@postman-cse/onboarding-insights 1.0.3 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -13
- package/action.yml +3 -3
- package/dist/action.cjs +357 -46
- package/dist/cli.cjs +449 -138
- package/dist/index.cjs +361 -46
- package/package.json +4 -4
package/dist/action.cjs
CHANGED
|
@@ -12166,7 +12166,7 @@ var require_response = __commonJS({
|
|
|
12166
12166
|
var assert = require("node:assert");
|
|
12167
12167
|
var { types } = require("node:util");
|
|
12168
12168
|
var textEncoder = new TextEncoder("utf-8");
|
|
12169
|
-
var
|
|
12169
|
+
var Response2 = class _Response {
|
|
12170
12170
|
// Creates network error Response.
|
|
12171
12171
|
static error() {
|
|
12172
12172
|
const responseObject = fromInnerResponse(makeNetworkError(), "immutable");
|
|
@@ -12309,8 +12309,8 @@ var require_response = __commonJS({
|
|
|
12309
12309
|
return `Response ${nodeUtil.formatWithOptions(options, properties)}`;
|
|
12310
12310
|
}
|
|
12311
12311
|
};
|
|
12312
|
-
mixinBody(
|
|
12313
|
-
Object.defineProperties(
|
|
12312
|
+
mixinBody(Response2);
|
|
12313
|
+
Object.defineProperties(Response2.prototype, {
|
|
12314
12314
|
type: kEnumerableProperty,
|
|
12315
12315
|
url: kEnumerableProperty,
|
|
12316
12316
|
status: kEnumerableProperty,
|
|
@@ -12326,7 +12326,7 @@ var require_response = __commonJS({
|
|
|
12326
12326
|
configurable: true
|
|
12327
12327
|
}
|
|
12328
12328
|
});
|
|
12329
|
-
Object.defineProperties(
|
|
12329
|
+
Object.defineProperties(Response2, {
|
|
12330
12330
|
json: kEnumerableProperty,
|
|
12331
12331
|
redirect: kEnumerableProperty,
|
|
12332
12332
|
error: kEnumerableProperty
|
|
@@ -12459,7 +12459,7 @@ var require_response = __commonJS({
|
|
|
12459
12459
|
}
|
|
12460
12460
|
}
|
|
12461
12461
|
function fromInnerResponse(innerResponse, guard) {
|
|
12462
|
-
const response = new
|
|
12462
|
+
const response = new Response2(kConstruct);
|
|
12463
12463
|
response[kState] = innerResponse;
|
|
12464
12464
|
response[kHeaders] = new Headers3(kConstruct);
|
|
12465
12465
|
setHeadersList(response[kHeaders], innerResponse.headersList);
|
|
@@ -12527,7 +12527,7 @@ var require_response = __commonJS({
|
|
|
12527
12527
|
makeResponse,
|
|
12528
12528
|
makeAppropriateNetworkError,
|
|
12529
12529
|
filterResponse,
|
|
12530
|
-
Response,
|
|
12530
|
+
Response: Response2,
|
|
12531
12531
|
cloneResponse,
|
|
12532
12532
|
fromInnerResponse
|
|
12533
12533
|
};
|
|
@@ -15199,7 +15199,7 @@ var require_cache = __commonJS({
|
|
|
15199
15199
|
var { urlEquals, getFieldValues } = require_util5();
|
|
15200
15200
|
var { kEnumerableProperty, isDisturbed } = require_util();
|
|
15201
15201
|
var { webidl } = require_webidl();
|
|
15202
|
-
var { Response, cloneResponse, fromInnerResponse } = require_response();
|
|
15202
|
+
var { Response: Response2, cloneResponse, fromInnerResponse } = require_response();
|
|
15203
15203
|
var { Request, fromInnerRequest } = require_request2();
|
|
15204
15204
|
var { kState } = require_symbols2();
|
|
15205
15205
|
var { fetching } = require_fetch();
|
|
@@ -15726,7 +15726,7 @@ var require_cache = __commonJS({
|
|
|
15726
15726
|
converter: webidl.converters.DOMString
|
|
15727
15727
|
}
|
|
15728
15728
|
]);
|
|
15729
|
-
webidl.converters.Response = webidl.interfaceConverter(
|
|
15729
|
+
webidl.converters.Response = webidl.interfaceConverter(Response2);
|
|
15730
15730
|
webidl.converters["sequence<RequestInfo>"] = webidl.sequenceConverter(
|
|
15731
15731
|
webidl.converters.RequestInfo
|
|
15732
15732
|
);
|
|
@@ -21481,6 +21481,117 @@ function resolvePostmanEndpointProfile(stack, region = "us") {
|
|
|
21481
21481
|
return profile;
|
|
21482
21482
|
}
|
|
21483
21483
|
|
|
21484
|
+
// src/lib/postman/token-provider.ts
|
|
21485
|
+
var MintError = class extends Error {
|
|
21486
|
