pepr 0.52.2 → 0.52.3

package/dist/runtime/controller.d.ts

@@ -1,3 +1,3 @@
 #!/usr/bin/env node
-export {};
+export declare const startup: (hash: string) => Promise<void>;
 //# sourceMappingURL=controller.d.ts.map

package/dist/runtime/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/runtime/controller.ts"],"names":[],"mappings":""}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/runtime/controller.ts"],"names":[],"mappings":";AAoDA,eAAO,MAAM,OAAO,GAAU,MAAM,MAAM,KAAG,OAAO,CAAC,IAAI,CAYxD,CAAC"}

package/package.json

@@ -16,7 +16,7 @@
     "!src/fixtures/**",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.52.2",
+  "version": "0.52.3",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {
@@ -55,19 +55,18 @@
     "test:upgrade:upstream": "npm run test:journey:k3d && npm run test:journey:image && vitest run integration/cluster/upgrade.test.ts"
   },
   "dependencies": {
-    "@types/ramda": "0.30.2",
+    "@types/ramda": "0.31.0",
     "commander": "14.0.0",
     "express": "5.1.0",
     "fast-json-patch": "3.1.1",
     "heredoc": "^1.3.1",
     "http-status-codes": "^2.3.0",
     "json-pointer": "^0.6.2",
-    "kubernetes-fluent-client": "3.9.0",
+    "kubernetes-fluent-client": "3.10.0",
     "pino": "9.7.0",
-    "pino-pretty": "13.0.0",
+    "pino-pretty": "13.1.1",
     "prom-client": "15.1.3",
     "ramda": "0.31.3",
-    "sigstore": "3.1.0",
     "ts-morph": "^26.0.0"
   },
   "devDependencies": {
@@ -96,12 +95,12 @@
   },
   "peerDependencies": {
     "@types/prompts": "2.4.9",
-    "@typescript-eslint/eslint-plugin": "8.33.0",
-    "@typescript-eslint/parser": "8.33.0",
-    "esbuild": "0.25.5",
-    "eslint": "^9.26.0",
+    "@typescript-eslint/eslint-plugin": "8.38.0",
+    "@typescript-eslint/parser": "8.38.0",
+    "esbuild": "0.25.8",
+    "eslint": "9.32.0",
     "node-forge": "1.3.1",
-    "prettier": "3.5.3",
+    "prettier": "3.6.2",
     "prompts": "2.4.2",
     "typescript": "5.8.3",
     "uuid": "11.1.0"

package/src/cli/{build.helpers.ts → build/build.helpers.ts}

@@ -1,23 +1,24 @@
-import { createDirectoryIfNotExists } from "../lib/filesystemService";
-import { sanitizeResourceName } from "../sdk/sdk";
-import { createDockerfile } from "../lib/included-files";
+import { createDirectoryIfNotExists } from "../../lib/filesystemService";
+import { sanitizeResourceName } from "../../sdk/sdk";
+import { createDockerfile } from "../../lib/included-files";
 import { execSync } from "child_process";
-import { CapabilityExport } from "../lib/types";
-import { validateCapabilityNames } from "../lib/helpers";
-import { BuildOptions, BuildResult, context, BuildContext } from "esbuild";
-import { Assets } from "../lib/assets/assets";
+import { CapabilityExport } from "../../lib/types";
+import { validateCapabilityNames } from "../../lib/helpers";
+import { BuildOptions, context, BuildContext } from "esbuild";
+import { Assets } from "../../lib/assets/assets";
 import { resolve } from "path";
 import { promises as fs } from "fs";
-import { generateAllYaml } from "../lib/assets/yaml/generateAllYaml";
-import { webhookConfigGenerator } from "../lib/assets/webhooks";
-import { generateZarfYamlGeneric } from "../lib/assets/yaml/generateZarfYaml";
+import { generateAllYaml } from "../../lib/assets/yaml/generateAllYaml";
+import { webhookConfigGenerator } from "../../lib/assets/webhooks";
+import { generateZarfYamlGeneric } from "../../lib/assets/yaml/generateZarfYaml";
 import {
   getDeployment,
   getModuleSecret,
   getWatcher,
   service,
   watcherService,
-} from "../lib/assets/k8sObjects";
+} from "../../lib/assets/k8sObjects";
+import { Reloader } from "../types";
 
 interface ImageOptions {
   customImage?: string;
@@ -47,7 +48,6 @@ export function assignImage(imageOptions: ImageOptions): string {
   return "";
 }
 
