duoops 0.0.0 → 0.1.3

package/README.md

@@ -146,6 +146,35 @@ duoops portal
 
 Open your browser to `http://localhost:3000`.
 
+### 6. Runner Utilities
+
+Once you've provisioned a runner with `duoops init`, you can inspect and manage it directly from the CLI:
+
+```bash
+# Tail the runner's systemd logs (defaults to gitlab-runner service)
+duoops runner:logs --lines 300
+
+# Reinstall the DuoOps CLI on the VM (uses the current CLI version by default)
+duoops runner:reinstall-duoops --version 0.1.0
+```
+
+### 7. Use the GitLab CI Component
+
+Instead of copying `.duoops/measure-component.yml` into every project, you can reference the published component directly:
+
+```yaml
+include:
+  - component: gitlab.com/youneslaaroussi/duoops/templates/duoops-measure-component@v0.1.0
+    inputs:
+      gcp_project_id: "my-project"
+      gcp_instance_id: "1234567890123456789"
+      gcp_zone: "us-central1-a"
+      machine_type: "e2-standard-4"
+      tags: ["gcp"]
+```
+
+Make sure your runner already has DuoOps installed (the provisioning flow handles this) and that `GCP_SA_KEY_BASE64` plus any optional BigQuery variables are set in the project’s CI/CD settings. Pin to a version tag (`@v0.1.0`) and update when you’re ready to adopt new behavior.
+
 ## 🛠️ Development
 
 ### Project Structure
@@ -176,6 +205,13 @@ This compiles the TypeScript CLI and builds the React frontend, copying assets t
 3.  Inspect the publish payload locally with `pnpm pack` (this runs the `prepack` script, which now builds the CLI, portal, and Oclif manifest automatically). Untar the generated `.tgz` if you want to double-check the contents.
 4.  When you're satisfied, publish the package: `pnpm publish --access public`.
 
+## 📦 Publishing the CI Component
+
+1.  Update `templates/duoops-measure-component.yml` and commit the changes.
+2.  Let the `.gitlab-ci.yml` validation job pass (runs automatically on MRs, default branch, and tags).
+3.  Tag the repository (e.g., `git tag v0.1.0 && git push origin v0.1.0`). Consumers reference the component with the tag via the snippet above.
+4.  Update release notes/README with the new component version so teams know what changed.
+
 ## 📄 License
 
 MIT

package/dist/commands/init.d.ts

@@ -2,4 +2,7 @@ import { Command } from '@oclif/core';
 export default class Init extends Command {
     static description: string;
     run(): Promise<void>;
+    private collectExistingRunnerInfo;
+    private configureGitLabProject;
+    private provisionGcpRunner;
 }