+
permanent;
|
|
21487
|
+
constructor(message, permanent) {
|
|
21488
|
+
super(message);
|
|
21489
|
+
this.name = "MintError";
|
|
21490
|
+
this.permanent = permanent;
|
|
21491
|
+
}
|
|
21492
|
+
};
|
|
21493
|
+
function extractAccessToken(payload) {
|
|
21494
|
+
if (!payload || typeof payload !== "object") return void 0;
|
|
21495
|
+
const record = payload;
|
|
21496
|
+
const direct = record.access_token;
|
|
21497
|
+
if (typeof direct === "string" && direct.trim()) return direct.trim();
|
|
21498
|
+
const session = record.session;
|
|
21499
|
+
if (session && typeof session === "object") {
|
|
21500
|
+
const token = session.token;
|
|
21501
|
+
if (typeof token === "string" && token.trim()) return token.trim();
|
|
21502
|
+
}
|
|
21503
|
+
return void 0;
|
|
21504
|
+
}
|
|
21505
|
+
var AccessTokenProvider = class {
|
|
21506
|
+
token;
|
|
21507
|
+
apiKey;
|
|
21508
|
+
apiBaseUrl;
|
|
21509
|
+
fetchImpl;
|
|
21510
|
+
maxAttempts;
|
|
21511
|
+
onToken;
|
|
21512
|
+
sleep;
|
|
21513
|
+
inflight;
|
|
21514
|
+
constructor(options) {
|
|
21515
|
+
this.token = String(options.accessToken || "").trim();
|
|
21516
|
+
this.apiKey = String(options.apiKey || "").trim();
|
|
21517
|
+
this.apiBaseUrl = String(
|
|
21518
|
+
options.apiBaseUrl || POSTMAN_ENDPOINT_PROFILES.prod.apiBaseUrl
|
|
21519
|
+
).replace(/\/+$/, "");
|
|
21520
|
+
this.fetchImpl = options.fetchImpl ?? fetch;
|
|
21521
|
+
this.maxAttempts = Math.max(1, options.maxAttempts ?? 2);
|
|
21522
|
+
this.onToken = options.onToken;
|
|
21523
|
+
this.sleep = options.sleep;
|
|
21524
|
+
}
|
|
21525
|
+
current() {
|
|
21526
|
+
return this.token;
|
|
21527
|
+
}
|
|
21528
|
+
/** True when a PMAK is present, so an expired token can be re-minted. */
|
|
21529
|
+
canRefresh() {
|
|
21530
|
+
return Boolean(this.apiKey);
|
|
21531
|
+
}
|
|
21532
|
+
refresh() {
|
|
21533
|
+
this.inflight ??= this.mintWithRetry().finally(() => {
|
|
21534
|
+
this.inflight = void 0;
|
|
21535
|
+
});
|
|
21536
|
+
return this.inflight;
|
|
21537
|
+
}
|
|
21538
|
+
async mintWithRetry() {
|
|
21539
|
+
if (!this.apiKey) {
|
|
21540
|
+
throw new Error(
|
|
21541
|
+
"postman: the access token expired and cannot be refreshed because no postman-api-key is present. Service-account access tokens expire after about 1 to 1.5 hours. Re-mint a fresh token (postman-resolve-service-token-action) and re-run."
|
|
21542
|
+
);
|
|
21543
|
+
}
|
|
21544
|
+
const token = await retry(() => this.mintOnce(), {
|
|
21545
|
+
maxAttempts: this.maxAttempts,
|
|
21546
|
+
delayMs: 1e3,
|
|
21547
|
+
backoffMultiplier: 2,
|
|
21548
|
+
...this.sleep ? { sleep: this.sleep } : {},
|
|
21549
|
+
shouldRetry: (error2) => !(error2 instanceof MintError && error2.permanent)
|
|
21550
|
+
});
|
|
21551
|
+
this.token = token;
|
|
21552
|
+
this.onToken?.(token);
|
|
21553
|
+
return token;
|
|
21554
|
+
}
|
|
21555
|
+
async mintOnce() {
|
|
21556
|
+
const response = await this.fetchImpl(`${this.apiBaseUrl}/service-account-tokens`, {
|
|
21557
|
+
method: "POST",
|
|
21558
|
+
headers: {
|
|
21559
|
+
"Content-Type": "application/json",
|
|
21560
|
+
"x-api-key": this.apiKey
|
|
21561
|
+
},
|
|
21562
|
+
body: JSON.stringify({ apiKey: this.apiKey })
|
|
21563
|
+
});
|
|
21564
|
+
const body = await response.text().catch(() => "");
|
|
21565
|
+
if (!response.ok) {
|
|
21566
|
+
const status = response.status;
|
|
21567
|
+
if (status === 401 || status === 403) {
|
|
21568
|
+
throw new MintError(
|
|
21569
|
+
`postman: re-mint failed because the postman-api-key was rejected (PMAK rejected, HTTP ${status}); confirm it is a valid, enabled service-account PMAK for the intended team.`,
|
|
21570
|
+
true
|
|
21571
|
+
);
|
|
21572
|
+
}
|
|
21573
|
+
if (status === 400 && body.toLowerCase().includes("service accounts not enabled")) {
