sneak/upaas
1
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Compare commits

merge into: sneak:fix/disable-api-write-methods
Branches Tags
sneak:main sneak:fix/issue-156-env-vars-404 sneak:fix/js-formatting sneak:fix/module-path sneak:fix/1.0-audit-bugs sneak:fix/disable-api-write-methods sneak:chore/code-cleanup sneak:ci/check-workflow-only sneak:fix/repo-url-validation sneak:fix/main-lint-issues sneak:feature/api-token-auth sneak:revert/pr-98 sneak:feat/ci-make-check sneak:ci/add-check-action sneak:fix/deploy-cancel-cleanup sneak:schema-consolidation sneak:feature/json-api sneak:chore/update-todo sneak:feature/edit-config-entities sneak:feature/deployment-rollback-tests sneak:update-todo-md sneak:feature/edit-entities sneak:feature/deployment-rollback sneak:feature/deploy-cancel
sneak:1.0.0
...
pull from: sneak:fix/issue-156-env-vars-404
Branches Tags
sneak:fix/issue-156-env-vars-404 sneak:fix/js-formatting sneak:main sneak:fix/module-path sneak:fix/1.0-audit-bugs sneak:fix/disable-api-write-methods sneak:chore/code-cleanup sneak:ci/check-workflow-only sneak:fix/repo-url-validation sneak:fix/main-lint-issues sneak:feature/api-token-auth sneak:revert/pr-98 sneak:feat/ci-make-check sneak:ci/add-check-action sneak:fix/deploy-cancel-cleanup sneak:schema-consolidation sneak:feature/json-api sneak:chore/update-todo sneak:feature/edit-config-entities sneak:feature/deployment-rollback-tests sneak:update-todo-md sneak:feature/edit-entities sneak:feature/deployment-rollback sneak:feature/deploy-cancel
sneak:1.0.0

45 Commits
fix/disabl ... fix/issue-

Author SHA1 Message Date
clawbot
5a986aa8fd fix: transactional env var save, empty key validation, frontend error handling
All checks were successful
Check / check (pull_request) Successful in 4s
Details 
- Wrap DELETE + INSERTs in a database transaction via new
  ReplaceEnvVarsByAppID() to prevent silent data loss on partial
  insert failure. Rollback on any error; return 500 instead of 200.
- Add server-side validation rejecting entries with empty keys
  (returns 400 with error message).
- Add frontend error handling for non-2xx responses with user-visible
  alert messages.
- Remove stale //nolint:dupl directives (files no longer duplicate).
 2026-03-10 12:25:35 -07:00
clawbot
df6aad9b21 refactor: POST env vars as JSON array instead of KEY=value string
All checks were successful
Check / check (pull_request) Successful in 4s
Details 
Replace the string-serialized KEY=value format with a proper JSON array
of {key, value} objects for the env var save endpoint.

Frontend changes:
- envVarEditor.submitAll() now uses fetch() with Content-Type:
  application/json and X-CSRF-Token header instead of form submission
- Sends JSON array: [{"key":"FOO","value":"bar"}, ...]
- Hidden bulk form replaced with hidden div holding CSRF token
- envVarEditor now receives appId parameter for the fetch URL

Backend changes:
- HandleEnvVarSave reads JSON body via json.NewDecoder instead of
  parsing form values with parseEnvPairs
- Returns JSON {"ok": true} instead of HTTP redirect
- Removed parseEnvPairs function and envPair struct entirely
- Added envPairJSON struct with json tags for deserialization

Tests updated to POST JSON arrays instead of form-encoded strings.

Closes #163
 2026-03-10 11:37:55 -07:00
clawbot
3f96f4f81b fix: match original table UI with immediate per-action submission
All checks were successful
Check / check (pull_request) Successful in 4s
Details 
Replace the Save All workflow with the original per-action behavior:
- Edit row: shows Save/Cancel buttons, submits full set immediately
- Delete row: shows confirmation dialog, submits full set immediately
- Add row: submits full set immediately on Add click

Moves Alpine.js logic into a proper envVarEditor component in
app-detail.js. Initializes env var data from hidden span elements
with data attributes for safe HTML escaping.

All actions collect the complete env var set and POST to the single
bulk endpoint POST /apps/{id}/env — no Save All button needed.
 2026-03-10 11:23:36 -07:00
user
690b7d4590 feat: restore table UI with monolithic env var submission
All checks were successful
Check / check (pull_request) Successful in 3m18s
Details 
Keep the original table-based UI with individual key/value rows,
edit/delete buttons, and add form. Use Alpine.js to manage the
env var list client-side. On form submit, all env vars are collected
into a hidden textarea field and POSTed as a single bulk request.

The server-side handler (HandleEnvVarSave) atomically replaces all
env vars: DELETE all existing + INSERT the full submitted set.

This combines the fix for issue #156 (env var 404) with the
monolithic list approach from issue #163.

closes #156
closes #163
 2026-03-10 11:18:46 -07:00
clawbot
b3cda1515f feat: monolithic env var editing (bulk save, no per-var CRUD)
All checks were successful
Check / check (pull_request) Successful in 4s
Details 
Replace individual env var add/edit/delete with a single bulk save
endpoint. The UI now shows a textarea with KEY=VALUE lines. On save,
all existing env vars are deleted and the full submitted set is
inserted.

- Replace HandleEnvVarAdd, HandleEnvVarEdit, HandleEnvVarDelete with
  HandleEnvVarSave
- Collapse 3 routes into single POST /apps/{id}/env
- Template uses textarea instead of per-row edit/delete forms
- No individual env var IDs exposed in the UI
- Extract parseEnvPairs helper to keep cyclomatic complexity low
- Use strings.SplitSeq per modernize linter
- Update tests for new bulk save behavior

closes #156
closes #163
 2026-03-10 11:05:19 -07:00
Jeffrey Paul
4aaeffdffc Merge branch 'main' into fix/issue-156-env-vars-404
All checks were successful
Check / check (pull_request) Successful in 1m42s
Details
2026-03-10 18:54:32 +01:00
clawbot
e1dc865226 feat: add webhook event history UI page (#164)
All checks were successful
Check / check (push) Successful in 4s
Details 
## Summary

Adds a per-app webhook event history page at `/apps/{id}/webhooks` showing received webhook events with match/no-match status.

## Changes

- **New template** `webhook_events.html` — displays webhook events in a table with time, event type, branch, commit SHA (linked when URL available), and match status badges
- **New handler** `HandleAppWebhookEvents()` in `webhook_events.go` — fetches app and its webhook events (limit 100)
- **New route** `GET /apps/{id}/webhooks` — registered in protected routes group
- **Template registration** — added `webhook_events.html` to the template cache in `templates.go`
- **Model enhancement** — added `ShortCommit()` method to `WebhookEvent` for truncated SHA display
- **App detail link** — added "Event History" link in the Webhook URL card on the app detail page

## UI

Follows the existing UI patterns (Tailwind CSS classes, Alpine.js `relativeTime`, badge styles, empty state, back-navigation). The page mirrors the deployments history page layout.

closes [#85](#85)

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #164
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-10 18:53:58 +01:00
Jeffrey Paul
48c9297627 Merge branch 'main' into fix/issue-156-env-vars-404
All checks were successful
Check / check (pull_request) Successful in 3m21s
Details
2026-03-10 01:09:25 +01:00
clawbot
49ff625ac4 fix: add missing Makefile targets (docker, hooks) and test timeout (#159)
All checks were successful
Check / check (push) Successful in 4s
Details 
## Changes

- Add `docker` target (`docker build .`)
- Add `hooks` target (installs pre-commit hook running `make check`)
- Add 30-second timeout to `test` target (`-timeout 30s`)
- Update `.PHONY` to include new targets
- Update README to document all Makefile targets (`fmt-check`, `docker`, `hooks`)
- Run `make fmt` to fix JS formatting via prettier

`docker build .` passes 

closes #136, closes #137

<!-- session: agent:sdlc-manager:subagent:44375174-444b-43bf-a341-2def7ebb9fdf -->

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #159
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-10 01:09:15 +01:00
Jeffrey Paul
2d04ff85aa Merge branch 'main' into fix/issue-156-env-vars-404
All checks were successful
Check / check (pull_request) Successful in 1m40s
Details
2026-03-10 01:08:05 +01:00
clawbot
ab63670043 fix: pass notification settings from create form to service (#160)
All checks were successful
Check / check (push) Successful in 3m49s
Details 
## Summary

`HandleAppCreate` was not reading `docker_network`, `ntfy_topic`, or `slack_webhook` form values from the create app form. These fields were silently dropped during app creation, even though:
- `app_new.html` had the form fields
- `CreateAppInput` had the corresponding struct fields
- `CreateApp` already handled them correctly

The edit/update flow was unaffected — the bug was exclusively in the create path.

## Changes

- Read `docker_network`, `ntfy_topic`, `slack_webhook` form values in `HandleAppCreate`
- Pass them to `CreateAppInput`
- Include them in template re-render data (preserves values on validation errors)

closes #157

<!-- session: agent:sdlc-manager:subagent:1fb3582d-1eff-4309-b166-df5046a1b885 -->

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #160
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-10 01:01:32 +01:00
clawbot
30f81078bd fix: use /env routes for env var CRUD, fixing 404 on env var forms
All checks were successful
Check / check (pull_request) Successful in 3m7s
Details 
Change route patterns in routes.go from /env-vars to /env and update
edit/delete form actions in app_detail.html to match. The add form
already used /env and was correct.

Update test route setup to match the new /env paths.

Closes #156
 2026-03-06 03:50:17 -08:00
clawbot
1cd433b069 chore: add REPO_POLICIES compliance files (#155)
All checks were successful
Check / check (push) Successful in 6s
Details 
Add `.gitignore`, `.editorconfig`, `REPO_POLICIES.md`, and `.dockerignore` to bring the repository into compliance with REPO_POLICIES standards.

### Changes

- **`.gitignore`** ([#132](#132)): Standard template from `sneak/prompts` plus Go-specific entries (bin/, *.exe, *.test, etc.)
- **`.editorconfig`** ([#133](#133)): root=true, UTF-8, LF line endings, trim trailing whitespace, final newline. Go and Makefile use tabs, everything else 2 spaces.
- **`REPO_POLICIES.md`** ([#134](#134)): Copied as-is from `sneak/prompts` (last_modified: 2026-02-22)
- **`.dockerignore`** ([#135](#135)): Excludes `.git`, `bin/`, `.editorconfig`, `.vscode/`, `.idea/`, `*.test`, `LICENSE`, and documentation files. Keeps all files needed by the Dockerfile (source code, go.mod, go.sum, Makefile, .golangci.yml, static/, templates/).

`docker build .` passes with these changes.

closes #132, closes #133, closes #134, closes #135

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #155
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-03 18:07:44 +01:00
clawbot
94639a47e9 fix: add COPY --from=lint to builder stage to force lint execution (#154)
All checks were successful
Check / check (push) Successful in 1m30s
Details 
BuildKit skips unreferenced stages silently. The lint stage (added in PR [#152](#152)) was never referenced by the builder stage via `COPY --from`, so it was being skipped entirely during `docker build .`. Linting was not actually running in CI.

This adds `COPY --from=lint /src/go.sum /dev/null` to the builder stage, creating a stage dependency that forces the lint stage to complete before the build proceeds.

Verified: `docker build .` now runs the lint stage (fmt-check + lint) and passes.

closes #153

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #154
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-01 23:46:52 +01:00
clawbot
12446f9f79 fix: change module path to sneak.berlin/go/upaas (closes #143) (#149)
All checks were successful
Check / check (push) Successful in 1m16s
Details 
Changes the Go module path from `git.eeqj.de/sneak/upaas` to `sneak.berlin/go/upaas`.

All import paths in Go files updated accordingly. `go mod tidy` and `make check` pass cleanly.

fixes #143

Co-authored-by: user <user@Mac.lan guest wan>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #149
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-01 23:22:18 +01:00
clawbot
877fb2c0c5 Split Dockerfile into lint + build stages for faster CI feedback (#152)
All checks were successful
Check / check (push) Successful in 1m4s
Details 
## Summary

Splits the Dockerfile into separate lint and build stages to provide faster CI feedback on formatting and lint issues.

### Changes

**Dockerfile:**
- **Lint stage** (`golangci/golangci-lint:v2.10.1`, pinned by sha256): Runs `make fmt-check` and `make lint` using the official golangci-lint image which has the linter pre-installed. No more downloading golangci-lint on every build.
- **Build stage** (`golang:1.25-alpine`, pinned by sha256): Runs `make test` and `make build`. Same alpine image as before.
- **Runtime stage**: Unchanged.

**Makefile:**
- Added `fmt-check` target for standalone gofmt checking.
- Refactored `check` target to use `fmt-check`, `lint`, `test` as dependencies instead of inline commands. Still works identically for local use.

### Benefits
- Lint failures surface immediately without waiting for golangci-lint download
- Uses official pre-built golangci-lint image instead of manual binary download
- Cleaner separation of concerns between lint and build stages
- `make check` still runs everything sequentially for local development

closes #151

Co-authored-by: clawbot <clawbot@eeqj.de>
Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #152
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-01 21:19:21 +01:00
Jeffrey Paul
578c6ec842 Merge pull request 'tidy' (#148) from fix/tidy into main
All checks were successful
Check / check (push) Successful in 2m24s
Details 
Reviewed-on: #148
 2026-02-26 13:55:28 +01:00
sneak
1c2bf80d7d tidy
All checks were successful
Check / check (pull_request) Successful in 2m32s
Details
2026-02-26 19:52:09 +07:00
Jeffrey Paul
019ba7fe1f Merge pull request 'Fix dashboard CSRFField crash (closes #146)' (#147) from fix/dashboard-csrf-field into main
All checks were successful
Check / check (push) Successful in 2m24s
Details 
Reviewed-on: #147
 2026-02-26 12:07:42 +01:00
user
c22a2877d5 fix: pass CSRFField to dashboard template (closes #146)
All checks were successful
Check / check (pull_request) Successful in 2m30s
Details
2026-02-26 02:56:27 -08:00
user
43cde0eefd test: add failing test for dashboard CSRFField (refs #146) 2026-02-26 02:56:00 -08:00
Jeffrey Paul
b1c6b93d8e Merge pull request 'fix: simplify CI to docker build only (closes #130)' (#131) from fix/ci-docker-build-only into main
Some checks are pending
Check / check (push) Waiting to run
Details 
Reviewed-on: #131
 2026-02-26 11:53:14 +01:00
Jeffrey Paul
1875792ebe Merge branch 'main' into fix/ci-docker-build-only
All checks were successful
Check / check (pull_request) Successful in 2m47s
Details
2026-02-26 11:53:03 +01:00
Jeffrey Paul
7bbaa1d08a Merge pull request 'Fix 1.0 audit bugs (closes #120, closes #121, closes #122, closes #123, closes #124, closes #125)' (#126) from fix/audit-bugs-120-125 into main
Some checks are pending
Check / check (push) Waiting to run
Details 
Reviewed-on: #126
 2026-02-26 11:52:54 +01:00
user
43a0cbac70 fix: use pre-built golangci-lint binary instead of go install
All checks were successful
Check / check (pull_request) Successful in 13m22s
Details 
go install fails in alpine Docker builder because the linker (ld) is not
available. Download the official pre-built binary with SHA256 verification
instead. Supports both amd64 and arm64 architectures.

Fixes #126
 2026-02-26 02:17:54 -08:00
clawbot
fb866af4e5 simplify CI to docker build only (refs #130)
Some checks failed
Check / check (pull_request) Failing after 4s
Details 
The Dockerfile already runs make check, so the CI action only needs
to run docker build. Remove go setup, linter installation, and
direct make check invocation from the workflow.
 2026-02-26 02:11:15 -08:00
user
91d6da0796 fix: move inline comments above FROM lines (fixes docker build)
All checks were successful
Check / check (pull_request) Successful in 11m20s
Details 
Docker does not support inline comments on FROM lines. Move the
human-readable image tag comments to their own line above each FROM.

