@geekmidas/cli 1.10.6 → 1.10.8

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @geekmidas/cli
 
+## 1.10.8
+
+### Patch Changes
+
+- 🐛 [`ef1754d`](https://github.com/geekmidas/toolbox/commit/ef1754dd96cfc0f6e79a04ac9eaff56e37023f0f) Thanks [@geekmidas](https://github.com/geekmidas)! - fix test and dev commands to inject correct creds on compose
+
+## 1.10.7
+
+### Patch Changes
+
+- [`4a65756`](https://github.com/geekmidas/toolbox/commit/4a6575647cb91b8782182ef0d09cfb685565b6ae) Thanks [@geekmidas](https://github.com/geekmidas)! - Phantom push
+
 ## 1.10.6
 
 ### Patch Changes

package/README.md

@@ -549,10 +549,12 @@ services: ['postgres', 'redis', 'rabbitmq']
 
 | Service | Default Image | Environment Variables |
 |---------|---------------|----------------------|
-| `postgres` | `postgres:16-alpine` | `DATABASE_URL`, `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB` |
+| `postgres` | `postgres:18-alpine` | `DATABASE_URL`, `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB` |
 | `redis` | `redis:7-alpine` | `REDIS_URL` |
 | `rabbitmq` | `rabbitmq:3-management-alpine` | `RABBITMQ_URL`, `RABBITMQ_USER`, `RABBITMQ_PASSWORD` |
 
+> **Note:** Use `gkm dev` or `gkm test` to start services. Running `docker compose up` directly will not inject your encrypted secrets or resolve dynamic ports — variables like `${POSTGRES_USER:-postgres}` will fall back to defaults that won't match your project credentials.
+
 ### `gkm dev`
 
