@firestartr/cli 1.53.0-snapshot-9 → 1.53.0-snapshot-10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/build/index.js +139 -415
  2. package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts +0 -47
  3. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +34 -73
  4. package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts +0 -6
  5. package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts +0 -6
  6. package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts +0 -24
  7. package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts +0 -6
  8. package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts +0 -6
  9. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts +34 -2
  10. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts +34 -2
  11. package/build/packages/cdk8s_renderer/src/overriders/featureOverride.d.ts +1 -0
  12. package/build/packages/features_preparer/index.d.ts +1 -0
  13. package/build/packages/features_preparer/src/index.d.ts +2 -1
  14. package/build/packages/features_preparer/src/renderer.d.ts +1 -0
  15. package/build/packages/operator/cdktf.d.ts +1 -1
  16. package/build/packages/operator/src/utils/index.d.ts +0 -7
  17. package/build/packages/provisioner/src/resources/resource.d.ts +1 -4
  18. package/package.json +1 -1
package/build/index.js CHANGED
@@ -356807,10 +356807,6 @@ class SyncerInitializer extends InitializerPatches {
356807
356807
  const provider = helperCTX(ctx).provider;
356808
356808
  return claim.providers[provider].sync || {};
356809
356809
  }
356810
- function policyInfo(ctx) {
356811
- const provider = helperCTX(ctx).provider;
356812
- return claim.providers[provider].policy;
356813
- }
356814
356810
  return [
356815
356811
  {
356816
356812
  validate(cr) {
@@ -356841,22 +356837,21 @@ class SyncerInitializer extends InitializerPatches {
356841
356837
  }
356842
356838
  },
356843
356839
  apply(cr) {
356844
- cr.metadata.annotations = cr.metadata.annotations || {};
356845
- // Apply general policy annotation
356846
- if (policyInfo(this)) {
356847
- cr.metadata.annotations['firestartr.dev/policy'] = policyInfo(this);
356848
- }
356849
356840
  if (syncInfo(this).enabled) {
356841
+ cr.metadata.annotations = cr.metadata.annotations || {};
356850
356842
  cr.metadata.annotations['firestartr.dev/sync-enabled'] = 'true';
356851
356843
  if (syncInfo(this).period) {
356844
+ cr.metadata.annotations = cr.metadata.annotations || {};
356852
356845
  cr.metadata.annotations['firestartr.dev/sync-period'] =
356853
356846
  syncInfo(this).period;
356854
356847
  }
356855
356848
  if (syncInfo(this).policy) {
356849
+ cr.metadata.annotations = cr.metadata.annotations || {};
356856
356850
  cr.metadata.annotations['firestartr.dev/sync-policy'] =
356857
356851
  syncInfo(this).policy;
356858
356852
  }
356859
356853
  if (syncInfo(this).schedule) {
356854
+ cr.metadata.annotations = cr.metadata.annotations || {};
356860
356855
  cr.metadata.annotations[SYNC_SCHED_ANNOTATION] =
356861
356856
  syncInfo(this).schedule;
356862
356857
  cr.metadata.annotations[SYNC_SCHED_TIMEZONE_ANNOTATION] =
@@ -357577,69 +357572,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357577
357572
  },
357578
357573
  additionalProperties: false,
357579
357574
  },
357580
- PolicyType: {
357581
- $id: 'firestartr.dev://common/PolicyType',
357582
- type: 'string',
357583
- description: 'Policy for resource management',
357584
- enum: [
357585
- 'apply',
357586
- 'create-only',
357587
- 'create-update-only',
357588
- 'full-control',
357589
- 'observe',
357590
- 'observe-only',
357591
- ],
357592
- },
357593
- SyncConfig: {
357594
- $id: 'firestartr.dev://common/SyncConfig',
357595
- type: 'object',
357596
- description: 'Sync configuration for resources',
357597
- properties: {
357598
- enabled: {
357599
- type: 'boolean',
357600
- description: 'Enable periodic sync operations',
357601
- },
357602
- period: {
357603
- type: 'string',
357604
- pattern: '^[0-9]+[smhd]$',
357605
- description: 'Sync period (e.g., 1h, 30m, 5s). Must be enabled without schedule.',
357606
- },
357607
- schedule: {
357608
