ghcr-manager 0.0.4 → 0.9.0

package/dist/cli/_db-merge-command.js

@@ -0,0 +1,41 @@
+import { collectRepeatedOption, requireOption } from "./_args.js";
+import { DbMergeRepository, openDatabase } from "../db/index.js";
+export async function handleDbMerge(args) {
+    const databasePath = requireOption(args, "--db");
+    const sourceDatabasePaths = collectRepeatedOption(args, "--source-db");
+    if (sourceDatabasePaths.length === 0) {
+        throw new Error("missing required option: --source-db");
+    }
+    const targetDatabase = openDatabase(databasePath);
+    try {
+        const merger = new DbMergeRepository(targetDatabase);
+        const summaries = [];
+        let importedScanCount = 0;
+        let skippedScanCount = 0;
+        let importedCleanupRunCount = 0;
+        let skippedCleanupRunCount = 0;
+        for (const sourceDatabasePath of sourceDatabasePaths) {
+            const sourceDatabase = openDatabase(sourceDatabasePath);
+            sourceDatabase.close();
+            const summary = merger.mergeSourceDatabase(sourceDatabasePath);
+            summaries.push(summary);
+            importedScanCount += summary.importedScanCount;
+            skippedScanCount += summary.skippedScanCount;
+            importedCleanupRunCount += summary.importedCleanupRunCount;
+            skippedCleanupRunCount += summary.skippedCleanupRunCount;
+        }
+        console.log(JSON.stringify({
+            targetDatabasePath: databasePath,
+            sourceDatabaseCount: sourceDatabasePaths.length,
+            importedScanCount,
+            skippedScanCount,
+            importedCleanupRunCount,
+            skippedCleanupRunCount,
+            sources: summaries
+        }, null, 2));
+        return 0;
+    }
+    finally {
+        targetDatabase.close();
+    }
+}

package/dist/cli/_github-output.d.ts

@@ -0,0 +1,10 @@
+export interface GitHubScanOutputs {
+    owner: string;
+    packageName: string;
+    scanCompletedAt: string;
+    packageVersions: number;
+    tags: number;
+    manifests: number;
+    manifestEdges: number;
+}
+export declare function writeGitHubScanOutputs(outputPath: string, outputs: GitHubScanOutputs): void;

package/dist/cli/_github-output.js

@@ -0,0 +1,13 @@
+import { appendFileSync } from "node:fs";
+export function writeGitHubScanOutputs(outputPath, outputs) {
+    const lines = [
+        `owner=${outputs.owner}`,
+        `package_name=${outputs.packageName}`,
+        `scan_completed_at=${outputs.scanCompletedAt}`,
+        `package_versions=${outputs.packageVersions}`,
+        `tags=${outputs.tags}`,
+        `manifests=${outputs.manifests}`,
+        `manifest_edges=${outputs.manifestEdges}`
+    ];
+    appendFileSync(outputPath, `${lines.join("\n")}\n`);
+}

package/dist/cli/_logger.d.ts

@@ -1,5 +1,6 @@
-export type LogLevel = "debug" | "info" | "warn" | "error" | "silent";
+export type LogLevel = "trace" | "debug" | "info" | "warn" | "error" | "silent";
 export interface Logger {
+    trace(message: string): void;
     debug(message: string): void;
     info(message: string): void;
     warn(message: string): void;

package/dist/cli/_logger.js

@@ -1,4 +1,5 @@
 const _logLevelPriority = {
+    trace: 0,
     debug: 10,
     info: 20,
     warn: 30,
@@ -10,6 +11,7 @@ export function isLogLevel(value) {
 }
 export function createLogger(level, sink = process.stderr) {
     return {
+        trace: _write.bind(null, "trace", level, sink),
         debug: _write.bind(null, "debug", level, sink),
         info: _write.bind(null, "info", level, sink),
         warn: _write.bind(null, "warn", level, sink),

