npm - create-svc - Versions diffs - 0.1.2 → 0.1.3 - Mend

create-svc 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

package/package.json +4 -1
package/src/cli.ts +328 -108
package/src/gcp.test.ts +71 -0
package/src/gcp.ts +97 -0
package/src/naming.test.ts +37 -0
package/src/naming.ts +103 -0
package/src/neon.test.ts +48 -0
package/src/neon.ts +76 -0
package/src/post-scaffold.ts +77 -0
package/src/scaffold.test.ts +66 -31
package/src/scaffold.ts +60 -55
package/templates/shared/.github/workflows/ci.yml +22 -0
package/templates/shared/.github/workflows/deploy.yml +30 -0
package/templates/shared/.github/workflows/personal.yml +41 -0
package/templates/shared/.github/workflows/preview-cleanup.yml +25 -0
package/templates/shared/.github/workflows/preview.yml +29 -0
package/templates/shared/README.md +37 -0
package/templates/shared/scripts/cloudrun/bootstrap.ts +76 -0
package/templates/shared/scripts/cloudrun/config.ts +57 -0
package/templates/shared/scripts/cloudrun/deploy.ts +82 -0
package/templates/shared/scripts/cloudrun/lib.ts +380 -0
package/templates/shared/scripts/cloudrun/neon.ts +104 -0
package/templates/shared/service.yaml +28 -0
package/templates/variants/bun-connectrpc/Dockerfile +13 -0
package/templates/variants/bun-connectrpc/package.json +20 -0
package/templates/variants/bun-connectrpc/scripts/codegen.ts +1 -0
package/templates/variants/bun-connectrpc/src/index.ts +32 -0
package/templates/variants/bun-connectrpc/test/app.test.ts +17 -0
package/templates/variants/bun-connectrpc/tsconfig.json +10 -0
package/templates/variants/bun-hono/Dockerfile +13 -0
package/templates/variants/bun-hono/package.json +21 -0
package/templates/variants/bun-hono/scripts/codegen.ts +1 -0
package/templates/variants/bun-hono/src/index.ts +24 -0
package/templates/variants/bun-hono/test/app.test.ts +12 -0
package/templates/variants/bun-hono/tsconfig.json +10 -0
package/templates/variants/go-chi/Dockerfile +23 -0
package/templates/variants/go-chi/buf.gen.yaml +10 -0
package/templates/variants/go-chi/buf.yaml +9 -0
package/templates/variants/go-chi/cmd/server/main.go +52 -0
package/templates/variants/go-chi/gen/dns/v1/dns.pb.go +623 -0
package/templates/variants/go-chi/gen/dns/v1/dnsv1connect/dns.connect.go +192 -0
package/templates/variants/go-chi/go.mod +10 -0
package/templates/variants/go-chi/internal/app/service.go +109 -0
package/templates/variants/go-chi/internal/app/token_source.go +50 -0
package/templates/variants/go-chi/internal/cloudflare/client.go +160 -0
package/templates/variants/go-chi/internal/config/config.go +23 -0
package/templates/variants/go-chi/internal/connectapi/handler.go +79 -0
package/templates/variants/go-chi/internal/httpapi/routes.go +93 -0
package/templates/variants/go-chi/internal/vault/client.go +148 -0
package/templates/variants/go-chi/package.json +16 -0
package/templates/variants/go-chi/protos/dns/v1/dns.proto +58 -0
package/templates/variants/go-chi/test/go.test.ts +19 -0
package/templates/variants/go-connectrpc/Dockerfile +23 -0
package/templates/variants/go-connectrpc/buf.gen.yaml +10 -0
package/templates/variants/go-connectrpc/buf.yaml +9 -0
package/templates/variants/go-connectrpc/cmd/server/main.go +51 -0
package/templates/variants/go-connectrpc/gen/dns/v1/dns.pb.go +623 -0
package/templates/variants/go-connectrpc/gen/dns/v1/dnsv1connect/dns.connect.go +192 -0
package/templates/variants/go-connectrpc/go.mod +10 -0
package/templates/variants/go-connectrpc/internal/app/service.go +109 -0
package/templates/variants/go-connectrpc/internal/app/token_source.go +50 -0
package/templates/variants/go-connectrpc/internal/cloudflare/client.go +160 -0
package/templates/variants/go-connectrpc/internal/config/config.go +23 -0
package/templates/variants/go-connectrpc/internal/connectapi/handler.go +79 -0
package/templates/variants/go-connectrpc/internal/httpapi/routes.go +93 -0
package/templates/variants/go-connectrpc/internal/vault/client.go +148 -0
package/templates/variants/go-connectrpc/package.json +16 -0
package/templates/variants/go-connectrpc/protos/dns/v1/dns.proto +58 -0
package/templates/variants/go-connectrpc/test/go.test.ts +19 -0