|
|
21574
|
+
throw new MintError(
|
|
21575
|
+
"postman: re-mint failed because service accounts are not enabled for this team; enable them in Team Settings or use a team where they are.",
|
|
21576
|
+
true
|
|
21577
|
+
);
|
|
21578
|
+
}
|
|
21579
|
+
throw new MintError(`postman: re-mint failed (service-account-tokens HTTP ${status}).`, false);
|
|
21580
|
+
}
|
|
21581
|
+
let parsed;
|
|
21582
|
+
try {
|
|
21583
|
+
parsed = JSON.parse(body);
|
|
21584
|
+
} catch {
|
|
21585
|
+
parsed = void 0;
|
|
21586
|
+
}
|
|
21587
|
+
const token = extractAccessToken(parsed);
|
|
21588
|
+
if (!token) {
|
|
21589
|
+
throw new MintError("postman: re-mint succeeded but no access token was returned.", false);
|
|
21590
|
+
}
|
|
21591
|
+
return token;
|
|
21592
|
+
}
|
|
21593
|
+
};
|
|
21594
|
+
|
|
21484
21595
|
// src/lib/bifrost-client.ts
|
|
21485
21596
|
var DEFAULT_BIFROST_BASE_URL = POSTMAN_ENDPOINT_PROFILES.prod.bifrostBaseUrl;
|
|
21486
21597
|
var BIFROST_PROXY_PATH = "/ws/proxy";
|
|
@@ -21488,8 +21599,11 @@ var DEFAULT_OBSERVABILITY_BASE_URL = POSTMAN_ENDPOINT_PROFILES.prod.observabilit
|
|
|
21488
21599
|
var DEFAULT_OBSERVABILITY_ENV = POSTMAN_ENDPOINT_PROFILES.prod.observabilityEnv;
|
|
21489
21600
|
var MAX_DISCOVERED_SERVICE_PAGES = 100;
|
|
21490
21601
|
var MAX_PROVIDER_SERVICE_PAGES = 100;
|
|
21602
|
+
function isExpiredAuthError(status, body) {
|
|
21603
|
+
return status === 401 || body.includes("UNAUTHENTICATED") || body.includes("authenticationError");
|
|
21604
|
+
}
|
|
21491
21605
|
var BifrostCatalogClient = class {
|
|
21492
|
-
|
|
21606
|
+
tokenProvider;
|
|
21493
21607
|
teamId;
|
|
21494
21608
|
apiKey;
|
|
21495
21609
|
fetchFn;
|
|
@@ -21498,11 +21612,14 @@ var BifrostCatalogClient = class {
|
|
|
21498
21612
|
observabilityBaseUrl;
|
|
21499
21613
|
observabilityEnv;
|
|
21500
21614
|
constructor(options) {
|
|
21501
|
-
this.
|
|
21615
|
+
this.tokenProvider = options.tokenProvider ?? new AccessTokenProvider({
|
|
21616
|
+
accessToken: options.accessToken,
|
|
21617
|
+
apiKey: options.apiKey
|
|
21618
|
+
});
|
|
21502
21619
|
this.teamId = options.teamId;
|
|
21503
21620
|
this.apiKey = options.apiKey;
|
|
21504
21621
|
this.fetchFn = options.fetchFn ?? globalThis.fetch;
|
|
21505
|
-
this.secretValues = [
|
|
21622
|
+
this.secretValues = [this.tokenProvider.current(), options.apiKey].filter(Boolean);
|
|
21506
21623
|
const base = (options.bifrostBaseUrl || DEFAULT_BIFROST_BASE_URL).replace(/\/+$/, "");
|
|
21507
21624
|
this.bifrostProxyUrl = `${base}${BIFROST_PROXY_PATH}`;
|
|
21508
21625
|
this.observabilityBaseUrl = (options.observabilityBaseUrl || DEFAULT_OBSERVABILITY_BASE_URL).replace(/\/+$/, "");
|
|
@@ -21514,6 +21631,11 @@ var BifrostCatalogClient = class {
|
|
|
21514
21631
|
this.secretValues.push(apiKey);
|
|
21515
21632
|
}
|
|
21516
21633
|
}
|
|
21634
|
+
registerAccessToken(token) {
|
|
21635
|
+
if (token && !this.secretValues.includes(token)) {
|
|
21636
|
+
this.secretValues.push(token);
|
|
21637
|
+
}
|
|
21638
|
+
}
|
|
21517
21639
|
/**
|
|
21518
21640
|
* Build Bifrost proxy headers.
|
|
21519
21641
|
* x-entity-team-id is ONLY included when teamId is present (org-mode tokens).
|
|
@@ -21521,7 +21643,7 @@ var BifrostCatalogClient = class {
|
|
|
21521
21643
|
*/
|
|
21522
21644
|
headers() {
|
|
21523
21645
|
const h = {
|
|
21524
|
-
"x-access-token": this.
|
|
21646
|
+
"x-access-token": this.tokenProvider.current(),
|
|
21525
21647
|
"Content-Type": "application/json"
|
|
21526
21648
|
};
|
|
21527
21649
|
if (this.teamId) {
|
|
@@ -21537,7 +21659,7 @@ var BifrostCatalogClient = class {
|
|
|
21537
21659
|
const session = getMemoizedSessionIdentity();
|
|
21538
21660
|
return {
|
|
21539
21661
|
operation,
|
|
21540
|
-
hasAccessToken: Boolean(this.
