@firestartr/cli 2.2.2-snapshot-0 → 2.3.0-snapshot

package/build/index.js

@@ -276790,6 +276790,7 @@ var envVars;
     envVars["operatorDummyExec"] = "OPERATOR_DUMMY_EXEC";
     envVars["operatorIgnoreLease"] = "OPERATOR_IGNORE_LEASE";
     envVars["operatorDeploymentName"] = "OPERATOR_DEPLOYMENT_NAME";
+    envVars["operatorNumberOfMaxSlots"] = "OPERATOR_NUMBER_OF_MAX_SLOTS";
     // ---- KUBERNETES VARIABLES -----------------------------------------------
     envVars["kubernetesServiceHost"] = "KUBERNETES_SERVICE_HOST";
     envVars["kubernetesServicePort"] = "KUBERNETES_SERVICE_PORT";
@@ -284668,6 +284669,16 @@ async function getRepoInfo(owner, name) {
     const res = await octokit.repos.get({ owner: owner, repo: name });
     return res['data'];
 }
+async function repoExists(owner, name) {
+    github_src_logger.info(`Checking if repo exists: ${owner}/${name}`);
+    try {
+        await getRepoInfo(owner, name);
+        return true;
+    }
+    catch (error) {
+        return false;
+    }
+}
 async function getPages(owner, name) {
     github_src_logger.info(`Getting pages for ${owner}/${name}`);
     const octokit = await getOctokitForOrg(owner);
@@ -284795,6 +284806,20 @@ async function addCommitStatus(state, sha, repo, owner = 'prefapp', target_url =
         context,
     });
 }
+async function getRepoIssuesLabels(owner, repo) {
+    github_src_logger.info(`Getting issues labels for ${owner}/${repo}`);
+    const octokit = await getOctokitForOrg(owner);
+    const res = await octokit.issues.listLabelsForRepo({
+        owner: owner,
+        repo: repo,
+    });
+    const metadataLabels = res.data.map((label) => ({
+        name: label.name,
+        description: label.description || null,
+        color: label.color,
+    }));
+    return metadataLabels;
+}
 /* harmony default export */ const repository = ({
     listReleases,
     getReleaseByTag,
@@ -284803,6 +284828,7 @@ async function addCommitStatus(state, sha, repo, owner = 'prefapp', target_url =
     uploadFile,
     deleteFile,
     getRepoInfo,
+    repoExists,
     getPages,
     getBranchProtection,
     getTeams,
@@ -284810,6 +284836,7 @@ async function addCommitStatus(state, sha, repo, owner = 'prefapp', target_url =
     getOIDCRepo,
     addStatusCheck,
     addCommitStatus,
+    getRepoIssuesLabels,
 });
 
 ;// CONCATENATED MODULE: ../github/src/team.ts
@@ -287910,6 +287937,44 @@ MetadataInitializer.applicableKinds = [
 ];
 
 
+;// CONCATENATED MODULE: ../cdk8s_renderer/src/initializers/component_labels.ts
+
+class ComponentLabelsInitializer extends InitializerPatches {
+    constructor() {
+        super(...arguments);
+        this.applicableProviders = ['github'];
+    }
+    async __validate() {
+        return true;
+    }
+    async __patches(claim, _previousCR) {
+        return [
+            {
+                validate(cr) {
+                    if (cr.spec.repo.labels) {
+                        const visited = {};
+                        for (const label of cr.spec.repo.labels) {
+                            if (visited[label.name]) {
+                                throw `There is already a label called ${label.name} in the ComponentClaim ${cr.metadata.name}. Labels must be unique`;
+                            }
+                            visited[label.name] = true;
+                        }
+                    }
+                    return true;
+                },
+                apply(cr) {
+                    return cr;
+                },
+                identify() {
+                    return 'initializers/ComponentLabels';
+                },
+            },
+        ];
+    }
+}
+ComponentLabelsInitializer.applicableKinds = ['ComponentClaim'];
+
+
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/initializers/index.ts
 
 
@@ -287921,6 +287986,7 @@ MetadataInitializer.applicableKinds = [
 
 
 
+
 const INITIALIZERS = [
     UUIDInitializer,
     InitializerClaimRef,
@@ -287928,6 +287994,7 @@ const INITIALIZERS = [
     PolicyInitializer,
     SyncerInitializer,
     MetadataInitializer,
+    ComponentLabelsInitializer,
 ];
 const INITIALIZERS_BY_FILE_NAME = {
     [TechnologyInitializer.FILE_NAME()]: TechnologyInitializer,
@@ -289337,6 +289404,12 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
                                 pattern: '^[a-z0-9][a-z0-9-]*$',
                             },
                         },
+                        labels: {
+                            type: 'array',
+                            items: {
+                                $ref: 'firestartr.dev://github/GithubComponentClaimLabel',
+                            },
+                        },
                         overrides: {
                             type: 'object',
                             properties: {},
@@ -289545,6 +289618,40 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
     },
 });
 
+;// CONCATENATED MODULE: ../cdk8s_renderer/src/claims/github/component.labels.schema.ts
+
+/* harmony default export */ const component_labels_schema = ({
+    $schema: SCHEMA,
+    $id: 'GithubComponentClaimLabels',
+    definitions: {
+        GithubComponentClaimLabel: {
+            $id: 'firestartr.dev://github/GithubComponentClaimLabel',
+            type: 'object',
+            required: ['name', 'color'],
+            properties: {
+                name: {
+                    type: 'string',
+                    minLength: 1,
+                    maxLength: 50,
+                    pattern: '^(?!\\s+$).+$',
+                    description: 'Label name (1-50 chars, not only whitespaces)',
+                },
+                color: {
+                    type: 'string',
+                    pattern: '^[0-9a-fA-F]{6}$',
+                    description: 'Color in hexadecimal without # (6 chars)',
+                },
+                description: {
+                    type: 'string',
+                    maxLength: 100,
+                    description: 'Optional label description (máx 100 chars)',
+                },
+            },
+            additionalProperties: false,
+        },
+    },
+});
+
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/claims/github/index.ts
 
 
@@ -289552,6 +289659,7 @@ const external_node_child_process_namespaceObject = __WEBPACK_EXTERNAL_createReq
 
 
 
+
 const GithubSchemas = [
     github_group_schema,
     github_user_schema,
@@ -289559,6 +289667,7 @@ const GithubSchemas = [
     github_component_schema,
     github_orgwebhook_schema,
     component_secrets_vars_schema,
+    component_labels_schema,
 ];
 
 ;// CONCATENATED MODULE: ../cdk8s_renderer/src/claims/tfworkspaces/terraform.schema.ts
@@ -293573,6 +293682,7 @@ function toJson_FirestartrGithubRepositorySpecRepo(obj) {
         'hasWiki': obj.hasWiki,
         'pages': obj.pages,
         'topics': obj.topics?.map(y => y),
+        'labels': obj.labels?.map(y => toJson_FirestartrGithubRepositorySpecRepoLabels(y)),
         'visibility': obj.visibility,
         'defaultBranch': obj.defaultBranch,
         'additionalBranches': obj.additionalBranches?.map(y => toJson_FirestartrGithubRepositorySpecRepoAdditionalBranches(y)),
@@ -293719,6 +293829,22 @@ function toJson_FirestartrGithubRepositorySpecFirestartrTechnology(obj) {
     // filter undefined values
     return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
 }
+/**
+ * Converts an object of type 'FirestartrGithubRepositorySpecRepoLabels' to JSON representation.
+ */
+/* eslint-disable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
+function toJson_FirestartrGithubRepositorySpecRepoLabels(obj) {
+    if (obj === undefined) {
+        return undefined;
+    }
+    const result = {
+        'name': obj.name,
+        'color': obj.color,
+        'description': obj.description,
+    };
+    // filter undefined values
+    return Object.entries(result).reduce((r, i) => (i[1] === undefined) ? r : ({ ...r, [i[0]]: i[1] }), {});
+}
 /* eslint-enable max-len, @stylistic/max-len, quote-props, @stylistic/quote-props */
 /**
  * @schema FirestartrGithubRepositorySpecRepoVisibility
@@ -295714,6 +295840,7 @@ class GithubRepositoryChart extends BaseGithubChart {
                     defaultBranch: claim.providers.github?.branchStrategy?.defaultBranch,
                     codeowners: createCodeOwnersData(claim),
                     additionalBranches: claim.providers.github.additionalBranches || [],
+                    labels: claim.providers.github.labels || [],
                     topics: claim.providers.github.topics || [],
                 },
                 actions,
@@ -299074,6 +299201,9 @@ function itemPath(kind, item) {
 }
 
 ;// CONCATENATED MODULE: ../operator/src/definitions.ts
+// ----------------------------------------------------
+// Kinds and plural-kinds definitions
+// ----------------------------------------------------
 const kindPluralMap = {
     githubgroups: 'FirestartrGithubGroup',
     githubmemberships: 'FirestartrGithubMembership',
@@ -299098,6 +299228,25 @@ function definitions_getPluralFromKind(kind) {
     const plural = Object.keys(kindPluralMap).find((key) => kindPluralMap[key] === kind);
     return plural;
 }
+var OperationType;
+(function (OperationType) {
+    OperationType["RENAMED"] = "RENAMED";
+    OperationType["UPDATED"] = "UPDATED";
+    OperationType["CREATED"] = "CREATED";
+    OperationType["SYNC"] = "SYNC";
+    OperationType["MARKED_TO_DELETION"] = "MARKED_TO_DELETION";
+    OperationType["NOTHING"] = "NOTHING";
+    OperationType["RETRY"] = "RETRY";
+})(OperationType || (OperationType = {}));
+var WorkStatus;
+(function (WorkStatus) {
+    WorkStatus["PENDING"] = "PENDING";
+    WorkStatus["PROCESSING"] = "PROCESSING";
+    WorkStatus["FINISHED"] = "FINISHED";
+})(WorkStatus || (WorkStatus = {}));
+// ----------------------------------------------------
+// Timeouts for operations, expressed in seconds
+// ----------------------------------------------------
 const DAY_SECONDS = 24 * 60 * 60;
 const TIMEOUTS = {
     // expressed in seconds
@@ -300507,22 +300656,8 @@ function resolver_walkObject(item) {
 
