@tahminator/pipeline 1.0.27 → 1.0.28

package/dist/env/client.d.ts

@@ -0,0 +1,8 @@
+import { EnvClientStrategy, type EnvClientReadOpts } from "./types";
+export declare class EnvClient {
+    private readonly strategy;
+    private constructor();
+    static create(strategy: EnvClientStrategy): EnvClient;
+    readFromEnv(fileName: string, opts?: EnvClientReadOpts): Promise<Record<string, string>>;
+    private maskEnv;
+}

package/dist/env/client.js

@@ -0,0 +1,31 @@
+import { GitCryptEnvClientStrategy } from "./strategy/git-crypt";
+import { SopsEnvClientStrategy } from "./strategy/sops";
+import { EnvClientStrategy } from "./types";
+export class EnvClient {
+    strategy;
+    constructor(strategy) {
+        this.strategy = strategy;
+    }
+    static create(strategy) {
+        switch (strategy) {
+            case EnvClientStrategy.SOPS:
+                return new this(new SopsEnvClientStrategy());
+            case EnvClientStrategy.GIT_CRYPT:
+                return new this(new GitCryptEnvClientStrategy());
+        }
+    }
+    async readFromEnv(fileName, opts) {
+        return this.maskEnv(await this.strategy.readFromEnv(fileName, opts));
+    }
+    maskEnv(envs) {
+        for (const [varName, value] of envs.entries()) {
+            if (value === "true" || value === "false" || value === "") {
+                console.log(`Not masking ${varName}: true/false/empty value`);
+                continue;
+            }
+            console.log(`Masking ${varName}`);
+            console.log(`::add-mask::${value}`);
+        }
+        return Object.fromEntries(envs);
+    }
+}

package/dist/env/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./client";
+export * from "./types";

package/dist/env/index.js

@@ -0,0 +1,2 @@
+export * from "./client";
+export * from "./types";

package/dist/env/strategy/git-crypt.d.ts

@@ -0,0 +1,7 @@
+import type { EnvClientReadOpts } from "../types";
+import type { IEnvClientStrategy } from "./types";
+export declare class GitCryptEnvClientStrategy implements IEnvClientStrategy {
+    isGitCryptUnlocked: boolean;
+    constructor();
+    readFromEnv(fileName: string, opts?: EnvClientReadOpts): Promise<Map<string, string>>;
+}

package/dist/env/strategy/git-crypt.js

@@ -0,0 +1,44 @@
+import { $ } from "bun";
+export class GitCryptEnvClientStrategy {
+    // TODO: replace with a more robust solution
+    isGitCryptUnlocked = false;
+    constructor() { }
+    async readFromEnv(fileName, opts) {
+        const { baseDir = "" } = opts ?? {};
+        if (!this.isGitCryptUnlocked) {
+            await $ `git-crypt unlock`.nothrow();
+            this.isGitCryptUnlocked = true;
+        }
+        const loaded = new Map();
+        const path = baseDir ? `${baseDir}/${fileName}` : `${fileName}`;
+        const envFile = Bun.file(path);
+        if (await envFile.exists()) {
+            console.log(`Loading ${envFile.name}`);
+            const content = await envFile.text();
+            const lines = content.split("\n").filter((s) => s.length > 0);
+            for (const line of lines) {
+                const trimmed = line.trim();
+                if (!trimmed || trimmed.startsWith("#"))
+                    continue;
+                const match = (() => {
+                    const [key, ...rest] = trimmed.split("=");
+                    return [key, rest.join("=")];
+                })();
+                if (match.length === 2) {
+                    const [key, value] = match;
+                    const cleanKey = key.trim();
+                    let cleanValue = value.trim();
+                    if ((cleanValue.startsWith('"') && cleanValue.endsWith('"')) ||
+                        (cleanValue.startsWith("'") && cleanValue.endsWith("'"))) {
+                        cleanValue = cleanValue.slice(1, -1);
+                    }
+                    loaded.set(cleanKey, cleanValue);
+                }
+            }
+        }
+        else {
+            console.warn(`Warning: ${envFile.name} not found`);
+        }
+        return loaded;
+    }
+}

package/dist/env/strategy/index.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/env/strategy/sops.d.ts

