@oisincoveney/pipeline 3.19.6 → 3.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/argo-submit.d.ts +3 -0
- package/dist/argo-submit.js +8 -2
- package/dist/cli/submit-options.js +9 -1
- package/dist/moka-global-config.d.ts +1 -0
- package/dist/moka-global-config.js +1 -0
- package/dist/moka-submit.d.ts +5 -0
- package/dist/moka-submit.js +1 -0
- package/dist/planning/generate.js +2 -2
- package/dist/remote/argo/model.d.ts +2 -0
- package/dist/remote/argo/model.js +1 -0
- package/dist/remote/argo/storage.js +27 -6
- package/dist/remote/submit/argo-submission.d.ts +1 -0
- package/dist/remote/submit/argo-submission.js +1 -0
- package/dist/remote/submit/compilation.js +1 -0
- package/dist/runtime/open-pull-request/open-pull-request.js +10 -7
- package/dist/schedule/passes/open-pull-request.js +3 -3
- package/docs/operator-guide.md +7 -0
- package/package.json +2 -1
package/dist/argo-submit.d.ts
CHANGED
|
@@ -34,6 +34,7 @@ declare const submitRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
|
|
|
34
34
|
}, z.core.$strict>>;
|
|
35
35
|
name: z.ZodOptional<z.ZodString>;
|
|
36
36
|
namespace: z.ZodString;
|
|
37
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
37
38
|
payloadJson: z.ZodString;
|
|
38
39
|
serviceAccountName: z.ZodOptional<z.ZodString>;
|
|
39
40
|
scheduleYaml: z.ZodString;
|
|
@@ -68,12 +69,14 @@ declare const submitDynamicRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
|
|
|
68
69
|
}, z.core.$strict>>;
|
|
69
70
|
name: z.ZodOptional<z.ZodString>;
|
|
70
71
|
namespace: z.ZodString;
|
|
72
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
71
73
|
payloadJson: z.ZodString;
|
|
72
74
|
serviceAccountName: z.ZodOptional<z.ZodString>;
|
|
73
75
|
workflowId: z.ZodString;
|
|
74
76
|
}, z.core.$strict>;
|
|
75
77
|
declare const commandScheduleOptionsSchema: z.ZodObject<{
|
|
76
78
|
command: z.ZodArray<z.ZodString>;
|
|
79
|
+
deliverPullRequest: z.ZodDefault<z.ZodBoolean>;
|
|
77
80
|
generatedAt: z.ZodDefault<z.ZodDate>;
|
|
78
81
|
scheduleId: z.ZodOptional<z.ZodString>;
|
|
79
82
|
task: z.ZodString;
|
package/dist/argo-submit.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { ArgoGraphCompilerError, compileArgoExecutionGraph } from "./argo-graph.js";
|
|
2
2
|
import { dbAuthOptionSchema, mcpGatewayAuthOptionSchema } from "./remote/argo/model.js";
|
|
3
3
|
import { brokerAuthOptionSchema } from "./credentials/broker.js";
|
|
4
|
+
import { appendPullRequestDelivery } from "./schedule/passes/open-pull-request.js";
|
|
4
5
|
import { compileScheduleArtifact, parseScheduleArtifact } from "./planning/generate.js";
|
|
5
6
|
import { parseRunnerCommandPayload, runnerCommandPayloadSchema } from "./runner-command-contract.js";
|
|
6
7
|
import { buildRunnerTaskDescriptor } from "./runner-command/task-descriptor.js";
|
|
@@ -48,6 +49,7 @@ const submitRunnerArgoWorkflowBaseOptionShape = {
|
|
|
48
49
|
mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
|
|
49
50
|
name: z.string().min(1).optional(),
|
|
50
51
|
namespace: z.string().min(1),
|
|
52
|
+
npmRegistryAuthSecretName: z.string().min(1).optional(),
|
|
51
53
|
payloadJson: z.string().min(1),
|
|
52
54
|
