@geekmidas/cli 0.43.0 → 0.45.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "0.43.0",
+  "version": "0.45.0",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -48,8 +48,8 @@
     "lodash.kebabcase": "^4.1.1",
     "openapi-typescript": "^7.4.2",
     "prompts": "~2.4.2",
-    "@geekmidas/envkit": "~0.6.0",
     "@geekmidas/constructs": "~0.7.0",
+    "@geekmidas/envkit": "~0.6.0",
     "@geekmidas/errors": "~0.1.0",
     "@geekmidas/logger": "~0.4.0",
     "@geekmidas/schema": "~0.1.0"

package/src/build/__tests__/bundler.spec.ts

@@ -54,9 +54,9 @@ async function createEntryPoint(dir: string): Promise<string> {
 	const entryPoint = join(outputDir, 'server.ts');
 	await writeFile(entryPoint, 'console.log("hello");');
 
-	// Create the output file that tsdown would normally create
-	// (since we're mocking execSync, the file won't be created automatically)
-	await writeFile(join(distDir, 'server.js'), 'console.log("bundled");');
+	// Create the output file that esbuild would normally create
+	// (since we're mocking spawnSync, the file won't be created automatically)
+	await writeFile(join(distDir, 'server.mjs'), 'console.log("bundled");');
 
 	return entryPoint;
 }

package/src/deploy/index.ts

@@ -808,12 +808,20 @@ export async function workspaceDeployCommand(
 
 	if (dockerServices.postgres || dockerServices.redis) {
 		logger.log('\n🔧 Provisioning infrastructure services...');
+		// Pass existing URLs from secrets to skip re-creating services
+		const existingUrls = stageSecrets
+			? {
+					DATABASE_URL: stageSecrets.urls?.DATABASE_URL,
+					REDIS_URL: stageSecrets.urls?.REDIS_URL,
+				}
+			: undefined;
 		await provisionServices(
 			api,
 			project.projectId,
 			environmentId,
 			workspace.name,
 			dockerServices,
+			existingUrls,
 		);
 	}
 

package/src/dev/__tests__/entry-integration.spec.ts

@@ -1,7 +1,7 @@
 import { mkdir, readFile, rm, writeFile } from 'node:fs/promises';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
-import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
 import { prepareEntryCredentials } from '../index';
 
 describe('prepareEntryCredentials', () => {
@@ -121,14 +121,14 @@ export default defineWorkspace({
 			expect(result.appName).toBe('auth');
 		});
 
-		it('should write credentials to dev-secrets.json at workspace root', async () => {
+		it('should write credentials to app-specific dev-secrets file at workspace root', async () => {
 			const apiDir = join(workspaceDir, 'apps', 'api');
 
 			const result = await prepareEntryCredentials({ cwd: apiDir });
 
-			// Verify the file was written at workspace root
+			// Verify the file was written at workspace root with app-specific name
 			expect(result.secretsJsonPath).toBe(
-				join(workspaceDir, '.gkm', 'dev-secrets.json'),
+				join(workspaceDir, '.gkm', 'dev-secrets-api.json'),
 			);
 
 			// Verify file contents
@@ -170,11 +170,12 @@ export default defineWorkspace({
 			expect(result.credentials.PORT).toBe('5000');
 		});
 
-		it('should write credentials to current directory when not in workspace', async () => {
+		it('should write credentials with app name from package.json when not in workspace', async () => {
 			const result = await prepareEntryCredentials({ cwd: workspaceDir });
 
+			// App name extracted from package.json is used for app-specific filename
 			expect(result.secretsJsonPath).toBe(
-				join(workspaceDir, '.gkm', 'dev-secrets.json'),
+				join(workspaceDir, '.gkm', 'dev-secrets-standalone-app.json'),
 			);
 		});
 	});

package/src/dev/index.ts

@@ -1402,9 +1402,13 @@ export async function prepareEntryCredentials(options: {
 	credentials.PORT = String(resolvedPort);
 
 	// Write secrets to temp JSON file (always write since we have PORT)
+	// Use app-specific filename to avoid race conditions when running multiple apps via turbo
 	const secretsDir = join(secretsRoot, '.gkm');
 	await mkdir(secretsDir, { recursive: true });
-	const secretsJsonPath = join(secretsDir, 'dev-secrets.json');
+	const secretsFileName = appName
+		? `dev-secrets-${appName}.json`
+		: 'dev-secrets.json';
+	const secretsJsonPath = join(secretsDir, secretsFileName);
 	await writeFile(secretsJsonPath, JSON.stringify(credentials, null, 2));
 
