underpost 3.2.10 → 3.2.12

package/src/cli/deploy.js

@@ -78,7 +78,8 @@ class UnderpostDeploy {
       return `
     - conditions:
         - prefix: ${path}
-      ${pathRewritePolicy
+      ${
+        pathRewritePolicy
           ? `pathRewritePolicy:
           replacePrefix:
           ${pathRewritePolicy.map(
@@ -88,26 +89,30 @@ class UnderpostDeploy {
           ).join(`
 `)}`
           : ''
-        }${timeoutPolicy
-          ? `\n      timeoutPolicy:\n${timeoutPolicy.response ? `        response: ${timeoutPolicy.response}\n` : ''}${timeoutPolicy.idle ? `        idle: ${timeoutPolicy.idle}\n` : ''
-          }`
+      }${
+        timeoutPolicy
+          ? `\n      timeoutPolicy:\n${timeoutPolicy.response ? `        response: ${timeoutPolicy.response}\n` : ''}${
+              timeoutPolicy.idle ? `        idle: ${timeoutPolicy.idle}\n` : ''
+            }`
           : ''
-        }${retryPolicy
-          ? `\n      retryPolicy:\n${retryPolicy.count !== undefined ? `        count: ${retryPolicy.count}\n` : ''}${retryPolicy.perTryTimeout ? `        perTryTimeout: ${retryPolicy.perTryTimeout}\n` : ''
-          }`
+      }${
+        retryPolicy
+          ? `\n      retryPolicy:\n${retryPolicy.count !== undefined ? `        count: ${retryPolicy.count}\n` : ''}${
+              retryPolicy.perTryTimeout ? `        perTryTimeout: ${retryPolicy.perTryTimeout}\n` : ''
+            }`
           : ''
-        }
+      }
       enableWebsockets: true
       services:
     ${deploymentVersions
-          .map(
-            (version, i) =>
-              `    - name: ${serviceId ? serviceId : `${deployId}-${env}-${version}-service`}
+      .map(
+        (version, i) =>
+          `    - name: ${serviceId ? serviceId : `${deployId}-${env}-${version}-service`}
           port: ${port}
           weight: ${i === 0 ? 100 : 0}
     `,
-          )
-          .join('')}`;
+      )
+      .join('')}`;
     },
     /**
      * Creates a YAML deployment configuration for a deployment.
@@ -154,17 +159,17 @@ class UnderpostDeploy {
         cmd =
           pullBundle || skipFullBuild
             ? [
-              // When pullBundle (or skipFullBuild) is set the container pulls the pre-built client
-              // bundle from Cloudinary (push-bundle must have been run on the dev machine beforehand).
-              `underpost secret underpost --create-from-env`,
-              `underpost start --build --run --pull-bundle --skip-full-build ${deployId} ${env}`,
-            ]
+                // When pullBundle (or skipFullBuild) is set the container pulls the pre-built client
+                // bundle from Cloudinary (push-bundle must have been run on the dev machine beforehand).
+                `underpost secret underpost --create-from-env`,
+                `underpost start --build --run --pull-bundle --skip-full-build ${deployId} ${env}`,
+              ]
             : [
-              // `npm install -g npm@11.2.0`,
-              // `npm install -g underpost`,
-              `underpost secret underpost --create-from-env`,
-              `underpost start --build --run ${deployId} ${env}`,
-            ];
+                // `npm install -g npm@11.2.0`,
+                // `npm install -g underpost`,
+                `underpost secret underpost --create-from-env`,
+                `underpost start --build --run ${deployId} ${env}`,
+              ];
       const packageJson = JSON.parse(fs.readFileSync('./package.json', 'utf8'));
       if (!volumes) volumes = [];
       const confVolume = fs.existsSync(`./engine-private/conf/${deployId}/conf.volume.json`)
@@ -199,12 +204,14 @@ spec:
           envFrom:
             - secretRef:
                 name: underpost-config
-${containerPort
-          ? `          ports:
+${
+  containerPort
+    ? `          ports:
             - containerPort: ${containerPort}
 `
-          : ''
-        }${resources
+    : ''
+}${
+        resources
           ? `          resources:
             requests:
               memory: "${resources.requests.memory}"
@@ -213,46 +220,50 @@ ${containerPort
               memory: "${resources.limits.memory}"
               cpu: "${resources.limits.cpu}"`
           : ''
-        }
+      }
           command:
             - /bin/sh
             - -c
             - >
               ${cmd.join(' &&\n              ')}
-${readinessProbe
-          ? `          readinessProbe:
+${
+  readinessProbe
+    ? `          readinessProbe:
 ${JSON.stringify(readinessProbe, null, 2)
-            .split('\n')
-            .map((l) => '            ' + l)
-            .join('\n')}
+  .split('\n')
+  .map((l) => '            ' + l)
+  .join('\n')}
 `
-          : ''
-        }${livenessProbe
+    : ''
+}${
+        livenessProbe
           ? `          livenessProbe:
 ${JSON.stringify(livenessProbe, null, 2)
-            .split('\n')
-            .map((l) => '            ' + l)
-            .join('\n')}
+  .split('\n')
+  .map((l) => '            ' + l)
+  .join('\n')}
 `
           : ''
-        }${lifecycle
+      }${
+        lifecycle
           ? `          lifecycle:
 ${JSON.stringify(lifecycle, null, 2)
-            .split('\n')
-            .map((l) => '            ' + l)
-            .join('\n')}
+  .split('\n')
+  .map((l) => '            ' + l)
+  .join('\n')}
 `
           : ''
-        }
+      }
 