 Start a development server with hot-reload and optional Telescope debugging dashboard.
@@ -603,6 +605,47 @@ When files change, the server automatically rebuilds and restarts:
 ✅ Rebuild complete, restarting server...
 ```
 
+### `gkm test`
+
+Run tests with full environment injection — secrets, port mappings, and Docker services.
+
+```bash
+gkm test [options]
+```
+
+**Options:**
+- `--stage <stage>`: Stage to load secrets from (default: `development`)
+- `--run`: Run tests once without watch mode
+- `--watch`: Enable watch mode
+- `--coverage`: Generate coverage report
+- `--ui`: Open Vitest UI
+- `--pattern <pattern>`: Pattern to filter tests
+
+**What it does:**
+
+1. Loads and decrypts secrets from the specified stage
+2. Starts Docker Compose services (postgres, redis, etc.) with secrets injected
+3. Resolves dynamic host ports and rewrites URLs (`@postgres:5432` → `@localhost:5434`)
+4. Appends `_test` suffix to all `DATABASE_URL` values
+5. Creates a credentials preload so `Credentials` from `@geekmidas/envkit` is populated
+6. Spawns Vitest with the full environment
+
+**Example:**
+```bash
+# Run tests in watch mode
+gkm test
+
+# Run tests once
+gkm test --run
+
+# Run with coverage
+gkm test --coverage
+```
+
+> **Why not `docker compose up` directly?**
+>
+> `gkm dev` and `gkm test` decrypt your secrets and pass them as environment variables to `docker compose up`, ensuring credentials and ports are consistent. Running `docker compose up` directly skips this — variables like `${POSTGRES_USER:-postgres}` fall back to defaults that won't match your project credentials.
+
 ### `gkm secrets:init`
 
 Initialize secrets for a deployment stage. Generates secure random passwords for configured Docker Compose services.

package/dist/index.cjs

@@ -35,7 +35,7 @@ const prompts = require_chunk.__toESM(require("prompts"));
 
 //#region package.json
 var name = "@geekmidas/cli";
-var version = "1.10.5";
+var version = "1.10.7";
 var description = "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs";
 var private$1 = false;
 var type = "module";
@@ -1222,10 +1222,25 @@ async function loadSecretsForApp(secretsRoot, appName) {
 	return mapped;
 }
 /**
+* Build the environment variables to pass to `docker compose up`.
+* Merges process.env, secrets, and port mappings so that Docker Compose
+* can interpolate variables like ${POSTGRES_USER} correctly.
+* @internal Exported for testing
+*/
+function buildDockerComposeEnv(secretsEnv, portEnv) {
+	return {
+		...process.env,
+		...secretsEnv,
+		...portEnv
+	};
+}
+/**
 * Start docker-compose services for the workspace.
+* Passes both port mappings and secrets to docker-compose so that
+* variables like POSTGRES_USER/POSTGRES_PASSWORD are available.
 * @internal Exported for testing
 */
-async function startWorkspaceServices(workspace, portEnv) {
+async function startWorkspaceServices(workspace, portEnv, secretsEnv) {
 	const services = workspace.services;
 	if (!services.db && !services.cache && !services.mail) return;
 	const servicesToStart = [];
@@ -1243,10 +1258,7 @@ async function startWorkspaceServices(workspace, portEnv) {
 		(0, node_child_process.execSync)(`docker compose up -d ${servicesToStart.join(" ")}`, {
 			cwd: workspace.root,
 			stdio: "inherit",
-			env: {
-				...process.env,
-				...portEnv
-			}
+			env: buildDockerComposeEnv(secretsEnv, portEnv)
 		});
 		logger$11.log("✅ Services started");
 	} catch (error) {
@@ -1295,8 +1307,9 @@ async function workspaceDevCommand(workspace, options) {
 		if (copiedCount > 0) logger$11.log(`\n📦 Copied ${copiedCount} API client(s)`);
 	}
 	const resolvedPorts = await resolveServicePorts(workspace.root);
-	await startWorkspaceServices(workspace, resolvedPorts.dockerEnv);
-	const secretsEnv = rewriteUrlsWithPorts(await loadDevSecrets(workspace), resolvedPorts);
+	const rawSecrets = await loadDevSecrets(workspace);
+	await startWorkspaceServices(workspace, resolvedPorts.dockerEnv, rawSecrets);
+	const secretsEnv = rewriteUrlsWithPorts(rawSecrets, resolvedPorts);
 	if (Object.keys(secretsEnv).length > 0) logger$11.log(`   Loaded ${Object.keys(secretsEnv).length} secret(s)`);
 	const dependencyEnv = generateAllDependencyEnvVars(workspace);
 	if (Object.keys(dependencyEnv).length > 0) {
@@ -2874,7 +2887,9 @@ function generateDockerCompose(options) {
 	const { imageName, registry, port, healthCheckPath, services } = options;
 	const serviceMap = normalizeServices(services);
 	const imageRef = registry ? `\${REGISTRY:-${registry}}/` : "";
-	let yaml$1 = `version: '3.8'
+	let yaml$1 = `# Use "gkm dev" or "gkm test" to start services.
+# Running "docker compose up" directly will not inject secrets or resolve ports.
+version: '3.8'
 
 services:
   api:
@@ -2990,7 +3005,9 @@ networks:
 function generateMinimalDockerCompose(options) {
 	const { imageName, registry, port, healthCheckPath } = options;
 	const imageRef = registry ? `\${REGISTRY:-${registry}}/` : "";
-	return `version: '3.8'
+	return `# Use "gkm dev" or "gkm test" to start services.
+# Running "docker compose up" directly will not inject secrets or resolve ports.
+version: '3.8'
 
 services:
   api:
@@ -3032,7 +3049,8 @@ function generateWorkspaceCompose(workspace, options = {}) {
 	const postgresImage = getInfraServiceImage("postgres", services.db);
 	const redisImage = getInfraServiceImage("redis", services.cache);
 	let yaml$1 = `# Docker Compose for ${workspace.name} workspace
-# Generated by gkm - do not edit manually
+# Use "gkm dev" or "gkm test" to start services.
+# Running "docker compose up" directly will not inject secrets or resolve ports.
 
 services:
 `;
@@ -7057,7 +7075,9 @@ function generateDockerFiles(options, template, dbApps) {
     environment:
       MP_SMTP_AUTH_ACCEPT_ANY: 1
       MP_SMTP_AUTH_ALLOW_INSECURE: 1`);
-	let dockerCompose = `services:
+	let dockerCompose = `# Use "gkm dev" or "gkm test" to start services.
+# Running "docker compose up" directly will not inject secrets or resolve ports.
+services:
 ${services.join("\n\n")}
 `;
 	if (volumes.length > 0) dockerCompose += `
@@ -11364,23 +11384,15 @@ async function testCommand(options = {}) {
 		if (error instanceof Error && error.message.includes("key not found")) console.log(`  Decryption key not found for ${stage}`);
 		else throw error;
 	}
-	const composePath = (0, node_path.join)(cwd, "docker-compose.yml");
-	const mappings = parseComposePortMappings(composePath);
-	if (mappings.length > 0) {
-		const ports = await loadPortState(cwd);
-		if (Object.keys(ports).length > 0) {
-			secretsEnv = rewriteUrlsWithPorts(secretsEnv, {
-				dockerEnv: {},
-				ports,
-				mappings
-			});
-			console.log(`  🔌 Applied ${Object.keys(ports).length} port mapping(s)`);
-		}
-	}
-	secretsEnv = rewriteDatabaseUrlForTests(secretsEnv);
 	let dependencyEnv = {};
 	try {
 		const appInfo = await require_config.loadWorkspaceAppInfo(cwd);
+		const resolvedPorts = await resolveServicePorts(appInfo.workspaceRoot);
+		await startWorkspaceServices(appInfo.workspace, resolvedPorts.dockerEnv, secretsEnv);
+		if (resolvedPorts.mappings.length > 0) {
+			secretsEnv = rewriteUrlsWithPorts(secretsEnv, resolvedPorts);
+			console.log(`  🔌 Applied ${Object.keys(resolvedPorts.ports).length} port mapping(s)`);
+		}
 		dependencyEnv = require_workspace.getDependencyEnvVars(appInfo.workspace, appInfo.appName);
 		if (Object.keys(dependencyEnv).length > 0) console.log(`  🔗 Loaded ${Object.keys(dependencyEnv).length} dependency URL(s)`);
 		const sniffed = await sniffAppEnvironment(appInfo.app, appInfo.appName, appInfo.workspaceRoot, { logWarnings: false });
@@ -11396,7 +11408,22 @@ async function testCommand(options = {}) {
 			dependencyEnv = filteredEnv;
 			console.log(`  🔍 Sniffed ${sniffed.requiredEnvVars.length} required env var(s)`);
 		}
-	} catch {}
+	} catch {
+		const composePath = (0, node_path.join)(cwd, "docker-compose.yml");
+		const mappings = parseComposePortMappings(composePath);
+		if (mappings.length > 0) {
+			const ports = await loadPortState(cwd);
+			if (Object.keys(ports).length > 0) {
+				secretsEnv = rewriteUrlsWithPorts(secretsEnv, {
+					dockerEnv: {},
+					ports,
+					mappings
+				});
+				console.log(`  🔌 Applied ${Object.keys(ports).length} port mapping(s)`);
+			}
+		}
+	}
+	secretsEnv = rewriteDatabaseUrlForTests(secretsEnv);
 	console.log("");
 	const allSecrets = {
 		...secretsEnv,