package/src/scaffold.ts CHANGED Viewed

@@ -1,18 +1,31 @@
 import { mkdir, readdir } from "node:fs/promises";
 import { dirname, join, resolve } from "node:path";
+import {
+  compactIdentifier,
+  type Framework,
+  type GcpProjectMode,
+  type Runtime,
+} from "./naming";
 export type ScaffoldConfig = {
   directory: string;
   serviceName: string;
-  modulePath: string;
-  projectId: string;
+  runtime: Runtime;
+  framework: Framework;
   region: string;
+  gcpProjectMode: GcpProjectMode;
+  gcpProject: string;
+  gcpProjectName: string;
+  billingAccount: string;
+  quotaProjectId: string;
   githubRepo: string;
-  vaultAddr: string;
-  vaultSecretPath: string;
-  vaultSecretKey: string;
-  cloudflareZoneId: string;
-  bufModule: string;
+  githubVisibility: "public" | "private";
+  createGithubRepo: boolean;
+  autoDeploy: boolean;
+  neonProjectId: string;
+  neonBaseBranchId: string;
+  neonBaseBranchName: string;
+  neonDatabaseName: string;
   generatorRoot: string;
 };
@@ -21,17 +34,21 @@ export async function scaffoldProject(config: ScaffoldConfig) {
   await ensureTargetDirectory(targetDir);
   const replacements = buildReplacements(config);
-  const templateRoot = resolve(config.generatorRoot, "templates", "root");
-  const files = await collectTemplateFiles(templateRoot);
+  const sharedTemplateRoot = resolve(config.generatorRoot, "templates", "shared");
+  const variantTemplateRoot = resolve(config.generatorRoot, "templates", "variants", `${config.runtime}-${config.framework}`);
-  for (const relativePath of files) {
-    const sourcePath = join(templateRoot, relativePath);
-    const destinationPath = join(targetDir, relativePath);
-    const raw = await Bun.file(sourcePath).text();
-    const rendered = renderTemplate(raw, replacements);
+  for (const templateRoot of [sharedTemplateRoot, variantTemplateRoot]) {
+    const files = await collectTemplateFiles(templateRoot);
-    await mkdir(dirname(destinationPath), { recursive: true });
-    await Bun.write(destinationPath, rendered);
+    for (const relativePath of files) {
+      const sourcePath = join(templateRoot, relativePath);
+      const destinationPath = join(targetDir, relativePath);
+      const raw = await Bun.file(sourcePath).text();
+      const rendered = renderTemplate(raw, replacements);
+      await mkdir(dirname(destinationPath), { recursive: true });
+      await Bun.write(destinationPath, rendered);
+    }
   }
 }
@@ -68,31 +85,43 @@ async function collectTemplateFiles(root: string, relative = ""): Promise<string
 }
 function buildReplacements(config: ScaffoldConfig) {
-  const [repoOwner = "anmho"] = config.githubRepo.split("/");
+  const [githubOwner = "anmho"] = config.githubRepo.split("/");
+  const modulePath = `github.com/${config.githubRepo}`;
   const serviceAccountBase = compactIdentifier(config.serviceName, 21);
-  const runtimeServiceAccount = `${serviceAccountBase}-runtime@${config.projectId}.iam.gserviceaccount.com`;
-  const deployerServiceAccount = `${serviceAccountBase}-deployer@${config.projectId}.iam.gserviceaccount.com`;
-  const vaultRoleIdSecret = `${config.serviceName}-vault-role-id`;
-  const vaultSecretIdSecret = `${config.serviceName}-vault-secret-id`;
