@vaharoni/devops 1.2.17 → 1.3.0

package/dist/{chunk-RZ46YYZZ.js → chunk-HXGGJIAS.js}

@@ -9,7 +9,7 @@ import { z } from "zod";
 var SUPPORTED_LANGUAGES = ["python", "node"];
 var constFileSchema = z.object({
   "project-name": z.string(),
-  "infra": z.enum(["hetzner", "digitalocean", "gcloud"]),
+  "registry-infra": z.enum(["digitalocean", "gcp", "harbor"]),
   "image-versions-to-keep": z.number().optional(),
   "registry-base-url": z.string(),
   "registry-image-path-prefix": z.string().optional(),

package/dist/{chunk-N7EX3HJH.js → chunk-N2NFRGJO.js}

@@ -1,6 +1,6 @@
 import {
   getConst
-} from "./chunk-RZ46YYZZ.js";
+} from "./chunk-HXGGJIAS.js";
 
 // src/app-support/crypto/aes.ts
 import crypto from "crypto";

package/dist/{chunk-WKP7EQNU.js → chunk-OFUEFG64.js}

@@ -2,7 +2,7 @@ import {
   getConst,
   getImageData,
   globEnvYamlFiles
-} from "./chunk-RZ46YYZZ.js";
+} from "./chunk-HXGGJIAS.js";
 
 // src/cli/common.ts
 import chalk from "chalk";

package/dist/devops.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env bun
 import {
   InternalToken
-} from "./chunk-N7EX3HJH.js";
+} from "./chunk-N2NFRGJO.js";
 import {
   CLICommandParser,
   CommandExecutor,
@@ -24,7 +24,7 @@ import {
   printUsageAndExit,
   secretName,
   upsertConfigMapCommand
-} from "./chunk-WKP7EQNU.js";
+} from "./chunk-OFUEFG64.js";
 import {
   IGNORED_PATHS,
   __export,
@@ -36,7 +36,7 @@ import {
   getWorkspace,
   globEnvYamlFiles,
   workspaceDirectoryForLanguage
-} from "./chunk-RZ46YYZZ.js";
+} from "./chunk-HXGGJIAS.js";
 
 // src/devops.ts
 import { globSync as globSync2 } from "glob";
@@ -1103,7 +1103,7 @@ var consoleCommand = { command: "console", oneLiner: oneLiner6, keyExamples: key
 
 // src/cli/core/constant.ts
 var oneLiner7 = "Prints to stdout a constant from constant.yaml";
-var keyExamples7 = `$ devops constant infra`;
+var keyExamples7 = `$ devops constant registry-infra`;
 var usage7 = `
 ${oneLiner7}
 
@@ -1741,12 +1741,12 @@ async function createFiles() {
   }
   tc.enableSubtitution(".devops/config/images.yaml");
   tc.setMessageGenerator(".envrc", envrcMessage);
-  const gitIgnore = gitIgnoreContent(userChoices.infraVariant, userChoices.usePython);
+  const gitIgnore = gitIgnoreContent(userChoices.infraPreset, userChoices.usePython);
   tc.addGeneratedFile(".gitignore", gitIgnore);
   tc.setMessageGenerator(".gitignore", gitignoreMessageGen(gitIgnore));
-  tc.addCopiedFolder(`infra-variants/${userChoices.infraVariant}`, ".");
+  tc.addCopiedFolder(`infra-variants/${userChoices.infraPreset}`, ".");
   tc.enableSubtitution(".devops/config/constants.yaml");
-  if (userChoices.infraVariant === "hetzner") {
+  if (userChoices.infraPreset === "hetzner") {
     tc.enableSubtitution(".devops/infra/hetzner/harbor-cert.yaml");
     tc.enableSubtitution(".devops/infra/hetzner/harbor-values.yaml");
     tc.enableSubtitution(".devops/infra/hetzner/hcloud-config.yaml");
@@ -1804,12 +1804,12 @@ function packageJsonMessage(usePrisma) {
     "applications/**"${prismaMessage}
   ],`)}`;
 }
-function gitIgnoreContent(infraVariant, usePython) {
+function gitIgnoreContent(infraPreset, usePython) {
   const common = `**/.env*
 config/kubeconfig
 tmp/**
 !tmp/**/.gitkeep`;
-  const gcloud = infraVariant === "gcloud" ? "config/gke_gcloud_auth_plugin_cache" : null;
+  const gcloud = infraPreset === "gcloud" ? "config/gke_gcloud_auth_plugin_cache" : null;
   const python = usePython ? `venv/
 **/__pycache__` : null;
   return [common, gcloud, python].filter(Boolean).join("\n");
@@ -1854,12 +1854,12 @@ function getUserChoices(projectName) {
     },
     {
       type: "list",
-      name: "infraVariant",
-      message: "Where does your cluster run?",
+      name: "infraPreset",
+      message: "Select your infrastructure preset:",
       choices: [
-        { name: "Google Cloud", value: "gcloud" },
-        { name: "Digital Ocean", value: "digitalocean" },
-        { name: "Hetzner", value: "hetzner" }
+        { name: "Google Cloud (GKE + GCP Registry)", value: "gcloud" },
+        { name: "Digital Ocean (DO K8s + DO Registry)", value: "digitalocean" },
+        { name: "Hetzner (Hetzner K8s + Harbor)", value: "hetzner" }
       ]
     },
     {
@@ -1867,21 +1867,21 @@ function getUserChoices(projectName) {
       name: "gcloudProjectId",
       message: "Enter the GCP project ID (default: 'changeme')",
       default: "changeme",
-      when: (answers) => answers.infraVariant === "gcloud"
+      when: (answers) => answers.infraPreset === "gcloud"
     },
     {
       type: "input",
       name: "registryImagePathPrefix",
       message: (answers) => `Enter your Digital Ocean container registry name (default: '${answers.projectName}')`,
       default: (answers) => answers.projectName,
-      when: (answers) => answers.infraVariant === "digitalocean"
+      when: (answers) => answers.infraPreset === "digitalocean"
     },
     {
       type: "input",
       name: "registryBaseUrl",
       message: (answers) => `Enter your registry base URL (default: 'registry.${answers.stagingDomain}')`,
       default: (answers) => `registry.${answers.stagingDomain}`,
-      when: (answers) => answers.infraVariant === "hetzner"
+      when: (answers) => answers.infraPreset === "hetzner"
     },
     {
       type: "confirm",
@@ -2069,8 +2069,8 @@ var job = { oneLiner: oneLiner11, keyExamples: keyExamples11, run: run11 };
 
