create-svc 0.1.19 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/package.json +1 -1
  2. package/src/post-scaffold.test.ts +22 -3
  3. package/src/post-scaffold.ts +31 -6
  4. package/src/scaffold.test.ts +1 -0
  5. package/templates/shared/scripts/cloudrun/deploy.ts +2 -1
  6. package/templates/shared/scripts/cloudrun/lib.ts +55 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-svc",
3
- "version": "0.1.19",
3
+ "version": "0.1.21",
4
4
  "description": "Local microservice bootstrap CLI for Cloud Run and Workers services with Neon-backed data.",
5
5
  "module": "index.ts",
6
6
  "type": "module",
package/src/post-scaffold.test.ts CHANGED
@@ -28,8 +28,8 @@ describe("buildPostScaffoldCommands", () => {
28
28
  describe("buildDeploymentVerificationCommands", () => {
29
29
  test("uses curl health checks for HTTP services", () => {
30
30
  expect(buildDeploymentVerificationCommands({ apiHostname: "api.launch.anmho.com", framework: "hono", runtime: "bun" })).toEqual([
31
- { command: "curl", args: ["--fail", "--show-error", "--silent", "https://api.launch.anmho.com/healthz"] },
32
- { command: "curl", args: ["--fail", "--show-error", "--silent", "https://api.launch.anmho.com/readyz"] },
31
+ { command: "sh", args: ["-c", 'curl --fail --show-error --silent "https://api.launch.anmho.com/healthz"'] },
32
+ { command: "sh", args: ["-c", 'curl --fail --show-error --silent "https://api.launch.anmho.com/readyz"'] },
33
33
  {
34
34
  command: "sh",
35
35
  args: [
@@ -40,12 +40,31 @@ describe("buildDeploymentVerificationCommands", () => {
40
40
  ]);
41
41
  });
42
42
 
43
+ test("uses the immediate Cloud Run service URL when project details are available", () => {
44
+ expect(
45
+ buildDeploymentVerificationCommands({
46
+ apiHostname: "api.launch.anmho.com",
47
+ framework: "hono",
48
+ runtime: "bun",
49
+ serviceName: "launch-api",
50
+ gcpProject: "anmho-infra-prod",
51
+ region: "us-west1",
52
+ })
53
+ ).toContainEqual({
54
+ command: "sh",
55
+ args: [
56
+ "-c",
57
+ 'curl --fail --show-error --silent "$(gcloud run services describe launch-api --project anmho-infra-prod --region us-west1 --format=value(status.url))/healthz"',
58
+ ],
59
+ });
60
+ });
61
+
43
62
  test("uses auth token and grpcurl for Go ConnectRPC services", () => {
44
63
  expect(buildDeploymentVerificationCommands({ apiHostname: "api.launch.anmho.com", framework: "connectrpc", runtime: "go" })).toContainEqual({
45
64
  command: "sh",
46
65
  args: [
47
66
  "-c",
48
- 'TOKEN="$(bun ./scripts/cloudrun/cli.ts auth token)" && grpcurl -H "Authorization: Bearer $TOKEN" -d \'{"limit":1}\' -proto protos/waitlist/v1/waitlist.proto api.launch.anmho.com:443 waitlist.v1.WaitlistService/ListWaitlistEntries',
67
+ 'TOKEN="$(bun ./scripts/cloudrun/cli.ts auth token)" && grpcurl -H "Authorization: Bearer $TOKEN" -d \'{"limit":1}\' -proto protos/waitlist/v1/waitlist.proto "api.launch.anmho.com:443" waitlist.v1.WaitlistService/ListWaitlistEntries',
49
68
  ],
50
69
  });
51
70
  });
package/src/post-scaffold.ts CHANGED
@@ -55,23 +55,26 @@ function runWithRetries(command: PostScaffoldCommand, options: CommandOptions, a
55
55
  }
56
56
 
57
57
  export function buildDeploymentVerificationCommands(
58
- config: Pick<ScaffoldConfig, "apiHostname" | "framework" | "runtime"> & Partial<Pick<ScaffoldConfig, "target">>
58
+ config: Pick<ScaffoldConfig, "apiHostname" | "framework" | "runtime"> &
59
+ Partial<Pick<ScaffoldConfig, "target" | "serviceName" | "gcpProject" | "region">>
59
60
  ): PostScaffoldCommand[] {
60
- const origin = `https://${config.apiHostname}`;
61
+ const origin = verificationOrigin(config);
61
62
  const tokenCommand = `TOKEN="$(bun ${serviceCliPath(config)} auth token)"`;
62
63
  return [
63
- { command: "curl", args: ["--fail", "--show-error", "--silent", `${origin}/healthz`] },
64
- { command: "curl", args: ["--fail", "--show-error", "--silent", `${origin}/readyz`] },
64
+ shellVerificationCommand(`curl --fail --show-error --silent "${origin}/healthz"`),
65
+ shellVerificationCommand(`curl --fail --show-error --silent "${origin}/readyz"`),
65
66
  protectedVerificationCommand(config, origin, tokenCommand),
66
67
  ];
67
68
  }
68
69
 