-export type Reloader = (opts: BuildResult<BuildOptions>) => void | Promise<void>;
 /**
  * Determine the RBAC mode based on the CLI options and the module's config
  * @param opts CLI options

package/src/cli/build/buildModule.ts

@@ -0,0 +1,160 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { execFileSync } from "child_process";
+import { BuildOptions, analyzeMetafile } from "esbuild";
+import { basename, extname, resolve } from "path";
+import { dependencies } from "../init/templates";
+import { peprFormat } from "../format";
+import { watchForChanges } from "./build.helpers";
+import { PeprConfig, Reloader } from "../types";
+import { BuildContext } from "esbuild";
+import { loadModule } from "./loadModule";
+
+type BuildModuleReturn = {
+  ctx: BuildContext<BuildOptions>;
+  path: string;
+  cfg: PeprConfig;
+  uuid: string;
+};
+// Create a list of external libraries to exclude from the bundle, these are already stored in the container
+const externalLibs = Object.keys(dependencies);
+
+// Add the pepr library to the list of external libraries
+externalLibs.push("pepr");
+
+// Add the kubernetes client to the list of external libraries as it is pulled in by kubernetes-fluent-client
+externalLibs.push("@kubernetes/client-node");
+
+export async function buildModule(
+  outputDir: string,
+  reloader?: Reloader,
+  entryPoint = "pepr.ts",
+  embed = true,
+): Promise<BuildModuleReturn | void> {
+  try {
+    const { cfg, modulePath, path, uuid } = await loadModule(outputDir, entryPoint);
+
+    await checkFormat();
+    // Resolve node_modules folder (in support of npm workspaces!)
+    const npmRoot = execFileSync("npm", ["root"]).toString().trim();
+
+    // Run `tsc` to validate the module's types & output sourcemaps
+    const args = ["--project", `${modulePath}/tsconfig.json`, "--outdir", outputDir];
+    execFileSync(`${npmRoot}/.bin/tsc`, args);
+
+    // Common build options for all builds
+    const ctxCfg: BuildOptions = {
+      bundle: true,
+      entryPoints: [entryPoint],
+      external: externalLibs,
+      format: "cjs",
+      keepNames: true,
+      legalComments: "external",
+      metafile: true,
+      minify: true,
+      outfile: path,
+      plugins: [
+        {
+          name: "reload-server",
+          setup(build): void | Promise<void> {
+            build.onEnd(async r => {
+              // Print the build size analysis
+              if (r?.metafile) {
+                console.info(await analyzeMetafile(r.metafile));
+              }
+
+              // If we're in dev mode, call the reloader function
+              if (reloader) {
+                await reloader(r);
+              }
+            });
+          },
+        },
+      ],
+      platform: "node",
+      sourcemap: true,
+      treeShaking: true,
+    };
+
+    if (reloader) {
+      // Only minify the code if we're not in dev mode
+      ctxCfg.minify = false;
+    }
+
+    // If not embedding (i.e. making a library module to be distro'd via NPM)
+    if (!embed) {
+      // Don't minify
+      ctxCfg.minify = false;
+
+      // Preserve the original file name
+      ctxCfg.outfile = resolve(outputDir, basename(entryPoint, extname(entryPoint))) + ".js";
+
+      // Don't bundle
+      ctxCfg.packages = "external";
+
+      // Don't tree shake
+      ctxCfg.treeShaking = false;
+    }
+
+    const ctx = await watchForChanges(ctxCfg, reloader);
+
+    return { ctx, path, cfg, uuid };
+  } catch (e) {
+    handleModuleBuildError(e);
+  }
+}
+
+interface BuildModuleResult {
+  stdout?: Buffer;
+  stderr: Buffer;
+}
+
+function handleModuleBuildError(e: BuildModuleResult): void {
+  console.error(`Error building module:`, e);
+
+  if (!e.stdout) process.exit(1); // Exit with a non-zero exit code on any other error
+
+  const out = e.stdout.toString() as string;
+  const err = e.stderr.toString();
+
+  console.info(out);
+  console.error(err);
+
+  // Check for version conflicts
+  if (out.includes("Types have separate declarations of a private property '_name'.")) {
+    // Try to find the conflicting package
+    const pgkErrMatch = /error TS2322: .*? 'import\("\/.*?\/node_modules\/(.*?)\/node_modules/g;
+    out.matchAll(pgkErrMatch);
+
+    // Look for package conflict errors
+    const conflicts = [...out.matchAll(pgkErrMatch)];
+
+    // If the regex didn't match, leave a generic error
+    if (conflicts.length < 1) {
+      console.info(
+        `\n\tOne or more imported Pepr Capabilities seem to be using an incompatible version of Pepr.\n\tTry updating your Pepr Capabilities to their latest versions.`,
+        "Version Conflict",
+      );
+    }
+
+    // Otherwise, loop through each conflicting package and print an error
+    conflicts.forEach(match => {
+      console.info(
+        `\n\tPackage '${match[1]}' seems to be incompatible with your current version of Pepr.\n\tTry updating to the latest version.`,
+        "Version Conflict",
+      );
+    });
+  }
+}
+
+async function checkFormat(): Promise<void> {
+  const validFormat = await peprFormat(true);
+
+  if (!validFormat) {
+    console.info(
+      "\x1b[33m%s\x1b[0m",
+      "Formatting errors were found. The build will continue, but you may want to run `npx pepr format` to address any issues.",
+    );
+  }
+}

