npm - openpalm - Versions diffs - 0.9.9 → 0.9.10 - Mend

openpalm 0.9.9 → 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "openpalm",
-  "version": "0.9.9",
+  "version": "0.9.10",
   "type": "module",
   "license": "MPL-2.0",
   "description": "OpenPalm CLI — install and manage a self-hosted OpenPalm stack",
@@ -26,7 +26,7 @@
     "build:windows-arm64": "bun build src/main.ts --compile --target=bun-windows-arm64 --outfile dist/openpalm-cli-windows-arm64.exe"
   },
   "dependencies": {
-    "@openpalm/lib": "0.9.6",
+    "@openpalm/lib": ">=0.9.8 <1.0.0",
     "citty": "^0.2.1"
   }
 }

package/src/commands/install.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import { join } from 'node:path';
 import { rm } from 'node:fs/promises';
 import cliPkg from '../../package.json' with { type: 'json' };
 import { defaultConfigHome, defaultDataHome, defaultStateHome, defaultWorkDir } from '../lib/paths.ts';
-import { ensureSecrets, ensureStackEnv } from '../lib/env.ts';
+import { ensureSecrets, ensureStackEnv, resolveRequestedImageTag } from '../lib/env.ts';
 import { ensureDirectoryTree, fetchAsset, runDockerCompose, openBrowser } from '../lib/docker.ts';
 import {
   ensureOpenCodeConfig, ensureOpenCodeSystemConfig, ensureAdminOpenCodeConfig, FilesystemAssetProvider,
@@ -16,9 +16,31 @@ import { ensureStagedState, fullComposeArgs, buildManagedServiceNames } from '..
 import { createSetupServer } from '../setup-wizard/server.ts';
 import { buildInstallServiceNames, buildDeployStatusEntries } from './install-services.ts';
-const DEFAULT_INSTALL_REF = 'main';
 const SETUP_WIZARD_PORT = Number(process.env.OPENPALM_SETUP_PORT) || 8100;
+const REPO_OWNER = 'itlackey';
+const REPO_NAME = 'openpalm';
+/**
+ * Resolves the latest release tag from GitHub. Falls back to the CLI package
+ * version (prefixed with 'v') so the install never silently defaults to 'main'
+ * which produces an un-pinned 'latest' image tag.
+ */
+async function resolveDefaultInstallRef(): Promise<string> {
+  try {
+    const res = await fetch(
+      `https://github.com/${REPO_OWNER}/${REPO_NAME}/releases/latest`,
+      { redirect: 'manual', signal: AbortSignal.timeout(10000) },
+    );
+    const location = res.headers.get('location') ?? '';
+    const match = location.match(/\/tag\/(v[0-9]+\.[0-9]+\.[0-9]+[^\s]*)$/);
+    if (match?.[1]) return match[1];
+  } catch {
+    // Network error — fall through to package version
+  }
+  return cliPkg.version ? `v${cliPkg.version}` : 'main';
+}
 export default defineCommand({
   meta: {
     name: 'install',
@@ -32,8 +54,7 @@ export default defineCommand({
     },
     version: {
       type: 'string',
-      description: 'Install specific repository ref (default: main)',
-      default: DEFAULT_INSTALL_REF,
+      description: 'Install specific repository ref (default: latest release)',
     },
     start: {
       type: 'boolean',
@@ -52,9 +73,10 @@ export default defineCommand({
     },
   },
   async run({ args }) {
+    const version = args.version || await resolveDefaultInstallRef();
     await bootstrapInstall({
       force: args.force,
-      version: args.version,
+      version,
       noStart: !args.start,
       noOpen: !args.open,
       file: args.file,
@@ -147,7 +169,10 @@ export async function bootstrapInstall(options: InstallOptions): Promise<void> {
   );
   await ensureSecrets(configHome);
-  await ensureStackEnv(configHome, dataHome, stateHome, workDir, options.version);
+  // Derive the image tag from the resolved version so that stale or
+  // architecture-suffixed OPENPALM_IMAGE_TAG env vars don't leak in.
+  const imageTag = resolveRequestedImageTag(options.version) ?? undefined;
+  await ensureStackEnv(configHome, dataHome, stateHome, workDir, options.version, imageTag);
   // Seed OpenCode config — non-fatal since performSetup() also seeds these
   try {
     const fsAssets = new FilesystemAssetProvider(dataHome);

