@highstate/common 0.9.16 → 0.9.18

package/dist/{chunk-HZBJ6LLS.js → chunk-YYNV3MVT.js}

@@ -1,12 +1,12 @@
-import { toPromise, output, ComponentResource, interpolate, normalize, secret, getOrCreateSecret, asset } from '@highstate/pulumi';
-import { uniqueBy, capitalize, groupBy } from 'remeda';
+import { toPromise, output, ComponentResource, interpolate, normalize, secret, ensureSecretValue, asset } from '@highstate/pulumi';
+import { uniqueBy, flat, capitalize, groupBy } from 'remeda';
+import { homedir, tmpdir } from 'node:os';
 import { local, remote } from '@pulumi/command';
 import '@highstate/library';
-import { randomBytes } from '@noble/hashes/utils';
+import { randomBytes, bytesToHex } from '@noble/hashes/utils';
 import { secureMask } from 'micro-key-producer/password.js';
 import getKeys, { PrivateExport } from 'micro-key-producer/ssh.js';
 import { randomBytes as randomBytes$1 } from 'micro-key-producer/utils.js';
-import { tmpdir } from 'node:os';
 import { mkdtemp, writeFile, cp, rm, stat, rename, mkdir } from 'node:fs/promises';
 import { join, dirname, basename, extname } from 'node:path';
 import { createReadStream } from 'node:fs';
@@ -123,7 +123,7 @@ async function requireInputL4Endpoint(rawEndpoint, inputEndpoint) {
   }
   throw new Error("No endpoint provided");
 }
-function l3ToL4Endpoint(l3Endpoint, port, protocol = "tcp") {
+function l3EndpointToL4(l3Endpoint, port, protocol = "tcp") {
   return {
     ...parseL3Endpoint(l3Endpoint),
     port,
@@ -216,74 +216,124 @@ function createCommand(command) {
   }
   return command;
 }
+function wrapWithWorkDir(dir) {
+  if (!dir) {
+    return (command) => output(command);
+  }
+  return (command) => interpolate`cd "${dir}" && ${command}`;
+}
+function wrapWithWaitFor(timeout = 300, interval = 5) {
+  return (command) => (
+    // TOD: escape the command
+    interpolate`timeout ${timeout} bash -c 'while ! ${createCommand(command)}; do sleep ${interval}; done'`
+  );
+}
 var Command = class _Command extends ComponentResource {
-  command;
   stdout;
   stderr;
   constructor(name, args, opts) {
     super("highstate:common:Command", name, args, opts);
-    this.command = output(args).apply((args2) => {
-      if (args2.host === "local") {
-        return new local.Command(
-          name,
-          {
-            create: createCommand(args2.create),
-            update: args2.update ? createCommand(args2.update) : void 0,
-            delete: args2.delete ? createCommand(args2.delete) : void 0,
-            logging: args2.logging,
-            triggers: args2.triggers,
-            dir: args2.cwd
-          },
-          { ...opts, parent: this }
-        );
-      }
-      if (!args2.host.ssh) {
-        throw new Error(`The host "${args2.host.hostname}" has no SSH credentials`);
-      }
-      return new remote.Command(
-        name,
-        {
-          connection: getServerConnection(args2.host.ssh),
-          create: createCommand(args2.create),
-          update: args2.update ? createCommand(args2.update) : void 0,
-          delete: args2.delete ? createCommand(args2.delete) : void 0,
-          logging: args2.logging,
-          triggers: args2.triggers
-        },
-        { ...opts, parent: this }
-      );
-    });
-    this.stdout = this.command.stdout;
-    this.stderr = this.command.stderr;
+    const command = args.host === "local" ? new local.Command(
+      name,
+      {
+        create: output(args.create).apply(createCommand),
+        update: args.update ? output(args.update).apply(createCommand) : void 0,
+        delete: args.delete ? output(args.delete).apply(createCommand) : void 0,
+        logging: args.logging,
+        triggers: args.triggers ? output(args.triggers).apply(flat) : void 0,
