@firestartr/cli 1.53.0-snapshot-8 → 1.53.0-snapshot-10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/build/index.js +139 -413
  2. package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts +0 -47
  3. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +34 -73
  4. package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts +0 -6
  5. package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts +0 -6
  6. package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts +0 -24
  7. package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts +0 -6
  8. package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts +0 -6
  9. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts +34 -2
  10. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts +34 -2
  11. package/build/packages/cdk8s_renderer/src/overriders/featureOverride.d.ts +1 -0
  12. package/build/packages/features_preparer/index.d.ts +1 -0
  13. package/build/packages/features_preparer/src/index.d.ts +2 -1
  14. package/build/packages/features_preparer/src/renderer.d.ts +1 -0
  15. package/build/packages/operator/cdktf.d.ts +1 -1
  16. package/build/packages/operator/src/utils/index.d.ts +0 -7
  17. package/build/packages/provisioner/src/resources/resource.d.ts +1 -4
  18. package/package.json +1 -1
package/build/index.js CHANGED
@@ -356807,10 +356807,6 @@ class SyncerInitializer extends InitializerPatches {
356807
356807
  const provider = helperCTX(ctx).provider;
356808
356808
  return claim.providers[provider].sync || {};
356809
356809
  }
356810
- function policyInfo(ctx) {
356811
- const provider = helperCTX(ctx).provider;
356812
- return claim.providers[provider].policy;
356813
- }
356814
356810
  return [
356815
356811
  {
356816
356812
  validate(cr) {
@@ -356841,22 +356837,21 @@ class SyncerInitializer extends InitializerPatches {
356841
356837
  }
356842
356838
  },
356843
356839
  apply(cr) {
356844
- cr.metadata.annotations = cr.metadata.annotations || {};
356845
- // Apply general policy annotation
356846
- if (policyInfo(this)) {
356847
- cr.metadata.annotations['firestartr.dev/policy'] = policyInfo(this);
356848
- }
356849
356840
  if (syncInfo(this).enabled) {
356841
+ cr.metadata.annotations = cr.metadata.annotations || {};
356850
356842
  cr.metadata.annotations['firestartr.dev/sync-enabled'] = 'true';
356851
356843
  if (syncInfo(this).period) {
356844
+ cr.metadata.annotations = cr.metadata.annotations || {};
356852
356845
  cr.metadata.annotations['firestartr.dev/sync-period'] =
356853
356846
  syncInfo(this).period;
356854
356847
  }
356855
356848
  if (syncInfo(this).policy) {
356849
+ cr.metadata.annotations = cr.metadata.annotations || {};
356856
356850
  cr.metadata.annotations['firestartr.dev/sync-policy'] =
356857
356851
  syncInfo(this).policy;
356858
356852
  }
356859
356853
  if (syncInfo(this).schedule) {
356854
+ cr.metadata.annotations = cr.metadata.annotations || {};
356860
356855
  cr.metadata.annotations[SYNC_SCHED_ANNOTATION] =
356861
356856
  syncInfo(this).schedule;
356862
356857
  cr.metadata.annotations[SYNC_SCHED_TIMEZONE_ANNOTATION] =
@@ -357577,69 +357572,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357577
357572
  },
357578
357573
  additionalProperties: false,
357579
357574
  },
357580
- PolicyType: {
357581
- $id: 'firestartr.dev://common/PolicyType',
357582
- type: 'string',
357583
- description: 'Policy for resource management',
357584
- enum: [
357585
- 'apply',
357586
- 'create-only',
357587
- 'create-update-only',
357588
- 'full-control',
357589
- 'observe',
357590
- 'observe-only',
357591
- ],
357592
- },
357593
- SyncConfig: {
357594
- $id: 'firestartr.dev://common/SyncConfig',
357595
- type: 'object',
357596
- description: 'Sync configuration for resources',
357597
- properties: {
357598
- enabled: {
357599
- type: 'boolean',
357600
- description: 'Enable periodic sync operations',
357601
- },
357602
- period: {
357603
- type: 'string',
357604
- pattern: '^[0-9]+[smhd]$',
357605
- description: 'Sync period (e.g., 1h, 30m, 5s). Must be enabled without schedule.',
357606
- },
357607
- schedule: {
