@geekmidas/cli 0.38.0 → 0.40.0

package/src/deploy/__tests__/sniffer.spec.ts

@@ -0,0 +1,221 @@
+import { describe, expect, it } from 'vitest';
+import type { NormalizedAppConfig } from '../../workspace/types';
+import { sniffAllApps, sniffAppEnvironment, type SniffResult } from '../sniffer';
+
+describe('sniffAppEnvironment', () => {
+	const workspacePath = '/test/workspace';
+
+	const createApp = (
+		overrides: Partial<NormalizedAppConfig> = {},
+	): NormalizedAppConfig => ({
+		type: 'backend',
+		path: 'apps/api',
+		port: 3000,
+		dependencies: [],
+		resolvedDeployTarget: 'dokploy',
+		...overrides,
+	});
+
+	describe('frontend apps', () => {
+		it('should return empty env vars for frontend apps', async () => {
+			const app = createApp({ type: 'frontend' });
+
+			const result = await sniffAppEnvironment(app, 'web', workspacePath);
+
+			expect(result.appName).toBe('web');
+			expect(result.requiredEnvVars).toEqual([]);
+		});
+
+		it('should ignore requiredEnv for frontend apps', async () => {
+			const app = createApp({
+				type: 'frontend',
+				requiredEnv: ['API_KEY', 'SECRET'], // Should be ignored
+			});
+
+			const result = await sniffAppEnvironment(app, 'web', workspacePath);
+
+			expect(result.requiredEnvVars).toEqual([]);
+		});
+	});
+
+	describe('entry-based apps with requiredEnv', () => {
+		it('should return requiredEnv list for entry-based apps', async () => {
+			const app = createApp({
+				entry: './src/index.ts',
+				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+			});
+
+			const result = await sniffAppEnvironment(app, 'auth', workspacePath);
+
+			expect(result.appName).toBe('auth');
+			expect(result.requiredEnvVars).toEqual([
+				'DATABASE_URL',
+				'BETTER_AUTH_SECRET',
+			]);
+		});
+
+		it('should return copy of requiredEnv (not reference)', async () => {
+			const requiredEnv = ['DATABASE_URL'];
+			const app = createApp({ requiredEnv });
+
+			const result = await sniffAppEnvironment(app, 'api', workspacePath);
+
+			// Modify the result and verify original is unchanged
+			result.requiredEnvVars.push('MODIFIED');
+			expect(requiredEnv).toEqual(['DATABASE_URL']);
+		});
+
+		it('should return empty when requiredEnv is empty array', async () => {
+			const app = createApp({ requiredEnv: [] });
+
+			const result = await sniffAppEnvironment(app, 'api', workspacePath);
+
+			expect(result.requiredEnvVars).toEqual([]);
+		});
+	});
+
+	describe('apps with envParser', () => {
+		it('should return empty when envParser module cannot be loaded', async () => {
+			const app = createApp({
+				envParser: './src/nonexistent/env#parser',
+			});
+
+			// This will fail to load the module and return empty
+			// Suppress warnings for this test
+			const result = await sniffAppEnvironment(app, 'api', workspacePath, {
+				logWarnings: false,
+			});
+
+			expect(result.requiredEnvVars).toEqual([]);
+		});
+
+		it('should gracefully handle errors without failing the build', async () => {
+			const app = createApp({
+				envParser: './src/invalid/path#nonexistent',
+			});
+
+			// Should not throw, just return empty
+			const result = await sniffAppEnvironment(app, 'api', workspacePath, {
+				logWarnings: false,
+			});
+
