@take-out/scripts 0.0.28

package/src/ensure-tunnel.ts

@@ -0,0 +1,13 @@
+#!/usr/bin/env bun
+
+const netstat = Bun.spawnSync(`netstat -rn`.split(' ')).stdout
+const isTunnelActive = netstat.includes(`10.0.8/22`)
+
+if (!isTunnelActive) {
+  console.error(`No tunnel active, run bun sst:tunnel:production first`)
+  process.exit(1)
+}
+
+export function ensureEnv() {
+  // make it a module
+}

package/src/env-pull.ts

@@ -0,0 +1,54 @@
+#!/usr/bin/env bun
+
+import { existsSync, writeFileSync } from 'node:fs'
+import { join } from 'node:path'
+import { getEnvironment } from './sst-get-environment'
+
+const rootDir = process.cwd()
+
+const envFilePath = join(rootDir, '.env.production')
+if (existsSync(envFilePath)) {
+  console.error(
+    '❌ Error: .env.production already exists. Please remove or rename it first.'
+  )
+  process.exit(1)
+}
+
+const packageJson = require(join(rootDir, 'package.json'))
+const envVarsNeeded = packageJson.env ? Object.keys(packageJson.env) : []
+if (!envVarsNeeded.length) {
+  console.error(
+    `❌ Error: No environment variables specified in package.json 'env' array.`
+  )
+  process.exit(1)
+}
+
+try {
+  const envVars = getEnvironment('WebApp')
+
+  let envFileContent = ''
+  let foundCount = 0
+
+  for (const varName of envVarsNeeded) {
+    if (envVars[varName] !== undefined) {
+      envFileContent += `${varName}=${envVars[varName]}\n`
+      foundCount++
+    } else {
+      console.warn(`⚠️  Warning: Didn't find env: ${varName}`)
+    }
+  }
+
+  if (foundCount === 0) {
+    console.error(`❌ Error: None of the required environment variables were found.`)
+    process.exit(1)
+  }
+
+  writeFileSync(envFilePath, envFileContent)
+
+  console.info(
+    `✅ Success! ${foundCount} environment variables written to .env.production`
+  )
+} catch (error) {
+  console.error('❌ Error fetching environment variables:', error)
+  process.exit(1)
+}

