pepr 0.38.2 → 0.39.0

package/dist/sdk/cosign.d.ts

@@ -0,0 +1,18 @@
+export declare enum MediaTypeDockerV2 {
+    Manifest = "application/vnd.docker.distribution.manifest.v2+json"
+}
+export declare enum MediaTypeOciV1 {
+    Manifest = "application/vnd.oci.image.manifest.v1+json",
+    Index = "application/vnd.oci.image.index.v1+json"
+}
+export declare function head(rawUrl: string, mediaType: string, optsParam?: Record<string, any>): Promise<any>;
+export declare function get(rawUrl: string, mediaType: string, optsParam?: Record<string, any>): Promise<any>;
+export declare function download(rawUrl: string, localPath: string, optsParam?: Record<string, any>): Promise<void>;
+/**
+ * Returns all containers in a pod
+ * @param {string} iref image reference
+ * @param {array} pubkeys list of paths to node crypto code signing pubkeys
+ * @returns {boolean} whether the iref was signed by a key in the pubkeys
+ */
+export declare function verifyImage(iref: string, pubkeys: string[], tlsCrts?: string[]): Promise<boolean>;
+//# sourceMappingURL=cosign.d.ts.map

package/dist/sdk/cosign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cosign.d.ts","sourceRoot":"","sources":["../../src/sdk/cosign.ts"],"names":[],"mappings":"AAWA,oBAAY,iBAAiB;IAC3B,QAAQ,yDAAyD;CAClE;AAED,oBAAY,cAAc;IACxB,QAAQ,+CAA+C;IACvD,KAAK,4CAA4C;CAClD;AAGD,wBAAsB,IAAI,CACxB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAM,GAClC,OAAO,CAAC,GAAG,CAAC,CAwCd;AAGD,wBAAsB,GAAG,CACvB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAM,GAClC,OAAO,CAAC,GAAG,CAAC,CAmDd;AAGD,wBAAsB,QAAQ,CAC5B,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAM,GAClC,OAAO,CAAC,IAAI,CAAC,CA8Cf;AAMD;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EAAE,EACjB,OAAO,CAAC,EAAE,MAAM,EAAE,GACjB,OAAO,CAAC,OAAO,CAAC,CAsIlB"}

package/dist/sdk/heredoc.d.ts

@@ -0,0 +1,2 @@
+export declare function heredoc(strings: TemplateStringsArray, ...values: string[]): string;
+//# sourceMappingURL=heredoc.d.ts.map

package/dist/sdk/heredoc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"heredoc.d.ts","sourceRoot":"","sources":["../../src/sdk/heredoc.ts"],"names":[],"mappings":"AAGA,wBAAgB,OAAO,CAAC,OAAO,EAAE,oBAAoB,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,UAgCzE"}

package/dist/sdk/sdk.d.ts

@@ -1,6 +1,5 @@
 import { PeprValidateRequest } from "../lib/validate-request";
 import { PeprMutateRequest } from "../lib/mutate-request";
-import { a } from "../lib";
 import { V1OwnerReference } from "@kubernetes/client-node";
 import { GenericKind } from "kubernetes-fluent-client";
 import { kind } from "kubernetes-fluent-client";
@@ -10,7 +9,7 @@ import { kind } from "kubernetes-fluent-client";
  * @param containerType the type of container to get
  * @returns the list of containers in the pod
  */
-export declare function containers(request: PeprValidateRequest<a.Pod> | PeprMutateRequest<a.Pod>, containerType?: "containers" | "initContainers" | "ephemeralContainers"): import("@kubernetes/client-node").V1Container[];
+export declare function containers(request: PeprValidateRequest<kind.Pod> | PeprMutateRequest<kind.Pod>, containerType?: "containers" | "initContainers" | "ephemeralContainers"): import("@kubernetes/client-node").V1Container[];
 /**
  * Write a K8s event for a CRD
  *