357608
- type: 'string',
357609
- description: 'Cron schedule for sync operations. Must be enabled without period.',
357610
- },
357611
- schedule_timezone: {
357612
- type: 'string',
357613
- description: 'Timezone for cron schedule (e.g., UTC, America/New_York)',
357614
- },
357615
- policy: {
357616
- type: 'string',
357617
- description: 'Policy for sync operations (apply or observe)',
357618
- },
357619
- },
357620
- additionalProperties: false,
357621
- required: ['enabled'],
357622
- oneOf: [
357623
- {
357624
- required: ['period'],
357625
- },
357626
- {
357627
- required: ['schedule'],
357628
- },
357629
- {
357630
- not: {
357631
- anyOf: [
357632
- {
357633
- required: ['period'],
357634
- },
357635
- {
357636
- required: ['schedule'],
357637
- },
357638
- ],
357639
- },
357640
- },
357641
- ],
357642
- },
357643
357575
  },
357644
357576
  });
357645
357577
 
@@ -358000,9 +357932,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358000
357932
  {
358001
357933
  type: 'object',
358002
357934
  properties: {
358003
- policy: {
358004
- $ref: 'firestartr.dev://common/PolicyType',
358005
- },
358006
357935
  privacy: {
358007
357936
  type: 'string',
358008
357937
  enum: ['closed', 'secret'],
@@ -358013,9 +357942,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358013
357942
  org: {
358014
357943
  type: 'string',
358015
357944
  },
358016
- sync: {
358017
- $ref: 'firestartr.dev://common/SyncConfig',
358018
- },
358019
357945
  },
358020
357946
  required: ['org', 'privacy'],
358021
357947
  },
@@ -358041,9 +357967,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358041
357967
  {
358042
357968
  type: 'object',
358043
357969
  properties: {
358044
- policy: {
358045
- $ref: 'firestartr.dev://common/PolicyType',
358046
- },
358047
357970
  role: {
358048
357971
  type: 'string',
358049
357972
  enum: ['admin', 'member'],
@@ -358051,9 +357974,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358051
357974
  org: {
358052
357975
  type: 'string',
358053
357976
  },
358054
- sync: {
358055
- $ref: 'firestartr.dev://common/SyncConfig',
358056
- },
358057
357977
  },
358058
357978
  required: ['org', 'role'],
358059
357979
  },
@@ -358078,9 +357998,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358078
357998
  {
358079
357999
  type: 'object',
358080
358000
  properties: {
358081
- policy: {
358082
- $ref: 'firestartr.dev://common/PolicyType',
358083
- },
358084
358001
  org: {
358085
358002
  type: 'string',
358086
358003
  description: 'The github organization name',
@@ -358089,9 +358006,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358089
358006
  type: 'string',
358090
358007
  enum: ['private', 'public', 'internal'],
358091
358008
  },
358092
- sync: {
358093
- $ref: 'firestartr.dev://common/SyncConfig',
358094
- },
358095
358009
  features: {
358096
358010
  type: 'array',
358097
358011
  items: {
@@ -358127,9 +358041,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358127
358041
  {
358128
358042
  type: 'object',
358129
358043
  properties: {
358130
- policy: {
358131
- $ref: 'firestartr.dev://common/PolicyType',
358132
- },
358133
358044
  orgName: {
358134
358045
  type: 'string',
358135
358046
  description: 'Organization name on GitHub',
@@ -358163,9 +358074,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358163
358074
  },
358164
358075
  required: ['url', 'contentType', 'events', 'secretRef'],
358165
358076
  },
358166
- sync: {
358167
- $ref: 'firestartr.dev://common/SyncConfig',
358168
- },
358169
358077
  },
358170
358078
  required: ['orgName', 'webhook'],
358171
358079
  },
@@ -358337,7 +358245,15 @@ const GithubSchemas = [
358337
358245
  type: 'object',
358338
358246
  properties: {
358339
358247
  policy: {
358340
- $ref: 'firestartr.dev://common/PolicyType',
358248
+ type: 'string',
358249
+ enum: [
358250
+ 'apply',
358251
+ 'create-only',
358252
+ 'create-update-only',
358253
+ 'full-control',
358254
+ 'observe',
358255
+ 'observe-only',
358256
+ ],
358341
358257
  },
358342
358258
  name: {
358343
358259
  type: 'string',
@@ -358347,7 +358263,47 @@ const GithubSchemas = [