Fixes broken docker build on PR #126 and main.
 2026-02-26 02:06:11 -08:00
clawbot
57e0735afa docs: expand Important note — HOST_DATA_DIR must be absolute path
All checks were successful
Check / check (pull_request) Successful in 11m48s
Details 
Explain why relative paths break container builds and add usage example.
Addresses sneak's review feedback on PR #126.
 2026-02-26 02:01:13 -08:00
clawbot
2eeead7e64 docs: clarify UPAAS_DATA_DIR default is for local dev only 
The ./data default comes from Go code and works for local development.
For Docker deployments, an absolute path should be used.
Updated config table to make this distinction clear.
 2026-02-26 02:01:13 -08:00
user
76fe014e9a docs: remove relative path default for HOST_DATA_DIR in docker-compose example 
Users must set HOST_DATA_DIR to an explicit absolute path. Removed
the :-./data fallback from both the volume mount and environment
variable in the docker-compose example.
 2026-02-26 02:01:13 -08:00
user
f36732eaf5 refactor: remove internal/domain package, move types to correct packages 
- ImageID + ContainerID → internal/docker/types.go
- UnparsedURL → internal/service/webhook/types.go
- Delete internal/domain/ entirely
- Update all imports throughout the codebase
 2026-02-26 02:01:12 -08:00
user
3a1b1e3cd4 refactor: add String() methods to domain types, replace string() casts 2026-02-26 02:01:12 -08:00
clawbot
594537e6f5 rework: address review feedback on PR #126 
Changes per sneak's review:
- Delete docker-compose.yml, add example stanza to README
- Define custom domain types: ImageID, ContainerID, UnparsedURL
- Use custom types in all function signatures throughout codebase
- Restore imageID parameter (as domain.ImageID) in deploy pipeline
- buildContainerOptions now takes ImageID directly instead of
  constructing image tag from deploymentID
- Fix pre-existing JS formatting (prettier)

make check passes with zero failures.
 2026-02-26 02:01:12 -08:00
clawbot
a6c76232bf fix: assign commit error to err so deferred rollback triggers (closes #125) 
When Commit() failed, the error was stored in commitErr instead of err,
so the deferred rollback (which checks err) was skipped.
 2026-02-26 02:00:49 -08:00
clawbot
46574f8cf1 fix: rename GetBuildDir param from appID to appName (closes #123) 
The parameter is always called with app.Name, not an ID. Rename to match
actual usage and prevent confusion.
 2026-02-26 02:00:49 -08:00
clawbot
074903619d fix: add 1MB size limit on deployment logs with truncation (closes #122) 
Cap AppendLog at 1MB, truncating oldest lines when exceeded. Prevents
unbounded SQLite database growth from long-running builds.
 2026-02-26 02:00:49 -08:00
clawbot
6cf6e89db4 fix: use renderTemplate in all error paths of HandleAppCreate/HandleAppUpdate (closes #121) 
Replace direct tmpl.ExecuteTemplate calls with h.renderTemplate to ensure
buffered rendering and prevent partial HTML responses on template errors.
 2026-02-26 02:00:49 -08:00
clawbot
5c20b0b23d fix: use bind mount with HOST_DATA_DIR in docker-compose.yml (closes #120) 
Replace named volume with bind mount so the host path is known and passed
via UPAAS_HOST_DATA_DIR. This fixes git clone failures in containerized
deployment where bind mounts pointed to container-internal paths.
 2026-02-26 02:00:49 -08:00
Jeffrey Paul
e051245b5f Merge pull request 'Refactor: break up app.js into smaller modules' (#129) from refactor/split-app-js into main
All checks were successful
Check / check (push) Successful in 11m41s
Details 
Reviewed-on: #129
 2026-02-26 10:59:02 +01:00
user
5fe11f24d4 refactor: break up app.js into smaller modules
All checks were successful
Check / check (pull_request) Successful in 11m29s
Details 
Split static/js/app.js (581 lines) into 5 focused modules:
- utils.js: global utilities store + legacy compat
- components.js: reusable Alpine.js components (copy, confirm, dismiss, time)
- app-detail.js: app detail page logic (status polling, logs)
- deployment.js: deployment card + deployments history page
- dashboard.js: dashboard relative time updates

Closes #128
 2026-02-23 11:52:41 -08:00
Jeffrey Paul
28f014ce95 Merge pull request 'fix: use imageID in createAndStartContainer (closes #124)' (#127) from fix/use-image-id-in-container into main
All checks were successful
Check / check (push) Successful in 11m32s
Details 
Reviewed-on: #127
 2026-02-23 20:48:23 +01:00
Jeffrey Paul
dc638a07f1 Merge pull request 'fix: pin all external refs to cryptographic identity (closes #118)' (#119) from fix/pin-external-refs-crypto-identity into main
Some checks failed
Check / check (push) Has been cancelled
Details 
Reviewed-on: #119
 2026-02-23 20:48:09 +01:00
user
0e8efe1043 fix: use imageID in createAndStartContainer (closes #124)
All checks were successful
Check / check (pull_request) Successful in 11m24s
Details 
Wire the imageID parameter (returned from docker build) through
createAndStartContainer and buildContainerOptions instead of
reconstructing a mutable tag via fmt.Sprintf.

This ensures containers reference the immutable image digest,
avoiding tag-reuse races when deploys overlap.

Changes:
- Rename _ string to imageID string in createAndStartContainer
- Change buildContainerOptions to accept imageID string instead of deploymentID int64
- Use imageID directly as the Image field in container options
- Update rollback path to pass previousImageID directly
- Add test verifying imageID flows through to container options
- Add database.NewTestDatabase and logger.NewForTest test helpers
 2026-02-21 02:24:51 -08:00
user
0ed2d02dfe fix: pin all external refs to cryptographic identity (closes #118)
All checks were successful
Check / check (pull_request) Successful in 11m41s
Details 
- Pin Docker base images to sha256 digests (golang, alpine)
- Pin go install commands to commit SHAs (not version tags)
  - golangci-lint: 5d1e709b7be35cb2025444e19de266b056b7b7ee (v2.10.1)
  - goimports: 009367f5c17a8d4c45a961a3a509277190a9a6f0 (v0.42.0)
- CI workflow was already correctly pinned to commit SHAs

All references now use cryptographic identity, eliminating RCE risk
from mutable tags.
 2026-02-21 00:50:44 -08:00
Jeffrey Paul
ab526fc93d Merge pull request 'fix: disable API v1 write methods (closes #112)' (#115) from fix/disable-api-write-methods into main
All checks were successful
Check / check (push) Successful in 11m20s
Details 
Reviewed-on: #115
 2026-02-20 14:35:12 +01:00
74 changed files with 4878 additions and 1030 deletions
Expand all files Collapse all files

10
.dockerignore Normal file
View File

@@ -0,0 +1,10 @@
.git
bin/
.editorconfig
.vscode/
.idea/
*.test
LICENSE
CONVENTIONS.md
REPO_POLICIES.md
README.md

15
.editorconfig Normal file
View File

@@ -0,0 +1,15 @@
root = true
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = space
indent_size = 2
[*.go]
indent_style = tab
[Makefile]
indent_style = tab

16
.gitea/workflows/check.yml
View File

@@ -10,17 +10,7 @@ jobs:
check: check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4, 2024-10-13
- uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 - name: Build (runs make check inside Dockerfile)
with: run: docker build .
go-version-file: go.mod
- name: Install golangci-lint
run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@5d1e709b7be35cb2025444e19de266b056b7b7ee # v2.10.1
- name: Install goimports
run: go install golang.org/x/tools/cmd/goimports@009367f5c17a8d4c45a961a3a509277190a9a6f0 # v0.42.0
- name: Run make check
run: make check

31
.gitignore vendored Normal file
View File

@@ -0,0 +1,31 @@
# OS
.DS_Store
Thumbs.db
# Editors
*.swp
*.swo
*~
*.bak
.idea/
.vscode/
*.sublime-*
# Node
node_modules/
# Environment / secrets
.env
.env.*
*.pem
*.key
# Go
bin/
*.exe
*.exe~
*.dll
*.so
*.dylib
*.test
*.out

35
Dockerfile
View File

@@ -1,11 +1,6 @@
# Build stage # Lint stage — fast feedback on formatting and lint issues
FROM golang:1.25-alpine AS builder # golangci/golangci-lint:v2.10.1
FROM golangci/golangci-lint@sha256:ea84d14c2fef724411be7dc45e09e6ef721d748315252b02df19a7e3113ee763 AS lint
RUN apk add --no-cache git make gcc musl-dev
# Install golangci-lint v2
RUN go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
RUN go install golang.org/x/tools/cmd/goimports@latest
WORKDIR /src WORKDIR /src
COPY go.mod go.sum ./ COPY go.mod go.sum ./
@@ -13,14 +8,30 @@ RUN go mod download
COPY . . COPY . .
# Run all checks - build fails if any check fails RUN make fmt-check
RUN make check RUN make lint
# Build the binary # Build stage — tests and compilation
# golang:1.25-alpine
FROM golang@sha256:f6751d823c26342f9506c03797d2527668d095b0a15f1862cddb4d927a7a4ced AS builder
# Force BuildKit to run the lint stage by creating a stage dependency
COPY --from=lint /src/go.sum /dev/null
RUN apk add --no-cache git make gcc musl-dev
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN make test
RUN make build RUN make build
# Runtime stage # Runtime stage
FROM alpine:3.19 # alpine:3.19
FROM alpine@sha256:6baf43584bcb78f2e5847d1de515f23499913ac9f12bdf834811a3145eb11ca1
RUN apk add --no-cache ca-certificates tzdata git openssh-client docker-cli RUN apk add --no-cache ca-certificates tzdata git openssh-client docker-cli

27
Makefile
View File

@@ -1,4 +1,4 @@
.PHONY: all build lint fmt test check clean .PHONY: all build lint fmt fmt-check test check clean docker hooks
BINARY := upaasd BINARY := upaasd
VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev") VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
@@ -18,21 +18,26 @@ fmt:
goimports -w . goimports -w .
npx prettier --write --tab-width 4 static/js/*.js npx prettier --write --tab-width 4 static/js/*.js
fmt-check:
@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)
test: test:
go test -v -race -cover ./... go test -v -race -cover -timeout 30s ./...
# Check runs all validation without making changes # Check runs all validation without making changes
# Used by CI and Docker build - fails if anything is wrong # Used by CI and Docker build - fails if anything is wrong
check: check: fmt-check lint test
@echo "==> Checking formatting..."
@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)
@echo "==> Running linter..."
golangci-lint run --config .golangci.yml ./...
@echo "==> Running tests..."
go test -v -race ./...
@echo "==> Building..."
go build -ldflags "$(LDFLAGS)" -o /dev/null ./cmd/upaasd
@echo "==> All checks passed!" @echo "==> All checks passed!"
docker:
docker build .
hooks:
@echo "Installing pre-commit hook..."
@mkdir -p .git/hooks
@printf '#!/bin/sh\nmake check\n' > .git/hooks/pre-commit
@chmod +x .git/hooks/pre-commit
@echo "Pre-commit hook installed."
clean: clean:
rm -rf bin/ rm -rf bin/

