npm - @firestartr/cli - Versions diffs - 2.5.0-snapshot-2 → 2.5.0 - Mend

@firestartr/cli 2.5.0-snapshot-2 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/build/index.js CHANGED Viewed

@@ -291270,6 +291270,27 @@ function definitions_getPluralFromKind(kind) {
     const plural = Object.keys(kindPluralMap).find((key) => kindPluralMap[key] === kind);
     return plural;
 }
+// ----------------------------------------------------
+// Operations, workitems and handlers definitions
+// ----------------------------------------------------
+/**
+ * Helper to extract the canonical identity (metadata.uid) from a WorkItem or its item.
+ *
+ * Use this helper when you need a stable identity key for WorkItems, e.g. for
+ * in-memory deferred-scheduling bookkeeping.
+ *
+ * Note: other subsystems may still use kind/namespace/name keys; this helper is
+ * specifically intended for UID-based WorkItem identity.
+ * Any future change to identity logic MUST be made here and nowhere else.
+ *
+ * Returns undefined if .metadata.uid is missing so scheduler/bookkeeping paths
+ * can safely short-circuit instead of throwing and aborting an entire pass.
+ */
+function getWorkItemIdentity(wi) {
+    // Support either .item.metadata.uid or direct .metadata.uid for future extensibility
+    const meta = wi.item && wi.item.metadata ? wi.item.metadata : wi.metadata;
+    return meta && meta.uid ? meta.uid : undefined;
+}
 var OperationType;
 (function (OperationType) {
     OperationType["RENAMED"] = "RENAMED";
@@ -293513,6 +293534,134 @@ function fdummies_fWait(ms) {
     });
 }
+;// CONCATENATED MODULE: ../operator/src/processItem.blocks.ts
+// processItem.blocks.ts
+// Responsible for all in-memory deferred-scheduling bookkeeping for blocked parent deletions.
+//
+// Always extract WorkItem identity for all in-memory maps and keys by calling
+// getWorkItemIdentity() from definitions.ts, and NOT by constructing your own key.
+// This ensures spec compliance and future maintainability.
+//
+// Does NOT detect "blocked" state (caller must supply outcome). Purely key/value scheduler-local state logic per spec.
+// Only use getWorkItemIdentity(item) for identity bookkeeping and maps.
+// --- Config: Deferral Policy ---
+/**
+ * Maximum number of blocked attempts allowed before an item is moved to the deferred segment.
+ * An item becomes deferred once its blocked-attempt count exceeds this value.
+ */
+const MAX_BLOCKED_ATTEMPTS_BEFORE_DEFER = 5;
+// Initial supported parent kind(s): extensible for future cases
+const SUPPORTED_PARENT_KINDS = new Set(['FirestartrGithubRepository']);
+// --- Bookkeeper Class ---
+/**
+ * Encapsulates all deferred-scheduling bookkeeping state for one scheduler queue.
+ * Instantiate once per queue (alongside processItemSlotsManager) inside loop().
+ */
+class DeferredSchedulingBookkeeper {
+    constructor() {
+        this._blockedAttempts = new Map();
+        this._deferredEntryOrder = new Map();
+        this._deferredOrderCounter = 0;
+    }
+    // --- Applicability Logic ---
+    /**
+     * Returns true only for supported parent kinds AND only for deletion operations.
+     * Per spec Definition 2: applicable when operation is MARKED_TO_DELETION,
+     * or RETRY with metadata.deletionTimestamp set.
+     */
+    isDeferredSchedulingApplicable(item) {
+        const kind = item.item && item.item.kind ? item.item.kind : item.kind;
+        if (!SUPPORTED_PARENT_KINDS.has(kind))
+            return false;
+        const op = item.operation;
+        if (op === OperationType.MARKED_TO_DELETION)
+            return true;
+        if (op === OperationType.RETRY && item.item?.metadata?.deletionTimestamp)
+            return true;
+        return false;
+    }
+    // --- Bookkeeping API ---
+    /**
+     * Increments block counter for item (only call when item has been detected as blocked).
+     * Returns new value. Promotes item to deferred segment if threshold crossed.