- type: 'string',
357609
- description: 'Cron schedule for sync operations. Must be enabled without period.',
357610
- },
357611
- schedule_timezone: {
357612
- type: 'string',
357613
- description: 'Timezone for cron schedule (e.g., UTC, America/New_York)',
357614
- },
357615
- policy: {
357616
- type: 'string',
357617
- description: 'Policy for sync operations (apply or observe)',
357618
- },
357619
- },
357620
- additionalProperties: false,
357621
- required: ['enabled'],
357622
- oneOf: [
357623
- {
357624
- required: ['period'],
357625
- },
357626
- {
357627
- required: ['schedule'],
357628
- },
357629
- {
357630
- not: {
357631
- anyOf: [
357632
- {
357633
- required: ['period'],
357634
- },
357635
- {
357636
- required: ['schedule'],
357637
- },
357638
- ],
357639
- },
357640
- },
357641
- ],
357642
- },
357643
357575
  },
357644
357576
  });
357645
357577
 
@@ -358000,9 +357932,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358000
357932
  {
358001
357933
  type: 'object',
358002
357934
  properties: {
358003
- policy: {
358004
- $ref: 'firestartr.dev://common/PolicyType',
358005
- },
358006
357935
  privacy: {
358007
357936
  type: 'string',
358008
357937
  enum: ['closed', 'secret'],
@@ -358013,9 +357942,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358013
357942
  org: {
358014
357943
  type: 'string',
358015
357944
  },
358016
- sync: {
358017
- $ref: 'firestartr.dev://common/SyncConfig',
358018
- },
358019
357945
  },
358020
357946
  required: ['org', 'privacy'],
358021
357947
  },
@@ -358041,9 +357967,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358041
357967
  {
358042
357968
  type: 'object',
358043
357969
  properties: {
358044
- policy: {
358045
- $ref: 'firestartr.dev://common/PolicyType',
358046
- },
358047
357970
  role: {
358048
357971
  type: 'string',
358049
357972
  enum: ['admin', 'member'],
@@ -358051,9 +357974,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358051
357974
  org: {
358052
357975
  type: 'string',
358053
357976
  },
358054
- sync: {
358055
- $ref: 'firestartr.dev://common/SyncConfig',
358056
- },
358057
357977
  },
358058
357978
  required: ['org', 'role'],
358059
357979
  },
@@ -358078,9 +357998,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358078
357998
  {
358079
357999
  type: 'object',
358080
358000
  properties: {
358081
- policy: {
358082
- $ref: 'firestartr.dev://common/PolicyType',
358083
- },
358084
358001
  org: {
358085
358002
  type: 'string',
358086
358003
  description: 'The github organization name',
@@ -358089,9 +358006,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358089
358006
  type: 'string',
358090
358007
  enum: ['private', 'public', 'internal'],
358091
358008
  },
358092
- sync: {
358093
- $ref: 'firestartr.dev://common/SyncConfig',
358094
- },
358095
358009
  features: {
358096
358010
  type: 'array',
358097
358011
  items: {
@@ -358127,9 +358041,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358127
358041
  {
358128
358042
  type: 'object',
358129
358043
  properties: {
358130
- policy: {
358131
- $ref: 'firestartr.dev://common/PolicyType',
358132
- },
358133
358044
  orgName: {
358134
358045
  type: 'string',
358135
358046
  description: 'Organization name on GitHub',
@@ -358163,9 +358074,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358163
358074
  },
358164
358075
  required: ['url', 'contentType', 'events', 'secretRef'],
358165
358076
  },
358166
- sync: {
358167
- $ref: 'firestartr.dev://common/SyncConfig',
358168
- },
358169
358077
  },
358170
358078
  required: ['orgName', 'webhook'],
358171
358079
  },
@@ -358337,7 +358245,15 @@ const GithubSchemas = [
358337
358245
  type: 'object',
358338
358246
  properties: {
358339
358247
  policy: {
358340
- $ref: 'firestartr.dev://common/PolicyType',
358248
+ type: 'string',
358249
+ enum: [
358250
+ 'apply',
358251
+ 'create-only',
358252
+ 'create-update-only',
358253
+ 'full-control',
358254
+ 'observe',
358255
+ 'observe-only',
358256
+ ],
358341
358257
  },
358342
358258
  name: {
358343
358259
  type: 'string',
@@ -358347,7 +358263,47 @@ const GithubSchemas = [
358347