+			expect(result.appName).toBe('api');
+			expect(result.requiredEnvVars).toEqual([]);
+		});
+	});
+
+	describe('apps without env detection', () => {
+		it('should return empty when no envParser or requiredEnv', async () => {
+			const app = createApp({
+				// No envParser or requiredEnv
+			});
+
+			const result = await sniffAppEnvironment(app, 'api', workspacePath);
+
+			expect(result.requiredEnvVars).toEqual([]);
+		});
+	});
+});
+
+describe('sniffAllApps', () => {
+	const workspacePath = '/test/workspace';
+
+	it('should sniff all apps in workspace', async () => {
+		const apps: Record<string, NormalizedAppConfig> = {
+			api: {
+				type: 'backend',
+				path: 'apps/api',
+				port: 3000,
+				dependencies: [],
+				resolvedDeployTarget: 'dokploy',
+				requiredEnv: ['DATABASE_URL', 'REDIS_URL'],
+			},
+			auth: {
+				type: 'backend',
+				path: 'apps/auth',
+				port: 3002,
+				dependencies: [],
+				resolvedDeployTarget: 'dokploy',
+				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+			},
+			web: {
+				type: 'frontend',
+				path: 'apps/web',
+				port: 3001,
+				dependencies: ['api', 'auth'],
+				resolvedDeployTarget: 'dokploy',
+			},
+		};
+
+		const results = await sniffAllApps(apps, workspacePath);
+
+		expect(results.size).toBe(3);
+
+		expect(results.get('api')).toEqual({
+			appName: 'api',
+			requiredEnvVars: ['DATABASE_URL', 'REDIS_URL'],
+		});
+
+		expect(results.get('auth')).toEqual({
+			appName: 'auth',
+			requiredEnvVars: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+		});
+
+		expect(results.get('web')).toEqual({
+			appName: 'web',
+			requiredEnvVars: [], // Frontend - no secrets
+		});
+	});
+
+	it('should handle empty apps record', async () => {
+		const apps: Record<string, NormalizedAppConfig> = {};
+
+		const results = await sniffAllApps(apps, workspacePath);
+
+		expect(results.size).toBe(0);
+	});
+
+	it('should pass options to individual app sniffing', async () => {
+		const apps: Record<string, NormalizedAppConfig> = {
+			api: {
+				type: 'backend',
+				path: 'apps/api',
+				port: 3000,
+				dependencies: [],
+				resolvedDeployTarget: 'dokploy',
+				envParser: './src/nonexistent/env#parser', // Will fail but shouldn't log
+			},
+		};
+
+		// Should not throw, and suppress warnings
+		const results = await sniffAllApps(apps, workspacePath, {
+			logWarnings: false,
+		});
+
+		expect(results.size).toBe(1);
+		expect(results.get('api')?.requiredEnvVars).toEqual([]);
+	});
+});
+
+describe('fire-and-forget handling', () => {
+	it('captures environment variables even when envParser throws', async () => {
+		// The sniffer should capture env vars that were accessed before an error
+		// This is the "fire and forget" pattern - errors don't stop env detection
+		const app: NormalizedAppConfig = {
+			type: 'backend',
+			path: 'apps/api',
+			port: 3000,
+			dependencies: [],
+			resolvedDeployTarget: 'dokploy',
+			envParser: './src/invalid#missing',
+		};
+
+		const result = await sniffAppEnvironment(app, 'api', '/test/workspace', {
+			logWarnings: false,
+		});
+
+		// Should return gracefully without throwing
+		expect(result.appName).toBe('api');
+		expect(Array.isArray(result.requiredEnvVars)).toBe(true);
+	});
+});