+     */
+    incrementBlockedAttempt(item) {
+        if (!this.isDeferredSchedulingApplicable(item))
+            return 0;
+        const id = getWorkItemIdentity(item);
+        if (id === undefined)
+            return 0;
+        const prev = this._blockedAttempts.get(id) || 0;
+        const next = prev + 1;
+        this._blockedAttempts.set(id, next);
+        if (next > MAX_BLOCKED_ATTEMPTS_BEFORE_DEFER &&
+            !this._deferredEntryOrder.has(id)) {
+            this._deferredEntryOrder.set(id, ++this._deferredOrderCounter);
+        }
+        return next;
+    }
+    getBlockedAttempts(item) {
+        if (!this.isDeferredSchedulingApplicable(item))
+            return 0;
+        const id = getWorkItemIdentity(item);
+        if (id === undefined)
+            return 0;
+        return this._blockedAttempts.get(id) || 0;
+    }
+    isDeferred(item) {
+        if (!this.isDeferredSchedulingApplicable(item))
+            return false;
+        return this.getBlockedAttempts(item) > MAX_BLOCKED_ATTEMPTS_BEFORE_DEFER;
+    }
+    getDeferredOrder(item) {
+        if (!this.isDeferredSchedulingApplicable(item))
+            return undefined;
+        const id = getWorkItemIdentity(item);
+        if (id === undefined)
+            return undefined;
+        return this._deferredEntryOrder.get(id);
+    }
+    removeBookkeeping(item) {
+        if (!this.isDeferredSchedulingApplicable(item))
+            return;
+        const id = getWorkItemIdentity(item);
+        if (id === undefined)
+            return;
+        this._blockedAttempts.delete(id);
+        this._deferredEntryOrder.delete(id);
+    }
+    // --- Queue Partitioning ---
+    /**
+     * Splits queue into non-deferred and deferred, preserving original order,
+     * but sorts deferred by stable insertion order.
+     */
+    partitionQueueByDeferred(queue) {
+        const nonDeferred = [];
+        const deferred = [];
+        for (const item of queue) {
+            if (this.isDeferredSchedulingApplicable(item) && this.isDeferred(item)) {
+                deferred.push(item);
+            }
+            else {
+                nonDeferred.push(item);
+            }
+        }
+        deferred.sort((a, b) => {
+            const orderA = this.getDeferredOrder(a) || 0;
+            const orderB = this.getDeferredOrder(b) || 0;
+            return orderA - orderB;
+        });
+        return { nonDeferred, deferred };
+    }
+    // --- TESTING / DEBUG ---
+    clearAllBookkeeping() {
+        this._blockedAttempts.clear();
+        this._deferredEntryOrder.clear();
+        this._deferredOrderCounter = 0;
+    }
+}
 ;// CONCATENATED MODULE: ../operator/src/processItem.debug.ts
@@ -294003,12 +294152,12 @@ async function startCRStates(meter, kindList, namespace) {
-function initProcessItemsSlots(nSlots, initMetrics = true) {
+function initProcessItemsSlots(nSlots, initMetrics = true, onWorkItemBlockedByHandler) {
     operator_src_logger.info(`Initializing ${nSlots} processing slots...`);
-    return new ProcessItemSlots(nSlots, initMetrics);
+    return new ProcessItemSlots(nSlots, initMetrics, onWorkItemBlockedByHandler);
 }
 class ProcessItemSlots {
-    constructor(nSlots, initMetrics) {
+    constructor(nSlots, initMetrics, onWorkItemBlockedByHandler) {
         this._guardRails = new GuardRails();
         // let's init the slots
         this._nSlots = nSlots;
@@ -294025,6 +294174,7 @@ class ProcessItemSlots {
             slot.actions = {
                 blockItem: (item) => this._guardRails.block(item),
                 unblockItem: (item) => this._guardRails.unblock(item),
+                onWorkItemBlockedByHandler,
             };
             return slot;
         });
@@ -294135,6 +294285,9 @@ class ProcessItemSlot {
         if ('needsBlocking' in workItem.handler &&
             workItem.handler.needsBlocking(item, workItem.operation)) {
             operator_src_logger.debug(`Item ${item.kind}/${item.metadata.namespace} needs blocking`);
+            // Fire-and-forget: the callback is synchronous bookkeeping only;
+            // no async side effects are expected from this callback.
