diff --git a/README.md b/README.md index 91877d7..6c66e75 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ # µPaaS by [@sneak](https://sneak.berlin) -A simple self-hosted PaaS that auto-deploys Docker containers from Git repositories via Gitea webhooks. +A simple self-hosted PaaS that auto-deploys Docker containers from Git repositories via webhooks from Gitea, GitHub, or GitLab. ## Features - Single admin user with argon2id password hashing - Per-app SSH keypairs for read-only deploy keys -- Per-app UUID-based webhook URLs for Gitea integration +- Per-app UUID-based webhook URLs with auto-detection of Gitea, GitHub, and GitLab - Branch filtering - only deploy on configured branch changes - Environment variables, labels, and volume mounts per app +- CPU and memory resource limits per app - Docker builds via socket access - Notifications via ntfy and Slack-compatible webhooks - Simple server-rendered UI with Tailwind CSS @@ -19,7 +20,7 @@ A simple self-hosted PaaS that auto-deploys Docker containers from Git repositor - Complex CI pipelines - Multiple container orchestration - SPA/API-first design -- Support for non-Gitea webhooks +- Support for non-push webhook events (e.g. issues, merge requests) ## Architecture @@ -44,7 +45,7 @@ upaas/ │ │ ├── auth/ # Authentication service │ │ ├── deploy/ # Deployment orchestration │ │ ├── notify/ # Notifications (ntfy, Slack) -│ │ └── webhook/ # Gitea webhook processing +│ │ └── webhook/ # Webhook processing (Gitea, GitHub, GitLab) │ └── ssh/ # SSH key generation ├── static/ # Embedded CSS/JS assets └── templates/ # Embedded HTML templates diff --git a/internal/database/migrations.go b/internal/database/migrations.go index 03a69fa..0982824 100644 --- a/internal/database/migrations.go +++ b/internal/database/migrations.go @@ -2,36 +2,74 @@ package database import ( "context" + "database/sql" "embed" + "errors" "fmt" "io/fs" + "log/slog" "sort" + "strconv" "strings" ) //go:embed migrations/*.sql var migrationsFS embed.FS -func (d *Database) migrate(ctx context.Context) error { - // Create migrations table if not exists - _, err := d.database.ExecContext(ctx, ` - CREATE TABLE IF NOT EXISTS schema_migrations ( - version TEXT PRIMARY KEY, - applied_at DATETIME DEFAULT CURRENT_TIMESTAMP - ) - `) - if err != nil { - return fmt.Errorf("failed to create migrations table: %w", err) +// bootstrapVersion is the migration that creates the schema_migrations +// table itself. It is applied before the normal migration loop. +const bootstrapVersion = 0 + +// ErrInvalidMigrationFilename indicates a migration filename does not follow +// the expected ".sql" or "_.sql" pattern. +var ErrInvalidMigrationFilename = errors.New("invalid migration filename") + +// ParseMigrationVersion extracts the numeric version prefix from a migration +// filename. Filenames must follow the pattern ".sql" or +// "_.sql", where version is a zero-padded numeric +// string (e.g. "001", "002"). Returns the version as an integer and an +// error if the filename does not match the expected pattern. +func ParseMigrationVersion(filename string) (int, error) { + name := strings.TrimSuffix(filename, ".sql") + if name == "" || name == filename { + return 0, fmt.Errorf("%w: %q has no .sql extension or is empty", ErrInvalidMigrationFilename, filename) } - // Get list of migration files + // Split on underscore to separate version from description. + // If there's no underscore, the entire stem is the version. + versionStr, _, _ := strings.Cut(name, "_") + + if versionStr == "" { + return 0, fmt.Errorf("%w: %q has empty version prefix", ErrInvalidMigrationFilename, filename) + } + + // Validate the version is purely numeric. + for _, ch := range versionStr { + if ch < '0' || ch > '9' { + return 0, fmt.Errorf( + "%w: %q version %q contains non-numeric character %q", + ErrInvalidMigrationFilename, filename, versionStr, string(ch), + ) + } + } + + version, err := strconv.Atoi(versionStr) + if err != nil { + return 0, fmt.Errorf("%w: %q: %w", ErrInvalidMigrationFilename, filename, err) + } + + return version, nil +} + +// collectMigrations reads the embedded migrations directory and returns +// migration filenames sorted lexicographically. +func collectMigrations() ([]string, error) { entries, err := fs.ReadDir(migrationsFS, "migrations") if err != nil { - return fmt.Errorf("failed to read migrations directory: %w", err) + return nil, fmt.Errorf("failed to read migrations directory: %w", err) } - // Sort migrations by name - migrations := make([]string, 0, len(entries)) + var migrations []string for _, entry := range entries { if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") { @@ -41,54 +79,113 @@ func (d *Database) migrate(ctx context.Context) error { sort.Strings(migrations) - // Apply each migration - for _, migration := range migrations { - applied, err := d.isMigrationApplied(ctx, migration) - if err != nil { - return fmt.Errorf("failed to check migration %s: %w", migration, err) - } + return migrations, nil +} - if applied { - d.log.Debug("migration already applied", "migration", migration) +// bootstrapMigrationsTable ensures the schema_migrations table exists by +// applying 000_migration.sql if the table is missing. +func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger) error { + var tableExists int - continue - } + err := db.QueryRowContext(ctx, + "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'", + ).Scan(&tableExists) + if err != nil { + return fmt.Errorf("failed to check for migrations table: %w", err) + } - err = d.applyMigration(ctx, migration) - if err != nil { - return fmt.Errorf("failed to apply migration %s: %w", migration, err) - } - - d.log.Info("migration applied", "migration", migration) + if tableExists == 0 { + return applyBootstrapMigration(ctx, db, log) } return nil } -func (d *Database) isMigrationApplied(ctx context.Context, version string) (bool, error) { - var count int - - err := d.database.QueryRowContext( - ctx, - "SELECT COUNT(*) FROM schema_migrations WHERE version = ?", - version, - ).Scan(&count) +// applyBootstrapMigration reads and executes 000_migration.sql to create the +// schema_migrations table on a fresh database. +func applyBootstrapMigration(ctx context.Context, db *sql.DB, log *slog.Logger) error { + content, err := migrationsFS.ReadFile("migrations/000_migration.sql") if err != nil { - return false, fmt.Errorf("failed to query migration status: %w", err) + return fmt.Errorf("failed to read bootstrap migration 000_migration.sql: %w", err) } - return count > 0, nil + if log != nil { + log.Info("applying bootstrap migration", "version", bootstrapVersion) + } + + _, err = db.ExecContext(ctx, string(content)) + if err != nil { + return fmt.Errorf("failed to apply bootstrap migration: %w", err) + } + + return nil } -func (d *Database) applyMigration(ctx context.Context, filename string) error { - content, err := migrationsFS.ReadFile("migrations/" + filename) - if err != nil { - return fmt.Errorf("failed to read migration file: %w", err) +// ApplyMigrations applies all pending migrations to db. An optional logger +// may be provided for informational output; pass nil for silent operation. +// This is exported so tests can apply the real schema without the full fx +// lifecycle. +func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error { + bootstrapErr := bootstrapMigrationsTable(ctx, db, log) + if bootstrapErr != nil { + return bootstrapErr } - transaction, err := d.database.BeginTx(ctx, nil) + migrations, err := collectMigrations() if err != nil { - return fmt.Errorf("failed to begin transaction: %w", err) + return err + } + + for _, migration := range migrations { + version, parseErr := ParseMigrationVersion(migration) + if parseErr != nil { + return parseErr + } + + // Check if already applied. + var count int + + err = db.QueryRowContext(ctx, + "SELECT COUNT(*) FROM schema_migrations WHERE version = ?", + version, + ).Scan(&count) + if err != nil { + return fmt.Errorf("failed to check migration %s: %w", migration, err) + } + + if count > 0 { + if log != nil { + log.Debug("migration already applied", "version", version) + } + + continue + } + + // Apply migration in a transaction. + applyErr := applyMigrationTx(ctx, db, migration, version) + if applyErr != nil { + return applyErr + } + + if log != nil { + log.Info("migration applied", "version", version) + } + } + + return nil +} + +// applyMigrationTx reads and executes a migration file within a transaction, +// recording the version in schema_migrations on success. +func applyMigrationTx(ctx context.Context, db *sql.DB, filename string, version int) error { + content, err := migrationsFS.ReadFile("migrations/" + filename) + if err != nil { + return fmt.Errorf("failed to read migration %s: %w", filename, err) + } + + transaction, err := db.BeginTx(ctx, nil) + if err != nil { + return fmt.Errorf("failed to begin transaction for migration %s: %w", filename, err) } defer func() { @@ -97,26 +194,27 @@ func (d *Database) applyMigration(ctx context.Context, filename string) error { } }() - // Execute migration _, err = transaction.ExecContext(ctx, string(content)) if err != nil { - return fmt.Errorf("failed to execute migration: %w", err) + return fmt.Errorf("failed to execute migration %s: %w", filename, err) } - // Record migration - _, err = transaction.ExecContext( - ctx, + _, err = transaction.ExecContext(ctx, "INSERT INTO schema_migrations (version) VALUES (?)", - filename, + version, ) if err != nil { - return fmt.Errorf("failed to record migration: %w", err) + return fmt.Errorf("failed to record migration %s: %w", filename, err) } err = transaction.Commit() if err != nil { - return fmt.Errorf("failed to commit migration: %w", err) + return fmt.Errorf("failed to commit migration %s: %w", filename, err) } return nil } + +func (d *Database) migrate(ctx context.Context) error { + return ApplyMigrations(ctx, d.database, d.log) +} diff --git a/internal/database/migrations/000_migration.sql b/internal/database/migrations/000_migration.sql new file mode 100644 index 0000000..e06a2da --- /dev/null +++ b/internal/database/migrations/000_migration.sql @@ -0,0 +1,9 @@ +-- Migration 000: Schema migrations