358347
358263
  enum: ['remote', 'inline', 'Remote', 'Inline'],
358348
358264
  },
358349
358265
  sync: {
358350
- $ref: 'firestartr.dev://common/SyncConfig',
358266
+ type: 'object',
358267
+ properties: {
358268
+ enabled: {
358269
+ type: 'boolean',
358270
+ },
358271
+ period: {
358272
+ type: 'string',
358273
+ pattern: '^[0-9]+[smhd]$',
358274
+ },
358275
+ schedule: {
358276
+ type: 'string',
358277
+ },
358278
+ schedule_timezone: {
358279
+ type: 'string',
358280
+ },
358281
+ policy: {
358282
+ type: 'string',
358283
+ },
358284
+ },
358285
+ additionalProperties: false,
358286
+ required: ['enabled'],
358287
+ oneOf: [
358288
+ {
358289
+ required: ['period'],
358290
+ },
358291
+ {
358292
+ required: ['schedule'],
358293
+ },
358294
+ {
358295
+ not: {
358296
+ anyOf: [
358297
+ {
358298
+ required: ['period'],
358299
+ },
358300
+ {
358301
+ required: ['schedule'],
358302
+ },
358303
+ ],
358304
+ },
358305
+ },
358306
+ ],
358351
358307
  },
358352
358308
  valuesSchema: {
358353
358309
  type: 'string',
@@ -360768,6 +360724,13 @@ function renderFeature(featureName, version, owner, repo, featureOwner, renderPa
360768
360724
  features_preparer_src_logger.info(`Rendering feature ${featureName} to ${renderedPath} with component ${JSON.stringify(featureOwner)}`);
360769
360725
  return features_renderer.render(extractPath, renderedPath, featureOwner, {}, featureArgs);
360770
360726
  }
360727
+ /*
360728
+ * This functionality does the same of the above
360729
+ * without downloading and extracting the feature
360730
+ */
360731
+ function renderFeatureFromPath(extractPath, renderedPath, featureOwner, featureArgs = {}) {
360732
+ return features_renderer.render(extractPath, renderedPath, featureOwner, featureArgs);
360733
+ }
360771
360734
 
360772
360735
  // EXTERNAL MODULE: ../../node_modules/adm-zip/adm-zip.js
360773
360736
  var adm_zip = __nccwpck_require__(7993);
@@ -360881,6 +360844,7 @@ async function downloadFeatureZip(repo, featureName, reference, owner = 'prefapp
360881
360844
 
360882
360845
  /* harmony default export */ const features_preparer_src = ({
360883
360846
  renderFeature: renderFeature,
360847
+ renderFeatureFromPath: renderFeatureFromPath,
360884
360848
  getFeatureConfigFromRef: getFeatureConfigFromRef,
360885
360849
  getFeatureConfig: getFeatureConfig,
360886
360850
  prepareFeature: prepareFeature,
@@ -360892,6 +360856,7 @@ async function downloadFeatureZip(repo, featureName, reference, owner = 'prefapp
360892
360856
  /* harmony default export */ const features_preparer = ({
360893
360857
  prepareFeature: features_preparer_src.prepareFeature,
360894
360858
  renderFeature: features_preparer_src.renderFeature,
360859
+ renderFeatureFromPath: features_preparer_src.renderFeatureFromPath,
360895
360860
  getFeatureConfig: features_preparer_src.getFeatureConfig,
360896
360861
  getFeatureConfigFromRef: features_preparer_src.getFeatureConfigFromRef,
360897
360862
  });
@@ -360907,7 +360872,8 @@ async function utils_renderFeature(featureName, featureVersion, featureOutputObj
360907
360872
  const userManaged = fileInfo.userManaged;
360908
360873
  const contentText = external_fs_.readFileSync(fileInfo.localPath, 'utf-8');
360909
360874
  const content = Buffer.from(contentText, 'utf8').toString('base64');
360910
- files.push({ path, userManaged, content });
360875
+ const targetBranch = fileInfo.targetBranch;
360876
+ files.push({ path, userManaged, content, targetBranch });
360911
360877
  }
360912
360878
  const featName = catalog_common.generic.normalizeName(`${featureName}-${cr.spec.firestartr.tfStateKey}`);
360913
360879
  return {
@@ -360937,6 +360903,17 @@ async function utils_renderFeature(featureName, featureVersion, featureOutputObj
360937
360903
 
360938
360904
 
360939
360905
 
360906
+
360907
+ // this is the only way currently to make
360908
+ // work the system and inject our code
360909
+ // without having to download a feature
360910
+ let MOCK_FEATURES_FN = undefined;
360911
+ function MOCK_FEATURES(mock) {
360912
+ MOCK_FEATURES_FN = mock;
360913
+ if (mock) {
360914
