create-svc 0.1.54 → 0.1.55

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-svc",
-  "version": "0.1.54",
+  "version": "0.1.55",
   "description": "Local microservice bootstrap CLI for Cloud Run and Workers services with Neon-backed data.",
   "module": "index.ts",
   "type": "module",

package/src/git-bootstrap.test.ts

@@ -2,7 +2,13 @@ import { expect, test } from "bun:test";
 import { mkdir, mkdtemp, realpath, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
-import { buildGitBootstrapConfig, findExistingGitWorktree, manualGitHubDeleteCommand, markGitHubRepositoryDeleteOnDestroy } from "./git-bootstrap";
+import {
+  buildGitBootstrapConfig,
+  commitAndPushGeneratedArtifacts,
+  findExistingGitWorktree,
+  manualGitHubDeleteCommand,
+  markGitHubRepositoryDeleteOnDestroy,
+} from "./git-bootstrap";
 
 test("buildGitBootstrapConfig defaults to anmho private repo creation", () => {
   expect(buildGitBootstrapConfig("launch-api", undefined)).toEqual({
@@ -41,6 +47,36 @@ test("markGitHubRepositoryDeleteOnDestroy records generated repo ownership", asy
   expect(await Bun.file(join(root, "service.jsonc")).text()).toContain('"delete_on_destroy": true');
 });
 
+test("commitAndPushGeneratedArtifacts excludes local dependencies and dev runtime files", async () => {
+  const root = await mkdtemp(join(tmpdir(), "create-svc-git-"));
+  const remote = await mkdtemp(join(tmpdir(), "create-svc-remote-"));
+  run(["git", "init", "--bare"], remote);
+  run(["git", "init", "-b", "main"], root);
+  run(["git", "config", "user.name", "create-svc test"], root);
+  run(["git", "config", "user.email", "create-svc@example.invalid"], root);
+  run(["git", "remote", "add", "origin", remote], root);
+  await writeFile(join(root, "README.md"), "# generated\n");
+  run(["git", "add", "."], root);
+  run(["git", "commit", "-m", "Initial commit"], root);
+  run(["git", "push", "-u", "origin", "main"], root);
+
+  await mkdir(join(root, "node_modules", "large-package"), { recursive: true });
+  await mkdir(join(root, ".service"), { recursive: true });
+  await mkdir(join(root, ".wrangler", "tmp"), { recursive: true });
+  await writeFile(join(root, "node_modules", "large-package", "artifact.bin"), "large");
+  await writeFile(join(root, ".service", "local-dev.log"), "log");
+  await writeFile(join(root, ".service", "local-dev.pid"), "123");
+  await writeFile(join(root, ".wrangler", "tmp", "bundle.js"), "bundle");
+  await writeFile(join(root, "service.jsonc"), '{ "deployed": true }\n');
+
+  expect(commitAndPushGeneratedArtifacts(root, "Record generated deployment artifacts")).toEqual({ committed: true });
+
+  expect(git(["ls-files"], root)).toContain("service.jsonc");
+  expect(git(["ls-files"], root)).not.toContain("node_modules");
+  expect(git(["ls-files"], root)).not.toContain(".service/local-dev.log");
+  expect(git(["ls-files"], root)).not.toContain(".wrangler");
+});
+
 function run(command: string[], cwd: string) {
   const result = Bun.spawnSync(command, {
     cwd,
@@ -51,3 +87,15 @@ function run(command: string[], cwd: string) {
     throw new Error(result.stderr.toString());
   }
 }
+
+function git(command: string[], cwd: string) {
+  const result = Bun.spawnSync(["git", ...command], {
+    cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+  if (result.exitCode !== 0) {
+    throw new Error(result.stderr.toString());
+  }
+  return result.stdout.toString();
+}

package/src/git-bootstrap.ts

@@ -58,7 +58,19 @@ export async function bootstrapGitHubRepository(targetDir: string, config: GitBo
 }
 
 export function commitAndPushGeneratedArtifacts(targetDir: string, message: string) {
-  run(["git", "add", "."], targetDir);
+  run(
+    [
+      "git",
+      "add",
+      "--all",
+      ".",
+      ":!node_modules",
+      ":!.service/*.log",
+      ":!.service/*.pid",
+      ":!.wrangler",
+    ],
+    targetDir
+  );
   if (!hasStagedChanges(targetDir)) {
     return { committed: false };
   }

