags & Record<string, string>): Promise<void> {
+  const branch = flags.branch;
+  const channel = flags.channel || branch || flags.stage || 'production';
+  const message = flags.message || '';
+  const platformFilter = flags.platform || 'all';
+
+  // Read app config
+  step('Reading app config...');
+  const appConfig = await loadAppConfig();
+  const runtimeVersion = appConfig.runtimeVersion;
+
+  if (!runtimeVersion) {
+    fail('No runtimeVersion found in app.json/app.config.js');
+    process.exit(1);
+  }
+  success(`Runtime version: ${runtimeVersion}`);
+
+  // Export if needed
+  const distDir = path.resolve('dist');
+  const shouldExport = flags.export === 'true' || !(await dirExists(distDir));
+  if (shouldExport) {
+    step('Exporting app...');
+    await exportApp();
+    success('Export complete');
+  }
+
+  // Read metadata (mobile exports produce metadata.json; web-only exports don't)
+  const metadataPath = path.join(distDir, 'metadata.json');
+  let metadata: any = null;
+  try {
+    metadata = JSON.parse(await fs.readFile(metadataPath, 'utf8'));
+  } catch {
+    // No metadata.json — web-only export
+  }
+
+  // Determine platforms to publish
+  const platforms = getPlatforms(platformFilter, metadata);
+  const publishTarget = branch ? `branch "${branch}"` : `channel "${channel}"`;
+  info(`Publishing to ${publishTarget} (${platforms.join(', ')})`);
+
+  // Separate web from mobile platforms — web uses direct S3/Lambda; mobile uses HTTP API
+  const mobilePlatforms = platforms.filter(p => p !== 'web');
+  const hasWeb = platforms.includes('web');
+
+  // Track groupId across platforms for atomic multi-platform publish
+  let groupId: string | undefined;
+
+  // Mobile platforms — direct S3 upload + IAM-authed Lambda invoke (mirrors web path).
+  // No HTTP publish endpoint, no shared bearer token, no WAF body-size limits.
+  if (mobilePlatforms.length > 0) {
+    step('Resolving deployed config...');
+    let config;
+    try {
+      config = await resolveConfig(flags.stage);
+    } catch (err: any) {
+      fail(err.message);
+      process.exit(1);
+    }
+    success(`Region: ${config.region}, Function: ${config.apiFunctionName}`);
+
+    for (const platform of mobilePlatforms) {
+      const platformMetadata = metadata?.fileMetadata?.[platform];
+      if (!platformMetadata) {
+        warn(`Skipping ${platform} (no export found)`);
+        continue;
+      }
+
+      step(`Publishing ${platform}...`);
+      const assets = await gatherAssets(distDir, platform, platformMetadata);
+
+      // Group is per-publish-run, shared across mobile platforms + web
+      if (!groupId) groupId = crypto.randomUUID();
+      const branchName = branch || channel;
+      const storagePrefix = `releases/${branchName}/${runtimeVersion}/${groupId}/${platform}`;
+
+      // Upload each asset directly to S3 with content hashing
+      const uploaded: Array<{
+        path: string;
+        s3Key: string;
+        contentHash: string;
+        filename: string;
+        mimeType: string;
+        fileExtension: string;
+        isLaunchAsset: boolean;
+        sizeBytes: number;
+      }> = [];
+
+      const UPLOAD_CONCURRENCY = 6;
+      for (let i = 0; i < assets.length; i += UPLOAD_CONCURRENCY) {
+        const batch = assets.slice(i, i + UPLOAD_CONCURRENCY);
+        try {
+          await Promise.all(batch.map(async (asset) => {
+            const data = Buffer.from(asset.data, 'base64');
+            const s3Key = `${storagePrefix}/${asset.path}`;
+            await uploadToS3(
+              config.region,
+              config.updatesBucket,
+              s3Key,
+              data,
+              asset.contentType,
+            );
+            const sha256 = crypto.createHash('sha256').update(data).digest('base64')
+              .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+            const md5 = crypto.createHash('md5').update(data).digest('hex');
+            uploaded.push({
+              path: asset.path,
+              s3Key,
+              contentHash: sha256,
+              filename: md5,
+              mimeType: asset.contentType,
+              fileExtension: asset.fileExtension,
+              isLaunchAsset: asset.isLaunchAsset,
+              sizeBytes: data.length,
+            });
+          }));
+        } catch (err: any) {
+          fail(`Asset upload failed: ${err.message}`);
+          info(`Ensure your IAM user/role has s3:PutObject on the Updates bucket.`);
+          info(`Bucket: ${config.updatesBucket}`);
+          process.exit(1);
+        }
+      }
+
+      // Register release via Lambda invoke (IAM auth)
+      try {
+        const result: any = await invokeAction(
