npm - @fjall/deploy-core - Versions diffs - 2.19.1 → 2.19.2 - Mend

@fjall/deploy-core 2.19.1 → 2.19.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/.minified +1 -1
package/dist/src/orchestration/codeOnlyDeploy.d.ts +26 -2
package/dist/src/orchestration/codeOnlyDeploy.js +1 -1
package/dist/src/orchestration/dockerBuildHelper.js +1 -1
package/package.json +4 -4

package/dist/.minified CHANGED Viewed

	@@ -1 +1 @@
1	- 152 files minified at 2026-06-~~20T02~~:53:37.~~943Z~~
1	+ 152 files minified at 2026-06-20T09:23:13.824Z

package/dist/src/orchestration/codeOnlyDeploy.d.ts CHANGED Viewed

@@ -2,6 +2,28 @@ import { type Result } from "@fjall/generator";
 import type { DeployParams, DeployResult } from "../types/params.js";
 import type { ApplicationOperation } from "../types/operations.js";
 import type { DeployServices } from "./serviceFactory.js";
+/**
+ * Re-base an operator-supplied `--image-tag` onto a specific ECS service.
+ *
+ * A multi-image stack pushes each service's image under its own
+ * `<service>-…` tag family into ONE shared ECR repository (the webapp:
+ * `app-sha-<id>`, `scan-worker-sha-<id>`, `deploy-worker-sha-<id>`). The
+ * supplied rollback tag names exactly one of those families, but the same
+ * build identity (`-sha-<id>` / `-latest` suffix) exists for every service.
+ * Applying the supplied tag VERBATIM to every service rolls the wrong image
+ * onto the others — e.g. the worker services boot the app image, run
+ * `react-router serve`, and crash on app-only secrets. Because all services
+ * share one repo, the wrong tag genuinely resolves to a real digest, so the
+ * downstream digest-verify cannot catch it; the prefix must be corrected here.
+ *
+ * This strips the matched `<service>-` prefix and re-prepends the current
+ * service's name, preserving the build-identity suffix. Longest-prefix match
+ * guards against substring service names (`worker` vs `scan-worker`). When the
+ * supplied tag carries no recognised service prefix (a bare custom tag like
+ * `latest` or `v1.2.3`), it cannot be re-based and is returned verbatim — the
+ * caller surfaces a warning on multi-service stacks.
+ */
+export declare function rebaseRollbackTagForService(suppliedTag: string, serviceName: string, allServiceNames: readonly string[]): string;
 /**
  * Code-only deployment orchestrator.
  *
@@ -13,7 +35,9 @@ import type { DeployServices } from "./serviceFactory.js";
  * pushed the artifacts (`runDockerBuild` returns this map). Keys are
  * `<service>` or `<service>-<target>`; values are the bare content-hash tag
  * stem (`<service>(-<target>)?-sha-<12hex>`). `options.imageTag` (the
- * explicit `--image-tag <tag>` rollback) bypasses this map and is used
- * verbatim for every service.
+ * explicit `--image-tag <tag>` rollback) bypasses this map; it is re-based
+ * per service via `rebaseRollbackTagForService` so each service rolls its OWN
+ * `<service>-…` image family (a multi-image stack shares one ECR repo, so an
+ * un-rebased tag would silently roll the wrong service's image).
