wrangler 4.103.0 → 4.105.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -17921,7 +17921,7 @@ var require_snapshot_recorder = __commonJS({
17921
17921
  init_import_meta_url();
17922
17922
  var { writeFile: writeFile14, readFile: readFile19, mkdir: mkdir8 } = __require("fs/promises");
17923
17923
  var { dirname: dirname29, resolve: resolve32 } = __require("path");
17924
- var { setTimeout: setTimeout9, clearTimeout: clearTimeout2 } = __require("timers");
17924
+ var { setTimeout: setTimeout10, clearTimeout: clearTimeout2 } = __require("timers");
17925
17925
  var { InvalidArgumentError, UndiciError } = require_errors();
17926
17926
  var { hashId, isUrlExcludedFactory, normalizeHeaders, createHeaderFilters } = require_snapshot_utils();
17927
17927
  function formatRequestKey(opts, headerFilters, matchOptions = {}) {
@@ -18262,7 +18262,7 @@ var require_snapshot_recorder = __commonJS({
18262
18262
  * Schedules a flush (debounced to avoid excessive writes)
18263
18263
  */
18264
18264
  #scheduleFlush() {
18265
- this.#flushTimeout = setTimeout9(() => {
18265
+ this.#flushTimeout = setTimeout10(() => {
18266
18266
  this.saveSnapshots().catch(() => {
18267
18267
  });
18268
18268
  if (this.#autoFlush) {
@@ -44488,7 +44488,7 @@ var name, version;
44488
44488
  var init_package = __esm({
44489
44489
  "package.json"() {
44490
44490
  name = "wrangler";
44491
- version = "4.103.0";
44491
+ version = "4.105.0";
44492
44492
  }
44493
44493
  });
44494
44494
 
@@ -124740,12 +124740,20 @@ var init_types = __esm({
124740
124740
  });
124741
124741
 
124742
124742
  // ../containers-shared/src/images.ts
124743
+ function getEgressInterceptorPlatform() {
124744
+ return process.env.MINIFLARE_CONTAINER_EGRESS_IMAGE_PLATFORM;
124745
+ }
124743
124746
  function getEgressInterceptorImage() {
124744
124747
  return process.env.MINIFLARE_CONTAINER_EGRESS_IMAGE ?? DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE;
124745
124748
  }
124746
124749
  async function pullEgressInterceptorImage(dockerPath) {
124747
124750
  const image = getEgressInterceptorImage();
124748
- await runDockerCmd(dockerPath, ["pull", image, "--platform", "linux/amd64"]);
124751
+ const platform4 = getEgressInterceptorPlatform();
124752
+ const args = ["pull", image];
124753
+ if (platform4 !== void 0) {
124754
+ args.push("--platform", platform4);
124755
+ }
124756
+ await runDockerCmd(dockerPath, args);
124749
124757
  }
124750
124758
  async function pullImage(dockerPath, options, logger5) {
124751
124759
  const domain3 = new URL(`http://${options.image_uri}`).hostname;
@@ -124868,6 +124876,103 @@ Current account: "${accountId}"`
124868
124876
  }
124869
124877
  return `${url5.hostname}/${accountId}${url5.pathname}`;
124870
124878
  }
124879
+ function invalidGarCredentialError() {
124880
+ return new UserError(
124881
+ "The Google service account key must be a JSON key file or its base64-encoded form.",
124882
+ {
124883
+ telemetryMessage: "containers registries configure invalid gar credential"
124884
+ }
124885
+ );
124886
+ }
124887
+ function tryParseJson(value) {
124888
+ try {
124889
+ return JSON.parse(value);
124890
+ } catch {
124891
+ return void 0;
124892
+ }
124893
+ }
124894
+ function assertJsonObject(parsed) {
124895
+ if (typeof parsed !== "object" || parsed === null) {
124896
+ throw invalidGarCredentialError();
124897
+ }
124898
+ return parsed;
124899
+ }
124900
+ function validateServiceAccountKey(accountKey) {
124901
+ const privateKey = accountKey.private_key;
124902
+ const clientEmail = accountKey.client_email;
124903
+ const rawPrivateKeyId = accountKey.private_key_id;
124904
+ if (typeof privateKey !== "string" || typeof clientEmail !== "string") {
124905
+ throw new UserError(
124906
+ "The Google service account key is missing required fields (private_key, client_email).",
124907
+ {
124908
+ telemetryMessage: "containers registries configure gar credential missing fields"
124909
+ }
124910
+ );
124911
+ }
124912
+ if (privateKey.length === 0 || clientEmail.length === 0) {
124913
+ throw new UserError(
124914
+ "The Google service account key has an empty private_key or client_email.",
124915
+ {
124916
+ telemetryMessage: "containers registries configure gar credential empty fields"
124917
+ }
124918
+ );
124919
+ }
124920
+ let privateKeyId;
124921
+ if (rawPrivateKeyId === void 0) {
124922
+ privateKeyId = void 0;
124923
+ } else if (typeof rawPrivateKeyId === "string" && rawPrivateKeyId.length > 0) {
124924
+ privateKeyId = rawPrivateKeyId;
124925
+ } else {
124926
+ throw new UserError(
124927
+ "The Google service account key has an empty or invalid private_key_id.",
124928
+ {
124929
+ telemetryMessage: "containers registries configure gar credential invalid private key id"
124930
+ }
124931
+ );
124932
+ }
124933
+ return {
124934
+ private_key: privateKey,
124935
+ client_email: clientEmail,
124936
+ private_key_id: privateKeyId
124937
+ };
124938
+ }
124939
+ function validateAndEncodeGarKey(rawKey, expectedEmail) {
124940
+ const trimmed = rawKey.trim();
124941
+ let base64Key;
124942
+ let json2;
124943
+ const rawJson = tryParseJson(trimmed);
124944
+ if (rawJson !== void 0) {
124945
+ json2 = assertJsonObject(rawJson);
124946
+ base64Key = Buffer.from(trimmed, "utf8").toString("base64");
124947
+ } else {
124948
+ if (trimmed.startsWith("-----BEGIN")) {
124949
+ throw new UserError(
124950
+ "The provided key appears to be a PEM private key. Provide the full Google service-account JSON key file, not just the private key.",
124951
+ {
124952
+ telemetryMessage: "containers registries configure gar credential pem key"
124953
+ }
124954
+ );
124955
+ }
124956
+ base64Key = trimmed.replace(/\s+/g, "");
124957
+ const decodedJson = tryParseJson(
124958
+ Buffer.from(base64Key, "base64").toString("utf8")
124959
+ );
124960
+ if (decodedJson === void 0) {
124961
+ throw invalidGarCredentialError();
124962
+ }
124963
+ json2 = assertJsonObject(decodedJson);
124964
+ }
124965
+ const key = validateServiceAccountKey(json2);
124966
+ if (key.client_email !== expectedEmail) {
124967
+ throw new UserError(
124968
+ `The provided --gar-email "${expectedEmail}" does not match the service account email "${key.client_email}" in the key.`,
124969
+ {
124970
+ telemetryMessage: "containers registries configure gar email mismatch"
124971
+ }
124972
+ );
124973
+ }
124974
+ return base64Key;
124975
+ }
124871
124976
  var DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE, getAndValidateRegistryType;
124872
124977
  var init_images2 = __esm({
124873
124978
  "../containers-shared/src/images.ts"() {
@@ -124880,6 +124985,7 @@ var init_images2 = __esm({
124880
124985
  init_registry2();
124881
124986
  init_utils3();
124882
124987
  DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE = "cloudflare/proxy-everything:3cb1195@sha256:0ef6716c52430096900b150d84a3302057d6cd2319dae7987128c85d0733e3c8";
124988
+ __name(getEgressInterceptorPlatform, "getEgressInterceptorPlatform");
124883
124989
  __name(getEgressInterceptorImage, "getEgressInterceptorImage");
124884
124990
  __name(pullEgressInterceptorImage, "pullEgressInterceptorImage");
124885
124991
  __name(pullImage, "pullImage");
@@ -124915,6 +125021,12 @@ ${e9.message}`);
124915
125021
  name: "DockerHub",
124916
125022
  secretType: "DockerHub PAT Token"
124917
125023
  },
125024
+ {
125025
+ type: "GAR" /* GAR */,
125026
+ pattern: /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?-docker\.pkg\.dev$/,
125027
+ name: "Google Artifact Registry",
125028
+ secretType: "Google Service Account JSON Key"
125029
+ },
124918
125030
  {
124919
125031
  type: "cloudflare",
124920
125032
  // Make a regex based on the env var CLOUDFLARE_CONTAINER_REGISTRY
@@ -124938,6 +125050,11 @@ To use an existing image from another repository, see https://developers.cloudfl
124938
125050
  }
124939
125051
  return match3;
124940
125052
  }, "getAndValidateRegistryType");
125053
+ __name(invalidGarCredentialError, "invalidGarCredentialError");
125054
+ __name(tryParseJson, "tryParseJson");
125055
+ __name(assertJsonObject, "assertJsonObject");
125056
+ __name(validateServiceAccountKey, "validateServiceAccountKey");
125057
+ __name(validateAndEncodeGarKey, "validateAndEncodeGarKey");
124941
