@firestartr/cli 1.59.3-snapshot-15 → 1.60.0

package/build/index.js

@@ -346942,6 +346942,69 @@ function policiesAreCompatible(syncPolicy, generalPolicy) {
     FIRESTARTR_POLICIES: FIRESTARTR_POLICIES,
 });
 
+;// CONCATENATED MODULE: ../catalog_common/src/tokenizer/index.ts
+class SimpleTokenizer {
+    /**
+     * Pass the regex here (it automatically makes it global so it finds ALL matches)
+     */
+    constructor(regex) {
+        const flags = regex.flags.includes('g') ? regex.flags : regex.flags + 'g';
+        this.regex = new RegExp(regex.source, flags);
+    }
+    /**
+     * Turn the whole string into a list of tokens:
+     * - 'text'  = normal text between matches
+     * - 'match' = whatever your regex found
+     */
+    tokenize(input) {
+        this.regex.lastIndex = 0;
+        const tokens = [];
+        let lastIndex = 0;
+        let match;
+        while ((match = this.regex.exec(input)) !== null) {
+            // Text before this match
+            if (match.index > lastIndex) {
+                tokens.push({
+                    type: 'text',
+                    value: input.slice(lastIndex, match.index),
+                    index: lastIndex,
+                });
+            }
+            // The matched part
+            tokens.push({
+                type: 'match',
+                value: match[0],
+                index: match.index,
+                groups: match.slice(1), // any capture groups you defined
+            });
+            if (match[0].length === 0) {
+                this.regex.lastIndex += 1;
+            }
+            lastIndex = this.regex.lastIndex;
+        }
+        // Remaining text after the last match
+        if (lastIndex < input.length) {
+            tokens.push({
+                type: 'text',
+                value: input.slice(lastIndex),
+                index: lastIndex,
+            });
+        }
+        return tokens;
+    }
+    /**
+     * Replace only the matched tokens by calling the function.
+     */
+    replace(input, replacer) {
+        return this.tokenize(input)
+            .map((token) => (token.type === 'match' ? replacer(token) : token.value))
+            .join('');
+    }
+}
+/* harmony default export */ const tokenizer = ({
+    SimpleTokenizer,
+});
+
 // EXTERNAL MODULE: ../../node_modules/cron-parser/dist/index.js
 var cron_parser_dist = __nccwpck_require__(98370);
 ;// CONCATENATED MODULE: ../catalog_common/src/cron.ts
@@ -346984,6 +347047,7 @@ function getCronNextInterval(cronLine, tz) {
 
 
 
+
 /* harmony default export */ const catalog_common = ({
     io: io,
     generic: generic,
@@ -346993,6 +347057,7 @@ function getCronNextInterval(cronLine, tz) {
     features: features,
     policies: policies,
     logger: logger_logger,
+    tokenizer: tokenizer,
     cron: {
         validateCron: validateCron,
         isValidCron: isValidCron,
@@ -353830,6 +353895,7 @@ async function getOrgTeamsDirectAccess(org) {
           nodes {
             id
             name
+            slug
             repositories {
               edges {
                 permission
@@ -353859,7 +353925,7 @@ function transformGraphQLResponse(response) {
     teams.forEach((team) => {
         const teamName = team.name;
         const teamId = team.id;
-        result.teams[teamName] = { id: teamId };
+        result.teams[teamName] = { id: teamId, slug: team.slug };
         const repositories = team.repositories.edges;
         repositories.forEach((repoEdge) => {
             const repoName = repoEdge.node.name;
@@ -353867,7 +353933,10 @@ function transformGraphQLResponse(response) {
             if (!result.repositories[repoName]) {
                 result.repositories[repoName] = {};
             }
-            result.repositories[repoName][teamName] = permission;
+            result.repositories[repoName][teamName] = {
+                permission,
+                slug: team.slug,
+            };
         });
     });
     return result;
@@ -355229,6 +355298,7 @@ class BranchStrategiesInitializer extends InitializerPatches {
                         cr.spec.repo.defaultBranch = claim.providers.github.defaultBranch;
                         cr.spec.branchProtections = [];
                     }
+                    cr.spec.branchProtections = cr.spec?.branchProtections ?? [];
                     delete cr.metadata.annotations[catalog_common.generic.getFirestartrAnnotation('branchStrategy')];
                     return cr;
                 },
@@ -356599,6 +356669,8 @@ class BranchStrategiesExpander extends GlobalSection {
                             claim.providers.github.branchStrategy.defaultBranch;
                         cr.spec.branchProtections = previousCR.spec.branchProtections;
                     }
+                    // fallback to empty array
+                    cr.spec.branchProtections = cr.spec?.branchProtections ?? [];
                     delete cr.metadata.annotations[catalog_common.generic.getFirestartrAnnotation('branchStrategy')];
                     return cr;
                 },
@@ -366393,15 +366465,12 @@ function walkArray(arr, symbolsToResolve, renderClaim) {
  */
 async function renderFromImports(rClaims, crs = {}, catalogOutputDir = '/tmp/.catalog', crOutputDir = '/tmp/.resources') {
     // Apply claim defaults (same as runRenderer path does via loadClaim/patchClaim)
+    let defaults;
     try {
-        const defaults = loadClaimDefaults();
-        for (const renderClaim of Object.values(rClaims)) {
-            renderClaim.claim = loader_patchClaim(renderClaim.claim, defaults);
-            validateClaim(renderClaim.claim);
-        }
+        defaults = loadClaimDefaults();
     }
     catch (e) {
-        cdk8s_renderer_src_logger.warn(`Could not apply claim defaults: ${e.message}`);
+        cdk8s_renderer_src_logger.warn(`Could not load claim defaults: ${e.message}`);
     }
     // type: is the kind of the claim
     // value: is the imported-ref (the name in Github, can be with special characters, spaces, etc)
@@ -366419,6 +366488,13 @@ async function renderFromImports(rClaims, crs = {}, catalogOutputDir = '/tmp/.ca
         cdk8s_renderer_src_logger.error(`Error while resolving imported-refs: ${e.message}`);
         throw new Error(`Error while resolving imported-refs: ${e.message}`);
     }
+    // after resolving the imported-refs, we need to validate the claims again, and apply the defaults if needed
+    for (const renderClaim of Object.values(rClaims)) {
+        if (defaults) {
+            renderClaim.claim = loader_patchClaim(renderClaim.claim, defaults);
+        }
+        validateClaim(renderClaim.claim, `firestartr.dev://common/${renderClaim.claim.kind}`);
+    }
     const catalogScope = new lib.App({
         outdir: catalogOutputDir,
         outputFileExtension: '.yaml',
@@ -367044,10 +367120,61 @@ MemberCollectionGithubDecanter.collectionKind = 'gh-members';
 applyCollectionMixins(MemberCollectionGithubDecanter);
 /* harmony default export */ const github_member_collection = (MemberCollectionGithubDecanter);
 
