adk-deploy 0.8.4

Deployment manifest, bundling, and control-plane client for ADK-Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

use std::{
    fs,
    path::{Path, PathBuf},
    process::Command,
};

use chrono::Utc;
use flate2::{Compression, write::GzEncoder};
use sha2::{Digest, Sha256};
use tar::Builder;
use tracing::info;

use crate::{DeployError, DeployResult, DeploymentManifest};

#[derive(Debug, Clone)]
pub struct BundleArtifact {
    pub bundle_path: PathBuf,
    pub checksum_sha256: String,
    pub binary_path: PathBuf,
}

pub struct BundleBuilder {
    manifest_path: PathBuf,
    manifest: DeploymentManifest,
}

impl BundleBuilder {
    pub fn new(manifest_path: impl Into<PathBuf>, manifest: DeploymentManifest) -> Self {
        Self { manifest_path: manifest_path.into(), manifest }
    }

    pub fn build(&self) -> DeployResult<BundleArtifact> {
        self.manifest.validate()?;
        let project_dir = self.manifest_path.parent().ok_or_else(|| DeployError::BundleBuild {
            message: "manifest path has no parent directory".to_string(),
        })?;
        let canonical_project_dir = project_dir.canonicalize()?;

        info!(agent.name = %self.manifest.agent.name, "building deployment bundle");

        let mut build = Command::new("cargo");
        build.current_dir(project_dir).arg("build");
        match self.manifest.build.profile.as_str() {
            "release" => {
                build.arg("--release");
            }
            profile => {
                build.arg("--profile").arg(profile);
            }
        }
        build.arg("--bin").arg(&self.manifest.agent.binary);
        if let Some(target) = &self.manifest.build.target {
            build.arg("--target").arg(target);
        }
        if !self.manifest.build.features.is_empty() {
            build.arg("--features").arg(self.manifest.build.features.join(","));
        }

        let output = build.output()?;
        if !output.status.success() {
            let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
            return Err(DeployError::BundleBuild { message: stderr });
        }

        let binary_path = self.resolve_binary_path(project_dir)?;
        if !binary_path.exists() {
            return Err(DeployError::BundleBuild {
                message: format!("expected compiled binary at {}", binary_path.display()),
            });
        }

        let dist_dir = project_dir.join(".adk-deploy").join("dist");
        fs::create_dir_all(&dist_dir)?;
        let timestamp = Utc::now().format("%Y%m%d%H%M%S");
        let archive_name = format!("{}-{}.tar.gz", self.manifest.agent.name, timestamp);
        let bundle_path = dist_dir.join(archive_name);

        let file = fs::File::create(&bundle_path)?;
        let encoder = GzEncoder::new(file, Compression::default());
        let mut tar = Builder::new(encoder);
        tar.append_path_with_name(&binary_path, format!("bin/{}", self.manifest.agent.binary))?;
        tar.append_path_with_name(&self.manifest_path, "adk-deploy.toml")?;

        for asset in &self.manifest.build.assets {
            if let Some((source, archive_name)) = resolve_asset_path(&canonical_project_dir, asset)?
            {
                tar.append_path_with_name(&source, Path::new("assets").join(archive_name))?;
            }
        }

        tar.finish()?;
        let encoder = tar.into_inner()?;
        let _file = encoder.finish()?;

        let checksum_sha256 = checksum_file(&bundle_path)?;
        let sums_path =
            dist_dir.join(format!("{}.sha256", bundle_path.file_name().unwrap().to_string_lossy()));
        fs::write(&sums_path, format!("{checksum_sha256}  {}\n", bundle_path.display()))?;

        Ok(BundleArtifact { bundle_path, checksum_sha256, binary_path })
    }

    fn resolve_binary_path(&self, project_dir: &Path) -> DeployResult<PathBuf> {
        let profile = if self.manifest.build.profile == "release" {
            "release".to_string()
        } else {
            self.manifest.build.profile.clone()
        };

        let mut path = project_dir.join("target");
        if let Some(target) = &self.manifest.build.target {
            path = path.join(target);
        }
        path = path.join(profile).join(binary_name(&self.manifest.agent.binary));
        Ok(path)
    }
}

fn binary_name(binary: &str) -> String {
    if cfg!(windows) { format!("{binary}.exe") } else { binary.to_string() }
}

fn checksum_file(path: &Path) -> DeployResult<String> {
    let bytes = fs::read(path)?;
    let mut hasher = Sha256::new();
    hasher.update(bytes);
    Ok(hex::encode(hasher.finalize()))
}

fn resolve_asset_path(project_dir: &Path, asset: &str) -> DeployResult<Option<(PathBuf, PathBuf)>> {
    let source = project_dir.join(asset);
    if !source.exists() {
        return Ok(None);
    }
    let canonical_source = source.canonicalize()?;
    let relative = canonical_source
        .strip_prefix(project_dir)
        .map_err(|_| DeployError::BundleBuild {
            message: format!("asset path escapes project directory: {asset}"),
        })?
        .to_path_buf();
    Ok(Some((canonical_source, relative)))
}

#[cfg(test)]
mod tests {
    use super::resolve_asset_path;
    use tempfile::tempdir;

    #[test]
    fn rejects_asset_paths_outside_project_root() {
        let project = tempdir().unwrap();
        let outside = tempdir().unwrap();
        let escaped = outside.path().join("secret.txt");
        std::fs::write(&escaped, "secret").unwrap();

        let result = resolve_asset_path(project.path(), escaped.to_str().unwrap());
        assert!(result.is_err());
    }
}