serviceAccountName: z.string().min(1).optional()
|
|
53
55
|
};
|
|
@@ -61,6 +63,7 @@ const submitDynamicRunnerArgoWorkflowOptionsSchema = z.object({
|
|
|
61
63
|
}).strict().refine(hasWorkflowName, { message: "Argo submit options must declare name or generateName" });
|
|
62
64
|
const commandScheduleOptionsSchema = z.object({
|
|
63
65
|
command: z.array(z.string().min(1)).min(1),
|
|
66
|
+
deliverPullRequest: z.boolean().default(false),
|
|
64
67
|
generatedAt: z.date().default(() => /* @__PURE__ */ new Date()),
|
|
65
68
|
scheduleId: scheduleIdSchema.optional(),
|
|
66
69
|
task: z.string().min(1)
|
|
@@ -113,6 +116,7 @@ function submitRunnerArgoWorkflowEffect(rawOptions, dependencies) {
|
|
|
113
116
|
labels,
|
|
114
117
|
name: options.name,
|
|
115
118
|
namespace: options.namespace,
|
|
119
|
+
npmRegistryAuthSecretName: options.npmRegistryAuthSecretName,
|
|
116
120
|
payloadConfigMapName,
|
|
117
121
|
plan: compiled.plan,
|
|
118
122
|
scheduleConfigMapName: scheduleArtifactConfigMapName,
|
|
@@ -215,6 +219,7 @@ function submitDynamicRunnerArgoWorkflowEffect(rawOptions, dependencies) {
|
|
|
215
219
|
labels,
|
|
216
220
|
name: options.name,
|
|
217
221
|
namespace: options.namespace,
|
|
222
|
+
npmRegistryAuthSecretName: options.npmRegistryAuthSecretName,
|
|
218
223
|
payloadConfigMapName,
|
|
219
224
|
serviceAccountName: options.serviceAccountName,
|
|
220
225
|
workflowId: options.workflowId
|
|
@@ -268,7 +273,7 @@ function workflowSubmitResult(response, workflow, base) {
|
|
|
268
273
|
function buildCommandScheduleYaml(rawOptions) {
|
|
269
274
|
const options = commandScheduleOptionsSchema.parse(rawOptions);
|
|
270
275
|
const scheduleId = options.scheduleId ?? `custom-${randomBytes(8).toString("hex")}`;
|
|
271
|
-
|
|
276
|
+
const artifact = {
|
|
272
277
|
generated_at: options.generatedAt.toISOString(),
|
|
273
278
|
kind: "pipeline-schedule",
|
|
274
279
|
root_workflow: "root",
|
|
@@ -281,7 +286,8 @@ function buildCommandScheduleYaml(rawOptions) {
|
|
|
281
286
|
id: "command",
|
|
282
287
|
kind: "command"
|
|
283
288
|
}] } }
|
|
284
|
-
}
|
|
289
|
+
};
|
|
290
|
+
return stringify(appendPullRequestDelivery(options.deliverPullRequest, artifact));
|
|
285
291
|
}
|
|
286
292
|
function normalizeRunnerPayloadForSubmit(input) {
|
|
287
293
|
const repository = normalizeRunnerRepositoryForSubmit(input.payload.repository);
|
|
@@ -12,8 +12,12 @@ function resolveOptionalSecretRef(flags, fromGlobalConfig) {
|
|
|
12
12
|
};
|
|
13
13
|
return fromGlobalConfig;
|
|
14
14
|
}
|
|
15
|
+
function resolveOptionalSecretName(flags, fromGlobalConfig) {
|
|
16
|
+
if (flags.skip) return;
|
|
17
|
+
return flags.secretName ?? fromGlobalConfig;
|
|
18
|
+
}
|
|
15
19
|
function addMokaSubmitOptions(command) {
|
|
16
|
-
