Merge remote-tracking branch 'origin/main' into dependabot/npm_and_yarn/eslint-10.2.1

Author: svcAPLBot

.github/workflows/postman.yml

@@ -60,6 +60,8 @@ jobs:
       - name: Sync values schema from apl-core
         run: cp apl-core/values-schema.yaml src/values-schema.yaml
       - name: Start api
+        env:
+          APL_CORE_PATH: apl-core
         run: |
           npm install
           cp .env.sample .env

src/api-v2.authz.test.ts

@@ -156,8 +156,15 @@ describe('API V2 authz tests', () => {
       'deleteCloudtty',
       // Other
       'createTeam',
+      // Git migration
+      'migrateGitSettings',
+      // API status
+      'getApiStatus',
     ]
 
+    // Reset locked state so a prior git migration test does not bleed into subsequent tests
+    otomiStack.locked = false
+
     // Mock all methods with default return values
     v2Methods.forEach((method) => {
       if (typeof (otomiStack as any)[method] === 'function') {
@@ -1109,6 +1116,66 @@ describe('API V2 authz tests', () => {
     })
   })
 
+  describe('V2 Git Migration Endpoint', () => {
+    const gitBody = {
+      repoUrl: 'https://new.example.com/repo.git',
+      username: 'user',
+      password: 'pass',
+      email: 'admin@example.com',
+      branch: 'main',
+    }
+
+    describe('Platform Admin', () => {
+      test('platform admin can migrate git', async () => {
+        await agent.put('/v2/git').send(gitBody).set('Authorization', `Bearer ${platformAdminToken}`).expect(200)
+      })
+    })
+
+    describe('Team Admin', () => {
+      test('team admin cannot migrate git', async () => {
+        await agent.put('/v2/git').send(gitBody).set('Authorization', `Bearer ${teamAdminToken}`).expect(403)
+      })
+    })
+
+    describe('Team Member', () => {
+      test('team member cannot migrate git', async () => {
+        await agent.put('/v2/git').send(gitBody).set('Authorization', `Bearer ${teamMemberToken}`).expect(403)
+      })
+    })
+
+    describe('Unauthenticated', () => {
+      test('anonymous user cannot migrate git', async () => {
+        await agent.put('/v2/git').send(gitBody).expect(401)
+      })
+    })
+  })
+
+  describe('V2 API Status Endpoint', () => {
+    describe('Platform Admin', () => {
+      test('platform admin can get api status', async () => {
+        await agent.get('/v2/status').set('Authorization', `Bearer ${platformAdminToken}`).expect(200)
+      })
+    })
+
+    describe('Team Admin', () => {
+      test('team admin can get api status', async () => {
+        await agent.get('/v2/status').set('Authorization', `Bearer ${teamAdminToken}`).expect(200)
+      })
+    })
+
+    describe('Team Member', () => {
+      test('team member can get api status', async () => {
+        await agent.get('/v2/status').set('Authorization', `Bearer ${teamMemberToken}`).expect(200)
+      })
+    })
+
+    describe('Unauthenticated', () => {
+      test('anonymous user cannot get api status', async () => {
+        await agent.get('/v2/status').expect(401)
+      })
+    })
+  })
+
   test('team member cannot create its own services when disabled', async () => {
     jest.spyOn(otomiStack, 'createService').mockResolvedValue({} as any)
     await agent

