@pagopa/dx-cli 0.18.1 → 0.18.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -85,6 +85,7 @@ export class AzureCloudAccountService {
|
|
|
85
85
|
const requiredRoles = [
|
|
86
86
|
"8e3af657-a8ff-443c-a75c-2fe8c4bcb635", // Owner
|
|
87
87
|
"ba92f5b4-2d11-453d-a403-e96b0029c9fe", // Storage Blob Data Contributor
|
|
88
|
+
"b86a8fe4-44ce-4948-aee5-eccb2c155cd7", // Key Vault Secrets Officer
|
|
88
89
|
];
|
|
89
90
|
const scope = `/subscriptions/${cloudAccountId}`;
|
|
90
91
|
// Collect all role definition IDs assigned to the user or their groups
|
|
@@ -152,9 +153,14 @@ export class AzureCloudAccountService {
|
|
|
152
153
|
const kvClient = new KeyVaultManagementClient(this.#credential, cloudAccount.id);
|
|
153
154
|
const keyVaultName = `${prefix}-${short.env}-${short.location}-common-kv-01`;
|
|
154
155
|
const secretsProtectionEnabled = short.env === "p";
|
|
156
|
+
const result = await kvClient.vaults.checkNameAvailability({
|
|
157
|
+
name: keyVaultName,
|
|
158
|
+
type: "Microsoft.KeyVault/vaults",
|
|
159
|
+
});
|
|
155
160
|
await kvClient.vaults.beginCreateOrUpdateAndWait(resourceGroupName, keyVaultName, {
|
|
156
161
|
location: cloudAccount.defaultLocation,
|
|
157
162
|
properties: {
|
|
163
|
+
createMode: result.nameAvailable ? "default" : "recover",
|
|
158
164
|
enabledForDiskEncryption: true,
|
|
159
165
|
enablePurgeProtection: secretsProtectionEnabled ? true : undefined,
|
|
160
166
|
enableRbacAuthorization: true,
|
|
@@ -175,7 +181,7 @@ export class AzureCloudAccountService {
|
|
|
175
181
|
await Promise.all([
|
|
176
182
|
secretClient.setSecret("github-runner-app-id", runnerAppCredentials.id),
|
|
177
183
|
secretClient.setSecret("github-runner-app-installation-id", runnerAppCredentials.installationId),
|
|
178
|
-
secretClient.setSecret("github-runner-app-key", runnerAppCredentials.key),
|
|
184
|
+
secretClient.setSecret("github-runner-app-key", Buffer.from(runnerAppCredentials.key, "utf-8").toString("base64")),
|
|
179
185
|
]);
|
|
180
186
|
logger.debug("Created secrets in key vault {keyVaultName} in subscription {subscriptionId}", { keyVaultName, subscriptionId: cloudAccount.id });
|
|
181
187
|
}
|
|
@@ -1,7 +1,14 @@
|
|
|
1
1
|
import { Command } from "commander";
|
|
2
2
|
import { ResultAsync } from "neverthrow";
|
|
3
3
|
import { GitHubService } from "../../../domain/github.js";
|
|
4
|
-
export declare const checkPreconditions: () => ResultAsync<
|
|
4
|
+
export declare const checkPreconditions: () => ResultAsync<import("execa").Result<{
|
|
5
|
+
environment: {
|
|
6
|
+
NO_COLOR: string;
|
|
7
|
+
TF_IN_AUTOMATION: string;
|
|
8
|
+
TF_INPUT: string;
|
|
9
|
+
};
|
|
10
|
+
shell: true;
|
|
11
|
+
}>, Error>;
|
|
5
12
|
type InitCommandDependencies = {
|
|
6
13
|
gitHubService: GitHubService;
|
|
7
14
|
};
|
|
@@ -36,6 +36,7 @@ const displaySummary = (initResult) => {
|
|
|
36
36
|
}
|
|
37
37
|
};
|
|
38
38
|
const checkTerraformCliIsInstalled = () => withSpinner("Checking Terraform installation...", "Terraform is installed!", "Please install terraform CLI before running this command. If you use tfenv, run: tfenv install latest && tfenv use latest", tf$ `terraform -version`);
|
|
39
|
+
const checkCorepackIsInstalled = () => withSpinner("Checking Corepack installation...", "Corepack is installed!", "Please install Corepack before running this command.", tf$ `corepack -v`);
|
|
39
40
|
const azureAccountSchema = z.object({
|
|
40
41
|
user: z.object({
|
|
41
42
|
name: z.string().min(1),
|
|
@@ -49,7 +50,10 @@ const ensureAzLogin = async () => {
|
|
|
49
50
|
return user.name;
|
|
50
51
|
};
|
|
51
52
|
const checkAzLogin = () => withSpinner("Check Azure login status...", (userName) => `You are logged in to Azure (${userName})`, "Please log in to Azure CLI using `az login` before running this command.", ensureAzLogin());
|
|
52
|
-
|
|
53
|
+
// TODO(CES-1810): Make these checks concurrent to speed up the preconditions check phase
|
|
54
|
+
export const checkPreconditions = () => checkTerraformCliIsInstalled()
|
|
55
|
+
.andThen(() => checkAzLogin())
|
|
56
|
+
.andThen(() => checkCorepackIsInstalled());
|
|
53
57
|
const createRemoteRepository = ({ repoName, repoOwner, }) => {
|
|
54
58
|
const logger = getLogger(["dx-cli", "init"]);
|
|
55
59
|
const repo$ = tf$({ cwd: path.resolve("infra", "repository") });
|
|
@@ -17,6 +17,7 @@ export default function (plop) {
|
|
|
17
17
|
env,
|
|
18
18
|
extendEnv: false, // Don't include process.env variables
|
|
19
19
|
});
|
|
20
|
+
await pnpm$ `corepack enable`;
|
|
20
21
|
await pnpm$ `corepack use pnpm@latest`;
|
|
21
22
|
await pnpm$ `pnpm -w add -D turbo @changesets/cli @devcontainers/cli`;
|
|
22
23
|
await pnpm$ `pnpm changeset init`;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pagopa/dx-cli",
|
|
3
|
-
"version": "0.18.
|
|
3
|
+
"version": "0.18.3",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "A CLI useful to manage DX tools.",
|
|
6
6
|
"repository": {
|
|
@@ -33,6 +33,7 @@
|
|
|
33
33
|
"@azure/storage-blob": "^12.29.1",
|
|
34
34
|
"@logtape/logtape": "^1.3.4",
|
|
35
35
|
"@microsoft/microsoft-graph-client": "^3.0.7",
|
|
36
|
+
"@pagopa/dx-savemoney": "0.1.4",
|
|
36
37
|
"chalk": "^5.6.2",
|
|
37
38
|
"commander": "^14.0.2",
|
|
38
39
|
"core-js": "^3.47.0",
|
|
@@ -46,8 +47,7 @@
|
|
|
46
47
|
"replace-in-file": "^8.4.0",
|
|
47
48
|
"semver": "^7.7.2",
|
|
48
49
|
"yaml": "^2.8.2",
|
|
49
|
-
"zod": "^4.2.1"
|
|
50
|
-
"@pagopa/dx-savemoney": "^0.1.5"
|
|
50
|
+
"zod": "^4.2.1"
|
|
51
51
|
},
|
|
52
52
|
"devDependencies": {
|
|
53
53
|
"@tsconfig/node24": "24.0.0",
|