@factiii/stack 0.1.201 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +95 -403
- package/bin/stack +334 -334
- package/dist/cli/dev-sync.js +16 -16
- package/dist/plugins/addons/auth/index.d.ts.map +1 -1
- package/dist/plugins/addons/auth/index.js +31 -12
- package/dist/plugins/addons/auth/index.js.map +1 -1
- package/dist/plugins/addons/auth/scanfix/secrets.d.ts +3 -0
- package/dist/plugins/addons/auth/scanfix/secrets.d.ts.map +1 -1
- package/dist/plugins/addons/auth/scanfix/secrets.js +54 -19
- package/dist/plugins/addons/auth/scanfix/secrets.js.map +1 -1
- package/dist/plugins/addons/auth/scanfix/validate.d.ts +3 -0
- package/dist/plugins/addons/auth/scanfix/validate.d.ts.map +1 -1
- package/dist/plugins/addons/auth/scanfix/validate.js +37 -18
- package/dist/plugins/addons/auth/scanfix/validate.js.map +1 -1
- package/dist/plugins/addons/vercel/index.js +9 -9
- package/dist/plugins/addons/vercel/scanfix/config.js +10 -10
- package/dist/plugins/addons/vercel/scanfix/token.js +15 -15
- package/dist/plugins/approved.json +13 -13
- package/dist/plugins/pipelines/aws/index.js +12 -12
- package/dist/plugins/pipelines/aws/policies/bootstrap-policy.json +135 -135
- package/dist/plugins/pipelines/aws/prod.js +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +2 -14
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/prod.js +21 -21
- package/dist/plugins/pipelines/factiii/scanfix/port-convention.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/port-convention.js +2 -4
- package/dist/plugins/pipelines/factiii/scanfix/port-convention.js.map +1 -1
- package/dist/plugins/pipelines/factiii/staging.js +23 -23
- package/dist/plugins/pipelines/factiii/workflows/stack-ci.yml +75 -75
- package/dist/plugins/pipelines/factiii/workflows/stack-cicd-prod.yml +73 -73
- package/dist/plugins/servers/amazon-linux/index.js +16 -16
- package/dist/plugins/servers/mac/index.js +12 -12
- package/dist/plugins/servers/mac/staging.js +2 -2
- package/dist/plugins/servers/ubuntu/index.js +23 -23
- package/dist/plugins/servers/windows/index.js +15 -15
- package/dist/scanfix/commands/mac.d.ts.map +1 -1
- package/dist/scanfix/commands/mac.js +5 -4
- package/dist/scanfix/commands/mac.js.map +1 -1
- package/dist/scanfix/fixes/certbot.d.ts.map +1 -1
- package/dist/scanfix/fixes/certbot.js +4 -18
- package/dist/scanfix/fixes/certbot.js.map +1 -1
- package/dist/scanfix/fixes/docker.d.ts.map +1 -1
- package/dist/scanfix/fixes/docker.js +5 -14
- package/dist/scanfix/fixes/docker.js.map +1 -1
- package/dist/scanfix/ssl-cert-helper.d.ts.map +1 -1
- package/dist/scanfix/ssl-cert-helper.js +18 -4
- package/dist/scanfix/ssl-cert-helper.js.map +1 -1
- package/dist/scripts/generate-all.js +73 -73
- package/dist/utils/deployment-report.js +2 -2
- package/dist/utils/secret-prompts.js +34 -34
- package/dist/utils/ssh-helper.d.ts.map +1 -1
- package/dist/utils/ssh-helper.js +150 -142
- package/dist/utils/ssh-helper.js.map +1 -1
- package/dist/utils/template-generator.js +74 -74
- package/package.json +93 -114
- package/dist/plugins/pipelines/factiii/scanfix/docker.d.ts +0 -20
- package/dist/plugins/pipelines/factiii/scanfix/docker.d.ts.map +0 -1
- package/dist/plugins/pipelines/factiii/scanfix/docker.js +0 -131
- package/dist/plugins/pipelines/factiii/scanfix/docker.js.map +0 -1
|
@@ -99,16 +99,16 @@ class UbuntuPlugin {
|
|
|
99
99
|
return false;
|
|
100
100
|
}
|
|
101
101
|
static helpText = {
|
|
102
|
-
SSH: `
|
|
103
|
-
SSH private key for accessing the Ubuntu server.
|
|
104
|
-
|
|
105
|
-
Step 1: Generate a new SSH key pair (if needed):
|
|
106
|
-
ssh-keygen -t ed25519 -C "deploy-key" -f ~/.ssh/deploy_key
|
|
107
|
-
|
|
108
|
-
Step 2: Add PUBLIC key to server:
|
|
109
|
-
ssh-copy-id -i ~/.ssh/deploy_key.pub ubuntu@YOUR_HOST
|
|
110
|
-
|
|
111
|
-
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
102
|
+
SSH: `
|
|
103
|
+
SSH private key for accessing the Ubuntu server.