package/dist/sdk/sdk.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sdk.d.ts","sourceRoot":"","sources":["../../src/sdk/sdk.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,CAAC,EAAE,MAAM,QAAQ,CAAC;AAC3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAO,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGrD;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,mBAAmB,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,EAC9D,aAAa,CAAC,EAAE,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,mDAgBxE;AAED;;;;;;;;;GASG;AACH,wBAAsB,UAAU,CAC9B,EAAE,EAAE,WAAW,EACf,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,iBAwB1B;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,WAAW,EAC3B,kBAAkB,CAAC,EAAE,OAAO,EAC5B,UAAU,CAAC,EAAE,OAAO,GACnB,gBAAgB,EAAE,CAcpB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,UAYhD"}
+{"version":3,"file":"sdk.d.ts","sourceRoot":"","sources":["../../src/sdk/sdk.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAO,IAAI,EAAE,MAAM,0BAA0B,CAAC;AAGrD;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,OAAO,EAAE,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,EACpE,aAAa,CAAC,EAAE,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,mDAgBxE;AAED;;;;;;;;;GASG;AACH,wBAAsB,UAAU,CAC9B,EAAE,EAAE,WAAW,EACf,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAC9B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,iBAwB1B;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,cAAc,EAAE,WAAW,EAC3B,kBAAkB,CAAC,EAAE,OAAO,EAC5B,UAAU,CAAC,EAAE,OAAO,GACnB,gBAAgB,EAAE,CAcpB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,UAYhD"}

package/package.json

@@ -15,7 +15,7 @@
     "!src/**/*.test.ts",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.38.2",
+  "version": "0.39.0",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -26,7 +26,7 @@
     "build": "tsc && node build.mjs && npm pack",
     "build:image": "npm run build && docker buildx build --output type=docker --tag pepr:dev .",
     "test": "npm run test:unit && npm run test:journey",
-    "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage",
+    "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage --testPathIgnorePatterns='cosign.e2e.test.ts'",
     "test:journey": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run",
     "test:journey:prep": "if [ ! -d ./pepr-upgrade-test ]; then git clone https://github.com/defenseunicorns/pepr-upgrade-test.git ; fi",
     "test:journey-wasm": "npm run test:journey:k3d && npm run build && npm run test:journey:image && npm run test:journey:run-wasm",
@@ -43,12 +43,15 @@
     "@types/ramda": "0.30.2",
     "express": "4.21.1",
     "fast-json-patch": "3.1.1",
+    "follow-redirects": "1.15.9",
+    "http-status-codes": "^2.3.0",
     "json-pointer": "^0.6.2",
-    "kubernetes-fluent-client": "3.1.3",
+    "kubernetes-fluent-client": "3.3.0",
     "pino": "9.5.0",
     "pino-pretty": "11.3.0",
     "prom-client": "15.1.3",
-    "ramda": "0.30.1"
+    "ramda": "0.30.1",
+    "sigstore": "3.0.0"
   },
   "devDependencies": {
     "@commitlint/cli": "19.5.0",
@@ -57,18 +60,20 @@
     "@jest/globals": "29.7.0",
     "@types/eslint": "9.6.1",
     "@types/express": "5.0.0",
+    "@types/follow-redirects": "1.14.4",
     "@types/json-pointer": "^1.0.34",
     "@types/node": "22.x.x",
     "@types/node-forge": "1.3.11",
     "@types/uuid": "10.0.0",
     "fast-check": "^3.19.0",
+    "husky": "^9.1.6",
     "jest": "29.7.0",
     "js-yaml": "^4.1.0",
     "nock": "^13.5.4",
-    "ts-jest": "29.2.5",
-    "husky": "^9.1.6"
+    "ts-jest": "29.2.5"
   },
   "peerDependencies": {
+    "@types/prompts": "2.4.9",
     "@typescript-eslint/eslint-plugin": "7.18.0",
     "@typescript-eslint/parser": "7.18.0",
     "commander": "12.1.0",
@@ -76,7 +81,6 @@
     "eslint": "8.57.0",
     "node-forge": "1.3.1",
     "prettier": "3.3.3",
-    "@types/prompts": "2.4.9",
     "prompts": "2.4.2",
     "typescript": "5.3.3",
     "uuid": "10.0.0"

package/src/cli/build.helpers.ts

@@ -0,0 +1,28 @@
+/**
+ * Determine the RBAC mode based on the CLI options and the module's config
+ * @param opts CLI options
+ * @param cfg Module's config
+ * @returns The determined RBAC mode
+ * @example
+ * const opts = { rbacMode: "admin" };
+ * const cfg = { pepr: { rbacMode: "scoped" } };
+ * const result = determineRbacMode(opts, cfg);
+ * console.log(result); // "admin"
+ */
+export function determineRbacMode(
+  opts: { rbacMode?: string },
+  cfg: { pepr: { rbacMode?: string } },
+): string {
+  // CLI overrides the module's config
+  if (opts.rbacMode) {
+    return opts.rbacMode;
+  }
+
+  // if rbacMode is defined and not scoped, return admin
+  if (cfg.pepr.rbacMode && cfg.pepr.rbacMode !== "scoped") {
+    return "admin";
+  }
+
+  // if nothing is defined return admin, else return scoped
+  return cfg.pepr.rbacMode || "admin";
+}

