puls-dev 0.2.1 → 0.2.3

package/dist/providers/gcp/cloudrun.js

@@ -0,0 +1,240 @@
+import { BaseBuilder } from "../../core/resource.js";
+import { gcpFetch, getProjectId, getRegion } from "./api.js";
+import { resolveGCPEnvVars } from "./secrets.js";
+const RUN_BASE = "https://run.googleapis.com";
+function formatCpu(cpu) {
+    return typeof cpu === "number" ? String(cpu) : cpu;
+}
+function formatMemory(memory) {
+    return typeof memory === "number" ? `${memory}Mi` : memory;
+}
+export class GCPCloudRunBuilder extends BaseBuilder {
+    _image;
+    _port = 8080;
+    _cpu = "1";
+    _memory = "512Mi";
+    _minInstances;
+    _maxInstances;
+    _env = {};
+    _region;
+    _public = true;
+    constructor(serviceId) {
+        super(serviceId);
+        this.discoveryPromise = this.discoverService();
+    }
+    image(img) {
+        this._image = img;
+        return this;
+    }
+    port(p) {
+        this._port = p;
+        return this;
+    }
+    cpu(c) {
+        this._cpu = c;
+        return this;
+    }
+    memory(m) {
+        this._memory = m;
+        return this;
+    }
+    minInstances(n) {
+        this._minInstances = n;
+        return this;
+    }
+    maxInstances(n) {
+        this._maxInstances = n;
+        return this;
+    }
+    env(vars) {
+        this._env = { ...this._env, ...vars };
+        return this;
+    }
+    region(reg) {
+        this._region = reg;
+        // Re-trigger discovery with the custom region
+        this.discoveryPromise = this.discoverService();
+        return this;
+    }
+    public(enabled = true) {
+        this._public = enabled;
+        return this;
+    }
+    async discoverService() {
+        try {
+            const project = getProjectId();
+            const location = this._region ?? getRegion();
+            return await gcpFetch(RUN_BASE, `/v2/projects/${project}/locations/${location}/services/${this.name}`);
+        }
+        catch (e) {
+            if (e.message?.includes("404") ||
+                e.message?.includes("403") ||
+                e.message?.includes("credentials not configured")) {
+                return null;
+            }
+            throw e;
+        }
+    }
+    async deploy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const location = this._region ?? getRegion();
+        const serviceId = this.name;
+        console.log(`\n⚡ Finalizing GCP Cloud Run Service "${serviceId}"...`);
+        if (!this._image) {
+            throw new Error(`[GCP.CloudRun:${serviceId}] .image("...") is required`);
+        }
+        const existing = await this.discoveryPromise;
+        const targetCpu = formatCpu(this._cpu);
+        const targetMemory = formatMemory(this._memory);
+        const targetMinInstances = this._minInstances ?? 0;
+        const targetMaxInstances = this._maxInstances ?? 100;
+        const targetIngress = this._public ? "INGRESS_TRAFFIC_ALL" : "INGRESS_TRAFFIC_INTERNAL_ONLY";
+        const resolvedEnv = await resolveGCPEnvVars(this._env, dryRun);
+        const targetEnv = Object.entries(resolvedEnv).map(([name, value]) => ({
+            name,
+            value,
+        }));
+        if (dryRun) {
+            console.log(`   📝 [PLAN] ${existing ? "Update" : "Create"} Cloud Run service "${serviceId}" in ${location}`);
+            console.log(`      └─ Image: ${this._image}`);
+            console.log(`      └─ Port: ${this._port}`);
+            console.log(`      └─ CPU: ${targetCpu} | Memory: ${targetMemory}`);
+            console.log(`      └─ Scaling: min ${targetMinInstances}, max ${targetMaxInstances}`);
+            console.log(`      └─ Public Access: ${this._public ? "enabled" : "disabled"}`);
+            if (targetEnv.length > 0) {
+                console.log(`      └─ Env vars: ${targetEnv.map((e) => e.name).join(", ")}`);
+            }
+            return {
+                serviceId,
+                url: `https://${serviceId}-dryrun.a.run.app`,
+            };
+        }
+        // Determine if update is needed
+        let needsUpdate = !existing;
+        if (existing) {
+            const existingContainer = existing.template?.containers?.[0];
+            const existingLimits = existingContainer?.resources?.limits ?? {};
+            const existingPorts = existingContainer?.ports ?? [];
+            const existingEnv = existingContainer?.env ?? [];
+            const existingScaling = existing.template?.scaling ?? {};
