@oisincoveney/pipeline 3.17.3 → 3.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/argo-submit.d.ts +4 -0
- package/dist/argo-submit.js +3 -1
- package/dist/cli/submit-options.js +1 -0
- package/dist/moka-global-config.d.ts +4 -0
- package/dist/moka-global-config.js +2 -1
- package/dist/moka-submit.d.ts +20 -0
- package/dist/moka-submit.js +2 -1
- package/dist/remote/argo/model.d.ts +4 -0
- package/dist/remote/argo/model.js +16 -1
- package/dist/remote/argo/policy.js +7 -0
- package/dist/remote/submit/argo-submission.d.ts +4 -0
- package/dist/remote/submit/argo-submission.js +1 -0
- package/package.json +1 -1
package/dist/argo-submit.d.ts
CHANGED
|
@@ -27,6 +27,10 @@ declare const submitRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
|
|
|
27
27
|
}>>;
|
|
28
28
|
imagePullSecretName: z.ZodOptional<z.ZodString>;
|
|
29
29
|
kubeconfigPath: z.ZodOptional<z.ZodString>;
|
|
30
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
31
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
32
|
+
secretName: z.ZodString;
|
|
33
|
+
}, z.core.$strict>>;
|
|
30
34
|
name: z.ZodOptional<z.ZodString>;
|
|
31
35
|
namespace: z.ZodString;
|
|
32
36
|
payloadJson: z.ZodString;
|
package/dist/argo-submit.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ArgoGraphCompilerError, compileArgoExecutionGraph } from "./argo-graph.js";
|
|
2
|
-
import { dbAuthOptionSchema } from "./remote/argo/model.js";
|
|
2
|
+
import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
|
|
3
3
|
import { brokerAuthOptionSchema } from "./credentials/broker.js";
|
|
4
4
|
import { compileScheduleArtifact, parseScheduleArtifact } from "./planning/generate.js";
|
|
5
5
|
import { parseRunnerCommandPayload, runnerCommandPayloadSchema } from "./runner-command-contract.js";
|
|
@@ -40,6 +40,7 @@ const submitRunnerArgoWorkflowOptionsSchema = z.object({
|
|
|
40
40
|
]).optional(),
|
|
41
41
|
imagePullSecretName: z.string().min(1).optional(),
|
|
42
42
|
kubeconfigPath: z.string().min(1).optional(),
|
|
43
|
+
mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
|
|
43
44
|
name: z.string().min(1).optional(),
|
|
44
45
|
namespace: z.string().min(1),
|
|
45
46
|
payloadJson: z.string().min(1),
|
|
@@ -82,6 +83,7 @@ function submitRunnerArgoWorkflowEffect(rawOptions, dependencies) {
|
|
|
82
83
|
} : {},
|
|
83
84
|
brokerAuth: options.brokerAuth,
|
|
84
85
|
dbAuth: options.dbAuth,
|
|
86
|
+
mcpGatewayAuth: options.mcpGatewayAuth,
|
|
85
87
|
eventAuthSecretKey: options.eventAuthSecretKey,
|
|
86
88
|
eventAuthSecretName: options.eventAuthSecretName,
|
|
87
89
|
generateName: options.generateName,
|
|
@@ -37,6 +37,7 @@ function mokaCommonSubmitOptions(input) {
|
|
|
37
37
|
brokerAuth: resolveMokaBrokerAuth(input.globalConfig),
|
|
38
38
|
config: input.config,
|
|
39
39
|
dbAuth: momokaya?.submit.dbAuth,
|
|
40
|
+
mcpGatewayAuth: momokaya?.submit.mcpGatewayAuth,
|
|
40
41
|
delivery: { pullRequest: input.flags.openPr === true },
|
|
41
42
|
eventUrl: input.eventUrl,
|
|
42
43
|
eventAuthSecretKey: momokaya?.submit.eventAuthSecretKey,
|
|
@@ -22,6 +22,10 @@ declare const mokaGlobalConfigSchema: z.ZodObject<{
|
|
|
22
22
|
secretKey: z.ZodDefault<z.ZodString>;
|
|
23
23
|
secretName: z.ZodString;
|