package/dist/cli/_older-than.d.ts

@@ -0,0 +1,5 @@
+export interface OlderThanResolution {
+    olderThan: string;
+    cutoffTimestamp: string;
+}
+export declare function resolveOlderThan(rawValue: string, now: Date): OlderThanResolution;

package/dist/cli/_older-than.js

@@ -0,0 +1,42 @@
+export function resolveOlderThan(rawValue, now) {
+    const normalized = rawValue.trim().toLowerCase();
+    const match = normalized.match(/^(\d+)\s+(minute|minutes|hour|hours|day|days|week|weeks|month|months|year|years)$/);
+    if (!match) {
+        throw new Error(`invalid older-than interval: ${rawValue}`);
+    }
+    const amount = Number(match[1]);
+    const unit = match[2];
+    const cutoff = new Date(now.getTime());
+    switch (unit) {
+        case "minute":
+        case "minutes":
+            cutoff.setUTCMinutes(cutoff.getUTCMinutes() - amount);
+            break;
+        case "hour":
+        case "hours":
+            cutoff.setUTCHours(cutoff.getUTCHours() - amount);
+            break;
+        case "day":
+        case "days":
+            cutoff.setUTCDate(cutoff.getUTCDate() - amount);
+            break;
+        case "week":
+        case "weeks":
+            cutoff.setUTCDate(cutoff.getUTCDate() - amount * 7);
+            break;
+        case "month":
+        case "months":
+            cutoff.setUTCMonth(cutoff.getUTCMonth() - amount);
+            break;
+        case "year":
+        case "years":
+            cutoff.setUTCFullYear(cutoff.getUTCFullYear() - amount);
+            break;
+        default:
+            throw new Error(`invalid older-than unit: ${unit}`);
+    }
+    return {
+        olderThan: normalized,
+        cutoffTimestamp: cutoff.toISOString()
+    };
+}

package/dist/cli/_planner-options.d.ts

@@ -0,0 +1,20 @@
+import type { DeletePlan, PlannerRepository } from "../db/index.js";
+export interface PlanCommandInputs {
+    databasePath: string;
+    owner: string;
+    packageName: string;
+    deleteTags: string[];
+    deleteTagsRequested: boolean;
+    deleteGhostImages: boolean;
+    deletePartialImages: boolean;
+    deleteOrphanedImages: boolean;
+    excludeTags: string[];
+    deleteUntagged: boolean;
+    useRegex: boolean;
+    keepNTagged?: number;
+    keepNUntagged?: number;
+    olderThan?: string;
+    cutoffTimestamp?: string;
+}
+export declare function resolvePlanCommandInputs(args: string[]): PlanCommandInputs;
+export declare function loadDeletePlan(repository: PlannerRepository, inputs: PlanCommandInputs): DeletePlan;