+  const runtimeServiceAccount = `${serviceAccountBase}-runtime@${config.gcpProject}.iam.gserviceaccount.com`;
+  const deployerServiceAccount = `${serviceAccountBase}-deployer@${config.gcpProject}.iam.gserviceaccount.com`;
   const wifPoolId = "github";
   const wifProviderId = compactIdentifier(config.serviceName, 32);
+  const previewBranchPrefix = `${config.serviceName}-pr`;
+  const personalBranchPrefix = `${config.serviceName}-dev`;
   return {
     SERVICE_NAME: config.serviceName,
-    MODULE_PATH: config.modulePath,
-    PROJECT_ID: config.projectId,
+    MODULE_PATH: modulePath,
+    PROJECT_ID: config.gcpProject,
+    PROJECT_NAME: config.gcpProjectName,
     REGION: config.region,
+    GCP_PROJECT_MODE: config.gcpProjectMode,
+    PROJECT_CREATE_IF_MISSING: String(config.gcpProjectMode === "create_new"),
+    BILLING_ACCOUNT: config.billingAccount,
+    QUOTA_PROJECT_ID: config.quotaProjectId,
     GITHUB_REPO: config.githubRepo,
-    GITHUB_OWNER: repoOwner,
-    VAULT_ADDR: config.vaultAddr,
-    VAULT_SECRET_PATH: config.vaultSecretPath,
-    VAULT_SECRET_KEY: config.vaultSecretKey,
-    CLOUDFLARE_ZONE_ID: config.cloudflareZoneId,
-    BUF_MODULE: config.bufModule,
+    GITHUB_OWNER: githubOwner,
+    GITHUB_VISIBILITY: config.githubVisibility,
+    GITHUB_CREATE_IF_MISSING: String(config.createGithubRepo),
+    AUTO_DEPLOY: String(config.autoDeploy),
+    RUNTIME: config.runtime,
+    FRAMEWORK: config.framework,
+    CLOUD_RUN_SERVICE: config.serviceName,
+    NEON_PROJECT_ID: config.neonProjectId,
+    NEON_BASE_BRANCH_ID: config.neonBaseBranchId,
+    NEON_BASE_BRANCH_NAME: config.neonBaseBranchName,
+    NEON_DATABASE_NAME: config.neonDatabaseName,
+    NEON_ROLE_NAME: "neondb_owner",
+    NEON_PREVIEW_BRANCH_PREFIX: previewBranchPrefix,
+    NEON_PERSONAL_BRANCH_PREFIX: personalBranchPrefix,
     RUNTIME_SERVICE_ACCOUNT: runtimeServiceAccount,
     DEPLOYER_SERVICE_ACCOUNT: deployerServiceAccount,
-    VAULT_ROLE_ID_SECRET: vaultRoleIdSecret,
-    VAULT_SECRET_ID_SECRET: vaultSecretIdSecret,
     WIF_POOL_ID: wifPoolId,
     WIF_PROVIDER_ID: wifProviderId,
   };
@@ -107,27 +136,3 @@ function renderTemplate(input: string, replacements: Record<string, string>) {
     return replacement;
   });
 }
-function compactIdentifier(value: string, maxLength: number) {
-  const normalized = value
-    .toLowerCase()
-    .replace(/[^a-z0-9-]+/g, "-")
-    .replace(/^-+|-+$/g, "");
-  if (normalized.length <= maxLength) {
-    return normalized || "service";
-  }
-  const hash = shortHash(normalized);
-  const head = normalized.slice(0, Math.max(1, maxLength - hash.length - 1)).replace(/-+$/g, "");
-  return `${head}-${hash}`;
-}
-function shortHash(value: string) {
-  let hash = 2166136261;
-  for (let i = 0; i < value.length; i += 1) {
-    hash ^= value.charCodeAt(i);
-    hash = Math.imul(hash, 16777619);
-  }
-  return (hash >>> 0).toString(16).slice(0, 8);
-}

package/templates/shared/.github/workflows/ci.yml ADDED Viewed

@@ -0,0 +1,22 @@
+name: CI
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - if: ${{ '{{RUNTIME}}' == 'go' }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25"
+      - run: bun install
+      - run: bun lint
+      - run: bun test