+;// CONCATENATED MODULE: ../importer/src/utils/codeowner.ts
+function extractFromCodeOwners(codeOwnersContent) {
+    if (!codeOwnersContent) {
+        return [];
+    }
+    return codeOwnersContent.split(/\r?\n/).flatMap((line) => {
+        const trimmedLine = line.trim();
+        // skip blank lines and full-line comments
+        if (!trimmedLine || trimmedLine.startsWith('#')) {
+            return [];
+        }
+        // strip inline comments before parsing owners
+        const lineWithoutInlineComment = line.replace(/\s*#.*$/, '').trim();
+        if (!lineWithoutInlineComment) {
+            return [];
+        }
+        // CODEOWNERS format: <pattern> <owner1> [<owner2> ...]
+        // first field is the path pattern; owners start from the second field
+        const parts = lineWithoutInlineComment.split(/\s+/);
+        if (parts.length < 2) {
+            return [];
+        }
+        return parts
+            .slice(1)
+            .filter((part) => part.startsWith('@'))
+            .map((owner) => ({
+            full: owner,
+            isTeam: owner.includes('/'),
+            name: owner,
+        }));
+    });
+}
+
+;// CONCATENATED MODULE: ../importer/src/utils/nomicon.ts
+function transformRepoName(repoName) {
+    // Convert to lowercase
+    let transformedName = repoName.toLowerCase();
+    const specialCharsRegex = /[._]/g;
+    if (specialCharsRegex.test(transformedName)) {
+        transformedName = transformedName.replace(/[._]/g, '');
+        // we add a random 2 letter suffix
+        return (transformedName + '-imp-' + Math.random().toString(36).substring(2, 4));
+    }
+    else {
+        return transformedName;
+    }
+}
+
 ;// CONCATENATED MODULE: ../importer/src/decanter/gh/github_repo.ts
 
 
 