125058
  }
124942
125059
  });
124943
125060
 
@@ -148004,61 +148121,6 @@ function errIsStartupErr(err) {
148004
148121
  }
148005
148122
  return false;
148006
148123
  }
148007
- async function verifyWorkerMatchesCITag(complianceConfig, accountId, workerName, configPath) {
148008
- const matchTag = getCIMatchTag();
148009
- logger.debug(
148010
- `Starting verifyWorkerMatchesCITag() with tag: ${matchTag}, name: ${workerName}`
148011
- );
148012
- if (!matchTag) {
148013
- logger.debug(
148014
- "No WRANGLER_CI_MATCH_TAG variable provided, aborting verifyWorkerMatchesCITag()"
148015
- );
148016
- return;
148017
- }
148018
- const envAccountID = getCloudflareAccountIdFromEnv2();
148019
- if (accountId !== envAccountID) {
148020
- throw new FatalError(
148021
- `The \`account_id\` in your ${configFileName(configPath)} file must match the \`account_id\` for this account. Please update your ${configFileName(configPath)} file with \`${formatConfigSnippet({ account_id: envAccountID }, configPath, false)}\``,
148022
- { telemetryMessage: "ci match tag account mismatch" }
148023
- );
148024
- }
148025
- let tag;
148026
- try {
148027
- const worker = await fetchResult(
148028
- complianceConfig,
148029
- `/accounts/${accountId}/workers/services/${workerName}`
148030
- );
148031
- tag = worker.default_environment.script.tag;
148032
- logger.debug(`API returned with tag: ${tag} for worker: ${workerName}`);
148033
- } catch (e9) {
148034
- logger.debug(e9);
148035
- if (isWorkerNotFoundError(e9)) {
148036
- throw new FatalError(
148037
- `The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
148038
- { telemetryMessage: "ci match tag worker not found" }
148039
- );
148040
- } else if (e9 instanceof APIError) {
148041
- throw new FatalError(
148042
- "An error occurred while trying to validate that the Worker name matches what is expected by the build system.\n" + e9.message + "\n" + e9.notes.map((note) => note.text).join("\n"),
148043
- { telemetryMessage: "ci match tag validation api error" }
148044
- );
148045
- } else {
148046
- throw new FatalError(
148047
- "Wrangler cannot validate that your Worker name matches what is expected by the build system. Please retry the build. If the problem persists, please contact support.",
148048
- { telemetryMessage: "ci match tag validation failed" }
148049
- );
148050
- }
148051
- }
148052
- if (tag !== matchTag) {
148053
- logger.debug(
148054
- `Failed to match Worker tag. The API returned "${tag}", but the CI system expected "${matchTag}"`
148055
- );
148056
- throw new FatalError(
148057
- `The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
148058
- { telemetryMessage: "ci match tag tag mismatch" }
148059
- );
148060
- }
148061
- }
148062
148124
  function validateFileSecrets(content, jsonFilePath) {
148063
148125
  if (content === null || typeof content !== "object") {
148064
148126
  throw new FatalError(
@@ -149623,6 +149685,128 @@ function lineMatchToCallSite(lineMatch) {
149623
149685
  native: isNative
149624
149686
  });
149625
149687
  }
149688
+ async function verifyWorkerMatchesCITag(complianceConfig, accountId, workerName, configPath) {
149689
+ const matchTag = getCIMatchTag();
149690
+ logger.debug(
149691
+ `Starting verifyWorkerMatchesCITag() with tag: ${matchTag}, name: ${workerName}`
149692
+ );
149693
+ if (!matchTag) {
149694
+ logger.debug(
149695
+ "No WRANGLER_CI_MATCH_TAG variable provided, aborting verifyWorkerMatchesCITag()"
149696
+ );
149697
+ return;
149698
+ }
149699
+ const envAccountID = getCloudflareAccountIdFromEnv2();
149700
+ if (accountId !== envAccountID) {
149701
+ throw new FatalError(
149702
+ `The \`account_id\` in your ${configFileName(configPath)} file must match the \`account_id\` for this account. Please update your ${configFileName(configPath)} file with \`${formatConfigSnippet({ account_id: envAccountID }, configPath, false)}\``,
149703
+ { telemetryMessage: "ci match tag account mismatch" }
149704
+ );
149705
+ }
149706
+ let tag;
149707
+ try {
149708
+ const worker = await fetchResult(
149709
+ complianceConfig,
149710
+ `/accounts/${accountId}/workers/services/${workerName}`
149711
+ );
149712
+ tag = worker.default_environment.script.tag;
149713
+ logger.debug(`API returned with tag: ${tag} for worker: ${workerName}`);
149714
+ } catch (e9) {
149715
+ logger.debug(e9);
149716
+ if (isWorkerNotFoundError(e9)) {
149717
+ throw new FatalError(
149718
+ `The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
149719
+ { telemetryMessage: "ci match tag worker not found" }
149720
+ );
149721
+ } else if (e9 instanceof APIError) {
149722
+ throw new FatalError(
149723
+ "An error occurred while trying to validate that the Worker name matches what is expected by the build system.\n" + e9.message + "\n" + e9.notes.map((note) => note.text).join("\n"),
149724
+ { telemetryMessage: "ci match tag validation api error" }
149725
+ );
149726
+ } else {
149727
+ throw new FatalError(
149728
+ "Wrangler cannot validate that your Worker name matches what is expected by the build system. Please retry the build. If the problem persists, please contact support.",
149729
+ { telemetryMessage: "ci match tag validation failed" }
149730
+ );
149731
+ }
149732
+ }
149733
+ if (tag !== matchTag) {
149734
+ logger.debug(
149735
+ `Failed to match Worker tag. The API returned "${tag}", but the CI system expected "${matchTag}"`
149736
+ );
149737
+ throw new FatalError(
149738
+ `The name in your ${configFileName(configPath)} file (${workerName}) must match the name of your Worker. Please update the name field in your ${configFileName(configPath)} file.`,
149739
+ { telemetryMessage: "ci match tag tag mismatch" }
149740
+ );
149741
+ }
149742
+ }
149743
+ async function validateWorkerProps(props, config2) {
149744
+ const { name: name2, dryRun, accountId, compatibilityDate } = props;
149745
+ const { format: format32 } = props.entry;
149746
+ if (!name2) {
149747
+ throw new UserError(
149748
+ `You need to provide the name of your worker. Either pass it as a cli arg with --name <name> or in your config file as ${formatConfigSnippet({ name: "<name>" }, config2.userConfigPath)}`,
149749
+ {
149750
+ telemetryMessage: props.command === "deploy" ? "deploy command missing worker name" : "versions upload missing worker name"
149751
+ }
149752
+ );
149753
+ }
149754
+ if (!compatibilityDate) {
149755
+ const compatibilityDateStr = getTodaysCompatDate();
149756
+ throw new UserError(
149757
+ `A compatibility_date is required when uploading a Worker. Add the following to your ${configFileName(config2.configPath)} file:
149758
+ \`\`\`
149759
+ ${formatConfigSnippet({ compatibility_date: compatibilityDateStr }, config2.configPath, false)}
149760
+ \`\`\`
149761
+ Or you could pass it in your terminal as \`--compatibility-date ${compatibilityDateStr}\`
149762
+ See https://developers.cloudflare.com/workers/platform/compatibility-dates for more information.`,
149763
+ {
149764
+ telemetryMessage: props.command === "deploy" ? "missing compatibility date when deploying" : "versions upload missing compatibility date"
149765
+ }
149766
+ );
149767
+ }
149768
+ if (config2.wasm_modules && format32 === "modules") {
149769
+ throw new UserError(
149770
+ "You cannot configure [wasm_modules] with an ES module worker. Instead, import the .wasm module directly in your code",
149771
+ { telemetryMessage: "wasm_modules with es module worker" }
149772
+ );
149773
+ }
149774
+ if (config2.text_blobs && format32 === "modules") {
149775
+ throw new UserError(
149776
+ `You cannot configure [text_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
149777
+ { telemetryMessage: "text_blobs with es module worker" }
149778
+ );
149779
+ }
149780
+ if (config2.data_blobs && format32 === "modules") {
149781
+ throw new UserError(
149782
+ `You cannot configure [data_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
149783
+ { telemetryMessage: "data_blobs with es module worker" }
149784
+ );
149785
+ }
149786
+ if (props.command === "deploy") {
149787
+ validateRoutes2(props.routes, props.assetsOptions);
149788
+ assert5__default.default(
149789
+ !config2.site || config2.site.bucket,
149790
+ "A [site] definition requires a `bucket` field with a path to the site's assets directory."
