run402 1.54.4 → 1.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +38 -0
- package/cli.mjs +7 -0
- package/core-dist/allowance-auth.js +42 -22
- package/lib/ci.mjs +395 -0
- package/lib/deploy-v2.mjs +200 -12
- package/lib/deploy.mjs +49 -7
- package/lib/sdk.mjs +2 -2
- package/lib/secrets.mjs +15 -7
- package/package.json +1 -1
- package/sdk/core-dist/allowance-auth.js +42 -22
- package/sdk/dist/ci-credentials.d.ts +22 -0
- package/sdk/dist/ci-credentials.d.ts.map +1 -0
- package/sdk/dist/ci-credentials.js +103 -0
- package/sdk/dist/ci-credentials.js.map +1 -0
- package/sdk/dist/index.d.ts +7 -1
- package/sdk/dist/index.d.ts.map +1 -1
- package/sdk/dist/index.js +5 -0
- package/sdk/dist/index.js.map +1 -1
- package/sdk/dist/namespaces/apps.d.ts +11 -4
- package/sdk/dist/namespaces/apps.d.ts.map +1 -1
- package/sdk/dist/namespaces/apps.js +73 -9
- package/sdk/dist/namespaces/apps.js.map +1 -1
- package/sdk/dist/namespaces/ci.d.ts +21 -0
- package/sdk/dist/namespaces/ci.d.ts.map +1 -0
- package/sdk/dist/namespaces/ci.js +256 -0
- package/sdk/dist/namespaces/ci.js.map +1 -0
- package/sdk/dist/namespaces/ci.types.d.ts +91 -0
- package/sdk/dist/namespaces/ci.types.d.ts.map +1 -0
- package/sdk/dist/namespaces/ci.types.js +8 -0
- package/sdk/dist/namespaces/ci.types.js.map +1 -0
- package/sdk/dist/namespaces/deploy.d.ts.map +1 -1
- package/sdk/dist/namespaces/deploy.js +145 -30
- package/sdk/dist/namespaces/deploy.js.map +1 -1
- package/sdk/dist/namespaces/deploy.types.d.ts +24 -9
- package/sdk/dist/namespaces/deploy.types.d.ts.map +1 -1
- package/sdk/dist/namespaces/secrets.d.ts +3 -2
- package/sdk/dist/namespaces/secrets.d.ts.map +1 -1
- package/sdk/dist/namespaces/secrets.js +45 -5
- package/sdk/dist/namespaces/secrets.js.map +1 -1
- package/sdk/dist/node/ci.d.ts +12 -0
- package/sdk/dist/node/ci.d.ts.map +1 -0
- package/sdk/dist/node/ci.js +30 -0
- package/sdk/dist/node/ci.js.map +1 -0
- package/sdk/dist/node/index.d.ts +7 -2
- package/sdk/dist/node/index.d.ts.map +1 -1
- package/sdk/dist/node/index.js +3 -2
- package/sdk/dist/node/index.js.map +1 -1
- package/sdk/dist/type-contract.d.ts +2 -0
- package/sdk/dist/type-contract.d.ts.map +1 -0
- package/sdk/dist/type-contract.js +2 -0
- package/sdk/dist/type-contract.js.map +1 -0
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
/** CI/OIDC federation namespace and canonical delegation helpers. */
|
|
2
|
+
import { LocalError, Run402DeployError } from "../errors.js";
|
|
3
|
+
import { CI_AUDIENCE, CI_GITHUB_ACTIONS_ISSUER, CI_GITHUB_ACTIONS_PROVIDER, } from "./ci.types.js";
|
|
4
|
+
export { CI_AUDIENCE, CI_GITHUB_ACTIONS_ISSUER, CI_GITHUB_ACTIONS_PROVIDER, DEFAULT_CI_DELEGATION_CHAIN_ID, V1_CI_ALLOWED_ACTIONS, V1_CI_ALLOWED_EVENTS_DEFAULT, } from "./ci.types.js";
|
|
5
|
+
const TOKEN_EXCHANGE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
6
|
+
const TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:jwt";
|
|
7
|
+
const MAX_SUBJECT_MATCH_CHARS = 256;
|
|
8
|
+
const MAX_RESOURCE_URI_BYTES = 4096;
|
|
9
|
+
const MAX_STATEMENT_BYTES = 8192;
|
|
10
|
+
const NONCE_RE = /^[0-9a-f]{16,64}$/;
|
|
11
|
+
const CI_DEPLOY_SPEC_ALLOWED_KEYS = new Set([
|
|
12
|
+
"project",
|
|
13
|
+
"database",
|
|
14
|
+
"functions",
|
|
15
|
+
"site",
|
|
16
|
+
"base",
|
|
17
|
+
]);
|
|
18
|
+
export class Ci {
|
|
19
|
+
client;
|
|
20
|
+
constructor(client) {
|
|
21
|
+
this.client = client;
|
|
22
|
+
}
|
|
23
|
+
async createBinding(input) {
|
|
24
|
+
if (input?.provider !== CI_GITHUB_ACTIONS_PROVIDER) {
|
|
25
|
+
throw new LocalError('ci.createBinding provider must be "github-actions" in v1', "creating CI binding");
|
|
26
|
+
}
|
|
27
|
+
if (!input.signed_delegation) {
|
|
28
|
+
throw new LocalError("ci.createBinding requires signed_delegation", "creating CI binding");
|
|
29
|
+
}
|
|
30
|
+
const values = normalizeCiDelegationValues(input);
|
|
31
|
+
return this.client.request("/ci/v1/bindings", {
|
|
32
|
+
method: "POST",
|
|
33
|
+
body: {
|
|
34
|
+
project_id: values.project_id,
|
|
35
|
+
provider: input.provider,
|
|
36
|
+
subject_match: values.subject_match,
|
|
37
|
+