+        dir: args.cwd ?? homedir(),
+        environment: args.environment,
+        stdin: args.stdin
+      },
+      { ...opts, parent: this }
+    ) : new remote.Command(
+      name,
+      {
+        connection: output(args.host).apply((server) => {
+          if ("host" in server) {
+            return output(server);
+          }
+          if (!server.ssh) {
+            throw new Error(`The server "${server.hostname}" has no SSH credentials`);
+          }
+          return getServerConnection(server.ssh);
+        }),
+        create: output(args.create).apply(createCommand).apply(wrapWithWorkDir(args.cwd)),
+        update: args.update ? output(args.update).apply(createCommand).apply(wrapWithWorkDir(args.cwd)) : void 0,
+        delete: args.delete ? output(args.delete).apply(createCommand).apply(wrapWithWorkDir(args.cwd)) : void 0,
+        logging: args.logging,
+        triggers: args.triggers ? output(args.triggers).apply(flat) : void 0,
+        stdin: args.stdin,
+        environment: args.environment
+      },
+      { ...opts, parent: this }
+    );
+    this.stdout = command.stdout;
+    this.stderr = command.stderr;
   }
+  /**
+   * Waits for the command to complete and returns its output.
+   * The standard output will be returned.
+   */
+  async wait() {
+    return await toPromise(this.stdout);
+  }
+  /**
+   * Creates a command that writes the given content to a file on the host.
+   * The file will be created if it does not exist, and overwritten if it does.
+   *
+   * Use for small text files like configuration files.
+   */
   static createTextFile(name, options, opts) {
-    return output(options).apply((options2) => {
-      const escapedContent = options2.content.replace(/"/g, '\\"');
-      const command = new _Command(
-        name,
-        {
-          host: options2.host,
-          create: interpolate`mkdir -p $(dirname ${options2.path}) && echo "${escapedContent}" > ${options2.path}`,
-          delete: interpolate`rm -rf ${options2.path}`
-        },
-        opts
-      );
-      return command;
-    });
+    return new _Command(
+      name,
+      {
+        host: options.host,
+        create: interpolate`mkdir -p $(dirname "${options.path}") && cat > ${options.path}`,
+        delete: interpolate`rm -rf ${options.path}`,
+        stdin: options.content
+      },
+      opts
+    );
   }
+  /**
+   * Creates a command that waits for a file to be created and then reads its content.
+   * This is useful for waiting for a file to be generated by another process.
+   *
+   * Use for small text files like configuration files.
+   */
   static receiveTextFile(name, options, opts) {
-    return output(options).apply((options2) => {
-      const command = new _Command(
-        name,
-        {
-          host: options2.host,
-          create: interpolate`while ! test -f ${options2.path}; do sleep 1; done; cat ${options2.path}`,
-          logging: "stderr"
-        },
-        opts
-      );
-      return command;
-    });
+    return new _Command(
+      name,
+      {
+        host: options.host,
+        create: interpolate`while ! test -f "${options.path}"; do sleep 1; done; cat "${options.path}"`,
+        logging: "stderr"
+      },
+      opts
+    );
+  }
+  /**
+   * Creates a command that waits for a condition to be met.
+   * The command will run until the condition is met or the timeout is reached.
+   *
+   * The condition is considered met if the command returns a zero exit code.
+   *
+   * @param name The name of the command resource.
+   * @param args The arguments for the command, including the condition to check.
+   * @param opts Optional resource options.