return addRunnerArgoOptions(command.option("--quick", "submit the compact graph").option("--command", "treat input after -- as explicit argv").option("--schedule <path>", "approved schedule YAML to submit").option("--event-url <url>", "runner event sink URL").option("--open-pr", "append an open-pull-request delivery node (preview-labelled PR)").option("--task <text>", "task description for command-mode metadata").option("--db-auth-secret-name <name>", "override momokaya.submit.dbAuth secret name").option("--db-auth-secret-key <key>", "override momokaya.submit.dbAuth secret key").option("--skip-db-auth", "omit MOKA_DB_URL injection regardless of global config").option("--mcp-gateway-auth-secret-name <name>", "override momokaya.submit.mcpGatewayAuth secret name").option("--mcp-gateway-auth-secret-key <key>", "override momokaya.submit.mcpGatewayAuth secret key").option("--skip-mcp-gateway-auth", "omit PIPELINE_MCP_GATEWAY_AUTHORIZATION injection regardless of global config"), { kubeconfig: true });
|
|
20
|
+
return addRunnerArgoOptions(command.option("--quick", "submit the compact graph").option("--command", "treat input after -- as explicit argv").option("--schedule <path>", "approved schedule YAML to submit").option("--event-url <url>", "runner event sink URL").option("--open-pr", "append an open-pull-request delivery node (preview-labelled PR)").option("--task <text>", "task description for command-mode metadata").option("--db-auth-secret-name <name>", "override momokaya.submit.dbAuth secret name").option("--db-auth-secret-key <key>", "override momokaya.submit.dbAuth secret key").option("--skip-db-auth", "omit MOKA_DB_URL injection regardless of global config").option("--mcp-gateway-auth-secret-name <name>", "override momokaya.submit.mcpGatewayAuth secret name").option("--mcp-gateway-auth-secret-key <key>", "override momokaya.submit.mcpGatewayAuth secret key").option("--skip-mcp-gateway-auth", "omit PIPELINE_MCP_GATEWAY_AUTHORIZATION injection regardless of global config").option("--npm-registry-auth-secret-name <name>", "override momokaya.submit.npmRegistryAuthSecretName").option("--skip-npm-registry-auth", "omit the /root/.npmrc mount regardless of global config"), { kubeconfig: true });
|
|
17
21
|
}
|
|
18
22
|
function runMokaSubmitFromCli(input, flags) {
|
|
19
23
|
const cwd = process.env.PIPELINE_TARGET_PATH ?? process.cwd();
|
|
@@ -68,6 +72,10 @@ function mokaCommonSubmitOptions(input) {
|
|
|
68
72
|
kubeconfigPath: input.flags.kubeconfig ?? momokaya?.kubernetes.kubeconfig,
|
|
69
73
|
name: input.flags.name,
|
|
70
74
|
namespace: input.flags.namespace ?? momokaya?.kubernetes.namespace,
|
|
75
|
+
npmRegistryAuthSecretName: resolveOptionalSecretName({
|
|
76
|
+
secretName: input.flags.npmRegistryAuthSecretName,
|
|
77
|
+
skip: input.flags.skipNpmRegistryAuth
|
|
78
|
+
}, momokaya?.submit.npmRegistryAuthSecretName),
|
|
71
79
|
serviceAccountName: input.flags.serviceAccount ?? momokaya?.submit.serviceAccountName,
|
|
72
80
|
worktreePath: input.cwd
|
|
73
81
|
};
|
|
@@ -33,6 +33,7 @@ declare const mokaGlobalConfigSchema: z.ZodObject<{
|
|
|
33
33
|
gitCredentialsSecretName: z.ZodString;
|
|
34
34
|
githubAuthSecretName: z.ZodString;
|
|
35
35
|
imagePullSecretName: z.ZodString;
|
|
36
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
36
37
|
serviceAccountName: z.ZodString;
|
|
37
38
|
}, z.core.$strict>;
|
|
38
39
|
}, z.core.$strict>;
|
|
@@ -26,6 +26,7 @@ const mokaSubmitGlobalConfigSchema = z.object({
|
|
|
26
26
|
gitCredentialsSecretName: z.string().min(1),
