npm - @uofx/cli - Versions diffs - 1.0.0 - Mend

@uofx/cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (238) hide show

package/dist/infrastructure/deployment/services/base-helm-deployment.service.js ADDED Viewed

@@ -0,0 +1,163 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseHelmDeploymentService = void 0;
+const retry_util_1 = require("../../utils/retry.util");
+/**
+ * Helm 部署基類
+ *
+ * 提供 Helm Chart 部署的共通流程：
+ * 1. Registry 登入
+ * 2. 拉取 Chart
+ * 3. 前置處理（可選）
+ * 4. 安裝 Chart
+ * 5. 後置處理（可選）
+ * 6. 清理 Chart 檔案
+ *
+ * 子類需實作：
+ * - getDeploymentConfig(): 取得部署配置
+ * - installChart(): 安裝 Chart 邏輯
+ *
+ * 可選覆寫：
+ * - preInstall(): 安裝前處理
+ * - postInstall(): 安裝後處理
+ */
+class BaseHelmDeploymentService {
+    constructor(helmRegistry, logger, envFactory) {
+        this.helmRegistry = helmRegistry;
+        this.logger = logger;
+        this.envFactory = envFactory;
+    }
+    /**
+     * 部署 Helm Chart（模板方法）
+     * @param instanceName - WSL 實例名稱
+     * @param params - 部署參數
+     * @param chartVersion - Chart 版本
+     * @param output - 輸出介面
+     */
+    async deployWithHelm(instanceName, params, chartVersion, output) {
+        const config = this.getDeploymentConfig(chartVersion);
+        this.logger.debug(`[${this.getServiceName()}] Starting deployment`, {
+            chart: config.chartName,
+            version: config.chartVersion,
+            instance: instanceName,
+        });
+        // 1. Registry 登入
+        await this.helmRegistry.login(instanceName, params.acrCredentials);
+        // 2. 拉取 Chart
+        const chartInfo = {
+            chartName: config.chartName,
+            version: config.chartVersion,
+            acrName: params.acrCredentials.name,
+            repository: config.repository,
+        };
+        const chartPath = await this.helmRegistry.pullChart(instanceName, chartInfo, output);
+        try {
+            // 3. 前置處理
+            await this.preInstall(instanceName, params, output);
+            // 4. 安裝 Chart
+            await this.installChart(instanceName, chartPath, params, output);
+            // 5. 後置處理
+            await this.postInstall(instanceName, params, output);
+            this.logger.debug(`[${this.getServiceName()}] Deployment completed`, {
+                chart: config.chartName,
+                instance: instanceName,
+            });
+        }
+        finally {
+            // 6. 清理 Chart 檔案
+            await this.helmRegistry.cleanupChart(instanceName, chartPath);
+        }
+    }
+    /**
+     * 安裝前處理（可選覆寫）
+     * @param instanceName - WSL 實例名稱
+     * @param params - 部署參數
+     * @param output - 輸出介面
+     */
+    async preInstall(_instanceName, _params, _output) {
+        // 預設不做任何處理，子類可覆寫
+    }
+    /**
+     * 安裝後處理（可選覆寫）
+     * @param instanceName - WSL 實例名稱
+     * @param params - 部署參數
+     * @param output - 輸出介面
+     */
+    async postInstall(_instanceName, _params, _output) {
+        // 預設不做任何處理，子類可覆寫
+    }
+    // =========================================================================
+    // 共享輔助方法
+    // =========================================================================
+    /**
+     * 建立 Helm upgrade --install 命令建構器
+     * @param instanceName - WSL 實例名稱
+     * @param options - Helm 安裝選項
+     * @returns ICommandBuilder 實例
+     */
+    createHelmUpgradeBuilder(instanceName, options) {
+        if (!this.envFactory) {
+            throw new Error('ExecutionEnvironmentFactory is required for createHelmUpgradeBuilder');
+        }
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.helm('upgrade')
+            .arg('--install')
+            .arg('--force');
+        // 添加 --wait 和 --timeout
+        if (options.wait) {
+            builder.arg('--wait');
+            if (options.timeout) {
+                builder.arg('--timeout', options.timeout);
+            }
+        }
+        // Release 名稱和 Chart 路徑
+        builder.arg(options.releaseName);
