@firestartr/cli 1.53.0-snapshot-5 → 1.53.0-snapshot-7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/build/index.js +110 -395
  2. package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts +0 -47
  3. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +34 -73
  4. package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts +0 -6
  5. package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts +0 -6
  6. package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts +0 -24
  7. package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts +0 -6
  8. package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts +0 -6
  9. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts +34 -2
  10. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts +34 -2
  11. package/build/packages/operator/src/utils/index.d.ts +0 -7
  12. package/build/packages/provisioner/src/resources/resource.d.ts +1 -4
  13. package/package.json +1 -1
package/build/index.js CHANGED
@@ -357572,69 +357572,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357572
357572
  },
357573
357573
  additionalProperties: false,
357574
357574
  },
357575
- PolicyType: {
357576
- $id: 'firestartr.dev://common/PolicyType',
357577
- type: 'string',
357578
- description: 'Policy for resource management',
357579
- enum: [
357580
- 'apply',
357581
- 'create-only',
357582
- 'create-update-only',
357583
- 'full-control',
357584
- 'observe',
357585
- 'observe-only',
357586
- ],
357587
- },
357588
- SyncConfig: {
357589
- $id: 'firestartr.dev://common/SyncConfig',
357590
- type: 'object',
357591
- description: 'Sync configuration for resources',
357592
- properties: {
357593
- enabled: {
357594
- type: 'boolean',
357595
- description: 'Enable periodic sync operations',
357596
- },
357597
- period: {
357598
- type: 'string',
357599
- pattern: '^[0-9]+[smhd]$',
357600
- description: 'Sync period (e.g., 1h, 30m, 5s). Must be enabled without schedule.',
357601
- },
357602
- schedule: {
357603
- type: 'string',
357604
- description: 'Cron schedule for sync operations. Must be enabled without period.',
357605
- },
357606
- schedule_timezone: {
357607
- type: 'string',
357608
- description: 'Timezone for cron schedule (e.g., UTC, America/New_York)',
357609
- },
357610
- policy: {
357611
- type: 'string',
357612
- description: 'Policy for sync operations (apply or observe)',
357613
- },
357614
- },
357615
- additionalProperties: false,
357616
- required: ['enabled'],
357617
- oneOf: [
357618
- {
357619
- required: ['period'],
357620
- },
357621
- {
357622
- required: ['schedule'],
357623
- },
357624
- {
357625
- not: {
357626
- anyOf: [
357627
- {
357628
- required: ['period'],
357629
- },
357630
- {
357631
- required: ['schedule'],
357632
- },
357633
- ],
357634
- },
357635
- },
357636
- ],
357637
- },
357638
357575
  },
357639
357576
  });
357640
357577
 
@@ -357995,9 +357932,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357995
357932
  {
357996
357933
  type: 'object',
357997
357934
  properties: {
357998
- policy: {
357999
- $ref: 'firestartr.dev://common/PolicyType',
358000
- },
358001
357935
  privacy: {
358002
357936
  type: 'string',
358003
357937
  enum: ['closed', 'secret'],
@@ -358008,9 +357942,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358008
357942
  org: {
358009
357943
  type: 'string',
358010
357944
  },
358011
- sync: {
358012
- $ref: 'firestartr.dev://common/SyncConfig',
358013
- },
358014
357945
  },
358015
357946
  required: ['org', 'privacy'],
358016
357947
  },
@@ -358036,9 +357967,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358036
357967
  {
358037
357968
  type: 'object',
358038
357969
  properties: {
358039
- policy: {
358040
- $ref: 'firestartr.dev://common/PolicyType',
358041
- },
358042
357970
  role: {
358043
357971
  type: 'string',
358044
357972
  enum: ['admin', 'member'],
@@ -358046,9 +357974,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358046
357974
  org: {
358047
357975
  type: 'string',
358048
357976
  },
358049
- sync: {
358050
- $ref: 'firestartr.dev://common/SyncConfig',
358051
- },
358052
357977
  },
358053
357978
  required: ['org', 'role'],
358054
357979
  },
@@ -358073,9 +357998,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358073
357998
  {
358074
357999
  type: 'object',
358075
358000
  properties: {
358076
- policy: {
358077
- $ref: 'firestartr.dev://common/PolicyType',
358078
- },
358079
358001
  org: {
358080
358002
  type: 'string',
358081
358003
  description: 'The github organization name',
@@ -358084,9 +358006,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358084
358006
  type: 'string',
358085
358007
  enum: ['private', 'public', 'internal'],
358086
358008
  },
358087
- sync: {
358088
- $ref: 'firestartr.dev://common/SyncConfig',
358089
- },
358090
358009
  features: {
358091
358010
  type: 'array',
358092
358011
  items: {
@@ -358122,9 +358041,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358122
358041
  {
358123
358042
  type: 'object',
358124
358043
  properties: {
358125
- policy: {
358126
- $ref: 'firestartr.dev://common/PolicyType',
358127
- },
358128
358044
  orgName: {
358129
358045
  type: 'string',
358130
358046
  description: 'Organization name on GitHub',
@@ -358158,9 +358074,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358158
358074
  },
358159
358075
  required: ['url', 'contentType', 'events', 'secretRef'],
358160
358076
