underpost 3.2.8 → 3.2.10

package/bin/deploy.js

@@ -443,10 +443,10 @@ ${shellExec(`git log | grep Author: | sort -u`, { stdout: true }).split(`\n`).jo
           shellExec(`sudo kubectl delete secret ${secretSelector} -n ${namespace} --ignore-not-found`);
           shellExec(
             `sudo kubectl create secret generic ${secretSelector}` +
-              ` --from-literal=POSTGRES_DB=postgresdb` +
-              ` --from-literal=POSTGRES_USER=admin` +
-              ` --from-file=POSTGRES_PASSWORD=/home/dd/engine/engine-private/postgresql-password` +
-              ` --dry-run=client -o yaml | kubectl apply -f - -n ${namespace}`,
+            ` --from-literal=POSTGRES_DB=postgresdb` +
+            ` --from-literal=POSTGRES_USER=admin` +
+            ` --from-file=POSTGRES_PASSWORD=/home/dd/engine/engine-private/postgresql-password` +
+            ` --dry-run=client -o yaml | kubectl apply -f - -n ${namespace}`,
           );
         }
         {
@@ -454,10 +454,10 @@ ${shellExec(`git log | grep Author: | sort -u`, { stdout: true }).split(`\n`).jo
           shellExec(`sudo kubectl delete secret ${secretSelector} -n ${namespace} --ignore-not-found`);
           shellExec(
             `sudo kubectl create secret generic ${secretSelector}` +
-              ` --from-file=SECRET_KEY=/home/dd/engine/engine-private/postgresql-password` +
-              ` --from-literal=FIRST_SUPERUSER=${process.env.GITHUB_EMAIL || 'development@underpost.net'}` +
-              ` --from-file=FIRST_SUPERUSER_PASSWORD=/home/dd/engine/engine-private/postgresql-password` +
-              ` --dry-run=client -o yaml | kubectl apply -f - -n ${namespace}`,
+            ` --from-file=SECRET_KEY=/home/dd/engine/engine-private/postgresql-password` +
+            ` --from-literal=FIRST_SUPERUSER=${process.env.GITHUB_EMAIL || 'development@underpost.net'}` +
+            ` --from-file=FIRST_SUPERUSER_PASSWORD=/home/dd/engine/engine-private/postgresql-password` +
+            ` --dry-run=client -o yaml | kubectl apply -f - -n ${namespace}`,
           );
         }
       }
@@ -577,8 +577,7 @@ nvidia/gpu-operator \
       shellExec(`sudo docker pull ${image}`);
       if (!process.argv.includes('kubeadm'))
         shellExec(
-          `sudo ${
-            process.argv.includes('kubeadm') ? `ctr -n k8s.io images import` : `kind load docker-image`
+          `sudo ${process.argv.includes('kubeadm') ? `ctr -n k8s.io images import` : `kind load docker-image`
           } ${image}`,
         );
       const namespace = process.argv.find((arg) => arg.startsWith('--namespace='))?.split('=')[1] || 'default';
@@ -627,11 +626,11 @@ nvidia/gpu-operator \
           }
           env[key] =
             `${key}`.toUpperCase().match('API') ||
-            `${key}`.toUpperCase().match('KEY') ||
-            `${key}`.toUpperCase().match('SECRET') ||
-            `${key}`.toUpperCase().match('TOKEN') ||
-            `${key}`.toUpperCase().match('PASSWORD') ||
-            `${key}`.toUpperCase().match('MAC')
+              `${key}`.toUpperCase().match('KEY') ||
+              `${key}`.toUpperCase().match('SECRET') ||
+              `${key}`.toUpperCase().match('TOKEN') ||
+              `${key}`.toUpperCase().match('PASSWORD') ||
+              `${key}`.toUpperCase().match('MAC')
               ? 'changethis'
               : isNaN(parseFloat(privateEnv[key]))
                 ? `${privateEnv[key]}`.match(`@`)
@@ -714,7 +713,7 @@ nvidia/gpu-operator \
     }
 
     case 'cyberia': {
-      const { CyberiaDependencies } = await import(`../src/client/components/cyberia-portal/CommonCyberiaPortal.js`);
+      const { CyberiaDependencies } = await import(`../src/api/cyberia-server-defaults/cyberia-server-defaults.js`);
       for (const dep of Object.keys(CyberiaDependencies)) {
         const ver = CyberiaDependencies[dep];
         shellExec(`npm install ${dep}@${ver}`);
@@ -823,7 +822,7 @@ nvidia/gpu-operator \
 