 // src/libs/hetzner/reg-secret.ts
 function isApplicable() {
-  const infra = getConst("infra");
-  if (infra !== "hetzner") {
+  const registryInfra = getConst("registry-infra");
+  if (registryInfra !== "harbor") {
     console.warn(
       "Setting up registry permissions is only needed for Harbor in a Hetzner setup"
     );
@@ -2322,8 +2322,8 @@ function stargGarbageCollection(registryName) {
   new CommandExecutor(cmd).exec();
 }
 function prune(registryFullName, repoName, image2) {
-  const infra = getConst("infra");
-  if (infra !== "digitalocean") {
+  const registryInfra = getConst("registry-infra");
+  if (registryInfra !== "digitalocean") {
     console.warn(
       "Pruning is only supported for the DigitalOcean container registry"
     );
@@ -2375,7 +2375,7 @@ USAGE
   Prunes the repository of old images to enforce the "image-versions-to-keep" constant in config/constants.yaml:
     devops registry prune <image> --env <env>
 
-    This is only relevant when the "infra" constant is set to "digitalocean".
+    This is only relevant when the "registry-infra" constant is set to "digitalocean".
 
 EXAMPLES
     ${keyExamples14}

package/dist/index.d.ts

@@ -4,7 +4,7 @@ declare const SUPPORTED_LANGUAGES: readonly ["python", "node"];
 type SupportedLanguages = typeof SUPPORTED_LANGUAGES[number];
 declare const constFileSchema: z.ZodObject<{
     "project-name": z.ZodString;
-    infra: z.ZodEnum<["hetzner", "digitalocean", "gcloud"]>;
+    "registry-infra": z.ZodEnum<["digitalocean", "gcp", "harbor"]>;
     "image-versions-to-keep": z.ZodOptional<z.ZodNumber>;
     "registry-base-url": z.ZodString;
     "registry-image-path-prefix": z.ZodOptional<z.ZodString>;
@@ -14,7 +14,7 @@ declare const constFileSchema: z.ZodObject<{
     extensions: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
 }, "strip", z.ZodTypeAny, {
     "project-name": string;
-    infra: "hetzner" | "digitalocean" | "gcloud";
+    "registry-infra": "digitalocean" | "gcp" | "harbor";
     "registry-base-url": string;
     "extra-remote-environments": string[];
     "extra-local-environments": string[];
@@ -24,7 +24,7 @@ declare const constFileSchema: z.ZodObject<{
     extensions?: string[] | undefined;
 }, {
     "project-name": string;
-    infra: "hetzner" | "digitalocean" | "gcloud";
+    "registry-infra": "digitalocean" | "gcp" | "harbor";
     "registry-base-url": string;
     "extra-remote-environments": string[];
     "extra-local-environments": string[];

package/dist/index.js

@@ -2,7 +2,7 @@ import {
   InternalToken,
   decryptAes256Gcm,
   encryptAes256Gcm
-} from "./chunk-N7EX3HJH.js";
+} from "./chunk-N2NFRGJO.js";
 import {
   SUPPORTED_LANGUAGES,
   constFileSchema,
@@ -10,7 +10,7 @@ import {
   packageFileNodeSchema,
   packageFilePythonSchema,
   workspaces
-} from "./chunk-RZ46YYZZ.js";
+} from "./chunk-HXGGJIAS.js";
 
 // src/app-support/discovery/dev-discovery-loader.ts
 var _portLookupByServiceName = null;

package/dist/plugins.js

@@ -5,8 +5,8 @@ import {
   kubectlCommand,
   pkgRoot,
   printUsageAndExit
-} from "./chunk-WKP7EQNU.js";
-import "./chunk-RZ46YYZZ.js";
+} from "./chunk-OFUEFG64.js";
+import "./chunk-HXGGJIAS.js";
 
 // src/plugins.ts
 import path from "path";

package/dist/src/target-templates/infra-variants/digitalocean/.devops/config/constants.yaml

