windmill-cli 1.713.1 → 1.714.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/main.js +48 -29
- package/package.json +1 -1
package/esm/main.js
CHANGED
|
@@ -16772,7 +16772,7 @@ var init_OpenAPI = __esm(() => {
|
|
|
16772
16772
|
PASSWORD: undefined,
|
|
16773
16773
|
TOKEN: getEnv3("WM_TOKEN"),
|
|
16774
16774
|
USERNAME: undefined,
|
|
16775
|
-
VERSION: "1.
|
|
16775
|
+
VERSION: "1.714.0",
|
|
16776
16776
|
WITH_CREDENTIALS: true,
|
|
16777
16777
|
interceptors: {
|
|
16778
16778
|
request: new Interceptors,
|
|
@@ -25465,16 +25465,23 @@ function deriveGitSyncDeployIncludes(items, useIndividualBranch) {
|
|
|
25465
25465
|
extraIncludes.push(...gitSyncIncludePattern(path_type, parent_path).split(","));
|
|
25466
25466
|
}
|
|
25467
25467
|
}
|
|
25468
|
-
const
|
|
25469
|
-
|
|
25470
|
-
|
|
25471
|
-
|
|
25472
|
-
|
|
25473
|
-
|
|
25474
|
-
|
|
25475
|
-
|
|
25476
|
-
|
|
25477
|
-
|
|
25468
|
+
const forcedIncludes = {};
|
|
25469
|
+
if (!useIndividualBranch) {
|
|
25470
|
+
const has = (pred) => items.some((i) => pred(i.path_type));
|
|
25471
|
+
if (has((t) => t === "schedule"))
|
|
25472
|
+
forcedIncludes.includeSchedules = true;
|
|
25473
|
+
if (has((t) => t === "group"))
|
|
25474
|
+
forcedIncludes.includeGroups = true;
|
|
25475
|
+
if (has((t) => t === "user"))
|
|
25476
|
+
forcedIncludes.includeUsers = true;
|
|
25477
|
+
if (has((t) => t.includes("trigger")))
|
|
25478
|
+
forcedIncludes.includeTriggers = true;
|
|
25479
|
+
if (has((t) => t === "settings"))
|
|
25480
|
+
forcedIncludes.includeSettings = true;
|
|
25481
|
+
if (has((t) => t === "key"))
|
|
25482
|
+
forcedIncludes.includeKey = true;
|
|
25483
|
+
}
|
|
25484
|
+
return { extraIncludes, forcedIncludes };
|
|
25478
25485
|
}
|
|
25479
25486
|
function git(args, opts) {
|
|
25480
25487
|
const r = spawnSync("git", args, { encoding: "utf8", stdio: "pipe" });
|
|
@@ -67645,12 +67652,7 @@ async function gitDeploy(opts) {
|
|
|
67645
67652
|
...opts.extraIncludes ?? [],
|
|
67646
67653
|
...includes.extraIncludes
|
|
67647
67654
|
],
|
|
67648
|
-
|
|
67649
|
-
includeGroups: opts.includeGroups || includes.includeGroups,
|
|
67650
|
-
includeUsers: opts.includeUsers || includes.includeUsers,
|
|
67651
|
-
includeTriggers: opts.includeTriggers || includes.includeTriggers,
|
|
67652
|
-
includeSettings: opts.includeSettings || includes.includeSettings,
|
|
67653
|
-
includeKey: opts.includeKey || includes.includeKey,
|
|
67655
|
+
...includes.forcedIncludes,
|
|
67654
67656
|
promotion
|
|
67655
67657
|
});
|
|
67656
67658
|
}
|
|
@@ -68185,7 +68187,10 @@ Run 'wmill folder add-missing' to create them locally, then push again.`;
|
|
|
68185
68187
|
if (isWsSpecific) {
|
|
68186
68188
|
originalWorkspaceSpecificPath = getWorkspaceSpecificPath(change.path, specificItems, wsNameForFiles);
|
|
68187
68189
|
}
|
|
68188
|
-
await pushObj(workspace.workspaceId, change.path, oldObj, newObj, opts.plainSecrets ?? false, alreadySynced, opts.message, originalWorkspaceSpecificPath, permissionedAsContext, isWsSpecific ? true : undefined
|
|
68190
|
+
await pushObj(workspace.workspaceId, change.path, oldObj, newObj, opts.plainSecrets ?? false, alreadySynced, opts.message, originalWorkspaceSpecificPath, permissionedAsContext, isWsSpecific ? true : undefined, {
|
|
68191
|
+
noninteractive: (opts.yes ?? false) || !process.stdin.isTTY,
|
|
68192
|
+
skipReencrypt: opts.skipReencryptOnKeyChange
|
|
68193
|
+
});
|
|
68189
68194
|
if (stateTarget) {
|
|
68190
68195
|
await writeFile7(stateTarget, change.after, "utf-8");
|
|
68191
68196
|
}
|
|
@@ -68215,7 +68220,10 @@ Run 'wmill folder add-missing' to create them locally, then push again.`;
|
|
|
68215
68220
|
localFilePath = workspaceSpecificPath;
|
|
68216
68221
|
}
|
|
68217
68222
|
}
|
|
68218
|
-
