@geekmidas/cli 1.4.0 → 1.5.1

package/src/deploy/__tests__/env-resolver.spec.ts

@@ -452,6 +452,71 @@ describe('resolveEnvVar', () => {
 				'https://auth.example.com',
 			);
 		});
+
+		describe('NEXT_PUBLIC_ prefix', () => {
+			it('should resolve NEXT_PUBLIC_API_URL from dependencyUrls.api', () => {
+				const context = createContext({
+					dependencyUrls: { api: 'https://api.example.com' },
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_API_URL', context)).toBe(
+					'https://api.example.com',
+				);
+			});
+
+			it('should resolve NEXT_PUBLIC_AUTH_URL from dependencyUrls.auth', () => {
+				const context = createContext({
+					dependencyUrls: { auth: 'https://auth.example.com' },
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_AUTH_URL', context)).toBe(
+					'https://auth.example.com',
+				);
+			});
+
+			it('should resolve both AUTH_URL and NEXT_PUBLIC_AUTH_URL to same value', () => {
+				const context = createContext({
+					dependencyUrls: { auth: 'https://auth.example.com' },
+				});
+
+				expect(resolveEnvVar('AUTH_URL', context)).toBe(
+					'https://auth.example.com',
+				);
+				expect(resolveEnvVar('NEXT_PUBLIC_AUTH_URL', context)).toBe(
+					'https://auth.example.com',
+				);
+			});
+
+			it('should resolve NEXT_PUBLIC_ prefix for any dependency', () => {
+				const context = createContext({
+					dependencyUrls: {
+						payments: 'https://payments.example.com',
+						notifications: 'https://notifications.example.com',
+					},
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_PAYMENTS_URL', context)).toBe(
+					'https://payments.example.com',
+				);
+				expect(resolveEnvVar('NEXT_PUBLIC_NOTIFICATIONS_URL', context)).toBe(
+					'https://notifications.example.com',
+				);
+			});
+
+			it('should return undefined for missing NEXT_PUBLIC_ dependency URL', () => {
+				const context = createContext({
+					dependencyUrls: { auth: 'https://auth.example.com' },
+				});
+
+				expect(resolveEnvVar('NEXT_PUBLIC_API_URL', context)).toBeUndefined();
+			});
+
+			it('should return undefined when dependencyUrls is not provided', () => {
+				const context = createContext();
+
+				expect(resolveEnvVar('NEXT_PUBLIC_AUTH_URL', context)).toBeUndefined();
+			});
+		});
 	});
 });
 