 ;// CONCATENATED MODULE: ../operator/src/informer.ts
 
-var OperationType;
-(function (OperationType) {
-    OperationType["RENAMED"] = "RENAMED";
-    OperationType["UPDATED"] = "UPDATED";
-    OperationType["CREATED"] = "CREATED";
-    OperationType["SYNC"] = "SYNC";
-    OperationType["MARKED_TO_DELETION"] = "MARKED_TO_DELETION";
-    OperationType["NOTHING"] = "NOTHING";
-    OperationType["RETRY"] = "RETRY";
-})(OperationType || (OperationType = {}));
-var WorkStatus;
-(function (WorkStatus) {
-    WorkStatus["PENDING"] = "PENDING";
-    WorkStatus["PROCESSING"] = "PROCESSING";
-    WorkStatus["FINISHED"] = "FINISHED";
-})(WorkStatus || (WorkStatus = {}));
+
+
 
 
 
@@ -300712,6 +300847,7 @@ function enqueue(pluralKind, workItem, queue, compute, syncCtl, retryCtl) {
                 return false;
             }
         },
+        getSlotInfo: () => null,
     };
     workItem.process = async function* (item, operation, handler) {
         const needsUpdateSyncConditions = operation === OperationType.RENAMED ||
@@ -301313,7 +301449,9 @@ async function writeDownQueueStatus(queue) {
     for (const workItem of queue) {
         const item = workItem.item;
         const blockedText = workItem.isBlocked ? '[BLOCKED]' : '';
-        output += `${item.kind}/${item.metadata.name} - ${workItem.workStatus} - ${workItem.operation} ${blockedText} - (upsert ${formatElapsedTimeWithDate(workItem.upsertTime)})\n`;
+        const slotInfo = workItem.slotId !== undefined ? ` (slot:${workItem.slotId})` : '';
+        const upsertTimeText = formatElapsedTimeWithDate(workItem.upsertTime);
+        output += `${item.kind}/${item.metadata.name} - ${workItem.workStatus} ${slotInfo} - ${workItem.operation} ${blockedText} - (upsert ${upsertTimeText})\n`;
     }
     return new Promise((ok, ko) => {
         external_fs_.writeFile('/tmp/queue', output, (err) => {
@@ -301368,6 +301506,24 @@ function formatElapsedTimeWithDate(upsertTime) {
     return `${parts.slice(0, 2).join(', ')} ago`;
 }
 
+;// CONCATENATED MODULE: ../operator/src/signals.ts
+
+function initSignalsHandler(Mapper) {
+    for (const [signal, callback] of Mapper.entries()) {
+        operator_src_logger.info(`Setting up handler for signal ${signal}... on process with PID ${process.pid}`);
+        process.on(signal, async () => {
+            operator_src_logger.info(`Received signal ${signal}, executing callback...`);
+            try {
+                await callback();
+                operator_src_logger.info(`Callback for signal ${signal} executed successfully.`);
+            }
+            catch (err) {
+                operator_src_logger.error(`Error executing callback for signal ${signal}:`, err);
+            }
+        });
+    }
+}
+
 ;// CONCATENATED MODULE: ../operator/src/processItemDLH.ts
 
 
@@ -301394,193 +301550,679 @@ async function deadLetterHandler(workItem) {
     }
 }
 
-;// CONCATENATED MODULE: ../operator/src/signals.ts
-
-const DEFAULT_TERMINATION_GRACE_PERIOD = 2 * 60; // two minutes
-/**
- * Initializes process signal handlers used by the operator.
- *
- * Currently this sets up handling for `SIGTERM`, using the callback
- * associated with the `"SIGTERM"` key from the provided {@link CallbacksMap}
- * to start the shutdown sequence. The returned {@link CallbacksMap} contains
- * handler-specific callbacks (such as `"FINISH_OK"`) that callers can invoke
- * to indicate that it is safe for the process to exit.
- *
- * @param callbacks A map of signal names to shutdown callbacks. The `"SIGTERM"`
- *   entry (if present) is invoked when a `SIGTERM` signal is received to
- *   perform any necessary cleanup before process termination.
- * @returns A {@link CallbacksMap} with control callbacks that allow the caller
- *   to signal when shutdown has completed and the process may safely exit.
- */
-function initSignalsHandler(callbacks) {
-    operator_src_logger.info('Starting signals handler');
-    const handlerCallbacks = new Map();
-    initSigtermHandler(callbacks.get('SIGTERM'), handlerCallbacks);
-    return handlerCallbacks;
-}
-function initSigtermHandler(callback, handlerCallbacks) {
-    const raw_timeout_to_exit = Number(process.env['FIRESTARTR_TERMINATION_GRACE_PERIOD'] ||
-        DEFAULT_TERMINATION_GRACE_PERIOD);
-    const timeout_to_exit = raw_timeout_to_exit - Math.round(Math.min(5, raw_timeout_to_exit * 0.1));
-    // The switch to control if it is safe to exit
-    let finish = false;
-    handlerCallbacks.set('FINISH_OK', () => {
-        finish = true;
-    });
-    process.on('SIGTERM', async () => {
-        operator_src_logger.info('The controller received a SIGTERM signal');
-        // we signal to the callback the sigterm
-        callback();
-        const timeoutCb = setTimeout(() => {
-            operator_src_logger.error('The controller could not shutdown properly. Timeout');
-            process.exit(1);
-        }, timeout_to_exit * 1000);
-        // we wait
-        while (!finish) {
-            await new Promise((resolve) => setTimeout(resolve, 1000));
-        }
-        // all is clear!
-        clearTimeout(timeoutCb);
-        operator_src_logger.info('The controller has properly shutdown. Exiting');
-        process.exit(0);
-    });
-}
-
-;// CONCATENATED MODULE: ../operator/src/processItem.ts
-
-
-
+// EXTERNAL MODULE: ../operator/node_modules/@opentelemetry/exporter-prometheus/build/src/index.js
+var build_src = __nccwpck_require__(35116);
+// EXTERNAL MODULE: ../operator/node_modules/@opentelemetry/sdk-metrics/build/src/index.js
+var sdk_metrics_build_src = __nccwpck_require__(30481);
+;// CONCATENATED MODULE: ../operator/src/metrics/CRStates.ts
 
 
 