+            this._actions?.onWorkItemBlockedByHandler?.(workItem);
             return;
         }
         workItem.workStatus = WorkStatus.PROCESSING;
@@ -294156,6 +294309,7 @@ class ProcessItemSlot {
 const queue = [];
 const WEIGHTS = {
     RENAMED: 15,
@@ -294276,12 +294430,26 @@ async function processItem(workItem) {
 async function processItem_loop() {
     loopWorkItemDebug(queue);
     let podIsTerminating = false;
-    const processItemSlotsManager = initProcessItemsSlots(MAX_SLOTS);
-    const nextWorkItem = () => sortQueue(queue)
-        .filter((w) => !w.isBlocked &&
-        !w.isPicked &&
-        !processItemSlotsManager.isWorkItemBlocked(w))
-        .find((w) => w.workStatus === WorkStatus.PENDING);
+    const deferredBookkeeper = new DeferredSchedulingBookkeeper();
+    const processItemSlotsManager = initProcessItemsSlots(MAX_SLOTS, true, (w) => deferredBookkeeper.incrementBlockedAttempt(w));
+    if (process.env.GARBAGE_QUEUE_COLLECTOR) {
+        void workItemGarbageCollector(queue, deferredBookkeeper);
+    }
+    const nextWorkItem = () => {
+        // First, sort the queue and partition it for deferred scheduling.
+        const sorted = sortQueue(queue);
+        const { nonDeferred, deferred } = deferredBookkeeper.partitionQueueByDeferred(sorted);
+        // Helper for selection logic
+        function pickEligible(arr) {
+            return arr
+                .filter((w) => !w.isBlocked &&
+                !w.isPicked &&
+                !processItemSlotsManager.isWorkItemBlocked(w))
+                .find((w) => w.workStatus === WorkStatus.PENDING);
+        }
+        // Always prefer non-deferred, only defer if absolutely nothing eligible
+        return pickEligible(nonDeferred) || pickEligible(deferred);
+    };
     initSignalsHandler(new Map([['SIGTERM', () => (podIsTerminating = true)]]));
     operator_src_logger.info(`
     ------- Processor main loop started with a maximum of '${MAX_SLOTS}' concurrent slots to process items. -------
@@ -294358,24 +294526,23 @@ function processItem_wait(t = 2000) {
  * Periodically checks the queue for finished WorkItems and removes them
  * @param {WorkItem[]} queue - Queue of WorkItems
  */
-async function workItemGarbageCollector(queue) {
+async function workItemGarbageCollector(queue, bookkeeper) {
     while (1) {
         operator_src_logger.debug(`The garbage collector processed '${queue.length}' work items.`);
-        for (const [index, wi] of queue.entries()) {
+        for (let i = queue.length - 1; i >= 0; i--) {
+            const wi = queue[i];
             if (wi.workStatus === WorkStatus.FINISHED) {
+                bookkeeper?.removeBookkeeping(wi);
                 // Because the queue is a constant, we cannot reassign it, instead we
                 // use splice which modifies the array in place
                 //wi.onDelete()
-                queue.splice(index, 1);
+                queue.splice(i, 1);
             }
         }
         operator_src_logger.debug(`The garbage collector finished its run, leaving '${queue.length}' work items in the queue.`);
         await processItem_wait(10 * 1000);
     }
 }
-if (process.env.GARBAGE_QUEUE_COLLECTOR) {
-    void workItemGarbageCollector(queue);
-}
 ;// CONCATENATED MODULE: ../terraform_provisioner/src/tf/analyzer.ts
@@ -298337,8 +298504,8 @@ const MODULES = {
     },
     FirestartrGithubRepository: {
         module: 'git::https://github.com/prefapp/tfm.git//modules/github-repo',
-        // github-repo-v0.4.1
-        ref: 'addd7ce4a1054933c7f254a3d650c550c6a44024',
+        // github-repo-v0.5.1
+        ref: '67c7afaec38c1fdc9f1928090c181ef310fb81ec',
     },
     FirestartrGithubRepositoryFeature: {
         module: 'git::https://github.com/prefapp/tfm.git//modules/github-files-set',
@@ -299056,6 +299223,48 @@ function checkIfLabelExists(labelName, repoIssuesList) {
     return repoIssuesList.some((label) => label.name === labelName);
 }
+;// CONCATENATED MODULE: ../gh_provisioner/src/entities/ghrepo/helpers/branch_protections.ts
+/**
+ * Adds branch protection config to the synthesized Terraform config,
+ * preserving legacy field semantics exactly (empty lists, explicit booleans, names).