@@ -1,8 +1,8 @@
 # These will be used when generating kubernetes entities
 project-name: $PROJECT_NAME
 
-# Supported: hetzner, digitalocean, or gcloud
-infra: digitalocean
+# Registry infrastructure: digitalocean, gcp, or harbor
+registry-infra: digitalocean
 
 # Only relevant for Digital Ocean. Determines the number of versions to keep for each docker image.
 image-versions-to-keep: 5

package/dist/src/target-templates/infra-variants/digitalocean/.github/workflows/k8s-build.yaml

@@ -31,12 +31,17 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Digital Ocean
-        uses: ./.github/actions/connect-to-digital-ocean@v1
+      - name: Connect to DigitalOcean K8s
+        uses: ./.github/actions/k8s/connect-to-digitalocean-k8s@v1
         with:
           access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
 
+      - name: Connect to DOCR
+        uses: ./.github/actions/registry/connect-to-docr@v1
+        with:
+          access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1
@@ -64,12 +69,17 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Digital Ocean
-        uses: ./.github/actions/connect-to-digital-ocean@v1
+      - name: Connect to DigitalOcean K8s
+        uses: ./.github/actions/k8s/connect-to-digitalocean-k8s@v1
         with:
           access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
 
+      - name: Connect to DOCR
+        uses: ./.github/actions/registry/connect-to-docr@v1
+        with:
+          access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1

package/dist/src/target-templates/infra-variants/gcloud/.devops/config/constants.yaml

@@ -1,8 +1,8 @@
 # These will be used when generating kubernetes entities
 project-name: $PROJECT_NAME
 
-# Supported: hetzner, digitalocean, or gcloud
-infra: gcloud
+# Registry infrastructure: digitalocean, gcp, or harbor
+registry-infra: gcp
 
 registry-base-url: gcr.io
 # What comes before <image-name>:<tag>. Can be empty.

package/dist/src/target-templates/infra-variants/gcloud/.github/workflows/k8s-build.yaml

@@ -31,14 +31,21 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Google Cloud GKE
-        uses: ./.github/actions/connect-to-gke@v1
+      - name: Connect to GKE
+        uses: ./.github/actions/k8s/connect-to-gke@v1
         with:
           project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
           zone: ${{ secrets.GCLOUD_ZONE }}
           cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
           service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
 
+      - name: Connect to Artifact Registry
+        uses: ./.github/actions/registry/connect-to-artifact-registry@v1
+        with:
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+          project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
+          region: ${{ secrets.GCLOUD_ARTIFACT_REGISTRY_REGION }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1
@@ -66,14 +73,21 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Google Cloud GKE
-        uses: ./.github/actions/connect-to-gke@v1
+      - name: Connect to GKE
+        uses: ./.github/actions/k8s/connect-to-gke@v1
         with:
           project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
           zone: ${{ secrets.GCLOUD_ZONE }}
           cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
           service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
 
+      - name: Connect to Artifact Registry
+        uses: ./.github/actions/registry/connect-to-artifact-registry@v1
+        with:
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+          project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
+          region: ${{ secrets.GCLOUD_ARTIFACT_REGISTRY_REGION }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1

package/dist/src/target-templates/infra-variants/hetzner/.devops/config/constants.yaml

@@ -1,8 +1,8 @@
 # These will be used when generating kubernetes entities
 project-name: $PROJECT_NAME
 
-# Supported: hetzner, digitalocean, or gcloud
-infra: hetzner
+# Registry infrastructure: digitalocean, gcp, or harbor
+registry-infra: harbor
 
 # Only relevant for Digital Ocean. Determines the number of versions to keep for each docker image.
 image-versions-to-keep: 5

package/dist/src/target-templates/infra-variants/hetzner/.github/workflows/k8s-build.yaml

@@ -31,10 +31,14 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Hetzner
-        uses: ./.github/actions/connect-to-hetzner@v1
+      - name: Connect to Hetzner K8s
+        uses: ./.github/actions/k8s/connect-to-hetzner-k8s@v1
         with:
           kubeconfig: ${{ secrets.HCLOUD_KUBECONFIG }}
+
+      - name: Connect to Harbor Registry
+        uses: ./.github/actions/registry/connect-to-harbor@v1
+        with:
           harbor_user: ${{ secrets.HARBOR_USER }}
           harbor_password: ${{ secrets.HARBOR_PASSWORD }}
 
@@ -65,10 +69,14 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Hetzner
-        uses: ./.github/actions/connect-to-hetzner@v1
+      - name: Connect to Hetzner K8s
+        uses: ./.github/actions/k8s/connect-to-hetzner-k8s@v1
         with:
           kubeconfig: ${{ secrets.HCLOUD_KUBECONFIG }}
+
+      - name: Connect to Harbor Registry
+        uses: ./.github/actions/registry/connect-to-harbor@v1
+        with:
           harbor_user: ${{ secrets.HARBOR_USER }}
           harbor_password: ${{ secrets.HARBOR_PASSWORD }}
 

package/{src/target-templates/lang-variants-common/typescript/.github/actions/connect-to-digital-ocean@v1 → dist/src/target-templates/lang-variants-common/typescript/.github/actions/k8s/connect-to-digitalocean-k8s@v1}/action.yaml