+            // Env vars match
+            const sortedExistingEnv = [...existingEnv].sort((a, b) => a.name.localeCompare(b.name));
+            const sortedTargetEnv = [...targetEnv].sort((a, b) => a.name.localeCompare(b.name));
+            const envsMatch = JSON.stringify(sortedExistingEnv) === JSON.stringify(sortedTargetEnv);
+            needsUpdate =
+                existingContainer?.image !== this._image ||
+                    existingPorts[0]?.containerPort !== this._port ||
+                    existingLimits.cpu !== targetCpu ||
+                    existingLimits.memory !== targetMemory ||
+                    (existingScaling.minInstanceCount ?? 0) !== targetMinInstances ||
+                    (existingScaling.maxInstanceCount ?? 100) !== targetMaxInstances ||
+                    existing.ingress !== targetIngress ||
+                    !envsMatch;
+        }
+        const serviceBody = {
+            template: {
+                containers: [
+                    {
+                        image: this._image,
+                        ports: [{ containerPort: this._port }],
+                        resources: {
+                            limits: {
+                                cpu: targetCpu,
+                                memory: targetMemory,
+                            },
+                        },
+                        env: targetEnv,
+                    },
+                ],
+                scaling: {
+                    minInstanceCount: targetMinInstances,
+                    maxInstanceCount: targetMaxInstances,
+                },
+            },
+            ingress: targetIngress,
+        };
+        let resultService;
+        if (!existing) {
+            console.log(`🚀 Creating GCP Cloud Run service "${serviceId}"...`);
+            resultService = await gcpFetch(RUN_BASE, `/v2/projects/${project}/locations/${location}/services?serviceId=${serviceId}`, {
+                method: "POST",
+                body: JSON.stringify(serviceBody),
+            });
+        }
+        else if (needsUpdate) {
+            console.log(`🔄 Updating GCP Cloud Run service "${serviceId}"...`);
+            resultService = await gcpFetch(RUN_BASE, `/v2/projects/${project}/locations/${location}/services/${serviceId}`, {
+                method: "PATCH",
+                body: JSON.stringify({
+                    name: `projects/${project}/locations/${location}/services/${serviceId}`,
+                    ...serviceBody,
+                }),
+            });
+        }
+        else {
+            console.log(`✅ GCP Cloud Run service "${serviceId}" is up to date.`);
+            resultService = existing;
+        }
+        // Apply IAM Invoker Policy
+        if (this._public) {
+            console.log(`   🔓 Making service public (binding roles/run.invoker to allUsers)...`);
+            await gcpFetch(RUN_BASE, `/v2/projects/${project}/locations/${location}/services/${serviceId}:setIamPolicy`, {
+                method: "POST",
+                body: JSON.stringify({
+                    policy: {
+                        bindings: [
+                            {
+                                role: "roles/run.invoker",
+                                members: ["allUsers"],
+                            },
+                        ],
+                    },
+                }),
+            });
+            console.log(`   ✅ Public IAM policy applied.`);
+        }
+        else {
+            console.log(`   🔒 Restricting service to private (clearing allUsers invoker binding)...`);
+            await gcpFetch(RUN_BASE, `/v2/projects/${project}/locations/${location}/services/${serviceId}:setIamPolicy`, {
+                method: "POST",
+                body: JSON.stringify({
+                    policy: {
+                        bindings: [],
+                    },
+                }),
+            });
+            console.log(`   ✅ Private IAM policy applied.`);
+        }
+        await this.deploySidecars();
+        const url = resultService.uri ?? `https://${serviceId}.a.run.app`;
+        console.log(`🚀 Service live → ${url}`);
+        return {
+            serviceId,
+            url,
+        };
+    }
+    async destroy() {
+        const dryRun = this.isDryRunActive();
+        const project = getProjectId();
+        const location = this._region ?? getRegion();
+        const serviceId = this.name;
