npm - @paklo/runner - Versions diffs - 0.1.0 - Mend

@paklo/runner 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/LICENSE +21 -0
package/dist/index.d.ts +167 -0
package/dist/index.js +49 -0
package/dist/index.js.map +1 -0
package/dist/job-runner-BUl_fCJS.js +770 -0
package/dist/job-runner-BUl_fCJS.js.map +1 -0
package/dist/local/azure.d.ts +53 -0
package/dist/local/azure.js +424 -0
package/dist/local/azure.js.map +1 -0
package/dist/local/index.d.ts +2 -0
package/dist/local/index.js +4 -0
package/dist/logger-Bekleunx.js +3 -0
package/dist/server-Dcc7bD60.js +203 -0
package/dist/server-Dcc7bD60.js.map +1 -0
package/dist/server-Ri18zAcc.d.ts +229 -0
package/package.json +66 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2020 Maxwell Weru
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,167 @@
+import { DependabotCredential, DependabotJobConfig, DependabotMetric, DependabotProxyConfig, DependabotRecordUpdateJobError, FileFetcherInput, FileUpdaterInput } from "@paklo/core/dependabot";
+import { InnerApiClient } from "@paklo/core/http";
+import Docker, { Container, Network } from "dockerode";
+import { UsageTelemetryRequestData } from "@paklo/core/usage";
+//#region src/params.d.ts
+declare class JobParameters {
+  readonly jobId: number;
+  readonly jobToken: string;
+  readonly credentialsToken: string;
+  readonly dependabotApiUrl: string;
+  readonly dependabotApiDockerUrl: string;
+  readonly updaterImage: string;
+  constructor(jobId: number, jobToken: string, credentialsToken: string, dependabotApiUrl: string, dependabotApiDockerUrl: string, updaterImage: string);
+}
+declare function getJobParameters(input: {
+  jobId?: string | number;
+  jobToken?: string;
+  credentialsToken?: string;
+  dependabotApiUrl?: string;
+  dependabotApiDockerUrl?: string;
+  updaterImage?: string;
+}): JobParameters | null;
+//#endregion
+//#region src/api-client.d.ts
+declare class JobDetailsFetchingError extends Error {}
+declare class CredentialFetchingError extends Error {}
+type SecretMasker = (value: string) => void;
+declare class ApiClient {
+  private readonly client;
+  readonly params: JobParameters;
+  private readonly credentialsToken;
+  private readonly secretMasker;
+  private jobToken;
+  constructor(client: InnerApiClient, params: JobParameters, jobToken: string, credentialsToken: string, secretMasker: SecretMasker);
+  UnknownSha: {
+    'base-commit-sha': string;
+  };
+  getJobToken(): string;
+  getJobDetails(): Promise<DependabotJobConfig>;
+  getCredentials(): Promise<DependabotCredential[]>;
+  reportJobError(error: DependabotRecordUpdateJobError): Promise<void>;
+  markJobAsProcessed(): Promise<void>;
+  sendMetrics(name: string, metricType: 'increment' | 'gauge', value: number, additionalTags?: Record<string, string>): Promise<void>;
+  reportMetrics(metrics: DependabotMetric[]): Promise<void>;
+  private getWithRetry;
+}
+//#endregion
+//#region src/cleanup.d.ts
+declare function cleanup(cutoff?: string): Promise<void>;
+declare function cleanupOldImageVersions(docker: Docker, imageName: string): Promise<void>;
+//#endregion
+//#region src/container-service.d.ts
+declare class ContainerRuntimeError extends Error {}
+declare const ContainerService: {
+  storeInput(name: string, path: string, container: Container, input: FileFetcherInput | FileUpdaterInput | DependabotProxyConfig): Promise<void>;
+  storeCert(name: string, path: string, container: Container, cert: string): Promise<void>;
+  run(container: Container, command?: string): Promise<boolean>;
+  execCommand(container: Container, cmd: string[], user: string): Promise<void>;
+};
+//#endregion
+//#region src/docker-tags.d.ts