@@ -634,3 +699,177 @@ describe('validateEnvVars', () => {
 		});
 	});
 });
+
+/**
+ * Tests for Docker build arg extraction logic.
+ * This simulates the behavior in deploy/index.ts where NEXT_PUBLIC_* vars
+ * are extracted from resolved vars for Docker build args.
+ */
+describe('Docker build arg extraction', () => {
+	const createContext = (
+		overrides: Partial<EnvResolverContext> = {},
+	): EnvResolverContext => ({
+		app: {
+			type: 'frontend',
+			path: 'apps/web',
+			port: 3001,
+			dependencies: ['api', 'auth'],
+			resolvedDeployTarget: 'dokploy',
+		},
+		appName: 'web',
+		stage: 'production',
+		state: createEmptyState('production', 'proj_test', 'env-123'),
+		appHostname: 'web.example.com',
+		frontendUrls: [],
+		...overrides,
+	});
+
+	/**
+	 * Simulates the build arg extraction logic from deploy/index.ts
+	 */
+	function extractBuildArgs(resolved: Record<string, string>): {
+		buildArgs: string[];
+		publicUrlArgNames: string[];
+	} {
+		const buildArgs: string[] = [];
+		const publicUrlArgNames: string[] = [];
+
+		for (const [key, value] of Object.entries(resolved)) {
+			if (key.startsWith('NEXT_PUBLIC_')) {
+				buildArgs.push(`${key}=${value}`);
+				publicUrlArgNames.push(key);
+			}
+		}
+
+		return { buildArgs, publicUrlArgNames };
+	}
+
+	it('should extract NEXT_PUBLIC_* vars as build args', () => {
+		const context = createContext({
+			dependencyUrls: {
+				api: 'https://api.example.com',
+				auth: 'https://auth.example.com',
+			},
+		});
+
+		const sniffedVars = [
+			'NEXT_PUBLIC_API_URL',
+			'NEXT_PUBLIC_AUTH_URL',
+			'NEXT_PUBLIC_STRIPE_KEY',
+		];
+
+		const { resolved } = validateEnvVars(sniffedVars, context);
+
+		// Simulate user secrets providing STRIPE_KEY
+		resolved.NEXT_PUBLIC_STRIPE_KEY = 'pk_test_123';
+
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		expect(publicUrlArgNames).toEqual([
+			'NEXT_PUBLIC_API_URL',
+			'NEXT_PUBLIC_AUTH_URL',
+			'NEXT_PUBLIC_STRIPE_KEY',
+		]);
+		expect(buildArgs).toEqual([
+			'NEXT_PUBLIC_API_URL=https://api.example.com',
+			'NEXT_PUBLIC_AUTH_URL=https://auth.example.com',
+			'NEXT_PUBLIC_STRIPE_KEY=pk_test_123',
+		]);
+	});
+
+	it('should NOT include server-only vars in build args', () => {
+		const context = createContext({
+			dependencyUrls: { api: 'https://api.example.com' },
+			appCredentials: { dbUser: 'web', dbPassword: 'pass' },
+			postgres: { host: 'postgres', port: 5432, database: 'mydb' },
+		});
+
+		const sniffedVars = [
+			'NEXT_PUBLIC_API_URL',
+			'DATABASE_URL',
+			'STRIPE_SECRET_KEY',
+		];
+
+		const { resolved } = validateEnvVars(sniffedVars, context);
+
+		// Add server-only secret
+		resolved.STRIPE_SECRET_KEY = 'sk_test_secret';
+
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		// Only NEXT_PUBLIC_* should be in build args
+		expect(publicUrlArgNames).toEqual(['NEXT_PUBLIC_API_URL']);
+		expect(buildArgs).toEqual(['NEXT_PUBLIC_API_URL=https://api.example.com']);
+
+		// Server vars should still be in resolved (for runtime)
+		expect(resolved.DATABASE_URL).toBe(
+			'postgresql://web:pass@postgres:5432/mydb',
+		);
+		expect(resolved.STRIPE_SECRET_KEY).toBe('sk_test_secret');
+	});
+
+	it('should handle mixed frontend vars correctly', () => {
+		const context = createContext({
+			dependencyUrls: {
+				api: 'https://api.example.com',
+				auth: 'https://auth.example.com',
+			},
+			userSecrets: {
+				stage: 'production',
+				createdAt: '2024-01-01T00:00:00Z',
+				updatedAt: '2024-01-01T00:00:00Z',
+				custom: {
+					NEXT_PUBLIC_POSTHOG_KEY: 'phc_test123',
+					STRIPE_SECRET_KEY: 'sk_test_secret',
+				},
+				urls: {},
+				services: {},
+			},
+		});
+
+		const sniffedVars = [
+			// From dependencies (auto-generated)
+			'NEXT_PUBLIC_API_URL',
+			'NEXT_PUBLIC_AUTH_URL',
+			// From client config
+			'NEXT_PUBLIC_POSTHOG_KEY',
+			// From server config
+			'STRIPE_SECRET_KEY',
+			'DATABASE_URL',
+		];
+
+		const { resolved, missing } = validateEnvVars(sniffedVars, context);
+
+		// DATABASE_URL is missing (no postgres config)
+		expect(missing).toContain('DATABASE_URL');
+
+		const { publicUrlArgNames } = extractBuildArgs(resolved);
+
+		// Only NEXT_PUBLIC_* should be build args
+		expect(publicUrlArgNames).toHaveLength(3);
+		expect(publicUrlArgNames).toContain('NEXT_PUBLIC_API_URL');
+		expect(publicUrlArgNames).toContain('NEXT_PUBLIC_AUTH_URL');
+		expect(publicUrlArgNames).toContain('NEXT_PUBLIC_POSTHOG_KEY');
+
+		// Server secret should NOT be in build args
+		expect(publicUrlArgNames).not.toContain('STRIPE_SECRET_KEY');
+
+		// But should be in resolved for runtime
+		expect(resolved.STRIPE_SECRET_KEY).toBe('sk_test_secret');
+	});
+
+	it('should return empty build args when no NEXT_PUBLIC_* vars', () => {
+		const context = createContext({
+			appCredentials: { dbUser: 'web', dbPassword: 'pass' },
+			postgres: { host: 'postgres', port: 5432, database: 'mydb' },
+		});
+
+		const sniffedVars = ['DATABASE_URL', 'PORT'];
+
+		const { resolved } = validateEnvVars(sniffedVars, context);
+		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+
+		expect(buildArgs).toEqual([]);
+		expect(publicUrlArgNames).toEqual([]);
+	});
+});

