k3s-deployer 0.1.0

package/src/execute/index.cjs

@@ -0,0 +1,386 @@
+const path = require('node:path');
+const { createGeneratedDockerfile } = require('../templates/dockerfile.cjs');
+const { ensureCluster } = require('../bootstrap/index.cjs');
+const { upsertCloudflareDnsRecord } = require('../dns/cloudflare.cjs');
+const { buildMobileUnit, startMobilePreview } = require('../mobile/index.cjs');
+const { createDeploymentPlan } = require('../plan/index.cjs');
+const { createRunner } = require('../runtime/index.cjs');
+const { materializeLocalSource, materializeRemoteGitSource } = require('../shared/source.cjs');
+const { deriveHostAddress, ensureDir, shellQuote, slugify } = require('../shared/utils.cjs');
+
+function joinCommand(command) {
+  return Array.isArray(command) ? command.join(' ') : String(command || '');
+}
+
+function normalizeSupplementalFilePath(filePath) {
+  const normalized = path.posix
+    .normalize(String(filePath || '').replace(/\\/g, '/').trim())
+    .replace(/^\.\/+/, '');
+
+  if (
+    !normalized ||
+    normalized === '.' ||
+    normalized.includes('\n') ||
+    normalized.includes('\0') ||
+    normalized.startsWith('../') ||
+    path.posix.isAbsolute(normalized)
+  ) {
+    throw new Error(`Invalid supplemental file path: ${filePath}`);
+  }
+
+  return normalized;
+}
+
+function resolveCloudflareDnsOptions(config = {}, options = {}) {
+  const base = config.cloudflareDns || {};
+  const override = options.cloudflareDns || {};
+
+  return {
+    apiToken: override.apiToken || base.apiToken || undefined,
+    apiKey: override.apiKey || base.apiKey || undefined,
+    email: override.email || base.email || undefined,
+    zoneId: override.zoneId || base.zoneId || undefined,
+    targetIp: override.targetIp || base.targetIp || undefined,
+    proxied:
+      typeof override.proxied === 'boolean'
+        ? override.proxied
+        : typeof base.proxied === 'boolean'
+          ? base.proxied
+          : false,
+  };
+}
+
+async function writeManifestFiles(runner, manifestRoot, manifests) {
+  let index = 0;
+  for (const manifest of manifests) {
+    const filePath = path.posix.join(manifestRoot, `${String(index).padStart(2, '0')}.yaml`);
+    await runner.writeFile(filePath, manifest);
+    index += 1;
+  }
+}
+
+async function applySupplementalFiles(
+  runner,
+  workspacePath,
+  supplementalFiles,
+  options = {},
+) {
+  if (!Array.isArray(supplementalFiles) || supplementalFiles.length === 0) {
+    return;
+  }
+
+  for (const file of supplementalFiles) {
+    const normalizedPath = normalizeSupplementalFilePath(file.path);
+    const targetPath = path.posix.join(workspacePath, normalizedPath);
+
+    if (options.dryRun) {
+      if (options.onLog) {
+        await options.onLog(`Would inject supplemental file ${normalizedPath}`);
+      }
+      continue;
+    }
+
+    if (typeof runner.writeBase64File === 'function') {
+      await runner.writeBase64File(targetPath, file.contentBase64);
+    } else {
+      await runner.writeFile(
+        targetPath,
+        Buffer.from(file.contentBase64, 'base64').toString('utf8'),
+      );
+    }
+
+    if (options.onLog) {
+      await options.onLog(`Injected supplemental file ${normalizedPath}`);
+    }
+  }
+}
+
+async function prepareWorkspace(source, target, runner, config, workspaceName, onLog) {
+  const workspaceRoot =
+    (target && target.workspaceRoot) || config.workspaceRoot || (target && target.kind === 'ssh' ? '/tmp/k3s-deployer' : path.join(require('node:os').tmpdir(), 'k3s-deployer'));
+  if (target && target.kind === 'ssh') {
+    return materializeRemoteGitSource(source, runner, workspaceRoot, workspaceName, {
+      onLog,
+    });
+  }
+  await ensureDir(workspaceRoot);
+  return materializeLocalSource(source, workspaceRoot, workspaceName);
+}
+
+async function buildUnitImage(plan, unit, workspacePath, runner, options = {}) {
+  const unitPath = unit.root === '.' ? workspacePath : path.posix.join(workspacePath, unit.root);
+  const dockerfilePath = path.posix.join(unitPath, 'Dockerfile');
+  const generatedDockerfilePath = path.posix.join(unitPath, 'Dockerfile.k3s-deployer');
