@firestartr/cli 1.53.0-snapshot-9 → 1.53.0-snapshot-11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/build/index.js +142 -417
  2. package/build/packages/cdk8s_renderer/src/claims/base/schemas/common-meta.schema.d.ts +0 -47
  3. package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +34 -73
  4. package/build/packages/cdk8s_renderer/src/claims/github/component.schema.d.ts +0 -6
  5. package/build/packages/cdk8s_renderer/src/claims/github/group.schema.d.ts +0 -6
  6. package/build/packages/cdk8s_renderer/src/claims/github/index.d.ts +0 -24
  7. package/build/packages/cdk8s_renderer/src/claims/github/orgwebhook.schema.d.ts +0 -6
  8. package/build/packages/cdk8s_renderer/src/claims/github/user.schema.d.ts +0 -6
  9. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/index.d.ts +34 -2
  10. package/build/packages/cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.d.ts +34 -2
  11. package/build/packages/cdk8s_renderer/src/overriders/featureOverride.d.ts +1 -0
  12. package/build/packages/features_preparer/index.d.ts +1 -0
  13. package/build/packages/features_preparer/src/index.d.ts +2 -1
  14. package/build/packages/features_preparer/src/renderer.d.ts +1 -0
  15. package/build/packages/operator/cdktf.d.ts +1 -1
  16. package/build/packages/operator/src/utils/index.d.ts +0 -7
  17. package/build/packages/provisioner/src/resources/resource.d.ts +1 -4
  18. package/package.json +1 -1
package/build/index.js CHANGED
@@ -356807,10 +356807,6 @@ class SyncerInitializer extends InitializerPatches {
356807
356807
  const provider = helperCTX(ctx).provider;
356808
356808
  return claim.providers[provider].sync || {};
356809
356809
  }
356810
- function policyInfo(ctx) {
356811
- const provider = helperCTX(ctx).provider;
356812
- return claim.providers[provider].policy;
356813
- }
356814
356810
  return [
356815
356811
  {
356816
356812
  validate(cr) {
@@ -356841,22 +356837,21 @@ class SyncerInitializer extends InitializerPatches {
356841
356837
  }
356842
356838
  },
356843
356839
  apply(cr) {
356844
- cr.metadata.annotations = cr.metadata.annotations || {};
356845
- // Apply general policy annotation
356846
- if (policyInfo(this)) {
356847
- cr.metadata.annotations['firestartr.dev/policy'] = policyInfo(this);
356848
- }
356849
356840
  if (syncInfo(this).enabled) {
356841
+ cr.metadata.annotations = cr.metadata.annotations || {};
356850
356842
  cr.metadata.annotations['firestartr.dev/sync-enabled'] = 'true';
356851
356843
  if (syncInfo(this).period) {
356844
+ cr.metadata.annotations = cr.metadata.annotations || {};
356852
356845
  cr.metadata.annotations['firestartr.dev/sync-period'] =
356853
356846
  syncInfo(this).period;
356854
356847
  }
356855
356848
  if (syncInfo(this).policy) {
356849
+ cr.metadata.annotations = cr.metadata.annotations || {};
356856
356850
  cr.metadata.annotations['firestartr.dev/sync-policy'] =
356857
356851
  syncInfo(this).policy;
356858
356852
  }
356859
356853
  if (syncInfo(this).schedule) {
356854
+ cr.metadata.annotations = cr.metadata.annotations || {};
356860
356855
  cr.metadata.annotations[SYNC_SCHED_ANNOTATION] =
356861
356856
  syncInfo(this).schedule;
356862
356857
  cr.metadata.annotations[SYNC_SCHED_TIMEZONE_ANNOTATION] =
@@ -357577,69 +357572,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
357577
357572
  },
357578
357573
  additionalProperties: false,
357579
357574
  },
357580
- PolicyType: {
357581
- $id: 'firestartr.dev://common/PolicyType',
357582
- type: 'string',
357583
- description: 'Policy for resource management',
357584
- enum: [
357585
- 'apply',
357586
- 'create-only',
357587
- 'create-update-only',
357588
- 'full-control',
357589
- 'observe',
357590
- 'observe-only',
357591
- ],
357592
- },
357593
- SyncConfig: {
357594
- $id: 'firestartr.dev://common/SyncConfig',
357595
- type: 'object',
357596
- description: 'Sync configuration for resources',
357597
- properties: {
357598
- enabled: {
357599
- type: 'boolean',
357600
- description: 'Enable periodic sync operations',
357601
- },
357602
- period: {
357603
- type: 'string',
357604
- pattern: '^[0-9]+[smhd]$',
357605
- description: 'Sync period (e.g., 1h, 30m, 5s). Must be enabled without schedule.',
357606
- },
357607
- schedule: {
357608
- type: 'string',
357609