package/dist/cli/_planner-options.js

@@ -0,0 +1,101 @@
+import { collectRepeatedOption, hasFlag, requireOption } from "./_args.js";
+import { resolveOlderThan } from "./_older-than.js";
+export function resolvePlanCommandInputs(args) {
+    const databasePath = requireOption(args, "--db");
+    const owner = requireOption(args, "--owner");
+    const packageName = requireOption(args, "--package");
+    const deleteTags = collectRepeatedOption(args, "--delete-tag");
+    const deleteGhostImages = hasFlag(args, "--delete-ghost-images");
+    const deletePartialImages = hasFlag(args, "--delete-partial-images");
+    const deleteOrphanedImages = hasFlag(args, "--delete-orphaned-images");
+    const excludeTags = collectRepeatedOption(args, "--exclude-tag");
+    const deleteUntagged = hasFlag(args, "--delete-untagged");
+    const useRegex = hasFlag(args, "--use-regex");
+    const keepNTaggedRaw = collectRepeatedOption(args, "--keep-n-tagged");
+    const keepNUntaggedRaw = collectRepeatedOption(args, "--keep-n-untagged");
+    const olderThanRaw = collectRepeatedOption(args, "--older-than");
+    if (keepNTaggedRaw.length > 1) {
+        throw new Error("--keep-n-tagged may only be provided once");
+    }
+    if (keepNUntaggedRaw.length > 1) {
+        throw new Error("--keep-n-untagged may only be provided once");
+    }
+    const keepNTagged = keepNTaggedRaw[0] ? resolveKeepCount("--keep-n-tagged", keepNTaggedRaw[0]) : undefined;
+    const keepNUntagged = keepNUntaggedRaw[0] ? resolveKeepCount("--keep-n-untagged", keepNUntaggedRaw[0]) : undefined;
+    const taggedSelectorActive = deleteTags.length > 0 ||
+        deleteGhostImages ||
+        deletePartialImages ||
+        deleteOrphanedImages ||
+        keepNTagged !== undefined;
+    const selectorCount = (deleteUntagged ? 1 : 0) + (taggedSelectorActive ? 1 : 0) + (keepNUntagged !== undefined ? 1 : 0);
+    if (selectorCount > 1) {
+        throw new Error("plan currently supports exactly one selector family: --delete-untagged, --delete-tag, --delete-ghost-images, --delete-partial-images, --delete-orphaned-images, --keep-n-tagged, or --keep-n-untagged");
+    }
+    if (selectorCount === 0) {
+        throw new Error("missing required cleanup selector: --delete-untagged, --delete-tag, --delete-ghost-images, --delete-partial-images, --delete-orphaned-images, --keep-n-tagged, or --keep-n-untagged");
+    }
+    if ((deleteUntagged || keepNUntagged !== undefined) && excludeTags.length > 0) {
+        throw new Error("--exclude-tag is only supported with tagged selector families");
+    }
+    if (olderThanRaw.length > 1) {
+        throw new Error("--older-than may only be provided once");
+    }
+    const olderThan = olderThanRaw[0] ? resolveOlderThan(olderThanRaw[0], new Date()) : undefined;
+    return {
+        databasePath,
+        owner,
+        packageName,
+        deleteTags,
+        deleteTagsRequested: deleteTags.length > 0 || deleteGhostImages || deletePartialImages || deleteOrphanedImages,
+        deleteGhostImages,
+        deletePartialImages,
+        deleteOrphanedImages,
+        excludeTags,
+        deleteUntagged,
+        useRegex,
+        keepNTagged,
+        keepNUntagged,
+        olderThan: olderThan?.olderThan,
+        cutoffTimestamp: olderThan?.cutoffTimestamp
+    };
+}
+export function loadDeletePlan(repository, inputs) {
+    if (inputs.keepNUntagged !== undefined) {
+        return repository.getKeepNUntaggedPlanWithCutoff(inputs.owner, inputs.packageName, inputs.keepNUntagged, {
+            olderThan: inputs.olderThan,
+            cutoffTimestamp: inputs.cutoffTimestamp
+        });
+    }
+    if (inputs.deleteUntagged) {
+        return repository.getDeleteUntaggedPlanWithCutoff(inputs.owner, inputs.packageName, {
+            olderThan: inputs.olderThan,
+            cutoffTimestamp: inputs.cutoffTimestamp
+        });
+    }
+    if (!inputs.deleteTagsRequested &&
+        !inputs.deleteGhostImages &&
+        !inputs.deletePartialImages &&
+        !inputs.deleteOrphanedImages &&
+        inputs.keepNTagged !== undefined) {
+        return repository.getKeepNTaggedPlanWithCutoff(inputs.owner, inputs.packageName, inputs.keepNTagged, [], {
+            olderThan: inputs.olderThan,
+            cutoffTimestamp: inputs.cutoffTimestamp
+        });
+    }
+    return repository.getDeleteTagsPlanWithCutoff(inputs.owner, inputs.packageName, inputs.deleteTags, inputs.excludeTags, {
+        deleteGhostImages: inputs.deleteGhostImages,
+        deletePartialImages: inputs.deletePartialImages,
+        deleteOrphanedImages: inputs.deleteOrphanedImages,
+        deleteTagsRequested: inputs.deleteTagsRequested,
+        keepNTagged: inputs.keepNTagged,
+        useRegex: inputs.useRegex,
+        olderThan: inputs.olderThan,
+        cutoffTimestamp: inputs.cutoffTimestamp
+    });
+}
+function resolveKeepCount(optionName, rawValue) {
+    if (!/^\d+$/.test(rawValue)) {
+        throw new Error(`${optionName} must be a non-negative integer`);
+    }
+    return Number.parseInt(rawValue, 10);
+}