|
|
27
27
|
githubAuthSecretName: z.string().min(1),
|
|
28
28
|
imagePullSecretName: z.string().min(1),
|
|
29
|
+
npmRegistryAuthSecretName: z.string().min(1).optional(),
|
|
29
30
|
serviceAccountName: z.string().min(1)
|
|
30
31
|
}).strict();
|
|
31
32
|
const mokaKubernetesGlobalConfigSchema = z.object({
|
package/dist/moka-submit.d.ts
CHANGED
|
@@ -201,6 +201,7 @@ declare const mokaSubmitBaseOptionsSchema: z.ZodObject<{
|
|
|
201
201
|
kubeconfigPath: z.ZodOptional<z.ZodString>;
|
|
202
202
|
name: z.ZodOptional<z.ZodString>;
|
|
203
203
|
namespace: z.ZodOptional<z.ZodString>;
|
|
204
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
204
205
|
repository: z.ZodOptional<z.ZodObject<{
|
|
205
206
|
baseBranch: z.ZodString;
|
|
206
207
|
headBranch: z.ZodOptional<z.ZodString>;
|
|
@@ -315,6 +316,7 @@ declare const mokaGraphSubmitOptionsSchema: z.ZodObject<{
|
|
|
315
316
|
kubeconfigPath: z.ZodOptional<z.ZodString>;
|
|
316
317
|
name: z.ZodOptional<z.ZodString>;
|
|
317
318
|
namespace: z.ZodOptional<z.ZodString>;
|
|
319
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
318
320
|
repository: z.ZodOptional<z.ZodObject<{
|
|
319
321
|
baseBranch: z.ZodString;
|
|
320
322
|
headBranch: z.ZodOptional<z.ZodString>;
|
|
@@ -446,6 +448,7 @@ declare const mokaCommandSubmitOptionsSchema: z.ZodObject<{
|
|
|
446
448
|
kubeconfigPath: z.ZodOptional<z.ZodString>;
|
|
447
449
|
name: z.ZodOptional<z.ZodString>;
|
|
448
450
|
namespace: z.ZodOptional<z.ZodString>;
|
|
451
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
449
452
|
repository: z.ZodOptional<z.ZodObject<{
|
|
450
453
|
baseBranch: z.ZodString;
|
|
451
454
|
headBranch: z.ZodOptional<z.ZodString>;
|
|
@@ -572,6 +575,7 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
572
575
|
kubeconfigPath: z.ZodOptional<z.ZodString>;
|
|
573
576
|
name: z.ZodOptional<z.ZodString>;
|
|
574
577
|
namespace: z.ZodOptional<z.ZodString>;
|
|
578
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
575
579
|
repository: z.ZodOptional<z.ZodObject<{
|
|
576
580
|
baseBranch: z.ZodString;
|
|
577
581
|
headBranch: z.ZodOptional<z.ZodString>;
|
|
@@ -702,6 +706,7 @@ declare const mokaSubmitOptionsSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
|
702
706
|
kubeconfigPath: z.ZodOptional<z.ZodString>;
|
|
703
707
|
name: z.ZodOptional<z.ZodString>;
|
|
704
708
|
namespace: z.ZodOptional<z.ZodString>;
|
|
709
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
705
710
|
repository: z.ZodOptional<z.ZodObject<{
|
|
706
711
|
baseBranch: z.ZodString;
|
|
707
712
|
headBranch: z.ZodOptional<z.ZodString>;
|
package/dist/moka-submit.js
CHANGED
|
@@ -70,6 +70,7 @@ const mokaSubmitBaseOptionsSchema = z.object({
|
|
|
70
70
|
kubeconfigPath: z.string().min(1).optional(),
|
|
71
71
|
name: z.string().min(1).optional(),
|
|
72
72
|
namespace: z.string().min(1).optional(),
|
|
73
|
+
npmRegistryAuthSecretName: z.string().min(1).optional(),
|
|
73
74
|
repository: runnerRepositoryContextSchema.optional(),
|
|
74
75
|
run: runnerRunIdentitySchema.optional(),
|
|
75
76
|
serviceAccountName: z.string().min(1).optional()
|
|
