underpost 3.2.9 → 3.2.11

package/src/cli/deploy.js

@@ -127,6 +127,7 @@ class UnderpostDeploy {
      * @param {Array<string>} cmd - Command to run in the deployment container.
      * @param {boolean} skipFullBuild - Whether to skip the full client bundle build during deployment.
      * @param {boolean} pullBundle - Whether to pull the pre-built client bundle from Cloudinary before starting. Use together with skipFullBuild to skip the local build entirely.
+     * @param {string} [imagePullPolicy] - Container imagePullPolicy override (`Always`, `IfNotPresent`, `Never`). When omitted, defaults to `Never` for `localhost/` images and `IfNotPresent` otherwise.
      * @returns {string} - YAML deployment configuration for the specified deployment.
      * @memberof UnderpostDeploy
      */
@@ -142,6 +143,17 @@ class UnderpostDeploy {
       cmd,
       skipFullBuild,
       pullBundle,
+      imagePullPolicy,
+      // K8S lifecycle + probe wiring. Pass-through structures shaped like the
+      // upstream Kubernetes API, spliced verbatim into the container spec.
+      //   lifecycle:        { postStart: { exec: { command: [...] } }, preStop: { exec: { command: [...] } } }
+      //   readinessProbe:   { tcpSocket: { port: 8081 }, ... }
+      //   livenessProbe:    { tcpSocket: { port: 8081 }, ... }
+      //   containerPort:    integer; rendered as ports[0].containerPort. Optional.
+      lifecycle,
+      readinessProbe,
+      livenessProbe,
+      containerPort,
     }) {
       if (!cmd)
         cmd =
@@ -188,26 +200,60 @@ spec:
       containers:
         - name: ${deployId}-${env}-${suffix}
           image: ${containerImage}
-          imagePullPolicy: ${containerImage.startsWith('localhost/') ? 'Never' : 'IfNotPresent'}
+          imagePullPolicy: ${imagePullPolicy ? imagePullPolicy : containerImage.startsWith('localhost/') ? 'Never' : 'IfNotPresent'}
           envFrom:
             - secretRef:
                 name: underpost-config
 ${
-  resources
-    ? `          resources:
+  containerPort
+    ? `          ports:
+            - containerPort: ${containerPort}
+`
+    : ''
+}${
+        resources
+          ? `          resources:
             requests:
               memory: "${resources.requests.memory}"
               cpu: "${resources.requests.cpu}"
             limits:
               memory: "${resources.limits.memory}"
               cpu: "${resources.limits.cpu}"`
-    : ''
-}
+          : ''
+      }
           command:
             - /bin/sh
             - -c
             - >
               ${cmd.join(' &&\n              ')}
+${
+  readinessProbe
+    ? `          readinessProbe:
+${JSON.stringify(readinessProbe, null, 2)
+  .split('\n')
+  .map((l) => '            ' + l)
+  .join('\n')}
+`
+    : ''
+}${
+        livenessProbe
+          ? `          livenessProbe:
+${JSON.stringify(livenessProbe, null, 2)
+  .split('\n')
+  .map((l) => '            ' + l)
+  .join('\n')}
+`
+          : ''
+      }${
+        lifecycle
+          ? `          lifecycle:
+${JSON.stringify(lifecycle, null, 2)
+  .split('\n')
+  .map((l) => '            ' + l)
+  .join('\n')}
+`
+          : ''
+      }
 
 ${
   volumes.length > 0
@@ -248,6 +294,7 @@ spec:
      * @param {string} [options.traffic] - Traffic status for the deployment.
      * @param {boolean} [options.skipFullBuild] - Whether to skip the full client bundle build; forwarded to deploymentYamlPartsFactory to generate a pull-bundle startup command.
      * @param {boolean} [options.pullBundle] - Whether to pull the pre-built client bundle from Cloudinary; forwarded to deploymentYamlPartsFactory. Use together with skipFullBuild.
+     * @param {string} [options.imagePullPolicy] - Container imagePullPolicy override (`Always`, `IfNotPresent`, `Never`); forwarded to deploymentYamlPartsFactory. When omitted, the builder defaults to `Never` for `localhost/` images and `IfNotPresent` otherwise.
      * @returns {Promise<void>} - Promise that resolves when the manifest is built.
      * @memberof UnderpostDeploy
      */
@@ -286,6 +333,7 @@ ${Underpost.deploy
     cmd: options.cmd ? options.cmd.split(',').map((c) => c.trim()) : undefined,
     skipFullBuild: options.skipFullBuild,
     pullBundle: options.pullBundle,
+    imagePullPolicy: options.imagePullPolicy,
   })
   .replace('{{ports}}', buildKindPorts(fromPort, toPort))}
 `;
@@ -509,10 +557,15 @@ spec:
       const hostTest = options?.hostTest
         ? options.hostTest
         : Object.keys(loadConfServerJson(`./engine-private/conf/${deployId}/conf.server.json`))[0];
+      // Missing HTTPProxy is the canonical "no traffic colour set yet" state
+      // for blue/green rollouts. silentOnError swallows kubectl's NotFound
+      // exit so the function can return null cleanly.
       const info = shellExec(`sudo kubectl get HTTPProxy/${hostTest} -n ${options.namespace} -o yaml`, {
         silent: true,
         stdout: true,
+        silentOnError: true,
       });
+      if (!info) return null;
       return info.match('blue') ? 'blue' : info.match('green') ? 'green' : null;
     },
 