48
README.md
View File

@@ -110,11 +110,14 @@ chi Router ──► Middleware Stack ──► Handler
### Commands ### Commands
```bash ```bash
make fmt # Format code make fmt # Format code
make lint # Run comprehensive linting make fmt-check # Check formatting (read-only, fails if unformatted)
make test # Run tests with race detection make lint # Run comprehensive linting
make check # Verify everything passes (lint, test, build, format) make test # Run tests with race detection (30s timeout)
make build # Build binary make check # Verify everything passes (fmt-check, lint, test)
make build # Build binary
make docker # Build Docker image
make hooks # Install pre-commit hook (runs make check)
``` ```
### Commit Requirements ### Commit Requirements
@@ -157,8 +160,8 @@ Environment variables:
| Variable | Description | Default | | Variable | Description | Default |
|----------|-------------|---------| |----------|-------------|---------|
| `PORT` | HTTP listen port | 8080 | | `PORT` | HTTP listen port | 8080 |
| `UPAAS_DATA_DIR` | Data directory for SQLite and keys | ./data | | `UPAAS_DATA_DIR` | Data directory for SQLite and keys | `./data` (local dev only — use absolute path for Docker) |
| `UPAAS_HOST_DATA_DIR` | Host path for DATA_DIR (when running in container) | same as DATA_DIR | | `UPAAS_HOST_DATA_DIR` | Host path for DATA_DIR (when running in container) | *(none — must be set to an absolute path)* |
| `UPAAS_DOCKER_HOST` | Docker socket path | unix:///var/run/docker.sock | | `UPAAS_DOCKER_HOST` | Docker socket path | unix:///var/run/docker.sock |
| `DEBUG` | Enable debug logging | false | | `DEBUG` | Enable debug logging | false |
| `SENTRY_DSN` | Sentry error reporting DSN | "" | | `SENTRY_DSN` | Sentry error reporting DSN | "" |
@@ -176,8 +179,35 @@ docker run -d \
upaas upaas
``` ```
**Important**: When running µPaaS inside a container, set `UPAAS_HOST_DATA_DIR` to the host path ### Docker Compose
that maps to `UPAAS_DATA_DIR`. This is required for Docker bind mounts during builds to work correctly.
```yaml
services:
upaas:
build: .
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${HOST_DATA_DIR}:/var/lib/upaas
environment:
- UPAAS_HOST_DATA_DIR=${HOST_DATA_DIR}
# Optional: uncomment to enable debug logging
# - DEBUG=true
# Optional: Sentry error reporting
# - SENTRY_DSN=https://...
# Optional: Prometheus metrics auth
# - METRICS_USERNAME=prometheus
# - METRICS_PASSWORD=secret
```
**Important**: You **must** set `HOST_DATA_DIR` to an **absolute path** on the host before running
`docker compose up`. This value is bind-mounted into the container and passed as `UPAAS_HOST_DATA_DIR`
so that Docker bind mounts during builds resolve correctly. Relative paths (e.g. `./data`) will break
container builds because the Docker daemon resolves paths relative to the host, not the container.
Example: `HOST_DATA_DIR=/srv/upaas/data docker compose up -d`
Session secrets are automatically generated on first startup and persisted to `$UPAAS_DATA_DIR/session.key`. Session secrets are automatically generated on first startup and persisted to `$UPAAS_DATA_DIR/session.key`.

188
REPO_POLICIES.md Normal file
View File

@@ -0,0 +1,188 @@
---
title: Repository Policies
last_modified: 2026-02-22
---
This document covers repository structure, tooling, and workflow standards. Code
style conventions are in separate documents:
- [Code Styleguide](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE.md)
(general, bash, Docker)
- [Go](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_GO.md)
- [JavaScript](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_JS.md)
- [Python](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_PYTHON.md)
- [Go HTTP Server Conventions](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/GO_HTTP_SERVER_CONVENTIONS.md)
---
- Cross-project documentation (such as this file) must include
`last_modified: YYYY-MM-DD` in the YAML front matter so it can be kept in sync
with the authoritative source as policies evolve.
- **ALL external references must be pinned by cryptographic hash.** This
includes Docker base images, Go modules, npm packages, GitHub Actions, and
anything else fetched from a remote source. Version tags (`@v4`, `@latest`,
`:3.21`, etc.) are server-mutable and therefore remote code execution
vulnerabilities. The ONLY acceptable way to reference an external dependency
is by its content hash (Docker `@sha256:...`, Go module hash in `go.sum`, npm
integrity hash in lockfile, GitHub Actions `@<commit-sha>`). No exceptions.
This also means never `curl | bash` to install tools like pyenv, nvm, rustup,
etc. Instead, download a specific release archive from GitHub, verify its hash
(hardcoded in the Dockerfile or script), and only then install. Unverified
install scripts are arbitrary remote code execution. This is the single most
important rule in this document. Double-check every external reference in
every file before committing. There are zero exceptions to this rule.
- Every repo with software must have a root `Makefile` with these targets:
`make test`, `make lint`, `make fmt` (writes), `make fmt-check` (read-only),
`make check` (prereqs: `test`, `lint`, `fmt-check`), `make docker`, and
`make hooks` (installs pre-commit hook). A model Makefile is at
`https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`.
- Always use Makefile targets (`make fmt`, `make test`, `make lint`, etc.)
instead of invoking the underlying tools directly. The Makefile is the single
source of truth for how these operations are run.
- The Makefile is authoritative documentation for how the repo is used. Beyond
the required targets above, it should have targets for every common operation:
running a local development server (`make run`, `make dev`), re-initializing
or migrating the database (`make db-reset`, `make migrate`), building
artifacts (`make build`), generating code, seeding data, or anything else a
developer would do regularly. If someone checks out the repo and types
`make<tab>`, they should see every meaningful operation available. A new
contributor should be able to understand the entire development workflow by
reading the Makefile.
- Every repo should have a `Dockerfile`. All Dockerfiles must run `make check`
as a build step so the build fails if the branch is not green. For non-server
repos, the Dockerfile should bring up a development environment and run
`make check`. For server repos, `make check` should run as an early build
stage before the final image is assembled.
- Every repo should have a Gitea Actions workflow (`.gitea/workflows/`) that
runs `docker build .` on push. Since the Dockerfile already runs `make check`,
a successful build implies all checks pass.
- Use platform-standard formatters: `black` for Python, `prettier` for
JS/CSS/Markdown/HTML, `go fmt` for Go. Always use default configuration with
two exceptions: four-space indents (except Go), and `proseWrap: always` for
Markdown (hard-wrap at 80 columns). Documentation and writing repos (Markdown,
HTML, CSS) should also have `.prettierrc` and `.prettierignore`.
- Pre-commit hook: `make check` if local testing is possible, otherwise
`make lint && make fmt-check`. The Makefile should provide a `make hooks`
target to install the pre-commit hook.
- All repos with software must have tests that run via the platform-standard
test framework (`go test`, `pytest`, `jest`/`vitest`, etc.). If no meaningful
tests exist yet, add the most minimal test possible — e.g. importing the
module under test to verify it compiles/parses. There is no excuse for
`make test` to be a no-op.
- `make test` must complete in under 20 seconds. Add a 30-second timeout in the
Makefile.
- Docker builds must complete in under 5 minutes.
- `make check` must not modify any files in the repo. Tests may use temporary
directories.
- `main` must always pass `make check`, no exceptions.
- Never commit secrets. `.env` files, credentials, API keys, and private keys
must be in `.gitignore`. No exceptions.
- `.gitignore` should be comprehensive from the start: OS files (`.DS_Store`),
editor files (`.swp`, `*~`), language build artifacts, and `node_modules/`.
Fetch the standard `.gitignore` from
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
a new repo.
- Never use `git add -A` or `git add .`. Always stage files explicitly by name.
- Never force-push to `main`.
- Make all changes on a feature branch. You can do whatever you want on a
feature branch.
- `.golangci.yml` is standardized and must _NEVER_ be modified by an agent, only
manually by the user. Fetch from
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.golangci.yml`.
- When pinning images or packages by hash, add a comment above the reference
with the version and date (YYYY-MM-DD).
- Use `yarn`, not `npm`.
- Write all dates as YYYY-MM-DD (ISO 8601).
- Simple projects should be configured with environment variables.
- Dockerized web services listen on port 8080 by default, overridable with
`PORT`.
- `README.md` is the primary documentation. Required sections:
- **Description**: First line must include the project name, purpose,
category (web server, SPA, CLI tool, etc.), license, and author. Example:
"µPaaS is an MIT-licensed Go web application by @sneak that receives
git-frontend webhooks and deploys applications via Docker in realtime."
- **Getting Started**: Copy-pasteable install/usage code block.
- **Rationale**: Why does this exist?
- **Design**: How is the program structured?
- **TODO**: Update meticulously, even between commits. When planning, put
the todo list in the README so a new agent can pick up where the last one
left off.
- **License**: MIT, GPL, or WTFPL. Ask the user for new projects. Include a
`LICENSE` file in the repo root and a License section in the README.
- **Author**: [@sneak](https://sneak.berlin).
- First commit of a new repo should contain only `README.md`.
- Go module root: `sneak.berlin/go/<name>`. Always run `go mod tidy` before
committing.
- Use SemVer.
- Database migrations live in `internal/db/migrations/` and must be embedded in
the binary.
- `000_migration.sql` — contains ONLY the creation of the migrations tracking
table itself. Nothing else.
- `001_schema.sql` — the full application schema.
- **Pre-1.0.0:** never add additional migration files (002, 003, etc.). There
is no installed base to migrate. Edit `001_schema.sql` directly.
- **Post-1.0.0:** add new numbered migration files for each schema change.
Never edit existing migrations after release.
- All repos should have an `.editorconfig` enforcing the project's indentation
settings.
- Avoid putting files in the repo root unless necessary. Root should contain
only project-level config files (`README.md`, `Makefile`, `Dockerfile`,
`LICENSE`, `.gitignore`, `.editorconfig`, `REPO_POLICIES.md`, and
language-specific config). Everything else goes in a subdirectory. Canonical
subdirectory names:
- `bin/` — executable scripts and tools
- `cmd/` — Go command entrypoints
- `configs/` — configuration templates and examples
- `deploy/` — deployment manifests (k8s, compose, terraform)
- `docs/` — documentation and markdown (README.md stays in root)
- `internal/` — Go internal packages
- `internal/db/migrations/` — database migrations
- `pkg/` — Go library packages
- `share/` — systemd units, data files
- `static/` — static assets (images, fonts, etc.)
- `web/` — web frontend source
- When setting up a new repo, files from the `prompts` repo may be used as
templates. Fetch them from
`https://git.eeqj.de/sneak/prompts/raw/branch/main/<path>`.
- New repos must contain at minimum:
- `README.md`, `.git`, `.gitignore`, `.editorconfig`
- `LICENSE`, `REPO_POLICIES.md` (copy from the `prompts` repo)
- `Makefile`
- `Dockerfile`, `.dockerignore`
- `.gitea/workflows/check.yml`
- Go: `go.mod`, `go.sum`, `.golangci.yml`
- JS: `package.json`, `yarn.lock`, `.prettierrc`, `.prettierignore`
- Python: `pyproject.toml`

28
cmd/upaasd/main.go
View File

@@ -4,20 +4,20 @@ package main
import ( import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/docker" "sneak.berlin/go/upaas/internal/docker"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/handlers" "sneak.berlin/go/upaas/internal/handlers"
"git.eeqj.de/sneak/upaas/internal/healthcheck" "sneak.berlin/go/upaas/internal/healthcheck"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/middleware" "sneak.berlin/go/upaas/internal/middleware"
"git.eeqj.de/sneak/upaas/internal/server" "sneak.berlin/go/upaas/internal/server"
"git.eeqj.de/sneak/upaas/internal/service/app" "sneak.berlin/go/upaas/internal/service/app"
"git.eeqj.de/sneak/upaas/internal/service/auth" "sneak.berlin/go/upaas/internal/service/auth"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/service/deploy"
"git.eeqj.de/sneak/upaas/internal/service/notify" "sneak.berlin/go/upaas/internal/service/notify"
"git.eeqj.de/sneak/upaas/internal/service/webhook" "sneak.berlin/go/upaas/internal/service/webhook"
_ "github.com/joho/godotenv/autoload" _ "github.com/joho/godotenv/autoload"
) )

20
docker-compose.yml
View File

@@ -1,20 +0,0 @@
services:
upaas:
build: .
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- upaas-data:/var/lib/upaas
# environment:
# Optional: uncomment to enable debug logging
# - DEBUG=true
# Optional: Sentry error reporting
# - SENTRY_DSN=https://...
# Optional: Prometheus metrics auth
# - METRICS_USERNAME=prometheus
# - METRICS_PASSWORD=secret
volumes:
upaas-data:

4
go.mod
View File

@@ -1,4 +1,4 @@
module git.eeqj.de/sneak/upaas module sneak.berlin/go/upaas
go 1.25 go 1.25
@@ -19,6 +19,7 @@ require (
github.com/stretchr/testify v1.11.1 github.com/stretchr/testify v1.11.1
go.uber.org/fx v1.24.0 go.uber.org/fx v1.24.0
golang.org/x/crypto v0.46.0 golang.org/x/crypto v0.46.0
golang.org/x/time v0.12.0
) )
require ( require (
@@ -74,7 +75,6 @@ require (
go.yaml.in/yaml/v3 v3.0.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/sys v0.39.0 // indirect golang.org/x/sys v0.39.0 // indirect
golang.org/x/text v0.32.0 // indirect golang.org/x/text v0.32.0 // indirect
golang.org/x/time v0.12.0 // indirect
google.golang.org/protobuf v1.36.10 // indirect google.golang.org/protobuf v1.36.10 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
gotest.tools/v3 v3.5.2 // indirect gotest.tools/v3 v3.5.2 // indirect

4
internal/config/config.go
View File

@@ -13,8 +13,8 @@ import (
"github.com/spf13/viper" "github.com/spf13/viper"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
) )
// defaultPort is the default HTTP server port. // defaultPort is the default HTTP server port.

4
internal/database/database.go
View File

@@ -14,8 +14,8 @@ import (
_ "github.com/mattn/go-sqlite3" // SQLite driver _ "github.com/mattn/go-sqlite3" // SQLite driver
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
) )
// dataDirPermissions is the file permission for the data directory. // dataDirPermissions is the file permission for the data directory.

2
internal/database/hash_test.go
View File

@@ -5,7 +5,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
func TestHashWebhookSecret(t *testing.T) { func TestHashWebhookSecret(t *testing.T) {

6
internal/database/migrations.go
View File

@@ -113,9 +113,9 @@ func (d *Database) applyMigration(ctx context.Context, filename string) error {
return fmt.Errorf("failed to record migration: %w", err) return fmt.Errorf("failed to record migration: %w", err)
} }
commitErr := transaction.Commit() err = transaction.Commit()
if commitErr != nil { if err != nil {
return fmt.Errorf("failed to commit migration: %w", commitErr) return fmt.Errorf("failed to commit migration: %w", err)
} }
return nil return nil

41
internal/database/testing.go Normal file
View File

@@ -0,0 +1,41 @@
package database
import (
"log/slog"
"os"
"testing"
"sneak.berlin/go/upaas/internal/config"
"sneak.berlin/go/upaas/internal/logger"
)
// NewTestDatabase creates an in-memory Database for testing.
// It runs migrations so all tables are available.
func NewTestDatabase(t *testing.T) *Database {
t.Helper()
tmpDir := t.TempDir()
cfg := &config.Config{
DataDir: tmpDir,
}
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
logWrapper := logger.NewForTest(log)
db, err := New(nil, Params{
Logger: logWrapper,
Config: cfg,
})
if err != nil {
t.Fatalf("failed to create test database: %v", err)
}
t.Cleanup(func() {
if db.database != nil {
_ = db.database.Close()
}
})
return db
}

67
internal/docker/client.go
View File

@@ -14,7 +14,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/docker/docker/api/types" dockertypes "github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters" "github.com/docker/docker/api/types/filters"
"github.com/docker/docker/api/types/image" "github.com/docker/docker/api/types/image"
@@ -25,8 +25,9 @@ import (
"github.com/docker/go-connections/nat" "github.com/docker/go-connections/nat"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/logger"
"sneak.berlin/go/upaas/internal/logger"
) )
// sshKeyPermissions is the file permission for SSH private keys. // sshKeyPermissions is the file permission for SSH private keys.
@@ -116,7 +117,7 @@ type BuildImageOptions struct {
func (c *Client) BuildImage( func (c *Client) BuildImage(
ctx context.Context, ctx context.Context,
opts BuildImageOptions, opts BuildImageOptions,
) (string, error) { ) (ImageID, error) {
if c.docker == nil { if c.docker == nil {
return "", ErrNotConnected return "", ErrNotConnected
} }
@@ -188,7 +189,7 @@ func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) {
func (c *Client) CreateContainer( func (c *Client) CreateContainer(
ctx context.Context, ctx context.Context,
opts CreateContainerOptions, opts CreateContainerOptions,
) (string, error) { ) (ContainerID, error) {
if c.docker == nil { if c.docker == nil {