|
|
104
|
+
|
|
105
|
+
Step 1: Generate a new SSH key pair (if needed):
|
|
106
|
+
ssh-keygen -t ed25519 -C "deploy-key" -f ~/.ssh/deploy_key
|
|
107
|
+
|
|
108
|
+
Step 2: Add PUBLIC key to server:
|
|
109
|
+
ssh-copy-id -i ~/.ssh/deploy_key.pub ubuntu@YOUR_HOST
|
|
110
|
+
|
|
111
|
+
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
112
112
|
cat ~/.ssh/deploy_key`,
|
|
113
113
|
};
|
|
114
114
|
// ============================================================
|
|
@@ -155,25 +155,25 @@ class UbuntuPlugin {
|
|
|
155
155
|
* Get the command to install Docker on Ubuntu
|
|
156
156
|
*/
|
|
157
157
|
static getDockerInstallCommand() {
|
|
158
|
-
return `
|
|
159
|
-
sudo apt-get update && \
|
|
160
|
-
sudo apt-get install -y ca-certificates curl gnupg && \
|
|
161
|
-
sudo install -m 0755 -d /etc/apt/keyrings && \
|
|
162
|
-
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
|
|
163
|
-
sudo chmod a+r /etc/apt/keyrings/docker.gpg && \
|
|
164
|
-
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
|
|
165
|
-
sudo apt-get update && \
|
|
166
|
-
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
|
|
167
|
-
sudo usermod -aG docker $USER
|
|
158
|
+
return `
|
|
159
|
+
sudo apt-get update && \
|
|
160
|
+
sudo apt-get install -y ca-certificates curl gnupg && \
|
|
161
|
+
sudo install -m 0755 -d /etc/apt/keyrings && \
|
|
162
|
+
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
|
|
163
|
+
sudo chmod a+r /etc/apt/keyrings/docker.gpg && \
|
|
164
|
+
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
|
|
165
|
+
sudo apt-get update && \
|
|
166
|
+
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
|
|
167
|
+
sudo usermod -aG docker $USER
|
|
168
168
|
`;
|
|
169
169
|
}
|
|
170
170
|
/**
|
|
171
171
|
* Get the command to install Node.js on Ubuntu
|
|
172
172
|
*/
|
|
173
173
|
static getNodeInstallCommand() {
|
|
174
|
-
return `
|
|
175
|
-
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && \
|
|
176
|
-
sudo apt-get install -y nodejs
|
|
174
|
+
return `
|
|
175
|
+
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && \
|
|
176
|
+
sudo apt-get install -y nodejs
|
|
177
177
|
`;
|
|
178
178
|
}
|
|
179
179
|
/**
|
|
@@ -99,12 +99,12 @@ class WindowsPlugin {
|
|
|
99
99
|
return false;
|
|
100
100
|
}
|
|
101
101
|
static helpText = {
|
|
102
|
-
SSH: `
|
|
103
|
-
SSH/RDP credentials for accessing the Windows server.
|
|
104
|
-
|
|
105
|
-
For SSH access, ensure OpenSSH Server is installed on Windows:
|
|
106
|
-
- Settings > Apps > Optional Features > Add a feature > OpenSSH Server
|
|
107
|
-
|
|
102
|
+
SSH: `
|
|
103
|
+
SSH/RDP credentials for accessing the Windows server.
|
|
104
|
+
|
|
105
|
+
For SSH access, ensure OpenSSH Server is installed on Windows:
|
|
106
|
+
- Settings > Apps > Optional Features > Add a feature > OpenSSH Server
|
|
107
|
+
|
|
108
108
|
For RDP access, use Remote Desktop Connection.`,
|
|
109
109
|
};
|
|
110
110
|
// ============================================================
|
|
@@ -182,11 +182,11 @@ class WindowsPlugin {
|
|
|
182
182
|
* Requires Docker Desktop or WSL2 with Docker
|
|
183
183
|
*/
|
|
184
184
|
static getDockerInstallCommand() {
|
|
185
|
-
return `
|
|
186
|
-
# Install Docker Desktop via Chocolatey
|
|
187
|
-
choco install docker-desktop -y
|
|
188
|
-
# Or install via winget
|
|
189
|
-
# winget install Docker.DockerDesktop
|
|
185
|
+
return `
|
|
186
|
+
# Install Docker Desktop via Chocolatey
|
|
187
|
+
choco install docker-desktop -y
|
|
188
|
+
# Or install via winget
|
|
189
|
+
# winget install Docker.DockerDesktop
|
|
190
190
|
`;
|
|
191
191
|
}
|
|
192
192
|
/**
|
|
@@ -205,10 +205,10 @@ class WindowsPlugin {
|
|
|
205
205
|
* Get the command to install Chocolatey (package manager)
|
|
206
206
|
*/
|
|
207
207
|
static getChocoInstallCommand() {
|
|
208
|
-
return `
|
|
209
|
-
Set-ExecutionPolicy Bypass -Scope Process -Force
|
|
210
|
-
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
|
|
211
|
-
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
|
|
208
|
+
return `
|
|
209
|
+
Set-ExecutionPolicy Bypass -Scope Process -Force
|
|
210
|
+
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
|
|
211
|
+
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
|
|
212
212
|
`;
|
|
213
213
|
}
|
|
214
214
|
// ============================================================
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mac.d.ts","sourceRoot":"","sources":["../../../src/scanfix/commands/mac.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpD,eAAO,MAAM,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"mac.d.ts","sourceRoot":"","sources":["../../../src/scanfix/commands/mac.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpD,eAAO,MAAM,cAAc,EAAE,gBAM5B,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,gBAI1B,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,gBAIzB,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,gBAI1B,CAAC"}
|
|
@@ -7,10 +7,11 @@
|
|
|
7
7
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
8
8
|
exports.pnpmCommands = exports.gitCommands = exports.nodeCommands = exports.dockerCommands = void 0;
|
|
9
9
|
exports.dockerCommands = {
|
|
10
|
-
check: '
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
10
|
+
check: 'which docker',
|
|
11
|
+
// Docker Desktop must be installed manually on Mac
|
|
12
|
+
install: undefined,
|
|
13
|
+
start: 'open -a Docker',
|
|
14
|