package/src/deploy/docker.ts

@@ -1,8 +1,8 @@
 import { execSync } from 'node:child_process';
 import { existsSync, readFileSync } from 'node:fs';
-import { dirname, join, relative } from 'node:path';
+import { dirname, join } from 'node:path';
 import type { GkmConfig } from '../config';
-import { dockerCommand, findLockfilePath, isMonorepo } from '../docker';
+import { dockerCommand, findLockfilePath } from '../docker';
 import type { DeployResult, DockerDeployConfig } from './types';
 
 /**
@@ -76,6 +76,16 @@ export interface DockerDeployOptions {
 	masterKey?: string;
 	/** Docker config from gkm.config */
 	config: DockerDeployConfig;
+	/**
+	 * Build arguments to pass to docker build.
+	 * Format: ['KEY=value', 'KEY2=value2']
+	 */
+	buildArgs?: string[];
+	/**
+	 * Public URL argument names for frontend Dockerfile generation.
+	 * Used to ensure the Dockerfile declares these as ARG/ENV.
+	 */
+	publicUrlArgs?: string[];
 }
 
 /**
@@ -94,15 +104,24 @@ export function getImageRef(
 
 /**
  * Build Docker image
+ * @param imageRef - Full image reference (registry/name:tag)
+ * @param appName - Name of the app (used for Dockerfile.{appName} in workspaces)
+ * @param buildArgs - Build arguments to pass to docker build
  */
-async function buildImage(imageRef: string): Promise<void> {
+async function buildImage(
+	imageRef: string,
+	appName?: string,
+	buildArgs?: string[],
+): Promise<void> {
 	logger.log(`\n🔨 Building Docker image: ${imageRef}`);
 
 	const cwd = process.cwd();
-	const inMonorepo = isMonorepo(cwd);
+	const lockfilePath = findLockfilePath(cwd);
+	const lockfileDir = lockfilePath ? dirname(lockfilePath) : cwd;
+	const inMonorepo = lockfileDir !== cwd;
 
 	// Generate appropriate Dockerfile
-	if (inMonorepo) {
+	if (appName || inMonorepo) {
 		logger.log('   Generating Dockerfile for monorepo (turbo prune)...');
 	} else {
 		logger.log('   Generating Dockerfile...');
@@ -110,31 +129,41 @@ async function buildImage(imageRef: string): Promise<void> {
 	await dockerCommand({});
 
 	// Determine build context and Dockerfile path
-	let buildCwd = cwd;
-	let dockerfilePath = '.gkm/docker/Dockerfile';
-
-	if (inMonorepo) {
-		// For monorepos, build from root so turbo prune can access all packages
-		const lockfilePath = findLockfilePath(cwd);
-		if (lockfilePath) {
-			const monorepoRoot = dirname(lockfilePath);
-			const appRelPath = relative(monorepoRoot, cwd);
-			dockerfilePath = join(appRelPath, '.gkm/docker/Dockerfile');
-			buildCwd = monorepoRoot;
-			logger.log(`   Building from monorepo root: ${monorepoRoot}`);
-		}
+	// For workspaces with multiple apps, use per-app Dockerfile (Dockerfile.api, etc.)
+	const dockerfileSuffix = appName ? `.${appName}` : '';
+	const dockerfilePath = `.gkm/docker/Dockerfile${dockerfileSuffix}`;
+
+	// Build from workspace/monorepo root when we have a lockfile elsewhere or appName is provided
+	const buildCwd =
+		lockfilePath && (inMonorepo || appName) ? lockfileDir : cwd;
+	if (buildCwd !== cwd) {
+		logger.log(`   Building from workspace root: ${buildCwd}`);
 	}
 
+	// Build the build args string
+	const buildArgsString =
+		buildArgs && buildArgs.length > 0
+			? buildArgs.map((arg) => `--build-arg "${arg}"`).join(' ')
+			: '';
+
 	try {
 		// Build for linux/amd64 to ensure compatibility with most cloud servers
-		execSync(
-			`DOCKER_BUILDKIT=1 docker build --platform linux/amd64 -f ${dockerfilePath} -t ${imageRef} .`,
-			{
-				cwd: buildCwd,
-				stdio: 'inherit',
-				env: { ...process.env, DOCKER_BUILDKIT: '1' },
-			},
-		);
+		const cmd = [
+			'DOCKER_BUILDKIT=1 docker build',
+			'--platform linux/amd64',
+			`-f ${dockerfilePath}`,
+			`-t ${imageRef}`,
+			buildArgsString,
+			'.',
+		]
+			.filter(Boolean)
+			.join(' ');
+
+		execSync(cmd, {
+			cwd: buildCwd,
+			stdio: 'inherit',
+			env: { ...process.env, DOCKER_BUILDKIT: '1' },
+		});
 		logger.log(`✅ Image built: ${imageRef}`);
 	} catch (error) {
 		throw new Error(
@@ -168,14 +197,14 @@ async function pushImage(imageRef: string): Promise<void> {
 export async function deployDocker(
 	options: DockerDeployOptions,
 ): Promise<DeployResult> {
-	const { stage, tag, skipPush, masterKey, config } = options;
+	const { stage, tag, skipPush, masterKey, config, buildArgs } = options;
 