@@ -563,13 +616,11 @@ spec:
      * @param {string} options.traffic - Traffic status for the deployment.
      * @param {string} options.replicas - Number of replicas for the deployment.
      * @param {string} options.node - Node name for resource allocation.
-     * @param {boolean} options.restoreHosts - Whether to restore the hosts file.
      * @param {boolean} options.disableUpdateDeployment - Whether to disable deployment updates.
      * @param {boolean} options.disableUpdateProxy - Whether to disable proxy updates.
      * @param {boolean} options.disableDeploymentProxy - Whether to disable deployment proxy.
      * @param {boolean} options.disableUpdateVolume - Whether to disable volume updates.
      * @param {boolean} options.status - Whether to display deployment status.
-     * @param {boolean} options.etcHosts - Whether to display the /etc/hosts file.
      * @param {boolean} options.disableUpdateUnderpostConfig - Whether to disable Underpost config updates.
      * @param {string} [options.namespace] - Kubernetes namespace for the deployment.
      * @param {string} [options.timeoutResponse] - Timeout response setting for the deployment.
@@ -586,6 +637,7 @@ spec:
      * @param {boolean} [options.gitClean] - Whether to run git clean on volume mount paths before copying.
      * @param {boolean} [options.skipFullBuild] - Whether to skip the full client bundle build; passed through to buildManifest/deploymentYamlPartsFactory.
      * @param {boolean} [options.pullBundle] - Whether to pull the pre-built client bundle from Cloudinary; passed through to buildManifest/deploymentYamlPartsFactory. Use together with skipFullBuild.
+     * @param {string} [options.imagePullPolicy] - Container imagePullPolicy override (`Always`, `IfNotPresent`, `Never`); passed through to buildManifest/deploymentYamlPartsFactory. When omitted, the builder defaults to `Never` for `localhost/` images and `IfNotPresent` otherwise.
      * @returns {Promise<void>} - Promise that resolves when the deployment process is complete.
      * @memberof UnderpostDeploy
      */
@@ -606,13 +658,11 @@ spec:
         traffic: '',
         replicas: '',
         node: '',
-        restoreHosts: false,
         disableUpdateDeployment: false,
         disableUpdateProxy: false,
         disableDeploymentProxy: false,
         disableUpdateVolume: false,
         status: false,
-        etcHosts: false,
         disableUpdateUnderpostConfig: false,
         namespace: '',
         timeoutResponse: '',
@@ -627,6 +677,7 @@ spec:
         kubeadm: false,
         kind: false,
         gitClean: false,
+        imagePullPolicy: '',
       },
     ) {
       const namespace = options.namespace ? options.namespace : 'default';
@@ -695,14 +746,6 @@ EOF`);
         return;
       }
       if (!options.disableUpdateUnderpostConfig) Underpost.deploy.configMap(env);
-      let renderHosts = '';
-      let etcHosts = [];
-      if (options.restoreHosts === true) {
-        const factoryResult = Underpost.deploy.etcHostFactory(etcHosts);
-        renderHosts = factoryResult.renderHosts;
-        logger.info(renderHosts);
-        return;
-      }
 
