suthep 0.1.0-beta.1

package/src/commands/setup.ts

@@ -0,0 +1,112 @@
+import chalk from 'chalk';
+import { execa } from 'execa';
+
+interface SetupOptions {
+  nginxOnly?: boolean;
+  certbotOnly?: boolean;
+}
+
+export async function setupCommand(options: SetupOptions): Promise<void> {
+  console.log(chalk.blue.bold('\n🔧 Setting up prerequisites\n'));
+
+  const setupNginx = !options.certbotOnly;
+  const setupCertbot = !options.nginxOnly;
+
+  try {
+    // Setup Nginx
+    if (setupNginx) {
+      console.log(chalk.cyan('📦 Installing Nginx...'));
+
+      // Check if Nginx is already installed
+      try {
+        await execa('nginx', ['-v']);
+        console.log(chalk.green('✅ Nginx is already installed'));
+      } catch {
+        // Install Nginx based on OS
+        const platform = process.platform;
+
+        if (platform === 'linux') {
+          // Detect Linux distribution
+          try {
+            await execa('apt-get', ['--version']);
+            console.log(chalk.dim('Using apt-get...'));
+            await execa('sudo', ['apt-get', 'update'], { stdio: 'inherit' });
+            await execa('sudo', ['apt-get', 'install', '-y', 'nginx'], { stdio: 'inherit' });
+          } catch {
+            try {
+              await execa('yum', ['--version']);
+              console.log(chalk.dim('Using yum...'));
+              await execa('sudo', ['yum', 'install', '-y', 'nginx'], { stdio: 'inherit' });
+            } catch {
+              throw new Error('Unsupported Linux distribution. Please install Nginx manually.');
+            }
+          }
+        } else if (platform === 'darwin') {
+          console.log(chalk.dim('Using Homebrew...'));
+          await execa('brew', ['install', 'nginx'], { stdio: 'inherit' });
+        } else {
+          throw new Error(`Unsupported platform: ${platform}. Please install Nginx manually.`);
+        }
+
+        console.log(chalk.green('✅ Nginx installed successfully'));
+      }
+
+      // Start Nginx service
+      console.log(chalk.cyan('🚀 Starting Nginx service...'));
+      try {
+        await execa('sudo', ['systemctl', 'start', 'nginx']);
+        await execa('sudo', ['systemctl', 'enable', 'nginx']);
+        console.log(chalk.green('✅ Nginx service started'));
+      } catch (error) {
+        console.log(chalk.yellow('⚠️  Could not start Nginx via systemctl (might not be available)'));
+      }
+    }
+
+    // Setup Certbot
+    if (setupCertbot) {
+      console.log(chalk.cyan('\n🔐 Installing Certbot...'));
+
+      // Check if Certbot is already installed
+      try {
+        await execa('certbot', ['--version']);
+        console.log(chalk.green('✅ Certbot is already installed'));
+      } catch {
+        const platform = process.platform;
+
+        if (platform === 'linux') {
+          // Install Certbot based on package manager
+          try {
+            await execa('apt-get', ['--version']);
+            console.log(chalk.dim('Using apt-get...'));
+            await execa('sudo', ['apt-get', 'update'], { stdio: 'inherit' });
+            await execa('sudo', ['apt-get', 'install', '-y', 'certbot', 'python3-certbot-nginx'], { stdio: 'inherit' });
+          } catch {
+            try {
+              await execa('yum', ['--version']);
+              console.log(chalk.dim('Using yum...'));
+              await execa('sudo', ['yum', 'install', '-y', 'certbot', 'python3-certbot-nginx'], { stdio: 'inherit' });
+            } catch {
+              throw new Error('Unsupported Linux distribution. Please install Certbot manually.');
+            }
+          }
+        } else if (platform === 'darwin') {
+          console.log(chalk.dim('Using Homebrew...'));
+          await execa('brew', ['install', 'certbot'], { stdio: 'inherit' });
+        } else {
+          throw new Error(`Unsupported platform: ${platform}. Please install Certbot manually.`);
+        }
+
+        console.log(chalk.green('✅ Certbot installed successfully'));
+      }
+    }
+
+    console.log(chalk.green.bold('\n✨ Setup completed successfully!\n'));
+    console.log(chalk.dim('Next steps:'));
+    console.log(chalk.dim('  1. Create a configuration file: suthep init'));
+    console.log(chalk.dim('  2. Deploy your services: suthep deploy\n'));
+
+  } catch (error) {
+    console.error(chalk.red('\n❌ Setup failed:'), error instanceof Error ? error.message : error);
+    process.exit(1);
+  }
+}

