npm - @invarn/cibuild - Versions diffs - 1.3.16 → 1.3.18 - Mend

@invarn/cibuild 1.3.16 → 1.3.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/dist/cli.cjs +1 -1
package/dist/src/cli.d.ts +3 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/cli.js +987 -0
package/dist/src/commands/android-scanner.d.ts +32 -0
package/dist/src/commands/android-scanner.d.ts.map +1 -0
package/dist/src/commands/android-scanner.js +667 -0
package/dist/src/commands/build.d.ts +5 -0
package/dist/src/commands/build.d.ts.map +1 -0
package/dist/src/commands/build.js +1096 -0
package/dist/src/commands/edit.d.ts +3 -0
package/dist/src/commands/edit.d.ts.map +1 -0
package/dist/src/commands/edit.js +651 -0
package/dist/src/commands/file-secret-collector.d.ts +37 -0
package/dist/src/commands/file-secret-collector.d.ts.map +1 -0
package/dist/src/commands/file-secret-collector.js +199 -0
package/dist/src/commands/github-workflow.d.ts +5 -0
package/dist/src/commands/github-workflow.d.ts.map +1 -0
package/dist/src/commands/github-workflow.js +45 -0
package/dist/src/commands/ios-scanner.d.ts +27 -0
package/dist/src/commands/ios-scanner.d.ts.map +1 -0
package/dist/src/commands/ios-scanner.js +337 -0
package/dist/src/commands/reset.d.ts +7 -0
package/dist/src/commands/reset.d.ts.map +1 -0
package/dist/src/commands/reset.js +81 -0
package/dist/src/commands/secrets-sync-workflow.d.ts +15 -0
package/dist/src/commands/secrets-sync-workflow.d.ts.map +1 -0
package/dist/src/commands/secrets-sync-workflow.js +255 -0
package/dist/src/commands/secrets-upload.d.ts +21 -0
package/dist/src/commands/secrets-upload.d.ts.map +1 -0
package/dist/src/commands/secrets-upload.js +177 -0
package/dist/src/commands/secrets-upload.test.d.ts +5 -0
package/dist/src/commands/secrets-upload.test.d.ts.map +1 -0
package/dist/src/commands/secrets-upload.test.js +60 -0
package/dist/src/config.d.ts +3 -0
package/dist/src/config.d.ts.map +1 -0
package/dist/src/config.js +47 -0
package/dist/src/envman/cli.d.ts +21 -0
package/dist/src/envman/cli.d.ts.map +1 -0
package/dist/src/envman/cli.js +240 -0
package/dist/src/envman/envman.d.ts +83 -0
package/dist/src/envman/envman.d.ts.map +1 -0
package/dist/src/envman/envman.js +361 -0
package/dist/src/envman/envman.test.d.ts +5 -0
package/dist/src/envman/envman.test.d.ts.map +1 -0
package/dist/src/envman/envman.test.js +236 -0
package/dist/src/envman/index.d.ts +23 -0
package/dist/src/envman/index.d.ts.map +1 -0
package/dist/src/envman/index.js +23 -0
package/dist/src/envman/types.d.ts +55 -0
package/dist/src/envman/types.d.ts.map +1 -0
package/dist/src/envman/types.js +12 -0
package/dist/src/lib.d.ts +27 -0
package/dist/src/lib.d.ts.map +1 -0
package/dist/src/lib.js +32 -0
package/dist/src/pipeline.d.ts +3 -0
package/dist/src/pipeline.d.ts.map +1 -0
package/dist/src/pipeline.js +57 -0
package/dist/src/runner.d.ts +17 -0
package/dist/src/runner.d.ts.map +1 -0
package/dist/src/runner.js +234 -0
package/dist/src/types.d.ts +58 -0
package/dist/src/types.d.ts.map +1 -0
package/dist/src/types.js +2 -0
package/dist/src/yaml/bitrise-compat.d.ts +65 -0
package/dist/src/yaml/bitrise-compat.d.ts.map +1 -0
package/dist/src/yaml/bitrise-compat.js +206 -0
package/dist/src/yaml/bitrise-compat.test.d.ts +5 -0
package/dist/src/yaml/bitrise-compat.test.d.ts.map +1 -0
package/dist/src/yaml/bitrise-compat.test.js +347 -0
package/dist/src/yaml/converter.d.ts +33 -0
package/dist/src/yaml/converter.d.ts.map +1 -0
package/dist/src/yaml/converter.js +222 -0
package/dist/src/yaml/converter.test.d.ts +5 -0