src/api/v2/git.ts

@@ -0,0 +1,49 @@
+import Debug from 'debug'
+import { Response } from 'express'
+import { lockApi } from 'src/middleware'
+import { OpenApiRequestExt } from 'src/otomi-models'
+
+const debug = Debug('otomi:api:v2:git')
+
+/**
+ * PUT /v2/git
+ * Migrate the values repository to a new git remote.
+ * Flow:
+ *   1. Validate connectivity to new remote (400 on failure)
+ *   2. Write + commit git config locally, push to new remote first (so new remote has correct config),
+ *      then push to current remote (so operator picks up the switch)
+ *   3. Lock API
+ */
+export const migrateGit = async (req: OpenApiRequestExt, res: Response): Promise<void> => {
+  debug('migrateGit')
+  const { repoUrl, username, password, email, branch } = req.body as {
+    repoUrl: string
+    username?: string
+    password: string
+    email: string
+    branch: string
+  }
+
+  // Validate new remote connectivity; returns true if remote already has content
+  let remoteHasContent: boolean
+  try {
+    remoteHasContent = await req.otomi.git.testRemoteConnection(repoUrl, password, branch, username)
+  } catch (e: any) {
+    if (e.message.includes('not found')) {
+      const error = { message: `Cannot connect to new git remote`, statusCode: 404 }
+      res.json(error)
+      return
+    } else {
+      const error = { message: `Error connecting to new git remote`, statusCode: 400 }
+      res.json(error)
+      return
+    }
+  }
+
+  // Write config + commit locally → push to new remote (if empty) → push to current remote
+  await req.otomi.migrateGitSettings({ repoUrl, username, password, email, branch, remoteHasContent })
+
+  await lockApi()
+
+  res.json({})
+}

src/api/v2/status.ts

@@ -0,0 +1,14 @@
+import Debug from 'debug'
+import { Response } from 'express'
+import { OpenApiRequestExt } from 'src/otomi-models'
+
+const debug = Debug('otomi:api:v2:status')
+
+/**
+ * GET /v2/status
+ * Returns the current API status including the locked state.
+ */
+export const getApiStatus = (req: OpenApiRequestExt, res: Response): void => {
+  debug('getApiStatus')
+  res.json(req.otomi.getApiStatus())
+}

src/error.ts

@@ -70,6 +70,13 @@ export class BadRequestError extends OtomiError {
     this.code = 400
   }
 }
+export class ApiLockedError extends OtomiError {
+  public constructor(err?: string) {
+    super('Api is locked. No further changes are accepted.', err)
+    this.code = 503
+  }
+}
+
 export class HttpError extends OtomiError {
   protected static messages: Record<number, string> = {
     400: 'Bad Request',

