@geekmidas/cli 1.5.0 → 1.6.0

package/examples/cron-example.ts

@@ -1,12 +1,12 @@
-import { cron } from '@geekmidas/constructs/crons';
+import { c } from '@geekmidas/constructs/crons';
 
 /**
  * Example cron that generates a daily report at 9 AM UTC
  */
-export const dailyReport = cron
+export const dailyReport = c
 	.schedule('cron(0 9 * * ? *)')
 	.timeout(600000) // 10 minutes
-	.handle(async ({ services, logger }) => {
+	.handle(async ({ logger }) => {
 		logger.info('Generating daily report');
 
 		const reportDate = new Date().toISOString().split('T')[0];
@@ -22,7 +22,7 @@ export const dailyReport = cron
 			],
 		};
 
-		logger.info('Daily report generated', reportData);
+		logger.info(reportData, 'Daily report generated');
 
 		return reportData;
 	});
@@ -30,10 +30,10 @@ export const dailyReport = cron
 /**
  * Example cron that runs every hour
  */
-export const hourlyCleanup = cron
+export const hourlyCleanup = c
 	.schedule('rate(1 hour)')
 	.timeout(300000) // 5 minutes
-	.handle(async ({ services, logger }) => {
+	.handle(async ({ logger }) => {
 		logger.info('Running hourly cleanup');
 
 		// Cleanup logic here

package/examples/function-example.ts

@@ -24,7 +24,7 @@ export const processOrder = f
 		}),
 	)
 	.timeout(300000) // 5 minutes
-	.handle(async ({ input, services, logger }) => {
+	.handle(async ({ input, logger }) => {
 		logger.info(`Processing order ${input.orderId}`);
 
 		// Process order logic here

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -40,7 +40,9 @@
   },
   "dependencies": {
     "@apidevtools/swagger-parser": "^10.1.0",
+    "@aws-sdk/client-iam": "~3.971.0",
     "@aws-sdk/client-route-53": "~3.971.0",
+    "@aws-sdk/client-s3": "~3.971.0",
     "@aws-sdk/client-ssm": "~3.971.0",
     "@aws-sdk/credential-providers": "~3.971.0",
     "chokidar": "~4.0.3",
@@ -53,9 +55,10 @@
     "pg": "~8.17.1",
     "prompts": "~2.4.2",
     "tsx": "~4.20.3",
-    "@geekmidas/envkit": "~1.0.0",
+    "yaml": "~2.8.2",
+    "@geekmidas/constructs": "~1.1.0",
+    "@geekmidas/envkit": "~1.0.2",
     "@geekmidas/errors": "~1.0.0",
-    "@geekmidas/constructs": "~1.0.0",
     "@geekmidas/logger": "~1.0.0",
     "@geekmidas/schema": "~1.0.0"
   },

package/src/config.ts

@@ -284,3 +284,47 @@ export async function loadAppConfig(
 		appRoot: join(workspaceRoot, app.path),
 	};
 }
+
+export interface WorkspaceAppInfo {
+	appName: string;
+	app: NormalizedAppConfig;
+	workspace: NormalizedWorkspace;
+	workspaceRoot: string;
+}
+
+/**
+ * Load workspace info for any app (frontend or backend).
+ * Unlike loadAppConfig, this does NOT require the app to have a gkm config
+ * (routes, entry, etc.), making it suitable for gkm exec/test from frontend apps.
+ */
+export async function loadWorkspaceAppInfo(
+	cwd: string = process.cwd(),
+): Promise<WorkspaceAppInfo> {
+	const appName = getAppNameFromCwd(cwd);
+
+	if (!appName) {
+		throw new Error(
+			'Could not determine app name. Ensure package.json exists with a "name" field.',
+		);
+	}
+
+	const { config, workspaceRoot } = await loadRawConfig(cwd);
+	const loadedConfig = processConfig(config, workspaceRoot);
+
+	const app = loadedConfig.workspace.apps[appName];
+
+	if (!app) {
+		const availableApps = Object.keys(loadedConfig.workspace.apps).join(', ');
+		throw new Error(
+			`App "${appName}" not found in workspace config. Available apps: ${availableApps}. ` +
+				`Ensure the package.json name matches the app key in gkm.config.ts.`,
+		);
+	}
+
+	return {
+		appName,
+		app,
+		workspace: loadedConfig.workspace,
+		workspaceRoot,
+	};
+}