 
-const queue = [];
-const WEIGHTS = {
-    RENAMED: 15,
-    UPDATED: 10,
-    CREATED: 9,
-    RETRY: 8,
-    MARKED_TO_DELETION: 6,
-    SYNC: 1,
-    NOTHING: 0,
-};
-function getQueueMetrics() {
-    let renamed = 0;
-    let updated = 0;
-    let created = 0;
-    let sync = 0;
-    let marked_to_deletion = 0;
-    let nothing = 0;
-    let retry = 0;
-    let unknown = 0;
-    queue.forEach((workItem) => {
-        switch (workItem.operation) {
-            case 'RENAMED':
-                renamed++;
-                break;
-            case 'UPDATED':
-                updated++;
-                break;
-            case 'CREATED':
-                created++;
-                break;
-            case 'SYNC':
-                sync++;
-                break;
-            case 'MARKED_TO_DELETION':
-                marked_to_deletion++;
-                break;
-            case 'NOTHING':
-                nothing++;
-                break;
-            case 'RETRY':
-                retry++;
-                break;
-            default:
-                unknown++;
-                break;
-        }
-    });
-    return {
-        nItems: queue.length,
-        nItemsFinished: queue.filter((workItem) => workItem.workStatus === WorkStatus.FINISHED).length,
-        nItemsPending: queue.filter((workItem) => workItem.workStatus === WorkStatus.PENDING).length,
-        nItemsProcessing: queue.filter((workItem) => workItem.workStatus === WorkStatus.PROCESSING).length,
-        nItemsInDeadLetterHandling: queue.filter((workItem) => workItem.isDeadLetter === true).length,
-        nItemsTypes: {
-            nothing,
-            retry,
-            renamed,
-            updated,
-            sync,
-            created,
-            marked_to_deletion,
-            unknown,
-        },
-    };
-}
-// we need to assign weight to the deletion operation
-// to avoid blockades
-// https://github.com/prefapp/gitops-k8s/issues/1864
-// ghrepo feat | grss -> ghrepo -> ghgroup -> membership
-const DELETION_WEIGHTS = {
-    FirestartrGithubRepositoryFeature: 5,
-    FirestartrGithubRepositorySecretsSection: 4,
-    FirestartrGithubRepository: 3,
-    FirestartrGithubGroup: 2,
-    FirestartrGithubMembership: 1,
-    FirestartrTerraformWorkspace: 1,
-    FirestartrGithubOrgWebhook: 1,
-};
-// Do the kinds need different weights for the operations?
-// We need to discuss this with the team in this issue: https://github.com/prefapp/gitops-k8s/issues/524
-// const KIND_WEIGHTS: any = {
-//   "FirestartrTerraformWorkspace": 1,
-//   "FirestartrGithubGroup": 1,
-//   "FirestartrGithubMembership": 1,
-//   "FirestartrGithubRepository": 1,
-//   "FirestartrGithubRepositoryFeature": 1,
-//   "FirestartrTerraformWorkspacePlan": 1,
-// }
-let INIT = false;
-/**
- * Pushes a WorkItem to the queue
- * @param {WorkItem} workItem - WorkItem to process
- */
-async function processItem(workItem) {
-    operator_src_logger.info(`The processor received a new work item for '${workItem.operation}' operation on '${workItem.item.kind}/${workItem.item.metadata.name}' in namespace '${workItem.item.metadata.namespace}'. Current work status is '${workItem.workStatus}'.`);
-    queue.push(workItem);
-    if (!INIT) {
-        processItem_loop().catch((err) => {
-            console.error(err);
+const INTERVAL_IN_SEGS = 60;
+class CRStateMetrics {
+    constructor(kind, namespace, meter) {
+        this.kind = kind;
+        this.provisionedGauge = meter.createGauge('firestartr_provisioned_total', {
+            description: 'Total number of CRs in PROVISIONED state',
         });
-        INIT = true;
-    }
-}
-/**
- * Wait until there is a WorkItem to process and then process it
- * @returns {void}
- */
-async function processItem_loop() {
-    const nextWorkItem = () => sortQueue(queue)
-        .filter((w) => !w.isBlocked)
-        .find((w) => w.workStatus === WorkStatus.PENDING);
-    loopWorkItemDebug(queue);
-    let podIsTerminating = false;
-    const handlerCallbacks = initSignalsHandler(new Map([['SIGTERM', () => (podIsTerminating = true)]]));
+        this.provisioningGauge = meter.createGauge('firestartr_provisioning_total', {
+            description: 'Total number of CRs in PROVISIONING state',
+        });
+        this.outOfSyncGauge = meter.createGauge('firestartr_out_of_sync_total', {
+            description: 'Total number of CRs in OUT_OF_SYNC state',
+        });
+        this.errorGauge = meter.createGauge('firestartr_error_total', {
+            description: 'Total number of CRs in ERROR state',
+        });
+        this.planningGauge = meter.createGauge('firestartr_planning_total', {
+            description: 'Total number of CRs in PLANNING state',
+        });
+        this.deletedGauge = meter.createGauge('firestartr_deleted_total', {
+            description: 'Total number of CRs in DELETED state',
+        });
+        this.errorOnSyncGauge = meter.createGauge('firestartr_error_on_sync_total', {
+            description: 'Total number of CRs with failed SYNCs',
+        });
+        this.namespace = namespace;
+    }
+    async start() {
+        await this.__prepareConnection();
+        this.onUpdate = false;
+        this.updateInterval = setInterval(async () => {
+            await this.update();
+        }, 1000 * INTERVAL_IN_SEGS);
+        await this.update();
+    }
+    stop() {
+        if (this.updateInterval) {
+            clearInterval(this.updateInterval);
+            this.updateInterval = null;
+        }
+    }
+    async update() {
+        if (this.onUpdate)
+            return;
+        this.onUpdate = true;
+        try {
+            const items = await this.fListCRs();
+            let provisionedCount = 0;
+            let provisioningCount = 0;
+            let outOfSyncCount = 0;
+            let errorCount = 0;
+            let planningCount = 0;
+            let deletedCount = 0;
+            let errorOnSyncCount = 0;
+            for (const item of items) {
+                const status = item.status?.conditions.find((condition) => condition.type !== 'SYNCHRONIZED' && condition.status === 'True');
+                if (!status)
+                    continue;
+                const syncCondition = item.status.conditions.find((condition) => {
+                    return condition.type === 'SYNCHRONIZED';
+                });
+                if (syncCondition &&
+                    syncCondition.message === SYNC_DEFAULT_ERROR_MESSAGE) {
+                    errorOnSyncCount++;
+                }
+                switch (status.type) {
+                    case 'PROVISIONED':
+                        provisionedCount++;
+                        break;
+                    case 'PROVISIONING':
+                        provisioningCount++;
+                        break;
+                    case 'OUT_OF_SYNC':
+                        outOfSyncCount++;
+                        break;
+                    case 'PLANNING':
+                        planningCount++;
+                        break;
+                    case 'DELETED':
+                        deletedCount++;
+                        break;
+                    case 'ERROR':
+                        errorCount++;
+                        break;
+                }
+            }
+            this.provisionedGauge.record(provisionedCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+            this.provisioningGauge.record(provisioningCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+            this.planningGauge.record(planningCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+            this.deletedGauge.record(deletedCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+            this.outOfSyncGauge.record(outOfSyncCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+            this.errorGauge.record(errorCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+            this.errorOnSyncGauge.record(errorOnSyncCount, {
+                namespace: this.namespace,
+                kind: this.kind,
+            });
+        }
+        catch (err) {
+            console.log(`CRStateMetrics: update ${err}`);
+            this.onUpdate = false;
+            operator_src_logger.error(`On update of CR metrics: ${err}`);
+            await this.__prepareConnection();
+        }
+        this.onUpdate = false;
+    }
+    async __prepareConnection() {
+        const { kc, opts } = await ctl_getConnection();
+        const k8sApi = kc.makeApiClient(client_node_dist.CustomObjectsApi);
+        this.fListCRs = async () => {
+            try {
+                const response = await k8sApi.listNamespacedCustomObject('firestartr.dev', 'v1', this.namespace, this.kind);
+                const body = response.body;
+                return body.items;
+            }
+            catch (err) {
+                throw new Error(`On listing CRs ${this.kind}: ${err}`);
+            }
+        };
+    }
+}
+
+;// CONCATENATED MODULE: ../operator/src/metrics/processItem.slot.metrics.ts
+class ProcessItemSlotMetrics {
+    constructor(id, meter) {
+        this._runningSeconds = 0;
+        this._running = false;
+        this._id = id;
+        this._startTime = Date.now();
+        this._lastStateChangeTime = Date.now();
+        this._runningSeconds = 0;
+        const commonAttributes = { slot_id: String(id) };
+        // Counters (use .add())
+        this._workItemsTotal = meter.createCounter('firestartr_slot.work_items_total', {
+            description: 'Total number of work items processed by this slot',
+            unit: '1',
+        });
+        this._runningTimeSecondsTotal = meter.createCounter('firestartr_slot.running_time_seconds_total', {
+            description: 'Total time this slot has spent running work items',
+            unit: 's',
+        });
+        // Observable Gauges (use .addCallback() + .observe())
+        this._uptimeSeconds = meter.createObservableGauge('firestartr_slot.uptime_seconds', {
+            description: 'Total runtime of this slot since creation (running + idle)',
+            unit: 's',
+        });
+        this._uptimeSeconds.addCallback((observableResult) => {
+            const uptime = (Date.now() - this._startTime) / 1000;
+            observableResult.observe(uptime, commonAttributes);
+        });
+        this._idleTimeSecondsTotal = meter.createObservableGauge('firestartr_slot.idle_time_seconds_total', {
+            description: 'Total time this slot has spent NOT processing items (idle)',
+            unit: 's',
+        });
+        this._idleTimeSecondsTotal.addCallback((observableResult) => {
+            const uptime = (Date.now() - this._startTime) / 1000;
+            const inProgressRunning = this._running
+                ? (Date.now() - this._lastStateChangeTime) / 1000
+                : 0;
+            const idleTime = Math.max(0, uptime - this._runningSeconds - inProgressRunning);
+            observableResult.observe(idleTime, commonAttributes);
+        });
+    }
+    runItemStarted() {
+        this._lastStateChangeTime = Date.now();
+        this._running = true;
+    }
+    runItemFinished() {
+        const now = Date.now();
+        const runningDuration = (now - this._lastStateChangeTime) / 1000;
+        this._runningSeconds += runningDuration;
+        this._runningTimeSecondsTotal.add(runningDuration, {
+            slot_id: String(this._id),
+        });
+        this._workItemsTotal.add(1, { slot_id: String(this._id) });
+        this._lastStateChangeTime = now;
+        this._running = false;
+    }
+}
+
+;// CONCATENATED MODULE: ../operator/src/metrics/processItem.global.metrics.ts
+// this is a singleton
+// to track global metrics across all slots, such as average processing time per item,
+// fastest and slowest processing times, etc.
+class ProcessorGlobalMetrics {
+    constructor(meter) {
+        this._processedItems = 0;
+        this._totalRunningSeconds = 0;
+        this._minTime = Infinity;
+        this._maxTime = 0;
+        // Global average processing time (no slot_id label)
+        meter
+            .createObservableGauge('firestartr.avg_processing_time_seconds', {
+            description: 'Average processing time per item across ALL slots',
+            unit: 's',
+        })
+            .addCallback((observableResult) => {
+            const avg = this._processedItems > 0
+                ? this._totalRunningSeconds / this._processedItems
+                : 0;
+            observableResult.observe(avg);
+        });
+        // Global fastest
+        meter
+            .createObservableGauge('firestartr.fastest_processing_time_seconds', {
+            description: 'Fastest single item processing time across ALL slots',
+            unit: 's',
+        })
+            .addCallback((observableResult) => {
+            observableResult.observe(this._processedItems > 0 ? this._minTime : 0);
+        });
+        // Global slowest
+        meter
+            .createObservableGauge('firestartr.slowest_processing_time_seconds', {
+            description: 'Slowest single item processing time across ALL slots',
+            unit: 's',
+        })
+            .addCallback((observableResult) => {
+            observableResult.observe(this._processedItems > 0 ? this._maxTime : 0);
+        });
+    }
+    static init(meter) {
+        if (!ProcessorGlobalMetrics._instance) {
+            ProcessorGlobalMetrics._instance = new ProcessorGlobalMetrics(meter);
+        }
+    }
+    static getInstance() {
+        if (!ProcessorGlobalMetrics._instance) {
+            throw new Error('ProcessorGlobalMetrics must be initialized with .init(meter) first');
+        }
+        return ProcessorGlobalMetrics._instance;
+    }
+    recordProcessingDuration(durationSeconds) {
+        if (durationSeconds <= 0)
+            return;
+        this._processedItems++;
+        this._totalRunningSeconds += durationSeconds;
+        this._minTime = Math.min(this._minTime, durationSeconds);
+        this._maxTime = Math.max(this._maxTime, durationSeconds);
+    }
+}
+ProcessorGlobalMetrics._instance = null;
+
+
+;// CONCATENATED MODULE: ../operator/src/metricsServer.ts
+
+
+
+
+
+
+let processMetricsSlotProvider = null;
+/* harmony default export */ async function metricsServer(kindList, namespace) {
+    const portFromEnv = process.env.METRICS_PORT;
+    const options = build_src/* PrometheusExporter.DEFAULT_OPTIONS */.rC.DEFAULT_OPTIONS;
+    options.port = portFromEnv ? parseInt(portFromEnv) : options.port;
+    options.endpoint = process.env.METRICS_ENDPOINT || options.endpoint;
+    const exporter = new build_src/* PrometheusExporter */.rC(options, () => {
+        console.log(`📊 Metrics endpoint: http://localhost:${options.port}${options.endpoint}`);
+    });
+    const attributes = { pid: process.pid };
+    void startMetrics(exporter, attributes, kindList, namespace);
+}
+async function startMetrics(exporter, attributes, kindList, namespace) {
+    const meterProvider = new sdk_metrics_build_src/* MeterProvider */.y0({
+        readers: [exporter],
+    });
+    const meter = meterProvider.getMeter('firestartr');
+    void startQueueMetrics(meter, attributes);
+    void startMemoryMetrics(meter, attributes);
+    void startCRStates(meter, kindList, namespace);
+    processMetricsSlotProvider = (slotId) => {
+        return new ProcessItemSlotMetrics(slotId, meter);
+    };
+    ProcessorGlobalMetrics.init(meter);
+}
+// whenever a new slot is created, the ProcessItemSlotMetrics instance for that slot can be obtained by calling
+// getProcessItemSlotMetrics(slotId)
+function getProcessItemSlotMetrics(slotId) {
+    if (!processMetricsSlotProvider) {
+        throw new Error('ProcessItemSlotMetrics provider not initialized');
+    }
+    return processMetricsSlotProvider(slotId);
+}
+async function startQueueMetrics(meter, attributes) {
+    const nWorkItemsCounter = meter.createObservableGauge('firestartr_workitems_total', { description: 'Number of workitems in the queue' });
+    const nWorkItemsPendingCounter = meter.createObservableGauge('firestartr_workitems_pending_total', { description: 'Number of workitems with PENDING status in the queue' });
+    const nWorkItemsProcessingCounter = meter.createObservableGauge('firestartr_workitems_processing_total', { description: 'Number of workitems with PROCESSING status in the queue' });
+    const nWorkItemsFinishedCounter = meter.createObservableGauge('firestartr_workitems_finished_total', { description: 'Number of workitems with FINISHED status in the queue' });
+    const nWorkItemsInDeadLetterHandling = meter.createObservableGauge('firestartr_workitems_dead_letter_handling_total', {
+        description: 'Number of workitems of the queue handled by the Dead Letter Handler',
+    });
+    const queueMetrics = getQueueMetrics();
+    let total = queueMetrics.nItems;
+    let pending = queueMetrics.nItemsPending;
+    let processing = queueMetrics.nItemsProcessing;
+    let finished = queueMetrics.nItemsFinished;