  },
358161
- sync: {
358162
- $ref: 'firestartr.dev://common/SyncConfig',
358163
- },
358164
358077
  },
358165
358078
  required: ['orgName', 'webhook'],
358166
358079
  },
@@ -358332,7 +358245,15 @@ const GithubSchemas = [
358332
358245
  type: 'object',
358333
358246
  properties: {
358334
358247
  policy: {
358335
- $ref: 'firestartr.dev://common/PolicyType',
358248
+ type: 'string',
358249
+ enum: [
358250
+ 'apply',
358251
+ 'create-only',
358252
+ 'create-update-only',
358253
+ 'full-control',
358254
+ 'observe',
358255
+ 'observe-only',
358256
+ ],
358336
358257
  },
358337
358258
  name: {
358338
358259
  type: 'string',
@@ -358342,7 +358263,47 @@ const GithubSchemas = [
358342
358263
  enum: ['remote', 'inline', 'Remote', 'Inline'],
358343
358264
  },
358344
358265
  sync: {
358345
- $ref: 'firestartr.dev://common/SyncConfig',
358266
+ type: 'object',
358267
+ properties: {
358268
+ enabled: {
358269
+ type: 'boolean',
358270
+ },
358271
+ period: {
358272
+ type: 'string',
358273
+ pattern: '^[0-9]+[smhd]$',
358274
+ },
358275
+ schedule: {
358276
+ type: 'string',
358277
+ },
358278
+ schedule_timezone: {
358279
+ type: 'string',
358280
+ },
358281
+ policy: {
358282
+ type: 'string',
358283
+ },
358284
+ },
358285
+ additionalProperties: false,
358286
+ required: ['enabled'],
358287
+ oneOf: [
358288
+ {
358289
+ required: ['period'],
358290
+ },
358291
+ {
358292
+ required: ['schedule'],
358293
+ },
358294
+ {
358295
+ not: {
358296
+ anyOf: [
358297
+ {
358298
+ required: ['period'],
358299
+ },
358300
+ {
358301
+ required: ['schedule'],
358302
+ },
358303
+ ],
358304
+ },
358305
+ },
358306
+ ],
358346
358307
  },
358347
358308
  valuesSchema: {
358348
358309
  type: 'string',
@@ -370449,15 +370410,10 @@ class Resource {
370449
370410
  this.set('operation', operation);
370450
370411
  this.set('deps', deps);
370451
370412
  }
370452
- async run(options) {
370413
+ async run() {
370453
370414
  await this.preprocess();
370454
370415
  await this.synth();
370455
- if (options?.planOnly) {
370456
- await this.runTerraformPlanOnly();
370457
- }
370458
- else {
370459
- await this.runTerraform();
370460
- }
370416
+ await this.runTerraform();
370461
370417
  await this.postprocess();
370462
370418
  if (this.logStream) {
370463
370419
  this.logStream.end();
@@ -370482,13 +370438,6 @@ class Resource {
370482
370438
  log(msg) {
370483
370439
  this.logFn(msg);
370484
370440
  }
370485
- async runTerraformPlanOnly() {
370486
- await this.onTFStreaming();
370487
- let output = '';
370488
- output += await terraformInit(this.get('main_artifact'), this.logStream);
370489
- output += await terraformPlan(this.get('main_artifact'), this.logStream);
370490
- this.set('output', output);
370491
- }
370492
370441
  async runTerraform() {
370493
370442
  await this.onTFStreaming();
370494
370443
  let output = '';
@@ -370876,7 +370825,7 @@ async function runProvisioner(data, opts) {
370876
370825
  if ('logStreamCallbacksTF' in opts) {
370877
370826
  resource.setTFStreamLogs(opts['logStreamCallbacksTF']);
370878
370827
  }
370879
- await resource.run({ planOnly: opts.planOnly });
370828
+ await resource.run();
370880
370829
  return resource;
370881
370830
  }
370882
370831
  function createInstanceOf(entity, op, deps) {
@@ -371158,51 +371107,6 @@ function helperCreateCheckRunName(cmd, item) {
371158
371107
  return `${item.kind} - ${cmd}`;
371159
371108
  }
371160
371109
 
371161
- ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
371162
- const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
371163
- function replaceConfigSecrets(config, secrets) {
371164
- for (const key in config) {
371165
- if (typeof config[key] === 'object' && config[key] !== null) {
371166
- // If the property is an object, call this function recursively
371167
- replaceConfigSecrets(config[key], secrets);
371168
- }
371169
- else if (typeof config[key] === 'string') {
371170
- // If the property is a string and its value is equal to secrets.something,
371171
- // replace the value with the value of the 'something' key in the secrets object
371172
- config[key] = config[key].replace(secretRegex, (_, group1) => {
371173
- if (!secrets[group1]) {
371174
- throw new Error(`Secret ${group1} not found in secrets`);
371175
- }
371176
- return secrets[group1];
371177
- });
371178
- }
371179
- }
371180
- return config;
371181
- }
371182
- function replaceInlineSecrets(inline, secrets) {
371183
- if (typeof inline !== 'string' || !inline)
371184
- return inline;
371185
- let result = inline;
371186
- result = result.replace(secretRegex, (_, group1) => {
371187
- if (!secrets[group1]) {
371188
- throw new Error(`Secret ${group1} not found in secrets`);
371189
- }
371190
- return secrets[group1];
371191
- });
371192
- return result;
371193
- }
371194
- /**
371195
- * Retrieves a policy annotation value from a custom resource
371196
- * @param item - The CR to get the policy from
371197
- * @param annotation - The annotation key to retrieve
371198
- * @returns The policy value, or undefined if not set
371199
- */
371200
- function getPolicy(item, annotation) {
371201
- const policy = item.metadata.annotations && item.metadata.annotations[annotation];
371202
- if (policy)
371203
- return policy;
371204
- }
371205
-
371206
371110
  ;// CONCATENATED MODULE: ../operator/cdktf.ts
371207
371111
 
371208
371112
 