+        builder.arg(`"${options.chartPath}"`);
+        // 命名空間
+        const namespace = options.namespace ?? 'uofx';
+        builder.arg('-n', namespace);
+        builder.arg('--create-namespace');
+        // 添加 --set 參數
+        if (options.setArgs) {
+            for (const setArg of options.setArgs) {
+                builder.arg('--set', setArg);
+            }
+        }
+        // 添加敏感的 --set 參數
+        if (options.sensitiveSetArgs) {
+            for (const { key, value } of options.sensitiveSetArgs) {
+                builder.sensitiveArg('--set', `${key}="${value}"`);
+            }
+        }
+        // 從 stdin 讀取 values
+        if (options.sensitiveStdin) {
+            builder.arg('-f', '-');
+            builder.sensitiveStdin(options.sensitiveStdin);
+        }
+        return builder;
+    }
+    /**
+     * 執行 Helm 命令並帶有重試機制
+     * @param builder - ICommandBuilder 實例
+     * @param chartName - Chart 名稱（用於錯誤訊息）
+     * @param output - 輸出介面
+     */
+    async executeWithRetry(builder, chartName, output) {
+        const serviceName = this.getServiceName();
+        await (0, retry_util_1.retryWithBackoff)(async () => {
+            const result = await builder.exec();
+            if (result.exitCode !== 0) {
+                throw new Error(result.stderr);
+            }
+        }, (0, retry_util_1.createHelmRetryOptions)({
+            onRetry: (attempt) => {
+                output?.warning(`Retrying install (${attempt}/3)...`).flush();
+                this.logger.warn(`[${serviceName}] Retrying install (${attempt}/3)...`);
+            },
+        })).catch((error) => {
+            throw new Error(`Failed to install ${chartName} chart: ${error.message}`);
+        });
+    }
+}
+exports.BaseHelmDeploymentService = BaseHelmDeploymentService;
+//# sourceMappingURL=base-helm-deployment.service.js.map

package/dist/infrastructure/deployment/services/helm-registry.service.js ADDED Viewed

@@ -0,0 +1,126 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HelmRegistryService = void 0;
+const tsyringe_1 = require("tsyringe");
+const tokens_1 = require("../../../di/tokens");
+const acr_credentials_value_object_1 = require("../../../domain/value-objects/acr-credentials.value-object");
+const sensitive_decorator_1 = require("../../../domain/decorators/sensitive.decorator");
+/**
+ * Helm Registry 服務
+ *
+ * 負責管理 Helm Registry 相關操作，提供：
+ * - ACR (Azure Container Registry) 登入
+ * - Helm Chart 拉取
+ * - Chart 檔案清理
+ *
+ * 此服務整合了原先散落在 AppManagerService、InfraManagerService、
+ * ServiceManagerService 中的重複邏輯，遵循 DRY (Don't Repeat Yourself) 原則
+ *
+ * 實作 IHelmRegistry Domain Port
+ */
+let HelmRegistryService = class HelmRegistryService {
+    constructor(envFactory, logger) {
+        this.envFactory = envFactory;
+        this.logger = logger;
+    }
+    /**
+     * 登入 Helm Registry (ACR)
+     *
+     * 使用 `helm registry login` 命令透過 stdin 傳遞密碼，避免密碼出現在命令列歷史中
+     *
+     * @param instanceName - WSL 實例名稱
+     * @param credentials - ACR 登入憑證
+     * @throws {Error} 登入失敗時拋出錯誤
+     */
+    async login(instanceName, credentials) {
+        const { name: acrName, account: acrAccount, password: acrPassword } = credentials;
+        const registry = `${acrName}.azurecr.io`;
+        this.logger.debug(`[HelmRegistry] Login to registry ${registry}...`);
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.helm('registry login')
+            .arg(registry)
+            .arg('--username', acrAccount)
+            .arg('--password-stdin')
+            .sensitiveStdin(acrPassword);
+        const result = await builder.exec();
+        if (result.exitCode !== 0) {
+            throw new Error(`Failed to login to helm registry: ${result.stderr}`);
+        }
+        this.logger.debug(`[HelmRegistry] Successfully logged in to ${registry}`);
+    }
+    /**
+     * 從 ACR 拉取 Helm Chart
+     *
+     * Chart 會被下載到 /tmp 目錄
+     *
+     * @param instanceName - WSL 實例名稱
