pepr 0.50.0 → 0.51.0-nightly.1

package/package.json

@@ -17,7 +17,7 @@
     "!dist/**/*.test.d.ts*",
     "!src/cli/docs/**"
   ],
-  "version": "0.50.0",
+  "version": "0.51.0-nightly.1",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -45,24 +45,25 @@
     "test:journey:unicorn": "npm run test:journey:k3d && npm run test:journey:image:unicorn && npm run test:journey:run",
     "test:journey:upgrade": "npm run test:journey:k3d && npm run test:journey:image && jest --detectOpenHandles journey/pepr-upgrade.test.ts",
     "test:unit": "npm run gen-data-json && jest src --coverage --detectOpenHandles --coverageDirectory=./coverage --testPathIgnorePatterns=\"build-artifact.test.ts|src/cli/docs/.*\\.test\\.ts\"",
-    "format:check": "eslint src && prettier --config .prettierrc src --check",
-    "format:fix": "eslint src --fix && prettier --config .prettierrc src --write",
+    "format:check": "eslint --ignore-pattern src/templates/eslint.config.mjs  src && prettier --config .prettierrc src --check",
+    "format:fix": "eslint --fix --ignore-pattern src/templates/eslint.config.mjs  src && prettier --config .prettierrc src --write",
     "prepare": "if [ \"$NODE_ENV\" != 'production' ]; then husky; fi"
   },
   "dependencies": {
     "@types/ramda": "0.30.2",
+    "commander": "14.0.0",
     "express": "5.1.0",
     "fast-json-patch": "3.1.1",
     "heredoc": "^1.3.1",
     "http-status-codes": "^2.3.0",
     "json-pointer": "^0.6.2",
-    "kubernetes-fluent-client": "3.5.3",
-    "pino": "9.6.0",
+    "kubernetes-fluent-client": "3.5.5",
+    "pino": "9.7.0",
     "pino-pretty": "13.0.0",
     "prom-client": "15.1.3",
     "ramda": "0.30.1",
     "sigstore": "3.1.0",
-    "ts-morph": "^25.0.1"
+    "ts-morph": "^26.0.0"
   },
   "devDependencies": {
     "@commitlint/cli": "19.8.1",
@@ -70,7 +71,7 @@
     "@fast-check/jest": "^2.0.1",
     "@jest/globals": "29.7.0",
     "@types/eslint": "9.6.1",
-    "@types/express": "5.0.1",
+    "@types/express": "5.0.2",
     "@types/json-pointer": "^1.0.34",
     "@types/node": "22.x.x",
     "@types/node-forge": "1.3.11",
@@ -81,7 +82,7 @@
     "jest": "29.7.0",
     "js-yaml": "^4.1.0",
     "shellcheck": "^3.0.0",
-    "ts-jest": "29.3.2",
+    "ts-jest": "29.3.4",
     "undici": "^7.0.1"
   },
   "overrides": {
@@ -89,15 +90,14 @@
   },
   "peerDependencies": {
     "@types/prompts": "2.4.9",
-    "@typescript-eslint/eslint-plugin": "8.23.0",
-    "@typescript-eslint/parser": "8.23.0",
-    "commander": "13.1.0",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
+    "@typescript-eslint/parser": "8.32.1",
     "esbuild": "0.25.0",
-    "eslint": "8.57.0",
+    "eslint": "^9.26.0",
     "node-forge": "1.3.1",
-    "prettier": "3.4.2",
+    "prettier": "3.5.3",
     "prompts": "2.4.2",
-    "typescript": "5.7.3",
-    "uuid": "11.0.5"
+    "typescript": "5.8.3",
+    "uuid": "11.1.0"
   }
-}
+}