358263
  enum: ['remote', 'inline', 'Remote', 'Inline'],
358348
358264
  },
358349
358265
  sync: {
358350
- $ref: 'firestartr.dev://common/SyncConfig',
358266
+ type: 'object',
358267
+ properties: {
358268
+ enabled: {
358269
+ type: 'boolean',
358270
+ },
358271
+ period: {
358272
+ type: 'string',
358273
+ pattern: '^[0-9]+[smhd]$',
358274
+ },
358275
+ schedule: {
358276
+ type: 'string',
358277
+ },
358278
+ schedule_timezone: {
358279
+ type: 'string',
358280
+ },
358281
+ policy: {
358282
+ type: 'string',
358283
+ },
358284
+ },
358285
+ additionalProperties: false,
358286
+ required: ['enabled'],
358287
+ oneOf: [
358288
+ {
358289
+ required: ['period'],
358290
+ },
358291
+ {
358292
+ required: ['schedule'],
358293
+ },
358294
+ {
358295
+ not: {
358296
+ anyOf: [
358297
+ {
358298
+ required: ['period'],
358299
+ },
358300
+ {
358301
+ required: ['schedule'],
358302
+ },
358303
+ ],
358304
+ },
358305
+ },
358306
+ ],
358351
358307
  },
358352
358308
  valuesSchema: {
358353
358309
  type: 'string',
@@ -360768,6 +360724,13 @@ function renderFeature(featureName, version, owner, repo, featureOwner, renderPa
360768
360724
  features_preparer_src_logger.info(`Rendering feature ${featureName} to ${renderedPath} with component ${JSON.stringify(featureOwner)}`);
360769
360725
  return features_renderer.render(extractPath, renderedPath, featureOwner, {}, featureArgs);
360770
360726
  }
360727
+ /*
360728
+ * This functionality does the same of the above
360729
+ * without downloading and extracting the feature
360730
+ */
360731
+ function renderFeatureFromPath(extractPath, renderedPath, featureOwner, featureArgs = {}) {
360732
+ return features_renderer.render(extractPath, renderedPath, featureOwner, featureArgs);
360733
+ }
360771
360734
 
360772
360735
  // EXTERNAL MODULE: ../../node_modules/adm-zip/adm-zip.js
360773
360736
  var adm_zip = __nccwpck_require__(7993);
@@ -360881,6 +360844,7 @@ async function downloadFeatureZip(repo, featureName, reference, owner = 'prefapp
360881
360844
 
360882
360845
  /* harmony default export */ const features_preparer_src = ({
360883
360846
  renderFeature: renderFeature,
360847
+ renderFeatureFromPath: renderFeatureFromPath,
360884
360848
  getFeatureConfigFromRef: getFeatureConfigFromRef,
360885
360849
  getFeatureConfig: getFeatureConfig,
360886
360850
  prepareFeature: prepareFeature,
@@ -360892,6 +360856,7 @@ async function downloadFeatureZip(repo, featureName, reference, owner = 'prefapp
360892
360856
  /* harmony default export */ const features_preparer = ({
360893
360857
  prepareFeature: features_preparer_src.prepareFeature,
360894
360858
  renderFeature: features_preparer_src.renderFeature,
360859
+ renderFeatureFromPath: features_preparer_src.renderFeatureFromPath,
360895
360860
  getFeatureConfig: features_preparer_src.getFeatureConfig,
360896
360861
  getFeatureConfigFromRef: features_preparer_src.getFeatureConfigFromRef,
360897
360862
  });
@@ -360907,7 +360872,8 @@ async function utils_renderFeature(featureName, featureVersion, featureOutputObj
360907
360872
  const userManaged = fileInfo.userManaged;
360908
360873
  const contentText = external_fs_.readFileSync(fileInfo.localPath, 'utf-8');
360909
360874
  const content = Buffer.from(contentText, 'utf8').toString('base64');
360910
- files.push({ path, userManaged, content });
360875
+ const targetBranch = fileInfo.targetBranch;
360876
+ files.push({ path, userManaged, content, targetBranch });
360911
360877
  }
360912
360878
  const featName = catalog_common.generic.normalizeName(`${featureName}-${cr.spec.firestartr.tfStateKey}`);
360913
360879
  return {
@@ -360937,6 +360903,17 @@ async function utils_renderFeature(featureName, featureVersion, featureOutputObj
360937
360903
 
360938
360904
 
360939
360905
 
360906
+
360907
+ // this is the only way currently to make
360908
+ // work the system and inject our code
360909
+ // without having to download a feature
360910
+ let MOCK_FEATURES_FN = undefined;
360911
+ function MOCK_FEATURES(mock) {
360912
+ MOCK_FEATURES_FN = mock;
360913
+ if (mock) {
360914