149791
+ );
149792
+ if (!props.isWorkersSite && Boolean(props.legacyAssetPaths) && format32 === "service-worker") {
149793
+ throw new UserError(
149794
+ "You cannot use the service-worker format with an `assets` directory yet. For information on how to migrate to the module-worker format, see: https://developers.cloudflare.com/workers/learning/migrating-to-module-workers/",
149795
+ { telemetryMessage: "deploy service worker assets unsupported" }
149796
+ );
149797
+ }
149798
+ } else {
149799
+ if (config2.containers && config2.containers.length > 0) {
149800
+ logger.warn(
149801
+ `Your Worker has Containers configured. Container configuration changes (such as image, max_instances, etc.) will not be gradually rolled out with versions. These changes will only take effect after running \`wrangler deploy\`.`
149802
+ );
149803
+ }
149804
+ }
149805
+ if (!dryRun) {
149806
+ assert5__default.default(accountId, "Missing account ID");
149807
+ await verifyWorkerMatchesCITag(config2, accountId, name2, config2.configPath);
149808
+ }
149809
+ }
149626
149810
  function addWorkersSitesBindings(bindings2, namespace, manifest, format32) {
149627
149811
  const withSites = { ...bindings2 };
149628
149812
  if (namespace) {
@@ -149640,12 +149824,6 @@ function addWorkersSitesBindings(bindings2, namespace, manifest, format32) {
149640
149824
  return withSites;
149641
149825
  }
149642
149826
  async function deploy(props, config2, buildResult, callbacks) {
149643
- if (!props.name) {
149644
- throw new UserError(
149645
- 'You need to provide a name when publishing a worker. Either pass it as a cli arg with `--name <name>` or in your config file as `name = "<name>"`',
149646
- { telemetryMessage: "deploy command missing worker name" }
149647
- );
149648
- }
149649
149827
  const {
149650
149828
  entry,
149651
149829
  name: name2,
@@ -149655,10 +149833,8 @@ async function deploy(props, config2, buildResult, callbacks) {
149655
149833
  accountId
149656
149834
  } = props;
149657
149835
  const assetsOptions = resolveAssetOptions(props, config2);
149658
- if (!props.dryRun) {
149659
- assert5__default.default(accountId, "Missing account ID");
149660
- await verifyWorkerMatchesCITag(config2, accountId, name2, config2.configPath);
149661
- }
149836
+ await validateWorkerProps({ ...props, assetsOptions }, config2);
149837
+ assert5__default.default(name2);
149662
149838
  const deployConfirm = getDeployConfirmFunction({
149663
149839
  strictMode: props.strict
149664
149840
  });
@@ -149666,7 +149842,6 @@ async function deploy(props, config2, buildResult, callbacks) {
149666
149842
  let versionId = null;
149667
149843
  let tags = [];
149668
149844
  let workerExists = true;
149669
- const allDeploymentRoutes = props.routes;
149670
149845
  if (!props.dispatchNamespace && accountId) {
149671
149846
  try {
149672
149847
  const serviceMetaData = await fetchResult(config2, `/accounts/${accountId}/workers/services/${name2}`);
@@ -149685,7 +149860,7 @@ async function deploy(props, config2, buildResult, callbacks) {
149685
149860
  const configDiff = getRemoteConfigDiff(remoteWorkerConfig, {
149686
149861
  ...config2,
149687
149862
  // We also want to include all the routes used for deployment
149688
- routes: allDeploymentRoutes
149863
+ routes: props.routes
149689
149864
  });
149690
149865
  if (!configDiff.nonDestructive) {
149691
149866
  logger.warn(
@@ -149756,24 +149931,7 @@ Edits that have been made via the script API will be overridden by your local co
149756
149931
  }
149757
149932
  }
149758
149933
  }
149759
- if (!compatibilityDate) {
149760
- const compatibilityDateStr = getTodaysCompatDate();
149761
- throw new UserError(
149762
- `A compatibility_date is required when publishing. Add the following to your ${configFileName(config2.configPath)} file:
149763
- \`\`\`
149764
- ${formatConfigSnippet({ compatibility_date: compatibilityDateStr }, config2.configPath, false)}
149765
- \`\`\`
149766
- Or you could pass it in your terminal as \`--compatibility-date ${compatibilityDateStr}\`
149767
- See https://developers.cloudflare.com/workers/platform/compatibility-dates for more information.`,
149768
- { telemetryMessage: "missing compatibility date when deploying" }
149769
- );
149770
- }
149771
- validateRoutes2(allDeploymentRoutes, assetsOptions);
149772
149934
  const scriptName = name2;
149773
- assert5__default.default(
149774
- !config2.site || config2.site.bucket,
149775
- "A [site] definition requires a `bucket` field with a path to the site's assets directory."
149776
- );
149777
149935
  const envName = props.env ?? "production";
149778
149936
  const start = Date.now();
149779
149937
  const useServiceEnvironments2 = props.useServiceEnvApiPath;
@@ -149792,30 +149950,6 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
149792
149950
  return { versionId, workerTag };
149793
149951
  }
149794
149952
  }
149795
- if (!props.isWorkersSite && Boolean(props.legacyAssetPaths) && format32 === "service-worker") {
149796
- throw new UserError(
149797
- "You cannot use the service-worker format with an `assets` directory yet. For information on how to migrate to the module-worker format, see: https://developers.cloudflare.com/workers/learning/migrating-to-module-workers/",
149798
- { telemetryMessage: "deploy service worker assets unsupported" }
149799
- );
149800
- }
149801
- if (config2.wasm_modules && format32 === "modules") {
149802
- throw new UserError(
149803
- "You cannot configure [wasm_modules] with an ES module worker. Instead, import the .wasm module directly in your code",
149804
- { telemetryMessage: "deploy wasm modules with es module worker" }
149805
- );
149806
- }
149807
- if (config2.text_blobs && format32 === "modules") {
149808
- throw new UserError(
149809
- `You cannot configure [text_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
149810
- { telemetryMessage: "[text_blobs] with an ES module worker" }
149811
- );
149812
- }
149813
- if (config2.data_blobs && format32 === "modules") {
149814
- throw new UserError(
149815
- `You cannot configure [data_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
149816
- { telemetryMessage: "[data_blobs] with an ES module worker" }
149817
- );
149818
- }
149819
149953
  const isDryRun = props.dryRun;
149820
149954
  const normalisedContainerConfig = callbacks.getNormalizedContainerOptions ? await callbacks.getNormalizedContainerOptions(config2, props) : [];
149821
149955
  const {
@@ -150216,7 +150350,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
150216
150350
  crons: props.triggers,
150217
150351
  useServiceEnvironments: useServiceEnvironments2,
150218
150352
  firstDeploy: !workerExists,
150219
- routes: allDeploymentRoutes
150353
+ routes: props.routes
150220
150354
  });
150221
150355
  logger.log("Current Version ID:", versionId);
150222
150356
  return {
@@ -150227,12 +150361,6 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
150227
150361
  };
150228
150362
  }
150229
150363
  async function versionsUpload(props, config2, buildResult, callbacks) {
150230
- if (!props.name) {
150231
- throw new UserError(
150232
- 'You need to provide a name of your worker. Either pass it as a cli arg with `--name <name>` or in your config file as `name = "<name>"`',
150233
- { telemetryMessage: "versions upload missing worker name" }
150234
- );
150235
- }
150236
150364
  const {
150237
150365
  entry,
150238
150366
  name: name2,
@@ -150242,14 +150370,12 @@ async function versionsUpload(props, config2, buildResult, callbacks) {
150242
150370
  accountId
150243
150371
  } = props;
150244
150372
  const assetsOptions = resolveAssetOptions(props, config2);
150245
- if (!props.dryRun) {
150246
- assert5__default.default(accountId, "Missing account ID");
150247
- await verifyWorkerMatchesCITag(config2, accountId, name2, config2.configPath);
150248
- }
150373
+ await validateWorkerProps(props, config2);
150374
+ assert5__default.default(name2);
150249
150375
  let versionId = null;
150250
150376
  let workerTag = null;
150251
150377
  let tags = [];
150252
- if (accountId && name2) {
150378
+ if (accountId) {
150253
150379
  try {
150254
150380
  const {
150255
150381
  default_environment: { script }
@@ -150289,56 +150415,11 @@ Edits that have been made via the API will be overridden by your local code and
150289
150415
  }
150290
150416
  }
150291
150417
  }
150292
- if (!compatibilityDate) {
150293
- const compatibilityDateStr = getTodaysCompatDate();
150294
- throw new UserError(
150295
- `A compatibility_date is required when uploading a Worker Version. Add the following to your ${configFileName(config2.configPath)} file:
150296
- \`\`\`
150297
- ${formatConfigSnippet({ compatibility_date: compatibilityDateStr }, config2.configPath, false)}
150298
- \`\`\`
150299
- Or you could pass it in your terminal as \`--compatibility-date ${compatibilityDateStr}\`
150300
- See https://developers.cloudflare.com/workers/platform/compatibility-dates for more information.`,
150301
- {
150302
- telemetryMessage: "versions upload missing compatibility date"
150303
- }
150304
- );
150305
- }
150306
150418
  const scriptName = name2;
150307
- if (config2.site && !config2.site.bucket) {
150308
- throw new UserError(
150309
- "A [site] definition requires a `bucket` field with a path to the site's assets directory.",
150310
- { telemetryMessage: "versions upload sites missing bucket" }
150311
- );
150312
- }
150313
150419
  const start = Date.now();
150314
150420
  const workerName = scriptName;
150315
150421