+ log.warn('⚠️ Warning features system dowloader has been mocked, it should only happen in unit testing');
360915
+ }
360916
+ }
360940
360917
  class FeaturesOverrider extends OverriderPatches {
360941
360918
  constructor(featureName, featureVersion, featureConfig, featureArgs, featureRef, featureRepo) {
360942
360919
  super();
@@ -360963,6 +360940,9 @@ class FeaturesOverrider extends OverriderPatches {
360963
360940
  let owner = 'prefapp';
360964
360941
  let versionOrRef = this.featureVersion;
360965
360942
  let renderer = 'getFeatureConfig';
360943
+ if (MOCK_FEATURES_FN) {
360944
+ return MOCK_FEATURES_FN();
360945
+ }
360966
360946
  if (this.featureRepo) {
360967
360947
  [owner, repo] = this.featureRepo.split(/\//);
360968
360948
  }
@@ -364111,12 +364091,8 @@ class FeatureRepoChart extends BaseGithubChart {
364111
364091
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364112
364092
  'claim-ref',
364113
364093
  'revision',
364114
- 'policy',
364115
- 'sync-policy',
364116
364094
  'sync-enabled',
364117
364095
  'sync-period',
364118
- 'sync-schedule',
364119
- 'sync-schedule-timezone',
364120
364096
  ]);
364121
364097
  cr.metadata.annotations = {
364122
364098
  ...cr.metadata.annotations,
@@ -364189,12 +364165,8 @@ class RepoSecretsSectionChart extends BaseGithubChart {
364189
364165
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364190
364166
  'claim-ref',
364191
364167
  'revision',
364192
- 'policy',
364193
- 'sync-policy',
364194
364168
  'sync-enabled',
364195
364169
  'sync-period',
364196
- 'sync-schedule',
364197
- 'sync-schedule-timezone',
364198
364170
  ]);
364199
364171
  cr.metadata.annotations = {
364200
364172
  ...cr.metadata.annotations,
@@ -370462,15 +370434,10 @@ class Resource {
370462
370434
  this.set('operation', operation);
370463
370435
  this.set('deps', deps);
370464
370436
  }
370465
- async run(options) {
370437
+ async run() {
370466
370438
  await this.preprocess();
370467
370439
  await this.synth();
370468
- if (options?.planOnly) {
370469
- await this.runTerraformPlanOnly();
370470
- }
370471
- else {
370472
- await this.runTerraform();
370473
- }
370440
+ await this.runTerraform();
370474
370441
  await this.postprocess();
370475
370442
  if (this.logStream) {
370476
370443
  this.logStream.end();
@@ -370495,13 +370462,6 @@ class Resource {
370495
370462
  log(msg) {
370496
370463
  this.logFn(msg);
370497
370464
  }
370498
- async runTerraformPlanOnly() {
370499
- await this.onTFStreaming();
370500
- let output = '';
370501
- output += await terraformInit(this.get('main_artifact'), this.logStream);
370502
- output += await terraformPlan(this.get('main_artifact'), this.logStream);
370503
- this.set('output', output);
370504
- }
370505
370465
  async runTerraform() {
370506
370466
  await this.onTFStreaming();
370507
370467
  let output = '';
@@ -370889,7 +370849,7 @@ async function runProvisioner(data, opts) {
370889
370849
  if ('logStreamCallbacksTF' in opts) {
370890
370850
  resource.setTFStreamLogs(opts['logStreamCallbacksTF']);
370891
370851
  }
370892
- await resource.run({ planOnly: opts.planOnly });
370852
+ await resource.run();
370893
370853
  return resource;
370894
370854
  }
370895
370855
  function createInstanceOf(entity, op, deps) {
@@ -371171,51 +371131,6 @@ function helperCreateCheckRunName(cmd, item) {
371171
371131
  return `${item.kind} - ${cmd}`;
371172
371132
  }
371173
371133
 
371174
- ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
371175
- const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
371176
- function replaceConfigSecrets(config, secrets) {
371177
- for (const key in config) {
371178
- if (typeof config[key] === 'object' && config[key] !== null) {
371179
- // If the property is an object, call this function recursively
371180
- replaceConfigSecrets(config[key], secrets);
371181
- }
371182
- else if (typeof config[key] === 'string') {
371183
- // If the property is a string and its value is equal to secrets.something,
371184
- // replace the value with the value of the 'something' key in the secrets object
371185