package/src/cli/build/index.ts

@@ -0,0 +1,150 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { Assets } from "../../lib/assets/assets";
+import { Command } from "commander";
+import { Option } from "commander";
+import { parseTimeout } from "../../lib/helpers";
+import {
+  determineRbacMode,
+  assignImage,
+  createOutputDirectory,
+  handleValidCapabilityNames,
+  handleCustomImageBuild,
+  validImagePullSecret,
+  generateYamlAndWriteToDisk,
+} from "./build.helpers";
+import { buildModule } from "./buildModule";
+
+export default function (program: Command): void {
+  program
+    .command("build")
+    .description("Build a Pepr Module for deployment")
+    .addOption(
+      new Option("-M, --rbac-mode <mode>", "Override module config and set RBAC mode.").choices([
+        "admin",
+        "scoped",
+      ]),
+    )
+    .addOption(
+      new Option(
+        "-I, --registry-info <registry/username>",
+        "Provide the image registry and username for building and pushing a custom WASM container. Requires authentication. Conflicts with --custom-image and --registry. Builds and pushes `'<registry/username>/custom-pepr-controller:<current-version>'`.",
+      ).conflicts(["customImage", "registry"]),
+    )
+    .option("-P, --with-pull-secret <name>", "Use image pull secret for controller Deployment.", "")
+    .addOption(
+      new Option(
+        "-c, --custom-name <name>",
+        "Set name for zarf component and service monitors in helm charts.",
+      ),
+    )
+    .option("-e, --entry-point <file>", "Specify the entry point file to build with.", "pepr.ts")
+    .addOption(
+      new Option(
+        "-i, --custom-image <image>",
+        "Specify a custom image with version for deployments. Conflicts with --registry-info and --registry. Example: 'docker.io/username/custom-pepr-controller:v1.0.0'",
+      ).conflicts(["registryInfo", "registry"]),
+    )
+    .option(
+      "-n, --no-embed",
+      "Disable embedding of deployment files into output module. Useful when creating library modules intended solely for reuse/distribution via NPM.",
+    )
+    .option("-o, --output <directory>", "Set output directory.", "dist")
+    .addOption(
+      new Option(
+        "-r, --registry <GitHub|Iron Bank>",
+        "Container registry: Choose container registry for deployment manifests. Conflicts with --custom-image and --registry-info.",
+      )
+        .conflicts(["customImage", "registryInfo"])
+        .choices(["GitHub", "Iron Bank"]),
+    )
+    .option(
+      "-t, --timeout <seconds>",
+      "How long the API server should wait for a webhook to respond before treating the call as a failure.",
+      parseTimeout,
+    )
+    .addOption(
+      new Option("-z, --zarf <manifest|chart>", "Set Zarf package type")
+        .choices(["manifest", "chart"])
+        .default("manifest"),
+    )
+    .action(async opts => {
+      const outputDir = await createOutputDirectory(opts.output);
+
+      // Build the module
+      const buildModuleResult = await buildModule(
+        outputDir,
+        undefined,
+        opts.entryPoint,
+        opts.embed,
+      );
+
+      const { cfg, path } = buildModuleResult!;
+      // override the name if provided
+      if (opts.customName) {
+        process.env.PEPR_CUSTOM_BUILD_NAME = opts.customName;
+      }
+
+      const image = assignImage({
+        customImage: opts.customImage,
+        registryInfo: opts.registryInfo,
+        peprVersion: cfg.pepr.peprVersion,
+        registry: opts.registry,
+      });
+
+      // Check if there is a custom timeout defined
+      if (opts.timeout !== undefined) {
+        cfg.pepr.webhookTimeout = opts.timeout;
+      }
+
+      if (opts.registryInfo !== undefined) {
+        console.info(`Including ${cfg.pepr.includedFiles.length} files in controller image.`);
+        // for journey test to make sure the image is built
+
+        // only actually build/push if there are files to include
+        await handleCustomImageBuild(
+          cfg.pepr.includedFiles,
+          cfg.pepr.peprVersion,
+          cfg.description,
+          image,
+        );
+      }
+
+      // If building without embedding, exit after building
+      if (!opts.embed) {
+        console.info(`Module built successfully at ${path}`);
+        return;
+      }
+
+      // Generate a secret for the module
+      const assets = new Assets(
+        {
+          ...cfg.pepr,
+          appVersion: cfg.version,
+          description: cfg.description,
+          alwaysIgnore: {
+            namespaces: cfg.pepr.alwaysIgnore?.namespaces,
+          },
+          // Can override the rbacMode with the CLI option
+          rbacMode: determineRbacMode(opts, cfg),
+        },
+        path,
+        opts.withPullSecret === "" ? [] : [opts.withPullSecret],
+      );
+
+      if (image !== "") assets.image = image;
+
+      // Ensure imagePullSecret is valid
+      validImagePullSecret(opts.withPullSecret);
+
+      handleValidCapabilityNames(assets.capabilities);
+      await generateYamlAndWriteToDisk({
+        uuid: cfg.pepr.uuid,
+        outputDir,
+        imagePullSecret: opts.withPullSecret,
+        zarf: opts.zarf,
+        assets,
+      });
+    });
+}