package/src/scaffold.test.ts

@@ -105,6 +105,8 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
 
     const gitignore = await Bun.file(join(generatedRoot, ".gitignore")).text();
     expect(gitignore).toContain("node_modules");
+    expect(gitignore).toContain(".service/*.log");
+    expect(gitignore).toContain(".wrangler");
     expect(await Bun.file(join(generatedRoot, "website", "package.json")).exists()).toBeFalse();
 
     const dockerCompose = await Bun.file(join(generatedRoot, "docker-compose.yml")).text();
@@ -147,6 +149,7 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
     const deployWorkflow = await Bun.file(join(generatedRoot, ".github", "workflows", "deploy.yml")).text();
     expect(deployWorkflow).toContain("branches:");
     expect(deployWorkflow).toContain("- main");
+    expect(deployWorkflow).toContain("bun install -g create-svc@latest");
     expect(deployWorkflow).toContain("service deploy --ci");
     expect(deployWorkflow).toContain("bun run dashboards");
     expect(deployWorkflow).toContain("GCX_ENABLED");
@@ -160,6 +163,11 @@ test("scaffolds all runtime/framework variants with shared cloudrun config", asy
       expect(goSumExists).toBeTrue();
       const dockerfile = await Bun.file(join(generatedRoot, "Dockerfile")).text();
       expect(dockerfile).toContain("COPY go.mod go.sum ./");
+      if (variant.framework === "chi") {
+        expect(dockerfile).not.toContain("COPY gen ./gen");
+      } else {
+        expect(dockerfile).toContain("COPY gen ./gen");
+      }
       expect(packageJson).toContain('"dev": "make dev"');
       expect(packageJson).toContain('"service": "service"');
       expect(packageJson).toContain('"migrate": "service migrate"');

package/src/scaffold.ts

@@ -69,7 +69,7 @@ export async function scaffoldProject(config: ScaffoldConfig) {
         continue;
       }
       const sourcePath = join(template.root, relativePath);
-      const destinationPath = join(targetDir, relativePath);
+      const destinationPath = join(targetDir, templateDestinationPath(relativePath));
       const raw = await Bun.file(sourcePath).text();
       const rendered = renderTemplate(raw, replacements);
 
@@ -81,6 +81,10 @@ export async function scaffoldProject(config: ScaffoldConfig) {
   await writeLocalEnvFile(targetDir, replacements);
 }
 
+function templateDestinationPath(relativePath: string) {
+  return relativePath === "_gitignore" ? ".gitignore" : relativePath;
+}
+
 function shouldSkipForTarget(target: DeployTarget, templateKind: "shared" | "variant" | "target", relativePath: string) {
   if (
     relativePath === "scripts/authctl.ts" ||
@@ -237,9 +241,9 @@ function buildReplacements(config: ScaffoldConfig) {
     COMMAND_DEPLOY: "service deploy",
     COMMAND_OBSERVABILITY_BOOTSTRAP:
       config.runtime === "bun" ? "bun run observability-bootstrap" : "make observability-bootstrap",
-    WORKFLOW_DEPLOY_MAIN_COMMAND: "npm install -g create-svc@latest && service deploy --ci",
+    WORKFLOW_DEPLOY_MAIN_COMMAND: "service deploy --ci",
     WORKFLOW_DEPLOY_PREVIEW_COMMAND:
-      "npm install -g create-svc@latest && service deploy --ci --environment preview --name ${{ github.ref_name }}",
+      "service deploy --ci --environment preview --name ${{ github.ref_name }}",
     WORKFLOW_DEPLOY_MAIN_DOC_COMMAND: "service deploy --ci",
     WORKFLOW_DEPLOY_PREVIEW_DOC_COMMAND: "service deploy --ci --environment preview --name <branch-name>",
     COMMAND_AUTH_RESOURCE: "service auth resource-server",

package/src/service-runtime/cloudrun/lib.ts

@@ -605,7 +605,6 @@ export function ensureProductionDomainMapping(serviceName: string) {
   }
 
   const result = gcloud([
-    "beta",
     "run",
     "domain-mappings",
     "create",
@@ -627,7 +626,6 @@ export function describeProductionDomainMapping():
   | undefined {
   const result = gcloud(
     [
-      "beta",
       "run",
       "domain-mappings",
       "describe",
@@ -680,7 +678,6 @@ export function deleteProductionDomainMapping() {
   deleteCloudflareDnsRecord();
   gcloud(
     [
-      "beta",
       "run",
       "domain-mappings",
       "delete",