69
70
  function protectedVerificationCommand(
70
- config: Pick<ScaffoldConfig, "apiHostname" | "framework" | "runtime">,
71
+ config: Pick<ScaffoldConfig, "apiHostname" | "framework" | "runtime"> &
72
+ Partial<Pick<ScaffoldConfig, "target" | "serviceName" | "gcpProject" | "region">>,
71
73
  origin: string,
72
74
  tokenCommand: string
73
75
  ): PostScaffoldCommand {
74
76
  if (config.framework === "connectrpc" && config.runtime === "go") {
77
+ const host = verificationHost(config);
75
78
  return {
76
79
  command: "sh",
77
80
  args: [
@@ -82,7 +85,7 @@ function protectedVerificationCommand(
82
85
  '-H "Authorization: Bearer $TOKEN"',
83
86
  "-d '{\"limit\":1}'",
84
87
  "-proto protos/waitlist/v1/waitlist.proto",
85
- `${config.apiHostname}:443`,
88
+ `"${host}:443"`,
86
89
  "waitlist.v1.WaitlistService/ListWaitlistEntries",
87
90
  ].join(" "),
88
91
  ],
@@ -120,6 +123,28 @@ function protectedVerificationCommand(
120
123
  };
121
124
  }
122
125
 
126
+ function shellVerificationCommand(script: string): PostScaffoldCommand {
127
+ return { command: "sh", args: ["-c", script] };
128
+ }
129
+
130
+ function verificationOrigin(
131
+ config: Partial<Pick<ScaffoldConfig, "target" | "serviceName" | "gcpProject" | "region">> & Pick<ScaffoldConfig, "apiHostname">
132
+ ) {
133
+ if (config.target !== "workers" && config.serviceName && config.gcpProject && config.region) {
134
+ return `$(gcloud run services describe ${config.serviceName} --project ${config.gcpProject} --region ${config.region} --format=value(status.url))`;
135
+ }
136
+ return `https://${config.apiHostname}`;
137
+ }
138
+
139
+ function verificationHost(
140
+ config: Partial<Pick<ScaffoldConfig, "target" | "serviceName" | "gcpProject" | "region">> & Pick<ScaffoldConfig, "apiHostname">
141
+ ) {
142
+ if (config.target !== "workers" && config.serviceName && config.gcpProject && config.region) {
143
+ return `$(gcloud run services describe ${config.serviceName} --project ${config.gcpProject} --region ${config.region} --format=value(status.url) | sed 's#^https://##')`;
144
+ }
145
+ return config.apiHostname;
146
+ }
147
+
123
148
  export function buildPostScaffoldCommands(
124
149
  config: Pick<ScaffoldConfig, "framework"> & Partial<Pick<ScaffoldConfig, "target">>
125
150
  ): PostScaffoldCommand[] {
package/src/scaffold.test.ts CHANGED
@@ -90,6 +90,7 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
90
90
  expect(deployScript).toContain("serviceDomain");
91
91
  expect(deployScript).toContain("ensureProductionDomainMapping");
92
92
  expect(deployScript).toContain("ensureCloudflareDnsRecord");
93
+ expect(deployScript).toContain("gcloudWithRetry");
93
94
  expect(deployScript).toContain("CLOUDFLARE_API_TOKEN");
94
95
  expect(deployScript).toContain('"domain-mappings",');
95
96
  expect(deployScript).toContain('"--region",');
package/templates/shared/scripts/cloudrun/deploy.ts CHANGED
@@ -8,6 +8,7 @@ import {
8
8
  ensureProductionDomainMapping,
9
9
  ensureSecretAccessor,
10
10
  gcloud,
11
+ gcloudWithRetry,
11
12
  imageUrl,
12
13
  parseDeployArgs,
13
14
  requireCommand,
@@ -74,7 +75,7 @@ export async function deploy(args = Bun.argv.slice(2)) {
74
75
  );
75
76
 