tracking table +-- Applied as a bootstrap step before the normal migration loop. + +CREATE TABLE IF NOT EXISTS schema_migrations ( + version INTEGER PRIMARY KEY, + applied_at DATETIME DEFAULT CURRENT_TIMESTAMP +); + +INSERT OR IGNORE INTO schema_migrations (version) VALUES (0); diff --git a/internal/database/migrations/007_add_resource_limits.sql b/internal/database/migrations/007_add_resource_limits.sql new file mode 100644 index 0000000..2744f0c --- /dev/null +++ b/internal/database/migrations/007_add_resource_limits.sql @@ -0,0 +1,3 @@ +-- Add CPU and memory resource limits per app +ALTER TABLE apps ADD COLUMN cpu_limit REAL; +ALTER TABLE apps ADD COLUMN memory_limit INTEGER; diff --git a/internal/database/migrations_test.go b/internal/database/migrations_test.go new file mode 100644 index 0000000..d36efeb --- /dev/null +++ b/internal/database/migrations_test.go @@ -0,0 +1,117 @@ +package database_test + +import ( + "context" + "database/sql" + "testing" + + _ "github.com/mattn/go-sqlite3" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "sneak.berlin/go/upaas/internal/database" +) + +func TestParseMigrationVersion(t *testing.T) { + t.Parallel() + + tests := []struct { + filename string + wantVersion int + wantErr bool + }{ + {filename: "000_migration.sql", wantVersion: 0}, + {filename: "001_initial.sql", wantVersion: 1}, + {filename: "002_remove_container_id.sql", wantVersion: 2}, + {filename: "007_add_resource_limits.sql", wantVersion: 7}, + {filename: "100_large_version.sql", wantVersion: 100}, + {filename: ".sql", wantErr: true}, + {filename: "_foo.sql", wantErr: true}, + {filename: "abc_foo.sql", wantErr: true}, + {filename: "1a2_bad.sql", wantErr: true}, + } + + for _, tt := range tests { + t.Run(tt.filename, func(t *testing.T) { + t.Parallel() + + version, err := database.ParseMigrationVersion(tt.filename) + if tt.wantErr { + assert.Error(t, err) + + return + } + + require.NoError(t, err) + assert.Equal(t, tt.wantVersion, version) + }) + } +} + +func TestApplyMigrationsFreshDatabase(t *testing.T) { + t.Parallel() + + db, err := sql.Open("sqlite3", ":memory:?_foreign_keys=on") + require.NoError(t, err) + + defer func() { _ = db.Close() }() + + ctx := context.Background() + + err = database.ApplyMigrations(ctx, db, nil) + require.NoError(t, err) + + // Verify schema_migrations table exists with INTEGER version column. + var version int + + err = db.QueryRowContext(ctx, + "SELECT version FROM schema_migrations WHERE version = 0", + ).Scan(&version) + require.NoError(t, err) + assert.Equal(t, 0, version) + + // Verify that all migrations were recorded. + var count int + + err = db.QueryRowContext(ctx, + "SELECT COUNT(*) FROM schema_migrations", + ).Scan(&count) + require.NoError(t, err) + // 000 bootstrap + 001 through 007 = 8 entries. + assert.Equal(t, 8, count) + + // Verify application tables were created by the migrations. + var tableCount int + + err = db.QueryRowContext(ctx, + "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='users'", + ).Scan(&tableCount) + require.NoError(t, err) + assert.Equal(t, 1, tableCount) +} + +func TestApplyMigrationsIdempotent(t *testing.T) { + t.Parallel() + + db, err := sql.Open("sqlite3", ":memory:?_foreign_keys=on") + require.NoError(t, err) + + defer func() { _ = db.Close() }() + + ctx := context.Background() + + // Apply twice — second run should be a no-op. + err = database.ApplyMigrations(ctx, db, nil) + require.NoError(t, err) + + err = database.ApplyMigrations(ctx, db, nil) + require.NoError(t, err) + + var count int + + err = db.QueryRowContext(ctx, + "SELECT COUNT(*) FROM schema_migrations", + ).Scan(&count) + require.NoError(t, err) + assert.Equal(t, 8, count) +} diff --git a/internal/docker/client.go b/internal/docker/client.go index 8d62266..ef78527 100644 --- a/internal/docker/client.go +++ b/internal/docker/client.go @@ -138,13 +138,15 @@ func (c *Client) BuildImage( // CreateContainerOptions contains options for creating a container. type CreateContainerOptions struct { - Name string - Image string - Env map[string]string - Labels map[string]string - Volumes []VolumeMount - Ports []PortMapping - Network string + Name string + Image string + Env map[string]string + Labels map[string]string + Volumes []VolumeMount + Ports []PortMapping + Network string + CPULimit float64 // CPU cores (e.g. 0.5 = half a core, 2.0 = two cores). 0 means unlimited. + MemoryLimit int64 // Memory in bytes. 0 means unlimited. } // VolumeMount represents a volume mount. @@ -161,6 +163,14 @@ type PortMapping struct { Protocol string // "tcp" or "udp" } +// nanoCPUsPerCPU is the number of NanoCPUs per CPU core. +const nanoCPUsPerCPU = 1e9 + +// cpuLimitToNanoCPUs converts a CPU limit (e.g. 0.5 cores) to Docker NanoCPUs. +func cpuLimitToNanoCPUs(cpuLimit float64) int64 { + return int64(cpuLimit * nanoCPUsPerCPU) +} + // buildPortConfig converts port mappings to Docker port configuration. func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) { exposedPorts := make(nat.PortSet) @@ -185,6 +195,48 @@ func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) { return exposedPorts, portBindings } +// buildEnvSlice converts an env map to a Docker-compatible env slice. +func buildEnvSlice(env map[string]string) []string { + envSlice := make([]string, 0, len(env)) + + for key, val := range env { + envSlice = append(envSlice, key+"="+val) + } + + return envSlice +} + +// buildMounts converts volume mounts to Docker mount configuration. +func buildMounts(volumes []VolumeMount) []mount.Mount { + mounts := make([]mount.Mount, 0, len(volumes)) + + for _, vol := range volumes { + mounts = append(mounts, mount.Mount{ + Type: mount.TypeBind, + Source: vol.HostPath, + Target: vol.ContainerPath, + ReadOnly: vol.ReadOnly, + }) + } + + return mounts +} + +// buildResources builds Docker resource constraints from container options. +func buildResources(opts CreateContainerOptions) container.Resources { + resources := container.Resources{} + + if opts.CPULimit > 0 { + resources.NanoCPUs = cpuLimitToNanoCPUs(opts.CPULimit) + } + + if opts.MemoryLimit > 0 { + resources.Memory = opts.MemoryLimit + } + + return resources +} + // CreateContainer creates a new container. func (c *Client) CreateContainer( ctx context.Context, @@ -196,40 +248,20 @@ func (c *Client) CreateContainer( c.log.Info("creating container", "name", opts.Name, "image", opts.Image) - // Convert env map to slice - envSlice := make([]string, 0, len(opts.Env)) - - for key, val := range opts.Env { - envSlice = append(envSlice, key+"="+val) - } - - // Convert volumes to mounts - mounts := make([]mount.Mount, 0, len(opts.Volumes)) - - for _, vol := range opts.Volumes { - mounts = append(mounts, mount.Mount{ - Type: mount.TypeBind, - Source: vol.HostPath, - Target: vol.ContainerPath, - ReadOnly: vol.ReadOnly, - }) - } - - // Convert ports to exposed ports and port bindings exposedPorts, portBindings := buildPortConfig(opts.Ports) - // Create container resp, err := c.docker.ContainerCreate(ctx, &container.Config{ Image: opts.Image, - Env: envSlice, + Env: buildEnvSlice(opts.Env), Labels: opts.Labels, ExposedPorts: exposedPorts, }, &container.HostConfig{ - Mounts: mounts, + Mounts: buildMounts(opts.Volumes), PortBindings: portBindings, NetworkMode: container.NetworkMode(opts.Network), + Resources: buildResources(opts), RestartPolicy: container.RestartPolicy{ Name: container.RestartPolicyUnlessStopped, }, diff --git a/internal/docker/resource_limits_test.go b/internal/docker/resource_limits_test.go new file mode 100644 index 0000000..ab2a686 --- /dev/null +++ b/internal/docker/resource_limits_test.go @@ -0,0 +1,31 @@ +package docker //nolint:testpackage // tests unexported cpuLimitToNanoCPUs + +import ( + "testing" +) + +func TestCpuLimitToNanoCPUs(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + cpuLimit float64 + expected int64 + }{ + {"one core", 1.0, 1_000_000_000}, + {"half core", 0.5, 500_000_000}, + {"two cores", 2.0, 2_000_000_000}, + {"quarter core", 0.25, 250_000_000}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + got := cpuLimitToNanoCPUs(tt.cpuLimit) + if got != tt.expected { + t.Errorf("cpuLimitToNanoCPUs(%v) = %d, want %d", tt.cpuLimit, got, tt.expected) + } + }) + } +} diff --git a/internal/handlers/app.go b/internal/handlers/app.go index d55c27c..6b4b00d 100644 --- a/internal/handlers/app.go +++ b/internal/handlers/app.go @@ -257,23 +257,19 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid application.RepoURL = request.FormValue("repo_url") application.Branch = request.FormValue("branch") application.DockerfilePath = request.FormValue("dockerfile_path") + application.DockerNetwork = optionalNullString(request.FormValue("docker_network")) + application.NtfyTopic = optionalNullString(request.FormValue("ntfy_topic")) + application.SlackWebhook = optionalNullString(request.FormValue("slack_webhook")) - if network := request.FormValue("docker_network"); network != "" { - application.DockerNetwork = sql.NullString{String: network, Valid: true} - } else { - application.DockerNetwork = sql.NullString{} - } + limitsErr := applyResourceLimits(application, request) + if limitsErr != "" { + data := h.addGlobals(map[string]any{ + "App": application, + "Error": limitsErr, + }, request) + h.renderTemplate(writer, tmpl, "app_edit.html", data) - if ntfy := request.FormValue("ntfy_topic"); ntfy != "" { - application.NtfyTopic = sql.NullString{String: ntfy, Valid: true} - } else { - application.NtfyTopic = sql.NullString{} - } - - if slack := request.FormValue("slack_webhook"); slack != "" { - application.SlackWebhook = sql.NullString{String: slack, Valid: true} - } else { - application.SlackWebhook = sql.NullString{} + return } saveErr := application.Save(request.Context()) @@ -1368,6 +1364,129 @@ func validateVolumePaths(hostPath, containerPath string) error { return nil } +// ErrInvalidMemoryFormat is returned when a memory limit string cannot be parsed. +var ErrInvalidMemoryFormat = errors.New( + "must be a number with optional unit suffix (e.g. 256m, 1g, 512000000)", +) + +// ErrNegativeValue is returned when a resource limit is negative. +var ErrNegativeValue = errors.New("value must be positive") + +// Memory