suthep 1.0.0

package/src/commands/up.ts

@@ -0,0 +1,271 @@
+import chalk from 'chalk'
+import fs from 'fs-extra'
+import type { ServiceConfig } from '../types/config'
+import { loadConfig } from '../utils/config-loader'
+import { waitForService } from '../utils/deployment'
+import { isContainerRunning, startDockerContainer } from '../utils/docker'
+import {
+  enableSite,
+  generateMultiServiceNginxConfig,
+  generateNginxConfig,
+  reloadNginx,
+  writeNginxConfig,
+} from '../utils/nginx'
+
+interface UpOptions {
+  file: string
+  all: boolean
+  serviceName?: string
+  https: boolean
+  nginx: boolean
+}
+
+export async function upCommand(options: UpOptions): Promise<void> {
+  console.log(chalk.blue.bold('\n🚀 Bringing Up Services\n'))
+
+  try {
+    // Load configuration (this will also load .env files for variable substitution)
+    if (!(await fs.pathExists(options.file))) {
+      throw new Error(`Configuration file not found: ${options.file}`)
+    }
+
+    console.log(chalk.cyan(`📄 Loading configuration from ${options.file}...`))
+    const config = await loadConfig(options.file)
+
+    console.log(chalk.green(`✅ Configuration loaded for project: ${config.project.name}`))
+
+    // Determine which services to bring up
+    let servicesToUp: ServiceConfig[] = []
+
+    if (options.all) {
+      servicesToUp = config.services
+      console.log(
+        chalk.cyan(`📋 Bringing up all services: ${servicesToUp.map((s) => s.name).join(', ')}\n`)
+      )
+    } else if (options.serviceName) {
+      const service = config.services.find((s) => s.name === options.serviceName)
+      if (!service) {
+        throw new Error(
+          `Service "${
+            options.serviceName
+          }" not found in configuration. Available services: ${config.services
+            .map((s) => s.name)
+            .join(', ')}`
+        )
+      }
+      servicesToUp = [service]
+      console.log(chalk.cyan(`📋 Bringing up service: ${options.serviceName}\n`))
+    } else {
+      throw new Error('Either specify a service name or use --all flag')
+    }
+
+    // Group services by domain for nginx config management
+    const domainToServices = new Map<string, ServiceConfig[]>()
+    const allDomains = new Set<string>()
+
+    for (const service of servicesToUp) {
+      for (const domain of service.domains) {
+        allDomains.add(domain)
+        if (!domainToServices.has(domain)) {
+          domainToServices.set(domain, [])
+        }
+        domainToServices.get(domain)!.push(service)
+      }
+    }
+
+    // Start Docker containers
+    for (const service of servicesToUp) {
+      if (service.docker) {
+        console.log(chalk.cyan(`\n🐳 Starting Docker container for service: ${service.name}`))
+        try {
+          await startDockerContainer(service)
+          console.log(chalk.green(`  ✅ Container started for service: ${service.name}`))
+        } catch (error) {
+          console.error(
+            chalk.red(`  ❌ Failed to start container for service ${service.name}:`),
+            error instanceof Error ? error.message : error
+          )
+          throw error
+        }
+      }
+    }
+
+    // Wait for services to be healthy
+    for (const service of servicesToUp) {
+      if (service.healthCheck) {
+        console.log(chalk.cyan(`\n🏥 Waiting for service ${service.name} to be healthy...`))
+        const isHealthy = await waitForService(service, config.deployment.healthCheckTimeout)
+        if (isHealthy) {
+          console.log(chalk.green(`  ✅ Service ${service.name} is healthy`))
+        } else {
+          console.log(
+            chalk.yellow(`  ⚠️  Service ${service.name} health check timeout, continuing anyway...`)
+          )
+        }
+      }
+    }
+
+    // Configure Nginx
+    if (options.nginx && allDomains.size > 0) {
+      console.log(chalk.cyan(`\n⚙️  Configuring Nginx reverse proxy...`))
+
+      // Create a set of service names being brought up for quick lookup
+      const servicesBeingUpped = new Set(servicesToUp.map((s) => s.name))
+
+      // For each domain, find all services that use it (from all config services)
+      // and include all active services (both newly brought up and already running)
+      for (const domain of allDomains) {
+        const configName = domain.replace(/\./g, '_')
+
+        // Find all services that use this domain (from entire config)
+        const allServicesForDomain = config.services.filter((s) => s.domains.includes(domain))
+
+        // Check which services are actually running (have active containers)
+        const activeServices: ServiceConfig[] = []