package/src/env-update.ts

@@ -0,0 +1,126 @@
+#!/usr/bin/env bun
+
+/**
+ * Environment Variable Management Script
+ *
+ * This script reads the environment variables defined in package.json
+ * and updates the necessary files with the correct environment variables.
+ *
+ * Files updated:
+ * - .github/workflows/deploy.yml - GitHub Actions environment variables
+ * - src/constants/env-server.ts - Server environment variables
+ * - Dockerfile - Docker build ARG definitions
+ */
+
+import { readFileSync, writeFileSync } from 'node:fs'
+
+const packageJson = JSON.parse(readFileSync('package.json', 'utf-8'))
+const envVars = packageJson.env as Record<string, boolean | string>
+
+if (!envVars || Array.isArray(envVars) || typeof envVars !== 'object') {
+  console.error('No environment variables found in package.json')
+  process.exit(1)
+}
+
+const markerStart = '🔒 start - this is generated by "bun env:update"'
+const markerEnd = '🔒 end - this is generated by "bun env:update"'
+
+const yamlStartMarker = `# ${markerStart}`
+const yamlEndMarker = `# ${markerEnd}`
+
+const jsStartMarker = `// ${markerStart}`
+const jsEndMarker = `// ${markerEnd}`
+
+function updateDeployYml() {
+  const deployYmlPath = '.github/workflows/ci.yml'
+  let deployYml = readFileSync(deployYmlPath, 'utf-8')
+
+  if (!deployYml.includes(yamlStartMarker) || !deployYml.includes(yamlEndMarker)) {
+    throw new Error(`Markers not found in ${deployYmlPath}`)
+  }
+
+  const newlines = `          `
+
+  const envSection = Object.keys(envVars)
+    .map((key) => `${newlines}${key}: \${{ secrets.${key} }}`)
+    .join('\n')
+
+  const newDeployYml = deployYml.replace(
+    new RegExp(`${yamlStartMarker}(.|\n)*?${yamlEndMarker}`, 'gm'),
+    `${yamlStartMarker}\n${envSection}\n${newlines}${yamlEndMarker}`
+  )
+
+  writeFileSync(deployYmlPath, newDeployYml, 'utf-8')
+  console.info('✅ Updated Github workflow')
+}
+
+function updateEnvServerTs() {
+  const envServerPath = 'src/server/env-server.ts'
+
+  let envServer = ''
+  try {
+    envServer = readFileSync(envServerPath, 'utf-8')
+  } catch (_error) {
+    throw new Error(`File ${envServerPath} not found`)
+  }
+
+  if (!envServer.includes(jsStartMarker) || !envServer.includes(jsEndMarker)) {
+    throw new Error(`Markers not found in ${envServerPath}`)
+  }
+
+  const envExports = Object.entries(envVars)
+    .map(
+      ([key, value]) =>
+        `export const ${key} = ensureEnv('${key}'${typeof value === 'string' ? `, ${JSON.stringify(value)}` : ''})`
+    )
+    .join('\n')
+
+  const newEnvServer = envServer.replace(
+    new RegExp(`${jsStartMarker}(.|\n)*?${jsEndMarker}`, 'm'),
+    `${jsStartMarker}\n${envExports}\n${jsEndMarker}`
+  )
+
+  writeFileSync(envServerPath, newEnvServer, 'utf-8')
+  console.info('✅ Updated server env')
+}
+
+// function updateDockerfile() {
+//   const dockerfilePath = 'Dockerfile'
+
+//   let dockerfile = ''
+//   try {
+//     dockerfile = readFileSync(dockerfilePath, 'utf-8')
+//   } catch (_error) {
+//     throw new Error(`File ${dockerfilePath} not found`)
+//   }
+
+//   if (!dockerfile.includes(yamlStartMarker) || !dockerfile.includes(yamlEndMarker)) {
+//     throw new Error(`Markers not found in ${dockerfilePath}`)
+//   }
+
+//   const dockerArgs = Object.keys(envVars)
+//     .map((env) => `ARG ${env}`)
+//     .join('\n')
+
+//   const newDockerfile = dockerfile.replace(
+//     new RegExp(`${yamlStartMarker}(.|\n)*?${yamlEndMarker}`, 'm'),
+//     `${yamlStartMarker}\n${dockerArgs}\n${yamlEndMarker}`
+//   )
+
+//   writeFileSync(dockerfilePath, newDockerfile, 'utf-8')
+//   console.info('✅ Updated Dockerfile')
+// }
+
+async function updateAll() {
+  try {
+    updateDeployYml()
+    updateEnvServerTs()
+    // updateDockerfile()
+    console.info('✅ All files updated successfully')
+  } catch (error: any) {
+    console.error('❌ Update failed:', error.message)
+    process.exit(1)
+  }
+}
+
+await updateAll()