+ log.warn('⚠️ Warning features system dowloader has been mocked, it should only happen in unit testing');
360915
+ }
360916
+ }
360940
360917
  class FeaturesOverrider extends OverriderPatches {
360941
360918
  constructor(featureName, featureVersion, featureConfig, featureArgs, featureRef, featureRepo) {
360942
360919
  super();
@@ -360963,6 +360940,9 @@ class FeaturesOverrider extends OverriderPatches {
360963
360940
  let owner = 'prefapp';
360964
360941
  let versionOrRef = this.featureVersion;
360965
360942
  let renderer = 'getFeatureConfig';
360943
+ if (MOCK_FEATURES_FN) {
360944
+ return MOCK_FEATURES_FN();
360945
+ }
360966
360946
  if (this.featureRepo) {
360967
360947
  [owner, repo] = this.featureRepo.split(/\//);
360968
360948
  }
@@ -364111,13 +364091,8 @@ class FeatureRepoChart extends BaseGithubChart {
364111
364091
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364112
364092
  'claim-ref',
364113
364093
  'revision',
364114
- 'policy',
364115
- 'sync-policy',
364116
364094
  'sync-enabled',
364117
364095
  'sync-period',
364118
- 'sync-schedule',
364119
- 'sync-schedule-timezone',
364120
- 'last-state-pr',
364121
364096
  ]);
364122
364097
  cr.metadata.annotations = {
364123
364098
  ...cr.metadata.annotations,
@@ -364190,13 +364165,8 @@ class RepoSecretsSectionChart extends BaseGithubChart {
364190
364165
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364191
364166
  'claim-ref',
364192
364167
  'revision',
364193
- 'policy',
364194
- 'sync-policy',
364195
364168
  'sync-enabled',
364196
364169
  'sync-period',
364197
- 'sync-schedule',
364198
- 'sync-schedule-timezone',
364199
- 'last-state-pr',
364200
364170
  ]);
364201
364171
  cr.metadata.annotations = {
364202
364172
  ...cr.metadata.annotations,
@@ -370464,15 +370434,10 @@ class Resource {
370464
370434
  this.set('operation', operation);
370465
370435
  this.set('deps', deps);
370466
370436
  }
370467
- async run(options) {
370437
+ async run() {
370468
370438
  await this.preprocess();
370469
370439
  await this.synth();
370470
- if (options?.planOnly) {
370471
- await this.runTerraformPlanOnly();
370472
- }
370473
- else {
370474
- await this.runTerraform();
370475
- }
370440
+ await this.runTerraform();
370476
370441
  await this.postprocess();
370477
370442
  if (this.logStream) {
370478
370443
  this.logStream.end();
@@ -370497,13 +370462,6 @@ class Resource {
370497
370462
  log(msg) {
370498
370463
  this.logFn(msg);
370499
370464
  }
370500
- async runTerraformPlanOnly() {
370501
- await this.onTFStreaming();
370502
- let output = '';
370503
- output += await terraformInit(this.get('main_artifact'), this.logStream);
370504
- output += await terraformPlan(this.get('main_artifact'), this.logStream);
370505
- this.set('output', output);
370506
- }
370507
370465
  async runTerraform() {
370508
370466
  await this.onTFStreaming();
370509
370467
  let output = '';
@@ -370891,7 +370849,7 @@ async function runProvisioner(data, opts) {
370891
370849
  if ('logStreamCallbacksTF' in opts) {
370892
370850
  resource.setTFStreamLogs(opts['logStreamCallbacksTF']);
370893
370851
  }
370894
- await resource.run({ planOnly: opts.planOnly });
370852
+ await resource.run();
370895
370853
  return resource;
370896
370854
  }
370897
370855
  function createInstanceOf(entity, op, deps) {
@@ -371173,51 +371131,6 @@ function helperCreateCheckRunName(cmd, item) {
371173
371131
  return `${item.kind} - ${cmd}`;
371174
371132
  }
371175
371133
 
371176
- ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
371177
- const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
371178
- function replaceConfigSecrets(config, secrets) {
371179
- for (const key in config) {
371180
- if (typeof config[key] === 'object' && config[key] !== null) {
371181
- // If the property is an object, call this function recursively
371182
- replaceConfigSecrets(config[key], secrets);
371183
- }
371184
- else if (typeof config[key] === 'string') {
371185
- // If the property is a string and its value is equal to secrets.something,
371186
- // replace the value with the value of the 'something' key in the secrets object