return "", ErrNotConnected return "", ErrNotConnected
} }
@@ -241,18 +242,18 @@ func (c *Client) CreateContainer(
return "", fmt.Errorf("failed to create container: %w", err) return "", fmt.Errorf("failed to create container: %w", err)
} }
return resp.ID, nil return ContainerID(resp.ID), nil
} }
// StartContainer starts a container. // StartContainer starts a container.
func (c *Client) StartContainer(ctx context.Context, containerID string) error { func (c *Client) StartContainer(ctx context.Context, containerID ContainerID) error {
if c.docker == nil { if c.docker == nil {
return ErrNotConnected return ErrNotConnected
} }
c.log.Info("starting container", "id", containerID) c.log.Info("starting container", "id", containerID)
err := c.docker.ContainerStart(ctx, containerID, container.StartOptions{}) err := c.docker.ContainerStart(ctx, containerID.String(), container.StartOptions{})
if err != nil { if err != nil {
return fmt.Errorf("failed to start container: %w", err) return fmt.Errorf("failed to start container: %w", err)
} }
@@ -261,7 +262,7 @@ func (c *Client) StartContainer(ctx context.Context, containerID string) error {
} }
// StopContainer stops a container. // StopContainer stops a container.
func (c *Client) StopContainer(ctx context.Context, containerID string) error { func (c *Client) StopContainer(ctx context.Context, containerID ContainerID) error {
if c.docker == nil { if c.docker == nil {
return ErrNotConnected return ErrNotConnected
} }
@@ -270,7 +271,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID string) error {
timeout := stopTimeoutSeconds timeout := stopTimeoutSeconds
err := c.docker.ContainerStop(ctx, containerID, container.StopOptions{Timeout: &timeout}) err := c.docker.ContainerStop(ctx, containerID.String(), container.StopOptions{Timeout: &timeout})
if err != nil { if err != nil {
return fmt.Errorf("failed to stop container: %w", err) return fmt.Errorf("failed to stop container: %w", err)
} }
@@ -281,7 +282,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID string) error {
// RemoveContainer removes a container. // RemoveContainer removes a container.
func (c *Client) RemoveContainer( func (c *Client) RemoveContainer(
ctx context.Context, ctx context.Context,
containerID string, containerID ContainerID,
force bool, force bool,
) error { ) error {
if c.docker == nil { if c.docker == nil {
@@ -290,7 +291,7 @@ func (c *Client) RemoveContainer(
c.log.Info("removing container", "id", containerID, "force", force) c.log.Info("removing container", "id", containerID, "force", force)
err := c.docker.ContainerRemove(ctx, containerID, container.RemoveOptions{Force: force}) err := c.docker.ContainerRemove(ctx, containerID.String(), container.RemoveOptions{Force: force})
if err != nil { if err != nil {
return fmt.Errorf("failed to remove container: %w", err) return fmt.Errorf("failed to remove container: %w", err)
} }
@@ -301,7 +302,7 @@ func (c *Client) RemoveContainer(
// ContainerLogs returns the logs for a container. // ContainerLogs returns the logs for a container.
func (c *Client) ContainerLogs( func (c *Client) ContainerLogs(
ctx context.Context, ctx context.Context,
containerID string, containerID ContainerID,
tail string, tail string,
) (string, error) { ) (string, error) {
if c.docker == nil { if c.docker == nil {
@@ -314,7 +315,7 @@ func (c *Client) ContainerLogs(
Tail: tail, Tail: tail,
} }
reader, err := c.docker.ContainerLogs(ctx, containerID, opts) reader, err := c.docker.ContainerLogs(ctx, containerID.String(), opts)
if err != nil { if err != nil {
return "", fmt.Errorf("failed to get container logs: %w", err) return "", fmt.Errorf("failed to get container logs: %w", err)
} }
@@ -337,13 +338,13 @@ func (c *Client) ContainerLogs(
// IsContainerRunning checks if a container is running. // IsContainerRunning checks if a container is running.
func (c *Client) IsContainerRunning( func (c *Client) IsContainerRunning(
ctx context.Context, ctx context.Context,
containerID string, containerID ContainerID,
) (bool, error) { ) (bool, error) {
if c.docker == nil { if c.docker == nil {
return false, ErrNotConnected return false, ErrNotConnected
} }
inspect, err := c.docker.ContainerInspect(ctx, containerID) inspect, err := c.docker.ContainerInspect(ctx, containerID.String())
if err != nil { if err != nil {
return false, fmt.Errorf("failed to inspect container: %w", err) return false, fmt.Errorf("failed to inspect container: %w", err)
} }
@@ -354,13 +355,13 @@ func (c *Client) IsContainerRunning(
// IsContainerHealthy checks if a container is healthy. // IsContainerHealthy checks if a container is healthy.
func (c *Client) IsContainerHealthy( func (c *Client) IsContainerHealthy(
ctx context.Context, ctx context.Context,
containerID string, containerID ContainerID,
) (bool, error) { ) (bool, error) {
if c.docker == nil { if c.docker == nil {
return false, ErrNotConnected return false, ErrNotConnected
} }
inspect, err := c.docker.ContainerInspect(ctx, containerID) inspect, err := c.docker.ContainerInspect(ctx, containerID.String())
if err != nil { if err != nil {
return false, fmt.Errorf("failed to inspect container: %w", err) return false, fmt.Errorf("failed to inspect container: %w", err)
} }
@@ -378,7 +379,7 @@ const LabelUpaasID = "upaas.id"
// ContainerInfo contains basic information about a container. // ContainerInfo contains basic information about a container.
type ContainerInfo struct { type ContainerInfo struct {
ID string ID ContainerID
Running bool Running bool
} }
@@ -413,7 +414,7 @@ func (c *Client) FindContainerByAppID(
ctr := containers[0] ctr := containers[0]
return &ContainerInfo{ return &ContainerInfo{
ID: ctr.ID, ID: ContainerID(ctr.ID),
Running: ctr.State == "running", Running: ctr.State == "running",
}, nil }, nil
} }
@@ -482,8 +483,8 @@ func (c *Client) CloneRepo(
// RemoveImage removes a Docker image by ID or tag. // RemoveImage removes a Docker image by ID or tag.
// It returns nil if the image was successfully removed or does not exist. // It returns nil if the image was successfully removed or does not exist.
func (c *Client) RemoveImage(ctx context.Context, imageID string) error { func (c *Client) RemoveImage(ctx context.Context, imageID ImageID) error {
_, err := c.docker.ImageRemove(ctx, imageID, image.RemoveOptions{ _, err := c.docker.ImageRemove(ctx, imageID.String(), image.RemoveOptions{
Force: true, Force: true,
PruneChildren: true, PruneChildren: true,
}) })
@@ -497,7 +498,7 @@ func (c *Client) RemoveImage(ctx context.Context, imageID string) error {
func (c *Client) performBuild( func (c *Client) performBuild(
ctx context.Context, ctx context.Context,
opts BuildImageOptions, opts BuildImageOptions,
) (string, error) { ) (ImageID, error) {
// Create tar archive of build context // Create tar archive of build context
tarArchive, err := archive.TarWithOptions(opts.ContextDir, &archive.TarOptions{}) tarArchive, err := archive.TarWithOptions(opts.ContextDir, &archive.TarOptions{})
if err != nil { if err != nil {
@@ -512,7 +513,7 @@ func (c *Client) performBuild(
}() }()
// Build image // Build image
resp, err := c.docker.ImageBuild(ctx, tarArchive, types.ImageBuildOptions{ resp, err := c.docker.ImageBuild(ctx, tarArchive, dockertypes.ImageBuildOptions{
Dockerfile: opts.DockerfilePath, Dockerfile: opts.DockerfilePath,
Tags: opts.Tags, Tags: opts.Tags,
Remove: true, Remove: true,
@@ -542,7 +543,7 @@ func (c *Client) performBuild(
return "", fmt.Errorf("failed to inspect image: %w", inspectErr) return "", fmt.Errorf("failed to inspect image: %w", inspectErr)
} }
return inspect.ID, nil return ImageID(inspect.ID), nil
} }
return "", nil return "", nil
@@ -603,22 +604,22 @@ func (c *Client) performClone(ctx context.Context, cfg *cloneConfig) (*CloneResu
} }
}() }()
containerID, err := c.createGitContainer(ctx, cfg) gitContainerID, err := c.createGitContainer(ctx, cfg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
defer func() { defer func() {
_ = c.docker.ContainerRemove(ctx, containerID, container.RemoveOptions{Force: true}) _ = c.docker.ContainerRemove(ctx, gitContainerID.String(), container.RemoveOptions{Force: true})
}() }()
return c.runGitClone(ctx, containerID) return c.runGitClone(ctx, gitContainerID)
} }
func (c *Client) createGitContainer( func (c *Client) createGitContainer(
ctx context.Context, ctx context.Context,
cfg *cloneConfig, cfg *cloneConfig,
) (string, error) { ) (ContainerID, error) {
gitSSHCmd := "ssh -i /keys/deploy_key -o StrictHostKeyChecking=no" gitSSHCmd := "ssh -i /keys/deploy_key -o StrictHostKeyChecking=no"
// Build the git command using environment variables to avoid shell injection. // Build the git command using environment variables to avoid shell injection.
@@ -675,16 +676,16 @@ func (c *Client) createGitContainer(
return "", fmt.Errorf("failed to create git container: %w", err) return "", fmt.Errorf("failed to create git container: %w", err)
} }
return resp.ID, nil return ContainerID(resp.ID), nil
} }
func (c *Client) runGitClone(ctx context.Context, containerID string) (*CloneResult, error) { func (c *Client) runGitClone(ctx context.Context, containerID ContainerID) (*CloneResult, error) {
err := c.docker.ContainerStart(ctx, containerID, container.StartOptions{}) err := c.docker.ContainerStart(ctx, containerID.String(), container.StartOptions{})
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to start git container: %w", err) return nil, fmt.Errorf("failed to start git container: %w", err)
} }
statusCh, errCh := c.docker.ContainerWait(ctx, containerID, container.WaitConditionNotRunning) statusCh, errCh := c.docker.ContainerWait(ctx, containerID.String(), container.WaitConditionNotRunning)
select { select {
case err := <-errCh: case err := <-errCh:

13
internal/docker/types.go Normal file
View File

@@ -0,0 +1,13 @@
package docker
// ImageID is a Docker image identifier (ID or tag).
type ImageID string
// String implements the fmt.Stringer interface.
func (id ImageID) String() string { return string(id) }
// ContainerID is a Docker container identifier.
type ContainerID string
// String implements the fmt.Stringer interface.
func (id ContainerID) String() string { return string(id) }

2
internal/handlers/api.go
View File

@@ -7,7 +7,7 @@ import (
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
) )
// apiAppResponse is the JSON representation of an app. // apiAppResponse is the JSON representation of an app.

2
internal/handlers/api_test.go
View File

@@ -11,7 +11,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"git.eeqj.de/sneak/upaas/internal/service/app" "sneak.berlin/go/upaas/internal/service/app"
) )
// apiRouter builds a chi router with the API routes using session auth middleware. // apiRouter builds a chi router with the API routes using session auth middleware.

149
internal/handlers/app.go
View File

@@ -15,9 +15,9 @@ import (
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/service/app" "sneak.berlin/go/upaas/internal/service/app"
"git.eeqj.de/sneak/upaas/templates" "sneak.berlin/go/upaas/templates"
) )
const ( const (
@@ -54,12 +54,18 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
repoURL := request.FormValue("repo_url") repoURL := request.FormValue("repo_url")
branch := request.FormValue("branch") branch := request.FormValue("branch")
dockerfilePath := request.FormValue("dockerfile_path") dockerfilePath := request.FormValue("dockerfile_path")
dockerNetwork := request.FormValue("docker_network")
ntfyTopic := request.FormValue("ntfy_topic")
slackWebhook := request.FormValue("slack_webhook")
data := h.addGlobals(map[string]any{ data := h.addGlobals(map[string]any{
"Name": name, "Name": name,
"RepoURL": repoURL, "RepoURL": repoURL,
"Branch": branch, "Branch": branch,
"DockerfilePath": dockerfilePath, "DockerfilePath": dockerfilePath,
"DockerNetwork": dockerNetwork,
"NtfyTopic": ntfyTopic,
"SlackWebhook": slackWebhook,
}, request) }, request)
if name == "" || repoURL == "" { if name == "" || repoURL == "" {
@@ -72,7 +78,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
nameErr := validateAppName(name) nameErr := validateAppName(name)
if nameErr != nil { if nameErr != nil {
data["Error"] = "Invalid app name: " + nameErr.Error() data["Error"] = "Invalid app name: " + nameErr.Error()
_ = tmpl.ExecuteTemplate(writer, "app_new.html", data) h.renderTemplate(writer, tmpl, "app_new.html", data)
return return
} }
@@ -100,6 +106,9 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
RepoURL: repoURL, RepoURL: repoURL,
Branch: branch, Branch: branch,
DockerfilePath: dockerfilePath, DockerfilePath: dockerfilePath,
DockerNetwork: dockerNetwork,
NtfyTopic: ntfyTopic,
SlackWebhook: slackWebhook,
}, },
) )
if createErr != nil { if createErr != nil {
@@ -228,7 +237,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
"App": application, "App": application,
"Error": "Invalid app name: " + nameErr.Error(), "Error": "Invalid app name: " + nameErr.Error(),
}, request) }, request)
_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data) h.renderTemplate(writer, tmpl, "app_edit.html", data)
return return
} }
@@ -239,7 +248,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
"App": application, "App": application,
"Error": "Invalid repository URL: " + repoURLErr.Error(), "Error": "Invalid repository URL: " + repoURLErr.Error(),
}, request) }, request)
_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data) h.renderTemplate(writer, tmpl, "app_edit.html", data)
return return
} }
@@ -894,50 +903,69 @@ func (h *Handlers) addKeyValueToApp(
http.Redirect(writer, request, "/apps/"+application.ID, http.StatusSeeOther) http.Redirect(writer, request, "/apps/"+application.ID, http.StatusSeeOther)
} }
// HandleEnvVarAdd handles adding an environment variable. // envPairJSON represents a key-value pair in the JSON request body.
func (h *Handlers) HandleEnvVarAdd() http.HandlerFunc { type envPairJSON struct {
return func(writer http.ResponseWriter, request *http.Request) { Key string `json:"key"`
h.addKeyValueToApp( Value string `json:"value"`
writer,
request,
func(ctx context.Context, application *models.App, key, value string) error {
envVar := models.NewEnvVar(h.db)
envVar.AppID = application.ID
envVar.Key = key
envVar.Value = value
return envVar.Save(ctx)
},
)
}
} }
// HandleEnvVarDelete handles deleting an environment variable. // HandleEnvVarSave handles bulk saving of all environment variables.
func (h *Handlers) HandleEnvVarDelete() http.HandlerFunc { // It reads a JSON array of {key, value} objects from the request body,
// deletes all existing env vars for the app, and inserts the full
// submitted set atomically within a database transaction.
func (h *Handlers) HandleEnvVarSave() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) { return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id") appID := chi.URLParam(request, "id")
envVarIDStr := chi.URLParam(request, "varID")
envVarID, parseErr := strconv.ParseInt(envVarIDStr, 10, 64) application, findErr := models.FindApp(request.Context(), h.db, appID)
if parseErr != nil { if findErr != nil || application == nil {
http.NotFound(writer, request) http.NotFound(writer, request)
return return
} }
envVar, findErr := models.FindEnvVar(request.Context(), h.db, envVarID) var pairs []envPairJSON
if findErr != nil || envVar == nil || envVar.AppID != appID {
http.NotFound(writer, request) decodeErr := json.NewDecoder(request.Body).Decode(&pairs)
if decodeErr != nil {
http.Error(writer, "Bad Request", http.StatusBadRequest)
return return
} }
deleteErr := envVar.Delete(request.Context()) // Validate: reject entries with empty keys
if deleteErr != nil { var modelPairs []models.EnvVarPair
h.log.Error("failed to delete env var", "error", deleteErr)
for _, p := range pairs {
trimmedKey := strings.TrimSpace(p.Key)
if trimmedKey == "" {
h.respondJSON(writer, request, map[string]string{
"error": "empty environment variable key is not allowed",
}, http.StatusBadRequest)
return
}
modelPairs = append(modelPairs, models.EnvVarPair{
Key: trimmedKey,
Value: p.Value,
})
} }
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther) // Atomically replace all env vars in a transaction
ctx := request.Context()
replaceErr := models.ReplaceEnvVarsByAppID(ctx, h.db, application.ID, modelPairs)
if replaceErr != nil {
h.log.Error("failed to replace env vars", "error", replaceErr)
h.respondJSON(writer, request, map[string]string{
"error": "failed to save environment variables",
}, http.StatusInternalServerError)
return
}
h.respondJSON(writer, request, map[string]bool{"ok": true}, http.StatusOK)
} }
} }
@@ -1196,59 +1224,6 @@ func ValidateVolumePath(p string) error {
return nil return nil
} }
// HandleEnvVarEdit handles editing an existing environment variable.
func (h *Handlers) HandleEnvVarEdit() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
envVarIDStr := chi.URLParam(request, "varID")
envVarID, parseErr := strconv.ParseInt(envVarIDStr, 10, 64)
if parseErr != nil {
http.NotFound(writer, request)
return
}
envVar, findErr := models.FindEnvVar(request.Context(), h.db, envVarID)
if findErr != nil || envVar == nil || envVar.AppID != appID {
http.NotFound(writer, request)
return
}
formErr := request.ParseForm()
if formErr != nil {
http.Error(writer, "Bad Request", http.StatusBadRequest)
return
}
key := request.FormValue("key")
value := request.FormValue("value")
if key == "" || value == "" {
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
return
}
envVar.Key = key
envVar.Value = value
saveErr := envVar.Save(request.Context())
if saveErr != nil {
h.log.Error("failed to update env var", "error", saveErr)
}
http.Redirect(
writer,
request,
"/apps/"+appID+"?success=env-updated",
http.StatusSeeOther,
)
}
}