+  const existingDockerfile = await runner.exists(dockerfilePath);
+  if (!existingDockerfile) {
+    await runner.writeFile(generatedDockerfilePath, createGeneratedDockerfile(unit));
+  }
+
+  const envFileEntries = unit.role === 'backend' ? plan.env.backend : plan.env.frontendPublic;
+  if (Object.keys(envFileEntries).length > 0) {
+    const envText = Object.entries(envFileEntries)
+      .map(([key, value]) => `${key}=${String(value).replace(/\n/g, '\\n')}`)
+      .join('\n');
+    await runner.writeFile(path.posix.join(unitPath, '.env.k3s-deployer'), envText);
+  }
+
+  const image = plan.resolved.units.find((resolvedUnit) => resolvedUnit.id === unit.id)?.image;
+  const buildArgs =
+    unit.role === 'frontend'
+      ? Object.entries(plan.env.frontendPublic)
+          .map(([key, value]) => `--build-arg ${shellQuote(`${key}=${value}`)}`)
+          .join(' ')
+      : '';
+  const imageArchivePath = path.posix.join(
+    unitPath,
+    `.k3s-deployer-${unit.id}-image.tar`,
+  );
+  const importCommand =
+    options.target && options.target.kind === 'ssh'
+      ? `sudo k3s ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || sudo ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || k3s ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || true`
+      : `k3s ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || sudo -n k3s ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || sudo -n ctr -n k8s.io images import ${shellQuote(imageArchivePath)} >/dev/null 2>&1 || true`;
+  const verifyImportCommand =
+    options.target && options.target.kind === 'ssh'
+      ? `sudo k3s ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1 || sudo ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1 || k3s ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1 || ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1`
+      : `k3s ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1 || ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1 || sudo -n k3s ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1 || sudo -n ctr -n k8s.io images list | grep -F ${shellQuote(image)} >/dev/null 2>&1`;
+
+  await runner.run(`docker build --provenance=false --sbom=false -t ${shellQuote(image)} ${buildArgs} -f ${shellQuote(existingDockerfile ? dockerfilePath : generatedDockerfilePath)} ${shellQuote(unitPath)}`, {
+    dryRun: options.dryRun,
+    onStdout: options.onLog,
+    onStderr: options.onLog,
+  });
+  await runner.run(`docker push ${shellQuote(image)}`, {
+    dryRun: options.dryRun,
+    onStdout: options.onLog,
+    onStderr: options.onLog,
+  });
+  await runner.run(`docker save -o ${shellQuote(imageArchivePath)} ${shellQuote(image)}`, {
+    dryRun: options.dryRun,
+    onStdout: options.onLog,
+    onStderr: options.onLog,
+  });
+  await runner.run(importCommand, {
+    dryRun: options.dryRun,
+    allowFailure: true,
+    onStdout: options.onLog,
+    onStderr: options.onLog,
+  });
+  const importVerification = await runner.run(verifyImportCommand, {
+    dryRun: options.dryRun,
+    allowFailure: true,
+  });
+  if (options.onLog && !options.dryRun) {
+    await options.onLog(
+      importVerification.code === 0
+        ? `Imported ${image} into k3s runtime`
+        : `Could not verify ${image} in k3s runtime; kubelet will use the registry path`,
+    );
+  }
+  await runner.run(`rm -f ${shellQuote(imageArchivePath)}`, {
+    dryRun: options.dryRun,
+    allowFailure: true,
+  });
+}
+
+function resolveUnitUrls(plan, target, overrides = {}) {
+  const host = deriveHostAddress(target);
+  const urls = {};
+  for (const unit of plan.resolved.units) {
+    if (!unit.public) {
+      urls[unit.id] = `http://${unit.name}.${plan.cluster.namespace}.svc.cluster.local:${unit.port || 3000}`;
+      continue;
+    }
+    urls[unit.id] = overrides.domain ? `https://${overrides.domain}` : `http://${host}:${unit.nodePort}`;
+  }
+  return urls;
+}
+
+async function syncCloudflareDns(plan, options, config, onLog) {
+  const domain = String(options.overrides?.domain || '').trim().toLowerCase();
+  if (!domain) {
+    return null;
+  }
+
+  const publicUnit = (plan.resolved?.units || []).find((unit) => unit.public);