package/src/deploy/__tests__/backup-provisioner.spec.ts

@@ -0,0 +1,428 @@
+import {
+	DeleteAccessKeyCommand,
+	DeleteUserCommand,
+	DeleteUserPolicyCommand,
+	GetUserCommand,
+	IAMClient,
+	ListAccessKeysCommand,
+} from '@aws-sdk/client-iam';
+import {
+	DeleteBucketCommand,
+	DeleteObjectsCommand,
+	ListObjectsV2Command,
+	S3Client,
+} from '@aws-sdk/client-s3';
+import { HttpResponse, http } from 'msw';
+import { setupServer } from 'msw/node';
+import {
+	afterAll,
+	afterEach,
+	beforeAll,
+	beforeEach,
+	describe,
+	expect,
+	it,
+} from 'vitest';
+import {
+	type ProvisionBackupOptions,
+	provisionBackupDestination,
+} from '../backup-provisioner';
+import { DokployApi } from '../dokploy-api';
+import type { BackupState } from '../state';
+
+/**
+ * Backup Provisioner Tests
+ *
+ * These tests require LocalStack to be running with S3 and IAM enabled.
+ * Run: docker compose up -d localstack
+ */
+describe('backup-provisioner', () => {
+	const LOCALSTACK_ENDPOINT = 'http://localhost:4566';
+	const DOKPLOY_BASE_URL = 'https://dokploy.example.com';
+
+	let s3Client: S3Client;
+	let iamClient: IAMClient;
+	let dokployApi: DokployApi;
+
+	const server = setupServer();
+	const logs: string[] = [];
+	const logger = { log: (msg: string) => logs.push(msg) };
+
+	// Track created resources for cleanup
+	const createdBuckets: string[] = [];
+	const createdUsers: string[] = [];
+
+	beforeAll(() => {
+		process.env.AWS_ACCESS_KEY_ID = 'test';
+		process.env.AWS_SECRET_ACCESS_KEY = 'test';
+		server.listen({ onUnhandledRequest: 'bypass' });
+	});
+
+	beforeEach(() => {
+		logs.length = 0;
+
+		s3Client = new S3Client({
+			region: 'us-east-1',
+			endpoint: LOCALSTACK_ENDPOINT,
+			forcePathStyle: true,
+			credentials: {
+				accessKeyId: 'test',
+				secretAccessKey: 'test',
+			},
+		});
+
+		iamClient = new IAMClient({
+			region: 'us-east-1',
+			endpoint: LOCALSTACK_ENDPOINT,
+			credentials: {
+				accessKeyId: 'test',
+				secretAccessKey: 'test',
+			},
+		});
+
+		dokployApi = new DokployApi({
+			baseUrl: DOKPLOY_BASE_URL,
+			token: 'test-api-token',
+		});
+	});
+
+	afterEach(async () => {
+		server.resetHandlers();
+
+		// Cleanup created buckets
+		for (const bucket of createdBuckets) {
+			try {
+				// First delete all objects in the bucket
+				const objects = await s3Client.send(
+					new ListObjectsV2Command({ Bucket: bucket }),
+				);
+				if (objects.Contents?.length) {
+					await s3Client.send(
+						new DeleteObjectsCommand({
+							Bucket: bucket,
+							Delete: {
+								Objects: objects.Contents.map((o) => ({ Key: o.Key })),
+							},
+						}),
+					);
+				}
+				await s3Client.send(new DeleteBucketCommand({ Bucket: bucket }));
+			} catch {
+				// Ignore cleanup errors
+			}
+		}
+		createdBuckets.length = 0;
+
+		// Cleanup created IAM users
+		for (const userName of createdUsers) {
+			try {
+				// Delete access keys first
+				const keys = await iamClient.send(
+					new ListAccessKeysCommand({ UserName: userName }),
+				);
+				for (const key of keys.AccessKeyMetadata ?? []) {
+					await iamClient.send(
+						new DeleteAccessKeyCommand({
+							UserName: userName,
+							AccessKeyId: key.AccessKeyId,
+						}),
+					);
+				}
+				// Delete user policy
+				await iamClient.send(
+					new DeleteUserPolicyCommand({
+						UserName: userName,
+						PolicyName: 'DokployBackupAccess',
+					}),
+				);
+				// Delete user
+				await iamClient.send(new DeleteUserCommand({ UserName: userName }));
+			} catch {
+				// Ignore cleanup errors
+			}
+		}
+		createdUsers.length = 0;
+	});
+
+	afterAll(() => {
+		server.close();
+		s3Client.destroy();
+		iamClient.destroy();
+	});
+
+	/**
+	 * Helper to create provision options with LocalStack clients
+	 */
+	function createOptions(
+		overrides: Partial<ProvisionBackupOptions> = {},
+	): ProvisionBackupOptions {
+		return {
+			api: dokployApi,
+			projectId: 'proj_test123',