package/src/cli/deploy.ts

@@ -2,7 +2,7 @@
 // SPDX-FileCopyrightText: 2023-Present The Pepr Authors
 
 import prompt from "prompts";
-
+import { CapabilityExport } from "../lib/types";
 import { Assets } from "../lib/assets/assets";
 import { ImagePullSecret } from "../lib/types";
 import { RootCmd } from "./root";
@@ -109,13 +109,7 @@ async function buildAndDeployModule(image: string, force: boolean): Promise<void
   webhook.image = image ?? webhook.image;
   const capabilities = await loadCapabilities(webhook.path);
   for (const capability of capabilities) {
-    namespaceComplianceValidator(capability, webhook.alwaysIgnore?.namespaces);
-    namespaceComplianceValidator(
-      capability,
-      webhook.config.admission?.alwaysIgnore?.namespaces,
-      false,
-    );
-    namespaceComplianceValidator(capability, webhook.config.watch?.alwaysIgnore?.namespaces, true);
+    validateNamespaces(capability, webhook);
   }
   try {
     await webhook.deploy(deployWebhook, force, builtModule.cfg.pepr.webhookTimeout ?? 10);
@@ -163,3 +157,13 @@ export default function (program: RootCmd): void {
       await buildAndDeployModule(opts.image, opts.force);
     });
 }
+
+export function validateNamespaces(capability: CapabilityExport, webhook: Assets): void {
+  namespaceComplianceValidator(capability, webhook.alwaysIgnore?.namespaces);
+  namespaceComplianceValidator(
+    capability,
+    webhook.config.admission?.alwaysIgnore?.namespaces,
+    false,
+  );
+  namespaceComplianceValidator(capability, webhook.config.watch?.alwaysIgnore?.namespaces, true);
+}

package/src/cli/dev.ts

@@ -29,7 +29,8 @@ export default function (program: RootCmd): void {
 
         // Exit if the user doesn't confirm
         if (!confirm.confirm) {
-          process.exit(0);
+          process.exitCode = 0;
+          return;
         }
       }
 
@@ -67,8 +68,10 @@ export default function (program: RootCmd): void {
           try {
             // wait for capabilities to be loaded and test names
             validateCapabilityNames(webhook.capabilities);
-          } catch (e) {
-            console.error(`Error validating capability names:`, e);
+          } catch (error) {
+            console.error(
+              `CapabilityValidation Error - Unable to valide capability name(s) in: '${webhook.capabilities.map(item => item.name)}'\n${error}`,
+            );
             process.exit(1);
           }
 

package/src/cli/init/templates.ts

@@ -4,8 +4,9 @@
 import { dumpYaml } from "@kubernetes/client-node";
 import { inspect } from "util";
 import { v4 as uuidv4 } from "uuid";
+import { readFileSync } from "fs";
+import path from "path";
 
-import eslintJSON from "../../templates/.eslintrc.template.json";
 import peprSnippetsJSON from "../../templates/pepr.code-snippets.json";
 import prettierJSON from "../../templates/.prettierrc.json";
 import samplesJSON from "../../templates/capabilities/hello-pepr.samples.json";
@@ -67,7 +68,7 @@ export function genPkgJSON(opts: InitOptions, pgkVerOverride?: string): peprPack
     description: opts.description,
     keywords: ["pepr", "k8s", "policy-engine", "pepr-module", "security"],
     engines: {
-      node: ">=18.0.0",
+      node: ">=20.0.0",
     },
     pepr: {
       uuid: pgkVerOverride ? "static-test" : uuid,
@@ -159,6 +160,19 @@ export const prettier = {
 };
 
 export const eslint = {
-  path: ".eslintrc.json",
-  data: eslintJSON,
+  path: "eslint.config.mjs",
+  data: readFileSync(
+    path.resolve(
+      ((): string => {
+        const fullPath = __dirname;
+        const lengthOfSuffix = "pepr/".length;
+        // Find the last occurrence of "pepr/"
+        const lastPeprIndex = fullPath.lastIndexOf("pepr/");
+        // Return the path up to and including the last "pepr/"
+        return fullPath.substring(0, lastPeprIndex + lengthOfSuffix);
+      })(),
+      "src/templates/eslint.config.mjs",
+    ),
+    "utf-8",
+  ),
 };

package/src/cli/update/index.ts

@@ -16,6 +16,7 @@ import {
 } from "../init/templates";
 import { write } from "../init/utils";
 import { RootCmd } from "../root";
+
 export default function (program: RootCmd): void {
   program
     .command("update")
@@ -40,33 +41,6 @@ export default function (program: RootCmd): void {
       console.log("Updating the Pepr module...");
 