unit byte multipliers. +const ( + kilobyte = 1024 + megabyte = 1024 * 1024 + gigabyte = 1024 * 1024 * 1024 +) + +// optionalNullString converts a form value to a sql.NullString. +// Returns a valid NullString if non-empty, invalid (NULL) if empty. +func optionalNullString(s string) sql.NullString { + if s != "" { + return sql.NullString{String: s, Valid: true} + } + + return sql.NullString{} +} + +// applyResourceLimits parses CPU and memory limit form values and applies them to the app. +// Returns an error message string if validation fails, or empty string on success. +func applyResourceLimits(application *models.App, request *http.Request) string { + cpuLimit, cpuErr := parseOptionalFloat64(request.FormValue("cpu_limit")) + if cpuErr != nil { + return "Invalid CPU limit: must be a positive number (e.g. 0.5, 1, 2)" + } + + application.CPULimit = cpuLimit + + memoryLimit, memErr := parseOptionalMemoryBytes(request.FormValue("memory_limit")) + if memErr != nil { + return "Invalid memory limit: " + memErr.Error() + } + + application.MemoryLimit = memoryLimit + + return "" +} + +// memoryUnitMultiplier returns the byte multiplier for a memory unit suffix. +// Returns 0 if the suffix is not recognized. +func memoryUnitMultiplier(suffix byte) int64 { + switch suffix { + case 'k': + return kilobyte + case 'm': + return megabyte + case 'g': + return gigabyte + default: + return 0 + } +} + +// parseOptionalFloat64 parses an optional float64 form field. +// Returns a valid NullFloat64 if the string is non-empty and parses to a positive number. +// Returns an empty NullFloat64 if the string is empty. +// Returns an error if the string is non-empty but invalid or non-positive. +func parseOptionalFloat64(s string) (sql.NullFloat64, error) { + s = strings.TrimSpace(s) + if s == "" { + return sql.NullFloat64{}, nil + } + + val, err := strconv.ParseFloat(s, 64) + if err != nil { + return sql.NullFloat64{}, fmt.Errorf("invalid number: %w", err) + } + + if val <= 0 { + return sql.NullFloat64{}, ErrNegativeValue + } + + return sql.NullFloat64{Float64: val, Valid: true}, nil +} + +// parseOptionalMemoryBytes parses an optional memory limit string into bytes. +// Accepts plain bytes (e.g. "536870912") or suffixed values (e.g. "512m", "1g", "256k"). +// Returns a valid NullInt64 with bytes if non-empty, empty NullInt64 if blank. +func parseOptionalMemoryBytes(s string) (sql.NullInt64, error) { + s = strings.TrimSpace(s) + if s == "" { + return sql.NullInt64{}, nil + } + + s = strings.ToLower(s) + + // Check for unit suffix + multiplier := memoryUnitMultiplier(s[len(s)-1]) + if multiplier > 0 { + numStr := s[:len(s)-1] + + val, err := strconv.ParseFloat(numStr, 64) + if err != nil { + return sql.NullInt64{}, ErrInvalidMemoryFormat + } + + if val <= 0 { + return sql.NullInt64{}, ErrNegativeValue + } + + return sql.NullInt64{Int64: int64(val * float64(multiplier)), Valid: true}, nil + } + + // Plain bytes + val, err := strconv.ParseInt(s, 10, 64) + if err != nil { + return sql.NullInt64{}, ErrInvalidMemoryFormat + } + + if val <= 0 { + return sql.NullInt64{}, ErrNegativeValue + } + + return sql.NullInt64{Int64: val, Valid: true}, nil +} + // formatDeployKey formats an SSH public key with a descriptive comment. // Format: ssh-ed25519 AAAA... upaas_2025-01-15_myapp func formatDeployKey(pubKey string, createdAt time.Time, appName string) string { diff --git a/internal/handlers/resource_limits_test.go b/internal/handlers/resource_limits_test.go new file mode 100644 index 0000000..5e39db0 --- /dev/null +++ b/internal/handlers/resource_limits_test.go @@ -0,0 +1,195 @@ +package handlers //nolint:testpackage // tests unexported parsing functions + +import ( + "database/sql" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestParseOptionalFloat64(t *testing.T) { + t.Parallel() + + t.Run("empty string returns invalid", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalFloat64("") + require.NoError(t, err) + assert.False(t, result.Valid) + }) + + t.Run("whitespace only returns invalid", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalFloat64(" ") + require.NoError(t, err) + assert.False(t, result.Valid) + }) + + t.Run("valid float", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalFloat64("0.5") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.InDelta(t, 0.5, result.Float64, 0.001) + }) + + t.Run("valid integer", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalFloat64("2") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.InDelta(t, 2.0, result.Float64, 0.001) + }) + + t.Run("negative value rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalFloat64("-1") + require.Error(t, err) + }) + + t.Run("zero value rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalFloat64("0") + require.Error(t, err) + }) + + t.Run("non-numeric rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalFloat64("abc") + require.Error(t, err) + }) +} + +func TestParseOptionalMemoryBytes(t *testing.T) { //nolint:funlen // table-driven test + t.Parallel() + + t.Run("empty string returns invalid", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("") + require.NoError(t, err) + assert.False(t, result.Valid) + }) + + t.Run("whitespace only returns invalid", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes(" ") + require.NoError(t, err) + assert.False(t, result.Valid) + }) + + t.Run("plain bytes", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("536870912") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.Equal(t, int64(536870912), result.Int64) + }) + + t.Run("megabytes suffix", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("256m") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.Equal(t, int64(256*1024*1024), result.Int64) + }) + + t.Run("megabytes suffix uppercase", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("256M") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.Equal(t, int64(256*1024*1024), result.Int64) + }) + + t.Run("gigabytes suffix", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("1g") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.Equal(t, int64(1024*1024*1024), result.Int64) + }) + + t.Run("kilobytes suffix", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("512k") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.Equal(t, int64(512*1024), result.Int64) + }) + + t.Run("fractional gigabytes", func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes("1.5g") + require.NoError(t, err) + assert.True(t, result.Valid) + assert.Equal(t, int64(1.5*1024*1024*1024), result.Int64) + }) + + t.Run("negative value rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalMemoryBytes("-256m") + require.Error(t, err) + }) + + t.Run("zero value rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalMemoryBytes("0") + require.Error(t, err) + }) + + t.Run("invalid string rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalMemoryBytes("abc") + require.Error(t, err) + }) + + t.Run("negative plain bytes rejected", func(t *testing.T) { + t.Parallel() + + _, err := parseOptionalMemoryBytes("-100") + require.Error(t, err) + }) +} + +func TestAppResourceLimitsRoundTrip(t *testing.T) { + t.Parallel() + + // Test that parsing and formatting are consistent + tests := []struct { + input string + expected sql.NullInt64 + format string + }{ + {"256m", sql.NullInt64{Int64: 256 * 1024 * 1024, Valid: true}, "256m"}, + {"1g", sql.NullInt64{Int64: 1024 * 1024 * 1024, Valid: true}, "1g"}, + {"512k", sql.NullInt64{Int64: 512 * 1024, Valid: true}, "512k"}, + } + + for _, tt := range tests { + t.Run(tt.input, func(t *testing.T) { + t.Parallel() + + result, err := parseOptionalMemoryBytes(tt.input) + require.NoError(t, err) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/internal/handlers/webhook.go b/internal/handlers/webhook.go index 806f8da..e06ea64 100644 --- a/internal/handlers/webhook.go +++ b/internal/handlers/webhook.go @@ -7,12 +7,14 @@ import ( "github.com/go-chi/chi/v5" "sneak.berlin/go/upaas/internal/models" + "sneak.berlin/go/upaas/internal/service/webhook" ) // maxWebhookBodySize is the maximum allowed size of a webhook request body (1MB). const maxWebhookBodySize = 1 << 20 -// HandleWebhook handles incoming Gitea webhooks. +// HandleWebhook handles incoming webhooks from Gitea, GitHub, or GitLab. +// The webhook source is auto-detected from HTTP headers. func (h *Handlers) HandleWebhook() http.HandlerFunc { return func(writer http.ResponseWriter, request *http.Request) { secret := chi.URLParam(request, "secret") @@ -50,16 +52,17 @@ func (h *Handlers) HandleWebhook() http.HandlerFunc { return } - // Get event type from header - eventType := request.Header.Get("X-Gitea-Event") - if eventType == "" { - eventType = "push" - } + // Auto-detect webhook source from headers + source := webhook.DetectWebhookSource(request.Header) + + // Extract event type based on detected source + eventType := webhook.DetectEventType(request.Header, source) // Process webhook webhookErr := h.webhook.HandleWebhook( request.Context(), application, + source, eventType, body, ) diff --git a/internal/models/app.go b/internal/models/app.go index bda1b14..c476a35 100644 --- a/internal/models/app.go +++ b/internal/models/app.go @@ -14,7 +14,8 @@ import ( const appColumns = `id, name, repo_url, branch, dockerfile_path, webhook_secret, ssh_private_key, ssh_public_key, image_id, status, docker_network, ntfy_topic, slack_webhook, webhook_secret_hash, - previous_image_id, created_at, updated_at` + previous_image_id, cpu_limit, memory_limit, + created_at, updated_at` // AppStatus represents the status of an app. type AppStatus string @@ -47,6 +48,8 @@ type App struct { DockerNetwork sql.NullString NtfyTopic sql.NullString SlackWebhook sql.NullString + CPULimit sql.NullFloat64 + MemoryLimit sql.NullInt64 CreatedAt time.Time UpdatedAt time.Time } @@ -142,14 +145,14 @@ func (a *App) insert(ctx context.Context) error { id, name, repo_url, branch, dockerfile_path, webhook_secret, ssh_private_key, ssh_public_key, image_id, status, docker_network, ntfy_topic, slack_webhook, webhook_secret_hash, - previous_image_id - ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` + previous_image_id, cpu_limit, memory_limit + ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)` _, err := a.db.Exec(ctx, query, a.ID, a.Name, a.RepoURL, a.Branch, a.DockerfilePath, a.WebhookSecret, a.SSHPrivateKey, a.SSHPublicKey, a.ImageID, a.Status, a.DockerNetwork, a.NtfyTopic, a.SlackWebhook, a.WebhookSecretHash, - a.PreviousImageID, + a.PreviousImageID, a.CPULimit, a.MemoryLimit, ) if err != nil { return err @@ -165,6 +168,7 @@ func (a *App) update(ctx context.Context) error { image_id = ?, status = ?, docker_network = ?, ntfy_topic = ?, slack_webhook = ?, previous_image_id = ?, + cpu_limit = ?, memory_limit = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?