- config[key] = config[key].replace(secretRegex, (_, group1) => {
371186
- if (!secrets[group1]) {
371187
- throw new Error(`Secret ${group1} not found in secrets`);
371188
- }
371189
- return secrets[group1];
371190
- });
371191
- }
371192
- }
371193
- return config;
371194
- }
371195
- function replaceInlineSecrets(inline, secrets) {
371196
- if (typeof inline !== 'string' || !inline)
371197
- return inline;
371198
- let result = inline;
371199
- result = result.replace(secretRegex, (_, group1) => {
371200
- if (!secrets[group1]) {
371201
- throw new Error(`Secret ${group1} not found in secrets`);
371202
- }
371203
- return secrets[group1];
371204
- });
371205
- return result;
371206
- }
371207
- /**
371208
- * Retrieves a policy annotation value from a custom resource
371209
- * @param item - The CR to get the policy from
371210
- * @param annotation - The annotation key to retrieve
371211
- * @returns The policy value, or undefined if not set
371212
- */
371213
- function getPolicy(item, annotation) {
371214
- const policy = item.metadata.annotations && item.metadata.annotations[annotation];
371215
- if (policy)
371216
- return policy;
371217
- }
371218
-
371219
371134
  ;// CONCATENATED MODULE: ../operator/src/utils/operationErrorMessages.ts
371220
371135
  const APPLY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform apply operation.';
371221
371136
  const DESTROY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform destroy operation.';
@@ -371231,17 +371146,9 @@ const PLAN_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraf
371231
371146
 
371232
371147
 
371233
371148
 
371234
- const cdktf_LAST_STATE_PR_ANNOTATION = 'firestartr.dev/last-state-pr';
371235
-
371236
371149
  function processOperation(item, op, handler) {
371237
371150
  operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
371238
371151
  try {
371239
- const policy = getPolicy(item, 'firestartr.dev/policy');
371240
- // If general policy is observe/observe-only, route to observe mode instead of apply
371241
- if (!policy || policy === 'observe' || policy === 'observe-only') {
371242
- operator_src_logger.info(`Policy is '${policy || 'not set (default)'}', routing to observe mode`);
371243
- return cdktf_observe(item, op, handler);
371244
- }
371245
371152
  switch (op) {
371246
371153
  case OperationType.UPDATED:
371247
371154
  return updated(item, op, handler);
@@ -371266,11 +371173,6 @@ function processOperation(item, op, handler) {
371266
371173
  throw e;
371267
371174
  }
371268
371175
  }
371269
- async function* cdktf_observe(item, op, handler) {
371270
- for await (const transition of doPlan(item, op, handler)) {
371271
- yield transition;
371272
- }
371273
- }
371274
371176
  async function* created(item, op, handler) {
371275
371177
  for await (const transition of doApply(item, op, handler)) {
371276
371178
  yield transition;
@@ -371306,18 +371208,8 @@ async function* sync(item, op, handler) {
371306
371208
  status: 'False',
371307
371209
  message: 'Synth CDKTF',
371308
371210
  };
371309
- const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
371310
- if (syncPolicy === 'apply') {
371311
- operator_src_logger.info(`SYNC OPERATION: applying item ${item.metadata.name} with sync-policy=${syncPolicy}`);
371312
- for await (const transition of doApply(item, op, handler)) {
371313
- yield transition;
371314
- }
371315
- }
371316
- else {
371317
- operator_src_logger.info(`SYNC OPERATION: planning item ${item.metadata.name} with sync-policy=${syncPolicy || 'default (observe)'}`);
371318
- for await (const transition of doPlan(item, op, handler)) {
371319
- yield transition;
371320
- }
371211
+ for await (const transition of doApply(item, op, handler)) {
371212
+ yield transition;
371321
371213
  }
371322
371214
  yield {
371323
371215
  item,
@@ -371356,14 +371248,15 @@ async function* markedToDeletion(item, op, handler) {
371356
371248
  message: 'Destroying process started',
371357
371249
  };
371358
371250
  const deps = await handler.resolveReferences();
371359
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371251