|
24
24
|
}, z.core.$strict>>;
|
|
25
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
26
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
27
|
+
secretName: z.ZodString;
|
|
28
|
+
}, z.core.$strict>>;
|
|
25
29
|
eventAuthSecretKey: z.ZodString;
|
|
26
30
|
eventAuthSecretName: z.ZodString;
|
|
27
31
|
eventUrl: z.ZodString;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { dbAuthOptionSchema } from "./remote/argo/model.js";
|
|
1
|
+
import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
|
|
2
2
|
import { brokerAuthOptionSchema } from "./credentials/broker.js";
|
|
3
3
|
import { PipelineConfigError, configIssuesFromZodError, validationError } from "./config/schemas.js";
|
|
4
4
|
import { ConfigIoService, runConfigIoSync } from "./runtime/services/config-io-service.js";
|
|
@@ -19,6 +19,7 @@ const mokaDbGlobalConfigSchema = z.object({ url: z.string().url().refine((value)
|
|
|
19
19
|
const mokaSubmitGlobalConfigSchema = z.object({
|
|
20
20
|
brokerAuth: brokerAuthOptionSchema,
|
|
21
21
|
dbAuth: dbAuthOptionSchema.optional(),
|
|
22
|
+
mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
|
|
22
23
|
eventAuthSecretKey: z.string().min(1),
|
|
23
24
|
eventAuthSecretName: z.string().min(1),
|
|
24
25
|
eventUrl: z.string().url(),
|
package/dist/moka-submit.d.ts
CHANGED
|
@@ -110,6 +110,10 @@ declare const mokaSubmitBaseOptionsSchema: z.ZodObject<{
|
|
|
110
110
|
secretKey: z.ZodDefault<z.ZodString>;
|
|
111
111
|
secretName: z.ZodString;
|
|
112
112
|
}, z.core.$strict>>;
|
|
113
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
114
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
115
|
+
secretName: z.ZodString;
|
|
116
|
+
}, z.core.$strict>>;
|
|
113
117
|
delivery: z.ZodDefault<z.ZodObject<{
|
|
114
118
|
mode: z.ZodDefault<z.ZodEnum<{
|
|
115
119
|
"create-new-pr": "create-new-pr";
|
|
@@ -219,6 +223,10 @@ declare const mokaGraphSubmitOptionsSchema: z.ZodObject<{
|
|
|
219
223
|
secretKey: z.ZodDefault<z.ZodString>;
|
|
220
224
|
secretName: z.ZodString;
|
|
221
225
|
}, z.core.$strict>>;
|
|
226
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
227
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
228
|
+
secretName: z.ZodString;
|
|
229
|
+
}, z.core.$strict>>;
|
|
222
230
|
delivery: z.ZodDefault<z.ZodObject<{
|
|
223
231
|
mode: z.ZodDefault<z.ZodEnum<{
|
|
224
232
|
"create-new-pr": "create-new-pr";
|
|
@@ -345,6 +353,10 @@ declare const mokaCommandSubmitOptionsSchema: z.ZodObject<{
|
|
|
345
353
|
secretKey: z.ZodDefault<z.ZodString>;
|
|
346
354
|
secretName: z.ZodString;
|
|
347
355
|
}, z.core.$strict>>;
|
|
356
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
357
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
358
|
+
secretName: z.ZodString;
|
|
359
|
+
}, z.core.$strict>>;
|
|
348
360
|
delivery: z.ZodDefault<z.ZodObject<{
|
|
349
361
|
mode: z.ZodDefault<z.ZodEnum<{
|
|
350
362
|
"create-new-pr": "create-new-pr";
|
|
@@ -466,6 +478,10 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
466
478
|
secretKey: z.ZodDefault<z.ZodString>;
|
|
467
479
|
secretName: z.ZodString;
|
|
468
480
|
}, z.core.$strict>>;
|
|
481
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
482
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