package/src/cli/build/loadModule.ts

@@ -0,0 +1,54 @@
+import fs from "fs/promises";
+import { resolve, dirname } from "path/posix";
+import { version } from "../init/templates";
+import { PeprConfig } from "../types";
+
+export type LoadModuleReturn = {
+  cfg: PeprConfig;
+  entryPointPath: string;
+  modulePath: string;
+  name: string;
+  path: string;
+  uuid: string;
+};
+
+export async function loadModule(outputDir: string, entryPoint: string): Promise<LoadModuleReturn> {
+  // Resolve path to the module / files
+  const entryPointPath = resolve(".", entryPoint);
+  const modulePath = dirname(entryPointPath);
+  const cfgPath = resolve(modulePath, "package.json");
+
+  // Ensure the module's package.json and entrypoint files exist
+  try {
+    await fs.access(cfgPath);
+    await fs.access(entryPointPath);
+  } catch {
+    console.error(
+      `Could not find ${cfgPath} or ${entryPointPath} in the current directory. Please run this command from the root of your module's directory.`,
+    );
+    process.exit(1);
+  }
+
+  // Read the module's UUID from the package.json file
+  const moduleText = await fs.readFile(cfgPath, { encoding: "utf-8" });
+  const cfg = JSON.parse(moduleText);
+  const { uuid } = cfg.pepr;
+  const name = `pepr-${uuid}.js`;
+
+  // Set the Pepr version from the current running version
+  cfg.pepr.peprVersion = version;
+
+  // Exit if the module's UUID could not be found
+  if (!uuid) {
+    throw new Error("Could not load the uuid in package.json");
+  }
+
+  return {
+    cfg,
+    entryPointPath,
+    modulePath,
+    name,
+    path: resolve(outputDir, name),
+    uuid,
+  };
+}

package/src/cli/crd/generate/generators.ts

@@ -16,7 +16,7 @@ import { kind as k } from "kubernetes-fluent-client";
 import { V1JSONSchemaProps } from "@kubernetes/client-node";
 import { WarningMessages, ErrorMessages } from "./messages";
 
