Tags: phasehq/cli
Tags
feat: misc fixes and improvements to CLI builds, packges and installa… …tion methods (#263) * feat: add Amazon Linux support to installation script - Updated the installation script to include Amazon Linux (amzn) in the supported distributions for both installation checks and tool installations. - Adjusted the required tools check to ensure `sha256sum` is installed via `coreutils` if not already available, enhancing compatibility across distributions. * feat: enhance build workflow for cross-platform compatibility - Added conditional installation steps for `pyinstaller` and the build process to skip on Linux. - Introduced a new job to build the Linux binary in a Debian bullseye container, ensuring compatibility with older glibc versions. - Updated the workflow to improve the overall build process for macOS and Linux environments. * test: manylinux builds * feat: enhance CI workflow with multi-architecture testing - Added new jobs to test installation on various Linux distributions for both x86_64 and ARM64 architectures. - Implemented a matrix strategy to run tests across multiple versions of Ubuntu, Debian, Fedora, CentOS, Rocky Linux, Amazon Linux, and Alpine. - Updated the build process for ARM64 to utilize Docker for building with PyInstaller, improving consistency and reliability across platforms. * feat: add multi-architecture installation tests to CI workflow - Introduced new jobs for testing installation on various Linux distributions for both x86_64 and ARM64 architectures. - Implemented a matrix strategy to run tests across multiple versions of Ubuntu, Debian, Fedora, CentOS, Rocky Linux, Amazon Linux, and Alpine. - Enhanced the testing process by downloading necessary artifacts and verifying installations in Docker containers. * refactor: update build workflow scripts for consistency - Changed double quotes to single quotes in the build commands for both x86_64 and ARM64 architectures in the CI workflow. - Improved readability and consistency in the shell command syntax across different platforms. * fix: update PyInstaller installation in CI workflow - Modified the installation command for PyInstaller to use static libraries and avoid binary installations, enhancing compatibility and reliability in the build process. - Ensured consistent environment variable usage for PyInstaller across different jobs in the CI workflow. * refactor: enhance CI build workflow for Python installation - Updated the build scripts for both x86_64 and ARM64 architectures to improve Python installation process. - Added error handling and conditional logic to determine the correct Python version to install. - Streamlined the installation commands for dependencies and PyInstaller, ensuring a more robust and consistent build environment. * chore: update CI build workflow to include OpenSSL installation - Enhanced the build scripts for both x86_64 and ARM64 architectures by adding OpenSSL 1.1.1 installation steps. - Updated dependency installation commands to include Perl and streamline the build environment. - Improved library path settings to ensure proper linking during Python installation. * fix: improve phase command verification in CI workflow - Updated the verification logic for the `phase` command in the CI workflow to provide clearer output on its availability in the PATH. - Enhanced error handling by displaying the current PATH and listing directories if the command is not found, improving troubleshooting capabilities. * fix: simplify phase command verification output in CI workflow - Updated the output messages for the `phase` command verification in the CI workflow to remove unnecessary details, enhancing clarity. - Maintained existing error handling and troubleshooting capabilities by preserving the PATH display and directory listings when the command is not found. * chore: update CI workflow to remove outdated Ubuntu and Debian versions - Removed Ubuntu 18.04 and Debian Buster from the build matrix in the CI workflow to streamline the testing process. - Retained support for newer versions of Ubuntu and Debian, ensuring the workflow remains up-to-date and relevant. * fix: enhance phase command output in CI workflow - Improved the output for the `phase` command verification in the CI workflow by adding additional checks and clearer messages. - Ensured that the command is executed without arguments and included a check for the users keyring, enhancing the troubleshooting process. * test: questionary exception * fix: use copy metadata * fix: update PyInstaller commands for better compatibility - Replaced `--copy-metadata` with `--collect-all` for `prompt_toolkit` and `questionary` in the CI workflow to ensure all necessary files are included in the build. - Added environment variable exports to ensure a minimal locale/terminal environment for `prompt_toolkit` and `questionary` during the build process. * chore: update CI workflow to include additional OS images and versions - Added support for new Debian (trixie) and Fedora (41, 42) images in the build matrix. - Included