relight-cli 0.1.0 → 0.3.0

package/src/commands/apps.js

@@ -0,0 +1,128 @@
+import { success, fatal, hint, fmt, table } from "../lib/output.js";
+import { resolveAppName, readLink, unlinkApp } from "../lib/link.js";
+import { resolveTarget } from "../lib/providers/resolve.js";
+import { createInterface } from "readline";
+
+export async function appsList(options) {
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+
+  var apps = await appProvider.listApps(cfg);
+
+  if (apps.length === 0) {
+    if (options.json) {
+      console.log("[]");
+    } else {
+      process.stderr.write("No apps deployed.\n");
+      hint("Next", "relight deploy");
+    }
+    return;
+  }
+
+  if (options.json) {
+    console.log(JSON.stringify(apps, null, 2));
+    return;
+  }
+
+  var rows = apps.map((a) => [
+    fmt.app(a.name),
+    a.modified ? new Date(a.modified).toISOString() : "-",
+  ]);
+
+  console.log(table(["NAME", "LAST MODIFIED"], rows));
+}
+
+export async function appsInfo(name, options) {
+  name = resolveAppName(name);
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+
+  var info = await appProvider.getAppInfo(cfg, name);
+
+  if (!info) {
+    fatal(
+      `App ${fmt.app(name)} not found.`,
+      `Run ${fmt.cmd(`relight deploy ${name} .`)} first.`
+    );
+  }
+
+  var appConfig = info.appConfig;
+
+  if (options.json) {
+    console.log(JSON.stringify(appConfig, null, 2));
+    return;
+  }
+
+  console.log("");
+  console.log(`${fmt.bold("App:")}        ${fmt.app(name)}`);
+  if (info.url) console.log(`${fmt.bold("URL:")}        ${fmt.url(info.url)}`);
+  console.log(
+    `${fmt.bold("Image:")}      ${appConfig.image || fmt.dim("(not deployed)")}`
+  );
+  console.log(`${fmt.bold("Regions:")}    ${appConfig.regions.join(", ")}`);
+  console.log(`${fmt.bold("Instances:")}  ${appConfig.instances} per region`);
+  console.log(`${fmt.bold("Port:")}       ${appConfig.port}`);
+  console.log(
+    `${fmt.bold("Domains:")}    ${(appConfig.domains || []).join(", ") || fmt.dim("(none)")}`
+  );
+  var envCount = (appConfig.envKeys || []).length;
+  var secretCount = (appConfig.secretKeys || []).length;
+  var totalCount = envCount + secretCount;
+  if (!appConfig.envKeys && appConfig.env) totalCount = Object.keys(appConfig.env).length;
+  var envDisplay = secretCount > 0 ? `${totalCount} (${secretCount} secret)` : `${totalCount}`;
+  console.log(
+    `${fmt.bold("Env vars:")}   ${envDisplay}`
+  );
+  if (appConfig.dbId) {
+    console.log(`${fmt.bold("Database:")}   ${appConfig.dbName || appConfig.dbId}`);
+  }
+  if (appConfig.deployedAt) {
+    console.log(`${fmt.bold("Deployed:")}   ${appConfig.deployedAt}`);
+  }
+  if (appConfig.createdAt) {
+    console.log(`${fmt.bold("Created:")}    ${appConfig.createdAt}`);
+  }
+}
+
+export async function appsDestroy(name, options) {
+  name = resolveAppName(name);
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+
+  if (options.confirm !== name) {
+    if (process.stdin.isTTY) {
+      var rl = createInterface({ input: process.stdin, output: process.stderr });
+      var answer = await new Promise((resolve) =>
+        rl.question(`Type "${name}" to confirm destruction: `, resolve)
+      );
+      rl.close();
+      if (answer.trim() !== name) {
+        fatal("Confirmation did not match. Aborting.");
+      }
+    } else {
+      fatal(
+        `Destroying ${fmt.app(name)} requires confirmation.`,
+        `Run: relight apps destroy ${name} --confirm ${name}`
+      );
+    }
+  }
+
+  process.stderr.write(`Destroying ${fmt.app(name)}...\n`);
+
+  try {
+    await appProvider.destroyApp(cfg, name);
+  } catch (e) {
+    fatal(`Could not destroy ${fmt.app(name)}.`, e.message);
+  }
+
+  // Remove .relight if it points to this app
+  var linked = readLink();
+  if (linked && linked.app === name) {
+    unlinkApp();
+  }
+
+  success(`App ${fmt.app(name)} destroyed.`);
+}

