fix: cli values too early

Author: Maurice Faber

.cspell.json

@@ -33,8 +33,9 @@
     "millis",
     "mkilled",
     "nindent",
+    "nothrow",
     "nslookup",
-    "RAGRS",
+    "rAGRS",
     "jwks",
     "pids",
     "ragzrs",

binzx/otomi

@@ -291,7 +291,6 @@ else
     -v /tmp/otomi:/tmp/otomi \
     $(check_volume_path $HOME/.kube "/home/app/.kube") \
     $([ -n "$KUBECONFIG" ] && check_volume_path $KUBECONFIG "/home/app/.kube/config") \
-    $(check_volume_path $HOME/.ssh "/home/app/.ssh") \
     $(check_volume_path $helm_config "/home/app/.config/helm") \
     $(check_volume_path $HOME/.config/gcloud "/home/app/.config/gcloud") \
     $(check_volume_path $HOME/.aws "/home/app/.aws") \

src/ci-tests.ts

@@ -12,8 +12,8 @@ import {
   getFilename,
   getParsedArgs,
   OtomiDebugger,
+  rootDir,
   setParsedArgs,
-  startingDir,
   terminal,
 } from './common/utils'
 import { basicOptions } from './common/yargs-opts'
@@ -33,8 +33,8 @@ const setup = (): void => {
 
 export const ciTests = async (): Promise<void> => {
   const argv: Arguments = getParsedArgs()
-  if (!existsSync(`${startingDir}/env`)) symlinkSync(`${startingDir}/tests/fixtures`, `${startingDir}/env`)
-  debug.log(`Running CI tests with values from ${`${startingDir}/tests/fixtures/`}`)
+  if (!existsSync(`${rootDir}/env`)) symlinkSync(`${rootDir}/tests/fixtures`, `${rootDir}/env`)
+  debug.log(`Running CI tests with values from ${`${rootDir}/tests/fixtures/`}`)
 
   const xCommand = 'opa test policies -v'
   debug.info(xCommand)

src/cmd/apply.ts

@@ -9,8 +9,8 @@ import {
   getParsedArgs,
   logLevelString,
   OtomiDebugger,
+  rootDir,
   setParsedArgs,
-  startingDir,
   terminal,
   waitTillAvailable,
 } from '../common/utils'
@@ -48,7 +48,7 @@ const commitOnFirstRun = async () => {
   if ((await nothrow($`git ls-remote`)).stdout.trim().length !== 0) return
   await commit()
   await nothrow($`kubectl -n otomi create cm otomi-status --from-literal=status='Installed'`)
-  cd(startingDir)
+  cd(rootDir)
 }
 
 const applyAll = async () => {

src/cmd/bootstrap.ts

@@ -5,23 +5,23 @@ import { fileURLToPath } from 'url'
 // import isURL from 'validator/es/lib/isURL'
 import { Argv } from 'yargs'
 import { $, cd, nothrow } from 'zx'
-import { genSops } from './gen-sops'
 import { decrypt, encrypt } from '../common/crypt'
 import { env } from '../common/envalid'
 import { hfValues } from '../common/hf'
-import { getImageTag, prepareEnvironment, rootDir } from '../common/setup'
+import { getImageTag, prepareEnvironment } from '../common/setup'
 import {
   BasicArguments,
-  currDir,
   generateSecrets,
   getFilename,
   isChart,
   loadYaml,
   OtomiDebugger,
+  rootDir,
   setParsedArgs,
   terminal,
 } from '../common/utils'
 import { writeValues } from '../common/values'
+import { genSops } from './gen-sops'
 
 export const getChartValues = (): any | undefined => {
   return loadYaml(env.VALUES_INPUT)
@@ -50,8 +50,6 @@ const generateLooseSchema = () => {
 }
 
 export const bootstrapValues = async (): Promise<void> => {
-  const originalValues = isChart() ? getChartValues() : await hfValues(true)
-
   const hasOtomi = existsSync(`${env.ENV_DIR}/bin/otomi`)
 
   const binPath = `${env.ENV_DIR}/bin`
@@ -100,6 +98,7 @@ export const bootstrapValues = async (): Promise<void> => {
   )
 
   // Done, write chart values if we got any
+  const originalValues = isChart() ? getChartValues() : await hfValues(true)
   if (isChart()) await writeValues(originalValues)
 
