create-svc 0.1.2 → 0.1.3

package/templates/shared/scripts/cloudrun/lib.ts

@@ -0,0 +1,380 @@
+import { config } from "./config";
+
+type CommandOptions = {
+  allowFailure?: boolean;
+  capture?: boolean;
+  input?: string;
+};
+
+type DeployArgs = {
+  ci: boolean;
+  destroy: boolean;
+  environment: "main" | "preview" | "personal";
+  name?: string;
+};
+
+type DeploymentTarget = {
+  environment: "main" | "preview" | "personal";
+  serviceName: string;
+  branchName: string;
+  databaseSecretName: string;
+};
+
+const decoder = new TextDecoder();
+
+export function requireCommand(name: string) {
+  if (!Bun.which(name)) {
+    throw new Error(`missing required command: ${name}`);
+  }
+}
+
+export function run(command: string, args: string[], options: CommandOptions = {}) {
+  const result = Bun.spawnSync([command, ...args], {
+    cwd: process.cwd(),
+    env: process.env,
+    stdin: options.input,
+    stdout: options.capture || options.allowFailure ? "pipe" : "inherit",
+    stderr: options.capture || options.allowFailure ? "pipe" : "inherit",
+  });
+
+  const stdout = result.stdout ? decoder.decode(result.stdout).trim() : "";
+  const stderr = result.stderr ? decoder.decode(result.stderr).trim() : "";
+
+  if (!result.success && !options.allowFailure) {
+    throw new Error([`command failed: ${command} ${args.join(" ")}`, stdout, stderr].filter(Boolean).join("\n"));
+  }
+
+  return {
+    success: result.success,
+    stdout,
+    stderr,
+    exitCode: result.exitCode,
+  };
+}
+
+export function gcloud(args: string[], options: CommandOptions = {}) {
+  const normalized = [...args];
+  if (config.project.quotaProjectId && !normalized.includes("--billing-project")) {
+    normalized.push("--billing-project", config.project.quotaProjectId);
+  }
+  return run("gcloud", normalized, options);
+}
+
+export function gh(args: string[], options: CommandOptions = {}) {
+  return run("gh", args, options);
+}
+
+export function ensureProject() {
+  if (gcloud(["projects", "describe", config.project.id], { allowFailure: true }).success) {
+    return;
+  }
+
+  if (!config.project.createIfMissing) {
+    throw new Error(`GCP project ${config.project.id} does not exist and createIfMissing is false`);
+  }
+
+  gcloud(["projects", "create", config.project.id, "--name", config.project.name]);
+}
+
+export function attachBilling() {
+  gcloud(["beta", "billing", "projects", "link", config.project.id, "--billing-account", config.project.billingAccount]);
+}
+
+export function ensureServiceAccount(email: string) {
+  if (gcloud(["iam", "service-accounts", "describe", email, "--project", config.project.id], { allowFailure: true }).success) {
+    return;
+  }
+
+  const accountId = email.split("@")[0] ?? email;
+  gcloud(["iam", "service-accounts", "create", accountId, "--project", config.project.id, "--display-name", accountId]);
+}
+
+export function ensureProjectRole(member: string, role: string) {
+  gcloud(["projects", "add-iam-policy-binding", config.project.id, "--member", member, "--role", role]);
+}
+
+export function ensureServiceAccountRole(serviceAccount: string, member: string, role: string) {
+  gcloud([
+    "iam",
+    "service-accounts",
+    "add-iam-policy-binding",
+    serviceAccount,
+    "--project",
+    config.project.id,
+    "--member",
+    member,
+    "--role",
+    role,
+  ]);
+}
+
+export function ensureSecret(secretName: string) {
+  if (gcloud(["secrets", "describe", secretName, "--project", config.project.id], { allowFailure: true }).success) {
+    return;
+  }
+
+  gcloud(["secrets", "create", secretName, "--project", config.project.id, "--replication-policy", "automatic"]);
+}
+
