@pagopa/dx-cli 0.21.1 → 0.21.3

package/dist/domain/github.d.ts

@@ -94,6 +94,7 @@ export declare class RepositoryNotFoundError extends Error {
     constructor(owner: string, name: string);
 }
 export declare const githubAppCredentialsSchema: z.ZodObject<{
+    clientId: z.ZodString;
     id: z.ZodString;
     installationId: z.ZodString;
     key: z.ZodString;

package/dist/domain/github.js

@@ -38,6 +38,7 @@ export class RepositoryNotFoundError extends Error {
     }
 }
 export const githubAppCredentialsSchema = z.object({
+    clientId: z.string().nonempty(),
     id: z.string().nonempty(),
     installationId: z.string().nonempty(),
     key: z.string().nonempty(),

package/dist/index.js

@@ -8,7 +8,7 @@ import { makeValidationReporter } from "./adapters/logtape/validation-reporter.j
 import { makePackageJsonReader } from "./adapters/node/package-json.js";
 import { makeRepositoryReader } from "./adapters/node/repository.js";
 import { getGitHubPAT, OctokitGitHubService, } from "./adapters/octokit/index.js";
-import { makeAuthorizationService } from "./adapters/pagopa-technology/authorization.js";
+import { makeAzureAuthorizationService } from "./adapters/pagopa-technology/azure-authorization.js";
 import { getConfig } from "./config.js";
 import { getInfo } from "./domain/info.js";
 import { applyCodemodById } from "./use-cases/apply-codemod.js";
@@ -60,7 +60,7 @@ export const runCli = async (version) => {
         auth,
     });
     const gitHubService = new OctokitGitHubService(octokit);
-    const authorizationService = makeAuthorizationService(gitHubService);
+    const authorizationService = makeAzureAuthorizationService(gitHubService);
     const deps = {
         authorizationService,
         gitHubService,

package/dist/use-cases/__tests__/request-authorization.test.js

@@ -4,10 +4,12 @@
 import { errAsync, okAsync } from "neverthrow";
 import { describe, expect, it } from "vitest";
 import { mock } from "vitest-mock-extended";
-import { AuthorizationError, AuthorizationResult, IdentityAlreadyExistsError, requestAuthorizationInputSchema, } from "../../domain/authorization.js";
+import { AuthorizationError, AuthorizationResult, requestAuthorizationInputSchema, } from "../../domain/authorization.js";
 import { requestAuthorization } from "../request-authorization.js";
 const makeSampleInput = () => requestAuthorizationInputSchema.parse({
     bootstrapIdentityId: "test-bootstrap-identity-id",
+    envShort: "d",
+    prefix: "test",
     repoName: "test-repo",
     subscriptionName: "test-subscription",
 });
@@ -25,10 +27,10 @@ describe("requestAuthorization", () => {
     it("should propagate errors from the authorization service", async () => {
         const authorizationService = mock();
         const input = makeSampleInput();
-        authorizationService.requestAuthorization.mockReturnValue(errAsync(new IdentityAlreadyExistsError("test-bootstrap-identity-id")));
+        authorizationService.requestAuthorization.mockReturnValue(errAsync(new AuthorizationError("Unable to update file")));
         const result = await requestAuthorization(authorizationService)(input);
         expect(result.isErr()).toBe(true);
-        expect(result._unsafeUnwrapErr()).toBeInstanceOf(IdentityAlreadyExistsError);
+        expect(result._unsafeUnwrapErr()).toBeInstanceOf(AuthorizationError);
     });
     it("should propagate generic authorization errors", async () => {
         const authorizationService = mock();

package/dist/use-cases/request-authorization.d.ts

@@ -2,14 +2,14 @@
  * Request Authorization Use Case
  *
  * Orchestrates an authorization request by delegating to the
- * technology-agnostic AuthorizationService.
+ * AuthorizationService.
  */
 import { ResultAsync } from "neverthrow";
 import { AuthorizationError, AuthorizationResult, AuthorizationService, RequestAuthorizationInput } from "../domain/authorization.js";
 /**
  * Creates a function that requests authorization for a bootstrap identity.
  *
- * @param authorizationService - The service handling platform-specific authorization logic
+ * @param authorizationService - The service handling authorization logic
  * @returns A function that takes input and returns a ResultAsync with the authorization result
  */
 export declare const requestAuthorization: (authorizationService: AuthorizationService) => (input: RequestAuthorizationInput) => ResultAsync<AuthorizationResult, AuthorizationError>;

package/dist/use-cases/request-authorization.js

@@ -2,12 +2,12 @@
  * Request Authorization Use Case
  *
  * Orchestrates an authorization request by delegating to the
- * technology-agnostic AuthorizationService.
+ * AuthorizationService.
  */
 /**
  * Creates a function that requests authorization for a bootstrap identity.
  *
- * @param authorizationService - The service handling platform-specific authorization logic
+ * @param authorizationService - The service handling authorization logic
  * @returns A function that takes input and returns a ResultAsync with the authorization result
  */
 export const requestAuthorization = (authorizationService) => (input) => authorizationService.requestAuthorization(input);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/dx-cli",
-  "version": "0.21.1",
+  "version": "0.21.3",
   "type": "module",
   "description": "A CLI useful to manage DX tools.",
   "repository": {

