@hed-hog/cli 0.0.110 → 0.0.111

package/dist/src/templates/deployment/scripts.promote-production.js.ejs

@@ -0,0 +1,277 @@
+#!/usr/bin/env node
+
+const { spawnSync } = require('child_process');
+
+// ─── Colors & output helpers ──────────────────────────────────────────────────
+
+const TTY = process.stdout.isTTY;
+const ETTY = process.stderr.isTTY;
+
+const c = {
+  reset:  TTY ? '\x1b[0m'  : '',
+  bold:   TTY ? '\x1b[1m'  : '',
+  dim:    TTY ? '\x1b[2m'  : '',
+  red:    TTY ? '\x1b[31m' : '',
+  green:  TTY ? '\x1b[32m' : '',
+  yellow: TTY ? '\x1b[33m' : '',
+  cyan:   TTY ? '\x1b[36m' : '',
+  gray:   TTY ? '\x1b[90m' : '',
+};
+
+const ce = {
+  reset:  ETTY ? '\x1b[0m'  : '',
+  bold:   ETTY ? '\x1b[1m'  : '',
+  red:    ETTY ? '\x1b[31m' : '',
+  yellow: ETTY ? '\x1b[33m' : '',
+  gray:   ETTY ? '\x1b[90m' : '',
+};
+
+function paint(color, text) {
+  return `${color}${text}${c.reset}`;
+}
+
+function paintE(color, text) {
+  return `${color}${text}${ce.reset}`;
+}
+
+const SEP = paint(c.dim, '─'.repeat(52));
+let _stepActive = false;
+
+function printBanner(appsArg) {
+  const target = appsArg
+    ? paint(c.cyan + c.bold, appsArg)
+    : paint(c.cyan + c.bold, 'all apps');
+  console.log('');
+  console.log(`  🚀  ${paint(c.bold, 'Promoting')} ${paint(c.cyan, 'master')} → ${paint(c.cyan, 'production')}  ${paint(c.dim, '[target: ')}${target}${paint(c.dim, ']')}`);
+  console.log(`  ${SEP}`);
+}
+
+function printStep(message) {
+  process.stdout.write(`\n  ${paint(c.cyan, '◆')}  ${paint(c.bold, message)}...`);
+  _stepActive = true;
+}
+
+function printDone(detail) {
+  const suffix = detail ? `  ${paint(c.dim, detail)}` : '';
+  process.stdout.write(`  ${paint(c.green, '✓')}${suffix}\n`);
+  _stepActive = false;
+}
+
+function printInfo(message) {
+  console.log(`     ${paint(c.gray, '→')}  ${paint(c.dim, message)}`);
+}
+
+function printWarning(message) {
+  process.stderr.write(`\n  ${paintE(ce.yellow, '⚠')}  ${paintE(ce.yellow, message)}\n`);
+}
+
+function closeStepWithError() {
+  if (_stepActive) {
+    process.stderr.write(`  ${paintE(ce.red, '✗')}\n`);
+    _stepActive = false;
+  }
+}
+
+function printSuccess(appsArg) {
+  const trigger = appsArg
+    ? `GitHub Actions will deploy: ${paint(c.cyan + c.bold, appsArg)}`
+    : 'GitHub Actions will deploy all apps';
+  console.log('');
+  console.log(`  ${SEP}`);
+  console.log(`  ${paint(c.green + c.bold, '✓')}  ${paint(c.green + c.bold, 'Production promotion completed successfully!')}`);
+  console.log(`     ${paint(c.gray, '→')}  ${paint(c.dim, 'You are now on branch ')}${paint(c.cyan, 'master')}`);
+  console.log(`     ${paint(c.gray, '→')}  ${paint(c.dim, trigger)}`);
+  console.log('');
+}
+
+// ─── Git helpers ──────────────────────────────────────────────────────────────
+
+function runGit(args, options = {}) {
+  const { allowFailure = false } = options;
+  const result = spawnSync('git', args, {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+
+  const stdout = (result.stdout || '').trim();
+  const stderr = (result.stderr || '').trim();
+
+  if (result.error) {
+    throw new Error(`Failed to execute git ${args.join(' ')}: ${result.error.message}`);
+  }
+
+  if (result.status !== 0 && !allowFailure) {
+    const output = stderr || stdout || `git ${args.join(' ')} failed`;
+    throw new Error(output);
+  }
+
+  return { ok: result.status === 0, status: result.status, stdout, stderr };
+}
+
+function hasLocalBranch(name) {