+declare const PROXY_IMAGE_NAME: string;
+declare function updaterImageName(packageManager: string): string;
+declare function updaterImages(): string[];
+declare function repositoryName(imageName: string): string;
+declare function hasDigest(imageName: string): boolean;
+declare function digestName(imageName: string): string;
+//#endregion
+//#region src/image-service.d.ts
+declare function getOrgFromImage(imageName: string): string;
+type MetricReporter = (metricName: string, metricType: 'increment' | 'gauge', value: number, additionalTags?: Record<string, string>) => Promise<void>;
+/** Fetch the configured updater image, if it isn't already available. */
+declare const ImageService: {
+  pull(imageName: string, sendMetric?: MetricReporter, force?: boolean): Promise<void>;
+  fetchImageWithRetry(imageName: string, auth: {} | undefined, docker: Docker | undefined, sendMetric: MetricReporter | undefined, org: string): Promise<void>;
+};
+//#endregion
+//#region src/job-runner.d.ts
+declare class JobRunnerImagingError extends Error {}
+declare class JobRunnerUpdaterError extends Error {}
+type JobRunnerOptions = {
+  dependabotApiUrl: string;
+  dependabotApiDockerUrl?: string;
+  jobId: number;
+  jobToken: string;
+  credentialsToken: string;
+  updaterImage?: string;
+  secretMasker: SecretMasker;
+};
+declare class JobRunner {
+  private readonly options;
+  constructor(options: JobRunnerOptions);
+  run(): Promise<void>;
+}
+type RunJobOptions = JobRunnerOptions & {
+  usage: Pick<UsageTelemetryRequestData, 'trigger' | 'provider' | 'owner' | 'project' | 'package-manager'>;
+};
+type RunJobResult = {
+  success: true;
+  message?: string;
+} | {
+  success: false;
+  message: string;
+};
+declare function runJob({
+  jobId,
+  usage,
+  ...options
+}: RunJobOptions): Promise<RunJobResult>;
+//#endregion
+//#region src/proxy.d.ts
+type Proxy = {
+  container: Container;
+  network: Network;
+  networkName: string;
+  url: () => Promise<string>;
+  cert: string;
+  shutdown: () => Promise<void>;
+};
+declare class ProxyBuilder {
+  private readonly docker;
+  private readonly proxyImage;
+  private readonly cachedMode;
+  constructor(docker: Docker, proxyImage: string, cachedMode: boolean);
+  run(jobId: number, jobToken: string, dependabotApiUrl: string, credentials: DependabotCredential[]): Promise<Proxy>;
+  private ensureNetwork;
+  private buildProxyConfig;
+  private generateCertificateAuthority;
+  private createContainer;
+  private customCAPath;
+}
+//#endregion
+//#region src/updater.d.ts
+declare class Updater {
+  private readonly updaterImage;
+  private readonly proxyImage;
+  private readonly params;
+  private readonly job;
+  private readonly credentials;
+  docker: Docker;
+  constructor(updaterImage: string, proxyImage: string, params: JobParameters, job: DependabotJobConfig, credentials: DependabotCredential[]);
+  /**
+   * Execute an update job and report the result to Dependabot API.
+   */
+  runUpdater(): Promise<boolean>;
+  private generateCredentialsMetadata;
+  private setRegistryFromUrl;
+  private setIndexUrlFromUrl;
+  private runUpdate;
+  private createContainer;
+  private cleanup;
+}
+//#endregion
+//#region src/updater-builder.d.ts
+declare class UpdaterBuilder {
+  private readonly docker;
+  private readonly jobParams;
+  private readonly input;
+  private readonly proxy;
+  private readonly updaterImage;
+  constructor(docker: Docker, jobParams: JobParameters, input: FileFetcherInput | FileUpdaterInput, proxy: Proxy, updaterImage: string);
+  run(containerName: string): Promise<Container>;
+}
+//#endregion