additional CentOS versions (8, 9, 10) to enhance compatibility. - Updated Alpine version to include 3.21 and 3.22, while removing outdated versions (3.18, 3.19). - Expanded the arm64 build matrix to include more OS images for comprehensive testing. * chore: upgrade Python version in CI workflows and Dockerfile to 3.12 - Updated the base image in the Dockerfile to use Python 3.12-alpine3.19. - Modified various CI workflow files to set the Python version to 3.12, ensuring compatibility with the latest features and security updates. * feat: add runtime hook for prompt_toolkit in PyInstaller build - Introduced a new runtime hook (`freeze_hook_prompt_toolkit.py`) to ensure the `prompt_toolkit` module has a `__version__` attribute when metadata is unavailable in frozen bundles. - Updated CI workflow to utilize the new hook during the PyInstaller build process, enhancing compatibility and stability. * feat: enhance CI workflow for PyInstaller builds on macOS and Windows - Added separate build steps for macOS and Windows in the CI workflow, utilizing the prompt_toolkit hook for each platform. - Updated the PyInstaller commands to ensure compatibility and proper inclusion of necessary files for both operating systems. * test: stupid patch * chore: revert changes * feat: update CI workflow to stage files for PyInstaller builds - Modified the build process to stage files in a specific directory structure to preserve the PyInstaller onedir layout. - Updated package building commands for both Debian and RPM to use the new staged root, ensuring proper file inclusion. * chore: update CI workflow to replace deprecated CentOS images - Replaced deprecated CentOS versions (8, 9, 10) with CentOS Stream images (stream8, stream9, stream10) in the CI workflow for improved compatibility and support. * chore: remove deprecated CentOS 7 image from CI workflow - Eliminated the CentOS 7 image from the CI workflow to streamline the build process and focus on supported CentOS Stream versions. * chore: enhance RPM installation process in CI workflow - Updated the RPM installation commands to prefer local RPMs without contacting repositories, reducing potential DNS failures. - Added fallback mechanisms for different package managers (dnf, microdnf, yum) to ensure successful installation of RPM packages. - Removed the archlinux image from the build matrix for a cleaner configuration. * chore: refine RPM installation and update CI workflow images - Simplified the RPM installation process by prioritizing `dnf` and `microdnf` commands, ensuring successful package installations. - Removed deprecated CentOS Stream images from the CI workflow to streamline the build matrix and focus on supported distributions. - Updated the build matrix to include only relevant images for improved compatibility and maintenance. * chore: remove amazonlinux:2 image from CI workflow - Eliminated the amazonlinux:2 image from the CI workflow to streamline the build matrix and focus on more recent supported images. * chore: simplify PyInstaller commands in CI workflow - Removed redundant `--collect-all` and `--copy-metadata` options from PyInstaller commands in the CI workflow to streamline the build process. - Ensured consistency across different operating systems by updating the command structure for building the application. * chore: extend RPM installation support for Rocky Linux - Updated the installation script to include Rocky Linux in the supported distributions for RPM installation commands. - Ensured consistency across package installation methods for various Linux distributions. * chore: comment out Rocky Linux images in CI workflow - Commented out the Rocky Linux 8 and 9 images in the CI workflow to streamline the build matrix and focus on currently supported distributions. * fix: indentation * chore: update OpenSSL version in CI workflow - Changed the OpenSSL version from 1.1.1 to 3.0.15 in the build process for both manylinux2014 x86_64 and aarch64 jobs. - Updated library paths to include both lib and lib64 directories for proper linking during the build. * chore: add perl-IPC-Cmd to build dependencies in CI workflow - Updated the installation commands for manylinux2014 x86_64 and aarch64 jobs to include perl-IPC-Cmd as a build dependency, ensuring all necessary tools are available during the build process. * chore: update build dependencies and configuration in CI workflow - Added pkgconfig to the installation commands for manylinux2014 x86_64 and aarch64 jobs to ensure all necessary tools are available. - Updated the LDFLAGS in the OpenSSL build configuration to include rpath settings for proper library linking. * chore: refine build configuration in CI workflow - Removed unnecessary package `perl-IPC-Cmd` from installation commands for manylinux2014 x86_64 and aarch64 jobs to streamline the build process. - Updated LDFLAGS in the OpenSSL build configuration to ensure proper library linking with lib64 and lib directories. - Added a check for SSL support after Python installation to verify successful configuration. * fix: correct string