  */
 export declare function deployCodeOnly(params: DeployParams, services: DeployServices, operation: ApplicationOperation, contentHashTagsByService: Record<string, string>): Promise<Result<DeployResult>>;

package/dist/src/orchestration/codeOnlyDeploy.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{join as U}from"path";import{success as F,failure as $}from"@fjall/generator";import{logger as h}from"@fjall/util/logger";import{maskSensitiveOutput as S}from"@fjall/util";import{parseDockerServicesFromManifest as N}from"@fjall/util/manifest";import{APPLICATION_STACKS as O,getApplicationStepId as _,getApplicationStepName as j}from"../types/operations.js";import{extractEcsServiceName as L}from"../aws/utils/arnParser.js";import{stripTagOrDigest as P}from"../services/infrastructure/EcrImageInspectorService.js";import{withStepLifecycle as q}from"./stepLifecycle.js";const v="codeOnlyDeploy";function z(i,s){if(!i)return;const t=i.docker.target,n=t?`${i.name}-${t}`:i.name;return s[n]}function G(i,s){const t=s.toLowerCase();return i.find(n=>n.name.toLowerCase()===t)??i.find(n=>t.includes(n.name.toLowerCase()))}const H=0,K=1;async function re(i,s,t,n){const{callbacks:u,options:k}=i,I=Date.now(),A=_(O.COMPUTE,"deploy"),M=j(O.COMPUTE,"deploy");return q(u,{stepId:A,stepName:M,stepIndex:H,totalSteps:K},async()=>{const l=k?.imageTag;l&&u.onLog?.(`Rolling to supplied image tag ${l}`,"info");const D=N(U(t.path,"cdk.out"));h.debug(v,"Code-only rollout starting",{explicitRollbackTag:l,workingDirectory:i.workingDirectory,contentHashTagsByService:n,manifestServiceCount:D.length,manifestServices:D.map(r=>({name:r.name,target:r.docker.target}))}),u.onLog?.("Discovering ECS cluster and services\u2026","info");const o=await s.ecsResolver.getDeployableClusterAndServices(t.appName);if(!o.success)return h.debug(v,"ECS discovery failed",{appName:t.appName,error:S(o.error.message)}),{kind:"error",error:o.error};const{clusterArn:y,serviceArns:f}=o.data;if(h.debug(v,"ECS discovery complete",{appName:t.appName,clusterArn:y,serviceCount~~:f.~~length,serviceArns:f}),!~~y\|\|f.~~length===0){const r=`No deployable ECS services found for ${t.appName}`;return u.onLog?.(r,"warn"),{kind:"skipped",data:{target:t.appName,deploymentType:"application",durationMs:Date.now()-I,noChanges:!0}}}const E=k?.serviceName?.toLowerCase(),d=E===""?void 0:E,m=~~d?f.~~filter(r=>{const c=(L(r)??"").toLowerCase();return c===d\|\|c.endsWith(d)})~~:f;~~if(d&&m.length===0){const ~~r=f.~~map(c=>L(c)??"unknown").join(", ");return{kind:"error",error:new Error(`Service '${d}' not found. Available: ${r\|\|"none"}`)}}const g={},p=[];for(let r=0;r<m.length;r++){const c=m[r];if(!c)continue;const a=L(c)??`service-${r+1}`,T=`[${r+1}/${m.length}] ${a}`,C=G(D,a),b=z(C,n),w=~~l??b??`$~~{a.toLowerCase()}~~-latest`;l===void~~ ~~0&&b===~~void 0~~&&u~~.onLog?.(`No content-hash tag found for ${a}; falling back to mutable tag ${w}`,"warn"),h.debug(v,"Starting service rollout",{serviceName:a,serviceArn:c,imageTag:w,explicitRollbackTag:l,contentHashTag:b,manifestServiceMatched:C?.name,dockerTarget:C?.docker.target,index:r,total:m.length}),u.onECSUpdate?.(`${T}: rolling out image tag ${w}`,a);const e=await W(s,y,c,a,w,u);if(h.debug(v,"Service rollout completed",{serviceName:a,success:e.success,...e.success?{taskDefinitionArn:e.data.taskDefinitionArn,imageDigest:e.data.imageDigest,durationMs:e.data.durationMs}:{error:S(e.error.message)}}),!e.success){p.push(`${a}: ${S(e.error.message)}`);continue}g[`${a}TaskDefinition`]=e.data.taskDefinitionArn,g[`${a}PreviousTaskDefinition`]=e.data.previousTaskDefinitionArn,g[`${a}ImageTag`]=w,g[`${a}ImageUri`]=e.data.imageUri,g[`${a}EcrRepositoryArn`]=e.data.ecrRepositoryArn,e.data.imageDigest!==void 0&&(g[`${a}ImageDigest`]=e.data.imageDigest)}const R=Date.now()-I;if(p.length>0){const r=m.length-p.length,c=m.length,a=p.length===c?