483
|
+
secretName: z.ZodString;
|
|
484
|
+
}, z.core.$strict>>;
|
|
469
485
|
delivery: z.ZodDefault<z.ZodObject<{
|
|
470
486
|
mode: z.ZodDefault<z.ZodEnum<{
|
|
471
487
|
"create-new-pr": "create-new-pr";
|
|
@@ -591,6 +607,10 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
591
607
|
secretKey: z.ZodDefault<z.ZodString>;
|
|
592
608
|
secretName: z.ZodString;
|
|
593
609
|
}, z.core.$strict>>;
|
|
610
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
611
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
612
|
+
secretName: z.ZodString;
|
|
613
|
+
}, z.core.$strict>>;
|
|
594
614
|
delivery: z.ZodDefault<z.ZodObject<{
|
|
595
615
|
mode: z.ZodDefault<z.ZodEnum<{
|
|
596
616
|
"create-new-pr": "create-new-pr";
|
package/dist/moka-submit.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { dbAuthOptionSchema } from "./remote/argo/model.js";
|
|
1
|
+
import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
|
|
2
2
|
import { brokerAuthOptionSchema } from "./credentials/broker.js";
|
|
3
3
|
import { runnerDeliverySchema, runnerHookPolicySchema, runnerRepositoryContextSchema, runnerRunIdentitySchema, runnerTaskSchema } from "./runner-command-contract.js";
|
|
4
4
|
import { workflowSubmitResultSchema } from "./workflow-submit-contract.js";
|
|
@@ -48,6 +48,7 @@ const mokaSubmitResultSchema = workflowSubmitResultSchema;
|
|
|
48
48
|
const mokaSubmitBaseOptionsSchema = z.object({
|
|
49
49
|
brokerAuth: brokerAuthOptionSchema,
|
|
50
50
|
dbAuth: dbAuthOptionSchema.optional(),
|
|
51
|
+
mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
|
|
51
52
|
delivery: runnerDeliverySchema.default({
|
|
52
53
|
mode: "create-new-pr",
|
|
53
54
|
pullRequest: false
|
|
@@ -26,6 +26,10 @@ declare const buildRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
|
|
|
26
26
|
}>>;
|
|
27
27
|
imagePullSecretName: z.ZodOptional<z.ZodString>;
|
|
28
28
|
labels: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodOptional<z.ZodString>>>;
|
|
29
|
+
mcpGatewayAuth: z.ZodOptional<z.ZodObject<{
|
|
30
|
+
secretKey: z.ZodDefault<z.ZodString>;
|
|
31
|
+
secretName: z.ZodString;
|
|
32
|
+
}, z.core.$strict>>;
|
|
29
33
|
name: z.ZodOptional<z.ZodString>;
|
|
30
34
|
namespace: z.ZodString;
|
|
31
35
|
payloadConfigMapKey: z.ZodDefault<z.ZodString>;
|
|
@@ -14,6 +14,20 @@ const dbAuthOptionSchema = z.object({
|
|
|
14
14
|
secretKey: z.string().min(1).default("db-url"),
|
|
15
15
|
secretName: kubernetesNameSchema
|
|
16
16
|
}).strict();
|
|
17
|
+
/**
|
|
18
|
+
* Submit-time secret ref for PIPELINE_MCP_GATEWAY_AUTHORIZATION injection in
|
|
19
|
+
* runner pods. Lets runner-side agents reach the pipeline-gateway vMCP (the
|
|
20
|
+
* verify-bot-authed browser-automation tools) the same way Coder dev-workspaces
|
|
21
|
+
* do: the shared dotfiles opencode MCP config reads the gateway basic-auth
|
|
22
|
+
* header from this env. The single owner of the option shape — the
|
|
23
|
+
* runner-workflow model, argo-submit, and moka-submit all reference this rather
|
|
24
|
+
* than redeclaring it. `secretKey` defaults to "pipeline-mcp-gateway-authorization"
|
|
25
|
+
* (the ExternalSecret-projected key); absent mcpGatewayAuth → no env emitted.