package/dist/cli/_scan-command.js

@@ -1,11 +1,14 @@
 import { ScanWriter, SnapshotRepository, openDatabase } from "../db/index.js";
 import { importGitHubScan } from "../ingest/github/index.js";
-import { requireOption, resolveGitHubToken, resolveLogLevel } from "./_args.js";
+import { findOption, requireOption, resolveGitHubToken, resolveLogLevel } from "./_args.js";
+import { writeGitHubScanOutputs } from "./_github-output.js";
 import { createLogger } from "./_logger.js";
 export async function handleScan(args) {
     const databasePath = requireOption(args, "--db");
     const owner = requireOption(args, "--owner");
     const packageName = requireOption(args, "--package");
+    const githubOutputPath = findOption(args, "--github-output");
+    const token = resolveGitHubToken(args);
     const logger = createLogger(resolveLogLevel(args));
     const database = openDatabase(databasePath);
     const repository = new SnapshotRepository(database);
@@ -13,12 +16,12 @@ export async function handleScan(args) {
     await importGitHubScan({
         owner,
         packageName,
-        token: resolveGitHubToken(args),
+        token,
         logger
     }, writer, repository);
     const scanId = writer.getActiveScanId();
     const metadata = repository.getPackageMetadata(scanId);
-    console.log(JSON.stringify({
+    const summary = {
         owner: metadata.owner,
         packageName: metadata.packageName,
         scanCompletedAt: metadata.scanCompletedAt,
@@ -26,7 +29,11 @@ export async function handleScan(args) {
         tags: repository.countTags(scanId),
         manifests: repository.countManifests(scanId),
         manifestEdges: repository.countManifestEdges(scanId)
-    }, null, 2));
+    };
+    if (githubOutputPath) {
+        writeGitHubScanOutputs(githubOutputPath, summary);
+    }
+    console.log(JSON.stringify(summary));
     database.close();
     return 0;
 }

package/dist/cli/_tag-selector-resolver.d.ts

@@ -0,0 +1,3 @@
+import type Database from "better-sqlite3";
+import type { PlanCommandInputs } from "./_planner-options.js";
+export declare function resolveTagSelectors(database: Database.Database, inputs: PlanCommandInputs): PlanCommandInputs;

