@pagopa/dx-cli 0.21.5 → 0.22.0

package/dist/adapters/azure/__tests__/cloud-account-service.test.js

@@ -285,7 +285,7 @@ describe("initialize", () => {
             principalType: "ServicePrincipal",
             roleDefinitionId: "/subscriptions/sub-1/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
         }));
-        expect(mockCreateFederatedIdentityCredential).toHaveBeenCalledWith("dx-d-itn-common-rg-01", "dx-d-itn-bootstrap-id-01", "bootstrapper-dev-cd", {
+        expect(mockCreateFederatedIdentityCredential).toHaveBeenCalledWith("dx-d-itn-common-rg-01", "dx-d-itn-bootstrap-id-01", "dx-bootstrapper-dev-cd", {
             audiences: ["api://AzureADTokenExchange"],
             issuer: "https://token.actions.githubusercontent.com",
             subject: "repo:pagopa/dx:environment:bootstrapper-dev-cd",
@@ -341,4 +341,38 @@ describe("initialize", () => {
             secretValue: "private-key",
         });
     });
+    test("uses a repository-specific federated credential name", async ({ cloudAccountService, }) => {
+        const createOrUpdateEnvironmentSecret = vi
+            .fn()
+            .mockResolvedValue(undefined);
+        await cloudAccountService.initialize({
+            csp: "azure",
+            defaultLocation: "italynorth",
+            displayName: "Test subscription",
+            id: "sub-1",
+        }, {
+            name: "dev",
+            prefix: "dx",
+        }, {
+            clientId: "app-client-id",
+            id: "app-id",
+            installationId: "installation-id",
+            key: "private-key\n",
+        }, {
+            owner: "pagopa",
+            repo: "dx-playground",
+        }, {
+            createBranch: vi.fn(),
+            createOrUpdateEnvironmentSecret,
+            createPullRequest: vi.fn(),
+            getFileContent: vi.fn(),
+            getRepository: vi.fn(),
+            updateFile: vi.fn(),
+        });
+        expect(mockCreateFederatedIdentityCredential).toHaveBeenCalledWith("dx-d-itn-common-rg-01", "dx-d-itn-bootstrap-id-01", "dx-playground-bootstrapper-dev-cd", {
+            audiences: ["api://AzureADTokenExchange"],
+            issuer: "https://token.actions.githubusercontent.com",
+            subject: "repo:pagopa/dx-playground:environment:bootstrapper-dev-cd",
+        });
+    });
 });

package/dist/adapters/azure/cloud-account-service.js

@@ -199,14 +199,19 @@ export class AzureCloudAccountService {
             })));
             logger.debug("Assigned bootstrap roles to identity {identityName} in subscription {subscriptionId}", { identityName, subscriptionId: cloudAccount.id });
             const githubEnvironmentName = `bootstrapper-${name}-cd`;
-            // Federate the bootstrap identity with the GitHub environment so workflows can exchange their OIDC token for Azure access.
-            await msiClient.federatedIdentityCredentials.createOrUpdate(resourceGroupName, identityName, githubEnvironmentName, {
+            const federatedCredentialName = this.#createFederatedCredentialName({
+                github,
+                githubEnvironmentName,
+            });
+            // Include a repository-derived suffix so different repositories can share
+            // the same bootstrap identity without overwriting each other's OIDC trust.
+            await msiClient.federatedIdentityCredentials.createOrUpdate(resourceGroupName, identityName, federatedCredentialName, {
                 audiences: ["api://AzureADTokenExchange"],
                 issuer: "https://token.actions.githubusercontent.com",
                 subject: `repo:${github.owner}/${github.repo}:environment:${githubEnvironmentName}`,
             });
             logger.debug("Configured federated identity credential {credentialName} for identity {identityName} in subscription {subscriptionId}", {
-                credentialName: githubEnvironmentName,
+                credentialName: federatedCredentialName,
                 identityName,
                 subscriptionId: cloudAccount.id,
             });
@@ -374,6 +379,10 @@ export class AzureCloudAccountService {
         logger.debug("Created key vault {keyVaultName} in subscription {subscriptionId}", { keyVaultName, subscriptionId: cloudAccount.id });
         return keyVaultName;
     }
+    #createFederatedCredentialName({ github, githubEnvironmentName, }) {
+        const repoName = github.repo.replaceAll(/[^a-zA-Z0-9-]/g, "-");
+        return `${repoName}-${githubEnvironmentName}`;
+    }
     #createRoleAssignmentName(scope, principalId, roleDefinitionId) {
         const hash = createHash("sha256")
             .update(`${scope}:${principalId}:${roleDefinitionId}`)

