@invarn/cibuild 1.9.4 → 1.9.6

package/dist/src/commands/index.d.ts

@@ -23,4 +23,10 @@ export { handleBuildCommand } from "./build.js";
 export { handleResetCommand } from "./reset.js";
 export { detectMobileProjectRoot } from "../shared/detect-project.js";
 export type { MobileProjectType } from "../shared/detect-project.js";
+export { scanIosProject, formatIosScanResult } from "./ios-scanner.js";
+export type { IosScanResult, IosWarning, IosWarningCategory, IosWarningSeverity, } from "./ios-scanner.js";
+export { scanAndroidProject, formatScanResult, detectBuildVariants, } from "./android-scanner.js";
+export type { ScanResult as AndroidScanResult, BuildVariants, BuildWarning, WarningCategory, WarningSeverity, } from "./android-scanner.js";
+export { collectFileSecret, findProjectFiles } from "./file-secret-collector.js";
+export type { FileSecretConfig, FileSecretPaths, WorkflowGroup, } from "./file-secret-collector.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/commands/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAGhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE7C,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3C,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAEjE,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,YAAY,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAElE,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAGhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,YAAY,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAOrE,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvE,YAAY,EACV,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,UAAU,IAAI,iBAAiB,EAC/B,aAAa,EACb,YAAY,EACZ,eAAe,EACf,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACjF,YAAY,EACV,gBAAgB,EAChB,eAAe,EACf,aAAa,GACd,MAAM,4BAA4B,CAAC"}

package/dist/src/commands/index.js

@@ -19,4 +19,12 @@ export { handleBuildCommand } from "./build.js";
 export { handleResetCommand } from "./reset.js";
 // Helpers useful for callers that implement their own variations.
 export { detectMobileProjectRoot } from "../shared/detect-project.js";
+// Project scanners — pure, toolchain-free file-content detectors. Exposed
+// so external callers (the Invarn CLI) can detect build variables and
+// secret-bearing files from a checkout and push them to the backend,
+// rather than re-implementing the same parsing. The scanners take a
+// project-root path and read file contents only — no xcodebuild/gradle.
+export { scanIosProject, formatIosScanResult } from "./ios-scanner.js";
+export { scanAndroidProject, formatScanResult, detectBuildVariants, } from "./android-scanner.js";
+export { collectFileSecret, findProjectFiles } from "./file-secret-collector.js";
 //# sourceMappingURL=index.js.map

package/dist/src/yaml/steps/cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBxD;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,4HAA4H;IAC5H,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sHAAsH;IACtH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAUrD,CAAC;AAmFF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YA0GzF,iBAAiB;CA8LhC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YA4JzF,iBAAiB;CAoHhC"}
+{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../../../src/yaml/steps/cache.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAkBxD;;;;;;GAMG;AACH,MAAM,WAAW,WAAW;IAC1B,4HAA4H;IAC5H,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sHAAsH;IACtH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAUrD,CAAC;AAmFF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YA0GzF,iBAAiB;CA8LhC;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,gBAAgB;IACnD,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;YAgKzF,iBAAiB;CA4HhC"}

package/dist/src/yaml/steps/cache.js

@@ -484,9 +484,13 @@ export class CachePushStepExecutor extends BaseStepExecutor {
             commands.push('  echo "Paths to cache:"');
             commands.push('  printf "  %s\\n" "${PATHS_TO_CACHE[@]}"');
         }
-        // Atomic write: .tmp + rename. No lock needed — runs are serialized per runner,
-        // and cross-writer races resolve to last-writer-wins without corruption.
-        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_FILE.tmp" && mv "$CACHE_FILE.tmp" "$CACHE_FILE" || true');
+        // Atomic write into a per-process-unique temp (CBR-12). The "runs serialized
+        // per runner" assumption behind a fixed "$CACHE_FILE.tmp" is false with two VM
+        // slots and collides with the host cache daemon mutating this VirtioFS-shared
+        // dir; a unique name (PID + $RANDOM) removes the clash. The atomic mv is kept,
+        // and a failed compress/mv removes its own temp (no orphan) and stays non-fatal.
+        commands.push('  CACHE_TMP="$CACHE_FILE.$$.$RANDOM.tmp"');
+        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_TMP" && mv "$CACHE_TMP" "$CACHE_FILE" || rm -f "$CACHE_TMP"');
         commands.push('  if [ -f "$CACHE_FILE" ]; then');
         commands.push('    echo "Cache created successfully"');
         if (isDebugMode) {
@@ -587,7 +591,15 @@ export class CachePushStepExecutor extends BaseStepExecutor {
         // build. Atomic .tmp + mv overwrites any prior tarball under this key.
         commands.push('if [ ${#PATHS_TO_CACHE[@]} -gt 0 ]; then');
         commands.push('  echo "Caching ${#PATHS_TO_CACHE[@]} path(s)..."');
-        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_FILE.tmp" && mv "$CACHE_FILE.tmp" "$CACHE_FILE" || true');
+        // Per-process-unique temp (CBR-12). The old fixed "$CACHE_FILE.tmp" assumed
+        // a single serialized writer — false with two VM slots, and it collides with
+        // the host cache daemon mutating this VirtioFS-shared dir, which (a) made the
+        // guest's own .tmp transiently vanish at `mv` (silent clobber, masked by
+        // `|| true`) and (b) dropped VirtioFS off its async fast path. A unique name
+        // removes the collision; the atomic mv into place is preserved, and a failed
+        // compress/mv removes its own temp (no orphan) while staying non-fatal.
+        commands.push('  CACHE_TMP="$CACHE_FILE.$$.$RANDOM.tmp"');
+        commands.push('  tar -cf - "${PATHS_TO_CACHE[@]}" 2>/dev/null | zstd -3 > "$CACHE_TMP" && mv "$CACHE_TMP" "$CACHE_FILE" || rm -f "$CACHE_TMP"');
         commands.push('  if [ -f "$CACHE_FILE" ]; then');
         commands.push('    echo "Cache created successfully"');
         if (isDebugMode) {