+        for (const service of allServicesForDomain) {
+          if (service.docker) {
+            const isRunning = await isContainerRunning(service.docker.container)
+            if (isRunning) {
+              activeServices.push(service)
+            }
+          } else {
+            // Service without docker - include if it's being brought up or assume it's running
+            if (servicesBeingUpped.has(service.name)) {
+              activeServices.push(service)
+            } else {
+              // For non-docker services, assume they're running if not explicitly being brought up
+              // This is a best-effort approach
+              activeServices.push(service)
+            }
+          }
+        }
+
+        if (activeServices.length === 0) {
+          console.log(
+            chalk.yellow(`  ⚠️  No active services found for ${domain}, skipping Nginx config`)
+          )
+          continue
+        }
+
+        try {
+          // Log domain and services configuration
+          if (activeServices.length > 1) {
+            console.log(
+              chalk.cyan(
+                `  📋 Configuring ${domain} with ${
+                  activeServices.length
+                } active service(s): ${activeServices.map((s) => s.name).join(', ')}`
+              )
+            )
+          } else {
+            console.log(
+              chalk.cyan(`  📋 Configuring ${domain} for service: ${activeServices[0].name}`)
+            )
+          }
+
+          // Generate Nginx config for all active services on this domain
+          let nginxConfigContent: string
+          if (activeServices.length === 1) {
+            nginxConfigContent = generateNginxConfig(activeServices[0], false)
+          } else {
+            nginxConfigContent = generateMultiServiceNginxConfig(activeServices, domain, false)
+          }
+
+          // Write config file
+          await writeNginxConfig(configName, config.nginx.configPath, nginxConfigContent)
+          await enableSite(configName, config.nginx.configPath)
+
+          console.log(chalk.green(`  ✅ Nginx configured for ${domain}`))
+        } catch (error) {
+          console.error(
+            chalk.red(`  ❌ Failed to configure Nginx for ${domain}:`),
+            error instanceof Error ? error.message : error
+          )
+          throw error
+        }
+      }
+
+      // Update with HTTPS if enabled
+      if (options.https) {
+        console.log(chalk.cyan(`\n🔄 Updating Nginx configs with HTTPS...`))
+        for (const domain of allDomains) {
+          const configName = domain.replace(/\./g, '_')
+
+          // Find all active services for this domain again
+          const allServicesForDomain = config.services.filter((s) => s.domains.includes(domain))
+          const activeServices: ServiceConfig[] = []
+          for (const service of allServicesForDomain) {
+            if (service.docker) {
+              const isRunning = await isContainerRunning(service.docker.container)
+              if (isRunning) {
+                activeServices.push(service)
+              }
+            } else {
+              if (servicesBeingUpped.has(service.name)) {
+                activeServices.push(service)
+              } else {
+                activeServices.push(service)
+              }
+            }
+          }
+
+          if (activeServices.length === 0) {
+            continue
+          }
+
+          try {
+            let nginxConfigContent: string
+            if (activeServices.length === 1) {
+              nginxConfigContent = generateNginxConfig(activeServices[0], true)
+            } else {
+              nginxConfigContent = generateMultiServiceNginxConfig(activeServices, domain, true)
+            }
+            await writeNginxConfig(configName, config.nginx.configPath, nginxConfigContent)
+            console.log(chalk.green(`  ✅ HTTPS config updated for ${domain}`))
+          } catch (error) {
+            console.error(
+              chalk.red(`  ❌ Failed to update HTTPS config for ${domain}:`),
+              error instanceof Error ? error.message : error
+            )
+            throw error
+          }
+        }
+      }
+
+      // Reload Nginx
+      console.log(chalk.cyan(`\n🔄 Reloading Nginx...`))
+      try {
+        await reloadNginx(config.nginx.reloadCommand)
+        console.log(chalk.green(`  ✅ Nginx reloaded`))
+      } catch (error) {
+        console.error(
+          chalk.red(`  ❌ Failed to reload Nginx:`),
+          error instanceof Error ? error.message : error
+        )
+        throw error
+      }
+    }
+
