diff --git a/package-lock.json b/package-lock.json index 72ab3e8a7..bf5a2895a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2686,9 +2686,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.10.5", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.10.5.tgz", - "integrity": "sha512-F8Q+SeGimwOo86fiovQh8qiXfFEh2/ocYv7tU5pJ3EXMSSxk1Joj5wefpFK2fHTf/N6HKGSxIDBT9f3gCxXPkQ==", + "version": "22.10.6", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.10.6.tgz", + "integrity": "sha512-qNiuwC4ZDAUNcY47xgaSuS92cjf8JbSUoaKS77bmLG1rU7MlATVSiw/IlrjtIyyskXBZ8KkNfjK/P5na7rgXbQ==", "dependencies": { "undici-types": "~6.20.0" } diff --git a/src/fixtures/loader.ts b/src/fixtures/loader.ts index 5ad3f3c37..a837dc9cf 100644 --- a/src/fixtures/loader.ts +++ b/src/fixtures/loader.ts @@ -6,11 +6,11 @@ import admissionRequestDeletePod from "./data/admission-delete-pod.json"; import admissionRequestCreateClusterRole from "./data/admission-create-clusterrole.json"; import admissionRequestCreateDeployment from "./data/admission-create-deployment.json"; -export function AdmissionRequestCreateDeployment() { +export function AdmissionRequestCreateDeployment(): AdmissionRequest { return cloneObject(admissionRequestCreateDeployment); } -export function AdmissionRequestCreatePod() { +export function AdmissionRequestCreatePod(): AdmissionRequest { return cloneObject(admissionRequestCreatePod); } diff --git a/src/lib/assets/assets.ts b/src/lib/assets/assets.ts index ee84354db..08f39b0f2 100644 --- a/src/lib/assets/assets.ts +++ b/src/lib/assets/assets.ts @@ -33,7 +33,6 @@ export class Assets { image: string; buildTimestamp: string; - hash: string; constructor( readonly config: ModuleConfig, @@ -44,7 +43,6 @@ export class Assets { this.buildTimestamp = `${Date.now()}`; this.alwaysIgnore = config.alwaysIgnore; this.image = `ghcr.io/defenseunicorns/pepr/controller:v${config.peprVersion}`; - this.hash = ""; // Generate the ephemeral tls things this.tls = genTLS(this.host || `${this.name}.pepr-system.svc`); @@ -52,10 +50,6 @@ export class Assets { this.apiToken = crypto.randomBytes(32).toString("hex"); } - setHash = (hash: string): void => { - this.hash = hash; - }; - deploy = async (force: boolean, webhookTimeout?: number): Promise => { this.capabilities = await loadCapabilities(this.path); await deploy(this, force, webhookTimeout); @@ -79,19 +73,18 @@ export class Assets { const code = await fs.readFile(this.path); - // Generate a hash of the code - this.hash = crypto.createHash("sha256").update(code).digest("hex"); + const moduleHash = crypto.createHash("sha256").update(code).digest("hex"); const deployments = { - default: getDeployment(this, this.hash, this.buildTimestamp, imagePullSecret), - watch: getWatcher(this, this.hash, this.buildTimestamp, imagePullSecret), + default: getDeployment(this, moduleHash, this.buildTimestamp, imagePullSecret), + watch: getWatcher(this, moduleHash, this.buildTimestamp, imagePullSecret), }; const assetsInputs = { apiToken: this.apiToken, capabilities: this.capabilities, config: this.config, - hash: this.hash, + hash: moduleHash, name: this.name, path: this.path, tls: this.tls, @@ -129,6 +122,7 @@ export class Assets { ); const code = await fs.readFile(this.path); + const moduleHash = crypto.createHash("sha256").update(code).digest("hex"); const pairs: [string, () => string][] = [ [helm.files.chartYaml, (): string => dedent(chartYaml(this.config.uuid, this.config.description || ""))], @@ -142,12 +136,12 @@ export class Assets { [helm.files.clusterRoleYaml, (): string => dedent(clusterRoleTemplate())], [helm.files.clusterRoleBindingYaml, (): string => toYaml(clusterRoleBinding(this.name))], [helm.files.serviceAccountYaml, (): string => toYaml(serviceAccount(this.name))], - [helm.files.moduleSecretYaml, (): string => toYaml(getModuleSecret(this.name, code, this.hash))], + [helm.files.moduleSecretYaml, (): string => toYaml(getModuleSecret(this.name, code, moduleHash))], ]; await Promise.all(pairs.map(async ([file, content]) => await fs.writeFile(file, content()))); const overrideData = { - hash: this.hash, + hash: moduleHash, name: this.name, image: this.image, config: this.config, @@ -163,7 +157,7 @@ export class Assets { await this.writeWebhookFiles(validateWebhook, mutateWebhook, helm); - const watchDeployment = getWatcher(this, this.hash, this.buildTimestamp); + const watchDeployment = getWatcher(this, moduleHash, this.buildTimestamp); if (watchDeployment) { await fs.writeFile(helm.files.watcherDeploymentYaml, dedent(watcherDeployTemplate(this.buildTimestamp))); await fs.writeFile(helm.files.watcherServiceMonitorYaml, dedent(serviceMonitorTemplate("watcher")));