#!/usr/bin/env node // SPEC: PJ2026-01060703 CI/CD branch follower runtime GitOps postprocess. // Responsibility: mutate rendered runtime GitOps files after HWLAB source render, before publish. import { existsSync, readdirSync, readFileSync, statSync, unlinkSync, writeFileSync } from "node:fs"; import path from "node:path"; const repoDir = process.cwd(); const overlay = readOverlay(); const runtimePath = requiredOverlayString("runtimePath"); const runtimeDir = path.resolve(repoDir, runtimePath); const prometheusOperatorKinds = new Set(["ServiceMonitor", "PrometheusRule", "PodMonitor", "Probe"]); if (!existsSync(runtimeDir)) { emit({ ok: false, reason: "runtime-path-missing", runtimePath }); process.exit(45); } const result = postprocessRuntimeGitops(); emit({ ok: true, runtimePath, ...result }); function postprocessRuntimeGitops() { const prometheusOperatorDisabled = overlay?.observability?.prometheusOperator === false; if (!prometheusOperatorDisabled) { return { observabilityPrometheusOperator: overlay?.observability?.prometheusOperator ?? null, observabilityWorkloadsChanged: false, kustomizationChanged: false }; } const changedFiles = []; const deletedFiles = []; for (const file of listYamlFiles(runtimeDir)) { const changed = stripPrometheusOperatorResourcesFromFile(file); if (changed === "deleted") deletedFiles.push(path.relative(repoDir, file)); if (changed === "changed") changedFiles.push(path.relative(repoDir, file)); } const kustomizationChanged = pruneMissingKustomizationResources(); return { observabilityPrometheusOperator: false, observabilityWorkloadsChanged: changedFiles.length > 0 || deletedFiles.length > 0, kustomizationChanged, changedFiles, deletedFiles, }; } function stripPrometheusOperatorResourcesFromFile(file) { const original = readFileSync(file, "utf8"); const jsonResult = stripPrometheusOperatorResourcesFromJsonFile(file, original); if (jsonResult !== null) return jsonResult; const docs = splitYamlDocuments(original); const nextDocs = docs.filter((doc) => !isPrometheusOperatorDocument(doc)); if (nextDocs.length === docs.length) return "unchanged"; if (nextDocs.length === 0) { unlinkSync(file); return "deleted"; } writeFileSync(file, `${nextDocs.map((doc) => doc.trimEnd()).join("\n---\n")}\n`, "utf8"); return "changed"; } function stripPrometheusOperatorResourcesFromJsonFile(file, text) { const parsed = parseJsonDocument(text); if (parsed === null) return null; const next = stripPrometheusOperatorResourcesFromJsonValue(parsed); if (!next.changed) return "unchanged"; if (next.value === null) { unlinkSync(file); return "deleted"; } writeFileSync(file, `${JSON.stringify(next.value, null, 2)}\n`, "utf8"); return "changed"; } function stripPrometheusOperatorResourcesFromJsonValue(value) { if (isPrometheusOperatorResource(value)) return { changed: true, value: null }; if (isKubernetesList(value)) { const originalItems = Array.isArray(value.items) ? value.items : []; const items = originalItems.filter((item) => !isPrometheusOperatorResource(item)); if (items.length !== originalItems.length) return { changed: true, value: { ...value, items } }; } return { changed: false, value }; } function pruneMissingKustomizationResources() { const file = path.join(runtimeDir, "kustomization.yaml"); if (!existsSync(file)) return false; const original = readFileSync(file, "utf8"); const lines = original.split(/\n/u); const next = []; let changed = false; let inResources = false; let resourcesIndent = 0; for (const line of lines) { const resourcesMatch = line.match(/^(\s*)resources:\s*(?:#.*)?$/u); if (resourcesMatch) { inResources = true; resourcesIndent = resourcesMatch[1].length; next.push(line); continue; } if (inResources && line.trim() !== "" && !line.match(/^\s*-/u) && leadingSpaces(line) <= resourcesIndent) inResources = false; if (inResources) { const item = line.match(/^(\s*)-\s+["']?([^"'#\s]+)["']?\s*(?:#.*)?$/u); if (item && !existsSync(path.resolve(runtimeDir, item[2]))) { changed = true; continue; } } next.push(line); } if (changed) writeFileSync(file, next.join("\n"), "utf8"); return changed; } function splitYamlDocuments(text) { return text.split(/^---[ \t]*(?:#.*)?$/mu).map((doc) => doc.trim()).filter(Boolean); } function isPrometheusOperatorDocument(text) { const api = text.match(/^\s*apiVersion:\s*["']?(monitoring\.coreos\.com\/[^"'\s#]+)["']?\s*(?:#.*)?$/mu); const kind = text.match(/^\s*kind:\s*["']?([^"'\s#]+)["']?\s*(?:#.*)?$/mu); return Boolean(api && kind && prometheusOperatorKinds.has(kind[1])); } function isPrometheusOperatorResource(value) { if (!value || typeof value !== "object" || Array.isArray(value)) return false; return typeof value.apiVersion === "string" && value.apiVersion.startsWith("monitoring.coreos.com/") && typeof value.kind === "string" && prometheusOperatorKinds.has(value.kind); } function isKubernetesList(value) { return value && typeof value === "object" && !Array.isArray(value) && value.apiVersion === "v1" && value.kind === "List" && Array.isArray(value.items); } function parseJsonDocument(text) { const trimmed = text.trim(); if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) return null; try { return JSON.parse(trimmed); } catch { return null; } } function leadingSpaces(value) { const match = value.match(/^ */u); return match ? match[0].length : 0; } function listYamlFiles(root) { const out = []; for (const name of readdirSync(root)) { const file = path.join(root, name); const stat = statSync(file); if (stat.isDirectory()) { out.push(...listYamlFiles(file)); } else if (/\.(ya?ml)$/u.test(name)) { out.push(file); } } return out.sort(); } function readOverlay() { const encoded = process.env.UNIDESK_RUNTIME_GITOPS_OVERLAY_B64; if (!encoded) throw new Error("UNIDESK_RUNTIME_GITOPS_OVERLAY_B64 is required"); return JSON.parse(Buffer.from(encoded, "base64").toString("utf8")); } function requiredOverlayString(name) { const value = overlay[name]; if (typeof value !== "string" || value.length === 0) throw new Error(`overlay.${name} is required`); return value; } function emit(fields) { console.error(JSON.stringify({ event: "unidesk-runtime-gitops-postprocess", ...fields })); }