+     * @param chartInfo - Chart 資訊 (名稱、版本、ACR 名稱)
+     * @param progress - 進度通知（可選）
+     * @returns Promise<string> - Chart 檔案的完整路徑 (如 '/tmp/uofx-1.0.0.tgz')
+     * @throws {Error} 拉取失敗時拋出錯誤
+     */
+    async pullChart(instanceName, chartInfo, output) {
+        const { chartName, version, acrName, repository = 'helm' } = chartInfo;
+        const registry = `${acrName}.azurecr.io`;
+        const chartUrl = `oci://${registry}/${repository}/${chartName}`;
+        const destDir = '/tmp';
+        this.logger.debug(`[HelmRegistry] Pulling chart ${chartUrl} version ${version}...`);
+        output?.item('arrow', `Pulling ${chartName} chart (v${version})...`).flush();
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.helm('pull')
+            .arg(chartUrl)
+            .arg('--version', version)
+            .arg('--destination', destDir);
+        const result = await builder.exec();
+        if (result.exitCode !== 0) {
+            throw new Error(`Failed to pull ${chartName} chart: ${result.stderr}`);
+        }
+        const chartPath = `${destDir}/${chartName}-${version}.tgz`;
+        this.logger.debug(`[HelmRegistry] Chart pulled successfully: ${chartPath}`);
+        return chartPath;
+    }
+    /**
+     * 清理暫存的 Chart 檔案
+     *
+     * 從 WSL 實例的 /tmp 目錄中刪除指定的 Chart 檔案
+     * 此操作不會拋出錯誤,即使檔案不存在也會靜默成功
+     *
+     * @param instanceName - WSL 實例名稱
+     * @param chartPath - Chart 檔案的完整路徑
+     */
+    async cleanupChart(instanceName, chartPath) {
+        this.logger.debug(`[HelmRegistry] Cleaning up chart: ${chartPath}`);
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.shell('rm')
+            .arg('-f')
+            .arg(chartPath);
+        await builder.exec();
+        this.logger.debug(`[HelmRegistry] Chart cleaned up: ${chartPath}`);
+    }
+};
+exports.HelmRegistryService = HelmRegistryService;
+__decorate([
+    __param(1, (0, sensitive_decorator_1.Sensitive)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, acr_credentials_value_object_1.AcrCredentials]),
+    __metadata("design:returntype", Promise)
+], HelmRegistryService.prototype, "login", null);
+exports.HelmRegistryService = HelmRegistryService = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __param(0, (0, tsyringe_1.inject)(tokens_1.TOKENS.Internal.IExecutionEnvironmentFactory)),
+    __param(1, (0, tsyringe_1.inject)(tokens_1.TOKENS.ILoggerPort)),
+    __metadata("design:paramtypes", [Object, Object])
+], HelmRegistryService);
+//# sourceMappingURL=helm-registry.service.js.map

package/dist/infrastructure/deployment/services/infra-manager.service.js ADDED Viewed

@@ -0,0 +1,130 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InfraManagerService = void 0;
+const tsyringe_1 = require("tsyringe");
+const tokens_1 = require("../../../di/tokens");
+const deployment_parameters_entity_1 = require("../../../domain/entities/deployment-parameters.entity");
+const sensitive_decorator_1 = require("../../../domain/decorators/sensitive.decorator");
+const base_helm_deployment_service_1 = require("./base-helm-deployment.service");
+const paths_1 = require("../../../constants/paths");
+/**
+ * 基礎設施管理服務
+ *
+ * 負責 uofx-infra Helm chart 的部署管理
+ * 繼承 BaseHelmDeploymentService 使用模板方法模式
+ */
+let InfraManagerService = class InfraManagerService extends base_helm_deployment_service_1.BaseHelmDeploymentService {
+    constructor(envFactory, helmRegistry, logger) {
+        super(helmRegistry, logger, envFactory);
+    }
+    /**
+     * 部署 uofx-infra 基礎設施
+     */
+    async deployInfra(instanceName, params, chartVersion, output) {
+        output?.item('arrow', 'Deploying uofx-infra chart...').flush();
+        await this.deployWithHelm(instanceName, params, chartVersion, output);
+    }
+    // =========================================================================
+    // BaseHelmDeploymentService 抽象方法實作
+    // =========================================================================