+          config.region,
+          config.apiFunctionName,
+          'register-mobile',
+          {
+            channel,
+            branch,
+            groupId,
+            runtimeVersion,
+            platform,
+            message,
+            expoConfig: appConfig,
+            metadata: { fileMetadata: { [platform]: platformMetadata } },
+            storagePrefix,
+            assets: uploaded,
+          },
+        );
+        if (result?.error) {
+          fail(`Registration failed for ${platform}: ${result.error}`);
+          process.exit(1);
+        }
+        if (result?.groupId && !groupId) groupId = result.groupId;
+        success(`${platform}: ${uploaded.length} assets`);
+      } catch (err: any) {
+        fail(`Registration failed for ${platform}: ${err.message}`);
+        info('Ensure your IAM user/role has lambda:InvokeFunction permission.');
+        process.exit(1);
+      }
+    }
+  }
+
+  // Web publish — direct S3 upload + Lambda invoke (IAM auth)
+  if (hasWeb) {
+    const serverDir = path.join(distDir, 'server');
+    const clientDir = path.join(distDir, 'client');
+    const routesJson = path.join(serverDir, '_expo', 'routes.json');
+
+    if (!(await fileExists(routesJson))) {
+      warn('Skipping web (no server export found — ensure app.json has "output": "server")');
+    } else {
+      // Resolve SST config for direct AWS access
+      step('Resolving deployed config...');
+      let config;
+      try {
+        config = await resolveConfig(flags.stage);
+      } catch (err: any) {
+        fail(err.message);
+        process.exit(1);
+      }
+      success(`Region: ${config.region}, Function: ${config.apiFunctionName}`);
+
+      // 1. Create tar+brotli archive of server bundle
+      step('Creating server bundle archive...');
+      const archivePath = path.join(distDir, 'bundle.tar.br');
+      await createArchive(serverDir, archivePath);
+      const archiveSize = (await fs.stat(archivePath)).size;
+      const archiveSizeKb = Math.round(archiveSize / 1024);
+      success(`Archive: ${archiveSizeKb}KB (brotli compressed)`);
+
+      // 2. Upload server bundle to S3 at the versioned path
+      // Same structure as mobile: releases/{branch}/{runtimeVersion}/{groupId}/web/
+      if (!groupId) {
+        groupId = crypto.randomUUID();
+      }
+      const branchName = branch || channel;
+      const storagePrefix = `releases/${branchName}/${runtimeVersion}/${groupId}/web`;
+      const versionedKey = `${storagePrefix}/bundle.tar.br`;
+
+      step(`Uploading server bundle to S3...`);
+      const archiveData = await fs.readFile(archivePath);
+      try {
+        await uploadToS3(
+          config.region,
+          config.updatesBucket,
+          versionedKey,
+          archiveData,
+          'application/x-tar+br',
+        );
+      } catch (err: any) {
+        fail(`S3 upload failed: ${err.message}`);
+        info(`Ensure your IAM user/role has s3:PutObject on the Updates bucket.`);
+        info(`Bucket: ${config.updatesBucket}`);
+        process.exit(1);
+      }
+      success(`Uploaded to s3://${config.updatesBucket}/${versionedKey}`);
+
+      // 3. Upload client assets to S3 (parallel, bounded)
+      step('Scanning client assets...');
+      const clientAssets = await walkDirectory(clientDir);
+      success(`Found ${clientAssets.length} client assets`);
+
+      if (clientAssets.length > 0) {
+        step(`Uploading ${clientAssets.length} client assets...`);
+        const UPLOAD_CONCURRENCY = 10;
+        let uploaded = 0;
+
+        for (let i = 0; i < clientAssets.length; i += UPLOAD_CONCURRENCY) {
+          const batch = clientAssets.slice(i, i + UPLOAD_CONCURRENCY);
+          try {
+            await Promise.all(batch.map(async (asset) => {
+              const data = Buffer.from(asset.data, 'base64');
+              await uploadToS3(
+                config.region,
+                config.clientBundlesBucket,
+                asset.relativePath,
+                data,
+                asset.contentType,
+              );
+              uploaded++;
+            }));
+          } catch (err: any) {
+            fail(`Client asset upload failed: ${err.message}`);
+            info(`Ensure your IAM user/role has s3:PutObject on the ClientBundles bucket.`);
+            info(`Bucket: ${config.clientBundlesBucket}`);
+            process.exit(1);
+          }
+        }
+        success(`${uploaded}/${clientAssets.length} assets uploaded to s3://${config.clientBundlesBucket}/`);
+      }
+
+      // 4. Register release via Lambda invoke (IAM auth)
+      // Writes versioned manifest, channel pointer, meta.json, and optional DB mirror.