`All ${c} ECS service rollouts failed: ${p.join("; ")}`:`Partial rollout: ${r}/${c} services succeeded. Failures: ${p.join("; ")}`;return{kind:"error",error:new Error(a)}}return{kind:"completed",data:{target:t.appName,deploymentType:"application",outputs:Object.keys(g).length>0?g:void 0,durationMs:R}}})}async function W(i,s,t,n,u,k){const I=Date.now(),A=await i.ecsService.describeServices(s,[t]);if(!A.success)return $(new Error(`Failed to describe service ${n}: ${A.error.message}`));const M=A.data[0];if(!M?.taskDefinition)return $(new Error(`Service ${n} has no task definition`));const l=M.taskDefinition,D=await i.ecsService.getLatestTaskDefinition(l);if(!D.success)return $(new Error(`Failed to fetch task definition for ${n}: ${D.error.message}`));const o=D.data;if(!o\|\|!o.containerDefinitions\|\|o.containerDefinitions.length===0)return $(new Error(`Task definition for ${n} has no container definitions`));const ~~y=o~~.containerDefinitions.find(e=>e.image)?.image;if(!y)return $(new Error(`Task definition for ${n} has no container image \u2014 cannot derive repository URI`));const f=P(y),E=await i.ecrImageInspector.getImageDigest(f,u);let d;E.success?d=E.data:k.onLog?.(`Could not resolve image digest for ${n} (${S(E.error.message)}); falling back to tag pinning`,"warn");const m=e=>d!==void 0?`${e}@${d}`:`${e}:${u}`,g=o.containerDefinitions.map(e=>e.image?{...e,image:m(P(e.image))}:e),p=o.family;if(!p)return $(new Error(`Task definition for ${n} has no family`));const R=await i.ecsService.registerTaskDefinition({family:p,taskRoleArn:o.taskRoleArn,executionRoleArn:o.executionRoleArn,networkMode:o.networkMode,containerDefinitions:g,volumes:o.volumes,placementConstraints:o.placementConstraints,requiresCompatibilities:o.requiresCompatibilities,cpu:o.cpu,memory:o.memory,runtimePlatform:o.runtimePlatform,proxyConfiguration:o.proxyConfiguration,inferenceAccelerators:o.inferenceAccelerators,pidMode:o.pidMode,ipcMode:o.ipcMode,ephemeralStorage:o.ephemeralStorage});if(!R.success)return $(new Error(`Failed to register task definition for ${n}: ${R.error.message}`));const r=R.data;k.onTaskDefRegistered?.({serviceName:n,taskDefinitionArn:r,previousTaskDefinitionArn:l,revision:Y(r),family:p,...d!==void 0?{imageDigest:d}:{}});const c=await i.ecsService.updateService(s,t,{taskDefinition:r,forceNewDeployment:!0});if(!c.success)return $(new Error(`Failed to update service ${n}: ${c.error.message}`));const a=await i.ecsService.pollDeployment({clusterArn:s,serviceArn:t,waitForCompletion:!0,progressCallback:e=>{const x=e.latestEvent?` \u2014 ${S(e.latestEvent)}`:"";k.onECSProgress?.(`${n}: ${S(e.message)}${x}`,e.percentComplete)}}),T=Date.now()-I;if(!a.success){const e=S(a.error.message);return k.onECSComplete?.({serviceName:n,serviceArn:t,success:!1,taskDefinitionArn:r,durationMs:T,reason:e}),$(new Error(`ECS rollout failed for ${n}: ${e}`))}const C=await i.ecsService.getDeploymentStatus(s,t);k.onECSComplete?.({serviceName:n,serviceArn:t,success:!0,taskDefinitionArn:r,durationMs:T,finalRunningCount:C.success?C.data.runningCount:void 0,finalDesiredCount:C.success?C.data.desiredCount:void 0}),h.debug(v,`Rolled out ${n} successfully`,{serviceArn:t,newTaskDefArn:r,previousTaskDefArn:l,durationMs:T});const b=`${f}:${u}`,w=X(f);return F({taskDefinitionArn:r,previousTaskDefinitionArn:l,imageUri:b,ecrRepositoryArn:w,imageDigest:d,durationMs:T})}function X(i){const s=i.match(/^(\d{12})\.dkr\.ecr\.([a-z0-9-]+)\.amazonaws\.com\/(.+)$/);if(!s)return"";const[,t,n,u]=s;return`arn:aws:ecr:${n}:${t}:repository/${u}`}function Y(i){const s=i.lastIndexOf(":");if(s<0)return 0;const t=i.slice(s+1);return/^\d+$/.test(t)?parseInt(t,10):0}export{re as deployCodeOnly};
