fix: Refactor tf scanner to reference resources

[adityachoudhari26]

Summary by CodeRabbit

• New Features

  • Introduced catalog references for several dependencies across various projects, enhancing package management.

• Bug Fixes

  • Updated environment variable naming from CTRLPLANE_WORKSPACE_TARGET_NAME to CTRLPLANE_WORKSPACE_RESOURCE_NAME for consistency.

• Refactor

  • Refactored the scan function for improved readability and efficiency, including concurrent processing of workspaces.

• Tests

  • Adjusted test suite to reflect updated naming conventions and improved assertions.

• Chores

  • Updated package.json files across multiple projects to utilize catalog references for dependencies.

[coderabbitai]

Walkthrough

The changes in this pull request involve updates to multiple package.json files across several projects within the @ctrlplane organization. The modifications primarily focus on changing the version specifications of certain dependencies, notably ts-is-present, eslint, prettier, tsx, and typescript, to a catalog reference format. Additionally, there are updates to the test suite and configuration files, including renaming environment variables and refactoring functions for improved clarity and consistency.

Changes

File Path	Change Summary
apps/jobs/package.json	Updated ts-is-present, eslint, prettier, tsx, and typescript to use "catalog:" references.
apps/webservice/package.json	Changed ts-is-present, uuid, zod, and eslint to use "catalog:" references.
integrations/terraform-cloud-scanner/package.json	Added ts-is-present and updated eslint, eslint-plugin-vitest, prettier, and typescript to "catalog:".
integrations/terraform-cloud-scanner/src/tests/scanner.test.ts	Renamed environment variable from CTRLPLANE_WORKSPACE_TARGET_NAME to CTRLPLANE_WORKSPACE_RESOURCE_NAME and updated relevant test assertions.
integrations/terraform-cloud-scanner/src/config.ts	Renamed environment variable from CTRLPLANE_WORKSPACE_TARGET_NAME to CTRLPLANE_WORKSPACE_RESOURCE_NAME.
integrations/terraform-cloud-scanner/src/scanner.ts	Refactored scan function, updated variable references, and changed function declarations to arrow functions.
packages/job-dispatch/package.json	Updated ts-is-present, eslint, prettier, and typescript to use "catalog:" references.
pnpm-workspace.yaml	Added new dependency "ts-is-present": ^1.2.2 to the catalog section.

Possibly related PRs

• refactor job policy checker app #151: Updates the ts-is-present dependency in apps/jobs/package.json.
• fix: Check existence from identifiers #155: Updates the ts-is-present dependency in apps/event-worker/src/target-scan/index.ts.
• fix: Target variables #170: Updates the ts-is-present dependency in the @ctrlplane/jobs package.
• fix: Create jobs for latest valid releases on env create #197: Introduces a new function for creating jobs related to environments, potentially affecting job handling with updated dependencies.
• fix: Reuse filter endpoints for deployment resource drawer #239: Modifications involve job filtering logic, which may relate to changes in dependency management.

Suggested reviewers

• jsbroks

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (5)

integrations/terraform-cloud-scanner/src/scanner.ts (1)

Line range hint 37-83: Improved error handling and functional programming approach

The refactoring from a traditional loop to Promise.allSettled with map and filter operations provides better error handling and a more functional approach. The use of isPresent type guard ensures type safety.

Consider adding error logging for failed promises:

 const resources = await Promise.allSettled(resourcePromises).then(
   (results) =>
     results
-      .map((result) =>
-        result.status === "fulfilled" ? result.value : null,
-      )
+      .map((result) => {
+        if (result.status === "rejected") {
+          logger.error("Failed to process workspace:", result.reason);
+          return null;
+        }
+        return result.value;
+      })
       .filter(isPresent),
 );

integrations/terraform-cloud-scanner/package.json (1)

Node.js version compatibility issue detected

The project has mixed Node.js version requirements:

• Root package.json requires >=20.12.0
• GitHub Actions workflow uses Node.js 22
• terraform-cloud-scanner has no explicit Node.js version requirement

Using @types/node from the node22 catalog in terraform-cloud-scanner might cause compatibility issues since the project's base requirement is Node.js 20. You should:

• Add "node": ">=20.12.0" to terraform-cloud-scanner's package.json to align with the root package
• Consider using @types/node from the node20 catalog instead

🔗 Analysis chain

Line range hint 41-41: Verify Node.js version compatibility

The package uses @types/node from the node22 catalog. Let's ensure this aligns with the project's Node.js version requirements.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check Node.js version requirements across the project

# Check for explicit Node.js version requirements in package.json files
rg -l '"node":' --type json

# Check for .nvmrc or .node-version files
fd -e nvmrc -e node-version

# Check for Node.js version in GitHub workflow files
fd -e yml -e yaml --exec rg -l 'node-version:' {} \;

Length of output: 210

---

Script:

#!/bin/bash
# Let's check the actual Node.js version requirements in the found files

# Check package.json files
echo "=== Root package.json ==="
cat package.json | jq '.engines.node'

echo -e "\n=== integrations/github-get-job-inputs/package.json ==="
cat integrations/github-get-job-inputs/package.json | jq '.engines.node'

echo -e "\n=== integrations/terraform-cloud-scanner/package.json ==="
cat integrations/terraform-cloud-scanner/package.json | jq '.engines.node'

# Check GitHub workflow Node.js version
echo -e "\n=== GitHub Action Node.js version ==="
cat tooling/github/setup/action.yml | grep -A 1 'node-version:'

Length of output: 728

packages/job-dispatch/package.json (2)

Line range hint 29-31: Consider consolidating Redis clients.

The package uses both ioredis and redis packages. Consider standardizing on a single Redis client library to reduce dependency overhead and potential version conflicts.

