viur-cli 2.3.2__tar.gz → 3.0.0__tar.gz

{viur_cli-2.3.2/src/viur_cli.egg-info → viur_cli-3.0.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: viur-cli
-Version: 2.3.2
+Version: 3.0.0
 Summary: Command-line interface for ViUR application maintenance.
 Author-email: "Andreas H. Kelch" <ak@mausbrand.de>
 License-Expression: MIT
@@ -17,7 +17,7 @@ Requires-Dist: pipfile-requirements~=0.3
 Requires-Dist: requests~=2.0
 Requires-Dist: semver~=3.0
 Requires-Dist: watchdog~=6.0
-Requires-Dist: safety~=3.5
+Requires-Dist: pip-audit~=2.7
 Requires-Dist: viur-scriptor-api~=1.0
 Dynamic: license-file
 

{viur_cli-2.3.2 → viur_cli-3.0.0}/pyproject.toml

@@ -1,16 +1,11 @@
 [build-system]
-requires = [
-    "setuptools>=65",
-    "wheel"
-]
+requires = ["setuptools>=65", "wheel"]
 build-backend = "setuptools.build_meta"
 
 [project]
 name = "viur-cli"
 dynamic = ["version"]
-authors = [
-    {name = "Andreas H. Kelch", email = "ak@mausbrand.de"}
-]
+authors = [{ name = "Andreas H. Kelch", email = "ak@mausbrand.de" }]
 description = "Command-line interface for ViUR application maintenance."
 readme = "README.md"
 requires-python = ">=3.11"
@@ -26,7 +21,7 @@ dependencies = [
     "requests~=2.0",
     "semver~=3.0",
     "watchdog~=6.0",
-    "safety~=3.5",
+    "pip-audit~=2.7",
     "viur-scriptor-api~=1.0",
 ]
 
@@ -39,8 +34,8 @@ viur = "viur_cli:cli"
 get-pyodide = "viur_cli.scripts.get_pyodide:main"
 
 [tool.setuptools]
-package-dir = {"" = "src"}
-packages = {find = {where = ["src"]}}
+package-dir = { "" = "src" }
+packages = { find = { where = ["src"] } }
 
 [tool.setuptools.dynamic]
-version = {attr = "viur_cli.version.__version__"}
+version = { attr = "viur_cli.version.__version__" }

{viur_cli-2.3.2 → viur_cli-3.0.0}/src/viur_cli/__init__.py

@@ -5,7 +5,6 @@ from .local import *
 from .build import *
 from .setup import *
 from .version import *
-from .tool import *
 from .update import *
 from .cloud import *
 from .deprecated import *

{viur_cli-2.3.2 → viur_cli-3.0.0}/src/viur_cli/cli.py

@@ -3,7 +3,7 @@ import subprocess
 import click
 from .conf import *
 from .version import __version__
-from .version import MINIMAL_PIPENV
+from .version import MINIMAL_UV
 import semver
 import pprint
 import os
@@ -29,18 +29,18 @@ def cli(ctx):
     """
 
     # Get the systems pipenv Version Number
-    pipenv_version = subprocess.check_output(['pipenv', '--version']).decode("utf-8")
+    uv_version = subprocess.check_output(['uv', 'self', 'version']).decode("utf-8")
     version_pattern = r'\b(\d+\.\d+\.\d+)\b'
-    match = re.search(version_pattern, pipenv_version)
-    sys_pipenv = match.group(1)
+    match = re.search(version_pattern, uv_version)
+    sys_uv = match.group(1)
 
     # sys kleiner min
-    if semver.compare(sys_pipenv, MINIMAL_PIPENV) < 0:
+    if semver.compare(sys_uv, MINIMAL_UV) < 0:
         echo_warning(
-            f"Your pipenv Version does not match the recommended pipenv version. \n"
-            f"This mismatch may cause Errors, please consider updating your Systems pipenv version \n"
-            f"Your Version: {sys_pipenv}\n"
-            f"Recommended Version: {MINIMAL_PIPENV}"
+            f"Your uv Version does not match the recommended uv version. \n"
+            f"This mismatch may cause Errors, please consider updating your Systems uv version \n"
+            f"Your Version: {sys_uv}\n"
+            f"Recommended Version: {MINIMAL_UV}"
         )
 
 