src/git.test.ts

@@ -0,0 +1,122 @@
+import simpleGit from 'simple-git'
+import { Git } from './git'
+
+jest.mock('simple-git')
+
+const mockRaw = jest.fn()
+const mockPush = jest.fn()
+const mockRemote = jest.fn()
+const mockFetch = jest.fn()
+const mockGitInstance = {
+  env: jest.fn().mockReturnThis(),
+  raw: mockRaw,
+  push: mockPush,
+  remote: mockRemote,
+  fetch: mockFetch,
+}
+;(simpleGit as jest.Mock).mockReturnValue(mockGitInstance)
+
+function makeRepo(): Git {
+  return new Git('/tmp/test', 'https://origin.example.com/repo.git', 'user', 'user@example.com', undefined, 'main')
+}
+
+describe('Git.testRemoteConnection', () => {
+  beforeEach(() => jest.clearAllMocks())
+
+  it('returns false when remote is empty (no refs)', async () => {
+    mockRaw.mockResolvedValue('')
+    const repo = makeRepo()
+    const result = await repo.testRemoteConnection('https://example.com/repo.git', 'mypass', 'main', 'myuser')
+    expect(result).toBe(false)
+    expect(mockRaw).toHaveBeenCalledWith(['ls-remote', expect.stringContaining('myuser'), 'refs/heads/main'])
+  })
+
+  it('returns true when remote has existing refs', async () => {
+    mockRaw.mockResolvedValue('abc123\trefs/heads/main\n')
+    const repo = makeRepo()
+    const result = await repo.testRemoteConnection('https://example.com/repo.git', 'mypass', 'main', 'myuser')
+    expect(result).toBe(true)
+  })
+
+  it('calls ls-remote with PAT only (no username) in url', async () => {
+    mockRaw.mockResolvedValue('abc123\trefs/heads/main\n')
+    const repo = makeRepo()
+    const result = await repo.testRemoteConnection('https://example.com/repo.git', 'mytoken', 'main')
+    expect(result).toBe(true)
+    expect(mockRaw).toHaveBeenCalledWith(['ls-remote', 'https://mytoken@example.com/repo.git', 'refs/heads/main'])
+  })
+
+  it('returns false when branch does not exist but remote has other refs', async () => {
+    mockRaw.mockResolvedValue('')
+    const repo = makeRepo()
+    const result = await repo.testRemoteConnection('https://example.com/repo.git', 'mypass', 'feature-branch', 'myuser')
+    expect(result).toBe(false)
+    expect(mockRaw).toHaveBeenCalledWith(['ls-remote', expect.stringContaining('myuser'), 'refs/heads/feature-branch'])
+  })
+
+  it('throws when ls-remote fails (unreachable remote)', async () => {
+    mockRaw.mockRejectedValue(new Error('exit code 128'))
+    const repo = makeRepo()
+    await expect(repo.testRemoteConnection('https://bad.example.com/repo.git', 'p', 'main', 'u')).rejects.toThrow()
+  })
+})
+
+describe('Git.pushToNewRemote', () => {
+  beforeEach(() => jest.clearAllMocks())
+
+  it('unshallows, adds migration-remote, pushes, then removes in finally', async () => {
+    mockFetch.mockResolvedValue({})
+    mockRemote.mockResolvedValue('')
+    mockPush.mockResolvedValue({})
+    const repo = makeRepo()
+    await repo.pushToNewRemote('https://example.com/repo.git', 'main', 'p', 'u')
+
+    expect(mockFetch).toHaveBeenCalledWith(['origin', '--unshallow'])
+    expect(mockRemote).toHaveBeenCalledWith(
+      expect.arrayContaining(['add', 'migration-remote', expect.stringContaining('u')]),
+    )
+    expect(mockPush).toHaveBeenCalledWith('migration-remote', 'HEAD:refs/heads/main')
+    expect(mockRemote).toHaveBeenCalledWith(['remove', 'migration-remote'])
+  })
+
+  it('continues when unshallow fails (repo already complete)', async () => {
+    mockFetch.mockRejectedValue(new Error('--unshallow on a complete repository does not make sense'))
+    mockRemote.mockResolvedValue('')
+    mockPush.mockResolvedValue({})
+    const repo = makeRepo()
+    await repo.pushToNewRemote('https://example.com/repo.git', 'main', 'p', 'u')
+
+    expect(mockPush).toHaveBeenCalledWith('migration-remote', 'HEAD:refs/heads/main')
+  })
+
+  it('uses PAT only (no username) in migration-remote url', async () => {
+    mockFetch.mockResolvedValue({})
+    mockRemote.mockResolvedValue('')
+    mockPush.mockResolvedValue({})
+    const repo = makeRepo()
+    await repo.pushToNewRemote('https://example.com/repo.git', 'main', 'mytoken')
+
+    expect(mockRemote).toHaveBeenCalledWith(
+      expect.arrayContaining(['add', 'migration-remote', 'https://mytoken@example.com/repo.git']),
+    )
+  })
+
+  it('pushes local branch to target branch using refspec when branch names differ', async () => {
+    mockFetch.mockResolvedValue({})
+    mockRemote.mockResolvedValue('')
+    mockPush.mockResolvedValue({})
+    const repo = makeRepo() // local branch is 'main'
+    await repo.pushToNewRemote('https://example.com/repo.git', 'feature-branch', 'p', 'u')
+
+    expect(mockPush).toHaveBeenCalledWith('migration-remote', 'HEAD:refs/heads/feature-branch')
+  })
+
+  it('removes migration-remote in finally even when push fails', async () => {
+    mockFetch.mockResolvedValue({})
+    mockRemote.mockResolvedValue('')
+    mockPush.mockRejectedValue(new Error('push failed'))
+    const repo = makeRepo()
+    await expect(repo.pushToNewRemote('https://example.com/repo.git', 'main', 'p', 'u')).rejects.toThrow('push failed')
+    expect(mockRemote).toHaveBeenCalledWith(['remove', 'migration-remote'])
+  })
+})

src/git.ts

@@ -43,13 +43,14 @@ const getProtocol = (url): string => (url && url.includes('://') ? url.split(':/
 
 const getUrl = (url): string => (!url || url.includes('://') ? url : `${getProtocol(url)}://${url}`)
 