+ const annotation = 'firestartr.dev/last-state-pr';
371252
+ const statePr = item?.metadata?.annotations?.[annotation];
371360
371253
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371361
371254
  if (!hasStatePr) {
371362
371255
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371363
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371256
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371364
371257
  }
371365
371258
  else {
371366
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371259
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371367
371260
  }
371368
371261
  const destroyOutput = await provisioner.runProvisioner({
371369
371262
  mainCr: item,
@@ -371398,7 +371291,7 @@ async function* markedToDeletion(item, op, handler) {
371398
371291
  };
371399
371292
  await handler.finalize(handler.pluralKind, item.metadata.namespace, item, 'firestartr.dev/finalizer');
371400
371293
  await handler.writeTerraformOutputInTfResult(item, output);
371401
- if (item.metadata.annotations[cdktf_LAST_STATE_PR_ANNOTATION] || false) {
371294
+ if (item.metadata.annotations['firestartr.dev/last-state-pr'] || false) {
371402
371295
  await addDestroyCommitStatus(item, 'success', 'Destroy operation completed', `Terraform Destroy ${item.metadata.name}`);
371403
371296
  }
371404
371297
  void handler.success();
@@ -371479,14 +371372,15 @@ async function* doApply(item, op, handler) {
371479
371372
  }
371480
371373
  const deps = await handler.resolveReferences();
371481
371374
  operator_src_logger.info(`Item ${item.metadata.name} has the following dependencies: ${deps}`);
371482
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371375
+ const annotation = 'firestartr.dev/last-state-pr';
371376
+ const statePr = item?.metadata?.annotations?.[annotation];
371483
371377
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371484
371378
  if (!hasStatePr) {
371485
371379
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371486
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371380
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371487
371381
  }
371488
371382
  else {
371489
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371383
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371490
371384
  }
371491
371385
  const applyOutput = await provisioner.runProvisioner({
371492
371386
  mainCr: item,
@@ -371582,219 +371476,6 @@ async function* doApply(item, op, handler) {
371582
371476
  }
371583
371477
  }
371584
371478
  }
371585
- async function* doPlan(item, op, handler) {
371586
- let checkRunCtl;
371587
- try {
371588
- cleanTerraformState();
371589
- yield {
371590
- item,
371591
- reason: op,
371592
- type: 'PLANNING',
371593
- status: 'True',
371594
- message: 'Planning process started',
371595
- };
371596
- const deps = await handler.resolveReferences();
371597
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371598
- const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371599
- if (!hasStatePr) {
371600
- operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371601
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs for plan.`);
371602
- }
371603
- else {
371604
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371605
- await addPlanStatusCheck(statePr, 'CDKTF plan in progress...');
371606
- }
371607
- // Run provisioner in plan-only mode
371608
- const planResult = await provisioner.runProvisioner({ mainCr: item, deps }, {
371609
- planOnly: true,
371610
- delete: 'deletionTimestamp' in item.metadata,
371611
- ...(hasStatePr
371612
- ? {
371613
- logStreamCallbacksCDKTF: {
371614
- prepare: async () => {
371615
- checkRunCtl = await GHCheckRun('synth', item);
371616
- return checkRunCtl;
371617
- },
371618
- },
371619
- logStreamCallbacksTF: {
371620
- prepare: async () => {
371621
- checkRunCtl = await GHCheckRun('plan', item);
371622
- return checkRunCtl;
371623
- },
371624
- },
371625
- }
371626
- : {}),
371627
- });
371628
- const planOutput = planResult?.output || '';
371629
- // Parse terraform plan output to detect changes
371630
- // Handles multiple Terraform output formats and versions