package/src/index.ts

@@ -0,0 +1,42 @@
+import { Command } from 'commander'
+import { readFileSync } from 'fs'
+import { dirname, join } from 'path'
+import { fileURLToPath } from 'url'
+import { deployCommand } from './commands/deploy'
+import { initCommand } from './commands/init'
+import { setupCommand } from './commands/setup'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = dirname(__filename)
+const packageJsonPath = join(__dirname, '..', 'package.json')
+const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'))
+
+const program = new Command()
+
+program
+  .name('suthep')
+  .description('CLI tool for deploying projects with automatic Nginx reverse proxy and HTTPS setup')
+  .version(packageJson.version)
+
+program
+  .command('init')
+  .description('Initialize a new deployment configuration file')
+  .option('-f, --file <path>', 'Configuration file path', 'suthep.yml')
+  .action(initCommand)
+
+program
+  .command('setup')
+  .description('Setup Nginx and Certbot on the system')
+  .option('--nginx-only', 'Only setup Nginx')
+  .option('--certbot-only', 'Only setup Certbot')
+  .action(setupCommand)
+
+program
+  .command('deploy')
+  .description('Deploy a project using the configuration file')
+  .option('-f, --file <path>', 'Configuration file path', 'suthep.yml')
+  .option('--no-https', 'Skip HTTPS setup')
+  .option('--no-nginx', 'Skip Nginx configuration')
+  .action(deployCommand)
+
+program.parse()

package/src/types/config.ts

@@ -0,0 +1,52 @@
+/**
+ * Configuration type definitions for the Suthep deployment tool
+ */
+
+export interface ProjectConfig {
+  name: string
+  version: string
+}
+
+export interface HealthCheckConfig {
+  path: string
+  interval: number
+}
+
+export interface DockerConfig {
+  image?: string
+  container: string
+  port: number
+}
+
+export interface ServiceConfig {
+  name: string
+  port: number
+  domains: string[]
+  path?: string // Path prefix for this service (e.g., '/api', '/'). Defaults to '/'
+  docker?: DockerConfig
+  healthCheck?: HealthCheckConfig
+  environment?: Record<string, string>
+}
+
+export interface NginxConfig {
+  configPath: string
+  reloadCommand: string
+}
+
+export interface CertbotConfig {
+  email: string
+  staging: boolean
+}
+
+export interface DeploymentConfig {
+  strategy: 'rolling' | 'blue-green'
+  healthCheckTimeout: number
+}
+
+export interface DeployConfig {
+  project: ProjectConfig
+  services: ServiceConfig[]
+  nginx: NginxConfig
+  certbot: CertbotConfig
+  deployment: DeploymentConfig
+}