+export function addSecretVersion(secretName: string, value: string) {
+  ensureSecret(secretName);
+  gcloud(["secrets", "versions", "add", secretName, "--project", config.project.id, "--data-file=-"], { input: value });
+}
+
+export function ensureSecretAccessor(secretName: string, member: string) {
+  gcloud(["secrets", "add-iam-policy-binding", secretName, "--project", config.project.id, "--member", member, "--role", "roles/secretmanager.secretAccessor"]);
+}
+
+export function ensureArtifactRepository() {
+  if (
+    gcloud(
+      ["artifacts", "repositories", "describe", config.artifactRepository, "--project", config.project.id, "--location", config.region],
+      { allowFailure: true }
+    ).success
+  ) {
+    return;
+  }
+
+  gcloud([
+    "artifacts",
+    "repositories",
+    "create",
+    config.artifactRepository,
+    "--project",
+    config.project.id,
+    "--location",
+    config.region,
+    "--repository-format",
+    "docker",
+  ]);
+}
+
+export function projectNumber() {
+  return gcloud(["projects", "describe", config.project.id, "--format=value(projectNumber)"], { capture: true }).stdout;
+}
+
+export function workloadIdentityPoolResource() {
+  return `projects/${projectNumber()}/locations/global/workloadIdentityPools/${config.workloadIdentityPoolId}`;
+}
+
+export function workloadIdentityProviderResource() {
+  return `${workloadIdentityPoolResource()}/providers/${config.workloadIdentityProviderId}`;
+}
+
+export function ensureWorkloadIdentityPool() {
+  if (
+    gcloud(["iam", "workload-identity-pools", "describe", config.workloadIdentityPoolId, "--project", config.project.id, "--location", "global"], {
+      allowFailure: true,
+    }).success
+  ) {
+    return;
+  }
+
+  gcloud([
+    "iam",
+    "workload-identity-pools",
+    "create",
+    config.workloadIdentityPoolId,
+    "--project",
+    config.project.id,
+    "--location",
+    "global",
+    "--display-name",
+    "GitHub Actions",
+  ]);
+}
+
+export function ensureWorkloadIdentityProvider() {
+  if (
+    gcloud(
+      [
+        "iam",
+        "workload-identity-pools",
+        "providers",
+        "describe",
+        config.workloadIdentityProviderId,
+        "--project",
+        config.project.id,
+        "--location",
+        "global",
+        "--workload-identity-pool",
+        config.workloadIdentityPoolId,
+      ],
+      { allowFailure: true }
+    ).success
+  ) {
+    return;
+  }
+
+  gcloud([
+    "iam",
+    "workload-identity-pools",
+    "providers",
+    "create-oidc",
+    config.workloadIdentityProviderId,
+    "--project",
+    config.project.id,
+    "--location",
+    "global",
+    "--workload-identity-pool",
+    config.workloadIdentityPoolId,
+    "--display-name",
+    `${config.serviceName} GitHub`,
+    "--issuer-uri",
+    "https://token.actions.githubusercontent.com",
+    "--attribute-mapping",
+    "google.subject=assertion.sub,attribute.actor=assertion.actor,attribute.repository=assertion.repository,attribute.repository_owner=assertion.repository_owner",
+    "--attribute-condition",
+    `assertion.repository=='${config.github.repo}'`,
+  ]);
+}
+
+export function setGithubVariable(name: string, value: string) {
+  gh(["variable", "set", name, "--repo", config.github.repo, "--body", value]);
+}
+
+export function imageTag() {
+  const gitSha = run("git", ["rev-parse", "--short", "HEAD"], { allowFailure: true, capture: true }).stdout;
+  return gitSha || `${Date.now()}`;
+}
+
+export function imageUrl(tag = imageTag()) {
+  return `${config.region}-docker.pkg.dev/${config.project.id}/${config.artifactRepository}/${config.serviceName}:${tag}`;
+}
+
+export function parseDeployArgs(argv: string[]): DeployArgs {
+  const parsed: DeployArgs = {