+			projectName: 'test-project',
+			stage: 'production',
+			config: {
+				type: 's3',
+				region: 'us-east-1',
+			},
+			logger,
+			awsEndpoint: LOCALSTACK_ENDPOINT,
+			...overrides,
+		};
+	}
+
+	/**
+	 * Setup mock Dokploy API responses
+	 */
+	function setupDokployMocks(options: {
+		existingDestination?: { destinationId: string; name: string };
+		createDestinationId?: string;
+	}) {
+		const handlers = [
+			// List destinations
+			http.get(`${DOKPLOY_BASE_URL}/api/destination.all`, () => {
+				if (options.existingDestination) {
+					return HttpResponse.json([options.existingDestination]);
+				}
+				return HttpResponse.json([]);
+			}),
+
+			// Get destination
+			http.get(`${DOKPLOY_BASE_URL}/api/destination.one`, ({ request }) => {
+				const url = new URL(request.url);
+				const destId = url.searchParams.get('destinationId');
+				if (
+					options.existingDestination &&
+					destId === options.existingDestination.destinationId
+				) {
+					return HttpResponse.json(options.existingDestination);
+				}
+				return HttpResponse.json({ message: 'Not found' }, { status: 404 });
+			}),
+
+			// Create destination
+			http.post(`${DOKPLOY_BASE_URL}/api/destination.create`, () => {
+				return HttpResponse.json({
+					destinationId: options.createDestinationId ?? 'dest_new123',
+					name: 'test-project-production-s3',
+				});
+			}),
+
+			// Test destination connection
+			http.post(`${DOKPLOY_BASE_URL}/api/destination.testConnection`, () => {
+				return HttpResponse.json({ success: true });
+			}),
+		];
+
+		server.use(...handlers);
+	}
+
+	describe('provisionBackupDestination', () => {
+		it('should create S3 bucket with unique name', async () => {
+			setupDokployMocks({ createDestinationId: 'dest_123' });
+
+			const options = createOptions();
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			expect(result.bucketName).toMatch(/^test-project-production-backups-/);
+			expect(result.bucketArn).toBe(`arn:aws:s3:::${result.bucketName}`);
+			expect(logs.some((l) => l.includes('Creating S3 bucket'))).toBe(true);
+		});
+
+		it('should create IAM user with correct name', async () => {
+			setupDokployMocks({ createDestinationId: 'dest_123' });
+
+			const options = createOptions();
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			expect(result.iamUserName).toBe('dokploy-backup-test-project-production');
+
+			// Verify user exists in IAM
+			const userResponse = await iamClient.send(
+				new GetUserCommand({ UserName: result.iamUserName }),
+			);
+			expect(userResponse.User?.UserName).toBe(result.iamUserName);
+		});
+
+		it('should create IAM access key', async () => {
+			setupDokployMocks({ createDestinationId: 'dest_123' });
+
+			const options = createOptions();
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			expect(result.iamAccessKeyId).toBeDefined();
+			expect(result.iamSecretAccessKey).toBeDefined();
+			expect(result.iamAccessKeyId.length).toBeGreaterThan(0);
+			expect(result.iamSecretAccessKey.length).toBeGreaterThan(0);
+		});
+
+		it('should create Dokploy destination', async () => {
+			setupDokployMocks({ createDestinationId: 'dest_created' });
+
+			const options = createOptions();
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			expect(result.destinationId).toBe('dest_created');
+			expect(logs.some((l) => l.includes('Dokploy destination created'))).toBe(
+				true,
+			);
+		});
+
+		it('should reuse existing state when destination still exists', async () => {
+			const existingState: BackupState = {
+				bucketName: 'existing-bucket',
+				bucketArn: 'arn:aws:s3:::existing-bucket',
+				iamUserName: 'existing-user',
+				iamAccessKeyId: 'AKIA123',
+				iamSecretAccessKey: 'secret123',
+				destinationId: 'dest_existing',
+				region: 'us-east-1',
+				createdAt: '2024-01-01T00:00:00.000Z',
+			};
+
+			setupDokployMocks({
+				existingDestination: {
+					destinationId: 'dest_existing',
+					name: 'existing',
