rise-deploy 0.16.1

A simple and powerful CLI for deploying containerized applications
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

use serde::{Deserialize, Serialize};

/// Registry credentials response
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct RegistryCredentials {
    /// Registry path for docker login (e.g., "123456789.dkr.ecr.us-east-1.amazonaws.com/rise/myapp")
    /// This should be the full repository path that the credentials are scoped to
    pub registry_url: String,
    /// Username for authentication
    pub username: String,
    /// Password or token for authentication
    pub password: String,
    /// How long the credentials are valid (in seconds)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub expires_in: Option<u64>,
}

/// Registry credentials request
#[derive(Debug, Deserialize)]
pub struct GetRegistryCredsRequest {
    /// Project ID or name
    pub project: String,
}

/// Registry credentials response wrapper
#[derive(Debug, Serialize)]
pub struct GetRegistryCredsResponse {
    pub credentials: RegistryCredentials,
    pub repository: String,
}

/// Configuration for AWS ECR registry
#[cfg(feature = "backend")]
#[derive(Debug, Clone, Deserialize)]
pub struct EcrConfig {
    /// AWS region (e.g., "us-east-1")
    pub region: String,
    /// AWS account ID (e.g., "123456789012")
    pub account_id: String,
    /// Optional: AWS access key ID (if not using IAM role)
    pub access_key_id: Option<String>,
    /// Optional: AWS secret access key (if not using IAM role)
    pub secret_access_key: Option<String>,
    /// Literal prefix for ECR repository names (e.g., "rise/" → repos named "rise/{project}")
    #[serde(default = "default_repo_prefix")]
    pub repo_prefix: String,
    /// IAM role ARN for push operations (assumed to generate scoped credentials)
    pub push_role_arn: String,
    /// Whether to automatically delete ECR repos when projects are deleted
    /// If false, repos are tagged as orphaned instead
    #[serde(default)]
    pub auto_remove: bool,
}

#[cfg(feature = "backend")]
fn default_repo_prefix() -> String {
    "rise/".to_string()
}

/// Configuration for OCI registry with client-side authentication
///
/// This provider is for OCI-compliant registries where the client has already
/// authenticated (e.g., via `docker login`). The backend only provides the
/// registry URL and namespace; credentials are managed by the client's Docker config.
#[derive(Debug, Clone, Deserialize)]
pub struct OciClientAuthConfig {
    /// Registry URL (e.g., "localhost:5000", "registry.example.com")
    pub registry_url: String,
    /// Namespace/path within registry (e.g., "rise-apps", "myorg")
    #[serde(default = "default_namespace")]
    pub namespace: String,
    /// Optional client-facing registry URL for CLI push operations
    /// If not specified, defaults to registry_url
    #[serde(default)]
    pub client_registry_url: Option<String>,
}

fn default_namespace() -> String {
    String::new()
}