wrangler 4.103.0 → 4.105.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +14 -14
- package/wrangler-dist/cli.d.ts +9 -37
- package/wrangler-dist/cli.js +555 -297
- package/wrangler-dist/metafile-cjs.json +1 -1
package/wrangler-dist/cli.js
CHANGED
|
@@ -17921,7 +17921,7 @@ var require_snapshot_recorder = __commonJS({
|
|
|
17921
17921
|
init_import_meta_url();
|
|
17922
17922
|
var { writeFile: writeFile14, readFile: readFile19, mkdir: mkdir8 } = __require("fs/promises");
|
|
17923
17923
|
var { dirname: dirname29, resolve: resolve32 } = __require("path");
|
|
17924
|
-
var { setTimeout:
|
|
17924
|
+
var { setTimeout: setTimeout10, clearTimeout: clearTimeout2 } = __require("timers");
|
|
17925
17925
|
var { InvalidArgumentError, UndiciError } = require_errors();
|
|
17926
17926
|
var { hashId, isUrlExcludedFactory, normalizeHeaders, createHeaderFilters } = require_snapshot_utils();
|
|
17927
17927
|
function formatRequestKey(opts, headerFilters, matchOptions = {}) {
|
|
@@ -18262,7 +18262,7 @@ var require_snapshot_recorder = __commonJS({
|
|
|
18262
18262
|
* Schedules a flush (debounced to avoid excessive writes)
|
|
18263
18263
|
*/
|
|
18264
18264
|
#scheduleFlush() {
|
|
18265
|
-
this.#flushTimeout =
|
|
18265
|
+
this.#flushTimeout = setTimeout10(() => {
|
|
18266
18266
|
this.saveSnapshots().catch(() => {
|
|
18267
18267
|
});
|
|
18268
18268
|
if (this.#autoFlush) {
|
|
@@ -44488,7 +44488,7 @@ var name, version;
|
|
|
44488
44488
|
var init_package = __esm({
|
|
44489
44489
|
"package.json"() {
|
|
44490
44490
|
name = "wrangler";
|
|
44491
|
-
version = "4.
|
|
44491
|
+
version = "4.105.0";
|
|
44492
44492
|
}
|
|
44493
44493
|
});
|
|
44494
44494
|
|
|
@@ -124740,12 +124740,20 @@ var init_types = __esm({
|
|
|
124740
124740
|
});
|
|
124741
124741
|
|
|
124742
124742
|
// ../containers-shared/src/images.ts
|
|
124743
|
+
function getEgressInterceptorPlatform() {
|
|
124744
|
+
return process.env.MINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORM;
|
|
124745
|
+
}
|
|
124743
124746
|
function getEgressInterceptorImage() {
|
|
124744
124747
|
return process.env.MINIFLARE_CONTAINER_EGRESS_IMAGE ?? DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE;
|
|
124745
124748
|
}
|
|
124746
124749
|
async function pullEgressInterceptorImage(dockerPath) {
|
|
124747
124750
|
const image = getEgressInterceptorImage();
|
|
124748
|
-
|
|
124751
|
+
const platform4 = getEgressInterceptorPlatform();
|
|
124752
|
+
const args = ["pull", image];
|
|
124753
|
+
if (platform4 !== void 0) {
|
|
124754
|
+
args.push("--platform", platform4);
|
|
124755
|
+
}
|
|
124756
|
+
await runDockerCmd(dockerPath, args);
|
|
124749
124757
|
}
|
|
124750
124758
|
async function pullImage(dockerPath, options, logger5) {
|
|
124751
124759
|
const domain3 = new URL(`http://${options.image_uri}`).hostname;
|
|
@@ -124868,6 +124876,103 @@ Current account: "${accountId}"`
|
|
|
124868
124876
|
}
|
|
124869
124877
|
return `${url5.hostname}/${accountId}${url5.pathname}`;
|
|
124870
124878
|
}
|
|
124879
|
+
function invalidGarCredentialError() {
|
|
124880
|
+
return new UserError(
|
|
124881
|
+
"The Google service account key must be a JSON key file or its base64-encoded form.",
|
|
124882
|
+
{
|
|
124883
|
+
telemetryMessage: "containers registries configure invalid gar credential"
|
|
124884
|
+
}
|
|
124885
|
+
);
|
|
124886
|
+
}
|
|
124887
|
+
function tryParseJson(value) {
|
|
124888
|
+
try {
|
|
124889
|
+
return JSON.parse(value);
|
|
124890
|
+
} catch {
|
|
124891
|
+
return void 0;
|
|
124892
|
+
}
|
|
124893
|
+
}
|
|
124894
|
+
function assertJsonObject(parsed) {
|
|
124895
|
+
if (typeof parsed !== "object" || parsed === null) {
|
|
124896
|
+
throw invalidGarCredentialError();
|
|
124897
|
+
}
|
|
124898
|
+
return parsed;
|
|
124899
|
+
}
|
|
124900
|
+
function validateServiceAccountKey(accountKey) {
|
|
124901
|
+
const privateKey = accountKey.private_key;
|
|
124902
|
+
const clientEmail = accountKey.client_email;
|
|
124903
|
+
const rawPrivateKeyId = accountKey.private_key_id;
|
|
124904
|
+
if (typeof privateKey !== "string" || typeof clientEmail !== "string") {
|
|
124905
|
+
throw new UserError(
|
|
124906
|
+
"The Google service account key is missing required fields (private_key, client_email).",
|
|
124907
|
+
{
|
|
124908
|
+
telemetryMessage: "containers registries configure gar credential missing fields"
|
|
124909
|
+
}
|
|
124910
|
+
);
|
|
124911
|
+
}
|
|
124912
|
+
if (privateKey.length === 0 || clientEmail.length === 0) {
|
|
124913
|
+
throw new UserError(
|
|
124914
|
+
"The Google service account key has an empty private_key or client_email.",
|
|
124915
|
+
{
|
|
124916
|
+
telemetryMessage: "containers registries configure gar credential empty fields"
|
|
124917
|
+
}
|
|
124918
|
+
);
|
|
124919
|
+
}
|
|
124920
|
+
let privateKeyId;
|
|
124921
|
+
if (rawPrivateKeyId === void 0) {
|
|
124922
|
+
privateKeyId = void 0;
|
|
124923
|
+
} else if (typeof rawPrivateKeyId === "string" && rawPrivateKeyId.length > 0) {
|
|
124924
|
+
privateKeyId = rawPrivateKeyId;
|
|
124925
|
+
} else {
|
|
124926
|
+
throw new UserError(
|
|
124927
|
+
"The Google service account key has an empty or invalid private_key_id.",
|
|
124928
|
+
{
|
|
124929
|
+
telemetryMessage: "containers registries configure gar credential invalid private key id"
|
|
124930
|
+
}
|
|
124931
|
+
);
|
|
124932
|
+
}
|
|
124933
|
+
return {
|
|
124934
|
+
private_key: privateKey,
|
|
124935
|
+
client_email: clientEmail,
|
|
124936
|
+
private_key_id: privateKeyId
|
|
124937
|
+
};
|
|
124938
|
+
}
|
|
124939
|
+
function validateAndEncodeGarKey(rawKey, expectedEmail) {
|
|
124940
|
+
const trimmed = rawKey.trim();
|
|
124941
|
+
let base64Key;
|
|
124942
|
+
let json2;
|
|
124943
|
+
const rawJson = tryParseJson(trimmed);
|
|
124944
|
+
if (rawJson !== void 0) {
|
|
124945
|
+
json2 = assertJsonObject(rawJson);
|
|
124946
|
+
base64Key = Buffer.from(trimmed, "utf8").toString("base64");
|
|
124947
|
+
} else {
|
|
124948
|
+
if (trimmed.startsWith("-----BEGIN")) {
|
|
124949
|
+
throw new UserError(
|
|
124950
|
+
"The provided key appears to be a PEM private key. Provide the full Google service-account JSON key file, not just the private key.",
|
|
124951
|
+
{
|
|
124952
|
+
telemetryMessage: "containers registries configure gar credential pem key"
|
|
124953
|
+
}
|
|
124954
|
+
);
|
|
124955
|
+
}
|
|
124956
|
+
base64Key = trimmed.replace(/\s+/g, "");
|
|
124957
|
+
const decodedJson = tryParseJson(
|
|
124958
|
+
Buffer.from(base64Key, "base64").toString("utf8")
|
|
124959
|
+
);
|
|
124960
|
+
if (decodedJson === void 0) {
|
|
124961
|
+
throw invalidGarCredentialError();
|
|
124962
|
+
}
|
|
124963
|
+
json2 = assertJsonObject(decodedJson);
|
|
124964
|
+
}
|
|
124965
|
+
const key = validateServiceAccountKey(json2);
|
|
124966
|
+
if (key.client_email !== expectedEmail) {
|
|
124967
|
+
throw new UserError(
|
|
124968
|
+
`The provided --gar-email "${expectedEmail}" does not match the service account email "${key.client_email}" in the key.`,
|
|
124969
|
+
{
|
|
124970
|
+
telemetryMessage: "containers registries configure gar email mismatch"
|
|
124971
|
+
}
|
|
124972
|
+
);
|
|
124973
|
+
}
|
|
124974
|
+
return base64Key;
|
|
124975
|
+
}
|
|
124871
124976
|
var DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE, getAndValidateRegistryType;
|
|
124872
124977
|
var init_images2 = __esm({
|
|
124873
124978
|
"../containers-shared/src/images.ts"() {
|
|
@@ -124880,6 +124985,7 @@ var init_images2 = __esm({
|
|
|
124880
124985
|
init_registry2();
|
|
124881
124986
|
init_utils3();
|
|
124882
124987
|
DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE = "cloudflare/proxy-everything:3cb1195@sha256:0ef6716c52430096900b150d84a3302057d6cd2319dae7987128c85d0733e3c8";
|
|
124988
|
+
__name(getEgressInterceptorPlatform, "getEgressInterceptorPlatform");
|
|
124883
124989
|
__name(getEgressInterceptorImage, "getEgressInterceptorImage");
|
|
124884
124990
|
__name(pullEgressInterceptorImage, "pullEgressInterceptorImage");
|
|
124885
124991
|
__name(pullImage, "pullImage");
|
|
@@ -124915,6 +125021,12 @@ ${e9.message}`);
|
|
|
124915
125021
|
name: "DockerHub",
|
|
124916
125022
|
secretType: "DockerHub PAT Token"
|
|
124917
125023
|
},
|
|
125024
|
+
{
|
|
125025
|
+
type: "GAR" /* GAR */,
|
|
125026
|
+
pattern: /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?-docker\.pkg\.dev$/,
|
|
125027
|
+
name: "Google Artifact Registry",
|
|
125028
|
+
secretType: "Google Service Account JSON Key"
|
|
125029
|
+
},
|
|
124918
125030
|
{
|
|
124919
125031
|
type: "cloudflare",
|
|
124920
125032
|
// Make a regex based on the env var CLOUDFLARE_CONTAINER_REGISTRY
|
|
@@ -124938,6 +125050,11 @@ To use an existing image from another repository, see https://developers.cloudfl
|
|
|
124938
125050
|
}
|
|
124939
125051
|
return match3;
|
|
124940
125052
|
}, "getAndValidateRegistryType");
|
|
125053
|
+
__name(invalidGarCredentialError, "invalidGarCredentialError");
|
|
125054
|
+
__name(tryParseJson, "tryParseJson");
|
|
125055
|
+
__name(assertJsonObject, "assertJsonObject");
|
|
125056
|
+
__name(validateServiceAccountKey, "validateServiceAccountKey");
|
|
125057
|
+
