create-svc 0.1.19 → 0.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
package/src/scaffold.test.ts
CHANGED
|
@@ -90,6 +90,7 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
|
|
|
90
90
|
expect(deployScript).toContain("serviceDomain");
|
|
91
91
|
expect(deployScript).toContain("ensureProductionDomainMapping");
|
|
92
92
|
expect(deployScript).toContain("ensureCloudflareDnsRecord");
|
|
93
|
+
expect(deployScript).toContain("gcloudWithRetry");
|
|
93
94
|
expect(deployScript).toContain("CLOUDFLARE_API_TOKEN");
|
|
94
95
|
expect(deployScript).toContain('"domain-mappings",');
|
|
95
96
|
expect(deployScript).toContain('"--region",');
|
|
@@ -8,6 +8,7 @@ import {
|
|
|
8
8
|
ensureProductionDomainMapping,
|
|
9
9
|
ensureSecretAccessor,
|
|
10
10
|
gcloud,
|
|
11
|
+
gcloudWithRetry,
|
|
11
12
|
imageUrl,
|
|
12
13
|
parseDeployArgs,
|
|
13
14
|
requireCommand,
|
|
@@ -74,7 +75,7 @@ export async function deploy(args = Bun.argv.slice(2)) {
|
|
|
74
75
|
);
|
|
75
76
|
|
|
76
77
|
await runStep("Granting public invoker access", () =>
|
|
77
|
-
|
|
78
|
+
gcloudWithRetry([
|
|
78
79
|
"run",
|
|
79
80
|
"services",
|
|
80
81
|
"add-iam-policy-binding",
|
|
@@ -115,6 +115,22 @@ export function gcloud(args: string[], options: CommandOptions = {}) {
|
|
|
115
115
|
return run("gcloud", normalized, options);
|
|
116
116
|
}
|
|
117
117
|
|
|
118
|
+
export function gcloudWithRetry(args: string[], options: CommandOptions = {}) {
|
|
119
|
+
let lastError: unknown;
|
|
120
|
+
for (let attempt = 1; attempt <= 12; attempt += 1) {
|
|
121
|
+
try {
|
|
122
|
+
return gcloud(args, options);
|
|
123
|
+
} catch (error) {
|
|
124
|
+
lastError = error;
|
|
125
|
+
if (attempt === 12 || !isRetryableGcloudError(error)) {
|
|
126
|
+
break;
|
|
127
|
+
}
|
|
128
|
+
Bun.sleepSync(5_000);
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
throw lastError;
|
|
132
|
+
}
|
|
133
|
+
|
|
118
134
|
export async function runStep<T>(label: string, task: () => Promise<T> | T) {
|
|
119
135
|
const indicator = spinner();
|
|
120
136
|
indicator.start(label);
|
|
@@ -176,6 +192,7 @@ export function ensureServiceAccount(email: string) {
|
|
|
176
192
|
|
|
177
193
|
const accountId = email.split("@")[0] ?? email;
|
|
178
194
|
gcloud(["iam", "service-accounts", "create", accountId, "--project", config.project.id, "--display-name", accountId]);
|
|
195
|
+
waitForServiceAccount(email);
|
|
179
196
|
}
|
|
180
197
|
|
|
181
198
|
export function deleteServiceAccount(email: string) {
|
|
@@ -183,11 +200,11 @@ export function deleteServiceAccount(email: string) {
|
|
|
183
200
|
}
|
|
184
201
|
|
|
185
202
|
export function ensureProjectRole(member: string, role: string) {
|
|
186
|
-
|
|
203
|
+
gcloudWithRetry(["projects", "add-iam-policy-binding", config.project.id, "--member", member, "--role", role]);
|
|
187
204
|
}
|
|
188
205
|
|
|
189
206
|
export function ensureServiceAccountRole(serviceAccount: string, member: string, role: string) {
|
|
190
|
-
|
|
207
|
+
gcloudWithRetry([
|
|
191
208
|
"iam",
|
|
192
209
|
"service-accounts",
|
|
193
210
|
"add-iam-policy-binding",
|
|
@@ -229,7 +246,17 @@ export function accessSecretVersion(secretName: string) {
|
|
|
229
246
|
}
|
|
230
247
|
|
|
231
248
|
export function ensureSecretAccessor(secretName: string, member: string) {
|
|
232
|
-
|
|
249
|
+
gcloudWithRetry([
|
|
250
|
+
"secrets",
|
|
251
|
+
"add-iam-policy-binding",
|
|
252
|
+
secretName,
|
|
253
|
+
"--project",
|
|
254
|
+
config.project.id,
|
|
255
|
+
"--member",
|
|
256
|
+
member,
|
|
257
|
+
"--role",
|
|
258
|
+
"roles/secretmanager.secretAccessor",
|
|
259
|
+
]);
|
|
233
260
|
}
|
|
234
261
|
|
|
235
262
|
export function listSecrets() {
|
|
@@ -737,6 +764,31 @@ function fetchJsonSync(url: string, init: { method: string; headers: Record<stri
|
|
|
737
764
|
return JSON.parse(decoder.decode(result.stdout).trim()) as { status: number; body: string };
|
|
738
765
|
}
|
|
739
766
|
|
|
767
|
+
function waitForServiceAccount(email: string) {
|
|
768
|
+
for (let attempt = 1; attempt <= 12; attempt += 1) {
|
|
769
|
+
if (gcloud(["iam", "service-accounts", "describe", email, "--project", config.project.id], { allowFailure: true }).success) {
|
|
770
|
+
return;
|
|
771
|
+
}
|
|
772
|
+
Bun.sleepSync(5_000);
|
|
773
|
+
}
|
|
774
|
+
throw new Error(`service account ${email} was created but is not yet readable`);
|
|
775
|
+
}
|
|
776
|
+
|
|
777
|
+
function isRetryableGcloudError(error: unknown) {
|
|
778
|
+
if (!(error instanceof CommandError)) {
|
|
779
|
+
return false;
|
|
780
|
+
}
|
|
781
|
+
const output = `${error.stdout}\n${error.stderr}`.toLowerCase();
|
|
782
|
+
return (
|
|
783
|
+
output.includes("does not exist") ||
|
|
784
|
+
output.includes("not found") ||
|
|
785
|
+
output.includes("permission denied") ||
|
|
786
|
+
output.includes("failed_precondition") ||
|
|
787
|
+
output.includes("try again") ||
|
|
788
|
+
output.includes("retry")
|
|
789
|
+
);
|
|
790
|
+
}
|
|
791
|
+
|
|
740
792
|
export function describeCloudRunService(serviceName: string): GcpResourceWithLabels | undefined {
|
|
741
793
|
const result = gcloud(
|
|
742
794
|
["run", "services", "describe", serviceName, "--project", config.project.id, "--region", config.region, "--format=json"],
|