allowed_actions: values.allowed_actions,
|
|
38
|
+
allowed_events: values.allowed_events,
|
|
39
|
+
github_repository_id: values.github_repository_id,
|
|
40
|
+
expires_at: values.expires_at,
|
|
41
|
+
nonce: values.nonce,
|
|
42
|
+
signed_delegation: input.signed_delegation,
|
|
43
|
+
},
|
|
44
|
+
context: "creating CI binding",
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
async listBindings(input) {
|
|
48
|
+
if (!input?.project) {
|
|
49
|
+
throw new LocalError("ci.listBindings requires { project }", "listing CI bindings");
|
|
50
|
+
}
|
|
51
|
+
const qs = new URLSearchParams({ project: input.project });
|
|
52
|
+
return this.client.request(`/ci/v1/bindings?${qs.toString()}`, { context: "listing CI bindings" });
|
|
53
|
+
}
|
|
54
|
+
async getBinding(bindingId) {
|
|
55
|
+
if (!bindingId) {
|
|
56
|
+
throw new LocalError("ci.getBinding requires a binding id", "getting CI binding");
|
|
57
|
+
}
|
|
58
|
+
return this.client.request(`/ci/v1/bindings/${encodeURIComponent(bindingId)}`, { context: "getting CI binding" });
|
|
59
|
+
}
|
|
60
|
+
async revokeBinding(bindingId) {
|
|
61
|
+
if (!bindingId) {
|
|
62
|
+
throw new LocalError("ci.revokeBinding requires a binding id", "revoking CI binding");
|
|
63
|
+
}
|
|
64
|
+
return this.client.request(`/ci/v1/bindings/${encodeURIComponent(bindingId)}/revoke`, { method: "POST", context: "revoking CI binding" });
|
|
65
|
+
}
|
|
66
|
+
async exchangeToken(input) {
|
|
67
|
+
if (!input?.project_id || !input.subject_token) {
|
|
68
|
+
throw new LocalError("ci.exchangeToken requires { project_id, subject_token }", "exchanging CI OIDC token");
|
|
69
|
+
}
|
|
70
|
+
const body = {
|
|
71
|
+
grant_type: TOKEN_EXCHANGE_GRANT_TYPE,
|
|
72
|
+
subject_token: input.subject_token,
|
|
73
|
+
subject_token_type: TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE,
|
|
74
|
+
project_id: input.project_id,
|
|
75
|
+
};
|
|
76
|
+
return this.client.request("/ci/v1/token-exchange", {
|
|
77
|
+
method: "POST",
|
|
78
|
+
body,
|
|
79
|
+
withAuth: false,
|
|
80
|
+
context: "exchanging CI OIDC token",
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
export function normalizeCiDelegationValues(values) {
|
|
85
|
+
if (!values || typeof values !== "object") {
|
|
86
|
+
throw new LocalError("CI delegation values must be an object", "validating CI delegation");
|
|
87
|
+
}
|
|
88
|
+
if (!values.project_id) {
|
|
89
|
+
throw new LocalError("CI delegation project_id is required", "validating CI delegation");
|
|
90
|
+
}
|
|
91
|
+
const subject_match = validateCiSubjectMatch(values.subject_match);
|
|
92
|
+
const nonce = validateCiNonce(values.nonce);
|
|
93
|
+
const allowed_actions = normalizeAllowedActions(values.allowed_actions);
|
|
94
|
+
const allowed_events = normalizeAllowedList(values.allowed_events, "allowed_events");
|
|
95
|
+
if (allowed_events.length === 0) {
|
|
96
|
+
throw new LocalError("CI delegation allowed_events must contain at least one event", "validating CI delegation");
|
|
97
|
+
}
|
|
98
|
+
return {
|
|
99
|
+
project_id: values.project_id,
|
|
100
|
+
issuer: values.issuer ?? CI_GITHUB_ACTIONS_ISSUER,
|
|
101
|
+
audience: values.audience ?? CI_AUDIENCE,
|
|
102
|
+
subject_match,
|
|
103
|
+
allowed_actions,
|
|
104
|
+
allowed_events,
|
|
105
|
+
expires_at: values.expires_at ?? null,
|
|
106
|
+
github_repository_id: values.github_repository_id ?? null,
|
|
107
|
+
nonce,
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
export function buildCiDelegationStatement(values) {
|
|
111
|
+
const v = normalizeCiDelegationValues(values);
|
|
112
|
+
const statement = [
|
|
113
|
+
`Authorize GitHub Actions workflows whose OIDC subject matches ${v.subject_match} to deploy to run402 project ${v.project_id}.`,
|
|
114
|
+
"",
|
|
115
|
+
"The workflows can:",
|
|
116
|
+
" - deploy function code that runs with this project's runtime authority, including the project's service-role key, the adminDb() bypass-RLS surface, and configured runtime secrets read via process.env;",
|
|
117
|
+
" - deploy database migrations, RLS/expose changes, and schema-altering SQL via spec.database.",