__name(validateAndEncodeGarKey, "validateAndEncodeGarKey");
|
|
124941
125058
|
}
|
|
124942
125059
|
});
|
|
124943
125060
|
|
|
@@ -148004,61 +148121,6 @@ function errIsStartupErr(err) {
|
|
|
148004
148121
|
}
|
|
148005
148122
|
return false;
|
|
148006
148123
|
}
|
|
148007
|
-
async function verifyWorkerMatchesCITag(complianceConfig, accountId, workerName, configPath) {
|
|
148008
|
-
const matchTag = getCIMatchTag();
|
|
148009
|
-
logger.debug(
|
|
148010
|
-
`Starting verifyWorkerMatchesCITag() with tag: ${matchTag}, name: ${workerName}`
|
|
148011
|
-
);
|
|
148012
|
-
if (!matchTag) {
|
|
148013
|
-
logger.debug(
|
|
148014
|
-
"No WRANGLER_CI_MATCH_TAG variable provided, aborting verifyWorkerMatchesCITag()"
|
|
148015
|
-
);
|
|
148016
|
-
return;
|
|
148017
|
-
}
|
|
148018
|
-
const envAccountID = getCloudflareAccountIdFromEnv2();
|
|
148019
|
-
if (accountId !== envAccountID) {
|
|
148020
|
-
throw new FatalError(
|
|
148021
|
-
`The \`account_id\` in your ${configFileName(configPath)} file must match the \`account_id\` for this account. Please update your ${configFileName(configPath)} file with \`${formatConfigSnippet({ account_id: envAccountID }, configPath, false)}\``,
|
|
148022
|
-
{ telemetryMessage: "ci match tag account mismatch" }
|
|
148023
|
-
);
|
|
148024
|
-
}
|
|
148025
|
-
let tag;
|
|
148026
|
-
try {
|
|
148027
|
-
const worker = await fetchResult(
|
|
148028
|
-
complianceConfig,
|
|
148029
|
-
`/accounts/${accountId}/workers/services/${workerName}`
|
|
148030
|
-
);
|
|
148031
|
-
tag = worker.default_environment.script.tag;
|
|
148032
|
-
logger.debug(`API returned with tag: ${tag} for worker: ${workerName}`);
|
|
148033
|
-
} catch (e9) {
|
|
148034
|
-
logger.debug(e9);
|
|
148035
|
-
if (isWorkerNotFoundError(e9)) {
|
|
148036
|
-
throw new FatalError(
|
|
148037
|
-
`The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
|
|
148038
|
-
{ telemetryMessage: "ci match tag worker not found" }
|
|
148039
|
-
);
|
|
148040
|
-
} else if (e9 instanceof APIError) {
|
|
148041
|
-
throw new FatalError(
|
|
148042
|
-
"An error occurred while trying to validate that the Worker name matches what is expected by the build system.\n" + e9.message + "\n" + e9.notes.map((note) => note.text).join("\n"),
|
|
148043
|
-
{ telemetryMessage: "ci match tag validation api error" }
|
|
148044
|
-
);
|
|
148045
|
-
} else {
|
|
148046
|
-
throw new FatalError(
|
|
148047
|
-
"Wrangler cannot validate that your Worker name matches what is expected by the build system. Please retry the build. If the problem persists, please contact support.",
|
|
148048
|
-
{ telemetryMessage: "ci match tag validation failed" }
|
|
148049
|
-
);
|
|
148050
|
-
}
|
|
148051
|
-
}
|
|
148052
|
-
if (tag !== matchTag) {
|
|
148053
|
-
logger.debug(
|
|
148054
|
-
`Failed to match Worker tag. The API returned "${tag}", but the CI system expected "${matchTag}"`
|
|
148055
|
-
);
|
|
148056
|
-
throw new FatalError(
|
|
148057
|
-
`The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
|
|
148058
|
-
{ telemetryMessage: "ci match tag tag mismatch" }
|
|
148059
|
-
);
|
|
148060
|
-
}
|
|
148061
|
-
}
|
|
148062
148124
|
function validateFileSecrets(content, jsonFilePath) {
|
|
148063
148125
|
if (content === null || typeof content !== "object") {
|
|
148064
148126
|
throw new FatalError(
|
|
@@ -149623,6 +149685,128 @@ function lineMatchToCallSite(lineMatch) {
|
|
|
149623
149685
|
native: isNative
|
|
149624
149686
|
});
|
|
149625
149687
|
}
|
|
149688
|
+
async function verifyWorkerMatchesCITag(complianceConfig, accountId, workerName, configPath) {
|
|
149689
|
+
const matchTag = getCIMatchTag();
|
|
149690
|
+
logger.debug(
|
|
149691
|
+
`Starting verifyWorkerMatchesCITag() with tag: ${matchTag}, name: ${workerName}`
|
|
149692
|
+
);
|
|
149693
|
+
if (!matchTag) {
|
|
149694
|
+
logger.debug(
|
|
149695
|
+
"No WRANGLER_CI_MATCH_TAG variable provided, aborting verifyWorkerMatchesCITag()"
|
|
149696
|
+
);
|
|
149697
|
+
return;
|
|
149698
|
+
}
|
|
149699
|
+
const envAccountID = getCloudflareAccountIdFromEnv2();
|
|
149700
|
+
if (accountId !== envAccountID) {
|
|
149701
|
+
throw new FatalError(
|
|
149702
|
+
`The \`account_id\` in your ${configFileName(configPath)} file must match the \`account_id\` for this account. Please update your ${configFileName(configPath)} file with \`${formatConfigSnippet({ account_id: envAccountID }, configPath, false)}\``,
|
|
149703
|
+
{ telemetryMessage: "ci match tag account mismatch" }
|
|
149704
|
+
);
|
|
149705
|
+
}
|
|
149706
|
+
let tag;
|
|
149707
|
+
try {
|
|
149708
|
+
const worker = await fetchResult(
|
|
149709
|
+
complianceConfig,
|
|
149710
|
+
`/accounts/${accountId}/workers/services/${workerName}`
|
|
149711
|
+
);
|
|
149712
|
+
tag = worker.default_environment.script.tag;
|
|
149713
|
+
logger.debug(`API returned with tag: ${tag} for worker: ${workerName}`);
|
|
149714
|
+
} catch (e9) {
|
|
149715
|
+
logger.debug(e9);
|
|
149716
|
+
if (isWorkerNotFoundError(e9)) {
|
|
149717
|
+
throw new FatalError(
|
|
149718
|
+
`The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
|
|
149719
|
+
{ telemetryMessage: "ci match tag worker not found" }
|
|
149720
|
+
);
|
|
149721
|
+
} else if (e9 instanceof APIError) {
|
|
149722
|
+
throw new FatalError(
|
|
149723
|
+
"An error occurred while trying to validate that the Worker name matches what is expected by the build system.\n" + e9.message + "\n" + e9.notes.map((note) => note.text).join("\n"),
|
|
149724
|
+
{ telemetryMessage: "ci match tag validation api error" }
|
|
149725
|
+
);
|
|
149726
|
+
} else {
|
|
149727
|
+
throw new FatalError(
|
|
149728
|
+
"Wrangler cannot validate that your Worker name matches what is expected by the build system. Please retry the build. If the problem persists, please contact support.",
|
|
149729
|
+
{ telemetryMessage: "ci match tag validation failed" }
|
|
149730
|
+
);
|
|
149731
|
+
}
|
|
149732
|
+
}
|
|
149733
|
+
if (tag !== matchTag) {
|
|
149734
|
+
logger.debug(
|
|
149735
|
+
`Failed to match Worker tag. The API returned "${tag}", but the CI system expected "${matchTag}"`
|
|
149736
|
+
);
|
|
149737
|
+
throw new FatalError(
|
|
149738
|
+
`The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
|
|
149739
|
+
{ telemetryMessage: "ci match tag tag mismatch" }
|
|
149740
|
+
);
|
|
149741
|
+
}
|
|
149742
|
+
}
|
|
149743
|
+
async function validateWorkerProps(props, config2) {
|
|
149744
|
+
const { name: name2, dryRun, accountId, compatibilityDate } = props;
|
|
149745
|
+
const { format: format32 } = props.entry;
|
|
149746
|
+
if (!name2) {
|
|
149747
|
+
throw new UserError(
|
|
149748
|
+
`You need to provide the name of your worker. Either pass it as a cli arg with --name <name> or in your config file as ${formatConfigSnippet({ name: "<name>" }, config2.userConfigPath)}`,
|
|
149749
|
+
{
|
|
149750
|
+
telemetryMessage: props.command === "deploy" ? "deploy command missing worker name" : "versions upload missing worker name"
|
|
149751
|
+
}
|
|
149752
|
+
);
|
|
149753
|
+
}
|
|
149754
|
+
if (!compatibilityDate) {
|
|
149755
|
+
const compatibilityDateStr = getTodaysCompatDate();
|
|
149756
|
+
throw new UserError(
|
|
149757
|
+
`A compatibility_date is required when uploading a Worker. Add the following to your ${configFileName(config2.configPath)} file:
|
|
149758
|
+
\`\`\`
|
|
149759
|
+
${formatConfigSnippet({ compatibility_date: compatibilityDateStr }, config2.configPath, false)}
|
|
149760
|
+
\`\`\`
|
|
149761
|
+
Or you could pass it in your terminal as \`--compatibility-date ${compatibilityDateStr}\`
|
|
149762
|
+
See https://developers.cloudflare.com/workers/platform/compatibility-dates for more information.`,
|
|
149763
|
+
{
|
|
149764
|
+
telemetryMessage: props.command === "deploy" ? "missing compatibility date when deploying" : "versions upload missing compatibility date"
|
|
149765
|
+
}
|
|
149766
|
+
);
|
|
149767
|
+
}
|
|
149768
|
+
if (config2.wasm_modules && format32 === "modules") {
|
|
149769
|
+
throw new UserError(
|
|
149770
|
+
"You cannot configure [wasm_modules] with an ES module worker. Instead, import the .wasm module directly in your code",
|
|
149771
|
+
{ telemetryMessage: "wasm_modules with es module worker" }
|
|
149772
|
+
);
|
|
149773
|
+
}
|
|
149774
|
+
if (config2.text_blobs && format32 === "modules") {
|
|
149775
|
+
throw new UserError(
|
|
149776
|
+
`You cannot configure [text_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
|
|
149777
|
+
{ telemetryMessage: "text_blobs with es module worker" }
|
|
149778
|
+
);
|
|
149779
|
+
}
|
|
149780
|
+
if (config2.data_blobs && format32 === "modules") {
|
|
149781
|
+
throw new UserError(
|
|
149782
|
+
`You cannot configure [data_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
|
|
149783
|
+
{ telemetryMessage: "data_blobs with es module worker" }
|
|
149784
|
+
);
|
|
149785
|
+
}
|
|
149786
|
+
if (props.command === "deploy") {
|
|
149787
|
+
validateRoutes2(props.routes, props.assetsOptions);
|
|
149788
|
+
assert5__default.default(
|
|
149789
|
+
!config2.site || config2.site.bucket,
|
|
149790
|
+
"A [site] definition requires a `bucket` field with a path to the site's assets directory."