+   */
+  static waitFor(name, args, opts) {
+    return new _Command(
+      name,
+      {
+        ...args,
+        create: output(args.create).apply(wrapWithWaitFor(args.timeout, args.interval)),
+        update: args.update ? output(args.update).apply(wrapWithWaitFor(args.timeout, args.interval)) : void 0,
+        delete: args.delete ? output(args.delete).apply(wrapWithWaitFor(args.timeout, args.interval)) : void 0
+      },
+      opts
+    );
   }
 };
 function getTypeByEndpoint(endpoint) {
@@ -435,6 +485,16 @@ async function updateEndpointsWithFqdn(endpoints, fqdn, fqdnEndpointFilter, patc
 function generatePassword() {
   return secureMask.apply(randomBytes(32)).password;
 }
+function generateKey(format = "hex") {
+  const bytes = randomBytes(32);
+  if (format === "raw") {
+    return bytes;
+  }
+  if (format === "base64") {
+    return Buffer.from(bytes).toString("base64");
+  }
+  return bytesToHex(bytes);
+}
 
 // assets/images.json
 var terminal_ssh = {
@@ -494,11 +554,11 @@ function createSshTerminal(credentials) {
     };
   });
 }
-function generatePrivateKey() {
+function generateSshPrivateKey() {
   const seed = randomBytes$1(32);
   return getKeys(seed).privateKey;
 }
-function privateKeyToKeyPair(privateKeyString) {
+function sshPrivateKeyToKeyPair(privateKeyString) {
   return output(privateKeyString).apply((privateKeyString2) => {
     const privateKeyStruct = PrivateExport.decode(privateKeyString2);
     const privKey = privateKeyStruct.keys[0].privKey.privKey;
@@ -511,60 +571,88 @@ function privateKeyToKeyPair(privateKeyString) {
     });
   });
 }
-function getOrCreateSshKeyPair(inputs, secrets) {
-  if (inputs.sshKeyPair) {
-    return output(inputs.sshKeyPair);
+function ensureSshKeyPair(privateKey, existingKeyPair) {
+  if (existingKeyPair) {
+    return output(existingKeyPair);
   }
-  const privateKey = getOrCreateSecret(secrets, "sshPrivateKey", generatePrivateKey);
-  return privateKey.apply(privateKeyToKeyPair);
+  return ensureSecretValue(privateKey, generateSshPrivateKey).value.apply(sshPrivateKeyToKeyPair);
 }
-function createServerEntity(fallbackHostname, endpoint, sshPort = 22, sshUser = "root", sshPassword, sshPrivateKey, hasSsh = true) {
+async function createServerEntity({
+  name,
+  fallbackHostname,
+  endpoints,
+  sshEndpoint,
+  sshPort = 22,
+  sshUser = "root",
+  sshPassword,
+  sshPrivateKey,
+  hasSsh = true,
+  pingInterval,
+  pingTimeout,
+  waitForPing,
+  waitForSsh,
+  sshCheckInterval,
+  sshCheckTimeout
+}) {
+  if (endpoints.length === 0) {
+    throw new Error("At least one L3 endpoint is required to create a server entity");
+  }
+  fallbackHostname ??= name;
+  waitForSsh ??= hasSsh;
+  waitForPing ??= !waitForSsh;
+  if (waitForPing) {
+    await Command.waitFor(`${name}.ping`, {
+      host: "local",
+      create: `ping -c 1 ${l3EndpointToString(endpoints[0])}`,
+      timeout: pingTimeout ?? 300,
+      interval: pingInterval ?? 5,
+      triggers: [Date.now()]
+    }).wait();
+  }
+  if (!hasSsh) {
+    return {
+      hostname: name,
+      endpoints
+    };
+  }
+  sshEndpoint ??= l3EndpointToL4(endpoints[0], sshPort);
+  if (waitForSsh) {
+    await Command.waitFor(`${name}.ssh`, {
+      host: "local",
+      create: `nc -zv ${l3EndpointToString(sshEndpoint)} ${sshPort}`,
+      timeout: sshCheckTimeout ?? 300,
+      interval: sshCheckInterval ?? 5,
+      triggers: [Date.now()]
+    }).wait();
+  }
   const connection = output({
-    host: l3EndpointToString(endpoint),
-    port: sshPort,
+    host: l3EndpointToString(sshEndpoint),
+    port: sshEndpoint.port,
     user: sshUser,
     password: sshPassword,