package/src/exec-with-env.ts

@@ -0,0 +1,57 @@
+#!/usr/bin/env bun
+
+import { ensureExists } from '@take-out/helpers'
+import { loadEnv } from '@take-out/scripts/helpers/env-load'
+
+export async function execWithEnvironment(
+  environment: 'development' | 'production',
+  command: string
+) {
+  const { USE_LOCAL_SERVER } = process.env
+
+  let envFileEnv: Record<string, string>
+
+  if (process.env.REMOTE) {
+    await import('@take-out/scripts/ensure-tunnel')
+    const { getEnvironment } = await import('./sst-get-environment')
+    envFileEnv = getEnvironment(process.env.REMOTE)
+    ensureExists(envFileEnv)
+  } else {
+    envFileEnv = await loadEnv(environment)
+  }
+
+  console.info(
+    `($): ${command} | env ${environment} ${USE_LOCAL_SERVER ? '| using local endpoints' : ''}`
+  )
+
+  const devEnv = USE_LOCAL_SERVER ? await loadEnv('development') : null
+
+  const env = {
+    ...envFileEnv,
+    ...process.env,
+    // running local server but hitting most prod endpoints except auth
+    ...(USE_LOCAL_SERVER && {
+      ONE_SERVER_URL: devEnv?.ONE_SERVER_URL,
+      // vite reads from .env.production for us unless defined into process.env
+      VITE_PUBLIC_ZERO_SERVER: 'https://start.chat',
+      // actually we need to use prod better auth but allow localhost trusted origin, may need other env though
+      // BETTER_AUTH_SECRET: devEnv?.BETTER_AUTH_SECRET,
+      // BETTER_AUTH_URL: devEnv?.BETTER_AUTH_URL,
+    }),
+  } as any as Record<string, string>
+
+  return Bun.spawnSync(command.split(' '), {
+    stdin: 'ignore',
+    stdout: 'inherit',
+    stderr: 'inherit',
+    env,
+  })
+}
+
+if (import.meta.main) {
+  const result = await execWithEnvironment(
+    (process.env.NODE_ENV as 'development' | 'production') || 'development',
+    process.argv.slice(3).join(' ')
+  )
+  process.exit(result.exitCode)
+}

package/src/helpers/check-port.ts

@@ -0,0 +1,22 @@
+import { Socket } from 'node:net'
+
+export function checkPort(port: number, host = '127.0.0.1'): Promise<boolean> {
+  return new Promise((resolve) => {
+    const tester = new Socket()
+
+    tester.once('connect', () => {
+      tester.destroy()
+      resolve(true)
+    })
+
+    tester.once('error', (err: NodeJS.ErrnoException) => {
+      if (err.code === 'ECONNREFUSED') {
+        resolve(false)
+      } else {
+        resolve(true)
+      }
+    })
+
+    tester.connect(port, host)
+  })
+}

package/src/helpers/ensure-s3-bucket.ts

@@ -0,0 +1,88 @@
+import {
+  CreateBucketCommand,
+  HeadBucketCommand,
+  PutBucketLifecycleConfigurationCommand,
+  PutBucketVersioningCommand,
+  S3Client,
+} from '@aws-sdk/client-s3'
+
+export async function ensureS3Bucket(
+  bucketName: string,
+  options?: {
+    region?: string
+    retentionDays?: number
+  }
+): Promise<void> {
+  const region = options?.region ?? 'us-west-1'
+  const retentionDays = options?.retentionDays ?? 30
+
+  const s3Client = new S3Client({
+    region,
+    credentials: {
+      accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
+      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
+    },
+  })
+
+  try {
+    // check if bucket exists
+    await s3Client.send(new HeadBucketCommand({ Bucket: bucketName }))
+    console.info(`✅ S3 bucket exists: ${bucketName}`)
+  } catch (error: any) {
+    if (error.name === 'NotFound' || error.$metadata?.httpStatusCode === 404) {
+      console.info(`📦 Creating S3 bucket: ${bucketName}`)
+
+      // create bucket
+      await s3Client.send(
+        new CreateBucketCommand({
+          Bucket: bucketName,
+          ...(region !== 'us-east-1' && {
+            CreateBucketConfiguration: {
+              LocationConstraint: region as any,
+            },
+          }),
+        })
+      )
+
+      // enable versioning for safety
+      await s3Client.send(
+        new PutBucketVersioningCommand({
+          Bucket: bucketName,
+          VersioningConfiguration: {
+            Status: 'Enabled',
+          },
+        })
+      )
+
+      // set lifecycle policy to automatically delete old backups
+      await s3Client.send(
+        new PutBucketLifecycleConfigurationCommand({
+          Bucket: bucketName,
+          LifecycleConfiguration: {
+            Rules: [
+              {
+                ID: 'delete-old-backups',
+                Status: 'Enabled',
+                Filter: {
+                  Prefix: 'db-backups/',
+                },
+                Expiration: {
+                  Days: retentionDays,
+                },
+                NoncurrentVersionExpiration: {
+                  NoncurrentDays: 7,
+                },
+              },
+            ],
+          },
+        })
+      )
+
+      console.info(
+        `✅ S3 bucket created with ${retentionDays} day retention: ${bucketName}`
+      )
+    } else {
+      throw error
+    }
+  }
+}