package/dist/adapters/pagopa-technology/authorization.js

@@ -1,124 +0,0 @@
-/**
- * PagoPA Technology Authorization Adapter
- *
- * Implements the AuthorizationService interface for the PagoPA Azure
- * authorization workflow. Encapsulates all platform-specific details:
- * the target GitHub repository, file paths, branch naming, JSON file
- * parsing, and pull request creation.
- */
-import { getLogger } from "@logtape/logtape";
-import { err, errAsync, ok, okAsync, ResultAsync } from "neverthrow";
-import { z } from "zod";
-import { AuthorizationError, AuthorizationResult, IdentityAlreadyExistsError, InvalidAuthorizationFileFormatError, } from "../../domain/authorization.js";
-const authorizationFileSchema = z
-    .object({
-    directory_readers: z
-        .object({
-        service_principals_name: z.array(z.string()),
-    })
-        .loose(),
-})
-    .loose();
-const addIdentity = (content, identityId) => {
-    let parsed;
-    try {
-        parsed = JSON.parse(content);
-    }
-    catch {
-        return err(new InvalidAuthorizationFileFormatError("File content is not valid JSON"));
-    }
-    const result = authorizationFileSchema.safeParse(parsed);
-    if (!result.success) {
-        return err(new InvalidAuthorizationFileFormatError("Could not find directory_readers.service_principals_name list"));
-    }
-    const jsonContent = result.data;
-    if (jsonContent.directory_readers.service_principals_name.includes(identityId)) {
-        return err(new IdentityAlreadyExistsError(identityId));
-    }
-    const updated = {
-        ...jsonContent,
-        directory_readers: {
-            ...jsonContent.directory_readers,
-            service_principals_name: [
-                ...jsonContent.directory_readers.service_principals_name,
-                identityId,
-            ],
-        },
-    };
-    return ok(JSON.stringify(updated, null, 2));
-};
-const REPO_OWNER = "pagopa";
-const REPO_NAME = "eng-azure-authorization";
-const BASE_BRANCH = "main";
-export const makeAuthorizationService = (gitHubService) => ({
-    requestAuthorization(input) {
-        const logger = getLogger(["dx-cli", "pagopa-authorization"]);
-        const { bootstrapIdentityId, repoName, subscriptionName } = input;
-        const filePath = `src/azure-subscriptions/subscriptions/${subscriptionName}/terraform.tfvars.json`;
-        const branchName = `feats/add-${repoName}-${subscriptionName}-bootstrap-identity`;
-        return (
-        // Step 1: Create branch first to avoid race condition with main branch updates
-        ResultAsync.fromPromise(gitHubService.createBranch({
-            branchName,
-            fromRef: BASE_BRANCH,
-            owner: REPO_OWNER,
-            repo: REPO_NAME,
-        }), () => new AuthorizationError(`Unable to create branch ${branchName} in ${REPO_OWNER}/${REPO_NAME}`))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            // Step 2: Fetch file content from the newly created branch
-            .andThen(() => ResultAsync.fromPromise(gitHubService.getFileContent({
-            owner: REPO_OWNER,
-            path: filePath,
-            ref: branchName,
-            repo: REPO_NAME,
-        }), () => new AuthorizationError(`Unable to get ${filePath} in ${REPO_OWNER}/${REPO_NAME}`)))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            // Modify the file content, detecting duplicates and format errors
-            .andThen(({ content, sha }) => addIdentity(content, bootstrapIdentityId)
-            .mapErr((error) => {
-            if (error instanceof IdentityAlreadyExistsError) {
-                logger.warn("Identity already exists", {
-                    identityId: bootstrapIdentityId,
-                    subscription: subscriptionName,
-                });
-            }
-            else {
-                logger.error("Failed to modify tfvars", {
-                    error: error.message,
-                });
-            }
-            return error;
-        })
-            .match((updatedContent) => okAsync({ sha, updatedContent }), (error) => errAsync(error)))
-            // Update the file on the new branch
-            .andThen(({ sha, updatedContent }) => ResultAsync.fromPromise(gitHubService.updateFile({
-            branch: branchName,
-            content: updatedContent,
-            message: `Add directory reader for ${subscriptionName}`,
-            owner: REPO_OWNER,
-            path: filePath,
-            repo: REPO_NAME,
-            sha,
-        }), () => new AuthorizationError(`Unable to update ${filePath} on branch ${branchName} in ${REPO_OWNER}/${REPO_NAME}`)))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            // Create a pull request for review
-            .andThen(() => ResultAsync.fromPromise(gitHubService.createPullRequest({
-            base: BASE_BRANCH,
-            body: `This PR adds the bootstrap identity \`${bootstrapIdentityId}\` to the directory readers for subscription \`${subscriptionName}\`.`,
-            head: branchName,
-            owner: REPO_OWNER,
-            repo: REPO_NAME,
-            title: `Add directory reader for ${subscriptionName}`,
-        }), () => new AuthorizationError(`Unable to create pull request from ${branchName} to ${BASE_BRANCH} in ${REPO_OWNER}/${REPO_NAME}`)))
-            .orTee((error) => {
-            logger.error(error.message);
-        })
-            .map((pr) => new AuthorizationResult(pr.url)));
-    },
-});