// HandleLabelEdit handles editing an existing label. // HandleLabelEdit handles editing an existing label.
func (h *Handlers) HandleLabelEdit() http.HandlerFunc { func (h *Handlers) HandleLabelEdit() http.HandlerFunc {
return func(writer http.ResponseWriter, request *http.Request) { return func(writer http.ResponseWriter, request *http.Request) {

2
internal/handlers/auth.go
View File

@@ -3,7 +3,7 @@ package handlers
import ( import (
"net/http" "net/http"
"git.eeqj.de/sneak/upaas/templates" "sneak.berlin/go/upaas/templates"
) )
// HandleLoginGET returns the login page handler. // HandleLoginGET returns the login page handler.

4
internal/handlers/dashboard.go
View File

@@ -4,8 +4,8 @@ import (
"net/http" "net/http"
"time" "time"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/templates" "sneak.berlin/go/upaas/templates"
) )
// AppStats holds deployment statistics for an app. // AppStats holds deployment statistics for an app.

20
internal/handlers/handlers.go
View File

@@ -10,16 +10,16 @@ import (
"github.com/gorilla/csrf" "github.com/gorilla/csrf"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/docker" "sneak.berlin/go/upaas/internal/docker"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/healthcheck" "sneak.berlin/go/upaas/internal/healthcheck"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/service/app" "sneak.berlin/go/upaas/internal/service/app"
"git.eeqj.de/sneak/upaas/internal/service/auth" "sneak.berlin/go/upaas/internal/service/auth"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/service/deploy"
"git.eeqj.de/sneak/upaas/internal/service/webhook" "sneak.berlin/go/upaas/internal/service/webhook"
"git.eeqj.de/sneak/upaas/templates" "sneak.berlin/go/upaas/templates"
) )
// Params contains dependencies for Handlers. // Params contains dependencies for Handlers.

193
internal/handlers/handlers_test.go
View File

@@ -15,21 +15,21 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/docker" "sneak.berlin/go/upaas/internal/docker"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/handlers" "sneak.berlin/go/upaas/internal/handlers"
"git.eeqj.de/sneak/upaas/internal/healthcheck" "sneak.berlin/go/upaas/internal/healthcheck"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/middleware" "sneak.berlin/go/upaas/internal/middleware"
"git.eeqj.de/sneak/upaas/internal/service/app" "sneak.berlin/go/upaas/internal/service/app"
"git.eeqj.de/sneak/upaas/internal/service/auth" "sneak.berlin/go/upaas/internal/service/auth"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/service/deploy"
"git.eeqj.de/sneak/upaas/internal/service/notify" "sneak.berlin/go/upaas/internal/service/notify"
"git.eeqj.de/sneak/upaas/internal/service/webhook" "sneak.berlin/go/upaas/internal/service/webhook"
) )
type testContext struct { type testContext struct {
@@ -404,6 +404,25 @@ func TestHandleDashboard(t *testing.T) {
assert.Equal(t, http.StatusOK, recorder.Code) assert.Equal(t, http.StatusOK, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Applications") assert.Contains(t, recorder.Body.String(), "Applications")
}) })
t.Run("renders dashboard with apps without crashing on CSRFField", func(t *testing.T) {
t.Parallel()
testCtx := setupTestHandlers(t)
// Create an app so the template iterates over AppStats and hits .CSRFField
createTestApp(t, testCtx, "csrf-test-app")
request := httptest.NewRequest(http.MethodGet, "/", nil)
recorder := httptest.NewRecorder()
handler := testCtx.handlers.HandleDashboard()
handler.ServeHTTP(recorder, request)
assert.Equal(t, http.StatusOK, recorder.Code,
"dashboard should not 500 when apps exist (CSRFField must be accessible)")
assert.Contains(t, recorder.Body.String(), "csrf-test-app")
})
} }
func TestHandleAppNew(t *testing.T) { func TestHandleAppNew(t *testing.T) {
@@ -541,45 +560,87 @@ func testOwnershipVerification(t *testing.T, cfg ownedResourceTestConfig) {
cfg.verifyFn(t, testCtx, resourceID) cfg.verifyFn(t, testCtx, resourceID)
} }
// TestDeleteEnvVarOwnershipVerification tests that deleting an env var // TestHandleEnvVarSaveBulk tests that HandleEnvVarSave replaces all env vars
// via another app's URL path returns 404 (IDOR prevention). // for an app with the submitted set (monolithic delete-all + insert-all).
func TestDeleteEnvVarOwnershipVerification(t *testing.T) { //nolint:dupl // intentionally similar IDOR test pattern func TestHandleEnvVarSaveBulk(t *testing.T) {
t.Parallel() t.Parallel()
testOwnershipVerification(t, ownedResourceTestConfig{ testCtx := setupTestHandlers(t)
appPrefix1: "envvar-owner-app", createdApp := createTestApp(t, testCtx, "envvar-bulk-app")
appPrefix2: "envvar-other-app",
createFn: func(t *testing.T, tc *testContext, ownerApp *models.App) int64 {
t.Helper()
envVar := models.NewEnvVar(tc.database) // Create some pre-existing env vars
envVar.AppID = ownerApp.ID for _, kv := range [][2]string{{"OLD_KEY", "old_value"}, {"REMOVE_ME", "gone"}} {
envVar.Key = "SECRET" ev := models.NewEnvVar(testCtx.database)
envVar.Value = "hunter2" ev.AppID = createdApp.ID
require.NoError(t, envVar.Save(context.Background())) ev.Key = kv[0]
ev.Value = kv[1]
require.NoError(t, ev.Save(context.Background()))
}
return envVar.ID // Submit a new set as a JSON array of key/value objects
}, body := `[{"key":"NEW_KEY","value":"new_value"},{"key":"ANOTHER","value":"42"}]`
deletePath: func(appID string, resourceID int64) string {
return "/apps/" + appID + "/env/" + strconv.FormatInt(resourceID, 10) + "/delete"
},
chiParams: func(appID string, resourceID int64) map[string]string {
return map[string]string{"id": appID, "varID": strconv.FormatInt(resourceID, 10)}
},
handler: func(h *handlers.Handlers) http.HandlerFunc { return h.HandleEnvVarDelete() },
verifyFn: func(t *testing.T, tc *testContext, resourceID int64) {
t.Helper()
found, findErr := models.FindEnvVar(context.Background(), tc.database, resourceID) r := chi.NewRouter()
require.NoError(t, findErr) r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
assert.NotNil(t, found, "env var should still exist after IDOR attempt")
}, request := httptest.NewRequest(
}) http.MethodPost,
"/apps/"+createdApp.ID+"/env",
strings.NewReader(body),
)
request.Header.Set("Content-Type", "application/json")
recorder := httptest.NewRecorder()
r.ServeHTTP(recorder, request)
assert.Equal(t, http.StatusOK, recorder.Code)
// Verify old env vars are gone and new ones exist
envVars, err := models.FindEnvVarsByAppID(
context.Background(), testCtx.database, createdApp.ID,
)
require.NoError(t, err)
assert.Len(t, envVars, 2)
keys := make(map[string]string)
for _, ev := range envVars {
keys[ev.Key] = ev.Value
}
assert.Equal(t, "new_value", keys["NEW_KEY"])
assert.Equal(t, "42", keys["ANOTHER"])
assert.Empty(t, keys["OLD_KEY"], "old env vars should be deleted")
assert.Empty(t, keys["REMOVE_ME"], "old env vars should be deleted")
}
// TestHandleEnvVarSaveAppNotFound tests that HandleEnvVarSave returns 404
// for a non-existent app.
func TestHandleEnvVarSaveAppNotFound(t *testing.T) {
t.Parallel()
testCtx := setupTestHandlers(t)
body := `[{"key":"KEY","value":"value"}]`
r := chi.NewRouter()
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
request := httptest.NewRequest(
http.MethodPost,
"/apps/nonexistent-id/env",
strings.NewReader(body),
)
request.Header.Set("Content-Type", "application/json")
recorder := httptest.NewRecorder()
r.ServeHTTP(recorder, request)
assert.Equal(t, http.StatusNotFound, recorder.Code)
} }
// TestDeleteLabelOwnershipVerification tests that deleting a label // TestDeleteLabelOwnershipVerification tests that deleting a label
// via another app's URL path returns 404 (IDOR prevention). // via another app's URL path returns 404 (IDOR prevention).
func TestDeleteLabelOwnershipVerification(t *testing.T) { //nolint:dupl // intentionally similar IDOR test pattern func TestDeleteLabelOwnershipVerification(t *testing.T) {
t.Parallel() t.Parallel()
testOwnershipVerification(t, ownedResourceTestConfig{ testOwnershipVerification(t, ownedResourceTestConfig{
@@ -695,41 +756,43 @@ func TestDeletePortOwnershipVerification(t *testing.T) {
assert.NotNil(t, found, "port should still exist after IDOR attempt") assert.NotNil(t, found, "port should still exist after IDOR attempt")
} }
// TestHandleEnvVarDeleteUsesCorrectRouteParam verifies that HandleEnvVarDelete // TestHandleEnvVarSaveEmptyClears verifies that submitting an empty JSON
// reads the "varID" chi URL parameter (matching the route definition {varID}), // array deletes all existing env vars for the app.
// not a mismatched name like "envID". func TestHandleEnvVarSaveEmptyClears(t *testing.T) {
func TestHandleEnvVarDeleteUsesCorrectRouteParam(t *testing.T) {
t.Parallel() t.Parallel()
testCtx := setupTestHandlers(t) testCtx := setupTestHandlers(t)
createdApp := createTestApp(t, testCtx, "envvar-clear-app")
createdApp := createTestApp(t, testCtx, "envdelete-param-app") // Create a pre-existing env var
ev := models.NewEnvVar(testCtx.database)
ev.AppID = createdApp.ID
ev.Key = "DELETE_ME"
ev.Value = "gone"
require.NoError(t, ev.Save(context.Background()))
envVar := models.NewEnvVar(testCtx.database) // Submit empty JSON array
envVar.AppID = createdApp.ID
envVar.Key = "DELETE_ME"
envVar.Value = "gone"
require.NoError(t, envVar.Save(context.Background()))
// Use chi router with the real route pattern to test param name
r := chi.NewRouter() r := chi.NewRouter()
r.Post("/apps/{id}/env-vars/{varID}/delete", testCtx.handlers.HandleEnvVarDelete()) r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
request := httptest.NewRequest( request := httptest.NewRequest(
http.MethodPost, http.MethodPost,
"/apps/"+createdApp.ID+"/env-vars/"+strconv.FormatInt(envVar.ID, 10)+"/delete", "/apps/"+createdApp.ID+"/env",
nil, strings.NewReader("[]"),
) )
recorder := httptest.NewRecorder() request.Header.Set("Content-Type", "application/json")
recorder := httptest.NewRecorder()
r.ServeHTTP(recorder, request) r.ServeHTTP(recorder, request)
assert.Equal(t, http.StatusSeeOther, recorder.Code) assert.Equal(t, http.StatusOK, recorder.Code)
// Verify the env var was actually deleted // Verify all env vars are gone
found, findErr := models.FindEnvVar(context.Background(), testCtx.database, envVar.ID) envVars, err := models.FindEnvVarsByAppID(
require.NoError(t, findErr) context.Background(), testCtx.database, createdApp.ID,
assert.Nil(t, found, "env var should be deleted when using correct route param") )
require.NoError(t, err)
assert.Empty(t, envVars, "all env vars should be deleted")
} }
// TestHandleVolumeAddValidatesPaths verifies that HandleVolumeAdd validates // TestHandleVolumeAddValidatesPaths verifies that HandleVolumeAdd validates

2
internal/handlers/repo_url_validation_test.go
View File

@@ -3,7 +3,7 @@ package handlers_test
import ( import (
"testing" "testing"
"git.eeqj.de/sneak/upaas/internal/handlers" "sneak.berlin/go/upaas/internal/handlers"
) )
func TestValidateRepoURL(t *testing.T) { func TestValidateRepoURL(t *testing.T) {

2
internal/handlers/sanitize_test.go
View File

@@ -3,7 +3,7 @@ package handlers_test
import ( import (
"testing" "testing"
"git.eeqj.de/sneak/upaas/internal/handlers" "sneak.berlin/go/upaas/internal/handlers"
) )
func TestSanitizeLogs(t *testing.T) { //nolint:funlen // table-driven tests func TestSanitizeLogs(t *testing.T) { //nolint:funlen // table-driven tests

2
internal/handlers/setup.go
View File

@@ -3,7 +3,7 @@ package handlers
import ( import (
"net/http" "net/http"
"git.eeqj.de/sneak/upaas/templates" "sneak.berlin/go/upaas/templates"
) )
const ( const (

2
internal/handlers/tail_validation_test.go
View File

@@ -3,7 +3,7 @@ package handlers_test
import ( import (
"testing" "testing"
"git.eeqj.de/sneak/upaas/internal/handlers" "sneak.berlin/go/upaas/internal/handlers"
) )
func TestSanitizeTail(t *testing.T) { func TestSanitizeTail(t *testing.T) {

2
internal/handlers/webhook.go
View File

@@ -6,7 +6,7 @@ import (
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
) )
// maxWebhookBodySize is the maximum allowed size of a webhook request body (1MB). // maxWebhookBodySize is the maximum allowed size of a webhook request body (1MB).

56
internal/handlers/webhook_events.go Normal file
View File

@@ -0,0 +1,56 @@
package handlers
import (
"net/http"
"github.com/go-chi/chi/v5"
"sneak.berlin/go/upaas/internal/models"
"sneak.berlin/go/upaas/templates"
)
// webhookEventsLimit is the number of webhook events to show in history.
const webhookEventsLimit = 100
// HandleAppWebhookEvents returns the webhook event history handler.
func (h *Handlers) HandleAppWebhookEvents() http.HandlerFunc {
tmpl := templates.GetParsed()
return func(writer http.ResponseWriter, request *http.Request) {
appID := chi.URLParam(request, "id")
application, findErr := models.FindApp(request.Context(), h.db, appID)
if findErr != nil {
h.log.Error("failed to find app", "error", findErr)
http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
return
}
if application == nil {
http.NotFound(writer, request)
return
}
events, eventsErr := application.GetWebhookEvents(
request.Context(),
webhookEventsLimit,
)
if eventsErr != nil {
h.log.Error("failed to get webhook events",
"error", eventsErr,
"app", appID,
)
events = []*models.WebhookEvent{}
}
data := h.addGlobals(map[string]any{
"App": application,
"Events": events,
}, request)
h.renderTemplate(writer, tmpl, "webhook_events.html", data)
}
}

8
internal/healthcheck/healthcheck.go
View File

@@ -8,10 +8,10 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
) )
// Params contains dependencies for Healthcheck. // Params contains dependencies for Healthcheck.

2
internal/logger/logger.go
View File

@@ -7,7 +7,7 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
) )
// Params contains dependencies for Logger. // Params contains dependencies for Logger.

11
internal/logger/testing.go Normal file
View File

@@ -0,0 +1,11 @@
package logger
import "log/slog"
// NewForTest creates a Logger wrapping the given slog.Logger, for use in tests.
func NewForTest(log *slog.Logger) *Logger {
return &Logger{
log: log,
level: new(slog.LevelVar),
}
}

2
internal/middleware/cors_test.go
View File

@@ -8,7 +8,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
) )
//nolint:gosec // test credentials //nolint:gosec // test credentials

8
internal/middleware/middleware.go
View File

@@ -18,10 +18,10 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"golang.org/x/time/rate" "golang.org/x/time/rate"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/service/auth" "sneak.berlin/go/upaas/internal/service/auth"
) )
// corsMaxAge is the maximum age for CORS preflight responses in seconds. // corsMaxAge is the maximum age for CORS preflight responses in seconds.

2
internal/middleware/ratelimit_test.go
View File

@@ -9,7 +9,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
) )
func newTestMiddleware(t *testing.T) *Middleware { func newTestMiddleware(t *testing.T) *Middleware {

2
internal/models/app.go
View File

@@ -7,7 +7,7 @@ import (
"fmt" "fmt"
"time" "time"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// appColumns is the standard column list for app queries. // appColumns is the standard column list for app queries.

24
internal/models/deployment.go
View File

@@ -5,9 +5,10 @@ import (
"database/sql" "database/sql"
"errors" "errors"
"fmt" "fmt"
"strings"
"time" "time"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// DeploymentStatus represents the status of a deployment. // DeploymentStatus represents the status of a deployment.
@@ -76,7 +77,11 @@ func (d *Deployment) Reload(ctx context.Context) error {
return d.scan(row) return d.scan(row)
} }
// maxLogSize is the maximum size of deployment logs stored in the database (1MB).
const maxLogSize = 1 << 20
// AppendLog appends a log line to the deployment logs. // AppendLog appends a log line to the deployment logs.
// If the total log size exceeds maxLogSize, the oldest lines are truncated.
func (d *Deployment) AppendLog(ctx context.Context, line string) error { func (d *Deployment) AppendLog(ctx context.Context, line string) error {
var currentLogs string var currentLogs string
@@ -84,7 +89,22 @@ func (d *Deployment) AppendLog(ctx context.Context, line string) error {
currentLogs = d.Logs.String currentLogs = d.Logs.String
} }
d.Logs = sql.NullString{String: currentLogs + line + "\n", Valid: true} newLogs := currentLogs + line + "\n"
if len(newLogs) > maxLogSize {
// Keep the most recent logs that fit within the limit.
// Find a newline after the truncation point to avoid partial lines.
truncateAt := len(newLogs) - maxLogSize
idx := strings.Index(newLogs[truncateAt:], "\n")
if idx >= 0 {
newLogs = "[earlier logs truncated]\n" + newLogs[truncateAt+idx+1:]
} else {
newLogs = "[earlier logs truncated]\n" + newLogs[truncateAt:]
}
}
d.Logs = sql.NullString{String: newLogs, Valid: true}
return d.Save(ctx) return d.Save(ctx)
} }

49
internal/models/env_var.go
View File

@@ -1,4 +1,3 @@
//nolint:dupl // Active Record pattern - similar structure to label.go is intentional
package models package models
import ( import (
@@ -7,7 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// EnvVar represents an environment variable for an app. // EnvVar represents an environment variable for an app.
@@ -139,3 +138,49 @@ func DeleteEnvVarsByAppID(
return err return err
} }
// EnvVarPair is a key-value pair for bulk env var operations.
type EnvVarPair struct {
Key string
Value string
}
// ReplaceEnvVarsByAppID atomically replaces all env vars for an app
// within a single database transaction. It deletes all existing env
// vars and inserts the provided pairs. If any operation fails, the
// entire transaction is rolled back.
func ReplaceEnvVarsByAppID(
ctx context.Context,
db *database.Database,