package/dist/src/yaml/converter.test.d.ts.map +1 -0
package/dist/src/yaml/converter.test.js +348 -0
package/dist/src/yaml/e2e.test.d.ts +6 -0
package/dist/src/yaml/e2e.test.d.ts.map +1 -0
package/dist/src/yaml/e2e.test.js +446 -0
package/dist/src/yaml/env-resolver.d.ts +120 -0
package/dist/src/yaml/env-resolver.d.ts.map +1 -0
package/dist/src/yaml/env-resolver.js +405 -0
package/dist/src/yaml/env-resolver.test.d.ts +5 -0
package/dist/src/yaml/env-resolver.test.d.ts.map +1 -0
package/dist/src/yaml/env-resolver.test.js +502 -0
package/dist/src/yaml/interactive-prompts.d.ts +71 -0
package/dist/src/yaml/interactive-prompts.d.ts.map +1 -0
package/dist/src/yaml/interactive-prompts.js +258 -0
package/dist/src/yaml/missing-env-handler.d.ts +45 -0
package/dist/src/yaml/missing-env-handler.d.ts.map +1 -0
package/dist/src/yaml/missing-env-handler.js +64 -0
package/dist/src/yaml/parser.d.ts +33 -0
package/dist/src/yaml/parser.d.ts.map +1 -0
package/dist/src/yaml/parser.js +145 -0
package/dist/src/yaml/pipeline-with-secrets.d.ts +25 -0
package/dist/src/yaml/pipeline-with-secrets.d.ts.map +1 -0
package/dist/src/yaml/pipeline-with-secrets.js +76 -0
package/dist/src/yaml/platform-detector.d.ts +83 -0
package/dist/src/yaml/platform-detector.d.ts.map +1 -0
package/dist/src/yaml/platform-detector.js +188 -0
package/dist/src/yaml/platform-detector.test.d.ts +5 -0
package/dist/src/yaml/platform-detector.test.d.ts.map +1 -0
package/dist/src/yaml/platform-detector.test.js +414 -0
package/dist/src/yaml/preflight-validation.d.ts +40 -0
package/dist/src/yaml/preflight-validation.d.ts.map +1 -0
package/dist/src/yaml/preflight-validation.js +152 -0
package/dist/src/yaml/secrets-manager.d.ts +77 -0
package/dist/src/yaml/secrets-manager.d.ts.map +1 -0
package/dist/src/yaml/secrets-manager.js +219 -0
package/dist/src/yaml/step-validator.d.ts +54 -0
package/dist/src/yaml/step-validator.d.ts.map +1 -0
package/dist/src/yaml/step-validator.js +403 -0
package/dist/src/yaml/steps/android-sign.d.ts +35 -0
package/dist/src/yaml/steps/android-sign.d.ts.map +1 -0
package/dist/src/yaml/steps/android-sign.js +147 -0
package/dist/src/yaml/steps/android-version.d.ts +26 -0
package/dist/src/yaml/steps/android-version.d.ts.map +1 -0
package/dist/src/yaml/steps/android-version.js +128 -0
package/dist/src/yaml/steps/android-version.test.d.ts +5 -0
package/dist/src/yaml/steps/android-version.test.d.ts.map +1 -0
package/dist/src/yaml/steps/android-version.test.js +196 -0
package/dist/src/yaml/steps/android.d.ts +95 -0
package/dist/src/yaml/steps/android.d.ts.map +1 -0
package/dist/src/yaml/steps/android.js +916 -0
package/dist/src/yaml/steps/app-store-deploy.d.ts +48 -0
package/dist/src/yaml/steps/app-store-deploy.d.ts.map +1 -0
package/dist/src/yaml/steps/app-store-deploy.js +162 -0
package/dist/src/yaml/steps/base.d.ts +238 -0
package/dist/src/yaml/steps/base.d.ts.map +1 -0
package/dist/src/yaml/steps/base.js +345 -0
package/dist/src/yaml/steps/bitrise-android-tools.d.ts +26 -0
package/dist/src/yaml/steps/bitrise-android-tools.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-android-tools.js +198 -0
package/dist/src/yaml/steps/bitrise-android-tools.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-android-tools.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-android-tools.test.js +280 -0
package/dist/src/yaml/steps/bitrise-apk-info.d.ts +22 -0
package/dist/src/yaml/steps/bitrise-apk-info.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-apk-info.js +144 -0