@@ -371212,17 +371116,9 @@ function getPolicy(item, annotation) {
371212
371116
 
371213
371117
 
371214
371118
 
371215
-
371216
- const cdktf_LAST_STATE_PR_ANNOTATION = 'firestartr.dev/last-state-pr';
371217
371119
  function processOperation(item, op, handler) {
371218
371120
  operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
371219
371121
  try {
371220
- const policy = getPolicy(item, 'firestartr.dev/policy');
371221
- // If general policy is observe/observe-only, route to observe mode instead of apply
371222
- if (!policy || policy === 'observe' || policy === 'observe-only') {
371223
- operator_src_logger.info(`Policy is '${policy || 'not set (default)'}', routing to observe mode`);
371224
- return cdktf_observe(item, op, handler);
371225
- }
371226
371122
  switch (op) {
371227
371123
  case OperationType.UPDATED:
371228
371124
  return updated(item, op, handler);
@@ -371247,11 +371143,6 @@ function processOperation(item, op, handler) {
371247
371143
  throw e;
371248
371144
  }
371249
371145
  }
371250
- async function* cdktf_observe(item, op, handler) {
371251
- for await (const transition of doPlan(item, op, handler)) {
371252
- yield transition;
371253
- }
371254
- }
371255
371146
  async function* created(item, op, handler) {
371256
371147
  for await (const transition of doApply(item, op, handler)) {
371257
371148
  yield transition;
@@ -371287,18 +371178,8 @@ async function* sync(item, op, handler) {
371287
371178
  status: 'False',
371288
371179
  message: 'Synth CDKTF',
371289
371180
  };
371290
- const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
371291
- if (syncPolicy === 'apply') {
371292
- operator_src_logger.info(`SYNC OPERATION: applying item ${item.metadata.name} with sync-policy=${syncPolicy}`);
371293
- for await (const transition of doApply(item, op, handler)) {
371294
- yield transition;
371295
- }
371296
- }
371297
- else {
371298
- operator_src_logger.info(`SYNC OPERATION: planning item ${item.metadata.name} with sync-policy=${syncPolicy || 'default (observe)'}`);
371299
- for await (const transition of doPlan(item, op, handler)) {
371300
- yield transition;
371301
- }
371181
+ for await (const transition of doApply(item, op, handler)) {
371182
+ yield transition;
371302
371183
  }
371303
371184
  yield {
371304
371185
  item,
@@ -371337,14 +371218,15 @@ async function* markedToDeletion(item, op, handler) {
371337
371218
  message: 'Destroying process started',
371338
371219
  };
371339
371220
  const deps = await handler.resolveReferences();
371340
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371221
+ const annotation = 'firestartr.dev/last-state-pr';
371222
+ const statePr = item?.metadata?.annotations?.[annotation];
371341
371223
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371342
371224
  if (!hasStatePr) {
371343
371225
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371344
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371226
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371345
371227
  }
371346
371228
  else {
371347
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371229
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371348
371230
  }
371349
371231
  const destroyOutput = await provisioner.runProvisioner({
371350
371232
  mainCr: item,
@@ -371379,7 +371261,7 @@ async function* markedToDeletion(item, op, handler) {
371379
371261
  };
371380
371262
  await handler.finalize(handler.pluralKind, item.metadata.namespace, item, 'firestartr.dev/finalizer');
371381
371263
  await handler.writeTerraformOutputInTfResult(item, output);
371382
- if (item.metadata.annotations[cdktf_LAST_STATE_PR_ANNOTATION] || false) {
371264
+ if (item.metadata.annotations['firestartr.dev/last-state-pr'] || false) {
371383
371265
  await addDestroyCommitStatus(item, 'success', 'Destroy operation completed', `Terraform Destroy ${item.metadata.name}`);
371384
371266
  }
371385
371267
  void handler.success();
@@ -371460,14 +371342,15 @@ async function* doApply(item, op, handler) {
371460
371342
  }
371461
371343
  const deps = await handler.resolveReferences();
371462
371344
  operator_src_logger.info(`Item ${item.metadata.name} has the following dependencies: ${deps}`);
371463
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371345
+ const annotation = 'firestartr.dev/last-state-pr';
371346
+ const statePr = item?.metadata?.annotations?.[annotation];
371464
371347
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371465
371348
  if (!hasStatePr) {
371466
371349
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371467
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371350
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371468
371351
  }
371469
371352
  else {
371470
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371353
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371471
371354
  }
371472
371355
  const applyOutput = await provisioner.runProvisioner({
371473
371356
  mainCr: item,
@@ -371563,219 +371446,6 @@ async function* doApply(item, op, handler) {
371563
371446
  }
371564
371447
  }
371565
371448
  }
371566
- async function* doPlan(item, op, handler) {
371567
- let checkRunCtl;
371568
- try {
371569
- cleanTerraformState();
371570
- yield {
371571
- item,
371572
- reason: op,
371573
- type: 'PLANNING',
371574
- status: 'True',
371575
- message: 'Planning process started',
371576
- };
371577
- const deps = await handler.resolveReferences();