  const workerUrl = `/accounts/${accountId}/workers/scripts/${scriptName}`;
150316
- const { format: format32 } = entry;
150317
150422
  const projectRoot = entry.projectRoot;
150318
- if (config2.wasm_modules && format32 === "modules") {
150319
- throw new UserError(
150320
- "You cannot configure [wasm_modules] with an ES module worker. Instead, import the .wasm module directly in your code",
150321
- {
150322
- telemetryMessage: "versions upload wasm modules unsupported module worker"
150323
- }
150324
- );
150325
- }
150326
- if (config2.text_blobs && format32 === "modules") {
150327
- throw new UserError(
150328
- `You cannot configure [text_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
150329
- {
150330
- telemetryMessage: "versions upload text blobs unsupported module worker"
150331
- }
150332
- );
150333
- }
150334
- if (config2.data_blobs && format32 === "modules") {
150335
- throw new UserError(
150336
- `You cannot configure [data_blobs] with an ES module worker. Instead, import the file directly in your code, and optionally configure \`[rules]\` in your ${configFileName(config2.configPath)} file`,
150337
- {
150338
- telemetryMessage: "versions upload data blobs unsupported module worker"
150339
- }
150340
- );
150341
- }
150342
150423
  let hasPreview = false;
150343
150424
  const {
150344
150425
  modules,
@@ -150420,11 +150501,6 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
150420
150501
  cache: config2.cache
150421
150502
  // cache is a versioned setting
150422
150503
  };
150423
- if (config2.containers && config2.containers.length > 0) {
150424
- logger.warn(
150425
- `Your Worker has Containers configured. Container configuration changes (such as image, max_instances, etc.) will not be gradually rolled out with versions. These changes will only take effect after running \`wrangler deploy\`.`
150426
- );
150427
- }
150428
150504
  await printBundleSize(
150429
150505
  { name: path3__namespace.default.basename(resolvedEntryPointPath), content },
150430
150506
  modules
@@ -150551,11 +150627,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
150551
150627
  logger.log(`--dry-run: exiting now.`);
150552
150628
  return { versionId, workerTag };
150553
150629
  }
150554
- if (!accountId) {
150555
- throw new UserError("Missing accountId", {
150556
- telemetryMessage: "versions upload missing account id"
150557
- });
150558
- }
150630
+ assert5__default.default(accountId);
150559
150631
  const uploadMs = Date.now() - start;
150560
150632
  logger.log("Uploaded", workerName, formatTime(uploadMs));
150561
150633
  logger.log("Worker Version ID:", versionId);
@@ -150668,7 +150740,7 @@ function validateNodeCompatMode(compatibilityDateStr = "2000-01-01", compatibili
150668
150740
  }
150669
150741
  return mode;
150670
150742
  }
150671
- var import_undici4, import_command_exists2, import_dotenv, require_ignore, require_heap, require_heap2, require_difflib, require_difflib2, require_util9, require_styles2, require_has_flag2, require_supports_colors2, require_trap2, require_zalgo2, require_america2, require_zebra2, require_rainbow2, require_random2, require_colors2, require_safe2, require_colorize, require_lib4, __getOwnPropNames4, __commonJS22, __defProp5, __name22, UserError2, FatalError2, JsonFriendlyFatalError2, CharacterCodes2, ParseOptions2, ScanError2, SyntaxKind2, parse22, ParseErrorCode2, TomlError3, DATE_TIME_RE3, TomlDate3, INT_REGEX3, FLOAT_REGEX3, LEADING_ZERO3, ESCAPE_REGEX3, ESC_MAP3, KEY_PART_RE3, BARE_KEY3, dist_default5, ParseError2, units2, UNSUPPORTED_BOMS2, PATH_TO_DEPLOY_CONFIG2, esm_default5, AssetsSchema, KnownBindingSchema, UnsafeBindingSchema, BindingSchema, CacheSchema, SINGLETON_BINDING_TYPES, listFormatter, EnvSchema, ExportSchema, LimitsSchema, ObservabilitySchema, PlacementSchema, TailConsumerSchema, TriggerSchema, UnsafeSchema, BaseWorkerSchema, InputWorkerSchema, ModuleTypeSchema, ManifestSchema, require_dist2, ApplicationRollout2, BadRequestWithCodeError2, CreateApplicationRolloutRequest2, DeploymentNotFoundError2, ImageRegistryAlreadyExistsError2, ImageRegistryIsPublic2, ImageRegistryNotAllowedError2, ImageRegistryNotFoundError2, ImageRegistryProtocolAlreadyExists2, ImageRegistryProtocolIsReferencedError2, ImageRegistryProtocolNotFound2, ProvisionerConfiguration2, RolloutStep2, SecretNameAlreadyExists2, SecretNotFound2, SSHPublicKeyNotFoundError2, UpdateApplicationRolloutRequest2, runDockerCmd2, isDockerRunning2, verifyDockerInstalled2, queuesUrl, MAX_ROUTES_RULES, MAX_ROUTES_RULE_LENGTH, formatInvalidRoutes, MAX_ASSET_SIZE, CF_ASSETS_IGNORE_FILENAME, REDIRECTS_FILENAME, HEADERS_FILENAME, import_ignore, types, other_default, types2, standard_default, __classPrivateFieldGet7, _Mime_extensionToType, _Mime_typeToExtension, _Mime_typeToExtensions, Mime, Mime_default, src_default, normalizeFilePath, getContentType, hashFile, isJwtExpired, BULK_UPLOAD_CONCURRENCY, MAX_UPLOAD_ATTEMPTS, MAX_UPLOAD_GATEWAY_ERRORS, MAX_DIFF_LINES, syncAssets, buildAssetManifest, WORKER_JS_FILENAME, nameBindings, ONE_KIB_BYTES, MAX_GZIP_SIZE_BYTES, WORKER_NOT_FOUND_ERR_CODE, WORKER_LEGACY_ENVIRONMENT_NOT_FOUND_ERR_CODE, WORKFLOW_NOT_FOUND_CODE, import_json_diff, reorderableBindings, BLANK_INPUT, moduleTypeMimeType, suppressNotFoundError, esm_default22, getCloudflareAccountIdFromEnv2, isConnectedStatusExplained, ProvisionResourceHandler, R2Handler, AISearchNamespaceHandler, AgentMemoryNamespaceHandler, KVHandler, D1Handler, HANDLERS, INVALID_INHERIT_BINDING_CODE, InternalConfigSchema, StaticRoutingSchema, MetadataStaticRedirectEntry, MetadataRedirectEntry, MetadataStaticRedirects, MetadataRedirects, MetadataHeaderEntry, MetadataHeaders, RedirectsSchema, HeadersSchema, sourceMappingPrepareStackTrace, retrieveSourceMapOverride, placeholderError, CALL_SITE_REGEXP, CallSite, validateRoutes2, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
150743
+ var import_undici4, import_command_exists2, import_dotenv, require_ignore, require_heap, require_heap2, require_difflib, require_difflib2, require_util9, require_styles2, require_has_flag2, require_supports_colors2, require_trap2, require_zalgo2, require_america2, require_zebra2, require_rainbow2, require_random2, require_colors2, require_safe2, require_colorize, require_lib4, __getOwnPropNames4, __commonJS22, __defProp5, __name22, UserError2, FatalError2, JsonFriendlyFatalError2, CharacterCodes2, ParseOptions2, ScanError2, SyntaxKind2, parse22, ParseErrorCode2, TomlError3, DATE_TIME_RE3, TomlDate3, INT_REGEX3, FLOAT_REGEX3, LEADING_ZERO3, ESCAPE_REGEX3, ESC_MAP3, KEY_PART_RE3, BARE_KEY3, dist_default5, ParseError2, units2, UNSUPPORTED_BOMS2, PATH_TO_DEPLOY_CONFIG2, esm_default5, AssetsSchema, KnownBindingSchema, UnsafeBindingSchema, BindingSchema, CacheSchema, SINGLETON_BINDING_TYPES, listFormatter, EnvSchema, ExportSchema, LimitsSchema, ObservabilitySchema, PlacementSchema, TailConsumerSchema, TriggerSchema, UnsafeSchema, BaseWorkerSchema, InputWorkerSchema, ModuleTypeSchema, ManifestSchema, require_dist2, ApplicationRollout2, BadRequestWithCodeError2, CreateApplicationRolloutRequest2, DeploymentNotFoundError2, ImageRegistryAlreadyExistsError2, ImageRegistryIsPublic2, ImageRegistryNotAllowedError2, ImageRegistryNotFoundError2, ImageRegistryProtocolAlreadyExists2, ImageRegistryProtocolIsReferencedError2, ImageRegistryProtocolNotFound2, ProvisionerConfiguration2, RolloutStep2, SecretNameAlreadyExists2, SecretNotFound2, SSHPublicKeyNotFoundError2, UpdateApplicationRolloutRequest2, runDockerCmd2, isDockerRunning2, verifyDockerInstalled2, queuesUrl, MAX_ROUTES_RULES, MAX_ROUTES_RULE_LENGTH, formatInvalidRoutes, MAX_ASSET_SIZE, CF_ASSETS_IGNORE_FILENAME, REDIRECTS_FILENAME, HEADERS_FILENAME, import_ignore, types, other_default, types2, standard_default, __classPrivateFieldGet7, _Mime_extensionToType, _Mime_typeToExtension, _Mime_typeToExtensions, Mime, Mime_default, src_default, normalizeFilePath, getContentType, hashFile, isJwtExpired, BULK_UPLOAD_CONCURRENCY, MAX_UPLOAD_ATTEMPTS, MAX_UPLOAD_GATEWAY_ERRORS, MAX_DIFF_LINES, syncAssets, buildAssetManifest, WORKER_JS_FILENAME, nameBindings, ONE_KIB_BYTES, MAX_GZIP_SIZE_BYTES, WORKER_NOT_FOUND_ERR_CODE, WORKER_LEGACY_ENVIRONMENT_NOT_FOUND_ERR_CODE, WORKFLOW_NOT_FOUND_CODE, import_json_diff, reorderableBindings, BLANK_INPUT, moduleTypeMimeType, suppressNotFoundError, esm_default22, isConnectedStatusExplained, ProvisionResourceHandler, R2Handler, AISearchNamespaceHandler, AgentMemoryNamespaceHandler, KVHandler, D1Handler, HANDLERS, INVALID_INHERIT_BINDING_CODE, InternalConfigSchema, StaticRoutingSchema, MetadataStaticRedirectEntry, MetadataRedirectEntry, MetadataStaticRedirects, MetadataRedirects, MetadataHeaderEntry, MetadataHeaders, RedirectsSchema, HeadersSchema, sourceMappingPrepareStackTrace, retrieveSourceMapOverride, placeholderError, CALL_SITE_REGEXP, CallSite, getCloudflareAccountIdFromEnv2, validateRoutes2, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
150672
150744
  var init_dist9 = __esm({
150673
150745
  "../deploy-helpers/dist/index.mjs"() {
150674
150746
  init_import_meta_url();
@@ -151362,10 +151434,10 @@ var init_dist9 = __esm({
151362
151434
  require_difflib = __commonJS3({
151363
151435
  "../../node_modules/.pnpm/@ewoudenberg+difflib@0.1.0/node_modules/@ewoudenberg/difflib/lib/difflib.js"(exports2) {
151364
151436
  (function() {
151365
- var Differ, Heap, IS_CHARACTER_JUNK, IS_LINE_JUNK, SequenceMatcher, _any2, _arrayCmp, _calculateRatio, _countLeading, _formatRangeContext, _formatRangeUnified, _has, assert92, contextDiff, floor, getCloseMatches, max, min, ndiff, restore, unifiedDiff2, indexOf = [].indexOf;