+
manualFix: 'Install Docker Desktop: https://www.docker.com/products/docker-desktop/',
|
|
14
15
|
};
|
|
15
16
|
exports.nodeCommands = {
|
|
16
17
|
check: 'which node',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mac.js","sourceRoot":"","sources":["../../../src/scanfix/commands/mac.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAIU,QAAA,cAAc,GAAqB;IAC9C,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"mac.js","sourceRoot":"","sources":["../../../src/scanfix/commands/mac.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAIU,QAAA,cAAc,GAAqB;IAC9C,KAAK,EAAE,cAAc;IACrB,mDAAmD;IACnD,OAAO,EAAE,SAAS;IAClB,KAAK,EAAE,gBAAgB;IACvB,SAAS,EAAE,yEAAyE;CACrF,CAAC;AAEW,QAAA,YAAY,GAAqB;IAC5C,KAAK,EAAE,YAAY;IACnB,OAAO,EAAE,mBAAmB;IAC5B,SAAS,EAAE,oCAAoC;CAChD,CAAC;AAEW,QAAA,WAAW,GAAqB;IAC3C,KAAK,EAAE,WAAW;IAClB,OAAO,EAAE,kBAAkB;IAC3B,SAAS,EAAE,+BAA+B;CAC3C,CAAC;AAEW,QAAA,YAAY,GAAqB;IAC5C,KAAK,EAAE,YAAY;IACnB,OAAO,EAAE,qBAAqB;IAC9B,SAAS,EAAE,mCAAmC;CAC/C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certbot.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAGtE,KAAK,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,YAAY,CAAC;AAEhD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"certbot.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAGtE,KAAK,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,YAAY,CAAC;AAEhD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,GAAG,GAAG,CA4KlE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,GAAG,CAE1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,GAAG,CAEvC"}
|
|
@@ -37,10 +37,6 @@ function createCertbotFix(stage, envKey) {
|
|
|
37
37
|
// Skip SSL for IP addresses (certs only work with domain names)
|
|
38
38
|
if (/^\d+\.\d+\.\d+\.\d+$/.test(domain))
|
|
39
39
|
return false;
|
|
40
|
-
// Skip SSL if explicitly disabled in config (e.g. staging behind NAT)
|
|
41
|
-
const envObj = config[envKey];
|
|
42
|
-
if (envObj?.ssl === false || envObj?.ssl === 'false')
|
|
43
|
-
return false;
|
|
44
40
|
const result = (0, ssl_cert_helper_js_1.checkCertificate)(domain, 7);
|
|
45
41
|
if (!result.exists) {
|
|
46
42
|
console.log(' No SSL certificate for ' + domain);
|
|
@@ -67,17 +63,9 @@ function createCertbotFix(stage, envKey) {
|
|
|
67
63
|
console.log(' Add ssl_email: your@email.com to your environment config in stack.yml');
|
|
68
64
|
return false;
|
|
69
65
|
}
|
|
70
|
-
// Certbot runs via Docker — skip if Docker isn't
|
|
71
|
-
try {
|
|
72
|
-
(0, child_process_1.execSync)('export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && command -v docker', { stdio: 'pipe', timeout: 5000 });
|
|
73
|
-
}
|
|
74
|
-
catch {
|
|
75
|
-
console.log(' Docker is not installed — skipping SSL certificate fix');
|
|
76
|
-
console.log(' Run the Docker fix first, then retry: npx stack fix --' + stage);
|
|
77
|
-
return false;
|
|
78
|
-
}
|
|
66
|
+
// Certbot runs via Docker — skip if Docker isn't running
|
|
79
67
|
try {
|
|
80
|
-
(0, child_process_1.execSync)('
|
|
68
|
+
(0, child_process_1.execSync)('docker info', { stdio: 'pipe' });
|
|
81
69
|
}
|
|
82
70
|
catch {
|
|
83
71
|
console.log(' Docker is not running — skipping SSL certificate fix');
|
|
@@ -117,12 +105,10 @@ function createCertbotFix(stage, envKey) {
|
|
|
117
105
|
'--non-interactive',
|
|
118
106
|
].join(' ');
|
|
119
107
|
}
|
|
120
|
-
// Prepend PATH for Homebrew Docker on macOS
|
|
121
|
-
certbotCmd = 'export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && ' + certbotCmd;
|
|
122
108
|
// Capture both stdout AND stderr (certbot writes renewal info to stderr)
|
|
123
109
|
let fullOutput = '';
|
|
124
110
|
try {
|
|
125
|
-
fullOutput = (0, child_process_1.execSync)(certbotCmd + ' 2>&1', { encoding: 'utf8'
|
|
111
|
+
fullOutput = (0, child_process_1.execSync)(certbotCmd + ' 2>&1', { encoding: 'utf8' }) || '';
|
|
126
112
|
}
|
|
127
113
|
catch (cmdErr) {
|
|
128
114
|
// execSync throws on non-zero exit, but output may still be useful
|
|
@@ -165,7 +151,7 @@ function createCertbotFix(stage, envKey) {
|
|
|
165
151
|
if (nginxRunning) {
|
|
166
152
|
console.log(' Reloading nginx...');
|
|
167
153
|
try {
|
|
168
|
-
(0, child_process_1.execSync)('
|
|
154
|
+
(0, child_process_1.execSync)('docker exec factiii_nginx nginx -s reload', { stdio: 'inherit' });
|
|
169
155
|
console.log(' Nginx reloaded with new certificate');
|
|
170
156
|
}
|
|
171
157
|
catch {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certbot.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAcH,
|
|
1
|
+
{"version":3,"file":"certbot.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAcH,4CA4KC;AAKD,oDAEC;AAKD,8CAEC;AAtMD,iDAAyC;AAEzC,8DAAyE;AAIzE;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,KAAY,EAAE,MAAc;IAC3D,MAAM,UAAU,GAAG,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IAElE,OAAO;QACL,EAAE,EAAE,KAAK,GAAG,gCAAgC;QAC5C,KAAK;QACL,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,gDAAgD,GAAG,UAAU,GAAG,SAAS;QAEtF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;YACrG,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC;YAE9B,MAAM,MAAM,GAAG,MAAM,KAAK,YAAY;gBACpC,CAAC,CAAG,MAAkC,CAAC,UAAkD,EAAE,MAA4B;gBACvH,CAAC,CAAG,MAAkC,CAAC,MAAM,CAAyC,EAAE,MAA4B,CAAC;YAEvH,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,KAAK,CAAC;YAExE,gEAAgE;YAChE,IAAI,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEtD,MAAM,MAAM,GAAG,IAAA,qCAAgB,EAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