|
|
149791
|
+
);
|
|
149792
|
+
if (!props.isWorkersSite && Boolean(props.legacyAssetPaths) && format32 === "service-worker") {
|
|
149793
|
+
throw new UserError(
|
|
149794
|
+
"You cannot use the service-worker format with an `assets` directory yet. For information on how to migrate to the module-worker format, see: https://developers.cloudflare.com/workers/learning/migrating-to-module-workers/",
|
|
149795
|
+
{ telemetryMessage: "deploy service worker assets unsupported" }
|
|
149796
|
+
);
|
|
149797
|
+
}
|
|
149798
|
+
} else {
|
|
149799
|
+
if (config2.containers && config2.containers.length > 0) {
|
|
149800
|
+
logger.warn(
|
|
149801
|
+
`Your Worker has Containers configured. Container configuration changes (such as image, max_instances, etc.) will not be gradually rolled out with versions. These changes will only take effect after running \`wrangler deploy\`.`
|
|
149802
|
+
);
|
|
149803
|
+
}
|
|
149804
|
+
}
|
|
149805
|
+
if (!dryRun) {
|
|
149806
|
+
assert5__default.default(accountId, "Missing account ID");
|
|
149807
|
+
await verifyWorkerMatchesCITag(config2, accountId, name2, config2.configPath);
|
|
149808
|
+
}
|
|
149809
|
+
}
|
|
149626
149810
|
function addWorkersSitesBindings(bindings2, namespace, manifest, format32) {
|
|
149627
149811
|
const withSites = { ...bindings2 };
|
|
149628
149812
|
if (namespace) {
|
|
@@ -149640,12 +149824,6 @@ function addWorkersSitesBindings(bindings2, namespace, manifest, format32) {
|
|
|
149640
149824
|
return withSites;
|
|
149641
149825
|
}
|
|
149642
149826
|
async function deploy(props, config2, buildResult, callbacks) {
|
|
149643
|
-
if (!props.name) {
|
|
149644
|
-
throw new UserError(
|
|
149645
|
-
'You need to provide a name when publishing a worker. Either pass it as a cli arg with `--name <name>` or in your config file as `name = "<name>"`',
|
|
149646
|
-
{ telemetryMessage: "deploy command missing worker name" }
|
|
149647
|
-
);
|
|
149648
|
-
}
|
|
149649
149827
|
const {
|
|
149650
149828
|
entry,
|
|
149651
149829
|
name: name2,
|
|
@@ -149655,10 +149833,8 @@ async function deploy(props, config2, buildResult, callbacks) {
|
|
|
149655
149833
|
accountId
|
|
149656
149834
|
} = props;
|
|
149657
149835
|
const assetsOptions = resolveAssetOptions(props, config2);
|
|
149658
|
-
|
|
149659
|
-
|
|
149660
|
-
await verifyWorkerMatchesCITag(config2, accountId, name2, config2.configPath);
|
|
149661
|
-
}
|
|
149836
|
+
await validateWorkerProps({ ...props, assetsOptions }, config2);
|
|
149837
|
+
assert5__default.default(name2);
|
|
149662
149838
|
const deployConfirm = getDeployConfirmFunction({
|
|
149663
149839
|
strictMode: props.strict
|
|
149664
149840
|
});
|
|
@@ -149666,7 +149842,6 @@ async function deploy(props, config2, buildResult, callbacks) {
|
|
|
149666
149842
|
let versionId = null;
|
|
149667
149843
|
let tags = [];
|
|
149668
149844
|
let workerExists = true;
|
|
149669
|
-
const allDeploymentRoutes = props.routes;
|
|
149670
149845
|
if (!props.dispatchNamespace && accountId) {
|
|
149671
149846
|
try {
|
|
149672
149847
|
const serviceMetaData = await fetchResult(config2, `/accounts/${accountId}/workers/services/${name2}`);
|
|
@@ -149685,7 +149860,7 @@ async function deploy(props, config2, buildResult, callbacks) {
|
|
|
149685
149860
|
const configDiff = getRemoteConfigDiff(remoteWorkerConfig, {
|
|
149686
149861
|
...config2,
|
|
149687
149862
|
// We also want to include all the routes used for deployment
|
|
149688
|
-
routes:
|
|
149863
|
+
routes: props.routes
|
|
149689
149864
|
});
|
|
149690
149865
|
if (!configDiff.nonDestructive) {
|
|
149691
149866
|
logger.warn(
|
|
@@ -149756,24 +149931,7 @@ Edits that have been made via the script API will be overridden by your local co
|
|
|
149756
149931
|
}
|
|
149757
149932
|
}
|
|
149758
149933
|
}
|
|
149759
|
-
if (!compatibilityDate) {
|
|
149760
|
-
const compatibilityDateStr = getTodaysCompatDate();
|
|
149761
|
-
throw new UserError(
|
|
149762
|
-
`A compatibility_date is required when publishing. Add the following to your ${configFileName(config2.configPath)} file:
|
|
149763
|
-
\`\`\`
|
|
149764
|
-
${formatConfigSnippet({ compatibility_date: compatibilityDateStr }, config2.configPath, false)}
|
|
149765
|
-
\`\`\`
|
|
149766
|
-
Or you could pass it in your terminal as \`--compatibility-date ${compatibilityDateStr}\`
|
|
149767
|
-
See https://developers.cloudflare.com/workers/platform/compatibility-dates for more information.`,
|
|
149768
|
-
{ telemetryMessage: "missing compatibility date when deploying" }
|
|
149769
|
-
);
|
|
149770
|
-
}
|
|
149771
|
-
validateRoutes2(allDeploymentRoutes, assetsOptions);
|
|
149772
149934
|
const scriptName = name2;
|
|
149773
|
-
assert5__default.default(
|
|
149774
|
-
!config2.site || config2.site.bucket,
|
|
149775
|
-
"A [site] definition requires a `bucket` field with a path to the site's assets directory."
|
|
149776
|
-
);
|
|
149777
149935
|
const envName = props.env ?? "production";
|
|
149778
149936
|
const start = Date.now();
|
|
149779
149937
|
const useServiceEnvironments2 = props.useServiceEnvApiPath;
|
|
@@ -149792,30 +149950,6 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
|
|
|
149792
149950
|
return { versionId, workerTag };
|
|
149793
149951
|
}
|
|
149794
149952
|
}
|
|
149795
|
-
if (!props.isWorkersSite && Boolean(props.legacyAssetPaths) && format32 === "service-worker") {
|
|
149796
|
-
throw new UserError(
|
|
149797
|
-
"You cannot use the service-worker format with an `assets` directory yet. For information on how to migrate to the module-worker format, see: https://developers.cloudflare.com/workers/learning/migrating-to-module-workers/",
|
|
149798
|
-
{ telemetryMessage: "deploy service worker assets unsupported" }
|
|
149799
|
-
);
|
|
149800
|
-
}
|
|
149801
|
-
if (config2.wasm_modules && format32 === "modules") {
|
|
149802
|
-
throw new UserError(
|
|
149803
|
-
"You cannot configure [wasm_modules] with an ES module worker. Instead, import the .wasm module directly in your code",
|
|
149804
|
-
{ telemetryMessage: "deploy wasm modules with es module worker" }
|
|
149805
|
-
);
|
|
149806
|
-
}
|
|
149807
|
-
if (config2.text_blobs && format32 === "modules") {
|
|
149808
|
-
throw new UserError(
|
|
149809
|
-
`You cannot configure [text_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
|
|
149810
|
-
{ telemetryMessage: "[text_blobs] with an ES module worker" }
|
|
149811
|
-
);
|
|
149812
|
-
}
|
|
149813
|
-
if (config2.data_blobs && format32 === "modules") {
|
|
149814
|
-
throw new UserError(
|
|
149815
|
-
`You cannot configure [data_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
|
|
149816
|
-
{ telemetryMessage: "[data_blobs] with an ES module worker" }
|
|
149817
|
-
);
|
|
149818
|
-
}
|
|
149819
149953
|
const isDryRun = props.dryRun;
|
|
149820
149954
|
const normalisedContainerConfig = callbacks.getNormalizedContainerOptions ? await callbacks.getNormalizedContainerOptions(config2, props) : [];
|
|
149821
149955
|
const {
|
|
@@ -150216,7 +150350,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
|
|
|
150216
150350
|
crons: props.triggers,
|
|
150217
150351
|
useServiceEnvironments: useServiceEnvironments2,
|
|
150218
150352
|
firstDeploy: !workerExists,
|
|
150219
|
-
routes:
|
|
150353
|
+
routes: props.routes
|
|
150220
150354
|
});
|
|
150221
150355
|
logger.log("Current Version ID:", versionId);
|
|
150222
150356
|
return {
|
|
@@ -150227,12 +150361,6 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
|
|
|
150227
150361
|
};
|
|
150228
150362
|
}
|
|
150229
150363
|
async function versionsUpload(props, config2, buildResult, callbacks) {
|
|
150230
|
-
if (!props.name) {
|
|
150231
|
-
throw new UserError(
|
|
150232
|
-
'You need to provide a name of your worker. Either pass it as a cli arg with `--name <name>` or in your config file as `name = "<name>"`',
|
|
150233
|
-
{ telemetryMessage: "versions upload missing worker name" }
|
|
150234
|
-
);
|
|
150235
|
-
}
|
|
150236
150364
|
const {
|
|
150237
150365
|
entry,
|
|
150238
150366
|
name: name2,
|
|
@@ -150242,14 +150370,12 @@ async function versionsUpload(props, config2, buildResult, callbacks) {
|
|
|
150242
150370
|
accountId
|
|
150243
150371
|
} = props;
|
|
150244
150372
|
const assetsOptions = resolveAssetOptions(props, config2);
|
|
150245
|
-
|
|
150246
|
-
|
|
150247
|
-
await verifyWorkerMatchesCITag(config2, accountId, name2, config2.configPath);
|
|
150248
|
-
}
|
|
150373
|
+
await validateWorkerProps(props, config2);
|
|
150374
|
+
assert5__default.default(name2);
|
|
150249
150375
|
let versionId = null;
|
|
150250
150376
|
let workerTag = null;
|
|
150251
150377
|
let tags = [];
|
|
150252
|
-
if (accountId
|
|
150378
|
+
if (accountId) {
|
|
150253
150379
|
try {
|
|
150254
150380
|
const {
|
|
150255
150381
|
default_environment: { script }
|
|
@@ -150289,56 +150415,11 @@ Edits that have been made via the API will be overridden by your local code and
|
|
|
150289
150415
|
}
|
|
150290
150416
|
}
|
|
150291
150417
|
}
|
|
150292
|
-
if (!compatibilityDate) {
|
|
150293
|
-
const compatibilityDateStr = getTodaysCompatDate();
|
|
150294
|
-
throw new UserError(
|
|
150295
|
-
`A compatibility_date is required when uploading a Worker Version. Add the following to your ${configFileName(config2.configPath)} file:
|
|
150296
|
-
\`\`\`
|
|
150297
|
-
${formatConfigSnippet({ compatibility_date: compatibilityDateStr }, config2.configPath, false)}
|
|
150298
|
-
\`\`\`
|
|
150299
|
-
Or you could pass it in your terminal as \`--compatibility-date ${compatibilityDateStr}\`
|
|
150300
|
-
See https://developers.cloudflare.com/workers/platform/compatibility-dates for more information.`,
|
|
150301
|
-
{
|
|
150302
|
-
telemetryMessage: "versions upload missing compatibility date"
|
|
150303
|
-
}
|
|
150304
|
-
);
|