@@ -16,7 +16,7 @@ import { integrateParallelWriteFanout } from "../schedule/passes/drain-merge.js"
|
|
|
16
16
|
import { canonicalizeGeneratedScheduleIds } from "../schedule/passes/ids.js";
|
|
17
17
|
import { SCHEDULE_PASS_ORDER } from "../schedule/passes/index.js";
|
|
18
18
|
import { applyNodeCatalogModelFallbacks } from "../schedule/passes/models.js";
|
|
19
|
-
import { appendPullRequestDelivery } from "../schedule/passes/open-pull-request.js";
|
|
19
|
+
import { appendPullRequestDelivery, isPullRequestDeliveryEnabled } from "../schedule/passes/open-pull-request.js";
|
|
20
20
|
import { namespaceScheduleWorkflows } from "../schedule/passes/references.js";
|
|
21
21
|
import { plannerPrompt, plannerRepairPrompt } from "../schedule/prompts.js";
|
|
22
22
|
import { parseDocument, stringify } from "yaml";
|
|
@@ -131,7 +131,7 @@ async function generateScheduleArtifactInMemory(options) {
|
|
|
131
131
|
});
|
|
132
132
|
const generatedArtifact = await planScheduleArtifact(baseline, policy.planner_profile, options, planningContext);
|
|
133
133
|
assertSchedulePassOrder();
|
|
134
|
-
const artifact = hydrateScheduleTaskContexts(canonicalizeGeneratedScheduleIds(applyNodeCatalogModelFallbacks(options.config, policy.node_catalog, appendPullRequestDelivery(options.config, integrateParallelWriteFanout(options.config, addGeneratedImplementationCoverage(options.config, generatedArtifact))))), planningContext);
|
|
134
|
+
const artifact = hydrateScheduleTaskContexts(canonicalizeGeneratedScheduleIds(applyNodeCatalogModelFallbacks(options.config, policy.node_catalog, appendPullRequestDelivery(isPullRequestDeliveryEnabled(options.config), integrateParallelWriteFanout(options.config, addGeneratedImplementationCoverage(options.config, generatedArtifact))))), planningContext);
|
|
135
135
|
validateScheduleArtifact(options.config, artifact, planningContext);
|
|
136
136
|
compileScheduleArtifact(options.config, artifact, options.worktreePath);
|
|
137
137
|
return {
|
|
@@ -32,6 +32,7 @@ declare const buildRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
|
|
|
32
32
|
}, z.core.$strict>>;
|
|
33
33
|
name: z.ZodOptional<z.ZodString>;
|
|
34
34
|
namespace: z.ZodString;
|
|
35
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
35
36
|
payloadConfigMapKey: z.ZodDefault<z.ZodString>;
|
|
36
37
|
payloadConfigMapName: z.ZodString;
|
|
37
38
|
resources: z.ZodOptional<z.ZodObject<{
|
|
@@ -79,6 +80,7 @@ declare const buildDynamicRunnerArgoWorkflowOptionsSchema: z.ZodObject<{
|
|
|
79
80
|
}, z.core.$strict>>;
|
|
80
81
|
name: z.ZodOptional<z.ZodString>;
|
|
81
82
|
namespace: z.ZodString;
|
|
83
|
+
npmRegistryAuthSecretName: z.ZodOptional<z.ZodString>;
|
|
82
84
|
payloadConfigMapKey: z.ZodDefault<z.ZodString>;
|
|
83
85
|
payloadConfigMapName: z.ZodString;
|
|
84
86
|
resources: z.ZodOptional<z.ZodObject<{
|
|
@@ -198,6 +198,7 @@ const runnerArgoWorkflowBaseOptionsSchema = z.object({
|
|
|
198
198
|
mcpGatewayAuth: mcpGatewayAuthOptionSchema.optional(),
|
|
199
199
|
name: z.string().min(1).optional(),
|
|
200
200
|
namespace: kubernetesNameSchema,
|
|
201
|
+
npmRegistryAuthSecretName: kubernetesNameSchema.optional(),
|
|
201
202
|