+  return runGit(['show-ref', '--verify', '--quiet', `refs/heads/${name}`], {
+    allowFailure: true,
+  }).ok;
+}
+
+function hasRemoteBranch(name) {
+  return runGit(['ls-remote', '--exit-code', '--heads', 'origin', name], {
+    allowFailure: true,
+  }).ok;
+}
+
+function switchBranch(name) {
+  runGit(['switch', name]);
+}
+
+function ensureCleanWorkingTree() {
+  const status = runGit(['status', '--porcelain']);
+  if (status.stdout.length > 0) {
+    throw new Error(
+      'Working tree has uncommitted changes.\n' +
+      '     Commit or stash your changes before running this script.',
+    );
+  }
+}
+
+function ensureMasterExists() {
+  if (hasLocalBranch('master')) return;
+
+  if (!hasRemoteBranch('master')) {
+    throw new Error('Branch "master" was not found locally or on origin.');
+  }
+
+  runGit(['branch', 'master', 'origin/master']);
+}
+
+function ensureOriginRemote() {
+  const hasOrigin = runGit(['remote', 'get-url', 'origin'], { allowFailure: true }).ok;
+  if (!hasOrigin) {
+    throw new Error('Remote "origin" is not configured for this repository.');
+  }
+}
+
+function ensureInsideGitRepo() {
+  const inside = runGit(['rev-parse', '--is-inside-work-tree']);
+  if (inside.stdout !== 'true') {
+    throw new Error('Current directory is not inside a git repository.');
+  }
+}
+
+function getCurrentBranch() {
+  const branch = runGit(['rev-parse', '--abbrev-ref', 'HEAD']).stdout;
+  if (branch === 'HEAD') {
+    throw new Error('Detached HEAD state is not supported. Checkout a branch first.');
+  }
+  return branch;
+}
+
+function tryReturnToMaster() {
+  try {
+    const current = getCurrentBranch();
+    if (current !== 'master') {
+      printStep('Returning to master');
+      switchBranch('master');
+      printDone();
+    }
+  } catch (err) {
+    printWarning(`Could not switch back to master automatically: ${err.message}`);
+  }
+}
+
+// ─── Main ─────────────────────────────────────────────────────────────────────
+
+function promote() {
+  let productionCreatedNow = false;
+
+  const VALID_APPS = <%- JSON.stringify(config.apps || []) %>;
+  const appsArg = process.argv[2] || null;
+
+  if (appsArg) {
+    const requested = appsArg.split(',').map((a) => a.trim());
+    const invalid = requested.filter((a) => !VALID_APPS.includes(a));
+    if (invalid.length > 0) {
+      throw new Error(
+        `Unknown app(s): ${invalid.join(', ')}.\n` +
+        `     Valid options: ${VALID_APPS.join(', ')}`,
+      );
+    }
+  }
+
+  printBanner(appsArg);
+
+  printStep('Validating git environment');
+  runGit(['--version']);
+  ensureInsideGitRepo();
+  ensureOriginRemote();
+  printDone();
+
+  const startBranch = getCurrentBranch();
+  printInfo(`Current branch: ${paint(c.cyan, startBranch)}`);
+
+  printStep('Checking for uncommitted changes');
+  ensureCleanWorkingTree();
+  printDone('working tree clean');
+
+  printStep('Fetching latest refs from origin');
+  runGit(['fetch', 'origin', '--prune']);
+  printDone();
+
+  printStep('Ensuring master branch exists');
+  ensureMasterExists();
+  printDone();
+
+  const productionLocalExists = hasLocalBranch('production');
+  const productionRemoteExists = hasRemoteBranch('production');
+
+  printStep('Switching to production branch');
+  if (productionLocalExists) {
+    switchBranch('production');
+    printDone('existing local branch');
+  } else if (productionRemoteExists) {
+    runGit(['switch', '--track', '-c', 'production', 'origin/production']);