371578
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371579
- const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371580
- if (!hasStatePr) {
371581
- operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371582
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs for plan.`);
371583
- }
371584
- else {
371585
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371586
- await addPlanStatusCheck(statePr, 'CDKTF plan in progress...');
371587
- }
371588
- // Run provisioner in plan-only mode
371589
- const planResult = await provisioner.runProvisioner({ mainCr: item, deps }, {
371590
- planOnly: true,
371591
- delete: 'deletionTimestamp' in item.metadata,
371592
- ...(hasStatePr
371593
- ? {
371594
- logStreamCallbacksCDKTF: {
371595
- prepare: async () => {
371596
- checkRunCtl = await GHCheckRun('synth', item);
371597
- return checkRunCtl;
371598
- },
371599
- },
371600
- logStreamCallbacksTF: {
371601
- prepare: async () => {
371602
- checkRunCtl = await GHCheckRun('plan', item);
371603
- return checkRunCtl;
371604
- },
371605
- },
371606
- }
371607
- : {}),
371608
- });
371609
- const planOutput = planResult?.output || '';
371610
- // Parse terraform plan output to detect changes
371611
- // Handles multiple Terraform output formats and versions
371612
- const hasChanges = detectPlanChanges(planOutput);
371613
- if (hasChanges) {
371614
- yield {
371615
- item,
371616
- reason: op,
371617
- type: 'OUT_OF_SYNC',
371618
- status: 'True',
371619
- message: 'Plan has changes',
371620
- };
371621
- yield {
371622
- item,
371623
- reason: op,
371624
- type: 'PROVISIONED',
371625
- status: 'False',
371626
- message: 'Plan has changes',
371627
- };
371628
- }
371629
- else {
371630
- yield {
371631
- item,
371632
- reason: op,
371633
- type: 'OUT_OF_SYNC',
371634
- status: 'False',
371635
- message: 'Plan has no changes',
371636
- };
371637
- yield {
371638
- item,
371639
- reason: op,
371640
- type: 'PROVISIONED',
371641
- status: 'True',
371642
- message: 'Plan has no changes',
371643
- };
371644
- }
371645
- // Store plan details for later reference
371646
- yield {
371647
- item,
371648
- reason: op,
371649
- type: 'LAST_PLAN_DETAILS',
371650
- status: 'Unknown',
371651
- message: planOutput,
371652
- };
371653
- yield {
371654
- item,
371655
- reason: op,
371656
- type: 'PLANNING',
371657
- status: 'False',
371658
- message: 'Planning process finished',
371659
- };
371660
- if (hasStatePr) {
371661
- await addPlanStatusCheck(statePr, hasChanges ? 'Plan has changes' : 'Plan has no changes', 'completed');
371662
- }
371663
- }
371664
- catch (e) {
371665
- operator_src_logger.error(`CDKTF plan failed: ${e}`);
371666
- if (checkRunCtl) {
371667
- checkRunCtl.fnOnError(e);
371668
- }
371669
- yield {
371670
- item,
371671
- reason: op,
371672
- type: 'ERROR',
371673
- status: 'True',
371674
- message: e.toString(),
371675
- };
371676
- yield {
371677
- item,
371678
- reason: op,
371679
- type: 'PLANNING',
371680
- status: 'False',
371681
- message: e.toString(),
371682
- };
371683
- yield {
371684
- item,
371685
- reason: op,
371686
- type: 'PROVISIONED',
371687
- status: 'False',
371688
- message: e.toString(),
371689
- };
371690
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371691
- if (statePr) {
371692
- const summaryText = tryCreateErrorSummary('CDKTF Plan failed', e);
371693
- await addPlanStatusCheck(statePr, summaryText, 'completed', true);
371694
- }
371695
- await handler.writeTerraformOutputInTfResult(item, e);
371696
- void handler.error();
371697
- }
371698
- }
371699
- /**
371700
- * Detects if a Terraform plan output contains changes
371701
- * Handles multiple Terraform versions and output formats
371702
- * @param planOutput - The text output from terraform plan
371703
- * @returns true if changes are detected, false otherwise
371704
- */
371705
- function detectPlanChanges(planOutput) {
371706
- if (!planOutput || planOutput.trim().length === 0) {
371707
- return false;
371708
- }
371709
- // Normalize the output for consistent matching
371710
- const normalized = planOutput.toLowerCase();
371711
- // Pattern 1: "Plan: X to add, Y to change, Z to destroy"
371712
- // Matches: "Plan: 1 to add, 0 to change, 0 to destroy"
371713
- const planPattern = /plan:\s*(\d+)\s+to\s+add,\s*(\d+)\s+to\s+change,\s*(\d+)\s+to\s+destroy/i;
371714
- const planMatch = planOutput.match(planPattern);
371715
- if (planMatch) {
371716
- const add = Number(planMatch[1]);
371717
- const change = Number(planMatch[2]);
371718
- const destroy = Number(planMatch[3]);
371719
- if (add > 0 || change > 0 || destroy > 0) {
371720
- return true;
371721
- }
371722
- // Explicitly found "Plan:" with 0/0/0 - no changes
371723
- return false;
371724
- }
371725
- // Pattern 2: Individual change indicators
371726
- // Handles variations like "1 to add", "2 to change", "3 to destroy"
371727
- const hasAdditions = /\d+\s+to\s+add/i.test(planOutput);
371728
- const hasChanges = /\d+\s+to\s+change/i.test(planOutput);
371729
- const hasDestructions = /\d+\s+to\s+destroy/i.test(planOutput);
371730
- const hasImports = /\d+\s+to\s+import/i.test(planOutput);
371731
- if (hasAdditions || hasChanges || hasDestructions || hasImports) {
371732
- return true;
371733
- }
371734
- // Pattern 3: Resource-level change indicators
371735
- // Matches: "# resource will be created", "# resource will be updated", etc.