- description: 'Cron schedule for sync operations. Must be enabled without period.',
357610
- },
357611
- schedule_timezone: {
357612
- type: 'string',
357613
- description: 'Timezone for cron schedule (e.g., UTC, America/New_York)',
357614
- },
357615
- policy: {
357616
- type: 'string',
357617
- description: 'Policy for sync operations (apply or observe)',
357618
- },
357619
- },
357620
- additionalProperties: false,
357621
- required: ['enabled'],
357622
- oneOf: [
357623
- {
357624
- required: ['period'],
357625
- },
357626
- {
357627
- required: ['schedule'],
357628
- },
357629
- {
357630
- not: {
357631
- anyOf: [
357632
- {
357633
- required: ['period'],
357634
- },
357635
- {
357636
- required: ['schedule'],
357637
- },
357638
- ],
357639
- },
357640
- },
357641
- ],
357642
- },
357643
357575
  },
357644
357576
  });
357645
357577
 
@@ -358000,9 +357932,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358000
357932
  {
358001
357933
  type: 'object',
358002
357934
  properties: {
358003
- policy: {
358004
- $ref: 'firestartr.dev://common/PolicyType',
358005
- },
358006
357935
  privacy: {
358007
357936
  type: 'string',
358008
357937
  enum: ['closed', 'secret'],
@@ -358013,9 +357942,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358013
357942
  org: {
358014
357943
  type: 'string',
358015
357944
  },
358016
- sync: {
358017
- $ref: 'firestartr.dev://common/SyncConfig',
358018
- },
358019
357945
  },
358020
357946
  required: ['org', 'privacy'],
358021
357947
  },
@@ -358041,9 +357967,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358041
357967
  {
358042
357968
  type: 'object',
358043
357969
  properties: {
358044
- policy: {
358045
- $ref: 'firestartr.dev://common/PolicyType',
358046
- },
358047
357970
  role: {
358048
357971
  type: 'string',
358049
357972
  enum: ['admin', 'member'],
@@ -358051,9 +357974,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358051
357974
  org: {
358052
357975
  type: 'string',
358053
357976
  },
358054
- sync: {
358055
- $ref: 'firestartr.dev://common/SyncConfig',
358056
- },
358057
357977
  },
358058
357978
  required: ['org', 'role'],
358059
357979
  },
@@ -358078,9 +357998,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358078
357998
  {
358079
357999
  type: 'object',
358080
358000
  properties: {
358081
- policy: {
358082
- $ref: 'firestartr.dev://common/PolicyType',
358083
- },
358084
358001
  org: {
358085
358002
  type: 'string',
358086
358003
  description: 'The github organization name',
@@ -358089,9 +358006,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358089
358006
  type: 'string',
358090
358007
  enum: ['private', 'public', 'internal'],
358091
358008
  },
358092
- sync: {
358093
- $ref: 'firestartr.dev://common/SyncConfig',
358094
- },
358095
358009
  features: {
358096
358010
  type: 'array',
358097
358011
  items: {
@@ -358127,9 +358041,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358127
358041
  {
358128
358042
  type: 'object',
358129
358043
  properties: {
358130
- policy: {
358131
- $ref: 'firestartr.dev://common/PolicyType',
358132
- },
358133
358044
  orgName: {
358134
358045
  type: 'string',
358135
358046
  description: 'Organization name on GitHub',
@@ -358163,9 +358074,6 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
358163
358074
  },
358164
358075
  required: ['url', 'contentType', 'events', 'secretRef'],
358165
358076
  },
358166
- sync: {
358167
- $ref: 'firestartr.dev://common/SyncConfig',
358168
- },
358169
358077
  },
358170
358078
  required: ['orgName', 'webhook'],
358171
358079
  },
@@ -358337,7 +358245,15 @@ const GithubSchemas = [
358337
358245
  type: 'object',
358338
358246
  properties: {
358339
358247
  policy: {
358340
- $ref: 'firestartr.dev://common/PolicyType',
358248
+ type: 'string',
358249
+ enum: [
358250
+ 'apply',
358251
+ 'create-only',
358252
+ 'create-update-only',
358253
+ 'full-control',
358254
+ 'observe',
358255
+ 'observe-only',
358256
+ ],
358341
358257
  },
358342
358258
  name: {
358343
358259
  type: 'string',
@@ -358347,7 +358263,47 @@ const GithubSchemas = [
358347
358263
  enum: ['remote', 'inline', 'Remote', 'Inline'],
358348
358264
  },
358349
358265
  sync: {
358350
- $ref: 'firestartr.dev://common/SyncConfig',
358266
+ type: 'object',
358267
