npm - @stacksjs/ts-cloud - Versions diffs - 0.2.18 → 0.2.20 - Mend

@stacksjs/ts-cloud 0.2.18 → 0.2.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/bin/cli.js +745 -745
package/dist/drivers/hetzner/client.d.ts +12 -0
package/dist/drivers/hetzner/driver.d.ts +9 -0
package/dist/index.js +41 -5
package/package.json +3 -3

package/dist/drivers/hetzner/client.d.ts CHANGED Viewed

@@ -86,6 +86,11 @@ export interface CreateFirewallOptions {
         server: number;
     }>;
 }
+export interface CreateSshKeyOptions {
+    name: string;
+    publicKey: string;
+    labels?: Record<string, string>;
+}
 export interface HetznerClientOptions {
     apiToken: string;
     baseUrl?: string;
@@ -115,6 +120,7 @@ export declare class HetznerClient {
         server: number;
     }>): Promise<HetznerAction[]>;
     listSshKeys(): Promise<HetznerSshKey[]>;
+    createSshKey(options: CreateSshKeyOptions): Promise<HetznerSshKey>;
     waitForAction(actionId: number, options?: {
         pollIntervalMs?: number;
         maxWaitMs?: number;
@@ -125,3 +131,9 @@ export declare class HetznerClient {
     }): Promise<HetznerServer>;
 }
 export declare function resolveHetznerApiToken(configToken?: string): string;
+/**
+ * Normalize an OpenSSH public key to its `<type> <base64>` body, dropping the
+ * trailing comment. Lets us match a local key against keys already registered
+ * in the Hetzner project regardless of differing comments/whitespace.
+ */
+export declare function normalizeSshPublicKey(publicKey: string): string;

package/dist/drivers/hetzner/driver.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { HetznerClient } from './client';
 export interface HetznerDriverOptions {
     apiToken?: string;
     sshPrivateKeyPath?: string;
+    sshPublicKeyPath?: string;
     sshUser?: string;
     location?: string;
     client?: HetznerClient;
@@ -12,6 +13,7 @@ export declare class HetznerDriver implements CloudDriver {
     readonly usesCloudFormation = false;
     private client;
     private sshPrivateKeyPath;
+    private sshPublicKeyPath;
     private sshUser;
     private location;
     constructor(options?: HetznerDriverOptions);
@@ -20,6 +22,13 @@ export declare class HetznerDriver implements CloudDriver {
     uploadRelease(options: UploadReleaseOptions): Promise<UploadReleaseResult>;
     findComputeTargets(options: FindComputeTargetsOptions): Promise<ComputeTarget[]>;
     runRemoteDeploy(options: RunRemoteDeployOptions): Promise<RemoteDeployResult>;
+    /**
+     * Ensure the local SSH public key is registered in the Hetzner project and
+     * return its id, so the freshly created server authorizes the same key the
+     * deploy step (SCP/SSH) uses. Without this, deploys fail with "Permission
+     * denied (publickey)" because the server has no authorized keys.
+     */
+    private ensureSshKey;
     private outputsFromState;
     private sshBaseArgs;
     private scpToHost;