,MAAM,CAAC,CAAC;gBACnD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,MAAM,GAAG,cAAc,GAAG,MAAM,CAAC,aAAa,GAAG,OAAO,CAAC,CAAC;gBAClG,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACvE,MAAM,MAAM,GAAG,MAAM,KAAK,YAAY;gBACpC,CAAC,CAAG,MAAkC,CAAC,UAAkD,EAAE,MAA4B;gBACvH,CAAC,CAAG,MAAkC,CAAC,MAAM,CAAyC,EAAE,MAA4B,CAAC;YACvH,MAAM,MAAM,GAAI,MAAkC,CAAC,MAAM,CAAwC,CAAC;YAClG,MAAM,QAAQ,GAAI,MAAM,EAAE,SAAgC,IAAI,MAAM,CAAC,SAAS,CAAC;YAE/E,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,UAAU,GAAG,oBAAoB,CAAC,CAAC;gBAC1D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;gBACxF,OAAO,KAAK,CAAC;YACf,CAAC;YAED,yDAAyD;YACzD,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,IAAA,mCAAc,GAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,MAAM,GAAG,gBAAgB,CAAC,CAAC;gBAE7E,IAAI,UAAkB,CAAC;gBAEvB,IAAI,YAAY,EAAE,CAAC;oBACjB,4DAA4D;oBAC5D,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBACxD,UAAU,GAAG;wBACX,iBAAiB;wBACjB,sCAAsC;wBACtC,sCAAsC;wBACtC,0BAA0B;wBAC1B,+BAA+B;wBAC/B,KAAK,GAAG,MAAM;wBACd,UAAU,GAAG,QAAQ;wBACrB,aAAa;wBACb,mBAAmB;qBACpB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,8DAA8D;oBAC9D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;oBAC5D,UAAU,GAAG;wBACX,iBAAiB;wBACjB,sCAAsC;wBACtC,UAAU;wBACV,0BAA0B;wBAC1B,cAAc;wBACd,KAAK,GAAG,MAAM;wBACd,UAAU,GAAG,QAAQ;wBACrB,aAAa;wBACb,mBAAmB;qBACpB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC;gBAED,yEAAyE;gBACzE,IAAI,UAAU,GAAG,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,UAAU,GAAG,IAAA,wBAAQ,EAAC,UAAU,GAAG,OAAO,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC1E,CAAC;gBAAC,OAAO,MAAM,EAAE,CAAC;oBAChB,mEAAmE;oBACnE,MAAM,MAAM,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAE,MAAc,CAAC,MAAM,IAAK,MAAc,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAC7H,IAAI,OAAO,MAAM,KAAK,QAAQ;wBAC1B,CAAC,MAAM,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC;wBACvF,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;wBAC5E,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxD,CAAC;gBAED,+EAA+E;gBAC/E,IAAI,UAAU,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC/I,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;oBAC5E,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,8CAA8C;gBAC9C,MAAM,UAAU,GAAG,IAAA,qCAAgB,EAAC,MAAM,CAAC,CAAC;gBAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;oBAC5C,0FAA0F;oBAC1F,MAAM,OAAO,GAAG,IAAA,qCAAgB,EAAC,MAAM,EAAE,CAAC,CAAC,CAAC;oBAC5C,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;wBACpC,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;wBAChG,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,uEAAuE;oBACvE,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,IAAA,wBAAQ,EACvB,mCAAmC,GAAG,MAAM,GAAG,mBAAmB,GAAG,MAAM,GAAG,uDAAuD,EACrI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CACrC,CAAC;wBACF,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAClC,OAAO,CAAC,GAAG,CAAC,kDAAkD,GAAG,MAAM,CAAC,CAAC;4BACzE,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,0CAA0C,CAAC,CAAC;oBACtD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;oBAC5D,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;gBAE7D,sDAAsD;gBACtD,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACrC,IAAI,CAAC;wBACH,IAAA,wBAAQ,EAAC,2CAA2C,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;wBAC5E,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACxD,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;wBACjE,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBACtD,CAAC;gBACH,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,YAAY,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAChE,2FAA2F;gBAC3F,IAAI,YAAY,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACjG,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;oBAC5E,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,YAAY,CAAC,CAAC;gBAChE,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;gBACjE,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,SAAS,EAAE,wKAAwK;KACpL,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB;IAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC1C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAItE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CA4C3E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAItE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CA4C3E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAkF3E;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,EAAE,CAKrE"}
|
|
@@ -94,7 +94,7 @@ function createDockerRunningFix(stage, idPrefix) {
|
|
|
94
94
|
return false;
|
|
95
95
|
}
|
|
96
96
|
try {
|
|
97
|
-
(0, child_process_1.execSync)('
|
|
97
|
+
(0, child_process_1.execSync)('docker info', { stdio: 'pipe' });
|
|
98
98
|
return false; // Docker is running
|
|
99
99
|
}
|
|
100
100
|
catch {
|
|
@@ -105,7 +105,7 @@ function createDockerRunningFix(stage, idPrefix) {
|
|
|
105
105
|
? async (_config, _rootDir) => {
|
|
106
106
|
// Double-check Docker isn't already running
|
|
107
107
|
try {
|
|
108
|
-
(0, child_process_1.execSync)('
|
|
108
|
+
(0, child_process_1.execSync)('docker info', { stdio: 'pipe' });
|
|
109
109
|
console.log(' Docker is already running');
|
|
110
110
|
return true;
|
|
111
111
|
}
|
|
@@ -113,21 +113,12 @@ function createDockerRunningFix(stage, idPrefix) {
|
|
|
113
113
|
// Docker not running, proceed to start it
|
|
114
114
|
}
|
|
115
115
|
// On macOS over SSH, `open -a Docker` won't work (no GUI session).