` @@ -173,6 +177,7 @@ func (a *App) update(ctx context.Context) error { a.ImageID, a.Status, a.DockerNetwork, a.NtfyTopic, a.SlackWebhook, a.PreviousImageID, + a.CPULimit, a.MemoryLimit, a.ID, ) @@ -188,6 +193,7 @@ func (a *App) scan(row *sql.Row) error { &a.DockerNetwork, &a.NtfyTopic, &a.SlackWebhook, &a.WebhookSecretHash, &a.PreviousImageID, + &a.CPULimit, &a.MemoryLimit, &a.CreatedAt, &a.UpdatedAt, ) } @@ -206,6 +212,7 @@ func scanApps(appDB *database.Database, rows *sql.Rows) ([]*App, error) { &app.DockerNetwork, &app.NtfyTopic, &app.SlackWebhook, &app.WebhookSecretHash, &app.PreviousImageID, + &app.CPULimit, &app.MemoryLimit, &app.CreatedAt, &app.UpdatedAt, ) if scanErr != nil { diff --git a/internal/models/models_test.go b/internal/models/models_test.go index 2d894b5..727a746 100644 --- a/internal/models/models_test.go +++ b/internal/models/models_test.go @@ -781,6 +781,96 @@ func TestCascadeDelete(t *testing.T) { }) } +// Resource Limits Tests. + +func TestAppResourceLimits(t *testing.T) { //nolint:funlen // integration test with multiple subtests + t.Parallel() + + t.Run("saves and loads CPU limit", func(t *testing.T) { + t.Parallel() + + testDB, cleanup := setupTestDB(t) + defer cleanup() + + app := createTestApp(t, testDB) + + app.CPULimit = sql.NullFloat64{Float64: 0.5, Valid: true} + + err := app.Save(context.Background()) + require.NoError(t, err) + + found, err := models.FindApp(context.Background(), testDB, app.ID) + require.NoError(t, err) + require.NotNil(t, found) + assert.True(t, found.CPULimit.Valid) + assert.InDelta(t, 0.5, found.CPULimit.Float64, 0.001) + }) + + t.Run("saves and loads memory limit", func(t *testing.T) { + t.Parallel() + + testDB, cleanup := setupTestDB(t) + defer cleanup() + + app := createTestApp(t, testDB) + + app.MemoryLimit = sql.NullInt64{Int64: 536870912, Valid: true} // 512m + + err := app.Save(context.Background()) + require.NoError(t, err) + + found, err := models.FindApp(context.Background(), testDB, app.ID) + require.NoError(t, err) + require.NotNil(t, found) + assert.True(t, found.MemoryLimit.Valid) + assert.Equal(t, int64(536870912), found.MemoryLimit.Int64) + }) + + t.Run("null limits by default", func(t *testing.T) { + t.Parallel() + + testDB, cleanup := setupTestDB(t) + defer cleanup() + + app := createTestApp(t, testDB) + + found, err := models.FindApp(context.Background(), testDB, app.ID) + require.NoError(t, err) + require.NotNil(t, found) + assert.False(t, found.CPULimit.Valid) + assert.False(t, found.MemoryLimit.Valid) + }) + + t.Run("clears limits when set to null", func(t *testing.T) { + t.Parallel() + + testDB, cleanup := setupTestDB(t) + defer cleanup() + + app := createTestApp(t, testDB) + + // Set limits + app.CPULimit = sql.NullFloat64{Float64: 1.0, Valid: true} + app.MemoryLimit = sql.NullInt64{Int64: 1073741824, Valid: true} // 1g + + err := app.Save(context.Background()) + require.NoError(t, err) + + // Clear limits + app.CPULimit = sql.NullFloat64{} + app.MemoryLimit = sql.NullInt64{} + + err = app.Save(context.Background()) + require.NoError(t, err) + + found, err := models.FindApp(context.Background(), testDB, app.ID) + require.NoError(t, err) + require.NotNil(t, found) + assert.False(t, found.CPULimit.Valid) + assert.False(t, found.MemoryLimit.Valid) + }) +} + // Helper function to create a test app. func createTestApp(t *testing.T, testDB *database.Database) *models.App { t.Helper() diff --git a/internal/service/deploy/deploy.go b/internal/service/deploy/deploy.go index 4b78e29..2bc983c 100644 --- a/internal/service/deploy/deploy.go +++ b/internal/service/deploy/deploy.go @@ -1094,14 +1094,28 @@ func (svc *Service) buildContainerOptions( network = app.DockerNetwork.String } + var cpuLimit float64 + + if app.CPULimit.Valid { + cpuLimit = app.CPULimit.Float64 + } + + var memoryLimit int64 + + if app.MemoryLimit.Valid { + memoryLimit = app.MemoryLimit.Int64 + } + return docker.CreateContainerOptions{ - Name: "upaas-" + app.Name, - Image: imageID.String(), - Env: envMap, - Labels: buildLabelMap(app, labels), - Volumes: buildVolumeMounts(volumes), - Ports: buildPortMappings(ports), - Network: network, + Name: "upaas-" + app.Name, + Image: imageID.String(), + Env: envMap, + Labels: buildLabelMap(app, labels), + Volumes: buildVolumeMounts(volumes), + Ports: buildPortMappings(ports), + Network: network, + CPULimit: cpuLimit, + MemoryLimit: memoryLimit, }, nil } diff --git a/internal/service/deploy/deploy_container_test.go b/internal/service/deploy/deploy_container_test.go index 4b047fd..1bc4c77 100644 --- a/internal/service/deploy/deploy_container_test.go +++ b/internal/service/deploy/deploy_container_test.go @@ -2,6 +2,7 @@ package deploy_test import ( "context" + "database/sql" "log/slog" "os" "testing" @@ -43,3 +44,93 @@ func TestBuildContainerOptionsUsesImageID(t *testing.T) { t.Errorf("expected Name=%q, got %q", "upaas-myapp", opts.Name) } } + +func TestBuildContainerOptionsNoResourceLimits(t *testing.T) { + t.Parallel() + + db := database.NewTestDatabase(t) + + app := models.NewApp(db) + app.Name = "nolimits" + + err := app.Save(context.Background()) + if err != nil { + t.Fatalf("failed to save app: %v", err) + } + + log := slog.New(slog.NewTextHandler(os.Stderr, nil)) + svc := deploy.NewTestService(log) + + opts, err := svc.BuildContainerOptionsExported( + context.Background(), app, docker.ImageID("test:latest"), + ) + if err != nil { + t.Fatalf("buildContainerOptions returned error: %v", err) + } + + if opts.CPULimit != 0 { + t.Errorf("expected CPULimit=0, got %v", opts.CPULimit) + } + + if opts.MemoryLimit != 0 { + t.Errorf("expected MemoryLimit=0, got %v", opts.MemoryLimit) + } +} + +func TestBuildContainerOptionsCPULimit(t *testing.T) { + t.Parallel() + + db := database.NewTestDatabase(t) + + app := models.NewApp(db) + app.Name = "cpulimit" + app.CPULimit = sql.NullFloat64{Float64: 0.5, Valid: true} + + err := app.Save(context.Background()) + if err != nil { + t.Fatalf("failed to save app: %v", err) + } + + log := slog.New(slog.NewTextHandler(os.Stderr, nil)) + svc := deploy.NewTestService(log) + + opts, err := svc.BuildContainerOptionsExported( + context.Background(), app, docker.ImageID("test:latest"), + ) + if err != nil { + t.Fatalf("buildContainerOptions returned error: %v", err) + } + + if opts.CPULimit != 0.5 { + t.Errorf("expected CPULimit=0.5, got %v", opts.CPULimit) + } +} + +func TestBuildContainerOptionsMemoryLimit(t *testing.T) { + t.Parallel() + + db := database.NewTestDatabase(t) + + app := models.NewApp(db) + app.Name = "memlimit" + app.MemoryLimit = sql.NullInt64{Int64: 536870912, Valid: true} // 512m + + err := app.Save(context.Background()) + if err != nil { + t.Fatalf("failed to save app: %v", err) + } + + log := slog.New(slog.NewTextHandler(os.Stderr, nil)) + svc := deploy.NewTestService(log) + + opts, err := svc.BuildContainerOptionsExported( + context.Background(), app, docker.ImageID("test:latest"), + ) + if err != nil { + t.Fatalf("buildContainerOptions returned error: %v", err) + } + + if opts.MemoryLimit != 536870912 { + t.Errorf("expected MemoryLimit=536870912, got %v", opts.MemoryLimit) + } +} diff --git a/internal/service/webhook/payloads.go b/internal/service/webhook/payloads.go new file mode 100644 index 0000000..1b9d1c1 --- /dev/null +++ b/internal/service/webhook/payloads.go @@ -0,0 +1,248 @@ +package webhook + +import "encoding/json" + +// GiteaPushPayload represents a Gitea push webhook payload. +// +//nolint:tagliatelle // Field names match Gitea API (snake_case) +type GiteaPushPayload struct { + Ref string `json:"ref"` + Before string `json:"before"` + After string `json:"after"` + CompareURL UnparsedURL `json:"compare_url"` + Repository struct { + FullName string `json:"full_name"` + CloneURL UnparsedURL `json:"clone_url"` + SSHURL string `json:"ssh_url"` + HTMLURL UnparsedURL `json:"html_url"` + } `json:"repository"` + Pusher struct { + Username string `json:"username"` + Email string `json:"email"` + } `json:"pusher"` + Commits []struct { + ID string `json:"id"` + URL UnparsedURL `json:"url"` + Message string `json:"message"` + Author struct { + Name string `json:"name"` + Email string `json:"email"` + } `json:"author"` + } `json:"commits"` +} + +// GitHubPushPayload represents a GitHub push webhook payload. +// +//nolint:tagliatelle // Field names match GitHub API (snake_case) +type GitHubPushPayload struct { + Ref string `json:"ref"` + Before string `json:"before"` + After string `json:"after"` + CompareURL string `json:"compare"` + Repository struct { + FullName string `json:"full_name"` + CloneURL UnparsedURL `json:"clone_url"` + SSHURL string `json:"ssh_url"` + HTMLURL UnparsedURL `json:"html_url"` + } `json:"repository"` + Pusher struct { + Name string `json:"name"` + Email string `json:"email"` + } `json:"pusher"` + HeadCommit *struct { + ID string `json:"id"` + URL UnparsedURL `json:"url"` + Message string `json:"message"` + } `json:"head_commit"` + Commits []struct { + ID string `json:"id"` + URL UnparsedURL `json:"url"` + Message string `json:"message"` + Author struct { + Name string `json:"name"` + Email string `json:"email"` + } `json:"author"` + } `json:"commits"` +} + +// GitLabPushPayload represents a GitLab push webhook payload. +// +//nolint:tagliatelle // Field names match GitLab API (snake_case) +type GitLabPushPayload struct { + Ref string `json:"ref"` + Before string `json:"before"` + After string `json:"after"` + UserName string `json:"user_name"` + UserEmail string `json:"user_email"` + Project struct { + PathWithNamespace string `json:"path_with_namespace"` + GitHTTPURL UnparsedURL `json:"git_http_url"` + GitSSHURL string `json:"git_ssh_url"` + WebURL UnparsedURL `json:"web_url"` + } `json:"project"` + Commits []struct { + ID string `json:"id"` + URL UnparsedURL `json:"url"` + Message string `json:"message"` + Author struct { + Name string `json:"name"` + Email string `json:"email"` + } `json:"author"` + } `json:"commits"` +} + +// ParsePushPayload parses a raw webhook payload into a normalized PushEvent +// based on the detected webhook source. Returns an error if JSON unmarshaling +// fails. For SourceUnknown, falls back to Gitea format for backward +// compatibility. +func ParsePushPayload(source Source, payload []byte) (*PushEvent, error) { + switch source { + case SourceGitHub: + return parseGitHubPush(payload) + case SourceGitLab: + return parseGitLabPush(payload) + case SourceGitea, SourceUnknown: + // Gitea and unknown both use Gitea format for backward compatibility. + return parseGiteaPush(payload) + } + + // Unreachable for known source values, but satisfies exhaustive checker. + return parseGiteaPush(payload) +} + +func parseGiteaPush(payload []byte) (*PushEvent, error) { + var p GiteaPushPayload + + unmarshalErr := json.Unmarshal(payload, &p) + if unmarshalErr != nil { + return nil, unmarshalErr + } + + commitURL := extractGiteaCommitURL(p) + + return &PushEvent{ + Source: SourceGitea, + Ref: p.Ref, + Before: p.Before, + After: p.After, + Branch: extractBranch(p.Ref), + RepoName: p.Repository.FullName, + CloneURL: p.Repository.CloneURL, + HTMLURL: p.Repository.HTMLURL, + CommitURL: commitURL, + Pusher: p.Pusher.Username, + }, nil +} + +func parseGitHubPush(payload []byte) (*PushEvent, error) { + var p GitHubPushPayload + + unmarshalErr := json.Unmarshal(payload, &p) + if unmarshalErr != nil { + return nil, unmarshalErr + } + + commitURL := extractGitHubCommitURL(p) + + return &PushEvent{ + Source: SourceGitHub, + Ref: p.Ref, + Before: p.Before, + After: p.After, + Branch: extractBranch(p.Ref), + RepoName: p.Repository.FullName, + CloneURL: p.Repository.CloneURL, + HTMLURL: p.Repository.HTMLURL, + CommitURL: commitURL, + Pusher: p.Pusher.Name, + }, nil +} + +func parseGitLabPush(payload []byte) (*PushEvent, error) { + var p GitLabPushPayload + + unmarshalErr := json.Unmarshal(payload, &p) + if unmarshalErr != nil { + return nil, unmarshalErr + } + + commitURL := extractGitLabCommitURL(p) + + return &PushEvent{ + Source: SourceGitLab, + Ref: p.Ref, + Before: p.Before, + After: p.After, + Branch: extractBranch(p.Ref), + RepoName: p.Project.PathWithNamespace, + CloneURL: p.Project.GitHTTPURL, + HTMLURL: p.Project.WebURL, + CommitURL: commitURL, + Pusher: p.UserName, + }, nil +} + +// extractBranch extracts the branch name from a git ref. +func extractBranch(ref string) string { + // refs/heads/main -> main + const prefix = "refs/heads/" + + if len(ref) >= len(prefix) && ref[:len(prefix)] == prefix { + return ref[len(prefix):] + } + + return ref +} + +// extractGiteaCommitURL extracts the commit URL from a Gitea push payload. +// Prefers the URL from the head commit, falls back to constructing from repo URL. +func extractGiteaCommitURL(payload GiteaPushPayload) UnparsedURL { + for _, commit := range payload.Commits { + if commit.ID == payload.After && commit.URL != "" { + return commit.URL + } + } + + if payload.Repository.HTMLURL != "" && payload.After != "" { + return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After) + } + + return "" +} + +// extractGitHubCommitURL extracts the commit URL from a GitHub push payload. +// Prefers head_commit.url, then searches commits, then constructs from repo URL. +func extractGitHubCommitURL(payload GitHubPushPayload) UnparsedURL { + if payload.HeadCommit != nil && payload.HeadCommit.URL != "" { + return payload.HeadCommit.URL + } + + for _, commit := range payload.Commits { + if commit.ID == payload.After && commit.URL != "" { + return commit.URL + } + } + + if payload.Repository.HTMLURL != "" && payload.After != "" { + return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After) + } + + return "" +} + +// extractGitLabCommitURL extracts the commit URL from a GitLab push payload. +// Prefers commit URL from the commits list, falls back to constructing from +// project web URL. +func extractGitLabCommitURL(payload GitLabPushPayload) UnparsedURL { + for _, commit := range payload.Commits { + if commit.ID == payload.After && commit.URL != "" { + return commit.URL + } + } + + if payload.Project.WebURL != "" && payload.After != "" { + return UnparsedURL(payload.Project.WebURL.String() + "/-/commit/" + payload.After) + } + + return "" +} diff --git a/internal/service/webhook/types.go b/internal/service/webhook/types.go index 2c616fb..aa2f78c 100644 --- a/internal/service/webhook/types.go +++ b/internal/service/webhook/types.go @@ -1,5 +1,7 @@ package webhook +import "net/http" + // UnparsedURL is a URL stored as a plain string without parsing. // Use this instead of string when the value is known to be a URL // but should not be parsed into a net/url.URL (e.g. webhook URLs, @@ -8,3 +10,84 @@ type UnparsedURL string // String implements the fmt.Stringer interface. func (u UnparsedURL) String() string { return string(u) } + +// Source identifies which git hosting platform sent the webhook. +type Source string + +const ( + // SourceGitea indicates the webhook was sent by a Gitea instance. + SourceGitea Source = "gitea" + + // SourceGitHub indicates the webhook was sent by GitHub. + SourceGitHub Source = "github" + + // SourceGitLab indicates the webhook was sent by a GitLab instance. + SourceGitLab Source = "gitlab" + + // SourceUnknown indicates the webhook source could not be determined. + SourceUnknown Source = "unknown" +) + +// String implements the fmt.Stringer interface. +func (s Source) String() string { return string(s) } + +// DetectWebhookSource determines the webhook source from HTTP headers. +// It checks for platform-specific event headers in this order: +// Gitea (X-Gitea-Event), GitHub (X-GitHub-Event), GitLab (X-Gitlab-Event). +// Returns SourceUnknown if no recognized header is found. +func DetectWebhookSource(headers http.Header) Source { + if headers.Get("X-Gitea-Event") != "" { + return SourceGitea + } + + if headers.Get("X-Github-Event") != "" { + return SourceGitHub + } + + if headers.Get("X-Gitlab-Event") != "" { + return SourceGitLab + } + + return SourceUnknown +} + +// DetectEventType extracts the event type string from HTTP headers +// based on the detected webhook source. Returns "push" as a fallback +// when no event header is found. +func DetectEventType(headers http.Header, source Source) string { + switch source { + case SourceGitea: + if v := headers.Get("X-Gitea-Event"); v != "" { + return v + } + case SourceGitHub: + if v := headers.Get("X-Github-Event"); v != "" { + return v + } + case SourceGitLab: + if v := headers.Get("X-Gitlab-Event"); v != "" { + return v + } + case SourceUnknown: + // Fall through to default + } + + return "push" +} + +// PushEvent is a normalized representation of a push webhook payload +// from any supported source (Gitea, GitHub, GitLab). The webhook +// service converts source-specific payloads into this format before +// processing. +type PushEvent struct { + Source Source + Ref string + Before string + After string + Branch string + RepoName string + CloneURL UnparsedURL + HTMLURL UnparsedURL + CommitURL UnparsedURL + Pusher string +} diff --git a/internal/service/webhook/webhook.go b/internal/service/webhook/webhook.go index db772d5..69c1f6c 100644 --- a/internal/service/webhook/webhook.go +++ b/internal/service/webhook/webhook.go @@ -4,7 +4,6 @@ package webhook import ( "context" "database/sql" - "encoding/json" "fmt" "log/slog" @@ -44,68 +43,46 @@ func New(_ fx.Lifecycle, params ServiceParams) (*Service, error) { }, nil } -// GiteaPushPayload represents a Gitea push webhook payload. -// -//nolint:tagliatelle // Field names match Gitea API (snake_case) -type GiteaPushPayload struct { - Ref string `json:"ref"` - Before string `json:"before"` - After string `json:"after"` - CompareURL UnparsedURL `json:"compare_url"` - Repository struct { - FullName string `json:"full_name"` - CloneURL UnparsedURL `json:"clone_url"` - SSHURL string `json:"ssh_url"` - HTMLURL UnparsedURL `json:"html_url"` - } `json:"repository"` - Pusher struct { - Username string `json:"username"` - Email string `json:"email"` - } `json:"pusher"` - Commits []struct { - ID string `json:"id"` - URL UnparsedURL `json:"url"` - Message string `json:"message"` - Author struct { - Name string `json:"name"` - Email string `json:"email"` - } `json:"author"` - } `json:"commits"` -} - -// HandleWebhook processes a webhook request. +// HandleWebhook processes a webhook request from any supported source +// (Gitea, GitHub, or GitLab). The source parameter determines which +// payload format to use for parsing. func (svc *Service) HandleWebhook( ctx context.Context, app *models.App, + source Source, eventType string, payload []byte, ) error { - svc.log.Info("processing webhook", "app", app.Name, "event", eventType) + svc.log.Info("processing webhook", + "app", app.Name, + "source", source.String(), + "event", eventType, + ) - // Parse payload - var pushPayload GiteaPushPayload - - unmarshalErr := json.Unmarshal(payload, &pushPayload) - if unmarshalErr != nil { - svc.log.Warn("failed to parse webhook payload", "error", unmarshalErr) - // Continue anyway to log the event + // Parse payload into normalized push event + pushEvent, parseErr := ParsePushPayload(source, payload) + if parseErr != nil { + svc.log.Warn("failed to parse webhook payload", + "error", parseErr, + "source", source.String(), + ) + // Continue with empty push event to still log the webhook + pushEvent = &PushEvent{Source: source} } - // Extract branch from ref - branch := extractBranch(pushPayload.Ref) - commitSHA := pushPayload.After - commitURL := extractCommitURL(pushPayload) - // Check if branch matches - matched := branch == app.Branch + matched := pushEvent.Branch == app.Branch // Create webhook event record event := models.NewWebhookEvent(svc.db) event.AppID = app.ID event.EventType = eventType - event.Branch = branch - event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""} - event.CommitURL = sql.NullString{String: commitURL.String(), Valid: commitURL != ""} + event.Branch = pushEvent.Branch + event.CommitSHA = sql.NullString{String: pushEvent.After, Valid: pushEvent.After != ""} + event.CommitURL = sql.NullString{ + String: pushEvent.CommitURL.String(), + Valid: pushEvent.CommitURL != "", + } event.Payload = sql.NullString{String: string(payload), Valid: true} event.Matched = matched event.Processed = false @@ -117,9 +94,10 @@ func (svc *Service) HandleWebhook( svc.log.Info("webhook event recorded", "app", app.Name, - "branch", branch, + "source", source.String(), + "branch", pushEvent.Branch, "matched", matched, - "commit", commitSHA, + "commit", pushEvent.After, ) // If branch matches, trigger deployment @@ -154,33 +132,3 @@ func (svc *Service) triggerDeployment( _ = event.Save(deployCtx) }() } - -// extractBranch extracts the branch name from a git ref. -func extractBranch(ref string) string { - // refs/heads/main -> main - const prefix = "refs/heads/" - - if len(ref) >= len(prefix) && ref[:len(prefix)] == prefix { - return ref[len(prefix):] - } - - return ref -} - -// extractCommitURL extracts the commit URL from the webhook payload. -// Prefers the URL from the head commit, falls back to constructing from repo URL. -func extractCommitURL(payload GiteaPushPayload) UnparsedURL { - // Try to find the URL from the head commit (matching After SHA) - for _, commit := range payload.Commits { - if commit.ID == payload.After && commit.URL != "" { - return commit.URL - } - } - - // Fall back to constructing URL from repo HTML URL - if payload.Repository.HTMLURL != "" && payload.After != "" { - return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After) - } - - return "" -} diff --git a/internal/service/webhook/webhook_test.go b/internal/service/webhook/webhook_test.go index 9c425a2..7cf4d5c 100644 --- a/internal/service/webhook/webhook_test.go +++ b/internal/service/webhook/webhook_test.go @@ -3,6 +3,7 @@ package webhook_test import ( "context" "encoding/json" + "net/http" "os" "path/filepath" "testing" @@ -102,44 +103,57 @@ func createTestApp( return app } +// TestDetectWebhookSource tests auto-detection of webhook source from HTTP headers. +// //nolint:funlen // table-driven test with comprehensive test cases -func TestExtractBranch(testingT *testing.T) { +func TestDetectWebhookSource(testingT *testing.T) { testingT.Parallel() tests := []struct { name string - ref string - expected string + headers map[string]string + expected webhook.Source }{ { - name: "extracts main branch", - ref: "refs/heads/main", - expected: "main", + name: "detects Gitea from X-Gitea-Event header", + headers: map[string]string{"X-Gitea-Event": "push"}, + expected: webhook.SourceGitea, }, { - name: "extracts feature branch", - ref: "refs/heads/feature/new-feature", - expected: "feature/new-feature", + name: "detects GitHub from X-GitHub-Event header", + headers: map[string]string{"X-GitHub-Event": "push"}, + expected: webhook.SourceGitHub, }, { - name: "extracts develop branch", - ref: "refs/heads/develop", - expected: "develop", + name: "detects GitLab from X-Gitlab-Event header", + headers: map[string]string{"X-Gitlab-Event": "Push Hook"}, + expected: webhook.SourceGitLab, }, { - name: "returns raw ref if no prefix", - ref: "main", - expected: "main", + name: "returns unknown when no recognized header", + headers: map[string]string{"Content-Type": "application/json"}, + expected: webhook.SourceUnknown, }, { - name: "handles empty ref", - ref: "", - expected: "", + name: "returns unknown for empty headers", + headers: map[string]string{}, + expected: webhook.SourceUnknown, }, { - name: "handles partial prefix", - ref: "refs/heads/", - expected: "", + name: "Gitea takes precedence over GitHub", + headers: map[string]string{ + "X-Gitea-Event": "push", + "X-GitHub-Event": "push", + }, + expected: webhook.SourceGitea, + }, + { + name: "GitHub takes precedence over GitLab", + headers: map[string]string{ + "X-GitHub-Event": "push", + "X-Gitlab-Event": "Push Hook", + }, + expected: webhook.SourceGitHub, }, } @@ -147,123 +161,375 @@ func TestExtractBranch(testingT *testing.T) { testingT.Run(testCase.name, func(t *testing.T) { t.Parallel() - // We test via HandleWebhook since extractBranch is not exported. - // The test verifies behavior indirectly through the webhook event's branch. - svc, dbInst, cleanup := setupTestService(t) - defer cleanup() + headers := http.Header{} + for key, value := range testCase.headers { + headers.Set(key, value) + } - app := createTestApp(t, dbInst, testCase.expected) - - payload := []byte(`{"ref": "` + testCase.ref + `"}`) - - err := svc.HandleWebhook(context.Background(), app, "push", payload) - require.NoError(t, err) - - // Allow async deployment goroutine to complete before test cleanup - time.Sleep(100 * time.Millisecond) - - events, err := app.GetWebhookEvents(context.Background(), 10) - require.NoError(t, err) - require.Len(t, events, 1) - - assert.Equal(t, testCase.expected, events[0].Branch) + result := webhook.DetectWebhookSource(headers) + assert.Equal(t, testCase.expected, result) }) } } -func TestHandleWebhookMatchingBranch(t *testing.T) { +// TestDetectEventType tests event type extraction from HTTP headers. +func TestDetectEventType(testingT *testing.T) { + testingT.Parallel() + + tests := []struct { + name string + headers map[string]string + source webhook.Source + expected string + }{ + { + name: "extracts Gitea event type", + headers: map[string]string{"X-Gitea-Event": "push"}, + source: webhook.SourceGitea, + expected: "push", + }, + { + name: "extracts GitHub event type", + headers: map[string]string{"X-GitHub-Event": "push"}, + source: webhook.SourceGitHub, + expected: "push", + }, + { + name: "extracts GitLab event type", + headers: map[string]string{"X-Gitlab-Event": "Push Hook"}, + source: webhook.SourceGitLab, + expected: "Push Hook", + }, + { + name: "returns push for unknown source", + headers: map[string]string{}, + source: webhook.SourceUnknown, + expected: "push", + }, + { + name: "returns push when header missing for source", + headers: map[string]string{}, + source: webhook.SourceGitea, + expected: "push", + }, + } + + for _, testCase := range tests { + testingT.Run(testCase.name, func(t *testing.T) { + t.Parallel() + + headers := http.Header{} + for key, value := range testCase.headers { + headers.Set(key, value) + } + + result := webhook.DetectEventType(headers, testCase.source) + assert.Equal(t, testCase.expected, result) + }) + } +} + +// TestWebhookSourceString tests the String method on WebhookSource. +func TestWebhookSourceString(t *testing.T) { t.Parallel() - svc, dbInst, cleanup := setupTestService(t) - defer cleanup() + assert.Equal(t, "gitea", webhook.SourceGitea.String()) + assert.Equal(t, "github", webhook.SourceGitHub.String()) + assert.Equal(t, "gitlab", webhook.SourceGitLab.String()) + assert.Equal(t, "unknown", webhook.SourceUnknown.String()) +} - app := createTestApp(t, dbInst, "main") +// TestUnparsedURLString tests the String method on UnparsedURL. +func TestUnparsedURLString(t *testing.T) { + t.Parallel() + + u := webhook.UnparsedURL("https://example.com/test") + assert.Equal(t, "https://example.com/test", u.String()) + + empty := webhook.UnparsedURL("") + assert.Empty(t, empty.String()) +} + +// TestParsePushPayloadGitea tests parsing of Gitea push payloads. +func TestParsePushPayloadGitea(t *testing.T) { + t.Parallel() payload := []byte(`{ "ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", - "after": "abc123def456", + "after": "abc123def456789", + "compare_url": "https://gitea.example.com/myorg/myrepo/compare/000...abc", "repository": { - "full_name": "user/repo", - "clone_url": "https://gitea.example.com/user/repo.git", - "ssh_url": "git@gitea.example.com:user/repo.git" + "full_name": "myorg/myrepo", + "clone_url": "https://gitea.example.com/myorg/myrepo.git", + "ssh_url": "git@gitea.example.com:myorg/myrepo.git", + "html_url": "https://gitea.example.com/myorg/myrepo" }, - "pusher": {"username": "testuser", "email": "test@example.com"}, - "commits": [{"id": "abc123def456", "message": "Test commit", - "author": {"name": "Test User", "email": "test@example.com"}}] + "pusher": {"username": "developer", "email": "dev@example.com"}, + "commits": [ + { + "id": "abc123def456789", + "url": "https://gitea.example.com/myorg/myrepo/commit/abc123def456789", + "message": "Fix bug", + "author": {"name": "Developer", "email": "dev@example.com"} + } + ] }`) - err := svc.HandleWebhook(context.Background(), app, "push", payload) + event, err := webhook.ParsePushPayload(webhook.SourceGitea, payload) require.NoError(t, err) - // Allow async deployment goroutine to complete before test cleanup - time.Sleep(100 * time.Millisecond) - - events, err := app.GetWebhookEvents(context.Background(), 10) - require.NoError(t, err) - require.Len(t, events, 1) - - event := events[0] - assert.Equal(t, "push", event.EventType) + assert.Equal(t, webhook.SourceGitea, event.Source) + assert.Equal(t, "refs/heads/main", event.Ref) assert.Equal(t, "main", event.Branch) - assert.True(t, event.Matched) - assert.Equal(t, "abc123def456", event.CommitSHA.String) + assert.Equal(t, "abc123def456789", event.After) + assert.Equal(t, "myorg/myrepo", event.RepoName) + assert.Equal(t, webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo.git"), event.CloneURL) + assert.Equal(t, webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo"), event.HTMLURL) + assert.Equal(t, + webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo/commit/abc123def456789"), + event.CommitURL, + ) + assert.Equal(t, "developer", event.Pusher) } -func TestHandleWebhookNonMatchingBranch(t *testing.T) { +// TestParsePushPayloadGitHub tests parsing of GitHub push payloads. +func TestParsePushPayloadGitHub(t *testing.T) { t.Parallel() - svc, dbInst, cleanup := setupTestService(t) - defer cleanup() + payload := []byte(`{ + "ref": "refs/heads/main", + "before": "0000000000000000000000000000000000000000", + "after": "abc123def456789", + "compare": "https://github.com/myorg/myrepo/compare/000...abc", + "repository": { + "full_name": "myorg/myrepo", + "clone_url": "https://github.com/myorg/myrepo.git", + "ssh_url": "git@github.com:myorg/myrepo.git", + "html_url": "https://github.com/myorg/myrepo" + }, + "pusher": {"name": "developer", "email": "dev@example.com"}, + "head_commit": { + "id": "abc123def456789", + "url": "https://github.com/myorg/myrepo/commit/abc123def456789", + "message": "Fix bug" + }, + "commits": [ + { + "id": "abc123def456789", + "url": "https://github.com/myorg/myrepo/commit/abc123def456789", + "message": "Fix bug", + "author": {"name": "Developer", "email": "dev@example.com"} + } + ] + }`) - app := createTestApp(t, dbInst, "main") - - payload := []byte(`{"ref": "refs/heads/develop", "after": "def789ghi012"}`) - - err := svc.HandleWebhook(context.Background(), app, "push", payload) + event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload) require.NoError(t, err) - events, err := app.GetWebhookEvents(context.Background(), 10) - require.NoError(t, err) - require.Len(t, events, 1) - - assert.Equal(t, "develop", events[0].Branch) - assert.False(t, events[0].Matched) + assert.Equal(t, webhook.SourceGitHub, event.Source) + assert.Equal(t, "refs/heads/main", event.Ref) + assert.Equal(t, "main", event.Branch) + assert.Equal(t, "abc123def456789", event.After) + assert.Equal(t, "myorg/myrepo", event.RepoName) + assert.Equal(t, webhook.UnparsedURL("https://github.com/myorg/myrepo.git"), event.CloneURL) + assert.Equal(t, webhook.UnparsedURL("https://github.com/myorg/myrepo"), event.HTMLURL) + assert.Equal(t, + webhook.UnparsedURL("https://github.com/myorg/myrepo/commit/abc123def456789"), + event.CommitURL, + ) + assert.Equal(t, "developer", event.Pusher) } -func TestHandleWebhookInvalidJSON(t *testing.T) { +// TestParsePushPayloadGitLab tests parsing of GitLab push payloads. +func TestParsePushPayloadGitLab(t *testing.T) { t.Parallel() - svc, dbInst, cleanup := setupTestService(t) - defer cleanup() + payload := []byte(`{ + "ref": "refs/heads/develop", + "before": "0000000000000000000000000000000000000000", + "after": "abc123def456789", + "user_name": "developer", + "user_email": "dev@example.com", + "project": { + "path_with_namespace": "mygroup/myproject", + "git_http_url": "https://gitlab.com/mygroup/myproject.git", + "git_ssh_url": "git@gitlab.com:mygroup/myproject.git", + "web_url": "https://gitlab.com/mygroup/myproject" + }, + "commits": [ + { + "id": "abc123def456789", + "url": "https://gitlab.com/mygroup/myproject/-/commit/abc123def456789", + "message": "Fix bug", + "author": {"name": "Developer", "email": "dev@example.com"} + } + ] + }`) - app := createTestApp(t, dbInst, "main") - - err := svc.HandleWebhook(context.Background(), app, "push", []byte(`{invalid json}`)) + event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload) require.NoError(t, err) - events, err := app.GetWebhookEvents(context.Background(), 10) - require.NoError(t, err) - require.Len(t, events, 1) + assert.Equal(t, webhook.SourceGitLab, event.Source) + assert.Equal(t, "refs/heads/develop", event.Ref) + assert.Equal(t, "develop", event.Branch) + assert.Equal(t, "abc123def456789", event.After) + assert.Equal(t, "mygroup/myproject", event.RepoName) + assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/mygroup/myproject.git"), event.CloneURL) + assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/mygroup/myproject"), event.HTMLURL) + assert.Equal(t, + webhook.UnparsedURL("https://gitlab.com/mygroup/myproject/-/commit/abc123def456789"), + event.CommitURL, + ) + assert.Equal(t, "developer", event.Pusher) } -func TestHandleWebhookEmptyPayload(t *testing.T) { +// TestParsePushPayloadUnknownFallsBackToGitea tests that unknown source uses Gitea parser. +func TestParsePushPayloadUnknownFallsBackToGitea(t *testing.T) { t.Parallel() - svc, dbInst, cleanup := setupTestService(t) - defer cleanup() + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "abc123", + "repository": {"full_name": "user/repo"}, + "pusher": {"username": "user"} + }`) - app := createTestApp(t, dbInst, "main") - - err := svc.HandleWebhook(context.Background(), app, "push", []byte(`{}`)) + event, err := webhook.ParsePushPayload(webhook.SourceUnknown, payload) require.NoError(t, err) - events, err := app.GetWebhookEvents(context.Background(), 10) - require.NoError(t, err) - require.Len(t, events, 1) - assert.False(t, events[0].Matched) + assert.Equal(t, webhook.SourceGitea, event.Source) + assert.Equal(t, "main", event.Branch) + assert.Equal(t, "abc123", event.After) } +// TestParsePushPayloadInvalidJSON tests that invalid JSON returns an error. +func TestParsePushPayloadInvalidJSON(t *testing.T) { + t.Parallel() + + sources := []webhook.Source{ + webhook.SourceGitea, + webhook.SourceGitHub, + webhook.SourceGitLab, + } + + for _, source := range sources { + t.Run(source.String(), func(t *testing.T) { + t.Parallel() + + _, err := webhook.ParsePushPayload(source, []byte(`{invalid json}`)) + require.Error(t, err) + }) + } +} + +// TestParsePushPayloadEmptyPayload tests parsing of empty JSON objects. +func TestParsePushPayloadEmptyPayload(t *testing.T) { + t.Parallel() + + sources := []webhook.Source{ + webhook.SourceGitea, + webhook.SourceGitHub, + webhook.SourceGitLab, + } + + for _, source := range sources { + t.Run(source.String(), func(t *testing.T) { + t.Parallel() + + event, err := webhook.ParsePushPayload(source, []byte(`{}`)) + require.NoError(t, err) + + assert.Empty(t, event.Branch) + assert.Empty(t, event.After) + }) + } +} + +// TestGitHubCommitURLFallback tests commit URL extraction fallback paths for GitHub. +func TestGitHubCommitURLFallback(t *testing.T) { + t.Parallel() + + t.Run("uses head_commit URL when available", func(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "abc123", + "head_commit": {"id": "abc123", "url": "https://github.com/u/r/commit/abc123"}, + "repository": {"html_url": "https://github.com/u/r"} + }`) + + event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload) + require.NoError(t, err) + assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL) + }) + + t.Run("falls back to commits list", func(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "abc123", + "commits": [{"id": "abc123", "url": "https://github.com/u/r/commit/abc123"}], + "repository": {"html_url": "https://github.com/u/r"} + }`) + + event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload) + require.NoError(t, err) + assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL) + }) + + t.Run("constructs URL from repo HTML URL", func(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "abc123", + "repository": {"html_url": "https://github.com/u/r"} + }`) + + event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload) + require.NoError(t, err) + assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL) + }) +} + +// TestGitLabCommitURLFallback tests commit URL extraction fallback paths for GitLab. +func TestGitLabCommitURLFallback(t *testing.T) { + t.Parallel() + + t.Run("uses commit URL from list", func(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "abc123", + "project": {"web_url": "https://gitlab.com/g/p"}, + "commits": [{"id": "abc123", "url": "https://gitlab.com/g/p/-/commit/abc123"}] + }`) + + event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload) + require.NoError(t, err) + assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/g/p/-/commit/abc123"), event.CommitURL) + }) + + t.Run("constructs URL from project web URL", func(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "abc123", + "project": {"web_url": "https://gitlab.com/g/p"} + }`) + + event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload) + require.NoError(t, err) + assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/g/p/-/commit/abc123"), event.CommitURL) + }) +} + +// TestGiteaPushPayloadParsing tests direct deserialization of the Gitea payload struct. func TestGiteaPushPayloadParsing(testingT *testing.T) { testingT.Parallel() @@ -322,6 +588,354 @@ func TestGiteaPushPayloadParsing(testingT *testing.T) { }) } +// TestGitHubPushPayloadParsing tests direct deserialization of the GitHub payload struct. +func TestGitHubPushPayloadParsing(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "before": "0000000000", + "after": "abc123", + "compare": "https://github.com/o/r/compare/000...abc", + "repository": { + "full_name": "o/r", + "clone_url": "https://github.com/o/r.git", + "ssh_url": "git@github.com:o/r.git", + "html_url": "https://github.com/o/r" + }, + "pusher": {"name": "octocat", "email": "octocat@github.com"}, + "head_commit": { + "id": "abc123", + "url": "https://github.com/o/r/commit/abc123", + "message": "Update README" + }, + "commits": [ + { + "id": "abc123", + "url": "https://github.com/o/r/commit/abc123", + "message": "Update README", + "author": {"name": "Octocat", "email": "octocat@github.com"} + } + ] + }`) + + var p webhook.GitHubPushPayload + + err := json.Unmarshal(payload, &p) + require.NoError(t, err) + + assert.Equal(t, "refs/heads/main", p.Ref) + assert.Equal(t, "abc123", p.After) + assert.Equal(t, "o/r", p.Repository.FullName) + assert.Equal(t, "octocat", p.Pusher.Name) + assert.NotNil(t, p.HeadCommit) + assert.Equal(t, "abc123", p.HeadCommit.ID) + assert.Len(t, p.Commits, 1) +} + +// TestGitLabPushPayloadParsing tests direct deserialization of the GitLab payload struct. +func TestGitLabPushPayloadParsing(t *testing.T) { + t.Parallel() + + payload := []byte(`{ + "ref": "refs/heads/main", + "before": "0000000000", + "after": "abc123", + "user_name": "gitlab-user", + "user_email": "user@gitlab.com", + "project": { + "path_with_namespace": "group/project", + "git_http_url": "https://gitlab.com/group/project.git", + "git_ssh_url": "git@gitlab.com:group/project.git", + "web_url": "https://gitlab.com/group/project" + }, + "commits": [ + { + "id": "abc123", + "url": "https://gitlab.com/group/project/-/commit/abc123", + "message": "Fix pipeline", + "author": {"name": "GitLab User", "email": "user@gitlab.com"} + } + ] + }`) + + var p webhook.GitLabPushPayload + + err := json.Unmarshal(payload, &p) + require.NoError(t, err) + + assert.Equal(t, "refs/heads/main", p.Ref) + assert.Equal(t, "abc123", p.After) + assert.Equal(t, "group/project", p.Project.PathWithNamespace) + assert.Equal(t, "gitlab-user", p.UserName) + assert.Len(t, p.Commits, 