fix: use owner-level unidesk state
This commit is contained in:
@@ -493,7 +493,7 @@ export function runNodePublicExposure(options: NodePublicExposureOptions): Recor
|
||||
source,
|
||||
mutation: false,
|
||||
valuesRedacted: true,
|
||||
next: { fixSecretSource: `create .state/secrets/${exposure.tokenSourceRef} with ${exposure.tokenSourceKey}=<redacted>` },
|
||||
next: { fixSecretSource: `create ${rootPath(".state", "secrets", exposure.tokenSourceRef)} with ${exposure.tokenSourceKey}=<redacted>` },
|
||||
};
|
||||
}
|
||||
const caddyResult = runTransHostScript(exposure.caddyRoute, publicExposureCaddyScript(options, exposure), "", options.timeoutSeconds);
|
||||
@@ -581,7 +581,7 @@ function publicExposureSecretApplyStatus(options: NodePublicExposureOptions, exp
|
||||
|
||||
export function readPublicExposureTokenSource(exposure: HwlabRuntimePublicExposureSpec): { ok: boolean; path: string; checkedPaths: string[]; key: string; value: string | null; fingerprint: string | null; error?: string } {
|
||||
const checkedPaths = publicExposureTokenSourcePaths(exposure);
|
||||
const path = checkedPaths.find((candidate) => existsSync(candidate)) ?? checkedPaths[0] ?? join(repoRoot, ".state", "secrets", exposure.tokenSourceRef);
|
||||
const path = checkedPaths.find((candidate) => existsSync(candidate)) ?? checkedPaths[0] ?? rootPath(".state", "secrets", exposure.tokenSourceRef);
|
||||
if (!existsSync(path)) return { ok: false, path, checkedPaths, key: exposure.tokenSourceKey, value: null, fingerprint: null, error: "secret-source-missing" };
|
||||
const values = parseEnvFile(readFileSync(path, "utf8"));
|
||||
const value = values[exposure.tokenSourceKey];
|
||||
@@ -597,11 +597,7 @@ export function readPublicExposureTokenSource(exposure: HwlabRuntimePublicExposu
|
||||
}
|
||||
|
||||
export function publicExposureTokenSourcePaths(exposure: HwlabRuntimePublicExposureSpec): string[] {
|
||||
const paths = [join(repoRoot, ".state", "secrets", exposure.tokenSourceRef)];
|
||||
const marker = "/.worktree/";
|
||||
const index = repoRoot.indexOf(marker);
|
||||
if (index >= 0) paths.push(join(repoRoot.slice(0, index), ".state", "secrets", exposure.tokenSourceRef));
|
||||
return [...new Set(paths)];
|
||||
return [rootPath(".state", "secrets", exposure.tokenSourceRef)];
|
||||
}
|
||||
|
||||
export function publicExposureSecretStatus(fields: Record<string, string>, result: CommandResult): Record<string, unknown> {
|
||||
|
||||
@@ -740,15 +740,7 @@ export function readLocalPostgresPasswordMaterial(input: { sourceRef: string; so
|
||||
|
||||
export function localSecretSourcePaths(sourceRef: string): string[] {
|
||||
if (isAbsolute(sourceRef)) return [sourceRef];
|
||||
const marker = "/.worktree/";
|
||||
const index = repoRoot.indexOf(marker);
|
||||
const paths = index >= 0
|
||||
? [
|
||||
join(repoRoot.slice(0, index), ".state", "secrets", sourceRef),
|
||||
join(repoRoot, ".state", "secrets", sourceRef),
|
||||
]
|
||||
: [join(repoRoot, ".state", "secrets", sourceRef)];
|
||||
return [...new Set(paths)];
|
||||
return [rootPath(".state", "secrets", sourceRef)];
|
||||
}
|
||||
|
||||
export function shortSecretFingerprint(value: string): string {
|
||||
@@ -1274,7 +1266,7 @@ export function externalPostgresSecretSetupScript(spec: HwlabRuntimeLaneSpec, dr
|
||||
|
||||
export function externalPostgresSecretSourceRoot(spec: HwlabRuntimeLaneSpec): string {
|
||||
const configRef = spec.externalPostgres?.configRef;
|
||||
if (configRef === undefined) return join(repoRoot, ".state", "secrets");
|
||||
if (configRef === undefined) return rootPath(".state", "secrets");
|
||||
const configPath = rootPath(configRef);
|
||||
const parsed = Bun.YAML.parse(readFileSync(configPath, "utf8")) as unknown;
|
||||
if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) throw new Error(`${configRef} must be a YAML object`);
|
||||
@@ -1296,11 +1288,7 @@ export function readSecretSourceValue(secretRoot: string, sourceRef: string, key
|
||||
|
||||
export function secretSourcePaths(sourceRef: string): string[] {
|
||||
if (isAbsolute(sourceRef)) return [sourceRef];
|
||||
const paths = [join(repoRoot, ".state", "secrets", sourceRef)];
|
||||
const marker = "/.worktree/";
|
||||
const index = repoRoot.indexOf(marker);
|
||||
if (index >= 0) paths.push(join(repoRoot.slice(0, index), ".state", "secrets", sourceRef));
|
||||
return [...new Set(paths)];
|
||||
return [rootPath(".state", "secrets", sourceRef)];
|
||||
}
|
||||
|
||||
export function displayRepoPath(path: string): string {
|
||||
@@ -1392,7 +1380,7 @@ function readBootstrapAdminUsername(spec: RuntimeSecretSpec): { ok: true; value:
|
||||
|
||||
function readSecretSourceScalar(sourceRef: string, sourceKey: string, sourceLine: number | null): { ok: true; value: string; sourcePath: string; sourcePresent: boolean } | { ok: false; sourcePath: string; sourcePresent: boolean; error: string } {
|
||||
const paths = secretSourcePaths(sourceRef);
|
||||
const sourcePath = paths.find((candidate) => existsSync(candidate)) ?? paths[0] ?? join(repoRoot, ".state", "secrets", sourceRef);
|
||||
const sourcePath = paths.find((candidate) => existsSync(candidate)) ?? paths[0] ?? rootPath(".state", "secrets", sourceRef);
|
||||
const runtimeValue = process.env[sourceKey];
|
||||
if (!existsSync(sourcePath)) {
|
||||
if (runtimeValue !== undefined && runtimeValue.length > 0) return { ok: true, value: runtimeValue, sourcePath, sourcePresent: false };
|
||||
|
||||
Reference in New Issue
Block a user