|
|
116
|
-
// Try
|
|
116
|
+
// Try the headless binary directly instead.
|
|
117
117
|
const isSSH = !!(process.env.SSH_CONNECTION || process.env.SSH_CLIENT || process.env.SSH_TTY);
|
|
118
118
|
const isMac = process.platform === 'darwin';
|
|
119
119
|
let startCmd = commands.start;
|
|
120
120
|
if (isMac && isSSH) {
|
|
121
|
-
|
|
122
|
-
startCmd = 'export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" && ' +
|
|
123
|
-
'if command -v colima >/dev/null 2>&1; then ' +
|
|
124
|
-
' colima start --memory 4 --cpu 2 2>/dev/null; ' +
|
|
125
|
-
'elif [ -d "/Applications/Docker.app" ]; then ' +
|
|
126
|
-
' nohup /Applications/Docker.app/Contents/MacOS/Docker --unattended > /dev/null 2>&1 & ' +
|
|
127
|
-
' sleep 5; ' +
|
|
128
|
-
'else ' +
|
|
129
|
-
' echo "No Docker runtime found"; exit 1; ' +
|
|
130
|
-
'fi';
|
|
121
|
+
startCmd = 'nohup /Applications/Docker.app/Contents/MacOS/Docker --unattended > /dev/null 2>&1 &';
|
|
131
122
|
}
|
|
132
123
|
console.log(' Starting Docker...');
|
|
133
124
|
try {
|
|
@@ -138,7 +129,7 @@ function createDockerRunningFix(stage, idPrefix) {
|
|
|
138
129
|
for (let i = 0; i < timeout; i++) {
|
|
139
130
|
await new Promise(resolve => setTimeout(resolve, 1000));
|
|
140
131
|
try {
|
|
141
|
-
(0, child_process_1.execSync)('
|
|
132
|
+
(0, child_process_1.execSync)('docker info', { stdio: 'pipe' });
|
|
142
133
|
console.log(' Docker started successfully');
|
|
143
134
|
return true;
|
|
144
135
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAaH,wDA4CC;AAQD,
|
|
1
|
+
{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAaH,wDA4CC;AAQD,wDAkFC;AAQD,wCAKC;AA9JD,iDAAyC;AAEzC,gDAAgD;AAChD,mDAAsD;AAEtD;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAY,EAAE,QAAiB;IACpE,MAAM,QAAQ,GAAG,IAAA,4BAAc,GAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,yBAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,GAAG,uBAAuB,CAAC,CAAC,CAAC,KAAK,GAAG,iBAAiB,CAAC;IACrF,MAAM,UAAU,GAAG,KAAK,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,GAAG,SAAS,CAAC;IAE3E,OAAO;QACL,EAAE;QACF,KAAK;QACL,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0BAA0B,GAAG,UAAU;QACpD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,4EAA4E;YAC5E,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM;oBAChC,CAAC,CAAC,CAAE,MAAkC,CAAC,IAAI,IAAK,MAAkC,CAAC,UAAU,CAAwC;oBACrI,CAAC,CAAE,MAAkC,CAAC,KAAK,CAAwC,CAAC;gBACtF,IAAI,CAAC,SAAS,EAAE,MAAM;oBAAE,OAAO,KAAK,CAAC;gBACrC,wCAAwC;gBACxC,IAAI,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjH,CAAC;YAED,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC,CAAC,sBAAsB;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC,CAAC,0BAA0B;YACzC,CAAC;QACH,CAAC;QACD,GAAG,EAAE,QAAQ,CAAC,OAAO;YACnB,CAAC,CAAC,KAAK,EAAE,OAAsB,EAAE,QAAgB,EAAoB,EAAE;gBACnE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;gBACvC,IAAI,CAAC;oBACH,IAAA,wBAAQ,EAAC,QAAQ,CAAC,OAAQ,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;oBAClD,OAAO,IAAI,CAAC;gBACd,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,YAAY,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBAChE,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC1C,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACH,CAAC,CAAC,IAAI;QACR,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAY,EAAE,QAAiB;IACpE,MAAM,QAAQ,GAAG,IAAA,4BAAc,GAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,yBAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,GAAG,qBAAqB,CAAC,CAAC,CAAC,KAAK,GAAG,qBAAqB,CAAC;IACvF,MAAM,UAAU,GAAG,KAAK,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,GAAG,SAAS,CAAC;IAE3E,OAAO;QACL,EAAE;QACF,KAAK;QACL,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wBAAwB,GAAG,UAAU;QAClD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,4EAA4E;YAC5E,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM;oBAChC,CAAC,CAAC,CAAE,MAAkC,CAAC,IAAI,IAAK,MAAkC,CAAC,UAAU,CAAwC;oBACrI,CAAC,CAAE,MAAkC,CAAC,KAAK,CAAwC,CAAC;gBACtF,IAAI,CAAC,SAAS,EAAE,MAAM;oBAAE,OAAO,KAAK,CAAC;gBACrC,wCAAwC;gBACxC,IAAI,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjH,CAAC;YAED,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC3C,OAAO,KAAK,CAAC,CAAC,oBAAoB;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC,CAAC,wBAAwB;YACvC,CAAC;QACH,CAAC;QACD,GAAG,EAAE,QAAQ,CAAC,KAAK;YACjB,CAAC,CAAC,KAAK,EAAE,OAAsB,EAAE,QAAgB,