+ properties: {
358268
+ enabled: {
358269
+ type: 'boolean',
358270
+ },
358271
+ period: {
358272
+ type: 'string',
358273
+ pattern: '^[0-9]+[smhd]$',
358274
+ },
358275
+ schedule: {
358276
+ type: 'string',
358277
+ },
358278
+ schedule_timezone: {
358279
+ type: 'string',
358280
+ },
358281
+ policy: {
358282
+ type: 'string',
358283
+ },
358284
+ },
358285
+ additionalProperties: false,
358286
+ required: ['enabled'],
358287
+ oneOf: [
358288
+ {
358289
+ required: ['period'],
358290
+ },
358291
+ {
358292
+ required: ['schedule'],
358293
+ },
358294
+ {
358295
+ not: {
358296
+ anyOf: [
358297
+ {
358298
+ required: ['period'],
358299
+ },
358300
+ {
358301
+ required: ['schedule'],
358302
+ },
358303
+ ],
358304
+ },
358305
+ },
358306
+ ],
358351
358307
  },
358352
358308
  valuesSchema: {
358353
358309
  type: 'string',
@@ -360768,6 +360724,13 @@ function renderFeature(featureName, version, owner, repo, featureOwner, renderPa
360768
360724
  features_preparer_src_logger.info(`Rendering feature ${featureName} to ${renderedPath} with component ${JSON.stringify(featureOwner)}`);
360769
360725
  return features_renderer.render(extractPath, renderedPath, featureOwner, {}, featureArgs);
360770
360726
  }
360727
+ /*
360728
+ * This functionality does the same of the above
360729
+ * without downloading and extracting the feature
360730
+ */
360731
+ function renderFeatureFromPath(extractPath, renderedPath, featureOwner, featureArgs = {}) {
360732
+ return features_renderer.render(extractPath, renderedPath, featureOwner, featureArgs);
360733
+ }
360771
360734
 
360772
360735
  // EXTERNAL MODULE: ../../node_modules/adm-zip/adm-zip.js
360773
360736
  var adm_zip = __nccwpck_require__(7993);
@@ -360881,6 +360844,7 @@ async function downloadFeatureZip(repo, featureName, reference, owner = 'prefapp
360881
360844
 
360882
360845
  /* harmony default export */ const features_preparer_src = ({
360883
360846
  renderFeature: renderFeature,
360847
+ renderFeatureFromPath: renderFeatureFromPath,
360884
360848
  getFeatureConfigFromRef: getFeatureConfigFromRef,
360885
360849
  getFeatureConfig: getFeatureConfig,
360886
360850
  prepareFeature: prepareFeature,
@@ -360892,6 +360856,7 @@ async function downloadFeatureZip(repo, featureName, reference, owner = 'prefapp
360892
360856
  /* harmony default export */ const features_preparer = ({
360893
360857
  prepareFeature: features_preparer_src.prepareFeature,
360894
360858
  renderFeature: features_preparer_src.renderFeature,
360859
+ renderFeatureFromPath: features_preparer_src.renderFeatureFromPath,
360895
360860
  getFeatureConfig: features_preparer_src.getFeatureConfig,
360896
360861
  getFeatureConfigFromRef: features_preparer_src.getFeatureConfigFromRef,
360897
360862
  });
@@ -360907,7 +360872,8 @@ async function utils_renderFeature(featureName, featureVersion, featureOutputObj
360907
360872
  const userManaged = fileInfo.userManaged;
360908
360873
  const contentText = external_fs_.readFileSync(fileInfo.localPath, 'utf-8');
360909
360874
  const content = Buffer.from(contentText, 'utf8').toString('base64');
360910
- files.push({ path, userManaged, content });
360875
+ const targetBranch = fileInfo.targetBranch;
360876
+ files.push({ path, userManaged, content, targetBranch });
360911
360877
  }
360912
360878
  const featName = catalog_common.generic.normalizeName(`${featureName}-${cr.spec.firestartr.tfStateKey}`);
360913
360879
  return {
@@ -360937,6 +360903,17 @@ async function utils_renderFeature(featureName, featureVersion, featureOutputObj
360937
360903
 
360938
360904
 
360939
360905
 
360906
+
360907
+ // this is the only way currently to make
360908
+ // work the system and inject our code
360909
+ // without having to download a feature
360910
+ let MOCK_FEATURES_FN = undefined;
360911
+ function MOCK_FEATURES(mock) {
360912
+ MOCK_FEATURES_FN = mock;
360913
+ if (mock) {
360914
+ log.warn('⚠️ Warning features system downloader has been mocked, it should only happen in unit testing');
360915
+ }
360916
+ }
360940
360917
  class FeaturesOverrider extends OverriderPatches {
360941
360918
  constructor(featureName, featureVersion, featureConfig, featureArgs, featureRef, featureRepo) {
360942
360919
  super();