       for (const _deployId of deployList.split(',')) {
         const deployId = _deployId.trim();
@@ -710,6 +753,10 @@ EOF`);
         if (options.expose === true) {
           const kindType = options.kindType ? options.kindType : 'svc';
           const svc = Underpost.kubectl.get(deployId, kindType)[0];
+          if (!svc) {
+            logger.error(`No ${kindType} found matching '${deployId}', skipping expose`);
+            continue;
+          }
           const port = options.exposePort
             ? parseInt(options.exposePort)
             : options.port
@@ -759,7 +806,6 @@ EOF`);
             if (Underpost.deploy.isValidTLSContext({ host, env, options }))
               shellExec(`sudo kubectl delete Certificate ${host} -n ${namespace} --ignore-not-found`);
           }
-          if (!options.remove) etcHosts.push(host);
         }
 
         const manifestsPath =
@@ -780,15 +826,6 @@ EOF`);
             shellExec(`sudo kubectl apply -f ./${manifestsPath}/secret.yaml -n ${namespace}`);
         }
       }
-      if (options.etcHosts === true) {
-        const factoryResult = Underpost.deploy.etcHostFactory(etcHosts);
-        renderHosts = factoryResult.renderHosts;
-      }
-      if (renderHosts)
-        logger.info(
-          `
-` + renderHosts,
-        );
     },
     /**
      * Checks the status of a deployment.
@@ -801,25 +838,41 @@ EOF`);
      * @memberof UnderpostDeploy
      */
     async checkDeploymentReadyStatus(deployId, env, traffic, ignoresNames = [], namespace = 'default') {
-      const cmd = `underpost config get container-status`;
       const pods = Underpost.kubectl.get(`${deployId}-${env}-${traffic}`, 'pods', namespace);
       const readyPods = [];
       const notReadyPods = [];
+
+      // Readiness signal: the pod's Kubernetes `Ready` condition driven by the
+      // container's readinessProbe (TCP socket, HTTP get, or exec). Set by kubelet
+      // when the probe passes. A failed or crashing runtime never becomes Ready —
+      // kubelet surfaces CrashLoopBackOff and this gate stays closed.
       for (const pod of pods) {
         const { NAME } = pod;
         if (ignoresNames && ignoresNames.find((t) => NAME.trim().toLowerCase().match(t.trim().toLowerCase()))) continue;
-        const out = await new Promise((resolve) => {
-          shellExec(`sudo kubectl exec -i ${NAME} -n ${namespace} -- sh -c "${cmd}"`, {
+
+        let podJson = null;
+        try {
+          // Pod may not exist yet (between deployment apply and pod
+          // scheduling). silentOnError lets the monitor loop continue
+          // instead of aborting on the transient NotFound exit.
+          const raw = shellExec(`sudo kubectl get pod ${NAME} -n ${namespace} -o json`, {
             silent: true,
             disableLog: true,
-            callback: function (code, stdout, stderr) {
-              return resolve(JSON.stringify({ code, stdout, stderr }));
-            },
+            stdout: true,
+            silentOnError: true,
           });
-        });
-        pod.out = out;
-        const ready = out.match(`${deployId}-${env}-running-deployment`);
-        ready ? readyPods.push(pod) : notReadyPods.push(pod);
+          podJson = raw ? JSON.parse(raw) : null;
+        } catch (_) {
+          podJson = null;
+        }
+        const conditions = podJson?.status?.conditions || [];
+        const readyCondition = conditions.find((c) => c.type === 'Ready');
+        const k8sReady = readyCondition?.status === 'True';
+
+        pod.out = JSON.stringify({ k8sReady, condition: readyCondition ?? null });
+
+        if (k8sReady) readyPods.push(pod);
+        else notReadyPods.push(pod);
       }
       return {
         ready: pods.length > 0 && notReadyPods.length === 0,
@@ -853,6 +906,7 @@ EOF`);
      * @param {string} options.timeoutIdle - Timeout idle setting for the deployment.
      * @param {string} options.retryCount - Retry count setting for the deployment.
      * @param {string} options.retryPerTryTimeout - Retry per-try timeout setting for the deployment.
+     * @param {string} [options.imagePullPolicy] - Container imagePullPolicy override; forwarded to the manifest rebuild triggered here.
      * @memberof UnderpostDeploy
      */
     switchTraffic(
@@ -866,12 +920,14 @@ EOF`);
         timeoutIdle: '',
         retryCount: '',
         retryPerTryTimeout: '',
+        imagePullPolicy: '',
       },
     ) {
       const timeoutFlags = Underpost.deploy.timeoutFlagsFactory(options);
+      const imagePullPolicyFlag = options.imagePullPolicy ? ` --image-pull-policy ${options.imagePullPolicy}` : '';
 
       shellExec(
-        `node bin deploy --info-router --build-manifest --traffic ${targetTraffic} --replicas ${replicas} --namespace ${namespace}${timeoutFlags} ${deployId} ${env}`,
+        `node bin deploy --info-router --build-manifest --traffic ${targetTraffic} --replicas ${replicas} --namespace ${namespace}${timeoutFlags}${imagePullPolicyFlag} ${deployId} ${env}`,
       );
 
       shellExec(`sudo kubectl apply -f ./engine-private/conf/${deployId}/build/${env}/proxy.yaml -n ${namespace}`);
@@ -1070,42 +1126,6 @@ spec:
       storage: 5Gi`;
     },
 