formatting in Python SSL support check in CI workflow - Updated the command for checking SSL support in Python to use proper string escaping, ensuring compatibility with shell execution in the CI workflow. * chore: update CI workflow to use manylinux_2_28 containers - Changed the base container for building Linux binaries from manylinux2014 to manylinux_2_28 for both x86_64 and aarch64 architectures, ensuring compatibility with newer glibc versions. - Simplified the installation commands by removing OpenSSL build steps and using system OpenSSL instead, streamlining the build process. - Updated the commands to reflect the new container environment and dependencies. * refactor: enhance Python version detection in CI workflow - Improved the logic for locating the appropriate Python version by checking for existing installations in the specified directory. - Added error handling to ensure a clear message is displayed if the required Python version is not found, enhancing the robustness of the build process. - Streamlined the commands for installing dependencies and running the application, ensuring consistency across different architectures. * chore: enable bootloader compilation in PyInstaller commands in CI workflow - Updated the PyInstaller command in the CI workflow to include the environment variable PYINSTALLER_COMPILE_BOOTLOADER=1, allowing for bootloader compilation during the build process. - Ensured consistency in the build commands for both macOS and Linux environments. * chore: update CI workflow to build Python with shared libraries - Modified the CI workflow to download and build Python from source with shared library support, enhancing compatibility with other applications. - Streamlined the installation of build dependencies and updated the commands for both x86_64 and aarch64 architectures to use the newly built Python. - Ensured SSL support is verified post-installation, improving the robustness of the build process. * chore: update CI workflow to remove deprecated CentOS and Amazon Linux images - Removed CentOS 7 and Amazon Linux 2 images from the build configuration to streamline the CI workflow. - Updated the configuration to focus on more recent versions of CentOS and Amazon Linux, ensuring compatibility with current standards. * chore: remove deprecated CentOS stream images from CI workflow - Eliminated CentOS stream images (8, 9, and 10) from the build configuration to streamline the CI workflow and focus on more current distributions. * chore: pin PyInstaller version in CI workflow - Updated the CI workflow to install PyInstaller version 6.16.0 explicitly, ensuring consistency across builds. - Removed deprecated test installation jobs for various Linux distributions to streamline the workflow. * chore: update CI workflows for CLI installation testing - Specified PyInstaller version 6.16.0 in the build workflow to ensure consistency. - Introduced new workflows for testing CLI installation across various Linux distributions, including x86_64 and ARM64 architectures. - Removed deprecated test installation jobs to streamline the CI process and improve maintainability. * chore: enhance CI workflows for CLI installation testing - Renamed and restructured installation test jobs for x86_64 and ARM64 architectures to improve clarity and organization. - Expanded the matrix of Linux distributions tested, including multiple versions of Ubuntu, Debian, Fedora, Rocky Linux, Amazon Linux, and Alpine. - Updated the installation steps to run tests in Docker containers, ensuring a consistent testing environment across different distributions. * chore: update CI workflows for CLI installation post-build and post-release - Modified the CI workflow to use new YAML files for testing CLI installation after the build and release processes, enhancing clarity and organization. - Updated job dependencies to ensure proper execution order in the CI pipeline. * chore: bump version to 1.21.1 and add configuration script - Updated package version from 1.21.0 to 1.21.1 in APKBUILD and const.py. - Added new configuration script (config.sh) with environment variables for SSL verification, debugging, host, and service token. * chore: enhance build workflow with detailed design decisions and installation steps - Added comments in the build workflow to clarify design decisions for Linux builds, including the use of manylinux_2_28 and shared libpython for PyInstaller. - Included echo statements to document the installation of Python from source and the creation of symlinks for better package management. * fix: correct comment in build workflow regarding glibc baseline - Updated comment in the build workflow to accurately reflect that manylinux_2_28 targets glibc 2.28 baseline, ensuring clarity in design decisions for Linux builds. * feat: add support for downloading and installing Linux x86_64 binary artifacts - Implemented a new step in the CI workflow to download the Linux x86_64 binary artifact. - Updated installation logic to utilize the downloaded binary for Alpine versions below 3.20 and for other