{viur_cli-2.3.2 → viur_cli-3.0.0}/src/viur_cli/conf.py

@@ -208,11 +208,11 @@ class ProjectConfig(Config):
 
 
 def print_changelog_from_github(user, repo, last_version):
-    version_url = f"https://raw.githubusercontent.com/{user}/{repo}/main/CHANGELOG.md"
+    version_url = f"https://raw.githubusercontent.com/{user}/{repo}/refs/heads/main/CHANGELOG.md"
     response = requests.get(version_url)
 
     if last_version is not None:
-        version_url1 = f"https://raw.githubusercontent.com/{user}/{repo}/{last_version}/CHANGELOG.md"
+        version_url1 = f"https://raw.githubusercontent.com/{user}/{repo}/refs/tags/v{last_version}/CHANGELOG.md"
         echo_warning(version_url1)
         response1 = requests.get(version_url1)
 

viur_cli-3.0.0/src/viur_cli/local.py

@@ -0,0 +1,419 @@
+import json
+
+import click
+import shutil
+import subprocess
+from datetime import datetime
+
+from viur_cli import echo_warning
+from .conf import config
+from . import cli, echo_error, utils, echo_fatal
+
+
+def get_user_info():
+    gcloud_auth_process = subprocess.run(
+        ["gcloud", "auth", "application-default", "print-access-token"],
+        capture_output=True,
+        text=True,
+    )
+
+    auth_token = gcloud_auth_process.stdout.strip()  # Extract auth token
+
+    curl_command = f'curl -X GET -H "Authorization: Bearer {auth_token}" "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"'
+
+    curl_process = subprocess.run(
+        curl_command, capture_output=True, shell=True, text=True
+    )
+    user_info = json.loads(curl_process.stdout)
+
+    return user_info
+
+
+@cli.command(context_settings={"ignore_unknown_options": True})
+@click.argument("profile", default="default")
+@click.argument("additional_args", nargs=-1)
+def run(profile, additional_args):
+    """
+    Start your application locally.
+    The 'run' command launches your ViUR application locally specified configuration and optional arguments.
+    This Enforces the Usage of gcloud tool
+    """
+    try:
+        echo_warning(
+            f"You are using the development Server with your default account: {get_user_info()['email']}"
+        )
+    except:
+        echo_fatal(
+            f"It seems you are not Using an appropriate account. "
+            f"Please install the 'gcloud' tool or Log in with an appropriate account."
+        )
+
+    conf = config.get_profile(profile)
+    additional_args = list(additional_args)
+
+    if appyaml := conf.get("appyaml"):
+        additional_args.append(f"--appyaml={appyaml}")
+    if conf.get("port"):
+        additional_args.append(f"--port={conf['port']}")
+    if conf.get("gunicorn_port"):
+        additional_args.append(f"--gunicorn_port={conf['gunicorn_port']}")
+
+    utils.system(
+        f"app_server -A={conf['application_name']} {conf['distribution_folder']} {' '.join(additional_args)}"
+    )
+
+
+@cli.command()
+@click.argument("profile", default="default")
+def env(profile):
+    """
+    Check the local environment for ViUR development.
+
+    The 'env' command provides information about the versions tools and dependencies, such as ViUR-CLI, app_server,
+    git, Python, npm, node, and more. It checks the availability of these tools and reports their versions.
+
+    """
+
+    valid_icon = "\U00002714"
+    failed_icon = "\U0000274c"
+
+    conf = config.get_profile(profile)
+    click.echo(f"Project Info:\n--------------------------------")
+    try:
+        click.echo(f"format: {config['format']}")
+        for entry in conf["builds"]:
+            if entry in conf["builds"]:
+                click.echo(f"\n {entry}: {conf['builds'][entry]['version'] } ")
+
+    except Exception as e:
+        echo_error("Error while collecting viur info")
+
+        echo_error(str(e))
+    click.echo(f"\nCurrent Environment:\n--------------------------------")
+
+    # viur-cli
+    if shutil.which("viur"):
+        app_server_version = subprocess.check_output(["viur", "--version"]).decode(
+            "utf-8"
+        )
+        click.echo(f"{valid_icon} {app_server_version}")
+    else:
+        click.echo(f"{failed_icon} ViUR-CLI")
+
+    # app_server
+    if shutil.which("app_server"):
+        app_server_version = subprocess.check_output(["app_server", "-V"]).decode(
+            "utf-8"
+        )
+        click.echo(f"{valid_icon} {app_server_version}")
+    else:
+        click.echo(f"{failed_icon} app_server")
+
+    # git
+    if shutil.which("git"):
+        git_version = subprocess.check_output(["git", "--version"]).decode("utf-8")
+        click.echo(f"{valid_icon} {git_version}")
+    else:
+        click.echo(f"{failed_icon}")
+
+    # python3
+    if shutil.which("python3"):
+        npm_version = subprocess.check_output(["python3", "-V"]).decode("utf-8")
+        click.echo(f"{valid_icon} python3 > {npm_version}")
+    else:
+        click.echo(f"{failed_icon}")
+
+    # python
+    if shutil.which("python"):
+        npm_version = subprocess.check_output(["python", "-V"]).decode("utf-8")
+        click.echo(f"{valid_icon} python > {npm_version}")
+    else:
+        click.echo(f"{failed_icon}")
+
+    # python3
+    if shutil.which("pyenv"):
+        pyenv_version = subprocess.check_output(["pyenv", "--version"]).decode("utf-8")
+        click.echo(f"{valid_icon} {pyenv_version}")
+    else:
+        click.echo(f"{failed_icon}")
+
+    # npm
+    if shutil.which("npm"):
+        npm_version = subprocess.check_output(["npm", "-v"]).decode("utf-8")
+        click.echo(f"{valid_icon} npm {npm_version}")
+    else:
+        click.echo(f"{failed_icon} npm")
+
+    # node
+    if shutil.which("node"):