package/dist/commands/init.js

@@ -1,14 +1,201 @@
 import { BigQuery } from '@google-cloud/bigquery';
-import { confirm, input, password } from '@inquirer/prompts';
+import { confirm, input, password, select } from '@inquirer/prompts';
 import { Command } from '@oclif/core';
+import axios from 'axios';
+import { bold, gray, green } from 'kleur/colors';
+import { execSync } from 'node:child_process';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
 import { configManager } from '../lib/config.js';
+const hasBinary = (command) => {
+    try {
+        execSync(`${command} --version`, { stdio: 'ignore' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+};
+const detectGitRemotePath = () => {
+    try {
+        const remote = execSync('git remote get-url origin', { encoding: 'utf8' }).trim();
+        if (remote.startsWith('git@')) {
+            const [, repoPath] = remote.split(':');
+            return repoPath?.replace(/\.git$/, '');
+        }
+        if (remote.startsWith('http')) {
+            const url = new URL(remote);
+            return url.pathname.replace(/^\/+/, '').replace(/\.git$/, '');
+        }
+    }
+    catch { /* ignore */ }
+};
+const detectGcpProject = () => {
+    try {
+        const value = execSync('gcloud config get-value project', { encoding: 'utf8' }).trim();
+        return value && value !== '(unset)' ? value : undefined;
+    }
+    catch { }
+};
+const normalizeProjectPath = (project) => project.replace(/^\/+/, '');
+const normalizeGitLabUrl = (url) => url.replace(/\/+$/, '');
+const setGitlabVariable = async (auth, projectPath, variable) => {
+    const base = normalizeGitLabUrl(auth.baseUrl);
+    const project = encodeURIComponent(normalizeProjectPath(projectPath));
+    const apiUrl = `${base}/api/v4/projects/${project}/variables`;
+    await axios
+        .delete(`${apiUrl}/${variable.key}`, {
+        headers: { 'PRIVATE-TOKEN': auth.token },
+    })
+        .catch(() => { });
+    await axios.post(apiUrl, {
+        key: variable.key,
+        masked: Boolean(variable.masked),
+        protected: false,
+        value: variable.value,
+    }, { headers: { 'PRIVATE-TOKEN': auth.token } });
+};
+const ensureServiceAccount = (projectId, serviceAccount) => {
+    try {
+        execSync(`gcloud iam service-accounts describe ${serviceAccount} --project=${projectId}`, {
+            stdio: 'ignore',
+        });
+    }
+    catch {
+        const name = serviceAccount.split('@')[0] ?? 'duoops-runner';
+        execSync(`gcloud iam service-accounts create ${name} --project=${projectId} --display-name="DuoOps Runner"`, { stdio: 'inherit' });
+    }
+    try {
+        execSync(`gcloud projects add-iam-policy-binding ${projectId} --member="serviceAccount:${serviceAccount}" --role="roles/monitoring.viewer" --quiet`, { stdio: 'ignore' });
+    }
+    catch { /* ignore */ }
+};
+const createServiceAccountKey = (projectId, serviceAccount) => {
+    const tmpPath = path.join(os.tmpdir(), `duoops-sa-${Date.now()}.json`);
+    execSync(`gcloud iam service-accounts keys create ${tmpPath} --iam-account=${serviceAccount} --project=${projectId}`, { stdio: 'inherit' });
+    const contents = fs.readFileSync(tmpPath);
+    fs.unlinkSync(tmpPath);
+    return contents.toString('base64');
+};
+const ensureServiceEnabled = (projectId, service, label, log) => {
+    try {
+        log?.(gray(`Ensuring ${label} API is enabled...`));
+        execSync(`gcloud services enable ${service} --project=${projectId} --quiet`, {
+            stdio: 'ignore',
+        });
+    }
+    catch {
+        log?.(gray(`${label} API enablement skipped (it may already be enabled).`));
+    }
+};
+const ensureComputeApiEnabled = (projectId, log) => {
+    ensureServiceEnabled(projectId, 'compute.googleapis.com', 'Compute Engine', log);
+};
+const ensureMonitoringApiEnabled = (projectId, log) => {
+    ensureServiceEnabled(projectId, 'monitoring.googleapis.com', 'Cloud Monitoring', log);
+};
+const sleep = (ms) => new Promise((resolve) => {
+    setTimeout(resolve, ms);
+});
+const runWithRetries = async (command, options, attempts, log) => {
+    let delay = 2000;
+    for (let attempt = 1; attempt <= attempts; attempt++) {
+        try {
+            execSync(command, options);
+            return;