76
77
  await runStep("Granting public invoker access", () =>
77
- gcloud([
78
+ gcloudWithRetry([
78
79
  "run",
79
80
  "services",
80
81
  "add-iam-policy-binding",
package/templates/shared/scripts/cloudrun/lib.ts CHANGED
@@ -115,6 +115,22 @@ export function gcloud(args: string[], options: CommandOptions = {}) {
115
115
  return run("gcloud", normalized, options);
116
116
  }
117
117
 
118
+ export function gcloudWithRetry(args: string[], options: CommandOptions = {}) {
119
+ let lastError: unknown;
120
+ for (let attempt = 1; attempt <= 12; attempt += 1) {
121
+ try {
122
+ return gcloud(args, options);
123
+ } catch (error) {
124
+ lastError = error;
125
+ if (attempt === 12 || !isRetryableGcloudError(error)) {
126
+ break;
127
+ }
128
+ Bun.sleepSync(5_000);
129
+ }
130
+ }
131
+ throw lastError;
132
+ }
133
+
118
134
  export async function runStep<T>(label: string, task: () => Promise<T> | T) {
119
135
  const indicator = spinner();
120
136
  indicator.start(label);
@@ -176,6 +192,7 @@ export function ensureServiceAccount(email: string) {
176
192
 
177
193
  const accountId = email.split("@")[0] ?? email;
178
194
  gcloud(["iam", "service-accounts", "create", accountId, "--project", config.project.id, "--display-name", accountId]);
195
+ waitForServiceAccount(email);
179
196
  }
180
197
 
181
198
  export function deleteServiceAccount(email: string) {
@@ -183,11 +200,11 @@ export function deleteServiceAccount(email: string) {
183
200
  }
184
201
 
185
202
  export function ensureProjectRole(member: string, role: string) {
186
- gcloud(["projects", "add-iam-policy-binding", config.project.id, "--member", member, "--role", role]);
203
+ gcloudWithRetry(["projects", "add-iam-policy-binding", config.project.id, "--member", member, "--role", role]);
187
204
  }
188
205
 
189
206
  export function ensureServiceAccountRole(serviceAccount: string, member: string, role: string) {
190
- gcloud([
207
+ gcloudWithRetry([
191
208
  "iam",
192
209
  "service-accounts",
193
210
  "add-iam-policy-binding",
@@ -229,7 +246,17 @@ export function accessSecretVersion(secretName: string) {
229
246
  }
230
247
 
231
248
  export function ensureSecretAccessor(secretName: string, member: string) {
232
- gcloud(["secrets", "add-iam-policy-binding", secretName, "--project", config.project.id, "--member", member, "--role", "roles/secretmanager.secretAccessor"]);
249
+ gcloudWithRetry([
250
+ "secrets",
251
+ "add-iam-policy-binding",
252
+ secretName,
253
+ "--project",
254
+ config.project.id,
255
+ "--member",
256
+ member,
257
+ "--role",
258
+ "roles/secretmanager.secretAccessor",
259
+ ]);
233
260
  }
234
261
 
235
262
  export function listSecrets() {
@@ -737,6 +764,31 @@ function fetchJsonSync(url: string, init: { method: string; headers: Record<stri
737
764
  return JSON.parse(decoder.decode(result.stdout).trim()) as { status: number; body: string };
738
765
  }
739
766
 
767
+ function waitForServiceAccount(email: string) {
768
+ for (let attempt = 1; attempt <= 12; attempt += 1) {
769
+ if (gcloud(["iam", "service-accounts", "describe", email, "--project", config.project.id], { allowFailure: true }).success) {
770
+ return;
771
+ }
772
+ Bun.sleepSync(5_000);
773
+ }
774
+ throw new Error(`service account ${email} was created but is not yet readable`);
775
+ }
776
+
777
+ function isRetryableGcloudError(error: unknown) {
778
+ if (!(error instanceof CommandError)) {
779
+ return false;
780
+ }
781
+ const output = `${error.stdout}\n${error.stderr}`.toLowerCase();
782
+ return (
783
+ output.includes("does not exist") ||
784
+ output.includes("not found") ||
785
+ output.includes("permission denied") ||
786
+ output.includes("failed_precondition") ||
787
+ output.includes("try again") ||
788
+ output.includes("retry")
789
+ );
790
+ }
791
+
740
792
  export function describeCloudRunService(serviceName: string): GcpResourceWithLabels | undefined {
741
793
  const result = gcloud(
742
794
  ["run", "services", "describe", serviceName, "--project", config.project.id, "--region", config.region, "--format=json"],