       // Delete merged local and remote branches
       for (const { branch, isAlreadyMerged } of mergedBranches) {
-        shellExec(`git branch -D ${branch}`, { silent: true });
+        shellExec(`git branch -D ${branch}`, { silent: true, silentOnError: true });
         // logger.info(`Deleting remote branch: ${branch}${isAlreadyMerged ? ' (already merged)' : ''}`);
         // shellExec(`git push https://${process.env.GITHUB_TOKEN}@github.com/${gitUri}.git --delete ${branch}`, {
         //   disableLog: true,
@@ -1394,10 +1393,10 @@ nvidia/gpu-operator \
       const deployIds = deployIdArg
         ? [deployIdArg]
         : fs
-            .readFileSync(`./engine-private/deploy/dd.router`, 'utf8')
-            .split(',')
-            .map((d) => d.trim())
-            .filter(Boolean);
+          .readFileSync(`./engine-private/deploy/dd.router`, 'utf8')
+          .split(',')
+          .map((d) => d.trim())
+          .filter(Boolean);
 
       const addComponentToClientConf = ({ filePath, label, targetClientId, targetSubmoduleId }) => {
         if (!fs.existsSync(filePath)) return { added: 0, checked: 0, hasComponentFile: false };

package/bin/file.js

@@ -15,9 +15,13 @@ import dotenv from 'dotenv';
 
 const logger = loggerFactory(import.meta);
 
-dotenv.config({ path: `./engine-private/conf/dd-cron/.env.production`, override: true });
-
-logger.info('argv', process.argv);
+if (fs.existsSync('./engine-private/conf/dd-cron/.env.production'))
+  dotenv.config({
+    path:
+      `./engine-private/conf/dd-cron/.env.production`,
+    override: true
+  });
+else dotenv.config();
 
 let [exe, dir, type] = process.argv;
 let rawPath = process.argv[3].replaceAll(`'`, '');
@@ -56,10 +60,10 @@ try {
 
       if (type === 'update-template') {
         if (!fs.existsSync(toPath))
-          shellExec(`cd .. && underpost clone ${process.env.GITHUB_USERNAME}/pwa-microservices-template`);
+          shellExec(`cd .. && node engine/bin clone ${process.env.GITHUB_USERNAME}/pwa-microservices-template`);
         else {
           shellExec(`cd ${toPath} && git reset && git checkout . && git clean -f -d`);
-          shellExec(`underpost pull ${toPath} ${process.env.GITHUB_USERNAME}/pwa-microservices-template`);
+          shellExec(`node bin pull ${toPath} ${process.env.GITHUB_USERNAME}/pwa-microservices-template`);
           shellExec(`sudo rm -rf ${toPath}/engine-private`);
           shellExec(`sudo rm -rf ${toPath}/logs`);
         }
@@ -107,6 +111,7 @@ try {
           './src/runtime/cyberia-server',
           './src/runtime/cyberia-client',
           './test/shape-generator.test.js',
+          './src/client/public/cyberia-docs',
           'bin/cyberia.js',
         ]) {
           if (fs.existsSync(deletePath)) fs.removeSync('../pwa-microservices-template/' + deletePath);
@@ -134,9 +139,6 @@ try {
         const templatePackageJson = JSON.parse(fs.readFileSync('../pwa-microservices-template/package.json', 'utf8'));
 
         const name = templatePackageJson.name;
-        const description = templatePackageJson.description;
-        const dev = templatePackageJson.scripts.dev;
-        const build = templatePackageJson.scripts.build;
 
         templatePackageJson.dependencies = originPackageJson.dependencies;
         templatePackageJson.devDependencies = originPackageJson.devDependencies;
@@ -144,11 +146,27 @@ try {
         templatePackageJson.scripts = originPackageJson.scripts;
         templatePackageJson.overrides = originPackageJson.overrides;
         templatePackageJson.name = name;
-        templatePackageJson.description = description;
-        // templatePackageJson.scripts.dev = dev;
-        // templatePackageJson.scripts.build = build;
+        templatePackageJson.description =
+          'Underpost Platform — end-to-end CI/CD and application-delivery toolchain CLI. Covers bare metal, Kubernetes, K3s, kubeadm, LXD, container/image orchestration, secrets, databases, cron jobs, monitoring, SSH, runners, PWA + Workbox delivery, and release orchestration. Extensible via downstream CLIs.';
         templatePackageJson.keywords = uniqueArray(
-          ['pwa', 'microservices', 'template', 'builder'].concat(templatePackageJson.keywords),
+          [
+            'underpost',
+            'underpost-platform',
+            'cli',
+            'toolchain',
+            'ci-cd',
+            'devops',
+            'kubernetes',
+            'k3s',
+            'kubeadm',
+            'lxd',
+            'bare-metal',
+            'container-orchestration',
+            'image-management',
+            'pwa',
+            'workbox',
+            'microservices',
+          ].concat(templatePackageJson.keywords || []),
         );
         delete templatePackageJson.scripts['update:template'];
         fs.writeFileSync(
@@ -198,4 +216,5 @@ try {
   }
 } catch (error) {
   logger.error(error, error.stack);
-}
+  process.exit(1);
+}