+        }
+        catch (error) {
+            if (attempt === attempts) {
+                throw error;
+            }
+            log?.(gray(`Command failed (attempt ${attempt}/${attempts}). Retrying in ${Math.round(delay / 1000)}s...`));
+            // eslint-disable-next-line no-await-in-loop
+            await sleep(delay);
+            delay *= 2;
+        }
+    }
+};
+const buildStartupScript = (opts) => `#!/usr/bin/env bash
+set -euo pipefail
+apt-get update
+apt-get install -y curl ca-certificates git python3
+
+# Install Node.js 20.x
+curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+apt-get install -y nodejs
+npm install -g duoops@latest
+
+# Install GitLab Runner
+curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | bash
+apt-get install -y gitlab-runner
+
+INSTANCE_ID=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/id)
+TOKEN=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/runner-token)
+
+gitlab-runner register \\
+  --non-interactive \\
+  --url "${opts.gitlabUrl}" \\
+  --token "$TOKEN" \\
+  --executor shell \\
+  --description "${opts.vmName}"
+
+echo "$INSTANCE_ID" > /opt/gitlab-runner-instance-id.txt
+
+TAG_VALUE=$(curl -s -f -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/runner-tag || echo "${opts.runnerTag}")
+CONFIG_FILE=/etc/gitlab-runner/config.toml
+
+if [ -f "$CONFIG_FILE" ]; then
+  TAG_ESCAPED=$(printf '%s' "$TAG_VALUE" | sed 's/"/\\"/g')
+  CONFIG_FILE="$CONFIG_FILE" TAG_VALUE="$TAG_ESCAPED" python3 <<'PY'
+import os
+import re
+from pathlib import Path
+
+config_path = Path(os.environ.get('CONFIG_FILE', '/etc/gitlab-runner/config.toml'))
+tag_value = os.environ.get('TAG_VALUE', 'gcp')
+if not config_path.exists():
+    raise SystemExit(0)
+
+text = config_path.read_text()
+pattern = re.compile('(\\[\\[runners\\]\\][\\s\\S]*?)(?=\\n\\[\\[|$)', re.MULTILINE)
+
+def transform(block: str) -> str:
+    if 'run_untagged' not in block:
+        block = block.replace('  executor = "shell"\n', '  executor = "shell"\n  run_untagged = false\n', 1)
+    block = re.sub('  tags = \\[[^\\]]*\\]\\n', '', block)
+    if 'tags =' not in block:
+        block = block.rstrip() + f'\n  tags = ["{tag_value}","duoops"]\n'
+    return block
+
+text = pattern.sub(lambda m: transform(m.group(1)), text, count=1)
+config_path.write_text(text)
+PY
+fi
+
+systemctl enable gitlab-runner
+systemctl restart gitlab-runner
+`;
+const tryCreateRunnerToken = (projectPath, runnerDescription, runnerTag) => {
+    if (!hasBinary('glab')) {
+        return;
+    }
+    try {
+        const encoded = encodeURIComponent(normalizeProjectPath(projectPath));
+        const projectInfo = JSON.parse(execSync(`glab api "projects/${encoded}"`, { encoding: 'utf8' }));
+        const runner = execSync(`glab api --method POST "user/runners" -f runner_type=project_type -f project_id=${projectInfo.id} -f description="${runnerDescription}" -f tag_list="${runnerTag}" -f run_untagged=true`, { encoding: 'utf8' });
+        const payload = JSON.parse(runner);
+        return payload.token;
+    }
+    catch {
+    }
+};
 export default class Init extends Command {
-    static description = 'Initialize the configuration for DuoOps';
+    static description = 'Initialize DuoOps, optionally wiring a GitLab project and GCP runner';
     async run() {
-        this.log('Welcome to DuoOps! Let\'s set up your configuration.');
+        this.log(bold('Welcome to DuoOps!'));
         this.log('You will need a GitLab Personal Access Token with the "api" scope.');
-        this.log('You can generate one at: https://gitlab.com/-/user_settings/personal_access_tokens');
-        this.log('');
+        this.log('Create one at https://gitlab.com/-/user_settings/personal_access_tokens\n');
         const gitlabUrl = await input({
             default: 'https://gitlab.com',
             message: 'GitLab URL',
@@ -24,8 +211,9 @@ export default class Init extends Command {
         let bigqueryTable;
         let googleProjectId;
         if (enableMeasure) {
-            this.log('Note: You must have Google Cloud SDK installed and authenticated (gcloud auth application-default login) or a service account key.');
+            this.log(gray('Note: ensure the Google Cloud SDK is authenticated (gcloud auth application-default login) or supply a service account.'));