 	// imageName should always be set by resolveDockerConfig
 	const imageName = config.imageName!;
 	const imageRef = getImageRef(config.registry, imageName, tag);
 
-	// Build image
-	await buildImage(imageRef);
+	// Build image (pass appName for workspace Dockerfile selection)
+	await buildImage(imageRef, config.appName, buildArgs);
 
 	// Push to registry if not skipped
 	if (!skipPush) {

package/src/deploy/dokploy-api.ts

@@ -458,6 +458,68 @@ export class DokployApi {
 	): Promise<void> {
 		await this.post('redis.update', { redisId, ...updates });
 	}
+
+	// ============================================
+	// Domain endpoints
+	// ============================================
+
+	/**
+	 * Create a new domain for an application
+	 */
+	async createDomain(options: DokployDomainCreate): Promise<DokployDomain> {
+		return this.post<DokployDomain>(
+			'domain.create',
+			options as unknown as Record<string, unknown>,
+		);
+	}
+
+	/**
+	 * Update an existing domain
+	 */
+	async updateDomain(
+		domainId: string,
+		updates: Partial<DokployDomainCreate>,
+	): Promise<void> {
+		await this.post('domain.update', { domainId, ...updates });
+	}
+
+	/**
+	 * Delete a domain
+	 */
+	async deleteDomain(domainId: string): Promise<void> {
+		await this.post('domain.delete', { domainId });
+	}
+
+	/**
+	 * Get a domain by ID
+	 */
+	async getDomain(domainId: string): Promise<DokployDomain> {
+		return this.get<DokployDomain>(`domain.one?domainId=${domainId}`);
+	}
+
+	/**
+	 * Get all domains for an application
+	 */
+	async getDomainsByApplicationId(
+		applicationId: string,
+	): Promise<DokployDomain[]> {
+		return this.get<DokployDomain[]>(
+			`domain.byApplicationId?applicationId=${applicationId}`,
+		);
+	}
+
+	/**
+	 * Auto-generate a domain name for an application
+	 */
+	async generateDomain(
+		appName: string,
+		serverId?: string,
+	): Promise<{ domain: string }> {
+		return this.post<{ domain: string }>('domain.generateDomain', {
+			appName,
+			serverId,
+		});
+	}
 }
 
 // ============================================
@@ -552,6 +614,43 @@ export interface DokployRedisUpdate {
 	description: string;
 }
 
+export type DokployCertificateType = 'letsencrypt' | 'none' | 'custom';
+export type DokployDomainType = 'application' | 'compose' | 'preview';
+
+export interface DokployDomainCreate {
+	/** Domain hostname (e.g., 'api.example.com') */
+	host: string;
+	/** URL path (optional, e.g., '/api') */
+	path?: string | null;
+	/** Container port to route to (1-65535) */
+	port?: number | null;
+	/** Enable HTTPS */
+	https?: boolean;
+	/** Associated application ID */
+	applicationId?: string | null;
+	/** Certificate type for HTTPS */
+	certificateType?: DokployCertificateType;
+	/** Custom certificate resolver name */
+	customCertResolver?: string | null;
+	/** Docker Compose service ID */
+	composeId?: string | null;
+	/** Service name for compose */
+	serviceName?: string | null;
+	/** Domain type */
+	domainType?: DokployDomainType | null;
+	/** Preview deployment ID */
+	previewDeploymentId?: string | null;
+	/** Internal routing path */
+	internalPath?: string | null;
+	/** Strip path from forwarded requests */
+	stripPath?: boolean;
+}
+
+export interface DokployDomain extends DokployDomainCreate {
+	domainId: string;
+	createdAt?: string;
+}
+
 /**
  * Create a Dokploy API client from stored credentials or environment
  */