@@ -1,5 +1,5 @@
-name: "Connect to Digital Ocean"
-description: "Sets up kubernetes connection to Digital Ocean and ensures connection"
+name: "Connect to DigitalOcean K8s"
+description: "Sets up kubernetes connection to DigitalOcean cluster"
 inputs:
   access_token:
     description: "DigitalOcean access token"
@@ -15,15 +15,11 @@ runs:
       with:
         token: ${{ inputs.access_token }}
 
-    - name: Log in to DigitalOcean Container Registry with short-lived credentials
-      run: doctl registry login --expiry-seconds 1200
-      shell: bash
-
     - name: Save DigitalOcean kubeconfig with short-lived credentials
-      run: | 
+      run: |
         doctl kubernetes cluster kubeconfig save --expiry-seconds 1200 ${{ inputs.cluster_name }}
       shell: bash
 
-    - name: verify namepsace exists
+    - name: Verify namespace exists
       run: devops namespace check --env ${{ github.ref_name }}
       shell: bash

package/dist/src/target-templates/lang-variants-common/typescript/.github/actions/{connect-to-gke@v1 → k8s/connect-to-gke@v1}/action.yaml

@@ -1,5 +1,5 @@
-name: "Connect to Google Cloud GKE"
-description: "Sets up kubernetes connection to Google Cloud and ensures connection"
+name: "Connect to GKE"
+description: "Sets up kubernetes connection to Google Kubernetes Engine cluster"
 inputs:
   project_id:
     description: "Google Cloud project ID"
@@ -25,19 +25,15 @@ runs:
     - name: Install gcloud
       uses: google-github-actions/setup-gcloud@v2
       with:
-        project_id: ${{ inputs.project_id }}        
-
-    - name: Configure Docker auth
-      shell: bash
-      run: gcloud --quiet auth configure-docker 
+        project_id: ${{ inputs.project_id }}
 
     - name: Fetch GKE credentials
       uses: google-github-actions/get-gke-credentials@v2
       with:
         cluster_name: ${{ inputs.cluster_name }}
         location: ${{ inputs.zone }}
-        project_id: ${{ inputs.project_id }}      
+        project_id: ${{ inputs.project_id }}
 
-    - name: verify namepsace exists
+    - name: Verify namespace exists
       run: devops namespace check --env ${{ github.ref_name }}
       shell: bash

package/dist/src/target-templates/lang-variants-common/typescript/.github/actions/k8s/connect-to-hetzner-k8s@v1/action.yaml

@@ -0,0 +1,19 @@
+name: "Connect to Hetzner K8s"
+description: "Sets up kubernetes connection to Hetzner cluster"
+inputs:
+  kubeconfig:
+    description: "The Hetzner kubeconfig file"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Create a kubeconfig file
+      run: |
+        mkdir -p ~/.kube
+        echo "${{ inputs.kubeconfig }}" > ~/.kube/config
+        chmod 600 ~/.kube/config
+      shell: bash
+
+    - name: Verify cluster connection and that namespace exists
+      run: devops namespace check --env ${{ github.ref_name }}
+      shell: bash

package/dist/src/target-templates/lang-variants-common/typescript/.github/actions/registry/connect-to-artifact-registry@v1/action.yaml

@@ -0,0 +1,29 @@
+name: "Connect to Artifact Registry"
+description: "Authenticates to Google Artifact Registry"
+inputs:
+  service_account_key:
+    description: "Google Cloud service account key in JSON format"
+    required: true
+  project_id:
+    description: "Google Cloud project ID"
+    required: true
+  region:
+    description: "Google Cloud Artifact Registry region (e.g., us-central1)"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v2
+      with:
+        project_id: ${{ inputs.project_id }}
+        credentials_json: ${{ inputs.service_account_key }}
+
+    - name: Install gcloud
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        project_id: ${{ inputs.project_id }}
+
+    - name: Configure Docker auth for Artifact Registry
+      shell: bash
+      run: gcloud --quiet auth configure-docker ${{ inputs.region }}-docker.pkg.dev

package/dist/src/target-templates/lang-variants-common/typescript/.github/actions/registry/connect-to-docr@v1/action.yaml

@@ -0,0 +1,17 @@
+name: "Connect to DOCR"
+description: "Authenticates to DigitalOcean Container Registry"
+inputs:
+  access_token:
+    description: "DigitalOcean access token"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Install doctl
+      uses: digitalocean/action-doctl@v2
+      with:
+        token: ${{ inputs.access_token }}
+
+    - name: Log in to DigitalOcean Container Registry with short-lived credentials
+      run: doctl registry login --expiry-seconds 1200
+      shell: bash

package/dist/src/target-templates/lang-variants-common/typescript/.github/actions/registry/connect-to-harbor@v1/action.yaml

@@ -0,0 +1,24 @@
+name: "Connect to Harbor Registry"
+description: "Authenticates to Harbor container registry"
+inputs:
+  harbor_user:
+    description: "The user name for the harbor registry"
+    required: true
+  harbor_password:
+    description: "The password for the harbor registry"
+    required: true
+  harbor_url:
+    description: "The harbor registry URL (optional, uses devops registry server-url if not provided)"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: Connect to the registry
+      run: |
+        if [ -n "${{ inputs.harbor_url }}" ]; then
+          server_url="${{ inputs.harbor_url }}"
+        else
+          server_url=$(devops registry server-url)
+        fi
+        docker login $server_url -u '${{ inputs.harbor_user }}' -p ${{ inputs.harbor_password }}
+      shell: bash