151437
+ var Differ, Heap, IS_CHARACTER_JUNK, IS_LINE_JUNK, SequenceMatcher, _any2, _arrayCmp, _calculateRatio, _countLeading, _formatRangeContext, _formatRangeUnified, _has, assert102, contextDiff, floor, getCloseMatches, max, min, ndiff, restore, unifiedDiff2, indexOf = [].indexOf;
151366
151438
  ({ floor, max, min } = Math);
151367
151439
  Heap = require_heap2();
151368
- assert92 = __require3("assert");
151440
+ assert102 = __require3("assert");
151369
151441
  _calculateRatio = /* @__PURE__ */ __name3(function(matches, length) {
151370
151442
  if (length) {
151371
151443
  return 2 * matches / length;
@@ -151942,7 +152014,7 @@ var init_dist9 = __esm({
151942
152014
  }
151943
152015
  _plainReplace(a7, alo, ahi, b9, blo, bhi) {
151944
152016
  var first, g6, l7, len, len1, line, lines, m6, ref, second;
151945
- assert92(alo < ahi && blo < bhi);
152017
+ assert102(alo < ahi && blo < bhi);
151946
152018
  if (bhi - blo < ahi - alo) {
151947
152019
  first = this._dump("+", b9, blo, bhi);
151948
152020
  second = this._dump("-", a7, alo, ahi);
@@ -156455,12 +156527,6 @@ Ensure all assets in your assets directory "${dir2}" conform with the Workers ma
156455
156527
  __name3(errIsScriptSize, "errIsScriptSize");
156456
156528
  __name(errIsStartupErr, "errIsStartupErr");
156457
156529
  __name3(errIsStartupErr, "errIsStartupErr");
156458
- getCloudflareAccountIdFromEnv2 = getEnvironmentVariableFactory({
156459
- variableName: "CLOUDFLARE_ACCOUNT_ID",
156460
- deprecatedName: "CF_ACCOUNT_ID"
156461
- });
156462
- __name(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
156463
- __name3(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
156464
156530
  __name(validateFileSecrets, "validateFileSecrets");
156465
156531
  __name3(validateFileSecrets, "validateFileSecrets");
156466
156532
  (class extends Error {
@@ -157109,6 +157175,12 @@ Ensure all assets in your assets directory "${dir2}" conform with the Workers ma
157109
157175
  return null;
157110
157176
  }
157111
157177
  };
157178
+ getCloudflareAccountIdFromEnv2 = getEnvironmentVariableFactory({
157179
+ variableName: "CLOUDFLARE_ACCOUNT_ID",
157180
+ deprecatedName: "CF_ACCOUNT_ID"
157181
+ });
157182
+ __name(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
157183
+ __name3(verifyWorkerMatchesCITag, "verifyWorkerMatchesCITag");
157112
157184
  validateRoutes2 = /* @__PURE__ */ __name3((routes, assets) => {
157113
157185
  const invalidRoutes = {};
157114
157186
  const mountedAssetRoutes = [];
@@ -157163,6 +157235,8 @@ ${mountedAssetRoutes.map((route) => {
157163
157235
  );
157164
157236
  }
157165
157237
  }, "validateRoutes");
157238
+ __name(validateWorkerProps, "validateWorkerProps");
157239
+ __name3(validateWorkerProps, "validateWorkerProps");
157166
157240
  __name(addWorkersSitesBindings, "addWorkersSitesBindings");
157167
157241
  __name3(addWorkersSitesBindings, "addWorkersSitesBindings");
157168
157242
  __name(deploy, "deploy");
@@ -158887,16 +158961,19 @@ async function matchFiles(files, relativeTo, { rules, removedRules }) {
158887
158961
  }
158888
158962
  }
158889
158963
  }
158890
- for (const rule of removedRules) {
158891
- for (const glob of rule.globs) {
158892
- const regexp = (0, import_glob_to_regexp.default)(glob);
158893
- if (regexp.test(filePath)) {
158894
- throw new UserError(
158895
- `The file ${filePath} matched a module rule in your configuration (${JSON.stringify(
158896
- rule
158897
- )}), but was ignored because a previous rule with the same type was not marked as \`fallthrough = true\`.`,
158898
- { telemetryMessage: "module rule ignored without fallthrough" }
158899
- );
158964
+ if (!moduleNames.has(filePath)) {
158965
+ for (const rule of removedRules) {
158966
+ for (const glob of rule.globs) {
158967
+ const regexp = (0, import_glob_to_regexp.default)(glob, {
158968
+ globstar: true
158969
+ });
158970
+ if (regexp.test(filePath)) {
158971
+ logger2.debug(
158972
+ `Skipping discovered file ${filePath} \u2014 it only matches a shadowed module rule (${JSON.stringify(
158973
+ rule
158974
+ )}). To include this file, add \`fallthrough = true\` to the earlier rule of the same type, or broaden your rule's globs.`
158975
+ );
158976
+ }
158900
158977
  }
158901
158978
  }
158902
158979
  }
@@ -159369,7 +159446,7 @@ var init_dist10 = __esm({
159369
159446
  }
159370
159447
  });
159371
159448
 
159372
- // ../../node_modules/.pnpm/am-i-vibing@0.4.0/node_modules/am-i-vibing/dist/detector-Boc_-HQ9.mjs
159449
+ // ../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/detector-1yx2Hoe0.mjs
159373
159450
  function checkEnvVar(envVarDef, env7 = process.env) {
159374
159451
  const [envVar, expectedValue] = typeof envVarDef === "string" ? [envVarDef, void 0] : envVarDef;
159375
159452
  const actualValue = env7[envVar];
@@ -159443,8 +159520,8 @@ function detectAgenticEnvironment(envOrOptions, legacyAncestry) {
159443
159520
  };
159444
159521
  }
159445
159522
  var providers;
159446
- var init_detector_Boc_HQ9 = __esm({
159447
- "../../node_modules/.pnpm/am-i-vibing@0.4.0/node_modules/am-i-vibing/dist/detector-Boc_-HQ9.mjs"() {
159523
+ var init_detector_1yx2Hoe0 = __esm({
159524
+ "../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/detector-1yx2Hoe0.mjs"() {
159448
159525
  init_import_meta_url();
159449
159526
  init_dist10();
159450
159527
  providers = [
@@ -159626,6 +159703,12 @@ var init_detector_Boc_HQ9 = __esm({
159626
159703
  name: "Factory Droid",
159627
159704
  type: "agent",
159628
159705
  processChecks: ["droid"]
159706
+ },
159707
+ {
159708
+ id: "pi",
159709
+ name: "Pi",
159710
+ type: "agent",
159711
+ envVars: [["PI_CODING_AGENT", "true"]]
159629
159712
  }
159630
159713
  ];
159631
159714
  __name(checkEnvVar, "checkEnvVar");
@@ -159638,11 +159721,11 @@ var init_detector_Boc_HQ9 = __esm({
159638
159721
  }
159639
159722
  });
159640
159723
 
159641
- // ../../node_modules/.pnpm/am-i-vibing@0.4.0/node_modules/am-i-vibing/dist/index.mjs
159724
+ // ../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/index.mjs
159642
159725
  var init_dist11 = __esm({
159643
- "../../node_modules/.pnpm/am-i-vibing@0.4.0/node_modules/am-i-vibing/dist/index.mjs"() {
159726
+ "../../node_modules/.pnpm/am-i-vibing@0.5.0/node_modules/am-i-vibing/dist/index.mjs"() {
159644
159727
  init_import_meta_url();
159645
- init_detector_Boc_HQ9();
159728
+ init_detector_1yx2Hoe0();
159646
159729
  }
159647
159730
  });
159648
159731
  function write(p7, bytes) {
@@ -197149,6 +197232,52 @@ var init_limits2 = __esm({
197149
197232
  __name(ensureImageFitsLimits, "ensureImageFitsLimits");
197150
197233
  }
197151
197234
  });
197235
+ function getRepositoryOnly(externalAccountId, imageTag) {
197236
+ return resolveImageName(externalAccountId, imageTag).replace(DIGEST_SUFFIX_REGEXP, "").replace(TAG_SUFFIX_REGEXP, "");
197237
+ }
197238
+ function imageRefWithDigest(externalAccountId, imageTag, digest) {
197239
+ if (!DIGEST_VALUE_REGEXP.test(digest)) {
197240
+ throw new Error(
197241
+ `Expected image digest to match algorithm:hex format, got ${digest}`
197242
+ );
197243
+ }
197244
+ return `${getRepositoryOnly(externalAccountId, imageTag)}@${digest}`;
197245
+ }
197246
+ function findManifestDigest(manifestOutput) {
197247
+ const parsedManifest = JSON.parse(manifestOutput);
197248
+ const digest = parsedManifest?.Descriptor?.digest;
197249
+ if (typeof digest !== "string" || digest.length === 0) {
197250
+ throw new Error(
197251
+ `Expected docker manifest inspect output to include Descriptor.digest, got ${manifestOutput}`
197252
+ );
197253
+ }
197254
+ return digest;
197255
+ }
197256
+ function findRemoteDigest(repoDigestsJson, externalAccountId, imageTag) {
197257
+ const parsedDigests = JSON.parse(repoDigestsJson);
197258
+ if (!Array.isArray(parsedDigests)) {
197259
+ throw new Error(
197260
+ `Expected RepoDigests from docker inspect to be an array but got ${JSON.stringify(parsedDigests)}`
197261
+ );
197262
+ }
197263
+ const repositoryOnly = getRepositoryOnly(externalAccountId, imageTag);
197264
+ logger2.debug("respositoryOnly:", repositoryOnly);
197265
+ const digest = parsedDigests.find((d8) => {
197266
+ if (typeof d8 !== "string" || !d8.includes("@")) {
197267
+ return false;
197268
+ }
197269
+ const resolved = resolveImageName(externalAccountId, d8);
197270
+ logger2.debug(`Comparing ${resolved.split("@")[0]} to ${repositoryOnly}`);
197271
+ return typeof d8 === "string" && resolved.split("@")[0] === repositoryOnly;
197272
+ });
197273
+ if (!digest) {
197274
+ throw new Error(
197275
+ `Could not find a digest for the image ${repositoryOnly}. Found digests: ${parsedDigests.join(", ")}`
197276
+ );
197277
+ }
197278
+ const [, hash3] = digest.split("@");
197279
+ return imageRefWithDigest(externalAccountId, imageTag, hash3);
197280
+ }
197152
197281
  async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
197153
197282
  try {
197154
197283
  const imageTag = args.tag;
@@ -197187,44 +197316,20 @@ async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
197187
197316
  getCloudflareContainerRegistry()
197188
197317
  );
197189
197318
  try {
197190
- const [digests] = imageInfo.split(" ");
197191
- const parsedDigests = JSON.parse(digests);
197192
- if (!Array.isArray(parsedDigests)) {
197193
- throw new Error(
197194
- `Expected RepoDigests from docker inspect to be an array but got ${JSON.stringify(parsedDigests)}`
197195
- );
197196
- }
197197
- const imageUrl = new URL(
197198
