Merge pull request #1 from gbh-tech/feat-RI-4198-add-onepassword-prov…

…ider

feat: (RI-4198) Add onepassword provider

.github/workflows/lint.yml

@@ -0,0 +1,54 @@
+name: 📝 Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 💻 Checkout current code ref
+        uses: actions/checkout@v4
+
+      - name: 🟢 Configure Bun on runner
+        uses: oven-sh/setup-bun@v1
+
+      - name: 📦 Install package dependencies using lockfile
+        run: bun install --frozen-lockfile
+
+      - name: 🌷 Run format, lint & check with Biome
+        run: |
+          bun run format
+          bun run lint
+          bun run check
+
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 💻 Checkout current code ref
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🟢 Configure Bun on runner
+        uses: oven-sh/setup-bun@v1
+
+      - name: 📦 Install package dependencies using lockfile
+        run: bun install --frozen-lockfile
+
+        # Check all commits pushed to this PR
+      - name: 👁️‍🗨️ Validate PR commits with commitlint
+        run: >- 
+          npx commitlint
+          --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }}
+          --to ${{ github.event.pull_request.head.sha }}
+          --verbose
+
+      - name: 🔎 Validate PR title with commitlint
+        run: echo "${{ github.event.pull_request.title }}" | npx commitlint

.github/workflows/release.yml

@@ -0,0 +1,42 @@
+name: 🚀 Release
+
+on:
+  workflow_dispatch:
+
+env:
+  NAME: 'dot-env-generator'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 💻 Checkout current pull-request revision code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 🟢 Configure Bun on runner
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: 🔵 Install Task
+        uses: arduino/setup-task@v2
+
+      - name: 💼 Configure Git user
+        run: |
+          git config user.name "gbh-devops-bot"
+          git config user.email "[email protected]"
+
+      - name: 📦 Install package dependencies using lockfile
+        run: bun install --frozen-lockfile
+
+      - name: 🔨 Compile binary for supported platforms
+        run: |
+          task build
+          task compress
+
+      - name: 🚀 Run new version for production
+        run: npx release-it --ci
+        env:
+          GITHUB_TOKEN: ${{ secrets.DEVOPS_USER_TOKEN }}

.github/workflows/s3-upload.yml

@@ -0,0 +1,46 @@
+name: 🚀 Deploy to S3
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  BUCKET: 's3://gbh-utils'
+  NAME: 'dot-env-generator'
+
+jobs:
+  deploy-s3:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [linux-x64, linux-arm64, windows-x64, darwin-arm64, darwin-x64]
+    steps:
+      - name: 💻 Checkout current code ref
+        uses: actions/checkout@v4
+
+      - name: 🟢 Configure Bun on runner
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: 🔵 Install Task
+        uses: arduino/setup-task@v2
+
+      - name: 🟡 Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: 'us-east-1'
+
+      - name: 📦 Install package dependencies using lockfile
+        run: bun install --frozen-lockfile
+
+      - name: 🔨 Compile binary for supported platforms
+        run: |
+          task build
+          task compress
+
+      - name: 🚀 Upload binaries to S3
+        run: aws s3 cp ./dist ${BUCKET}/${NAME} --acl public-read

.github/workflows/test.yaml

@@ -24,19 +24,16 @@ jobs:
         with:
           bun-version: latest
 
+      - name: 🔵 Install Task
+        uses: arduino/setup-task@v2
+
       - name: 📦 Install package dependencies using lockfile
         run: bun install --frozen-lockfile
 
-      - name: 🔨 Run build
-        run: |
-          bun run build
-          bun run compile
-
-      - name: 🌷 Run format, lint & check with Biome
+      - name: 🔨 Compile binary for supported platforms
         run: |
-          bun run format:ci
-          bun run lint:ci
-          bun run check:ci
+          task build
+          task compress
 