+export { ApiClient, ContainerRuntimeError, ContainerService, CredentialFetchingError, ImageService, JobDetailsFetchingError, JobParameters, JobRunner, JobRunnerImagingError, JobRunnerOptions, JobRunnerUpdaterError, MetricReporter, PROXY_IMAGE_NAME, Proxy, ProxyBuilder, RunJobOptions, RunJobResult, SecretMasker, Updater, UpdaterBuilder, cleanup, cleanupOldImageVersions, digestName, getJobParameters, getOrgFromImage, hasDigest, repositoryName, runJob, updaterImageName, updaterImages };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { t as logger } from "./logger-Bekleunx.js";
+import { S as JobDetailsFetchingError, _ as repositoryName, a as Updater, b as ApiClient, c as JobParameters, d as getOrgFromImage, f as ContainerRuntimeError, g as hasDigest, h as digestName, i as runJob, l as getJobParameters, m as PROXY_IMAGE_NAME, n as JobRunnerImagingError, o as UpdaterBuilder, p as ContainerService, r as JobRunnerUpdaterError, s as ProxyBuilder, t as JobRunner, u as ImageService, v as updaterImageName, x as CredentialFetchingError, y as updaterImages } from "./job-runner-BUl_fCJS.js";
+import Docker from "dockerode";
+//#region src/cleanup.ts
+async function cleanup(cutoff = "24h") {
+	if (process.env.DEPENDABOT_DISABLE_CLEANUP === "1") return;
+	try {
+		const docker = new Docker();
+		const untilFilter = { until: [cutoff] };
+		logger.info(`Pruning networks older than ${cutoff}`);
+		await docker.pruneNetworks({ filters: untilFilter });
+		logger.info(`Pruning containers older than ${cutoff}`);
+		await docker.pruneContainers({ filters: untilFilter });
+		await Promise.all(updaterImages().map(async (image) => {
+			return cleanupOldImageVersions(docker, image);
+		}));
+		await cleanupOldImageVersions(docker, PROXY_IMAGE_NAME);
+	} catch (error) {
+		if (error instanceof Error) logger.error(`Error cleaning up: ${error.message}`);
+	}
+}
+async function cleanupOldImageVersions(docker, imageName) {
+	const repo = repositoryName(imageName);
+	const options = { filters: `{"reference":["${repo}"]}` };
+	logger.info(`Cleaning up images for ${repo}`);
+	docker.listImages(options, async (err, imageInfoList) => {
+		if (imageInfoList && imageInfoList.length > 0) for (const imageInfo of imageInfoList) {
+			if (imageMatches(imageInfo, imageName)) {
+				logger.info(`Skipping current image ${imageInfo.Id}`);
+				continue;
+			}
+			logger.info(`Removing image ${imageInfo.Id}`);
+			try {
+				await docker.getImage(imageInfo.Id).remove();
+			} catch (error) {
+				if (error instanceof Error) logger.info(`Unable to remove ${imageInfo.Id} -- ${error.message}`);
+			}
+		}
+	});
+}
+function imageMatches(imageInfo, imageName) {
+	if (hasDigest(imageName)) return imageInfo.RepoDigests ? imageInfo.RepoDigests.includes(digestName(imageName)) : false;
+	return imageInfo.RepoTags ? imageInfo.RepoTags.includes(imageName) : false;
+}
+//#endregion
+export { ApiClient, ContainerRuntimeError, ContainerService, CredentialFetchingError, ImageService, JobDetailsFetchingError, JobParameters, JobRunner, JobRunnerImagingError, JobRunnerUpdaterError, PROXY_IMAGE_NAME, ProxyBuilder, Updater, UpdaterBuilder, cleanup, cleanupOldImageVersions, digestName, getJobParameters, getOrgFromImage, hasDigest, repositoryName, runJob, updaterImageName, updaterImages };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":["error: unknown"],"sources":["../src/cleanup.ts"],"sourcesContent":["import Docker from 'dockerode';\nimport { logger } from '@/logger';\nimport { digestName, hasDigest, PROXY_IMAGE_NAME, repositoryName, updaterImages } from './docker-tags';\n\n// Code below is borrowed and adapted from dependabot-action\n\n// This method performs housekeeping checks to remove Docker