1) +} + +// TestExtractBranch tests branch extraction via HandleWebhook integration (extractBranch is unexported). +// +//nolint:funlen // table-driven test with comprehensive test cases +func TestExtractBranch(testingT *testing.T) { + testingT.Parallel() + + tests := []struct { + name string + ref string + expected string + }{ + { + name: "extracts main branch", + ref: "refs/heads/main", + expected: "main", + }, + { + name: "extracts feature branch", + ref: "refs/heads/feature/new-feature", + expected: "feature/new-feature", + }, + { + name: "extracts develop branch", + ref: "refs/heads/develop", + expected: "develop", + }, + { + name: "returns raw ref if no prefix", + ref: "main", + expected: "main", + }, + { + name: "handles empty ref", + ref: "", + expected: "", + }, + { + name: "handles partial prefix", + ref: "refs/heads/", + expected: "", + }, + } + + for _, testCase := range tests { + testingT.Run(testCase.name, func(t *testing.T) { + t.Parallel() + + // We test via HandleWebhook since extractBranch is not exported. + // The test verifies behavior indirectly through the webhook event's branch. + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, testCase.expected) + + payload := []byte(`{"ref": "` + testCase.ref + `"}`) + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitea, "push", payload, + ) + require.NoError(t, err) + + // Allow async deployment goroutine to complete before test cleanup + time.Sleep(100 * time.Millisecond) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) + + assert.Equal(t, testCase.expected, events[0].Branch) + }) + } +} + +func TestHandleWebhookMatchingBranch(t *testing.T) { + t.Parallel() + + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, "main") + + payload := []byte(`{ + "ref": "refs/heads/main", + "before": "0000000000000000000000000000000000000000", + "after": "abc123def456", + "repository": { + "full_name": "user/repo", + "clone_url": "https://gitea.example.com/user/repo.git", + "ssh_url": "git@gitea.example.com:user/repo.git" + }, + "pusher": {"username": "testuser", "email": "test@example.com"}, + "commits": [{"id": "abc123def456", "message": "Test commit", + "author": {"name": "Test User", "email": "test@example.com"}}] + }`) + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitea, "push", payload, + ) + require.NoError(t, err) + + // Allow async deployment goroutine to complete before test cleanup + time.Sleep(100 * time.Millisecond) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) + + event := events[0] + assert.Equal(t, "push", event.EventType) + assert.Equal(t, "main", event.Branch) + assert.True(t, event.Matched) + assert.Equal(t, "abc123def456", event.CommitSHA.String) +} + +func TestHandleWebhookNonMatchingBranch(t *testing.T) { + t.Parallel() + + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, "main") + + payload := []byte(`{"ref": "refs/heads/develop", "after": "def789ghi012"}`) + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitea, "push", payload, + ) + require.NoError(t, err) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) + + assert.Equal(t, "develop", events[0].Branch) + assert.False(t, events[0].Matched) +} + +func TestHandleWebhookInvalidJSON(t *testing.T) { + t.Parallel() + + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, "main") + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitea, "push", []byte(`{invalid json}`), + ) + require.NoError(t, err) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) +} + +func TestHandleWebhookEmptyPayload(t *testing.T) { + t.Parallel() + + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, "main") + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitea, "push", []byte(`{}`), + ) + require.NoError(t, err) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) + assert.False(t, events[0].Matched) +} + +// TestHandleWebhookGitHubSource tests HandleWebhook with a GitHub push payload. +func TestHandleWebhookGitHubSource(t *testing.T) { + t.Parallel() + + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, "main") + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "github123", + "repository": { + "full_name": "org/repo", + "clone_url": "https://github.com/org/repo.git", + "html_url": "https://github.com/org/repo" + }, + "pusher": {"name": "octocat", "email": "octocat@github.com"}, + "head_commit": { + "id": "github123", + "url": "https://github.com/org/repo/commit/github123", + "message": "Update feature" + } + }`) + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitHub, "push", payload, + ) + require.NoError(t, err) + + // Allow async deployment goroutine to complete before test cleanup + time.Sleep(100 * time.Millisecond) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) + + event := events[0] + assert.Equal(t, "main", event.Branch) + assert.True(t, event.Matched) + assert.Equal(t, "github123", event.CommitSHA.String) + assert.Equal(t, "https://github.com/org/repo/commit/github123", event.CommitURL.String) +} + +// TestHandleWebhookGitLabSource tests HandleWebhook with a GitLab push payload. +func TestHandleWebhookGitLabSource(t *testing.T) { + t.Parallel() + + svc, dbInst, cleanup := setupTestService(t) + defer cleanup() + + app := createTestApp(t, dbInst, "main") + + payload := []byte(`{ + "ref": "refs/heads/main", + "after": "gitlab456", + "user_name": "gitlab-dev", + "user_email": "dev@gitlab.com", + "project": { + "path_with_namespace": "group/project", + "git_http_url": "https://gitlab.com/group/project.git", + "web_url": "https://gitlab.com/group/project" + }, + "commits": [ + { + "id": "gitlab456", + "url": "https://gitlab.com/group/project/-/commit/gitlab456", + "message": "Deploy fix" + } + ] + }`) + + err := svc.HandleWebhook( + context.Background(), app, webhook.SourceGitLab, "push", payload, + ) + require.NoError(t, err) + + // Allow async deployment goroutine to complete before test cleanup + time.Sleep(100 * time.Millisecond) + + events, err := app.GetWebhookEvents(context.Background(), 10) + require.NoError(t, err) + require.Len(t, events, 1) + + event := events[0] + assert.Equal(t, "main", event.Branch) + assert.True(t, event.Matched) + assert.Equal(t, "gitlab456", event.CommitSHA.String) + assert.Equal(t, "https://gitlab.com/group/project/-/commit/gitlab456", event.CommitURL.String) +} + // TestSetupTestService verifies the test helper creates a working test service. func TestSetupTestService(testingT *testing.T) { testingT.Parallel() @@ -341,3 +955,25 @@ func TestSetupTestService(testingT *testing.T) { require.NoError(t, err) }) } + +// TestPushEventConstruction tests that PushEvent can be constructed directly. +func TestPushEventConstruction(t *testing.T) { + t.Parallel() + + event := webhook.PushEvent{ + Source: webhook.SourceGitHub, + Ref: "refs/heads/main", + Before: "000", + After: "abc", + Branch: "main", + RepoName: "org/repo", + CloneURL: webhook.UnparsedURL("https://github.com/org/repo.git"), + HTMLURL: webhook.UnparsedURL("https://github.com/org/repo"), + CommitURL: webhook.UnparsedURL("https://github.com/org/repo/commit/abc"), + Pusher: "user", + } + + assert.Equal(t, "main", event.Branch) + assert.Equal(t, webhook.SourceGitHub, event.Source) + assert.Equal(t, "abc", event.After) +} diff --git a/templates/app_edit.html b/templates/app_edit.html index cd68c0e..3bb3852 100644 --- a/templates/app_edit.html +++ b/templates/app_edit.html @@ -114,6 +114,38 @@ > +
+ +

Resource Limits

+ +
+
+ + +

Number of CPU cores (e.g. 0.5 = half a core)

+
+ +
+ + +

Memory with unit suffix (k, m, g) or plain bytes

+
+
+
Cancel diff --git a/templates/templates.go b/templates/templates.go index ab46739..6a3b66d 100644 --- a/templates/templates.go +++ b/templates/templates.go @@ -6,6 +6,7 @@ import ( "fmt" "html/template" "io" + "strconv" "sync" ) @@ -23,6 +24,34 @@ var ( templatesMutex sync.RWMutex ) +// templateFuncs returns the custom template function map. +func templateFuncs() template.FuncMap { + return template.FuncMap{ + "formatMemoryBytes": formatMemoryBytes, + } +} + +// Memory unit constants. +const ( + memGigabyte = 1024 * 1024 * 1024 + memMegabyte = 1024 * 1024 + memKilobyte = 1024 +) + +// formatMemoryBytes formats bytes into a human-readable string with unit suffix. +func formatMemoryBytes(bytes int64) string { + switch { + case bytes >= memGigabyte && bytes%memGigabyte == 0: + return strconv.FormatInt(bytes/memGigabyte, 10) + "g" + case bytes >= memMegabyte && bytes%memMegabyte == 0: + return strconv.FormatInt(bytes/memMegabyte, 10) + "m" + case bytes >= memKilobyte && bytes%memKilobyte == 0: + return strconv.FormatInt(bytes/memKilobyte, 10) + "k" + default: + return strconv.FormatInt(bytes, 10) + } +} + // initTemplates parses base template and creates cloned templates for each page. func initTemplates() { templatesMutex.Lock() @@ -32,8 +61,10 @@ func initTemplates() { return } - // Parse base template with shared components - baseTemplate = template.Must(template.ParseFS(templatesRaw, "base.html")) + // Parse base template with shared components and custom functions + baseTemplate = template.Must( + template.New("base.html").Funcs(templateFuncs()).ParseFS(templatesRaw, "base.html"), + ) // Pages that extend base pages := []string{ diff --git a/templates/templates_test.go b/templates/templates_test.go new file mode 100644 index 0000000..4389b4f --- /dev/null +++ b/templates/templates_test.go @@ -0,0 +1,34 @@ +package templates //nolint:testpackage // tests unexported formatMemoryBytes + +import ( + "testing" +) + +func TestFormatMemoryBytes(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + bytes int64 + expected string + }{ + {"gigabytes", 1024 * 1024 * 1024, "1g"}, + {"two gigabytes", 2 * 1024 * 1024 * 1024, "2g"}, + {"megabytes", 256 * 1024 * 1024, "256m"}, + {"kilobytes", 512 * 1024, "512k"}, + {"plain bytes", 12345, "12345"}, + {"non-even megabytes", 256*1024*1024 + 1, "268435457"}, + {"zero", 0, "0"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + got := formatMemoryBytes(tt.bytes) + if got != tt.expected { + t.Errorf("formatMemoryBytes(%d) = %q, want %q", tt.bytes, got, tt.expected) + } + }) + } +}