@@ -360963,6 +360940,9 @@ class FeaturesOverrider extends OverriderPatches {
360963
360940
  let owner = 'prefapp';
360964
360941
  let versionOrRef = this.featureVersion;
360965
360942
  let renderer = 'getFeatureConfig';
360943
+ if (MOCK_FEATURES_FN) {
360944
+ return MOCK_FEATURES_FN();
360945
+ }
360966
360946
  if (this.featureRepo) {
360967
360947
  [owner, repo] = this.featureRepo.split(/\//);
360968
360948
  }
@@ -364100,7 +364080,7 @@ class FeatureRepoChart extends BaseGithubChart {
364100
364080
  files: claim.files.map((file) => {
364101
364081
  return {
364102
364082
  ...file,
364103
- targetBranch: file.targetBranch,
364083
+ targetBranch: file.targetBranch ?? undefined,
364104
364084
  };
364105
364085
  }),
364106
364086
  firestartr: {
@@ -364111,19 +364091,15 @@ class FeatureRepoChart extends BaseGithubChart {
364111
364091
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364112
364092
  'claim-ref',
364113
364093
  'revision',
364114
- 'policy',
364115
- 'sync-policy',
364116
364094
  'sync-enabled',
364117
364095
  'sync-period',
364118
- 'sync-schedule',
364119
- 'sync-schedule-timezone',
364120
- 'last-state-pr',
364121
364096
  ]);
364122
364097
  cr.metadata.annotations = {
364123
364098
  ...cr.metadata.annotations,
364124
364099
  ...annotations,
364125
364100
  };
364126
- return cr;
364101
+ // We do this to remove undefined variables from the template
364102
+ return JSON.parse(JSON.stringify(cr, null, 2));
364127
364103
  }
364128
364104
  gvk() {
364129
364105
  return FirestartrGithubRepositoryFeature.GVK;
@@ -364190,13 +364166,8 @@ class RepoSecretsSectionChart extends BaseGithubChart {
364190
364166
  const annotations = this.getAnnotationsFromRepo(this.get('repoCr'), [
364191
364167
  'claim-ref',
364192
364168
  'revision',
364193
- 'policy',
364194
- 'sync-policy',
364195
364169
  'sync-enabled',
364196
364170
  'sync-period',
364197
- 'sync-schedule',
364198
- 'sync-schedule-timezone',
364199
- 'last-state-pr',
364200
364171
  ]);
364201
364172
  cr.metadata.annotations = {
364202
364173
  ...cr.metadata.annotations,
@@ -370464,15 +370435,10 @@ class Resource {
370464
370435
  this.set('operation', operation);
370465
370436
  this.set('deps', deps);
370466
370437
  }
370467
- async run(options) {
370438
+ async run() {
370468
370439
  await this.preprocess();
370469
370440
  await this.synth();
370470
- if (options?.planOnly) {
370471
- await this.runTerraformPlanOnly();
370472
- }
370473
- else {
370474
- await this.runTerraform();
370475
- }
370441
+ await this.runTerraform();
370476
370442
  await this.postprocess();
370477
370443
  if (this.logStream) {
370478
370444
  this.logStream.end();
@@ -370497,13 +370463,6 @@ class Resource {
370497
370463
  log(msg) {
370498
370464
  this.logFn(msg);
370499
370465
  }
370500
- async runTerraformPlanOnly() {
370501
- await this.onTFStreaming();
370502
- let output = '';
370503
- output += await terraformInit(this.get('main_artifact'), this.logStream);
370504
- output += await terraformPlan(this.get('main_artifact'), this.logStream);
370505
- this.set('output', output);
370506
- }
370507
370466
  async runTerraform() {
370508
370467
  await this.onTFStreaming();
370509
370468
  let output = '';
@@ -370891,7 +370850,7 @@ async function runProvisioner(data, opts) {
370891
370850
  if ('logStreamCallbacksTF' in opts) {
370892
370851
  resource.setTFStreamLogs(opts['logStreamCallbacksTF']);
370893
370852
  }
370894
- await resource.run({ planOnly: opts.planOnly });
370853
+ await resource.run();
370895
370854
  return resource;
370896
370855
  }
370897
370856
  function createInstanceOf(entity, op, deps) {
@@ -371173,51 +371132,6 @@ function helperCreateCheckRunName(cmd, item) {
371173
371132
  return `${item.kind} - ${cmd}`;
371174
371133
  }
371175
371134
 
371176
- ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
371177
- const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
371178
- function replaceConfigSecrets(config, secrets) {
371179
- for (const key in config) {
371180
- if (typeof config[key] === 'object' && config[key] !== null) {
371181
- // If the property is an object, call this function recursively
371182
- replaceConfigSecrets(config[key], secrets);
371183
- }
371184
- else if (typeof config[key] === 'string') {
371185