package/dist/cli/_tag-selector-resolver.js

@@ -0,0 +1,109 @@
+export function resolveTagSelectors(database, inputs) {
+    if (!inputs.deleteGhostImages && !inputs.deletePartialImages && !inputs.deleteOrphanedImages) {
+        return inputs;
+    }
+    return {
+        ...inputs,
+        deleteTags: inputs.deleteGhostImages
+            ? _listLatestGhostTags(database, inputs.owner, inputs.packageName, inputs.cutoffTimestamp)
+            : inputs.deletePartialImages
+                ? _listLatestPartialTags(database, inputs.owner, inputs.packageName, inputs.cutoffTimestamp)
+                : inputs.deleteOrphanedImages
+                    ? _listLatestOrphanedTags(database, inputs.owner, inputs.packageName, inputs.cutoffTimestamp)
+                    : inputs.deleteTags
+    };
+}
+function _listLatestGhostTags(database, owner, packageName, cutoffTimestamp) {
+    return _listLatestBrokenIndexTags(database, owner, packageName, cutoffTimestamp, "all-missing");
+}
+function _listLatestPartialTags(database, owner, packageName, cutoffTimestamp) {
+    return _listLatestBrokenIndexTags(database, owner, packageName, cutoffTimestamp, "some-missing");
+}
+function _listLatestBrokenIndexTags(database, owner, packageName, cutoffTimestamp, mode) {
+    const havingClause = mode === "all-missing"
+        ? "COUNT(*) > 0 AND COUNT(child.digest) = 0"
+        : "COUNT(child.digest) > 0 AND COUNT(child.digest) < COUNT(*)";
+    const rows = database
+        .prepare(`
+        WITH latest_scan AS (
+          SELECT scan_id
+          FROM v_latest_scan_per_package
+          WHERE owner = ?
+            AND package_name = ?
+          LIMIT 1
+        ),
+        ghost_roots AS (
+          SELECT
+            m.scan_id,
+            m.version_id
+          FROM latest_scan ls
+          JOIN manifests m
+            ON m.scan_id = ls.scan_id
+          JOIN package_versions pv
+            ON pv.scan_id = m.scan_id
+           AND pv.version_id = m.version_id
+          JOIN tags root_tags
+            ON root_tags.scan_id = m.scan_id
+           AND root_tags.version_id = m.version_id
+          JOIN manifest_descriptors md
+            ON md.scan_id = m.scan_id
+           AND md.parent_digest = m.digest
+          LEFT JOIN manifests child
+            ON child.scan_id = md.scan_id
+           AND child.digest = md.child_digest
+          WHERE m.media_type IN (
+            'application/vnd.oci.image.index.v1+json',
+            'application/vnd.docker.distribution.manifest.list.v2+json'
+          )
+            AND NOT EXISTS (
+              SELECT 1
+              FROM manifest_reachability mr
+              WHERE mr.scan_id = m.scan_id
+                AND mr.descendant_digest = m.digest
+                AND mr.min_distance > 0
+            )
+            AND (? IS NULL OR pv.created_at < ?)
+          GROUP BY m.scan_id, m.version_id
+          HAVING ${havingClause}
+        )
+        SELECT DISTINCT t.tag
+        FROM ghost_roots gr
+        JOIN tags t
+          ON t.scan_id = gr.scan_id
+         AND t.version_id = gr.version_id
+        ORDER BY t.tag
+      `)
+        .all(owner, packageName, cutoffTimestamp ?? null, cutoffTimestamp ?? null);
+    return rows.map((row) => row.tag);
+}
+// Some OCI tooling publishes companion artifacts such as signatures or attestations under
+// digest-derived tags in the same repository, for example `sha256-<digest>.sig`, while the
+// actual relationship is the artifact's subject/referrer link to the parent digest.
+//
+// Public references:
+// - Sigstore Cosign example pushing `sha256-<digest>.sig`:
+//   https://docs.sigstore.dev/cosign/signing/other_types/
+// - OCI referrers / subject model:
+//   https://github.com/opencontainers/distribution-spec/blob/main/spec.md
+//
+// This resolver intentionally mirrors the `delete-orphaned-images` behavior from
+// `dataaxiom/ghcr-cleanup-action`, but keeps the check narrow and local to the current package
+// scan: derive the parent digest from the tag, then treat the tag as orphaned only when that
+// digest is absent from the scanned manifests for the same package.
+function _listLatestOrphanedTags(database, owner, packageName, cutoffTimestamp) {
+    const rows = database
+        .prepare(`
+        SELECT DISTINCT dtr.tag
+        FROM v_digest_derived_tag_relations dtr
+        INNER JOIN package_versions pv
+          ON pv.scan_id = dtr.scan_id
+         AND pv.version_id = dtr.artifact_version_id
+        WHERE dtr.owner = ?
+          AND dtr.package_name = ?
+          AND dtr.parent_exists = 0
+          AND (? IS NULL OR pv.created_at < ?)
+        ORDER BY dtr.tag
+      `)
+        .all(owner, packageName, cutoffTimestamp ?? null, cutoffTimestamp ?? null);
+    return rows.map((row) => row.tag);
+}