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@vaharoni/devops",
   "type": "module",
-  "version": "1.2.17",
+  "version": "1.3.0",
   "description": "Devops utility",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/src/cli/core/constant.ts

@@ -2,7 +2,7 @@ import { getConst } from "../../libs/config";
 import { CLICommandParser, printUsageAndExit } from "../common";
 
 const oneLiner = "Prints to stdout a constant from constant.yaml";
-const keyExamples = `$ devops constant infra`;
+const keyExamples = `$ devops constant registry-infra`;
 
 const usage = `
 ${oneLiner}

package/src/cli/core/init.ts

@@ -3,7 +3,6 @@ import { InitGenerator, type InitGeneratorFileInfo } from "../../libs/init-gener
 import { CLICommandParser, printUsageAndExit } from "../common";
 import chalk from "chalk";
 import fs from 'fs-extra';
-import type { ConstFileSchema } from "../../types";
 
 const oneLiner =
   "Initializes the devops utility by copying template files to the current folder";
@@ -40,14 +39,14 @@ async function createFiles() {
   tc.setMessageGenerator(".envrc", envrcMessage);
 
   // gitignore
-  const gitIgnore = gitIgnoreContent(userChoices.infraVariant, userChoices.usePython)
+  const gitIgnore = gitIgnoreContent(userChoices.infraPreset, userChoices.usePython)
   tc.addGeneratedFile(".gitignore", gitIgnore);
   tc.setMessageGenerator(".gitignore", gitignoreMessageGen(gitIgnore));
 
   // Infra variants
-  tc.addCopiedFolder(`infra-variants/${userChoices.infraVariant}`, ".");
+  tc.addCopiedFolder(`infra-variants/${userChoices.infraPreset}`, ".");
   tc.enableSubtitution(".devops/config/constants.yaml");
-  if (userChoices.infraVariant === "hetzner") {
+  if (userChoices.infraPreset === "hetzner") {
     tc.enableSubtitution(".devops/infra/hetzner/harbor-cert.yaml");
     tc.enableSubtitution(".devops/infra/hetzner/harbor-values.yaml");
     tc.enableSubtitution(".devops/infra/hetzner/hcloud-config.yaml");
@@ -119,13 +118,13 @@ function packageJsonMessage(usePrisma: boolean) {
   ],`)}`
 }
 
-function gitIgnoreContent(infraVariant: UserChoices["infraVariant"], usePython: boolean) {
+function gitIgnoreContent(infraPreset: InfraPreset, usePython: boolean) {
   const common = `**/.env*
 config/kubeconfig
 tmp/**
 !tmp/**/.gitkeep`;
 
-  const gcloud = infraVariant === 'gcloud' 
+  const gcloud = infraPreset === 'gcloud'
     ? 'config/gke_gcloud_auth_plugin_cache'
     : null;
 
@@ -156,11 +155,13 @@ ${chalk.yellow(content)}`;
   }
 }
 
+type InfraPreset = "gcloud" | "digitalocean" | "hetzner";
+
 type UserChoices = {
   projectName: string;
   stagingDomain: string;
   productionDomain: string;
-  infraVariant: ConstFileSchema["infra"];
+  infraPreset: InfraPreset;
   gcloudProjectId?: string;
   registryImagePathPrefix?: string;
   registryBaseUrl?: string;
@@ -193,12 +194,12 @@ function getUserChoices(projectName: string | undefined): Promise<UserChoices> {
     },
     {
       type: "list",
-      name: "infraVariant",
-      message: "Where does your cluster run?",
+      name: "infraPreset",
+      message: "Select your infrastructure preset:",
       choices: [
-        { name: "Google Cloud", value: "gcloud" },
-        { name: "Digital Ocean", value: "digitalocean" },
-        { name: "Hetzner", value: "hetzner" },
+        { name: "Google Cloud (GKE + GCP Registry)", value: "gcloud" },
+        { name: "Digital Ocean (DO K8s + DO Registry)", value: "digitalocean" },
+        { name: "Hetzner (Hetzner K8s + Harbor)", value: "hetzner" },
       ],
     },
     {
@@ -206,21 +207,21 @@ function getUserChoices(projectName: string | undefined): Promise<UserChoices> {
       name: "gcloudProjectId",
       message: "Enter the GCP project ID (default: 'changeme')",
       default: "changeme",
-      when: (answers) => answers.infraVariant === "gcloud",
+      when: (answers) => answers.infraPreset === "gcloud",
     },
     {
       type: "input",
       name: "registryImagePathPrefix",
       message: (answers) => `Enter your Digital Ocean container registry name (default: '${answers.projectName}')`,
       default: (answers) => answers.projectName,
-      when: (answers) => answers.infraVariant === "digitalocean",
+      when: (answers) => answers.infraPreset === "digitalocean",
     },
     {
       type: "input",
       name: "registryBaseUrl",
       message: (answers) => `Enter your registry base URL (default: 'registry.${answers.stagingDomain}')`,
       default: (answers) => `registry.${answers.stagingDomain}`,
-      when: (answers) => answers.infraVariant === "hetzner",
+      when: (answers) => answers.infraPreset === "hetzner",
     },
     {
       type: "confirm",

package/src/cli/core/registry.ts

@@ -35,7 +35,7 @@ USAGE
   Prunes the repository of old images to enforce the "image-versions-to-keep" constant in config/constants.yaml:
     devops registry prune <image> --env <env>
 
-    This is only relevant when the "infra" constant is set to "digitalocean".
+    This is only relevant when the "registry-infra" constant is set to "digitalocean".
 