1	+ import{join as U}from"path";import{success as _,failure as k}from"@fjall/generator";import{logger as L}from"@fjall/util/logger";import{maskSensitiveOutput as E}from"@fjall/util";import{parseDockerServicesFromManifest as j}from"@fjall/util/manifest";import{APPLICATION_STACKS as P,getApplicationStepId as N,getApplicationStepName as W}from"../types/operations.js";import{extractEcsServiceName as O}from"../aws/utils/arnParser.js";import{stripTagOrDigest as F}from"../services/infrastructure/EcrImageInspectorService.js";import{withStepLifecycle as q}from"./stepLifecycle.js";const I="codeOnlyDeploy";function z(n,a){if(!n)return;const o=n.docker.target,e=o?`${n.name}-${o}`:n.name;return a[e]}function G(n,a){const o=a.toLowerCase();return n.find(e=>e.name.toLowerCase()===o)??n.find(e=>o.includes(e.name.toLowerCase()))}function H(n,a,o){const e=a.toLowerCase(),c=n.toLowerCase(),g=o.map(m=>m.toLowerCase()).filter(m=>m!==""&&c.startsWith(`${m}-`)).sort((m,T)=>T.length-m.length)[0];if(g===void 0\|\|g===e)return n;const v=n.slice(g.length);return`${e}${v}`}const K=0,X=1;async function se(n,a,o,e){const{callbacks:c,options:g}=n,v=Date.now(),m=N(P.COMPUTE,"deploy"),T=W(P.COMPUTE,"deploy");return q(c,{stepId:m,stepName:T,stepIndex:K,totalSteps:X},async()=>{const d=g?.imageTag;d&&c.onLog?.(`Rolling to supplied image tag ${d}`,"info");const S=j(U(o.path,"cdk.out"));L.debug(I,"Code-only rollout starting",{explicitRollbackTag:d,workingDirectory:n.workingDirectory,contentHashTagsByService:e,manifestServiceCount:S.length,manifestServices:S.map(t=>({name:t.name,target:t.docker.target}))}),c.onLog?.("Discovering ECS cluster and services\u2026","info");const D=await a.ecsResolver.getDeployableClusterAndServices(o.appName);if(!D.success)return L.debug(I,"ECS discovery failed",{appName:o.appName,error:E(D.error.message)}),{kind:"error",error:D.error};const{clusterArn:r,serviceArns:$}=D.data;if(L.debug(I,"ECS discovery complete",{appName:o.appName,clusterArn:r,serviceCount:$.length,serviceArns:$}),!r\|\|$.length===0){const t=`No deployable ECS services found for ${o.appName}`;return c.onLog?.(t,"warn"),{kind:"skipped",data:{target:o.appName,deploymentType:"application",durationMs:Date.now()-v,noChanges:!0}}}const b=g?.serviceName?.toLowerCase(),w=b===""?void 0:b,f=w?$.filter(t=>{const l=(O(t)??"").toLowerCase();return l===w\|\|l.endsWith(w)}):$;if(w&&f.length===0){const t=$.map(l=>O(l)??"unknown").join(", ");return{kind:"error",error:new Error(`Service '${w}' not found. Available: ${t\|\|"none"}`)}}const C={},h=[],R=$.map(t=>O(t)).filter(t=>t!==void 0&&t!=="");for(let t=0;t<f.length;t++){const l=f[t];if(!l)continue;const i=O(l)??`service-${t+1}`,A=`[${t+1}/${f.length}] ${i}`,y=G(S,i),x=z(y,e);let p,s;d!==void 0?(p=H(d,i,R),p!==d?(s=d,c.onLog?.(`Re-based image tag ${d} \u2192 ${p} for ${i}`,"info")):R.length>1&&!d.toLowerCase().startsWith(`${i.toLowerCase()}-`)&&c.onLog?.(`Image tag ${d} has no recognised service prefix; applying verbatim to ${i} \u2014 confirm it points at this service's image`,"warn")):x!==void 0?p=x:(p=`${i.toLowerCase()}-latest`,c.onLog?.(`No content-hash tag found for ${i}; falling back to mutable tag ${p}`,"warn")),L.debug(I,"Starting service rollout",{serviceName:i,serviceArn:l,imageTag:p,explicitRollbackTag:d,contentHashTag:x,manifestServiceMatched:y?.name,dockerTarget:y?.docker.target,index:t,total:f.length}),c.onECSUpdate?.(`${A}: rolling out image tag ${p}`,i);const u=await Y(a,r,l,i,p,c,s);if(L.debug(I,"Service rollout completed",{serviceName:i,success:u.success,...u.success?{taskDefinitionArn:u.data.taskDefinitionArn,imageDigest:u.data.imageDigest,durationMs:u.data.durationMs}:{error:E(u.error.message)}}),!u.success){h.push(`${i}: ${E(u.error.message)}`);continue}C[`${i}TaskDefinition`]=u.data.taskDefinitionArn,C[`${i}PreviousTaskDefinition`]=u.data.previousTaskDefinitionArn,C[`${i}ImageTag`]=p,C[`${i}ImageUri`]=u.data.imageUri,C[`${i}EcrRepositoryArn`]=u.data.ecrRepositoryArn,u.data.imageDigest!