package/dist/cli/_untag-command.d.ts

@@ -0,0 +1 @@
+export declare function handleUntag(args: string[]): Promise<number>;

package/dist/cli/_untag-command.js

@@ -0,0 +1,57 @@
+import { listPackageVersionTagSources, untagRootTags } from "../execute/index.js";
+import { collectRepeatedOption, hasFlag, requireOption, resolveGitHubToken, resolveLogLevel } from "./_args.js";
+import { createLogger } from "./_logger.js";
+export async function handleUntag(args) {
+    const owner = requireOption(args, "--owner");
+    const packageName = requireOption(args, "--package");
+    const requestedTags = [...new Set(collectRepeatedOption(args, "--tag"))];
+    if (requestedTags.length === 0) {
+        throw new Error("missing required option: --tag");
+    }
+    const token = resolveGitHubToken(args);
+    const dryRun = hasFlag(args, "--dry-run");
+    const logger = createLogger(resolveLogLevel(args));
+    const tagSources = await listPackageVersionTagSources(owner, packageName, requestedTags, token, logger);
+    const matchedTags = new Set(tagSources.map((tagSource) => tagSource.tag));
+    const missingTags = requestedTags.filter((tag) => !matchedTags.has(tag));
+    if (missingTags.length > 0) {
+        throw new Error(`could not resolve tag(s): ${missingTags.join(", ")}`);
+    }
+    const roots = _groupTagSources(tagSources);
+    const untaggedTags = [];
+    if (!dryRun) {
+        for (const root of roots) {
+            untaggedTags.push(...(await untagRootTags(owner, packageName, root.versionId, root.digest, root.tags, {
+                token,
+                logger
+            })));
+        }
+    }
+    const summary = {
+        owner,
+        packageName,
+        requestedTags,
+        dryRun,
+        roots,
+        untaggedTags
+    };
+    console.log(JSON.stringify(summary));
+    return 0;
+}
+function _groupTagSources(tagSources) {
+    const groups = new Map();
+    for (const tagSource of tagSources) {
+        const key = `${tagSource.sourceVersionId}:${tagSource.sourceDigest}`;
+        const existing = groups.get(key);
+        if (existing) {
+            existing.tags.push(tagSource.tag);
+            continue;
+        }
+        groups.set(key, {
+            versionId: tagSource.sourceVersionId,
+            digest: tagSource.sourceDigest,
+            tags: [tagSource.tag]
+        });
+    }
+    return [...groups.values()];
+}