+    printDone('tracking origin/production');
+  } else {
+    switchBranch('master');
+    runGit(['switch', '-c', 'production']);
+    productionCreatedNow = true;
+    printDone('new branch created');
+  }
+
+  printStep('Merging master → production');
+  const mergeArgs = appsArg
+    ? ['merge', '--no-ff', '-m', `chore: deploy to production [deploy:${appsArg}]`, 'master']
+    : ['merge', '--no-ff', '--no-edit', 'master'];
+  const mergeResult = runGit(mergeArgs, { allowFailure: true });
+
+  if (!mergeResult.ok) {
+    runGit(['merge', '--abort'], { allowFailure: true });
+    throw new Error(
+      'Merge conflict detected while merging master into production.\n' +
+      '     Resolve conflicts manually and retry.',
+    );
+  }
+  printDone();
+
+  printStep('Pushing production to origin');
+  if (productionCreatedNow || !productionRemoteExists) {
+    runGit(['push', '-u', 'origin', 'production']);
+  } else {
+    runGit(['push', 'origin', 'production']);
+  }
+  printDone();
+
+  switchBranch('master');
+  printSuccess(appsArg);
+}
+
+try {
+  promote();
+} catch (error) {
+  closeStepWithError();
+  process.stderr.write(
+    `\n  ${paintE(ce.red, '✗')}  ${paintE(ce.red + ce.bold, 'Error:')}  ${paintE(ce.red, error.message)}\n\n`,
+  );
+  tryReturnToMaster();
+  process.exitCode = 1;
+}

package/dist/src/templates/deployment/workflow.deploy.yml.ejs

@@ -4,6 +4,11 @@ on:
     branches:
       - <%= config.deployBranch %>
   workflow_dispatch:
+    inputs:
+      apps:
+        description: 'Apps para deploy (ex: api, admin, api,admin) ou "all" para todos'
+        required: false
+        default: 'all'
 env:
   REGISTRY: <%= config.containerRegistry %>
   NAMESPACE: <%= config.namespace %>
@@ -18,6 +23,10 @@ env:
   NEXT_PUBLIC_API_BASE_URL: <%= config.apiDomain || '' %>
   INTERNAL_API_URL: <%= config.apiDomain || '' %>
 <% } %>
+<% (config.apps || []).filter(function(a) { return a !== 'api' && a !== 'admin'; }).forEach(function(app) { %>
+  # <%= app %> environment
+  <%= app.toUpperCase() %>_API_BASE_URL: <%= config.apiDomain || '' %>
+<% }); %>
 jobs:
   apply-cluster-config:
     name: Apply Kubernetes and Helm configs
@@ -53,6 +62,14 @@ jobs:
     name: Deploy API
     runs-on: ubuntu-latest
     needs: apply-cluster-config
+    if: >-
+      (github.event_name == 'push' &&
+       (!contains(github.event.head_commit.message, '[deploy:') ||
+        contains(github.event.head_commit.message, '[deploy:api]'))) ||
+      (github.event_name == 'workflow_dispatch' &&
+       (github.event.inputs.apps == '' ||
+        github.event.inputs.apps == 'all' ||
+        contains(github.event.inputs.apps, 'api')))
     # Required GitHub Secrets for API deployment:
     # - DATABASE_URL: PostgreSQL connection string (format: postgresql://user:pass@host:port/dbname)
     # - JWT_SECRET: 64-char hex string or base64 key for JWT signing
@@ -361,6 +378,19 @@ jobs:
 <% if ((config.apps || []).includes('api')) { %>
       - deploy-api
 <% } %>
+    if: >-
+      always() &&
+      needs.apply-cluster-config.result == 'success' &&
+<% if ((config.apps || []).includes('api')) { %>
+      (needs.deploy-api.result == 'success' || needs.deploy-api.result == 'skipped') &&
+<% } %>
+      ((github.event_name == 'push' &&
+        (!contains(github.event.head_commit.message, '[deploy:') ||
+         contains(github.event.head_commit.message, '[deploy:admin]'))) ||
+       (github.event_name == 'workflow_dispatch' &&