await pushObj(workspace.workspaceId, change.path, undefined, obj, opts.plainSecrets ?? false, [], opts.message, localFilePath, permissionedAsContext, isAddedWsSpecific ? true : undefined
|
|
68223
|
+
await pushObj(workspace.workspaceId, change.path, undefined, obj, opts.plainSecrets ?? false, [], opts.message, localFilePath, permissionedAsContext, isAddedWsSpecific ? true : undefined, {
|
|
68224
|
+
noninteractive: (opts.yes ?? false) || !process.stdin.isTTY,
|
|
68225
|
+
skipReencrypt: opts.skipReencryptOnKeyChange
|
|
68226
|
+
});
|
|
68219
68227
|
if (stateTarget) {
|
|
68220
68228
|
await writeFile7(stateTarget, change.content, "utf-8");
|
|
68221
68229
|
}
|
|
@@ -68633,7 +68641,7 @@ var init_sync = __esm(async () => {
|
|
|
68633
68641
|
aliasDuplicateObjects: false,
|
|
68634
68642
|
singleQuote: true
|
|
68635
68643
|
};
|
|
68636
|
-
command8 = new Command().description("sync local with a remote workspaces or the opposite (push or pull)").action(() => info("2 actions available, pull and push. Use -h to display help.")).command("pull").description("Pull any remote changes and apply them locally.").option("--yes", "Pull without needing confirmation").option("--dry-run", "Show changes that would be pulled without actually pushing").option("--plain-secrets", "Pull secrets as plain text").option("--json", "Use JSON instead of YAML").option("--skip-variables", "Skip syncing variables (including secrets)").option("--skip-secrets", "Skip syncing only secrets variables").option("--include-secrets", "Include secrets in sync (overrides skipSecrets in wmill.yaml)").option("--skip-resources", "Skip syncing resources").option("--skip-resource-types", "Skip syncing resource types").option("--skip-scripts", "Skip syncing scripts").option("--skip-flows", "Skip syncing flows").option("--skip-apps", "Skip syncing apps").option("--skip-folders", "Skip syncing folders").option("--skip-workspace-dependencies", "Skip syncing workspace dependencies").option("--include-schedules", "Include syncing schedules").option("--include-triggers", "Include syncing triggers").option("--include-users", "Include syncing users").option("--include-groups", "Include syncing groups").option("--include-settings", "Include syncing workspace settings").option("--include-key", "Include workspace encryption key").option("--skip-branch-validation", "Skip git branch validation and prompts").option("--json-output", "Output results in JSON format").option("-i --includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string). Overrides wmill.yaml includes").option("-e --excludes <patterns:file[]>", "Comma separated patterns to specify which file to NOT take into account. Overrides wmill.yaml excludes").option("--extra-includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string). Useful to still take wmill.yaml into account and act as a second pattern to satisfy").option("--repository <repo:string>", "Specify repository path (e.g., u/user/repo) when multiple repositories exist").option("--promotion <branch:string>", "Use promotionOverrides from the specified branch instead of regular overrides").option("--branch, --env <branch:string>", "[Deprecated: use --workspace] Override the current git branch/environment").action(pull).command("push").description("Push any local changes and apply them remotely.").option("--yes", "Push without needing confirmation").option("--dry-run", "Show changes that would be pushed without actually pushing").option("--plain-secrets", "Push secrets as plain text").option("--json", "Use JSON instead of YAML").option("--skip-variables", "Skip syncing variables (including secrets)").option("--skip-secrets", "Skip syncing only secrets variables").option("--include-secrets", "Include secrets in sync (overrides skipSecrets in wmill.yaml)").option("--skip-resources", "Skip syncing resources").option("--skip-resource-types", "Skip syncing resource