|
150305
|
-
}
|
|
150306
150418
|
const scriptName = name2;
|
|
150307
|
-
if (config2.site && !config2.site.bucket) {
|
|
150308
|
-
throw new UserError(
|
|
150309
|
-
"A [site] definition requires a `bucket` field with a path to the site's assets directory.",
|
|
150310
|
-
{ telemetryMessage: "versions upload sites missing bucket" }
|
|
150311
|
-
);
|
|
150312
|
-
}
|
|
150313
150419
|
const start = Date.now();
|
|
150314
150420
|
const workerName = scriptName;
|
|
150315
150421
|
const workerUrl = `/accounts/${accountId}/workers/scripts/${scriptName}`;
|
|
150316
|
-
const { format: format32 } = entry;
|
|
150317
150422
|
const projectRoot = entry.projectRoot;
|
|
150318
|
-
if (config2.wasm_modules && format32 === "modules") {
|
|
150319
|
-
throw new UserError(
|
|
150320
|
-
"You cannot configure [wasm_modules] with an ES module worker. Instead, import the .wasm module directly in your code",
|
|
150321
|
-
{
|
|
150322
|
-
telemetryMessage: "versions upload wasm modules unsupported module worker"
|
|
150323
|
-
}
|
|
150324
|
-
);
|
|
150325
|
-
}
|
|
150326
|
-
if (config2.text_blobs && format32 === "modules") {
|
|
150327
|
-
throw new UserError(
|
|
150328
|
-
`You cannot configure [text_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
|
|
150329
|
-
{
|
|
150330
|
-
telemetryMessage: "versions upload text blobs unsupported module worker"
|
|
150331
|
-
}
|
|
150332
|
-
);
|
|
150333
|
-
}
|
|
150334
|
-
if (config2.data_blobs && format32 === "modules") {
|
|
150335
|
-
throw new UserError(
|
|
150336
|
-
`You cannot configure [data_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
|
|
150337
|
-
{
|
|
150338
|
-
telemetryMessage: "versions upload data blobs unsupported module worker"
|
|
150339
|
-
}
|
|
150340
|
-
);
|
|
150341
|
-
}
|
|
150342
150423
|
let hasPreview = false;
|
|
150343
150424
|
const {
|
|
150344
150425
|
modules,
|
|
@@ -150420,11 +150501,6 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
|
|
|
150420
150501
|
cache: config2.cache
|
|
150421
150502
|
// cache is a versioned setting
|
|
150422
150503
|
};
|
|
150423
|
-
if (config2.containers && config2.containers.length > 0) {
|
|
150424
|
-
logger.warn(
|
|
150425
|
-
`Your Worker has Containers configured. Container configuration changes (such as image, max_instances, etc.) will not be gradually rolled out with versions. These changes will only take effect after running \`wrangler deploy\`.`
|
|
150426
|
-
);
|
|
150427
|
-
}
|
|
150428
150504
|
await printBundleSize(
|
|
150429
150505
|
{ name: path3__namespace.default.basename(resolvedEntryPointPath), content },
|
|
150430
150506
|
modules
|
|
@@ -150551,11 +150627,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
|
|
|
150551
150627
|
logger.log(`--dry-run: exiting now.`);
|
|
150552
150628
|
return { versionId, workerTag };
|
|
150553
150629
|
}
|
|
150554
|
-
|
|
150555
|
-
throw new UserError("Missing accountId", {
|
|
150556
|
-
telemetryMessage: "versions upload missing account id"
|
|
150557
|
-
});
|
|
150558
|
-
}
|
|
150630
|
+
assert5__default.default(accountId);
|
|
150559
150631
|
const uploadMs = Date.now() - start;
|
|
150560
150632
|
logger.log("Uploaded", workerName, formatTime(uploadMs));
|
|
150561
150633
|
logger.log("Worker Version ID:", versionId);
|
|
@@ -150668,7 +150740,7 @@ function validateNodeCompatMode(compatibilityDateStr = "2000-01-01", compatibili
|
|
|
150668
150740
|
}
|
|
150669
150741
|
return mode;
|
|
150670
150742
|
}
|
|
150671
|
-
var import_undici4, import_command_exists2, import_dotenv, require_ignore, require_heap, require_heap2, require_difflib, require_difflib2, require_util9, require_styles2, require_has_flag2, require_supports_colors2, require_trap2, require_zalgo2, require_america2, require_zebra2, require_rainbow2, require_random2, require_colors2, require_safe2, require_colorize, require_lib4, __getOwnPropNames4, __commonJS22, __defProp5, __name22, UserError2, FatalError2, JsonFriendlyFatalError2, CharacterCodes2, ParseOptions2, ScanError2, SyntaxKind2, parse22, ParseErrorCode2, TomlError3, DATE_TIME_RE3, TomlDate3, INT_REGEX3, FLOAT_REGEX3, LEADING_ZERO3, ESCAPE_REGEX3, ESC_MAP3, KEY_PART_RE3, BARE_KEY3, dist_default5, ParseError2, units2, UNSUPPORTED_BOMS2, PATH_TO_DEPLOY_CONFIG2, esm_default5, AssetsSchema, KnownBindingSchema, UnsafeBindingSchema, BindingSchema, CacheSchema, SINGLETON_BINDING_TYPES, listFormatter, EnvSchema, ExportSchema, LimitsSchema, ObservabilitySchema, PlacementSchema, TailConsumerSchema, TriggerSchema, UnsafeSchema, BaseWorkerSchema, InputWorkerSchema, ModuleTypeSchema, ManifestSchema, require_dist2, ApplicationRollout2, BadRequestWithCodeError2, CreateApplicationRolloutRequest2, DeploymentNotFoundError2, ImageRegistryAlreadyExistsError2, ImageRegistryIsPublic2, ImageRegistryNotAllowedError2, ImageRegistryNotFoundError2, ImageRegistryProtocolAlreadyExists2, ImageRegistryProtocolIsReferencedError2, ImageRegistryProtocolNotFound2, ProvisionerConfiguration2, RolloutStep2, SecretNameAlreadyExists2, SecretNotFound2, SSHPublicKeyNotFoundError2, UpdateApplicationRolloutRequest2, runDockerCmd2, isDockerRunning2, verifyDockerInstalled2, queuesUrl, MAX_ROUTES_RULES, MAX_ROUTES_RULE_LENGTH, formatInvalidRoutes, MAX_ASSET_SIZE, CF_ASSETS_IGNORE_FILENAME, REDIRECTS_FILENAME, HEADERS_FILENAME, import_ignore, types, other_default, types2, standard_default, __classPrivateFieldGet7, _Mime_extensionToType, _Mime_typeToExtension, _Mime_typeToExtensions, Mime, Mime_default, src_default, normalizeFilePath, getContentType, hashFile, isJwtExpired, BULK_UPLOAD_CONCURRENCY, MAX_UPLOAD_ATTEMPTS, MAX_UPLOAD_GATEWAY_ERRORS, MAX_DIFF_LINES, syncAssets, buildAssetManifest, WORKER_JS_FILENAME, nameBindings, ONE_KIB_BYTES, MAX_GZIP_SIZE_BYTES, WORKER_NOT_FOUND_ERR_CODE, WORKER_LEGACY_ENVIRONMENT_NOT_FOUND_ERR_CODE, WORKFLOW_NOT_FOUND_CODE, import_json_diff, reorderableBindings, BLANK_INPUT, moduleTypeMimeType, suppressNotFoundError, esm_default22,
|
|
150743
|
+
var import_undici4, import_command_exists2, import_dotenv, require_ignore, require_heap, require_heap2, require_difflib, require_difflib2, require_util9, require_styles2, require_has_flag2, require_supports_colors2, require_trap2, require_zalgo2, require_america2, require_zebra2, require_rainbow2, require_random2, require_colors2, require_safe2, require_colorize, require_lib4, __getOwnPropNames4, __commonJS22, __defProp5, __name22, UserError2, FatalError2, JsonFriendlyFatalError2, CharacterCodes2, ParseOptions2, ScanError2, SyntaxKind2, parse22, ParseErrorCode2, TomlError3, DATE_TIME_RE3, TomlDate3, INT_REGEX3, FLOAT_REGEX3, LEADING_ZERO3, ESCAPE_REGEX3, ESC_MAP3, KEY_PART_RE3, BARE_KEY3, dist_default5, ParseError2, units2, UNSUPPORTED_BOMS2, PATH_TO_DEPLOY_CONFIG2, esm_default5, AssetsSchema, KnownBindingSchema, UnsafeBindingSchema, BindingSchema, CacheSchema, SINGLETON_BINDING_TYPES, listFormatter, EnvSchema, ExportSchema, LimitsSchema, ObservabilitySchema, PlacementSchema, TailConsumerSchema, TriggerSchema, UnsafeSchema, BaseWorkerSchema, InputWorkerSchema, ModuleTypeSchema, ManifestSchema, require_dist2, ApplicationRollout2, BadRequestWithCodeError2, CreateApplicationRolloutRequest2, DeploymentNotFoundError2, ImageRegistryAlreadyExistsError2, ImageRegistryIsPublic2, ImageRegistryNotAllowedError2, ImageRegistryNotFoundError2, ImageRegistryProtocolAlreadyExists2, ImageRegistryProtocolIsReferencedError2, ImageRegistryProtocolNotFound2, ProvisionerConfiguration2, RolloutStep2, SecretNameAlreadyExists2, SecretNotFound2, SSHPublicKeyNotFoundError2, UpdateApplicationRolloutRequest2, runDockerCmd2, isDockerRunning2, verifyDockerInstalled2, queuesUrl, MAX_ROUTES_RULES, MAX_ROUTES_RULE_LENGTH, formatInvalidRoutes, MAX_ASSET_SIZE, CF_ASSETS_IGNORE_FILENAME, REDIRECTS_FILENAME, HEADERS_FILENAME, import_ignore, types, other_default, types2, standard_default, __classPrivateFieldGet7, _Mime_extensionToType, _Mime_typeToExtension, _Mime_typeToExtensions, Mime, Mime_default, src_default, normalizeFilePath, getContentType, hashFile, isJwtExpired, BULK_UPLOAD_CONCURRENCY, MAX_UPLOAD_ATTEMPTS, MAX_UPLOAD_GATEWAY_ERRORS, MAX_DIFF_LINES, syncAssets, buildAssetManifest, WORKER_JS_FILENAME, nameBindings, ONE_KIB_BYTES, MAX_GZIP_SIZE_BYTES, WORKER_NOT_FOUND_ERR_CODE, WORKER_LEGACY_ENVIRONMENT_NOT_FOUND_ERR_CODE, WORKFLOW_NOT_FOUND_CODE, import_json_diff, reorderableBindings, BLANK_INPUT, moduleTypeMimeType, suppressNotFoundError, esm_default22, isConnectedStatusExplained, ProvisionResourceHandler, R2Handler, AISearchNamespaceHandler, AgentMemoryNamespaceHandler, KVHandler, D1Handler, HANDLERS, INVALID_INHERIT_BINDING_CODE, InternalConfigSchema, StaticRoutingSchema, MetadataStaticRedirectEntry, MetadataRedirectEntry, MetadataStaticRedirects, MetadataRedirects, MetadataHeaderEntry, MetadataHeaders, RedirectsSchema, HeadersSchema, sourceMappingPrepareStackTrace, retrieveSourceMapOverride, placeholderError, CALL_SITE_REGEXP, CallSite, getCloudflareAccountIdFromEnv2, validateRoutes2, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
|
|
150672
150744
|
var init_dist9 = __esm({
|
|
150673
150745
|
"../deploy-helpers/dist/index.mjs"() {
|
|
150674
150746
|
init_import_meta_url();
|
|
@@ -151362,10 +151434,10 @@ var init_dist9 = __esm({
|
|
|
151362
151434
|
require_difflib = __commonJS3({
|
|
151363
151435
|
"../../node_modules/.pnpm/@ewoudenberg+difflib@0.1.0/node_modules/@ewoudenberg/difflib/lib/difflib.js"(exports2) {
|
|
151364
151436
|
(function() {
|
|
151365
|
-
var Differ, Heap, IS_CHARACTER_JUNK, IS_LINE_JUNK, SequenceMatcher, _any2, _arrayCmp, _calculateRatio, _countLeading, _formatRangeContext, _formatRangeUnified, _has,
|
|
151437
|
+
var Differ, Heap, IS_CHARACTER_JUNK, IS_LINE_JUNK, SequenceMatcher, _any2, _arrayCmp, _calculateRatio, _countLeading, _formatRangeContext, _formatRangeUnified, _has, assert102, contextDiff, floor, getCloseMatches, max, min, ndiff, restore, unifiedDiff2, indexOf = [].indexOf;