-${volumes.length > 0
-          ? Underpost.deploy
-            .volumeFactory(volumes.map((v) => ((v.version = `${deployId}-${env}-${suffix}`), v)))
-            .render.split(`\n`)
-            .map((l) => '    ' + l)
-            .join(`\n`)
-          : ''
-        }
+${
+  volumes.length > 0
+    ? Underpost.deploy
+        .volumeFactory(volumes.map((v) => ((v.version = `${deployId}-${env}-${suffix}`), v)))
+        .render.split(`\n`)
+        .map((l) => '    ' + l)
+        .join(`\n`)
+    : ''
+}
 ---
 apiVersion: v1
 kind: Service
@@ -312,19 +323,19 @@ spec:
         for (const deploymentVersion of deploymentVersions) {
           deploymentYamlParts += `---
 ${Underpost.deploy
-              .deploymentYamlPartsFactory({
-                deployId,
-                env,
-                suffix: deploymentVersion,
-                replicas,
-                image,
-                namespace: options.namespace,
-                cmd: options.cmd ? options.cmd.split(',').map((c) => c.trim()) : undefined,
-                skipFullBuild: options.skipFullBuild,
-                pullBundle: options.pullBundle,
-                imagePullPolicy: options.imagePullPolicy,
-              })
-              .replace('{{ports}}', buildKindPorts(fromPort, toPort))}
+  .deploymentYamlPartsFactory({
+    deployId,
+    env,
+    suffix: deploymentVersion,
+    replicas,
+    image,
+    namespace: options.namespace,
+    cmd: options.cmd ? options.cmd.split(',').map((c) => c.trim()) : undefined,
+    skipFullBuild: options.skipFullBuild,
+    pullBundle: options.pullBundle,
+    imagePullPolicy: options.imagePullPolicy,
+  })
+  .replace('{{ports}}', buildKindPorts(fromPort, toPort))}
 `;
         }
         fs.writeFileSync(`./engine-private/conf/${deployId}/build/${env}/deployment.yaml`, deploymentYamlParts, 'utf8');
@@ -376,20 +387,20 @@ ${Underpost.deploy
           let proxyRoutes = '';
           const globalTimeoutPolicy =
             (options.timeoutResponse && options.timeoutResponse !== '') ||
-              (options.timeoutIdle && options.timeoutIdle !== '')
+            (options.timeoutIdle && options.timeoutIdle !== '')
               ? {
-                response: options.timeoutResponse,
-                idle: options.timeoutIdle,
-              }
+                  response: options.timeoutResponse,
+                  idle: options.timeoutIdle,
+                }
               : undefined;
           const globalRetryPolicy =
             options.retryCount ||
-              options.retryCount === 0 ||
-              (options.retryPerTryTimeout && options.retryPerTryTimeout !== '')
+            options.retryCount === 0 ||
+            (options.retryPerTryTimeout && options.retryPerTryTimeout !== '')
               ? {
-                count: options.retryCount,
-                perTryTimeout: options.retryPerTryTimeout,
-              }
+                  count: options.retryCount,
+                  perTryTimeout: options.retryPerTryTimeout,
+                }
               : undefined;
           if (!options.disableDeploymentProxy)
             for (const conditionObj of pathPortAssignment) {
@@ -577,12 +588,13 @@ metadata:
   namespace: ${options.namespace}
 spec:
   virtualhost:
-    fqdn: ${host}${env === 'development'
-          ? ''
-          : `
+    fqdn: ${host}${
+      env === 'development'
+        ? ''
+        : `
     tls:
       secretName: ${host}`
-        }
+    }
   routes:`;
     },
 