+        console.log(`\n🗑️  Destroying GCP Cloud Run Service "${serviceId}"...`);
+        const existing = await this.discoverService();
+        if (!existing) {
+            console.log(`   ✅ Service "${serviceId}" does not exist - nothing to do.`);
+            return { destroyed: serviceId };
+        }
+        if (dryRun) {
+            console.log(`   📝 [PLAN] Delete Cloud Run service "${serviceId}" in ${location}`);
+            return { destroyed: serviceId };
+        }
+        console.log(`   🔄 Deleting Cloud Run service "${serviceId}"...`);
+        await gcpFetch(RUN_BASE, `/v2/projects/${project}/locations/${location}/services/${serviceId}`, {
+            method: "DELETE",
+        });
+        console.log(`   ✅ Service "${serviceId}" deleted.`);
+        await this.destroySidecars();
+        return { destroyed: serviceId };
+    }
+}

package/dist/providers/gcp/cloudrun.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/providers/gcp/cloudrun.test.js

@@ -0,0 +1,281 @@
+import { test, describe, beforeEach, afterEach, mock } from "node:test";
+import assert from "node:assert";
+import { GoogleAuth } from "google-auth-library";
+import { GCPCloudRunBuilder } from "./cloudrun.js";
+import { Config } from "../../core/config.js";
+describe("GCPCloudRunBuilder Unit Tests", () => {
+    let originalFetch;
+    let fetchCalls = [];
+    let mockResponses = {};
+    beforeEach(() => {
+        Config.set({
+            dryRun: false,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                    region: "us-east1",
+                },
+            },
+        });
+        originalFetch = globalThis.fetch;
+        fetchCalls = [];
+        mockResponses = {};
+        globalThis.fetch = async (input, init) => {
+            const url = String(input);
+            const method = init?.method ?? "GET";
+            let body;
+            if (init?.body) {
+                if (typeof init.body === "string") {
+                    try {
+                        body = JSON.parse(init.body);
+                    }
+                    catch {
+                        body = init.body;
+                    }
+                }
+                else {
+                    body = "[Binary/Buffer Body]";
+                }
+            }
+            const headers = init?.headers;
+            fetchCalls.push({ url, method, body, headers });
+            const matchKey = Object.keys(mockResponses)
+                .filter((key) => {
+                const [mMethod, mPath] = key.split(" ");
+                return method === mMethod && url.includes(mPath);
+            })
+                .sort((a, b) => b.split(" ")[1].length - a.split(" ")[1].length)[0];
+            if (matchKey) {
+                const resp = mockResponses[matchKey];
+                return {
+                    ok: resp.status >= 200 && resp.status < 300,
+                    status: resp.status,
+                    json: async () => resp.body,
+                    text: async () => JSON.stringify(resp.body),
+                };
+            }
+            return {
+                ok: false,
+                status: 404,
+                json: async () => ({ message: `Endpoint not mocked: ${method} ${url}` }),
+                text: async () => `Endpoint not mocked: ${method} ${url}`,
+            };
+        };
+        mock.method(GoogleAuth.prototype, "getClient", async () => {
+            return {
+                getAccessToken: async () => ({ token: "fake-gcp-token" }),
+            };
+        });
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+        mock.restoreAll();
+    });
+    test("fluent builder api sets properties correctly", () => {
+        const builder = new GCPCloudRunBuilder("my-service")
+            .image("gcr.io/my-proj/my-image:v1")
+            .port(3000)
+            .cpu(2)
+            .memory(1024)
+            .minInstances(2)
+            .maxInstances(20)
+            .env({ DB_HOST: "localhost", PORT: "3000" })
+            .region("europe-west1")
+            .public(false);
+        assert.strictEqual(builder._image, "gcr.io/my-proj/my-image:v1");
+        assert.strictEqual(builder._port, 3000);
+        assert.strictEqual(builder._cpu, 2);
+        assert.strictEqual(builder._memory, 1024);
+        assert.strictEqual(builder._minInstances, 2);
+        assert.strictEqual(builder._maxInstances, 20);
+        assert.deepStrictEqual(builder._env, { DB_HOST: "localhost", PORT: "3000" });