             googleProjectId = await input({
+                default: detectGcpProject(),
                 message: 'Google Cloud Project ID',
             });
             bigqueryDataset = await input({
@@ -39,11 +227,10 @@ export default class Init extends Command {
             const shouldCreate = await confirm({
                 message: `Attempt to create BigQuery Dataset (${bigqueryDataset}) and Table (${bigqueryTable}) if missing?`,
             });
-            if (shouldCreate) {
+            if (shouldCreate && googleProjectId) {
                 try {
                     this.log('Checking BigQuery resources...');
                     const bigquery = new BigQuery({ projectId: googleProjectId });
-                    // 1. Create Dataset
                     const dataset = bigquery.dataset(bigqueryDataset);
                     const [datasetExists] = await dataset.exists();
                     if (datasetExists) {
@@ -51,10 +238,8 @@ export default class Init extends Command {
                     }
                     else {
                         this.log(`Creating dataset '${bigqueryDataset}'...`);
-                        await dataset.create({ location: 'US' }); // Default location
-                        this.log('Dataset created.');
+                        await dataset.create({ location: 'US' });
                     }
-                    // 2. Create Table with Schema
                     const table = dataset.table(bigqueryTable);
                     const [tableExists] = await table.exists();
                     if (tableExists) {
@@ -74,10 +259,9 @@ export default class Init extends Command {
                             { name: 'cpu_utilization_avg', type: 'FLOAT' },
                             { name: 'ram_utilization_avg', type: 'FLOAT' },
                             { name: 'energy_kwh', type: 'FLOAT' },
-                            { name: 'total_emissions_g', type: 'FLOAT' }
+                            { name: 'total_emissions_g', type: 'FLOAT' },
                         ];
                         await table.create({ schema });
-                        this.log('Table created successfully.');
                     }
                 }
                 catch (error) {
@@ -86,12 +270,244 @@ export default class Init extends Command {
                 }
             }
         }
-        configManager.set({
+        const config = {
+            ...configManager.get(),
             gitlabToken,
             gitlabUrl,
             measure: enableMeasure ? { bigqueryDataset, bigqueryTable, googleProjectId } : undefined,
+        };
+        configManager.set(config);
+        this.log(green('Configuration saved.'));
+        this.log(`Try '${this.config.bin} pipelines:list <project>' to verify GitLab access.\n`);
+        const configureProject = await confirm({
+            default: true,
+            message: 'Configure a GitLab project (CI variables + optional GCP runner) now?',
+        });
+        if (!configureProject) {
+            return;
+        }
+        const updatedDefaultProject = await this.configureGitLabProject({ baseUrl: gitlabUrl, token: gitlabToken }, config.defaultProjectId);
+        if (updatedDefaultProject) {
+            const latest = configManager.get();
+            configManager.set({ ...latest, defaultProjectId: updatedDefaultProject });
+        }
+    }
+    async collectExistingRunnerInfo() {
+        const instanceName = await input({
+            message: 'Runner instance name (Compute Engine VM name)',
+        });
+        const gcpZone = await input({
+            message: 'Runner zone',
+        });
+        const gcpInstanceId = await input({
+            message: 'Runner instance ID (numeric)',
+        });
+        const machineType = await input({
+            default: 'e2-standard-4',
+            message: 'Runner machine type',
+        });
+        const runnerTag = await input({
+            default: 'gcp',
+            message: 'Runner tag (used in your .gitlab-ci.yml)',
+        });
+        return {
+            gcpInstanceId,
+            gcpZone,
+            instanceName,
+            machineType,
+            runnerTag,
+        };
+    }