|
|
21662
|
+
hasAccessToken: Boolean(this.tokenProvider.current()),
|
|
21541
21663
|
sessionTeamId: session?.teamId,
|
|
21542
21664
|
sessionRoles: session?.roles,
|
|
21543
21665
|
sessionConsumerType: session?.consumerType,
|
|
@@ -21546,7 +21668,7 @@ var BifrostCatalogClient = class {
|
|
|
21546
21668
|
};
|
|
21547
21669
|
}
|
|
21548
21670
|
async proxyRequest(method, path6, body = {}, operation = "api-catalog request") {
|
|
21549
|
-
const
|
|
21671
|
+
const send2 = async () => this.fetchFn(this.bifrostProxyUrl, {
|
|
21550
21672
|
method: "POST",
|
|
21551
21673
|
headers: this.headers(),
|
|
21552
21674
|
body: JSON.stringify({
|
|
@@ -21556,6 +21678,39 @@ var BifrostCatalogClient = class {
|
|
|
21556
21678
|
body
|
|
21557
21679
|
})
|
|
21558
21680
|
});
|
|
21681
|
+
let response = await send2();
|
|
21682
|
+
if (!response.ok) {
|
|
21683
|
+
const bodyText = await response.text().catch(() => "");
|
|
21684
|
+
if (isExpiredAuthError(response.status, bodyText) && this.tokenProvider.canRefresh()) {
|
|
21685
|
+
try {
|
|
21686
|
+
const refreshed = await this.tokenProvider.refresh();
|
|
21687
|
+
this.registerAccessToken(refreshed);
|
|
21688
|
+
response = await send2();
|
|
21689
|
+
} catch {
|
|
21690
|
+
const httpErr = await HttpError.fromResponse(
|
|
21691
|
+
new Response(bodyText, { status: response.status, headers: response.headers }),
|
|
21692
|
+
{
|
|
21693
|
+
method: "POST",
|
|
21694
|
+
url: `bifrost:api-catalog:${method} ${path6}`,
|
|
21695
|
+
secretValues: this.secretValues
|
|
21696
|
+
}
|
|
21697
|
+
);
|
|
21698
|
+
const advised = adviseFromHttpError(httpErr, this.adviceContext(operation));
|
|
21699
|
+
throw advised ?? httpErr;
|
|
21700
|
+
}
|
|
21701
|
+
} else {
|
|
21702
|
+
const httpErr = await HttpError.fromResponse(
|
|
21703
|
+
new Response(bodyText, { status: response.status, headers: response.headers }),
|
|
21704
|
+
{
|
|
21705
|
+
method: "POST",
|
|
21706
|
+
url: `bifrost:api-catalog:${method} ${path6}`,
|
|
21707
|
+
secretValues: this.secretValues
|
|
21708
|
+
}
|
|
21709
|
+
);
|
|
21710
|
+
const advised = adviseFromHttpError(httpErr, this.adviceContext(operation));
|
|
21711
|
+
throw advised ?? httpErr;
|
|
21712
|
+
}
|
|
21713
|
+
}
|
|
21559
21714
|
if (!response.ok) {
|
|
21560
21715
|
const httpErr = await HttpError.fromResponse(response, {
|
|
21561
21716
|
method: "POST",
|
|
@@ -21578,7 +21733,7 @@ var BifrostCatalogClient = class {
|
|
|
21578
21733
|
return data;
|
|
21579
21734
|
}
|
|
21580
21735
|
async akitaProxyRequest(method, path6, body = {}, operation = "Insights request") {
|
|
21581
|
-
const
|
|
21736
|
+
const send2 = async () => this.fetchFn(this.bifrostProxyUrl, {
|
|
21582
21737
|
method: "POST",
|
|
21583
21738
|
headers: this.headers(),
|
|
21584
21739
|
body: JSON.stringify({
|
|
@@ -21588,8 +21743,30 @@ var BifrostCatalogClient = class {
|
|
|
21588
21743
|
body
|
|
21589
21744
|
})
|
|
21590
21745
|
});
|
|
21746
|
+
let response = await send2();
|
|
21591
21747
|
if (!response.ok) {
|
|
21592
21748
|
const text = await response.text().catch(() => "");
|
|
21749
|
+
if (isExpiredAuthError(response.status, text) && this.tokenProvider.canRefresh()) {
|
|
21750
|
+
try {
|
|
21751
|
+
const refreshed = await this.tokenProvider.refresh();
|
|
21752
|
+
this.registerAccessToken(refreshed);
|
|
21753
|
+
response = await send2();
|
|
21754
|
+
if (response.ok) {
|
|
21755
|
+
const data2 = await response.json();
|
|
21756
|
+
return { ok: true, status: response.status, data: data2, errorText: "" };
|
|
21757
|
+
}
|
|
21758
|
+
const retryText = await response.text().catch(() => "");
|
|
21759
|
+
const advised2 = adviseFromBifrostBody(response.status, retryText, this.adviceContext(operation));
|
|
21760
|
+
const errorText2 = advised2 ? retryText ? `${retryText}
|
|
21761
|
+
${advised2.message}` : advised2.message : retryText;
|
|
21762
|
+
return { ok: false, status: response.status, data: null, errorText: errorText2 };
|
|
21763
|
+
} catch {
|
|
21764
|
+