package/dist/cli/index.js

@@ -1,7 +1,10 @@
 #!/usr/bin/env node
 import { realpathSync } from "node:fs";
 import { fileURLToPath } from "node:url";
+import { handleCleanup } from "./_cleanup-command.js";
+import { handleDbMerge } from "./_db-merge-command.js";
 import { handleScan } from "./_scan-command.js";
+import { handleUntag } from "./_untag-command.js";
 export async function main(argv) {
     const [command, ...rest] = argv;
     if (!command) {
@@ -9,15 +12,30 @@ export async function main(argv) {
         return 1;
     }
     switch (command) {
+        case "cleanup":
+            return handleCleanup(rest);
+        case "db-merge":
+            return handleDbMerge(rest);
         case "scan":
             return handleScan(rest);
+        case "untag":
+            return handleUntag(rest);
         default:
             throw new Error(`unknown command: ${command}`);
     }
 }
 function printUsage() {
     console.error(`Usage:
-  ghcr-manager scan --db <path> [--log-level <debug|info|warn|error|silent>] --owner <org> --package <name> --token <token>`);
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --delete-untagged [--older-than <interval>]
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --delete-ghost-images [--exclude-tag <tag> ...] [--use-regex] [--keep-n-tagged <count>] [--older-than <interval>]
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --delete-partial-images [--exclude-tag <tag> ...] [--use-regex] [--keep-n-tagged <count>] [--older-than <interval>]
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --delete-orphaned-images [--exclude-tag <tag> ...] [--use-regex] [--keep-n-tagged <count>] [--older-than <interval>]
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --keep-n-tagged <count> [--older-than <interval>]
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --keep-n-untagged <count> [--older-than <interval>]
+  ghcr-manager cleanup --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> [--token <token>] --delete-tag <tag> [--delete-tag <tag> ...] [--exclude-tag <tag> ...] [--use-regex] [--older-than <interval>]
+  ghcr-manager db-merge --db <target-path> --source-db <path> [--source-db <path> ...]
+  ghcr-manager scan --db <path> [--log-level <trace|debug|info|warn|error|silent>] [--github-output <path>] --owner <org> --package <name> --token <token>
+  ghcr-manager untag [--log-level <trace|debug|info|warn|error|silent>] [--dry-run] --owner <org> --package <name> --token <token> --tag <tag> [--tag <tag> ...]`);
 }
 const _entryPath = process.argv[1];
 const _isDirectExecution = realpathSync(_entryPath) === realpathSync(fileURLToPath(import.meta.url));

package/dist/config/_service-constants.d.ts

@@ -0,0 +1,3 @@
+export declare const githubApiBaseUrl = "https://api.github.com";
+export declare const githubApiVersion = "2022-11-28";
+export declare const ghcrRegistryBaseUrl = "https://ghcr.io";

package/dist/config/_service-constants.js

@@ -0,0 +1,3 @@
+export const githubApiBaseUrl = "https://api.github.com";
+export const githubApiVersion = "2022-11-28";
+export const ghcrRegistryBaseUrl = "https://ghcr.io";

package/dist/{tuning → config}/index.d.ts

@@ -2,5 +2,8 @@ export declare const packageVersionPageFetchConcurrency = 4;
 export declare const manifestFetchConcurrency = 16;
 export declare const ingestRequestRetryCount = 3;
 export declare const ingestRequestRetryDelayMs = 1000;
+export declare const executeRequestRetryCount = 3;
+export declare const executeRequestRetryDelayMs = 1000;
 export declare const paginatedIngestProgressIntervalPages = 10;
 export declare const manifestIngestProgressStepRatio = 0.05;
+export { ghcrRegistryBaseUrl, githubApiBaseUrl, githubApiVersion } from "./_service-constants.js";

package/dist/{tuning → config}/index.js

@@ -2,5 +2,8 @@ export const packageVersionPageFetchConcurrency = 4;
 export const manifestFetchConcurrency = 16;
 export const ingestRequestRetryCount = 3;
 export const ingestRequestRetryDelayMs = 1000;
+export const executeRequestRetryCount = 3;
+export const executeRequestRetryDelayMs = 1000;
 export const paginatedIngestProgressIntervalPages = 10;
 export const manifestIngestProgressStepRatio = 0.05;
+export { ghcrRegistryBaseUrl, githubApiBaseUrl, githubApiVersion } from "./_service-constants.js";

package/dist/core/_github-package-owner.d.ts

@@ -0,0 +1,11 @@
+interface _FetchLikeResponse {
+    ok: boolean;
+    status: number;
+    headers: Headers;
+    json(): Promise<unknown>;
+}
+interface _Logger {
+    warn(message: string): void;
+}
+export declare function getOwnerURIComponent(fetchImpl: (input: string, init?: RequestInit) => Promise<_FetchLikeResponse>, owner: string, token: string, logger: _Logger): Promise<string>;
+export {};