-export function extractCRDDetails(
+function extractCRDDetails(
   content: string,
   sourceFile: SourceFile,
 ): {
@@ -145,7 +145,7 @@ export function extractDetails(sourceFile: SourceFile): {
   throw new Error(ErrorMessages.INVALID_SCOPE(scope));
 }
 
-export function getJsDocDescription(node: Node): string {
+function getJsDocDescription(node: Node): string {
   if (!Node.isPropertySignature(node) && !Node.isPropertyDeclaration(node)) return "";
   return node
     .getJsDocs()
@@ -155,7 +155,7 @@ export function getJsDocDescription(node: Node): string {
     .trim();
 }
 
-export function getSchemaFromType(decl: InterfaceDeclaration | TypeAliasDeclaration): {
+function getSchemaFromType(decl: InterfaceDeclaration | TypeAliasDeclaration): {
   properties: Record<string, V1JSONSchemaProps>;
   required: string[];
 } {
@@ -183,7 +183,7 @@ export function getSchemaFromType(decl: InterfaceDeclaration | TypeAliasDeclarat
   return { properties, required };
 }
 
-export function mapTypeToSchema(type: Type): V1JSONSchemaProps {
+function mapTypeToSchema(type: Type): V1JSONSchemaProps {
   if (type.getText() === "Date") return { type: "string", format: "date-time" };
   if (type.isString()) return { type: "string" };
   if (type.isNumber()) return { type: "number" };
@@ -199,7 +199,7 @@ export function mapTypeToSchema(type: Type): V1JSONSchemaProps {
   return { type: "string" };
 }
 
-export function buildObjectSchema(type: Type): V1JSONSchemaProps {
+function buildObjectSchema(type: Type): V1JSONSchemaProps {
   const props: Record<string, V1JSONSchemaProps> = {};
   const required: string[] = [];
 
@@ -249,7 +249,7 @@ interface CRDConfig {
   conditionSchema: ReturnType<typeof getSchemaFromType>;
 }
 
-export function buildCRD(config: CRDConfig): k.CustomResourceDefinition {
+function buildCRD(config: CRDConfig): k.CustomResourceDefinition {
   return {
     apiVersion: "apiextensions.k8s.io/v1",
     kind: "CustomResourceDefinition",

package/src/cli/deploy.ts

@@ -6,14 +6,15 @@ import { CapabilityExport } from "../lib/types";
 import { Assets } from "../lib/assets/assets";
 import { ImagePullSecret } from "../lib/types";
 import { Command } from "commander";
-import { buildModule } from "./build";
+import { buildModule } from "./build/buildModule";
 import { deployImagePullSecret, deployWebhook } from "../lib/assets/deploy";
 import { namespaceDeploymentsReady } from "../lib/deploymentChecks";
 import { sanitizeName } from "./init/utils";
 import { validateCapabilityNames } from "../lib/helpers";
 import { namespaceComplianceValidator } from "../lib/helpers";
 import { loadCapabilities } from "../lib/assets/loader";
-export interface ImagePullSecretDetails {
+
+interface ImagePullSecretDetails {
   pullSecret?: string;
   dockerServer?: string;
   dockerUsername?: string;
@@ -61,7 +62,7 @@ export function validateImagePullSecretDetails(details: ImagePullSecretDetails):
   return { valid: true };
 }
 