+        npm_version = subprocess.check_output(["node", "-v"]).decode("utf-8")
+        click.echo(f"{valid_icon} node {npm_version}")
+    else:
+        click.echo(f"{failed_icon} node")
+
+    # pnpm
+    if shutil.which("pnpm"):
+        npm_version = subprocess.check_output(["pnpm", "-v"]).decode("utf-8")
+        click.echo(f"{valid_icon} pnpm {npm_version}")
+    else:
+        click.echo(f"{failed_icon} pnpm (optional)")
+
+    # gcloud
+    if shutil.which("gcloud"):
+        gcloud_version = (
+            subprocess.check_output(["gcloud", "-v"]).decode("utf-8").split("\n\n")[0]
+        )
+        versionList = []
+        for line in gcloud_version.split("\n"):
+            if not line:
+                continue
+            if not line.startswith("Google Cloud SDK"):
+                line = " - " + line
+            versionList.append(line)
+        versionString = "\n".join(versionList)
+        click.echo(f"{valid_icon} {versionString}")
+    else:
+        click.echo(f"{failed_icon} gcloud")
+
+    click.echo(f"\nYour default gcloud user Info:\n--------------------------------")
+    for k, v in get_user_info().items():
+        click.echo(f"{k}: {v}")
+
+
+@cli.command()
+@click.option("--dev", "-d", is_flag=True, default=False)
+def check(dev):
+    """
+    Perform security checks for vulnerabilities.
+    The 'check' command helps you identify and address security vulnerabilities in your project's dependencies.
+    """
+
+    if do_checks(dev):
+        utils.echo_info("\U00002714 No vulnerabilities found.")
+
+
+def do_checks(dev=True):
+    """
+    Run security checks for Python and npm dependencies.
+
+    Args:
+        dev: Development mode flag (currently unused but kept for API compatibility)
+
+    Returns:
+        bool: True if no vulnerabilities found, False otherwise
+    """
+    has_vulnerabilities = False
+
+    # Python vulnerability check
+    try:
+        # Run uv-secure with JSON output to parse results
+        result = subprocess.run(
+            [
+                "uvx",
+                "pysentry-rs",
+                "--sources",
+                "pypa,pypi,osv",
+                "--format",
+                "json",
+                "--fail-on",
+                "high",
+            ],
+            capture_output=True,
+            check=True,
+        )
+
+        # Parse JSON output (strict=False allows control characters)
+        data = json.loads(result.stdout, strict=False)
+
+        # Check if no vulnerabilities found
+        if data.get("vulnerable_packages", 0) == 0:
+            py_vulns = False
+        else:
+            py_vulns = True
+            has_vulnerabilities = True
+
+        # Format scan time to human readable format
+        scan_time_str = data.get("scan_time", "N/A")
+        try:
+            scan_time = datetime.fromisoformat(scan_time_str.replace("Z", "+00:00"))
+            formatted_time = scan_time.strftime("%H:%M:%S")
+        except:
+            formatted_time = scan_time_str
+
+        # Display scan summary for Python
+        click.echo("\n" + "=" * 60)
+        click.echo("Python Security Scan Results")
+        click.echo("=" * 60)
+        click.echo(f"Scan Time:              {formatted_time}")
+        click.echo(f"Total Packages:         {data.get('total_packages', 0)}")
+        click.echo(f"Vulnerable Packages:    {data.get('vulnerable_packages', 0)}")
+        click.echo(f"Total Vulnerabilities:  {data.get('total_vulnerabilities', 0)}")
+        click.echo("=" * 60)
+
+        # Display individual vulnerabilities
+        vulnerabilities = data.get("vulnerabilities", [])
+        if vulnerabilities:
+            click.echo("\nFound Python Vulnerabilities:\n")
+            for i, vuln in enumerate(vulnerabilities, 1):
+                click.echo(
+                    f"{i}. Package: {click.style(vuln.get('package_name', 'Unknown'), fg='red', bold=True)}"
+                )
+                click.echo(
+                    f"   Installed Version: {vuln.get('installed_version', 'N/A')}"
+                )
+
+                severity = vuln.get("severity", "Unknown")
+                severity_color = {
+                    "Critical": "red",
+                    "High": "red",
+                    "Medium": "yellow",
+                    "Low": "green",
+                }.get(severity, "white")
+                click.echo(
+                    f"   Severity: {click.style(severity, fg=severity_color, bold=True)}"
+                )
+
+                fixed_versions = vuln.get("fixed_versions", [])
+                if fixed_versions:
+                    click.echo(f"   Fixed in: {', '.join(fixed_versions)}")
+                else:
+                    click.echo("   Fixed in: No fix available yet")
+                click.echo()
+
+    except FileNotFoundError:
+        echo_warning("uv-secure not found. Install with: uv pip install uv-secure")
+        py_vulns = False
+    except json.JSONDecodeError as e:
+        echo_error(f"Error parsing uv-secure output: {e}")
+        echo_error(f"Raw output: {result.stdout[:500]}")
+        py_vulns = False
+    except Exception as e:
+        echo_error(f"Unexpected error during Python security check: {e}")
+        py_vulns = False
+    # npm vulnerability check
+    if shutil.which("npm"):
+        conf = config.get_profile("default")
+        builds = conf.get("builds", {})
+        sources_folder = conf.get("sources_folder", "./sources")
+
+        # Collect all npm builds
+        npm_builds = []
+        for build_name, build_config in builds.items():
+            if build_config.get("kind") == "npm":