package/src/utils/certbot.ts

@@ -0,0 +1,144 @@
+import { execa } from 'execa'
+
+/**
+ * Request an SSL certificate from Let's Encrypt using Certbot
+ */
+export async function requestCertificate(
+  domain: string,
+  email: string,
+  staging: boolean = false
+): Promise<void> {
+  // Check if certificate already exists before requesting
+  const exists = await certificateExists(domain)
+  if (exists) {
+    throw new Error(
+      `Certificate for ${domain} already exists. Use certificateExists() to check before calling this function.`
+    )
+  }
+
+  const args = [
+    'certonly',
+    '--nginx',
+    '-d',
+    domain,
+    '--non-interactive',
+    '--agree-tos',
+    '--email',
+    email,
+  ]
+
+  if (staging) {
+    args.push('--staging')
+  }
+
+  try {
+    await execa('sudo', ['certbot', ...args])
+  } catch (error: any) {
+    const errorMessage = error?.stderr || error?.message || String(error) || 'Unknown error'
+    const errorLower = errorMessage.toLowerCase()
+
+    // Check if error is due to certificate already existing
+    if (
+      errorLower.includes('certificate already exists') ||
+      errorLower.includes('already have a certificate') ||
+      errorLower.includes('duplicate certificate')
+    ) {
+      throw new Error(`Certificate for ${domain} already exists. Skipping certificate creation.`)
+    }
+
+    throw new Error(`Failed to obtain SSL certificate for ${domain}: ${errorMessage}`)
+  }
+}
+
+/**
+ * Renew all SSL certificates
+ */
+export async function renewCertificates(): Promise<void> {
+  try {
+    await execa('sudo', ['certbot', 'renew', '--quiet'])
+  } catch (error) {
+    throw new Error(
+      `Failed to renew SSL certificates: ${error instanceof Error ? error.message : error}`
+    )
+  }
+}
+
+/**
+ * Check if a certificate exists for a domain
+ */
+export async function certificateExists(domain: string): Promise<boolean> {
+  try {
+    // First, check if certificate files exist using test command (most reliable)
+    try {
+      await execa('sudo', ['test', '-f', `/etc/letsencrypt/live/${domain}/fullchain.pem`])
+      await execa('sudo', ['test', '-f', `/etc/letsencrypt/live/${domain}/privkey.pem`])
+      // Both files exist
+      return true
+    } catch {
+      // Files don't exist, continue to certbot check
+    }
+
+    // Fallback: Check using certbot certificates command
+    try {
+      const { stdout } = await execa('sudo', ['certbot', 'certificates'])
+
+      // Check if the domain appears in the certificates list
+      const lines = stdout.split('\n')
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i]
+        // Check if this line contains "Domains:" and includes our domain
+        if (line.includes('Domains:') && line.includes(domain)) {
+          return true
+        }
+        // Also check for the domain in certificate paths
+        if (
+          line.includes(domain) &&
+          (line.includes('/live/') || line.includes('Certificate Name:'))
+        ) {
+          return true
+        }
+      }
+    } catch {
+      // If certbot command fails, assume no certificate exists
+    }
+
+    return false
+  } catch (error) {
+    // If all checks fail, assume no certificate exists
+    return false
+  }
+}
+
+/**
+ * Check certificate expiration for a domain
+ */
+export async function checkCertificateExpiration(domain: string): Promise<Date | null> {
+  try {
+    const { stdout } = await execa('sudo', ['certbot', 'certificates', '-d', domain])
+
+    // Parse expiration date from output
+    const expiryMatch = stdout.match(/Expiry Date: ([^\n]+)/)
+    if (expiryMatch) {
+      return new Date(expiryMatch[1])
+    }
+
+    return null
+  } catch (error) {
+    return null
+  }
+}
+
+/**
+ * Revoke a certificate for a domain
+ */
+export async function revokeCertificate(domain: string): Promise<void> {
+  try {
+    await execa('sudo', ['certbot', 'revoke', '-d', domain, '--non-interactive'])
+  } catch (error) {
+    throw new Error(
+      `Failed to revoke certificate for ${domain}: ${
+        error instanceof Error ? error.message : error
+      }`
+    )
+  }
+}