+
+
+
 const TYPE_MAP = {
     User: 'user',
     Team: 'group',
@@ -367065,7 +367192,7 @@ class RepoGithubDecanter extends GithubDecanter {
             version: this.VERSION(),
             type: 'service',
             lifecycle: 'production',
-            name: this.data.repoDetails.name,
+            name: transformRepoName(this.data.repoDetails.name),
         };
     }
     __decantProviders() {
@@ -367118,6 +367245,52 @@ class RepoGithubDecanter extends GithubDecanter {
             });
         }
     }
+    // only for validation
+    __decantValidateCodeowners() {
+        if (this.data.codeowners) {
+            const owners = extractFromCodeOwners(this.data.codeowners);
+            const normalizeTeamIdentifier = (value) => {
+                const normalizedValue = (value.startsWith('@') ? value.slice(1) : value).toLowerCase();
+                if (!normalizedValue.includes('/')) {
+                    return normalizedValue;
+                }
+                const [org, slug, ...rest] = normalizedValue.split('/');
+                if (!org || !slug || rest.length > 0) {
+                    return null;
+                }
+                return org === this.org.toLowerCase() ? slug : null;
+            };
+            const isInTeams = (teamSlugInCodeowners) => {
+                const normalizedTeamSlug = normalizeTeamIdentifier(teamSlugInCodeowners);
+                if (!normalizedTeamSlug) {
+                    return false;
+                }
+                return this.data.teamsAndMembers.teams.some((team) => {
+                    return team.slug?.toLowerCase() === normalizedTeamSlug;
+                });
+            };
+            const isInUsers = (userName) => {
+                // strip the leading '@' for users (CODEOWNERS format: @username)
+                // and normalize to lowercase for case-insensitive comparison
+                const normalizedUserName = (userName.startsWith('@') ? userName.slice(1) : userName).toLowerCase();
+                return (this.data.teamsAndMembers.directMembers.some((member) => member.name?.toLowerCase() === normalizedUserName) ||
+                    this.data.teamsAndMembers.outsideMembers.some((member) => member.name?.toLowerCase() === normalizedUserName));
+            };
+            // let's validate that every element in the
+            // CODEOWNERS file is either a team or a user in the repository,
+            // otherwise we will have dangling references in the claim which will cause issues down the line
+            for (const owner of owners) {
+                if (owner.isTeam && !isInTeams(owner.name)) {
+                    importer_src_logger.error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references team ${owner.name} which is not present in the repository's teams.`);
+                    throw new Error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references team ${owner.name} which is not present in the repository's teams.`);
+                }
+                else if (!owner.isTeam && !isInUsers(owner.name)) {
+                    importer_src_logger.error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references user ${owner.name} which is not present in the repository's collaborators.`);
+                    throw new Error(`[${this.org}/${this.data.repoDetails.name}] CODEOWNERS file references user ${owner.name} which is not present in the repository's collaborators.`);
+                }
+            }
+        }
+    }
     __decantRelations() {
         const directMaintainers = this.data.teamsAndMembers.directMembers
             .filter((member) => member.role === 'maintain')
@@ -367232,7 +367405,8 @@ class RepoGithubDecanter extends GithubDecanter {
         const teams = Object.keys(this.githubTeams).map((teamName) => {
             return {
                 name: teamName,
-                role: this.githubTeams[teamName].toLowerCase(),
+                role: this.githubTeams[teamName].permission.toLowerCase(),
+                slug: this.githubTeams[teamName].slug,
             };
         });
         this.data['teamsAndMembers']['teams'] = teams;
@@ -367260,6 +367434,28 @@ class RepoGithubDecanter extends GithubDecanter {
         }
         this.data['branchStrategy'] = { kind: value, data: bpInfo };
     }
+    async __gatherCodeowners() {
+        const codeownersPaths = [
+            '.github/CODEOWNERS',
+            'CODEOWNERS',
+            'docs/CODEOWNERS',
+        ];
+        for (const codeownersPath of codeownersPaths) {
+            try {
+                const codeowners = await github_0.repo.getContent(codeownersPath, this.data.repoDetails.name, this.org);
+                this.data['codeowners'] = codeowners;
+                return;
+            }
+            catch (e) {
+                const status = e?.status ?? e?.response?.status;
+                if (status === 404) {
+                    continue;
+                }
+                throw e;
+            }
+        }
+        importer_src_logger.info(`No CODEOWNERS file found for ${this.data.repoDetails.name}, skipping.`);
+    }
     async __adaptInitializerBranchStrategies(_claim) {
         const bpData = this.data.branchStrategy.data;
         if (this.data.branchStrategy.kind === 'custom') {
@@ -367326,7 +367522,8 @@ class RepoCollectionGithubDecanter extends GithubDecanter {
         const filteredRepos = await this.filter(RepoCollectionGithubDecanter.collectionKind, filters, repoList.map((repo) => repo.name));
         for (const repoName of filteredRepos) {
             const repoInfo = await this.github.repo.getRepoInfo(this.org, repoName);
-            repos.push(new RepoGithubDecanter({ repoDetails: repoInfo }, this.org, directAccessRepos?.[repoName]));
+            const repoDecanter = new RepoGithubDecanter({ repoDetails: repoInfo }, this.org, directAccessRepos?.[repoName]);
+            repos.push(repoDecanter);
         }
         this.data['collection'] = repos;
         return repos;
@@ -367345,6 +367542,13 @@ applyCollectionMixins(RepoCollectionGithubDecanter);
 
 
 