|
|
118
|
+
"",
|
|
119
|
+
"The workflows cannot directly call secrets, domain, subdomain, lifecycle, billing, contracts, or faucet endpoints. They cannot ship spec.secrets, spec.subdomains, spec.routes, spec.checks, or non-current spec.base.",
|
|
120
|
+
"",
|
|
121
|
+
`Audience: ${v.audience}`,
|
|
122
|
+
`Allowed events: ${v.allowed_events.join(",")}`,
|
|
123
|
+
`Repository ID: ${v.github_repository_id ?? "none-soft-bound"}`,
|
|
124
|
+
`Expires: ${v.expires_at ?? "never"}`,
|
|
125
|
+
`Nonce: ${v.nonce}`,
|
|
126
|
+
"",
|
|
127
|
+
"Revoke at any time via the run402 CLI or POST /ci/v1/bindings/:id/revoke. Revocation stops future CI gateway requests but does not undo already-deployed code, stop in-flight deploy operations, rotate exfiltrated keys, or remove deployed functions. Recovery from a compromise: revoke the binding, then SIWE-deploy a known-good release that overwrites the malicious code, and rotate any service-role key the deployed code may have read.",
|
|
128
|
+
].join("\n");
|
|
129
|
+
if (new TextEncoder().encode(statement).byteLength > MAX_STATEMENT_BYTES) {
|
|
130
|
+
throw new LocalError(`CI delegation Statement exceeds ${MAX_STATEMENT_BYTES} bytes`, "building CI delegation statement");
|
|
131
|
+
}
|
|
132
|
+
return statement;
|
|
133
|
+
}
|
|
134
|
+
export function buildCiDelegationResourceUri(values) {
|
|
135
|
+
const v = normalizeCiDelegationValues(values);
|
|
136
|
+
const parts = [
|
|
137
|
+
`project_id=${encodeRfc3986(v.project_id)}`,
|
|
138
|
+
`issuer=${encodeRfc3986(v.issuer)}`,
|
|
139
|
+
`audience=${encodeRfc3986(v.audience)}`,
|
|
140
|
+
`subject_match=${encodeRfc3986(v.subject_match)}`,
|
|
141
|
+
`allowed_actions=${v.allowed_actions.map(encodeRfc3986).join(",")}`,
|
|
142
|
+
`allowed_events=${v.allowed_events.map(encodeRfc3986).join(",")}`,
|
|
143
|
+
];
|
|
144
|
+
if (v.expires_at !== null)
|
|
145
|
+
parts.push(`expires_at=${encodeRfc3986(v.expires_at)}`);
|
|
146
|
+
if (v.github_repository_id !== null) {
|
|
147
|
+
parts.push(`github_repository_id=${encodeRfc3986(v.github_repository_id)}`);
|
|
148
|
+
}
|
|
149
|
+
parts.push(`nonce=${encodeRfc3986(v.nonce)}`);
|
|
150
|
+
const uri = `run402-ci-delegation:v1?${parts.join("&")}`;
|
|
151
|
+
if (new TextEncoder().encode(uri).byteLength > MAX_RESOURCE_URI_BYTES) {
|
|
152
|
+
throw new LocalError(`CI delegation Resource URI exceeds ${MAX_RESOURCE_URI_BYTES} bytes`, "building CI delegation resource URI");
|
|
153
|
+
}
|
|
154
|
+
return uri;
|
|
155
|
+
}
|
|
156
|
+
export function validateCiSubjectMatch(subject) {
|
|
157
|
+
if (typeof subject !== "string" || subject.length === 0) {
|
|
158
|
+
throw new LocalError("CI subject_match must be a non-empty string", "validating CI subject");
|
|
159
|
+
}
|
|
160
|
+
if (subject.length > MAX_SUBJECT_MATCH_CHARS) {
|
|
161
|
+
throw new LocalError(`CI subject_match must be ${MAX_SUBJECT_MATCH_CHARS} characters or fewer`, "validating CI subject");
|
|
162
|
+
}
|
|
163
|
+
if (/[\x00-\x1f\x7f]/.test(subject)) {
|
|
164
|
+
throw new LocalError("CI subject_match must not contain control characters", "validating CI subject");
|
|
165
|
+
}
|
|
166
|
+
const firstWildcard = subject.indexOf("*");
|
|
167
|
+
if (firstWildcard >= 0) {
|
|
168
|
+
if (subject === "*") {
|
|
169
|
+
throw new LocalError("CI subject_match cannot be a bare wildcard", "validating CI subject");
|
|
170
|
+
}
|
|
171
|
+
if (firstWildcard !== subject.length - 1) {
|
|
172
|
+
throw new LocalError("CI subject_match wildcard is only allowed as the final character", "validating CI subject");
|
|
173
|
+
}
|
|
174
|
+
if (subject.indexOf("*", firstWildcard + 1) >= 0) {
|
|
175
|
+
throw new LocalError("CI subject_match can contain at most one wildcard", "validating CI subject");
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
return subject;
|
|
179
|
+
}
|
|
180
|
+
export function validateCiNonce(nonce) {
|
|
181
|
+
if (typeof nonce !== "string" || !NONCE_RE.test(nonce)) {
|
|
182
|
+
throw new LocalError("CI delegation nonce must be lowercase hex between 16 and 64 characters", "validating CI nonce");
|
|
183
|
+