+    let inDeadLetterHandling = queueMetrics.nItemsInDeadLetterHandling;
+    nWorkItemsCounter.addCallback((observer) => observer.observe(total, { ...attributes, ...queueMetrics.nItemsTypes }));
+    nWorkItemsPendingCounter.addCallback((observer) => observer.observe(pending, { ...attributes, ...queueMetrics.nItemsTypes }));
+    nWorkItemsProcessingCounter.addCallback((observer) => observer.observe(processing, {
+        ...attributes,
+        ...queueMetrics.nItemsTypes,
+    }));
+    nWorkItemsFinishedCounter.addCallback((observer) => observer.observe(finished, { ...attributes, ...queueMetrics.nItemsTypes }));
+    nWorkItemsInDeadLetterHandling.addCallback((observer) => observer.observe(inDeadLetterHandling, {
+        ...attributes,
+        ...queueMetrics.nItemsTypes,
+    }));
+    setInterval(() => {
+        const queueMetrics = getQueueMetrics();
+        total = queueMetrics.nItems;
+        pending = queueMetrics.nItemsPending;
+        processing = queueMetrics.nItemsProcessing;
+        finished = queueMetrics.nItemsFinished;
+        inDeadLetterHandling = queueMetrics.nItemsInDeadLetterHandling;
+    }, 1000);
+}
+async function startMemoryMetrics(meter, attributes) {
+    const usedMemoryCounter = meter.createObservableGauge('firestartr_used_memory', { description: 'Used memory in bytes' });
+    let heapUsage = process.memoryUsage().heapUsed;
+    usedMemoryCounter.addCallback((observer) => observer.observe(heapUsage, attributes));
+    setInterval(() => {
+        heapUsage = process.memoryUsage().heapUsed;
+    }, 1000);
+}
+async function startCRStates(meter, kindList, namespace) {
+    for (const kind of kindList) {
+        const crStateMetrics = new CRStateMetrics(kind, namespace, meter);
+        await crStateMetrics.start();
+    }
+}
+
+;// CONCATENATED MODULE: ../operator/src/processItem.slot.ts
+
+
+
+
+
+
+function initProcessItemsSlots(nSlots, initMetrics = true) {
+    operator_src_logger.info(`Initializing ${nSlots} processing slots...`);
+    return new ProcessItemSlots(nSlots, initMetrics);
+}
+class ProcessItemSlots {
+    constructor(nSlots, initMetrics) {
+        this._guardRails = new GuardRails();
+        // let's init the slots
+        this._nSlots = nSlots;
+        this._slots = new Array(nSlots).fill(0).map((_, i) => {
+            const slot = new ProcessItemSlot(i);
+            if (initMetrics) {
+                try {
+                    slot.metrics = getProcessItemSlotMetrics(i);
+                }
+                catch (error) {
+                    operator_src_logger.warn(`Process item slot metrics unavailable for slot ${i}; continuing without per-slot metrics.`, error);
+                }
+            }
+            slot.actions = {
+                blockItem: (item) => this._guardRails.block(item),
+                unblockItem: (item) => this._guardRails.unblock(item),
+            };
+            return slot;
+        });
+    }
+    *getIdleSlots() {
+        for (const slot of this._slots) {
+            if (slot.idle)
+                yield slot;
+        }
+    }
+    allSlotsAreIdle() {
+        return this._slots.every((slot) => slot.idle);
+    }
+    isWorkItemBlocked(workItem) {
+        return this._guardRails.isBlocked(workItem.item);
+    }
+}
+class GuardRails {
+    constructor() {
+        this._processing = new Map();
+    }
+    block(item) {
+        const itemPath = this.itemToGuard(item);
+        this._processing.set(itemPath, true);
+    }
+    unblock(item) {
+        const itemPath = this.itemToGuard(item);
+        this._processing.delete(itemPath);
+    }
+    isBlocked(item) {
+        const itemPath = this.itemToGuard(item);
+        return this._processing.has(itemPath);
+    }
+    itemToGuard(item) {
+        return `${item.kind}/${item.metadata.namespace}/${item.metadata.name}`;
+    }
+}
+class ProcessItemSlot {
+    constructor(id) {
+        this._id = id;
+        this._idle = true;
+    }
+    set actions(actions) {
+        this._actions = actions;
+    }
+    get actions() {
+        return this._actions;
+    }
+    get idle() {
+        return this._idle;
+    }
+    get id() {
+        return this._id;
+    }
+    set metrics(metrics) {
+        this._metrics = metrics;
+    }
+    get metrics() {
+        return this._metrics;
+    }
+    async runWorkItem(workItem) {
+        this._idle = false;
+        const startTime = Date.now(); // ← capture exact start for global metrics
+        try {
+            if (this.actions) {
+                this.actions.blockItem(workItem.item);
+            }
+            if (this.metrics) {
+                this.metrics.runItemStarted();
+            }
+            await this.__run(workItem);
+        }
+        catch (e) {
+            if (e instanceof Error &&
+                e.message.includes('Error on getItemByItemPath')) {
+                operator_src_logger.debug(`Item '${workItem.item.kind}/${workItem.item.metadata.name}' was not found, so its work item is being removed from the processor queue.`);
+                workItem.workStatus = WorkStatus.FINISHED;
+            }
+            else {
+                operator_src_logger.error(`An unmanaged error occurred while the processor was handling the '${workItem.operation}' operation for item '${workItem.item.kind}/${workItem.item.metadata.name}' in namespace '${workItem.item.metadata.namespace}'. Current work status is '${workItem.workStatus}'. The error was: '${e}'.`);
+                await deadLetterHandler(workItem);
+                console.error(e);
+            }
+        }
+        finally {
+            if (this.actions) {
+                this.actions.unblockItem(workItem.item);
+            }
+            // if metrics are enabled, we record the processing duration for this item
+            // and update the global metrics
+            if (this.metrics) {
+                this.metrics.runItemFinished();
+                // REPORT TO GLOBAL SINGLETON for metrics
+                const durationSeconds = (Date.now() - startTime) / 1000;
+                ProcessorGlobalMetrics.getInstance().recordProcessingDuration(durationSeconds);
+            }
+            workItem.isPicked = false;
+        }
+        this._idle = true;
+    }
+    async __run(workItem) {
+        if (!workItem.getItem || !workItem.process || !workItem.operation)
+            return;
+        const item = await workItem.getItem();
+        // we check if the workItem needs blocking
+        // if it does need it we return because we cannot
+        // process this item
+        if ('needsBlocking' in workItem.handler &&
+            workItem.handler.needsBlocking(item, workItem.operation)) {
+            operator_src_logger.debug(`Item ${item.kind}/${item.metadata.namespace} needs blocking`);
+            return;
+        }
+        workItem.workStatus = WorkStatus.PROCESSING;
+        workItem.slotId = this.id;
+        workItem.handler.getSlotInfo = () => ({ slotId: this.id });
+        for await (const condition of workItem.process(item, workItem.operation, workItem.handler)) {
+            if (workItem.handler === undefined)
+                throw new Error('handler is undefined');
+            await updateTransition(workItem.handler.itemPath(), condition.reason, condition.type, condition.status, condition.message, condition.updateStatusOnly || false);
+        }
+        workItem.workStatus = WorkStatus.FINISHED;
+    }
+}
+
+;// CONCATENATED MODULE: ../operator/src/processItem.ts
+
+
+
+
+
+
+const queue = [];
+const WEIGHTS = {
+    RENAMED: 15,
+    UPDATED: 10,
+    CREATED: 9,
+    RETRY: 8,
+    MARKED_TO_DELETION: 6,
+    SYNC: 1,
+    NOTHING: 0,
+};
+// We get the number of max slots from the environment variable, if it is not set, we default to 1
+function getMaxSlotsFromEnvironment() {
+    const rawMaxSlots = catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.operatorNumberOfMaxSlots);
+    const parsedMaxSlots = Number.parseInt(rawMaxSlots || '1', 10);
+    if (!Number.isFinite(parsedMaxSlots) || parsedMaxSlots < 1) {
+        return 1;
+    }
+    return parsedMaxSlots;
+}
+const MAX_SLOTS = getMaxSlotsFromEnvironment();
+function getQueueMetrics() {
+    let renamed = 0;
+    let updated = 0;
+    let created = 0;
+    let sync = 0;
+    let marked_to_deletion = 0;
+    let nothing = 0;
+    let retry = 0;
+    let unknown = 0;
+    queue.forEach((workItem) => {
+        switch (workItem.operation) {
+            case 'RENAMED':
+                renamed++;
+                break;
+            case 'UPDATED':
+                updated++;
+                break;
+            case 'CREATED':
+                created++;
+                break;
+            case 'SYNC':
+                sync++;
+                break;
+            case 'MARKED_TO_DELETION':
+                marked_to_deletion++;
+                break;
+            case 'NOTHING':
+                nothing++;
+                break;
+            case 'RETRY':
+                retry++;
+                break;
+            default:
+                unknown++;
+                break;
+        }
+    });
+    return {
+        nItems: queue.length,
+        nItemsFinished: queue.filter((workItem) => workItem.workStatus === WorkStatus.FINISHED).length,
+        nItemsPending: queue.filter((workItem) => workItem.workStatus === WorkStatus.PENDING).length,
+        nItemsProcessing: queue.filter((workItem) => workItem.workStatus === WorkStatus.PROCESSING).length,
+        nItemsInDeadLetterHandling: queue.filter((workItem) => workItem.isDeadLetter === true).length,
+        nItemsTypes: {
+            nothing,
+            retry,
+            renamed,
+            updated,
+            sync,
+            created,
+            marked_to_deletion,
+            unknown,
+        },
+    };
+}
+// we need to assign weight to the deletion operation
+// to avoid blockades
+// https://github.com/prefapp/gitops-k8s/issues/1864
+// ghrepo feat | grss -> ghrepo -> ghgroup -> membership
+const DELETION_WEIGHTS = {
+    FirestartrGithubRepositoryFeature: 5,
+    FirestartrGithubRepositorySecretsSection: 4,
+    FirestartrGithubRepository: 3,
+    FirestartrGithubGroup: 2,
+    FirestartrGithubMembership: 1,
+    FirestartrTerraformWorkspace: 1,
+    FirestartrGithubOrgWebhook: 1,
+};
+// Do the kinds need different weights for the operations?
+// We need to discuss this with the team in this issue: https://github.com/prefapp/gitops-k8s/issues/524
+// const KIND_WEIGHTS: any = {
+//   "FirestartrTerraformWorkspace": 1,
+//   "FirestartrGithubGroup": 1,
+//   "FirestartrGithubMembership": 1,
+//   "FirestartrGithubRepository": 1,
+//   "FirestartrGithubRepositoryFeature": 1,
+//   "FirestartrTerraformWorkspacePlan": 1,
+// }
+let INIT = false;
+/**
+ * Pushes a WorkItem to the queue
+ * @param {WorkItem} workItem - WorkItem to process
+ */
+async function processItem(workItem) {
+    operator_src_logger.info(`The processor received a new work item for '${workItem.operation}' operation on '${workItem.item.kind}/${workItem.item.metadata.name}' in namespace '${workItem.item.metadata.namespace}'. Current work status is '${workItem.workStatus}'.`);
+    queue.push(workItem);
+    if (!INIT) {
+        processItem_loop().catch((err) => {
+            console.error(err);
+        });
+        INIT = true;
+    }
+}
+/**
+ * Wait until there is a WorkItem to process and then process it
+ * @returns {void}
+ */
+async function processItem_loop() {
+    loopWorkItemDebug(queue);
+    let podIsTerminating = false;
+    const processItemSlotsManager = initProcessItemsSlots(MAX_SLOTS);
+    const nextWorkItem = () => sortQueue(queue)
+        .filter((w) => !w.isBlocked &&
+        !w.isPicked &&
+        !processItemSlotsManager.isWorkItemBlocked(w))
+        .find((w) => w.workStatus === WorkStatus.PENDING);
+    initSignalsHandler(new Map([['SIGTERM', () => (podIsTerminating = true)]]));
+    operator_src_logger.info(`
+    ------- Processor main loop started with a maximum of '${MAX_SLOTS}' concurrent slots to process items. -------
+  `);
     while (1) {
-        if (podIsTerminating) {
+        if (podIsTerminating && processItemSlotsManager.allSlotsAreIdle()) {
             operator_src_logger.info('The processor is going to shutdown (pod is terminating)');
-            // we notify the handler that is ok to shutdown
-            handlerCallbacks.get('FINISH_OK')();
+            process.exit(0);
             break;
         }
-        const w = nextWorkItem();
-        if (w) {
-            const logMessage = `${new Date().toISOString()} : Processing OPERATION: ${w.operation} ITEM: ${w.item.kind}/${w.item.metadata.name}`;
-            catalog_common.io.writeLogFile('process_item', logMessage);
-            operator_src_logger.info(`The processor is currently handling a '${w.operation}' operation for item '${w.item.kind}/${w.item.metadata.name}' in namespace '${w.item.metadata.namespace}'. The current work status is '${w.workStatus}'.`);
-            await runWorkItem(w);
+        // every time an idle slot is available, we check if there is a work item to process and if there is, we process it
+        // if there are more idle slots than work items, the next iterations of the loop will just do nothing
+        // until there are new work items to process
+        for (const idleSlot of processItemSlotsManager.getIdleSlots()) {
+            if (podIsTerminating) {
+                break;
+            }
+            const w = nextWorkItem();
+            if (w) {
+                // synchronously mark the work item as picked
+                w.isPicked = true;
+                const logMessage = `${new Date().toISOString()} : Processing OPERATION: ${w.operation} ITEM: ${w.item.kind}/${w.item.metadata.name}`;
+                catalog_common.io.writeLogFile('process_item', logMessage);
+                operator_src_logger.info(`The processor (${idleSlot.id}) is currently handling a '${w.operation}' operation for item '${w.item.kind}/${w.item.metadata.name}' in namespace '${w.item.metadata.namespace}'. The current work status is '${w.workStatus}'.`);
+                // we do not wait for the item to be processed to start processing the next one,
+                // we just start processing it in a new slot
+                void idleSlot.runWorkItem(w);
+            }
         }
         await processItem_wait();
     }
@@ -301625,44 +302267,6 @@ function sortQueue(queue) {
 function processItem_wait(t = 2000) {
     return new Promise((ok) => setTimeout(ok, t));
 }
-async function runWorkItem(workItem) {
-    operator_src_logger.debug(`The processor is now running the '${workItem.operation}' operation for item '${workItem.item.kind}/${workItem.item.metadata.name}' in namespace '${workItem.item.metadata.namespace}'.`);
-    if (!workItem.getItem || !workItem.process || !workItem.operation)
-        return;
-    try {
-        const item = await workItem.getItem();
-        // we check if the workItem needs blocking
-        // if it does need it we return because we cannot
-        // process this item
-        if ('needsBlocking' in workItem.handler &&
-            workItem.handler.needsBlocking(item, workItem.operation)) {
-            operator_src_logger.debug(`Item ${item.kind}/${item.metadata.namespace} needs blocking`);
-            return;
-        }
-        workItem.workStatus = WorkStatus.PROCESSING;
-        for await (const condition of workItem.process(item, workItem.operation, workItem.handler)) {
-            if (workItem.handler === undefined)
-                throw new Error('handler is undefined');
-            await updateTransition(workItem.handler.itemPath(), condition.reason, condition.type, condition.status, condition.message, condition.updateStatusOnly || false);
-        }
-        workItem.workStatus = WorkStatus.FINISHED;
-        operator_src_logger.debug(`The processor has '${queue.length}' items remaining in the queue.`);
-    }
-    catch (e) {
-        if (e instanceof Error &&
-            e.message.includes('Error on getItemByItemPath')) {
-            operator_src_logger.debug(`Item '${workItem.item.kind}/${workItem.item.metadata.name}' was not found, so its work item is being removed from the processor queue.`);
-            workItem.workStatus = WorkStatus.FINISHED;
-            return;
-        }
-        else {
-            operator_src_logger.error(`An unmanaged error occurred while the processor was handling the '${workItem.operation}' operation for item '${workItem.item.kind}/${workItem.item.metadata.name}' in namespace '${workItem.item.metadata.namespace}'. Current work status is '${workItem.workStatus}'. The error was: '${e}'.`);
-            await deadLetterHandler(workItem);
-            console.error(e);
-        }
-        return;
-    }
-}
 /**
  * Periodically checks the queue for finished WorkItems and removes them
  * @param {WorkItem[]} queue - Queue of WorkItems
@@ -301869,15 +302473,16 @@ function processHandler(processToHandle, ctl, onTimedOut) {
 