     privateKey: sshPrivateKey,
     dialErrorLimit: 3
   });
-  if (!hasSsh) {
-    return output({
-      hostname: fallbackHostname,
-      endpoints: [endpoint]
-    });
-  }
-  const command = new local.Command("check-ssh", {
-    create: `nc -zv ${l3EndpointToString(endpoint)} ${sshPort} && echo "up" || echo "down"`,
+  const hostnameResult = new remote.Command("hostname", {
+    connection,
+    create: "hostname",
     triggers: [Date.now()]
   });
-  return command.stdout.apply((result) => {
-    if (result === "down") {
-      return output({
-        hostname: fallbackHostname,
-        endpoints: [endpoint]
-      });
+  const hostKeyResult = new remote.Command("host-key", {
+    connection,
+    create: "cat /etc/ssh/ssh_host_ed25519_key.pub",
+    triggers: [Date.now()]
+  });
+  return await toPromise({
+    endpoints,
+    hostname: hostnameResult.stdout.apply((x) => x.trim()),
+    ssh: {
+      endpoints: [sshEndpoint],
+      user: sshUser,
+      hostKey: hostKeyResult.stdout.apply((x) => x.trim()),
+      password: sshPassword,
+      keyPair: sshPrivateKey ? sshPrivateKeyToKeyPair(sshPrivateKey) : void 0
     }
-    const hostnameResult = new remote.Command("hostname", {
-      connection,
-      create: "hostname",
-      triggers: [Date.now()]
-    });
-    const hostKeyResult = new remote.Command("host-key", {
-      connection,
-      create: "cat /etc/ssh/ssh_host_ed25519_key.pub",
-      triggers: [Date.now()]
-    });
-    return output({
-      endpoints: [endpoint],
-      hostname: hostnameResult.stdout.apply((x) => x.trim()),
-      ssh: {
-        endpoints: [l3ToL4Endpoint(endpoint, sshPort)],
-        user: sshUser,
-        hostKey: hostKeyResult.stdout.apply((x) => x.trim()),
-        password: sshPassword,
-        keyPair: sshPrivateKey ? privateKeyToKeyPair(sshPrivateKey) : void 0
-      }
-    });
   });
 }
 function assetFromFile(file) {
@@ -673,21 +761,20 @@ var MaterializedFile = class _MaterializedFile {
         break;
       }
       case "remote": {
-        const response = await load(l7EndpointToString(this.entity.content.endpoint));
+        const response = await fetch(l7EndpointToString(this.entity.content.endpoint));
         if (!response.ok) throw new Error(`Failed to fetch: ${response.statusText}`);
         const arrayBuffer = await response.arrayBuffer();
         await writeFile(this._path, Buffer.from(arrayBuffer), { mode: this.entity.meta.mode });
         break;
       }
       case "artifact": {
-        const artifactData = this.entity.content[HighstateSignature.Artifact];
         const artifactPath = process.env.HIGHSTATE_ARTIFACT_READ_PATH;
         if (!artifactPath) {
           throw new Error(
             "HIGHSTATE_ARTIFACT_READ_PATH environment variable is not set but required for artifact content"
           );
         }
-        const tgzPath = join(artifactPath, `${artifactData.hash}.tgz`);
+        const tgzPath = join(artifactPath, `${this.entity.content.hash}.tgz`);
         const readStream = createReadStream(tgzPath);
         await unarchiveFromStream(readStream, dirname(this._path), "tar");
         break;
@@ -751,10 +838,9 @@ var MaterializedFile = class _MaterializedFile {
         meta: newMeta,
         content: {
           type: "artifact",
-          [HighstateSignature.Artifact]: {
-            hash: hashValue,
-            meta: await toPromise(this.artifactMeta)
-          }
+          [HighstateSignature.Artifact]: true,
+          hash: hashValue,
+          meta: await toPromise(this.artifactMeta)
         }
       };
     } finally {
@@ -853,7 +939,7 @@ var MaterializedFolder = class _MaterializedFolder {