371736
- const resourceChangePatterns = [
371737
- /will\s+be\s+(created|destroyed|updated|replaced)/i,
371738
- /must\s+be\s+(created|destroyed|updated|replaced)/i,
371739
- /#.*\s+(create|destroy|update|replace)/i,
371740
- ];
371741
- for (const pattern of resourceChangePatterns) {
371742
- if (pattern.test(planOutput)) {
371743
- return true;
371744
- }
371745
- }
371746
- // Pattern 4: Action symbols in plan output
371747
- // Terraform uses symbols like +, -, ~, -/+ to indicate changes
371748
- const actionSymbols = [
371749
- /^\s*[+]\s+/m,
371750
- /^\s*[-]\s+/m,
371751
- /^\s*[~]\s+/m,
371752
- /^\s*[-][/][+]\s+/m, // Replace
371753
- ];
371754
- for (const pattern of actionSymbols) {
371755
- if (pattern.test(planOutput)) {
371756
- return true;
371757
- }
371758
- }
371759
- // Pattern 5: No changes messages (inverse check)
371760
- const noChangesPatterns = [
371761
- /no\s+changes/i,
371762
- /infrastructure\s+is\s+up[-\s]to[-\s]date/i,
371763
- /your\s+infrastructure\s+matches\s+the\s+configuration/i,
371764
- /0\s+to\s+add,\s*0\s+to\s+change,\s*0\s+to\s+destroy/i,
371765
- ];
371766
- for (const pattern of noChangesPatterns) {
371767
- if (pattern.test(planOutput)) {
371768
- return false;
371769
- }
371770
- }
371771
- // If we find "Plan:" keyword but couldn't parse it, log a warning and assume no changes
371772
- if (normalized.includes('plan:')) {
371773
- operator_src_logger.warn('Found "Plan:" in output but could not parse change counts. Assuming no changes.');
371774
- return false;
371775
- }
371776
- // Default: assume no changes if we can't detect any
371777
- return false;
371778
- }
371779
371449
  function cleanTerraformState() {
371780
371450
  external_fs_.rmSync('/library/packages/provisioner/cdktf.out', {
371781
371451
  recursive: true,
@@ -372775,6 +372445,40 @@ function tf_checkrun_helperCreateCheckRunName(cmd) {
372775
372445
  return `TFWorkspace - ${cmd}`;
372776
372446
  }
372777
372447
 
372448
+ ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
372449
+ const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
372450
+ function replaceConfigSecrets(config, secrets) {
372451
+ for (const key in config) {
372452
+ if (typeof config[key] === 'object' && config[key] !== null) {
372453
+ // If the property is an object, call this function recursively
372454
+ replaceConfigSecrets(config[key], secrets);
372455
+ }
372456
+ else if (typeof config[key] === 'string') {
372457
+ // If the property is a string and its value is equal to secrets.something,
372458
+ // replace the value with the value of the 'something' key in the secrets object
372459
+ config[key] = config[key].replace(secretRegex, (_, group1) => {
372460
+ if (!secrets[group1]) {
372461
+ throw new Error(`Secret ${group1} not found in secrets`);
372462
+ }
372463
+ return secrets[group1];
372464
+ });
372465
+ }
372466
+ }
372467
+ return config;
372468
+ }
372469
+ function replaceInlineSecrets(inline, secrets) {
372470
+ if (typeof inline !== 'string' || !inline)
372471
+ return inline;
372472
+ let result = inline;
372473
+ result = result.replace(secretRegex, (_, group1) => {
372474
+ if (!secrets[group1]) {
372475
+ throw new Error(`Secret ${group1} not found in secrets`);
372476
+ }
372477
+ return secrets[group1];
372478
+ });
372479
+ return result;
372480
+ }
372481
+
372778
372482
  ;// CONCATENATED MODULE: ../operator/src/tfworkspaces/process-operation.ts
372779
372483
 
372780
372484
 
@@ -372965,6 +372669,11 @@ async function* process_operation_renamed(item, op, handler) {
372965
372669
  yield transition;
372966
372670
  }
372967
372671
  }
372672
+ function getPolicy(item, annotation) {
372673
+ const policy = item.metadata.annotations && item.metadata.annotations[annotation];
372674
+ if (policy)
372675
+ return policy;
372676
+ }
372968
372677
  async function* process_operation_updated(item, op, handler) {
372969
372678
  for await (const transition of process_operation_doApply(item, op, handler)) {
372970
372679
  yield transition;
@@ -373608,7 +373317,7 @@ const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
373608
373317
  function processOperationPlan(item, op, handler) {
373609
373318
  try {
373610
373319
  processOperationPlan_clearLocalTfProjects();
373611