+      step('Registering release...');
+      const updateId = crypto.createHash('sha256')
+        .update(`${channel}:${runtimeVersion}:${Date.now()}`)
+        .digest('hex');
+      try {
+        const result: any = await invokeAction(
+          config.region,
+          config.apiFunctionName,
+          'register-web',
+          {
+            channel,
+            branch: branchName,
+            groupId,
+            runtimeVersion,
+            updateId,
+            storagePrefix,
+            message,
+          },
+        );
+        if (result?.error) {
+          warn(`Registration failed: ${result.error}`);
+        } else {
+          success(`Release registered: channel=${result?.channel || channel}, updateId=${result?.updateId || 'n/a'}`);
+        }
+      } catch (err: any) {
+        warn(`Registration failed: ${err.message}`);
+      }
+
+      // Clean up archive
+      await fs.unlink(archivePath).catch(() => {});
+
+      info(`${archiveSizeKb}KB server bundle + ${clientAssets.length} client assets`);
+    }
+  }
+
+  const target = branch ? `branch "${branch}"` : `channel "${channel}"`;
+  const groupInfo = groupId ? ` (group: ${groupId})` : '';
+  console.log(`\n  Published to ${target}${groupInfo}\n`);
+}
+
+async function loadAppConfig(): Promise<any> {
+  // Try app.json first, then app.config.js
+  const appJsonPath = path.resolve('app.json');
+  try {
+    const raw = await fs.readFile(appJsonPath, 'utf8');
+    const parsed = JSON.parse(raw);
+    return parsed.expo || parsed;
+  } catch {
+    // Try app.config.js/ts
+    try {
+      const config = await import(path.resolve('app.config.js'));
+      // Unwrap ESM default export (may be double-wrapped by tsx CJS interop)
+      let resolved = config.default || config;
+      if (resolved.default) resolved = resolved.default;
+      // Handle Expo's function export pattern: export default () => ({ ... })
+      if (typeof resolved === 'function') resolved = resolved();
+      return resolved.expo || resolved;
+    } catch {
+      throw new Error('Could not find app.json or app.config.js');
+    }
+  }
+}
+
+function getPlatforms(filter: string, metadata: any): string[] {
+  const available = Object.keys(metadata?.fileMetadata || {});
+  // Web-only: no metadata, but server export exists
+  if (filter === 'web') return ['web'];
+  if (filter === 'all') {
+    // Include web if server export dir exists (detected later), plus mobile platforms from metadata
+    return [...available, 'web'];
+  }
+  if (available.includes(filter)) return [filter];
+  throw new Error(`Platform "${filter}" not found in export. Available: ${[...available, 'web'].join(', ')}`);
+}
+
+async function gatherAssets(
+  distDir: string,
+  platform: string,
+  platformMetadata: any
+): Promise<Array<{ path: string; data: string; contentType: string; fileExtension: string; isLaunchAsset: boolean }>> {
+  const assets: Array<{ path: string; data: string; contentType: string; fileExtension: string; isLaunchAsset: boolean }> = [];
+
+  // Bundle (launch asset)
+  const bundlePath = path.join(distDir, platformMetadata.bundle);
+  const bundleData = await fs.readFile(bundlePath);
+  assets.push({
+    path: platformMetadata.bundle,
+    data: bundleData.toString('base64'),
+    contentType: 'application/javascript',
+    fileExtension: '.bundle',
+    isLaunchAsset: true,
+  });
+
+  // Other assets
+  for (const asset of platformMetadata.assets || []) {
+    const assetPath = path.join(distDir, asset.path);
+    const assetData = await fs.readFile(assetPath);
+    assets.push({
+      path: asset.path,
+      data: assetData.toString('base64'),
+      contentType: mimeFromExt(asset.ext),
+      fileExtension: `.${asset.ext}`,
+      isLaunchAsset: false,
+    });
+  }
+
+  return assets;
+}
+
+function mimeFromExt(ext: string): string {
+  const map: Record<string, string> = {
+    js: 'application/javascript',
+    png: 'image/png',
+    jpg: 'image/jpeg',
+    jpeg: 'image/jpeg',
+    gif: 'image/gif',
+    svg: 'image/svg+xml',
+    ttf: 'font/ttf',
+    otf: 'font/otf',
+    json: 'application/json',
+  };
+  return map[ext] || 'application/octet-stream';
+}
+
+async function dirExists(dir: string): Promise<boolean> {
+  try {
+    const stat = await fs.stat(dir);
+    return stat.isDirectory();
+  } catch {
+    return false;
+  }
+}
+
+async function fileExists(filePath: string): Promise<boolean> {
+  try {
+    const stat = await fs.stat(filePath);
+    return stat.isFile();
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Creates a tar+brotli archive of a directory.