 
 
+
 const TOFU_LOCK_TIMEOUT = '-lock-timeout=60s';
 async function utils_validate(path, secrets) {
     return await tfExec(path, ['validate'], secrets);
 }
-async function init(path, secrets, stream) {
-    return await tfExec(path, ['init'], secrets, ['-input=false'], stream);
+async function init(path, secrets, stream, ctl) {
+    return await tfExec(path, ['init'], secrets, ['-input=false'], stream, ctl);
 }
-async function initFromModule(path, source, secrets, stream) {
-    return tfExec(path, ['init', `-from-module=${source}`], secrets, [], stream);
+async function initFromModule(path, source, secrets, stream, ctl) {
+    return tfExec(path, ['init', `-from-module=${source}`], secrets, [], stream, ctl);
 }
 async function plan(path, secrets, format, args = ['plan'], stream, ctl) {
     terraform_provisioner_src_logger.info(`Running terraform plan with ${format} in path ${path}`);
@@ -301905,10 +302510,27 @@ async function output(path, secrets) {
     return await tfExec(path, ['output', '-json'], secrets, []);
 }
 async function tfExec(path, args, secrets, extraArgs = ['-input=false'], stream, ctl) {
+    const env = {};
+    const tfCacheDir = typeof ctl?.tfCacheDir === 'string' && ctl.tfCacheDir.trim() !== ''
+        ? ctl.tfCacheDir
+        : undefined;
+    if (tfCacheDir) {
+        env['TF_PLUGIN_CACHE_DIR'] = tfCacheDir;
+        try {
+            external_fs_.mkdirSync(tfCacheDir, { recursive: true });
+        }
+        catch (error) {
+            throw new Error(`Failed to create TF plugin cache directory "${tfCacheDir}": ${error?.message ?? error}`);
+        }
+    }
     return new Promise((ok, ko) => {
         const tfProcess = (0,external_child_process_.spawn)('tofu', args.concat(extraArgs), {
             cwd: path,
             stdio: ['inherit', 'pipe', 'pipe'],
+            env: {
+                ...process.env,
+                ...env,
+            },
         });
         let output = '';
         let flagStdoutEnd = false;
@@ -302527,10 +303149,7 @@ class project_tf_TFProjectManager {
         }
     }
     async __init() {
-        this.tfOutput += await init(this.projectPath, this.secrets, this.stream);
-    }
-    async __initFromModule() {
-        this.tfOutput += await init(this.projectPath, this.secrets, this.stream);
+        this.tfOutput += await init(this.projectPath, this.secrets, this.stream, this.ctl);
     }
     async validate() {
         await this.__init();
@@ -302758,11 +303377,11 @@ class TFProjectManagerRemote {
 insteadOf = https://github.com`);
     }
     async __init() {
-        this.tfOutput += await init(this.projectPath, this.secrets);
+        this.tfOutput += await init(this.projectPath, this.secrets, undefined, this.ctl);
     }
     async __initFromModule() {
         external_fs_.mkdirSync(this.projectPath, { recursive: true });
-        this.tfOutput += await initFromModule(this.projectPath, this.ctx.module, this.secrets);
+        this.tfOutput += await initFromModule(this.projectPath, this.ctx.module, this.secrets, undefined, this.ctl);
     }
     async validate() {
         await this.__init();
@@ -303330,9 +303949,10 @@ function extractErrorDetails(error) {
 