package/templates/shared/.github/workflows/deploy.yml ADDED Viewed

@@ -0,0 +1,30 @@
+name: Deploy
+on:
+  push:
+    branches:
+      - main
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - if: ${{ '{{RUNTIME}}' == 'go' }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25"
+      - uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
+          service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
+      - uses: google-github-actions/setup-gcloud@v2
+      - run: bun install
+      - run: bun run deploy -- --ci
+        env:
+          NEON_API_KEY: ${{ secrets.NEON_API_KEY }}

package/templates/shared/.github/workflows/personal.yml ADDED Viewed

@@ -0,0 +1,41 @@
+name: Personal Environment
+on:
+  workflow_dispatch:
+    inputs:
+      slug:
+        description: Personal environment slug
+        required: true
+      destroy:
+        description: Destroy the environment instead of deploying it
+        required: false
+        type: boolean
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - if: ${{ '{{RUNTIME}}' == 'go' }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25"
+      - uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
+          service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
+      - uses: google-github-actions/setup-gcloud@v2
+      - run: bun install
+      - run: |
+          if [ "${{ inputs.destroy }}" = "true" ]; then
+            bun run deploy -- --ci --destroy --environment personal --name "${{ inputs.slug }}"
+          else
+            bun run deploy -- --ci --environment personal --name "${{ inputs.slug }}"
+          fi
+        env:
+          NEON_API_KEY: ${{ secrets.NEON_API_KEY }}

package/templates/shared/.github/workflows/preview-cleanup.yml ADDED Viewed

@@ -0,0 +1,25 @@
+name: Preview Cleanup
+on:
+  pull_request:
+    types: [closed]
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
+          service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
+      - uses: google-github-actions/setup-gcloud@v2
+      - run: bun install
+      - run: bun run deploy -- --ci --destroy --environment preview --name ${{ github.event.pull_request.number }}
+        env:
+          NEON_API_KEY: ${{ secrets.NEON_API_KEY }}

package/templates/shared/.github/workflows/preview.yml ADDED Viewed

@@ -0,0 +1,29 @@
+name: Preview
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: oven-sh/setup-bun@v2
+      - if: ${{ '{{RUNTIME}}' == 'go' }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25"
+      - uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.GCP_WIF_PROVIDER }}
+          service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
+      - uses: google-github-actions/setup-gcloud@v2
+      - run: bun install
+      - run: bun run deploy -- --ci --environment preview --name ${{ github.event.pull_request.number }}
+        env:
+          NEON_API_KEY: ${{ secrets.NEON_API_KEY }}

package/templates/shared/README.md ADDED Viewed

@@ -0,0 +1,37 @@
+# {{SERVICE_NAME}}
+Generated by `create-svc`.
+This scaffold targets `{{RUNTIME}} + {{FRAMEWORK}}` on Cloud Run with:
+- one generated `service.yaml` manifest
+- Bun-based `bootstrap` and `deploy` helpers
+- GitHub Actions for CI, `main` deploys, PR previews, and personal environments
+- GCP project bootstrap with billing and quota-project-aware `gcloud` calls
+- Neon main, preview, and personal branch provisioning
+## Commands
+```bash
+bun dev
+bun gen
+bun lint
+bun test
+bun run bootstrap
+bun run deploy
+bun run deploy -- --environment personal --name <slug>
+bun run deploy -- --destroy --environment personal --name <slug>
+```
+## Configuration
+The generated Cloud Run config lives in [scripts/cloudrun/config.ts](scripts/cloudrun/config.ts).
+Bootstrap and deploy use:
+- `gcloud`
+- `gh`
+- `NEON_API_KEY`
+The generator only stores application-facing connection material in Secret Manager. Neon admin credentials stay local to bootstrap and deploy.