+    getServiceName() {
+        return 'Infra';
+    }
+    getDeploymentConfig(chartVersion) {
+        return {
+            chartName: 'uofx-infra',
+            chartVersion,
+        };
+    }
+    /**
+     * 安裝前處理：建立儲存目錄
+     */
+    async preInstall(instanceName, _params, _output) {
+        await this.createStorageDirectories(instanceName);
+    }
+    async installChart(instanceName, chartPath, params, output) {
+        const { name: acrName, account: acrAccount, password: acrPassword } = params.acrCredentials;
+        const registry = `${acrName}.azurecr.io`;
+        const builder = this.createHelmUpgradeBuilder(instanceName, {
+            releaseName: 'uofx-infra',
+            chartPath,
+            setArgs: [
+                `k8sType="microk8s"`,
+                `traefik.web.TLS.enable=true`,
+                `traefik.admin.TLS.enable=true`,
+                `imageCredentials.registry="${registry}"`,
+                `imageCredentials.username="${acrAccount}"`,
+                `storage.type="local"`,
+                `storage.local.defaultPath="${paths_1.LINUX_PATHS.UOFX_STORAGE_BASE}"`,
+                `storage.local.mqShare.path="/rabbitmq"`,
+                `storage.local.lokiShare.path="/loki"`,
+                `storage.local.redisShare.path="/redis"`,
+                `storage.local.fileShare.path="/file"`,
+                `storage.local.syncShare.path="/system"`,
+                `storage.local.searchShare.path="/search"`,
+                `loki.retentionPeriod="365d"`,
+                `installType="install"`,
+                `enabledSearch=true`,
+            ],
+            sensitiveSetArgs: [
+                { key: 'imageCredentials.password', value: acrPassword },
+            ],
+        });
+        this.logger.debug('[Infra] Deploying infrastructure chart', {
+            chart: 'uofx-infra',
+            chartPath: chartPath,
+            namespace: 'uofx',
+            instance: instanceName,
+        });
+        output?.indent().item('arrow', 'Installing uofx-infra chart...').outdent().flush();
+        await this.executeWithRetry(builder, 'uofx-infra', output);
+    }
+    // =========================================================================
+    // 私有方法
+    // =========================================================================
+    /**
+     * 建立持久化存儲目錄
+     */
+    async createStorageDirectories(instanceName) {
+        this.logger.debug(`[Infra] Creating storage directories for ${instanceName}...`);
+        const baseDir = paths_1.LINUX_PATHS.UOFX_STORAGE_BASE;
+        const subDirs = ['rabbitmq', 'loki', 'redis', 'file', 'system', 'search'];
+        const directories = subDirs.map(sub => `${baseDir}/${sub}`);
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.shell('mkdir')
+            .arg('-p')
+            .args(...directories);
+        const result = await builder.exec();
+        if (result.exitCode !== 0) {
+            throw new Error(`Failed to create storage directories: ${result.stderr}`);
+        }
+        this.logger.debug('[Infra] Storage directories created');
+    }
+};
+exports.InfraManagerService = InfraManagerService;
+__decorate([
+    __param(1, (0, sensitive_decorator_1.Sensitive)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, deployment_parameters_entity_1.DeploymentParameters, String, Object]),
+    __metadata("design:returntype", Promise)
+], InfraManagerService.prototype, "deployInfra", null);
+exports.InfraManagerService = InfraManagerService = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __param(0, (0, tsyringe_1.inject)(tokens_1.TOKENS.Internal.IExecutionEnvironmentFactory)),
+    __param(1, (0, tsyringe_1.inject)(tokens_1.TOKENS.Internal.IHelmRegistry)),
+    __param(2, (0, tsyringe_1.inject)(tokens_1.TOKENS.ILoggerPort)),
+    __metadata("design:paramtypes", [Object, Object, Object])
+], InfraManagerService);
+//# sourceMappingURL=infra-manager.service.js.map