distributions, enhancing the installation process and error handling. - Improved echo statements for better clarity during the installation process. * feat: add support for downloading and installing Linux ARM64 binary artifacts - Introduced a new step in the CI workflow to download the Linux ARM64 binary artifact. - Updated installation logic to utilize the downloaded binary, improving the installation process for ARM64 architecture. - Enhanced error handling and echo statements for better clarity during the installation process. * chore: add comment to clarify symlink creation in build workflow - Added a comment in the build workflow to explain the creation of a symlink for the phase binary in the /usr/lib/phase/ directory, enhancing clarity for future maintainers. * fix: add findutils installation to CI workflow for improved compatibility - Updated the CI workflow to include the installation of findutils for Alpine and other distributions, enhancing compatibility during the installation of x86_64 binary artifacts. - Added a check to install findutils if not already present, ensuring smoother execution of the workflow. * chore: remove test configuration script - Deleted the config.sh file, which contained environment variables for SSL verification, debugging, host, and service token, as it is no longer needed. * Update .github/workflows/build.yml Co-authored-by: Copilot <[email protected]> * Update .github/workflows/build.yml Co-authored-by: Copilot <[email protected]> * refactor: rename CI workflow jobs for clarity and add error handling - Renamed 'test-install' to 'test-install-post-build' and 'test-cli-install' to 'test-cli-install-post-release' for better context. - Added 'continue-on-error: true' to both jobs to allow the workflow to proceed even if these steps fail, improving robustness. * chore: update CI workflow to improve error handling - Removed 'continue-on-error: true' from the test-install-post-build job to ensure failures are reported. - Added 'continue-on-error: true' to the test_install_x86_64 and test_install_arm64 jobs for better resilience in the CI process. --------- Co-authored-by: Copilot <[email protected]>
feat: phase auth aws iam (#262) * refactor: rename get_default_user_id to get_default_account_id and add deprecation notice - Renamed the function `get_default_user_id` to `get_default_account_id` for clarity and to better reflect its purpose. - Updated the function's docstring to indicate it now handles both user accounts and service accounts. - Added a deprecated version of `get_default_user_id` that calls the new function for backward compatibility. * refactor: update keyring service name to use account ID - Replaced the usage of `get_default_user_id` with `get_default_account_id` in the keyring service name generation for improved clarity and consistency with recent changes. * fix: handle missing email for default user in whoami command - Updated the whoami command to display 'N/A (Service Account)' if the default user's email is not available, improving clarity for service accounts. - Renamed 'User ID' to 'Account ID' for consistency with recent changes. * refactor: update user switch functionality for consistency - Changed terminology from 'User ID' to 'Account ID' for clarity. - Updated email handling to display 'Service Account' when applicable. - Adjusted prompts and error messages to reflect the new account terminology. * refactor: replace user ID references with account ID in logout functionality - Updated the logout functionality to use `get_default_account_id` instead of `get_default_user_id` for consistency with recent changes. - Adjusted keyring password deletion and configuration updates to reflect the new account terminology. * refactor: remove unused user ID reference in import_env.py - Eliminated the import of `get_default_user_id` from `phase_cli.utils.misc` as it is no longer needed, streamlining the code for better clarity and consistency. * refactor: enhance token-based authentication flow - Updated the authentication process to support both Personal Access Tokens (PATs) and Service Account Tokens, improving flexibility. - Introduced checks for the PHASE_HOST environment variable to allow headless operation. - Replaced user ID references with account ID for consistency across the authentication flow. - Enhanced error handling and user prompts to accommodate service accounts and ensure clarity in user interactions. * refactor: enhance authentication flow for Personal Access Tokens - Added support for Personal Access Tokens (PATs) by prompting for user email when a PAT is detected. - Improved handling of unknown token formats to ensure user email is requested for clarity and safety. - Streamlined the authentication process to accommodate both PATs and Service Account Tokens. * chore(deps): add boto3 and botocore dependencies - Added boto3 and botocore to requirements.txt to support AWS service integration. - Specified minimum versions for both libraries to ensure compatibility. * feat(auth): implement web-based and token-based authentication - Introduced