-    /**
-     * Creates a hosts file for a deployment.
-     * @param {Array<string>} hosts - List of hosts to be added to the hosts file.
-     * @param {object} options - Options for the hosts file creation.
-     * @param {boolean} options.append - Whether to append to the existing hosts file.
-     * @returns {object} - Object containing the rendered hosts file.
-     * @memberof UnderpostDeploy
-     */
-    etcHostFactory(hosts = [], options = { append: false }) {
-      hosts = hosts.map((host) => {
-        try {
-          if (!host.startsWith('http')) host = `http://${host}`;
-          const hostname = new URL(host).hostname;
-          logger.info('Hostname extract valid', { host, hostname });
-          return hostname;
-        } catch (e) {
-          logger.warn('No hostname extract valid', host);
-          return host;
-        }
-      });
-      const renderHosts = `127.0.0.1         ${hosts.join(
-        ' ',
-      )} localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6`;
-
-      if (options && options.append && fs.existsSync(`/etc/hosts`)) {
-        fs.writeFileSync(
-          `/etc/hosts`,
-          fs.readFileSync(`/etc/hosts`, 'utf8') +
-            `
-${renderHosts}`,
-          'utf8',
-        );
-      } else fs.writeFileSync(`/etc/hosts`, renderHosts, 'utf8');
-      return { renderHosts };
-    },
     /**
      * Checks if a TLS context is valid.
      * @param {object} options - Options for the check.
@@ -1119,9 +1139,25 @@ ${renderHosts}`,
       env === 'production' &&
       options.cert === true &&
       (!options.certHosts || options.certHosts.split(',').includes(host)),
-
     /**
      * Monitors the ready status of a deployment.
+     *
+     * Ready signal:
+     *   The orchestrator gate is the Kubernetes pod Ready condition. When the
+     *   container's `readinessProbe` succeeds, kubelet flips
+     *   `status.conditions[Ready]` to True and `checkDeploymentReadyStatus`
+     *   returns the pod in `readyPods`. This is the only required signal — see
+     *   `src/client/public/nexodev/docs/references/Deploy custom instance to K8S.md`.
+     *
+     * Container-status:
+     *   `underpost config get container-status` is read from each pod for both
+     *   the display column and as a second ready gate alongside the K8S Ready
+     *   condition. Both must be satisfied before the monitor exits:
+     *     1. K8S readinessProbe (TCP socket) — ensures the port is bound.
+     *     2. container-status == `<deploy>-<env>-running-deployment` — ensures
+     *        the application has completed its own startup sequence.
+     *   Early-abort on `error` container-status remains in effect.
+     *
      * @param {string} deployId - Deployment ID for which the ready status is being monitored.
      * @param {string} env - Environment for which the ready status is being monitored.
      * @param {string} targetTraffic - Target traffic status for the deployment.
@@ -1131,79 +1167,94 @@ ${renderHosts}`,
      * @memberof UnderpostDeploy
      */
     async monitorReadyRunner(deployId, env, targetTraffic, ignorePods = [], namespace = 'default') {
-      let checkStatusIteration = 0;
-      const checkStatusIterationMsDelay = 1000;
+      const delayMs = 1000;
       const maxIterations = 3000;
       const deploymentId = `${deployId}-${env}-${targetTraffic}`;
-      const iteratorTag = `[${deploymentId}]`;
-      logger.info('Deployment init', { deployId, env, targetTraffic, checkStatusIterationMsDelay, namespace });
-      const minReadyOk = 3;
-      let readyOk = 0;
-      let result = {
-        ready: false,
-        notReadyPods: [],
-        readyPods: [],
-      };
-      let lastMsg = {};
-      while (readyOk < minReadyOk) {
-        if (checkStatusIteration >= maxIterations) {
-          logger.error(
-            `${iteratorTag} | Deployment check ready status timeout. Max iterations reached: ${maxIterations}`,
+      const expectedContainerStatus = `${deployId}-${env}-running-deployment`;
+      const tag = `[${deploymentId}]`;
+      const containerStatusDefault = 'waiting for status';
+
+      logger.info('Deployment init', { deployId, env, targetTraffic, namespace });
+
+      // Per-pod cache of last-known container-status (persists across retries)
+      const podStatusCache = new Map();
+
+      const readContainerStatus = (podName) => {
+        try {
+          const raw = shellExec(
+            `sudo kubectl exec ${podName} -n ${namespace} -- sh -c 'underpost config get container-status --plain'`,
+            { silent: true, disableLog: true, stdout: true, silentOnError: true },
           );
-          break;
+          const val = raw ? raw.toString().trim() : '';
+          return val && val !== 'undefined' ? val : containerStatusDefault;
+        } catch (_) {
+          // exec failed (e.g. pod not yet running) — preserve last known value
+          return podStatusCache.get(podName) || containerStatusDefault;
         }
-        result = await Underpost.deploy.checkDeploymentReadyStatus(deployId, env, targetTraffic, ignorePods, namespace);
-        if (result.ready === true) {
-          readyOk++;
-          logger.info(`${iteratorTag} | Deployment ready. Verification number: ${readyOk}`);
-          for (const pod of result.readyPods) {
-            const { NAME } = pod;
-            lastMsg[NAME] = 'Deployment ready';
-            console.log(
-              'Target pod:',
-              NAME[NAME.match('green') ? 'bgGreen' : 'bgBlue'].bold.black,
-              '| Status:',
-              lastMsg[NAME].bold.magenta,
-            );
-          }
+      };
+
+      for (let i = 0; i < maxIterations; i++) {
+        const result = await Underpost.deploy.checkDeploymentReadyStatus(
+          deployId,
+          env,
+          targetTraffic,
+          ignorePods,
+          namespace,
+        );
+
+        const allPods = [...result.readyPods, ...result.notReadyPods];
+
+        // Update cache with latest status for each pod (informational + error gate)
+        for (const pod of allPods) {
+          if (!pod?.NAME) continue;
+          const status = readContainerStatus(pod.NAME);
+          if (status === 'error') throw new Error(`Pod ${pod.NAME} has error status`);
+          podStatusCache.set(pod.NAME, status);
         }
 
