eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-05-14 10:56:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0826f754ba0f4bb33f87e4300a187fbc6be5d97a
authentik/scripts/node/utils/commands.mjs
Teffen Ellis 9543b3c9f6 ci: Consistent NPM versions via Corepack (#20400) 
* core: add .npmrc baseline to block dependency lifecycle scripts

Set ignore-scripts=true at the repo root, plus engine-strict, save-exact,
audit, and prefer-offline. This neutralizes the dominant npm supply-chain
attack vector — postinstall scripts in transitive dependencies — at the
cost of requiring an explicit rebuild for the handful of packages that
legitimately need install scripts (esbuild, chromedriver, tree-sitter,
tree-sitter-json). The next commit wires that rebuild into the Makefile.

Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>

* core: route node installs through make to retire website preinstall hook

Make docs-install depend on a new root-node-install so the root deps
are guaranteed before the website install runs, removing the need for
the website/preinstall lifecycle script. Rebuild the small audited list
of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json)
after the web install so ignore-scripts=true remains the only path that
needs maintenance. web/README documents the new workflow.

Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>

* Clean up install scripts.

* Track .npmrc in CODEOWNERS

* Fix formatter config. Reformat.

* Fix mounted references.

* Flesh out node scripts.

* Bump engines.

* Prep containers.

* Update makefile.

* Flesh out github actions.

* Clean up docs container.

* lint.

Bump.

Lint.

Bump NPM version.

* Add limits.

* collapse the composite's three setup-node calls to one cache restore

* Add SHA.

* Bump NPM range.

* Run formatter.

* Bump NPM.

* Remove extra install.

* Fix website deps.

* Use local prettier. Fix drift in CI.

* ci: build frontend in CI with node_env production

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Install docusaurus config.

* Fix linter warning, order.

* Add linter commands.

* Add timeout.

* Remove pre install check.

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2026-05-13 22:05:07 +00:00

124 lines
3.6 KiB
JavaScript
Raw Blame History

/**
* Utility functions for running shell commands and handling their results.
*
* @import { ExecOptions } from "node:child_process"
* @import { IConsoleLogger } from "../../../packages/logger-js/lib/shared.js"
*/
import { exec } from "node:child_process";
import { resolve, sep } from "node:path";
import { promisify } from "node:util";
import { ConsoleLogger } from "../../../packages/logger-js/lib/node.js";
const logger = ConsoleLogger.prefix("commands");
export class CommandError extends Error {
name = "CommandError";
/**
* @param {string} command
* @param {ErrorOptions & ExecOptions} options
*/
constructor(command, { cause, cwd, shell } = {}) {
const cwdInfo = cwd ? ` in directory ${cwd}` : "";
const shellInfo = shell ? ` using shell ${shell}` : "";
super(`Command failed: ${command}${cwdInfo}${shellInfo}`, { cause });
}
}
/**
* @param {string[]} positionals
* @returns {string} The resolved current working directory for the script
*/
export function parseCWD(positionals) {
// `INIT_CWD` is present only if the script is run via npm.
const initCWD = process.env.INIT_CWD || process.cwd();
const cwd = (positionals.length ? resolve(initCWD, positionals[0]) : initCWD) + sep;
return cwd;
}
const execAsync = promisify(exec);
/**
* A timeout value to prevent hanging indefinitely when running shell commands,
* such as if CI is experiencing issues with provisioning or network connectivity.
*/
const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
/**
* @param {Awaited<ReturnType<typeof execAsync>>} result
*/
export const trimResult = (result) => String(result.stdout).trim();
/**
* @typedef {(strings: TemplateStringsArray, ...expressions: unknown[]) =>
* (options?: ExecOptions) => Promise<string>
* } CommandTag
*/
function createTag(prefix = "") {
/** @type {CommandTag} */
return (strings, ...expressions) => {
const command = (prefix ? prefix + " " : "") + String.raw(strings, ...expressions);
logger.debug(command);
return (options) =>
execAsync(command, { timeout: DEFAULT_TIMEOUT_MS, ...options })
.then(trimResult)
.catch((cause) => {
throw new CommandError(command, { ...options, cause });
});
};
}
/**
* A tagged template function for running shell commands.
* @type {CommandTag & { bind(prefix: string): CommandTag }}
*/
export const $ = createTag();
/**
* @param {string} prefix
* @returns {CommandTag}
*/
$.bind = (prefix) => createTag(prefix);
/**
* Promisified version of {@linkcode exec} for easier async/await usage.
*
* @param {string} command The command to run, with space-separated arguments.
* @param {ExecOptions} [options] Optional execution options.
* @throws {CommandError} If the command fails to execute.
*/
export function $2(command, options) {
return execAsync(command, { timeout: DEFAULT_TIMEOUT_MS, ...options })
.then(trimResult)
.catch((cause) => {
throw new CommandError(command, { ...options, cause });
});
}
/**
* Logs the given error and its cause (if any) and exits the process with a failure code.
* @param {unknown} error
* @param {IConsoleLogger} logger
* @returns {never}
*/
export function reportAndExit(error, logger = ConsoleLogger) {
const message = error instanceof Error ? error.message : String(error);
const cause = error instanceof Error && error.cause instanceof Error ? error.cause : null;
logger.error(`${message}`);
if (cause) {
logger.error(`Caused by: ${cause.message}`);
}
process.exit(1);
}
Reference in New Issue View Git Blame Copy Permalink