}
|
|
184
|
+
return nonce;
|
|
185
|
+
}
|
|
186
|
+
export function assertCiDeployableSpec(specOrPlanBody) {
|
|
187
|
+
const { spec, manifestRef } = unwrapSpecOrPlanBody(specOrPlanBody);
|
|
188
|
+
if (manifestRef !== undefined && manifestRef !== null) {
|
|
189
|
+
throwCiDeploySpecError("manifest_ref", "CI deploys must use inline specs under the gateway body cap; manifest_ref is not allowed.");
|
|
190
|
+
}
|
|
191
|
+
if (!spec || typeof spec !== "object" || Array.isArray(spec)) {
|
|
192
|
+
throwCiDeploySpecError("spec", "CI deploy requires a ReleaseSpec object.");
|
|
193
|
+
}
|
|
194
|
+
const obj = spec;
|
|
195
|
+
for (const key of Object.keys(obj)) {
|
|
196
|
+
if (!CI_DEPLOY_SPEC_ALLOWED_KEYS.has(key)) {
|
|
197
|
+
if (key === "secrets") {
|
|
198
|
+
throwCiDeploySpecError("secrets", "CI deploy manifests must omit spec.secrets. Set secrets locally or admin-side before CI runs; CI credentials do not have secret-write authority or secret-existence authority.");
|
|
199
|
+
}
|
|
200
|
+
throwCiDeploySpecError(key, `CI deploy cannot ship spec.${key}; only project, database, functions, site, and base:{release:"current"} are allowed.`);
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
if (Object.prototype.hasOwnProperty.call(obj, "base") && !isCurrentBase(obj.base)) {
|
|
204
|
+
throwCiDeploySpecError("base", 'CI deploy base must be absent or exactly { release: "current" }.');
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
function normalizeAllowedActions(values) {
|
|
208
|
+
const actions = normalizeAllowedList(values, "allowed_actions");
|
|
209
|
+
if (actions.length !== 1 || actions[0] !== "deploy") {
|
|
210
|
+
throw new LocalError('CI delegation allowed_actions must be exactly ["deploy"] in v1', "validating CI delegation");
|
|
211
|
+
}
|
|
212
|
+
return ["deploy"];
|
|
213
|
+
}
|
|
214
|
+
function normalizeAllowedList(values, field) {
|
|
215
|
+
if (!Array.isArray(values)) {
|
|
216
|
+
throw new LocalError(`CI delegation ${field} must be an array`, "validating CI delegation");
|
|
217
|
+
}
|
|
218
|
+
const cleaned = values.map((value) => {
|
|
219
|
+
if (typeof value !== "string" || value.length === 0) {
|
|
220
|
+
throw new LocalError(`CI delegation ${field} must contain only non-empty strings`, "validating CI delegation");
|
|
221
|
+
}
|
|
222
|
+
return value;
|
|
223
|
+
});
|
|
224
|
+
return Array.from(new Set(cleaned)).sort();
|
|
225
|
+
}
|
|
226
|
+
function encodeRfc3986(value) {
|
|
227
|
+
return encodeURIComponent(value).replace(/[!'()*]/g, (char) => `%${char.charCodeAt(0).toString(16).toUpperCase()}`);
|
|
228
|
+
}
|
|
229
|
+
function unwrapSpecOrPlanBody(value) {
|
|
230
|
+
if (value &&
|
|
231
|
+
typeof value === "object" &&
|
|
232
|
+
!Array.isArray(value) &&
|
|
233
|
+
"spec" in value &&
|
|
234
|
+
!("project" in value)) {
|
|
235
|
+
const body = value;
|
|
236
|
+
return { spec: body.spec, manifestRef: body.manifest_ref };
|
|
237
|
+
}
|
|
238
|
+
return { spec: value };
|
|
239
|
+
}
|
|
240
|
+
function isCurrentBase(value) {
|
|
241
|
+
if (!value || typeof value !== "object" || Array.isArray(value))
|
|
242
|
+
return false;
|
|
243
|
+
const obj = value;
|
|
244
|
+
const keys = Object.keys(obj);
|
|
245
|
+
return keys.length === 1 && obj.release === "current";
|
|
246
|
+
}
|
|
247
|
+
function throwCiDeploySpecError(resource, message) {
|
|
248
|
+
throw new Run402DeployError(message, {
|
|
249
|
+
code: "forbidden_spec_field",
|
|
250
|
+
phase: "validate",
|
|
251
|
+
resource,
|
|
252
|
+
retryable: false,
|
|
253
|
+
context: "validating CI deploy spec",
|
|
254
|
+
});
|
|
255
|
+
}
|
|
256
|
+