+ * Pipeline: tar cf - -C dir . | brotli > archivePath
+ */
+async function createArchive(sourceDir: string, archivePath: string): Promise<void> {
+  const tar = spawn('tar', ['cf', '-', '-C', sourceDir, '.'], { stdio: ['ignore', 'pipe', 'pipe'] });
+  const brotli = zlib.createBrotliCompress();
+  const output = createWriteStream(archivePath);
+
+  // Set up exit listener BEFORE pipeline to avoid race condition
+  // (tar may exit before pipeline resolves)
+  const tarExit = new Promise<void>((resolve, reject) => {
+    tar.on('close', (code) => {
+      if (code === 0) resolve();
+      else reject(new Error(`tar exited with code ${code}`));
+    });
+    tar.on('error', reject);
+  });
+
+  await pipeline(tar.stdout!, brotli, output);
+  await tarExit;
+}

package/src/cli/config.ts

@@ -0,0 +1,98 @@
+/**
+ * CLI configuration — resolves deployed resource names from SST outputs.
+ *
+ * Without --stage: reads .sst/outputs.json (written by `sst deploy`).
+ * With --stage:    queries AWS to discover resources by SST naming convention.
+ *
+ * No auth tokens. No config files. AWS SDK's default credential chain handles IAM.
+ */
+
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { step } from './output.js';
+
+export interface CliConfig {
+  baseUrl: string;
+  region: string;
+  apiFunctionName: string;
+  updatesBucket: string;
+  clientBundlesBucket: string;
+  kvsArn?: string;
+}
+
+interface SstOutputs {
+  routerUrl?: string;
+  apiUrl?: string;
+  imageUrl?: string;
+  apiFunctionName?: string;
+  updatesBucket?: string;
+  clientBundlesBucket?: string;
+  kvsArn?: string;
+}
+
+export async function resolveConfig(stage?: string): Promise<CliConfig> {
+  const region = process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1';
+
+  // Stage-aware discovery: query AWS for the correct resources
+  if (stage) {
+    const {
+      parseAppName,
+      discoverConfig,
+      getCachedConfig,
+      setCachedConfig,
+    } = await import('./discover.js');
+
+    // Check cache first
+    const cached = await getCachedConfig(stage);
+    if (cached) return cached;
+
+    step(`Discovering resources for stage "${stage}"...`);
+    const appName = await parseAppName();
+    const config = await discoverConfig(appName, stage, region);
+
+    // Cache for future fast lookups
+    await setCachedConfig(stage, config);
+    return config;
+  }
+
+  // Default: read .sst/outputs.json (unchanged behavior)
+  const outputsPath = path.resolve('.sst', 'outputs.json');
+
+  let outputs: SstOutputs;
+  try {
+    const raw = await fs.readFile(outputsPath, 'utf8');
+    outputs = JSON.parse(raw);
+  } catch {
+    throw new Error(
+      `Could not read .sst/outputs.json. Run \`sst deploy\` first, or run from the SST project directory.`
+    );
+  }
+
+  if (!outputs.routerUrl) {
+    throw new Error('.sst/outputs.json is missing routerUrl. Run `sst deploy` to generate outputs.');
+  }
+  if (!outputs.apiFunctionName) {
+    throw new Error(
+      '.sst/outputs.json is missing apiFunctionName. Add `apiFunctionName: api.name` to the return block in sst.config.ts and redeploy.'
+    );
+  }
+  if (!outputs.updatesBucket) {
+    throw new Error(
+      '.sst/outputs.json is missing updatesBucket. Add `updatesBucket: updates.name` to the return block in sst.config.ts and redeploy.'
+    );
+  }
+  if (!outputs.clientBundlesBucket) {
+    throw new Error(
+      '.sst/outputs.json is missing clientBundlesBucket. Add `clientBundlesBucket: clientBundles.name` to the return block in sst.config.ts and redeploy.'
+    );
+  }
+
+  return {
+    baseUrl: outputs.routerUrl,
+    region,
+    apiFunctionName: outputs.apiFunctionName,
+    updatesBucket: outputs.updatesBucket,
+    clientBundlesBucket: outputs.clientBundlesBucket,
+    kvsArn: outputs.kvsArn,
+  };
+}