@@ -0,0 +1,15 @@
+import type { EnvClientReadOpts } from "../types";
+import type { IEnvClientStrategy } from "./types";
+export declare class SopsEnvClientStrategy implements IEnvClientStrategy {
+    /**
+     * __NOTE: Only yaml files are currently supported.__
+     *
+     * @example
+     * ```yaml
+     *  GITHUB_APP_ID: abc123
+     *  GITHUB_INSTALLATION_ID: abc123
+     *  GITHUB_PEM_CONTENT: abc123
+     * ```
+     */
+    readFromEnv(fileName: string, opts?: EnvClientReadOpts): Promise<Map<string, string>>;
+}

package/dist/env/strategy/sops.js

@@ -0,0 +1,40 @@
+import { $ } from "bun";
+import yaml from "yaml";
+export class SopsEnvClientStrategy {
+    /**
+     * __NOTE: Only yaml files are currently supported.__
+     *
+     * @example
+     * ```yaml
+     *  GITHUB_APP_ID: abc123
+     *  GITHUB_INSTALLATION_ID: abc123
+     *  GITHUB_PEM_CONTENT: abc123
+     * ```
+     */
+    async readFromEnv(fileName, opts) {
+        const { baseDir = "" } = opts ?? {};
+        if (!fileName.endsWith("yaml")) {
+            throw new Error("Only yaml files are currently supported");
+        }
+        const loaded = new Map();
+        const path = baseDir ? `${baseDir}/${fileName}` : `${fileName}`;
+        const envFile = Bun.file(path);
+        if (!(await envFile.exists())) {
+            console.warn(`Warning: ${envFile.name} not found`);
+            return loaded;
+        }
+        console.log(`Loading ${envFile.name}`);
+        const content = await $ `sops decrypt ${path}`.text();
+        const parsed = yaml.parse(content);
+        if (!parsed || Array.isArray(parsed)) {
+            throw new Error(`Expected ${envFile.name} to decrypt to a root-level YAML object.`);
+        }
+        for (const [key, value] of Object.entries(parsed)) {
+            if (typeof value !== "string") {
+                throw new Error(`Expected ${envFile.name} key \`${key}\` to contain a string value.`);
+            }
+            loaded.set(key, value);
+        }
+        return loaded;
+    }
+}

package/dist/env/strategy/types.d.ts

@@ -0,0 +1,4 @@
+import type { EnvClientReadOpts } from "../types";
+export interface IEnvClientStrategy {
+    readFromEnv(fileName: string, opts?: EnvClientReadOpts): Promise<Map<string, string>>;
+}

package/dist/env/types.d.ts

@@ -0,0 +1,7 @@
+export declare enum EnvClientStrategy {
+    GIT_CRYPT = 0,
+    SOPS = 1
+}
+export interface EnvClientReadOpts {
+    baseDir?: string;
+}

package/dist/env/types.js

@@ -0,0 +1,5 @@
+export var EnvClientStrategy;
+(function (EnvClientStrategy) {
+    EnvClientStrategy[EnvClientStrategy["GIT_CRYPT"] = 0] = "GIT_CRYPT";
+    EnvClientStrategy[EnvClientStrategy["SOPS"] = 1] = "SOPS";
+})(EnvClientStrategy || (EnvClientStrategy = {}));

package/dist/internal/create-tag/index.js

@@ -1,7 +1,9 @@
+import { EnvClient, EnvClientStrategy } from "../../env";
 import { GitHubClient } from "../../gh";
 import { Utils } from "../../utils";
 async function main() {
-    const { githubAppAppId, githubAppInstallationId, githubAppPrivateKeyB64 } = parseCiEnv(await Utils.getEnvVariables(["ci"]));
+    const envClient = EnvClient.create(EnvClientStrategy.GIT_CRYPT);
+    const { githubAppAppId, githubAppInstallationId, githubAppPrivateKeyB64 } = parseCiEnv(await envClient.readFromEnv(".env.ci"));
     const ghClient = await GitHubClient.createWithGithubAppToken({
         appId: githubAppAppId,
         installationId: githubAppInstallationId,

package/dist/utils/client.d.ts

@@ -1,13 +1,11 @@
 import { decodeBase64EncodedString } from "./b64";
 import { isCmdAvailable } from "./cmd";
 import { Colors } from "./colors";
-import { getEnvVariables } from "./env";
 import { Log } from "./log";
 import { generateShortId } from "./short";
 export declare class Utils {
     static Colors: typeof Colors;
     static Log: typeof Log;
-    static getEnvVariables(...args: Parameters<typeof getEnvVariables>): Promise<Record<string, string>>;
     static generateShortId(...args: Parameters<typeof generateShortId>): string;
     static updateAllPackageJsonsWithVersion(version: string): Promise<void>;
     static isCmdAvailable(...args: Parameters<typeof isCmdAvailable>): Promise<boolean>;

package/dist/utils/client.js

@@ -2,16 +2,12 @@ import { $ } from "bun";
 import { decodeBase64EncodedString } from "./b64";
 import { isCmdAvailable } from "./cmd";
 import { Colors } from "./colors";
-import { getEnvVariables } from "./env";
 import { Log } from "./log";
 import { generateShortId } from "./short";
 export class Utils {
     // hoist
     static Colors = Colors;
     static Log = Log;
-    static getEnvVariables(...args) {
-        return getEnvVariables(...args);
-    }
     static generateShortId(...args) {
         return generateShortId(...args);
     }