package/src/utils/config-loader.ts

@@ -0,0 +1,121 @@
+import fs from 'fs-extra'
+import yaml from 'js-yaml'
+import type { DeployConfig } from '../types/config'
+
+/**
+ * Load and parse a YAML configuration file
+ */
+export async function loadConfig(filePath: string): Promise<DeployConfig> {
+  try {
+    const fileContent = await fs.readFile(filePath, 'utf8')
+    const config = yaml.load(fileContent) as DeployConfig
+
+    validateConfig(config)
+
+    return config
+  } catch (error) {
+    if (error instanceof Error) {
+      throw new Error(`Failed to load configuration from ${filePath}: ${error.message}`)
+    }
+    throw error
+  }
+}
+
+/**
+ * Validate the configuration object
+ */
+function validateConfig(config: any): asserts config is DeployConfig {
+  if (!config.project || !config.project.name) {
+    throw new Error('Configuration must include project.name')
+  }
+
+  if (!config.services || !Array.isArray(config.services) || config.services.length === 0) {
+    throw new Error('Configuration must include at least one service')
+  }
+
+  // Track ports and container names to detect conflicts
+  const usedPorts = new Map<number, string[]>()
+  const usedContainers = new Map<string, string>()
+
+  for (const service of config.services) {
+    if (!service.name) {
+      throw new Error('Each service must have a name')
+    }
+    if (!service.port) {
+      throw new Error(`Service ${service.name} must have a port`)
+    }
+    if (!service.domains || !Array.isArray(service.domains) || service.domains.length === 0) {
+      throw new Error(`Service ${service.name} must have at least one domain`)
+    }
+
+    // Check for port conflicts
+    if (usedPorts.has(service.port)) {
+      const conflictingServices = usedPorts.get(service.port)!
+      throw new Error(
+        `Port conflict: Service "${service.name}" uses port ${
+          service.port
+        } which is already used by: ${conflictingServices.join(
+          ', '
+        )}. Each service must use a unique port.`
+      )
+    }
+    usedPorts.set(service.port, [service.name])
+
+    // Check for Docker container name conflicts
+    if (service.docker) {
+      const containerName = service.docker.container
+      if (usedContainers.has(containerName)) {
+        const conflictingService = usedContainers.get(containerName)!
+        throw new Error(
+          `Docker container name conflict: Service "${service.name}" uses container name "${containerName}" which is already used by service "${conflictingService}". Each Docker container must have a unique name.`
+        )
+      }
+      usedContainers.set(containerName, service.name)
+    }
+  }
+
+  // Check for duplicate service names
+  const serviceNames = new Set<string>()
+  for (const service of config.services) {
+    if (serviceNames.has(service.name)) {
+      throw new Error(
+        `Duplicate service name: "${service.name}" is used multiple times. Each service must have a unique name.`
+      )
+    }
+    serviceNames.add(service.name)
+  }
+
+  if (!config.nginx) {
+    config.nginx = {
+      configPath: '/etc/nginx/sites-available',
+      reloadCommand: 'sudo nginx -t && sudo systemctl reload nginx',
+    }
+  }
+
+  if (!config.certbot) {
+    config.certbot = {
+      email: '',
+      staging: false,
+    }
+  }
+
+  if (!config.deployment) {
+    config.deployment = {
+      strategy: 'rolling',
+      healthCheckTimeout: 30000,
+    }
+  }
+}
+
+/**
+ * Save configuration to a YAML file
+ */
+export async function saveConfig(filePath: string, config: DeployConfig): Promise<void> {
+  const yamlContent = yaml.dump(config, {
+    indent: 2,
+    lineWidth: 120,
+    noRefs: true,
+  })
+
+  await fs.writeFile(filePath, yamlContent, 'utf8')
+}