-        {
-          let indexOf = -1;
-          for (const pod of result.notReadyPods) {
-            indexOf++;
-            const { NAME, out } = pod;
+        const allPodsK8sReady = allPods.length > 0 && result.notReadyPods.length === 0;
 
-            if (out.match('not') && out.match('found') && checkStatusIteration <= 20 && out.match(deploymentId))
-              lastMsg[NAME] = 'Starting deployment';
-            // else if (out.match('not') && out.match('found') && checkStatusIteration <= 20 && out.match('underpost'))
-            //   lastMsg[NAME] = 'Installing underpost cli';
-            else if (out.match('not') && out.match('found') && checkStatusIteration <= 20 && out.match('task'))
-              lastMsg[NAME] = 'Initializing setup task';
-            else if (out.match('Empty environment variables')) lastMsg[NAME] = 'Setup environment';
-            else if (out.match(`${deployId}-${env}-build-deployment`)) lastMsg[NAME] = 'Building apps/services';
-            else if (out.match(`${deployId}-${env}-initializing-deployment`))
-              lastMsg[NAME] = 'Initializing apps/services';
-            else if (!lastMsg[NAME]) lastMsg[NAME] = `Waiting for status`;
+        const allPodsStatusReady =
+          allPods.length > 0 && allPods.every((pod) => podStatusCache.get(pod.NAME) === expectedContainerStatus);
 