- const policy = getPolicy(item, 'firestartr.dev/policy');
373320
+ const policy = processOperationPlan_getPolicy(item);
373612
373321
  if (policy === 'observe' || policy === 'apply') {
373613
373322
  return processOperationPlan_plan(item, op, handler);
373614
373323
  }
@@ -374055,6 +373764,12 @@ function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
374055
373764
  throw new Error(`❌ Source ${cr.spec.source} not supported`);
374056
373765
  }
374057
373766
  }
373767
+ function processOperationPlan_getPolicy(item) {
373768
+ const policy = item.metadata.annotations &&
373769
+ item.metadata.annotations['firestartr.dev/policy'];
373770
+ if (policy)
373771
+ return policy;
373772
+ }
374058
373773
 
374059
373774
  ;// CONCATENATED MODULE: ../operator/src/ctx.ts
374060
373775
  class Ctx {
package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts CHANGED
@@ -91,53 +91,6 @@ declare const _default: {
91
91
  };
92
92
  additionalProperties: boolean;
93
93
  };
94
- PolicyType: {
95
- $id: string;
96
- type: string;
97
- description: string;
98
- enum: string[];
99
- };
100
- SyncConfig: {
101
- $id: string;
102
- type: string;
103
- description: string;
104
- properties: {
105
- enabled: {
106
- type: string;
107
- description: string;
108
- };
109
- period: {
110
- type: string;
111
- pattern: string;
112
- description: string;
113
- };
114
- schedule: {
115
- type: string;
116
- description: string;
117
- };
118
- schedule_timezone: {
119
- type: string;
120
- description: string;
121
- };
122
- policy: {
123
- type: string;
124
- description: string;
125
- };
126
- };
127
- additionalProperties: boolean;
128
- required: string[];
129
- oneOf: ({
130
- required: string[];
131
- not?: undefined;
132
- } | {
133
- not: {
134
- anyOf: {
135
- required: string[];
136
- }[];
137
- };
138
- required?: undefined;
139
- })[];
140
- };
141
94
  };
142
95
  };
143
96
  export default _default;
package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts CHANGED
@@ -95,53 +95,6 @@ declare const schemas: {
95
95
  };
96
96
  additionalProperties: boolean;
97
97
  };
98
- PolicyType: {
99
- $id: string;
100
- type: string;
101
- description: string;
102
- enum: string[];
103
- };
104
- SyncConfig: {
105
- $id: string;
106
- type: string;
107
- description: string;
108
- properties: {
109
- enabled: {
110
- type: string;
111
- description: string;
112
- };
113
- period: {
114
- type: string;
115
- pattern: string;
116
- description: string;
117
- };
118
- schedule: {
119
- type: string;
120
- description: string;
121
- };
122
- schedule_timezone: {
123
- type: string;
124
- description: string;
125
- };
126
- policy: {
127
- type: string;
128
- description: string;
129
- };
130
- };
131
- additionalProperties: boolean;
132
- required: string[];
133
- oneOf: ({
134
- required: string[];
135
- not?: undefined;
136
- } | {
137
- not: {
138
- anyOf: {
139
- required: string[];
140
- }[];
141
- };
142
- required?: undefined;
143
- })[];
144
- };
145
98
  };
146
99
  } | {
147
100
  $schema: string;
@@ -426,9 +379,6 @@ declare const schemas: {
426
379
  } | {
427
380
  type: string;
428
381
  properties: {
429
- policy: {
430
- $ref: string;
431
- };
432
382
  privacy: {
433
383
  type: string;
434
384
  enum: string[];
@@ -439,9 +389,6 @@ declare const schemas: {
439
389
  org: {
440
390
  type: string;
441
391
  };
442
- sync: {
443
- $ref: string;
444
- };
445
392
  };
446
393
  required: string[];
447
394
  $ref?: undefined;
@@ -464,9 +411,6 @@ declare const schemas: {
464
411
  } | {
465
412
  type: string;
466
413
  properties: {
467
- policy: {
468
- $ref: string;
469
- };
470
414
  role: {
471
415
  type: string;
472
416
  enum: string[];
@@ -474,9 +418,6 @@ declare const schemas: {
474
418
  org: {
475
419
  type: string;
476
420
  };
477
- sync: {
478
- $ref: string;
479
- };
480
421
  };
481
422
  required: string[];
482
423
  $ref?: undefined;
@@ -544,9 +485,6 @@ declare const schemas: {
544
485
  } | {
545
486
  type: string;
546
487
  properties: {
547
- policy: {
548
- $ref: string;
549
- };
550
488
  org: {
551
489
  type: string;
552
490
  description: string;
@@ -555,9 +493,6 @@ declare const schemas: {
555
493
  type: string;
556
494
  enum: string[];
557
495
  };
558
- sync: {
559