 EXAMPLES
     ${keyExamples}

package/src/libs/digital-ocean/container-reg.ts

@@ -63,8 +63,8 @@ export function prune(
   repoName: string,
   image: string
 ) {
-  const infra = getConst("infra");
-  if (infra !== "digitalocean") {
+  const registryInfra = getConst("registry-infra");
+  if (registryInfra !== "digitalocean") {
     console.warn(
       "Pruning is only supported for the DigitalOcean container registry"
     );

package/src/libs/hetzner/reg-secret.ts

@@ -4,8 +4,8 @@ import { envToNamespace } from "../k8s-constants";
 import { kubectlCommand } from "../k8s-helpers";
 
 function isApplicable() {
-  const infra = getConst("infra");
-  if (infra !== "hetzner") {
+  const registryInfra = getConst("registry-infra");
+  if (registryInfra !== "harbor") {
     console.warn(
       "Setting up registry permissions is only needed for Harbor in a Hetzner setup"
     );

package/src/target-templates/infra-variants/digitalocean/.devops/config/constants.yaml

@@ -1,8 +1,8 @@
 # These will be used when generating kubernetes entities
 project-name: $PROJECT_NAME
 
-# Supported: hetzner, digitalocean, or gcloud
-infra: digitalocean
+# Registry infrastructure: digitalocean, gcp, or harbor
+registry-infra: digitalocean
 
 # Only relevant for Digital Ocean. Determines the number of versions to keep for each docker image.
 image-versions-to-keep: 5

package/src/target-templates/infra-variants/digitalocean/.github/workflows/k8s-build.yaml

@@ -31,12 +31,17 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Digital Ocean
-        uses: ./.github/actions/connect-to-digital-ocean@v1
+      - name: Connect to DigitalOcean K8s
+        uses: ./.github/actions/k8s/connect-to-digitalocean-k8s@v1
         with:
           access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
 
+      - name: Connect to DOCR
+        uses: ./.github/actions/registry/connect-to-docr@v1
+        with:
+          access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1
@@ -64,12 +69,17 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Digital Ocean
-        uses: ./.github/actions/connect-to-digital-ocean@v1
+      - name: Connect to DigitalOcean K8s
+        uses: ./.github/actions/k8s/connect-to-digitalocean-k8s@v1
         with:
           access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
 
+      - name: Connect to DOCR
+        uses: ./.github/actions/registry/connect-to-docr@v1
+        with:
+          access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1

package/src/target-templates/infra-variants/gcloud/.devops/config/constants.yaml

@@ -1,8 +1,8 @@
 # These will be used when generating kubernetes entities
 project-name: $PROJECT_NAME
 
-# Supported: hetzner, digitalocean, or gcloud
-infra: gcloud
+# Registry infrastructure: digitalocean, gcp, or harbor
+registry-infra: gcp
 
 registry-base-url: gcr.io
 # What comes before <image-name>:<tag>. Can be empty.

package/src/target-templates/infra-variants/gcloud/.github/workflows/k8s-build.yaml

@@ -31,14 +31,21 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Google Cloud GKE
-        uses: ./.github/actions/connect-to-gke@v1
+      - name: Connect to GKE
+        uses: ./.github/actions/k8s/connect-to-gke@v1
         with:
           project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
           zone: ${{ secrets.GCLOUD_ZONE }}
           cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
           service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
 
+      - name: Connect to Artifact Registry
+        uses: ./.github/actions/registry/connect-to-artifact-registry@v1
+        with:
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+          project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
+          region: ${{ secrets.GCLOUD_ARTIFACT_REGISTRY_REGION }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1
@@ -66,14 +73,21 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Google Cloud GKE
-        uses: ./.github/actions/connect-to-gke@v1
+      - name: Connect to GKE
+        uses: ./.github/actions/k8s/connect-to-gke@v1
         with:
           project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
           zone: ${{ secrets.GCLOUD_ZONE }}
           cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
           service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
 
+      - name: Connect to Artifact Registry
+        uses: ./.github/actions/registry/connect-to-artifact-registry@v1
+        with:
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+          project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
+          region: ${{ secrets.GCLOUD_ARTIFACT_REGISTRY_REGION }}
+
       # For deploying images to Cloud Run
       # - name: Connect to Cloud Run
       #   uses: ./.github/actions/connect-to-cloud-run@v1

package/src/target-templates/infra-variants/hetzner/.devops/config/constants.yaml

@@ -1,8 +1,8 @@
 # These will be used when generating kubernetes entities
 project-name: $PROJECT_NAME
 