a new authentication module with support for web-based and token-based authentication methods. - Added an HTTP server to handle authentication requests and process user credentials securely. - Enhanced user experience by providing clear prompts for both Personal Access Tokens and AWS IAM credentials. - Integrated error handling and logging for improved feedback during the authentication process. * refactor: remove print_phase_links function from misc.py - Eliminated the print_phase_links function to streamline the codebase and improve clarity. - This function was previously responsible for displaying a welcome message and links to community resources. * feat(auth): add AWS IAM authentication module - Introduced a new module for AWS IAM authentication, enabling integration with Phase API. - Implemented functions to sign requests and authenticate using AWS credentials. - Added support for custom STS endpoints and region resolution. - Enhanced error handling for missing AWS credentials and authentication failures. * feat(auth): enhance authentication options with AWS IAM support - Updated the authentication command to include AWS IAM as a mode of authentication. - Added a new argument for Service Account ID, required when using AWS IAM mode. - Adjusted the phase_auth function call to accommodate the new service_account_id parameter. * chore(deps): update botocore version in requirements.txt - Changed the minimum version of botocore to 1.40.17 for improved compatibility with AWS services. - Removed the specific version constraint for boto3 to allow for more flexibility in dependency resolution. * refactor(auth): streamline AWS session handling in authentication module - Replaced boto3 session initialization with botocore's get_session for improved compatibility and flexibility. - Enhanced region resolution by incorporating environment variable support for AWS_DEFAULT_REGION. - Updated credential retrieval to ensure consistent handling of AWS credentials across the authentication process. * refactor(auth): simplify region and endpoint resolution in AWS authentication - Refactored the `resolve_region_and_endpoint` function to eliminate unnecessary parameters and improve clarity. - Integrated botocore's `Config` for better handling of AWS region detection. - Removed the custom STS endpoint parameter from the `perform_aws_iam_auth` function to streamline the authentication process. * feat(auth): add optional TTL parameter for AWS IAM authentication - Updated the `phase_auth` function to include an optional `ttl` parameter for specifying token time-to-live in seconds when using AWS IAM mode. - Adjusted the call to `perform_aws_iam_auth` to pass the new `ttl` argument, enhancing flexibility in token management. * refactor(logout): replace print statements with rich console output - Updated the logout functionality to use the rich console for better error handling and user feedback. - Enhanced messages for logging out, purging data, and configuration errors to improve clarity and user experience. * feat(auth): update authentication command to support external identities and TTL - Modified the `auth` command to include a new argument for Service Account ID, clarifying its use for external identities. - Added an optional `ttl` parameter for specifying token time-to-live, enhancing flexibility in token management during authentication. - Updated the `phase_auth` function call to accommodate the new `ttl` argument. * feat(auth): add no-login option to phase_auth function - Introduced a new `no_login` parameter to the `phase_auth` function, allowing users to bypass the login process and print raw AWS IAM authentication results directly. - Updated the function's logic to handle the new parameter, enhancing flexibility for users who may want to view authentication results without logging in. * feat(auth): enhance authentication command with no-login option - Added a `--no-login` argument to the authentication command, allowing users to print authentication tokens directly to stdout without logging in, specifically for external identity modes like aws-iam. - Updated the `phase_auth` function call to incorporate the new `no_login` parameter, improving user experience and flexibility in authentication processes. * chore: bump version to 1.20.0 in APKBUILD and const.py * feat(auth): rename no-login option to no-store for clarity - Updated the `--no-login` argument to `--no-store` in the authentication command, clarifying its purpose to print authentication token responses without storing credentials. - Adjusted the `phase_auth` function to reflect this change, enhancing the user experience and understanding of the authentication process. * chore: reset changes from bad rebase * feat: use consistent routing pattern * chore: remove phase cloud / self-hosted host switcher * feat: add AWS IAM authentication support to Phase API - Introduced a new function `external_identity_auth_aws` for authenticating with Phase using AWS IAM credentials. - Added a utility function `b64_str` for Base64 encoding strings, used