- // If the property is a string and its value is equal to secrets.something,
371186
- // replace the value with the value of the 'something' key in the secrets object
371187
- config[key] = config[key].replace(secretRegex, (_, group1) => {
371188
- if (!secrets[group1]) {
371189
- throw new Error(`Secret ${group1} not found in secrets`);
371190
- }
371191
- return secrets[group1];
371192
- });
371193
- }
371194
- }
371195
- return config;
371196
- }
371197
- function replaceInlineSecrets(inline, secrets) {
371198
- if (typeof inline !== 'string' || !inline)
371199
- return inline;
371200
- let result = inline;
371201
- result = result.replace(secretRegex, (_, group1) => {
371202
- if (!secrets[group1]) {
371203
- throw new Error(`Secret ${group1} not found in secrets`);
371204
- }
371205
- return secrets[group1];
371206
- });
371207
- return result;
371208
- }
371209
- /**
371210
- * Retrieves a policy annotation value from a custom resource
371211
- * @param item - The CR to get the policy from
371212
- * @param annotation - The annotation key to retrieve
371213
- * @returns The policy value, or undefined if not set
371214
- */
371215
- function getPolicy(item, annotation) {
371216
- const policy = item.metadata.annotations && item.metadata.annotations[annotation];
371217
- if (policy)
371218
- return policy;
371219
- }
371220
-
371221
371135
  ;// CONCATENATED MODULE: ../operator/src/utils/operationErrorMessages.ts
371222
371136
  const APPLY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform apply operation.';
371223
371137
  const DESTROY_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraform destroy operation.';
@@ -371233,17 +371147,9 @@ const PLAN_DEFAULT_ERROR_MESSAGE = 'An error occurred while executing the Terraf
371233
371147
 
371234
371148
 
371235
371149
 
371236
- const cdktf_LAST_STATE_PR_ANNOTATION = 'firestartr.dev/last-state-pr';
371237
-
371238
371150
  function processOperation(item, op, handler) {
371239
371151
  operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
371240
371152
  try {
371241
- const policy = getPolicy(item, 'firestartr.dev/policy');
371242
- // If general policy is observe/observe-only, route to observe mode instead of apply
371243
- if (!policy || policy === 'observe' || policy === 'observe-only') {
371244
- operator_src_logger.info(`Policy is '${policy || 'not set (default)'}', routing to observe mode`);
371245
- return cdktf_observe(item, op, handler);
371246
- }
371247
371153
  switch (op) {
371248
371154
  case OperationType.UPDATED:
371249
371155
  return updated(item, op, handler);
@@ -371268,11 +371174,6 @@ function processOperation(item, op, handler) {
371268
371174
  throw e;
371269
371175
  }
371270
371176
  }
371271
- async function* cdktf_observe(item, op, handler) {
371272
- for await (const transition of doPlan(item, op, handler)) {
371273
- yield transition;
371274
- }
371275
- }
371276
371177
  async function* created(item, op, handler) {
371277
371178
  for await (const transition of doApply(item, op, handler)) {
371278
371179
  yield transition;
@@ -371308,18 +371209,8 @@ async function* sync(item, op, handler) {
371308
371209
  status: 'False',
371309
371210
  message: 'Synth CDKTF',
371310
371211
  };
371311
- const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
371312
- if (syncPolicy === 'apply') {
371313
- operator_src_logger.info(`SYNC OPERATION: applying item ${item.metadata.name} with sync-policy=${syncPolicy}`);
371314
- for await (const transition of doApply(item, op, handler)) {
371315
- yield transition;
371316
- }
371317
- }
371318
- else {
371319
- operator_src_logger.info(`SYNC OPERATION: planning item ${item.metadata.name} with sync-policy=${syncPolicy || 'default (observe)'}`);
371320
- for await (const transition of doPlan(item, op, handler)) {
371321
- yield transition;
371322
- }
371212
+ for await (const transition of doApply(item, op, handler)) {
371213
+ yield transition;
371323
371214
  }
371324
371215
  yield {
371325
371216
  item,
@@ -371358,14 +371249,15 @@ async function* markedToDeletion(item, op, handler) {
371358
371249
  message: 'Destroying process started',
371359
371250
  };
371360
371251
  const deps = await handler.resolveReferences();
371361
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371252