const advised2 = adviseFromBifrostBody(response.status, text, this.adviceContext(operation));
|
|
21765
|
+
const errorText2 = advised2 ? text ? `${text}
|
|
21766
|
+
${advised2.message}` : advised2.message : text;
|
|
21767
|
+
return { ok: false, status: response.status, data: null, errorText: errorText2 };
|
|
21768
|
+
}
|
|
21769
|
+
}
|
|
21593
21770
|
const advised = adviseFromBifrostBody(response.status, text, this.adviceContext(operation));
|
|
21594
21771
|
const errorText = advised ? text ? `${text}
|
|
21595
21772
|
${advised.message}` : advised.message : text;
|
|
@@ -21688,12 +21865,19 @@ ${advised.message}` : advised.message : text;
|
|
|
21688
21865
|
}
|
|
21689
21866
|
page++;
|
|
21690
21867
|
}
|
|
21691
|
-
|
|
21692
|
-
|
|
21693
|
-
|
|
21694
|
-
|
|
21695
|
-
|
|
21696
|
-
|
|
21868
|
+
if (clusterName) {
|
|
21869
|
+
const fullName = `${clusterName}/${projectName}`;
|
|
21870
|
+
const exactMatch = allServices.find((s) => s.name === fullName);
|
|
21871
|
+
return exactMatch?.id || null;
|
|
21872
|
+
}
|
|
21873
|
+
const finalSegmentMatch = allServices.find(
|
|
21874
|
+
(s) => getFinalServiceSegment(s.name) === projectName
|
|
21875
|
+
);
|
|
21876
|
+
if (finalSegmentMatch) return finalSegmentMatch.id;
|
|
21877
|
+
const bracketedMatch = allServices.find(
|
|
21878
|
+
(s) => getFinalServiceSegment(s.name).includes(`[${projectName}]`)
|
|
21879
|
+
);
|
|
21880
|
+
return bracketedMatch?.id || null;
|
|
21697
21881
|
}
|
|
21698
21882
|
async acknowledgeOnboarding(providerServiceId, workspaceId, systemEnvironmentId) {
|
|
21699
21883
|
const result = await this.akitaProxyRequest(
|
|
@@ -21723,6 +21907,14 @@ ${advised.message}` : advised.message : text;
|
|
|
21723
21907
|
throw new Error(`Workspace acknowledge failed: ${result.status} ${result.errorText}`);
|
|
21724
21908
|
}
|
|
21725
21909
|
}
|
|
21910
|
+
// PMAK-only by proven exception. A live probe against the observability
|
|
21911
|
+
// application-binding endpoint (POST /v2/agent/api-catalog/workspaces/:id/
|
|
21912
|
+
// applications) showed x-access-token is rejected identically to the x-api-key
|
|
21913
|
+
// control: both return 401 {"message":"Postman User not found"} for a
|
|
21914
|
+
// service-account credential, because the observability service has no
|
|
21915
|
+
// "Postman User" for a service account. The access token offers no improvement
|
|
21916
|
+
// over the API key here, so this route is not migrated to access-token-primary
|
|
21917
|
+
// (the suite-wide migration explicitly leaves probe-failed routes on PMAK).
|
|
21726
21918
|
async createApplication(workspaceId, systemEnv) {
|
|
21727
21919
|
const response = await this.fetchFn(
|
|
21728
21920
|
`${this.observabilityBaseUrl}/v2/agent/api-catalog/workspaces/${workspaceId}/applications`,
|
|
@@ -21790,7 +21982,17 @@ function findDiscoveredService(services, projectName, clusterName) {
|
|
|
21790
21982
|
const fullName = `${clusterName}/${projectName}`;
|
|
21791
21983
|
return services.find((s) => s.name === fullName);
|
|
21792
21984
|
}
|
|
21793
|
-
|
|
21985
|
+
const finalSegmentMatch = services.find(
|
|
21986
|
+
(service) => getFinalServiceSegment(service.name) === projectName
|
|
21987
|
+
);
|
|
21988
|
+
if (finalSegmentMatch) return finalSegmentMatch;
|
|
21989
|
+
return services.find(
|
|
21990
|
+
(service) => getFinalServiceSegment(service.name).includes(`[${projectName}]`)
|
|
21991
|
+
);
|
|
21992
|
+
}
|
|
21993
|
+
function getFinalServiceSegment(serviceName) {
|
|
21994
|
+
const lastSlash = serviceName.lastIndexOf("/");
|
|
21995
|
+
return lastSlash === -1 ? serviceName : serviceName.slice(lastSlash + 1);
|
|
21794
21996
|
}
|
|
21795
21997
|
|
|
21796
21998
|
// node_modules/@postman-cse/automation-telemetry-core/dist/ci-context.js
|
|
@@ -21798,7 +22000,65 @@ function norm(value) {
|
|
|
21798
22000
|
const trimmed = (value ?? "").trim();
|
|
21799
22001
|
return trimmed.length > 0 ? trimmed : void 0;
|
|
21800
22002
|
}
|
|
22003
|
+
function detectEventTrigger(env = process.env) {