|
|
151366
151438
|
({ floor, max, min } = Math);
|
|
151367
151439
|
Heap = require_heap2();
|
|
151368
|
-
|
|
151440
|
+
assert102 = __require3("assert");
|
|
151369
151441
|
_calculateRatio = /* @__PURE__ */ __name3(function(matches, length) {
|
|
151370
151442
|
if (length) {
|
|
151371
151443
|
return 2 * matches / length;
|
|
@@ -151942,7 +152014,7 @@ var init_dist9 = __esm({
|
|
|
151942
152014
|
}
|
|
151943
152015
|
_plainReplace(a7, alo, ahi, b9, blo, bhi) {
|
|
151944
152016
|
var first, g6, l7, len, len1, line, lines, m6, ref, second;
|
|
151945
|
-
|
|
152017
|
+
assert102(alo < ahi && blo < bhi);
|
|
151946
152018
|
if (bhi - blo < ahi - alo) {
|
|
151947
152019
|
first = this._dump("+", b9, blo, bhi);
|
|
151948
152020
|
second = this._dump("-", a7, alo, ahi);
|
|
@@ -156455,12 +156527,6 @@ Ensure all assets in your assets directory "${dir2}" conform with the Workers ma
|
|
|
156455
156527
|
__name3(errIsScriptSize, "errIsScriptSize");
|
|
156456
156528
|
__name(errIsStartupErr, "errIsStartupErr");
|
|
156457
156529
|
__name3(errIsStartupErr, "errIsStartupErr");
|
|
156458
|
-
getCloudflareAccountIdFromEnv2 = getEnvironmentVariableFactory({
|
|
156459
|
-
variableName: "CLOUDFLARE_ACCOUNT_ID",
|
|
156460
|
-
deprecatedName: "CF_ACCOUNT_ID"
|
|
156461
|
-
});
|
|
156462
|
-
__name(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
|
|
156463
|
-
__name3(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
|
|
156464
156530
|
__name(validateFileSecrets, "validateFileSecrets");
|
|
156465
156531
|
__name3(validateFileSecrets, "validateFileSecrets");
|
|
156466
156532
|
(class extends Error {
|
|
@@ -157109,6 +157175,12 @@ Ensure all assets in your assets directory "${dir2}" conform with the Workers ma
|
|
|
157109
157175
|
return null;
|
|
157110
157176
|
}
|
|
157111
157177
|
};
|
|
157178
|
+
getCloudflareAccountIdFromEnv2 = getEnvironmentVariableFactory({
|
|
157179
|
+
variableName: "CLOUDFLARE_ACCOUNT_ID",
|
|
157180
|
+
deprecatedName: "CF_ACCOUNT_ID"
|
|
157181
|
+
});
|
|
157182
|
+
__name(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
|
|
157183
|
+
__name3(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
|
|
157112
157184
|
validateRoutes2 = /* @__PURE__ */ __name3((routes, assets) => {
|
|
157113
157185
|
const invalidRoutes = {};
|
|
157114
157186
|
const mountedAssetRoutes = [];
|
|
@@ -157163,6 +157235,8 @@ ${mountedAssetRoutes.map((route) => {
|
|
|
157163
157235
|
);
|
|
157164
157236
|
}
|
|
157165
157237
|
}, "validateRoutes");
|
|
157238
|
+
__name(validateWorkerProps, "validateWorkerProps");
|
|
157239
|
+
__name3(validateWorkerProps, "validateWorkerProps");
|
|
157166
157240
|
__name(addWorkersSitesBindings, "addWorkersSitesBindings");
|
|
157167
157241
|
__name3(addWorkersSitesBindings, "addWorkersSitesBindings");
|
|
157168
157242
|
__name(deploy, "deploy");
|
|
@@ -158887,16 +158961,19 @@ async function matchFiles(files, relativeTo, { rules, removedRules }) {
|
|
|
158887
158961
|
}
|
|
158888
158962
|
}
|
|
158889
158963
|
}
|
|
158890
|
-
|
|
158891
|
-
for (const
|
|
158892
|
-
const
|
|
158893
|
-
|
|
158894
|
-
|
|
158895
|
-
|
|
158896
|
-
|
|
158897
|
-
|
|
158898
|
-
|
|
158899
|
-
|
|
158964
|
+
if (!moduleNames.has(filePath)) {
|
|
158965
|
+
for (const rule of removedRules) {
|
|
158966
|
+
for (const glob of rule.globs) {
|
|
158967
|
+
const regexp = (0, import_glob_to_regexp.default)(glob, {
|
|
158968
|
+
globstar: true
|
|
158969
|
+
});
|
|
158970
|
+
if (regexp.test(filePath)) {
|
|
158971
|
+
logger2.debug(
|
|
158972
|
+
`Skipping discovered file ${filePath} \u2014 it only matches a shadowed module rule (${JSON.stringify(
|
|
158973
|
+
rule
|
|
158974
|
+
)}). To include this file, add \`fallthrough = true\` to the earlier rule of the same type, or broaden your rule's globs.`
|
|
158975
|
+
);
|
|
158976
|
+
}
|
|
158900
158977
|
}
|
|
158901
158978
|
}
|
|
158902
158979
|
}
|
|
@@ -159369,7 +159446,7 @@ var init_dist10 = __esm({
|
|
|
159369
159446
|
}
|
|
159370
159447
|
});
|
|
159371
159448
|
|
|
159372
|
-
// ../../node_modules/.pnpm/am-i-vibing@0.
|
|
159449
|
+
// ../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/detector-1yx2Hoe0.mjs
|
|
159373
159450
|
function checkEnvVar(envVarDef, env7 = process.env) {
|
|
159374
159451
|
const [envVar, expectedValue] = typeof envVarDef === "string" ? [envVarDef, void 0] : envVarDef;
|
|
159375
159452
|
const actualValue = env7[envVar];
|
|
@@ -159443,8 +159520,8 @@ function detectAgenticEnvironment(envOrOptions, legacyAncestry) {
|
|
|
159443
159520
|
};
|
|
159444
159521
|
}
|
|
159445
159522
|
var providers;
|
|
159446
|
-
var
|
|
159447
|
-
"../../node_modules/.pnpm/am-i-vibing@0.
|
|
159523
|
+
var init_detector_1yx2Hoe0 = __esm({
|
|
159524
|
+
"../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/detector-1yx2Hoe0.mjs"() {
|
|
159448
159525
|
init_import_meta_url();
|
|
159449
159526
|
init_dist10();
|
|
159450
159527
|
providers = [
|
|
@@ -159626,6 +159703,12 @@ var init_detector_Boc_HQ9 = __esm({
|
|
|
159626
159703
|
name: "Factory Droid",
|
|
159627
159704
|
type: "agent",
|
|
159628
159705
|
processChecks: ["droid"]
|
|
159706
|
+
},
|
|
159707
|
+
{
|
|
159708
|
+
id: "pi",
|
|
159709
|
+
name: "Pi",
|
|
159710
|
+
type: "agent",
|
|
159711
|
+
envVars: [["PI_CODING_AGENT", "true"]]
|
|
159629
159712
|
}
|
|
159630
159713
|
];
|
|
159631
159714
|
__name(checkEnvVar, "checkEnvVar");
|
|
@@ -159638,11 +159721,11 @@ var init_detector_Boc_HQ9 = __esm({
|
|
|
159638
159721
|
}
|
|
159639
159722
|
});
|
|
159640
159723
|
|
|
159641
|
-
// ../../node_modules/.pnpm/am-i-vibing@0.
|
|
159724
|
+
// ../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/index.mjs
|
|
159642
159725
|
var init_dist11 = __esm({
|
|
159643
|
-
"../../node_modules/.pnpm/am-i-vibing@0.
|
|
159726
|
+
"../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/index.mjs"() {
|
|
159644
159727
|
init_import_meta_url();
|
|
159645
|
-
|
|
159728
|
+
init_detector_1yx2Hoe0();
|
|
159646
159729
|
}
|
|
159647
159730
|
});
|
|
159648
159731
|
function write(p7, bytes) {
|
|
@@ -197149,6 +197232,52 @@ var init_limits2 = __esm({
|
|
|
197149
197232
|
__name(ensureImageFitsLimits, "ensureImageFitsLimits");
|
|
197150
197233
|
}
|
|
197151
197234
|
});
|
|
197235
|
+
function getRepositoryOnly(externalAccountId, imageTag) {
|
|
197236
|
+
return resolveImageName(externalAccountId, imageTag).replace(DIGEST_SUFFIX_REGEXP, "").replace(TAG_SUFFIX_REGEXP, "");
|
|
197237
|
+
}
|
|
197238
|
+
function imageRefWithDigest(externalAccountId, imageTag, digest) {
|
|
197239
|
+
if (!DIGEST_VALUE_REGEXP.test(digest)) {
|
|
197240
|
+
throw new Error(
|
|
197241
|
+
`Expected image digest to match algorithm:hex format, got ${digest}`
|
|
197242
|
+
);
|
|
197243
|
+
}
|
|
197244
|
+
return `${getRepositoryOnly(externalAccountId, imageTag)}@${digest}`;
|
|
197245
|
+
}
|
|
197246
|
+
function findManifestDigest(manifestOutput) {
|
|
197247
|
+
const parsedManifest = JSON.parse(manifestOutput);
|
|
197248
|
+
const digest = parsedManifest?.Descriptor?.digest;
|
|
197249
|
+
if (typeof digest !== "string" || digest.length === 0) {
|
|
197250
|
+
throw new Error(
|
|
197251
|
+
`Expected docker manifest inspect output to include Descriptor.digest, got ${manifestOutput}`
|
|
197252
|
+
);
|
|
197253
|
+
}
|
|
197254
|
+
return digest;
|
|
197255
|
+
}
|
|
197256
|
+
function findRemoteDigest(repoDigestsJson, externalAccountId, imageTag) {
|
|
197257
|
+
const parsedDigests = JSON.parse(repoDigestsJson);
|
|
197258
|
+
if (!Array.isArray(parsedDigests)) {
|
|
197259
|
+
throw new Error(
|
|
197260
|
+
`Expected RepoDigests from docker inspect to be an array but got ${JSON.stringify(parsedDigests)}`
|
|
197261
|
+
);
|
|
197262
|
+
}
|
|
197263
|
+
const repositoryOnly = getRepositoryOnly(externalAccountId, imageTag);
|
|
197264
|
+
logger2.debug("respositoryOnly:", repositoryOnly);
|
|
197265
|
+
const digest = parsedDigests.find((d8) => {
|
|
197266
|
+
if (typeof d8 !== "string" || !d8.includes("@")) {
|
|
197267
|
+
return false;
|
|
197268
|
+
}
|
|
197269
|
+
const resolved = resolveImageName(externalAccountId, d8);
|
|
197270
|
+
logger2.debug(`Comparing ${resolved.split("@")[0]} to ${repositoryOnly}`);
|
|
197271
|
+
return typeof d8 === "string" && resolved.split("@")[0] === repositoryOnly;
|
|
197272
|
+
});
|
|
197273
|
+
if (!digest) {
|
|
197274
|
+
throw new Error(
|
|
197275
|
+
`Could not find a digest for the image ${repositoryOnly}. Found digests: ${parsedDigests.join(", ")}`
|
|
197276
|
+
);
|
|
197277
|
+
}
|
|
197278
|
+
const [, hash3] = digest.split("@");
|
|
197279
|
+
return imageRefWithDigest(externalAccountId, imageTag, hash3);
|
|
197280
|
+
}
|
|
197152
197281
|
async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
|
|
197153
197282
|
try {
|
|
197154
197283
|
const imageTag = args.tag;
|
|
@@ -197187,44 +197316,20 @@ async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
|
|
|
197187
197316
|
getCloudflareContainerRegistry()
|
|
197188
197317
|
);
|
|
197189
197318
|
try {
|
|
197190
|
-
const
|
|
197191
|
-
|
|
197192
|
-
if (!Array.isArray(parsedDigests)) {
|
|
197193
|
-
throw new Error(
|
|
197194
|
-
`Expected RepoDigests from docker inspect to be an array but got ${JSON.stringify(parsedDigests)}`
|
|
197195
|
-
);
|
|
197196
|
-
}
|
|
197197
|
-
const imageUrl = new URL(
|
|
197198
|
-
`http://${resolveImageName(account.external_account_id, imageTag)}`
|
|
197199
|
-
);
|
|
197200
|
-
const repositoryOnly = `${imageUrl.host}${imageUrl.pathname.split(":")[0]}`;
|
|
197201
|
-
logger2.debug("respositoryOnly:", repositoryOnly);
|
|
197202
|
-
const digest = parsedDigests.find((d8) => {
|
|
197203
|
-
const resolved = resolveImageName(account.external_account_id, d8);