+ * @param entity The EntityGHRepo instance
+ */
+function provisionBranchProtections(entity) {
+    const protections = entity.cr.spec.branchProtections;
+    if (!protections || !Array.isArray(protections) || protections.length === 0) {
+        return;
+    }
+    for (const protection of protections) {
+        // This shape should match the compatible Terraform contract
+        const output = {};
+        // Only emit legacy fields in allowed order
+        output.branch = protection.branch;
+        output.statusChecks =
+            'statusChecks' in protection ? (protection.statusChecks ?? []) : [];
+        if ('requiredReviewersCount' in protection)
+            output.requiredReviewersCount = protection.requiredReviewersCount;
+        if ('requiredCodeownersReviewers' in protection)
+            output.requiredCodeownersReviewers =
+                protection.requiredCodeownersReviewers;
+        if ('enforceAdmins' in protection)
+            output.enforceAdmins = protection.enforceAdmins;
+        if ('requireSignedCommits' in protection)
+            output.requireSignedCommits = protection.requireSignedCommits;
+        if ('requireConversationResolution' in protection)
+            output.requireConversationResolution =
+                protection.requireConversationResolution;
+        // Only keep fields that are present, including explicit false/empty
+        gh_provisioner_src_logger.debug(`[gh-provisioner] Adding branch protection config: ${JSON.stringify(output)}`);
+        entity.patchData({
+            op: PatchOperations.add,
+            path: '/config/branch_protections/-',
+            value: output,
+        });
+    }
+}
 ;// CONCATENATED MODULE: ../gh_provisioner/src/entities/ghrepo/helpers/index.ts
@@ -299064,6 +299273,7 @@ function checkIfLabelExists(labelName, repoIssuesList) {
 ;// CONCATENATED MODULE: ../gh_provisioner/src/entities/ghrepo/post/additional_branches.ts
@@ -299130,6 +299340,9 @@ async function provisionRegularBranch(repo, branchName, sourceBranch, org) {
 class EntityGHRepo extends base_Entity {
+    escapeTerraformBranchName(value) {
+        return value.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+    }
     constructor(artifact) {
         super(artifact, {
             config: {
@@ -299138,6 +299351,7 @@ class EntityGHRepo extends base_Entity {
                 teams: [],
                 collaborators: [],
                 labels: [],
+                branch_protections: [],
             },
         });
     }
@@ -299192,6 +299406,8 @@ class EntityGHRepo extends base_Entity {
             await provisionDefaultBranch(this);
             await provisionCodeowners(this);
             await provisionVariables(this);
+            // Add branch protections to config if defined
+            provisionBranchProtections(this);
             await provisionOIDCSubjectClaim(this);
             await provisionPermissions(this);
             await provisionLabels(this, repoAlreadyExists);
@@ -299241,6 +299457,21 @@ class EntityGHRepo extends base_Entity {
                 id: this.cr.name,
             },
         });
+        // Import github_branch_protection ONLY for protections declared in CR, not GitHub state
+        const protections = this.cr.spec.branchProtections;
+        if (protections && Array.isArray(protections) && protections.length > 0) {
+            for (const protection of protections) {
+                const branch = protection.branch;
+                this.patchImportData({
+                    op: PatchOperations.add,
+                    path: '/imports/-',
+                    value: {
+                        to: `github_branch_protection.this["${this.escapeTerraformBranchName(branch)}"]`,
+                        id: `${this.cr.name}:${this.escapeTerraformBranchName(branch)}`,
+                    },
+                });
+            }
+        }
         // we cannot ensure the files exist, thus we need to check
         // it they exist before importing them
         //for (const file of this.document.config.files) {
@@ -299263,6 +299494,19 @@ class EntityGHRepo extends base_Entity {
                 },
             });
         }
+        // Import Pages resource if configured.