371187
- config[key] = config[key].replace(secretRegex, (_, group1) => {
371188
- if (!secrets[group1]) {
371189
- throw new Error(`Secret ${group1} not found in secrets`);
371190
- }
371191
- return secrets[group1];
371192
- });
371193
- }
371194
- }
371195
- return config;
371196
- }
371197
- function replaceInlineSecrets(inline, secrets) {
371198
- if (typeof inline !== 'string' || !inline)
371199
- return inline;
371200
- let result = inline;
371201
- result = result.replace(secretRegex, (_, group1) => {
371202
- if (!secrets[group1]) {
371203
- throw new Error(`Secret ${group1} not found in secrets`);
371204
- }
371205
- return secrets[group1];
371206
- });
371207
- return result;
371208
- }
371209
- /**
371210
- * Retrieves a policy annotation value from a custom resource
371211
- * @param item - The CR to get the policy from
371212
- * @param annotation - The annotation key to retrieve
371213
- * @returns The policy value, or undefined if not set
371214
- */
371215
- function getPolicy(item, annotation) {
371216
- const policy = item.metadata.annotations && item.metadata.annotations[annotation];
371217
- if (policy)
371218
- return policy;
371219
- }
371220
-
371221
371134
  ;// CONCATENATED MODULE: ../operator/src/utils/operationErrorMessages.ts
371222
371135
  const APPLY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform apply operation.';
371223
371136
  const DESTROY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform destroy operation.';
@@ -371233,17 +371146,9 @@ const PLAN_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraf
371233
371146
 
371234
371147
 
371235
371148
 
371236
- const cdktf_LAST_STATE_PR_ANNOTATION = 'firestartr.dev/last-state-pr';
371237
-
371238
371149
  function processOperation(item, op, handler) {
371239
371150
  operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
371240
371151
  try {
371241
- const policy = getPolicy(item, 'firestartr.dev/policy');
371242
- // If general policy is observe/observe-only, route to observe mode instead of apply
371243
- if (!policy || policy === 'observe' || policy === 'observe-only') {
371244
- operator_src_logger.info(`Policy is '${policy || 'not set (default)'}', routing to observe mode`);
371245
- return cdktf_observe(item, op, handler);
371246
- }
371247
371152
  switch (op) {
371248
371153
  case OperationType.UPDATED:
371249
371154
  return updated(item, op, handler);
@@ -371268,11 +371173,6 @@ function processOperation(item, op, handler) {
371268
371173
  throw e;
371269
371174
  }
371270
371175
  }
371271
- async function* cdktf_observe(item, op, handler) {
371272
- for await (const transition of doPlan(item, op, handler)) {
371273
- yield transition;
371274
- }
371275
- }
371276
371176
  async function* created(item, op, handler) {
371277
371177
  for await (const transition of doApply(item, op, handler)) {
371278
371178
  yield transition;
@@ -371308,18 +371208,8 @@ async function* sync(item, op, handler) {
371308
371208
  status: 'False',
371309
371209
  message: 'Synth CDKTF',
371310
371210
  };
371311
- const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
371312
- if (syncPolicy === 'apply') {
371313
- operator_src_logger.info(`SYNC OPERATION: applying item ${item.metadata.name} with sync-policy=${syncPolicy}`);
371314
- for await (const transition of doApply(item, op, handler)) {
371315
- yield transition;
371316
- }
371317
- }
371318
- else {
371319
- operator_src_logger.info(`SYNC OPERATION: planning item ${item.metadata.name} with sync-policy=${syncPolicy || 'default (observe)'}`);
371320
- for await (const transition of doPlan(item, op, handler)) {
371321
- yield transition;
371322
- }
371211
+ for await (const transition of doApply(item, op, handler)) {
371212
+ yield transition;
371323
371213
  }
371324
371214
  yield {
371325
371215
  item,
@@ -371358,14 +371248,15 @@ async function* markedToDeletion(item, op, handler) {
371358
371248
  message: 'Destroying process started',
371359
371249
  };
371360
371250
  const deps = await handler.resolveReferences();
371361
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371251