appID string,
pairs []EnvVarPair,
) error {
tx, err := db.BeginTx(ctx, nil)
if err != nil {
return fmt.Errorf("beginning transaction: %w", err)
}
defer func() { _ = tx.Rollback() }()
_, err = tx.ExecContext(ctx, "DELETE FROM app_env_vars WHERE app_id = ?", appID)
if err != nil {
return fmt.Errorf("deleting env vars: %w", err)
}
for _, p := range pairs {
_, err = tx.ExecContext(ctx,
"INSERT INTO app_env_vars (app_id, key, value) VALUES (?, ?, ?)",
appID, p.Key, p.Value,
)
if err != nil {
return fmt.Errorf("inserting env var %q: %w", p.Key, err)
}
}
err = tx.Commit()
if err != nil {
return fmt.Errorf("committing transaction: %w", err)
}
return nil
}

3
internal/models/label.go
View File

@@ -1,4 +1,3 @@
//nolint:dupl // Active Record pattern - similar structure to env_var.go is intentional
package models package models
import ( import (
@@ -7,7 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// Label represents a Docker label for an app container. // Label represents a Docker label for an app container.

10
internal/models/models_test.go
View File

@@ -10,11 +10,11 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
) )
// Test constants to satisfy goconst linter. // Test constants to satisfy goconst linter.

2
internal/models/port.go
View File

@@ -6,7 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// PortProtocol represents the protocol for a port mapping. // PortProtocol represents the protocol for a port mapping.

2
internal/models/user.go
View File

@@ -8,7 +8,7 @@ import (
"fmt" "fmt"
"time" "time"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// User represents a user in the system. // User represents a user in the system.

2
internal/models/volume.go
View File

@@ -6,7 +6,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// Volume represents a volume mount for an app container. // Volume represents a volume mount for an app container.

16
internal/models/webhook_event.go
View File

@@ -7,7 +7,7 @@ import (
"fmt" "fmt"
"time" "time"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
) )
// WebhookEvent represents a received webhook event. // WebhookEvent represents a received webhook event.
@@ -52,6 +52,20 @@ func (w *WebhookEvent) Reload(ctx context.Context) error {
return w.scan(row) return w.scan(row)
} }
// ShortCommit returns a truncated commit SHA for display.
func (w *WebhookEvent) ShortCommit() string {
if !w.CommitSHA.Valid {
return ""
}
sha := w.CommitSHA.String
if len(sha) > shortCommitLength {
return sha[:shortCommitLength]
}
return sha
}
func (w *WebhookEvent) insert(ctx context.Context) error { func (w *WebhookEvent) insert(ctx context.Context) error {
query := ` query := `
INSERT INTO webhook_events ( INSERT INTO webhook_events (

9
internal/server/routes.go
View File

@@ -8,7 +8,7 @@ import (
chimw "github.com/go-chi/chi/v5/middleware" chimw "github.com/go-chi/chi/v5/middleware"
"github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/client_golang/prometheus/promhttp"
"git.eeqj.de/sneak/upaas/static" "sneak.berlin/go/upaas/static"
) )
// requestTimeout is the maximum duration for handling a request. // requestTimeout is the maximum duration for handling a request.
@@ -70,6 +70,7 @@ func (s *Server) SetupRoutes() {
r.Post("/apps/{id}/deploy", s.handlers.HandleAppDeploy()) r.Post("/apps/{id}/deploy", s.handlers.HandleAppDeploy())
r.Post("/apps/{id}/deployments/cancel", s.handlers.HandleCancelDeploy()) r.Post("/apps/{id}/deployments/cancel", s.handlers.HandleCancelDeploy())
r.Get("/apps/{id}/deployments", s.handlers.HandleAppDeployments()) r.Get("/apps/{id}/deployments", s.handlers.HandleAppDeployments())
r.Get("/apps/{id}/webhooks", s.handlers.HandleAppWebhookEvents())
r.Get("/apps/{id}/deployments/{deploymentID}/logs", s.handlers.HandleDeploymentLogsAPI()) r.Get("/apps/{id}/deployments/{deploymentID}/logs", s.handlers.HandleDeploymentLogsAPI())
r.Get("/apps/{id}/deployments/{deploymentID}/download", s.handlers.HandleDeploymentLogDownload()) r.Get("/apps/{id}/deployments/{deploymentID}/download", s.handlers.HandleDeploymentLogDownload())
r.Get("/apps/{id}/logs", s.handlers.HandleAppLogs()) r.Get("/apps/{id}/logs", s.handlers.HandleAppLogs())
@@ -81,10 +82,8 @@ func (s *Server) SetupRoutes() {
r.Post("/apps/{id}/stop", s.handlers.HandleAppStop()) r.Post("/apps/{id}/stop", s.handlers.HandleAppStop())
r.Post("/apps/{id}/start", s.handlers.HandleAppStart()) r.Post("/apps/{id}/start", s.handlers.HandleAppStart())
// Environment variables // Environment variables (monolithic bulk save)
r.Post("/apps/{id}/env-vars", s.handlers.HandleEnvVarAdd()) r.Post("/apps/{id}/env", s.handlers.HandleEnvVarSave())
r.Post("/apps/{id}/env-vars/{varID}/edit", s.handlers.HandleEnvVarEdit())
r.Post("/apps/{id}/env-vars/{varID}/delete", s.handlers.HandleEnvVarDelete())
// Labels // Labels
r.Post("/apps/{id}/labels", s.handlers.HandleLabelAdd()) r.Post("/apps/{id}/labels", s.handlers.HandleLabelAdd())

10
internal/server/server.go
View File

@@ -12,11 +12,11 @@ import (
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/handlers" "sneak.berlin/go/upaas/internal/handlers"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/middleware" "sneak.berlin/go/upaas/internal/middleware"
) )
// Params contains dependencies for Server. // Params contains dependencies for Server.

8
internal/service/app/app.go
View File

@@ -14,10 +14,10 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/ssh" "sneak.berlin/go/upaas/internal/ssh"
) )
// ServiceParams contains dependencies for Service. // ServiceParams contains dependencies for Service.

12
internal/service/app/app_test.go
View File

@@ -8,12 +8,12 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/service/app" "sneak.berlin/go/upaas/internal/service/app"
) )
func setupTestService(t *testing.T) (*app.Service, func()) { func setupTestService(t *testing.T) (*app.Service, func()) {

8
internal/service/auth/auth.go
View File

@@ -15,10 +15,10 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"golang.org/x/crypto/argon2" "golang.org/x/crypto/argon2"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
) )
const ( const (

10
internal/service/auth/auth_test.go
View File

@@ -12,11 +12,11 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/service/auth" "sneak.berlin/go/upaas/internal/service/auth"
) )
func setupTestService(t *testing.T) (*auth.Service, func()) { func setupTestService(t *testing.T) (*auth.Service, func()) {

62
internal/service/deploy/deploy.go
View File

@@ -17,12 +17,12 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/docker" "sneak.berlin/go/upaas/internal/docker"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/service/notify" "sneak.berlin/go/upaas/internal/service/notify"
) )
// Time constants. // Time constants.
@@ -251,8 +251,8 @@ func New(lc fx.Lifecycle, params ServiceParams) (*Service, error) {
} }
// GetBuildDir returns the build directory path for an app. // GetBuildDir returns the build directory path for an app.
func (svc *Service) GetBuildDir(appID string) string { func (svc *Service) GetBuildDir(appName string) string {
return filepath.Join(svc.config.DataDir, "builds", appID) return filepath.Join(svc.config.DataDir, "builds", appName)
} }
// GetLogFilePath returns the path to the log file for a deployment. // GetLogFilePath returns the path to the log file for a deployment.
@@ -417,15 +417,13 @@ func (svc *Service) executeRollback(
svc.removeOldContainer(ctx, app, deployment) svc.removeOldContainer(ctx, app, deployment)
rollbackOpts, err := svc.buildContainerOptions(ctx, app, deployment.ID) rollbackOpts, err := svc.buildContainerOptions(ctx, app, docker.ImageID(previousImageID))
if err != nil { if err != nil {
svc.failDeployment(bgCtx, app, deployment, err) svc.failDeployment(bgCtx, app, deployment, err)
return fmt.Errorf("failed to build container options: %w", err) return fmt.Errorf("failed to build container options: %w", err)
} }
rollbackOpts.Image = previousImageID
containerID, err := svc.docker.CreateContainer(ctx, rollbackOpts) containerID, err := svc.docker.CreateContainer(ctx, rollbackOpts)
if err != nil { if err != nil {
svc.failDeployment(bgCtx, app, deployment, fmt.Errorf("failed to create rollback container: %w", err)) svc.failDeployment(bgCtx, app, deployment, fmt.Errorf("failed to create rollback container: %w", err))
@@ -433,8 +431,8 @@ func (svc *Service) executeRollback(
return fmt.Errorf("failed to create rollback container: %w", err) return fmt.Errorf("failed to create rollback container: %w", err)
} }
deployment.ContainerID = sql.NullString{String: containerID, Valid: true} deployment.ContainerID = sql.NullString{String: containerID.String(), Valid: true}
_ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID) _ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID.String())
startErr := svc.docker.StartContainer(ctx, containerID) startErr := svc.docker.StartContainer(ctx, containerID)
if startErr != nil { if startErr != nil {
@@ -516,7 +514,7 @@ func (svc *Service) buildImageWithTimeout(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
deployment *models.Deployment, deployment *models.Deployment,
) (string, error) { ) (docker.ImageID, error) {
buildCtx, cancel := context.WithTimeout(ctx, buildTimeout) buildCtx, cancel := context.WithTimeout(ctx, buildTimeout)
defer cancel() defer cancel()
@@ -541,7 +539,7 @@ func (svc *Service) deployContainerWithTimeout(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
deployment *models.Deployment, deployment *models.Deployment,
imageID string, imageID docker.ImageID,
) error { ) error {
deployCtx, cancel := context.WithTimeout(ctx, deployTimeout) deployCtx, cancel := context.WithTimeout(ctx, deployTimeout)
defer cancel() defer cancel()
@@ -669,7 +667,7 @@ func (svc *Service) checkCancelled(
bgCtx context.Context, bgCtx context.Context,
app *models.App, app *models.App,
deployment *models.Deployment, deployment *models.Deployment,
imageID string, imageID docker.ImageID,
) error { ) error {
if !errors.Is(deployCtx.Err(), context.Canceled) { if !errors.Is(deployCtx.Err(), context.Canceled) {
return nil return nil
@@ -689,7 +687,7 @@ func (svc *Service) cleanupCancelledDeploy(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
deployment *models.Deployment, deployment *models.Deployment,
imageID string, imageID docker.ImageID,
) { ) {
// Clean up the intermediate Docker image if one was built // Clean up the intermediate Docker image if one was built
if imageID != "" { if imageID != "" {
@@ -697,11 +695,11 @@ func (svc *Service) cleanupCancelledDeploy(
if removeErr != nil { if removeErr != nil {
svc.log.Error("failed to remove image from cancelled deploy", svc.log.Error("failed to remove image from cancelled deploy",
"error", removeErr, "app", app.Name, "image", imageID) "error", removeErr, "app", app.Name, "image", imageID)
_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+imageID+": "+removeErr.Error()) _ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+imageID.String()+": "+removeErr.Error())
} else { } else {
svc.log.Info("cleaned up image from cancelled deploy", svc.log.Info("cleaned up image from cancelled deploy",
"app", app.Name, "image", imageID) "app", app.Name, "image", imageID)
_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+imageID) _ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+imageID.String())
} }
} }
@@ -818,7 +816,7 @@ func (svc *Service) buildImage(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
deployment *models.Deployment, deployment *models.Deployment,
) (string, error) { ) (docker.ImageID, error) {
workDir, cleanup, err := svc.cloneRepository(ctx, app, deployment) workDir, cleanup, err := svc.cloneRepository(ctx, app, deployment)
if err != nil { if err != nil {
return "", err return "", err
@@ -852,8 +850,8 @@ func (svc *Service) buildImage(
return "", fmt.Errorf("failed to build image: %w", err) return "", fmt.Errorf("failed to build image: %w", err)
} }
deployment.ImageID = sql.NullString{String: imageID, Valid: true} deployment.ImageID = sql.NullString{String: imageID.String(), Valid: true}
_ = deployment.AppendLog(ctx, "Image built: "+imageID) _ = deployment.AppendLog(ctx, "Image built: "+imageID.String())
return imageID, nil return imageID, nil
} }
@@ -1011,16 +1009,16 @@ func (svc *Service) removeOldContainer(
svc.log.Warn("failed to remove old container", "error", removeErr) svc.log.Warn("failed to remove old container", "error", removeErr)
} }
_ = deployment.AppendLog(ctx, "Old container removed: "+containerInfo.ID[:12]) _ = deployment.AppendLog(ctx, "Old container removed: "+string(containerInfo.ID[:12]))
} }
func (svc *Service) createAndStartContainer( func (svc *Service) createAndStartContainer(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
deployment *models.Deployment, deployment *models.Deployment,
_ string, imageID docker.ImageID,
) (string, error) { ) (docker.ContainerID, error) {
containerOpts, err := svc.buildContainerOptions(ctx, app, deployment.ID) containerOpts, err := svc.buildContainerOptions(ctx, app, imageID)
if err != nil { if err != nil {
svc.failDeployment(ctx, app, deployment, err) svc.failDeployment(ctx, app, deployment, err)
@@ -1040,8 +1038,8 @@ func (svc *Service) createAndStartContainer(
return "", fmt.Errorf("failed to create container: %w", err) return "", fmt.Errorf("failed to create container: %w", err)
} }
deployment.ContainerID = sql.NullString{String: containerID, Valid: true} deployment.ContainerID = sql.NullString{String: containerID.String(), Valid: true}
_ = deployment.AppendLog(ctx, "Container created: "+containerID) _ = deployment.AppendLog(ctx, "Container created: "+containerID.String())
startErr := svc.docker.StartContainer(ctx, containerID) startErr := svc.docker.StartContainer(ctx, containerID)
if startErr != nil { if startErr != nil {
@@ -1064,7 +1062,7 @@ func (svc *Service) createAndStartContainer(
func (svc *Service) buildContainerOptions( func (svc *Service) buildContainerOptions(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
deploymentID int64, imageID docker.ImageID,
) (docker.CreateContainerOptions, error) { ) (docker.CreateContainerOptions, error) {
envVars, err := app.GetEnvVars(ctx) envVars, err := app.GetEnvVars(ctx)
if err != nil { if err != nil {
@@ -1098,7 +1096,7 @@ func (svc *Service) buildContainerOptions(
return docker.CreateContainerOptions{ return docker.CreateContainerOptions{
Name: "upaas-" + app.Name, Name: "upaas-" + app.Name,
Image: fmt.Sprintf("upaas-%s:%d", app.Name, deploymentID), Image: imageID.String(),
Env: envMap, Env: envMap,
Labels: buildLabelMap(app, labels), Labels: buildLabelMap(app, labels),
Volumes: buildVolumeMounts(volumes), Volumes: buildVolumeMounts(volumes),
@@ -1148,9 +1146,9 @@ func buildPortMappings(ports []*models.Port) []docker.PortMapping {
func (svc *Service) updateAppRunning( func (svc *Service) updateAppRunning(
ctx context.Context, ctx context.Context,
app *models.App, app *models.App,
imageID string, imageID docker.ImageID,
) error { ) error {
app.ImageID = sql.NullString{String: imageID, Valid: true} app.ImageID = sql.NullString{String: imageID.String(), Valid: true}
app.Status = models.AppStatusRunning app.Status = models.AppStatusRunning
saveErr := app.Save(ctx) saveErr := app.Save(ctx)

2
internal/service/deploy/deploy_cancel_test.go
View File

@@ -9,7 +9,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/service/deploy"
) )
func TestCancelActiveDeploy_NoExisting(t *testing.T) { func TestCancelActiveDeploy_NoExisting(t *testing.T) {

4
internal/service/deploy/deploy_cleanup_test.go
View File

@@ -10,8 +10,8 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/service/deploy"
) )
func TestCleanupCancelledDeploy_RemovesBuildDir(t *testing.T) { func TestCleanupCancelledDeploy_RemovesBuildDir(t *testing.T) {

45
internal/service/deploy/deploy_container_test.go Normal file
View File

@@ -0,0 +1,45 @@
package deploy_test
import (
"context"
"log/slog"
"os"
"testing"
"sneak.berlin/go/upaas/internal/database"
"sneak.berlin/go/upaas/internal/docker"
"sneak.berlin/go/upaas/internal/models"
"sneak.berlin/go/upaas/internal/service/deploy"
)
func TestBuildContainerOptionsUsesImageID(t *testing.T) {
t.Parallel()
db := database.NewTestDatabase(t)
app := models.NewApp(db)
app.Name = "myapp"
err := app.Save(context.Background())
if err != nil {
t.Fatalf("failed to save app: %v", err)
}
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
svc := deploy.NewTestService(log)
const expectedImageID = docker.ImageID("sha256:abc123def456")
opts, err := svc.BuildContainerOptionsExported(context.Background(), app, expectedImageID)
if err != nil {
t.Fatalf("buildContainerOptions returned error: %v", err)
}
if opts.Image != expectedImageID.String() {
t.Errorf("expected Image=%q, got %q", expectedImageID, opts.Image)
}
if opts.Name != "upaas-myapp" {
t.Errorf("expected Name=%q, got %q", "upaas-myapp", opts.Name)
}
}

14
internal/service/deploy/export_test.go
View File

@@ -8,8 +8,9 @@ import (
"path/filepath" "path/filepath"
"strings" "strings"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/docker" "sneak.berlin/go/upaas/internal/docker"
"sneak.berlin/go/upaas/internal/models"
) )
// NewTestService creates a Service with minimal dependencies for testing. // NewTestService creates a Service with minimal dependencies for testing.
@@ -80,3 +81,12 @@ func (svc *Service) CleanupCancelledDeploy(
func (svc *Service) GetBuildDirExported(appName string) string { func (svc *Service) GetBuildDirExported(appName string) string {
return svc.GetBuildDir(appName) return svc.GetBuildDir(appName)
} }
// BuildContainerOptionsExported exposes buildContainerOptions for testing.
func (svc *Service) BuildContainerOptionsExported(
ctx context.Context,