package/templates/shared/scripts/cloudrun/bootstrap.ts ADDED Viewed

@@ -0,0 +1,76 @@
+import { config, githubVariables } from "./config";
+import { ensureDatabase, getConnectionUri } from "./neon";
+import {
+  addSecretVersion,
+  attachBilling,
+  ensureArtifactRepository,
+  ensureProject,
+  ensureProjectRole,
+  ensureSecretAccessor,
+  ensureServiceAccount,
+  ensureServiceAccountRole,
+  ensureWorkloadIdentityPool,
+  ensureWorkloadIdentityProvider,
+  gcloud,
+  requireCommand,
+  resolveDeploymentTarget,
+  setGithubVariable,
+  workloadIdentityPoolResource,
+  workloadIdentityProviderResource,
+} from "./lib";
+export async function bootstrap() {
+  requireCommand("gcloud");
+  requireCommand("gh");
+  ensureProject();
+  attachBilling();
+  gcloud(["services", "enable", ...config.requiredApis, "--project", config.project.id]);
+  ensureServiceAccount(config.runtimeServiceAccount);
+  ensureServiceAccount(config.deployerServiceAccount);
+  ensureArtifactRepository();
+  ensureProjectRole(`serviceAccount:${config.deployerServiceAccount}`, "roles/run.admin");
+  ensureProjectRole(`serviceAccount:${config.deployerServiceAccount}`, "roles/cloudbuild.builds.editor");
+  ensureProjectRole(`serviceAccount:${config.deployerServiceAccount}`, "roles/artifactregistry.writer");
+  ensureProjectRole(`serviceAccount:${config.deployerServiceAccount}`, "roles/serviceusage.serviceUsageConsumer");
+  ensureProjectRole(`serviceAccount:${config.runtimeServiceAccount}`, "roles/secretmanager.secretAccessor");
+  ensureServiceAccountRole(config.runtimeServiceAccount, `serviceAccount:${config.deployerServiceAccount}`, "roles/iam.serviceAccountUser");
+  ensureWorkloadIdentityPool();
+  ensureWorkloadIdentityProvider();
+  ensureServiceAccountRole(
+    config.deployerServiceAccount,
+    `principalSet://iam.googleapis.com/${workloadIdentityPoolResource()}/attribute.repository/${config.github.repo}`,
+    "roles/iam.workloadIdentityUser"
+  );
+  if (!config.neon.projectId || !config.neon.baseBranchId) {
+    throw new Error("Neon project and base branch must be configured before bootstrap");
+  }
+  const target = resolveDeploymentTarget("main");
+  await ensureDatabase(config.neon.projectId, config.neon.baseBranchId, config.neon.databaseName);
+  const connectionUri = await getConnectionUri(
+    config.neon.projectId,
+    config.neon.baseBranchId,
+    config.neon.databaseName,
+    config.neon.roleName
+  );
+  addSecretVersion(target.databaseSecretName, connectionUri);
+  ensureSecretAccessor(target.databaseSecretName, `serviceAccount:${config.runtimeServiceAccount}`);
+  for (const [name, value] of Object.entries(githubVariables)) {
+    setGithubVariable(name, value);
+  }
+  setGithubVariable("GCP_WIF_PROVIDER", workloadIdentityProviderResource());
+  setGithubVariable("GCP_DEPLOYER_SERVICE_ACCOUNT", config.deployerServiceAccount);
+}
+if (import.meta.main) {
+  await bootstrap();
+}