+  if (!publicUnit) {
+    return null;
+  }
+
+  const dnsOptions = resolveCloudflareDnsOptions(config, options);
+  if (!dnsOptions.targetIp) {
+    await onLog(`Skipping Cloudflare DNS for ${domain}: target IP is not configured`);
+    return null;
+  }
+
+  if (!dnsOptions.apiToken && !(dnsOptions.apiKey && dnsOptions.email)) {
+    await onLog(`Skipping Cloudflare DNS for ${domain}: Cloudflare credentials are not configured`);
+    return null;
+  }
+
+  await onLog(
+    `${options.dryRun ? 'Would sync' : 'Syncing'} Cloudflare DNS for ${domain} -> ${dnsOptions.targetIp}`,
+  );
+
+  if (options.dryRun) {
+    return {
+      provider: 'cloudflare',
+      type: 'A',
+      domain,
+      targetIp: dnsOptions.targetIp,
+      proxied: Boolean(dnsOptions.proxied),
+    };
+  }
+
+  try {
+    const dnsRecord = await upsertCloudflareDnsRecord({
+      ...dnsOptions,
+      domain,
+    });
+    await onLog(`Cloudflare DNS synced for ${domain} -> ${dnsRecord.targetIp}`);
+    return dnsRecord;
+  } catch (error) {
+    const message =
+      error instanceof Error ? error.message : 'Cloudflare DNS sync failed';
+    await onLog(`Cloudflare DNS sync failed for ${domain}: ${message}`);
+    return null;
+  }
+}
+
+async function deploy(sourceOrPlan, options = {}, config = {}) {
+  const target = options.target || config.defaultTarget || { kind: 'local' };
+  const runner = await createRunner(target, config);
+  const source = sourceOrPlan && sourceOrPlan.inspection ? options.source : sourceOrPlan;
+  const plan =
+    sourceOrPlan && sourceOrPlan.inspection
+      ? sourceOrPlan
+      : await config.inspectAndPlan(source, options.overrides || {});
+
+  const releaseId = slugify(`${plan.inspection.projectSlug}-${Date.now().toString(36)}`);
+  const workspaceName = options.workspaceName || releaseId;
+  const logs = [];
+  const onLog = async (chunk) => {
+    if (!chunk) {
+      return;
+    }
+    const lines = String(chunk)
+      .split('\n')
+      .filter(Boolean);
+    for (const line of lines) {
+      logs.push(line);
+      if (options.onLog) {
+        await options.onLog(line);
+      }
+    }
+  };
+
+  await onLog(`Preparing deployment on ${target && target.kind === 'ssh' ? 'ssh' : 'local'} target`);
+  await ensureCluster(target, config, {
+    runner,
+    namespace: plan.cluster.namespace,
+    dryRun: options.dryRun,
+    onLog,
+  });
+
+  if (!source) {
+    throw new Error('A repository source is required for deployment');
+  }
+
+  await onLog(`Syncing repository workspace into ${workspaceName}`);
+  const workspacePath = await prepareWorkspace(
+    source,
+    target,
+    runner,
+    config,
+    workspaceName,
+    onLog,
+  );
+  await onLog(`Prepared workspace at ${workspacePath}`);
+  await applySupplementalFiles(
+    runner,
+    workspacePath,
+    options.supplementalFiles,
+    {
+      dryRun: options.dryRun,
+      onLog,
+    },
+  );
+
+  for (const unit of plan.inspection.units.filter((item) => item.role !== 'mobile')) {
+    await onLog(`Building image for ${unit.id}`);
+    await buildUnitImage(plan, unit, workspacePath, runner, {
+      dryRun: options.dryRun,
+      onLog,
+      target,
+    });
+  }
+
+  const manifestRoot = path.posix.join(workspacePath, '.k3s-deployer', 'manifests');
+  await onLog(`Writing manifests to ${manifestRoot}`);
+  await runner.run(`mkdir -p ${shellQuote(path.posix.join(manifestRoot, 'data'))} ${shellQuote(path.posix.join(manifestRoot, 'apps'))}`, {
+    dryRun: options.dryRun,
+  });
+  await writeManifestFiles(runner, path.posix.join(manifestRoot, 'data'), plan.manifests.data);
+  await writeManifestFiles(runner, path.posix.join(manifestRoot, 'apps'), plan.manifests.apps);
+  if (plan.manifests.data.length > 0) {
+    await runner.run(`kubectl apply -f ${shellQuote(path.posix.join(manifestRoot, 'data'))}`, {
+      dryRun: options.dryRun,
+      onStdout: onLog,
+      onStderr: onLog,
+    });
+  }
+  if (plan.manifests.apps.length > 0) {
+    await runner.run(`kubectl apply -f ${shellQuote(path.posix.join(manifestRoot, 'apps'))}`, {
+      dryRun: options.dryRun,
+      onStdout: onLog,
+      onStderr: onLog,
+    });
+  }
+