+        (github.event.inputs.apps == '' ||
+         github.event.inputs.apps == 'all' ||
+         contains(github.event.inputs.apps, 'admin'))))
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
@@ -534,3 +564,147 @@ jobs:
             doctl registry repository delete-manifest "${REGISTRY_NAME}/${REPOSITORY}" "${DIGEST}" --force
           done
 <% } %>
+<% (config.apps || []).filter(function(a) { return a !== 'api' && a !== 'admin'; }).forEach(function(app) { var appUpper = app.toUpperCase(); var appCapitalized = app.charAt(0).toUpperCase() + app.slice(1); %>
+  deploy-<%= app %>:
+    name: Deploy <%= appCapitalized %>
+    runs-on: ubuntu-latest
+    needs:
+      - apply-cluster-config
+<% if ((config.apps || []).includes('api')) { %>
+      - deploy-api
+<% } %>
+    if: >-
+      always() &&
+      needs.apply-cluster-config.result == 'success' &&
+<% if ((config.apps || []).includes('api')) { %>
+      (needs.deploy-api.result == 'success' || needs.deploy-api.result == 'skipped') &&
+<% } %>
+      ((github.event_name == 'push' &&
+        (!contains(github.event.head_commit.message, '[deploy:') ||
+         contains(github.event.head_commit.message, '[deploy:<%= app %>]'))) ||
+       (github.event_name == 'workflow_dispatch' &&
+        (github.event.inputs.apps == '' ||
+         github.event.inputs.apps == 'all' ||
+         contains(github.event.inputs.apps, '<%= app %>'))))
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+      - name: Install doctl
+        run: |
+          set -eu
+          DOCTL_VERSION="1.119.1"
+          curl -fsSL "https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-linux-amd64.tar.gz" -o /tmp/doctl.tar.gz
+          tar -xzf /tmp/doctl.tar.gz -C /tmp
+          sudo mv /tmp/doctl /usr/local/bin/doctl
+          doctl version
+      - name: Authenticate doctl
+        run: doctl auth init -t '${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}'
+      - name: Validate DigitalOcean token
+        run: |
+          doctl auth validate
+          doctl account get
+      - name: Log in to Container Registry
+        run: doctl registry login --expiry-seconds 1200
+      - name: Build Docker image
+        run: |
+          docker build -t ${{ env.REGISTRY }}/<%= config.appName %>-<%= app %>:${{ github.sha }} \
+            --build-arg <%= appUpper %>_API_BASE_URL='${{ env.<%= appUpper %>_API_BASE_URL }}' \
+            -f apps/<%= app %>/Dockerfile apps/<%= app %>/
+      - name: Push Docker image (sha)
+        run: |
+          docker push ${{ env.REGISTRY }}/<%= config.appName %>-<%= app %>:${{ github.sha }}
+      - name: Push Docker image (latest)
+        run: |
+          docker tag ${{ env.REGISTRY }}/<%= config.appName %>-<%= app %>:${{ github.sha }} \
+            ${{ env.REGISTRY }}/<%= config.appName %>-<%= app %>:latest
+          docker push ${{ env.REGISTRY }}/<%= config.appName %>-<%= app %>:latest
+      - name: Save DigitalOcean kubeconfig
+        run: doctl kubernetes cluster kubeconfig save ${{ env.K8S_CLUSTER_ID }}
+      - name: Ensure <%= app %> config exists
+        run: |
+          kubectl create configmap <%= config.appName %>-<%= app %>-config \
+            -n ${{ env.NAMESPACE }} \
+            --from-literal=<%= appUpper %>_API_BASE_URL='${{ env.<%= appUpper %>_API_BASE_URL }}' \
+            --dry-run=client -o yaml | kubectl apply -f -
+      - name: Deploy to Kubernetes
+        run: |
+          kubectl set image deployment/<%= config.appName %>-<%= app %> \