|
|
22004
|
+
const ghEvent = norm(env.GITHUB_EVENT_NAME)?.toLowerCase();
|
|
22005
|
+
if (ghEvent) {
|
|
22006
|
+
if (ghEvent === "push")
|
|
22007
|
+
return "push";
|
|
22008
|
+
if (ghEvent === "pull_request" || ghEvent === "pull_request_target")
|
|
22009
|
+
return "pull_request";
|
|
22010
|
+
if (ghEvent === "schedule")
|
|
22011
|
+
return "schedule";
|
|
22012
|
+
if (ghEvent === "workflow_dispatch" || ghEvent === "repository_dispatch")
|
|
22013
|
+
return "manual";
|
|
22014
|
+
return "other";
|
|
22015
|
+
}
|
|
22016
|
+
const glSource = norm(env.CI_PIPELINE_SOURCE)?.toLowerCase();
|
|
22017
|
+
if (glSource) {
|
|
22018
|
+
if (glSource === "push")
|
|
22019
|
+
return "push";
|
|
22020
|
+
if (glSource === "merge_request_event")
|
|
22021
|
+
return "pull_request";
|
|
22022
|
+
if (glSource === "schedule")
|
|
22023
|
+
return "schedule";
|
|
22024
|
+
if (glSource === "web" || glSource === "api" || glSource === "trigger" || glSource === "pipeline") {
|
|
22025
|
+
return "manual";
|
|
22026
|
+
}
|
|
22027
|
+
return "other";
|
|
22028
|
+
}
|
|
22029
|
+
if (norm(env.BITBUCKET_PR_ID))
|
|
22030
|
+
return "pull_request";
|
|
22031
|
+
if (norm(env.CI) || norm(env.BUILD_BUILDID) || norm(env.JENKINS_URL) || norm(env.TEAMCITY_VERSION)) {
|
|
22032
|
+
return "other";
|
|
22033
|
+
}
|
|
22034
|
+
return "unknown";
|
|
22035
|
+
}
|
|
22036
|
+
function detectRunnerOs(env = process.env) {
|
|
22037
|
+
const runnerOs = norm(env.RUNNER_OS)?.toLowerCase();
|
|
22038
|
+
if (runnerOs === "linux")
|
|
22039
|
+
return "linux";
|
|
22040
|
+
if (runnerOs === "macos")
|
|
22041
|
+
return "macos";
|
|
22042
|
+
if (runnerOs === "windows")
|
|
22043
|
+
return "windows";
|
|
22044
|
+
const platform2 = typeof process !== "undefined" ? process.platform : void 0;
|
|
22045
|
+
if (platform2 === "linux")
|
|
22046
|
+
return "linux";
|
|
22047
|
+
if (platform2 === "darwin")
|
|
22048
|
+
return "macos";
|
|
22049
|
+
if (platform2 === "win32")
|
|
22050
|
+
return "windows";
|
|
22051
|
+
return "unknown";
|
|
22052
|
+
}
|
|
21801
22053
|
function detectCiContext(env = process.env) {
|
|
22054
|
+
const provider = detectCiProviderContext(env);
|
|
22055
|
+
return {
|
|
22056
|
+
...provider,
|
|
22057
|
+
eventTrigger: detectEventTrigger(env),
|
|
22058
|
+
runnerOs: detectRunnerOs(env)
|
|
22059
|
+
};
|
|
22060
|
+
}
|
|
22061
|
+
function detectCiProviderContext(env = process.env) {
|
|
21802
22062
|
if (norm(env.GITHUB_ACTIONS)) {
|
|
21803
22063
|
const runnerEnv = norm(env.RUNNER_ENVIRONMENT);
|
|
21804
22064
|
const runnerKind = runnerEnv === "github-hosted" ? "hosted" : runnerEnv === "self-hosted" ? "self-hosted" : "unknown";
|
|
@@ -21936,25 +22196,49 @@ function parseProvider(explicitProvider, repoUrl, env) {
|
|
|
21936
22196
|
}
|
|
21937
22197
|
return "unknown";
|
|
21938
22198
|
}
|
|
22199
|
+
function classifyRefKind(env = process.env) {
|
|
22200
|
+
const githubRefType = normalize(env.GITHUB_REF_TYPE)?.toLowerCase();
|
|
22201
|
+
const githubRef = normalize(env.GITHUB_REF);
|
|
22202
|
+
const azureRef = normalize(env.BUILD_SOURCEBRANCH);
|
|
22203
|
+
if (githubRefType === "tag" || githubRef?.startsWith("refs/tags/") || normalize(env.CI_COMMIT_TAG) || normalize(env.BITBUCKET_TAG) || azureRef?.startsWith("refs/tags/")) {
|
|
22204
|
+
return "tag";
|
|
22205
|
+
}
|
|
22206
|
+
const githubRefName = normalize(env.GITHUB_REF_NAME);
|
|
22207
|
+
const githubDefault = normalize(env.GITHUB_DEFAULT_BRANCH);
|
|
22208
|
+
if (githubRefName && githubDefault) {
|
|
22209
|
+
return githubRefName === githubDefault ? "default-branch" : "branch";
|
|
22210
|
+
}
|
|
22211
|
+
const gitlabRef = normalize(env.CI_COMMIT_REF_NAME);
|
|
22212
|
+
const gitlabDefault = normalize(env.CI_DEFAULT_BRANCH);
|
|
22213
|
+
if (gitlabRef && gitlabDefault) {
|
|
22214
|
+
return gitlabRef === gitlabDefault ? "default-branch" : "branch";
|
|
22215
|
+
}
|
|
22216
|
+