- $ref: string;
560
- };
561
496
  features: {
562
497
  type: string;
563
498
  items: {
@@ -592,9 +527,6 @@ declare const schemas: {
592
527
  } | {
593
528
  type: string;
594
529
  properties: {
595
- policy: {
596
- $ref: string;
597
- };
598
530
  orgName: {
599
531
  type: string;
600
532
  description: string;
@@ -628,9 +560,6 @@ declare const schemas: {
628
560
  };
629
561
  required: string[];
630
562
  };
631
- sync: {
632
- $ref: string;
633
- };
634
563
  };
635
564
  required: string[];
636
565
  $ref?: undefined;
@@ -735,7 +664,8 @@ declare const schemas: {
735
664
  type: string;
736
665
  properties: {
737
666
  policy: {
738
- $ref: string;
667
+ type: string;
668
+ enum: string[];
739
669
  };
740
670
  name: {
741
671
  type: string;
@@ -745,7 +675,38 @@ declare const schemas: {
745
675
  enum: string[];
746
676
  };
747
677
  sync: {
748
- $ref: string;
678
+ type: string;
679
+ properties: {
680
+ enabled: {
681
+ type: string;
682
+ };
683
+ period: {
684
+ type: string;
685
+ pattern: string;
686
+ };
687
+ schedule: {
688
+ type: string;
689
+ };
690
+ schedule_timezone: {
691
+ type: string;
692
+ };
693
+ policy: {
694
+ type: string;
695
+ };
696
+ };
697
+ additionalProperties: boolean;
698
+ required: string[];
699
+ oneOf: ({
700
+ required: string[];
701
+ not?: undefined;
702
+ } | {
703
+ not: {
704
+ anyOf: {
705
+ required: string[];
706
+ }[];
707
+ };
708
+ required?: undefined;
709
+ })[];
749
710
  };
750
711
  valuesSchema: {
751
712
  type: string;
package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts CHANGED
@@ -15,9 +15,6 @@ declare const _default: {
15
15
  } | {
16
16
  type: string;
17
17
  properties: {
18
- policy: {
19
- $ref: string;
20
- };
21
18
  org: {
22
19
  type: string;
23
20
  description: string;
@@ -26,9 +23,6 @@ declare const _default: {
26
23
  type: string;
27
24
  enum: string[];
28
25
  };
29
- sync: {
30
- $ref: string;
31
- };
32
26
  features: {
33
27
  type: string;
34
28
  items: {
package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts CHANGED
@@ -14,9 +14,6 @@ declare const _default: {
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  privacy: {
21
18
  type: string;
22
19
  enum: string[];
@@ -27,9 +24,6 @@ declare const _default: {
27
24
  org: {
28
25
  type: string;
29
26
  };
30
- sync: {
31
- $ref: string;
32
- };
33
27
  };
34
28
  required: string[];
35
29
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts CHANGED
@@ -14,9 +14,6 @@ export declare const GithubSchemas: ({
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  privacy: {
21
18
  type: string;
22
19
  enum: string[];
@@ -27,9 +24,6 @@ export declare const GithubSchemas: ({
27
24
  org: {
28
25
  type: string;
29
26
  };
30
- sync: {
31
- $ref: string;
32
- };
33
27
  };
34
28
  required: string[];
35
29
  $ref?: undefined;
@@ -52,9 +46,6 @@ export declare const GithubSchemas: ({
52
46
  } | {
53
47
  type: string;
54
48
  properties: {
55
- policy: {
56
- $ref: string;
57
- };
58
49
  role: {
59
50
  type: string;
60
51
  enum: string[];
@@ -62,9 +53,6 @@ export declare const GithubSchemas: ({
62
53
  org: {
63
54
  type: string;
64
55
  };
65
- sync: {
66
- $ref: string;
67
- };
68
56
  };
69
57
  required: string[];
70
58
  $ref?: undefined;
@@ -132,9 +120,6 @@ export declare const GithubSchemas: ({
132
120
  } | {
133
121
  type: string;
134
122
  properties: {
135
- policy: {
136
- $ref: string;
137
- };
138
123
  org: {
139
124
  type: string;
140
125
  description: string;
@@ -143,9 +128,6 @@ export declare const GithubSchemas: ({
143
128
  type: string;
144
129
  enum: string[];
145
130
  };
146
- sync: {
147
- $ref: string;
148
- };
149
131
  features: {
150
132
  type: string;
151
133
  items: {
@@ -180,9 +162,6 @@ export declare const GithubSchemas: ({
180
162
  } | {
181
163
  type: string;
182
164
  properties: {
183
- policy: {
184
- $ref: string;
185
- };
186
165
  orgName: {
187
166
  type: string;
188
167
  description: string;
@@ -216,9 +195,6 @@ export declare const GithubSchemas: ({
216
195
  };
217
196
  required: string[];
218
197
  };
219
- sync: {
220
- $ref: string;
221
- };
222
198
  };
223
199
  required: string[];
224
200
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts CHANGED