package/src/deploy/__tests__/sniffer.spec.ts

@@ -31,8 +31,8 @@ describe('sniffAppEnvironment', () => {
 	});
 
 	describe('frontend apps', () => {
-		it('should return empty env vars for frontend apps', async () => {
-			const app = createApp({ type: 'frontend' });
+		it('should return empty env vars for frontend apps with no dependencies', async () => {
+			const app = createApp({ type: 'frontend', dependencies: [] });
 
 			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
@@ -40,51 +40,117 @@ describe('sniffAppEnvironment', () => {
 			expect(result.requiredEnvVars).toEqual([]);
 		});
 
-		it('should ignore requiredEnv for frontend apps', async () => {
+		it('should return NEXT_PUBLIC_{DEP}_URL for frontend dependencies', async () => {
 			const app = createApp({
 				type: 'frontend',
-				requiredEnv: ['API_KEY', 'SECRET'], // Should be ignored
+				dependencies: ['api', 'auth'],
 			});
 
 			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
-			expect(result.requiredEnvVars).toEqual([]);
+			expect(result.appName).toBe('web');
+			expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_API_URL');
+			expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_AUTH_URL');
+			expect(result.requiredEnvVars).toHaveLength(2);
 		});
-	});
 
-	describe('entry-based apps with requiredEnv', () => {
-		it('should return requiredEnv list for entry-based apps', async () => {
+		it('should generate uppercase dep names in NEXT_PUBLIC_{DEP}_URL', async () => {
 			const app = createApp({
-				entry: './src/index.ts',
-				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+				type: 'frontend',
+				dependencies: ['payments-service', 'notification_api'],
 			});
 
-			const result = await sniffAppEnvironment(app, 'auth', workspacePath);
+			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
-			expect(result.appName).toBe('auth');
-			expect(result.requiredEnvVars).toEqual([
-				'DATABASE_URL',
-				'BETTER_AUTH_SECRET',
-			]);
+			expect(result.requiredEnvVars).toContain(
+				'NEXT_PUBLIC_PAYMENTS-SERVICE_URL',
+			);
+			expect(result.requiredEnvVars).toContain(
+				'NEXT_PUBLIC_NOTIFICATION_API_URL',
+			);
 		});
 
-		it('should return copy of requiredEnv (not reference)', async () => {
-			const requiredEnv = ['DATABASE_URL'];
-			const app = createApp({ requiredEnv });
-
-			const result = await sniffAppEnvironment(app, 'api', workspacePath);
-
-			// Modify the result and verify original is unchanged
-			result.requiredEnvVars.push('MODIFIED');
-			expect(requiredEnv).toEqual(['DATABASE_URL']);
-		});
+		describe('config sniffing', () => {
+			it('should sniff env vars from config.client path', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						client: './simple-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				expect(result.requiredEnvVars).toContain('PORT');
+				expect(result.requiredEnvVars).toContain('DATABASE_URL');
+				expect(result.requiredEnvVars).toContain('REDIS_URL');
+			});
 
-		it('should return empty when requiredEnv is empty array', async () => {
-			const app = createApp({ requiredEnv: [] });
+			it('should sniff env vars from config.server path', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				expect(result.requiredEnvVars).toContain('PORT');
+				expect(result.requiredEnvVars).toContain('HOST');
+				expect(result.requiredEnvVars).toContain('DATABASE_URL');
+			});
 
-			const result = await sniffAppEnvironment(app, 'api', workspacePath);
+			it('should combine vars from both config.client and config.server', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: ['api'],
+					config: {
+						client: './simple-entry.ts',
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				// Dependency var
+				expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_API_URL');
+				// From simple-entry.ts
+				expect(result.requiredEnvVars).toContain('REDIS_URL');
+				// From nested-config-entry.ts
+				expect(result.requiredEnvVars).toContain('HOST');
+				expect(result.requiredEnvVars).toContain('BETTER_AUTH_SECRET');
+			});
 