package/src/commands/auth.js

@@ -168,17 +168,21 @@ async function authGCP(rl) {
   var SA_URL =
     "https://console.cloud.google.com/iam-admin/serviceaccounts/create";
   var ENABLE_APIS =
-    "https://console.cloud.google.com/apis/enableflow?apiid=run.googleapis.com,artifactregistry.googleapis.com";
+    "https://console.cloud.google.com/apis/enableflow?apiid=run.googleapis.com,artifactregistry.googleapis.com,sqladmin.googleapis.com,dns.googleapis.com,logging.googleapis.com,monitoring.googleapis.com";
 
   process.stderr.write(`\n  ${kleur.bold("Setup")}\n\n`);
-  process.stderr.write(`  1. Enable the Cloud Run and Artifact Registry APIs:\n`);
+  process.stderr.write(`  1. Enable the required APIs:\n`);
   process.stderr.write(`     ${fmt.url(ENABLE_APIS)}\n\n`);
   process.stderr.write(`  2. Create a service account:\n`);
   process.stderr.write(`     ${fmt.url(SA_URL)}\n\n`);
   process.stderr.write(`     Name it ${fmt.val("relight")} and grant these roles:\n`);
   process.stderr.write(`       ${fmt.val("Cloud Run Admin")}\n`);
   process.stderr.write(`       ${fmt.val("Artifact Registry Admin")}\n`);
-  process.stderr.write(`       ${fmt.val("Service Account User")}\n\n`);
+  process.stderr.write(`       ${fmt.val("Service Account User")}\n`);
+  process.stderr.write(`       ${fmt.val("Cloud SQL Admin")}\n`);
+  process.stderr.write(`       ${fmt.val("DNS Administrator")}\n`);
+  process.stderr.write(`       ${fmt.val("Logs Viewer")}\n`);
+  process.stderr.write(`       ${fmt.val("Monitoring Viewer")}\n\n`);
   process.stderr.write(`  3. Go to the service account → ${kleur.bold("Keys")} tab\n`);
   process.stderr.write(`  4. ${kleur.bold("Add Key")} → ${kleur.bold("Create new key")} → ${kleur.bold("JSON")}\n`);
   process.stderr.write(`  5. Save the downloaded file\n\n`);
@@ -237,7 +241,12 @@ async function authAWS(rl) {
   process.stderr.write(`     ${fmt.url(IAM_CONSOLE)}\n\n`);
   process.stderr.write(`  2. Create a user and attach these policies:\n`);
   process.stderr.write(`     ${fmt.val("AWSAppRunnerFullAccess")}\n`);
-  process.stderr.write(`     ${fmt.val("AmazonEC2ContainerRegistryFullAccess")}\n\n`);
+  process.stderr.write(`     ${fmt.val("AmazonEC2ContainerRegistryFullAccess")}\n`);
+  process.stderr.write(`     ${fmt.val("AmazonRDSFullAccess")}\n`);
+  process.stderr.write(`     ${fmt.val("AmazonRoute53FullAccess")}\n`);
+  process.stderr.write(`     ${fmt.val("AmazonEC2ReadOnlyAccess")}\n`);
+  process.stderr.write(`     ${fmt.val("CloudWatchLogsReadOnlyAccess")}\n`);
+  process.stderr.write(`     ${fmt.val("IAMFullAccess")}\n\n`);
   process.stderr.write(`  3. Go to the user's ${kleur.bold("Security credentials")} tab\n`);
   process.stderr.write(`  4. Click ${kleur.bold("Create access key")} → choose ${kleur.bold("Command Line Interface")}\n`);
   process.stderr.write(`  5. Copy the Access Key ID and Secret Access Key\n\n`);