371631
- const hasChanges = detectPlanChanges(planOutput);
371632
- if (hasChanges) {
371633
- yield {
371634
- item,
371635
- reason: op,
371636
- type: 'OUT_OF_SYNC',
371637
- status: 'True',
371638
- message: 'Plan has changes',
371639
- };
371640
- yield {
371641
- item,
371642
- reason: op,
371643
- type: 'PROVISIONED',
371644
- status: 'False',
371645
- message: 'Plan has changes',
371646
- };
371647
- }
371648
- else {
371649
- yield {
371650
- item,
371651
- reason: op,
371652
- type: 'OUT_OF_SYNC',
371653
- status: 'False',
371654
- message: 'Plan has no changes',
371655
- };
371656
- yield {
371657
- item,
371658
- reason: op,
371659
- type: 'PROVISIONED',
371660
- status: 'True',
371661
- message: 'Plan has no changes',
371662
- };
371663
- }
371664
- // Store plan details for later reference
371665
- yield {
371666
- item,
371667
- reason: op,
371668
- type: 'LAST_PLAN_DETAILS',
371669
- status: 'Unknown',
371670
- message: planOutput,
371671
- };
371672
- yield {
371673
- item,
371674
- reason: op,
371675
- type: 'PLANNING',
371676
- status: 'False',
371677
- message: 'Planning process finished',
371678
- };
371679
- if (hasStatePr) {
371680
- await addPlanStatusCheck(statePr, hasChanges ? 'Plan has changes' : 'Plan has no changes', 'completed');
371681
- }
371682
- }
371683
- catch (e) {
371684
- operator_src_logger.error(`CDKTF plan failed: ${e}`);
371685
- if (checkRunCtl) {
371686
- checkRunCtl.fnOnError(e);
371687
- }
371688
- yield {
371689
- item,
371690
- reason: op,
371691
- type: 'ERROR',
371692
- status: 'True',
371693
- message: e.toString(),
371694
- };
371695
- yield {
371696
- item,
371697
- reason: op,
371698
- type: 'PLANNING',
371699
- status: 'False',
371700
- message: e.toString(),
371701
- };
371702
- yield {
371703
- item,
371704
- reason: op,
371705
- type: 'PROVISIONED',
371706
- status: 'False',
371707
- message: e.toString(),
371708
- };
371709
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371710
- if (statePr) {
371711
- const summaryText = tryCreateErrorSummary('CDKTF Plan failed', e);
371712
- await addPlanStatusCheck(statePr, summaryText, 'completed', true);
371713
- }
371714
- await handler.writeTerraformOutputInTfResult(item, e);
371715
- void handler.error();
371716
- }
371717
- }
371718
- /**
371719
- * Detects if a Terraform plan output contains changes
371720
- * Handles multiple Terraform versions and output formats
371721
- * @param planOutput - The text output from terraform plan
371722
- * @returns true if changes are detected, false otherwise
371723
- */
371724
- function detectPlanChanges(planOutput) {
371725
- if (!planOutput || planOutput.trim().length === 0) {
371726
- return false;
371727
- }
371728
- // Normalize the output for consistent matching
371729
- const normalized = planOutput.toLowerCase();
371730
- // Pattern 1: "Plan: X to add, Y to change, Z to destroy"
371731
- // Matches: "Plan: 1 to add, 0 to change, 0 to destroy"
371732
- const planPattern = /plan:\s*(\d+)\s+to\s+add,\s*(\d+)\s+to\s+change,\s*(\d+)\s+to\s+destroy/i;
371733
- const planMatch = planOutput.match(planPattern);
371734
- if (planMatch) {
371735
- const add = Number(planMatch[1]);
371736
- const change = Number(planMatch[2]);
371737
- const destroy = Number(planMatch[3]);
371738
- if (add > 0 || change > 0 || destroy > 0) {
371739
- return true;
371740
- }
371741
- // Explicitly found "Plan:" with 0/0/0 - no changes
371742
- return false;
371743
- }
371744
- // Pattern 2: Individual change indicators
371745
- // Handles variations like "1 to add", "2 to change", "3 to destroy"
371746
- const hasAdditions = /\d+\s+to\s+add/i.test(planOutput);
371747
- const hasChanges = /\d+\s+to\s+change/i.test(planOutput);
371748
- const hasDestructions = /\d+\s+to\s+destroy/i.test(planOutput);
371749
- const hasImports = /\d+\s+to\s+import/i.test(planOutput);
371750
- if (hasAdditions || hasChanges || hasDestructions || hasImports) {
371751
- return true;
371752
- }
371753
- // Pattern 3: Resource-level change indicators
371754
- // Matches: "# resource will be created", "# resource will be updated", etc.