package/src/helpers/env-load.ts

@@ -0,0 +1,26 @@
+import { join } from 'node:path'
+import { loadEnv as vxrnLoadEnv } from 'vxrn/loadEnv'
+
+export async function loadEnv(
+  environment: 'development' | 'production' | 'dev-prod',
+  options?: { optional?: string[]; envPath?: string }
+) {
+  // loads env into process.env
+  await vxrnLoadEnv(environment)
+
+  const Environment = await import(
+    options?.envPath || join(process.cwd(), 'src/server/env-server.ts')
+  )
+
+  // validate
+  for (const key in Environment) {
+    if (options?.optional?.includes(key)) {
+      continue
+    }
+    if (!Environment[key as keyof typeof Environment]) {
+      console.warn(`Missing key: ${key}`)
+    }
+  }
+
+  return Environment
+}

package/src/helpers/get-docker-host.ts

@@ -0,0 +1,37 @@
+#!/usr/bin/env bun
+
+import { execSync } from 'node:child_process'
+import { platform } from 'node:os'
+
+/**
+ * Gets the appropriate host address for Docker containers to connect back to the host machine
+ * - On macOS/Windows: host.docker.internal works out of the box
+ * - On Linux: We need to get the actual host IP from the docker bridge network
+ */
+export function getDockerHost(): string {
+  // In CI or on Linux, we need the actual host IP
+  if (platform() === 'linux') {
+    try {
+      // Get the host IP from docker network
+      const result = execSync(
+        "docker network inspect bridge --format '{{range .IPAM.Config}}{{.Gateway}}{{end}}'",
+        { encoding: 'utf-8' }
+      ).trim()
+
+      if (result) {
+        console.info(`Using Docker bridge gateway IP: ${result}`)
+        return result
+      }
+    } catch (error) {
+      console.warn('Failed to get Docker bridge IP, falling back to host.docker.internal')
+    }
+  }
+
+  // Default for macOS/Windows or fallback
+  return 'host.docker.internal'
+}
+
+// If run directly, output the host
+if (import.meta.main) {
+  console.info(getDockerHost())
+}

package/src/helpers/get-test-env.ts

@@ -0,0 +1,25 @@
+import { join } from 'node:path'
+import { loadEnv } from './env-load'
+import { getDockerHost } from './get-docker-host'
+import { getZeroVersion } from './zero-get-version'
+
+export async function getTestEnv() {
+  const zeroVersion = getZeroVersion()
+  const devEnv = await loadEnv('development')
+  const dockerHost = getDockerHost()
+  const serverEnvFallback = await import(join(process.cwd(), 'src/server/env-server'))
+
+  return {
+    ...serverEnvFallback,
+    ...devEnv,
+    CI: 'true', // Ensure CI flag is set for test environment
+    ...(!process.env.DEBUG_BACKEND && {
+      ZERO_LOG_LEVEL: 'warn',
+    }),
+    DO_NOT_TRACK: '1',
+    ZERO_VERSION: zeroVersion,
+    ZERO_AUTH_JWKS_URL: `http://${dockerHost}:8081/api/auth/jwks`,
+    ZERO_PUSH_URL: `http://${dockerHost}:8081/api/zero/push`,
+    ZERO_GET_QUERIES_URL: `http://${dockerHost}:8081/api/zero/pull`,
+  }
+}