==void 0&&(C[`${i}ImageDigest`]=u.data.imageDigest)}const M=Date.now()-v;if(h.length>0){const t=f.length-h.length,l=f.length,i=h.length===l?`All ${l} ECS service rollouts failed: ${h.join("; ")}`:`Partial rollout: ${t}/${l} services succeeded. Failures: ${h.join("; ")}`;return{kind:"error",error:new Error(i)}}return{kind:"completed",data:{target:o.appName,deploymentType:"application",outputs:Object.keys(C).length>0?C:void 0,durationMs:M}}})}async function Y(n,a,o,e,c,g,v){const m=Date.now(),T=await n.ecsService.describeServices(a,[o]);if(!T.success)return k(new Error(`Failed to describe service ${e}: ${T.error.message}`));const d=T.data[0];if(!d?.taskDefinition)return k(new Error(`Service ${e} has no task definition`));const S=d.taskDefinition,D=await n.ecsService.getLatestTaskDefinition(S);if(!D.success)return k(new Error(`Failed to fetch task definition for ${e}: ${D.error.message}`));const r=D.data;if(!r\|\|!r.containerDefinitions\|\|r.containerDefinitions.length===0)return k(new Error(`Task definition for ${e} has no container definitions`));const $=r.containerDefinitions.find(s=>s.image)?.image;if(!$)return k(new Error(`Task definition for ${e} has no container image \u2014 cannot derive repository URI`));const b=F($),w=await n.ecrImageInspector.getImageDigest(b,c);let f;if(w.success)f=w.data;else{if(v!==void 0)return k(new Error(`Re-based image tag '${c}' (from supplied '${v}') was not found in ECR for ${e}: ${E(w.error.message)}. The supplied tag's build has no image for ${e} \u2014 supply that service's own tag, or pass --service to roll a single service.`));g.onLog?.(`Could not resolve image digest for ${e} (${E(w.error.message)}); falling back to tag pinning`,"warn")}const C=s=>f!==void 0?`${s}@${f}`:`${s}:${c}`,h=r.containerDefinitions.map(s=>s.image?{...s,image:C(F(s.image))}:s),R=r.family;if(!R)return k(new Error(`Task definition for ${e} has no family`));const M=await n.ecsService.registerTaskDefinition({family:R,taskRoleArn:r.taskRoleArn,executionRoleArn:r.executionRoleArn,networkMode:r.networkMode,containerDefinitions:h,volumes:r.volumes,placementConstraints:r.placementConstraints,requiresCompatibilities:r.requiresCompatibilities,cpu:r.cpu,memory:r.memory,runtimePlatform:r.runtimePlatform,proxyConfiguration:r.proxyConfiguration,inferenceAccelerators:r.inferenceAccelerators,pidMode:r.pidMode,ipcMode:r.ipcMode,ephemeralStorage:r.ephemeralStorage});if(!M.success)return k(new Error(`Failed to register task definition for ${e}: ${M.error.message}`));const t=M.data;g.onTaskDefRegistered?.({serviceName:e,taskDefinitionArn:t,previousTaskDefinitionArn:S,revision:Q(t),family:R,...f!==void 0?{imageDigest:f}:{}});const l=await n.ecsService.updateService(a,o,{taskDefinition:t,forceNewDeployment:!0});if(!l.success)return k(new Error(`Failed to update service ${e}: ${l.error.message}`));const i=await n.ecsService.pollDeployment({clusterArn:a,serviceArn:o,waitForCompletion:!0,progressCallback:s=>{const u=s.latestEvent?` \u2014 ${E(s.latestEvent)}`:"";g.onECSProgress?.(`${e}: ${E(s.message)}${u}`,s.percentComplete)}}),A=Date.now()-m;if(!i.success){const s=E(i.error.message);return g.onECSComplete?.({serviceName:e,serviceArn:o,success:!1,taskDefinitionArn:t,durationMs:A,reason:s}),k(new Error(`ECS rollout failed for ${e}: ${s}`))}const y=await n.ecsService.getDeploymentStatus(a,o);g.onECSComplete?.({serviceName:e,serviceArn:o,success:!0,taskDefinitionArn:t,durationMs:A,finalRunningCount:y.success?y.data.runningCount:void 0,finalDesiredCount:y.success?y.data.desiredCount:void 0}),L.debug(I,`Rolled out ${e} successfully`,{serviceArn:o,newTaskDefArn:t,previousTaskDefArn:S,durationMs:A});const x=`${b}:${c}`,p=J(b);return _({taskDefinitionArn:t,previousTaskDefinitionArn:S,imageUri:x,ecrRepositoryArn:p,imageDigest:f,durationMs:A})}function J(n){const a=n.match(/^(\d{12})\.dkr\.ecr\.([a-z0-9-]+)\.amazonaws\.com\/(.+)$/);if(!a)return"";const[,o,e,c]=a;return`arn:aws:ecr:${e}:${o}:repository/${c}`}function Q(n){const a=n.lastIndexOf(":");if(a<0)return 0;const o=n.slice(a+1);return/^\d+$/.test(o)?parseInt(o,10):0}export{se as deployCodeOnly,H as rebaseRollbackTagForService};