package/src/cli/build.ts

@@ -13,7 +13,7 @@ import { peprFormat } from "./format";
 import { Option } from "commander";
 import { createDirectoryIfNotExists, validateCapabilityNames, parseTimeout } from "../lib/helpers";
 import { sanitizeResourceName } from "../sdk/sdk";
-
+import { determineRbacMode } from "./build.helpers";
 const peprTS = "pepr.ts";
 let outputDir: string = "dist";
 export type Reloader = (opts: BuildResult<BuildOptions>) => void | Promise<void>;
@@ -66,9 +66,9 @@ export default function (program: RootCmd) {
         .default("manifest"),
     )
     .addOption(
-      new Option("--rbac-mode [admin|scoped]", "Rbac Mode: admin, scoped (default: admin)")
-        .choices(["admin", "scoped"])
-        .default("admin"),
+      new Option("--rbac-mode [admin|scoped]", "Rbac Mode: admin, scoped (default: admin)").choices(
+        ["admin", "scoped"],
+      ),
     )
     .action(async opts => {
       // assign custom output directory if provided
@@ -81,113 +81,119 @@ export default function (program: RootCmd) {
       }
 
       // Build the module
-      const { cfg, path, uuid } = await buildModule(undefined, opts.entryPoint, opts.embed);
-
-      // Files to include in controller image for WASM support
-      const { includedFiles } = cfg.pepr;
-
-      let image: string = "";
+      const buildModuleResult = await buildModule(undefined, opts.entryPoint, opts.embed);
+      if (buildModuleResult?.cfg && buildModuleResult.path && buildModuleResult.uuid) {
+        const { cfg, path, uuid } = buildModuleResult;
+        // Files to include in controller image for WASM support
+        const { includedFiles } = cfg.pepr;
+
+        let image: string = "";
+
+        // Build Kubernetes manifests with custom image
+        if (opts.customImage) {
+          if (opts.registry) {
+            console.error(`Custom Image and registry cannot be used together.`);
+            process.exit(1);
+          }
+          image = opts.customImage;
+        }
 
-      // Build Kubernetes manifests with custom image
-      if (opts.customImage) {
-        if (opts.registry) {
-          console.error(`Custom Image and registry cannot be used together.`);
-          process.exit(1);
+        // Check if there is a custom timeout defined
+        if (opts.timeout !== undefined) {
+          cfg.pepr.webhookTimeout = opts.timeout;
         }
-        image = opts.customImage;
-      }
 
-      // Check if there is a custom timeout defined
-      if (opts.timeout !== undefined) {
-        cfg.pepr.webhookTimeout = opts.timeout;
-      }
+        if (opts.registryInfo !== undefined) {
+          console.info(`Including ${includedFiles.length} files in controller image.`);
 
-      if (opts.registryInfo !== undefined) {
-        console.info(`Including ${includedFiles.length} files in controller image.`);
+          // for journey test to make sure the image is built
+          image = `${opts.registryInfo}/custom-pepr-controller:${cfg.pepr.peprVersion}`;
 
-        // for journey test to make sure the image is built
-        image = `${opts.registryInfo}/custom-pepr-controller:${cfg.pepr.peprVersion}`;
+          // only actually build/push if there are files to include
+          if (includedFiles.length > 0) {
+            await createDockerfile(cfg.pepr.peprVersion, cfg.description, includedFiles);
+            execSync(`docker build --tag ${image} -f Dockerfile.controller .`, {
+              stdio: "inherit",
+            });
+            execSync(`docker push ${image}`, { stdio: "inherit" });
+          }
+        }
 