 
 const TF_PROJECTS_PATH = '/tmp/tfworkspaces';
+const TF_CACHES_PATH = '/tmp/tfcaches';
 function processOperation(item, op, handler) {
     try {
-        clearLocalTfProjects();
+        clearLocalTfProject(item);
         const policy = getPolicy(item, 'firestartr.dev/policy');
         const syncPolicy = getPolicy(item, 'firestartr.dev/sync-policy');
         if (!policy || policy === 'observe' || policy === 'observe-only') {
@@ -303406,6 +304026,7 @@ async function* doPlanJSONFormat(item, op, handler, setResult = function (_r) {
             await addPlanStatusCheck(item.metadata.annotations['firestartr.dev/last-state-pr'], 'Terraform plan in progress...');
         }
         const tfPlan = await runTerraformProvisioner(context, planType, null, {
+            tfCacheDir: external_path_.join(TF_CACHES_PATH, `slot_${handler.getSlotInfo().slotId}`),
             hardTimeout: handler.recommendedTimeout(),
             processKilled: (killed) => {
                 if (killed) {
@@ -303703,6 +304324,7 @@ async function* process_operation_markedToDeletion(item, op, handler) {
         const deps = await handler.resolveReferences();
         const context = buildProvisionerContext(item, deps);
         const destroyOutput = await runTerraformProvisioner(context, 'destroy', null, {
+            tfCacheDir: external_path_.join(TF_CACHES_PATH, `slot_${handler.getSlotInfo().slotId}`),
             hardTimeout: handler.recommendedTimeout(),
             processKilled: (killed) => {
                 if (killed) {
@@ -303824,6 +304446,7 @@ async function* doApply(item, op, handler) {
         operator_src_logger.info(`The Terraform processor is applying and assessing dependencies for item '${item.kind}/${item.metadata.name}' with dependencies: '${deps}'.`);
         const context = buildProvisionerContext(item, deps);
         const applyOutput = await runTerraformProvisioner(context, 'apply', checkRunCtl, {
+            tfCacheDir: external_path_.join(TF_CACHES_PATH, `slot_${handler.getSlotInfo().slotId}`),
             hardTimeout: handler.recommendedTimeout(),
             processKilled: (killed) => {
                 if (killed) {
@@ -304119,8 +304742,72 @@ function resolveReferences(item, deps) {
         throw new Error(`resolving references: ${e}`);
     }
 }
-function clearLocalTfProjects() {
-    external_fs_.rmSync(TF_PROJECTS_PATH, { recursive: true, force: true });
+function getValidatedTfProjectPath(item) {
+    const tfStateKey = item?.spec?.firestartr?.tfStateKey;
+    if (typeof tfStateKey !== 'string' || tfStateKey.trim() === '') {
+        throw new Error('Invalid terraform state key');
+    }
+    if (external_path_.isAbsolute(tfStateKey)) {
+        throw new Error(`Invalid terraform state key: ${tfStateKey}`);
+    }
+    const basePath = external_path_.resolve(TF_PROJECTS_PATH);
+    const tfProjectPath = external_path_.resolve(basePath, tfStateKey);
+    const relativePath = external_path_.relative(basePath, tfProjectPath);
+    if (relativePath === '' ||
+        relativePath === '.' ||
+        relativePath.startsWith('..') ||
+        external_path_.isAbsolute(relativePath)) {
+        throw new Error(`Invalid terraform state key: ${tfStateKey}`);
+    }
+    return tfProjectPath;
+}
+function getValidatedTfProjectsRealPath() {
+    const basePath = external_path_.resolve(TF_PROJECTS_PATH);
+    external_fs_.mkdirSync(basePath, { recursive: true });
+    const realBasePath = external_fs_.realpathSync(basePath);
+    if (!external_fs_.statSync(realBasePath).isDirectory()) {
+        throw new Error(`Invalid terraform projects path: ${TF_PROJECTS_PATH}`);
+    }
+    return realBasePath;
+}
+function assertPathWithinBase(candidatePath, realBasePath) {
+    const relativePath = external_path_.relative(realBasePath, candidatePath);
+    if (relativePath === '' ||
+        relativePath === '.' ||
+        relativePath.startsWith('..') ||
+        external_path_.isAbsolute(relativePath)) {
+        throw new Error(`Invalid terraform project path: ${candidatePath}`);
+    }
+}
+function assertNoSymlinksInExistingPathComponents(realBasePath, candidatePath) {
+    const relativePath = external_path_.relative(realBasePath, candidatePath);
+    const pathSegments = relativePath
+        .split(external_path_.sep)
+        .filter((segment) => segment !== '');
+    let currentPath = realBasePath;
+    for (const pathSegment of pathSegments) {
+        currentPath = external_path_.join(currentPath, pathSegment);
+        if (!external_fs_.existsSync(currentPath)) {
+            return;
+        }
+        if (external_fs_.lstatSync(currentPath).isSymbolicLink()) {
+            throw new Error(`Invalid terraform project path: symlink component detected at ${currentPath}`);
+        }
+    }
+}
+function clearLocalTfProject(item) {
+    const tfProjectPath = getValidatedTfProjectPath(item);
+    const realBasePath = getValidatedTfProjectsRealPath();
+    assertNoSymlinksInExistingPathComponents(realBasePath, tfProjectPath);
+    let deletePath = tfProjectPath;
+    if (external_fs_.existsSync(tfProjectPath)) {
+        deletePath = external_fs_.realpathSync(tfProjectPath);
+        assertPathWithinBase(deletePath, realBasePath);
+    }
+    external_fs_.rmSync(deletePath, {
+        recursive: true,
+        force: true,
+    });
 }
 function getErrorOutputMessage(cr, key, ref) {
     if (cr.spec.source === 'Remote') {
@@ -304269,7 +304956,7 @@ async function acquireLease(namespace, cb, interval = 10000) {
 const processOperationPlan_TF_PROJECTS_PATH = '/tmp/tfworkspaces';
 function processOperationPlan(item, op, handler) {
     try {
-        processOperationPlan_clearLocalTfProjects();
+        clearLocalTfProjects();
         const policy = processOperationPlan_getPolicy(item);
         if (policy === 'observe' || policy === 'apply') {
             return processOperationPlan_plan(item, op, handler);
@@ -304695,7 +305382,7 @@ function processOperationPlan_resolveReferences(item, deps) {
         throw { error: `resolving references: ${e}` };
     }
 }
-function processOperationPlan_clearLocalTfProjects() {
+function clearLocalTfProjects() {
     external_fs_.rmSync(processOperationPlan_TF_PROJECTS_PATH, { recursive: true, force: true });
 }
 function processOperationPlan_getErrorOutputMessage(cr, key, ref) {
@@ -305081,7 +305768,7 @@ const MODULES = {
     },
     FirestartrGithubRepository: {
         module: 'git::https://github.com/prefapp/tfm.git//modules/github-repo',
-        ref: 'fix/remove-topics-from-creation-to-avoid-crashes',
+        ref: 'feat/add-labels-support-gh-repo',
     },
     FirestartrGithubRepositoryFeature: {
         module: 'git::https://github.com/prefapp/tfm.git//modules/github-files-set',
@@ -305660,20 +306347,98 @@ function provisionPermissions(fsGithubRepository) {
                 });
             }
         }
-        else {
-            gh_provisioner_src_logger.info(`[gh-provisioner] ${fsGithubRepository.k8sId} provisions a member ${permission.collaborator} with role ${permission.role}`);
-            const config = {
-                username: permission.collaborator,
-                permission: permission.role,
-            };
+        else {
+            gh_provisioner_src_logger.info(`[gh-provisioner] ${fsGithubRepository.k8sId} provisions a member ${permission.collaborator} with role ${permission.role}`);
+            const config = {
+                username: permission.collaborator,
+                permission: permission.role,
+            };
+            fsGithubRepository.patchData({
+                op: PatchOperations.add,
+                path: '/config/collaborators/-',
+                value: config,
+            });
+        }
+    }
+}
+
+;// CONCATENATED MODULE: ../gh_provisioner/src/entities/ghrepo/helpers/labels.ts
+// if we are to provision labels using tofu and the label already
+// exists, we should not attempt to re-create it. This function checks
+// if the label exists and if not, creates it. This is needed because
+// tofu does not have an "upsert" operation for labels, so we need to check
+// if the label exists before trying to create it, otherwise we will get an error.
+
+
+
+async function provisionLabels(fsGithubRepository, repoAlreadyExists) {
+    try {
+        const cr = fsGithubRepository.cr;
+        if (cr.spec.repo.labels.length === 0) {
+            return;
+        }
+        if (repoAlreadyExists) {
+            await importLabelsIfNeeded(fsGithubRepository);
+        }
+        const labels = cr.spec.repo.labels;
+        for (const label of labels) {
+            gh_provisioner_src_logger.debug(`[gh-provisioner] ${fsGithubRepository.k8sId} provisioning label ${label.name}`);
             fsGithubRepository.patchData({
                 op: PatchOperations.add,
-                path: '/config/collaborators/-',
-                value: config,
+                path: '/config/labels/-',
+                value: {
+                    name: label.name,
+                    color: label.color,
+                    description: label.description,
+                },
+            });
+        }
+    }
+    catch (err) {
+        gh_provisioner_src_logger.error(`[gh-provisioner] ${fsGithubRepository.k8sId} error on provisionLabels: ${err}`);
+        throw new Error(`Error on provisionLabels: ${err}`);
+    }
+}
+async function importLabelsIfNeeded(fsGithubRepository) {
+    const cr = fsGithubRepository.cr;
+    try {
+        const labels = cr.spec.repo.labels;
+        const labelsToImport = [];
+        gh_provisioner_src_logger.info(`[gh-provisioner] ${fsGithubRepository.k8sId} checking if labels need to be imported`);
+        const repoIssuesList = await fsGithubRepository.runWithGithubProvider(async () => {
+            return await github.repo.getRepoIssuesLabels(cr.spec.org, cr.name);
+        });
+        // we need to check wether the label exists or not, if it does not exist we need to create it
+        for (const label of labels) {
+            if (checkIfLabelExists(label.name, repoIssuesList)) {
+                continue;
+            }
+            labelsToImport.push({
+                name: label.name,
+                color: label.color,
+                description: label.description,
+            });
+        }
+        for (const label of labelsToImport) {
+            this.patchImportData({
+                op: PatchOperations.add,
+                path: '/imports/-',
+                value: {
+                    to: 'github_issue_label.this["' + label.name + '"]',
+                    id: `${this.cr.name}:${label.name}`,
+                },
             });
         }
+        return labelsToImport;
+    }
+    catch (err) {
+        gh_provisioner_src_logger.error(`[gh-provisioner] ${fsGithubRepository.k8sId} error on importLabelsIfNeeded: ${err}`);
+        throw new Error(`Error on importLabelsIfNeeded: ${err}`);
     }
 }
+function checkIfLabelExists(labelName, repoIssuesList) {
+    return repoIssuesList.some((label) => label.name === labelName);
+}
 