- `http://${resolveImageName(account.external_account_id, imageTag)}`
197199
- );
197200
- const repositoryOnly = `${imageUrl.host}${imageUrl.pathname.split(":")[0]}`;
197201
- logger2.debug("respositoryOnly:", repositoryOnly);
197202
- const digest = parsedDigests.find((d8) => {
197203
- const resolved = resolveImageName(account.external_account_id, d8);
197204
- logger2.debug(
197205
- `Comparing ${resolved.split("@")[0]} to ${repositoryOnly}`
197206
- );
197207
- return typeof d8 === "string" && resolved.split("@")[0] === repositoryOnly;
197208
- });
197209
- if (!digest) {
197210
- throw new Error(
197211
- `Could not find a digest for the image ${repositoryOnly}. Found digests: ${parsedDigests.join(", ")}`
197212
- );
197213
- }
197214
- const [image, hash3] = digest.split("@");
197215
- const resolvedImage = resolveImageName(
197319
+ const remoteDigest2 = findRemoteDigest(
197320
+ imageInfo,
197216
197321
  account.external_account_id,
197217
- image
197322
+ imageTag
197218
197323
  );
197219
- const remoteDigest = `${resolvedImage}@${hash3}`;
197324
+ const [, hash3] = remoteDigest2.split("@");
197220
197325
  logger2.debug(
197221
- `'docker manifest inspect -v ${resolveImageName(account.external_account_id, remoteDigest)}:`
197326
+ `'docker manifest inspect -v ${resolveImageName(account.external_account_id, remoteDigest2)}:`
197222
197327
  );
197223
197328
  const remoteManifest = runDockerCmdWithOutput(pathToDocker, [
197224
197329
  "manifest",
197225
197330
  "inspect",
197226
197331
  "-v",
197227
- resolveImageName(account.external_account_id, remoteDigest)
197332
+ resolveImageName(account.external_account_id, remoteDigest2)
197228
197333
  ]);
197229
197334
  const parsedRemoteManifest = JSON.parse(remoteManifest);
197230
197335
  if (parsedRemoteManifest.Descriptor.digest === hash3) {
@@ -197233,7 +197338,7 @@ async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
197233
197338
  `Untagging built image: ${args.tag} since there was no change.`
197234
197339
  );
197235
197340
  await runDockerCmd(pathToDocker, ["image", "rm", imageTag]);
197236
- return { remoteDigest };
197341
+ return { remoteDigest: remoteDigest2 };
197237
197342
  }
197238
197343
  } catch (error53) {
197239
197344
  if (error53 instanceof Error) {
@@ -197251,6 +197356,36 @@ async function buildAndMaybePush(args, pathToDocker, push3, containerConfig) {
197251
197356
  );
197252
197357
  await runDockerCmd(pathToDocker, ["tag", imageTag, namespacedImageTag]);
197253
197358
  await runDockerCmd(pathToDocker, ["push", namespacedImageTag]);
197359
+ let remoteDigest;
197360
+ try {
197361
+ const pushedImageInfo = await dockerImageInspect(pathToDocker, {
197362
+ imageTag: namespacedImageTag,
197363
+ formatString: "{{ json .RepoDigests }}"
197364
+ });
197365
+ remoteDigest = findRemoteDigest(
197366
+ pushedImageInfo,
197367
+ account.external_account_id,
197368
+ namespacedImageTag
197369
+ );
197370
+ } catch (error53) {
197371
+ if (error53 instanceof Error) {
197372
+ logger2.debug(
197373
+ `Inspecting pushed image ${namespacedImageTag} failed with error: ${error53.message}`
197374
+ );
197375
+ }
197376
+ const remoteManifest = runDockerCmdWithOutput(pathToDocker, [
197377
+ "manifest",
197378
+ "inspect",
197379
+ "-v",
197380
+ namespacedImageTag
197381
+ ]);
197382
+ remoteDigest = imageRefWithDigest(
197383
+ account.external_account_id,
197384
+ namespacedImageTag,
197385
+ findManifestDigest(remoteManifest)
197386
+ );
197387
+ }
197388
+ return { remoteDigest };
197254
197389
  }
197255
197390
  return { newTag: imageTag };
197256
197391
  } catch (error53) {
@@ -197329,7 +197464,7 @@ async function checkImagePlatform(pathToDocker, imageTag, expectedPlatform = "li
197329
197464
  );
197330
197465
  }
197331
197466
  }
197332
- var cloudchamberBuildCommand, cloudchamberPushCommand;
197467
+ var DIGEST_SUFFIX_REGEXP, DIGEST_VALUE_REGEXP, TAG_SUFFIX_REGEXP, cloudchamberBuildCommand, cloudchamberPushCommand;
197333
197468
  var init_build2 = __esm({
197334
197469
  "src/cloudchamber/build.ts"() {
197335
197470
  init_import_meta_url();
@@ -197341,6 +197476,13 @@ var init_build2 = __esm({
197341
197476
  init_common();
197342
197477
  init_limits2();
197343
197478
  init_locations7();
197479
+ DIGEST_SUFFIX_REGEXP = /@[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*:[a-fA-F0-9]{32,}$/;
197480
+ DIGEST_VALUE_REGEXP = /^[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*:[a-fA-F0-9]{32,}$/;
197481
+ TAG_SUFFIX_REGEXP = /:[\w][\w.-]{0,127}$/;
197482
+ __name(getRepositoryOnly, "getRepositoryOnly");
197483
+ __name(imageRefWithDigest, "imageRefWithDigest");
197484
+ __name(findManifestDigest, "findManifestDigest");
197485
+ __name(findRemoteDigest, "findRemoteDigest");
197344
197486
  __name(buildAndMaybePush, "buildAndMaybePush");
197345
197487
  __name(buildCommand, "buildCommand");
197346
197488
  __name(pushCommand, "pushCommand");
@@ -197982,7 +198124,7 @@ async function deployContainers(config2, normalisedContainerConfig, { versionId,
197982
198124
  imageRef = { newTag: container.image_uri };
197983
198125
  }
197984
198126
  if (boundDOs.has(container.class_name)) {
197985
- maybeVersionInfo ??= await fetchVersion2(
198127
+ maybeVersionInfo ??= await fetchUploadedVersion(
197986
198128
  config2,
197987
198129
  accountId,
197988
198130
  scriptName,
@@ -198028,6 +198170,19 @@ async function deployContainers(config2, normalisedContainerConfig, { versionId,
198028
198170
  }
198029
198171
  }
198030
198172
  }
198173
+ async function fetchUploadedVersion(config2, accountId, scriptName, versionId) {
198174
+ for (let attempt = 0; attempt < 5; attempt++) {
198175
+ try {
198176
+ return await fetchVersion2(config2, accountId, scriptName, versionId);
198177
+ } catch (error53) {
198178
+ if (!(error53 instanceof APIError) || error53.code !== 100146 || attempt === 4) {
198179
+ throw error53;
198180
+ }
198181
+ await timersPromises.setTimeout(500);
198182
+ }
198183
+ }
198184
+ throw new Error("Unable to fetch uploaded Worker version");
198185
+ }
198031
198186
  async function listDurableObjects(complianceConfig, accountId) {
198032
198187
  return await fetchResult2(
198033
198188
  complianceConfig,
@@ -198144,7 +198299,7 @@ async function apply(args, containerConfig, config2) {
198144
198299
  const prevApp = existingApplications.find(
198145
198300
  (app) => app.name === containerConfig.name
198146
198301
  );
198147
- const imageRef = "remoteDigest" in args.imageRef ? prevApp?.configuration.image ?? args.imageRef.remoteDigest : args.imageRef.newTag;
198302
+ const imageRef = "remoteDigest" in args.imageRef ? args.imageRef.remoteDigest : args.imageRef.newTag;
198148
198303
  log(dim("Container application changes\n"));
198149
198304
  const accountId = await getOrSelectAccountId(config2);
198150
198305
  const appConfig = mergeIfUnsafe(
@@ -198310,6 +198465,7 @@ var init_deploy = __esm({
198310
198465
  init_api2();
198311
198466
  init_containers2();
198312
198467
  __name(deployContainers, "deployContainers");
198468
+ __name(fetchUploadedVersion, "fetchUploadedVersion");
198313
198469
  __name(listDurableObjects, "listDurableObjects");
198314
198470
  __name(mergeDeep2, "mergeDeep");
198315
198471
  __name(isObject2, "isObject");
@@ -198452,8 +198608,12 @@ ${formatError2(err)}`,
198452
198608
  }, "configRolloutStepsToAPI");
198453
198609
  }
198454
198610
  });
198455
-
198456
- // src/containers/registries.ts
198611
+ function providerSpecificCredentialFlagConflicts(flagName) {
198612
+ return [
198613
+ "public-credential",
198614
+ ...providerSpecificCredentialFlagNames.filter((name2) => name2 !== flagName)
198615
+ ];
198616
+ }
198457
198617
  async function registryConfigureCommand(configureArgs, config2) {
198458
198618
  startSection("Configure a container registry");
198459
198619
  const registryType = getAndValidateRegistryType(configureArgs.DOMAIN);
@@ -198464,9 +198624,10 @@ async function registryConfigureCommand(configureArgs, config2) {
198464
198624
  endSection("No configuration required");
198465
198625
  return;
198466
198626
  }
198467
- const publicCredential = configureArgs.awsAccessKeyId ?? configureArgs.dockerhubUsername ?? configureArgs.publicCredential;
198627
+ validateProviderSpecificCredentialFlags(configureArgs, registryType.type);
198628
+ const publicCredential = configureArgs.awsAccessKeyId ?? configureArgs.dockerhubUsername ?? configureArgs.garEmail ?? configureArgs.publicCredential;
198468
198629
  if (!publicCredential) {
198469
- const arg = registryType.type === "DockerHub" /* DOCKER_HUB */ ? "dockerhub-username" : registryType.type === "ECR" /* ECR */ ? "aws-access-key-id" : "public-credential";
198630
+ const arg = registryType.type === "DockerHub" /* DOCKER_HUB */ ? "dockerhub-username" : registryType.type === "ECR" /* ECR */ ? "aws-access-key-id" : registryType.type === "GAR" /* GAR */ ? "gar-email" : "public-credential";
198470
198631
  throw new UserError(`Missing required argument: ${arg}`, {
198471
198632
  telemetryMessage: "containers registries configure missing public credential"
198472
198633
  });
@@ -198494,15 +198655,9 @@ async function registryConfigureCommand(configureArgs, config2) {
198494
198655
  }
198495
198656
  }
198496
198657
  let secretStoreId = configureArgs.secretStoreId;
198497
- let secretName = configureArgs.secretName;
198498
198658
  if (configureArgs.secretName) {
198499
198659
  validateSecretName(configureArgs.secretName);
198500
198660
  }
198501
- log(`Getting ${registryType.secretType}...