package/dist/adapters/commander/__tests__/env.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/adapters/commander/__tests__/env.test.js

@@ -0,0 +1,43 @@
+/**
+ * Tests for the CLI environment schema.
+ * Validates that `cliEnvSchema` correctly parses `process.env`.
+ */
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { cliEnvSchema } from "../env.js";
+describe("cliEnvSchema", () => {
+    afterEach(() => {
+        vi.unstubAllEnvs();
+    });
+    describe("CI field", () => {
+        it("is undefined when CI is not set", () => {
+            vi.stubEnv("CI", undefined);
+            const result = cliEnvSchema.safeParse(process.env);
+            expect(result.success).toBe(true);
+            expect(result.success && result.data.CI).toBeUndefined();
+        });
+        it("captures any non-empty CI value", () => {
+            vi.stubEnv("CI", "true");
+            const result = cliEnvSchema.safeParse(process.env);
+            expect(result.success).toBe(true);
+            expect(result.success && result.data.CI).toBe("true");
+        });
+        it("captures CI=false as a string (presence is the signal, not the value)", () => {
+            vi.stubEnv("CI", "false");
+            const result = cliEnvSchema.safeParse(process.env);
+            expect(result.success).toBe(true);
+            expect(result.success && result.data.CI).toBe("false");
+        });
+        it("captures CI=1 for numeric-style env vars", () => {
+            vi.stubEnv("CI", "1");
+            const result = cliEnvSchema.safeParse(process.env);
+            expect(result.success).toBe(true);
+            expect(result.success && result.data.CI).toBe("1");
+        });
+    });
+    it("passes through an object with unrelated env keys without failing", () => {
+        vi.stubEnv("CI", "true");
+        const result = cliEnvSchema.safeParse(process.env);
+        expect(result.success).toBe(true);
+        expect(result.success && result.data.CI).toBe("true");
+    });
+});

package/dist/adapters/commander/__tests__/global-options.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/adapters/commander/__tests__/global-options.test.js

@@ -0,0 +1,33 @@
+import { describe, expect, it } from "vitest";
+import { mock } from "vitest-mock-extended";
+import { makeCli } from "../index.js";
+const makeProgram = (argv) => {
+    const program = makeCli(mock(), mock(), mock(), "0.0.0");
+    program.exitOverride().configureOutput({
+        writeErr: () => {
+            /* silence stderr in tests */
+        },
+        writeOut: () => {
+            /* silence stdout in tests */
+        },
+    });
+    program.parseOptions(argv);
+    return program;
+};
+describe("--output option", () => {
+    it("defaults to 'text' when not provided", () => {
+        const program = makeProgram([]);
+        expect(program.opts().output).toBe("text");
+    });
+    it("accepts 'text' explicitly", () => {
+        const program = makeProgram(["--output", "text"]);
+        expect(program.opts().output).toBe("text");
+    });
+    it("accepts 'json'", () => {
+        const program = makeProgram(["--output", "json"]);
+        expect(program.opts().output).toBe("json");
+    });
+    it("rejects invalid values", () => {
+        expect(() => makeProgram(["--output", "xml"])).toThrow();
+    });
+});

package/dist/adapters/commander/env.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Zod schema for the CLI environment variables.
+ *
+ * Intended to centralize env parsing at the entrypoint (`src/index.ts`),
+ * which will parse the raw environment once and pass the validated result as
+ * `CliEnv` to every command. This keeps env-var reads out of use-cases and
+ * adapters and makes them fully testable.
+ */
+import { z } from "zod";
+export declare const cliEnvSchema: z.ZodObject<{
+    CI: z.ZodOptional<z.ZodString>;
+}, z.core.$loose>;
+export type CliEnv = z.infer<typeof cliEnvSchema>;