+				},
+			});
+
+			const options = createOptions({ existingState });
+			const result = await provisionBackupDestination(options);
+
+			// Should return existing state without creating new resources
+			expect(result).toEqual(existingState);
+			expect(
+				logs.some((l) => l.includes('Using existing backup destination')),
+			).toBe(true);
+		});
+
+		it('should recreate destination if existing one not found', async () => {
+			const existingState: BackupState = {
+				bucketName: 'existing-bucket',
+				bucketArn: 'arn:aws:s3:::existing-bucket',
+				iamUserName: 'dokploy-backup-test-project-production',
+				iamAccessKeyId: 'AKIA123',
+				iamSecretAccessKey: 'secret123',
+				destinationId: 'dest_deleted',
+				region: 'us-east-1',
+				createdAt: '2024-01-01T00:00:00.000Z',
+			};
+
+			// Mock: destination.one returns 404, meaning destination was deleted
+			setupDokployMocks({ createDestinationId: 'dest_new' });
+
+			const options = createOptions({ existingState });
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup (uses existing bucket name from state)
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			// Should reuse bucket name from state
+			expect(result.bucketName).toBe('existing-bucket');
+			// Should reuse IAM user name
+			expect(result.iamUserName).toBe('dokploy-backup-test-project-production');
+			// Should reuse credentials from state
+			expect(result.iamAccessKeyId).toBe('AKIA123');
+			// Should create new destination
+			expect(result.destinationId).toBe('dest_new');
+			expect(
+				logs.some((l) => l.includes('Existing destination not found')),
+			).toBe(true);
+		});
+
+		it('should sanitize project name for AWS resources', async () => {
+			setupDokployMocks({ createDestinationId: 'dest_123' });
+
+			const options = createOptions({
+				projectName: 'My Project_Name!@#',
+			});
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			// Should be lowercase with only alphanumeric and hyphens
+			// 'My Project_Name!@#' -> 'my-project-name----' (space, underscore, !, @, # all become hyphens)
+			expect(result.bucketName).toMatch(
+				/^my-project-name----production-backups-/,
+			);
+			expect(result.iamUserName).toBe(
+				'dokploy-backup-my-project-name----production',
+			);
+		});
+
+		it('should return complete BackupState', async () => {
+			setupDokployMocks({ createDestinationId: 'dest_complete' });
+
+			const options = createOptions();
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			expect(result).toMatchObject({
+				bucketName: expect.stringMatching(/^test-project-production-backups-/),
+				bucketArn: expect.stringMatching(/^arn:aws:s3:::/),
+				iamUserName: 'dokploy-backup-test-project-production',
+				iamAccessKeyId: expect.any(String),
+				iamSecretAccessKey: expect.any(String),
+				destinationId: 'dest_complete',
+				region: 'us-east-1',
+				createdAt: expect.any(String),
+			});
+		});
+
+		it('should handle connection test failure gracefully', async () => {
+			server.use(
+				http.get(`${DOKPLOY_BASE_URL}/api/destination.all`, () => {
+					return HttpResponse.json([]);
+				}),
+				http.post(`${DOKPLOY_BASE_URL}/api/destination.create`, () => {
+					return HttpResponse.json({
+						destinationId: 'dest_123',
+						name: 'test',
+					});
+				}),
+				http.post(`${DOKPLOY_BASE_URL}/api/destination.testConnection`, () => {
+					return HttpResponse.json(
+						{ message: 'Connection failed' },
+						{ status: 500 },
+					);
+				}),
+			);
+
+			const options = createOptions();
+			const result = await provisionBackupDestination(options);
+
+			// Track for cleanup
+			createdBuckets.push(result.bucketName);
+			createdUsers.push(result.iamUserName);
+
+			// Should still succeed but log warning
+			expect(result.destinationId).toBe('dest_123');
+			expect(
+				logs.some((l) => l.includes('Warning: Could not verify destination')),
+			).toBe(true);
+		});
+	});
+});