+    ci: false,
+    destroy: false,
+    environment: "main",
+  };
+
+  for (let i = 0; i < argv.length; i += 1) {
+    const token = argv[i];
+    if (!token) {
+      continue;
+    }
+
+    const next = argv[i + 1];
+    const readValue = () => {
+      if (!next || next.startsWith("-")) {
+        throw new Error(`Missing value for ${token}`);
+      }
+      i += 1;
+      return next;
+    };
+
+    if (token === "--ci") {
+      parsed.ci = true;
+      continue;
+    }
+
+    if (token === "--destroy") {
+      parsed.destroy = true;
+      continue;
+    }
+
+    if (token === "--environment") {
+      parsed.environment = readValue() as DeployArgs["environment"];
+      continue;
+    }
+
+    if (token.startsWith("--environment=")) {
+      parsed.environment = token.slice("--environment=".length) as DeployArgs["environment"];
+      continue;
+    }
+
+    if (token === "--name") {
+      parsed.name = readValue();
+      continue;
+    }
+
+    if (token.startsWith("--name=")) {
+      parsed.name = token.slice("--name=".length);
+      continue;
+    }
+  }
+
+  return parsed;
+}
+
+export function resolveDeploymentTarget(environment: DeployArgs["environment"], rawName?: string): DeploymentTarget {
+  if (environment === "main") {
+    return {
+      environment,
+      serviceName: config.serviceName,
+      branchName: config.neon.baseBranchName,
+      databaseSecretName: `${config.serviceName}-database-url`,
+    };
+  }
+
+  const slug = slugify(rawName || "");
+  if (!slug) {
+    throw new Error(`A name is required for ${environment} deployments`);
+  }
+
+  if (environment === "preview") {
+    return {
+      environment,
+      serviceName: `${config.serviceName}-pr-${slug}`,
+      branchName: `${config.neon.previewBranchPrefix}-${slug}`,
+      databaseSecretName: `${config.serviceName}-pr-${slug}-database-url`,
+    };
+  }
+
+  return {
+    environment,
+    serviceName: `${config.serviceName}-dev-${slug}`,
+    branchName: `${config.neon.personalBranchPrefix}-${slug}`,
+    databaseSecretName: `${config.serviceName}-dev-${slug}-database-url`,
+  };
+}
+
+export async function renderManifest(image: string, target: DeploymentTarget) {
+  const template = await Bun.file(new URL("../../service.yaml", import.meta.url)).text();
+  const values = {
+    SERVICE_NAME: target.serviceName,
+    RUNTIME_SERVICE_ACCOUNT: config.runtimeServiceAccount,
+    IMAGE_URL: image,
+    DATABASE_URL_SECRET: target.databaseSecretName,
+    SERVICE_RUNTIME: config.runtime,
+    SERVICE_FRAMEWORK: config.framework,
+  };
+
+  return template.replace(/\$\{([A-Z0-9_]+)\}/g, (_, key: string) => {
+    const value = values[key as keyof typeof values];
+    if (!value) {
+      throw new Error(`missing manifest value for ${key}`);
+    }
+    return value;
+  });
+}
+
+export async function writeRenderedManifest(image: string, target: DeploymentTarget) {
+  const rendered = await renderManifest(image, target);
+  const path = new URL("../../.cloudrun.rendered.yaml", import.meta.url);
+  await Bun.write(path, rendered);
+  return path;
+}
+
+export function serviceUrl(serviceName: string) {
+  return gcloud(
+    ["run", "services", "describe", serviceName, "--project", config.project.id, "--region", config.region, "--format=value(status.url)"],
+    { capture: true }
+  ).stdout;
+}
+
+export function deleteService(serviceName: string) {
+  gcloud(["run", "services", "delete", serviceName, "--project", config.project.id, "--region", config.region, "--quiet"], {
+    allowFailure: true,
+  });
+}
+
+function slugify(value: string) {
+  return value
+    .trim()
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-+|-+$/g, "");
+}
+