package/src/lib/env.ts CHANGED Viewed

@@ -96,6 +96,11 @@ export MEMORY_AUTH_TOKEN=${randomBytes(32).toString('hex')}
 /**
  * Creates or updates the stack.env bootstrap file.
+ *
+ * When `imageTagOverride` is provided (e.g. derived from --version during
+ * install), it takes precedence over both the OPENPALM_IMAGE_TAG env var
+ * and the repo-ref heuristic. This prevents stale or architecture-suffixed
+ * env vars (e.g. "latest-arm64") from leaking into the stack.
  */
 export async function ensureStackEnv(
   configHome: string,
@@ -103,10 +108,11 @@ export async function ensureStackEnv(
   stateHome: string,
   workDir: string,
   repoRef: string,
+  imageTagOverride?: string,
 ): Promise<void> {
   const dataStackEnv = join(dataHome, 'stack.env');
   const stagedStackEnv = join(stateHome, 'artifacts', 'stack.env');
-  const explicitImageTag = process.env.OPENPALM_IMAGE_TAG;
+  const explicitImageTag = imageTagOverride ?? process.env.OPENPALM_IMAGE_TAG;
   const hasExplicitImageTag = explicitImageTag !== undefined && explicitImageTag !== '';
   if (!(await Bun.file(dataStackEnv).exists())) {
     const defaultImageTag = hasExplicitImageTag