+    console.log(chalk.green.bold('\n✅ Services brought up successfully!\n'))
+
+    // Print service URLs
+    if (allDomains.size > 0) {
+      console.log(chalk.cyan('📋 Service URLs:'))
+      for (const service of servicesToUp) {
+        for (const domain of service.domains) {
+          const protocol = options.https ? 'https' : 'http'
+          const servicePath = service.path || '/'
+          const fullPath = servicePath === '/' ? '' : servicePath
+          console.log(chalk.dim(`   ${service.name}: ${protocol}://${domain}${fullPath}`))
+        }
+      }
+      console.log()
+    }
+  } catch (error) {
+    console.error(
+      chalk.red('\n❌ Failed to bring up services:'),
+      error instanceof Error ? error.message : error
+    )
+    process.exit(1)
+  }
+}

package/src/index.ts

@@ -0,0 +1,109 @@
+import { Command } from 'commander'
+import { readFileSync } from 'fs'
+import { dirname, join } from 'path'
+import { fileURLToPath } from 'url'
+import { deployCommand } from './commands/deploy'
+import { downCommand } from './commands/down'
+import { initCommand } from './commands/init'
+import { setupCommand } from './commands/setup'
+import { upCommand } from './commands/up'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = dirname(__filename)
+const packageJsonPath = join(__dirname, '..', 'package.json')
+const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'))
+
+const program = new Command()
+
+program
+  .name('suthep')
+  .description('CLI tool for deploying projects with automatic Nginx reverse proxy and HTTPS setup')
+  .version(packageJson.version)
+
+program
+  .command('init')
+  .description('Initialize a new deployment configuration file')
+  .option('-f, --file <path>', 'Configuration file path', 'suthep.yml')
+  .action(initCommand)
+
+program
+  .command('setup')
+  .description('Setup Nginx and Certbot on the system')
+  .option('--nginx-only', 'Only setup Nginx')
+  .option('--certbot-only', 'Only setup Certbot')
+  .action(setupCommand)
+
+program
+  .command('deploy')
+  .description('Deploy a project using the configuration file')
+  .option('-f, --file <path>', 'Configuration file path', 'suthep.yml')
+  .option('--no-https', 'Skip HTTPS setup')
+  .option('--no-nginx', 'Skip Nginx configuration')
+  .option(
+    '-e, --env <key=value>',
+    'Set environment variables (can be used multiple times, e.g., -e KEY1=value1 -e KEY2=value2)',
+    (value, previous: string[] = []) => {
+      return [...previous, value]
+    },
+    []
+  )
+  .argument('[service-name]', 'Name of the service to deploy (deploys all if not specified)')
+  .action((serviceName, options: any) => {
+    // Parse environment variables from CLI
+    const cliEnvVars: Record<string, string> = {}
+    if (options.env && Array.isArray(options.env)) {
+      for (const envVar of options.env) {
+        const equalsIndex = envVar.indexOf('=')
+        if (equalsIndex === -1 || equalsIndex === 0) {
+          throw new Error(
+            `Invalid environment variable format: ${envVar}. Expected KEY=VALUE (e.g., -e KEY=value)`
+          )
+        }
+        const key = envVar.substring(0, equalsIndex)
+        const value = envVar.substring(equalsIndex + 1)
+        cliEnvVars[key] = value
+      }
+    }
+
+    deployCommand({
+      file: options.file || 'suthep.yml',
+      https: options.https !== false,
+      nginx: options.nginx !== false,
+      serviceName: serviceName,
+      cliEnvVars,
+    })
+  })
+
+program
+  .command('down')
+  .description('Bring down services (stop containers and disable Nginx configs)')
+  .option('-f, --file <path>', 'Configuration file path', 'suthep.yml')
+  .option('--all', 'Bring down all services', false)
+  .argument('[service-name]', 'Name of the service to bring down')
+  .action((serviceName, options) => {
+    downCommand({
+      file: options.file || 'suthep.yml',
+      all: options.all || false,
+      serviceName: serviceName,
+    })
+  })
+
+program
+  .command('up')
+  .description('Bring up services (start containers and enable Nginx configs)')
+  .option('-f, --file <path>', 'Configuration file path', 'suthep.yml')
+  .option('--all', 'Bring up all services', false)
+  .option('--no-https', 'Skip HTTPS setup')
+  .option('--no-nginx', 'Skip Nginx configuration')
+  .argument('[service-name]', 'Name of the service to bring up')
+  .action((serviceName, options) => {
+    upCommand({
+      file: options.file || 'suthep.yml',
+      all: options.all || false,
+      serviceName: serviceName,
+      https: options.https !== false,
+      nginx: options.nginx !== false,
+    })
+  })
+