+ const annotation = 'firestartr.dev/last-state-pr';
371252
+ const statePr = item?.metadata?.annotations?.[annotation];
371362
371253
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371363
371254
  if (!hasStatePr) {
371364
371255
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371365
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371256
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371366
371257
  }
371367
371258
  else {
371368
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371259
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371369
371260
  }
371370
371261
  const destroyOutput = await provisioner.runProvisioner({
371371
371262
  mainCr: item,
@@ -371400,7 +371291,7 @@ async function* markedToDeletion(item, op, handler) {
371400
371291
  };
371401
371292
  await handler.finalize(handler.pluralKind, item.metadata.namespace, item, 'firestartr.dev/finalizer');
371402
371293
  await handler.writeTerraformOutputInTfResult(item, output);
371403
- if (item.metadata.annotations[cdktf_LAST_STATE_PR_ANNOTATION] || false) {
371294
+ if (item.metadata.annotations['firestartr.dev/last-state-pr'] || false) {
371404
371295
  await addDestroyCommitStatus(item, 'success', 'Destroy operation completed', `Terraform Destroy ${item.metadata.name}`);
371405
371296
  }
371406
371297
  void handler.success();
@@ -371481,14 +371372,15 @@ async function* doApply(item, op, handler) {
371481
371372
  }
371482
371373
  const deps = await handler.resolveReferences();
371483
371374
  operator_src_logger.info(`Item ${item.metadata.name} has the following dependencies: ${deps}`);
371484
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371375
+ const annotation = 'firestartr.dev/last-state-pr';
371376
+ const statePr = item?.metadata?.annotations?.[annotation];
371485
371377
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371486
371378
  if (!hasStatePr) {
371487
371379
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371488
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371380
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371489
371381
  }
371490
371382
  else {
371491
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371383
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371492
371384
  }
371493
371385
  const applyOutput = await provisioner.runProvisioner({
371494
371386
  mainCr: item,
@@ -371584,219 +371476,6 @@ async function* doApply(item, op, handler) {
371584
371476
  }
371585
371477
  }
371586
371478
  }
371587
- async function* doPlan(item, op, handler) {
371588
- let checkRunCtl;
371589
- try {
371590
- cleanTerraformState();
371591
- yield {
371592
- item,
371593
- reason: op,
371594
- type: 'PLANNING',
371595
- status: 'True',
371596
- message: 'Planning process started',
371597
- };
371598
- const deps = await handler.resolveReferences();
371599
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371600
- const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371601
- if (!hasStatePr) {
371602
- operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371603
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs for plan.`);
371604
- }
371605
- else {
371606
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371607
- await addPlanStatusCheck(statePr, 'CDKTF plan in progress...');
371608
- }
371609
- // Run provisioner in plan-only mode
371610
- const planResult = await provisioner.runProvisioner({ mainCr: item, deps }, {
371611
- planOnly: true,
371612
- delete: 'deletionTimestamp' in item.metadata,
371613
- ...(hasStatePr
371614
- ? {
371615
- logStreamCallbacksCDKTF: {
371616
- prepare: async () => {
371617
- checkRunCtl = await GHCheckRun('synth', item);
371618
- return checkRunCtl;
371619
- },
371620
- },
371621
- logStreamCallbacksTF: {
371622
- prepare: async () => {
371623
- checkRunCtl = await GHCheckRun('plan', item);
371624
- return checkRunCtl;
371625
- },
371626
- },
371627
- }
371628
- : {}),
371629
- });
371630
- const planOutput = planResult?.output || '';
371631
- // Parse terraform plan output to detect changes
371632
- // Handles multiple Terraform output formats and versions