payloadConfigMapKey: z.string().min(1).default("payload.json"),
|
|
202
203
|
payloadConfigMapName: kubernetesNameSchema,
|
|
203
204
|
resources: argoWorkflowResourceRequirementsSchema.optional(),
|
|
@@ -32,9 +32,7 @@ function runnerWorkflowStorage(options, tasks) {
|
|
|
32
32
|
readOnly: true,
|
|
33
33
|
subPath: "schedule.yaml"
|
|
34
34
|
}];
|
|
35
|
-
|
|
36
|
-
appendGitCredentialsStorage(options, volumes, volumeMounts);
|
|
37
|
-
appendGithubAuthStorage(options, volumes, volumeMounts);
|
|
35
|
+
appendSharedSecretStorage(options, volumes, volumeMounts);
|
|
38
36
|
return {
|
|
39
37
|
volumeMounts: z.array(argoWorkflowVolumeMountSchema).parse(volumeMounts),
|
|
40
38
|
volumes: z.array(argoWorkflowVolumeSchema).parse(volumes)
|
|
@@ -43,14 +41,18 @@ function runnerWorkflowStorage(options, tasks) {
|
|
|
43
41
|
function dynamicRunnerWorkflowStorage(options) {
|
|
44
42
|
const volumes = [runnerPayloadVolume(options)];
|
|
45
43
|
const volumeMounts = [runnerPayloadVolumeMount()];
|
|
46
|
-
|
|
47
|
-
appendGitCredentialsStorage(options, volumes, volumeMounts);
|
|
48
|
-
appendGithubAuthStorage(options, volumes, volumeMounts);
|
|
44
|
+
appendSharedSecretStorage(options, volumes, volumeMounts);
|
|
49
45
|
return {
|
|
50
46
|
volumeMounts: z.array(argoWorkflowVolumeMountSchema).parse(volumeMounts),
|
|
51
47
|
volumes: z.array(argoWorkflowVolumeSchema).parse(volumes)
|
|
52
48
|
};
|
|
53
49
|
}
|
|
50
|
+
function appendSharedSecretStorage(options, volumes, volumeMounts) {
|
|
51
|
+
appendEventAuthStorage(options, volumes, volumeMounts);
|
|
52
|
+
appendGitCredentialsStorage(options, volumes, volumeMounts);
|
|
53
|
+
appendGithubAuthStorage(options, volumes, volumeMounts);
|
|
54
|
+
appendNpmRegistryAuthStorage(options, volumes, volumeMounts);
|
|
55
|
+
}
|
|
54
56
|
function runnerPayloadVolume(options) {
|
|
55
57
|
return {
|
|
56
58
|
configMap: {
|
|
@@ -123,5 +125,24 @@ function appendGithubAuthStorage(options, volumes, volumeMounts) {
|
|
|
123
125
|
subPath: "hosts.yml"
|
|
124
126
|
});
|
|
125
127
|
}
|
|
128
|
+
function appendNpmRegistryAuthStorage(options, volumes, volumeMounts) {
|
|
129
|
+
if (!options.npmRegistryAuthSecretName) return;
|
|
130
|
+
volumes.push({
|
|
131
|
+
name: "npm-registry-auth",
|
|
132
|
+
secret: {
|
|
133
|
+
items: [{
|
|
134
|
+
key: "npmrc",
|
|
135
|
+
path: "npmrc"
|
|
136
|
+
}],
|
|
137
|
+
secretName: options.npmRegistryAuthSecretName
|
|
138
|
+
}
|
|
139
|
+
});
|
|
140
|
+
volumeMounts.push({
|
|
141
|
+
mountPath: "/root/.npmrc",
|
|
142
|
+
name: "npm-registry-auth",
|
|
143
|
+
readOnly: true,
|
|
144
|
+
subPath: "npmrc"
|
|
145
|
+
});
|
|
146
|
+
}
|
|
126
147
|
//#endregion
|
|
127
148
|
export { dynamicRunnerWorkflowStorage, runnerWorkflowStorage };
|
|
@@ -54,6 +54,7 @@ function workflowSubmitOptions(options) {
|
|
|
54
54
|
kubeconfigPath: options.kubeconfigPath,
|
|
55
55
|
name: options.name,
|
|
56
56
|
namespace: requireSubmitOption(options.namespace, "namespace"),
|
|
57
|
+
npmRegistryAuthSecretName: options.npmRegistryAuthSecretName,
|
|
57
58
|
serviceAccountName: options.serviceAccountName
|
|
58
59
|
};
|
|
59
60
|
}
|
|