       - name: 🧪 Run tests
         run: bun run test

.gitignore

@@ -176,5 +176,5 @@ dist
 .DS_Store
 
 # Binary
-werf-env-generator*
+dot-env-generator*
 .werf_secret_key

.husky/commit-msg

@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+
+npx --no -- commitlint --edit ${1}
+bun run lint
+bun run format
+bun run check

.husky/pre-commit

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+BRANCH=$(git rev-parse --abbrev-ref HEAD)
+REGEX="^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)-[A-Z]{2,4}-[0-9]{1,5}-[A-Za-z0-9-]+$"
+
+if ! [[ $BRANCH =~ $REGEX ]]; then
+  echo "Your commit was rejected due to branching name"
+  exit 1
+fi

.ops/taskfiles/werf.yaml

@@ -63,17 +63,3 @@ tasks:
     preconditions:
       - sh: 'test -f .werf_secret_key'
         msg: '.werf_secret_key file does not exist.'
-
-  # Utils: Check werf env generator
-  download-env-generator:
-    internal: true
-    desc: 'Check if werf-env-generate exists, if not, download it.'
-    vars:
-      OS: '{{.OS}}'
-      ARCH: '{{ "x64" | default .ARCH}}'
-    cmds:
-      - curl -O https://gbh-utils.s3.amazonaws.com/{{.OS}}/werf-env-generator-{{.ARCH}}
-      - mv werf-env-generator-{{.ARCH}} werf-env-generator
-      - chmod +x werf-env-generator
-    status:
-      - test -f werf-env-generator

.tool-versions

@@ -1,3 +1,4 @@
 awscli 2.17.4
-bun 1.1.17
+bun 1.1.21
 werf 2.0.4
+task 3.37.2

cli.ts

@@ -1,68 +1,17 @@
 #!/usr/bin/env bun
 
-import { execSync } from 'node:child_process';
 import { Command } from 'commander';
-import yaml from 'js-yaml';
-import { version } from './package.json';
-import type { yamlDoc } from './src/interfaces';
-import { generateEnvFile, mergeDataFromManifests } from './src/parser';
+import { description, name, version } from './package.json';
+import { onePasswordCommand } from './src/commands/op';
+import { werfCommand } from './src/commands/werf';
 
 const cli = new Command();
 
 cli
-  .name('werf-env-file-generator')
+  .name(name)
   .version(version)
-  .summary('Werf Env-File Generator CLI')
-  .option('-v,--values <variable>', 'Set extra environment values')
-  .requiredOption(
-    '-e, --environment <env>',
-    'Target environment for which to generate the .env file',
-  )
-  .option(
-    '-s, --secrets',
-    'Whether to include secret files in the Werf command',
-    true,
-  )
-  .option(
-    '-p, --to-path <path...>',
-    'Path(s) to generate the dot env (.env) file to',
-    ['.env'],
-  )
-  .action((options) => {
-    const environment = options.environment.trim();
-
-    const werfCommand = [
-      'werf',
-      'render',
-      `--env ${environment}`,
-      `--values .helm/values/${environment}.yaml`,
-      '--dev',
-    ];
-
-    if (options.secrets) {
-      werfCommand.push(`--secret-values .helm/secrets/${environment}.yaml`);
-    }
-
-    if (options.values) {
-      const extra_vars = options.values.trim();
-      werfCommand.push(`--set ${extra_vars}`);
-    }
-
-    console.log('Werf command:');
-    console.log(werfCommand);
-
-    const renderedManifests = execSync(werfCommand.join(' ').trim(), {
-      encoding: 'utf-8',
-    });
-
-    console.log('Obtaining env vars from rendered manifests...');
-    const manifests = yaml.loadAll(renderedManifests) as yamlDoc[];
-
-    const envData = mergeDataFromManifests(manifests);
-
-    for (const path of options.toPath) {
-      generateEnvFile(envData, path);
-    }
-  });
+  .summary(description)
+  .addCommand(werfCommand())
+  .addCommand(onePasswordCommand());
 
 cli.parse();