-export type ValidatedImagePullSecretDetails = Required<ImagePullSecretDetails>;
+type ValidatedImagePullSecretDetails = Required<ImagePullSecretDetails>;
 
 function generateImagePullSecret(details: ValidatedImagePullSecretDetails): ImagePullSecret {
   const auth = Buffer.from(`${details.dockerUsername}:${details.dockerPassword}`).toString(
@@ -95,7 +96,7 @@ export async function getUserConfirmation(opts: { yes: boolean }): Promise<boole
 }
 
 async function buildAndDeployModule(image: string, force: boolean): Promise<void> {
-  const builtModule = await buildModule();
+  const builtModule = await buildModule("dist");
   if (!builtModule) {
     return;
   }

package/src/cli/dev.ts

@@ -7,7 +7,8 @@ import { ChildProcess, fork } from "child_process";
 import { K8s, kind } from "kubernetes-fluent-client";
 import { Command } from "commander";
 import { Store } from "../lib/k8s";
-import { buildModule, loadModule } from "./build";
+import { buildModule } from "./build/buildModule";
+import { loadModule } from "./build/loadModule";
 import { deployWebhook } from "../lib/assets/deploy";
 import { promises as fs } from "fs";
 import { validateCapabilityNames } from "../lib/helpers";
@@ -35,7 +36,7 @@ export default function (program: Command): void {
       }
 
       // Build the module
-      const { cfg, path } = await loadModule();
+      const { cfg, path } = await loadModule("dist", "pepr.ts");
 
       // Generate a secret for the module
       const webhook = new Assets(
@@ -103,7 +104,7 @@ export default function (program: Command): void {
           });
         };
 
-        await buildModule(async r => {
+        await buildModule("dist", async r => {
           if (r.errors.length > 0) {
             console.error(`Error compiling module: ${r.errors}`);
             return;

package/src/cli/monitor.ts

@@ -81,7 +81,7 @@ export function getK8sLogFromKubeConfig(): K8sLog {
   return new K8sLog(kc);
 }
 
-function createLogStream(): stream.PassThrough {
+export function createLogStream(): stream.PassThrough {
   const logStream = new stream.PassThrough();
 
   logStream.on("data", async chunk => {
@@ -97,7 +97,7 @@ function createLogStream(): stream.PassThrough {
   return logStream;
 }
 
-function processLogLine(line: string): void {
+export function processLogLine(line: string): void {
   try {
     const payload: LogPayload = JSON.parse(line.trim());
     const isMutate = payload.res.patchType || payload.res.warnings;

package/src/cli/types.ts

@@ -1,3 +1,29 @@
+import { BuildResult, BuildOptions } from "esbuild";
 import { Answers } from "prompts";
+import { ModuleConfig } from "../lib/types";
 
 export type InitOptions = Answers<"name" | "description" | "errorBehavior" | "uuid">;
+
+export type Reloader = (opts: BuildResult<BuildOptions>) => void | Promise<void>;
+
+export type PeprConfig = Omit<ModuleConfig, keyof PeprNestedFields> & {
+  pepr: PeprNestedFields & {
+    includedFiles: string[];
+  };
+  description: string;
+  version: string;
+};
+
+type PeprNestedFields = Pick<
+  ModuleConfig,
+  | "uuid"
+  | "onError"
+  | "webhookTimeout"
+  | "customLabels"
+  | "alwaysIgnore"
+  | "env"
+  | "rbac"
+  | "rbacMode"
+> & {
+  peprVersion: string;
+};

package/src/cli/uuid.ts

@@ -13,12 +13,11 @@ export default function (program: Command): void {
       const deployments = await getPeprDeploymentsByUUID(uuid);
       const uuidTable = buildUUIDTable(deployments);
 
-      console.log("UUID\t\tDescription");
-      console.log("--------------------------------------------");
-
-      Object.entries(uuidTable).forEach(([uuid, description]) => {
-        console.log(`${uuid}\t${description}`);
-      });
+      const uuidTableEntries = Object.entries(uuidTable).map(([uuid, description]) => ({
+        UUID: uuid,
+        Description: description,
+      }));
+      console.table(uuidTableEntries);
     });
 }
 

package/src/lib/assets/deploy.ts

@@ -100,7 +100,7 @@ export async function deployWebhook(
   // Create the validating webhook configuration if it is needed
   await handleWebhookConfiguration(assets, WebhookType.VALIDATE, webhookTimeout, force);
 
-  Log.info("Applying the Pepr Store CRD if it doesn't exist");
+  Log.debug("Applying the Pepr Store CRD if it doesn't exist");
   await K8s(kind.CustomResourceDefinition).Apply(peprStoreCRD, { force });
 
   if (assets.host) return; // Skip resource deployment if a host is already specified