package/src/commands/config.js

@@ -0,0 +1,282 @@
+import { readFileSync } from "fs";
+import { status, success, fatal, hint, fmt } from "../lib/output.js";
+import { resolveAppName } from "../lib/link.js";
+import { resolveTarget } from "../lib/providers/resolve.js";
+
+var RESERVED_NAMES = ["RELIGHT_APP_CONFIG", "APP_CONTAINER", "DB", "DB_URL", "DB_TOKEN"];
+
+function validateKeyName(key) {
+  if (RESERVED_NAMES.includes(key)) {
+    fatal(`${fmt.key(key)} is a reserved binding name and cannot be used as an env var.`);
+  }
+}
+
+function ensureKeyLists(appConfig) {
+  if (!appConfig.envKeys) appConfig.envKeys = [];
+  if (!appConfig.secretKeys) appConfig.secretKeys = [];
+  if (!appConfig.env) appConfig.env = {};
+}
+
+export async function configShow(name, options) {
+  name = resolveAppName(name);
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+  var appConfig = await appProvider.getAppConfig(cfg, name);
+
+  if (!appConfig) {
+    fatal(
+      `App ${fmt.app(name)} not found.`,
+      `Run ${fmt.cmd(`relight deploy ${name} .`)} first.`
+    );
+  }
+
+  var env = appConfig.env || {};
+  var keys = Object.keys(env);
+
+  if (keys.length === 0) {
+    if (options.json) {
+      console.log("{}");
+    } else {
+      process.stderr.write(`No config vars set for ${fmt.app(name)}.\n`);
+    }
+    return;
+  }
+
+  if (options.json) {
+    console.log(JSON.stringify(env, null, 2));
+    return;
+  }
+
+  for (var key of keys) {
+    console.log(`${fmt.key(key)}=${env[key]}`);
+  }
+}
+
+export async function configSet(args, options) {
+  var name, vars;
+  if (args.length === 0) {
+    fatal("No env vars provided.", "Usage: relight config set [name] KEY=VALUE ...");
+  }
+  if (args[0].includes("=")) {
+    name = resolveAppName(null);
+    vars = args;
+  } else {
+    name = args[0];
+    vars = args.slice(1);
+  }
+
+  if (vars.length === 0) {
+    fatal("No env vars provided.", "Usage: relight config set [name] KEY=VALUE ...");
+  }
+
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+  var appConfig = await appProvider.getAppConfig(cfg, name);
+
+  if (!appConfig) {
+    fatal(
+      `App ${fmt.app(name)} not found.`,
+      `Run ${fmt.cmd(`relight deploy ${name} .`)} first.`
+    );
+  }
+
+  ensureKeyLists(appConfig);
+
+  var isSecret = options && options.secret;
+  var newSecrets = {};
+
+  for (var v of vars) {
+    var eq = v.indexOf("=");
+    if (eq === -1) {
+      fatal(`Invalid format: ${v}`, "Use KEY=VALUE format.");
+    }
+    var key = v.substring(0, eq);
+    var value = v.substring(eq + 1);
+    validateKeyName(key);
+
+    if (isSecret) {
+      appConfig.envKeys = appConfig.envKeys.filter((k) => k !== key);
+      if (!appConfig.secretKeys.includes(key)) appConfig.secretKeys.push(key);
+      newSecrets[key] = value;
+      appConfig.env[key] = "[hidden]";
+      status(`${fmt.key(key)} set ${fmt.dim("(secret)")}`);
+    } else {
+      appConfig.secretKeys = appConfig.secretKeys.filter((k) => k !== key);
+      if (!appConfig.envKeys.includes(key)) appConfig.envKeys.push(key);
+      appConfig.env[key] = value;
+      status(`${fmt.key(key)} set`);
+    }
+  }
+
+  await appProvider.pushAppConfig(cfg, name, appConfig, { newSecrets: Object.keys(newSecrets).length > 0 ? newSecrets : undefined });
+  success("Config updated (live).");
+}
+
+export async function configGet(args, options) {
+  var name, key;
+  if (args.length === 2) {
+    name = args[0];
+    key = args[1];
+  } else if (args.length === 1) {
+    name = resolveAppName(null);
+    key = args[0];
+  } else {
+    fatal("Usage: relight config get [name] <key>");
+  }
+
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+  var appConfig = await appProvider.getAppConfig(cfg, name);
+
+  if (!appConfig) {
+    fatal(
+      `App ${fmt.app(name)} not found.`,
+      `Run ${fmt.cmd(`relight deploy ${name} .`)} first.`
+    );
+  }
+
+  var env = appConfig.env || {};
+
+  if (!(key in env)) {
+    fatal(`Key ${fmt.key(key)} is not set on ${fmt.app(name)}.`);
+  }
+
+  if ((appConfig.secretKeys || []).includes(key)) {