package/templates/shared/scripts/cloudrun/config.ts ADDED Viewed

@@ -0,0 +1,57 @@
+export const config = {
+  serviceName: "{{SERVICE_NAME}}",
+  runtime: "{{RUNTIME}}",
+  framework: "{{FRAMEWORK}}",
+  region: "{{REGION}}",
+  artifactRepository: "cloud-run",
+  runtimeServiceAccount: "{{RUNTIME_SERVICE_ACCOUNT}}",
+  deployerServiceAccount: "{{DEPLOYER_SERVICE_ACCOUNT}}",
+  workloadIdentityPoolId: "{{WIF_POOL_ID}}",
+  workloadIdentityProviderId: "{{WIF_PROVIDER_ID}}",
+  project: {
+    mode: "{{GCP_PROJECT_MODE}}",
+    id: "{{PROJECT_ID}}",
+    name: "{{PROJECT_NAME}}",
+    createIfMissing: {{PROJECT_CREATE_IF_MISSING}},
+    billingAccount: "{{BILLING_ACCOUNT}}",
+    quotaProjectId: "{{QUOTA_PROJECT_ID}}",
+  },
+  github: {
+    repo: "{{GITHUB_REPO}}",
+    visibility: "{{GITHUB_VISIBILITY}}",
+    createIfMissing: {{GITHUB_CREATE_IF_MISSING}},
+  },
+  neon: {
+    projectId: "{{NEON_PROJECT_ID}}",
+    baseBranchId: "{{NEON_BASE_BRANCH_ID}}",
+    baseBranchName: "{{NEON_BASE_BRANCH_NAME}}",
+    databaseName: "{{NEON_DATABASE_NAME}}",
+    roleName: "{{NEON_ROLE_NAME}}",
+    previewBranchPrefix: "{{NEON_PREVIEW_BRANCH_PREFIX}}",
+    personalBranchPrefix: "{{NEON_PERSONAL_BRANCH_PREFIX}}",
+  },
+  requiredApis: [
+    "run.googleapis.com",
+    "cloudbuild.googleapis.com",
+    "artifactregistry.googleapis.com",
+    "iam.googleapis.com",
+    "iamcredentials.googleapis.com",
+    "secretmanager.googleapis.com",
+    "serviceusage.googleapis.com",
+    "sts.googleapis.com",
+  ],
+} as const;
+export const githubVariables = {
+  GCP_PROJECT_ID: "{{PROJECT_ID}}",
+  GCP_REGION: "{{REGION}}",
+  CLOUD_RUN_SERVICE: "{{SERVICE_NAME}}",
+  CREATE_SVC_RUNTIME: "{{RUNTIME}}",
+  CREATE_SVC_FRAMEWORK: "{{FRAMEWORK}}",
+  NEON_PROJECT_ID: "{{NEON_PROJECT_ID}}",
+  NEON_BASE_BRANCH_ID: "{{NEON_BASE_BRANCH_ID}}",
+  NEON_DATABASE_NAME: "{{NEON_DATABASE_NAME}}",
+} as const;
+export type DeployEnvironment = "main" | "preview" | "personal";

package/templates/shared/scripts/cloudrun/deploy.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { bootstrap } from "./bootstrap";
+import { config } from "./config";
+import { deleteBranch, ensureBranch, ensureDatabase, getConnectionUri, listBranches } from "./neon";
+import {
+  addSecretVersion,
+  deleteService,
+  ensureArtifactRepository,
+  ensureSecretAccessor,
+  gcloud,
+  imageUrl,
+  parseDeployArgs,
+  requireCommand,
+  resolveDeploymentTarget,
+  serviceUrl,
+  writeRenderedManifest,
+} from "./lib";
+export async function deploy(args = Bun.argv.slice(2)) {
+  requireCommand("gcloud");
+  requireCommand("bun");
+  const options = parseDeployArgs(args);
+  if (!options.ci) {
+    await bootstrap();
+  }
+  const target = resolveDeploymentTarget(options.environment, options.name);
+  if (options.destroy) {
+    if (options.environment === "main") {
+      throw new Error("Refusing to destroy the main environment");
+    }
+    deleteService(target.serviceName);
+    const branches = await listBranches(config.neon.projectId);
+    const branch = branches.find((candidate) => candidate.name === target.branchName);
+    if (branch) {
+      await deleteBranch(config.neon.projectId, branch.id);
+    }
+    return;
+  }
+  ensureArtifactRepository();
+  let branchId = config.neon.baseBranchId;
+  if (options.environment !== "main") {
+    const branch = await ensureBranch(config.neon.projectId, target.branchName, config.neon.baseBranchId);
+    branchId = branch.id;
+  }
+  await ensureDatabase(config.neon.projectId, branchId, config.neon.databaseName);
+  const connectionUri = await getConnectionUri(config.neon.projectId, branchId, config.neon.databaseName, config.neon.roleName);
+  addSecretVersion(target.databaseSecretName, connectionUri);
+  ensureSecretAccessor(target.databaseSecretName, `serviceAccount:${config.runtimeServiceAccount}`);
+  const image = imageUrl();
+  gcloud(["builds", "submit", "--project", config.project.id, "--region", config.region, "--tag", image]);
+  const renderedManifestPath = await writeRenderedManifest(image, target);
+  gcloud(["run", "services", "replace", renderedManifestPath.pathname, "--project", config.project.id, "--region", config.region]);
+  gcloud([
+    "run",
+    "services",
+    "add-iam-policy-binding",
+    target.serviceName,
+    "--project",
+    config.project.id,
+    "--region",
+    config.region,
+    "--member",
+    "allUsers",
+    "--role",
+    "roles/run.invoker",
+  ]);
+  console.log(serviceUrl(target.serviceName));
+}
+if (import.meta.main) {
+  await deploy();
+}