//# sourceMappingURL=ci.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ci.js","sourceRoot":"","sources":["../../src/namespaces/ci.ts"],"names":[],"mappings":"AAAA,qEAAqE;AAGrE,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAa7D,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,0BAA0B,GAI3B,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,qBAAqB,EACrB,4BAA4B,GAC7B,MAAM,eAAe,CAAC;AAEvB,MAAM,yBAAyB,GAC7B,iDAA0D,CAAC;AAC7D,MAAM,iCAAiC,GACrC,sCAA+C,CAAC;AAClD,MAAM,uBAAuB,GAAG,GAAG,CAAC;AACpC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,mBAAmB,GAAG,IAAI,CAAC;AACjC,MAAM,QAAQ,GAAG,mBAAmB,CAAC;AACrC,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC;IAC1C,SAAS;IACT,UAAU;IACV,WAAW;IACX,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,OAAO,EAAE;IACgB;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,KAAK,CAAC,aAAa,CAAC,KAA2B;QAC7C,IAAI,KAAK,EAAE,QAAQ,KAAK,0BAA0B,EAAE,CAAC;YACnD,MAAM,IAAI,UAAU,CAClB,0DAA0D,EAC1D,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC7B,MAAM,IAAI,UAAU,CAClB,6CAA6C,EAC7C,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAe,iBAAiB,EAAE;YAC1D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,eAAe,EAAE,MAAM,CAAC,eAAe;gBACvC,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;gBACjD,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;aAC3C;YACD,OAAO,EAAE,qBAAqB;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAA0B;QAC3C,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,UAAU,CAClB,sCAAsC,EACtC,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,MAAM,EAAE,GAAG,IAAI,eAAe,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,mBAAmB,EAAE,CAAC,QAAQ,EAAE,EAAE,EAClC,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACnC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,UAAU,CAAC,qCAAqC,EAAE,oBAAoB,CAAC,CAAC;QACpF,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,mBAAmB,kBAAkB,CAAC,SAAS,CAAC,EAAE,EAClD,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB;QACnC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,UAAU,CAAC,wCAAwC,EAAE,qBAAqB,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,mBAAmB,kBAAkB,CAAC,SAAS,CAAC,SAAS,EACzD,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACnD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAA2B;QAC7C,IAAI,CAAC,KAAK,EAAE,UAAU,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YAC/C,MAAM,IAAI,UAAU,CAClB,yDAAyD,EACzD,0BAA0B,CAC3B,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAA+B;YACvC,UAAU,EAAE,yBAAyB;YACrC,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,kBAAkB,EAAE,iCAAiC;YACrD,UAAU,EAAE,KAAK,CAAC,UAAU;SAC7B,CAAC;QACF,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAA0B,uBAAuB,EAAE;YAC3E,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,0BAA0B;SACpC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,UAAU,2BAA2B,CACzC,MAA0B;IAE1B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,UAAU,CAAC,wCAAwC,EAAE,0BAA0B,CAAC,CAAC;IAC7F,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,IAAI,UAAU,CAAC,sCAAsC,EAAE,0BAA0B,CAAC,CAAC;IAC3F,CAAC;IACD,MAAM,aAAa,GAAG,sBAAsB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,uBAAuB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACxE,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IACrF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,UAAU,CAClB,8DAA8D,EAC9D,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IACD,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,wBAAwB;QACjD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,WAAW;QACxC,aAAa;QACb,eAAe;QACf,cAAc;QACd,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI;QACrC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,IAAI;QACzD,KAAK;KACN,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,MAA0B;IACnE,MAAM,CAAC,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG;QAChB,iEAAiE,CAAC,CAAC,aAAa,gCAAgC,CAAC,CAAC,UAAU,GAAG;QAC/H,EAAE;QACF,oBAAoB;QACpB,4MAA4M;QAC5M,gGAAgG;QAChG,EAAE;QACF,wNAAwN;QACxN,EAAE;QACF,aAAa,CAAC,CAAC,QAAQ,EAAE;QACzB,mBAAmB,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAC/C,kBAAkB,CAAC,CAAC,oBAAoB,IAAI,iBAAiB,EAAE;QAC/D,YAAY,CAAC,CAAC,UAAU,IAAI,OAAO,EAAE;QACrC,UAAU,CAAC,CAAC,KAAK,EAAE;QACnB,EAAE;QACF,obAAob;KACrb,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,IAAI,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,UAAU,GAAG,mBAAmB,EAAE,CAAC;QACzE,MAAM,IAAI,UAAU,CAClB,mCAAmC,mBAAmB,QAAQ,EAC9D,kCAAkC,CACnC,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAA0B;IACrE,MAAM,CAAC,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG;QACZ,cAAc,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE;QAC3C,UAAU,