 ;// CONCATENATED MODULE: ../gh_provisioner/src/entities/ghrepo/helpers/index.ts
 
@@ -305682,6 +306447,7 @@ function provisionPermissions(fsGithubRepository) {
 
 
 
+
 ;// CONCATENATED MODULE: ../gh_provisioner/src/entities/ghrepo/post/additional_branches.ts
 
 
@@ -305746,6 +306512,7 @@ async function provisionRegularBranch(repo, branchName, sourceBranch, org) {
 
 
 
+
 class EntityGHRepo extends base_Entity {
     constructor(artifact) {
         super(artifact, {
@@ -305754,18 +306521,24 @@ class EntityGHRepo extends base_Entity {
                 variables: [],
                 teams: [],
                 collaborators: [],
+                labels: [],
             },
         });
     }
     async loadResources(tfOp) {
+        let repoAlreadyExists = false;
         try {
             this.synthMessage('Loading resources to Synth...');
+            repoAlreadyExists = (await this.runWithGithubProvider(async () => {
+                return await github.repo.repoExists(this.cr.spec.org, this.cr.name);
+            }));
             await this.provisionRepository();
             await provisionDefaultBranch(this);
             await provisionCodeowners(this);
             await provisionVariables(this);
             await provisionOIDCSubjectClaim(this);
             await provisionPermissions(this);
+            await provisionLabels(this, repoAlreadyExists);
             this.synthMessage('Synth finished');
             this.synthEnd(JSON.stringify(this.document, null, 2));
         }
@@ -306876,6 +307649,8 @@ function gh_checkrun_helperCreateCheckRunName(cmd, item) {
 
 
 
+
+const process_operation_TF_CACHES_PATH = '/tmp/tfcaches';
 function process_operation_processOperation(item, op, handler) {
     operator_src_logger.info(`Processing operation ${op} on ${item.kind}/${item.metadata?.name}`);
     try {
@@ -307005,6 +307780,7 @@ async function* gh_process_operation_markedToDeletion(item, op, handler) {
                 operator_src_logger.error(`PANIC!!: The Terraform process for item '${item.kind}/${item.metadata.name}' could not be killed`);
             }
         };
+        opts.ctl['tfCacheDir'] = external_path_default().join(process_operation_TF_CACHES_PATH, `slot_${handler.getSlotInfo().slotId}`);
         const destroyOutput = await gh_provisioner.runGhProvisioner({
             mainCr: item,
             deps,
@@ -307153,6 +307929,7 @@ async function* process_operation_doApply(item, op, handler) {
                 operator_src_logger.error(`PANIC!!: The Terraform process for item '${item.kind}/${item.metadata.name}' could not be killed`);
             }
         };
+        opts.ctl['tfCacheDir'] = external_path_default().join(process_operation_TF_CACHES_PATH, `slot_${handler.getSlotInfo().slotId}`);
         const applyOutput = await gh_provisioner.runGhProvisioner({
             mainCr: item,
             deps,
@@ -307247,228 +308024,6 @@ async function* process_operation_doApply(item, op, handler) {
     }
 }
 