types").option("--skip-scripts", "Skip syncing scripts").option("--skip-flows", "Skip syncing flows").option("--skip-apps", "Skip syncing apps").option("--skip-folders", "Skip syncing folders").option("--skip-workspace-dependencies", "Skip syncing workspace dependencies").option("--include-schedules", "Include syncing schedules").option("--include-triggers", "Include syncing triggers").option("--include-users", "Include syncing users").option("--include-groups", "Include syncing groups").option("--include-settings", "Include syncing workspace settings").option("--include-key", "Include workspace encryption key").option("--skip-branch-validation", "Skip git branch validation and prompts").option("--json-output", "Output results in JSON format").option("-i --includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string)").option("-e --excludes <patterns:file[]>", "Comma separated patterns to specify which file to NOT take into account.").option("--extra-includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string). Useful to still take wmill.yaml into account and act as a second pattern to satisfy").option("--message <message:string>", "Include a message that will be added to all scripts/flows/apps updated during this push").option("--parallel <number>", "Number of changes to process in parallel").option("--repository <repo:string>", "Specify repository path (e.g., u/user/repo) when multiple repositories exist").option("--branch, --env <branch:string>", "[Deprecated: use --workspace] Override the current git branch/environment").option("--lint", "Run lint validation before pushing").option("--locks-required", "Fail if scripts or flow inline scripts that need locks have no locks").option("--auto-metadata", "Automatically regenerate stale metadata (locks and schemas) before pushing").option("--accept-overriding-permissioned-as-with-self", "Accept that items with a different permissioned_as will be updated with your own user").action(push4).command("git-deploy").hidden().description("Internal git-sync deployment-callback step (used by the git-sync hub script). Runs inside an existing clone: switches to the wm_deploy/fork branch when applicable, pulls workspace content, then commits and pushes.").option("--repository <repo:string>", "Repository resource path (e.g. u/user/repo)").option("--git-deploy-items <json:string>", "JSON array of {path_type,path,parent_path,commit_msg} being deployed").option("--use-individual-branch", "Push each deployed object to its own wm_deploy/<workspace>/<...> branch").option("--group-by-folder", "With --use-individual-branch, group deployed objects per folder branch").option("--only-create-branch", "Only create/push the deploy branch, skip pulling and committing files").option("--parent-workspace-id <id:string>", "Parent workspace id, used to root a fork-of-a-fork branch").option("--skip-secrets", "Skip syncing only secrets variables").option("--git-committer-email <email:string>", "Committer email for the deploy commit (GPG-signed repos pass the GPG key email; defaults to WM_EMAIL)").option("--git-committer-name <name:string>", "Committer name for the deploy commit (defaults to WM_USERNAME)").action(gitDeploy);
|
|
68644
|
+
command8 = new Command().description("sync local with a remote workspaces or the opposite (push or pull)").action(() => info("2 actions available, pull and push. Use -h to display help.")).command("pull").description("Pull any remote changes and apply them locally.").option("--yes", "Pull without needing confirmation").option("--dry-run", "Show changes that would be pulled without actually pushing").option("--plain-secrets", "Pull secrets as plain text").option("--json", "Use JSON instead of YAML").option("--skip-variables", "Skip syncing variables (including secrets)").option("--skip-secrets", "Skip syncing only secrets variables").option("--include-secrets", "Include