package/dist/adapters/commander/env.js

@@ -0,0 +1,17 @@
+/**
+ * Zod schema for the CLI environment variables.
+ *
+ * Intended to centralize env parsing at the entrypoint (`src/index.ts`),
+ * which will parse the raw environment once and pass the validated result as
+ * `CliEnv` to every command. This keeps env-var reads out of use-cases and
+ * adapters and makes them fully testable.
+ */
+import { z } from "zod";
+export const cliEnvSchema = z
+    .object({
+    // Standard CI marker. Presence (any string value) signals an automated
+    // pipeline where interactive prompts must not block. Follows the same
+    // convention used by `is-interactive` and `ora`.
+    CI: z.string().optional(),
+})
+    .loose();

package/dist/adapters/commander/index.d.ts

@@ -4,6 +4,7 @@ import { Dependencies } from "../../domain/dependencies.js";
 import { CodemodCommandDependencies } from "./commands/codemod.js";
 export type CliDependencies = CodemodCommandDependencies;
 export type GlobalOptions = {
+    output: "json" | "text";
     verbose?: boolean;
 };
 /**

package/dist/adapters/commander/index.js

@@ -1,4 +1,4 @@
-import { Command } from "commander";
+import { Command, Option } from "commander";
 import { makeAddCommand } from "./commands/add.js";
 import { makeCodemodCommand, } from "./commands/codemod.js";
 import { makeDoctorCommand } from "./commands/doctor.js";
@@ -17,7 +17,10 @@ export const makeCli = (deps, config, cliDeps, version) => {
         .name("dx")
         .description("The CLI for DX-Platform")
         .version(version)
-        .option("-v, --verbose", "Enable verbose output: debug-level logs and full error chain (with stack traces) when a command fails", false);
+        .option("-v, --verbose", "Enable verbose output: debug-level logs and full error chain (with stack traces) when a command fails", false)
+        .addOption(new Option("--output <mode>", "Output mode: 'text' (human-readable, default) or 'json' (structured JSON envelope on stdout, NDJSON progress events on stderr)")
+        .choices(["text", "json"])
+        .default("text"));
     program.addCommand(makeDoctorCommand(deps, config));
     program.addCommand(makeCodemodCommand(cliDeps));
     program.addCommand(makeInitCommand(deps));

package/dist/domain/command-presenter.d.ts

@@ -0,0 +1,26 @@
+/**
+ * CommandPresenter — domain port for all CLI output.
+ *
+ * Use-cases depend on this interface, not on any concrete output mechanism.
+ * Concrete implementations are injected at the entry point.
+ *
+ * The interface deliberately does NOT handle process exit: callers report the
+ * error through `reportError`, then let the host terminate the process with
+ * the appropriate exit code.
+ */
+export interface CommandPresenter {
+    /**
+     * Formats and emits the error.
+     * Does NOT exit the process — that responsibility belongs to the host
+     * after this returns.
+     */
+    reportError(error: unknown): void;
+    /**
+     * Emits the final successful result.
+     */
+    reportResult<T>(data: T): void;
+    /**
+     * Tracks `task` while emitting start/end lifecycle events for the named step.
+     */
+    trackStep<T>(name: string, task: () => Promise<T>): Promise<T>;
+}

package/dist/domain/command-presenter.js

@@ -0,0 +1,11 @@
+/**
+ * CommandPresenter — domain port for all CLI output.
+ *
+ * Use-cases depend on this interface, not on any concrete output mechanism.
+ * Concrete implementations are injected at the entry point.
+ *
+ * The interface deliberately does NOT handle process exit: callers report the
+ * error through `reportError`, then let the host terminate the process with
+ * the appropriate exit code.
+ */
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/dx-cli",
-  "version": "0.21.5",
+  "version": "0.22.0",
   "type": "module",
   "description": "A CLI useful to manage DX tools.",
   "repository": {