@@ -604,13 +616,11 @@ spec:
      * @param {string} options.traffic - Traffic status for the deployment.
      * @param {string} options.replicas - Number of replicas for the deployment.
      * @param {string} options.node - Node name for resource allocation.
-     * @param {boolean} options.restoreHosts - Whether to restore the hosts file.
      * @param {boolean} options.disableUpdateDeployment - Whether to disable deployment updates.
      * @param {boolean} options.disableUpdateProxy - Whether to disable proxy updates.
      * @param {boolean} options.disableDeploymentProxy - Whether to disable deployment proxy.
      * @param {boolean} options.disableUpdateVolume - Whether to disable volume updates.
      * @param {boolean} options.status - Whether to display deployment status.
-     * @param {boolean} options.etcHosts - Whether to display the /etc/hosts file.
      * @param {boolean} options.disableUpdateUnderpostConfig - Whether to disable Underpost config updates.
      * @param {string} [options.namespace] - Kubernetes namespace for the deployment.
      * @param {string} [options.timeoutResponse] - Timeout response setting for the deployment.
@@ -648,13 +658,11 @@ spec:
         traffic: '',
         replicas: '',
         node: '',
-        restoreHosts: false,
         disableUpdateDeployment: false,
         disableUpdateProxy: false,
         disableDeploymentProxy: false,
         disableUpdateVolume: false,
         status: false,
-        etcHosts: false,
         disableUpdateUnderpostConfig: false,
         namespace: '',
         timeoutResponse: '',
@@ -738,14 +746,6 @@ EOF`);
         return;
       }
       if (!options.disableUpdateUnderpostConfig) Underpost.deploy.configMap(env);
-      let renderHosts = '';
-      let etcHosts = [];
-      if (options.restoreHosts === true) {
-        const factoryResult = Underpost.deploy.etcHostFactory(etcHosts);
-        renderHosts = factoryResult.renderHosts;
-        logger.info(renderHosts);
-        return;
-      }
 
       for (const _deployId of deployList.split(',')) {
         const deployId = _deployId.trim();
@@ -753,6 +753,10 @@ EOF`);
         if (options.expose === true) {
           const kindType = options.kindType ? options.kindType : 'svc';
           const svc = Underpost.kubectl.get(deployId, kindType)[0];
+          if (!svc) {
+            logger.error(`No ${kindType} found matching '${deployId}', skipping expose`);
+            continue;
+          }
           const port = options.exposePort
             ? parseInt(options.exposePort)
             : options.port
@@ -802,7 +806,6 @@ EOF`);
             if (Underpost.deploy.isValidTLSContext({ host, env, options }))
               shellExec(`sudo kubectl delete Certificate ${host} -n ${namespace} --ignore-not-found`);
           }
-          if (!options.remove) etcHosts.push(host);
         }
 