package/dist/src/yaml/steps/bitrise-apk-info.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-apk-info.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-apk-info.test.js +331 -0
package/dist/src/yaml/steps/bitrise-slack.d.ts +49 -0
package/dist/src/yaml/steps/bitrise-slack.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-slack.js +280 -0
package/dist/src/yaml/steps/bitrise-slack.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-slack.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-slack.test.js +484 -0
package/dist/src/yaml/steps/bitrise-ssh.d.ts +27 -0
package/dist/src/yaml/steps/bitrise-ssh.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-ssh.js +134 -0
package/dist/src/yaml/steps/bitrise-ssh.test.d.ts +5 -0
package/dist/src/yaml/steps/bitrise-ssh.test.d.ts.map +1 -0
package/dist/src/yaml/steps/bitrise-ssh.test.js +205 -0
package/dist/src/yaml/steps/cache.d.ts +52 -0
package/dist/src/yaml/steps/cache.d.ts.map +1 -0
package/dist/src/yaml/steps/cache.js +352 -0
package/dist/src/yaml/steps/fastlane.d.ts +27 -0
package/dist/src/yaml/steps/fastlane.d.ts.map +1 -0
package/dist/src/yaml/steps/fastlane.js +79 -0
package/dist/src/yaml/steps/file.d.ts +27 -0
package/dist/src/yaml/steps/file.d.ts.map +1 -0
package/dist/src/yaml/steps/file.js +35 -0
package/dist/src/yaml/steps/flutter.d.ts +63 -0
package/dist/src/yaml/steps/flutter.d.ts.map +1 -0
package/dist/src/yaml/steps/flutter.js +215 -0
package/dist/src/yaml/steps/git-clone.d.ts +26 -0
package/dist/src/yaml/steps/git-clone.d.ts.map +1 -0
package/dist/src/yaml/steps/git-clone.js +111 -0
package/dist/src/yaml/steps/google-play-deploy.d.ts +37 -0
package/dist/src/yaml/steps/google-play-deploy.d.ts.map +1 -0
package/dist/src/yaml/steps/google-play-deploy.js +193 -0
package/dist/src/yaml/steps/google-play-deploy.test.d.ts +5 -0
package/dist/src/yaml/steps/google-play-deploy.test.d.ts.map +1 -0
package/dist/src/yaml/steps/google-play-deploy.test.js +310 -0
package/dist/src/yaml/steps/index.d.ts +10 -0
package/dist/src/yaml/steps/index.d.ts.map +1 -0
package/dist/src/yaml/steps/index.js +1361 -0
package/dist/src/yaml/steps/ios-deps.d.ts +43 -0
package/dist/src/yaml/steps/ios-deps.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-deps.js +141 -0
package/dist/src/yaml/steps/ios-deps.test.d.ts +5 -0
package/dist/src/yaml/steps/ios-deps.test.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-deps.test.js +90 -0
package/dist/src/yaml/steps/ios-signing.d.ts +31 -0
package/dist/src/yaml/steps/ios-signing.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-signing.js +144 -0
package/dist/src/yaml/steps/ios-version.d.ts +47 -0
package/dist/src/yaml/steps/ios-version.d.ts.map +1 -0
package/dist/src/yaml/steps/ios-version.js +151 -0
package/dist/src/yaml/steps/linting.d.ts +47 -0
package/dist/src/yaml/steps/linting.d.ts.map +1 -0
package/dist/src/yaml/steps/linting.js +148 -0
package/dist/src/yaml/steps/phase2.test.d.ts +6 -0
package/dist/src/yaml/steps/phase2.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase2.test.js +197 -0
package/dist/src/yaml/steps/phase3.test.d.ts +5 -0
package/dist/src/yaml/steps/phase3.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase3.test.js +144 -0
package/dist/src/yaml/steps/phase4.test.d.ts +5 -0
package/dist/src/yaml/steps/phase4.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase4.test.js +166 -0
package/dist/src/yaml/steps/phase5.test.d.ts +6 -0
package/dist/src/yaml/steps/phase5.test.d.ts.map +1 -0