+ const annotation = 'firestartr.dev/last-state-pr';
371253
+ const statePr = item?.metadata?.annotations?.[annotation];
371362
371254
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371363
371255
  if (!hasStatePr) {
371364
371256
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371365
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371257
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371366
371258
  }
371367
371259
  else {
371368
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371260
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371369
371261
  }
371370
371262
  const destroyOutput = await provisioner.runProvisioner({
371371
371263
  mainCr: item,
@@ -371400,7 +371292,7 @@ async function* markedToDeletion(item, op, handler) {
371400
371292
  };
371401
371293
  await handler.finalize(handler.pluralKind, item.metadata.namespace, item, 'firestartr.dev/finalizer');
371402
371294
  await handler.writeTerraformOutputInTfResult(item, output);
371403
- if (item.metadata.annotations[cdktf_LAST_STATE_PR_ANNOTATION] || false) {
371295
+ if (item.metadata.annotations['firestartr.dev/last-state-pr'] || false) {
371404
371296
  await addDestroyCommitStatus(item, 'success', 'Destroy operation completed', `Terraform Destroy ${item.metadata.name}`);
371405
371297
  }
371406
371298
  void handler.success();
@@ -371481,14 +371373,15 @@ async function* doApply(item, op, handler) {
371481
371373
  }
371482
371374
  const deps = await handler.resolveReferences();
371483
371375
  operator_src_logger.info(`Item ${item.metadata.name} has the following dependencies: ${deps}`);
371484
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371376
+ const annotation = 'firestartr.dev/last-state-pr';
371377
+ const statePr = item?.metadata?.annotations?.[annotation];
371485
371378
  const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371486
371379
  if (!hasStatePr) {
371487
371380
  operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371488
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371381
+ `has no "${annotation}" annotation; skipping GitHub Check Runs (synth, terraform apply).`);
371489
371382
  }
371490
371383
  else {
371491
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371384
+ operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${annotation}" = ${statePr}`);
371492
371385
  }
371493
371386
  const applyOutput = await provisioner.runProvisioner({
371494
371387
  mainCr: item,
@@ -371584,219 +371477,6 @@ async function* doApply(item, op, handler) {
371584
371477
  }
371585
371478
  }
371586
371479
  }
371587
- async function* doPlan(item, op, handler) {
371588
- let checkRunCtl;
371589
- try {
371590
- cleanTerraformState();
371591
- yield {
371592
- item,
371593
- reason: op,
371594
- type: 'PLANNING',
371595
- status: 'True',
371596
- message: 'Planning process started',
371597
- };
371598
- const deps = await handler.resolveReferences();
371599
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371600
- const hasStatePr = typeof statePr === 'string' && statePr.trim().length > 0;
371601
- if (!hasStatePr) {
371602
- operator_src_logger.warn(`CR ${item?.kind ?? 'UnknownKind'}/${item?.metadata?.name ?? 'unknown'} ` +
371603
- `has no "${cdktf_LAST_STATE_PR_ANNOTATION}" annotation; skipping GitHub Check Runs for plan.`);
371604
- }
371605
- else {
371606
- operator_src_logger.debug(`CR ${item.kind}/${item.metadata.name} uses "${cdktf_LAST_STATE_PR_ANNOTATION}" = ${statePr}`);
371607
- await addPlanStatusCheck(statePr, 'CDKTF plan in progress...');
371608
- }
371609
- // Run provisioner in plan-only mode
371610
- const planResult = await provisioner.runProvisioner({ mainCr: item, deps }, {
371611
- planOnly: true,
371612
- delete: 'deletionTimestamp' in item.metadata,
371613
- ...(hasStatePr
371614
- ? {
371615
- logStreamCallbacksCDKTF: {
371616
- prepare: async () => {
371617
- checkRunCtl = await GHCheckRun('synth', item);
371618
- return checkRunCtl;
371619
- },
371620
- },
371621
- logStreamCallbacksTF: {
371622
- prepare: async () => {
371623
- checkRunCtl = await GHCheckRun('plan', item);
371624
- return checkRunCtl;
371625
- },
371626
- },
371627
- }
371628
- : {}),
371629
- });
371630
- const planOutput = planResult?.output || '';