package/templates/shared/scripts/cloudrun/neon.ts

@@ -0,0 +1,104 @@
+import { createApiClient } from "@neondatabase/api-client";
+import { config } from "./config";
+
+type NeonBranch = {
+  id: string;
+  name: string;
+};
+
+function neonClient() {
+  const apiKey = process.env.NEON_API_KEY?.trim();
+  if (!apiKey) {
+    throw new Error("NEON_API_KEY is required for Neon provisioning");
+  }
+
+  return createApiClient({ apiKey });
+}
+
+export async function listBranches(projectId: string) {
+  const payload = await neonClient().listProjectBranches({ projectId });
+  return (payload.branches ?? [])
+    .map((branch) => ({
+      id: branch.id ?? "",
+      name: branch.name ?? branch.id ?? "",
+    }))
+    .filter((branch): branch is NeonBranch => Boolean(branch.id))
+    .sort((left, right) => left.name.localeCompare(right.name));
+}
+
+export async function ensureDatabase(projectId: string, branchId: string, databaseName: string) {
+  const client = neonClient();
+
+  try {
+    await client.getProjectBranchDatabase(projectId, branchId, databaseName);
+    return;
+  } catch (error) {
+    const status = (error as { response?: { status?: number } })?.response?.status;
+    if (status !== 404) {
+      throw error;
+    }
+  }
+
+  await client.createProjectBranchDatabase(projectId, branchId, {
+    database: {
+      name: databaseName,
+    },
+  });
+}
+
+export async function ensureBranch(projectId: string, branchName: string, parentId: string) {
+  const existing = (await listBranches(projectId)).find((branch) => branch.name === branchName);
+  if (existing) {
+    return existing;
+  }
+
+  const payload = await neonClient().createProjectBranch(projectId, {
+    branch: {
+      name: branchName,
+      parent_id: parentId,
+    },
+    endpoints: [
+      {
+        type: "read_write",
+      },
+    ],
+  });
+
+  const branch = payload.branch;
+  if (!branch?.id) {
+    throw new Error(`Neon did not return a branch for ${branchName}`);
+  }
+
+  return {
+    id: branch.id,
+    name: branch.name ?? branch.id,
+  };
+}
+
+export async function deleteBranch(projectId: string, branchId: string) {
+  try {
+    await neonClient().deleteProjectBranch(projectId, branchId);
+  } catch (error) {
+    const status = (error as { response?: { status?: number } })?.response?.status;
+    if (status === 404) {
+      return;
+    }
+    throw error;
+  }
+}
+
+export async function getConnectionUri(projectId: string, branchId: string, databaseName: string, roleName: string) {
+  const payload = await neonClient().getConnectionUri({
+    projectId,
+    branchId,
+    databaseName,
+    roleName,
+  });
+
+  const uri = payload.uri;
+  if (!uri) {
+    throw new Error(`Neon did not return a connection URI for ${databaseName} in ${config.serviceName}`);
+  }
+
+  return uri;
+}

package/templates/shared/service.yaml

@@ -0,0 +1,28 @@
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: ${SERVICE_NAME}
+  annotations:
+    run.googleapis.com/ingress: all
+spec:
+  template:
+    spec:
+      serviceAccountName: ${RUNTIME_SERVICE_ACCOUNT}
+      containers:
+        - image: ${IMAGE_URL}
+          ports:
+            - containerPort: 8080
+          env:
+            - name: APP_RUNTIME
+              value: ${SERVICE_RUNTIME}
+            - name: APP_FRAMEWORK
+              value: ${SERVICE_FRAMEWORK}
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: ${DATABASE_URL_SECRET}
+                  key: latest
+  traffic:
+    - latestRevision: true
+      percent: 100
+

package/templates/variants/bun-connectrpc/Dockerfile

@@ -0,0 +1,13 @@
+FROM oven/bun:1.2.15
+
+WORKDIR /app
+
+COPY package.json ./
+RUN bun install --production
+
+COPY src ./src
+
+ENV PORT=8080
+EXPOSE 8080
+
+ENTRYPOINT ["bun", "run", "./src/index.ts"]

package/templates/variants/bun-connectrpc/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "{{SERVICE_NAME}}",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "bun run ./src/index.ts",
+    "gen": "bun run ./scripts/codegen.ts",
+    "lint": "bunx tsc --noEmit",
+    "test": "bun test",
+    "bootstrap": "bun run ./scripts/cloudrun/bootstrap.ts",
+    "deploy": "bun run ./scripts/cloudrun/deploy.ts"
+  },
+  "dependencies": {
+    "@neondatabase/api-client": "^2.7.1"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "typescript": "^5.9.3"
+  }
+}

package/templates/variants/bun-connectrpc/scripts/codegen.ts

@@ -0,0 +1 @@
+console.log("The Bun ConnectRPC scaffold ships with hand-written route wiring.");