   // Generate passwords and merge with values and give the priority to the current existing passwords. (don't change passwords everytime)
@@ -144,7 +143,6 @@ export const bootstrapGit = async (): Promise<void> => {
   } else {
     // scenario 1 or 2 or 4(2 will only be called upon first otomi commit)
     debug.info('Initializing values repo.')
-    const cwd = await currDir()
     cd(env.ENV_DIR)
 
     const values = await hfValues(true)
@@ -196,7 +194,9 @@ export const bootstrapGit = async (): Promise<void> => {
     await $`git config --local user.email ${email}`
     await $`git checkout -b ${branch}`
     await $`git remote add origin ${remote}`
-    cd(cwd)
+    if (existsSync(`${env.ENV_DIR}/.sops.yaml`)) await nothrow($`git config --local diff.sopsdiffer.textconv "sops -d"`)
+
+    cd(rootDir)
     debug.log(`Done bootstrapping git`)
   }
 }

src/cmd/commit.ts

@@ -5,9 +5,8 @@ import { encrypt } from '../common/crypt'
 import { env } from '../common/envalid'
 import { hfValues } from '../common/hf'
 import { prepareEnvironment } from '../common/setup'
-import { currDir, getFilename, OtomiDebugger, setParsedArgs, terminal } from '../common/utils'
+import { getFilename, OtomiDebugger, rootDir, setParsedArgs, terminal } from '../common/utils'
 import { Arguments as HelmArgs } from '../common/yargs-opts'
-import { bootstrapGit } from './bootstrap'
 import { Arguments as DroneArgs, genDrone } from './gen-drone'
 import { pull } from './pull'
 import { validateValues } from './validate-values'
@@ -20,10 +19,10 @@ interface Arguments extends HelmArgs, DroneArgs {}
 export const preCommit = async (): Promise<void> => {
   const pcDebug = terminal('Pre Commit')
   pcDebug.info('Check for cluster diffs')
-  await nothrow($`git config --local diff.sopsdiffer.textconv "sops -d"`)
-  const settingsDiff = (await $`git diff env/settings.yaml`).stdout.trim()
-  const secretDiff = (await $`git diff env/secrets.settings.yaml`).stdout.trim()
-
+  cd(env.ENV_DIR)
+  const settingsDiff = (await nothrow($`git diff env/settings.yaml`)).stdout.trim()
+  const secretDiff = (await nothrow($`git diff env/secrets.settings.yaml`)).stdout.trim()
+  cd(rootDir)
   const versionChanges = settingsDiff.includes('+    version:')
   const secretSlackChanges = secretDiff.includes('+        url: https://hooks.slack.com/')
   const secretMsTeamsLowPrioChanges = secretDiff.includes('+        lowPrio: https://')
@@ -36,7 +35,6 @@ export const gitPush = async (branch: string): Promise<boolean> => {
   const gitDebug = terminal('gitPush')
   gitDebug.info('Starting git push.')
 
-  const cwd = await currDir()
   cd(env.ENV_DIR)
   try {
     await $`git push -u origin ${branch} -f`
@@ -46,7 +44,7 @@ export const gitPush = async (branch: string): Promise<boolean> => {
     gitDebug.error(error)
     return false
   } finally {
-    cd(cwd)
+    cd(rootDir)
   }
 }
 
@@ -55,7 +53,6 @@ export const commit = async (): Promise<void> => {
 
   debug.info('Preparing values')
 
-  const cwd = await currDir()
   cd(env.ENV_DIR)
 
   const values = await hfValues()
@@ -68,6 +65,7 @@ export const commit = async (): Promise<void> => {
     await $`git commit -m 'otomi commit' --no-verify`
   } catch (e) {
     debug.error(e.stdout)
+    debug.error(e.stderr)
     debug.log('Something went wrong trying to commit. Did you make any changes?')
   }
 
@@ -93,7 +91,7 @@ export const commit = async (): Promise<void> => {
     debug.error('Pushing the values failed, please read the above error message and manually try again')
     process.exit(1)
   } finally {
-    cd(cwd)
+    cd(rootDir)
   }
 }
 
@@ -108,8 +106,8 @@ export const module = {
 
     if (!env.CI && existsSync(`${env.ENV_DIR}/.git`)) {
       await pull()
-    } else {
-      await bootstrapGit()
+      // } else {
+      //   await bootstrapGit()
     }
     await commit()
   },

src/cmd/gen-drone.ts

@@ -9,8 +9,8 @@ import {
   getParsedArgs,
   gucci,
   OtomiDebugger,
+  rootDir,
   setParsedArgs,
-  startingDir,
   terminal,
 } from '../common/utils'
 
@@ -54,7 +54,7 @@ export const genDrone = async (): Promise<void> => {
     pullPolicy,
   }
 
-  const output = (await gucci(`${startingDir}/tpl/.drone.yml.gotmpl`, obj)) as string
+  const output = (await gucci(`${rootDir}/tpl/.drone.yml.gotmpl`, obj)) as string
 
   // TODO: Remove when validate-values can validate subpaths
   if (!output) {

src/cmd/gen-sops.ts

@@ -10,8 +10,8 @@ import {
   gucci,
   loadYaml,
   OtomiDebugger,
+  rootDir,
   setParsedArgs,
-  startingDir,
   terminal,
 } from '../common/utils'
 