EAAoB,EAAE;gBACnE,4CAA4C;gBAC5C,IAAI,CAAC;oBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;oBAC3C,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;oBAC5C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAAC,MAAM,CAAC;oBACP,0CAA0C;gBAC5C,CAAC;gBAED,mEAAmE;gBACnE,4CAA4C;gBAC5C,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC9F,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC;gBAC5C,IAAI,QAAQ,GAAG,QAAQ,CAAC,KAAM,CAAC;gBAC/B,IAAI,KAAK,IAAI,KAAK,EAAE,CAAC;oBACnB,QAAQ,GAAG,sFAAsF,CAAC;gBACpG,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,IAAI,CAAC;oBACH,IAAA,wBAAQ,EAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;oBAEjF,iFAAiF;oBACjF,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;oBACjF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;wBACjC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;wBACxD,IAAI,CAAC;4BACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;4BAC3C,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;4BAC9C,OAAO,IAAI,CAAC;wBACd,CAAC;wBAAC,MAAM,CAAC;4BACP,oBAAoB;wBACtB,CAAC;oBACH,CAAC;oBAED,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,OAAO,GAAG,UAAU,CAAC,CAAC;oBACxE,OAAO,KAAK,CAAC;gBACf,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,YAAY,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBAChE,OAAO,CAAC,GAAG,CAAC,6BAA6B,GAAG,YAAY,CAAC,CAAC;oBAC1D,IAAI,KAAK,IAAI,KAAK,EAAE,CAAC;wBACnB,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;wBAC3E,OAAO,CAAC,GAAG,CAAC,kJAAkJ,CAAC,CAAC;oBAClK,CAAC;oBACD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACH,CAAC,CAAC,IAAI;QACR,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS;KACnF,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,KAAY,EAAE,QAAiB;IAC5D,OAAO;QACL,sBAAsB,CAAC,KAAK,EAAE,QAAQ,CAAC;QACvC,sBAAsB,CAAC,KAAK,EAAE,QAAQ,CAAC;KACxC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssl-cert-helper.d.ts","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAU,GAAG,eAAe,
|
|
1
|
+
{"version":3,"file":"ssl-cert-helper.d.ts","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAU,GAAG,eAAe,CA6FtF;AAED;;;;GAIG;AACH,wBAAgB,cAAc,IAAI,OAAO,CASxC"}
|
|
@@ -65,8 +65,23 @@ function checkCertificate(domain, warnDays = 7) {
|
|
|
65
65
|
}
|
|
66
66
|
}
|
|
67
67
|
if (!canReadFile) {
|
|
68
|
-
//
|
|
69
|
-
|
|
68
|
+
// Final fallback: check via openssl s_client (network-based, no file perms needed)
|
|
69
|
+
try {
|
|
70
|
+
const sslOutput = (0, child_process_1.execSync)('echo | openssl s_client -connect ' + domain + ':443 -servername ' + domain + ' 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null', { encoding: 'utf8', timeout: 10000 });
|
|
71
|
+
const match = sslOutput.match(/notAfter=(.+)/);
|
|
72
|
+
if (match && match[1]) {
|
|
73
|
+
const expiryDate = new Date(match[1]);
|
|
74
|
+
const daysUntilExpiry = Math.floor((expiryDate.getTime() - Date.now()) / (1000 * 60 * 60 * 24));
|
|
75
|
+
return {
|
|
76
|
+
exists: true,
|
|
77
|
+
valid: daysUntilExpiry > warnDays,
|
|
78
|
+
expiresInDays: daysUntilExpiry,
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
// SSL not serving — cert truly doesn't exist
|
|
84
|
+
}
|
|
70
85
|
return { exists: false, valid: false };
|
|
71
86
|
}
|
|
72
87
|
// Read cert with sudo if needed
|
|
@@ -124,9 +139,8 @@ function checkCertificate(domain, warnDays = 7) {
|
|
|
124
139
|
*/
|
|
125
140
|
function isNginxRunning() {
|
|
126
141
|
try {
|
|
127
|
-
const output = (0, child_process_1.execSync)('
|
|
142
|
+
const output = (0, child_process_1.execSync)('docker ps --filter name=factiii_nginx --format "{{.Names}}"', {
|
|
128
143
|
encoding: 'utf8',
|
|
129
|
-
timeout: 10000,
|
|
130
144
|
});
|
|
131
145
|
return output.trim() === 'factiii_nginx';
|
|
132
146
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssl-cert-helper.js","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBH,
|
|
1
|
+