371755
- const resourceChangePatterns = [
371756
- /will\s+be\s+(created|destroyed|updated|replaced)/i,
371757
- /must\s+be\s+(created|destroyed|updated|replaced)/i,
371758
- /#.*\s+(create|destroy|update|replace)/i,
371759
- ];
371760
- for (const pattern of resourceChangePatterns) {
371761
- if (pattern.test(planOutput)) {
371762
- return true;
371763
- }
371764
- }
371765
- // Pattern 4: Action symbols in plan output
371766
- // Terraform uses symbols like +, -, ~, -/+ to indicate changes
371767
- const actionSymbols = [
371768
- /^\s*[+]\s+/m,
371769
- /^\s*[-]\s+/m,
371770
- /^\s*[~]\s+/m,
371771
- /^\s*[-][/][+]\s+/m, // Replace
371772
- ];
371773
- for (const pattern of actionSymbols) {
371774
- if (pattern.test(planOutput)) {
371775
- return true;
371776
- }
371777
- }
371778
- // Pattern 5: No changes messages (inverse check)
371779
- const noChangesPatterns = [
371780
- /no\s+changes/i,
371781
- /infrastructure\s+is\s+up[-\s]to[-\s]date/i,
371782
- /your\s+infrastructure\s+matches\s+the\s+configuration/i,
371783
- /0\s+to\s+add,\s*0\s+to\s+change,\s*0\s+to\s+destroy/i,
371784
- ];
371785
- for (const pattern of noChangesPatterns) {
371786
- if (pattern.test(planOutput)) {
371787
- return false;
371788
- }
371789
- }
371790
- // If we find "Plan:" keyword but couldn't parse it, log a warning and assume no changes
371791
- if (normalized.includes('plan:')) {
371792
- operator_src_logger.warn('Found "Plan:" in output but could not parse change counts. Assuming no changes.');
371793
- return false;
371794
- }
371795
- // Default: assume no changes if we can't detect any
371796
- return false;
371797
- }
371798
371479
  function cleanTerraformState() {
371799
371480
  external_fs_.rmSync('/library/packages/provisioner/cdktf.out', {
371800
371481
  recursive: true,
@@ -372794,6 +372475,40 @@ function tf_checkrun_helperCreateCheckRunName(cmd) {
372794
372475
  return `TFWorkspace - ${cmd}`;
372795
372476
  }
372796
372477
 
372478
+ ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
372479
+ const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
372480
+ function replaceConfigSecrets(config, secrets) {
372481
+ for (const key in config) {
372482
+ if (typeof config[key] === 'object' && config[key] !== null) {
372483
+ // If the property is an object, call this function recursively
372484
+ replaceConfigSecrets(config[key], secrets);
372485
+ }
372486
+ else if (typeof config[key] === 'string') {
372487
+ // If the property is a string and its value is equal to secrets.something,
372488
+ // replace the value with the value of the 'something' key in the secrets object
372489
+ config[key] = config[key].replace(secretRegex, (_, group1) => {
372490
+ if (!secrets[group1]) {
372491
+ throw new Error(`Secret ${group1} not found in secrets`);
372492
+ }
372493
+ return secrets[group1];
372494
+ });
372495
+ }
372496
+ }
372497
+ return config;
372498
+ }
372499
+ function replaceInlineSecrets(inline, secrets) {
372500
+ if (typeof inline !== 'string' || !inline)
372501
+ return inline;
372502
+ let result = inline;
372503
+ result = result.replace(secretRegex, (_, group1) => {
372504
+ if (!secrets[group1]) {
372505
+ throw new Error(`Secret ${group1} not found in secrets`);
372506
+ }
372507
+ return secrets[group1];
372508
+ });
372509
+ return result;
372510
+ }
372511
+
372797
372512
  ;// CONCATENATED MODULE: ../operator/src/tfworkspaces/process-operation.ts
372798
372513
 
372799
372514
 
@@ -372985,6 +372700,11 @@ async function* process_operation_renamed(item, op, handler) {
372985
372700
  yield transition;
372986
372701
  }
372987
372702
  }
372703
+ function getPolicy(item, annotation) {
372704
+ const policy = item.metadata.annotations && item.metadata.annotations[annotation];
372705
+ if (policy)
372706
+ return policy;
372707
+ }
372988
372708
  async function* process_operation_updated(item, op, handler) {
372989
372709
  for await (const transition of process_operation_doApply(item, op, handler)) {
372990
372710
  yield transition;
@@ -373629,7 +373349,7 @@ const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
373629
373349
  function processOperationPlan(item, op, handler) {
373630
373350
  try {
373631
373351
  processOperationPlan_clearLocalTfProjects();
373632
- const policy = getPolicy(item, 'firestartr.dev/policy');
373352
+ const policy = processOperationPlan_getPolicy(item);
373633
373353
  if (policy === 'observe' || policy === 'apply') {
373634
373354
  return processOperationPlan_plan(item, op, handler);
373635
373355
  }
@@ -374076,6 +373796,12 @@ function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
374076
373796
  throw new Error(`❌ Source ${cr.spec.source} not supported`);
374077
373797
  }
374078
373798
  }
373799
+ function processOperationPlan_getPolicy(item) {
373800
+ const policy = item.metadata.annotations &&
373801
+ item.metadata.annotations['firestartr.dev/policy'];
373802
+ if (policy)
373803
+ return policy;
373804
+ }
374079
373805
 
374080
373806
  ;// CONCATENATED MODULE: ../operator/src/ctx.ts
374081
373807
  class Ctx {