+        // When a repository is manually created with Pages already enabled,
+        // we must import the existing resource to avoid a 409 conflict on apply.
+        if (this.cr.spec.pages) {
+            this.patchImportData({
+                op: PatchOperations.add,
+                path: '/imports/-',
+                value: {
+                    to: 'github_repository_pages.this[0]',
+                    id: this.cr.name,
+                },
+            });
+        }
     }
     async provisionRepository() {
         this.patchData({
@@ -301909,9 +302153,9 @@ const crs_analyzerSubcommand = {
 };
 ;// CONCATENATED MODULE: ./package.json
-const package_namespaceObject = JSON.parse('{"i8":"2.5.0-snapshot-2"}');
+const package_namespaceObject = {"i8":"2.5.0"};
 ;// CONCATENATED MODULE: ../../package.json
-const package_namespaceObject_1 = {"i8":"2.4.0"};
+const package_namespaceObject_1 = {"i8":"2.5.0"};
 ;// CONCATENATED MODULE: ./src/subcommands/index.ts

package/build/packages/gh_provisioner/src/entities/ghrepo/helpers/branch_protections.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { EntityGHRepo } from '../';
+/**
+ * Adds branch protection config to the synthesized Terraform config,
+ * preserving legacy field semantics exactly (empty lists, explicit booleans, names).
+ * @param entity The EntityGHRepo instance
+ */
+export declare function provisionBranchProtections(entity: EntityGHRepo): void;

package/build/packages/gh_provisioner/src/entities/ghrepo/helpers/index.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ export { provisionVariables } from './variables';
 export { provisionOIDCSubjectClaim } from './actions_oidc';
 export { provisionPermissions } from './teams';
 export { provisionLabels } from './labels';
+export { provisionBranchProtections } from './branch_protections';

package/build/packages/gh_provisioner/src/entities/ghrepo/index.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { Entity } from '../base';
 export declare class EntityGHRepo extends Entity {
+    private escapeTerraformBranchName;
     constructor(artifact: any);
     /**
      * Validation logic for GitHub Pages branch settings:

package/build/packages/operator/src/definitions.d.ts CHANGED Viewed

@@ -1,6 +1,20 @@
+import type { Dependencies } from './resolver';
 export declare function getKindFromPlural(plural: string): any;
 export declare function getPluralFromKind(kind: string): string;
-import type { Dependencies } from './resolver';
+/**
+ * Helper to extract the canonical identity (metadata.uid) from a WorkItem or its item.
+ *
+ * Use this helper when you need a stable identity key for WorkItems, e.g. for
+ * in-memory deferred-scheduling bookkeeping.
+ *
+ * Note: other subsystems may still use kind/namespace/name keys; this helper is
+ * specifically intended for UID-based WorkItem identity.
+ * Any future change to identity logic MUST be made here and nowhere else.
+ *
+ * Returns undefined if .metadata.uid is missing so scheduler/bookkeeping paths
+ * can safely short-circuit instead of throwing and aborting an entire pass.
+ */
+export declare function getWorkItemIdentity(wi: WorkItem): string | undefined;
 export declare enum OperationType {
     RENAMED = "RENAMED",
     UPDATED = "UPDATED",

package/build/packages/operator/src/processItem.blocks.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { WorkItem } from './definitions';
+/**
+ * Maximum number of blocked attempts allowed before an item is moved to the deferred segment.
+ * An item becomes deferred once its blocked-attempt count exceeds this value.
+ */
+export declare const MAX_BLOCKED_ATTEMPTS_BEFORE_DEFER = 5;
+export declare const SUPPORTED_PARENT_KINDS: Set<string>;
+/**
+ * Encapsulates all deferred-scheduling bookkeeping state for one scheduler queue.