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE;QACnC,YAAY,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;QACvC,iBAAiB,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,EAAE;QACjD,mBAAmB,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QACnE,kBAAkB,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;KAClE,CAAC;IACF,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACnF,IAAI,CAAC,CAAC,oBAAoB,KAAK,IAAI,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,wBAAwB,aAAa,CAAC,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,2BAA2B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACzD,IAAI,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,UAAU,GAAG,sBAAsB,EAAE,CAAC;QACtE,MAAM,IAAI,UAAU,CAClB,sCAAsC,sBAAsB,QAAQ,EACpE,qCAAqC,CACtC,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,UAAU,CAAC,6CAA6C,EAAE,uBAAuB,CAAC,CAAC;IAC/F,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,uBAAuB,EAAE,CAAC;QAC7C,MAAM,IAAI,UAAU,CAClB,4BAA4B,uBAAuB,sBAAsB,EACzE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,UAAU,CAAC,sDAAsD,EAAE,uBAAuB,CAAC,CAAC;IACxG,CAAC;IACD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QACvB,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,MAAM,IAAI,UAAU,CAAC,4CAA4C,EAAE,uBAAuB,CAAC,CAAC;QAC9F,CAAC;QACD,IAAI,aAAa,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,UAAU,CAClB,kEAAkE,EAClE,uBAAuB,CACxB,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,UAAU,CAAC,mDAAmD,EAAE,uBAAuB,CAAC,CAAC;QACrG,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,UAAU,CAClB,wEAAwE,EACxE,qBAAqB,CACtB,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,cAAmD;IACxF,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;IACnE,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACtD,sBAAsB,CACpB,cAAc,EACd,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,sBAAsB,CAAC,MAAM,EAAE,0CAA0C,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,GAAG,GAAG,IAA+B,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,sBAAsB,CACpB,SAAS,EACT,gLAAgL,CACjL,CAAC;YACJ,CAAC;YACD,sBAAsB,CACpB,GAAG,EACH,8BAA8B,GAAG,sFAAsF,CACxH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAClF,sBAAsB,CACpB,MAAM,EACN,kEAAkE,CACnE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAqC;IACpE,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAChE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,IAAI,UAAU,CAClB,gEAAgE,EAChE,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,QAAQ,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAqC,EAAE,KAAa;IAChF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,UAAU,CAAC,iBAAiB,KAAK,mBAAmB,EAAE,0BAA0B,CAAC,CAAC;IAC9F,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,UAAU,CAClB,iBAAiB,KAAK,sCAAsC,EAC5D,0BAA0B,CAC3B,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE,CAC5D,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CACpD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAA0C;IAE1C,IACE,KAAK;QACL,OAAO,KAAK,KAAK,QAAQ;QACzB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACrB,MAAM,IAAI,KAAK;QACf,CAAC,CAAC,SAAS,IAAI,KAAK,CAAC,EACrB,CAAC;QACD,MAAM,IAAI,GAAG,KAAmD,CAAC;QACjE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7D,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9E,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9B,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC;AACxD,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAgB,EAAE,OAAe;IAC/D,MAAM,IAAI,iBAAiB,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,UAAU;QACjB,QAAQ;QACR,SAAS,EAAE,KAAK;QAChB,OAAO,EAAE,2BAA2B;KACrC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
/** Types and constants for GitHub Actions OIDC federation (`/ci/v1/*`). */
|
|
2
|
+
export declare const CI_GITHUB_ACTIONS_PROVIDER: "github-actions";
|
|
3
|
+
export declare const CI_GITHUB_ACTIONS_ISSUER: "https://token.actions.githubusercontent.com";
|
|
4
|
+
export declare const CI_AUDIENCE: "https://api.run402.com";
|
|
5
|
+
export declare const DEFAULT_CI_DELEGATION_CHAIN_ID: "eip155:84532";
|
|
6
|
+
export declare const V1_CI_ALLOWED_ACTIONS: readonly ["deploy"];
|
|
7
|
+
export declare const V1_CI_ALLOWED_EVENTS_DEFAULT: readonly ["push", "workflow_dispatch"];