-# Supported: hetzner, digitalocean, or gcloud
-infra: hetzner
+# Registry infrastructure: digitalocean, gcp, or harbor
+registry-infra: harbor
 
 # Only relevant for Digital Ocean. Determines the number of versions to keep for each docker image.
 image-versions-to-keep: 5

package/src/target-templates/infra-variants/hetzner/.github/workflows/k8s-build.yaml

@@ -31,10 +31,14 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Hetzner
-        uses: ./.github/actions/connect-to-hetzner@v1
+      - name: Connect to Hetzner K8s
+        uses: ./.github/actions/k8s/connect-to-hetzner-k8s@v1
         with:
           kubeconfig: ${{ secrets.HCLOUD_KUBECONFIG }}
+
+      - name: Connect to Harbor Registry
+        uses: ./.github/actions/registry/connect-to-harbor@v1
+        with:
           harbor_user: ${{ secrets.HARBOR_USER }}
           harbor_password: ${{ secrets.HARBOR_PASSWORD }}
 
@@ -65,10 +69,14 @@ jobs:
       - name: Setup prerequesites
         uses: ./.github/actions/setup-prereq@v1
 
-      - name: Connect to Hetzner
-        uses: ./.github/actions/connect-to-hetzner@v1
+      - name: Connect to Hetzner K8s
+        uses: ./.github/actions/k8s/connect-to-hetzner-k8s@v1
         with:
           kubeconfig: ${{ secrets.HCLOUD_KUBECONFIG }}
+
+      - name: Connect to Harbor Registry
+        uses: ./.github/actions/registry/connect-to-harbor@v1
+        with:
           harbor_user: ${{ secrets.HARBOR_USER }}
           harbor_password: ${{ secrets.HARBOR_PASSWORD }}
 

package/{dist/src/target-templates/lang-variants-common/typescript/.github/actions/connect-to-digital-ocean@v1 → src/target-templates/lang-variants-common/typescript/.github/actions/k8s/connect-to-digitalocean-k8s@v1}/action.yaml

@@ -1,5 +1,5 @@
-name: "Connect to Digital Ocean"
-description: "Sets up kubernetes connection to Digital Ocean and ensures connection"
+name: "Connect to DigitalOcean K8s"
+description: "Sets up kubernetes connection to DigitalOcean cluster"
 inputs:
   access_token:
     description: "DigitalOcean access token"
@@ -15,15 +15,11 @@ runs:
       with:
         token: ${{ inputs.access_token }}
 
-    - name: Log in to DigitalOcean Container Registry with short-lived credentials
-      run: doctl registry login --expiry-seconds 1200
-      shell: bash
-
     - name: Save DigitalOcean kubeconfig with short-lived credentials
-      run: | 
+      run: |
         doctl kubernetes cluster kubeconfig save --expiry-seconds 1200 ${{ inputs.cluster_name }}
       shell: bash
 
-    - name: verify namepsace exists
+    - name: Verify namespace exists
       run: devops namespace check --env ${{ github.ref_name }}
       shell: bash

package/src/target-templates/lang-variants-common/typescript/.github/actions/{connect-to-gke@v1 → k8s/connect-to-gke@v1}/action.yaml

@@ -1,5 +1,5 @@
-name: "Connect to Google Cloud GKE"
-description: "Sets up kubernetes connection to Google Cloud and ensures connection"
+name: "Connect to GKE"
+description: "Sets up kubernetes connection to Google Kubernetes Engine cluster"
 inputs:
   project_id:
     description: "Google Cloud project ID"
@@ -25,19 +25,15 @@ runs:
     - name: Install gcloud
       uses: google-github-actions/setup-gcloud@v2
       with:
-        project_id: ${{ inputs.project_id }}        
-
-    - name: Configure Docker auth
-      shell: bash
-      run: gcloud --quiet auth configure-docker 
+        project_id: ${{ inputs.project_id }}
 
     - name: Fetch GKE credentials
       uses: google-github-actions/get-gke-credentials@v2
       with:
         cluster_name: ${{ inputs.cluster_name }}
         location: ${{ inputs.zone }}
-        project_id: ${{ inputs.project_id }}      
+        project_id: ${{ inputs.project_id }}
 
-    - name: verify namepsace exists
+    - name: Verify namespace exists
       run: devops namespace check --env ${{ github.ref_name }}
       shell: bash

package/src/target-templates/lang-variants-common/typescript/.github/actions/k8s/connect-to-hetzner-k8s@v1/action.yaml

@@ -0,0 +1,19 @@
+name: "Connect to Hetzner K8s"
+description: "Sets up kubernetes connection to Hetzner cluster"
+inputs:
+  kubeconfig:
+    description: "The Hetzner kubeconfig file"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Create a kubeconfig file
+      run: |
+        mkdir -p ~/.kube
+        echo "${{ inputs.kubeconfig }}" > ~/.kube/config
+        chmod 600 ~/.kube/config
+      shell: bash
+
+    - name: Verify cluster connection and that namespace exists
+      run: devops namespace check --env ${{ github.ref_name }}
+      shell: bash

package/src/target-templates/lang-variants-common/typescript/.github/actions/registry/connect-to-artifact-registry@v1/action.yaml