app *models.App,
imageID docker.ImageID,
) (docker.CreateContainerOptions, error) {
return svc.buildContainerOptions(ctx, app, imageID)
}

4
internal/service/notify/notify.go
View File

@@ -15,8 +15,8 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
) )
// HTTP client timeout. // HTTP client timeout.

10
internal/service/webhook/types.go Normal file
View File

@@ -0,0 +1,10 @@
package webhook
// UnparsedURL is a URL stored as a plain string without parsing.
// Use this instead of string when the value is known to be a URL
// but should not be parsed into a net/url.URL (e.g. webhook URLs,
// compare URLs from external payloads).
type UnparsedURL string
// String implements the fmt.Stringer interface.
func (u UnparsedURL) String() string { return string(u) }

37
internal/service/webhook/webhook.go
View File

@@ -10,10 +10,11 @@ import (
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/models"
"sneak.berlin/go/upaas/internal/service/deploy"
) )
// ServiceParams contains dependencies for Service. // ServiceParams contains dependencies for Service.
@@ -47,24 +48,24 @@ func New(_ fx.Lifecycle, params ServiceParams) (*Service, error) {
// //
//nolint:tagliatelle // Field names match Gitea API (snake_case) //nolint:tagliatelle // Field names match Gitea API (snake_case)
type GiteaPushPayload struct { type GiteaPushPayload struct {
Ref string `json:"ref"` Ref string `json:"ref"`
Before string `json:"before"` Before string `json:"before"`
After string `json:"after"` After string `json:"after"`
CompareURL string `json:"compare_url"` CompareURL UnparsedURL `json:"compare_url"`
Repository struct { Repository struct {
FullName string `json:"full_name"` FullName string `json:"full_name"`
CloneURL string `json:"clone_url"` CloneURL UnparsedURL `json:"clone_url"`
SSHURL string `json:"ssh_url"` SSHURL string `json:"ssh_url"`
HTMLURL string `json:"html_url"` HTMLURL UnparsedURL `json:"html_url"`
} `json:"repository"` } `json:"repository"`
Pusher struct { Pusher struct {
Username string `json:"username"` Username string `json:"username"`
Email string `json:"email"` Email string `json:"email"`
} `json:"pusher"` } `json:"pusher"`
Commits []struct { Commits []struct {
ID string `json:"id"` ID string `json:"id"`
URL string `json:"url"` URL UnparsedURL `json:"url"`
Message string `json:"message"` Message string `json:"message"`
Author struct { Author struct {
Name string `json:"name"` Name string `json:"name"`
Email string `json:"email"` Email string `json:"email"`
@@ -104,7 +105,7 @@ func (svc *Service) HandleWebhook(
event.EventType = eventType event.EventType = eventType
event.Branch = branch event.Branch = branch
event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""} event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""}
event.CommitURL = sql.NullString{String: commitURL, Valid: commitURL != ""} event.CommitURL = sql.NullString{String: commitURL.String(), Valid: commitURL != ""}
event.Payload = sql.NullString{String: string(payload), Valid: true} event.Payload = sql.NullString{String: string(payload), Valid: true}
event.Matched = matched event.Matched = matched
event.Processed = false event.Processed = false
@@ -168,7 +169,7 @@ func extractBranch(ref string) string {
// extractCommitURL extracts the commit URL from the webhook payload. // extractCommitURL extracts the commit URL from the webhook payload.
// Prefers the URL from the head commit, falls back to constructing from repo URL. // Prefers the URL from the head commit, falls back to constructing from repo URL.
func extractCommitURL(payload GiteaPushPayload) string { func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
// Try to find the URL from the head commit (matching After SHA) // Try to find the URL from the head commit (matching After SHA)
for _, commit := range payload.Commits { for _, commit := range payload.Commits {
if commit.ID == payload.After && commit.URL != "" { if commit.ID == payload.After && commit.URL != "" {
@@ -178,7 +179,7 @@ func extractCommitURL(payload GiteaPushPayload) string {
// Fall back to constructing URL from repo HTML URL // Fall back to constructing URL from repo HTML URL
if payload.Repository.HTMLURL != "" && payload.After != "" { if payload.Repository.HTMLURL != "" && payload.After != "" {
return payload.Repository.HTMLURL + "/commit/" + payload.After return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
} }
return "" return ""

18
internal/service/webhook/webhook_test.go
View File

@@ -12,15 +12,15 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"go.uber.org/fx" "go.uber.org/fx"
"git.eeqj.de/sneak/upaas/internal/config" "sneak.berlin/go/upaas/internal/config"
"git.eeqj.de/sneak/upaas/internal/database" "sneak.berlin/go/upaas/internal/database"
"git.eeqj.de/sneak/upaas/internal/docker" "sneak.berlin/go/upaas/internal/docker"
"git.eeqj.de/sneak/upaas/internal/globals" "sneak.berlin/go/upaas/internal/globals"
"git.eeqj.de/sneak/upaas/internal/logger" "sneak.berlin/go/upaas/internal/logger"
"git.eeqj.de/sneak/upaas/internal/models" "sneak.berlin/go/upaas/internal/models"
"git.eeqj.de/sneak/upaas/internal/service/deploy" "sneak.berlin/go/upaas/internal/service/deploy"
"git.eeqj.de/sneak/upaas/internal/service/notify" "sneak.berlin/go/upaas/internal/service/notify"
"git.eeqj.de/sneak/upaas/internal/service/webhook" "sneak.berlin/go/upaas/internal/service/webhook"
) )
type testDeps struct { type testDeps struct {

2
internal/ssh/keygen_test.go
View File

@@ -4,9 +4,9 @@ import (
"strings" "strings"
"testing" "testing"
"git.eeqj.de/sneak/upaas/internal/ssh"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"sneak.berlin/go/upaas/internal/ssh"
) )
func TestGenerateKeyPair(t *testing.T) { func TestGenerateKeyPair(t *testing.T) {

3047
static/js/alpine.min.js vendored
View File

File diff suppressed because one or more lines are too long

317
static/js/app-detail.js Normal file
View File

@@ -0,0 +1,317 @@
/**
* upaas - App Detail Page Component
*
* Handles the single-app view: status polling, container logs,
* build logs, and recent deployments list.
*/
document.addEventListener("alpine:init", () => {
// ============================================
// Environment Variable Editor Component
// ============================================
Alpine.data("envVarEditor", (appId) => ({
vars: [],
editIdx: -1,
editKey: "",
editVal: "",
appId: appId,
init() {
this.vars = Array.from(this.$el.querySelectorAll(".env-init")).map(
(span) => ({
key: span.dataset.key,
value: span.dataset.value,
}),
);
},
startEdit(i) {
this.editIdx = i;
this.editKey = this.vars[i].key;
this.editVal = this.vars[i].value;
},
saveEdit(i) {
this.vars[i] = { key: this.editKey, value: this.editVal };
this.editIdx = -1;
this.submitAll();
},
removeVar(i) {
if (!window.confirm("Delete this environment variable?")) {
return;
}
this.vars.splice(i, 1);
this.submitAll();
},
addVar(keyEl, valEl) {
const k = keyEl.value.trim();
const v = valEl.value.trim();
if (!k) {
return;
}
this.vars.push({ key: k, value: v });
this.submitAll();
},
submitAll() {
const csrfInput = this.$el.querySelector(
'input[name="gorilla.csrf.Token"]',
);
const csrfToken = csrfInput ? csrfInput.value : "";
fetch("/apps/" + this.appId + "/env", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-CSRF-Token": csrfToken,
},
body: JSON.stringify(
this.vars.map((e) => ({ key: e.key, value: e.value })),
),
})
.then((res) => {
if (res.ok) {
window.location.reload();
return;
}
res.json()
.then((data) => {
window.alert(
data.error ||
"Failed to save environment variables.",
);
})
.catch(() => {
window.alert(
"Failed to save environment variables.",
);
});
})
.catch(() => {
window.alert(
"Network error: could not save environment variables.",
);
});
},
}));
// ============================================
// App Detail Page Component
// ============================================
Alpine.data("appDetail", (config) => ({
appId: config.appId,
currentDeploymentId: config.initialDeploymentId,
appStatus: config.initialStatus || "unknown",
containerLogs: "Loading container logs...",
containerStatus: "unknown",
buildLogs: config.initialDeploymentId
? "Loading build logs..."
: "No deployments yet",
buildStatus: config.initialBuildStatus || "unknown",
showBuildLogs: !!config.initialDeploymentId,
deploying: false,
deployments: [],
// Track whether user wants auto-scroll (per log pane)
_containerAutoScroll: true,
_buildAutoScroll: true,
_pollTimer: null,
init() {
this.deploying = Alpine.store("utils").isDeploying(this.appStatus);
this.fetchAll();
this._schedulePoll();
// Set up scroll listeners after DOM is ready
this.$nextTick(() => {
this._initScrollTracking(
this.$refs.containerLogsWrapper,
"_containerAutoScroll",
);
this._initScrollTracking(
this.$refs.buildLogsWrapper,
"_buildAutoScroll",
);
});
},
_schedulePoll() {
if (this._pollTimer) clearTimeout(this._pollTimer);
const interval = Alpine.store("utils").isDeploying(this.appStatus)
? 1000
: 10000;
this._pollTimer = setTimeout(() => {
this.fetchAll();
this._schedulePoll();
}, interval);
},
_initScrollTracking(el, flag) {
if (!el) return;
el.addEventListener(
"scroll",
() => {
this[flag] = Alpine.store("utils").isScrolledToBottom(el);
},
{ passive: true },
);
},
fetchAll() {
this.fetchAppStatus();
// Only fetch logs when the respective pane is visible
if (
this.$refs.containerLogsWrapper &&
this._isElementVisible(this.$refs.containerLogsWrapper)
) {
this.fetchContainerLogs();
}
if (
this.showBuildLogs &&
this.$refs.buildLogsWrapper &&
this._isElementVisible(this.$refs.buildLogsWrapper)
) {
this.fetchBuildLogs();
}
this.fetchRecentDeployments();
},
_isElementVisible(el) {
if (!el) return false;
// Check if element is in viewport (roughly)
const rect = el.getBoundingClientRect();
return rect.bottom > 0 && rect.top < window.innerHeight;
},
async fetchAppStatus() {
try {
const res = await fetch(`/apps/${this.appId}/status`);
const data = await res.json();
const wasDeploying = this.deploying;
this.appStatus = data.status;
this.deploying = Alpine.store("utils").isDeploying(data.status);
// Re-schedule polling when deployment state changes
if (this.deploying !== wasDeploying) {
this._schedulePoll();
}
if (
data.latestDeploymentID &&
data.latestDeploymentID !== this.currentDeploymentId
) {
this.currentDeploymentId = data.latestDeploymentID;
this.showBuildLogs = true;
this.fetchBuildLogs();
}
} catch (err) {
console.error("Status fetch error:", err);
}
},
async fetchContainerLogs() {
try {
const res = await fetch(`/apps/${this.appId}/container-logs`);
const data = await res.json();
const newLogs = data.logs || "No logs available";
const changed = newLogs !== this.containerLogs;
this.containerLogs = newLogs;
this.containerStatus = data.status;
if (changed && this._containerAutoScroll) {
this.$nextTick(() => {
Alpine.store("utils").scrollToBottom(
this.$refs.containerLogsWrapper,
);
});
}
} catch (err) {
this.containerLogs = "Failed to fetch logs";
}
},
async fetchBuildLogs() {
if (!this.currentDeploymentId) return;
try {
const res = await fetch(
`/apps/${this.appId}/deployments/${this.currentDeploymentId}/logs`,
);
const data = await res.json();
const newLogs = data.logs || "No build logs available";
const changed = newLogs !== this.buildLogs;
this.buildLogs = newLogs;
this.buildStatus = data.status;
if (changed && this._buildAutoScroll) {
this.$nextTick(() => {
Alpine.store("utils").scrollToBottom(
this.$refs.buildLogsWrapper,
);
});
}
} catch (err) {
this.buildLogs = "Failed to fetch logs";
}
},
async fetchRecentDeployments() {
try {
const res = await fetch(
`/apps/${this.appId}/recent-deployments`,
);
const data = await res.json();
this.deployments = data.deployments || [];
} catch (err) {
console.error("Deployments fetch error:", err);
}
},
submitDeploy() {
this.deploying = true;
},
get statusBadgeClass() {
return Alpine.store("utils").statusBadgeClass(this.appStatus);
},
get statusLabel() {
return Alpine.store("utils").statusLabel(this.appStatus);
},
get containerStatusBadgeClass() {
return (
Alpine.store("utils").statusBadgeClass(this.containerStatus) +
" text-xs"
);
},
get containerStatusLabel() {
return Alpine.store("utils").statusLabel(this.containerStatus);
},
get buildStatusBadgeClass() {
return (
Alpine.store("utils").statusBadgeClass(this.buildStatus) +
" text-xs"
);
},
get buildStatusLabel() {
return Alpine.store("utils").statusLabel(this.buildStatus);
},
deploymentStatusClass(status) {
return Alpine.store("utils").statusBadgeClass(status);
},
deploymentStatusLabel(status) {
return Alpine.store("utils").statusLabel(status);
},
formatTime(isoTime) {
return Alpine.store("utils").formatRelativeTime(isoTime);
},
}));
});

581
static/js/app.js
View File

@@ -1,581 +0,0 @@
/**
* upaas - Frontend JavaScript with Alpine.js
*/
document.addEventListener("alpine:init", () => {
// ============================================
// Global Utilities Store
// ============================================
Alpine.store("utils", {
/**
* Format a date string as relative time (e.g., "5 minutes ago")
*/
formatRelativeTime(dateStr) {
if (!dateStr) return "";
const date = new Date(dateStr);
const now = new Date();
const diffMs = now - date;
const diffSec = Math.floor(diffMs / 1000);
const diffMin = Math.floor(diffSec / 60);
const diffHour = Math.floor(diffMin / 60);
const diffDay = Math.floor(diffHour / 24);
if (diffSec < 60) return "just now";
if (diffMin < 60)
return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
if (diffHour < 24)
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
if (diffDay < 7)
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
return date.toLocaleDateString();
},
/**
* Get the badge class for a given status
*/
statusBadgeClass(status) {
if (status === "running" || status === "success") return "badge-success";
if (status === "building" || status === "deploying")
return "badge-warning";
if (status === "failed" || status === "error") return "badge-error";
return "badge-neutral";
},
/**
* Format status for display (capitalize first letter)
*/
statusLabel(status) {
if (!status) return "";
return status.charAt(0).toUpperCase() + status.slice(1);
},
/**
* Check if status indicates active deployment
*/
isDeploying(status) {
return status === "building" || status === "deploying";
},
/**
* Scroll an element to the bottom
*/
scrollToBottom(el) {
if (el) {
requestAnimationFrame(() => {
el.scrollTop = el.scrollHeight;
});
}
},
/**
* Check if a scrollable element is at (or near) the bottom.
* Tolerance of 30px accounts for rounding and partial lines.
*/
isScrolledToBottom(el, tolerance = 30) {
if (!el) return true;
return el.scrollHeight - el.scrollTop - el.clientHeight <= tolerance;
},
/**
* Copy text to clipboard
*/
async copyToClipboard(text, button) {
try {
await navigator.clipboard.writeText(text);
return true;
} catch (err) {
// Fallback for older browsers
const textArea = document.createElement("textarea");
textArea.value = text;
textArea.style.position = "fixed";
textArea.style.left = "-9999px";
document.body.appendChild(textArea);
textArea.select();
try {
document.execCommand("copy");
document.body.removeChild(textArea);
return true;
} catch (e) {
document.body.removeChild(textArea);
return false;
}
}
},
});
// ============================================
// Copy Button Component
// ============================================
Alpine.data("copyButton", (targetId) => ({
copied: false,
async copy() {
const target = document.getElementById(targetId);
if (!target) return;
const text = target.textContent || target.value;
const success = await Alpine.store("utils").copyToClipboard(text);
if (success) {
this.copied = true;
setTimeout(() => {
this.copied = false;
}, 2000);
}
},
}));
// ============================================
// Confirm Action Component
// ============================================
Alpine.data("confirmAction", (message) => ({
confirm(event) {
if (!window.confirm(message)) {
event.preventDefault();
}
},
}));
// ============================================
// Auto-dismiss Alert Component
// ============================================
Alpine.data("autoDismiss", (delay = 5000) => ({
show: true,
init() {
setTimeout(() => {
this.dismiss();
}, delay);
},
dismiss() {
this.show = false;
setTimeout(() => {
this.$el.remove();
}, 300);
},
}));
// ============================================
// Relative Time Component
// ============================================
Alpine.data("relativeTime", (isoTime) => ({
display: "",
init() {
this.update();
// Update every minute
setInterval(() => this.update(), 60000);
},
update() {
this.display = Alpine.store("utils").formatRelativeTime(isoTime);
},
}));
// ============================================
// App Detail Page Component
// ============================================
Alpine.data("appDetail", (config) => ({
appId: config.appId,
currentDeploymentId: config.initialDeploymentId,
appStatus: config.initialStatus || "unknown",
containerLogs: "Loading container logs...",
containerStatus: "unknown",
buildLogs: config.initialDeploymentId
? "Loading build logs..."
: "No deployments yet",
buildStatus: config.initialBuildStatus || "unknown",
showBuildLogs: !!config.initialDeploymentId,
deploying: false,
deployments: [],
// Track whether user wants auto-scroll (per log pane)
_containerAutoScroll: true,
_buildAutoScroll: true,
_pollTimer: null,
init() {
this.deploying = Alpine.store("utils").isDeploying(this.appStatus);
this.fetchAll();
this._schedulePoll();
// Set up scroll listeners after DOM is ready
this.$nextTick(() => {
this._initScrollTracking(this.$refs.containerLogsWrapper, '_containerAutoScroll');
this._initScrollTracking(this.$refs.buildLogsWrapper, '_buildAutoScroll');
});
},
_schedulePoll() {
if (this._pollTimer) clearTimeout(this._pollTimer);