371631
- // Parse terraform plan output to detect changes
371632
- // Handles multiple Terraform output formats and versions
371633
- const hasChanges = detectPlanChanges(planOutput);
371634
- if (hasChanges) {
371635
- yield {
371636
- item,
371637
- reason: op,
371638
- type: 'OUT_OF_SYNC',
371639
- status: 'True',
371640
- message: 'Plan has changes',
371641
- };
371642
- yield {
371643
- item,
371644
- reason: op,
371645
- type: 'PROVISIONED',
371646
- status: 'False',
371647
- message: 'Plan has changes',
371648
- };
371649
- }
371650
- else {
371651
- yield {
371652
- item,
371653
- reason: op,
371654
- type: 'OUT_OF_SYNC',
371655
- status: 'False',
371656
- message: 'Plan has no changes',
371657
- };
371658
- yield {
371659
- item,
371660
- reason: op,
371661
- type: 'PROVISIONED',
371662
- status: 'True',
371663
- message: 'Plan has no changes',
371664
- };
371665
- }
371666
- // Store plan details for later reference
371667
- yield {
371668
- item,
371669
- reason: op,
371670
- type: 'LAST_PLAN_DETAILS',
371671
- status: 'Unknown',
371672
- message: planOutput,
371673
- };
371674
- yield {
371675
- item,
371676
- reason: op,
371677
- type: 'PLANNING',
371678
- status: 'False',
371679
- message: 'Planning process finished',
371680
- };
371681
- if (hasStatePr) {
371682
- await addPlanStatusCheck(statePr, hasChanges ? 'Plan has changes' : 'Plan has no changes', 'completed');
371683
- }
371684
- }
371685
- catch (e) {
371686
- operator_src_logger.error(`CDKTF plan failed: ${e}`);
371687
- if (checkRunCtl) {
371688
- checkRunCtl.fnOnError(e);
371689
- }
371690
- yield {
371691
- item,
371692
- reason: op,
371693
- type: 'ERROR',
371694
- status: 'True',
371695
- message: e.toString(),
371696
- };
371697
- yield {
371698
- item,
371699
- reason: op,
371700
- type: 'PLANNING',
371701
- status: 'False',
371702
- message: e.toString(),
371703
- };
371704
- yield {
371705
- item,
371706
- reason: op,
371707
- type: 'PROVISIONED',
371708
- status: 'False',
371709
- message: e.toString(),
371710
- };
371711
- const statePr = item?.metadata?.annotations?.[cdktf_LAST_STATE_PR_ANNOTATION];
371712
- if (statePr) {
371713
- const summaryText = tryCreateErrorSummary('CDKTF Plan failed', e);
371714
- await addPlanStatusCheck(statePr, summaryText, 'completed', true);
371715
- }
371716
- await handler.writeTerraformOutputInTfResult(item, e);
371717
- void handler.error();
371718
- }
371719
- }
371720
- /**
371721
- * Detects if a Terraform plan output contains changes
371722
- * Handles multiple Terraform versions and output formats
371723
- * @param planOutput - The text output from terraform plan
371724
- * @returns true if changes are detected, false otherwise
371725
- */
371726
- function detectPlanChanges(planOutput) {
371727
- if (!planOutput || planOutput.trim().length === 0) {
371728
- return false;
371729
- }
371730
- // Normalize the output for consistent matching
371731
- const normalized = planOutput.toLowerCase();
371732
- // Pattern 1: "Plan: X to add, Y to change, Z to destroy"
371733
- // Matches: "Plan: 1 to add, 0 to change, 0 to destroy"
371734
- const planPattern = /plan:\s*(\d+)\s+to\s+add,\s*(\d+)\s+to\s+change,\s*(\d+)\s+to\s+destroy/i;
371735
- const planMatch = planOutput.match(planPattern);
371736
- if (planMatch) {
371737
- const add = Number(planMatch[1]);
371738
- const change = Number(planMatch[2]);
371739
- const destroy = Number(planMatch[3]);
371740
- if (add > 0 || change > 0 || destroy > 0) {
371741
- return true;
371742
- }
371743
- // Explicitly found "Plan:" with 0/0/0 - no changes
371744
- return false;
371745
- }
371746
- // Pattern 2: Individual change indicators
371747
- // Handles variations like "1 to add", "2 to change", "3 to destroy"
371748
- const hasAdditions = /\d+\s+to\s+add/i.test(planOutput);
371749
- const hasChanges = /\d+\s+to\s+change/i.test(planOutput);
371750
- const hasDestructions = /\d+\s+to\s+destroy/i.test(planOutput);
371751
- const hasImports = /\d+\s+to\s+import/i.test(planOutput);
371752
- if (hasAdditions || hasChanges || hasDestructions || hasImports) {
371753
- return true;
371754
- }
371755
- // Pattern 3: Resource-level change indicators
371756
- // Matches: "# resource will be created", "# resource will be updated", etc.