+            <%= config.appName %>-<%= app %>=${{ env.REGISTRY }}/<%= config.appName %>-<%= app %>:${{ github.sha }} \
+            -n ${{ env.NAMESPACE }}
+          kubectl rollout status deployment/<%= config.appName %>-<%= app %> -n ${{ env.NAMESPACE }} --timeout=5m || (
+            echo "--- Rollout timed out. Pod status:"
+            kubectl get pods -l app=<%= config.appName %>-<%= app %> -n ${{ env.NAMESPACE }}
+            echo "--- Recent events:"
+            kubectl describe deployment/<%= config.appName %>-<%= app %> -n ${{ env.NAMESPACE }} | tail -20
+            POD_NAME=$(kubectl get pods -l app=<%= config.appName %>-<%= app %> -n ${{ env.NAMESPACE }} --sort-by=.metadata.creationTimestamp -o name | tail -n 1 | cut -d/ -f2)
+            if [ -n "$POD_NAME" ]; then
+              echo "--- Describe newest pod: $POD_NAME"
+              kubectl describe pod "$POD_NAME" -n ${{ env.NAMESPACE }}
+              echo "--- Current logs from $POD_NAME:"
+              kubectl logs "$POD_NAME" -n ${{ env.NAMESPACE }} --tail=120 || true
+            fi
+            exit 1
+          )
+      - name: Cleanup old registry manifests (<%= appCapitalized %>)
+        run: |
+          set -eu
+          REGISTRY_NAME="${REGISTRY##*/}"
+          REPOSITORY="<%= config.appName %>-<%= app %>"
+          DIGEST_REGEX='^sha256:[a-f0-9]{64}$'
+          
+          echo "Inspecting repository ${REPOSITORY} in registry ${REGISTRY_NAME}"
+          
+          TAG_ROWS="$(doctl registry repository list-tags "${REGISTRY_NAME}/${REPOSITORY}" --format Tag,ManifestDigest --no-header || true)"
+          
+          if [ -z "${TAG_ROWS}" ]; then
+            echo "No tags found for ${REPOSITORY}; skipping cleanup."
+            exit 0
+          fi
+          
+          CURRENT_DIGEST="$(printf '%s\n' "${TAG_ROWS}" | awk -v target="${{ github.sha }}" -v regex="${DIGEST_REGEX}" '
+            $1 == target {
+              for (i = 1; i <= NF; i++) {
+                if ($i ~ regex) {
+                  print $i;
+                  exit;
+                }
+              }
+            }
+          ')"
+          
+          if [ -z "${CURRENT_DIGEST}" ]; then
+            echo "::error::Unable to determine current manifest digest for ${REPOSITORY}:${{ github.sha }}"
+            exit 1
+          fi
+          
+          OLD_DIGESTS="$(printf '%s\n' "${TAG_ROWS}" | awk -v keep="${CURRENT_DIGEST}" -v regex="${DIGEST_REGEX}" '
+            {
+              for (i = 1; i <= NF; i++) {
+                if ($i ~ regex && $i != keep) {
+                  print $i;
+                }
+              }
+            }
+          ' | sort -u)"
+          
+          if [ -z "${OLD_DIGESTS}" ]; then
+            echo "No old manifests to delete for ${REPOSITORY}."
+            exit 0
+          fi
+          
+          echo "Deleting old manifests from ${REPOSITORY}:"
+          printf '%s\n' "${OLD_DIGESTS}"
+          
+          printf '%s\n' "${OLD_DIGESTS}" | while IFS= read -r DIGEST; do
+            if [ -z "${DIGEST}" ]; then
+              continue
+            fi
+
+            if ! printf '%s\n' "${DIGEST}" | grep -Eq "${DIGEST_REGEX}"; then
+              echo "Skipping invalid digest candidate: ${DIGEST}"
+              continue
+            fi
+            
+            doctl registry repository delete-manifest "${REGISTRY_NAME}/${REPOSITORY}" "${DIGEST}" --force
+          done
+<% }); %>