package/bin/index.js

@@ -9,4 +9,5 @@ try {
   program.parse();
 } catch (error) {
   logger.error(error);
-}
+  process.exit(1);
+}

package/bin/vs.js

@@ -65,7 +65,7 @@ switch (process.argv[2]) {
 
   case 'clean': {
     shellExec(`sudo rm -rf ${vsCodeRootPath}/*`);
-    shellExec(`sudo rn -rf ${vsConfigRootPath}`);
+    shellExec(`sudo rm -rf ${vsConfigRootPath}`);
     break;
   }
   default:

package/bump.config.js

@@ -0,0 +1,26 @@
+/**
+ * bumpp configuration for the Underpost engine.
+ *
+ * Owns the *canonical* version-bearing files (anything that exposes a literal `version` field
+ * bumpp can detect natively). Non-canonical files — image tags in workflows, README badges,
+ * doc strings, deployment.yaml image refs — are handled by the custom regex walker in
+ * src/cli/release.js (VERSION_BUMP_TARGETS), because bumpp only rewrites `version`-shaped lines.
+ *
+ * release.js drives bumpp programmatically (versionBump from 'bumpp') with commit/tag/push
+ * disabled, since the engine release flow stages and commits separately via `node bin cmt`.
+ *
+ * @see https://github.com/antfu/bumpp
+ */
+export default {
+  files: [
+    'package.json',
+    'package-lock.json',
+    // engine-private confs are git-ignored and visited only if present at bump time.
+    'engine-private/conf/**/package.json',
+  ],
+  commit: false,
+  tag: false,
+  push: false,
+  confirm: false,
+  recursive: false,
+};

package/conf.js

@@ -168,11 +168,25 @@ const DefaultConf = /**/ {
       head: ['Seo', 'Pwa', 'Css', 'DefaultScripts', 'Production'],
       body: ['CacheControl', 'DefaultSplashScreen', '404', '500', 'SwaggerDarkMode'],
       mailer: { userVerifyEmail: 'DefaultVerifyEmail', userRecoverEmail: 'DefaultRecoverEmail' },
-      offline: [
-        { path: '/offline', title: 'No Network Connection', client: 'NoNetworkConnection', head: [], body: [] },
-        { path: '/maintenance', title: 'Server Maintenance', client: 'Maintenance', head: [], body: [] },
+      views: [
+        {
+          path: '/offline',
+          title: 'No Network Connection',
+          client: 'NoNetworkConnection',
+          head: [],
+          body: [],
+          offlineDefault: true,
+        },
+        {
+          path: '/maintenance',
+          title: 'Server Maintenance',
+          client: 'Maintenance',
+          head: [],
+          body: [],
+          maintenanceDefault: true,
+        },
+        { path: '/test', title: 'Test', client: 'Test', head: [], body: [] },
       ],
-      pages: [{ path: '/test', title: 'Test', client: 'Test', head: [], body: [] }],
     },
   },
   server: {
@@ -189,6 +203,8 @@ const DefaultConf = /**/ {
           provider: 'env:DB_PROVIDER:mongoose',
           host: 'env:DB_HOST:mongodb://127.0.0.1:27017',
           name: 'env:DB_NAME:default',
+          replicaSet: 'env:DB_REPLICA_SET:rs0',
+          authSource: 'env:DB_AUTH_SOURCE:admin',
           user: 'env:DB_USER:',
           password: 'env:DB_PASSWORD:',
         },