+    async configureGitLabProject(auth, currentDefault) {
+        if (!auth.baseUrl || !auth.token) {
+            this.warn('GitLab credentials missing, skipping project configuration.');
+            return;
+        }
+        const projectPath = await input({
+            default: currentDefault ?? detectGitRemotePath(),
+            message: 'GitLab project path (e.g., group/project)',
+        });
+        if (!projectPath) {
+            this.warn('Project path is required to configure CI variables.');
+        }
+        const setAsDefault = await confirm({
+            default: !currentDefault,
+            message: 'Use this project as the default for DuoOps commands?',
+        });
+        const gcpProjectId = await input({
+            default: detectGcpProject(),
+            message: 'GCP Project ID',
+        });
+        if (!gcpProjectId) {
+            this.warn('GCP Project ID is required to collect metrics.');
+            return setAsDefault ? projectPath : undefined;
+        }
+        let serviceAccountEmail = await input({
+            default: `duoops-runner@${gcpProjectId}.iam.gserviceaccount.com`,
+            message: 'Service account email for DuoOps measurements',
+        });
+        serviceAccountEmail = serviceAccountEmail.trim();
+        if (!serviceAccountEmail) {
+            this.error('Service account email is required.');
+        }
+        ensureServiceAccount(gcpProjectId, serviceAccountEmail);
+        const runnerChoice = (await select({
+            choices: [
+                { name: 'Provision new GCP runner VM', value: 'provision' },
+                { name: 'Use existing runner', value: 'existing' },
+            ],
+            message: 'Runner setup',
+        }));
+        const runnerInfo = runnerChoice === 'provision'
+            ? await this.provisionGcpRunner(auth, projectPath, gcpProjectId, serviceAccountEmail)
+            : await this.collectExistingRunnerInfo();
+        const keySource = (await select({
+            choices: [
+                { name: 'Create a new key with gcloud (recommended)', value: 'create' },
+                { name: 'Use an existing JSON key file', value: 'file' },
+            ],
+            message: 'Service account key for CI (used by duoops measure job)',
+        }));
+        let saKeyBase64;
+        if (keySource === 'create') {
+            saKeyBase64 = createServiceAccountKey(gcpProjectId, serviceAccountEmail);
+        }
+        else {
+            const keyPath = await input({
+                message: 'Path to service account JSON key',
+            });
+            if (!keyPath) {
+                this.error('Key path is required.');
+            }
+            if (!fs.existsSync(keyPath)) {
+                this.error(`File not found: ${keyPath}`);
+            }
+            saKeyBase64 = fs.readFileSync(keyPath).toString('base64');
+        }
+        const variables = [
+            { key: 'GCP_PROJECT_ID', value: gcpProjectId },
+            { key: 'GCP_ZONE', value: runnerInfo.gcpZone },
+            { key: 'GCP_INSTANCE_ID', value: runnerInfo.gcpInstanceId },
+            { key: 'MACHINE_TYPE', value: runnerInfo.machineType },
+            { key: 'GCP_SA_KEY_BASE64', masked: true, value: saKeyBase64 },
+        ];
+        this.log('\nUpdating GitLab CI/CD variables...');
+        await Promise.all(variables.map(async (variable) => {
+            try {
+                await setGitlabVariable(auth, projectPath, variable);
+                this.log(green(`  OK ${variable.key}`));
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                this.warn(`  WARN Failed to set ${variable.key}: ${message}`);
+            }
+        }));
+        this.log(gray('\nAdd the duoops measure component to your .gitlab-ci.yml (demo/.duoops/measure-component.yml is a good starting point).'));
+        this.log(gray(`Use the '${runnerInfo.runnerTag}' tag on jobs that should target this runner.`));
+        this.log(green('Project wiring complete!'));
+        const currentConfig = configManager.get();
+        const existingRunner = currentConfig.runner ?? {};
+        const updatedConfig = {
+            ...currentConfig,
+            gitlabProjectPath: projectPath,
+            runner: {
+                ...existingRunner,