+// A single claim can render multiple CRs.
+// Some of those rendered kinds are derived/child resources whose parent is the
+// main CR for the claim, so they do not correspond to claim files that should be moved.
+const CHILD_CR_KINDS = [
+    'FirestartrGithubRepositorySecretsSection',
+    'FirestartrGithubRepositoryFeature',
+];
 let previousCRs = {};
 const collections = {
     GroupCollectionGithubDecanter: github_group_collection,
@@ -367415,7 +367619,10 @@ async function moveCRsAndClaims(crs, org, claimsPath, resourcesPath) {
             importer_src_logger.info(`📝 Moving: CR with kind: ${crs[k].kind} and name: ${crs[k].metadata.name} to wet repository`);
             importedResources.push(`${crs[k].kind} ${crs[k].metadata.name}`);
             catalog_common.io.moveFile(getCrPath(tmpRenderedCrsPath, crs[k]), getCrPath(resourcesPath, crs[k]));
-            catalog_common.io.moveFile(getClaimPathFromCR(randomFolder, crs[k]), getClaimPathFromCR(claimsPath, crs[k]));
+            // We only want to execute the move on claims based on parent CRs, so we're omitting child CRs
+            if (!CHILD_CR_KINDS.includes(crs[k].kind)) {
+                catalog_common.io.moveFile(getClaimPathFromCR(randomFolder, crs[k]), getClaimPathFromCR(claimsPath, crs[k]));
+            }
         }
         catch (e) {
             console.error(e);
@@ -377090,9 +377297,9 @@ const crs_analyzerSubcommand = {
 };
 
 ;// CONCATENATED MODULE: ./package.json
-const package_namespaceObject = JSON.parse('{"i8":"1.59.3-snapshot-15"}');
+const package_namespaceObject = {"i8":"1.60.0"};
 ;// CONCATENATED MODULE: ../../package.json
-const package_namespaceObject_1 = {"i8":"1.59.3"};
+const package_namespaceObject_1 = {"i8":"1.60.0"};
 ;// CONCATENATED MODULE: ./src/subcommands/index.ts
 
 

package/build/packages/catalog_common/index.d.ts

@@ -99,6 +99,9 @@ declare const _default: {
         verbose: (...args: any) => void;
         silly: (...args: any) => void;
     };
+    tokenizer: {
+        SimpleTokenizer: typeof import("./src/tokenizer").SimpleTokenizer;
+    };
     cron: {
         validateCron: typeof validateCron;
         isValidCron: typeof isValidCron;

package/build/packages/catalog_common/src/tokenizer/index.d.ts

@@ -0,0 +1,27 @@
+export interface Token {
+    type: 'text' | 'match';
+    value: string;
+    index: number;
+    groups?: string[];
+}
+export declare class SimpleTokenizer {
+    private regex;
+    /**
+     * Pass the regex here (it automatically makes it global so it finds ALL matches)
+     */
+    constructor(regex: RegExp);
+    /**
+     * Turn the whole string into a list of tokens:
+     * - 'text'  = normal text between matches
+     * - 'match' = whatever your regex found
+     */
+    tokenize(input: string): Token[];
+    /**
+     * Replace only the matched tokens by calling the function.
+     */
+    replace(input: string, replacer: (token: Token) => string): string;
+}
+declare const _default: {
+    SimpleTokenizer: typeof SimpleTokenizer;
+};
+export default _default;

package/build/packages/importer/src/decanter/gh/github_repo.d.ts

@@ -8,11 +8,13 @@ export default class RepoGithubDecanter extends GithubDecanter {
     __decantProviders(): void;
     __decantPages(): void;
     __decantOIDC(): void;
+    __decantValidateCodeowners(): void;
     __decantRelations(): void;
     __gatherRepoTeamsAndMembers(): Promise<void>;
     __gatherPages(): Promise<void>;
     __gatherOIDCSubjectClaim(): Promise<void>;
     __gatherBranchStrategy(): Promise<void>;
+    __gatherCodeowners(): Promise<void>;
     __adaptInitializerBranchStrategies(_claim: any): Promise<BranchStrategiesInitializer>;
     __adaptInitializerBase(_claim: any): Promise<InitializerDefault>;
     __adaptOverriderRepo(_claim: any): Promise<GithubRepositoryOverrider>;

package/build/packages/importer/src/utils/codeowner.d.ts

@@ -0,0 +1,5 @@
+export declare function extractFromCodeOwners(codeOwnersContent: string): {
+    full: string;
+    isTeam: boolean;
+    name: string;
+}[];

package/build/packages/importer/src/utils/nomicon.d.ts

@@ -0,0 +1 @@
+export declare function transformRepoName(repoName: string): string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@firestartr/cli",
-  "version": "1.59.3-snapshot-15",
+  "version": "1.60.0",
   "private": false,
   "description": "Commandline tool",
   "main": "build/main.js",