package/dist/src/yaml/steps/steps.test.js

@@ -336,6 +336,20 @@ describe('Step Implementations', () => {
             const result = await executor.execute(inputs, {}, testConfig);
             expect(result.script).toContain('skipped');
         });
+        test('uses a per-process-unique temp for the atomic write (CBR-12)', async () => {
+            const executor = new CachePushStepExecutor();
+            const result = await executor.execute({ technology: 'kmm' }, {}, testConfig);
+            // The old fixed "$CACHE_FILE.tmp" assumed a single writer ("runs
+            // serialized per runner") — false with two VM slots, and it collides with
+            // the host cache daemon mutating the same VirtioFS-shared dir. A unique
+            // temp (PID + $RANDOM) removes the collision; the atomic mv is preserved.
+            expect(result.script).not.toContain('> "$CACHE_FILE.tmp"');
+            expect(result.script).toContain('CACHE_TMP="$CACHE_FILE.$$.$RANDOM.tmp"');
+            expect(result.script).toContain('mv "$CACHE_TMP" "$CACHE_FILE"');
+            // A failed compress/mv cleans its own temp instead of leaking orphans,
+            // and stays non-fatal (never fails the build).
+            expect(result.script).toContain('rm -f "$CACHE_TMP"');
+        });
         test('should require cache_paths', async () => {
             const executor = new CachePushStepExecutor();
             const inputs = {
@@ -421,8 +435,8 @@ describe('Step Implementations', () => {
         test('should use atomic write (tmp + mv) for preset push', async () => {
             const executor = new CachePushStepExecutor();
             const result = await executor.execute({ technology: 'gradle' }, {}, testConfig);
-            expect(result.script).toContain('> "$CACHE_FILE.tmp"');
-            expect(result.script).toContain('mv "$CACHE_FILE.tmp" "$CACHE_FILE"');
+            expect(result.script).toContain('> "$CACHE_TMP"');
+            expect(result.script).toContain('mv "$CACHE_TMP" "$CACHE_FILE"');
         });
         test('should NOT emit guest-side retention (the peer cache daemon owns it, CBR-6)', async () => {
             // ADR 0002 / CBR-6: retention moved into the long-lived peer cache daemon,
@@ -447,8 +461,8 @@ describe('Step Implementations', () => {
         test('should use atomic write (tmp + mv) for manual cache_key push', async () => {
             const executor = new CachePushStepExecutor();
             const result = await executor.execute({ cache_key: 'my-key', cache_paths: ['build'] }, {}, testConfig);
-            expect(result.script).toContain('> "$CACHE_FILE.tmp"');
-            expect(result.script).toContain('mv "$CACHE_FILE.tmp" "$CACHE_FILE"');
+            expect(result.script).toContain('> "$CACHE_TMP"');
+            expect(result.script).toContain('mv "$CACHE_TMP" "$CACHE_FILE"');
         });
     });
     describe('XcodeBuildStepExecutor', () => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@invarn/cibuild",
-  "version": "1.9.4",
+  "version": "1.9.6",
   "description": "CI Build CLI — local pipeline orchestration and validation",
   "type": "module",
   "main": "dist/cli.cjs",