---

Line range hint 29-42: Consider moving more dependencies to catalog references.

For consistency in dependency management, consider moving other stable dependencies like ioredis, lodash, ms, murmurhash, redis, and semver to catalog references as well.

apps/webservice/package.json (1)

Line range hint 16-85: Consider expanding catalog reference usage.

Many dependencies could potentially use catalog references for consistent version management across the organization. Consider moving stable dependencies like @hookform/resolvers, @icons-pack/react-simple-icons, @internationalized/date, etc., to catalog references.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 916c4b6 and d180b74.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (8)

• apps/jobs/package.json (1 hunks)
• apps/webservice/package.json (1 hunks)
• integrations/terraform-cloud-scanner/package.json (1 hunks)
• integrations/terraform-cloud-scanner/src/__tests__/scanner.test.ts (4 hunks)
• integrations/terraform-cloud-scanner/src/config.ts (1 hunks)
• integrations/terraform-cloud-scanner/src/scanner.ts (8 hunks)
• packages/job-dispatch/package.json (1 hunks)
• pnpm-workspace.yaml (1 hunks)

🔇 Additional comments (13)

integrations/terraform-cloud-scanner/src/config.ts (1)

13-15: Verify environment variable usage across the codebase

The environment variable has been renamed from CTRLPLANE_WORKSPACE_TARGET_NAME to CTRLPLANE_WORKSPACE_RESOURCE_NAME. While the change is consistent with the shift from "targets" to "resources" terminology, we should verify all references are updated.

✅ Verification successful

Environment variable renaming is consistent across the codebase

The search results confirm that all references to the environment variable have been updated to use the new name CTRLPLANE_WORKSPACE_RESOURCE_NAME. No instances of the old name CTRLPLANE_WORKSPACE_TARGET_NAME were found in the TypeScript files. The changes appear in:

• Configuration schema (config.ts)
• Scanner implementation (scanner.ts)
• Test files (scanner.test.ts)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for any remaining references to the old environment variable name
rg "CTRLPLANE_WORKSPACE_TARGET_NAME" --type ts

# Search for references to the new environment variable name
rg "CTRLPLANE_WORKSPACE_RESOURCE_NAME" --type ts

Length of output: 564

integrations/terraform-cloud-scanner/src/__tests__/scanner.test.ts (3)

28-28: LGTM: Environment variable mock updated correctly

The mock configuration has been properly updated to use the new environment variable name.

---

122-129: LGTM: API endpoint and request structure updated consistently

The changes to the API endpoint and request body structure are consistent with the terminology change from "targets" to "resources".

---

161-163: LGTM: Log assertion updated appropriately

The log assertion has been updated to match the new terminology.

integrations/terraform-cloud-scanner/src/scanner.ts (4)

14-14: LGTM: Environment variable reference updated

The template now correctly uses the new environment variable name.

---

21-23: LGTM: Clean ResourceProvider initialization

Good use of object destructuring and the new ResourceProvider class.

---

104-107: LGTM: Improved variable processing

The variable processing has been simplified with a cleaner map operation.

---

Line range hint 129-141: LGTM: Consistent function style

Good refactoring of processVcsRepo and buildWorkspaceLink to use arrow function syntax, maintaining consistency with other utility functions.

Also applies to: 148-152

pnpm-workspace.yaml (1)

25-25: Verify the version constraint for ts-is-present

The addition of ts-is-present with ^1.2.2 to the catalog is part of centralizing dependency management. Let's verify this version choice.

✅ Verification successful

Let me verify how this version is being used in the codebase to ensure it's appropriate.

---

Version ^1.2.2 for ts-is-present is appropriate and secure

The version choice is verified to be suitable because:

• 1.2.2 is the latest stable version (released Sept 2021)
• No security vulnerabilities were found
• The package is being used consistently across multiple components, with most referencing the catalog entry
• One existing direct reference in packages/api uses the same ^1.2.2 constraint

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the latest versions and any known issues for ts-is-present

# Check NPM for latest versions and release dates
curl -s https://registry.npmjs.org/ts-is-present | jq -r '.time | to_entries | .[] | "\(.key) \(.value)"' | grep -v -E "created|modified"

# Check for any security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "ts-is-present") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 827

---

Script:

#!/bin/bash
# Check how ts-is-present is being used across the codebase
rg "ts-is-present" --type json -A 2 -B 2

# Find all package.json files referencing the catalog
rg '"catalog:ts-is-present"' --type json

Length of output: 1509

apps/jobs/package.json (1)

22-22: LGTM! Consistent use of catalog references

The changes properly reference the centralized versions from the workspace catalog, maintaining consistency across the project.

Also applies to: 28-31

integrations/terraform-cloud-scanner/package.json (1)

34-34: LGTM! Consistent use of catalog references

The changes properly reference the centralized versions from the workspace catalog, maintaining consistency across the project.

Also applies to: 42-45

packages/job-dispatch/package.json (1)

41-41: LGTM on catalog reference update.

The change to use catalog reference for ts-is-present aligns with the PR objective of standardizing dependency management.

apps/webservice/package.json (1)

86-86: LGTM on ts-is-present catalog reference.

The change to use catalog reference for ts-is-present aligns with the PR objective and maintains consistency across packages.

[coderabbitai]

⚠️ Potential issue

Fix inconsistency in uuid dependency version.

The uuid dependency still shows ^10.0.0 while the AI summary indicates it should be changed to catalog:. Please update this for consistency.

-    "uuid": "^10.0.0",
+    "uuid": "catalog:",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"ts-is-present": "catalog:",
	"uuid": "^10.0.0",
	"zod": "catalog:"
	"ts-is-present": "catalog:",
	"uuid": "catalog:",
	"zod": "catalog:"