package/dist/src/yaml/steps/phase5.test.js +263 -0
package/dist/src/yaml/steps/registry.d.ts +88 -0
package/dist/src/yaml/steps/registry.d.ts.map +1 -0
package/dist/src/yaml/steps/registry.js +125 -0
package/dist/src/yaml/steps/registry.test.d.ts +5 -0
package/dist/src/yaml/steps/registry.test.d.ts.map +1 -0
package/dist/src/yaml/steps/registry.test.js +235 -0
package/dist/src/yaml/steps/release.d.ts +50 -0
package/dist/src/yaml/steps/release.d.ts.map +1 -0
package/dist/src/yaml/steps/release.js +154 -0
package/dist/src/yaml/steps/script.d.ts +23 -0
package/dist/src/yaml/steps/script.d.ts.map +1 -0
package/dist/src/yaml/steps/script.js +63 -0
package/dist/src/yaml/steps/spec-validation.test.d.ts +6 -0
package/dist/src/yaml/steps/spec-validation.test.d.ts.map +1 -0
package/dist/src/yaml/steps/spec-validation.test.js +130 -0
package/dist/src/yaml/steps/steps.test.d.ts +6 -0
package/dist/src/yaml/steps/steps.test.d.ts.map +1 -0
package/dist/src/yaml/steps/steps.test.js +505 -0
package/dist/src/yaml/steps/test-config.d.ts +3 -0
package/dist/src/yaml/steps/test-config.d.ts.map +1 -0
package/dist/src/yaml/steps/test-config.js +17 -0
package/dist/src/yaml/steps/xcode-new.test.d.ts +5 -0
package/dist/src/yaml/steps/xcode-new.test.d.ts.map +1 -0
package/dist/src/yaml/steps/xcode-new.test.js +211 -0
package/dist/src/yaml/steps/xcode.d.ts +222 -0
package/dist/src/yaml/steps/xcode.d.ts.map +1 -0
package/dist/src/yaml/steps/xcode.js +999 -0
package/dist/src/yaml/types.d.ts +68 -0
package/dist/src/yaml/types.d.ts.map +1 -0
package/dist/src/yaml/types.js +5 -0
package/dist/src/yaml/validation-types.d.ts +96 -0
package/dist/src/yaml/validation-types.d.ts.map +1 -0
package/dist/src/yaml/validation-types.js +8 -0
package/dist/src/yaml/yaml-updater.d.ts +24 -0
package/dist/src/yaml/yaml-updater.d.ts.map +1 -0
package/dist/src/yaml/yaml-updater.js +128 -0
package/package.json +16 -4

package/dist/src/yaml/secrets-manager.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * Universal secrets management for CI Build
+ * Stores sensitive values by exact variable name — no UUIDs, no YAML modification
+ * Supports per-workflow scoping with global fallback
+ *
+ * File format:
+ * {
+ *   "global": { "VAR_NAME": "value" },
+ *   "workflows": {
+ *     "staging-java-17": { "VAR_NAME": "value" }
+ *   }
+ * }
+ */
+export interface SecretsFile {
+    global: Record<string, string>;
+    workflows: Record<string, Record<string, string>>;
+}
+export declare class SecretsManager {
+    private secretsFilePath;
+    private data;
+    private fileLoaded;
+    constructor(secretsFilePath?: string);
+    private loadSecrets;
+    /**
+     * Reads structured env vars (CIBUILD_S__* and CIBUILD_SW__*) and decodes them
+     * back into a SecretsFile structure. Used when running in CI where secrets
+     * were uploaded via `ci secrets upload`.
+     */
+    private getStructuredEnvSecrets;
+    private saveSecrets;
+    /**
+     * Store a secret by variable name, optionally scoped to a workflow.
+     * @returns The variable name (used as the key)
+     */
+    storeSecret(name: string, value: string, workflow?: string): string;
+    private static readonly ENV_PREFIX;
+    /**
+     * Reads all CIBUILD_-prefixed env vars, stripping the prefix from the keys.
+     * e.g. CIBUILD_SSH_RSA_PRIVATE_KEY → SSH_RSA_PRIVATE_KEY
+     */
+    private getEnvSecrets;
+    /**
+     * Get a secret value by variable name.
+     * Workflow-specific value takes precedence over global.