{"version":3,"file":"ssl-cert-helper.js","sourceRoot":"","sources":["../../src/scanfix/ssl-cert-helper.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBH,4CA6FC;AAOD,wCASC;AA9HD,iDAAyC;AACzC,uCAAyB;AASzB;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,MAAc,EAAE,WAAmB,CAAC;IACnE,MAAM,QAAQ,GAAG,wBAAwB,GAAG,MAAM,GAAG,gBAAgB,CAAC;IAEtE,kEAAkE;IAClE,IAAI,WAAW,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAE1C,mEAAmE;IACnE,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,IAAA,wBAAQ,EAAC,gBAAgB,GAAG,QAAQ,GAAG,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9E,WAAW,GAAG,IAAI,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;QACnD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,mFAAmF;QACnF,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,wBAAQ,EACxB,mCAAmC,GAAG,MAAM,GAAG,mBAAmB,GAAG,MAAM,GAAG,yDAAyD,EACvI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CACrC,CAAC;YACF,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC/C,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACtC,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAChC,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC5D,CAAC;gBACF,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,eAAe,GAAG,QAAQ;oBACjC,aAAa,EAAE,eAAe;iBAC/B,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6CAA6C;QAC/C,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;IAED,gCAAgC;IAChC,MAAM,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,mBAAmB,CAAC;IACxB,MAAM,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,GAAG,CAAC;IAE1C,IAAI,CAAC;QACH,oDAAoD;QACpD,MAAM,YAAY,GAAG,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QAC7C,IAAA,wBAAQ,EAAC,OAAO,GAAG,aAAa,GAAG,YAAY,GAAG,SAAS,GAAG,OAAO,EAAE;YACrE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,qCAAqC;QACrC,MAAM,YAAY,GAAG,IAAA,wBAAQ,EAAC,OAAO,GAAG,kBAAkB,GAAG,OAAO,EAAE;YACpE,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACxD,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAChC,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC5D,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,eAAe,EAAE,CAAC;QACvE,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,0DAA0D;QAC1D,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAA,wBAAQ,EAAC,OAAO,GAAG,kBAAkB,GAAG,OAAO,EAAE;gBACpE,QAAQ,EAAE,MAAM;aACjB,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClC,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAChC,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAC5D,CAAC;gBACF,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,KAAK;oBACZ,aAAa,EAAE,eAAe;oBAC9B,KAAK,EAAE,0BAA0B,GAAG,eAAe,GAAG,OAAO;iBAC9D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;QACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;IACvF,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,cAAc;IAC5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,6DAA6D,EAAE;YACrF,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,KAAK,eAAe,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -271,31 +271,31 @@ function generateNginx(allConfigs) {
|
|
|
271
271
|
return 0;
|
|
272
272
|
}
|
|
273
273
|
// Generate nginx config
|
|
274
|
-
let nginxConf = `# Auto-generated nginx configuration
|
|
275
|
-
# Generated by: npx stack (generate-all)
|
|
276
|
-
# Do not edit directly - modify stack.yml files and run: npx stack deploy
|
|
277
|
-
|
|
278
|
-
events {
|
|
279
|
-
worker_connections 1024;
|
|
280
|
-
}
|
|
281
|
-
|
|
282
|
-
http {
|
|
283
|
-
include /etc/nginx/mime.types;
|
|
284
|
-
default_type application/octet-stream;
|
|
285
|
-
|
|
286
|
-
sendfile on;
|
|
287
|
-
keepalive_timeout 65;
|
|
288
|
-
client_max_body_size 100M;
|
|
289
|
-
|
|
290
|
-
# Logging
|
|
291
|
-
access_log /var/log/nginx/access.log;
|
|
292
|
-
error_log /var/log/nginx/error.log;
|
|
293
|
-
|
|
294
|
-
# Gzip
|
|
295
|
-
gzip on;
|
|
296
|
-
gzip_vary on;
|
|
297
|
-
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
298
|
-
|
|
274
|
+
let nginxConf = `# Auto-generated nginx configuration
|
|
275
|
+
# Generated by: npx stack (generate-all)
|
|
276
|
+
# Do not edit directly - modify stack.yml files and run: npx stack deploy
|
|
277
|
+
|
|
278
|
+
events {
|
|
279
|
+
worker_connections 1024;
|
|
280
|
+
}
|
|
281
|
+
|
|
282
|
+
http {
|
|
283
|
+
include /etc/nginx/mime.types;
|
|
284
|
+
default_type application/octet-stream;
|
|
285
|
+
|
|
286
|
+
sendfile on;
|
|
287
|
+
keepalive_timeout 65;
|
|
288
|
+
client_max_body_size 100M;
|
|
289
|
+
|
|
290
|
+
# Logging
|
|
291
|
+
access_log /var/log/nginx/access.log;
|
|
292
|
+
error_log /var/log/nginx/error.log;
|
|
293
|
+
|
|
294
|
+
# Gzip
|
|
295
|
+
gzip on;
|
|
296
|
+
gzip_vary on;
|
|
297
|
+
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
298
|
+
|
|
299
