create-svc 0.1.71 → 0.1.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/package.json +1 -1
  2. package/src/service-runtime/cloudrun/cli.ts +19 -6
  3. package/src/service-runtime/cloudrun/config.ts +5 -0
  4. package/src/service-runtime/cloudrun/lib.ts +1 -1
  5. package/src/service-runtime/cloudrun/sdk.test.ts +16 -3
  6. package/templates/shared/service.jsonc +2 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-svc",
3
- "version": "0.1.71",
3
+ "version": "0.1.73",
4
4
  "description": "Local microservice bootstrap CLI for Cloud Run and Workers services with Neon-backed data.",
5
5
  "module": "index.ts",
6
6
  "type": "module",
package/src/service-runtime/cloudrun/cli.ts CHANGED
@@ -17,6 +17,7 @@ import {
17
17
  formatError,
18
18
  gcloud,
19
19
  ensureProductionDomainMapping,
20
+ readVaultField,
20
21
  requireCommand,
21
22
  requireGcloudAuth,
22
23
  resolveDeploymentTarget,
@@ -347,8 +348,9 @@ async function runSdk(args: string[]) {
347
348
  const [subcommand] = args;
348
349
  if (subcommand === "publish") {
349
350
  requireCommand("buf");
350
- run("buf", ["push"]);
351
- const published = resolvePublishedSdk();
351
+ const authEnv = resolveBufAuthEnv();
352
+ run("buf", ["push", "--create", "--create-visibility", "private"], { env: authEnv });
353
+ const published = resolvePublishedSdk(authEnv);
352
354
  await writeSdkMode("remote", published);
353
355
  return `Schema pushed to Buf Schema Registry and recorded for consumers: ${published.commit}`;
354
356
  }
@@ -371,7 +373,8 @@ async function runSdk(args: string[]) {
371
373
 
372
374
  if (subcommand === "use-remote") {
373
375
  requireCommand("buf");
374
- const published = resolvePublishedSdk();
376
+ const authEnv = resolveBufAuthEnv();
377
+ const published = resolvePublishedSdk(authEnv);
375
378
  await writeSdkMode("remote", published);
376
379
  return `Remote Buf SDK recorded for consumers: ${bufModule()}@${published.commit}`;
377
380
  }
@@ -392,9 +395,9 @@ type PublishedSdk = {
392
395
  createTime?: string;
393
396
  };
394
397
 
395
- function resolvePublishedSdk(): PublishedSdk {
398
+ function resolvePublishedSdk(authEnv: Record<string, string> = {}): PublishedSdk {
396
399
  const module = bufModule();
397
- const result = run("buf", ["registry", "module", "commit", "list", module, "--format", "json", "--page-size", "1"]);
400
+ const result = run("buf", ["registry", "module", "commit", "list", module, "--format", "json", "--page-size", "1"], { env: authEnv });
398
401
  const parsed = JSON.parse(result.stdout) as {
399
402
  commits?: Array<Record<string, unknown>>;
400
403
  commit?: Record<string, unknown>;
@@ -447,7 +450,17 @@ async function writeSdkMode(mode: "local" | "remote", published?: PublishedSdk)
447
450
  }
448
451
 
449
452
  function bufModule() {
450
- return `buf.build/anmho/${config.serviceName}`;
453
+ return config.buf.module || `buf.build/anmho/${config.serviceName}`;
454
+ }
455
+
456
+ function resolveBufAuthEnv(): Record<string, string> {
457
+ const token =
458
+ process.env.BUF_TOKEN?.trim() ||
459
+ readVaultField(config.buf.vaultMount, config.buf.vaultPath, ["BUF_TOKEN", "buf.api_token", "buf_token", "api_token", "token"]);
460
+ if (!token) {
461
+ return {};
462
+ }
463
+ return { BUF_TOKEN: token };
451
464
  }
452
465
 
453
466
  async function resolveLocalSdkPath() {
package/src/service-runtime/cloudrun/config.ts CHANGED
@@ -46,6 +46,11 @@ export const config = {
46
46
  vaultMount: vault.mount || "secret",
47
47
  vaultPath: vault.temporal_path || "prod/providers/temporal",
48
48
  },
49
+ buf: {
50
+ module: serviceConfig.buf?.module || `buf.build/anmho/${serviceConfig.service_id}`,
51
+ vaultMount: vault.mount || "secret",
52
+ vaultPath: vault.buf_path || "prod/providers/buf",
53
+ },
49
54
  neon: {
50
55
  projectId: neon.project_id,
51
56
  baseBranchId: neon.base_branch_id,
package/src/service-runtime/cloudrun/lib.ts CHANGED
@@ -589,7 +589,7 @@ function renderTemporalMtlsEnv(temporal: ReturnType<typeof resolveTemporalRuntim
589
589
  .join("\n");
590
590
  }
591
591
 