+     * Falls back to CIBUILD_-prefixed env vars when no secrets file is present.
+     */
+    getSecret(name: string, workflow?: string): string | undefined;
+    /**
+     * Get all secrets merged: global + workflow-specific (workflow overrides global).
+     * Falls back to CIBUILD_-prefixed env vars when no secrets file is present.
+     */
+    getAll(workflow?: string): Record<string, string>;
+    /**
+     * Returns the variable name if a secret exists for it, undefined otherwise.
+     * Checks workflow scope first, then global.
+     * Falls back to CIBUILD_-prefixed env vars when no secrets file is present.
+     */
+    getSecretIdByName(name: string, workflow?: string): string | undefined;
+    /**
+     * Returns the name itself (API compatibility).
+     */
+    getSecretName(id: string): string | undefined;
+    /**
+     * Check if a secret exists by variable name (global or any workflow).
+     */
+    hasSecret(name: string, workflow?: string): boolean;
+    /**
+     * Get all stored variable names (global + all workflows, deduplicated).
+     */
+    getAllSecretNames(): string[];
+    /**
+     * Delete a secret by variable name (from workflow scope or global).
+     */
+    deleteSecret(name: string, workflow?: string): boolean;
+    getSecretsFilePath(): string;
+}
+//# sourceMappingURL=secrets-manager.d.ts.map

package/dist/src/yaml/secrets-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secrets-manager.d.ts","sourceRoot":"","sources":["../../../src/yaml/secrets-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACnD;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,UAAU,CAAkB;gBAExB,eAAe,CAAC,EAAE,MAAM;IAMpC,OAAO,CAAC,WAAW;IAqCnB;;;;OAIG;IACH,OAAO,CAAC,uBAAuB;IAkB/B,OAAO,CAAC,WAAW;IAUnB;;;OAGG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM;IAanE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAc;IAEhD;;;OAGG;IACH,OAAO,CAAC,aAAa;IAUrB;;;;OAIG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAU9D;;;OAGG;IACH,MAAM,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAWjD;;;;OAIG;IACH,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAatE;;OAEG;IACH,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAI7C;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO;IAInD;;OAEG;IACH,iBAAiB,IAAI,MAAM,EAAE;IAQ7B;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO;IAetD,kBAAkB,IAAI,MAAM;CAG7B"}

package/dist/src/yaml/secrets-manager.js ADDED Viewed

@@ -0,0 +1,219 @@
+/**
+ * Universal secrets management for CI Build
+ * Stores sensitive values by exact variable name — no UUIDs, no YAML modification
+ * Supports per-workflow scoping with global fallback
+ *
+ * File format:
+ * {
+ *   "global": { "VAR_NAME": "value" },
+ *   "workflows": {
+ *     "staging-java-17": { "VAR_NAME": "value" }
+ *   }
+ * }
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { decodeSecretName } from '../commands/secrets-upload.js';
+export class SecretsManager {
+    secretsFilePath;
+    data;
+    fileLoaded = false;
+    constructor(secretsFilePath) {
+        this.secretsFilePath = secretsFilePath || path.join(process.cwd(), '.cibuild-secrets.json');
+        this.data = { global: {}, workflows: {} };
+        this.loadSecrets();
+    }
+    loadSecrets() {
+        try {
+            if (fs.existsSync(this.secretsFilePath)) {
+                const content = fs.readFileSync(this.secretsFilePath, 'utf-8');
+                const parsed = JSON.parse(content);
+                this.fileLoaded = true;
+                // Support both new format and legacy flat format
+                if (parsed.global !== undefined || parsed.workflows !== undefined) {
+                    this.data = {
+                        global: parsed.global || {},
+                        workflows: parsed.workflows || {},
+                    };
+                }
+                else {
+                    // Legacy flat format: treat all keys as global
+                    this.data.global = {};
+                    for (const [key, value] of Object.entries(parsed)) {
+                        if (typeof value === 'string') {
+                            this.data.global[key] = value;
+                        }
+                    }
+                }
+            }
+            else {
+                // No file — try loading from structured env vars (GitHub environment secrets)
+                const envData = this.getStructuredEnvSecrets();
+                if (Object.keys(envData.global).length > 0 ||
+                    Object.keys(envData.workflows).length > 0) {
+                    this.data = envData;
+                    this.fileLoaded = true;
+                }
+            }
+        }
+        catch (error) {
+            console.warn(`Warning: Could not load secrets file: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Reads structured env vars (CIBUILD_S__* and CIBUILD_SW__*) and decodes them
+     * back into a SecretsFile structure. Used when running in CI where secrets
+     * were uploaded via `ci secrets upload`.