+                gcpInstanceId: runnerInfo.gcpInstanceId,
+                gcpProjectId,
+                gcpZone: runnerInfo.gcpZone,
+                instanceName: runnerInfo.instanceName,
+                machineType: runnerInfo.machineType,
+            },
+        };
+        if (setAsDefault) {
+            updatedConfig.defaultProjectId = projectPath;
+        }
+        configManager.set(updatedConfig);
+        return setAsDefault ? projectPath : undefined;
+    }
+    async provisionGcpRunner(auth, projectPath, gcpProjectId, serviceAccountEmail) {
+        if (!hasBinary('gcloud')) {
+            this.error('gcloud CLI is required to provision a runner. Install it from https://cloud.google.com/sdk');
+        }
+        const vmName = await input({
+            default: 'duoops-runner',
+            message: 'Runner VM name',
+        });
+        const gcpZone = await input({
+            default: 'us-central1-a',
+            message: 'GCP zone',
         });
-        this.log('Configuration saved successfully!');
-        this.log(`You can now use DuoOps commands. Try running '${this.config.bin} pipelines:list <project-id>'`);
+        const machineType = await input({
+            default: 'e2-standard-4',
+            message: 'Machine type',
+        });
+        const runnerTag = await input({
+            default: 'gcp',
+            message: 'Runner tag (GitLab jobs will use this)',
+        });
+        ensureComputeApiEnabled(gcpProjectId, (message) => this.log(message));
+        ensureMonitoringApiEnabled(gcpProjectId, (message) => this.log(message));
+        let runnerToken = tryCreateRunnerToken(projectPath, vmName, runnerTag);
+        if (!runnerToken) {
+            this.log(gray('Unable to create a runner token automatically. Generate one in your GitLab project (Settings → CI/CD → Runners) and paste it below.'));
+            runnerToken = await password({
+                mask: '*',
+                message: 'Runner token (starts with glrt-)',
+            });
+        }
+        if (!runnerToken) {
+            this.error('Runner token required to register the VM.');
+        }
+        const startupScript = buildStartupScript({
+            gitlabUrl: normalizeGitLabUrl(auth.baseUrl),
+            runnerTag,
+            vmName,
+        });
+        const scriptPath = path.join(os.tmpdir(), `duoops-runner-${Date.now()}.sh`);
+        fs.writeFileSync(scriptPath, startupScript);
+        try {
+            const metadataArg = `--metadata=runner-token=${JSON.stringify(runnerToken)},runner-tag=${JSON.stringify(runnerTag)}`;
+            const metadataFileArg = `--metadata-from-file=startup-script=${JSON.stringify(scriptPath)}`;
+            const command = [
+                'gcloud',
+                'compute',
+                'instances',
+                'create',
+                vmName,
+                `--project=${gcpProjectId}`,
+                `--zone=${gcpZone}`,
+                `--machine-type=${machineType}`,
+                `--service-account=${serviceAccountEmail}`,
+                '--scopes=https://www.googleapis.com/auth/cloud-platform',
+                metadataArg,
+                metadataFileArg,
+                '--image-family=debian-12',
+                '--image-project=debian-cloud',
+            ].join(' ');
+            this.log(gray('\nProvisioning VM (this may take a minute)...'));
+            await runWithRetries(command, { stdio: 'inherit' }, 3, (message) => {
+                this.log(message);
+            });
+            this.log(green('VM created. Waiting for instance ID...'));
+        }
+        finally {
+            fs.unlinkSync(scriptPath);
+        }
+        let gcpInstanceId = '';
+        try {
+            gcpInstanceId = execSync(`gcloud compute instances describe ${vmName} --project=${gcpProjectId} --zone=${gcpZone} --format="value(id)"`, { encoding: 'utf8' })
+                .toString()
+                .trim();
+        }
+        catch {
+            this.warn('Unable to read instance ID automatically. Provide it manually in CI variables.');
+        }
+        return {
+            gcpInstanceId,
+            gcpZone,
+            instanceName: vmName,
+            machineType,
+            runnerTag,
+        };
     }
 }