+                source_path = build_config.get("source")
+                if source_path:
+                    npm_builds.append(
+                        {"name": build_name, "path": f"{sources_folder}/{source_path}"}
+                    )
+
+        if not npm_builds:
+            click.echo("\n" + "=" * 60)
+            click.echo("No npm builds found in config - skipping npm audit")
+            click.echo("=" * 60)
+        else:
+            # Run audit for each npm build
+            for build in npm_builds:
+                try:
+                    npm_audit_dir = build["path"]
+
+                    npm_result = subprocess.run(
+                        ["npm", "audit", "--json"],
+                        capture_output=True,
+                        text=True,
+                        cwd=npm_audit_dir,
+                    )
+
+                    npm_data = json.loads(npm_result.stdout, strict=False)
+
+                    metadata = npm_data.get("metadata", {})
+                    npm_vulnerabilities = npm_data.get("vulnerabilities", {})
+
+                    vuln_counts = metadata.get("vulnerabilities", {})
+                    dependencies = metadata.get("dependencies", {})
+
+                    total_npm_vulns = vuln_counts.get("total", 0)
+
+                    if total_npm_vulns > 0:
+                        has_vulnerabilities = True
+
+                    # Display npm scan summary
+                    click.echo("\n" + "=" * 60)
+                    click.echo(f"npm Security Scan Results - {build['name']}")
+                    click.echo("=" * 60)
+                    click.echo(f"Build Path:             {npm_audit_dir}")
+                    click.echo(
+                        f"Total Dependencies:     {dependencies.get('total', 0)}"
+                    )
+                    click.echo(f"Total Vulnerabilities:  {total_npm_vulns}")
+                    click.echo(
+                        f"  Critical:             {vuln_counts.get('critical', 0)}"
+                    )
+                    click.echo(f"  High:                 {vuln_counts.get('high', 0)}")
+                    click.echo(
+                        f"  Moderate:             {vuln_counts.get('moderate', 0)}"
+                    )
+                    click.echo(f"  Low:                  {vuln_counts.get('low', 0)}")
+                    click.echo(f"  Info:                 {vuln_counts.get('info', 0)}")
+                    click.echo("=" * 60)
+
+                    # Display individual npm vulnerabilities
+                    if npm_vulnerabilities and total_npm_vulns > 0:
+                        click.echo(f"\nFound npm Vulnerabilities in {build['name']}:\n")
+                        for i, (pkg_name, vuln_info) in enumerate(
+                            npm_vulnerabilities.items(), 1
+                        ):
+                            severity = vuln_info.get("severity", "unknown")
+                            severity_color = {
+                                "critical": "red",
+                                "high": "red",
+                                "moderate": "yellow",
+                                "low": "green",
+                                "info": "blue",
+                            }.get(severity.lower(), "white")
+
+                            # Get current version from nodes
+                            nodes = vuln_info.get("nodes", [])
+                            current_version = vuln_info.get("range", "N/A")
+
+                            click.echo(
+                                f"{i}. Package: {click.style(pkg_name, fg='red', bold=True)}"
+                            )
+                            click.echo(f"   Current Range: {current_version}")
+                            click.echo(
+                                f"   Severity: {click.style(severity.capitalize(), fg=severity_color, bold=True)}"
+                            )
+
+                            # Check for breaking changes
+                            fix_available = vuln_info.get("fixAvailable", {})
+                            if fix_available:
+                                fix_package = fix_available.get("name", pkg_name)
+                                fix_version = fix_available.get("version", "N/A")
+                                is_breaking = fix_available.get("isSemVerMajor", False)
+
+                                fix_text = f"   Fixed in: {fix_package}@{fix_version}"
+                                if is_breaking:
+                                    fix_text += click.style(
+                                        " (breaking change)", fg="yellow", bold=True
+                                    )
+                                click.echo(fix_text)
+                            else:
+                                click.echo("   Fixed in: No fix available yet")
+
+                            click.echo()
+
+                except FileNotFoundError:
+                    echo_warning(f"npm audit directory not found: {build['path']}")
+                except json.JSONDecodeError as e:
+                    echo_error(
+                        f"Error parsing npm audit output for {build['name']}: {e}"
+                    )
+                except Exception as e:
+                    echo_error(
+                        f"Unexpected error during npm security check for {build['name']}: {e}"
+                    )
+    else:
+        click.echo("\n" + "=" * 60)
+        click.echo("npm not found - skipping npm audit")
+        click.echo("=" * 60)
+
+    return not has_vulnerabilities