       try {
-        // Check if eslint v8 is a project dependency and warn about future upgrade
-        let packageLockContent = "";
-        let foundPackageLock = false;
-
-        try {
-          // Try to find package-lock.json in the current directory
-          if (fs.existsSync("./package-lock.json")) {
-            packageLockContent = fs.readFileSync("./package-lock.json", "utf-8");
-            foundPackageLock = true;
-          }
-        } catch {
-          // Ignore errors and continue with installation
-        }
-
-        // If we found the package-lock.json and could read it, check for eslint v8
-        if (foundPackageLock && packageLockContent) {
-          // Look for eslint version 8.x.x pattern in the file content
-          if (
-            packageLockContent.indexOf('"eslint":') >= 0 &&
-            packageLockContent.match(/"eslint":\s*"[~^]?8\.[0-9]+\.[0-9]+"/)
-          ) {
-            console.warn(
-              "\nWarning: This Pepr module uses ESLint v8. Pepr will be upgraded to use v9 in a future release.\nSee eslint@9.0.0 release notes for more details: https://eslint.org/blog/2024/04/eslint-v9.0.0-released/",
-            );
-          }
-        }
-
         // Update Pepr for the module
         execSync("npm install pepr@latest", {
           stdio: "inherit",
@@ -82,7 +56,7 @@ export default function (program: RootCmd): void {
         console.log(`✅ Module updated successfully`);
       } catch (e) {
         console.error(`Error updating Pepr module:`, e);
-        process.exit(1);
+        process.exitCode = 1;
       }
     });
 
@@ -113,9 +87,10 @@ export default function (program: RootCmd): void {
             await write(tsPath, helloPepr.data);
           }
         }
+        throw new Error("another error, for testing");
       } catch (e) {
         console.error(`Error updating template files:`, e);
-        process.exit(1);
+        process.exitCode = 1;
       }
     });
 }

package/src/lib/core/capability.ts

@@ -249,9 +249,9 @@ export class Capability implements CapabilityExport {
           ...binding,
           isValidate: true,
           validateCallback: async (req, logger = aliasLogger) => {
-            Log.info(
-              `Executing validate action with alias: ${binding.alias || "no alias provided"}`,
-            );
+            if (binding.alias) {
+              Log.info(`Executing validate action with alias: ${binding.alias}`);
+            }
             return await validateCallback(req, logger);
           },
         });
@@ -273,9 +273,9 @@ export class Capability implements CapabilityExport {
           ...binding,
           isMutate: true,
           mutateCallback: async (req, logger = aliasLogger) => {
-            Log.info(
-              `Executing mutation action with alias: ${binding.alias || "no alias provided"}`,
-            );
+            if (binding.alias) {
+              Log.info(`Executing mutation action with alias: ${binding.alias}`);
+            }
             await mutateCallback(req, logger);
           },
         });
@@ -300,7 +300,9 @@ export class Capability implements CapabilityExport {
           ...binding,
           isWatch: true,
           watchCallback: async (update, phase, logger = aliasLogger) => {
-            Log.info(`Executing watch action with alias: ${binding.alias || "no alias provided"}`);
+            if (binding.alias) {
+              Log.info(`Executing watch action with alias: ${binding.alias}`);
+            }
             await watchCallback(update, phase, logger);
           },
         });
@@ -324,9 +326,9 @@ export class Capability implements CapabilityExport {
           isWatch: true,
           isQueue: true,
           watchCallback: async (update, phase, logger = aliasLogger) => {
-            Log.info(
-              `Executing reconcile action with alias: ${binding.alias || "no alias provided"}`,
-            );
+            if (binding.alias) {
+              Log.info(`Executing reconcile action with alias: ${binding.alias}`);
+            }
             await reconcileCallback(update, phase, logger);
           },
         });
@@ -363,9 +365,9 @@ export class Capability implements CapabilityExport {
             update: InstanceType<T>,
             logger = aliasLogger,
           ): Promise<boolean | void> => {
-            Log.info(
-              `Executing finalize action with alias: ${binding.alias || "no alias provided"}`,
-            );
+            if (binding.alias) {
+              Log.info(`Executing finalize action with alias: ${binding.alias}`);
+            }
             return await finalizeCallback(update, logger);
           },
         };

package/src/lib/deploymentChecks.ts

@@ -3,29 +3,38 @@
 import { K8s, kind } from "kubernetes-fluent-client";
 import Log from "./telemetry/logger";
 