|
|
197204
|
-
logger2.debug(
|
|
197205
|
-
`Comparing ${resolved.split("@")[0]} to ${repositoryOnly}`
|
|
197206
|
-
);
|
|
197207
|
-
return typeof d8 === "string" && resolved.split("@")[0] === repositoryOnly;
|
|
197208
|
-
});
|
|
197209
|
-
if (!digest) {
|
|
197210
|
-
throw new Error(
|
|
197211
|
-
`Could not find a digest for the image ${repositoryOnly}. Found digests: ${parsedDigests.join(", ")}`
|
|
197212
|
-
);
|
|
197213
|
-
}
|
|
197214
|
-
const [image, hash3] = digest.split("@");
|
|
197215
|
-
const resolvedImage = resolveImageName(
|
|
197319
|
+
const remoteDigest2 = findRemoteDigest(
|
|
197320
|
+
imageInfo,
|
|
197216
197321
|
account.external_account_id,
|
|
197217
|
-
|
|
197322
|
+
imageTag
|
|
197218
197323
|
);
|
|
197219
|
-
const
|
|
197324
|
+
const [, hash3] = remoteDigest2.split("@");
|
|
197220
197325
|
logger2.debug(
|
|
197221
|
-
`'docker manifest inspect -v ${resolveImageName(account.external_account_id,
|
|
197326
|
+
`'docker manifest inspect -v ${resolveImageName(account.external_account_id, remoteDigest2)}:`
|
|
197222
197327
|
);
|
|
197223
197328
|
const remoteManifest = runDockerCmdWithOutput(pathToDocker, [
|
|
197224
197329
|
"manifest",
|
|
197225
197330
|
"inspect",
|
|
197226
197331
|
"-v",
|
|
197227
|
-
resolveImageName(account.external_account_id,
|
|
197332
|
+
resolveImageName(account.external_account_id, remoteDigest2)
|
|
197228
197333
|
]);
|
|
197229
197334
|
const parsedRemoteManifest = JSON.parse(remoteManifest);
|
|
197230
197335
|
if (parsedRemoteManifest.Descriptor.digest === hash3) {
|
|
@@ -197233,7 +197338,7 @@ async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
|
|
|
197233
197338
|
`Untagging built image: ${args.tag} since there was no change.`
|
|
197234
197339
|
);
|
|
197235
197340
|
await runDockerCmd(pathToDocker, ["image", "rm", imageTag]);
|
|
197236
|
-
return { remoteDigest };
|
|
197341
|
+
return { remoteDigest: remoteDigest2 };
|
|
197237
197342
|
}
|
|
197238
197343
|
} catch (error53) {
|
|
197239
197344
|
if (error53 instanceof Error) {
|
|
@@ -197251,6 +197356,36 @@ async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
|
|
|
197251
197356
|
);
|
|
197252
197357
|
await runDockerCmd(pathToDocker, ["tag", imageTag, namespacedImageTag]);
|
|
197253
197358
|
await runDockerCmd(pathToDocker, ["push", namespacedImageTag]);
|
|
197359
|
+
let remoteDigest;
|
|
197360
|
+
try {
|
|
197361
|
+
const pushedImageInfo = await dockerImageInspect(pathToDocker, {
|
|
197362
|
+
imageTag: namespacedImageTag,
|
|
197363
|
+
formatString: "{{ json .RepoDigests }}"
|
|
197364
|
+
});
|
|
197365
|
+
remoteDigest = findRemoteDigest(
|
|
197366
|
+
pushedImageInfo,
|
|
197367
|
+
account.external_account_id,
|
|
197368
|
+
namespacedImageTag
|
|
197369
|
+
);
|
|
197370
|
+
} catch (error53) {
|
|
197371
|
+
if (error53 instanceof Error) {
|
|
197372
|
+
logger2.debug(
|
|
197373
|
+
`Inspecting pushed image ${namespacedImageTag} failed with error: ${error53.message}`
|
|
197374
|
+
);
|
|
197375
|
+
}
|
|
197376
|
+
const remoteManifest = runDockerCmdWithOutput(pathToDocker, [
|
|
197377
|
+
"manifest",
|
|
197378
|
+
"inspect",
|
|
197379
|
+
"-v",
|
|
197380
|
+
namespacedImageTag
|
|
197381
|
+
]);
|
|
197382
|
+
remoteDigest = imageRefWithDigest(
|
|
197383
|
+
account.external_account_id,
|
|
197384
|
+
namespacedImageTag,
|
|
197385
|
+
findManifestDigest(remoteManifest)
|
|
197386
|
+
);
|
|
197387
|
+
}
|
|
197388
|
+
return { remoteDigest };
|
|
197254
197389
|
}
|
|
197255
197390
|
return { newTag: imageTag };
|
|
197256
197391
|
} catch (error53) {
|
|
@@ -197329,7 +197464,7 @@ async function checkImagePlatform(pathToDocker, imageTag, expectedPlatform = "li
|
|
|
197329
197464
|
);
|
|
197330
197465
|
}
|
|
197331
197466
|
}
|
|
197332
|
-
var cloudchamberBuildCommand, cloudchamberPushCommand;
|
|
197467
|
+
var DIGEST_SUFFIX_REGEXP, DIGEST_VALUE_REGEXP, TAG_SUFFIX_REGEXP, cloudchamberBuildCommand, cloudchamberPushCommand;
|
|
197333
197468
|
var init_build2 = __esm({
|
|
197334
197469
|
"src/cloudchamber/build.ts"() {
|
|
197335
197470
|
init_import_meta_url();
|
|
@@ -197341,6 +197476,13 @@ var init_build2 = __esm({
|
|
|
197341
197476
|
init_common();
|
|
197342
197477
|
init_limits2();
|
|
197343
197478
|
init_locations7();
|
|
197479
|
+
DIGEST_SUFFIX_REGEXP = /@[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*:[a-fA-F0-9]{32,}$/;
|
|
197480
|
+
DIGEST_VALUE_REGEXP = /^[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*:[a-fA-F0-9]{32,}$/;
|
|
197481
|
+
TAG_SUFFIX_REGEXP = /:[\w][\w.-]{0,127}$/;
|
|
197482
|
+
__name(getRepositoryOnly, "getRepositoryOnly");
|
|
197483
|
+
__name(imageRefWithDigest, "imageRefWithDigest");
|
|
197484
|
+
__name(findManifestDigest, "findManifestDigest");
|
|
197485
|
+
__name(findRemoteDigest, "findRemoteDigest");
|
|
197344
197486
|
__name(buildAndMaybePush, "buildAndMaybePush");
|
|
197345
197487
|
__name(buildCommand, "buildCommand");
|
|
197346
197488
|
__name(pushCommand, "pushCommand");
|
|
@@ -197982,7 +198124,7 @@ async function deployContainers(config2, normalisedContainerConfig, { versionId,
|
|
|
197982
198124
|
imageRef = { newTag: container.image_uri };
|
|
197983
198125
|
}
|
|
197984
198126
|
if (boundDOs.has(container.class_name)) {
|
|
197985
|
-
maybeVersionInfo ??= await
|
|
198127
|
+
maybeVersionInfo ??= await fetchUploadedVersion(
|
|
197986
198128
|
config2,
|
|
197987
198129
|
accountId,
|
|
197988
198130
|
scriptName,
|
|
@@ -198028,6 +198170,19 @@ async function deployContainers(config2, normalisedContainerConfig, { versionId,
|
|
|
198028
198170
|
}
|
|
198029
198171
|
}
|
|
198030
198172
|
}
|
|
198173
|
+
async function fetchUploadedVersion(config2, accountId, scriptName, versionId) {
|
|
198174
|
+
for (let attempt = 0; attempt < 5; attempt++) {
|
|
198175
|
+
try {
|
|
198176
|
+
return await fetchVersion2(config2, accountId, scriptName, versionId);
|
|
198177
|
+
} catch (error53) {
|
|
198178
|
+
if (!(error53 instanceof APIError) || error53.code !== 100146 || attempt === 4) {
|
|
198179
|
+
throw error53;
|
|
198180
|
+
}
|
|
198181
|
+
await timersPromises.setTimeout(500);
|
|
198182
|
+
}
|
|
198183
|
+
}
|
|
198184
|
+
throw new Error("Unable to fetch uploaded Worker version");
|
|
198185
|
+
}
|
|
198031
198186
|
async function listDurableObjects(complianceConfig, accountId) {
|
|
198032
198187
|
return await fetchResult2(
|
|
198033
198188
|
complianceConfig,
|
|
@@ -198144,7 +198299,7 @@ async function apply(args, containerConfig, config2) {
|
|
|
198144
198299
|
const prevApp = existingApplications.find(
|
|
198145
198300
|
(app) => app.name === containerConfig.name
|
|
198146
198301
|
);
|
|
198147
|
-
const imageRef = "remoteDigest" in args.imageRef ?
|
|
198302
|
+
const imageRef = "remoteDigest" in args.imageRef ? args.imageRef.remoteDigest : args.imageRef.newTag;
|
|
198148
198303
|
log(dim("Container application changes\n"));
|
|
198149
198304
|
const accountId = await getOrSelectAccountId(config2);
|
|
198150
198305
|
const appConfig = mergeIfUnsafe(
|
|
@@ -198310,6 +198465,7 @@ var init_deploy = __esm({
|
|
|
198310
198465
|
init_api2();
|
|
198311
198466
|
init_containers2();
|
|
198312
198467
|
__name(deployContainers, "deployContainers");
|
|
198468
|
+
__name(fetchUploadedVersion, "fetchUploadedVersion");
|
|
198313
198469
|
__name(listDurableObjects, "listDurableObjects");
|
|
198314
198470
|
__name(mergeDeep2, "mergeDeep");
|
|
198315
198471
|
__name(isObject2, "isObject");
|
|
@@ -198452,8 +198608,12 @@ ${formatError2(err)}`,
|
|
|
198452
198608
|
}, "configRolloutStepsToAPI");
|
|
198453
198609
|
}
|
|
198454
198610
|
});
|
|
198455
|
-
|
|
198456
|
-
|
|
198611
|
+
function providerSpecificCredentialFlagConflicts(flagName) {
|
|
198612
|
+
return [
|
|
198613
|
+
"public-credential",
|
|
198614
|
+
...providerSpecificCredentialFlagNames.filter((name2) => name2 !== flagName)
|
|
198615
|
+
];
|
|
198616
|
+
}
|
|
198457
198617
|
async function registryConfigureCommand(configureArgs, config2) {
|
|
198458
198618
|
startSection("Configure a container registry");
|
|
198459
198619
|
const registryType = getAndValidateRegistryType(configureArgs.DOMAIN);
|
|
@@ -198464,9 +198624,10 @@ async function registryConfigureCommand(configureArgs, config2) {
|
|
|
198464
198624
|
endSection("No configuration required");
|
|
198465
198625
|
return;
|
|
198466
198626
|
}
|
|
198467
|
-
|
|
198627
|
+
validateProviderSpecificCredentialFlags(configureArgs, registryType.type);
|
|
198628
|
+
const publicCredential = configureArgs.awsAccessKeyId ?? configureArgs.dockerhubUsername ?? configureArgs.garEmail ?? configureArgs.publicCredential;
|
|
198468
198629
|
if (!publicCredential) {
|
|
198469
|
-
const arg = registryType.type === "DockerHub" /* DOCKER_HUB */ ? "dockerhub-username" : registryType.type === "ECR" /* ECR */ ? "aws-access-key-id" : "public-credential";
|
|
198630
|
+
const arg = registryType.type === "DockerHub" /* DOCKER_HUB */ ? "dockerhub-username" : registryType.type === "ECR" /* ECR */ ? "aws-access-key-id" : registryType.type === "GAR" /* GAR */ ? "gar-email" : "public-credential";
|
|
198470
198631
|
throw new UserError(`Missing required argument: ${arg}`, {
|
|
198471
198632
|
telemetryMessage: "containers registries configure missing public credential"
|
|
198472
198633
|
});
|
|
@@ -198494,15 +198655,9 @@ async function registryConfigureCommand(configureArgs, config2) {
|
|
|
198494
198655
|
}
|
|
198495
198656
|
}
|
|
198496
198657
|
let secretStoreId = configureArgs.secretStoreId;
|
|
198497
|
-
let secretName = configureArgs.secretName;
|
|
198498
198658
|
if (configureArgs.secretName) {
|
|
198499
198659
|
validateSecretName(configureArgs.secretName);
|
|
198500
198660
|
}
|
|
198501
|
-
log(`Getting ${registryType.secretType}...