-// EXTERNAL MODULE: ../operator/node_modules/@opentelemetry/exporter-prometheus/build/src/index.js
-var build_src = __nccwpck_require__(35116);
-// EXTERNAL MODULE: ../operator/node_modules/@opentelemetry/sdk-metrics/build/src/index.js
-var sdk_metrics_build_src = __nccwpck_require__(30481);
-;// CONCATENATED MODULE: ../operator/src/metrics/CRStates.ts
-
-
-
-
-const INTERVAL_IN_SEGS = 60;
-class CRStateMetrics {
-    constructor(kind, namespace, meter) {
-        this.kind = kind;
-        this.provisionedGauge = meter.createGauge('firestartr_provisioned_total', {
-            description: 'Total number of CRs in PROVISIONED state',
-        });
-        this.provisioningGauge = meter.createGauge('firestartr_provisioning_total', {
-            description: 'Total number of CRs in PROVISIONING state',
-        });
-        this.outOfSyncGauge = meter.createGauge('firestartr_out_of_sync_total', {
-            description: 'Total number of CRs in OUT_OF_SYNC state',
-        });
-        this.errorGauge = meter.createGauge('firestartr_error_total', {
-            description: 'Total number of CRs in ERROR state',
-        });
-        this.planningGauge = meter.createGauge('firestartr_planning_total', {
-            description: 'Total number of CRs in PLANNING state',
-        });
-        this.deletedGauge = meter.createGauge('firestartr_deleted_total', {
-            description: 'Total number of CRs in DELETED state',
-        });
-        this.errorOnSyncGauge = meter.createGauge('firestartr_error_on_sync_total', {
-            description: 'Total number of CRs with failed SYNCs',
-        });
-        this.namespace = namespace;
-    }
-    async start() {
-        await this.__prepareConnection();
-        this.onUpdate = false;
-        this.updateInterval = setInterval(async () => {
-            await this.update();
-        }, 1000 * INTERVAL_IN_SEGS);
-        await this.update();
-    }
-    stop() {
-        if (this.updateInterval) {
-            clearInterval(this.updateInterval);
-            this.updateInterval = null;
-        }
-    }
-    async update() {
-        if (this.onUpdate)
-            return;
-        this.onUpdate = true;
-        try {
-            const items = await this.fListCRs();
-            let provisionedCount = 0;
-            let provisioningCount = 0;
-            let outOfSyncCount = 0;
-            let errorCount = 0;
-            let planningCount = 0;
-            let deletedCount = 0;
-            let errorOnSyncCount = 0;
-            for (const item of items) {
-                const status = item.status?.conditions.find((condition) => condition.type !== 'SYNCHRONIZED' && condition.status === 'True');
-                if (!status)
-                    continue;
-                const syncCondition = item.status.conditions.find((condition) => {
-                    return condition.type === 'SYNCHRONIZED';
-                });
-                if (syncCondition &&
-                    syncCondition.message === SYNC_DEFAULT_ERROR_MESSAGE) {
-                    errorOnSyncCount++;
-                }
-                switch (status.type) {
-                    case 'PROVISIONED':
-                        provisionedCount++;
-                        break;
-                    case 'PROVISIONING':
-                        provisioningCount++;
-                        break;
-                    case 'OUT_OF_SYNC':
-                        outOfSyncCount++;
-                        break;
-                    case 'PLANNING':
-                        planningCount++;
-                        break;
-                    case 'DELETED':
-                        deletedCount++;
-                        break;
-                    case 'ERROR':
-                        errorCount++;
-                        break;
-                }
-            }
-            this.provisionedGauge.record(provisionedCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-            this.provisioningGauge.record(provisioningCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-            this.planningGauge.record(planningCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-            this.deletedGauge.record(deletedCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-            this.outOfSyncGauge.record(outOfSyncCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-            this.errorGauge.record(errorCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-            this.errorOnSyncGauge.record(errorOnSyncCount, {
-                namespace: this.namespace,
-                kind: this.kind,
-            });
-        }
-        catch (err) {
-            console.log(`CRStateMetrics: update ${err}`);
-            this.onUpdate = false;
-            operator_src_logger.error(`On update of CR metrics: ${err}`);
-            await this.__prepareConnection();
-        }
-        this.onUpdate = false;
-    }
-    async __prepareConnection() {
-        const { kc, opts } = await ctl_getConnection();
-        const k8sApi = kc.makeApiClient(client_node_dist.CustomObjectsApi);
-        this.fListCRs = async () => {
-            try {
-                const response = await k8sApi.listNamespacedCustomObject('firestartr.dev', 'v1', this.namespace, this.kind);
-                const body = response.body;
-                return body.items;
-            }
-            catch (err) {
-                throw new Error(`On listing CRs ${this.kind}: ${err}`);
-            }
-        };
-    }
-}
-
-;// CONCATENATED MODULE: ../operator/src/metricsServer.ts
-
-
-
-
-/* harmony default export */ async function metricsServer(kindList, namespace) {
-    const portFromEnv = process.env.METRICS_PORT;
-    const options = build_src/* PrometheusExporter.DEFAULT_OPTIONS */.rC.DEFAULT_OPTIONS;
-    options.port = portFromEnv ? parseInt(portFromEnv) : options.port;
-    options.endpoint = process.env.METRICS_ENDPOINT || options.endpoint;
-    const exporter = new build_src/* PrometheusExporter */.rC(options, () => {
-        console.log(`📊 Metrics endpoint: http://localhost:${options.port}${options.endpoint}`);
-    });
-    const attributes = { pid: process.pid };
-    void startMetrics(exporter, attributes, kindList, namespace);
-}
-async function startMetrics(exporter, attributes, kindList, namespace) {
-    const meterProvider = new sdk_metrics_build_src/* MeterProvider */.y0({
-        readers: [exporter],
-    });
-    const meter = meterProvider.getMeter('firestartr');
-    void startQueueMetrics(meter, attributes);
-    void startMemoryMetrics(meter, attributes);
-    void startCRStates(meter, kindList, namespace);
-}
-async function startQueueMetrics(meter, attributes) {
-    const nWorkItemsCounter = meter.createObservableGauge('firestartr_workitems_total', { description: 'Number of workitems in the queue' });
-    const nWorkItemsPendingCounter = meter.createObservableGauge('firestartr_workitems_pending_total', { description: 'Number of workitems with PENDING status in the queue' });
-    const nWorkItemsProcessingCounter = meter.createObservableGauge('firestartr_workitems_processing_total', { description: 'Number of workitems with PROCESSING status in the queue' });
-    const nWorkItemsFinishedCounter = meter.createObservableGauge('firestartr_workitems_finished_total', { description: 'Number of workitems with FINISHED status in the queue' });
-    const nWorkItemsInDeadLetterHandling = meter.createObservableGauge('firestartr_workitems_dead_letter_handling_total', {
-        description: 'Number of workitems of the queue handled by the Dead Letter Handler',
-    });
-    const queueMetrics = getQueueMetrics();
-    let total = queueMetrics.nItems;
-    let pending = queueMetrics.nItemsPending;
-    let processing = queueMetrics.nItemsProcessing;
-    let finished = queueMetrics.nItemsFinished;
-    let inDeadLetterHandling = queueMetrics.nItemsInDeadLetterHandling;
-    nWorkItemsCounter.addCallback((observer) => observer.observe(total, { ...attributes, ...queueMetrics.nItemsTypes }));
-    nWorkItemsPendingCounter.addCallback((observer) => observer.observe(pending, { ...attributes, ...queueMetrics.nItemsTypes }));
-    nWorkItemsProcessingCounter.addCallback((observer) => observer.observe(processing, {
-        ...attributes,
-        ...queueMetrics.nItemsTypes,
-    }));
-    nWorkItemsFinishedCounter.addCallback((observer) => observer.observe(finished, { ...attributes, ...queueMetrics.nItemsTypes }));
-    nWorkItemsInDeadLetterHandling.addCallback((observer) => observer.observe(inDeadLetterHandling, {
-        ...attributes,
-        ...queueMetrics.nItemsTypes,
-    }));
-    setInterval(() => {
-        const queueMetrics = getQueueMetrics();
-        total = queueMetrics.nItems;
-        pending = queueMetrics.nItemsPending;
-        processing = queueMetrics.nItemsProcessing;
-        finished = queueMetrics.nItemsFinished;
-        inDeadLetterHandling = queueMetrics.nItemsInDeadLetterHandling;
-    }, 1000);
-}
-async function startMemoryMetrics(meter, attributes) {
-    const usedMemoryCounter = meter.createObservableGauge('firestartr_used_memory', { description: 'Used memory in bytes' });
-    let heapUsage = process.memoryUsage().heapUsed;
-    usedMemoryCounter.addCallback((observer) => observer.observe(heapUsage, attributes));
-    setInterval(() => {
-        heapUsage = process.memoryUsage().heapUsed;
-    }, 1000);
-}
-async function startCRStates(meter, kindList, namespace) {
-    for (const kind of kindList) {
-        const crStateMetrics = new CRStateMetrics(kind, namespace, meter);
-        await crStateMetrics.start();
-    }
-}
-
 // EXTERNAL MODULE: external "util"
 var external_util_ = __nccwpck_require__(73837);
 ;// CONCATENATED MODULE: ../operator/src/cmd/tf_planner.ts
@@ -308182,9 +308737,9 @@ const crs_analyzerSubcommand = {
 };
 
 ;// CONCATENATED MODULE: ./package.json
-const package_namespaceObject = JSON.parse('{"i8":"2.2.2-snapshot-0"}');
+const package_namespaceObject = JSON.parse('{"i8":"2.3.0-snapshot"}');
 ;// CONCATENATED MODULE: ../../package.json
-const package_namespaceObject_1 = {"i8":"2.1.0"};
+const package_namespaceObject_1 = {"i8":"2.2.0"};
 ;// CONCATENATED MODULE: ./src/subcommands/index.ts