         const manifestsPath =
@@ -823,15 +826,6 @@ EOF`);
             shellExec(`sudo kubectl apply -f ./${manifestsPath}/secret.yaml -n ${namespace}`);
         }
       }
-      if (options.etcHosts === true) {
-        const factoryResult = Underpost.deploy.etcHostFactory(etcHosts);
-        renderHosts = factoryResult.renderHosts;
-      }
-      if (renderHosts)
-        logger.info(
-          `
-` + renderHosts,
-        );
     },
     /**
      * Checks the status of a deployment.
@@ -1002,10 +996,10 @@ EOF`);
       shellExec(`kubectl delete pv ${pvId} --ignore-not-found`);
       shellExec(`kubectl apply -f - -n ${namespace} <<EOF
 ${Underpost.deploy.persistentVolumeFactory({
-        hostPath: rootVolumeHostPath,
-        pvcId,
-        namespace,
-      })}
+  hostPath: rootVolumeHostPath,
+  pvcId,
+  namespace,
+})}
 EOF
 `);
     },
@@ -1064,22 +1058,23 @@ ${secret ? `          readOnly: true\n` : ''}`;
 
         _volumes += `
     - name: ${volumeName}
- ${emptyDir
-            ? `     emptyDir: {}`
-            : secret
-              ? `     secret:
+ ${
+   emptyDir
+     ? `     emptyDir: {}`
+     : secret
+       ? `     secret:
         secretName: ${secret}`
-              : configMap
-                ? `     configMap:
+       : configMap
+         ? `     configMap:
         name: ${configMap}`
-                : claimName
-                  ? `     persistentVolumeClaim:
+         : claimName
+           ? `     persistentVolumeClaim:
         claimName: ${claimName}`
-                  : `     hostPath:
+           : `     hostPath:
         path: ${volumeHostPath}
         type: ${volumeType}
 `
-          }
+ }
 
   `;
       });
@@ -1131,42 +1126,6 @@ spec:
       storage: 5Gi`;
     },
 
-    /**
-     * Creates a hosts file for a deployment.
-     * @param {Array<string>} hosts - List of hosts to be added to the hosts file.
-     * @param {object} options - Options for the hosts file creation.
-     * @param {boolean} options.append - Whether to append to the existing hosts file.
-     * @returns {object} - Object containing the rendered hosts file.
-     * @memberof UnderpostDeploy
-     */
-    etcHostFactory(hosts = [], options = { append: false }) {
-      hosts = hosts.map((host) => {
-        try {
-          if (!host.startsWith('http')) host = `http://${host}`;
-          const hostname = new URL(host).hostname;
-          logger.info('Hostname extract valid', { host, hostname });
-          return hostname;
-        } catch (e) {
-          logger.warn('No hostname extract valid', host);
-          return host;
-        }
-      });
-      const renderHosts = `127.0.0.1         ${hosts.join(
-        ' ',
-      )} localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6`;
-
-      if (options && options.append && fs.existsSync(`/etc/hosts`)) {
-        fs.writeFileSync(
-          `/etc/hosts`,
-          fs.readFileSync(`/etc/hosts`, 'utf8') +
-          `
-${renderHosts}`,
-          'utf8',
-        );
-      } else fs.writeFileSync(`/etc/hosts`, renderHosts, 'utf8');
-      return { renderHosts };
-    },
     /**
      * Checks if a TLS context is valid.
      * @param {object} options - Options for the check.
@@ -1191,13 +1150,13 @@ ${renderHosts}`,
      *   `src/client/public/nexodev/docs/references/Deploy custom instance to K8S.md`.
      *
      * Container-status:
-     *   `underpost config get container-status` is still read from each pod for
-     *   the display column and for early-abort on `error`, but it is no longer
-     *   required to equal `<deploy>-running-deployment` to finish the monitor.
-     *   Older implementations gated on it; that produced false timeouts for
-     *   runtimes (e.g. cyberia-server's Go binary, cyberia-client's server.py)
-     *   whose startup sequence didn't reliably overwrite the
-     *   `initializing-deployment` stamp set by the postStart lifecycle hook.
+     *   `underpost config get container-status` is read from each pod for both
+     *   the display column and as a second ready gate alongside the K8S Ready
+     *   condition. Both must be satisfied before the monitor exits:
+     *     1. K8S readinessProbe (TCP socket) — ensures the port is bound.
+     *     2. container-status == `<deploy>-<env>-running-deployment` — ensures
+     *        the application has completed its own startup sequence.
+     *   Early-abort on `error` container-status remains in effect.
      *
      * @param {string} deployId - Deployment ID for which the ready status is being monitored.
      * @param {string} env - Environment for which the ready status is being monitored.
@@ -1234,10 +1193,13 @@ ${renderHosts}`,
         }
       };
 