-function getUrlAuth(url, user, password): string | undefined {
+function getUrlAuth(url, user: string | undefined, password): string | undefined {
   if (!url) return
   const protocol = getProtocol(url)
   const [_, bareUrl] = url.split('://')
-  const encodedUser = encodeURIComponent(user as string)
-  const encodedPassword = encodeURIComponent(password as string)
-  return protocol === 'file' ? `${protocol}://${bareUrl}` : `${protocol}://${encodedUser}:${encodedPassword}@${bareUrl}`
+  const credentials = user
+    ? `${encodeURIComponent(user)}:${encodeURIComponent(password)}`
+    : encodeURIComponent(password)
+  return protocol === 'file' ? `${protocol}://${bareUrl}` : `${protocol}://${credentials}@${bareUrl}`
 }
 
 export class Git {
@@ -321,6 +322,36 @@ export class Git {
     return
   }
 
+  async testRemoteConnection(url: string, password: string, branch: string, user?: string): Promise<boolean> {
+    const authUrl = password ? getUrlAuth(url, user, password) : url
+    // returns true only if the configured branch exists on the remote
+    const result = await this.git.raw(['ls-remote', authUrl!, `refs/heads/${branch}`])
+    return result.trim().length > 0
+  }
+
+  async pushToNewRemote(url: string, branch: string, password: string, user?: string): Promise<void> {
+    const authUrl = password ? getUrlAuth(url, user, password) : url
+    // Pulls use --depth which can leave the clone shallow. A shallow clone cannot be pushed to a
+    // fresh empty remote because referenced parent objects are missing. Unshallow first to restore
+    // full history; ignore failures when the repo is already complete.
+    try {
+      await this.git.fetch([this.remote, '--unshallow'])
+    } catch {
+      debug('Unshallow fetch skipped (repo is not shallow or fetch failed)')
+    }
+    try {
+      await this.git.remote(['add', 'migration-remote', authUrl!])
+      // Push HEAD so the worktree's session branch commit is included, not the stale local main
+      await this.git.push('migration-remote', `HEAD:refs/heads/${branch}`)
+    } finally {
+      try {
+        await this.git.remote(['remove', 'migration-remote'])
+      } catch (e) {
+        debug(`Could not remove migration-remote: ${getSanitizedErrorMessage(e)}`)
+      }
+    }
+  }
+
   async createWorktree(worktreePath: string, branch: string = this.branch): Promise<void> {
     debug(`Creating worktree at: ${worktreePath} from branch: ${branch}`)
     await ensureDir(dirname(worktreePath), { mode: 0o744 })
@@ -360,13 +391,8 @@ export class Git {
     return this.git.revparse('HEAD')
   }
 
-  async save(editor: string): Promise<void> {
-    await this.commit(editor)
+  async pushWithRetry(): Promise<void> {
     try {
-      // we are in a unique developer branch, so we can pull, push, and merge
-      // with the remote root, which might have been modified by another developer
-      // since this is a child branch, we don't need to re-init
-      // retry up to 10 times to pull and push if there are conflicts
       const retries = env.GIT_PUSH_RETRIES
       for (let attempt = 1; attempt <= retries; attempt++) {
         try {
@@ -392,6 +418,13 @@ export class Git {
       throw new GitPullError()
     }
   }
+
+  async save(editor: string): Promise<void> {
+    // we are in a unique developer branch, so we can pull, push, and merge
+    // with the remote root, which might have been modified by another developer
+    await this.commit(editor)
+    await this.pushWithRetry()
+  }
 }
 
 export async function getWorktreeRepo(