package/templates/shared/.env.example

@@ -0,0 +1,40 @@
+# Local development defaults.
+# The scaffold also writes a ready-to-use .env.local for Docker Compose Postgres.
+
+DATABASE_URL=postgres://{{LOCAL_DATABASE_USER}}:{{LOCAL_DATABASE_PASSWORD}}@127.0.0.1:{{LOCAL_DATABASE_PORT}}/{{LOCAL_DATABASE_NAME}}?sslmode=disable
+
+TEMPORAL_ENABLED=false
+TEMPORAL_ADDRESS=localhost:7233
+TEMPORAL_NAMESPACE=default
+TEMPORAL_TASK_QUEUE={{SERVICE_ID}}
+# Optional for Temporal Cloud. `service create` writes this to Secret Manager.
+TEMPORAL_API_KEY=
+
+AUTH_ENABLED=false
+AUTH_ISSUER=https://auth.anmho.com
+AUTH_AUDIENCE=api://{{SERVICE_ID}}
+AUTH_JWKS_URL=https://auth.anmho.com/api/auth/jwks
+
+# Production authctl operations such as `service create` and
+# `service auth client create` load Cloudflare Access values from Vault by
+# default. Direct env values still override Vault when set.
+AUTH_INTERNAL_BASE_URL=https://auth.anmho.com/internal
+CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_ID=
+CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_SECRET=
+
+# Remote bootstrap and deploy can use Neon admin credentials directly or through Vault.
+# Do not commit VAULT_TOKEN. Prefer `vault login`; the CLI will also use
+# VAULT_TOKEN_FILE or ~/.vault-token when available.
+
+VAULT_ADDR=https://vault.example.com
+VAULT_SECRET_MOUNT=secret
+VAULT_AUTHCTL_ACCESS_PATH=prod/apps/auth/authctl/cloudflare-access
+VAULT_AUTHCTL_ACCESS_BASE_URL_FIELD=AUTH_INTERNAL_BASE_URL
+VAULT_AUTHCTL_ACCESS_CLIENT_ID_FIELD=CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_ID
+VAULT_AUTHCTL_ACCESS_CLIENT_SECRET_FIELD=CLOUDFLARE_ACCESS_SERVICE_TOKEN_CLIENT_SECRET
+VAULT_NEON_API_KEY_PATH=prod/providers/neon
+VAULT_NEON_API_KEY_FIELD=api_key
+
+# Optional provider credentials can be read from Vault or environment by
+# generated adapters you add later. The base waitlist service does not require
+# provider secrets.

package/templates/shared/.github/workflows/deploy.yml

@@ -25,6 +25,7 @@ jobs:
           service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
       - run: bun install
+      - run: bun install -g create-svc@latest
       - run: {{WORKFLOW_DEPLOY_MAIN_COMMAND}}
         env:
           NEON_API_KEY: ${{ secrets.NEON_API_KEY }}

package/templates/shared/.github/workflows/preview.yml

@@ -25,6 +25,7 @@ jobs:
           service_account: ${{ vars.GCP_DEPLOYER_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
       - run: bun install
+      - run: bun install -g create-svc@latest
       - run: {{WORKFLOW_DEPLOY_PREVIEW_COMMAND}}
         env:
           NEON_API_KEY: ${{ secrets.NEON_API_KEY }}

package/templates/shared/_gitignore

@@ -0,0 +1,13 @@
+node_modules
+.env
+.env.local
+.env.*
+coverage
+dist
+out
+.cloudrun.rendered.yaml
+.service/*.log
+.service/*.pid
+.wrangler
+.DS_Store
+{{GITIGNORE_EXTRA}}

package/templates/targets/workers/.github/workflows/deploy.yml

@@ -12,6 +12,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: oven-sh/setup-bun@v2
       - run: bun install
+      - run: bun install -g create-svc@latest
       - run: bun run deploy
         env:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}

package/templates/variants/go-chi/Dockerfile

@@ -3,7 +3,6 @@ FROM golang:1.25.4 AS builder
 WORKDIR /app
 
 COPY go.mod go.sum ./
-COPY gen ./gen
 COPY internal ./internal
 COPY cmd ./cmd