-
       for (let i = 0; i < maxIterations; i++) {
         const result = await Underpost.deploy.checkDeploymentReadyStatus(
-          deployId, env, targetTraffic, ignorePods, namespace,
+          deployId,
+          env,
+          targetTraffic,
+          ignorePods,
+          namespace,
         );
 
         const allPods = [...result.readyPods, ...result.notReadyPods];
@@ -1246,20 +1208,22 @@ ${renderHosts}`,
         for (const pod of allPods) {
           if (!pod?.NAME) continue;
           const status = readContainerStatus(pod.NAME);
-          if (status === 'error')
-            throw new Error(`Pod ${pod.NAME} has error status`);
+          if (status === 'error') throw new Error(`Pod ${pod.NAME} has error status`);
           podStatusCache.set(pod.NAME, status);
         }
 
         const allPodsK8sReady = allPods.length > 0 && result.notReadyPods.length === 0;
 
+        const allPodsStatusReady =
+          allPods.length > 0 && allPods.every((pod) => podStatusCache.get(pod.NAME) === expectedContainerStatus);
+
         // Print snapshot for every pod — annotate when container-status hasn't caught
-        // up to the K8S Ready condition (informational only; no longer gates exit).
+        // up to the K8S Ready condition yet.
         for (const pod of allPods) {
           const status = podStatusCache.get(pod.NAME) || containerStatusDefault;
           const podStatus = pod.STATUS || 'Unknown';
           const statusMatchesExpected = status === expectedContainerStatus;
-          const statusDisplay = statusMatchesExpected ? status : `${status} (advisory)`;
+          const statusDisplay = statusMatchesExpected ? status : `${status} (pending)`;
 
           console.log(
             'Target pod:',
@@ -1271,10 +1235,11 @@ ${renderHosts}`,
           );
         }
 
-        // Finish as soon as every pod is K8S-Ready. The readinessProbe (TCP
-        // socket on the listening port) is the source of truth — a runtime
-        // that can't bind never reaches Ready and the monitor will time out.
-        if (allPodsK8sReady) {
+        // Both K8S readinessProbe AND container-status must be satisfied before
+        // declaring the deployment ready. The TCP probe ensures the port is bound;
+        // container-status == running-deployment ensures the application has
+        // completed its own startup sequence so traffic is not switched prematurely.
+        if (allPodsK8sReady && allPodsStatusReady) {
           logger.info(`${tag} | All pods Ready (K8S readinessProbe satisfied)`);
           return result;
         }

package/src/cli/fs.js

@@ -127,7 +127,11 @@ class UnderpostFileStorage {
         if (options.git === true) {
           const gitPath = hasPathFilter ? basePath : '.';
           shellExec(`cd ${gitPath} && git add .`);
-          shellExec(`underpost cmt ${gitPath} feat`);
+          shellExec(`underpost cmt ${gitPath} feat`, {
+            silentOnError: true,
+            silent: true,
+            disableLog: true,
+          });
         }
 
         return;
@@ -155,7 +159,7 @@ class UnderpostFileStorage {
         if (options.git === true) {
           Underpost.repo.initLocalRepo({ path });
           shellExec(`cd ${path} && git add . && git commit -m "Base pull state"`, {
-            silentOnError: true
+            silentOnError: true,
           });
         }
       } else {
@@ -175,7 +179,11 @@ class UnderpostFileStorage {
       Underpost.fs.writeStorageConf(storage, storageConf);
       if (options.git === true) {
         shellExec(`cd ${path} && git add .`);
-        shellExec(`underpost cmt ${path} feat`);
+        shellExec(`underpost cmt ${path} feat`, {
+          silentOnError: true,
+          silent: true,
+          disableLog: true,
+        });
       }
     },
     /**