+  for (const unit of plan.resolved.units) {
+    await runner.run(`kubectl rollout restart deployment/${shellQuote(unit.name)} -n ${shellQuote(plan.cluster.namespace)}`, {
+      dryRun: options.dryRun,
+      allowFailure: true,
+      onStdout: onLog,
+      onStderr: onLog,
+    });
+    await runner.run(`kubectl rollout status deployment/${shellQuote(unit.name)} -n ${shellQuote(plan.cluster.namespace)} --timeout=300s`, {
+      dryRun: options.dryRun,
+      onStdout: onLog,
+      onStderr: onLog,
+    });
+  }
+
+  let mobilePreviewUrl;
+  let mobileArtifactPath;
+  let mobileApplicationId;
+  if (plan.mobile) {
+    const mobileUnit = plan.inspection.units.find((item) => item.role === 'mobile');
+    const artifactPath = await buildMobileUnit(plan, mobileUnit, runner, workspacePath, {
+      dryRun: options.dryRun,
+      onLog,
+      timeoutMs: config.mobileBuildTimeoutMs,
+    });
+    mobileArtifactPath = artifactPath;
+    mobileApplicationId = plan.mobile.applicationId;
+    if (config.mobilePreviewAdapter) {
+      const preview = await startMobilePreview(plan, config, { artifactPath, runner, onLog, workspacePath, overrides: options.overrides, cloudflareDns: resolveCloudflareDnsOptions(config, options) });
+      mobilePreviewUrl = preview.url;
+    }
+  }
+
+  const dnsRecord = await syncCloudflareDns(plan, options, config, onLog);
+
+  return {
+    releaseId,
+    unitUrls: resolveUnitUrls(plan, target, options.overrides || {}),
+    mobilePreviewUrl,
+    mobileArtifactPath,
+    mobileApplicationId,
+    dnsRecord,
+    logs,
+  };
+}
+
+module.exports = {
+  deploy,
+};

package/src/index.cjs

@@ -0,0 +1,67 @@
+const path = require('node:path');
+const os = require('node:os');
+const { inspectRepository } = require('./detect/index.cjs');
+const { createDeploymentPlan } = require('./plan/index.cjs');
+const { ensureCluster } = require('./bootstrap/index.cjs');
+const { deploy } = require('./execute/index.cjs');
+const { startMobilePreview } = require('./mobile/index.cjs');
+const { createWebAndroidEmulatorAdapter } = require('./mobile/web-android-emulator-adapter.cjs');
+
+function normalizeCloudflareDns(config = {}) {
+  if (!config || typeof config !== 'object') {
+    return undefined;
+  }
+
+  const normalized = {
+    apiToken: config.apiToken || undefined,
+    apiKey: config.apiKey || undefined,
+    email: config.email || undefined,
+    zoneId: config.zoneId || undefined,
+    targetIp: config.targetIp || undefined,
+    proxied:
+      typeof config.proxied === 'boolean' ? config.proxied : undefined,
+  };
+
+  return Object.values(normalized).some((value) => value !== undefined)
+    ? normalized
+    : undefined;
+}
+
+function normalizeConfig(config = {}) {
+  return {
+    workspaceRoot: config.workspaceRoot || path.join(os.tmpdir(), 'k3s-deployer'),
+    registryHost: config.registryHost || 'localhost:5000',
+    namespacePrefix: config.namespacePrefix || 'apps',
+    defaultTarget: config.defaultTarget || { kind: 'local' },
+    mobilePreviewAdapter: config.mobilePreviewAdapter,
+    runnerFactory: config.runnerFactory,
+    mobileBuildTimeoutMs:
+      config.mobileBuildTimeoutMs || 5 * 60 * 60 * 1000,
+    cloudflareDns: normalizeCloudflareDns(config.cloudflareDns),
+  };
+}
+
+function createK3sDeployer(inputConfig = {}) {
+  const config = normalizeConfig(inputConfig);
+  const inspect = (source, overrides) => inspectRepository(source, overrides, config);
+  const plan = async (source, overrides) => {
+    const inspection = await inspect(source, overrides);
+    return createDeploymentPlan(inspection, overrides, config);
+  };
+  return {
+    inspectRepository: inspect,
+    planDeployment: plan,
+    ensureCluster: (target) => ensureCluster(target || config.defaultTarget, config),
+    deploy: (sourceOrPlan, options = {}) =>
+      deploy(sourceOrPlan, options, {
+        ...config,
+        inspectAndPlan: (source, overrides) => plan(source, overrides),
+      }),
+    startMobilePreview: (deploymentPlan, options) => startMobilePreview(deploymentPlan, config, options),
+  };
+}
+
+module.exports = {
+  createK3sDeployer,
+  createWebAndroidEmulatorAdapter,
+};