package/package.json

@@ -3,7 +3,7 @@
   "type": "module",
   "author": "Tahmid Ahmed",
   "description": "A collection of Bun shell scripts that can be re-used in various CICD pipelines.",
-  "version": "1.0.27",
+  "version": "1.0.28",
   "repository": {
     "url": "git+https://github.com/tahminator/pipeline.git"
   },

package/dist/utils/env.d.ts

@@ -1,20 +0,0 @@
-type Opts = {
-    baseDir?: string;
-    mask_PLZ_DO_NOT_TURN_OFF_UNLESS_YOU_KNOW_WHAT_UR_DOING?: boolean;
-};
-/**
- * Load environment variables from encrypted `.env.*` files. This method will call `git-crypt unlock` for you if necessary.
- *
- * @param environments - List of environment files to load.
- *
- * @param opts - Optional overrides
- * @param opts.baseDir - Directory of environment variable. Defaults to the root directory / ""
- * @param opts.mask_PLZ_DO_NOT_TURN_OFF_UNLESS_YOU_KNOW_WHAT_UR_DOING - Should variables be masked. Defaults to `true`. __NOTE: This will only work in a GitHub Action runner.__
- *
- * @returns a map of the loaded environments as a key and value inside of a map.
- *
- * @note _Please note that duplicate environment variables will be overwritten, so
- * the order in which you define `environments` does matter._
- */
-export declare function getEnvVariables(environments: string[], opts?: Opts): Promise<Record<string, string>>;
-export {};

package/dist/utils/env.js

@@ -1,67 +0,0 @@
-import { $ } from "bun";
-// TODO: replace with a more robust solution
-let isGitCryptUnlocked = false;
-/**
- * Load environment variables from encrypted `.env.*` files. This method will call `git-crypt unlock` for you if necessary.
- *
- * @param environments - List of environment files to load.
- *
- * @param opts - Optional overrides
- * @param opts.baseDir - Directory of environment variable. Defaults to the root directory / ""
- * @param opts.mask_PLZ_DO_NOT_TURN_OFF_UNLESS_YOU_KNOW_WHAT_UR_DOING - Should variables be masked. Defaults to `true`. __NOTE: This will only work in a GitHub Action runner.__
- *
- * @returns a map of the loaded environments as a key and value inside of a map.
- *
- * @note _Please note that duplicate environment variables will be overwritten, so
- * the order in which you define `environments` does matter._
- */
-export async function getEnvVariables(environments, opts) {
-    const { baseDir = "", mask_PLZ_DO_NOT_TURN_OFF_UNLESS_YOU_KNOW_WHAT_UR_DOING = true, } = opts ?? {};
-    if (!isGitCryptUnlocked) {
-        await $ `git-crypt unlock`.nothrow();
-        isGitCryptUnlocked = true;
-    }
-    const loaded = new Map();
-    for (const env of environments) {
-        const path = baseDir ? `${baseDir}/.env.${env}` : `.env.${env}`;
-        const envFile = Bun.file(path);
-        if (await envFile.exists()) {
-            console.log(`Loading ${envFile.name}`);
-            const content = await envFile.text();
-            const lines = content.split("\n").filter((s) => s.length > 0);
-            for (const line of lines) {
-                const trimmed = line.trim();
-                if (!trimmed || trimmed.startsWith("#"))
-                    continue;
-                const match = (() => {
-                    const [key, ...rest] = trimmed.split("=");
-                    return [key, rest.join("=")];
-                })();
-                if (match.length === 2) {
-                    const [key, value] = match;
-                    const cleanKey = key.trim();
-                    let cleanValue = value.trim();
-                    if ((cleanValue.startsWith('"') && cleanValue.endsWith('"')) ||
-                        (cleanValue.startsWith("'") && cleanValue.endsWith("'"))) {
-                        cleanValue = cleanValue.slice(1, -1);
-                    }
-                    loaded.set(cleanKey, cleanValue);
-                }
-            }
-        }
-        else {
-            console.warn(`Warning: ${envFile.name} not found`);
-        }
-    }
-    if (mask_PLZ_DO_NOT_TURN_OFF_UNLESS_YOU_KNOW_WHAT_UR_DOING) {
-        for (const [varName, value] of loaded.entries()) {
-            if (value === "true" || value === "false" || value === "") {
-                console.log(`Not masking ${varName}: true/false/empty value`);
-                continue;
-            }
-            console.log(`Masking ${varName}`);
-            console.log(`::add-mask::${value}`);
-        }
-    }
-    return Object.fromEntries(loaded);
-}