299
|
`;
|
|
300
300
|
// ============================================================
|
|
301
301
|
// CRITICAL: HTTPS Certificate Paths
|
|
@@ -308,54 +308,54 @@ http {
|
|
|
308
308
|
for (const { domain, service, port } of routes) {
|
|
309
309
|
// Always generate HTTPS-capable config
|
|
310
310
|
// Certificates must exist before nginx can start (obtained via: npx stack fix --staging/--prod)
|
|
311
|
-
nginxConf += `
|
|
312
|
-
# ${service} - ${domain}
|
|
313
|
-
|
|
314
|
-
# HTTP - ACME challenge + redirect to HTTPS
|
|
315
|
-
server {
|
|
316
|
-
listen 80;
|
|
317
|
-
server_name ${domain};
|
|
318
|
-
|
|
319
|
-
# Allow certbot ACME challenge (for renewals)
|
|
320
|
-
location /.well-known/acme-challenge/ {
|
|
321
|
-
root /var/www/certbot;
|
|
322
|
-
}
|
|
323
|
-
|
|
324
|
-
# Redirect all other traffic to HTTPS
|
|
325
|
-
location / {
|
|
326
|
-
return 301 https://$server_name$request_uri;
|
|
327
|
-
}
|
|
328
|
-
}
|
|
329
|
-
|
|
330
|
-
# HTTPS - main server block
|
|
331
|
-
server {
|
|
332
|
-
listen 443 ssl;
|
|
333
|
-
http2 on;
|
|
334
|
-
server_name ${domain};
|
|
335
|
-
|
|
336
|
-
# SSL certificate paths (Let's Encrypt)
|
|
337
|
-
ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
|
|
338
|
-
ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
|
|
339
|
-
|
|
340
|
-
# SSL security settings
|
|
341
|
-
ssl_protocols TLSv1.2 TLSv1.3;
|
|
342
|
-
ssl_prefer_server_ciphers on;
|
|
343
|
-
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
|
|
344
|
-
ssl_session_cache shared:SSL:10m;
|
|
345
|
-
ssl_session_timeout 10m;
|
|
346
|
-
|
|
347
|
-
location / {
|
|
348
|
-
proxy_pass http://${service}:${port};
|
|
349
|
-
proxy_http_version 1.1;
|
|
350
|
-
proxy_set_header Upgrade $http_upgrade;
|
|
351
|
-
proxy_set_header Connection 'upgrade';
|
|
352
|
-
proxy_set_header Host $host;
|
|
353
|
-
proxy_cache_bypass $http_upgrade;
|
|
354
|
-
proxy_set_header X-Real-IP $remote_addr;
|
|
355
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
356
|
-
proxy_set_header X-Forwarded-Proto $scheme;
|
|
357
|
-
}
|
|
358
|
-
}
|
|
311
|
+
nginxConf += `
|
|
312
|
+
# ${service} - ${domain}
|
|
313
|
+
|
|
314
|
+
# HTTP - ACME challenge + redirect to HTTPS
|
|
315
|
+
server {
|
|
316
|
+
listen 80;
|
|
317
|
+
server_name ${domain};
|
|
318
|
+
|
|
319
|
+
# Allow certbot ACME challenge (for renewals)
|
|
320
|
+
location /.well-known/acme-challenge/ {
|
|
321
|
+
root /var/www/certbot;
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
# Redirect all other traffic to HTTPS
|
|
325
|
+
location / {
|
|
326
|
+
return 301 https://$server_name$request_uri;
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
|
|
330
|
+
# HTTPS - main server block
|
|
331
|
+
server {
|
|
332
|
+
listen 443 ssl;
|
|
333
|
+
http2 on;
|
|
334
|
+
server_name ${domain};
|
|
335
|
+
|
|
336
|
+
# SSL certificate paths (Let's Encrypt)
|
|
337
|
+
ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
|
|
338
|
+
ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
|
|
339
|
+
|
|
340
|
+
# SSL security settings
|
|
341
|
+
ssl_protocols TLSv1.2 TLSv1.3;
|
|
342
|
+
ssl_prefer_server_ciphers on;
|
|
343
|
+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
|
|
344
|
+
ssl_session_cache shared:SSL:10m;
|
|
345
|
+
ssl_session_timeout 10m;
|
|
346
|
+
|
|
347
|
+
location / {
|
|
348
|
+
proxy_pass http://${service}:${port};
|
|
349
|
+
proxy_http_version 1.1;
|
|
350
|
+
proxy_set_header Upgrade $http_upgrade;
|
|
351
|
+
proxy_set_header Connection 'upgrade';
|
|
352
|
+
proxy_set_header Host $host;
|
|
353
|
+
proxy_cache_bypass $http_upgrade;
|
|
354
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
355
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
356
|
+
proxy_set_header X-Forwarded-Proto $scheme;
|
|
357
|
+
}
|
|
358
|
+
}
|
|
359
359
|
`;
|
|
360
360
|
}
|
|
361
361
|
nginxConf += `}\n`;
|
|
@@ -154,8 +154,8 @@ function formatDeploymentReport(data) {
|
|
|
154
154
|
function formatWorkflowSummary(data) {
|
|
155
155
|
const report = formatDeploymentReport(data);
|
|
156
156
|
// Workflow summaries support markdown, so we can enhance it
|
|
157
|
-
return `\`\`\`
|
|
158
|
-
${report}
|
|
157
|
+
return `\`\`\`
|
|
158
|
+
${report}
|
|
159
159
|
\`\`\``;
|
|
160
160
|
}
|
|
161
161
|
/**
|