secrets in sync (overrides skipSecrets in wmill.yaml)").option("--skip-resources", "Skip syncing resources").option("--skip-resource-types", "Skip syncing resource types").option("--skip-scripts", "Skip syncing scripts").option("--skip-flows", "Skip syncing flows").option("--skip-apps", "Skip syncing apps").option("--skip-folders", "Skip syncing folders").option("--skip-workspace-dependencies", "Skip syncing workspace dependencies").option("--include-schedules", "Include syncing schedules").option("--include-triggers", "Include syncing triggers").option("--include-users", "Include syncing users").option("--include-groups", "Include syncing groups").option("--include-settings", "Include syncing workspace settings").option("--include-key", "Include workspace encryption key").option("--skip-branch-validation", "Skip git branch validation and prompts").option("--json-output", "Output results in JSON format").option("-i --includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string). Overrides wmill.yaml includes").option("-e --excludes <patterns:file[]>", "Comma separated patterns to specify which file to NOT take into account. Overrides wmill.yaml excludes").option("--extra-includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string). Useful to still take wmill.yaml into account and act as a second pattern to satisfy").option("--repository <repo:string>", "Specify repository path (e.g., u/user/repo) when multiple repositories exist").option("--promotion <branch:string>", "Use promotionOverrides from the specified branch instead of regular overrides").option("--branch, --env <branch:string>", "[Deprecated: use --workspace] Override the current git branch/environment").action(pull).command("push").description("Push any local changes and apply them remotely.").option("--yes", "Push without needing confirmation").option("--dry-run", "Show changes that would be pushed without actually pushing").option("--plain-secrets", "Push secrets as plain text").option("--json", "Use JSON instead of YAML").option("--skip-variables", "Skip syncing variables (including secrets)").option("--skip-secrets", "Skip syncing only secrets variables").option("--include-secrets", "Include secrets in sync (overrides skipSecrets in wmill.yaml)").option("--skip-resources", "Skip syncing resources").option("--skip-resource-types", "Skip syncing resource types").option("--skip-scripts", "Skip syncing scripts").option("--skip-flows", "Skip syncing flows").option("--skip-apps", "Skip syncing apps").option("--skip-folders", "Skip syncing folders").option("--skip-workspace-dependencies", "Skip syncing workspace dependencies").option("--include-schedules", "Include syncing schedules").option("--include-triggers", "Include syncing triggers").option("--include-users", "Include syncing users").option("--include-groups", "Include syncing groups").option("--include-settings", "Include syncing workspace settings").option("--include-key", "Include workspace encryption key").option("--skip-reencrypt-on-key-change", "When the pushed encryption key differs from the remote, do NOT re-encrypt existing remote secrets. Only safe if they are already encrypted with the new key (e.g. workspace/instance migration). Default is to re-encrypt.").option("--skip-branch-validation", "Skip git branch validation and prompts").option("--json-output", "Output results in JSON format").option("-i --includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string)").option("-e --excludes <patterns:file[]>", "Comma separated patterns to specify which file to NOT take into account.").option("--extra-includes <patterns:file[]>", "Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string). Useful to still take wmill.yaml into account and act as a second pattern to satisfy").option("--message <message:string>", "Include a