@@ -27,6 +27,7 @@ function compileMokaCommandSubmitPlan(options, runId) {
|
|
|
27
27
|
const task = commandTask(options);
|
|
28
28
|
const scheduleYaml = buildCommandScheduleYaml({
|
|
29
29
|
command: options.commandArgv,
|
|
30
|
+
deliverPullRequest: options.delivery.pullRequest,
|
|
30
31
|
scheduleId: runId,
|
|
31
32
|
task: taskDescription(task)
|
|
32
33
|
});
|
|
@@ -109,12 +109,17 @@ function pushHeadBranch(git, headBranch) {
|
|
|
109
109
|
function submitPullRequest(prCtx, context) {
|
|
110
110
|
if (prCtx.mode === "update-existing-pr") return handleExistingPr(prCtx.headBranch, prCtx.label, context);
|
|
111
111
|
return Effect.gen(function* () {
|
|
112
|
-
const
|
|
113
|
-
|
|
112
|
+
const executor = yield* CommandExecutor;
|
|
113
|
+
const createResult = yield* runGhPrCreate(executor, prCtx, extractPrTitle(prCtx.task), context);
|
|
114
|
+
if (createResult.exitCode === 0) return yield* labelCreatedPr(executor, prCtx, createResult, context);
|
|
114
115
|
if (isPrAlreadyExistsError(createResult.output)) return yield* handleExistingPr(prCtx.headBranch, prCtx.label, context);
|
|
115
116
|
return createResult;
|
|
116
117
|
});
|
|
117
118
|
}
|
|
119
|
+
function labelCreatedPr(executor, prCtx, createResult, context) {
|
|
120
|
+
const url = extractPrUrl(createResult.output);
|
|
121
|
+
return runGhPrEdit(executor, prCtx.headBranch, prCtx.label, context).pipe(Effect.map((editResult) => editResult.exitCode === 0 ? openPrSuccess(url, "opened") : openPrSuccess(url, "opened", [`open-pull-request: label '${prCtx.label}' not applied — ${editResult.output || `gh pr edit exited ${editResult.exitCode}`}`])));
|
|
122
|
+
}
|
|
118
123
|
function runGhPrCreate(executor, prCtx, title, context) {
|
|
119
124
|
return executor.execute(buildGhPrCreateArgs(prCtx, title), context).pipe(Effect.catch((e) => Effect.succeed(openPrFailure(errorMessage(e)))));
|
|
120
125
|
}
|
|
@@ -143,9 +148,7 @@ function buildGhPrCreateArgs(prCtx, title) {
|
|
|
143
148
|
"--title",
|
|
144
149
|
title,
|
|
145
150
|
"--body",
|
|
146
|
-
`Opened by moka run ${prCtx.runId}
|
|
147
|
-
"--label",
|
|
148
|
-
prCtx.label
|
|
151
|
+
`Opened by moka run ${prCtx.runId}`
|
|
149
152
|
];
|
|
150
153
|
}
|
|
151
154
|
function buildGhPrEditArgs(headBranch, label) {
|
|
@@ -164,9 +167,9 @@ function isPrAlreadyExistsError(output) {
|
|
|
164
167
|
function extractPrUrl(output) {
|
|
165
168
|
return output.split(NEWLINE_RE).map((l) => l.trim()).find((l) => l.startsWith("https://")) ?? output.trim();
|
|
166
169
|
}
|
|
167
|
-
function openPrSuccess(url, action) {
|
|
170
|
+
function openPrSuccess(url, action, extraEvidence = []) {
|
|
168
171
|
return {
|
|
169
|
-
evidence: [`open-pull-request: PR ${action} — ${url}
|
|
172
|
+
evidence: [`open-pull-request: PR ${action} — ${url}`, ...extraEvidence],
|
|
170
173
|
exitCode: 0,
|
|
171
174
|
output: JSON.stringify({
|
|
172
175
|
action,
|
|
@@ -25,8 +25,8 @@ function buildPrNode(terminalIds, usedIds) {
|
|
|
25
25
|
};
|
|
26
26
|
}
|
|
27
27
|
/** Append a final open-pull-request node to the root workflow when enabled. */
|
|
28
|
-
function appendPullRequestDelivery(
|
|
29
|
-
if (!