198502
- `);
198503
- const privateCredential = await promptForRegistryPrivateCredential(
198504
- registryType.secretType
198505
- );
198506
198661
  let private_credential;
198507
198662
  if (!isFedRAMPHigh) {
198508
198663
  log("\nSetting up integration with Secrets Store...\n");
@@ -198540,20 +198695,51 @@ async function registryConfigureCommand(configureArgs, config2) {
198540
198695
  }
198541
198696
  }
198542
198697
  log("\n");
198543
- secretName = await getOrCreateSecret({
198698
+ const { secretName, secretExists } = await resolveSecretSelection({
198544
198699
  configureArgs,
198545
198700
  config: config2,
198546
198701
  accountId,
198547
198702
  storeId: secretStoreId,
198548
- privateCredential,
198549
198703
  secretType: registryType.secretType
198550
198704
  });
198705
+ if (!secretExists) {
198706
+ log(`Getting ${registryType.secretType}...
198707
+ `);
198708
+ const privateCredential = await resolvePrivateCredential(
198709
+ registryType.type,
198710
+ registryType.secretType,
198711
+ publicCredential
198712
+ );
198713
+ await promiseSpinner(
198714
+ createSecret(config2, accountId, secretStoreId, {
198715
+ name: secretName,
198716
+ value: privateCredential,
198717
+ scopes: ["containers"],
198718
+ comment: `Created by Wrangler: credentials for image registry ${configureArgs.DOMAIN}`
198719
+ })
198720
+ );
198721
+ log(
198722
+ `Container-scoped secret "${secretName}" created in Secrets Store.
198723
+ `
198724
+ );
198725
+ } else if (registryType.type === "GAR" /* GAR */) {
198726
+ log(
198727
+ `Reusing existing secret "${secretName}". Wrangler cannot verify it matches --gar-email "${publicCredential}"; the email is validated against the key when images are pulled.
198728
+ `
198729
+ );
198730
+ }
198551
198731
  private_credential = {
198552
198732
  store_id: secretStoreId,
198553
198733
  secret_name: secretName
198554
198734
  };
198555
198735
  } else {
198556
- private_credential = privateCredential;
198736
+ log(`Getting ${registryType.secretType}...
198737
+ `);
198738
+ private_credential = await resolvePrivateCredential(
198739
+ registryType.type,
198740
+ registryType.secretType,
198741
+ publicCredential
198742
+ );
198557
198743
  }
198558
198744
  try {
198559
198745
  await promiseSpinner(
@@ -198602,7 +198788,7 @@ async function promptForSecretName(secretType) {
198602
198788
  }
198603
198789
  }
198604
198790
  }
198605
- async function getOrCreateSecret(options) {
198791
+ async function resolveSecretSelection(options) {
198606
198792
  let secretName = options.configureArgs.secretName ?? await promptForSecretName(options.secretType);
198607
198793
  while (true) {
198608
198794
  const existingSecretId = await getSecretByName(
@@ -198612,26 +198798,14 @@ async function getOrCreateSecret(options) {
198612
198798
  secretName
198613
198799
  );
198614
198800
  if (!existingSecretId) {
198615
- await promiseSpinner(
198616
- createSecret(options.config, options.accountId, options.storeId, {
198617
- name: secretName,
198618
- value: options.privateCredential,
198619
- scopes: ["containers"],
198620
- comment: `Created by Wrangler: credentials for image registry ${options.configureArgs.DOMAIN}`
198621
- })
198622
- );
198623
- log(
198624
- `Container-scoped secret "${secretName}" created in Secrets Store.
198625
- `
198626
- );
198627
- return secretName;
198801
+ return { secretName, secretExists: false };
198628
198802
  }
198629
198803
  if (options.configureArgs.skipConfirmation) {
198630
198804
  log(
198631
198805
  `Using existing secret "${secretName}" from secret store with id: ${options.storeId}.
198632
198806
  `
198633
198807
  );
198634
- return secretName;
198808
+ return { secretName, secretExists: true };
198635
198809
  }
198636
198810
  startSection(
198637
198811
  `The provided secret name "${secretName}" is already in-use within the secret store. (Store ID: ${options.storeId})`
@@ -198644,7 +198818,7 @@ async function getOrCreateSecret(options) {
198644
198818
  `Using existing secret "${secretName}" from secret store with id: ${options.storeId}.
198645
198819
  `
198646
198820
  );
198647
- return secretName;
198821
+ return { secretName, secretExists: true };
198648
198822
  }
198649
198823
  secretName = await promptForSecretName(options.secretType);
198650
198824
  }
@@ -198672,6 +198846,60 @@ async function promptForRegistryPrivateCredential(secretType) {
198672
198846
  }
198673
198847
  return secret;
198674
198848
  }
198849
+ function validateProviderSpecificCredentialFlags(configureArgs, registryType) {
198850
+ for (const flag of providerSpecificCredentialFlags) {
198851
+ if (configureArgs[flag.argName] !== void 0 && registryType !== flag.registryType) {
198852
+ throw new UserError(
198853
+ `--${flag.flagName} can only be used with ${flag.registryName}.`,
198854
+ { telemetryMessage: flag.telemetryMessage }
198855
+ );
198856
+ }
198857
+ }
198858
+ }
198859
+ async function resolvePrivateCredential(registryType, secretType, publicCredential) {
198860
+ if (registryType === "GAR" /* GAR */) {
198861
+ const rawKey = await getGarServiceAccountKey(secretType);
198862
+ return validateAndEncodeGarKey(rawKey, publicCredential);
198863
+ }
198864
+ return promptForRegistryPrivateCredential(secretType);
198865
+ }
198866
+ async function getGarServiceAccountKey(secretType) {
198867
+ if (isNonInteractiveOrCI2()) {
198868
+ const stdinInput = trimTrailingWhitespace(await readFromStdin());
198869
+ if (!stdinInput) {
198870
+ throw new UserError(
198871
+ "No input provided. In non-interactive mode, pipe the Google service account key (a file path, raw JSON, or base64) via stdin.",
198872
+ {
198873
+ telemetryMessage: "containers registries configure missing gar key input"
198874
+ }
198875
+ );
198876
+ }
198877
+ return fs11.existsSync(stdinInput) ? readGarServiceAccountKeyFile(stdinInput) : stdinInput;
198878
+ }
198879
+ const input = await prompt2(
198880
+ `Enter ${secretType ?? "secret"} (file path or base64):`,
198881
+ { isSecret: true }
198882
+ );
198883
+ if (!input) {
198884
+ throw new UserError("Secret cannot be empty.", {
198885
+ telemetryMessage: "containers registries configure empty secret"
198886
+ });
198887
+ }
198888
+ const trimmed = input.trim();
198889
+ return fs11.existsSync(trimmed) ? readGarServiceAccountKeyFile(trimmed) : input;
198890
+ }
198891
+ function readGarServiceAccountKeyFile(path84) {
198892
+ try {
198893
+ return readFileSync(path84);
198894
+ } catch {
198895
+ throw new UserError(
198896
+ `Could not read the Google service account key file at "${path84}".`,
198897
+ {
198898
+ telemetryMessage: "containers registries configure gar key file unreadable"
198899
+ }
198900
+ );
198901
+ }
198902
+ }
198675
198903
  async function registryListCommand(listArgs2) {
198676
198904
  if (!listArgs2.json && !isNonInteractiveOrCI2()) {
198677
198905
  startSection("List configured container registries");
@@ -198812,7 +199040,7 @@ async function registryCredentialsCommand(credentialsArgs) {
198812
199040
  logger2.log(credentials.password);
198813
199041
  }
198814
199042
  }
198815
- var registryConfigureArgs, registryListArgs, registryDeleteArgs, containersRegistriesNamespace, containersRegistriesConfigureCommand, containersRegistriesListCommand, containersRegistriesDeleteCommand, containersRegistriesCredentialsCommand;
199043
+ var providerSpecificCredentialFlags, providerSpecificCredentialFlagNames, registryConfigureArgs, registryListArgs, registryDeleteArgs, containersRegistriesNamespace, containersRegistriesConfigureCommand, containersRegistriesListCommand, containersRegistriesDeleteCommand, containersRegistriesCredentialsCommand;
198816
199044
  var init_registries2 = __esm({
198817
199045
  "src/containers/registries.ts"() {
198818
199046
  init_import_meta_url();
@@ -198830,6 +199058,33 @@ var init_registries2 = __esm({
198830
199058
  init_std();
198831
199059
  init_deploy();
198832
199060
  init_containers2();
199061
+ providerSpecificCredentialFlags = [
199062
+ {
199063
+ argName: "awsAccessKeyId",
199064
+ flagName: "aws-access-key-id",
199065
+ registryType: "ECR" /* ECR */,
199066
+ registryName: "AWS ECR",