@@ -14,9 +14,6 @@ declare const _default: {
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  orgName: {
21
18
  type: string;
22
19
  description: string;
@@ -50,9 +47,6 @@ declare const _default: {
50
47
  };
51
48
  required: string[];
52
49
  };
53
- sync: {
54
- $ref: string;
55
- };
56
50
  };
57
51
  required: string[];
58
52
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts CHANGED
@@ -14,9 +14,6 @@ declare const _default: {
14
14
  } | {
15
15
  type: string;
16
16
  properties: {
17
- policy: {
18
- $ref: string;
19
- };
20
17
  role: {
21
18
  type: string;
22
19
  enum: string[];
@@ -24,9 +21,6 @@ declare const _default: {
24
21
  org: {
25
22
  type: string;
26
23
  };
27
- sync: {
28
- $ref: string;
29
- };
30
24
  };
31
25
  required: string[];
32
26
  $ref?: undefined;
package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts CHANGED
@@ -14,7 +14,8 @@ export declare const TerraformSchemas: {
14
14
  type: string;
15
15
  properties: {
16
16
  policy: {
17
- $ref: string;
17
+ type: string;
18
+ enum: string[];
18
19
  };
19
20
  name: {
20
21
  type: string;
@@ -24,7 +25,38 @@ export declare const TerraformSchemas: {
24
25
  enum: string[];
25
26
  };
26
27
  sync: {
27
- $ref: string;
28
+ type: string;
29
+ properties: {
30
+ enabled: {
31
+ type: string;
32
+ };
33
+ period: {
34
+ type: string;
35
+ pattern: string;
36
+ };
37
+ schedule: {
38
+ type: string;
39
+ };
40
+ schedule_timezone: {
41
+ type: string;
42
+ };
43
+ policy: {
44
+ type: string;
45
+ };
46
+ };
47
+ additionalProperties: boolean;
48
+ required: string[];
49
+ oneOf: ({
50
+ required: string[];
51
+ not?: undefined;
52
+ } | {
53
+ not: {
54
+ anyOf: {
55
+ required: string[];
56
+ }[];
57
+ };
58
+ required?: undefined;
59
+ })[];
28
60
  };
29
61
  valuesSchema: {
30
62
  type: string;
package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts CHANGED
@@ -14,7 +14,8 @@ declare const _default: {
14
14
  type: string;
15
15
  properties: {
16
16
  policy: {
17
- $ref: string;
17
+ type: string;
18
+ enum: string[];
18
19
  };
19
20
  name: {
20
21
  type: string;
@@ -24,7 +25,38 @@ declare const _default: {
24
25
  enum: string[];
25
26
  };
26
27
  sync: {
27
- $ref: string;
28
+ type: string;
29
+ properties: {
30
+ enabled: {
31
+ type: string;
32
+ };
33
+ period: {
34
+ type: string;
35
+ pattern: string;
36
+ };
37
+ schedule: {
38
+ type: string;
39
+ };
40
+ schedule_timezone: {
41
+ type: string;
42
+ };
43
+ policy: {
44
+ type: string;
45
+ };
46
+ };
47
+ additionalProperties: boolean;
48
+ required: string[];
49
+ oneOf: ({
50
+ required: string[];
51
+ not?: undefined;
52
+ } | {
53
+ not: {
54
+ anyOf: {
55
+ required: string[];
56
+ }[];
57
+ };
58
+ required?: undefined;
59
+ })[];
28
60
  };
29
61
  valuesSchema: {
30
62
  type: string;
package/build/packages/operator/src/utils/index.d.ts CHANGED
@@ -1,9 +1,2 @@
1
1
  export declare function replaceConfigSecrets(config: any, secrets: any): any;
2
2
  export declare function replaceInlineSecrets(inline: string, secrets: any): string;
3
- /**
4
- * Retrieves a policy annotation value from a custom resource
5
- * @param item - The CR to get the policy from
6
- * @param annotation - The annotation key to retrieve
7
- * @returns The policy value, or undefined if not set
8
- */
9
- export declare function getPolicy(item: any, annotation: string): string | undefined;
package/build/packages/provisioner/src/resources/resource.d.ts CHANGED
@@ -14,13 +14,10 @@ export declare class Resource {
14
14
  onTFStreaming(): Promise<void>;
15
15
  setLogStream(fnData: Function, fnEnd: Function, reopen?: boolean): void;
16
16
  constructor(mainCR: any, operation: string, deps?: any[]);
17
- run(options?: {
18
- planOnly?: boolean;
19
- }): Promise<void>;
17
+ run(): Promise<void>;
20
18
  artifact(): any;
21
19
  synth(): Promise<void>;
22
20
  log(msg: string): void;
23
- runTerraformPlanOnly(): Promise<void>;
24
21
  runTerraform(): Promise<void>;
25
22
  preprocess(): Promise<void>;
26
23
  postprocess(): Promise<void>;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@firestartr/cli",
3
- "version": "1.53.0-snapshot-5",
3
+ "version": "1.53.0-snapshot-7",
4
4
  "private": false,
5
5
  "description": "Commandline tool",
6
6
  "main": "build/main.js",