-// returns true if all deployments are ready, false otherwise
+/**
+ * Checks whether all deployments in the specified Kubernetes namespace are fully rolled out.
+ *
+ * A deployment is considered ready when the number of `readyReplicas` equals the desired `replicas`.
+ * Logs the rollout status of each deployment.
+ *
+ * @param {string} namespace - The Kubernetes namespace to check.
+ * @returns {Promise<boolean>} - `true` if all deployments are ready, otherwise `false`.
+ */
 export async function checkDeploymentStatus(namespace: string): Promise<boolean> {
   const deployments = await K8s(kind.Deployment).InNamespace(namespace).Get();
-  let status = false;
-  let readyCount = 0;
+
+  let allReady = true;
 
   for (const deployment of deployments.items) {
-    const readyReplicas = deployment.status?.readyReplicas ? deployment.status?.readyReplicas : 0;
-    if (deployment.status?.readyReplicas !== deployment.spec?.replicas) {
+    const name = deployment.metadata?.name ?? "unknown";
+    const specReplicas = deployment.spec?.replicas ?? 0;
+    const readyReplicas = deployment.status?.readyReplicas ?? 0;
+
+    if (readyReplicas !== specReplicas) {
       Log.info(
-        `Waiting for deployment ${deployment.metadata?.name} rollout to finish: ${readyReplicas} of ${deployment.spec?.replicas} replicas are available`,
+        `Waiting for deployment ${name} rollout to finish: ${readyReplicas} of ${specReplicas} replicas are available`,
       );
+      allReady = false;
     } else {
       Log.info(
-        `Deployment ${deployment.metadata?.name} rolled out: ${readyReplicas} of ${deployment.spec?.replicas} replicas are available`,
+        `Deployment ${name} rolled out: ${readyReplicas} of ${specReplicas} replicas are available`,
       );
-      readyCount++;
     }
   }
-  if (readyCount === deployments.items.length) {
-    status = true;
-  }
-  return status;
+
+  return allReady;
 }
 
 // wait for all deployments in the pepr-system namespace to be ready

package/src/templates/capabilities/hello-pepr.ts

@@ -211,7 +211,7 @@ When(a.ConfigMap)
 When(a.ConfigMap).IsCreated().WithName("example-4").Mutate(example4Cb);
 
 // This function uses the complete type definition, but is not required.
-function example4Cb(cm: PeprMutateRequest<a.ConfigMap>) {
+function example4Cb(cm: PeprMutateRequest<a.ConfigMap>): void {
   cm.SetLabel("pepr.dev/first", "true");
   cm.SetLabel("pepr.dev/second", "true");
   cm.SetLabel("pepr.dev/third", "true");

package/src/templates/eslint.config.mjs

@@ -0,0 +1,45 @@
+import typescriptEslint from "@typescript-eslint/eslint-plugin";
+import tsParser from "@typescript-eslint/parser";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import js from "@eslint/js";
+import { FlatCompat } from "@eslint/eslintrc";
+import globals from "globals";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+});
+
+export default [
+  {
+    ignores: ["**/node_modules", "**/dist"],
+  },
+  ...compat.extends("eslint:recommended", "plugin:@typescript-eslint/recommended"),
+  {
+    plugins: {
+      "@typescript-eslint": typescriptEslint,
+    },
+
+    languageOptions: {
+      parser: tsParser,
+      parserOptions: {
+        projectService: {
+          allowDefaultProject: ["eslint.config.mjs"],
+        },
+        tsconfigRootDir: __dirname,
+        sourceType: "module",
+      },
+      globals: {
+        ...globals.node,
+      },
+    },
+
+    rules: {
+      "@typescript-eslint/no-floating-promises": "error",
+    },
+  },
+];

package/src/templates/.eslintrc.json

@@ -1,6 +0,0 @@
-{
-  "extends": [".eslintrc.template.json"],
-  "parserOptions": {
-    "project": ["src/templates/tsconfig.json"]
-  }
-}

package/src/templates/.eslintrc.template.json

@@ -1,18 +0,0 @@
-{
-  "env": {
-    "browser": false,
-    "es2021": true
-  },
-  "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
-  "parser": "@typescript-eslint/parser",
-  "parserOptions": {
-    "project": ["./tsconfig.json"],
-    "ecmaVersion": 2022
-  },
-  "plugins": ["@typescript-eslint"],
-  "ignorePatterns": ["node_modules", "dist"],
-  "root": true,
-  "rules": {
-    "@typescript-eslint/no-floating-promises": ["error"]
-  }
-}