+        assert.strictEqual(builder._region, "europe-west1");
+        assert.strictEqual(builder._public, false);
+    });
+    test("runs in dry-run mode safely and logs plans", async () => {
+        Config.set({
+            dryRun: true,
+            providers: {
+                gcp: {
+                    projectId: "my-gcp-project",
+                    serviceAccountPath: "/fake/sa.json",
+                    region: "us-central1",
+                },
+            },
+        });
+        const builder = new GCPCloudRunBuilder("dry-run-service")
+            .image("gcr.io/my-proj/my-image:v1")
+            .minInstances(1)
+            .maxInstances(5);
+        const result = await builder.deploy();
+        assert.strictEqual(result.serviceId, "dry-run-service");
+        assert.strictEqual(result.url, "https://dry-run-service-dryrun.a.run.app");
+        const writeCalls = fetchCalls.filter((c) => c.method !== "GET");
+        assert.strictEqual(writeCalls.length, 0); // No write requests in dry-run
+    });
+    test("creates a new service when it does not exist", async () => {
+        // 1. Mock GET returning 404 (discovery)
+        mockResponses["GET /services/new-service"] = {
+            status: 404,
+            body: { message: "Not found" },
+        };
+        // 2. Mock POST (create)
+        mockResponses["POST /services?serviceId=new-service"] = {
+            status: 201,
+            body: {
+                name: "projects/my-gcp-project/locations/us-east1/services/new-service",
+                uri: "https://new-service-xyz.run.app",
+            },
+        };
+        // 3. Mock POST (setIamPolicy)
+        mockResponses["POST /services/new-service:setIamPolicy"] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new GCPCloudRunBuilder("new-service")
+            .image("gcr.io/my-proj/my-image:v1")
+            .port(8080)
+            .cpu("1")
+            .memory("512Mi")
+            .minInstances(0)
+            .maxInstances(10)
+            .public(true);
+        const result = await builder.deploy();
+        assert.strictEqual(result.serviceId, "new-service");
+        assert.strictEqual(result.url, "https://new-service-xyz.run.app");
+        // Assert fetch calls occurred
+        const postCalls = fetchCalls.filter((c) => c.method === "POST" && c.url.includes("serviceId="));
+        assert.strictEqual(postCalls.length, 1);
+        assert.deepStrictEqual(postCalls[0].body.template.containers[0].image, "gcr.io/my-proj/my-image:v1");
+        const iamCalls = fetchCalls.filter((c) => c.method === "POST" && c.url.includes(":setIamPolicy"));
+        assert.strictEqual(iamCalls.length, 1);
+        assert.deepStrictEqual(iamCalls[0].body.policy.bindings[0].role, "roles/run.invoker");
+        assert.deepStrictEqual(iamCalls[0].body.policy.bindings[0].members, ["allUsers"]);
+    });
+    test("updates an existing service if configuration differs", async () => {
+        // 1. Mock GET returning existing service config with different image
+        mockResponses["GET /services/existing-service"] = {
+            status: 200,
+            body: {
+                name: "projects/my-gcp-project/locations/us-east1/services/existing-service",
+                uri: "https://existing-service-xyz.run.app",
+                template: {
+                    containers: [
+                        {
+                            image: "gcr.io/my-proj/old-image:v1",
+                            ports: [{ containerPort: 8080 }],
+                            resources: { limits: { cpu: "1", memory: "512Mi" } },
+                        },
+                    ],
+                    scaling: { minInstanceCount: 0, maxInstanceCount: 10 },
+                },
+                ingress: "INGRESS_TRAFFIC_ALL",
+            },
+        };
+        // 2. Mock PATCH (update)
+        mockResponses["PATCH /services/existing-service"] = {
+            status: 200,
+            body: {
+                name: "projects/my-gcp-project/locations/us-east1/services/existing-service",
+                uri: "https://existing-service-xyz.run.app",
+            },
+        };
+        // 3. Mock POST (setIamPolicy)
+        mockResponses["POST /services/existing-service:setIamPolicy"] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new GCPCloudRunBuilder("existing-service")
+            .image("gcr.io/my-proj/new-image:v1") // Image changed!