package/src/utils/deployment.ts

@@ -0,0 +1,157 @@
+import type { DeploymentConfig, ServiceConfig } from '../types/config'
+import type { ZeroDowntimeContainerInfo } from './docker'
+
+/**
+ * Perform a health check on a service endpoint
+ */
+export async function performHealthCheck(url: string, timeout: number = 30000): Promise<boolean> {
+  const startTime = Date.now()
+  const interval = 2000 // Check every 2 seconds
+
+  while (Date.now() - startTime < timeout) {
+    try {
+      const response = await fetch(url, {
+        method: 'GET',
+        signal: AbortSignal.timeout(5000), // 5 second timeout per request
+      })
+
+      if (response.ok) {
+        return true
+      }
+    } catch (error) {
+      // Endpoint not ready yet, continue waiting
+    }
+
+    // Wait before next check
+    await new Promise((resolve) => setTimeout(resolve, interval))
+  }
+
+  return false
+}
+
+/**
+ * Deploy a service with zero-downtime strategy
+ */
+export async function deployService(
+  service: ServiceConfig,
+  deploymentConfig: DeploymentConfig,
+  tempInfo: ZeroDowntimeContainerInfo | null = null
+): Promise<void> {
+  if (deploymentConfig.strategy === 'rolling') {
+    await rollingDeploy(service, deploymentConfig, tempInfo)
+  } else if (deploymentConfig.strategy === 'blue-green') {
+    await blueGreenDeploy(service, deploymentConfig, tempInfo)
+  } else {
+    throw new Error(`Unknown deployment strategy: ${deploymentConfig.strategy}`)
+  }
+}
+
+/**
+ * Rolling deployment strategy
+ * For single instance, uses zero-downtime approach similar to blue-green
+ */
+async function rollingDeploy(
+  service: ServiceConfig,
+  deploymentConfig: DeploymentConfig,
+  tempInfo: ZeroDowntimeContainerInfo | null
+): Promise<void> {
+  // For rolling deployment with single instance:
+  // Similar to blue-green - use temporary container and port
+
+  if (!tempInfo || !tempInfo.oldContainerExists) {
+    // No existing container, just check health on the new container
+    if (service.healthCheck) {
+      const healthUrl = `http://localhost:${service.port}${service.healthCheck.path}`
+      const isHealthy = await performHealthCheck(healthUrl, deploymentConfig.healthCheckTimeout)
+
+      if (!isHealthy) {
+        throw new Error(`Service ${service.name} failed health check during rolling deployment`)
+      }
+    }
+  } else {
+    // Check health on temporary port
+    if (service.healthCheck) {
+      const healthUrl = `http://localhost:${tempInfo.tempPort}${service.healthCheck.path}`
+      const isHealthy = await performHealthCheck(healthUrl, deploymentConfig.healthCheckTimeout)
+
+      if (!isHealthy) {
+        throw new Error(
+          `Service ${service.name} failed health check on temporary container during rolling deployment`
+        )
+      }
+    }
+  }
+
+  // Add a small delay to ensure service is fully ready
+  await new Promise((resolve) => setTimeout(resolve, 2000))
+}
+
+/**
+ * Blue-green deployment strategy for single instance
+ * Uses temporary container and port for zero-downtime deployment
+ */
+async function blueGreenDeploy(
+  service: ServiceConfig,
+  deploymentConfig: DeploymentConfig,
+  tempInfo: ZeroDowntimeContainerInfo | null
+): Promise<void> {
+  // For blue-green deployment with single instance:
+  // 1. New container is already started on temporary port (handled in deploy command)
+  // 2. Run health checks on new container
+  // 3. Switch nginx to new port (handled in deploy command)
+  // 4. Stop old container and promote new one (handled in deploy command)
+
+  if (!tempInfo || !tempInfo.oldContainerExists) {
+    // No existing container, just check health on the new container
+    if (service.healthCheck) {
+      const healthUrl = `http://localhost:${service.port}${service.healthCheck.path}`
+      const isHealthy = await performHealthCheck(healthUrl, deploymentConfig.healthCheckTimeout)
+
+      if (!isHealthy) {
+        throw new Error(`Service ${service.name} failed health check during blue-green deployment`)
+      }
+    }
+  } else {
+    // Check health on temporary port
+    if (service.healthCheck) {
+      const healthUrl = `http://localhost:${tempInfo.tempPort}${service.healthCheck.path}`
+      const isHealthy = await performHealthCheck(healthUrl, deploymentConfig.healthCheckTimeout)
+
+      if (!isHealthy) {
+        throw new Error(
+          `Service ${service.name} failed health check on temporary container during blue-green deployment`
+        )
+      }
+    }
+  }
+}
+
+/**
+ * Wait for a service to become healthy
+ */
+export async function waitForService(
+  service: ServiceConfig,
+  timeout: number = 60000
+): Promise<boolean> {
+  if (!service.healthCheck) {
+    // No health check configured, assume service is ready after a short delay
+    await new Promise((resolve) => setTimeout(resolve, 5000))
+    return true
+  }
+
+  const healthUrl = `http://localhost:${service.port}${service.healthCheck.path}`
+  return await performHealthCheck(healthUrl, timeout)
+}
+
+/**
+ * Gracefully shutdown a service
+ */
+export async function gracefulShutdown(
+  _service: ServiceConfig,
+  timeout: number = 30000
+): Promise<void> {
+  // Send shutdown signal and wait for graceful termination
+  // This is a placeholder - actual implementation would depend on how services are managed
+
+  await new Promise((resolve) => setTimeout(resolve, Math.min(timeout, 5000)))
+}