if (githubRefName || githubRef?.startsWith("refs/heads/") || gitlabRef || normalize(env.BITBUCKET_BRANCH) || normalize(env.BUILD_SOURCEBRANCHNAME) || azureRef?.startsWith("refs/heads/")) {
|
|
22217
|
+
return "branch";
|
|
22218
|
+
}
|
|
22219
|
+
return "unknown";
|
|
22220
|
+
}
|
|
21939
22221
|
function detectRepoContext(input, env = process.env) {
|
|
21940
22222
|
const repoUrl = normalizeRepoUrl(input.repoUrl) ?? normalizeRepoUrl(env.GITHUB_SERVER_URL && env.GITHUB_REPOSITORY ? `${env.GITHUB_SERVER_URL}/${env.GITHUB_REPOSITORY}` : void 0) ?? normalizeRepoUrl(env.CI_PROJECT_URL) ?? normalizeRepoUrl(env.BITBUCKET_GIT_HTTP_ORIGIN) ?? normalizeRepoUrl(env.BUILD_REPOSITORY_URI);
|
|
21941
22223
|
const repoSlug = normalize(input.repoSlug) ?? normalize(env.GITHUB_REPOSITORY) ?? normalize(env.CI_PROJECT_PATH) ?? (env.BITBUCKET_WORKSPACE && env.BITBUCKET_REPO_SLUG ? normalize(`${env.BITBUCKET_WORKSPACE}/${env.BITBUCKET_REPO_SLUG}`) : void 0) ?? normalize(env.BUILD_REPOSITORY_NAME);
|
|
21942
22224
|
const ref = normalize(input.ref) ?? normalize(env.GITHUB_REF_NAME) ?? normalize(env.CI_COMMIT_REF_NAME) ?? normalize(env.BITBUCKET_BRANCH) ?? normalize(env.BUILD_SOURCEBRANCHNAME);
|
|
21943
22225
|
const sha = normalize(input.sha) ?? normalize(env.GITHUB_SHA) ?? normalize(env.CI_COMMIT_SHA) ?? normalize(env.BITBUCKET_COMMIT) ?? normalize(env.BUILD_SOURCEVERSION);
|
|
21944
22226
|
const provider = parseProvider(input.gitProvider, repoUrl, env);
|
|
22227
|
+
const refKind = classifyRefKind(env);
|
|
21945
22228
|
return {
|
|
21946
22229
|
provider,
|
|
21947
22230
|
repoUrl,
|
|
21948
22231
|
repoSlug,
|
|
21949
22232
|
ref,
|
|
21950
|
-
sha
|
|
22233
|
+
sha,
|
|
22234
|
+
refKind
|
|
21951
22235
|
};
|
|
21952
22236
|
}
|
|
21953
22237
|
|
|
21954
22238
|
// node_modules/@postman-cse/automation-telemetry-core/dist/telemetry.js
|
|
21955
22239
|
var import_node_crypto = require("node:crypto");
|
|
21956
22240
|
var import_undici2 = __toESM(require_undici(), 1);
|
|
21957
|
-
var SCHEMA_VERSION =
|
|
22241
|
+
var SCHEMA_VERSION = 3;
|
|
21958
22242
|
var DEFAULT_TIMEOUT_MS = 1500;
|
|
21959
22243
|
var DEFAULT_ENDPOINT = "https://events.pm-cse.dev/v1/events";
|
|
21960
22244
|
var proxyDispatcher;
|
|
@@ -21965,7 +22249,7 @@ function resolveActionVersion(explicit) {
|
|
|
21965
22249
|
if (explicit) {
|
|
21966
22250
|
return explicit;
|
|
21967
22251
|
}
|
|
21968
|
-
return "
|
|
22252
|
+
return "2.0.0" ? "2.0.0" : "unknown";
|
|
21969
22253
|
}
|
|
21970
22254
|
function telemetryDisabled(env) {
|
|
21971
22255
|
const flag = String(env.POSTMAN_ACTIONS_TELEMETRY ?? "").trim().toLowerCase();
|
|
@@ -21994,7 +22278,7 @@ function maybeNotice(logger) {
|
|
|
21994
22278
|
return;
|
|
21995
22279
|
}
|
|
21996
22280
|
noticeShown = true;
|
|
21997
|
-
logger.info("note: postman-actions sends anonymous usage data (team id, action, CI provider, account type). Disable with POSTMAN_ACTIONS_TELEMETRY=off or DO_NOT_TRACK=1.");
|
|
22281
|
+
logger.info("note: postman-actions sends anonymous usage data (team id, action, CI provider, account type, run trigger, runner OS). Disable with POSTMAN_ACTIONS_TELEMETRY=off or DO_NOT_TRACK=1.");
|
|
21998
22282
|
}
|
|
21999
22283
|
function buildTelemetryEvent(params) {
|
|
22000
22284
|
const { action, actionVersion, teamId, accountType, outcome, env, now } = params;
|
|
@@ -22016,6 +22300,9 @@ function buildTelemetryEvent(params) {
|
|
|
22016
22300
|
repo_id: repoSource ? sha256(repoSource) : void 0,
|
|
22017
22301
|
org_id: owner ? sha256(owner) : void 0,
|
|
22018
22302
|
account_type: accountType,
|
|
22303
|
+
event_trigger: ci.eventTrigger,
|
|
22304
|
+
runner_os: ci.runnerOs,
|
|
22305
|
+
ref_kind: repo.refKind,
|
|
22019
22306
|
outcome,
|
|
22020
22307
|
ts: now()
|
|
22021
22308
|
};
|
|
@@ -22351,19 +22638,39 @@ async function resolveApiKeyAndTeamId(inputs, client, reporter = core_exports) {
|
|
|
22351
22638
|
}
|
|
22352
22639
|
return { apiKey, teamId: resolvedTeamId, pmakIdentity };
|
|
22353
22640
|
}
|
|
22354
|
-
async function runCredentialPreflightForInputs(inputs, pmak, reporter, fetchImpl) {
|
|