+            .minInstances(0)
+            .maxInstances(10)
+            .public(true);
+        const result = await builder.deploy();
+        assert.strictEqual(result.serviceId, "existing-service");
+        assert.strictEqual(result.url, "https://existing-service-xyz.run.app");
+        // Verify PATCH was called
+        const patchCalls = fetchCalls.filter((c) => c.method === "PATCH");
+        assert.strictEqual(patchCalls.length, 1);
+        assert.deepStrictEqual(patchCalls[0].body.template.containers[0].image, "gcr.io/my-proj/new-image:v1");
+        const iamCalls = fetchCalls.filter((c) => c.method === "POST" && c.url.includes(":setIamPolicy"));
+        assert.strictEqual(iamCalls.length, 1);
+    });
+    test("skips updating an existing service if configuration is identical", async () => {
+        // 1. Mock GET returning exact same config
+        mockResponses["GET /services/identical-service"] = {
+            status: 200,
+            body: {
+                name: "projects/my-gcp-project/locations/us-east1/services/identical-service",
+                uri: "https://identical-service-xyz.run.app",
+                template: {
+                    containers: [
+                        {
+                            image: "gcr.io/my-proj/image:v1",
+                            ports: [{ containerPort: 8080 }],
+                            resources: { limits: { cpu: "1", memory: "512Mi" } },
+                            env: [{ name: "NODE_ENV", value: "production" }],
+                        },
+                    ],
+                    scaling: { minInstanceCount: 0, maxInstanceCount: 10 },
+                },
+                ingress: "INGRESS_TRAFFIC_ALL",
+            },
+        };
+        // 2. Mock POST (setIamPolicy)
+        mockResponses["POST /services/identical-service:setIamPolicy"] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new GCPCloudRunBuilder("identical-service")
+            .image("gcr.io/my-proj/image:v1")
+            .port(8080)
+            .cpu("1")
+            .memory("512Mi")
+            .minInstances(0)
+            .maxInstances(10)
+            .env({ NODE_ENV: "production" })
+            .public(true);
+        const result = await builder.deploy();
+        assert.strictEqual(result.serviceId, "identical-service");
+        assert.strictEqual(result.url, "https://identical-service-xyz.run.app");
+        // Verify PATCH or POST for services was NOT called
+        const writeCalls = fetchCalls.filter((c) => (c.method === "PATCH" || (c.method === "POST" && c.url.includes("serviceId="))));
+        assert.strictEqual(writeCalls.length, 0);
+        // Verify setIamPolicy was still called
+        const iamCalls = fetchCalls.filter((c) => c.method === "POST" && c.url.includes(":setIamPolicy"));
+        assert.strictEqual(iamCalls.length, 1);
+    });
+    test("destroys an existing service", async () => {
+        // 1. Mock GET returning existing service config (discovery on destroy)
+        mockResponses["GET /services/to-delete"] = {
+            status: 200,
+            body: { name: "projects/my-gcp-project/locations/us-east1/services/to-delete" },
+        };
+        // 2. Mock DELETE
+        mockResponses["DELETE /services/to-delete"] = {
+            status: 200,
+            body: {},
+        };
+        const builder = new GCPCloudRunBuilder("to-delete");
+        const result = await builder.destroy();
+        assert.deepStrictEqual(result, { destroyed: "to-delete" });
+        // Verify DELETE was called
+        const deleteCalls = fetchCalls.filter((c) => c.method === "DELETE");
+        assert.strictEqual(deleteCalls.length, 1);
+        assert.strictEqual(deleteCalls[0].url.includes("/services/to-delete"), true);
+    });
+    test("destroy does nothing when service does not exist", async () => {
+        // 1. Mock GET returning 404
+        mockResponses["GET /services/not-exist"] = {
+            status: 404,
+            body: { message: "Not found" },
+        };
+        const builder = new GCPCloudRunBuilder("not-exist");
+        const result = await builder.destroy();
+        assert.deepStrictEqual(result, { destroyed: "not-exist" });
+        // Verify DELETE was NOT called
+        const deleteCalls = fetchCalls.filter((c) => c.method === "DELETE");
+        assert.strictEqual(deleteCalls.length, 0);
+    });
+});

package/dist/providers/gcp/cloudsql.d.ts

@@ -0,0 +1,37 @@
+import { BaseBuilder } from "../../core/resource.js";
+export declare class GCPCloudSQLBuilder extends BaseBuilder {
+    private _engine;
+    private _engineVersion;
+    private _tier;
+    private _storage;
+    private _username?;
+    private _password?;
+    private _dbName?;
+    private _publicAccess;
+    private _region?;
+    resolvedEndpoint: string | null;
+    resolvedPort: number | null;
+    resolvedConnectionName: string | null;
+    constructor(instanceId: string);
+    engine(e: {
+        engine: "postgres" | "mysql";
+        version: string;
+    }): this;
+    size(tier: string): this;
+    storage(gb: number): this;
+    credentials(username: string, password: string): this;
+    database(name: string): this;
+    publicAccess(enabled?: boolean): this;
+    region(reg: string): this;
+    private discoverInstance;
+    private waitForOperation;
+    deploy(): Promise<{
+        name: string;
+        endpoint: string | null;
+        port: number;
+        connectionName: string | null;
+    }>;
+    destroy(): Promise<{
+        destroyed: string;
+    }>;
+}