|
|
198502
|
-
`);
|
|
198503
|
-
const privateCredential = await promptForRegistryPrivateCredential(
|
|
198504
|
-
registryType.secretType
|
|
198505
|
-
);
|
|
198506
198661
|
let private_credential;
|
|
198507
198662
|
if (!isFedRAMPHigh) {
|
|
198508
198663
|
log("\nSetting up integration with Secrets Store...\n");
|
|
@@ -198540,20 +198695,51 @@ async function registryConfigureCommand(configureArgs, config2) {
|
|
|
198540
198695
|
}
|
|
198541
198696
|
}
|
|
198542
198697
|
log("\n");
|
|
198543
|
-
secretName = await
|
|
198698
|
+
const { secretName, secretExists } = await resolveSecretSelection({
|
|
198544
198699
|
configureArgs,
|
|
198545
198700
|
config: config2,
|
|
198546
198701
|
accountId,
|
|
198547
198702
|
storeId: secretStoreId,
|
|
198548
|
-
privateCredential,
|
|
198549
198703
|
secretType: registryType.secretType
|
|
198550
198704
|
});
|
|
198705
|
+
if (!secretExists) {
|
|
198706
|
+
log(`Getting ${registryType.secretType}...
|
|
198707
|
+
`);
|
|
198708
|
+
const privateCredential = await resolvePrivateCredential(
|
|
198709
|
+
registryType.type,
|
|
198710
|
+
registryType.secretType,
|
|
198711
|
+
publicCredential
|
|
198712
|
+
);
|
|
198713
|
+
await promiseSpinner(
|
|
198714
|
+
createSecret(config2, accountId, secretStoreId, {
|
|
198715
|
+
name: secretName,
|
|
198716
|
+
value: privateCredential,
|
|
198717
|
+
scopes: ["containers"],
|
|
198718
|
+
comment: `Created by Wrangler: credentials for image registry ${configureArgs.DOMAIN}`
|
|
198719
|
+
})
|
|
198720
|
+
);
|
|
198721
|
+
log(
|
|
198722
|
+
`Container-scoped secret "${secretName}" created in Secrets Store.
|
|
198723
|
+
`
|
|
198724
|
+
);
|
|
198725
|
+
} else if (registryType.type === "GAR" /* GAR */) {
|
|
198726
|
+
log(
|
|
198727
|
+
`Reusing existing secret "${secretName}". Wrangler cannot verify it matches --gar-email "${publicCredential}"; the email is validated against the key when images are pulled.
|
|
198728
|
+
`
|
|
198729
|
+
);
|
|
198730
|
+
}
|
|
198551
198731
|
private_credential = {
|
|
198552
198732
|
store_id: secretStoreId,
|
|
198553
198733
|
secret_name: secretName
|
|
198554
198734
|
};
|
|
198555
198735
|
} else {
|
|
198556
|
-
|
|
198736
|
+
log(`Getting ${registryType.secretType}...
|
|
198737
|
+
`);
|
|
198738
|
+
private_credential = await resolvePrivateCredential(
|
|
198739
|
+
registryType.type,
|
|
198740
|
+
registryType.secretType,
|
|
198741
|
+
publicCredential
|
|
198742
|
+
);
|
|
198557
198743
|
}
|
|
198558
198744
|
try {
|
|
198559
198745
|
await promiseSpinner(
|
|
@@ -198602,7 +198788,7 @@ async function promptForSecretName(secretType) {
|
|
|
198602
198788
|
}
|
|
198603
198789
|
}
|
|
198604
198790
|
}
|
|
198605
|
-
async function
|
|
198791
|
+
async function resolveSecretSelection(options) {
|
|
198606
198792
|
let secretName = options.configureArgs.secretName ?? await promptForSecretName(options.secretType);
|
|
198607
198793
|
while (true) {
|
|
198608
198794
|
const existingSecretId = await getSecretByName(
|
|
@@ -198612,26 +198798,14 @@ async function getOrCreateSecret(options) {
|
|
|
198612
198798
|
secretName
|
|
198613
198799
|
);
|
|
198614
198800
|
if (!existingSecretId) {
|
|
198615
|
-
|
|
198616
|
-
createSecret(options.config, options.accountId, options.storeId, {
|
|
198617
|
-
name: secretName,
|
|
198618
|
-
value: options.privateCredential,
|
|
198619
|
-
scopes: ["containers"],
|
|
198620
|
-
comment: `Created by Wrangler: credentials for image registry ${options.configureArgs.DOMAIN}`
|
|
198621
|
-
})
|
|
198622
|
-
);
|
|
198623
|
-
log(
|
|
198624
|
-
`Container-scoped secret "${secretName}" created in Secrets Store.
|
|
198625
|
-
`
|
|
198626
|
-
);
|
|
198627
|
-
return secretName;
|
|
198801
|
+
return { secretName, secretExists: false };
|
|
198628
198802
|
}
|
|
198629
198803
|
if (options.configureArgs.skipConfirmation) {
|
|
198630
198804
|
log(
|
|
198631
198805
|
`Using existing secret "${secretName}" from secret store with id: ${options.storeId}.
|
|
198632
198806
|
`
|
|
198633
198807
|
);
|
|
198634
|
-
return secretName;
|
|
198808
|
+
return { secretName, secretExists: true };
|
|
198635
198809
|
}
|
|
198636
198810
|
startSection(
|
|
198637
198811
|
`The provided secret name "${secretName}" is already in-use within the secret store. (Store ID: ${options.storeId})`
|
|
@@ -198644,7 +198818,7 @@ async function getOrCreateSecret(options) {
|
|
|
198644
198818
|
`Using existing secret "${secretName}" from secret store with id: ${options.storeId}.
|
|
198645
198819
|
`
|
|
198646
198820
|
);
|
|
198647
|
-
return secretName;
|
|
198821
|
+
return { secretName, secretExists: true };
|
|
198648
198822
|
}
|
|
198649
198823
|
secretName = await promptForSecretName(options.secretType);
|
|
198650
198824
|
}
|
|
@@ -198672,6 +198846,60 @@ async function promptForRegistryPrivateCredential(secretType) {
|
|
|
198672
198846
|
}
|
|
198673
198847
|
return secret;
|
|
198674
198848
|
}
|
|
198849
|
+
function validateProviderSpecificCredentialFlags(configureArgs, registryType) {
|
|
198850
|
+
for (const flag of providerSpecificCredentialFlags) {
|
|
198851
|
+
if (configureArgs[flag.argName] !== void 0 && registryType !== flag.registryType) {
|
|
198852
|
+
throw new UserError(
|
|
198853
|
+
`--${flag.flagName} can only be used with ${flag.registryName}.`,
|
|
198854
|
+
{ telemetryMessage: flag.telemetryMessage }
|
|
198855
|
+
);
|
|
198856
|
+
}
|
|
198857
|
+
}
|
|
198858
|
+
}
|
|
198859
|
+
async function resolvePrivateCredential(registryType, secretType, publicCredential) {
|
|
198860
|
+
if (registryType === "GAR" /* GAR */) {
|
|
198861
|
+
const rawKey = await getGarServiceAccountKey(secretType);
|
|
198862
|
+
return validateAndEncodeGarKey(rawKey, publicCredential);
|
|
198863
|
+
}
|
|
198864
|
+
return promptForRegistryPrivateCredential(secretType);
|
|
198865
|
+
}
|
|
198866
|
+
async function getGarServiceAccountKey(secretType) {
|
|
198867
|
+
if (isNonInteractiveOrCI2()) {
|
|
198868
|
+
const stdinInput = trimTrailingWhitespace(await readFromStdin());
|
|
198869
|
+
if (!stdinInput) {
|
|
198870
|
+
throw new UserError(
|
|
198871
|
+
"No input provided. In non-interactive mode, pipe the Google service account key (a file path, raw JSON, or base64) via stdin.",
|
|
198872
|
+
{
|
|
198873
|
+
telemetryMessage: "containers registries configure missing gar key input"
|
|
198874
|
+
}
|
|
198875
|
+
);
|
|
198876
|
+
}
|
|
198877
|
+
return fs11.existsSync(stdinInput) ? readGarServiceAccountKeyFile(stdinInput) : stdinInput;
|
|
198878
|
+
}
|
|
198879
|
+
const input = await prompt2(
|
|
198880
|
+
`Enter ${secretType ?? "secret"} (file path or base64):`,
|
|
198881
|
+
{ isSecret: true }
|
|
198882
|
+
);
|
|
198883
|
+
if (!input) {
|
|
198884
|
+
throw new UserError("Secret cannot be empty.", {
|
|
198885
|
+
telemetryMessage: "containers registries configure empty secret"
|
|
198886
|
+
});
|
|
198887
|
+
}
|
|
198888
|
+
const trimmed = input.trim();
|
|
198889
|
+
return fs11.existsSync(trimmed) ? readGarServiceAccountKeyFile(trimmed) : input;
|
|
198890
|
+
}
|
|
198891
|
+
function readGarServiceAccountKeyFile(path84) {
|
|
198892
|
+
try {
|
|
198893
|
+
return readFileSync(path84);
|
|
198894
|
+
} catch {
|
|
198895
|
+
throw new UserError(
|
|
198896
|
+
`Could not read the Google service account key file at "${path84}".`,
|
|
198897
|
+
{
|
|
198898
|
+
telemetryMessage: "containers registries configure gar key file unreadable"
|
|
198899
|
+
}
|
|
198900
|
+
);
|
|
198901
|
+
}
|
|
198902
|
+
}
|
|
198675
198903
|
async function registryListCommand(listArgs2) {
|
|
198676
198904
|
if (!listArgs2.json && !isNonInteractiveOrCI2()) {
|
|
198677
198905
|
startSection("List configured container registries");
|
|
@@ -198812,7 +199040,7 @@ async function registryCredentialsCommand(credentialsArgs) {
|
|
|
198812
199040
|
logger2.log(credentials.password);
|
|
198813
199041
|
}
|
|
198814
199042
|
}
|
|
198815
|
-
var registryConfigureArgs, registryListArgs, registryDeleteArgs, containersRegistriesNamespace, containersRegistriesConfigureCommand, containersRegistriesListCommand, containersRegistriesDeleteCommand, containersRegistriesCredentialsCommand;
|
|
199043
|
+
var providerSpecificCredentialFlags, providerSpecificCredentialFlagNames, registryConfigureArgs, registryListArgs, registryDeleteArgs, containersRegistriesNamespace, containersRegistriesConfigureCommand, containersRegistriesListCommand, containersRegistriesDeleteCommand, containersRegistriesCredentialsCommand;
|
|
198816
199044
|
var init_registries2 = __esm({
|
|
198817
199045
|
"src/containers/registries.ts"() {
|
|
198818
199046
|
init_import_meta_url();
|
|
@@ -198830,6 +199058,33 @@ var init_registries2 = __esm({
|
|
|
198830
199058
|
init_std();
|
|
198831
199059
|
init_deploy();
|
|
198832
199060
|
init_containers2();
|
|
199061
|
+
providerSpecificCredentialFlags = [
|
|