package/dist/index.js CHANGED Viewed

@@ -2041,12 +2041,12 @@ class S3Client2 {
         headers[`x-amz-meta-${key}`] = value;
       }
     }
+    const encodedKey = options.key.split("/").map((seg) => encodeURIComponent(seg)).join("/");
     const normalizedBody = options.body instanceof Uint8Array && !Buffer.isBuffer(options.body) ? Buffer.from(options.body) : options.body;
     if (Buffer.isBuffer(normalizedBody) || normalizedBody instanceof Uint8Array) {
       const binaryBody = Buffer.isBuffer(normalizedBody) ? normalizedBody : Buffer.from(normalizedBody);
       const { accessKeyId, secretAccessKey, sessionToken } = this.getCredentials();
       const host = this.s3VirtualHost(options.bucket);
-      const encodedKey = options.key.split("/").map((seg) => encodeURIComponent(seg)).join("/");
       const url = `https://${host}/${encodedKey}`;
       const now = new Date;
       const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, "");
@@ -2106,18 +2106,19 @@ class S3Client2 {
       service: "s3",
       region: this.region,
       method: "PUT",
-      path: `/${options.key}`,
+      path: `/${encodedKey}`,
       bucket: options.bucket,
       headers,
       body: options.body
     });
   }
   async getObject(bucket, key) {
+    const encodedKey = key.split("/").map((seg) => encodeURIComponent(seg)).join("/");
     const result = await this.client.request({
       service: "s3",
       region: this.region,
       method: "GET",
-      path: `/${bucket}/${key}`,
+      path: `/${bucket}/${encodedKey}`,
       rawResponse: true
     });
     return result;
@@ -2146,11 +2147,12 @@ class S3Client2 {
     });
   }
   async deleteObject(bucket, key) {
+    const encodedKey = key.split("/").map((seg) => encodeURIComponent(seg)).join("/");
     await this.client.request({
       service: "s3",
       region: this.region,
       method: "DELETE",
-      path: `/${bucket}/${key}`
+      path: `/${bucket}/${encodedKey}`
     });
   }
   async deleteObjects(bucket, keys) {
@@ -81151,6 +81153,7 @@ class AwsDriver {
 }
 // src/drivers/hetzner/driver.ts
+import { existsSync as existsSync17, readFileSync as readFileSync10 } from "node:fs";
 import { homedir as homedir7 } from "node:os";
 import { join as join13 } from "node:path";
 import { execSync } from "node:child_process";
@@ -81277,6 +81280,14 @@ class HetznerClient {
     const data = await this.request("GET", "/ssh_keys");
     return data.ssh_keys;
   }
+  async createSshKey(options) {
+    const data = await this.request("POST", "/ssh_keys", {
+      name: options.name,
+      public_key: options.publicKey,
+      labels: options.labels
+    });
+    return data.ssh_key;
+  }
   async waitForAction(actionId, options) {
     const pollInterval = options?.pollIntervalMs ?? 2000;
     const maxWait = options?.maxWaitMs ?? 300000;
@@ -81312,6 +81323,10 @@ function resolveHetznerApiToken(configToken) {
   }
   return token;
 }
+function normalizeSshPublicKey(publicKey) {
+  const [type, body] = publicKey.trim().split(/\s+/);
+  return body ? `${type} ${body}` : type;
+}
 // src/drivers/hetzner/cloud-init.ts
 function generateUbuntuAppCloudInit(options = {}) {
@@ -81510,6 +81525,7 @@ class HetznerDriver {
   usesCloudFormation = false;
   client;
   sshPrivateKeyPath;
+  sshPublicKeyPath;
   sshUser;
   location;
   constructor(options = {}) {
@@ -81517,6 +81533,7 @@ class HetznerDriver {
       apiToken: resolveHetznerApiToken(options.apiToken)
     });
     this.sshPrivateKeyPath = expandHome(options.sshPrivateKeyPath || process.env.HCLOUD_SSH_KEY || "~/.ssh/id_ed25519");
+    this.sshPublicKeyPath = expandHome(options.sshPublicKeyPath || process.env.HCLOUD_SSH_PUBLIC_KEY || `${this.sshPrivateKeyPath}.pub`);
     this.sshUser = options.sshUser || process.env.HCLOUD_SSH_USER || "root";
     this.location = options.location || process.env.HCLOUD_LOCATION || "fsn1";
   }
@@ -81555,10 +81572,11 @@ class HetznerDriver {
       name: firewallName,
       labels,
       rules: buildHetznerFirewallRules({
-        allowSsh: compute.allowSsh,
+        allowSsh: compute.allowSsh !== false,
         sitePorts
       })
     });
+    const sshKeyId = await this.ensureSshKey(slug, environment, labels);
     const { server, action } = await this.client.createServer({
       name: serverName,
       serverType,
@@ -81566,6 +81584,7 @@ class HetznerDriver {
       location: config6.hetzner?.location || this.location,
       userData,
       labels,
+      sshKeys: sshKeyId ? [sshKeyId] : undefined,
       firewalls: [{ firewall: firewall.id }]
     });
     await this.client.waitForAction(action.id);
@@ -81670,6 +81689,23 @@ class HetznerDriver {
       error: success ? undefined : "One or more SSH deploy commands failed"
     };
   }
+  async ensureSshKey(slug, environment, labels) {
+    if (!existsSync17(this.sshPublicKeyPath)) {
+      throw new Error(`SSH public key not found at ${this.sshPublicKeyPath}. ts-cloud deploys to Hetzner over SSH and needs a public key to authorize on the server. ` + `Generate one (\`ssh-keygen -t ed25519\`) or set hetzner.sshPrivateKeyPath / HCLOUD_SSH_PUBLIC_KEY.`);
+    }
+    const publicKey = readFileSync10(this.sshPublicKeyPath, "utf8").trim();
+    const normalized = normalizeSshPublicKey(publicKey);
+    const existing = await this.client.listSshKeys();
+    const match = existing.find((key) => normalizeSshPublicKey(key.public_key) === normalized);
+    if (match)
+      return match.id;
+    const created = await this.client.createSshKey({
+      name: `${slug}-${environment}-deploy`,
+      publicKey,
+      labels
+    });
+    return created.id;
+  }
   outputsFromState(state, server) {
     return {
       deployStoragePath: state.deployStoragePath || "/var/ts-cloud/staging",

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@stacksjs/ts-cloud",
   "type": "module",
-  "version": "0.2.18",
+  "version": "0.2.20",
   "description": "A lightweight, performant infrastructure-as-code library and CLI for deploying both server-based (EC2) and serverless applications.",
   "author": "Chris Breuer <chris@stacksjs.com>",
   "license": "MIT",
@@ -89,8 +89,8 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@ts-cloud/aws-types": "0.2.18",
-    "@ts-cloud/core": "0.2.18",
+    "@ts-cloud/aws-types": "0.2.20",
+    "@ts-cloud/core": "0.2.20",
     "@stacksjs/ts-xml": "^0.1.0"
   },
   "devDependencies": {