package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-backup
-              image: underpost/underpost-engine:v3.2.8
+              image: underpost/underpost-engine:v3.2.10
               command:
                 - /bin/sh
                 - -c
@@ -42,7 +42,7 @@ spec:
                 type: Directory
               name: underpost-cron-container-volume
             - hostPath:
-                path: /root/.nvm/versions/node/v24.10.0/lib/node_modules/underpost
+                path: /root/.nvm/versions/node/v24.15.0/lib/node_modules/underpost
                 type: DirectoryOrCreate
               name: underpost-share-env
           restartPolicy: OnFailure

package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-dns
-              image: underpost/underpost-engine:v3.2.8
+              image: underpost/underpost-engine:v3.2.10
               command:
                 - /bin/sh
                 - -c
@@ -42,7 +42,7 @@ spec:
                 type: Directory
               name: underpost-cron-container-volume
             - hostPath:
-                path: /root/.nvm/versions/node/v24.10.0/lib/node_modules/underpost
+                path: /root/.nvm/versions/node/v24.15.0/lib/node_modules/underpost
                 type: DirectoryOrCreate
               name: underpost-share-env
           restartPolicy: OnFailure

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.10
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -98,7 +98,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.10
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -20,7 +20,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.10
           imagePullPolicy: IfNotPresent
           envFrom:
             - secretRef:
@@ -34,6 +34,7 @@ spec:
               underpost start --build --run dd-test development
 
 
+
 ---
 apiVersion: v1
 kind: Service
@@ -147,7 +148,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.10
           imagePullPolicy: IfNotPresent
           envFrom:
             - secretRef:
@@ -161,6 +162,7 @@ spec:
               underpost start --build --run dd-test development
 
 
+
 ---
 apiVersion: v1
 kind: Service

package/manifests/kind-config-dev.yaml

@@ -1,8 +1,16 @@
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
+networking:
+  ipFamily: ipv4
 nodes:
   - role: control-plane
+    extraMounts:
+      - hostPath: /data/mongodb
+        containerPath: /data/mongodb
   - role: worker
+    extraMounts:
+      - hostPath: /data/mongodb
+        containerPath: /data/mongodb
     # extraPortMappings:
     # - containerPort: 80
     #   hostPort: 80

package/manifests/mongodb/pv-pvc.yaml

@@ -1,23 +1,59 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: mongodb-pv
+  name: mongodb-pv-0
+  labels:
+    app: mongodb
 spec:
   capacity:
     storage: 5Gi
   accessModes:
     - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: mongodb-storage-class
+  claimRef:
+    namespace: default
+    name: mongodb-storage-mongodb-0
   hostPath:
-    path: /data/mongodb
+    path: /data/mongodb/v0
+    type: DirectoryOrCreate
 ---
 apiVersion: v1
-kind: PersistentVolumeClaim
+kind: PersistentVolume
+metadata:
+  name: mongodb-pv-1
+  labels:
+    app: mongodb
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: mongodb-storage-class
+  claimRef:
+    namespace: default
+    name: mongodb-storage-mongodb-1
+  hostPath:
+    path: /data/mongodb/v1
+    type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: PersistentVolume
 metadata:
-  name: mongodb-pvc
+  name: mongodb-pv-2
+  labels:
+    app: mongodb
 spec:
-  storageClassName: ''
+  capacity:
+    storage: 5Gi
   accessModes:
     - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: mongodb-storage-class
+  claimRef:
+    namespace: default
+    name: mongodb-storage-mongodb-2
+  hostPath:
+    path: /data/mongodb/v2
+    type: DirectoryOrCreate