199062
|
+
{
|
|
199063
|
+
argName: "awsAccessKeyId",
|
|
199064
|
+
flagName: "aws-access-key-id",
|
|
199065
|
+
registryType: "ECR" /* ECR */,
|
|
199066
|
+
registryName: "AWS ECR",
|
|
199067
|
+
telemetryMessage: "containers registries configure aws access key id unsupported registry"
|
|
199068
|
+
},
|
|
199069
|
+
{
|
|
199070
|
+
argName: "dockerhubUsername",
|
|
199071
|
+
flagName: "dockerhub-username",
|
|
199072
|
+
registryType: "DockerHub" /* DOCKER_HUB */,
|
|
199073
|
+
registryName: "DockerHub",
|
|
199074
|
+
telemetryMessage: "containers registries configure dockerhub username unsupported registry"
|
|
199075
|
+
},
|
|
199076
|
+
{
|
|
199077
|
+
argName: "garEmail",
|
|
199078
|
+
flagName: "gar-email",
|
|
199079
|
+
registryType: "GAR" /* GAR */,
|
|
199080
|
+
registryName: "Google Artifact Registry",
|
|
199081
|
+
telemetryMessage: "containers registries configure gar email unsupported registry"
|
|
199082
|
+
}
|
|
199083
|
+
];
|
|
199084
|
+
providerSpecificCredentialFlagNames = providerSpecificCredentialFlags.map(
|
|
199085
|
+
(flag) => flag.flagName
|
|
199086
|
+
);
|
|
199087
|
+
__name(providerSpecificCredentialFlagConflicts, "providerSpecificCredentialFlagConflicts");
|
|
198833
199088
|
registryConfigureArgs = {
|
|
198834
199089
|
DOMAIN: {
|
|
198835
199090
|
describe: "Domain to configure for the registry",
|
|
@@ -198841,19 +199096,26 @@ var init_registries2 = __esm({
|
|
|
198841
199096
|
demandOption: false,
|
|
198842
199097
|
hidden: true,
|
|
198843
199098
|
deprecated: true,
|
|
198844
|
-
conflicts:
|
|
199099
|
+
conflicts: providerSpecificCredentialFlagNames
|
|
198845
199100
|
},
|
|
198846
199101
|
"aws-access-key-id": {
|
|
198847
199102
|
type: "string",
|
|
198848
199103
|
description: "When configuring Amazon ECR, `AWS_ACCESS_KEY_ID`",
|
|
198849
199104
|
demandOption: false,
|
|
198850
|
-
conflicts:
|
|
199105
|
+
conflicts: providerSpecificCredentialFlagConflicts("aws-access-key-id")
|
|
198851
199106
|
},
|
|
198852
199107
|
"dockerhub-username": {
|
|
198853
199108
|
type: "string",
|
|
198854
199109
|
description: "When configuring DockerHub, the DockerHub username",
|
|
198855
199110
|
demandOption: false,
|
|
198856
|
-
conflicts:
|
|
199111
|
+
conflicts: providerSpecificCredentialFlagConflicts("dockerhub-username")
|
|
199112
|
+
},
|
|
199113
|
+
"gar-email": {
|
|
199114
|
+
type: "string",
|
|
199115
|
+
description: "When configuring Google Artifact Registry, the Google service account email. Must match the `client_email` in the service account key.",
|
|
199116
|
+
demandOption: false,
|
|
199117
|
+
requiresArg: true,
|
|
199118
|
+
conflicts: providerSpecificCredentialFlagConflicts("gar-email")
|
|
198857
199119
|
},
|
|
198858
199120
|
"secret-store-id": {
|
|
198859
199121
|
type: "string",
|
|
@@ -198882,8 +199144,12 @@ var init_registries2 = __esm({
|
|
|
198882
199144
|
};
|
|
198883
199145
|
__name(registryConfigureCommand, "registryConfigureCommand");
|
|
198884
199146
|
__name(promptForSecretName, "promptForSecretName");
|
|
198885
|
-
__name(
|
|
199147
|
+
__name(resolveSecretSelection, "resolveSecretSelection");
|
|
198886
199148
|
__name(promptForRegistryPrivateCredential, "promptForRegistryPrivateCredential");
|
|
199149
|
+
__name(validateProviderSpecificCredentialFlags, "validateProviderSpecificCredentialFlags");
|
|
199150
|
+
__name(resolvePrivateCredential, "resolvePrivateCredential");
|
|
199151
|
+
__name(getGarServiceAccountKey, "getGarServiceAccountKey");
|
|
199152
|
+
__name(readGarServiceAccountKeyFile, "readGarServiceAccountKeyFile");
|
|
198887
199153
|
registryListArgs = {
|
|
198888
199154
|
json: {
|
|
198889
199155
|
type: "boolean",
|
|
@@ -232484,6 +232750,9 @@ function normalizeRelativePath(p7) {
|
|
|
232484
232750
|
}
|
|
232485
232751
|
return normalized;
|
|
232486
232752
|
}
|
|
232753
|
+
function escapeIdentifier(id) {
|
|
232754
|
+
return `"${id.replace(/"/g, '""')}"`;
|
|
232755
|
+
}
|
|
232487
232756
|
async function getMigrationsPath({
|
|
232488
232757
|
projectPath,
|
|
232489
232758
|
migrationsDir,
|
|
@@ -232659,6 +232928,7 @@ var init_helpers6 = __esm({
|
|
|
232659
232928
|
__name(resolveMigrationsConfig, "resolveMigrationsConfig");
|
|
232660
232929
|
__name(stripDirPrefix, "stripDirPrefix");
|
|
232661
232930
|
__name(normalizeRelativePath, "normalizeRelativePath");
|
|
232931
|
+
__name(escapeIdentifier, "escapeIdentifier");
|
|
232662
232932
|
__name(getMigrationsPath, "getMigrationsPath");
|
|
232663
232933
|
__name(getUnappliedMigrations, "getUnappliedMigrations");
|
|
232664
232934
|
listAppliedMigrations = /* @__PURE__ */ __name(async ({
|
|
@@ -232670,6 +232940,7 @@ var init_helpers6 = __esm({
|
|
|
232670
232940
|
persistTo,
|
|
232671
232941
|
preview
|
|
232672
232942
|
}) => {
|
|
232943
|
+
const escapedTableName = escapeIdentifier(migrationsTableName);
|
|
232673
232944
|
const response = await executeSql({
|
|
232674
232945
|
local,
|
|
232675
232946
|
remote,
|
|
@@ -232678,7 +232949,7 @@ var init_helpers6 = __esm({
|
|
|
232678
232949
|
shouldPrompt: !isNonInteractiveOrCI2(),
|
|
232679
232950
|
persistTo,
|
|
232680
232951
|
command: `SELECT *
|
|
232681
|
-
FROM ${
|
|
232952
|
+
FROM ${escapedTableName}
|
|
232682
232953
|
ORDER BY id`,
|
|
232683
232954
|
file: void 0,
|
|
232684
232955
|
json: true,
|
|
@@ -232705,6 +232976,7 @@ var init_helpers6 = __esm({
|
|
|
232705
232976
|
persistTo,
|
|
232706
232977
|
preview
|
|
232707
232978
|
}) => {
|
|
232979
|
+
const escapedTableName = escapeIdentifier(migrationsTableName);
|
|
232708
232980
|
return executeSql({
|
|
232709
232981
|
local,
|
|
232710
232982
|
remote,
|
|
@@ -232712,7 +232984,7 @@ var init_helpers6 = __esm({
|
|
|
232712
232984
|
name: name2,
|
|
232713
232985
|
shouldPrompt: !isNonInteractiveOrCI2(),
|
|
232714
232986
|
persistTo,
|
|
232715
|
-
command: `CREATE TABLE IF NOT EXISTS ${
|
|
232987
|
+
command: `CREATE TABLE IF NOT EXISTS ${escapedTableName}(
|
|
232716
232988
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
232717
232989
|
name TEXT UNIQUE,
|
|
232718
232990
|
applied_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
|
|
@@ -232854,9 +233126,12 @@ Your database may not be available to serve requests during the migration, conti
|
|
|
232854
233126
|
`${migrationsPath}/${migration.name}`,
|
|
232855
233127
|
"utf8"
|
|
232856
233128
|
);
|
|
233129
|
+
const escapedTableName = escapeIdentifier(
|
|
233130
|
+
migrationsConfig.migrationsTableName
|
|
233131
|
+
);
|
|
232857
233132
|
query += `
|
|
232858
|
-
INSERT INTO ${
|
|
232859
|
-
values ('${migration.name}');
|
|
233133
|
+
INSERT INTO ${escapedTableName} (name)
|
|
233134
|
+
values ('${migration.name.replace(/'/g, "''")}');
|
|
232860
233135
|
`;
|
|
232861
233136
|
let success3 = true;
|
|
232862
233137
|
let errorNotes = [];
|
|
@@ -360786,6 +361061,7 @@ function createTestHarness(options) {
|
|
|
360786
361061
|
);
|
|
360787
361062
|
return dispatchFetch(miniflare, input, init4);
|
|
360788
361063
|
},
|
|
361064
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any -- Untyped test code should be able to use env bindings without casting every property
|
|
360789
361065
|
getWorker(name2) {
|
|
360790
361066
|
return {
|
|
360791
361067
|
async fetch(input, init4) {
|
|
@@ -360820,29 +361096,11 @@ function createTestHarness(options) {
|
|
|
360820
361096
|
const result = await response.json();
|
|
360821
361097
|
return result;
|
|
360822
361098
|
},
|
|
360823
|
-
async
|
|
360824
|
-
const session = await resolveSession();
|
|
360825
|
-
const miniflare = await getRuntimeMiniflare(session);
|
|
360826
|
-
const workerName = resolveWorkerName2(session, name2);
|
|
360827
|
-
return miniflare.getKVNamespace(bindingName, workerName);
|
|
360828
|
-
},
|
|
360829
|
-
async getR2Bucket(bindingName) {
|
|
360830
|
-
const session = await resolveSession();
|
|
360831
|
-
const miniflare = await getRuntimeMiniflare(session);
|
|
360832
|
-
const workerName = resolveWorkerName2(session, name2);
|
|
360833
|
-
return miniflare.getR2Bucket(bindingName, workerName);
|
|
360834
|
-
},
|
|
360835
|
-
async getD1Database(bindingName) {
|
|
360836
|
-
const session = await resolveSession();
|
|
360837
|
-
const miniflare = await getRuntimeMiniflare(session);
|
|
360838
|
-
const workerName = resolveWorkerName2(session, name2);
|
|
360839
|
-
return miniflare.getD1Database(bindingName, workerName);
|
|
360840
|
-
},
|
|
360841
|
-
async getDurableObjectNamespace(bindingName) {
|
|
361099
|
+
async getEnv() {
|
|
360842
361100
|
const session = await resolveSession();
|
|
360843
361101
|
const miniflare = await getRuntimeMiniflare(session);
|
|
360844
361102
|
const workerName = resolveWorkerName2(session, name2);
|
|
360845
|
-
return miniflare.
|
|
361103
|
+
return miniflare.getBindings(workerName);
|
|
360846
361104
|
}
|
|
360847
361105
|
};
|
|
360848
361106
|
},
|