         break;
       }
       case "remote": {
-        const response = await load(l7EndpointToString(this.entity.content.endpoint));
+        const response = await fetch(l7EndpointToString(this.entity.content.endpoint));
         if (!response.ok) throw new Error(`Failed to fetch: ${response.statusText}`);
         if (!response.body) throw new Error("Response body is empty");
         const url = new URL(l7EndpointToString(this.entity.content.endpoint));
@@ -886,14 +972,13 @@ var MaterializedFolder = class _MaterializedFolder {
         break;
       }
       case "artifact": {
-        const artifactData = this.entity.content[HighstateSignature.Artifact];
         const artifactPath = process.env.HIGHSTATE_ARTIFACT_READ_PATH;
         if (!artifactPath) {
           throw new Error(
             "HIGHSTATE_ARTIFACT_READ_PATH environment variable is not set but required for artifact content"
           );
         }
-        const tgzPath = join(artifactPath, `${artifactData.hash}.tgz`);
+        const tgzPath = join(artifactPath, `${this.entity.content.hash}.tgz`);
         const readStream = createReadStream(tgzPath);
         await unarchiveFromStream(readStream, dirname(this._path), "tar");
         break;
@@ -972,11 +1057,10 @@ var MaterializedFolder = class _MaterializedFolder {
       return {
         meta: newMeta,
         content: {
+          [HighstateSignature.Artifact]: true,
           type: "artifact",
-          [HighstateSignature.Artifact]: {
-            hash: hashValue,
-            meta: await toPromise(this.artifactMeta)
-          }
+          hash: hashValue,
+          meta: await toPromise(this.artifactMeta)
         }
       };
     } finally {
@@ -1033,7 +1117,7 @@ async function fetchFileSize(endpoint) {
     );
   }
   const url = l7EndpointToString(endpoint);
-  const response = await load(url, { method: "HEAD" });
+  const response = await fetch(url, { method: "HEAD" });
   if (!response.ok) {
     throw new Error(`Failed to fetch file size: ${response.statusText}`);
   }
@@ -1052,6 +1136,6 @@ function getNameByEndpoint(endpoint) {
   return parsedEndpoint.resource ? basename(parsedEndpoint.resource) : "";
 }
 
-export { Command, DnsRecord, DnsRecordSet, MaterializedFile, MaterializedFolder, archiveFromFolder, assetFromFile, createServerEntity, createSshTerminal, fetchFileSize, filterEndpoints, generatePassword, generatePrivateKey, getNameByEndpoint, getOrCreateSshKeyPair, getServerConnection, l34EndpointToString, l3EndpointToCidr, l3EndpointToString, l3ToL4Endpoint, l4EndpointToString, l4EndpointWithProtocolToString, l7EndpointToString, parseL34Endpoint, parseL3Endpoint, parseL4Endpoint, parseL7Endpoint, privateKeyToKeyPair, requireInputL3Endpoint, requireInputL4Endpoint, updateEndpoints, updateEndpointsWithFqdn };
-//# sourceMappingURL=chunk-HZBJ6LLS.js.map
-//# sourceMappingURL=chunk-HZBJ6LLS.js.map
+export { Command, DnsRecord, DnsRecordSet, MaterializedFile, MaterializedFolder, archiveFromFolder, assetFromFile, createServerEntity, createSshTerminal, ensureSshKeyPair, fetchFileSize, filterEndpoints, generateKey, generatePassword, generateSshPrivateKey, getNameByEndpoint, getServerConnection, l34EndpointToString, l3EndpointToCidr, l3EndpointToL4, l3EndpointToString, l4EndpointToString, l4EndpointWithProtocolToString, l7EndpointToString, parseL34Endpoint, parseL3Endpoint, parseL4Endpoint, parseL7Endpoint, requireInputL3Endpoint, requireInputL4Endpoint, sshPrivateKeyToKeyPair, updateEndpoints, updateEndpointsWithFqdn };
+//# sourceMappingURL=chunk-YYNV3MVT.js.map
+//# sourceMappingURL=chunk-YYNV3MVT.js.map