package/dist/src/orchestration/dockerBuildHelper.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{isAbsolute as b,join as k,dirname as v,resolve as T}from"node:path";import{success as D,failure as C}from"@fjall/generator";import{deriveContentHashTag as $,maskSensitiveOutput as h}from"@fjall/util";import{logger as E}from"@fjall/util/logger";import{parseDockerServicesFromManifest as A}from"@fjall/util/manifest";import{STEP_IDS as N}from"../types/stepDefinitions.js";const O="dockerBuildHelper",R="Building and pushing Docker image";function w(t,n){const r=t.docker.path,e=t.docker.context,~~s=b~~(r)~~?r:k~~(n,r);return{buildContext:e?b(e)?T(e):T(n,e):T(~~v(s~~)),dockerfilePath:s,target:t.docker.target}}function I(t){return`${t.buildContext}\|${t.dockerfilePath}\|${t.target??""}`}function x(t){return t.startsWith("cn-")?"amazonaws.com.cn":"amazonaws.com"}function L(t,n,r){return`${t}.dkr.ecr.${n}.${x(n)}/${r.toLowerCase()}`}function B(t,n){const r=n.name.toLowerCase(),e=n.docker.target,s=e?`-${e.toLowerCase()}`:"";return[`${t}:${r}${s}-latest`]}function _(t,n,r){const e=new Map;for(const s of t){const a=w(s,n),u=I(a),d=B(r,s),i=e.get(u);i?(i.members.push(s),i.latestTags.push(...d)):e.set(u,{identity:a,members:[s],latestTags:[...d]})}return Array.from(e.values())}async function K(t,n,r,e,s){const a=await t.buildAndPush({appName:n.appName,appPath:n.path,region:r,accountId:e},(u,d~~,i,p~~)=>{s.onDockerProgress?.(h(u),d,i,p)});return a.success?D({imageUri:a.data.imageUri,imageTag:a.data.imageTag}):C(a.error)}async function H(t,n,r,e,s,a,u){const d=t.members[0],i={appName:r.appName,appPath:t.identity.buildContext,region:e,accountId:s,buildContext:t.identity.buildContext,dockerfilePath:t.identity.dockerfilePath,imageTags:t.latestTags,serviceName:d.name,...t.identity.target!==void 0&&{target:t.identity.target},...d.docker.buildArgs!==void 0&&{buildArgs:d.docker.buildArgs}},p=await n.buildAndPush(i,(c,P,m,g)=>{u.onDockerProgress?.(h(c),P,m,g)});if(!p.success)return C(p.error);const f=p.data.imageDigest;if(typeof f!="string"\|\|!f.startsWith("sha256:"))return C(new Error(`Buildx push succeeded but returned an invalid digest: ${h(String(f))}`));const l={},S=[];for(const c of t.members){const P=c.docker.target,~~m=$~~(f,c.name,P);if(!m.success)return C(m.error);const g=m.data,y=c.name;l[y]=g,S.push(`${a}:${g}`)}const o=await n.tagByDigest({sourceImage:a,digest:f,tags:S});return o.success?D({contentHashTagsByService:l}):C(o.error)}async function W(t,n,r,e){const s=t.dockerProvider;if(!s)return D({});const a=n.awsProvider.getAccountId();if(!a)return e.onLog?.("Skipping Docker build \u2014 account ID not available","warn"),D({});const u=n.awsProvider.getRegion(),d=k(r.path,"cdk.out"),i=A(d),p=L(a,u,r.appName);E.debug(O,"runDockerBuild starting",{appName:r.appName,appPath:r.path,accountId:a,region:u,cdkOutPath:d,manifestServiceCount:i.length,manifestServices:i.map(o=>({name:o.name,path:o.docker.path,context:o.docker.context,target:o.docker.target})),stepId:N.DOCKER_OPERATIONS,stepName:R}),e.onStepStart?.(N.DOCKER_OPERATIONS,R),e.onLog?.("Initialising ECR repository\u2026","info");const f=await s.initialiseECR({appName:r.appName,region:u,accountId:a});if(f.success\|\|e.onLog?.(`ECR initialisation failed: ${h(f.error.message)}`,"warn"),i.length===0){e.onLog?.