|
|
8
|
+
export type CiProvider = typeof CI_GITHUB_ACTIONS_PROVIDER;
|
|
9
|
+
export type CiAllowedAction = (typeof V1_CI_ALLOWED_ACTIONS)[number];
|
|
10
|
+
export type CiAllowedEvent = (typeof V1_CI_ALLOWED_EVENTS_DEFAULT)[number] | (string & {});
|
|
11
|
+
export type CiBindingErrorCode = "nonce_replay" | "delegation_statement_mismatch" | "delegation_resource_uri_mismatch" | "signer_mismatch" | "delegation_oversized" | "delegation_parse_failed" | "delegation_signature_invalid" | "delegation_nonce_invalid" | "duplicate";
|
|
12
|
+
export type CiTokenExchangeErrorCode = "invalid_request" | "invalid_token" | "access_denied" | "event_not_allowed" | "repository_id_mismatch" | "ambiguous_binding";
|
|
13
|
+
export type CiDeployErrorCode = "payment_required" | "insufficient_scope" | "forbidden_spec_field" | "forbidden_plan";
|
|
14
|
+
export type CiErrorCode = CiBindingErrorCode | CiTokenExchangeErrorCode | CiDeployErrorCode | (string & {});
|
|
15
|
+
export interface ParsedDelegation {
|
|
16
|
+
payload: Record<string, unknown>;
|
|
17
|
+
raw: string;
|
|
18
|
+
signer: string;
|
|
19
|
+
verified_at: string;
|
|
20
|
+
}
|
|
21
|
+
export interface CiBindingRow {
|
|
22
|
+
id: string;
|
|
23
|
+
project_id: string;
|
|
24
|
+
issuer: string;
|
|
25
|
+
subject_match: string;
|
|
26
|
+
allowed_actions: string[];
|
|
27
|
+
allowed_events: string[];
|
|
28
|
+
github_repository_id: string | null;
|
|
29
|
+
created_by: string;
|
|
30
|
+
nonce: string;
|
|
31
|
+
created_sig?: ParsedDelegation | null;
|
|
32
|
+
created_at: string;
|
|
33
|
+
expires_at: string | null;
|
|
34
|
+
revoked_at: string | null;
|
|
35
|
+
last_used_at: string | null;
|
|
36
|
+
use_count: number;
|
|
37
|
+
}
|
|
38
|
+
export interface CiCreateBindingInput {
|
|
39
|
+
project_id: string;
|
|
40
|
+
provider: CiProvider;
|
|
41
|
+
subject_match: string;
|
|
42
|
+
allowed_actions: readonly CiAllowedAction[];
|
|
43
|
+
allowed_events: readonly CiAllowedEvent[];
|
|
44
|
+
github_repository_id?: string | null;
|
|
45
|
+
expires_at?: string | null;
|
|
46
|
+
nonce: string;
|
|
47
|
+
signed_delegation: string;
|
|
48
|
+
}
|
|
49
|
+
export interface CiListBindingsInput {
|
|
50
|
+
project: string;
|
|
51
|
+
}
|
|
52
|
+
export interface CiListBindingsResult {
|
|
53
|
+
bindings: CiBindingRow[];
|
|
54
|
+
}
|
|
55
|
+
export interface CiTokenExchangeInput {
|
|
56
|
+
project_id: string;
|
|
57
|
+
subject_token: string;
|
|
58
|
+
}
|
|
59
|
+
export interface CiTokenExchangeRequestBody extends CiTokenExchangeInput {
|
|
60
|
+
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange";
|
|
61
|
+
subject_token_type: "urn:ietf:params:oauth:token-type:jwt";
|
|
62
|
+
}
|
|
63
|
+
export interface CiTokenExchangeResponse {
|
|
64
|
+
access_token: string;
|
|
65
|
+
token_type: "Bearer" | (string & {});
|
|
66
|
+
expires_in: number;
|
|
67
|
+
scope: string;
|
|
68
|
+
}
|
|
69
|
+
export interface CiDelegationValues {
|
|
70
|
+
project_id: string;
|
|
71
|
+
issuer?: string;
|
|
72
|
+
audience?: string;
|
|
73
|
+
subject_match: string;
|
|
74
|
+
allowed_actions: readonly string[];
|
|
75
|
+
allowed_events: readonly string[];
|
|
76
|
+
expires_at?: string | null;
|
|
77
|
+
github_repository_id?: string | null;
|
|
78
|
+
nonce: string;
|
|
79
|
+
}
|
|
80
|
+
export interface NormalizedCiDelegationValues {
|
|
81
|
+
project_id: string;
|
|
82
|
+
issuer: string;
|
|
83
|
+
audience: string;
|
|
84
|
+
subject_match: string;
|
|
85
|
+
allowed_actions: CiAllowedAction[];
|
|
86
|
+
allowed_events: string[];
|
|
87
|
+
expires_at: string | null;
|
|
88
|
+
github_repository_id: string | null;
|
|
89
|
+
nonce: string;
|
|
90
|
+
}
|
|
91
|
+