-        // only actually build/push if there are files to include
-        if (includedFiles.length > 0) {
-          await createDockerfile(cfg.pepr.peprVersion, cfg.description, includedFiles);
-          execSync(`docker build --tag ${image} -f Dockerfile.controller .`, { stdio: "inherit" });
-          execSync(`docker push ${image}`, { stdio: "inherit" });
+        // If building without embedding, exit after building
+        if (!opts.embed) {
+          console.info(`✅ Module built successfully at ${path}`);
+          return;
         }
-      }
 
-      // If building without embedding, exit after building
-      if (!opts.embed) {
-        console.info(`✅ Module built successfully at ${path}`);
-        return;
-      }
+        // set the image version if provided
+        if (opts.version) {
+          cfg.pepr.peprVersion = opts.version;
+        }
 
-      // set the image version if provided
-      if (opts.version) {
-        cfg.pepr.peprVersion = opts.version;
-      }
+        // Generate a secret for the module
+        const assets = new Assets(
+          {
+            ...cfg.pepr,
+            appVersion: cfg.version,
+            description: cfg.description,
+            // Can override the rbacMode with the CLI option
+            rbacMode: determineRbacMode(opts, cfg),
+          },
+          path,
+        );
 
-      // Generate a secret for the module
-      const assets = new Assets(
-        {
-          ...cfg.pepr,
-          appVersion: cfg.version,
-          description: cfg.description,
-        },
-        path,
-      );
+        // If registry is set to Iron Bank, use Iron Bank image
+        if (opts?.registry === "Iron Bank") {
+          console.info(
+            `\n\tThis command assumes the latest release. Pepr's Iron Bank image release cycle is dictated by renovate and is typically released a few days after the GitHub release.\n\tAs an alternative you may consider custom --custom-image to target a specific image and version.`,
+          );
+          image = `registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller:v${cfg.pepr.peprVersion}`;
+        }
 
-      // If registry is set to Iron Bank, use Iron Bank image
-      if (opts?.registry === "Iron Bank") {
-        console.info(
-          `\n\tThis command assumes the latest release. Pepr's Iron Bank image release cycle is dictated by renovate and is typically released a few days after the GitHub release.\n\tAs an alternative you may consider custom --custom-image to target a specific image and version.`,
-        );
-        image = `registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller:v${cfg.pepr.peprVersion}`;
-      }
+        // if image is a custom image, use that instead of the default
+        if (image !== "") {
+          assets.image = image;
+        }
 
-      // if image is a custom image, use that instead of the default
-      if (image !== "") {
-        assets.image = image;
-      }
+        // Ensure imagePullSecret is valid
+        if (opts.withPullSecret) {
+          if (sanitizeResourceName(opts.withPullSecret) !== opts.withPullSecret) {
+            // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
+            console.error(
+              "Invalid imagePullSecret. Please provide a valid name as defined in RFC 1123.",
+            );
+            process.exit(1);
+          }
+        }
 
-      // Ensure imagePullSecret is valid
-      if (opts.withPullSecret) {
-        if (sanitizeResourceName(opts.withPullSecret) !== opts.withPullSecret) {
-          // https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names
-          console.error(
-            "Invalid imagePullSecret. Please provide a valid name as defined in RFC 1123.",
-          );
+        const yamlFile = `pepr-module-${uuid}.yaml`;
+        const chartPath = `${uuid}-chart`;
+        const yamlPath = resolve(outputDir, yamlFile);
+        const yaml = await assets.allYaml(opts.withPullSecret);
+
+        try {
+          // wait for capabilities to be loaded and test names
+          validateCapabilityNames(assets.capabilities);
+        } catch (e) {
+          console.error(`Error loading capability:`, e);
           process.exit(1);
         }
-      }
 
-      const yamlFile = `pepr-module-${uuid}.yaml`;
-      const chartPath = `${uuid}-chart`;
-      const yamlPath = resolve(outputDir, yamlFile);
-      const yaml = await assets.allYaml(opts.rbacMode, opts.withPullSecret);
-
-      try {
-        // wait for capabilities to be loaded and test names
-        validateCapabilityNames(assets.capabilities);
-      } catch (e) {
-        console.error(`Error loading capability:`, e);
-        process.exit(1);
-      }
-
-      const zarfPath = resolve(outputDir, "zarf.yaml");
+        const zarfPath = resolve(outputDir, "zarf.yaml");
 