+    console.log("[hidden]");
+    hint("Secret values are write-only", "they cannot be read back after being set.");
+    return;
+  }
+
+  console.log(env[key]);
+}
+
+export async function configUnset(args, options) {
+  var name, keys;
+  if (args.length === 0) {
+    fatal("No keys provided.", "Usage: relight config unset [name] KEY ...");
+  }
+  if (args.length === 1) {
+    name = resolveAppName(null);
+    keys = args;
+  } else if (/^[A-Z_][A-Z0-9_]*$/.test(args[0])) {
+    name = resolveAppName(null);
+    keys = args;
+  } else {
+    name = args[0];
+    keys = args.slice(1);
+  }
+
+  if (keys.length === 0) {
+    fatal("No keys provided.", "Usage: relight config unset [name] KEY ...");
+  }
+
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+  var appConfig = await appProvider.getAppConfig(cfg, name);
+
+  if (!appConfig) {
+    fatal(
+      `App ${fmt.app(name)} not found.`,
+      `Run ${fmt.cmd(`relight deploy ${name} .`)} first.`
+    );
+  }
+
+  ensureKeyLists(appConfig);
+
+  for (var key of keys) {
+    var wasEnv = appConfig.envKeys.includes(key);
+    var wasSecret = appConfig.secretKeys.includes(key);
+    if (!wasEnv && !wasSecret) {
+      status(`${fmt.key(key)} ${fmt.dim("(not set, skipping)")}`);
+      continue;
+    }
+    appConfig.envKeys = appConfig.envKeys.filter((k) => k !== key);
+    appConfig.secretKeys = appConfig.secretKeys.filter((k) => k !== key);
+    delete appConfig.env[key];
+    status(`${fmt.key(key)} removed`);
+  }
+
+  await appProvider.pushAppConfig(cfg, name, appConfig);
+  success("Config updated (live).");
+}
+
+export async function configImport(name, options) {
+  name = resolveAppName(name);
+  var target = await resolveTarget(options);
+  var cfg = target.cfg;
+  var appProvider = await target.provider("app");
+  var appConfig = await appProvider.getAppConfig(cfg, name);
+
+  if (!appConfig) {
+    fatal(
+      `App ${fmt.app(name)} not found.`,
+      `Run ${fmt.cmd(`relight deploy ${name} .`)} first.`
+    );
+  }
+
+  ensureKeyLists(appConfig);
+
+  var input;
+  if (options.file) {
+    try {
+      input = readFileSync(options.file, "utf-8");
+    } catch (e) {
+      fatal(`Could not read file: ${options.file}`, e.message);
+    }
+  } else if (process.stdin.isTTY) {
+    fatal(
+      "No input provided.",
+      "Pipe a .env file: cat .env | relight config import\n  Or use: relight config import --file .env"
+    );
+  } else {
+    var chunks = [];
+    for await (var chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    input = Buffer.concat(chunks).toString("utf-8");
+  }
+
+  var isSecret = options && options.secret;
+  var newSecrets = {};
+  var count = 0;
+  for (var line of input.split("\n")) {
+    line = line.trim();
+    if (!line || line.startsWith("#")) continue;
+    var eq = line.indexOf("=");
+    if (eq === -1) continue;
+    var key = line.substring(0, eq).trim();
+    var value = line.substring(eq + 1).trim();
+    if (
+      (value.startsWith('"') && value.endsWith('"')) ||
+      (value.startsWith("'") && value.endsWith("'"))
+    ) {
+      value = value.slice(1, -1);
+    }
+    validateKeyName(key);
+
+    if (isSecret) {
+      appConfig.envKeys = appConfig.envKeys.filter((k) => k !== key);
+      if (!appConfig.secretKeys.includes(key)) appConfig.secretKeys.push(key);
+      newSecrets[key] = value;
+      appConfig.env[key] = "[hidden]";
+      status(`${fmt.key(key)} set ${fmt.dim("(secret)")}`);
+    } else {
+      appConfig.secretKeys = appConfig.secretKeys.filter((k) => k !== key);
+      if (!appConfig.envKeys.includes(key)) appConfig.envKeys.push(key);
+      appConfig.env[key] = value;
+      status(`${fmt.key(key)} set`);
+    }
+    count++;
+  }
+
+  if (count === 0) {
+    fatal("No variables found in input.", "Use KEY=VALUE format, one per line.");
+  }
+
+  await appProvider.pushAppConfig(cfg, name, appConfig, { newSecrets: Object.keys(newSecrets).length > 0 ? newSecrets : undefined });
+  success(`${count} variable${count !== 1 ? "s" : ""} imported (live).`);
+}