 	return {

package/src/docker/__tests__/templates.spec.ts

@@ -8,6 +8,7 @@ import {
 	generateBackendDockerfile,
 	generateDockerEntrypoint,
 	generateDockerignore,
+	generateEntryDockerfile,
 	generateMultiStageDockerfile,
 	generateNextjsDockerfile,
 	generateSlimDockerfile,
@@ -566,4 +567,126 @@ describe('docker templates', () => {
 			expect(dockerfile).toContain('ENV PORT=3000');
 		});
 	});
+
+	describe('generateEntryDockerfile', () => {
+		const baseOptions = {
+			baseImage: 'node:22-alpine',
+			port: 3002,
+			appPath: 'apps/auth',
+			entry: './src/index.ts',
+			turboPackage: '@myapp/auth',
+			packageManager: 'pnpm' as const,
+		};
+
+		it('should generate entry-based Dockerfile with esbuild bundling', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('# Entry-based Dockerfile');
+		});
+
+		it('should include four stages: pruner, deps, builder, runner', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('AS pruner');
+			expect(dockerfile).toContain('AS deps');
+			expect(dockerfile).toContain('AS builder');
+			expect(dockerfile).toContain('AS runner');
+		});
+
+		it('should use turbo prune for the package', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('turbo prune @myapp/auth --docker');
+		});
+
+		it('should bundle with esbuild and packages=bundle flag', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('npx esbuild ./src/index.ts');
+			expect(dockerfile).toContain('--packages=bundle');
+			expect(dockerfile).toContain('--bundle');
+			expect(dockerfile).toContain('--platform=node');
+			expect(dockerfile).toContain('--target=node22');
+			expect(dockerfile).toContain('--format=esm');
+		});
+
+		it('should include CJS compatibility banner for packages like pino', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('import { createRequire } from "module"');
+			expect(dockerfile).toContain('const require = createRequire(import.meta.url)');
+		});
+
+		it('should output to dist/index.mjs', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('--outfile=dist/index.mjs');
+			expect(dockerfile).toContain('CMD ["node", "index.mjs"]');
+		});
+
+		it('should copy bundled output only', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('COPY --from=builder');
+			expect(dockerfile).toContain('dist/index.mjs');
+			// Comment mentions no node_modules needed - fully bundled
+			expect(dockerfile).toContain('no node_modules needed');
+		});
+
+		it('should handle encrypted credentials injection', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('ARG GKM_ENCRYPTED_CREDENTIALS');
+			expect(dockerfile).toContain('ARG GKM_CREDENTIALS_IV');
+			expect(dockerfile).toContain('--define:__GKM_ENCRYPTED_CREDENTIALS__');
+			expect(dockerfile).toContain('--define:__GKM_CREDENTIALS_IV__');
+		});
+
+		it('should create app user instead of hono user', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('adduser --system --uid 1001 app');
+			expect(dockerfile).toContain('USER app');
+		});
+
+		it('should include health check with default path', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('HEALTHCHECK');
+			expect(dockerfile).toContain('/health');
+		});
+
+		it('should use custom health check path when provided', () => {
+			const dockerfile = generateEntryDockerfile({
+				...baseOptions,
+				healthCheckPath: '/api/auth/health',
+			});
+
+			expect(dockerfile).toContain('/api/auth/health');
+		});
+
+		it('should expose configured port', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('EXPOSE 3002');
+			expect(dockerfile).toContain('ENV PORT=3002');
+		});
+
+		it('should use npm when specified', () => {
+			const dockerfile = generateEntryDockerfile({
+				...baseOptions,
+				packageManager: 'npm',
+			});
+
+			expect(dockerfile).toContain('npx turbo');
+			expect(dockerfile).toContain('package-lock.json');
+		});
+
+		it('should install tini for signal handling', () => {
+			const dockerfile = generateEntryDockerfile(baseOptions);
+
+			expect(dockerfile).toContain('apk add --no-cache tini');
+			expect(dockerfile).toContain('ENTRYPOINT ["/sbin/tini", "--"]');
+		});
+	});
 });

package/src/init/__tests__/generators.spec.ts

@@ -323,7 +323,7 @@ describe('generateModelsPackage', () => {
 		expect(pkg.name).toBe('@test-project/models');
 	});
 
-	it('should include zod as dependency', () => {
+	it('should have empty dependencies (zod is at root level)', () => {
 		const options: TemplateOptions = {
 			...baseOptions,
 			monorepo: true,
@@ -335,7 +335,8 @@ describe('generateModelsPackage', () => {
 		);
 		expect(pkgJson).toBeDefined();
 		const pkg = JSON.parse(pkgJson!.content);
-		expect(pkg.dependencies.zod).toBeDefined();
+		// zod is now at root level in monorepo, not in models package
+		expect(pkg.dependencies).toEqual({});
 	});
 
 	it('should include example schemas', () => {

package/src/init/__tests__/init.spec.ts

@@ -266,7 +266,8 @@ describe('initCommand', () => {
 			const pkg = JSON.parse(content);
 
 			expect(pkg.name).toBe('@my-monorepo/models');
-			expect(pkg.dependencies.zod).toBeDefined();
+			// zod is at root level in monorepo, not in models package
+			expect(pkg.dependencies).toEqual({});
 
 			const userPath = join(
 				tempDir,

package/src/init/templates/minimal.ts

@@ -19,12 +19,14 @@ export const minimalTemplate: TemplateConfig = {
 		'@hono/node-server': '~1.14.1',
 		hono: '~4.8.2',
 		pino: '~9.6.0',
+		zod: '~4.1.0',
 	},
 
 	devDependencies: {
 		'@biomejs/biome': '~2.3.0',
 		'@geekmidas/cli': GEEKMIDAS_VERSIONS['@geekmidas/cli'],
 		'@types/node': '~22.0.0',
+		esbuild: '~0.27.0',
 		tsx: '~4.20.0',
 		turbo: '~2.3.0',
 		typescript: '~5.8.2',