package/dist/core/_github-package-owner.js

@@ -0,0 +1,45 @@
+import { githubApiBaseUrl, githubApiVersion, ingestRequestRetryCount, ingestRequestRetryDelayMs } from "../config/index.js";
+import { buildHttpErrorMessage } from "./_http-error.js";
+const _ownerUriComponentByOwner = new Map();
+export async function getOwnerURIComponent(fetchImpl, owner, token, logger) {
+    const cachedOwnerURIComponent = _ownerUriComponentByOwner.get(owner);
+    if (cachedOwnerURIComponent) {
+        return cachedOwnerURIComponent;
+    }
+    const url = new URL(`/users/${encodeURIComponent(owner)}`, githubApiBaseUrl).toString();
+    for (let attempt = 1;; attempt += 1) {
+        const response = await fetchImpl(url, {
+            headers: {
+                Accept: "application/vnd.github+json",
+                Authorization: `Bearer ${token}`,
+                "User-Agent": "ghcr-manager",
+                "X-GitHub-Api-Version": githubApiVersion
+            }
+        });
+        if (response.ok) {
+            const payload = (await response.json());
+            if (payload.type === "Organization") {
+                const ownerURIComponent = `orgs/${encodeURIComponent(owner)}`;
+                _ownerUriComponentByOwner.set(owner, ownerURIComponent);
+                return ownerURIComponent;
+            }
+            if (payload.type === "User") {
+                const ownerURIComponent = `users/${encodeURIComponent(owner)}`;
+                _ownerUriComponentByOwner.set(owner, ownerURIComponent);
+                return ownerURIComponent;
+            }
+            throw new Error(`GitHub owner lookup did not include a supported type`);
+        }
+        if (!_isRetryableStatus(response.status) || attempt > ingestRequestRetryCount) {
+            throw new Error(await buildHttpErrorMessage(response, "GitHub owner lookup failed"));
+        }
+        logger.warn(`GitHub owner lookup failed on attempt ${attempt}/${ingestRequestRetryCount + 1}; retrying in ${ingestRequestRetryDelayMs}ms - ${await buildHttpErrorMessage(response, "GitHub owner lookup failed")}`);
+        await _sleep(ingestRequestRetryDelayMs);
+    }
+}
+function _isRetryableStatus(status) {
+    return status === 429 || status === 502 || status === 503 || status === 504;
+}
+function _sleep(delayMs) {
+    return new Promise((resolve) => setTimeout(resolve, delayMs));
+}

package/dist/core/_http-error.d.ts

@@ -0,0 +1,6 @@
+export interface HttpErrorResponse {
+    status: number;
+    headers: Headers;
+    json(): Promise<unknown>;
+}
+export declare function buildHttpErrorMessage(response: HttpErrorResponse, fallback: string): Promise<string>;

package/dist/core/_http-error.js

@@ -0,0 +1,33 @@
+export async function buildHttpErrorMessage(response, fallback) {
+    const details = [fallback, `status ${response.status}`];
+    const body = await _readJsonErrorBody(response);
+    const message = typeof body?.message === "string" ? body.message : undefined;
+    const documentationUrl = typeof body?.documentation_url === "string" ? body.documentation_url : undefined;
+    const authenticateHeader = response.headers.get("www-authenticate") ?? undefined;
+    if (message) {
+        details.push(message);
+    }
+    if (documentationUrl) {
+        details.push(documentationUrl);
+    }
+    if (authenticateHeader) {
+        details.push(`www-authenticate: ${authenticateHeader}`);
+    }
+    return details.join(" - ");
+}
+async function _readJsonErrorBody(response) {
+    const contentType = response.headers.get("content-type")?.split(";")[0];
+    if (contentType && contentType !== "application/json" && !contentType.endsWith("+json")) {
+        return undefined;
+    }
+    try {
+        const body = await response.json();
+        if (body && typeof body === "object") {
+            return body;
+        }
+    }
+    catch {
+        return undefined;
+    }
+    return undefined;
+}