package/src/deploy/domain.ts

@@ -0,0 +1,125 @@
+import type { DokployWorkspaceConfig, NormalizedAppConfig } from '../workspace/types.js';
+
+/**
+ * Resolve the hostname for an app based on stage configuration.
+ *
+ * Domain resolution priority:
+ * 1. Explicit app.domain override (string or stage-specific)
+ * 2. Default pattern based on app type:
+ *    - Main frontend app gets base domain (e.g., 'myapp.com')
+ *    - Other apps get prefixed domain (e.g., 'api.myapp.com')
+ *
+ * @param appName - The name of the app
+ * @param app - The normalized app configuration
+ * @param stage - The deployment stage (e.g., 'production', 'development')
+ * @param dokployConfig - Dokploy workspace configuration with domain mappings
+ * @param isMainFrontend - Whether this is the main frontend app
+ * @returns The resolved hostname for the app
+ * @throws Error if no domain configuration is found for the stage
+ */
+export function resolveHost(
+	appName: string,
+	app: NormalizedAppConfig,
+	stage: string,
+	dokployConfig: DokployWorkspaceConfig | undefined,
+	isMainFrontend: boolean,
+): string {
+	// 1. Check for explicit app domain override
+	if (app.domain) {
+		if (typeof app.domain === 'string') {
+			return app.domain;
+		}
+		if (app.domain[stage]) {
+			return app.domain[stage]!;
+		}
+	}
+
+	// 2. Get base domain for this stage
+	const baseDomain = dokployConfig?.domains?.[stage];
+	if (!baseDomain) {
+		throw new Error(
+			`No domain configured for stage "${stage}". ` +
+				`Add deploy.dokploy.domains.${stage} to gkm.config.ts`,
+		);
+	}
+
+	// 3. Main frontend app gets base domain, others get prefix
+	if (isMainFrontend) {
+		return baseDomain;
+	}
+
+	return `${appName}.${baseDomain}`;
+}
+
+/**
+ * Determine if an app is the "main" frontend (gets base domain).
+ *
+ * An app is considered the main frontend if:
+ * 1. It's named 'web' and is a frontend type
+ * 2. It's the first frontend app in the apps list
+ *
+ * @param appName - The name of the app to check
+ * @param app - The app configuration
+ * @param allApps - All apps in the workspace
+ * @returns True if this is the main frontend app
+ */
+export function isMainFrontendApp(
+	appName: string,
+	app: NormalizedAppConfig,
+	allApps: Record<string, NormalizedAppConfig>,
+): boolean {
+	if (app.type !== 'frontend') {
+		return false;
+	}
+
+	// App named 'web' is always main
+	if (appName === 'web') {
+		return true;
+	}
+
+	// Otherwise, check if this is the first frontend
+	for (const [name, a] of Object.entries(allApps)) {
+		if (a.type === 'frontend') {
+			return name === appName;
+		}
+	}
+
+	return false;
+}
+
+/**
+ * Generate public URL build args for a frontend app based on its dependencies.
+ *
+ * @param app - The frontend app configuration
+ * @param deployedUrls - Map of app name to deployed public URL
+ * @returns Array of build args like 'NEXT_PUBLIC_API_URL=https://api.example.com'
+ */
+export function generatePublicUrlBuildArgs(
+	app: NormalizedAppConfig,
+	deployedUrls: Record<string, string>,
+): string[] {
+	const buildArgs: string[] = [];
+
+	for (const dep of app.dependencies) {
+		const publicUrl = deployedUrls[dep];
+		if (publicUrl) {
+			// Convert app name to UPPER_SNAKE_CASE for env var
+			const envVarName = `NEXT_PUBLIC_${dep.toUpperCase()}_URL`;
+			buildArgs.push(`${envVarName}=${publicUrl}`);
+		}
+	}
+
+	return buildArgs;
+}
+
+/**
+ * Get public URL arg names from app dependencies.
+ *
+ * @param app - The frontend app configuration
+ * @returns Array of arg names like 'NEXT_PUBLIC_API_URL'
+ */
+export function getPublicUrlArgNames(app: NormalizedAppConfig): string[] {
+	return app.dependencies.map(
+		(dep) => `NEXT_PUBLIC_${dep.toUpperCase()}_URL`,
+	);
+}