@icgio/clients-config 1.0.323 → 1.0.325
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config.json +3 -1
- package/data-source.js.secret +0 -0
- package/package.json +3 -2
- package/scripts/reveal-secrets-on-install.js +63 -0
- package/secretread.js.secret +0 -0
package/config.json
CHANGED
package/data-source.js.secret
CHANGED
|
Binary file
|
package/package.json
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@icgio/clients-config",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.325",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
7
|
-
"test": "echo \"Error: no test specified\" && exit 1"
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"postinstall": "node ./scripts/reveal-secrets-on-install.js"
|
|
8
9
|
},
|
|
9
10
|
"repository": {
|
|
10
11
|
"type": "git",
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
|
|
3
|
+
const fs = require('fs')
|
|
4
|
+
const path = require('path')
|
|
5
|
+
const { spawnSync } = require('child_process')
|
|
6
|
+
|
|
7
|
+
const pkgRoot = path.resolve(__dirname, '..')
|
|
8
|
+
const requiredFiles = ['secretread.js', 'data-source.js']
|
|
9
|
+
const encryptedFiles = requiredFiles.map((f) => `${f}.secret`)
|
|
10
|
+
|
|
11
|
+
function run(cmd, args) {
|
|
12
|
+
const result = spawnSync(cmd, args, {
|
|
13
|
+
cwd: pkgRoot,
|
|
14
|
+
encoding: 'utf8',
|
|
15
|
+
stdio: 'pipe',
|
|
16
|
+
})
|
|
17
|
+
|
|
18
|
+
if (result.error) throw result.error
|
|
19
|
+
if (result.status !== 0) {
|
|
20
|
+
const detail = (result.stderr || result.stdout || '').trim()
|
|
21
|
+
throw new Error(`${cmd} ${args.join(' ')} failed${detail ? `: ${detail}` : ''}`)
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
function exists(relPath) {
|
|
26
|
+
return fs.existsSync(path.join(pkgRoot, relPath))
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
const missingPlainFiles = requiredFiles.filter((f) => !exists(f))
|
|
30
|
+
if (missingPlainFiles.length === 0) {
|
|
31
|
+
process.exit(0)
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
const hasEncryptedFiles = encryptedFiles.every((f) => exists(f))
|
|
35
|
+
if (!hasEncryptedFiles) {
|
|
36
|
+
console.warn('[clients-config] Missing plaintext secrets and encrypted source files; skipping reveal.')
|
|
37
|
+
process.exit(0)
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
const gitAvailable = spawnSync('git', ['--version'], { encoding: 'utf8', stdio: 'pipe' }).status === 0
|
|
41
|
+
const gitSecretAvailable = spawnSync('git', ['secret', '--version'], { encoding: 'utf8', stdio: 'pipe' }).status === 0
|
|
42
|
+
|
|
43
|
+
if (!gitAvailable || !gitSecretAvailable) {
|
|
44
|
+
console.warn('[clients-config] git/git-secret not available; secrets remain encrypted.')
|
|
45
|
+
process.exit(0)
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
try {
|
|
49
|
+
if (!exists('.git')) {
|
|
50
|
+
run('git', ['init', '-q'])
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
run('git', ['secret', 'reveal'])
|
|
54
|
+
|
|
55
|
+
const unresolved = requiredFiles.filter((f) => !exists(f))
|
|
56
|
+
if (unresolved.length > 0) {
|
|
57
|
+
throw new Error(`Reveal completed but missing files: ${unresolved.join(', ')}`)
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
console.log('[clients-config] Revealed secretread.js and data-source.js')
|
|
61
|
+
} catch (error) {
|
|
62
|
+
console.warn(`[clients-config] Failed to auto-reveal secrets: ${error.message}`)
|
|
63
|
+
}
|
package/secretread.js.secret
CHANGED
|
Binary file
|