22641
|
+
async function runCredentialPreflightForInputs(inputs, pmak, reporter, fetchImpl, liveAccessToken) {
|
|
22642
|
+
const accessToken = liveAccessToken ?? inputs.postmanAccessToken;
|
|
22355
22643
|
await runCredentialPreflight({
|
|
22356
22644
|
apiBaseUrl: inputs.postmanApiBase || DEFAULT_POSTMAN_API_BASE,
|
|
22357
22645
|
iapubBaseUrl: inputs.postmanIapubBase || DEFAULT_POSTMAN_IAPUB_BASE,
|
|
22358
22646
|
pmak,
|
|
22359
|
-
postmanAccessToken:
|
|
22647
|
+
postmanAccessToken: accessToken,
|
|
22360
22648
|
explicitTeamId: inputs.postmanTeamId || void 0,
|
|
22361
22649
|
mode: inputs.credentialPreflight,
|
|
22362
|
-
mask: createSecretMasker([inputs.postmanApiKey,
|
|
22650
|
+
mask: createSecretMasker([inputs.postmanApiKey, accessToken]),
|
|
22363
22651
|
log: reporter,
|
|
22364
22652
|
fetchImpl
|
|
22365
22653
|
});
|
|
22366
22654
|
}
|
|
22655
|
+
function createInsightsTokenProvider(inputs, reporter, apiKey = inputs.postmanApiKey) {
|
|
22656
|
+
return new AccessTokenProvider({
|
|
22657
|
+
accessToken: inputs.postmanAccessToken,
|
|
22658
|
+
apiKey,
|
|
22659
|
+
apiBaseUrl: inputs.postmanApiBase || DEFAULT_POSTMAN_API_BASE,
|
|
22660
|
+
onToken: (token) => reporter.setSecret(token)
|
|
22661
|
+
});
|
|
22662
|
+
}
|
|
22663
|
+
function createInsightsBifrostClient(inputs, tokenProvider, teamId, apiKey) {
|
|
22664
|
+
return new BifrostCatalogClient({
|
|
22665
|
+
tokenProvider,
|
|
22666
|
+
accessToken: tokenProvider.current(),
|
|
22667
|
+
teamId,
|
|
22668
|
+
apiKey,
|
|
22669
|
+
bifrostBaseUrl: inputs.postmanBifrostBase,
|
|
22670
|
+
observabilityBaseUrl: inputs.postmanObservabilityBase,
|
|
22671
|
+
observabilityEnv: inputs.postmanObservabilityEnv
|
|
22672
|
+
});
|
|
22673
|
+
}
|
|
22367
22674
|
async function runAction() {
|
|
22368
22675
|
const inputs = resolveInputs();
|
|
22369
22676
|
const planned = createPlannedOutputs(inputs);
|
|
@@ -22373,28 +22680,32 @@ async function runAction() {
|
|
|
22373
22680
|
setSecret(inputs.postmanAccessToken);
|
|
22374
22681
|
if (inputs.postmanApiKey) setSecret(inputs.postmanApiKey);
|
|
22375
22682
|
if (inputs.githubToken) setSecret(inputs.githubToken);
|
|
22376
|
-
const
|
|
22377
|
-
|
|
22378
|
-
|
|
22379
|
-
|
|
22380
|
-
|
|
22381
|
-
|
|
22382
|
-
|
|
22383
|
-
});
|
|
22683
|
+
const tokenProvider = createInsightsTokenProvider(inputs, core_exports);
|
|
22684
|
+
const preliminaryClient = createInsightsBifrostClient(
|
|
22685
|
+
inputs,
|
|
22686
|
+
tokenProvider,
|
|
22687
|
+
inputs.postmanTeamId,
|
|
22688
|
+
inputs.postmanApiKey
|
|
22689
|
+
);
|
|
22384
22690
|
const { apiKey, teamId, pmakIdentity } = await resolveApiKeyAndTeamId(inputs, preliminaryClient, core_exports);
|
|
22691
|
+
const activeTokenProvider = apiKey !== inputs.postmanApiKey ? new AccessTokenProvider({
|
|
22692
|
+
accessToken: tokenProvider.current(),
|
|
22693
|
+
apiKey,
|
|
22694
|
+
apiBaseUrl: inputs.postmanApiBase || DEFAULT_POSTMAN_API_BASE,
|
|
22695
|
+
onToken: (token) => setSecret(token)
|
|
22696
|
+
}) : tokenProvider;
|
|
22385
22697
|
const telemetry = createTelemetryContext({ action: "postman-insights-onboarding-action", logger: core_exports });
|
|
22386
22698
|
telemetry.setTeamId(inputs.postmanTeamId || pmakIdentity?.teamId);
|
|
22387
22699
|
let result;
|
|
22388
22700
|
try {
|
|
22389
|
-
await runCredentialPreflightForInputs(
|
|
22390
|
-
|
|
22391
|
-
|
|
22392
|
-
|
|
22393
|
-
|
|
22394
|
-
|
|
22395
|
-
|
|
22396
|
-
|
|
22397
|
-
});
|
|
22701
|
+
await runCredentialPreflightForInputs(
|
|
22702
|
+
inputs,
|
|
22703
|
+
pmakIdentity,
|
|
22704
|
+
core_exports,
|
|
22705
|
+
void 0,
|
|
22706
|
+
activeTokenProvider.current()
|
|
22707
|
+
);
|
|
22708
|
+
const client = createInsightsBifrostClient(inputs, activeTokenProvider, teamId, apiKey);
|
|
22398
22709
|
result = await runOnboarding(inputs, client, sleep, core_exports);
|
|
22399
22710
|
} catch (error2) {
|
|
22400
22711
|
const message = error2 instanceof Error ? error2.message : String(error2);
|