package/templates/variants/bun-connectrpc/src/index.ts

@@ -0,0 +1,32 @@
+type ConnectResponse = {
+  message: string;
+};
+
+export async function handleRequest(request: Request) {
+  const url = new URL(request.url);
+
+  if (url.pathname === "/healthz") {
+    return Response.json({ status: "ok", runtime: "bun", framework: "connectrpc" });
+  }
+
+  if (url.pathname === "/rpc.example.v1.Service/Ping" && request.method === "POST") {
+    const payload = (await request.json().catch(() => ({}))) as { name?: string };
+    const body: ConnectResponse = {
+      message: `hello ${payload.name?.trim() || "{{SERVICE_NAME}}"}`,
+    };
+    return Response.json(body, {
+      headers: {
+        "Content-Type": "application/json",
+      },
+    });
+  }
+
+  return Response.json({ error: "not found" }, { status: 404 });
+}
+
+if (import.meta.main) {
+  Bun.serve({
+    port: Number(Bun.env.PORT ?? 8080),
+    fetch: handleRequest,
+  });
+}

package/templates/variants/bun-connectrpc/test/app.test.ts

@@ -0,0 +1,17 @@
+import { expect, test } from "bun:test";
+import { handleRequest } from "../src/index";
+
+test("connect-style ping route responds", async () => {
+  const response = await handleRequest(
+    new Request("http://localhost/rpc.example.v1.Service/Ping", {
+      method: "POST",
+      body: JSON.stringify({ name: "preview" }),
+      headers: {
+        "Content-Type": "application/json",
+      },
+    })
+  );
+
+  expect(response.status).toBe(200);
+  expect(await response.json()).toEqual({ message: "hello preview" });
+});

package/templates/variants/bun-connectrpc/tsconfig.json

@@ -0,0 +1,10 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "strict": true,
+    "types": ["bun"]
+  },
+  "include": ["src/**/*.ts", "test/**/*.ts", "scripts/**/*.ts"]
+}

package/templates/variants/bun-hono/Dockerfile

@@ -0,0 +1,13 @@
+FROM oven/bun:1.2.15
+
+WORKDIR /app
+
+COPY package.json ./
+RUN bun install --production
+
+COPY src ./src
+
+ENV PORT=8080
+EXPOSE 8080
+
+ENTRYPOINT ["bun", "run", "./src/index.ts"]

package/templates/variants/bun-hono/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "{{SERVICE_NAME}}",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "dev": "bun run ./src/index.ts",
+    "gen": "bun run ./scripts/codegen.ts",
+    "lint": "bunx tsc --noEmit",
+    "test": "bun test",
+    "bootstrap": "bun run ./scripts/cloudrun/bootstrap.ts",
+    "deploy": "bun run ./scripts/cloudrun/deploy.ts"
+  },
+  "dependencies": {
+    "@neondatabase/api-client": "^2.7.1",
+    "hono": "^4.10.1"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "typescript": "^5.9.3"
+  }
+}

package/templates/variants/bun-hono/scripts/codegen.ts

@@ -0,0 +1 @@
+console.log("No code generation required for the Hono scaffold.");

package/templates/variants/bun-hono/src/index.ts

@@ -0,0 +1,24 @@
+import { Hono } from "hono";
+
+export function createApp() {
+  const app = new Hono();
+
+  app.get("/healthz", (context) => context.json({ status: "ok", runtime: "bun", framework: "hono" }));
+  app.get("/", (context) => {
+    const databaseConfigured = Boolean(Bun.env.DATABASE_URL?.trim());
+    return context.json({
+      service: "{{SERVICE_NAME}}",
+      databaseConfigured,
+    });
+  });
+
+  return app;
+}
+
+if (import.meta.main) {
+  const app = createApp();
+  Bun.serve({
+    port: Number(Bun.env.PORT ?? 8080),
+    fetch: app.fetch,
+  });
+}

package/templates/variants/bun-hono/test/app.test.ts

@@ -0,0 +1,12 @@
+import { expect, test } from "bun:test";
+import { createApp } from "../src/index";
+
+test("health endpoint returns ok", async () => {
+  const response = await createApp().request("/healthz");
+  expect(response.status).toBe(200);
+  expect(await response.json()).toEqual({
+    status: "ok",
+    runtime: "bun",
+    framework: "hono",
+  });
+});