|
|
26
|
+
*/
|
|
27
|
+
const mcpGatewayAuthOptionSchema = z.object({
|
|
28
|
+
secretKey: z.string().min(1).default("pipeline-mcp-gateway-authorization"),
|
|
29
|
+
secretName: kubernetesNameSchema
|
|
30
|
+
}).strict();
|
|
17
31
|
const labelValueSchema = z.string().min(1);
|
|
18
32
|
const stringMapSchema = z.record(z.string().min(1), z.string().min(1));
|
|
19
33
|
const configMapVolumeSchema = z.object({
|
|
@@ -152,6 +166,7 @@ const buildRunnerArgoWorkflowOptionsSchema = z.object({
|
|
|
152
166
|
]).default("Always"),
|
|
153
167
|
imagePullSecretName: kubernetesNameSchema.optional(),
|
|
154
168
|
labels: z.record(z.string().min(1), z.string().min(1).optional()).default({}),
|
|
169
|
+
mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
|
|
155
170
|
name: z.string().min(1).optional(),
|
|
156
171
|
namespace: kubernetesNameSchema,
|
|
157
172
|
payloadConfigMapKey: z.string().min(1).default("payload.json"),
|
|
@@ -168,4 +183,4 @@ const buildRunnerArgoWorkflowOptionsSchema = z.object({
|
|
|
168
183
|
}).strict().optional()
|
|
169
184
|
}).strict().refine((options) => options.name !== void 0 || options.generateName !== void 0, { message: "Runner Workflow options must declare name or generateName" });
|
|
170
185
|
//#endregion
|
|
171
|
-
export { argoWorkflowVolumeMountSchema, argoWorkflowVolumeSchema, buildRunnerArgoWorkflowOptionsSchema, createRunnerArgoWorkflowManifestSchema, dbAuthOptionSchema };
|
|
186
|
+
export { argoWorkflowVolumeMountSchema, argoWorkflowVolumeSchema, buildRunnerArgoWorkflowOptionsSchema, createRunnerArgoWorkflowManifestSchema, dbAuthOptionSchema, mcpGatewayAuthOptionSchema };
|
|
@@ -68,6 +68,13 @@ function runnerContainerEnv(options) {
|
|
|
68
68
|
key: options.dbAuth.secretKey,
|
|
69
69
|
name: options.dbAuth.secretName
|
|
70
70
|
} }
|
|
71
|
+
}],
|
|
72
|
+
...options.mcpGatewayAuth === void 0 ? [] : [{
|
|
73
|
+
name: "PIPELINE_MCP_GATEWAY_AUTHORIZATION",
|
|
74
|
+
valueFrom: { secretKeyRef: {
|
|
75
|
+
key: options.mcpGatewayAuth.secretKey,
|
|
76
|
+
name: options.mcpGatewayAuth.secretName
|
|
77
|
+
} }
|
|
71
78
|
}]
|
|
72
79
|
];
|
|
73
80
|
}
|
|
@@ -19,6 +19,10 @@ interface MokaWorkflowSubmitOptions {
|
|
|
19
19
|
imagePullPolicy?: "Always" | "IfNotPresent" | "Never";
|
|
20
20
|
imagePullSecretName?: string;
|
|
21
21
|
kubeconfigPath?: string;
|
|
22
|
+
mcpGatewayAuth?: {
|
|
23
|
+
secretKey?: string;
|
|
24
|
+
secretName: string;
|
|
25
|
+
};
|
|
22
26
|
name?: string;
|
|
23
27
|
namespace: string;
|
|
24
28
|
payloadJson: string;
|
|
@@ -21,6 +21,7 @@ function workflowSubmitOptions(options) {
|
|
|
21
21
|
return {
|
|
22
22
|
brokerAuth: options.brokerAuth,
|
|
23
23
|
dbAuth: options.dbAuth,
|
|
24
|
+
mcpGatewayAuth: options.mcpGatewayAuth,
|
|
24
25
|
eventAuthSecretKey: options.eventAuthSecretKey,
|
|
25
26
|
eventAuthSecretName: options.eventAuthSecretName,
|
|
26
27
|
generateName: options.generateName,
|
package/package.json
CHANGED
|
@@ -132,7 +132,7 @@
|
|
|
132
132
|
"prepack": "nub run build:cli"
|
|
133
133
|
},
|
|
134
134
|
"type": "module",
|
|
135
|
-
"version": "3.
|
|
135
|
+
"version": "3.18.0",
|
|
136
136
|
"description": "Config-driven multi-agent pipeline runner for repository work",
|
|
137
137
|
"main": "./dist/index.js",
|
|
138
138
|
"types": "./dist/index.d.ts",
|