371633
- const hasChanges = detectPlanChanges(planOutput);
371634
- if (hasChanges) {
371635
- yield {
371636
- item,
371637
- reason: op,
371638
- type: 'OUT_OF_SYNC',
371639
- status: 'True',
371640
- message: 'Plan has changes',
371641
- };
371642
- yield {
371643
- item,
371644
- reason: op,
371645
- type: 'PROVISIONED',
371646
- status: 'False',
371647
- message: 'Plan has changes',
371648
- };
371649
- }
371650
- else {
371651
- yield {
371652
- item,
371653
- reason: op,
371654
- type: 'OUT_OF_SYNC',
371655
- status: 'False',
371656
- message: 'Plan has no changes',
371657
- };
371658
- yield {
371659
- item,
371660
- reason: op,
371661
- type: 'PROVISIONED',
371662
- status: 'True',
371663
- message: 'Plan has no changes',
371664
- };
371665
- }
371666
- // Store plan details for later reference
371667
- yield {
371668
- item,
371669
- reason: op,
371670
- type: 'LAST_PLAN_DETAILS',
371671
- status: 'Unknown',
371672
- message: planOutput,
371673
- };
371674
- yield {
371675
- item,
371676
- reason: op,
371677
- type: 'PLANNING',
371678
- status: 'False',
371679
- message: 'Planning process finished',
371680
- };
371681
- if (hasStatePr) {
371682
- await addPlanStatusCheck(statePr, hasChanges ? 'Plan has changes' : 'Plan has no changes', 'completed');
371683
- }
371684
- }
371685
- catch (e) {
371686
- operator_src_logger.error(`CDKTF plan failed: ${e}`);
371687
- if (checkRunCtl) {
371688
- checkRunCtl.fnOnError(e);
371689
- }
371690
- yield {
371691
- item,
371692
- reason: op,
371693
- type: 'ERROR',
371694
- status: 'True',
371695
- message: e.toString(),
371696
- };
371697
- yield {
371698
- item,
371699
- reason: op,
371700
- type: 'PLANNING',
371701
- status: 'False',
371702
- message: e.toString(),
371703
- };
371704
- yield {
371705
- item,
371706
- reason: op,
371707
- type: 'PROVISIONED',
371708
- status: 'False',
371709
- message: e.toString(),
371710
- };
371711
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371712
- if (statePr) {
371713
- const summaryText = tryCreateErrorSummary('CDKTF Plan failed', e);
371714
- await addPlanStatusCheck(statePr, summaryText, 'completed', true);
371715
- }
371716
- await handler.writeTerraformOutputInTfResult(item, e);
371717
- void handler.error();
371718
- }
371719
- }
371720
- /**
371721
- * Detects if a Terraform plan output contains changes
371722
- * Handles multiple Terraform versions and output formats
371723
- * @param planOutput - The text output from terraform plan
371724
- * @returns true if changes are detected, false otherwise
371725
- */
371726
- function detectPlanChanges(planOutput) {
371727
- if (!planOutput || planOutput.trim().length === 0) {
371728
- return false;
371729
- }
371730
- // Normalize the output for consistent matching
371731
- const normalized = planOutput.toLowerCase();
371732
- // Pattern 1: "Plan: X to add, Y to change, Z to destroy"
371733
- // Matches: "Plan: 1 to add, 0 to change, 0 to destroy"
371734
- const planPattern = /plan:\s*(\d+)\s+to\s+add,\s*(\d+)\s+to\s+change,\s*(\d+)\s+to\s+destroy/i;
371735
- const planMatch = planOutput.match(planPattern);
371736
- if (planMatch) {
371737
- const add = Number(planMatch[1]);
371738
- const change = Number(planMatch[2]);
371739
- const destroy = Number(planMatch[3]);
371740
- if (add > 0 || change > 0 || destroy > 0) {
371741
- return true;
371742
- }
371743
- // Explicitly found "Plan:" with 0/0/0 - no changes
371744
- return false;
371745
- }
371746
- // Pattern 2: Individual change indicators
371747
- // Handles variations like "1 to add", "2 to change", "3 to destroy"
371748
- const hasAdditions = /\d+\s+to\s+add/i.test(planOutput);
371749
- const hasChanges = /\d+\s+to\s+change/i.test(planOutput);
371750
- const hasDestructions = /\d+\s+to\s+destroy/i.test(planOutput);
371751
- const hasImports = /\d+\s+to\s+import/i.test(planOutput);
371752
- if (hasAdditions || hasChanges || hasDestructions || hasImports) {
371753
- return true;
371754
- }
371755
- // Pattern 3: Resource-level change indicators
371756
- // Matches: "# resource will be created", "# resource will be updated", etc.