199067
+ telemetryMessage: "containers registries configure aws access key id unsupported registry"
199068
+ },
199069
+ {
199070
+ argName: "dockerhubUsername",
199071
+ flagName: "dockerhub-username",
199072
+ registryType: "DockerHub" /* DOCKER_HUB */,
199073
+ registryName: "DockerHub",
199074
+ telemetryMessage: "containers registries configure dockerhub username unsupported registry"
199075
+ },
199076
+ {
199077
+ argName: "garEmail",
199078
+ flagName: "gar-email",
199079
+ registryType: "GAR" /* GAR */,
199080
+ registryName: "Google Artifact Registry",
199081
+ telemetryMessage: "containers registries configure gar email unsupported registry"
199082
+ }
199083
+ ];
199084
+ providerSpecificCredentialFlagNames = providerSpecificCredentialFlags.map(
199085
+ (flag) => flag.flagName
199086
+ );
199087
+ __name(providerSpecificCredentialFlagConflicts, "providerSpecificCredentialFlagConflicts");
198833
199088
  registryConfigureArgs = {
198834
199089
  DOMAIN: {
198835
199090
  describe: "Domain to configure for the registry",
@@ -198841,19 +199096,26 @@ var init_registries2 = __esm({
198841
199096
  demandOption: false,
198842
199097
  hidden: true,
198843
199098
  deprecated: true,
198844
- conflicts: ["dockerhub-username", "aws-access-key-id"]
199099
+ conflicts: providerSpecificCredentialFlagNames
198845
199100
  },
198846
199101
  "aws-access-key-id": {
198847
199102
  type: "string",
198848
199103
  description: "When configuring Amazon ECR, `AWS_ACCESS_KEY_ID`",
198849
199104
  demandOption: false,
198850
- conflicts: ["public-credential", "dockerhub-username"]
199105
+ conflicts: providerSpecificCredentialFlagConflicts("aws-access-key-id")
198851
199106
  },
198852
199107
  "dockerhub-username": {
198853
199108
  type: "string",
198854
199109
  description: "When configuring DockerHub, the DockerHub username",
198855
199110
  demandOption: false,
198856
- conflicts: ["public-credential", "aws-access-key-id"]
199111
+ conflicts: providerSpecificCredentialFlagConflicts("dockerhub-username")
199112
+ },
199113
+ "gar-email": {
199114
+ type: "string",
199115
+ description: "When configuring Google Artifact Registry, the Google service account email. Must match the `client_email` in the service account key.",
199116
+ demandOption: false,
199117
+ requiresArg: true,
199118
+ conflicts: providerSpecificCredentialFlagConflicts("gar-email")
198857
199119
  },
198858
199120
  "secret-store-id": {
198859
199121
  type: "string",
@@ -198882,8 +199144,12 @@ var init_registries2 = __esm({
198882
199144
  };
198883
199145
  __name(registryConfigureCommand, "registryConfigureCommand");
198884
199146
  __name(promptForSecretName, "promptForSecretName");
198885
- __name(getOrCreateSecret, "getOrCreateSecret");
199147
+ __name(resolveSecretSelection, "resolveSecretSelection");
198886
199148
  __name(promptForRegistryPrivateCredential, "promptForRegistryPrivateCredential");
199149
+ __name(validateProviderSpecificCredentialFlags, "validateProviderSpecificCredentialFlags");
199150
+ __name(resolvePrivateCredential, "resolvePrivateCredential");
199151
+ __name(getGarServiceAccountKey, "getGarServiceAccountKey");
199152
+ __name(readGarServiceAccountKeyFile, "readGarServiceAccountKeyFile");
198887
199153
  registryListArgs = {
198888
199154
  json: {
198889
199155
  type: "boolean",
@@ -232484,6 +232750,9 @@ function normalizeRelativePath(p7) {
232484
232750
  }
232485
232751
  return normalized;
232486
232752
  }
232753
+ function escapeIdentifier(id) {
232754
+ return `"${id.replace(/"/g, '""')}"`;
232755
+ }
232487
232756
  async function getMigrationsPath({
232488
232757
  projectPath,
232489
232758
  migrationsDir,
@@ -232659,6 +232928,7 @@ var init_helpers6 = __esm({
232659
232928
  __name(resolveMigrationsConfig, "resolveMigrationsConfig");
232660
232929
  __name(stripDirPrefix, "stripDirPrefix");
232661
232930
  __name(normalizeRelativePath, "normalizeRelativePath");
232931
+ __name(escapeIdentifier, "escapeIdentifier");
232662
232932
  __name(getMigrationsPath, "getMigrationsPath");
232663
232933
  __name(getUnappliedMigrations, "getUnappliedMigrations");
232664
232934
  listAppliedMigrations = /* @__PURE__ */ __name(async ({
@@ -232670,6 +232940,7 @@ var init_helpers6 = __esm({
232670
232940
  persistTo,
232671
232941
  preview
232672
232942
  }) => {
232943
+ const escapedTableName = escapeIdentifier(migrationsTableName);
232673
232944
  const response = await executeSql({
232674
232945
  local,
232675
232946
  remote,
@@ -232678,7 +232949,7 @@ var init_helpers6 = __esm({
232678
232949
  shouldPrompt: !isNonInteractiveOrCI2(),
232679
232950
  persistTo,
232680
232951
  command: `SELECT *
232681
- FROM ${migrationsTableName}
232952
+ FROM ${escapedTableName}
232682
232953
  ORDER BY id`,
232683
232954
  file: void 0,
232684
232955
  json: true,
@@ -232705,6 +232976,7 @@ var init_helpers6 = __esm({
232705
232976
  persistTo,
232706
232977
  preview
232707
232978
  }) => {
232979
+ const escapedTableName = escapeIdentifier(migrationsTableName);
232708
232980
  return executeSql({
232709
232981
  local,
232710
232982
  remote,
@@ -232712,7 +232984,7 @@ var init_helpers6 = __esm({
232712
232984
  name: name2,
232713
232985
  shouldPrompt: !isNonInteractiveOrCI2(),
232714
232986
  persistTo,
232715
- command: `CREATE TABLE IF NOT EXISTS ${migrationsTableName}(
232987
+ command: `CREATE TABLE IF NOT EXISTS ${escapedTableName}(
232716
232988
  id INTEGER PRIMARY KEY AUTOINCREMENT,
232717
232989
  name TEXT UNIQUE,
232718
232990
  applied_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
@@ -232854,9 +233126,12 @@ Your database may not be available to serve requests during the migration, conti
232854
233126
  `${migrationsPath}/${migration.name}`,
232855
233127
  "utf8"
232856
233128
  );
233129
+ const escapedTableName = escapeIdentifier(
233130
+ migrationsConfig.migrationsTableName
233131
+ );
232857
233132
  query += `
232858
- INSERT INTO ${migrationsConfig.migrationsTableName} (name)
232859
- values ('${migration.name}');
233133
+ INSERT INTO ${escapedTableName} (name)
233134
+ values ('${migration.name.replace(/'/g, "''")}');
232860
233135
  `;
232861
233136
  let success3 = true;
232862
233137
  let errorNotes = [];
@@ -360786,6 +361061,7 @@ function createTestHarness(options) {
360786
361061
  );
360787
361062
  return dispatchFetch(miniflare, input, init4);
360788
361063
  },
361064
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Untyped test code should be able to use env bindings without casting every property
360789
361065
  getWorker(name2) {
360790
361066
  return {
360791
361067
  async fetch(input, init4) {
@@ -360820,29 +361096,11 @@ function createTestHarness(options) {
360820
361096
  const result = await response.json();
360821
361097
  return result;
360822
361098
  },
360823
- async getKVNamespace(bindingName) {
360824
- const session = await resolveSession();
360825
- const miniflare = await getRuntimeMiniflare(session);
360826
- const workerName = resolveWorkerName2(session, name2);
360827
- return miniflare.getKVNamespace(bindingName, workerName);
360828
- },
360829
- async getR2Bucket(bindingName) {
360830
- const session = await resolveSession();
360831
- const miniflare = await getRuntimeMiniflare(session);
360832
- const workerName = resolveWorkerName2(session, name2);
360833
- return miniflare.getR2Bucket(bindingName, workerName);
360834
- },
360835
- async getD1Database(bindingName) {
360836
- const session = await resolveSession();
360837
- const miniflare = await getRuntimeMiniflare(session);
360838
- const workerName = resolveWorkerName2(session, name2);
360839
- return miniflare.getD1Database(bindingName, workerName);
360840
- },
360841
- async getDurableObjectNamespace(bindingName) {
361099
+ async getEnv() {
360842
361100
  const session = await resolveSession();
360843
361101
  const miniflare = await getRuntimeMiniflare(session);
360844
361102
  const workerName = resolveWorkerName2(session, name2);
360845
- return miniflare.getDurableObjectNamespace(bindingName, workerName);
361103
+ return miniflare.getBindings(workerName);
360846
361104
  }
360847
361105
  };
360848
361106
  },