package/manifests/mongodb/statefulset.yaml

@@ -4,7 +4,8 @@ metadata:
   name: mongodb # Specifies the name of the statefulset
 spec:
   serviceName: 'mongodb-service' # Specifies the service to use
-  replicas: 2
+  podManagementPolicy: OrderedReady # or Parallel
+  replicas: 3
   selector:
     matchLabels:
       app: mongodb
@@ -13,80 +14,58 @@ spec:
       labels:
         app: mongodb
     spec:
+      subdomain: mongodb-service
+      securityContext:
+        fsGroup: 999
+      initContainers:
+        - name: internal-keyfile-provisioner
+          image: docker.io/library/mongo:latest
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+          command:
+            - sh
+            - -c
+            - |
+              set -ex
+              mkdir -p /opt/mongodb
+              cp /tmp/raw-keyfile/mongodb-keyfile /opt/mongodb/mongodb-keyfile
+              chmod 400 /opt/mongodb/mongodb-keyfile
+              chown -R 999:999 /opt/mongodb
+              chown -R 999:999 /data/db
+              rm -f /data/db/mongod.lock
+          volumeMounts:
+            - name: raw-secret-keyfile-volume
+              mountPath: /tmp/raw-keyfile
+            - name: isolated-runtime-keyfile-volume
+              mountPath: /opt/mongodb
+            - name: mongodb-storage
+              mountPath: /data/db
       containers:
         - name: mongodb
           image: docker.io/library/mongo:latest
           command:
             - mongod
+          args:
             - '--replSet'
             - 'rs0'
-            # - '--config'
-            # - '-f'
-            # - '/etc/mongod.conf'
-            # - '--auth'
-            # - '--clusterAuthMode'
-            # - 'keyFile'
-            # - '--keyFile'
-            # - '/etc/mongodb-keyfile'
-            # - '--interleave'
-            # - 'all'
-            # - '--wiredTigerCacheSizeGB'
-            # - '0.25'
-            # - '--setParameter'
-            # - 'authenticationMechanisms=SCRAM-SHA-1'
-            # - '--fork'
-            - '--logpath'
-            - '/var/log/mongodb/mongod.log'
+            - '--auth'
+            - '--clusterAuthMode'
+            - 'keyFile'
+            - '--keyFile'
+            - '/opt/mongodb/mongodb-keyfile'
             - '--bind_ip_all'
-          # command: ['sh', '-c']
-          # args:
-          #   - |
-          #     mongod --replSet rs0 --bind_ip_all &
-          #     sleep 1000
-          #     if mongosh --host mongodb-0.mongodb-service:27017 --eval "rs.status()" | grep -q "not yet initialized"; then
-          #       mongosh --host mongodb-0.mongodb-service:27017 <<EOF
-          #       use admin;
-          #       rs.initiate({
-          #         _id: "rs0",
-          #         members: [
-          #           { _id: 0, host: "mongodb-0.mongodb-service:27017", priority: 1 },
-          #           { _id: 1, host: "mongodb-1.mongodb-service:27017", priority: 1 }
-          #         ]
-          #       });
-          #       db.getSiblingDB("admin").createUser({
-          #         user: process.env.MONGO_INITDB_ROOT_USERNAME,
-          #         pwd: process.env.MONGO_INITDB_ROOT_PASSWORD,
-          #         roles: [{ role: "userAdminAnyDatabase", db: "admin" }]
-          #       });
-          #       use default;
-          #       db.createUser(
-          #         {
-          #           user: process.env.MONGO_INITDB_ROOT_USERNAME,
-          #           pwd: process.env.MONGO_INITDB_ROOT_PASSWORD,
-          #           roles: [
-          #             { role: "read", db: "test" },
-          #             { role: "readWrite", db: "default" }
-          #           ]
-          #         }
-          #       );
-          #       EOF
-          #     fi
-          #     wait
+
           ports:
             - containerPort: 27017
           volumeMounts:
+            - name: isolated-runtime-keyfile-volume
+              mountPath: /opt/mongodb
             - name: mongodb-storage
               mountPath: /data/db
-            - name: keyfile
-              mountPath: /etc/mongodb-keyfile
-              readOnly: true
-            # - name: mongodb-configuration-file
-            #   mountPath: /etc/mongod.conf
-            #   subPath: mongod.conf
-            #   readOnly: true
-            # - name: mongodb-config
-            #   mountPath: /config
           env:
+            - name: MONGO_REPLICA_SET_NAME
+              value: rs0
             - name: MONGO_INITDB_ROOT_USERNAME
               valueFrom:
                 secretKeyRef:
@@ -97,6 +76,18 @@ spec:
                 secretKeyRef:
                   name: mongodb-secret
                   key: password
+          readinessProbe:
+            tcpSocket:
+              port: 27017
+            initialDelaySeconds: 15
+            periodSeconds: 10
+            timeoutSeconds: 5
+          livenessProbe:
+            tcpSocket:
+              port: 27017
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 5
           resources:
             requests:
               cpu: '100m'
@@ -105,16 +96,12 @@ spec:
               cpu: '500m'
               memory: '512Mi'
       volumes:
-        - name: keyfile
+        - name: raw-secret-keyfile-volume
           secret:
             secretName: mongodb-keyfile
             defaultMode: 0400
-        # - name: mongodb-configuration-file
-        #   configMap:
-        #     name: mongodb-config-file
-        # - name: mongodb-config
-        #   configMap:
-        #     name: mongodb-config
+        - name: isolated-runtime-keyfile-volume
+          emptyDir: {}
   volumeClaimTemplates:
     - metadata:
         name: mongodb-storage