package/src/main.test.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import { afterEach, describe, expect, it, mock } from 'bun:test';
-import { existsSync, mkdirSync, writeFileSync, chmodSync, mkdtempSync, readFileSync, rmSync } from 'node:fs';
+import { existsSync, mkdirSync, writeFileSync, chmodSync, mkdtempSync, readFileSync, readdirSync, rmSync } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { detectHostInfo, main, reconcileStackEnvImageTag, resolveRequestedImageTag, upsertEnvValue } from './main.ts';
 // Helpers to mock Bun.spawn and Bun.which for tests that would otherwise
@@ -151,7 +152,7 @@ describe('cli main', () => {
     }
   });
-  it('uses main as the default install ref for bootstrap asset downloads', async () => {
+  it('resolves version-pinned install ref (falls back to CLI package version)', async () => {
     const base = mkdtempSync(join(tmpdir(), 'openpalm-install-'));
     const configHome = join(base, 'config');
     const dataHome = join(base, 'data');
@@ -169,6 +170,12 @@ describe('cli main', () => {
     process.env.OPENPALM_STATE_HOME = stateHome;
     process.env.OPENPALM_WORK_DIR = workDir;
+    // Read the CLI package version to verify pinning behaviour
+    const cliPkg = JSON.parse(
+      readFileSync(new URL('../package.json', import.meta.url), 'utf8'),
+    ) as { version: string };
+    const expectedRef = `v${cliPkg.version}`;
     mockDockerCli();
     globalThis.fetch = mock(async (input: string | URL) => {
       const url = String(input);
@@ -176,13 +183,14 @@ describe('cli main', () => {
       if (url.endsWith('/health')) {
         throw new TypeError('fetch failed');
       }
-      if (url.includes('/main/assets/docker-compose.yml')) {
+      // Respond to version-pinned asset URLs
+      if (url.includes('/docker-compose.yml')) {
         return new Response('services: {}\n', { status: 200 });
       }
-      if (url.includes('/main/assets/Caddyfile')) {
+      if (url.includes('/Caddyfile')) {
         return new Response(':80 {\n}\n', { status: 200 });
       }
-      if (url.includes('/main/assets/secrets.env.schema') || url.includes('/main/assets/stack.env.schema')) {
+      if (url.includes('/secrets.env.schema') || url.includes('/stack.env.schema')) {
         return new Response('KEY=string\n', { status: 200 });
       }
       return new Response('', { status: 503 });
@@ -193,12 +201,15 @@ describe('cli main', () => {
     try {
       await main(['install', '--no-start', '--force', '--no-open']);
-      expect(fetchedUrls).toContain(
-        'https://raw.githubusercontent.com/itlackey/openpalm/main/assets/docker-compose.yml',
-      );
-      expect(fetchedUrls).toContain(
-        'https://raw.githubusercontent.com/itlackey/openpalm/main/assets/Caddyfile',
-      );
+      // Verify that assets were fetched using the version-pinned ref, not 'main'
+      const composeUrl = fetchedUrls.find((u) => u.includes('/docker-compose.yml'));
+      expect(composeUrl).toBeDefined();
+      expect(composeUrl).toContain(expectedRef);
+      expect(composeUrl).not.toContain('/main/');
+      const caddyUrl = fetchedUrls.find((u) => u.includes('/Caddyfile'));
+      expect(caddyUrl).toBeDefined();
+      expect(caddyUrl).toContain(expectedRef);
     } finally {
       rmSync(base, { recursive: true, force: true });
     }
@@ -219,6 +230,65 @@ describe('npm bin launcher', () => {
     expect(launcher.startsWith('#!/usr/bin/env bun\n')).toBe(true);
   });
+  it('packs a real semver range for @openpalm/lib so published installs can resolve the latest compatible lib', {
+    timeout: 15000,
+  }, () => {
+    const cliPkg = JSON.parse(
+      readFileSync(new URL('../package.json', import.meta.url), 'utf8'),
+    ) as {
+      dependencies?: Record<string, string>;
+    };
+    const libPkg = JSON.parse(
+      readFileSync(new URL('../../lib/package.json', import.meta.url), 'utf8'),
+    ) as {
+      version: string;
+    };
+    const versionMatch = libPkg.version.match(/^(\d+)\.\d+\.\d+(?:-.+)?$/);
+    if (!versionMatch) throw new Error(`Unexpected lib version format: ${libPkg.version}`);
+    const libMajor = Number.parseInt(versionMatch[1], 10);
+    const expectedRange = `>=${libPkg.version} <${libMajor + 1}.0.0`;
+    expect(cliPkg.dependencies?.['@openpalm/lib']).toBe(expectedRange);
+    const packageDir = fileURLToPath(new URL('../', import.meta.url));
+    const packDir = mkdtempSync(join(tmpdir(), 'openpalm-cli-pack-'));
+    try {
+      const pack = Bun.spawnSync(
+        [process.execPath, 'pm', 'pack', '--destination', packDir, '--quiet'],
+        {
+          cwd: packageDir,
+          stdout: 'pipe',
+          stderr: 'pipe',
+        },
+      );
+      expect(pack.exitCode).toBe(0);
+      const tarball = readdirSync(packDir).find((name) => name.endsWith('.tgz'));
+      if (!tarball) throw new Error('Expected bun pm pack to produce a tarball');
+      const extract = Bun.spawnSync(
+        ['tar', '-xOf', join(packDir, tarball), 'package/package.json'],
+        {
+          stdout: 'pipe',
+          stderr: 'pipe',
+        },
+      );
+      expect(extract.exitCode).toBe(0);
+      const packedPkg = JSON.parse(new TextDecoder().decode(extract.stdout)) as {
+        dependencies?: Record<string, string>;
+      };
+      expect(packedPkg.dependencies?.['@openpalm/lib']).toBe(expectedRange);
+    } finally {
+      rmSync(packDir, { recursive: true, force: true });
+    }
+  });
 });
 describe('validate command', () => {