message that will be added to all scripts/flows/apps updated during this push").option("--parallel <number>", "Number of changes to process in parallel").option("--repository <repo:string>", "Specify repository path (e.g., u/user/repo) when multiple repositories exist").option("--branch, --env <branch:string>", "[Deprecated: use --workspace] Override the current git branch/environment").option("--lint", "Run lint validation before pushing").option("--locks-required", "Fail if scripts or flow inline scripts that need locks have no locks").option("--auto-metadata", "Automatically regenerate stale metadata (locks and schemas) before pushing").option("--accept-overriding-permissioned-as-with-self", "Accept that items with a different permissioned_as will be updated with your own user").action(push4).command("git-deploy").hidden().description("Internal git-sync deployment-callback step (used by the git-sync hub script). Runs inside an existing clone: switches to the wm_deploy/fork branch when applicable, pulls workspace content, then commits and pushes.").option("--repository <repo:string>", "Repository resource path (e.g. u/user/repo)").option("--git-deploy-items <json:string>", "JSON array of {path_type,path,parent_path,commit_msg} being deployed").option("--use-individual-branch", "Push each deployed object to its own wm_deploy/<workspace>/<...> branch").option("--group-by-folder", "With --use-individual-branch, group deployed objects per folder branch").option("--only-create-branch", "Only create/push the deploy branch, skip pulling and committing files").option("--parent-workspace-id <id:string>", "Parent workspace id, used to root a fork-of-a-fork branch").option("--skip-secrets", "Skip syncing only secrets variables").option("--git-committer-email <email:string>", "Committer email for the deploy commit (GPG-signed repos pass the GPG key email; defaults to WM_EMAIL)").option("--git-committer-name <name:string>", "Committer name for the deploy commit (defaults to WM_USERNAME)").action(gitDeploy);
|
|
68637
68645
|
sync_default = command8;
|
|
68638
68646
|
});
|
|
68639
68647
|
|
|
@@ -74081,7 +74089,7 @@ async function pushWorkspaceSettings(workspace, _path, settings, localSettings)
|
|
|
74081
74089
|
}
|
|
74082
74090
|
}
|
|
74083
74091
|
}
|
|
74084
|
-
async function pushWorkspaceKey(workspace, _path, key, localKey) {
|
|
74092
|
+
async function pushWorkspaceKey(workspace, _path, key, localKey, opts) {
|
|
74085
74093
|
try {
|
|
74086
74094
|
key = await getWorkspaceEncryptionKey({
|
|
74087
74095
|
workspace
|
|
@@ -74090,19 +74098,29 @@ async function pushWorkspaceKey(workspace, _path, key, localKey) {
|
|
|
74090
74098
|
throw new Error(`Failed to get workspace encryption key: ${err}`);
|
|
74091
74099
|
}
|
|
74092
74100
|
if (localKey && key !== localKey) {
|
|
74093
|
-
|
|
74094
|
-
|
|
74101
|
+
let reencrypt;
|
|
74102
|
+
const explicitSkip = opts?.skipReencrypt || (process18.env.WMILL_NO_REENCRYPT_ON_KEY_CHANGE ?? "").toLowerCase() === "true";
|
|
74103
|
+
if (explicitSkip) {
|
|
74104
|
+
reencrypt = false;
|
|
74105
|
+
info("Workspace encryption key changed; leaving remote ciphertexts untouched (skip re-encryption requested).");
|
|
74106
|
+
} else if (opts?.noninteractive) {
|
|
74107
|
+
reencrypt = true;
|
|
74108
|
+
info("Workspace encryption key changed; re-encrypting all remote secrets with the new key (non-interactive).");
|
|
74109
|
+
} else {
|
|
74110
|
+
reencrypt = await Confirm.prompt({
|
|
74111
|
+
message: `The local workspace encryption key does not match the remote. Do you want to reencrypt all your secrets on the remote with the new key?
|
|
74095
74112
|
Say 'no' if your local secrets are already encrypted with the new key (e.g. workspace/instance migration)
|
|
74096
74113
|
Otherwise, say 'yes' and pull the secrets after the reencryption.