@@ -0,0 +1,29 @@
+name: "Connect to Artifact Registry"
+description: "Authenticates to Google Artifact Registry"
+inputs:
+  service_account_key:
+    description: "Google Cloud service account key in JSON format"
+    required: true
+  project_id:
+    description: "Google Cloud project ID"
+    required: true
+  region:
+    description: "Google Cloud Artifact Registry region (e.g., us-central1)"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v2
+      with:
+        project_id: ${{ inputs.project_id }}
+        credentials_json: ${{ inputs.service_account_key }}
+
+    - name: Install gcloud
+      uses: google-github-actions/setup-gcloud@v2
+      with:
+        project_id: ${{ inputs.project_id }}
+
+    - name: Configure Docker auth for Artifact Registry
+      shell: bash
+      run: gcloud --quiet auth configure-docker ${{ inputs.region }}-docker.pkg.dev

package/src/target-templates/lang-variants-common/typescript/.github/actions/registry/connect-to-docr@v1/action.yaml

@@ -0,0 +1,17 @@
+name: "Connect to DOCR"
+description: "Authenticates to DigitalOcean Container Registry"
+inputs:
+  access_token:
+    description: "DigitalOcean access token"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Install doctl
+      uses: digitalocean/action-doctl@v2
+      with:
+        token: ${{ inputs.access_token }}
+
+    - name: Log in to DigitalOcean Container Registry with short-lived credentials
+      run: doctl registry login --expiry-seconds 1200
+      shell: bash

package/src/target-templates/lang-variants-common/typescript/.github/actions/registry/connect-to-harbor@v1/action.yaml

@@ -0,0 +1,24 @@
+name: "Connect to Harbor Registry"
+description: "Authenticates to Harbor container registry"
+inputs:
+  harbor_user:
+    description: "The user name for the harbor registry"
+    required: true
+  harbor_password:
+    description: "The password for the harbor registry"
+    required: true
+  harbor_url:
+    description: "The harbor registry URL (optional, uses devops registry server-url if not provided)"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    - name: Connect to the registry
+      run: |
+        if [ -n "${{ inputs.harbor_url }}" ]; then
+          server_url="${{ inputs.harbor_url }}"
+        else
+          server_url=$(devops registry server-url)
+        fi
+        docker login $server_url -u '${{ inputs.harbor_user }}' -p ${{ inputs.harbor_password }}
+      shell: bash

package/src/types/index.ts

@@ -7,7 +7,7 @@ export type SupportedLanguages = typeof SUPPORTED_LANGUAGES[number];
 
 export const constFileSchema = z.object({
   "project-name": z.string(),
-  "infra": z.enum(["hetzner", "digitalocean", "gcloud"]),
+  "registry-infra": z.enum(["digitalocean", "gcp", "harbor"]),
   "image-versions-to-keep": z.number().optional(),
   "registry-base-url": z.string(),
   "registry-image-path-prefix": z.string().optional(),

package/dist/src/target-templates/lang-variants-common/typescript/.github/actions/connect-to-hetzner@v1/action.yaml

@@ -1,31 +0,0 @@
-name: "Connect to Hetzner"
-description: "Sets up kubernetes connection to Hetzner and ensures connection"
-inputs:
-  kubeconfig:
-    description: "The Hetzner kubeconfig file"
-    required: true
-  harbor_user:
-    description: "The user name for the harbor registry"
-    required: true
-  harbor_password:
-    description: "The password for the harbor registry"
-    required: true
-runs:
-  using: "composite"
-  steps:
-    - name: Create a kubeconfig file
-      run: | 
-        mkdir -p ~/.kube
-        echo "${{ inputs.kubeconfig }}" > ~/.kube/config
-        chmod 600 ~/.kube/config
-      shell: bash
-
-    - name: Verify cluster connection and that namepsace exists
-      run: devops namespace check --env ${{ github.ref_name }}
-      shell: bash
-
-    - name: Connect to the registry
-      run: | 
-        server_url=$(devops registry server-url)
-        docker login $server_url -u '${{ inputs.harbor_user }}' -p ${{ inputs.harbor_password }}
-      shell: bash

package/src/target-templates/lang-variants-common/typescript/.github/actions/connect-to-hetzner@v1/action.yaml

@@ -1,31 +0,0 @@
-name: "Connect to Hetzner"
-description: "Sets up kubernetes connection to Hetzner and ensures connection"
-inputs:
-  kubeconfig:
-    description: "The Hetzner kubeconfig file"
-    required: true
-  harbor_user:
-    description: "The user name for the harbor registry"
-    required: true
-  harbor_password:
-    description: "The password for the harbor registry"
-    required: true
-runs:
-  using: "composite"
-  steps:
-    - name: Create a kubeconfig file
-      run: | 
-        mkdir -p ~/.kube
-        echo "${{ inputs.kubeconfig }}" > ~/.kube/config
-        chmod 600 ~/.kube/config
-      shell: bash
-
-    - name: Verify cluster connection and that namepsace exists
-      run: devops namespace check --env ${{ github.ref_name }}
-      shell: bash
-
-    - name: Connect to the registry
-      run: | 
-        server_url=$(devops registry server-url)
-        docker login $server_url -u '${{ inputs.harbor_user }}' -p ${{ inputs.harbor_password }}
-      shell: bash