package/dist/commands/runner/logs.d.ts

@@ -0,0 +1,9 @@
+import { Command } from '@oclif/core';
+export default class RunnerLogs extends Command {
+    static description: string;
+    static flags: {
+        lines: import("@oclif/core/interfaces").OptionFlag<number, import("@oclif/core/interfaces").CustomOptions>;
+        unit: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/runner/logs.js

@@ -0,0 +1,36 @@
+import { Command, Flags } from '@oclif/core';
+import { execSync } from 'node:child_process';
+import { configManager } from '../../lib/config.js';
+export default class RunnerLogs extends Command {
+    static description = 'Show systemd logs from the DuoOps runner VM';
+    static flags = {
+        lines: Flags.integer({
+            char: 'n',
+            default: 200,
+            description: 'Number of log lines to show',
+        }),
+        unit: Flags.string({
+            char: 'u',
+            default: 'gitlab-runner',
+            description: 'systemd unit to inspect',
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(RunnerLogs);
+        const { runner } = configManager.get();
+        if (!runner?.instanceName || !runner?.gcpProjectId || !runner?.gcpZone) {
+            this.error('Runner details are missing. Re-run "duoops init" and configure a project so the runner metadata is stored locally.');
+        }
+        const command = [
+            'gcloud',
+            'compute',
+            'ssh',
+            runner.instanceName,
+            `--project=${runner.gcpProjectId}`,
+            `--zone=${runner.gcpZone}`,
+            `--command=${JSON.stringify(`sudo journalctl -u ${flags.unit} -n ${flags.lines} --no-pager`)}`,
+        ].join(' ');
+        this.log(`Executing: ${command}`);
+        execSync(command, { stdio: 'inherit' });
+    }
+}

package/dist/commands/runner/reinstall-duoops.d.ts

@@ -0,0 +1,8 @@
+import { Command } from '@oclif/core';
+export default class RunnerReinstallDuoops extends Command {
+    static description: string;
+    static flags: {
+        version: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/dist/commands/runner/reinstall-duoops.js

@@ -0,0 +1,31 @@
+import { Command, Flags } from '@oclif/core';
+import { execSync } from 'node:child_process';
+import { configManager } from '../../lib/config.js';
+export default class RunnerReinstallDuoops extends Command {
+    static description = 'Reinstall the DuoOps CLI on the runner VM';
+    static flags = {
+        version: Flags.string({
+            description: 'DuoOps version to install on the runner (defaults to current CLI version)',
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(RunnerReinstallDuoops);
+        const { runner } = configManager.get();
+        if (!runner?.instanceName || !runner?.gcpProjectId || !runner?.gcpZone) {
+            this.error('Runner details are missing. Re-run "duoops init" and configure a project so the runner metadata is stored locally.');
+        }
+        const targetVersion = flags.version ?? this.config.version ?? 'latest';
+        const remoteScript = `sudo npm install -g duoops@${targetVersion} && duoops --version`;
+        const command = [
+            'gcloud',
+            'compute',
+            'ssh',
+            runner.instanceName,
+            `--project=${runner.gcpProjectId}`,
+            `--zone=${runner.gcpZone}`,
+            `--command=${JSON.stringify(remoteScript)}`,
+        ].join(' ');
+        this.log(`Installing duoops@${targetVersion} on ${runner.instanceName}...`);
+        execSync(command, { stdio: 'inherit' });
+    }
+}

package/dist/lib/config.d.ts

@@ -1,5 +1,6 @@
 export interface DuoOpsConfig {
     defaultProjectId?: string;
+    gitlabProjectPath?: string;
     gitlabToken?: string;
     gitlabUrl?: string;
     measure?: {
@@ -7,6 +8,13 @@ export interface DuoOpsConfig {
         bigqueryTable?: string;
         googleProjectId?: string;
     };
+    runner?: {
+        gcpInstanceId?: string;
+        gcpProjectId?: string;
+        gcpZone?: string;
+        instanceName?: string;
+        machineType?: string;
+    };
 }
 export declare class ConfigManager {
     private configPath;