@@ -42,7 +42,7 @@ export const genSops = async (): Promise<void> => {
   }
 
   const targetPath = `${env.ENV_DIR}/.sops.yaml`
-  const templatePath = `${startingDir}/tpl/.sops.yaml.gotmpl`
+  const templatePath = `${rootDir}/tpl/.sops.yaml.gotmpl`
   const kmsProvider = providerMap[provider] as string
   const kmsKeys = settingsVals.kms.sops[provider].keys as string
 

src/cmd/pull.ts

@@ -3,9 +3,8 @@ import { $, cd } from 'zx'
 import { env } from '../common/envalid'
 import { hfValues } from '../common/hf'
 import { prepareEnvironment, scriptName } from '../common/setup'
-import { currDir, getFilename, OtomiDebugger, setParsedArgs, terminal } from '../common/utils'
+import { getFilename, OtomiDebugger, rootDir, setParsedArgs, terminal } from '../common/utils'
 import { Arguments as HelmArgs } from '../common/yargs-opts'
-import { bootstrapValues } from './bootstrap'
 
 type Arguments = HelmArgs
 
@@ -16,21 +15,18 @@ export const pull = async (): Promise<void> => {
   const allValues = await hfValues()
   const branch = allValues.charts?.['otomi-api']?.git?.branch ?? 'main'
   debug.info('Pulling latest values')
-  const cwd = await currDir()
   cd(env.ENV_DIR)
   try {
     await $`git fetch`
-    await $`if git log >/dev/null; then git merge origin/${branch}; fi`
+    await $`if git log; then git merge origin/${branch}; fi`
   } catch (error) {
     debug.error(error.stdout)
     debug.warn(
       `An error occured when trying to pull (maybe not problematic).\nIf you see merge conflicts then please resolve these and run \`otomi commit\` again.`,
     )
   } finally {
-    cd(cwd)
+    cd(rootDir)
   }
-
-  await bootstrapValues()
 }
 
 export const module = {

src/cmd/validate-values.ts

@@ -4,15 +4,7 @@ import { Argv } from 'yargs'
 import { chalk } from 'zx'
 import { hfValues } from '../common/hf'
 import { prepareEnvironment } from '../common/setup'
-import {
-  getFilename,
-  getParsedArgs,
-  loadYaml,
-  OtomiDebugger,
-  setParsedArgs,
-  startingDir,
-  terminal,
-} from '../common/utils'
+import { getFilename, getParsedArgs, loadYaml, OtomiDebugger, rootDir, setParsedArgs, terminal } from '../common/utils'
 import { Arguments, helmOptions } from '../common/yargs-opts'
 
 const cmdName = getFilename(import.meta.url)
@@ -43,7 +35,7 @@ export const validateValues = async (): Promise<void> => {
 
   try {
     debug.info('Loading values-schema.yaml')
-    const valuesSchema = loadYaml(`${startingDir}/values-schema.yaml`) as Record<string, unknown>
+    const valuesSchema = loadYaml(`${rootDir}/values-schema.yaml`) as Record<string, unknown>
     debug.debug('Initializing Ajv')
     const ajv = new Ajv({ allErrors: true, strict: false, strictTypes: false, verbose: true })
     debug.debug('Compiling Ajv validation')

src/common/setup.ts

@@ -13,7 +13,6 @@ const dirname = fileURLToPath(import.meta.url)
 let otomiImageTag: string
 let otomiClusterOwner: string
 let otomiK8sVersion: string
-export const rootDir = process.cwd()
 
 /**
  * Check whether the environment matches the configuration for the kubernetes context

src/common/utils.ts

@@ -15,7 +15,7 @@ import { env } from './envalid'
 $.verbose = false // https://github.com/google/zx#verbose - don't need to print the SHELL executed commands
 $.prefix = 'set -euo pipefail;' // https://github.com/google/zx/blob/main/index.mjs#L103
 
-export const startingDir = process.cwd()
+export const rootDir = process.cwd()
 export const currDir = async (): Promise<string> => (await $`pwd`).stdout.trim()
 export const parser = yargs(process.argv.slice(3))
 export const getFilename = (path: string): string => fileURLToPath(path).split('/').pop()?.split('.')[0] as string
@@ -356,7 +356,7 @@ export const extract = (schema: Record<string, any>, leaf: string, mapValue = (v
 let valuesSchema: Record<string, unknown>
 export const getValuesSchema = async (): Promise<Record<string, unknown>> => {
   if (valuesSchema) return valuesSchema
-  const schema = loadYaml(`${startingDir}/values-schema.yaml`)
+  const schema = loadYaml(`${rootDir}/values-schema.yaml`)
   const derefSchema = await $RefParser.dereference(schema as $RefParser.JSONSchema)
   valuesSchema = omit(derefSchema, ['definitions', 'properties.teamConfig'])