package/dist/infrastructure/deployment/services/k8s-job-runner.service.js ADDED Viewed

@@ -0,0 +1,194 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.K8sJobRunnerService = void 0;
+const tsyringe_1 = require("tsyringe");
+const tokens_1 = require("../../../di/tokens");
+const deployment_parameters_entity_1 = require("../../../domain/entities/deployment-parameters.entity");
+const sensitive_decorator_1 = require("../../../domain/decorators/sensitive.decorator");
+/**
+ * Kubernetes Job 執行服務
+ *
+ * 負責執行 Kubernetes Job 的完整生命週期
+ */
+let K8sJobRunnerService = class K8sJobRunnerService {
+    constructor(envFactory, userManagerService, logger) {
+        this.envFactory = envFactory;
+        this.userManagerService = userManagerService;
+        this.logger = logger;
+    }
+    /**
+     * 建立 Image Pull Secret (用於拉取 Job 映像檔)
+     * @param instanceName WSL 實例名稱
+     * @param params 部署參數
+     */
+    async createImagePullSecret(instanceName, params) {
+        const { name: acrName, account: acrAccount, password: acrPassword } = params.acrCredentials;
+        const registry = `${acrName}.azurecr.io`;
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.kubectl('create secret docker-registry')
+            .arg('image-pull-secret-test')
+            .arg('-n', 'mssql')
+            .arg(`--docker-server=${registry}`)
+            .arg(`--docker-username=${acrAccount}`)
+            .sensitiveArg('--docker-password', acrPassword);
+        // 忽略錯誤如果 Secret 已存在
+        const deleteBuilder = env.kubectl('delete')
+            .arg('secret')
+            .arg('image-pull-secret-test')
+            .arg('-n', 'mssql');
+        await deleteBuilder.exec();
+        const result = await builder.exec();
+        if (result.exitCode !== 0) {
+            throw new Error(`Failed to create image pull secret: ${result.stderr}`);
+        }
+    }
+    /**
+     * 刪除 Image Pull Secret
+     * @param instanceName WSL 實例名稱
+     */
+    async deleteImagePullSecret(instanceName) {
+        const env = this.envFactory.getForInstance(instanceName);
+        const builder = env.kubectl('delete')
+            .arg('secret')
+            .arg('image-pull-secret-test')
+            .arg('-n', 'mssql');
+        await builder.exec();
+    }
+    /**
+     * 執行 Kubernetes Job
+     * @param instanceName WSL 實例名稱
+     * @param jobName Job 名稱
+     * @param imageName 映像檔名稱
+     * @param version 映像檔版本
+     * @param params 部署參數
+     */
+    async runJob(instanceName, jobName, imageName, version, params) {
+        const registry = `${params.acrCredentials.name}.azurecr.io`;
+        const image = `${registry}/${imageName}:${version}`;
+        const env = this.envFactory.getForInstance(instanceName);
+        // Job YAML 模板
+        const jobYaml = {
+            apiVersion: 'batch/v1',
+            kind: 'Job',
+            metadata: {
+                name: jobName,
+                namespace: 'mssql'
+            },
+            spec: {
+                template: {
+                    spec: {
+                        imagePullSecrets: [{ name: 'image-pull-secret-test' }],
+                        containers: [{
+                                name: 'init-db',
+                                image: image,
+                                env: [
+                                    { name: 'SQL_HOST', value: 'database-mssql-latest.mssql' },
+                                    { name: 'SQL_USER', value: 'sa' },
+                                    { name: 'SQL_PASSWORD', value: params.saPassword.toString() },
+                                    { name: 'SQL_DATABASE', value: jobName === 'db-init' ? 'uofx_dev' : 'uofx_search' },
+                                    { name: 'ADMIN_PASSWORD', value: params.adminPassword.toString() },
+                                    { name: 'DISABLE_COLOR', value: '1' }
+                                ],