|
|
28
|
+
function appendPullRequestDelivery(enabled, artifact) {
|
|
29
|
+
if (!enabled) return artifact;
|
|
30
30
|
const rootWorkflow = artifact.workflows[artifact.root_workflow];
|
|
31
31
|
if (!rootWorkflow) return artifact;
|
|
32
32
|
const nodes = rootWorkflow.nodes;
|
|
@@ -46,4 +46,4 @@ function appendPullRequestDelivery(config, artifact) {
|
|
|
46
46
|
};
|
|
47
47
|
}
|
|
48
48
|
//#endregion
|
|
49
|
-
export { appendPullRequestDelivery };
|
|
49
|
+
export { appendPullRequestDelivery, isPullRequestDeliveryEnabled };
|
package/docs/operator-guide.md
CHANGED
|
@@ -236,6 +236,7 @@ momokaya:
|
|
|
236
236
|
gitCredentialsSecretName: <git-credentials-secret-name>
|
|
237
237
|
githubAuthSecretName: <github-auth-secret-name>
|
|
238
238
|
imagePullSecretName: <image-pull-secret-name>
|
|
239
|
+
npmRegistryAuthSecretName: <npm-registry-auth-secret-name> # optional
|
|
239
240
|
brokerAuth:
|
|
240
241
|
secretName: <broker-api-key-secret-name>
|
|
241
242
|
secretKey: api-key
|
|
@@ -334,6 +335,12 @@ Expected namespace resources:
|
|
|
334
335
|
- The GitHub CLI auth Secret named by `submit.githubAuthSecretName` with key
|
|
335
336
|
`hosts.yml`; this Secret is for `gh` and pull request delivery, not git
|
|
336
337
|
clone/fetch/push authentication
|
|
338
|
+
- Optional: the private-registry auth Secret named by
|
|
339
|
+
`submit.npmRegistryAuthSecretName` with key `npmrc`, mounted at
|
|
340
|
+
`/root/.npmrc`; lets `.moka/bootstrap.sh`'s dependency install step (e.g.
|
|
341
|
+
`nub ci`) authenticate to private-scoped package registries, e.g. GitHub
|
|
342
|
+
Packages. Absent by default — bootstrap then only has public-registry
|
|
343
|
+
access, matching current behavior
|
|
337
344
|
- A pipeline-console event sink reachable from the pod
|
|
338
345
|
|
|
339
346
|
Credential issuance and rotation are owned by the cluster/infra layer, not by
|
package/package.json
CHANGED
|
@@ -130,6 +130,7 @@
|
|
|
130
130
|
"test:image": "mkdir -p /tmp/pipeline-test && printf '{}' > /tmp/pipeline-test/payload.json && printf 'kind: pipeline-schedule\\nversion: 1\\nschedule_id: smoke\\ngenerated_at: 2026-06-10T00:00:00.000Z\\nsource_entrypoint: custom\\ntask: smoke\\nroot_workflow: root\\nworkflows:\\n root:\\n nodes:\\n - id: smoke\\n kind: command\\n command: [true]\\n' > /tmp/pipeline-test/schedule.yaml && printf '{\"nodeId\":\"smoke\"}' > /tmp/pipeline-test/task.json && printf 'test-token' > /tmp/pipeline-test/event-token && docker build -t pipeline-runner:test . && docker run --rm -v /tmp/pipeline-test/payload.json:/etc/pipeline/payload.json:ro -v /tmp/pipeline-test/schedule.yaml:/etc/pipeline/schedule.yaml:ro -v /tmp/pipeline-test/task.json:/etc/pipeline/task.json:ro -v /tmp/pipeline-test/event-token:/etc/pipeline/event-auth/token:ro pipeline-runner:test runner-command --payload-file /etc/pipeline/payload.json --schedule-file /etc/pipeline/schedule.yaml; test $? -eq 64",
|
|
131
131
|
"test:dogfood": "vitest run tests/dogfood-installed.test.ts",
|
|
132
132
|
"test:live-runners": "PIPELINE_LIVE_RUNNERS=1 vitest run tests/dogfood-live-runners.test.ts",
|
|
133
|
+
"local-orbstack:migrate": "nub scripts/local-orbstack/migrate-postgres.ts",
|
|
133
134
|
"typecheck": "tsc --noEmit",
|
|
134
135
|
"build": "nub run build:cli",
|
|
135
136
|
"check": "ultracite check",
|
|
@@ -137,7 +138,7 @@
|
|
|
137
138
|
"prepack": "nub run build:cli"
|
|
138
139
|
},
|
|
139
140
|
"type": "module",
|
|
140
|
-
"version": "3.
|
|
141
|
+
"version": "3.20.1",
|
|
141
142
|
"description": "Config-driven multi-agent pipeline runner for repository work",
|
|
142
143
|
"main": "./dist/index.js",
|
|
143
144
|
"types": "./dist/index.d.ts",
|