+program.parse()

package/src/types/config.ts

@@ -0,0 +1,52 @@
+/**
+ * Configuration type definitions for the Suthep deployment tool
+ */
+
+export interface ProjectConfig {
+  name: string
+  version: string
+}
+
+export interface HealthCheckConfig {
+  path: string
+  interval: number
+}
+
+export interface DockerConfig {
+  image?: string
+  container: string
+  port: number
+}
+
+export interface ServiceConfig {
+  name: string
+  port: number
+  domains: string[]
+  path?: string // Path prefix for this service (e.g., '/api', '/'). Defaults to '/'
+  docker?: DockerConfig
+  healthCheck?: HealthCheckConfig
+  environment?: Record<string, string>
+}
+
+export interface NginxConfig {
+  configPath: string
+  reloadCommand: string
+}
+
+export interface CertbotConfig {
+  email: string
+  staging: boolean
+}
+
+export interface DeploymentConfig {
+  strategy: 'rolling' | 'blue-green'
+  healthCheckTimeout: number
+}
+
+export interface DeployConfig {
+  project: ProjectConfig
+  services: ServiceConfig[]
+  nginx: NginxConfig
+  certbot: CertbotConfig
+  deployment: DeploymentConfig
+}

package/src/utils/__tests__/certbot.test.ts

@@ -0,0 +1,222 @@
+import { execa } from 'execa'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import {
+  certificateExists,
+  checkCertificateExpiration,
+  renewCertificates,
+  requestCertificate,
+  revokeCertificate,
+} from '../certbot'
+
+// Mock execa
+vi.mock('execa', () => ({
+  execa: vi.fn(),
+}))
+
+describe('certbot', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  describe('certificateExists', () => {
+    it('should return true if certificate files exist', async () => {
+      vi.mocked(execa)
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // test fullchain.pem
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // test privkey.pem
+
+      const result = await certificateExists('example.com')
+
+      expect(execa).toHaveBeenCalledWith('sudo', [
+        'test',
+        '-f',
+        '/etc/letsencrypt/live/example.com/fullchain.pem',
+      ])
+      expect(execa).toHaveBeenCalledWith('sudo', [
+        'test',
+        '-f',
+        '/etc/letsencrypt/live/example.com/privkey.pem',
+      ])
+      expect(result).toBe(true)
+    })
+
+    it('should return false if certificate files do not exist', async () => {
+      vi.mocked(execa).mockRejectedValue(new Error('File not found'))
+
+      const result = await certificateExists('example.com')
+
+      expect(result).toBe(false)
+    })
+
+    it('should fallback to certbot certificates command if file test fails', async () => {
+      vi.mocked(execa)
+        .mockRejectedValueOnce(new Error('File not found')) // test fullchain.pem fails
+        .mockResolvedValueOnce({
+          stdout: 'Certificate Name: example.com\nDomains: example.com',
+          stderr: '',
+        } as any) // certbot certificates
+
+      const result = await certificateExists('example.com')
+
+      expect(execa).toHaveBeenCalledWith('sudo', ['certbot', 'certificates'])
+      expect(result).toBe(true)
+    })
+
+    it('should return false if certbot command also fails', async () => {
+      vi.mocked(execa)
+        .mockRejectedValueOnce(new Error('File not found')) // test fullchain.pem fails
+        .mockRejectedValueOnce(new Error('Certbot error')) // certbot certificates fails
+
+      const result = await certificateExists('example.com')
+
+      expect(result).toBe(false)
+    })
+  })
+
+  describe('requestCertificate', () => {
+    it('should request certificate with correct arguments', async () => {
+      // Mock certificateExists to return false (certificate doesn't exist)
+      vi.mocked(execa)
+        .mockRejectedValueOnce(new Error('File not found')) // certificateExists - file test fails
+        .mockRejectedValueOnce(new Error('Certbot error')) // certificateExists - certbot check fails
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // certbot certonly
+
+      await requestCertificate('example.com', 'admin@example.com', false)
+
+      expect(execa).toHaveBeenCalledWith('sudo', [
+        'certbot',
+        'certonly',
+        '--nginx',
+        '-d',
+        'example.com',
+        '--non-interactive',
+        '--agree-tos',
+        '--email',
+        'admin@example.com',
+      ])
+    })
+
+    it('should include --staging flag when staging is true', async () => {
+      // Mock certificateExists to return false (certificate doesn't exist)
+      vi.mocked(execa)
+        .mockRejectedValueOnce(new Error('File not found')) // certificateExists - file test fails