+                                command: ['/bin/bash', '-c', 'cd /src && ./uofxDbHelper.sh -A']
+                            }],
+                        restartPolicy: 'Never'
+                    }
+                },
+                backoffLimit: 2
+            }
+        };
+        // 如果 Job 已存在則刪除
+        const deleteExistingBuilder = env.kubectl('delete')
+            .arg('job')
+            .arg(jobName)
+            .arg('-n', 'mssql');
+        await deleteExistingBuilder.exec();
+        // 應用 Job
+        const applyBuilder = env.kubectl('apply')
+            .arg('-f', '-')
+            .sensitiveStdin(JSON.stringify(jobYaml));
+        const applyResult = await applyBuilder.exec();
+        if (applyResult.exitCode !== 0) {
+            throw new Error(`Failed to start job ${jobName}: ${applyResult.stderr}`);
+        }
+        // 等待完成
+        const waitBuilder = env.kubectl('wait')
+            .arg('--for=condition=complete')
+            .arg(`job/${jobName}`)
+            .arg('-n', 'mssql')
+            .arg('--timeout=300s');
+        const waitResult = await waitBuilder.exec();
+        if (waitResult.exitCode !== 0) {
+            // 失敗時檢查日誌
+            const logsBuilder = env.kubectl('logs')
+                .arg(`job/${jobName}`)
+                .arg('-n', 'mssql');
+            const logs = await logsBuilder.exec();
+            this.logger.error(new Error(`Job ${jobName} logs:
+${logs.stdout}`));
+            throw new Error(`Job ${jobName} failed or timed out`);
+        }
+        // 清理 Job
+        const cleanupBuilder = env.kubectl('delete')
+            .arg('job')
+            .arg(jobName)
+            .arg('-n', 'mssql');
+        await cleanupBuilder.exec();
+    }
+    /**
+     * 執行所有 MSSQL 初始化 Jobs
+     * @param instanceName WSL 實例名稱
+     * @param params 部署參數
+     * @param chartVersion Chart 版本
+     * @param progress 進度通知回調
+     */
+    async runInitJobs(instanceName, params, chartVersion, output) {
+        output?.item('arrow', 'Initializing databases...').flush();
+        // 1. 建立臨時 Secret
+        output?.indent().item('arrow', 'Creating image pull secret...').outdent().flush();
+        await this.createImagePullSecret(instanceName, params);
+        try {
+            // 2. 執行 InitDb
+            output?.indent().item('arrow', 'Running db-init job...').outdent().flush();
+            await this.runJob(instanceName, 'db-init', 'uofx-k8s-db-helper', chartVersion, params);
+            // 3. 建立管理員使用者
+            output?.indent().item('arrow', 'Creating admin user...').outdent().flush();
+            await this.userManagerService.createAdminUser(instanceName, params);
+            // 4. 執行 InitSearchDb
+            output?.indent().item('arrow', 'Running search-db-init job...').outdent().flush();
+            await this.runJob(instanceName, 'search-db-init', 'uofx-k8s-search-db-helper', chartVersion, params);
+        }
+        finally {
+            // 5. 清理 Secret
+            output?.indent().item('arrow', 'Cleaning up resources...').outdent().flush();
+            await this.deleteImagePullSecret(instanceName);
+        }
+    }
+};
+exports.K8sJobRunnerService = K8sJobRunnerService;
+__decorate([
+    __param(1, (0, sensitive_decorator_1.Sensitive)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, deployment_parameters_entity_1.DeploymentParameters, String, Object]),
+    __metadata("design:returntype", Promise)
+], K8sJobRunnerService.prototype, "runInitJobs", null);
+exports.K8sJobRunnerService = K8sJobRunnerService = __decorate([
+    (0, tsyringe_1.injectable)(),
+    __param(0, (0, tsyringe_1.inject)(tokens_1.TOKENS.Internal.IExecutionEnvironmentFactory)),
+    __param(1, (0, tsyringe_1.inject)(tokens_1.TOKENS.Internal.IMssqlUserManager)),
+    __param(2, (0, tsyringe_1.inject)(tokens_1.TOKENS.ILoggerPort)),
+    __metadata("design:paramtypes", [Object, Object, Object])
+], K8sJobRunnerService);
+//# sourceMappingURL=k8s-job-runner.service.js.map