+     */
+    getStructuredEnvSecrets() {
+        const result = { global: {}, workflows: {} };
+        for (const [key, value] of Object.entries(process.env)) {
+            if (value === undefined)
+                continue;
+            const decoded = decodeSecretName(key);
+            if (!decoded)
+                continue;
+            if (decoded.workflow) {
+                if (!result.workflows[decoded.workflow]) {
+                    result.workflows[decoded.workflow] = {};
+                }
+                result.workflows[decoded.workflow][decoded.varName] = value;
+            }
+            else {
+                result.global[decoded.varName] = value;
+            }
+        }
+        return result;
+    }
+    saveSecrets() {
+        const dir = path.dirname(this.secretsFilePath);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true });
+        }
+        fs.writeFileSync(this.secretsFilePath, JSON.stringify(this.data, null, 2), {
+            mode: 0o600,
+        });
+    }
+    /**
+     * Store a secret by variable name, optionally scoped to a workflow.
+     * @returns The variable name (used as the key)
+     */
+    storeSecret(name, value, workflow) {
+        if (workflow) {
+            if (!this.data.workflows[workflow]) {
+                this.data.workflows[workflow] = {};
+            }
+            this.data.workflows[workflow][name] = value;
+        }
+        else {
+            this.data.global[name] = value;
+        }
+        this.saveSecrets();
+        return name;
+    }
+    static ENV_PREFIX = 'CIBUILD_';
+    /**
+     * Reads all CIBUILD_-prefixed env vars, stripping the prefix from the keys.
+     * e.g. CIBUILD_SSH_RSA_PRIVATE_KEY → SSH_RSA_PRIVATE_KEY
+     */
+    getEnvSecrets() {
+        const secrets = {};
+        for (const [key, value] of Object.entries(process.env)) {
+            if (key.startsWith(SecretsManager.ENV_PREFIX) && value !== undefined) {
+                secrets[key.slice(SecretsManager.ENV_PREFIX.length)] = value;
+            }
+        }
+        return secrets;
+    }
+    /**
+     * Get a secret value by variable name.
+     * Workflow-specific value takes precedence over global.
+     * Falls back to CIBUILD_-prefixed env vars when no secrets file is present.
+     */
+    getSecret(name, workflow) {
+        if (!this.fileLoaded) {
+            return process.env[SecretsManager.ENV_PREFIX + name];
+        }
+        if (workflow && this.data.workflows[workflow]?.[name] !== undefined) {
+            return this.data.workflows[workflow][name];
+        }
+        return this.data.global[name];
+    }
+    /**
+     * Get all secrets merged: global + workflow-specific (workflow overrides global).
+     * Falls back to CIBUILD_-prefixed env vars when no secrets file is present.
+     */
+    getAll(workflow) {
+        if (!this.fileLoaded) {
+            return this.getEnvSecrets();
+        }
+        const merged = { ...this.data.global };
+        if (workflow && this.data.workflows[workflow]) {
+            Object.assign(merged, this.data.workflows[workflow]);
+        }
+        return merged;
+    }
+    /**
+     * Returns the variable name if a secret exists for it, undefined otherwise.
+     * Checks workflow scope first, then global.
+     * Falls back to CIBUILD_-prefixed env vars when no secrets file is present.
+     */
+    getSecretIdByName(name, workflow) {
+        if (!this.fileLoaded) {
+            return process.env[SecretsManager.ENV_PREFIX + name] !== undefined ? name : undefined;
+        }
+        if (workflow && this.data.workflows[workflow]?.[name] !== undefined) {
+            return name;
+        }
+        if (this.data.global[name] !== undefined) {
+            return name;
+        }
+        return undefined;
+    }
+    /**
+     * Returns the name itself (API compatibility).
+     */
+    getSecretName(id) {
+        return this.getSecretIdByName(id) ? id : undefined;
+    }
+    /**
+     * Check if a secret exists by variable name (global or any workflow).
