`cdktf-cli`: Invoke Terraform CLI with `node:child_process` instead of `node-pty`. (Bun + Deno support)

[commiterate]

Description

Issue

cdktf-cli currently uses @cdktf/node-pty-prebuilt-multiarch to spawn a child process that runs the Terraform CLI for deploy and destroy commands (docs). This is a fork of node-pty for providing pre-built binaries as it has native/C components.

This currently has some sharp edges:

1. The Terraform CDK team needs to continuously maintain the fork and provide additional pre-built binaries for each combination of JavaScript runtime (Node.js, Electron) version, operating system (Linux w/ GNU libc, Linux w/ musl libc, macOS/Darwin, Windows), and ISA (IA-32/i386, x86-64, ARM32, ARM64).
   • This currently produces 200+ assets per release.
   • Users trying to use the newest versions of Node.js may run into errors like in https://github.com/hashicorp/terraform-cdk/issues/3641 if the compilation step done by the postinstall lifecycle script doesn't correctly trigger (may happen with alternative package managers like pnpm or Bun).
     • Bun (and potentially other package managers) purposefully does not execute lifecycle scripts (e.g. postinstall) by default because they're a security vulnerability (remote code execution).
   • Users trying to use alternative JavaScript runtimes may run into errors with node-gyp like in https://github.com/microsoft/node-pty/issues/632.
2. Pre-compiled binaries may contain hardcoded paths to the dynamic linker or expect specific versions of dynamically linked libraries.
   • The former requires ELF patching for operating systems that don't place the dynamic linker in a conventional location like NixOS and Guix.
   • The latter is a chronic inconvenience for people on usually older and the newest versions of Linux distributions which may have older/newer versions of GNU libc or musl libc than what's required.
3. node-pty uses some V8-specific APIs which can cause problems for alternative runtimes that don't use V8 as the JavaScript engine.
   • One example is Bun which uses JavaScriptCore (https://github.com/oven-sh/bun/issues/5306).

node-pty effectively creates a hard dependency on the Node.js runtime (Node.js API + V8 JavaScript engine) and other pre-compiled binaries which creates a narrow compatibility window and an extra maintenance burden.

Proposal

One option is to use Node's child_process.spawn() (docs) to spawn child processes. Setting the stdio option (docs) to inherit seems to allow use of interactive child processes like the Terraform CLI.

This removes the need for binaries outside of the JavaScript runtime, leaving only a dependency on the Node.js API.

Alternative JavaScript runtimes typically provide polyfills for Node.js APIs. In particular, both Bun and Deno provide node:child_process polyfills, removing the need for cdktf-cli to use each runtime's idiomatic child process spawning APIs.

Help Wanted

• [ ] I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[micchickenburger]

This would also allow the use of cdktf in environments that don't provide pseudo terminal support, like Lambda.