371757
- const resourceChangePatterns = [
371758
- /will\s+be\s+(created|destroyed|updated|replaced)/i,
371759
- /must\s+be\s+(created|destroyed|updated|replaced)/i,
371760
- /#.*\s+(create|destroy|update|replace)/i,
371761
- ];
371762
- for (const pattern of resourceChangePatterns) {
371763
- if (pattern.test(planOutput)) {
371764
- return true;
371765
- }
371766
- }
371767
- // Pattern 4: Action symbols in plan output
371768
- // Terraform uses symbols like +, -, ~, -/+ to indicate changes
371769
- const actionSymbols = [
371770
- /^\s*[+]\s+/m,
371771
- /^\s*[-]\s+/m,
371772
- /^\s*[~]\s+/m,
371773
- /^\s*[-][/][+]\s+/m, // Replace
371774
- ];
371775
- for (const pattern of actionSymbols) {
371776
- if (pattern.test(planOutput)) {
371777
- return true;
371778
- }
371779
- }
371780
- // Pattern 5: No changes messages (inverse check)
371781
- const noChangesPatterns = [
371782
- /no\s+changes/i,
371783
- /infrastructure\s+is\s+up[-\s]to[-\s]date/i,
371784
- /your\s+infrastructure\s+matches\s+the\s+configuration/i,
371785
- /0\s+to\s+add,\s*0\s+to\s+change,\s*0\s+to\s+destroy/i,
371786
- ];
371787
- for (const pattern of noChangesPatterns) {
371788
- if (pattern.test(planOutput)) {
371789
- return false;
371790
- }
371791
- }
371792
- // If we find "Plan:" keyword but couldn't parse it, log a warning and assume no changes
371793
- if (normalized.includes('plan:')) {
371794
- operator_src_logger.warn('Found "Plan:" in output but could not parse change counts. Assuming no changes.');
371795
- return false;
371796
- }
371797
- // Default: assume no changes if we can't detect any
371798
- return false;
371799
- }
371800
371479
  function cleanTerraformState() {
371801
371480
  external_fs_.rmSync('/library/packages/provisioner/cdktf.out', {
371802
371481
  recursive: true,
@@ -372796,6 +372475,40 @@ function tf_checkrun_helperCreateCheckRunName(cmd) {
372796
372475
  return `TFWorkspace - ${cmd}`;
372797
372476
  }
372798
372477
 
372478
+ ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
372479
+ const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
372480
+ function replaceConfigSecrets(config, secrets) {
372481
+ for (const key in config) {
372482
+ if (typeof config[key] === 'object' && config[key] !== null) {
372483
+ // If the property is an object, call this function recursively
372484
+ replaceConfigSecrets(config[key], secrets);
372485
+ }
372486
+ else if (typeof config[key] === 'string') {
372487
+ // If the property is a string and its value is equal to secrets.something,
372488
+ // replace the value with the value of the 'something' key in the secrets object
372489
+ config[key] = config[key].replace(secretRegex, (_, group1) => {
372490
+ if (!secrets[group1]) {
372491
+ throw new Error(`Secret ${group1} not found in secrets`);
372492
+ }
372493
+ return secrets[group1];
372494
+ });
372495
+ }
372496
+ }
372497
+ return config;
372498
+ }
372499
+ function replaceInlineSecrets(inline, secrets) {
372500
+ if (typeof inline !== 'string' || !inline)
372501
+ return inline;
372502
+ let result = inline;
372503
+ result = result.replace(secretRegex, (_, group1) => {
372504
+ if (!secrets[group1]) {
372505
+ throw new Error(`Secret ${group1} not found in secrets`);
372506
+ }
372507
+ return secrets[group1];
372508
+ });
372509
+ return result;
372510
+ }
372511
+
372799
372512
  ;// CONCATENATED MODULE: ../operator/src/tfworkspaces/process-operation.ts
372800
372513
 
372801
372514
 
@@ -372987,6 +372700,11 @@ async function* process_operation_renamed(item, op, handler) {
372987
372700
  yield transition;
372988
372701
  }
372989
372702
  }
372703
+ function getPolicy(item, annotation) {
372704
+ const policy = item.metadata.annotations && item.metadata.annotations[annotation];
372705
+ if (policy)
372706
+ return policy;
372707
+ }
372990
372708
  async function* process_operation_updated(item, op, handler) {
372991
372709
  for await (const transition of process_operation_doApply(item, op, handler)) {
372992
372710
  yield transition;
@@ -373631,7 +373349,7 @@ const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
373631
373349
  function processOperationPlan(item, op, handler) {
373632
373350
  try {
373633
373351
  processOperationPlan_clearLocalTfProjects();
373634
- const policy = getPolicy(item, 'firestartr.dev/policy');
373352
+ const policy = processOperationPlan_getPolicy(item);
373635
373353
  if (policy === 'observe' || policy === 'apply') {
373636
373354
  return processOperationPlan_plan(item, op, handler);
373637
373355
  }
@@ -374078,6 +373796,12 @@ function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
374078
373796
  throw new Error(`❌ Source ${cr.spec.source} not supported`);
374079
373797
  }
374080
373798
  }
373799
+ function processOperationPlan_getPolicy(item) {
373800
+ const policy = item.metadata.annotations &&
373801
+ item.metadata.annotations['firestartr.dev/policy'];
373802
+ if (policy)
373803
+ return policy;
373804
+ }
374081
373805
 
374082
373806
  ;// CONCATENATED MODULE: ../operator/src/ctx.ts
374083
373807
  class Ctx {