("Building and pushing Docker image\u2026","info");const o=await K(s,r,u,a,e);if(!o.success){E.debug(O,"Docker buildAndPush (legacy) failed",{appName:r.appName,error:h(o.error.message)}),e.onStepComplete?.(N.DOCKER_OPERATIONS,R,"error");const c=new Error(h(o.error.message));return e.onError?.(c),C(c)}return e.onStepComplete?.(N.DOCKER_OPERATIONS,R,"completed"),e.onLog?.(`Docker image pushed: ${o.data.imageUri}`,"info"),D({})}const l=_(i,r.path,p);e.onLog?.(`Building and pushing ${i.length} service image(s) in ${l.length} group(s)\u2026`,"info");const S={};for(let o=0;o<l.length;o++){const c=l[o],P=c.members.map(g=>g.name).join(", ");e.onLog?.(`Building group ${o+1}/${l.length} (${P})\u2026`,"info");const m=await H(c,s,r,u,a,p,e);if(!m.success){E.debug(O,"Docker buildAndPush failed",{appName:r.appName,leader:c.members[0]?.name,members:P,error:h(m.error.message)}),e.onStepComplete?.(N.DOCKER_OPERATIONS,R,"error");const g=new Error(h(m.error.message));return e.onError?.(g),C(g)}for(const[g,y]of Object.entries(m.data.contentHashTagsByService))S[g]=y}return E.debug(O,"Docker buildAndPush succeeded",{appName:r.appName,services:i.map(o=>o.name),groupCount:l.length,contentHashTags:S}),e.onStepComplete?.(N.DOCKER_OPERATIONS,R,"completed"),e.onLog?.(`Docker images pushed for ${i.length} service(s)`,"info"),D(S)}export{R as DOCKER_BUILD_STEP_NAME,W as runDockerBuild};
1	+ import{isAbsolute as O,join as E,dirname as T,resolve as R}from"node:path";import{existsSync as $}from"node:fs";import{success as D,failure as h}from"@fjall/generator";import{deriveContentHashTag as w,maskSensitiveOutput as k}from"@fjall/util";import{logger as S}from"@fjall/util/logger";import{parseDockerServicesFromManifest as A}from"@fjall/util/manifest";import{STEP_IDS as v}from"../types/stepDefinitions.js";const b="dockerBuildHelper",P="Building and pushing Docker image";function x(e,n,r){const t=E(n,e);if($(t))return{path:t,base:n};if(r!==""&&r!==n){const i=E(r,e);if($(i))return{path:i,base:r}}return{path:t,base:n}}function I(e,n,r){const t=e.docker.path,i=e.docker.context;let o,a;if(O(t))o=t,a=n;else{const c=x(t,n,r);o=c.path,a=c.base}return{buildContext:i?O(i)?R(i):R(a,i):R(T(o)),dockerfilePath:o,target:e.docker.target,resolvedViaFallback:a!==n}}function L(e){return`${e.buildContext}\|${e.dockerfilePath}\|${e.target??""}`}function B(e,n){return`Dockerfile not found for service '${e}' at ${n}. Checked the synth directory and the working directory. If your Dockerfile lives at the project root with the CDK app in a subdirectory, set an absolute docker.context (the build context must share the Dockerfile's directory).`}function _(e){return e.startsWith("cn-")?"amazonaws.com.cn":"amazonaws.com"}function K(e,n,r){return`${e}.dkr.ecr.${n}.${_(n)}/${r.toLowerCase()}`}function H(e,n){const r=n.name.toLowerCase(),t=n.docker.target,i=t?`-${t.toLowerCase()}`:"";return[`${e}:${r}${i}-latest`]}function j(e,n,r,t){const i=new Map;for(const o of e){const a=I(o,n,t),u=L(a),c=H(r,o),d=i.get(u);d?(d.members.push(o),d.latestTags.push(...c)):i.set(u,{identity:a,members:[o],latestTags:[...c]})}return Array.from(i.values())}async function F(e,n,r,t,i){const o=await e.buildAndPush({appName:n.appName,appPath:n.path,region:r,accountId:t},(a,u,c,d)=>{i.onDockerProgress?.(k(a),u,c,d)});return o.success?D({imageUri:o.data.imageUri,imageTag:o.data.imageTag}):h(o.error)}async function U(e,n,r,t,i,o,a){const u=e.members[0];if(!$(e.identity.dockerfilePath))return h(new Error(B(u.name,e.identity.dockerfilePath)));e.identity.resolvedViaFallback&&a.onLog?.(`Building service '${u.name}' from ${e.identity.dockerfilePath} (resolved at the project root).`,"info");const c={appName:r.appName,appPath:e.identity.buildContext,region:t,accountId:i,buildContext:e.identity.buildContext,dockerfilePath:e.identity.dockerfilePath,imageTags:e.latestTags,serviceName:u.name,...e.identity.target!