+ * Instantiate once per queue (alongside processItemSlotsManager) inside loop().
+ */
+export declare class DeferredSchedulingBookkeeper {
+    private _blockedAttempts;
+    private _deferredEntryOrder;
+    private _deferredOrderCounter;
+    /**
+     * Returns true only for supported parent kinds AND only for deletion operations.
+     * Per spec Definition 2: applicable when operation is MARKED_TO_DELETION,
+     * or RETRY with metadata.deletionTimestamp set.
+     */
+    isDeferredSchedulingApplicable(item: WorkItem): boolean;
+    /**
+     * Increments block counter for item (only call when item has been detected as blocked).
+     * Returns new value. Promotes item to deferred segment if threshold crossed.
+     */
+    incrementBlockedAttempt(item: WorkItem): number;
+    getBlockedAttempts(item: WorkItem): number;
+    isDeferred(item: WorkItem): boolean;
+    getDeferredOrder(item: WorkItem): number | undefined;
+    removeBookkeeping(item: WorkItem): void;
+    /**
+     * Splits queue into non-deferred and deferred, preserving original order,
+     * but sorts deferred by stable insertion order.
+     */
+    partitionQueueByDeferred<T extends WorkItem>(queue: T[]): {
+        nonDeferred: T[];
+        deferred: T[];
+    };
+    clearAllBookkeeping(): void;
+}

package/build/packages/operator/src/processItem.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { WorkItem } from './informer';
+import { DeferredSchedulingBookkeeper } from './processItem.blocks';
 export declare function getQueueMetrics(): {
     nItems: number;
     nItemsFinished: number;
@@ -25,4 +26,4 @@ export declare function processItem(workItem: WorkItem): Promise<void>;
  * Periodically checks the queue for finished WorkItems and removes them
  * @param {WorkItem[]} queue - Queue of WorkItems
  */
-export declare function workItemGarbageCollector(queue: WorkItem[]): Promise<void>;
+export declare function workItemGarbageCollector(queue: WorkItem[], bookkeeper?: DeferredSchedulingBookkeeper): Promise<void>;

package/build/packages/operator/src/processItem.slot.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
 import { WorkItem } from './definitions';
 import { ProcessItemSlotMetrics } from './metrics/processItem.slot.metrics';
-export declare function initProcessItemsSlots(nSlots: number, initMetrics?: boolean): ProcessItemSlots;
+export declare function initProcessItemsSlots(nSlots: number, initMetrics?: boolean, onWorkItemBlockedByHandler?: (workItem: WorkItem) => void): ProcessItemSlots;
 export declare class ProcessItemSlots {
     _slots: ProcessItemSlot[];
     _nSlots: number;
     _guardRails: GuardRails;
-    constructor(nSlots: number, initMetrics: boolean);
+    constructor(nSlots: number, initMetrics: boolean, onWorkItemBlockedByHandler?: (workItem: WorkItem) => void);
     getIdleSlots(): Generator<ProcessItemSlot, void, unknown>;
     allSlotsAreIdle(): boolean;
     isWorkItemBlocked(workItem: WorkItem): boolean;
@@ -24,16 +24,19 @@ export declare class ProcessItemSlot {
     _actions: {
         blockItem: (item: any) => void;
         unblockItem: (item: any) => void;
+        onWorkItemBlockedByHandler?: (workItem: WorkItem) => void;
     } | undefined;
     _metrics: ProcessItemSlotMetrics;
     constructor(id: number);
     set actions(actions: {
         blockItem: (item: any) => void;
         unblockItem: (item: any) => void;
+        onWorkItemBlockedByHandler?: (workItem: WorkItem) => void;
     });
     get actions(): {
         blockItem: (item: any) => void;
         unblockItem: (item: any) => void;
+        onWorkItemBlockedByHandler?: (workItem: WorkItem) => void;
     };
     get idle(): boolean;
     get id(): number;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@firestartr/cli",
-  "version": "2.5.0-snapshot-2",
+  "version": "2.5.0",
   "private": false,
   "description": "Commandline tool",
   "main": "build/main.js",