-			expect(result.requiredEnvVars).toEqual([]);
+			it('should deduplicate vars from both config files', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						client: './simple-entry.ts',
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				// Both files have PORT and DATABASE_URL, should only appear once
+				const portCount = result.requiredEnvVars.filter(
+					(v) => v === 'PORT',
+				).length;
+				const dbUrlCount = result.requiredEnvVars.filter(
+					(v) => v === 'DATABASE_URL',
+				).length;
+
+				expect(portCount).toBe(1);
+				expect(dbUrlCount).toBe(1);
+			});
 		});
 	});
 
@@ -119,9 +185,9 @@ describe('sniffAppEnvironment', () => {
 	});
 
 	describe('apps without env detection', () => {
-		it('should return empty when no envParser or requiredEnv', async () => {
+		it('should return empty when no envParser, entry, or routes', async () => {
 			const app = createApp({
-				// No envParser or requiredEnv
+				// No envParser, entry, or routes
 			});
 
 			const result = await sniffAppEnvironment(app, 'api', workspacePath);
@@ -142,7 +208,7 @@ describe('sniffAllApps', () => {
 				port: 3000,
 				dependencies: [],
 				resolvedDeployTarget: 'dokploy',
-				requiredEnv: ['DATABASE_URL', 'REDIS_URL'],
+				// No entry, routes, or envParser - will return empty
 			},
 			auth: {
 				type: 'backend',
@@ -150,7 +216,7 @@ describe('sniffAllApps', () => {
 				port: 3002,
 				dependencies: [],
 				resolvedDeployTarget: 'dokploy',
-				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+				// No entry, routes, or envParser - will return empty
 			},
 			web: {
 				type: 'frontend',
@@ -167,17 +233,17 @@ describe('sniffAllApps', () => {
 
 		expect(results.get('api')).toEqual({
 			appName: 'api',
-			requiredEnvVars: ['DATABASE_URL', 'REDIS_URL'],
+			requiredEnvVars: [],
 		});
 
 		expect(results.get('auth')).toEqual({
 			appName: 'auth',
-			requiredEnvVars: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+			requiredEnvVars: [],
 		});
 
 		expect(results.get('web')).toEqual({
 			appName: 'web',
-			requiredEnvVars: [], // Frontend - no secrets
+			requiredEnvVars: ['NEXT_PUBLIC_API_URL', 'NEXT_PUBLIC_AUTH_URL'],
 		});
 	});
 
@@ -324,7 +390,7 @@ describe('entry app sniffing via subprocess', () => {
 describe('sniffAppEnvironment with entry apps', () => {
 	// Integration tests for sniffAppEnvironment with entry-based apps
 
-	it('should use subprocess sniffing for entry apps without requiredEnv', async () => {
+	it('should use subprocess sniffing for entry apps', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
 			path: fixturesPath,
@@ -342,25 +408,6 @@ describe('sniffAppEnvironment with entry apps', () => {
 		expect(result.requiredEnvVars).toContain('REDIS_URL');
 	});
 
-	it('should prefer requiredEnv over sniffing for entry apps', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: fixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			entry: './simple-entry.ts',
-			requiredEnv: ['CUSTOM_VAR', 'ANOTHER_VAR'], // Should use this instead of sniffing
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', fixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR', 'ANOTHER_VAR']);
-		// Should NOT contain the sniffed vars since requiredEnv takes precedence
-		expect(result.requiredEnvVars).not.toContain('PORT');
-		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
-	});
-
 	it('should handle entry app that throws and still return captured env vars', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
@@ -499,24 +546,6 @@ describe('sniffAppEnvironment with envParser apps', () => {
 		expect(result.requiredEnvVars).toContain('DB_POOL_SIZE');
 	});
 
-	it('should prefer requiredEnv over envParser sniffing', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: envParserFixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			envParser: './valid-env-parser.ts#envParser',
-			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', envParserFixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
-		// Should NOT contain the sniffed vars
-		expect(result.requiredEnvVars).not.toContain('PORT');
-	});
-
 	it('should handle envParser that exports non-function gracefully', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
@@ -663,24 +692,6 @@ describe('sniffAppEnvironment with route-based apps', () => {
 		expect(result.requiredEnvVars).toContain('AUTH_URL');
 	});
 
-	it('should prefer requiredEnv over route sniffing', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: routeAppsFixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			routes: './endpoints/**/*.ts',
-			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', routeAppsFixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
-		// Should NOT contain the sniffed vars
-		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
-	});
-
 	it('should handle route pattern that matches no files', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',