package/src/deploy/__tests__/createDnsProvider.spec.ts

@@ -1,6 +1,8 @@
 import { describe, expect, it } from 'vitest';
 import {
 	createDnsProvider,
+	type DeleteDnsRecord,
+	type DeleteResult,
 	type DnsProvider,
 	type DnsRecord,
 	isDnsProvider,
@@ -14,6 +16,7 @@ describe('isDnsProvider', () => {
 			name: 'test',
 			getRecords: async () => [],
 			upsertRecords: async () => [],
+			deleteRecords: async () => [],
 		};
 		expect(isDnsProvider(provider)).toBe(true);
 	});
@@ -126,6 +129,16 @@ describe('createDnsProvider', () => {
 				async upsertRecords(): Promise<UpsertResult[]> {
 					return [];
 				},
+				async deleteRecords(
+					_domain: string,
+					records: DeleteDnsRecord[],
+				): Promise<DeleteResult[]> {
+					return records.map((r) => ({
+						record: r,
+						deleted: true,
+						notFound: false,
+					}));
+				},
 			};
 
 			const provider = await createDnsProvider({
@@ -157,6 +170,16 @@ describe('createDnsProvider', () => {
 						unchanged: false,
 					}));
 				},
+				async deleteRecords(
+					_domain: string,
+					records: DeleteDnsRecord[],
+				): Promise<DeleteResult[]> {
+					return records.map((r) => ({
+						record: r,
+						deleted: true,
+						notFound: false,
+					}));
+				},
 			};
 
 			const provider = await createDnsProvider({

package/src/deploy/__tests__/env-resolver.spec.ts

@@ -843,7 +843,7 @@ describe('Docker build arg extraction', () => {
 		// DATABASE_URL is missing (no postgres config)
 		expect(missing).toContain('DATABASE_URL');
 
-		const { buildArgs, publicUrlArgNames } = extractBuildArgs(resolved);
+		const { publicUrlArgNames } = extractBuildArgs(resolved);
 
 		// Only NEXT_PUBLIC_* should be build args
 		expect(publicUrlArgNames).toHaveLength(3);