{viur_cli-2.3.2 → viur_cli-3.0.0}/src/viur_cli/scriptor/cli.py

@@ -12,7 +12,6 @@ from weakref import proxy
 from viur.scriptor import Modules
 from ..cli import cli
 from ..cli import scriptor_config
-from .login import ensure_login
 
 # Global modules instance that will be initialized when needed
 _modules = None
@@ -44,6 +43,7 @@ def configure(url: str, username: str, working_dir: str):
     Manage configuration settings.
     """
 
+
     if url:
         scriptor_config["base_url"] = url
 
@@ -61,14 +61,6 @@ def setup():
     """
 
     base_url = scriptor_config.get("base_url")
-
-    try:
-        click.echo("This Feature is only avalible on viur-core 3.8.19 or higher.")
-        res = ensure_login("", host=base_url)
-        if res:
-            return
-    except KeyboardInterrupt:
-        pass
     try:
         session = requests.session()
         skey = session.get(base_url + "/json/skey")
@@ -104,11 +96,15 @@ def check_session(ctx: click.Context):
 
     response = s.get(base_url + "/vi/user/view/self", cookies=scriptor_config.get("cookies", {}))
     if not response.ok:
-        click.echo("Invalid session, please run `viur script setup` again. okay ?")
+        click.echo("Invalid session, please run `viur script setup` again.")
         ctx.invoke(setup)
         ctx.close()
+    #FIXME We need this ?
+    # Update modules with cookies
+    modules = get_modules()
+    # modules.request.cookies = cookiejar_from_dict(scriptor_config.get("cookies", {}))
+
 
-        
 @script.command()
 @click.option('--force', default=False, help='Force replace files from server in local working directory')
 @click.pass_context
@@ -118,6 +114,7 @@ def pull(ctx: click.Context, force: bool):
     """
     check_session(ctx)
 
+
     async def main():
         # In the new API, we don't need to call structure
         modules = get_modules()
@@ -291,7 +288,7 @@ def push(ctx: click.Context, force: bool, watch: bool):
                                 f.write(args["script"])
 
                     click.echo(f"Push {_real_file}")
-                    await tree.add(args, skel_type=_type)
+                    await tree.add(_type, args)
 
     if watch:
         print("Watching...")