artifacts\n// which were left behind by old versions or any jobs\n// which may have crashed before deleting their own containers or networks\n//\n// cutoff - a Go duration string to pass to the Docker API's 'until' argument, default '24h'\nexport async function cleanup(cutoff = '24h'): Promise<void> {\n if (process.env.DEPENDABOT_DISABLE_CLEANUP === '1') {\n return;\n }\n\n try {\n const docker = new Docker();\n const untilFilter = { until: [cutoff] };\n logger.info(`Pruning networks older than ${cutoff}`);\n await docker.pruneNetworks({ filters: untilFilter });\n logger.info(`Pruning containers older than ${cutoff}`);\n await docker.pruneContainers({ filters: untilFilter });\n await Promise.all(\n updaterImages().map(async (image) => {\n return cleanupOldImageVersions(docker, image);\n }),\n );\n await cleanupOldImageVersions(docker, PROXY_IMAGE_NAME);\n } catch (error: unknown) {\n if (error instanceof Error) {\n logger.error(`Error cleaning up: ${error.message}`);\n }\n }\n}\n\nexport async function cleanupOldImageVersions(docker: Docker, imageName: string): Promise<void> {\n const repo = repositoryName(imageName);\n const options = {\n filters: `{\"reference\":[\"${repo}\"]}`,\n };\n\n logger.info(`Cleaning up images for ${repo}`);\n\n docker.listImages(options, async (err, imageInfoList) => {\n if (imageInfoList && imageInfoList.length > 0) {\n for (const imageInfo of imageInfoList) {\n // The given imageName is expected to be a tag + digest, however to avoid any surprises in future\n // we fail over to check for a match on just tags as well.\n //\n // This means we won't remove any image which matches an imageName of either of these notations:\n // - dependabot/image:$TAG@sha256:$REF (current implementation)\n // - dependabot/image:v1\n //\n // Without checking imageInfo.RepoTags for a match, we would actually remove the latter even if\n // this was the active version.\n if (imageMatches(imageInfo, imageName)) {\n logger.info(`Skipping current image ${imageInfo.Id}`);\n continue;\n }\n\n logger.info(`Removing image ${imageInfo.Id}`);\n try {\n await docker.getImage(imageInfo.Id).remove();\n } catch (error: unknown) {\n if (error instanceof Error) {\n logger.info(`Unable to remove ${imageInfo.Id} -- ${error.message}`);\n }\n }\n }\n }\n });\n}\n\nfunction imageMatches(imageInfo: Docker.ImageInfo, imageName: string): boolean {\n if (hasDigest(imageName)) {\n return imageInfo.RepoDigests ? imageInfo.RepoDigests.includes(digestName(imageName)) : false;\n }\n return imageInfo.RepoTags ? imageInfo.RepoTags.includes(imageName) : false;\n}\n"],"mappings":";;;;;AAWA,eAAsB,QAAQ,SAAS,OAAsB;AAC3D,KAAI,QAAQ,IAAI,+BAA+B,IAC7C;AAGF,KAAI;EACF,MAAM,SAAS,IAAI,QAAQ;EAC3B,MAAM,cAAc,EAAE,OAAO,CAAC,OAAO,EAAE;AACvC,SAAO,KAAK,+BAA+B,SAAS;AACpD,QAAM,OAAO,cAAc,EAAE,SAAS,aAAa,CAAC;AACpD,SAAO,KAAK,iCAAiC,SAAS;AACtD,QAAM,OAAO,gBAAgB,EAAE,SAAS,aAAa,CAAC;AACtD,QAAM,QAAQ,IACZ,eAAe,CAAC,IAAI,OAAO,UAAU;AACnC,UAAO,wBAAwB,QAAQ,MAAM;IAC7C,CACH;AACD,QAAM,wBAAwB,QAAQ,iBAAiB;UAChDA,OAAgB;AACvB,MAAI,iBAAiB,MACnB,QAAO,MAAM,sBAAsB,MAAM,UAAU;;;AAKzD,eAAsB,wBAAwB,QAAgB,WAAkC;CAC9F,MAAM,OAAO,eAAe,UAAU;CACtC,MAAM,UAAU,EACd,SAAS,kBAAkB,KAAK,MACjC;AAED,QAAO,KAAK,0BAA0B,OAAO;AAE7C,QAAO,WAAW,SAAS,OAAO,KAAK,kBAAkB;AACvD,MAAI,iBAAiB,cAAc,SAAS,EAC1C,MAAK,MAAM,aAAa,eAAe;AAUrC,OAAI,aAAa,WAAW,UAAU,EAAE;AACtC,WAAO,KAAK,0BAA0B,UAAU,KAAK;AACrD;;AAGF,UAAO,KAAK,kBAAkB,UAAU,KAAK;AAC7C,OAAI;AACF,UAAM,OAAO,SAAS,UAAU,GAAG,CAAC,QAAQ;YACrCA,OAAgB;AACvB,QAAI,iBAAiB,MACnB,QAAO,KAAK,oBAAoB,UAAU,GAAG,MAAM,MAAM,UAAU;;;GAK3E;;AAGJ,SAAS,aAAa,WAA6B,WAA4B;AAC7E,KAAI,UAAU,UAAU,CACtB,QAAO,UAAU,cAAc,UAAU,YAAY,SAAS,WAAW,UAAU,CAAC,GAAG;AAEzF,QAAO,UAAU,WAAW,UAAU,SAAS,SAAS,UAAU,GAAG"}