-      let zarf = "";
-      if (opts.zarf === "chart") {
-        zarf = assets.zarfYamlChart(chartPath);
-      } else {
-        zarf = assets.zarfYaml(yamlFile);
-      }
-      await fs.writeFile(yamlPath, yaml);
-      await fs.writeFile(zarfPath, zarf);
+        let zarf = "";
+        if (opts.zarf === "chart") {
+          zarf = assets.zarfYamlChart(chartPath);
+        } else {
+          zarf = assets.zarfYaml(yamlFile);
+        }
+        await fs.writeFile(yamlPath, yaml);
+        await fs.writeFile(zarfPath, zarf);
 
-      await assets.generateHelmChart(outputDir);
+        await assets.generateHelmChart(outputDir);
 
-      console.info(`✅ K8s resource for the module saved to ${yamlPath}`);
+        console.info(`✅ K8s resource for the module saved to ${yamlPath}`);
+      }
     });
 }
 
@@ -330,41 +336,38 @@ export async function buildModule(reloader?: Reloader, entryPoint = peprTS, embe
   } catch (e) {
     console.error(`Error building module:`, e);
 
-    if (e.stdout) {
-      const out = e.stdout.toString() as string;
-      const err = e.stderr.toString();
+    if (!e.stdout) process.exit(1); // Exit with a non-zero exit code on any other error
 
-      console.log(out);
-      console.error(err);
+    const out = e.stdout.toString() as string;
+    const err = e.stderr.toString();
 
-      // Check for version conflicts
-      if (out.includes("Types have separate declarations of a private property '_name'.")) {
-        // Try to find the conflicting package
-        const pgkErrMatch = /error TS2322: .*? 'import\("\/.*?\/node_modules\/(.*?)\/node_modules/g;
-        out.matchAll(pgkErrMatch);
+    console.log(out);
+    console.error(err);
 
-        // Look for package conflict errors
-        const conflicts = [...out.matchAll(pgkErrMatch)];
+    // Check for version conflicts
+    if (out.includes("Types have separate declarations of a private property '_name'.")) {
+      // Try to find the conflicting package
+      const pgkErrMatch = /error TS2322: .*? 'import\("\/.*?\/node_modules\/(.*?)\/node_modules/g;
+      out.matchAll(pgkErrMatch);
 
-        // If the regex didn't match, leave a generic error
-        if (conflicts.length < 1) {
-          console.info(
-            `\n\tOne or more imported Pepr Capabilities seem to be using an incompatible version of Pepr.\n\tTry updating your Pepr Capabilities to their latest versions.`,
-            "Version Conflict",
-          );
-        }
+      // Look for package conflict errors
+      const conflicts = [...out.matchAll(pgkErrMatch)];
 
-        // Otherwise, loop through each conflicting package and print an error
-        conflicts.forEach(match => {
-          console.info(
-            `\n\tPackage '${match[1]}' seems to be incompatible with your current version of Pepr.\n\tTry updating to the latest version.`,
-            "Version Conflict",
-          );
-        });
+      // If the regex didn't match, leave a generic error
+      if (conflicts.length < 1) {
+        console.info(
+          `\n\tOne or more imported Pepr Capabilities seem to be using an incompatible version of Pepr.\n\tTry updating your Pepr Capabilities to their latest versions.`,
+          "Version Conflict",
+        );
       }
-    }
 
-    // On any other error, exit with a non-zero exit code
-    process.exit(1);
+      // Otherwise, loop through each conflicting package and print an error
+      conflicts.forEach(match => {
+        console.info(
+          `\n\tPackage '${match[1]}' seems to be incompatible with your current version of Pepr.\n\tTry updating to the latest version.`,
+          "Version Conflict",
+        );
+      });
+    }
   }
 }

package/src/cli/deploy.ts

@@ -72,34 +72,37 @@ export default function (program: RootCmd) {
       }
 
       // Build the module
-      const { cfg, path } = await buildModule();
+      const buildModuleResult = await buildModule();
+      if (buildModuleResult?.cfg && buildModuleResult?.path) {
+        const { cfg, path } = buildModuleResult;
 
-      // Generate a secret for the module
-      const webhook = new Assets(
-        {
-          ...cfg.pepr,
-          description: cfg.description,
-        },
-        path,
-      );
+        // Generate a secret for the module
+        const webhook = new Assets(
+          {
+            ...cfg.pepr,
+            description: cfg.description,
+          },
+          path,
+        );
 
-      if (opts.image) {
-        webhook.image = opts.image;
-      }
+        if (opts.image) {
+          webhook.image = opts.image;
+        }
 