+        .mockRejectedValueOnce(new Error('Certbot error')) // certificateExists - certbot check fails
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // certbot certonly
+
+      await requestCertificate('example.com', 'admin@example.com', true)
+
+      expect(execa).toHaveBeenCalledWith(
+        'sudo',
+        expect.arrayContaining(['certbot', 'certonly', '--staging'])
+      )
+    })
+
+    it('should throw error if certificate already exists', async () => {
+      // Mock certificateExists to return true (both file checks succeed)
+      vi.mocked(execa)
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // certificateExists - fullchain.pem exists
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // certificateExists - privkey.pem exists
+
+      await expect(requestCertificate('example.com', 'admin@example.com', false)).rejects.toThrow(
+        'Certificate for example.com already exists'
+      )
+    })
+
+    it('should handle certificate already exists error from certbot', async () => {
+      // Mock certificateExists to return false, but certbot returns already exists error
+      vi.mocked(execa)
+        .mockRejectedValueOnce(new Error('File not found')) // certificateExists - file test fails
+        .mockRejectedValueOnce(new Error('Certbot error')) // certificateExists - certbot check fails
+        .mockRejectedValueOnce({
+          stderr: 'Certificate already exists for example.com',
+          message: 'Certificate already exists',
+        } as any)
+
+      await expect(requestCertificate('example.com', 'admin@example.com', false)).rejects.toThrow(
+        'Certificate for example.com already exists'
+      )
+    })
+
+    it('should throw error with details if certificate request fails', async () => {
+      vi.mocked(execa)
+        .mockResolvedValueOnce({ stdout: '', stderr: '' } as any) // certificateExists check
+        .mockRejectedValueOnce({
+          stderr: 'DNS validation failed',
+          message: 'Validation error',
+        } as any)
+
+      await expect(requestCertificate('example.com', 'admin@example.com', false)).rejects.toThrow(
+        'Failed to obtain SSL certificate for example.com'
+      )
+    })
+  })
+
+  describe('renewCertificates', () => {
+    it('should renew certificates with correct command', async () => {
+      vi.mocked(execa).mockResolvedValue({ stdout: '', stderr: '' } as any)
+
+      await renewCertificates()
+
+      expect(execa).toHaveBeenCalledWith('sudo', ['certbot', 'renew', '--quiet'])
+    })
+
+    it('should throw error if renewal fails', async () => {
+      vi.mocked(execa).mockRejectedValue(new Error('Renewal failed'))
+
+      await expect(renewCertificates()).rejects.toThrow('Failed to renew SSL certificates')
+    })
+  })
+
+  describe('checkCertificateExpiration', () => {
+    it('should return expiration date if certificate exists', async () => {
+      const mockStdout = 'Expiry Date: 2024-12-31 23:59:59+00:00'
+      vi.mocked(execa).mockResolvedValue({ stdout: mockStdout, stderr: '' } as any)
+
+      const result = await checkCertificateExpiration('example.com')
+
+      expect(execa).toHaveBeenCalledWith('sudo', ['certbot', 'certificates', '-d', 'example.com'])
+      expect(result).toBeInstanceOf(Date)
+      // Check that it's a valid date - the exact year might vary based on parsing
+      expect(result).not.toBeNull()
+    })
+
+    it('should return null if expiration date cannot be parsed', async () => {
+      vi.mocked(execa).mockResolvedValue({ stdout: 'No expiry date found', stderr: '' } as any)
+
+      const result = await checkCertificateExpiration('example.com')
+
+      expect(result).toBeNull()
+    })
+
+    it('should return null if command fails', async () => {
+      vi.mocked(execa).mockRejectedValue(new Error('Command failed'))
+
+      const result = await checkCertificateExpiration('example.com')
+
+      expect(result).toBeNull()
+    })
+  })
+
+  describe('revokeCertificate', () => {
+    it('should revoke certificate with correct command', async () => {
+      vi.mocked(execa).mockResolvedValue({ stdout: '', stderr: '' } as any)
+
+      await revokeCertificate('example.com')
+
+      expect(execa).toHaveBeenCalledWith('sudo', [
+        'certbot',
+        'revoke',
+        '-d',
+        'example.com',
+        '--non-interactive',
+      ])
+    })
+
+    it('should throw error if revocation fails', async () => {
+      vi.mocked(execa).mockRejectedValue(new Error('Revocation failed'))
+
+      await expect(revokeCertificate('example.com')).rejects.toThrow(
+        'Failed to revoke certificate for example.com'
+      )
+    })
+  })
+})