in the authentication payload. - Enhanced error handling for SSL and connection errors during the authentication process. * refactor: streamline AWS IAM authentication flow - Removed the `authenticate_with_phase` function and replaced it with `external_identity_auth_aws` for improved clarity and modularity. - Updated parameter names in `perform_aws_iam_auth` for consistency. - Simplified the authentication process by leveraging the new utility function for AWS IAM credentials. * fix: update parameter naming in AWS IAM authentication call - Changed the parameter name in the `perform_aws_iam_auth` function call for clarity and consistency, aligning with recent refactoring efforts. * chore: bump version to 1.21.0 in APKBUILD and const.py * fix: remove unused import of PHASE_CLOUD_PUBLIC_API_HOST from misc.py * feat: add AWS configuration constants for STS endpoint and region - Introduced AWS_DEFAULT_GLOBAL_STS_ENDPOINT and AWS_DEFAULT_GLOBAL_STS_REGION constants to facilitate AWS service integration. - Updated PHASE_CLOUD_API_HOST for clarity in configuration management. * refactor: replace hardcoded STS endpoint and region with constants - Updated the `resolve_region_and_endpoint` function to utilize the newly introduced `AWS_DEFAULT_GLOBAL_STS_ENDPOINT` and `AWS_DEFAULT_GLOBAL_STS_REGION` constants for improved maintainability and clarity. * fix: update AWS IAM authentication URL for external identities - Changed the endpoint in the `external_identity_auth_aws` function to reflect the correct routing for external identity authentication with AWS IAM. * fix: add trailing slash Signed-off-by: rohan <[email protected]> * fix: ensure CLI exits successfully with no arguments - Added a check to display top-level help and exit with code 0 when no arguments are provided to the CLI. - This serves as a temporary fix to improve user experience. * fix: improve error handling in phase_auth function - Updated the phase_auth function to exit with code 2 when required parameters are missing or invalid, enhancing user experience and preventing further execution in error scenarios. --------- Signed-off-by: rohan <[email protected]> Co-authored-by: rohan <[email protected]>
fix: bump questionary version (#251) * fix: bump questionary version * chore: bump versions Signed-off-by: rohan <[email protected]> --------- Signed-off-by: rohan <[email protected]> Co-authored-by: rohan <[email protected]>
chore(deps): bump pyyaml from 6.0.1 to 6.0.2 (#248) Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](yaml/pyyaml@6.0.1...6.0.2) --- updated-dependencies: - dependency-name: pyyaml dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fix: execute programs in a clean environment (#242) * fix: execute update script in a clean environment to avoid library conflicts - Updated the execution of the update script to run in a clean environment. - Removed any LD_LIBRARY_PATH that might point to bundled libraries to prevent dependency issues. * test: temporarily set older version to test edge case * fix: remove LD_LIBRARY_PATH to prevent library conflicts in phase_run_inject function * chore: bump version to 1.19.4 in APKBUILD and const.py * fix: run open_browser in a clean environment to prevent library conflicts - Updated the open_browser function to execute subprocess calls in a clean environment by removing LD_LIBRARY_PATH. - This change aims to avoid potential library conflicts with bundled libraries. * feat: update README dev instructions * feat: enhance update script error handling and output formatting - Replaced subprocess.call with subprocess.run for improved error handling. - Added detailed error messages and output logging using the rich console for better user feedback. - Implemented cleanup of the temporary install script in case of errors. - Enhanced exception handling for various error scenarios, including permission issues and OS errors. * feat: add clean_subprocess_env function to enhance subprocess execution * refactor: use clean_subprocess_env in phase_run_inject to manage environment variables * refactor: replace environment variable management with clean_subprocess_env in phase_shell function * refactor: streamline environment variable management in phase_cli_update using clean_subprocess_env * fix: update Python virtual environment command in README for consistency * docs: add TODO comments for potential environment variable filtering in clean_subprocess_env function * feat: add PHASE_APP env, fixed PHASE_APP env
feat: add error handling for JSON decode issues in API responses (#218) * feat: add error handling for JSON decode issues in API responses * feat: enhance logging in phase_init with rich console * feat: integrate rich console for improved logging in phase_auth * chore: bump version to 1.19.2
feat: cross app secret referencing (#205) * feat: added support for cross app secret referencing * fix: store and return original secret reference in resolve_secret_reference function * feat: enhance cross-application secret referencing with additional test cases * chore: bump version to 1.19.1
PreviousNext