-            console.log(
-              'Target pod:',
-              NAME[NAME.match('green') ? 'bgGreen' : 'bgBlue'].bold.black,
-              '| Status:',
-              lastMsg[NAME].bold.magenta,
-            );
-          }
+        // Print snapshot for every pod — annotate when container-status hasn't caught
+        // up to the K8S Ready condition yet.
+        for (const pod of allPods) {
+          const status = podStatusCache.get(pod.NAME) || containerStatusDefault;
+          const podStatus = pod.STATUS || 'Unknown';
+          const statusMatchesExpected = status === expectedContainerStatus;
+          const statusDisplay = statusMatchesExpected ? status : `${status} (pending)`;
+
+          console.log(
+            'Target pod:',
+            pod.NAME[pod.NAME.includes('green') ? 'bgGreen' : 'bgBlue'].bold.black,
+            '| Pod status:',
+            podStatus.bold.yellow,
+            '| Runtime status:',
+            statusDisplay.bold.cyan,
+          );
+        }
+
+        // Both K8S readinessProbe AND container-status must be satisfied before
+        // declaring the deployment ready. The TCP probe ensures the port is bound;
+        // container-status == running-deployment ensures the application has
+        // completed its own startup sequence so traffic is not switched prematurely.
+        if (allPodsK8sReady && allPodsStatusReady) {
+          logger.info(`${tag} | All pods Ready (K8S readinessProbe satisfied)`);
+          return result;
+        }
+
+        await timer(delayMs);
+
+        if ((i + 1) % 10 === 0) {
+          logger.info(`${tag} | In progress... iteration ${i + 1}`);
         }
-        await timer(checkStatusIterationMsDelay);
-        checkStatusIteration++;
-        logger.info(
-          `${iteratorTag} | Deployment in progress... | Delay number monitor iterations: ${checkStatusIteration}`,
-        );
       }
-      logger.info(
-        `${iteratorTag} | Deployment ready. | Total delay number monitor iterations: ${checkStatusIteration}`,
+
+      logger.error(`${tag} | Deployment timeout after ${maxIterations} iterations`);
+      throw new Error(
+        `monitorReadyRunner timeout: ${deploymentId} did not become Ready within ${maxIterations}*${delayMs}ms`,
       );
-      return result;
     },
 
     /**
@@ -1363,6 +1414,34 @@ ${renderHosts}`,
       return undefined;
     },
 
+    /**
+     * Extracts a non-standard `imagePullPolicy` key from an env-resolved
+     * instance lifecycle block (the convention used in `conf.instances.json`,
+     * where `imagePullPolicy` sits alongside `postStart`/`preStop` for
+     * per-instance ergonomics) and returns a clean lifecycle hash that is
+     * safe to splice into the K8S container spec.
+     *
+     * Returns `{ lifecycle, imagePullPolicy }`:
+     *   - `lifecycle` — the input minus `imagePullPolicy`, or `undefined` when
+     *     the resulting block is empty.
+     *   - `imagePullPolicy` — the extracted value, or `undefined` if absent.
+     *
+     * @param {object|undefined} lifecycle - Env-resolved lifecycle block
+     *   (already passed through pickEnv). May be `undefined`.
+     * @returns {{ lifecycle: (object|undefined), imagePullPolicy: (string|undefined) }}
+     * @memberof UnderpostDeploy
+     */
+    extractInstanceImagePullPolicy(lifecycle) {
+      if (!lifecycle || typeof lifecycle !== 'object' || !('imagePullPolicy' in lifecycle)) {
+        return { lifecycle, imagePullPolicy: undefined };
+      }
+      const { imagePullPolicy, ...rest } = lifecycle;
+      return {
+        lifecycle: Object.keys(rest).length > 0 ? rest : undefined,
+        imagePullPolicy,
+      };
+    },
+
     /**
      * Generates timeout flags string for deployment commands.
      * @param {object} options - Options containing timeout settings.

package/src/cli/fs.js

@@ -127,7 +127,11 @@ class UnderpostFileStorage {
         if (options.git === true) {
           const gitPath = hasPathFilter ? basePath : '.';
           shellExec(`cd ${gitPath} && git add .`);
-          shellExec(`underpost cmt ${gitPath} feat`);
+          shellExec(`underpost cmt ${gitPath} feat`, {
+            silentOnError: true,
+            silent: true,
+            disableLog: true,
+          });
         }
 
         return;
@@ -154,7 +158,9 @@ class UnderpostFileStorage {
         // For bundle pulls into ./build the git step is unwanted and would error on a non-repo path.
         if (options.git === true) {
           Underpost.repo.initLocalRepo({ path });
-          shellExec(`cd ${path} && git add . && git commit -m "Base pull state"`);
+          shellExec(`cd ${path} && git add . && git commit -m "Base pull state"`, {
+            silentOnError: true,
+          });
         }
       } else {
         const files =
@@ -173,7 +179,11 @@ class UnderpostFileStorage {
       Underpost.fs.writeStorageConf(storage, storageConf);
       if (options.git === true) {
         shellExec(`cd ${path} && git add .`);
-        shellExec(`underpost cmt ${path} feat`);
+        shellExec(`underpost cmt ${path} feat`, {
+          silentOnError: true,
+          silent: true,
+          disableLog: true,
+        });
       }
     },
     /**