592
- function readVaultField(mount: string, path: string, fields: string[]) {
592
+ export function readVaultField(mount: string, path: string, fields: string[]) {
593
593
  const vault = Bun.which("vault");
594
594
  if (!vault || !path) {
595
595
  return "";
package/src/service-runtime/cloudrun/sdk.test.ts CHANGED
@@ -37,6 +37,7 @@ test("service sdk publish pushes the named Buf module and selects remote SDK mod
37
37
  const generatedRoot = join(root, "sdk-proof");
38
38
  const fakeBin = join(root, "bin");
39
39
  const bufLog = join(root, "buf.log");
40
+ const tokenLog = join(root, "buf-token.log");
40
41
 
41
42
  await scaffoldProject(baseConfig(generatedRoot));
42
43
  await mkdir(join(generatedRoot, "node_modules"));
@@ -46,10 +47,16 @@ test("service sdk publish pushes the named Buf module and selects remote SDK mod
46
47
  [
47
48
  "#!/bin/sh",
48
49
  `echo "$@" >> "${bufLog}"`,
50
+ `printf '%s' "$BUF_TOKEN" > "${tokenLog}"`,
49
51
  'if [ "$1 $2 $3 $4" = "registry module commit list" ]; then',
50
52
  ' printf \'{"commits":[{"name":"buf.build/anmho/sdk-proof:commit-123","digest":"b5:abc123","create_time":"2026-05-25T12:00:00Z"}]}\'',
53
+ " exit 0",
51
54
  "fi",
52
- "exit 0",
55
+ 'if [ "$1 $2 $3 $4" = "push --create --create-visibility private" ]; then',
56
+ " exit 0",
57
+ "fi",
58
+ "echo unexpected buf command: $@ >&2",
59
+ "exit 1",
53
60
  "",
54
61
  ].join("\n")
55
62
  );
@@ -57,16 +64,22 @@ test("service sdk publish pushes the named Buf module and selects remote SDK mod
57
64
 
58
65
  const result = Bun.spawnSync(["bun", join(import.meta.dir, "..", "..", "..", "index.ts"), "sdk", "publish"], {
59
66
  cwd: generatedRoot,
60
- env: { ...process.env, PATH: `${fakeBin}:${process.env.PATH ?? ""}` },
67
+ env: { ...process.env, BUF_TOKEN: "test-token", PATH: `${fakeBin}:${process.env.PATH ?? ""}` },
61
68
  stdout: "pipe",
62
69
  stderr: "pipe",
63
70
  });
64
71
 
65
72
  expect(result.success, [result.stdout.toString(), result.stderr.toString()].join("\n")).toBeTrue();
66
73
  expect(result.stdout.toString()).toContain("recorded for consumers");
74
+ expect(result.stdout.toString()).not.toContain("test-token");
75
+ expect(result.stderr.toString()).not.toContain("test-token");
67
76
  expect((await readFile(bufLog, "utf8")).trim()).toBe(
68
- ["push", "registry module commit list buf.build/anmho/sdk-proof --format json --page-size 1"].join("\n")
77
+ [
78
+ "push --create --create-visibility private",
79
+ "registry module commit list buf.build/anmho/sdk-proof --format json --page-size 1",
80
+ ].join("\n")
69
81
  );
82
+ expect((await readFile(tokenLog, "utf8")).trim()).toBe("test-token");
70
83
  const sdkState = JSON.parse(await Bun.file(join(generatedRoot, ".service", "sdk.json")).text());
71
84
  expect(sdkState).toMatchObject({
72
85
  mode: "remote",
package/templates/shared/service.jsonc CHANGED
@@ -70,7 +70,8 @@
70
70
  "cloudflare_path": "prod/providers/cloudflare",
71
71
  "grafana_path": "prod/providers/grafana",
72
72
  "clerk_m2m_path": "prod/providers/clerk-m2m",
73
- "temporal_path": "prod/providers/temporal"
73
+ "temporal_path": "prod/providers/temporal",
74
+ "buf_path": "prod/providers/buf"
74
75
  }
75
76
  },
76
77