-      // Identify conf'd webhookTimeout to give to deploy call
-      const timeout = cfg.pepr.webhookTimeout ? cfg.pepr.webhookTimeout : 10;
+        // Identify conf'd webhookTimeout to give to deploy call
+        const timeout = cfg.pepr.webhookTimeout ? cfg.pepr.webhookTimeout : 10;
 
-      try {
-        await webhook.deploy(opts.force, timeout);
-        // wait for capabilities to be loaded and test names
-        validateCapabilityNames(webhook.capabilities);
-        // Wait for the pepr-system resources to be fully up
-        await namespaceDeploymentsReady();
-        console.info(`✅ Module deployed successfully`);
-      } catch (e) {
-        console.error(`Error deploying module:`, e);
-        process.exit(1);
+        try {
+          await webhook.deploy(opts.force, timeout);
+          // wait for capabilities to be loaded and test names
+          validateCapabilityNames(webhook.capabilities);
+          // Wait for the pepr-system resources to be fully up
+          await namespaceDeploymentsReady();
+          console.info(`✅ Module deployed successfully`);
+        } catch (e) {
+          console.error(`Error deploying module:`, e);
+          process.exit(1);
+        }
       }
     });
 }

package/src/cli/dev.ts

@@ -9,7 +9,7 @@ import { Assets } from "../lib/assets";
 import { buildModule, loadModule } from "./build";
 import { RootCmd } from "./root";
 import { K8s, kind } from "kubernetes-fluent-client";
-import { PeprStore } from "../lib/k8s";
+import { Store } from "../lib/k8s";
 export default function (program: RootCmd) {
   program
     .command("dev")
@@ -86,8 +86,8 @@ export default function (program: RootCmd) {
             await Promise.all([
               K8s(kind.MutatingWebhookConfiguration).Delete(name),
               K8s(kind.ValidatingWebhookConfiguration).Delete(name),
-              K8s(PeprStore).InNamespace("pepr-system").Delete(scheduleStore),
-              K8s(PeprStore).InNamespace("pepr-system").Delete(store),
+              K8s(Store).InNamespace("pepr-system").Delete(scheduleStore),
+              K8s(Store).InNamespace("pepr-system").Delete(store),
             ]);
           });
 

package/src/cli/format.ts

@@ -63,13 +63,10 @@ export async function peprFormat(validateOnly: boolean) {
         const formatted = await format(content, { filepath: filePath, ...cfg });
 
         // If in validate-only mode, check if the file is formatted correctly
-        if (validateOnly) {
-          if (formatted !== content) {
-            hasFailure = true;
-            console.error(`File ${filePath} is not formatted correctly`);
-          }
+        if (validateOnly && formatted !== content) {
+          hasFailure = true;
+          console.error(`File ${filePath} is not formatted correctly`);
         } else {
-          // Otherwise, write the formatted file
           await fs.writeFile(filePath, formatted);
         }
       }

package/src/cli/init/index.ts

@@ -74,25 +74,7 @@ export default function (program: RootCmd) {
           await write(resolve(dirName, "capabilities", helloPepr.path), helloPepr.data);
 
           if (!opts.skipPostInit) {
-            // run npm install from the new directory
-            process.chdir(dirName);
-            execSync("npm install", {
-              stdio: "inherit",
-            });
-
-            // setup git
-            execSync("git init --initial-branch=main", {
-              stdio: "inherit",
-            });
-
-            // try to open vscode
-            try {
-              execSync("code .", {
-                stdio: "inherit",
-              });
-            } catch (e) {
-              // vscode not found, do nothing
-            }
+            doPostInitActions(dirName);
           }
 
           console.log(`New Pepr module created at ${dirName}`);
@@ -106,3 +88,25 @@ export default function (program: RootCmd) {
       }
     });
 }
+
+const doPostInitActions = (dirName: string): void => {
+  // run npm install from the new directory
+  process.chdir(dirName);
+  execSync("npm install", {
+    stdio: "inherit",
+  });
+
+  // setup git
+  execSync("git init --initial-branch=main", {
+    stdio: "inherit",
+  });
+
+  // try to open vscode
+  try {
+    execSync("code .", {
+      stdio: "inherit",
+    });
+  } catch (e) {
+    // vscode not found, do nothing
+  }
+};