371757
- const resourceChangePatterns = [
371758
- /will\s+be\s+(created|destroyed|updated|replaced)/i,
371759
- /must\s+be\s+(created|destroyed|updated|replaced)/i,
371760
- /#.*\s+(create|destroy|update|replace)/i,
371761
- ];
371762
- for (const pattern of resourceChangePatterns) {
371763
- if (pattern.test(planOutput)) {
371764
- return true;
371765
- }
371766
- }
371767
- // Pattern 4: Action symbols in plan output
371768
- // Terraform uses symbols like +, -, ~, -/+ to indicate changes
371769
- const actionSymbols = [
371770
- /^\s*[+]\s+/m,
371771
- /^\s*[-]\s+/m,
371772
- /^\s*[~]\s+/m,
371773
- /^\s*[-][/][+]\s+/m, // Replace
371774
- ];
371775
- for (const pattern of actionSymbols) {
371776
- if (pattern.test(planOutput)) {
371777
- return true;
371778
- }
371779
- }
371780
- // Pattern 5: No changes messages (inverse check)
371781
- const noChangesPatterns = [
371782
- /no\s+changes/i,
371783
- /infrastructure\s+is\s+up[-\s]to[-\s]date/i,
371784
- /your\s+infrastructure\s+matches\s+the\s+configuration/i,
371785
- /0\s+to\s+add,\s*0\s+to\s+change,\s*0\s+to\s+destroy/i,
371786
- ];
371787
- for (const pattern of noChangesPatterns) {
371788
- if (pattern.test(planOutput)) {
371789
- return false;
371790
- }
371791
- }
371792
- // If we find "Plan:" keyword but couldn't parse it, log a warning and assume no changes
371793
- if (normalized.includes('plan:')) {
371794
- operator_src_logger.warn('Found "Plan:" in output but could not parse change counts. Assuming no changes.');
371795
- return false;
371796
- }
371797
- // Default: assume no changes if we can't detect any
371798
- return false;
371799
- }
371800
371480
  function cleanTerraformState() {
371801
371481
  external_fs_.rmSync('/library/packages/provisioner/cdktf.out', {
371802
371482
  recursive: true,
@@ -372796,6 +372476,40 @@ function tf_checkrun_helperCreateCheckRunName(cmd) {
372796
372476
  return `TFWorkspace - ${cmd}`;
372797
372477
  }
372798
372478
 
372479
+ ;// CONCATENATED MODULE: ../operator/src/utils/index.ts
372480
+ const secretRegex = /\$\{\{ secrets\.(.*?) \}\}/g;
372481
+ function replaceConfigSecrets(config, secrets) {
372482
+ for (const key in config) {
372483
+ if (typeof config[key] === 'object' && config[key] !== null) {
372484
+ // If the property is an object, call this function recursively
372485
+ replaceConfigSecrets(config[key], secrets);
372486
+ }
372487
+ else if (typeof config[key] === 'string') {
372488
+ // If the property is a string and its value is equal to secrets.something,
372489
+ // replace the value with the value of the 'something' key in the secrets object
372490
+ config[key] = config[key].replace(secretRegex, (_, group1) => {
372491
+ if (!secrets[group1]) {
372492
+ throw new Error(`Secret ${group1} not found in secrets`);
372493
+ }
372494
+ return secrets[group1];
372495
+ });
372496
+ }
372497
+ }
372498
+ return config;
372499
+ }
372500
+ function replaceInlineSecrets(inline, secrets) {
372501
+ if (typeof inline !== 'string' || !inline)
372502
+ return inline;
372503
+ let result = inline;
372504
+ result = result.replace(secretRegex, (_, group1) => {
372505
+ if (!secrets[group1]) {
372506
+ throw new Error(`Secret ${group1} not found in secrets`);
372507
+ }
372508
+ return secrets[group1];
372509
+ });
372510
+ return result;
372511
+ }
372512
+
372799
372513
  ;// CONCATENATED MODULE: ../operator/src/tfworkspaces/process-operation.ts
372800
372514
 
372801
372515
 
@@ -372987,6 +372701,11 @@ async function* process_operation_renamed(item, op, handler) {
372987
372701
  yield transition;
372988
372702
  }
372989
372703
  }
372704
+ function getPolicy(item, annotation) {
372705
+ const policy = item.metadata.annotations && item.metadata.annotations[annotation];
372706
+ if (policy)
372707
+ return policy;
372708
+ }
372990
372709
  async function* process_operation_updated(item, op, handler) {
372991
372710
  for await (const transition of process_operation_doApply(item, op, handler)) {
372992
372711
  yield transition;
@@ -373631,7 +373350,7 @@ const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
373631
373350
  function processOperationPlan(item, op, handler) {
373632
373351
  try {
373633
373352
  processOperationPlan_clearLocalTfProjects();
373634
- const policy = getPolicy(item, 'firestartr.dev/policy');
373353
+ const policy = processOperationPlan_getPolicy(item);
373635
373354
  if (policy === 'observe' || policy === 'apply') {
373636
373355
  return processOperationPlan_plan(item, op, handler);
373637
373356
  }
@@ -374078,6 +373797,12 @@ function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
374078
373797
  throw new Error(`❌ Source ${cr.spec.source} not supported`);
374079
373798
  }
374080
373799
  }
373800
+ function processOperationPlan_getPolicy(item) {
373801
+ const policy = item.metadata.annotations &&
373802
+ item.metadata.annotations['firestartr.dev/policy'];
373803
+ if (policy)
373804
+ return policy;
373805
+ }
374081
373806
 
374082
373807
  ;// CONCATENATED MODULE: ../operator/src/ctx.ts
374083
373808
  class Ctx {