//# sourceMappingURL=ci.types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ci.types.d.ts","sourceRoot":"","sources":["../../src/namespaces/ci.types.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAE3E,eAAO,MAAM,0BAA0B,EAAG,gBAAyB,CAAC;AACpE,eAAO,MAAM,wBAAwB,EAAG,6CAAsD,CAAC;AAC/F,eAAO,MAAM,WAAW,EAAG,wBAAiC,CAAC;AAC7D,eAAO,MAAM,8BAA8B,EAAG,cAAuB,CAAC;AAEtE,eAAO,MAAM,qBAAqB,qBAAsB,CAAC;AACzD,eAAO,MAAM,4BAA4B,wCAAyC,CAAC;AAEnF,MAAM,MAAM,UAAU,GAAG,OAAO,0BAA0B,CAAC;AAC3D,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,qBAAqB,CAAC,CAAC,MAAM,CAAC,CAAC;AACrE,MAAM,MAAM,cAAc,GACtB,CAAC,OAAO,4BAA4B,CAAC,CAAC,MAAM,CAAC,GAC7C,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,kBAAkB,GAC1B,cAAc,GACd,+BAA+B,GAC/B,kCAAkC,GAClC,iBAAiB,GACjB,sBAAsB,GACtB,yBAAyB,GACzB,8BAA8B,GAC9B,0BAA0B,GAC1B,WAAW,CAAC;AAEhB,MAAM,MAAM,wBAAwB,GAChC,iBAAiB,GACjB,eAAe,GACf,eAAe,GACf,mBAAmB,GACnB,wBAAwB,GACxB,mBAAmB,CAAC;AAExB,MAAM,MAAM,iBAAiB,GACzB,kBAAkB,GAClB,oBAAoB,GACpB,sBAAsB,GACtB,gBAAgB,CAAC;AAErB,MAAM,MAAM,WAAW,GACnB,kBAAkB,GAClB,wBAAwB,GACxB,iBAAiB,GACjB,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,SAAS,eAAe,EAAE,CAAC;IAC5C,cAAc,EAAE,SAAS,cAAc,EAAE,CAAC;IAC1C,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,0BAA2B,SAAQ,oBAAoB;IACtE,UAAU,EAAE,iDAAiD,CAAC;IAC9D,kBAAkB,EAAE,sCAAsC,CAAC;CAC5D;AAED,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,QAAQ,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,eAAe,EAAE,CAAC;IACnC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,KAAK,EAAE,MAAM,CAAC;CACf"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
/** Types and constants for GitHub Actions OIDC federation (`/ci/v1/*`). */
|
|
2
|
+
export const CI_GITHUB_ACTIONS_PROVIDER = "github-actions";
|
|
3
|
+
export const CI_GITHUB_ACTIONS_ISSUER = "https://token.actions.githubusercontent.com";
|
|
4
|
+
export const CI_AUDIENCE = "https://api.run402.com";
|
|
5
|
+
export const DEFAULT_CI_DELEGATION_CHAIN_ID = "eip155:84532";
|
|
6
|
+
export const V1_CI_ALLOWED_ACTIONS = ["deploy"];
|
|
7
|
+
export const V1_CI_ALLOWED_EVENTS_DEFAULT = ["push", "workflow_dispatch"];
|
|
8
|
+
//# sourceMappingURL=ci.types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ci.types.js","sourceRoot":"","sources":["../../src/namespaces/ci.types.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAE3E,MAAM,CAAC,MAAM,0BAA0B,GAAG,gBAAyB,CAAC;AACpE,MAAM,CAAC,MAAM,wBAAwB,GAAG,6CAAsD,CAAC;AAC/F,MAAM,CAAC,MAAM,WAAW,GAAG,wBAAiC,CAAC;AAC7D,MAAM,CAAC,MAAM,8BAA8B,GAAG,cAAuB,CAAC;AAEtE,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,QAAQ,CAAU,CAAC;AACzD,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAU,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/namespaces/deploy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/namespaces/deploy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAa3C,OAAO,KAAK,EACV,YAAY,EAKZ,WAAW,EACX,oBAAoB,EACpB,kBAAkB,EAClB,eAAe,EACf,YAAY,EAWZ,iBAAiB,EAGjB,YAAY,EACZ,WAAW,EACX,YAAY,EACb,MAAM,mBAAmB,CAAC;AAyB3B,qBAAa,MAAM;IACL,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C;;;;OAIG;IACG,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,YAAY,CAAC;IA8B9E;;;OAGG;IACH,KAAK,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAI3E;;;;OAIG;IACG,IAAI,CACR,IAAI,EAAE,WAAW,EACjB,IAAI,GAAE;QAAE,cAAc,CAAC,EAAE,MAAM,CAAA;KAAO,GACrC,OAAO,CAAC;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;KAAE,CAAC;IAIxE;;;;;OAKG;IACG,MAAM,CACV,IAAI,EAAE,YAAY,EAClB,IAAI,EAAE;QACJ,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACrC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;KACxC,GACA,OAAO,CAAC,IAAI,CAAC;IAWhB;;;;;OAKG;IACG,MAAM,CACV,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;QACJ,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;QACvC,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,OAAO,CAAC,EAAE,MAAM,CAAC;KACb,GACL,OAAO,CAAC,YAAY,CAAC;IAMxB;;;;;;;;;OASG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE;QAAE,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACtE,OAAO,CAAC,YAAY,CAAC;IAqBxB;;;;OAIG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GAC9B,OAAO,CAAC,iBAAiB,CAAC;IAQ7B;;;;;;OAMG;IACG,IAAI,CACR,IAAI,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GACjD,OAAO,CAAC,kBAAkB,CAAC;IAsB9B;;;;;;;;OAQG;IACG,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,GACxB,OAAO,CAAC,oBAAoB,CAAC;IAmBhC;;;OAGG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAMrD;;OAEG;IACG,IAAI,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;CAMjE;AA2nBD;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}
|