|
|
74097
74114
|
`,
|
|
74098
|
-
|
|
74099
|
-
|
|
74115
|
+
default: true
|
|
74116
|
+
});
|
|
74117
|
+
}
|
|
74100
74118
|
debug(`Updating workspace encryption key...`);
|
|
74101
74119
|
await setWorkspaceEncryptionKey({
|
|
74102
74120
|
workspace,
|
|
74103
74121
|
requestBody: {
|
|
74104
74122
|
new_key: localKey,
|
|
74105
|
-
skip_reencrypt: !
|
|
74123
|
+
skip_reencrypt: !reencrypt
|
|
74106
74124
|
}
|
|
74107
74125
|
});
|
|
74108
74126
|
} else {
|
|
@@ -75851,7 +75869,7 @@ function redactString(s) {
|
|
|
75851
75869
|
return s;
|
|
75852
75870
|
return s.slice(0, 5) + "*".repeat(s.length - 5);
|
|
75853
75871
|
}
|
|
75854
|
-
async function pushObj(workspace, p, befObj, newObj, plainSecrets, alreadySynced3, message, originalLocalPath, permissionedAsContext, wsSpecific) {
|
|
75872
|
+
async function pushObj(workspace, p, befObj, newObj, plainSecrets, alreadySynced3, message, originalLocalPath, permissionedAsContext, wsSpecific, keyPushOpts) {
|
|
75855
75873
|
const typeEnding = getTypeStrFromPath(p);
|
|
75856
75874
|
if (typeEnding === "app") {
|
|
75857
75875
|
const appName = extractResourceName(p, "app");
|
|
@@ -75915,7 +75933,7 @@ async function pushObj(workspace, p, befObj, newObj, plainSecrets, alreadySynced
|
|
|
75915
75933
|
} else if (typeEnding === "settings") {
|
|
75916
75934
|
await pushWorkspaceSettings(workspace, p, befObj, newObj);
|
|
75917
75935
|
} else if (typeEnding === "encryption_key") {
|
|
75918
|
-
await pushWorkspaceKey(workspace, p, befObj, newObj);
|
|
75936
|
+
await pushWorkspaceKey(workspace, p, befObj, newObj, keyPushOpts);
|
|
75919
75937
|
} else {
|
|
75920
75938
|
throw new Error(`The item ${p} has an unrecognized type ending ${typeEnding}`);
|
|
75921
75939
|
}
|
|
@@ -84620,6 +84638,7 @@ sync local with a remote workspaces or the opposite (push or pull)
|
|
|
84620
84638
|
- \`--include-groups\` - Include syncing groups
|
|
84621
84639
|
- \`--include-settings\` - Include syncing workspace settings
|
|
84622
84640
|
- \`--include-key\` - Include workspace encryption key
|
|
84641
|
+
- \`--skip-reencrypt-on-key-change\` - When the pushed encryption key differs from the remote, do NOT re-encrypt existing remote secrets. Only safe if they are already encrypted with the new key (e.g. workspace/instance migration). Default is to re-encrypt.
|
|
84623
84642
|
- \`--skip-branch-validation\` - Skip git branch validation and prompts
|
|
84624
84643
|
- \`--json-output\` - Output results in JSON format
|
|
84625
84644
|
- \`-i --includes <patterns:file[]>\` - Comma separated patterns to specify which file to take into account (among files that are compatible with windmill). Patterns can include * (any string until '/') and ** (any string)
|
|
@@ -92998,7 +93017,7 @@ var object_storage_default = command41;
|
|
|
92998
93017
|
|
|
92999
93018
|
// src/main.ts
|
|
93000
93019
|
await init_context();
|
|
93001
|
-
var VERSION = "1.
|
|
93020
|
+
var VERSION = "1.714.0";
|
|
93002
93021
|
async function checkVersionSafe(cmd) {
|
|
93003
93022
|
const mainCommand = cmd.getMainCommand();
|
|
93004
93023
|
const upgradeCommand = mainCommand.getCommand("upgrade");
|