+     */
+    hasSecret(name, workflow) {
+        return this.getSecretIdByName(name, workflow) !== undefined;
+    }
+    /**
+     * Get all stored variable names (global + all workflows, deduplicated).
+     */
+    getAllSecretNames() {
+        const names = new Set(Object.keys(this.data.global));
+        for (const vars of Object.values(this.data.workflows)) {
+            for (const key of Object.keys(vars))
+                names.add(key);
+        }
+        return Array.from(names);
+    }
+    /**
+     * Delete a secret by variable name (from workflow scope or global).
+     */
+    deleteSecret(name, workflow) {
+        let deleted = false;
+        if (workflow && this.data.workflows[workflow]) {
+            if (name in this.data.workflows[workflow]) {
+                delete this.data.workflows[workflow][name];
+                deleted = true;
+            }
+        }
+        else if (name in this.data.global) {
+            delete this.data.global[name];
+            deleted = true;
+        }
+        if (deleted)
+            this.saveSecrets();
+        return deleted;
+    }
+    getSecretsFilePath() {
+        return this.secretsFilePath;
+    }
+}
+//# sourceMappingURL=secrets-manager.js.map

package/dist/src/yaml/step-validator.d.ts ADDED Viewed

@@ -0,0 +1,54 @@
+/**
+ * Pre-execution validation orchestrator
+ *
+ * Validates all steps in a workflow BEFORE execution begins.
+ * All validation checks are READ-ONLY and safe to run on the user's machine.
+ * This enables catching all issues at once instead of failing on the first error.
+ */
+import type { YAMLPipeline } from './types.js';
+import type { CIConfig } from '../types.js';
+import type { WorkflowValidationResult } from './validation-types.js';
+/**
+ * StepValidator orchestrates pre-execution validation for a workflow.
+ * It iterates through all steps, collects validation requirements,
+ * runs pre-execution checks, and aggregates all issues.
+ */
+export declare class StepValidator {
+    private pipeline;
+    private workflow;
+    private workflowName;
+    private config;
+    private envResolver;
+    private yamlFilePath?;
+    private availableOutputs;
+    private establishedPlatform;
+    constructor(pipeline: YAMLPipeline, workflowName: string, config: CIConfig, yamlFilePath?: string);
+    /**
+     * Validates all steps in the workflow.
+     * Returns a complete validation result with all issues grouped by step and category.
+     */
+    validateWorkflow(): Promise<WorkflowValidationResult>;
+    /**
+     * Validates a single requirement and returns an issue if it fails
+     */
+    private validateRequirement;
+    /**
+     * Extracts all $VAR and ${VAR} variable names referenced in an object recursively.
+     */
+    private extractVariableReferences;
+    /**
+     * Replaces all unresolved $VAR and ${VAR} references with empty string.
+     * Used as a lenient fallback when full interpolation fails, so that
+     * getValidationRequirements can detect truly-missing variables correctly.
+     */
+    private stripUnresolvedVars;
+    /**
+     * Parses a YAML step into a ParsedStep (simplified version of converter logic)
+     */
+    private parseStep;
+}
+/**
+ * Format validation result for console output
+ */
+export declare function formatValidationResult(result: WorkflowValidationResult): string;
+//# sourceMappingURL=step-validator.d.ts.map

package/dist/src/yaml/step-validator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"step-validator.d.ts","sourceRoot":"","sources":["../../../src/yaml/step-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EAAE,YAAY,EAA4B,MAAM,YAAY,CAAC;AACzE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAGV,wBAAwB,EAGzB,MAAM,uBAAuB,CAAC;AAoB/B;;;;GAIG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,MAAM,CAAW;IACzB,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,YAAY,CAAC,CAAS;IAG9B,OAAO,CAAC,gBAAgB,CAAoE;IAG5F,OAAO,CAAC,mBAAmB,CAA6B;gBAGtD,QAAQ,EAAE,YAAY,EACtB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,QAAQ,EAChB,YAAY,CAAC,EAAE,MAAM;IAwBvB;;;OAGG;IACG,gBAAgB,IAAI,OAAO,CAAC,wBAAwB,CAAC;IAuM3D;;OAEG;YACW,mBAAmB;IAsDjC;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAoBjC;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAiB3B;;OAEG;IACH,OAAO,CAAC,SAAS;CA8BlB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,wBAAwB,GAAG,MAAM,CA4D/E"}