==void 0&&{target:e.identity.target},...u.docker.buildArgs!==void 0&&{buildArgs:u.docker.buildArgs}},d=await n.buildAndPush(c,(g,C,f,m)=>{a.onDockerProgress?.(k(g),C,f,m)});if(!d.success)return h(d.error);const p=d.data.imageDigest;if(typeof p!="string"\|\|!p.startsWith("sha256:"))return h(new Error(`Buildx push succeeded but returned an invalid digest: ${k(String(p))}`));const l={},y=[];for(const g of e.members){const C=g.docker.target,f=w(p,g.name,C);if(!f.success)return h(f.error);const m=f.data,N=g.name;l[N]=m,y.push(`${o}:${m}`)}const s=await n.tagByDigest({sourceImage:o,digest:p,tags:y});return s.success?D({contentHashTagsByService:l}):h(s.error)}async function J(e,n,r,t){const i=e.dockerProvider;if(!i)return D({});const o=n.awsProvider.getAccountId();if(!o)return t.onLog?.("Skipping Docker build \u2014 account ID not available","warn"),D({});const a=n.awsProvider.getRegion(),u=E(r.path,"cdk.out"),c=A(u),d=K(o,a,r.appName);S.debug(b,"runDockerBuild starting",{appName:r.appName,appPath:r.path,accountId:o,region:a,cdkOutPath:u,manifestServiceCount:c.length,manifestServices:c.map(s=>({name:s.name,path:s.docker.path,context:s.docker.context,target:s.docker.target})),stepId:v.DOCKER_OPERATIONS,stepName:P}),t.onStepStart?.(v.DOCKER_OPERATIONS,P),t.onLog?.("Initialising ECR repository\u2026","info");const p=await i.initialiseECR({appName:r.appName,region:a,accountId:o});if(p.success\|\|t.onLog?.(`ECR initialisation failed: ${k(p.error.message)}`,"warn"),c.length===0){t.onLog?.("Building and pushing Docker image\u2026","info");const s=await F(i,r,a,o,t);if(!s.success){S.debug(b,"Docker buildAndPush (legacy) failed",{appName:r.appName,error:k(s.error.message)}),t.onStepComplete?.(v.DOCKER_OPERATIONS,P,"error");const g=new Error(k(s.error.message));return t.onError?.(g),h(g)}return t.onStepComplete?.(v.DOCKER_OPERATIONS,P,"completed"),t.onLog?.(`Docker image pushed: ${s.data.imageUri}`,"info"),D({})}const l=j(c,r.path,d,e.workingDirectory);t.onLog?.(`Building and pushing ${c.length} service image(s) in ${l.length} group(s)\u2026`,"info");const y={};for(let s=0;s<l.length;s++){const g=l[s],C=g.members.map(m=>m.name).join(", ");t.onLog?.(`Building group ${s+1}/${l.length} (${C})\u2026`,"info");const f=await U(g,i,r,a,o,d,t);if(!f.success){S.debug(b,"Docker buildAndPush failed",{appName:r.appName,leader:g.members[0]?.name,members:C,error:k(f.error.message)}),t.onStepComplete?.(v.DOCKER_OPERATIONS,P,"error");const m=new Error(k(f.error.message));return t.onError?.(m),h(m)}for(const[m,N]of Object.entries(f.data.contentHashTagsByService))y[m]=N}return S.debug(b,"Docker buildAndPush succeeded",{appName:r.appName,services:c.map(s=>s.name),groupCount:l.length,contentHashTags:y}),t.onStepComplete?.(v.DOCKER_OPERATIONS,P,"completed"),t.onLog?.(`Docker images pushed for ${c.length} service(s)`,"info"),D(y)}export{P as DOCKER_BUILD_STEP_NAME,J as runDockerBuild};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@fjall/deploy-core",
-  "version": "2.19.1",
+  "version": "2.19.2",
   "description": "Shared deployment engine for Fjall — used by CLI and webapp worker",
   "type": "module",
   "main": "dist/src/index.js",
@@ -78,8 +78,8 @@
     "@aws-sdk/client-sqs": "^3.1067.0",
     "@aws-sdk/client-sso-admin": "^3.1038.0",
     "@aws-sdk/client-sts": "^3.1038.0",
-    "@fjall/generator": "^2.19.1",
-    "@fjall/util": "^2.19.1",
+    "@fjall/generator": "^2.19.2",
+    "@fjall/util": "^2.19.2",
     "@smithy/node-http-handler": "^4.6.1",
     "tsx": "^4.21.0",
     "zod": "^4.4.3"
@@ -88,5 +88,5 @@
     "@types/node": "^25.6.0",
     "vitest": "^4.1.5"
   },
-  "gitHead": "4a28fac0bbbcb4e0db6cb79a9289a7108417a16a"
+  "gitHead": "9c77ec058ff9a6bbd09d318747ff9cf3152ee58b"
 }