const interval = Alpine.store("utils").isDeploying(this.appStatus) ? 1000 : 10000;
this._pollTimer = setTimeout(() => {
this.fetchAll();
this._schedulePoll();
}, interval);
},
_initScrollTracking(el, flag) {
if (!el) return;
el.addEventListener('scroll', () => {
this[flag] = Alpine.store("utils").isScrolledToBottom(el);
}, { passive: true });
},
fetchAll() {
this.fetchAppStatus();
// Only fetch logs when the respective pane is visible
if (this.$refs.containerLogsWrapper && this._isElementVisible(this.$refs.containerLogsWrapper)) {
this.fetchContainerLogs();
}
if (this.showBuildLogs && this.$refs.buildLogsWrapper && this._isElementVisible(this.$refs.buildLogsWrapper)) {
this.fetchBuildLogs();
}
this.fetchRecentDeployments();
},
_isElementVisible(el) {
if (!el) return false;
// Check if element is in viewport (roughly)
const rect = el.getBoundingClientRect();
return rect.bottom > 0 && rect.top < window.innerHeight;
},
async fetchAppStatus() {
try {
const res = await fetch(`/apps/${this.appId}/status`);
const data = await res.json();
const wasDeploying = this.deploying;
this.appStatus = data.status;
this.deploying = Alpine.store("utils").isDeploying(data.status);
// Re-schedule polling when deployment state changes
if (this.deploying !== wasDeploying) {
this._schedulePoll();
}
if (
data.latestDeploymentID &&
data.latestDeploymentID !== this.currentDeploymentId
) {
this.currentDeploymentId = data.latestDeploymentID;
this.showBuildLogs = true;
this.fetchBuildLogs();
}
} catch (err) {
console.error("Status fetch error:", err);
}
},
async fetchContainerLogs() {
try {
const res = await fetch(`/apps/${this.appId}/container-logs`);
const data = await res.json();
const newLogs = data.logs || "No logs available";
const changed = newLogs !== this.containerLogs;
this.containerLogs = newLogs;
this.containerStatus = data.status;
if (changed && this._containerAutoScroll) {
this.$nextTick(() => {
Alpine.store("utils").scrollToBottom(this.$refs.containerLogsWrapper);
});
}
} catch (err) {
this.containerLogs = "Failed to fetch logs";
}
},
async fetchBuildLogs() {
if (!this.currentDeploymentId) return;
try {
const res = await fetch(
`/apps/${this.appId}/deployments/${this.currentDeploymentId}/logs`,
);
const data = await res.json();
const newLogs = data.logs || "No build logs available";
const changed = newLogs !== this.buildLogs;
this.buildLogs = newLogs;
this.buildStatus = data.status;
if (changed && this._buildAutoScroll) {
this.$nextTick(() => {
Alpine.store("utils").scrollToBottom(this.$refs.buildLogsWrapper);
});
}
} catch (err) {
this.buildLogs = "Failed to fetch logs";
}
},
async fetchRecentDeployments() {
try {
const res = await fetch(`/apps/${this.appId}/recent-deployments`);
const data = await res.json();
this.deployments = data.deployments || [];
} catch (err) {
console.error("Deployments fetch error:", err);
}
},
submitDeploy() {
this.deploying = true;
},
get statusBadgeClass() {
return Alpine.store("utils").statusBadgeClass(this.appStatus);
},
get statusLabel() {
return Alpine.store("utils").statusLabel(this.appStatus);
},
get containerStatusBadgeClass() {
return (
Alpine.store("utils").statusBadgeClass(this.containerStatus) +
" text-xs"
);
},
get containerStatusLabel() {
return Alpine.store("utils").statusLabel(this.containerStatus);
},
get buildStatusBadgeClass() {
return (
Alpine.store("utils").statusBadgeClass(this.buildStatus) + " text-xs"
);
},
get buildStatusLabel() {
return Alpine.store("utils").statusLabel(this.buildStatus);
},
deploymentStatusClass(status) {
return Alpine.store("utils").statusBadgeClass(status);
},
deploymentStatusLabel(status) {
return Alpine.store("utils").statusLabel(status);
},
formatTime(isoTime) {
return Alpine.store("utils").formatRelativeTime(isoTime);
},
}));
// ============================================
// Deployment Card Component (for individual deployment cards)
// ============================================
Alpine.data("deploymentCard", (config) => ({
appId: config.appId,
deploymentId: config.deploymentId,
logs: "",
status: config.status || "",
pollInterval: null,
_autoScroll: true,
init() {
// Read initial logs from script tag (avoids escaping issues)
const initialLogsEl = this.$el.querySelector(".initial-logs");
this.logs = initialLogsEl?.dataset.logs || "Loading...";
// Set up scroll tracking
this.$nextTick(() => {
const wrapper = this.$refs.logsWrapper;
if (wrapper) {
wrapper.addEventListener('scroll', () => {
this._autoScroll = Alpine.store("utils").isScrolledToBottom(wrapper);
}, { passive: true });
}
});
// Only poll if deployment is in progress
if (Alpine.store("utils").isDeploying(this.status)) {
this.fetchLogs();
this.pollInterval = setInterval(() => this.fetchLogs(), 1000);
}
},
destroy() {
if (this.pollInterval) {
clearInterval(this.pollInterval);
}
},
async fetchLogs() {
try {
const res = await fetch(
`/apps/${this.appId}/deployments/${this.deploymentId}/logs`,
);
const data = await res.json();
const newLogs = data.logs || "No logs available";
const logsChanged = newLogs !== this.logs;
this.logs = newLogs;
this.status = data.status;
// Scroll to bottom only when content changes AND user hasn't scrolled up
if (logsChanged && this._autoScroll) {
this.$nextTick(() => {
Alpine.store("utils").scrollToBottom(this.$refs.logsWrapper);
});
}
// Stop polling if deployment is done
if (!Alpine.store("utils").isDeploying(data.status)) {
if (this.pollInterval) {
clearInterval(this.pollInterval);
this.pollInterval = null;
}
// Reload page to show final state with duration etc
window.location.reload();
}
} catch (err) {
console.error("Logs fetch error:", err);
}
},
get statusBadgeClass() {
return Alpine.store("utils").statusBadgeClass(this.status);
},
get statusLabel() {
return Alpine.store("utils").statusLabel(this.status);
},
}));
// ============================================
// Deployments History Page Component
// ============================================
Alpine.data("deploymentsPage", (config) => ({
appId: config.appId,
currentDeploymentId: null,
isDeploying: false,
init() {
// Check for in-progress deployments on page load
const inProgressCard = document.querySelector(
'[data-status="building"], [data-status="deploying"]',
);
if (inProgressCard) {
this.currentDeploymentId = parseInt(
inProgressCard.getAttribute("data-deployment-id"),
10,
);
this.isDeploying = true;
}
this.fetchAppStatus();
this._scheduleStatusPoll();
},
_statusPollTimer: null,
_scheduleStatusPoll() {
if (this._statusPollTimer) clearTimeout(this._statusPollTimer);
const interval = this.isDeploying ? 1000 : 10000;
this._statusPollTimer = setTimeout(() => {
this.fetchAppStatus();
this._scheduleStatusPoll();
}, interval);
},
async fetchAppStatus() {
try {
const res = await fetch(`/apps/${this.appId}/status`);
const data = await res.json();
// Use deployment status, not app status - it's more reliable during transitions
const deploying = Alpine.store("utils").isDeploying(
data.latestDeploymentStatus,
);
// Detect new deployment
if (
data.latestDeploymentID &&
data.latestDeploymentID !== this.currentDeploymentId
) {
// Check if we have a card for this deployment
const hasCard = document.querySelector(
`[data-deployment-id="${data.latestDeploymentID}"]`,
);
if (deploying && !hasCard) {
// New deployment started but no card exists - reload to show it
window.location.reload();
return;
}
this.currentDeploymentId = data.latestDeploymentID;
}
// Update deploying state based on latest deployment status
if (deploying && !this.isDeploying) {
this.isDeploying = true;
this._scheduleStatusPoll(); // Switch to fast polling
} else if (!deploying && this.isDeploying) {
// Deployment finished - reload to show final state
this.isDeploying = false;
window.location.reload();
}
} catch (err) {
console.error("Status fetch error:", err);
}
},
submitDeploy() {
this.isDeploying = true;
},
formatTime(isoTime) {
return Alpine.store("utils").formatRelativeTime(isoTime);
},
}));
// ============================================
// Dashboard Page - Relative Time Updates
// ============================================
Alpine.data("dashboard", () => ({
init() {
// Update relative times every minute
setInterval(() => {
this.$el.querySelectorAll("[data-time]").forEach((el) => {
const time = el.getAttribute("data-time");
if (time) {
el.textContent = Alpine.store("utils").formatRelativeTime(time);
}
});
}, 60000);
},
}));
});
// ============================================
// Legacy support - expose utilities globally
// ============================================
window.upaas = {
// These are kept for backwards compatibility but templates should use Alpine.js
formatRelativeTime(dateStr) {
if (!dateStr) return "";
const date = new Date(dateStr);
const now = new Date();
const diffMs = now - date;
const diffSec = Math.floor(diffMs / 1000);
const diffMin = Math.floor(diffSec / 60);
const diffHour = Math.floor(diffMin / 60);
const diffDay = Math.floor(diffHour / 24);
if (diffSec < 60) return "just now";
if (diffMin < 60)
return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
if (diffHour < 24)
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
if (diffDay < 7)
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
return date.toLocaleDateString();
},
// Placeholder functions - templates should migrate to Alpine.js
initAppDetailPage() {},
initDeploymentsPage() {},
};
// Update relative times on page load for non-Alpine elements
document.addEventListener("DOMContentLoaded", () => {
document.querySelectorAll(".relative-time[data-time]").forEach((el) => {
const time = el.getAttribute("data-time");
if (time) {
el.textContent = window.upaas.formatRelativeTime(time);
}
});
});

71
static/js/components.js Normal file
View File

@@ -0,0 +1,71 @@
/**
* upaas - Reusable Alpine.js Components
*
* Small, self-contained components: copy button, confirm dialog,
* auto-dismiss alerts, and relative time display.
*/
document.addEventListener("alpine:init", () => {
// ============================================
// Copy Button Component
// ============================================
Alpine.data("copyButton", (targetId) => ({
copied: false,
async copy() {
const target = document.getElementById(targetId);
if (!target) return;
const text = target.textContent || target.value;
const success = await Alpine.store("utils").copyToClipboard(text);
if (success) {
this.copied = true;
setTimeout(() => {
this.copied = false;
}, 2000);
}
},
}));
// ============================================
// Confirm Action Component
// ============================================
Alpine.data("confirmAction", (message) => ({
confirm(event) {
if (!window.confirm(message)) {
event.preventDefault();
}
},
}));
// ============================================
// Auto-dismiss Alert Component
// ============================================
Alpine.data("autoDismiss", (delay = 5000) => ({
show: true,
init() {
setTimeout(() => {
this.dismiss();
}, delay);
},
dismiss() {
this.show = false;
setTimeout(() => {
this.$el.remove();
}, 300);
},
}));
// ============================================
// Relative Time Component
// ============================================
Alpine.data("relativeTime", (isoTime) => ({
display: "",
init() {
this.update();
// Update every minute
setInterval(() => this.update(), 60000);
},
update() {
this.display = Alpine.store("utils").formatRelativeTime(isoTime);
},
}));
});

22
static/js/dashboard.js Normal file
View File

@@ -0,0 +1,22 @@
/**
* upaas - Dashboard Page Component
*
* Periodically updates relative timestamps on the main dashboard.
*/
document.addEventListener("alpine:init", () => {
Alpine.data("dashboard", () => ({
init() {
// Update relative times every minute
setInterval(() => {
this.$el.querySelectorAll("[data-time]").forEach((el) => {
const time = el.getAttribute("data-time");
if (time) {
el.textContent =
Alpine.store("utils").formatRelativeTime(time);
}
});
}, 60000);
},
}));
});

185
static/js/deployment.js Normal file
View File

@@ -0,0 +1,185 @@
/**
* upaas - Deployment Components
*
* Deployment card (individual deployment log viewer) and
* deployments history page (list of all deployments).
*/
document.addEventListener("alpine:init", () => {
// ============================================
// Deployment Card Component (for individual deployment cards)
// ============================================
Alpine.data("deploymentCard", (config) => ({
appId: config.appId,
deploymentId: config.deploymentId,
logs: "",
status: config.status || "",
pollInterval: null,
_autoScroll: true,
init() {
// Read initial logs from script tag (avoids escaping issues)
const initialLogsEl = this.$el.querySelector(".initial-logs");
this.logs = initialLogsEl?.dataset.logs || "Loading...";
// Set up scroll tracking
this.$nextTick(() => {
const wrapper = this.$refs.logsWrapper;
if (wrapper) {
wrapper.addEventListener(
"scroll",
() => {
this._autoScroll =
Alpine.store("utils").isScrolledToBottom(
wrapper,
);
},
{ passive: true },
);
}
});
// Only poll if deployment is in progress
if (Alpine.store("utils").isDeploying(this.status)) {
this.fetchLogs();
this.pollInterval = setInterval(() => this.fetchLogs(), 1000);
}
},
destroy() {
if (this.pollInterval) {
clearInterval(this.pollInterval);
}
},
async fetchLogs() {
try {
const res = await fetch(
`/apps/${this.appId}/deployments/${this.deploymentId}/logs`,
);
const data = await res.json();
const newLogs = data.logs || "No logs available";
const logsChanged = newLogs !== this.logs;
this.logs = newLogs;
this.status = data.status;
// Scroll to bottom only when content changes AND user hasn't scrolled up
if (logsChanged && this._autoScroll) {
this.$nextTick(() => {
Alpine.store("utils").scrollToBottom(
this.$refs.logsWrapper,
);
});
}
// Stop polling if deployment is done
if (!Alpine.store("utils").isDeploying(data.status)) {
if (this.pollInterval) {
clearInterval(this.pollInterval);
this.pollInterval = null;
}
// Reload page to show final state with duration etc
window.location.reload();
}
} catch (err) {
console.error("Logs fetch error:", err);
}
},
get statusBadgeClass() {
return Alpine.store("utils").statusBadgeClass(this.status);
},
get statusLabel() {
return Alpine.store("utils").statusLabel(this.status);
},
}));
// ============================================
// Deployments History Page Component
// ============================================
Alpine.data("deploymentsPage", (config) => ({
appId: config.appId,
currentDeploymentId: null,
isDeploying: false,
init() {
// Check for in-progress deployments on page load
const inProgressCard = document.querySelector(
'[data-status="building"], [data-status="deploying"]',
);
if (inProgressCard) {
this.currentDeploymentId = parseInt(
inProgressCard.getAttribute("data-deployment-id"),
10,
);
this.isDeploying = true;
}
this.fetchAppStatus();
this._scheduleStatusPoll();
},
_statusPollTimer: null,
_scheduleStatusPoll() {
if (this._statusPollTimer) clearTimeout(this._statusPollTimer);
const interval = this.isDeploying ? 1000 : 10000;
this._statusPollTimer = setTimeout(() => {
this.fetchAppStatus();
this._scheduleStatusPoll();
}, interval);
},
async fetchAppStatus() {
try {
const res = await fetch(`/apps/${this.appId}/status`);
const data = await res.json();
// Use deployment status, not app status - it's more reliable during transitions
const deploying = Alpine.store("utils").isDeploying(
data.latestDeploymentStatus,
);
// Detect new deployment
if (
data.latestDeploymentID &&
data.latestDeploymentID !== this.currentDeploymentId
) {
// Check if we have a card for this deployment
const hasCard = document.querySelector(
`[data-deployment-id="${data.latestDeploymentID}"]`,
);
if (deploying && !hasCard) {
// New deployment started but no card exists - reload to show it
window.location.reload();
return;
}
this.currentDeploymentId = data.latestDeploymentID;
}
// Update deploying state based on latest deployment status
if (deploying && !this.isDeploying) {
this.isDeploying = true;
this._scheduleStatusPoll(); // Switch to fast polling
} else if (!deploying && this.isDeploying) {
// Deployment finished - reload to show final state
this.isDeploying = false;
window.location.reload();
}
} catch (err) {
console.error("Status fetch error:", err);
}
},
submitDeploy() {
this.isDeploying = true;
},
formatTime(isoTime) {
return Alpine.store("utils").formatRelativeTime(isoTime);
},
}));
});

148
static/js/utils.js Normal file
View File

@@ -0,0 +1,148 @@
/**
* upaas - Global Utilities Store
*
* Shared formatting, status helpers, and clipboard utilities used across all pages.
*/
document.addEventListener("alpine:init", () => {
Alpine.store("utils", {
/**
* Format a date string as relative time (e.g., "5 minutes ago")
*/
formatRelativeTime(dateStr) {
if (!dateStr) return "";
const date = new Date(dateStr);
const now = new Date();
const diffMs = now - date;
const diffSec = Math.floor(diffMs / 1000);
const diffMin = Math.floor(diffSec / 60);
const diffHour = Math.floor(diffMin / 60);
const diffDay = Math.floor(diffHour / 24);
if (diffSec < 60) return "just now";
if (diffMin < 60)
return (
diffMin + (diffMin === 1 ? " minute ago" : " minutes ago")
);
if (diffHour < 24)
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
if (diffDay < 7)
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
return date.toLocaleDateString();
},
/**
* Get the badge class for a given status
*/
statusBadgeClass(status) {
if (status === "running" || status === "success")
return "badge-success";
if (status === "building" || status === "deploying")
return "badge-warning";
if (status === "failed" || status === "error") return "badge-error";
return "badge-neutral";
},
/**
* Format status for display (capitalize first letter)
*/
statusLabel(status) {
if (!status) return "";
return status.charAt(0).toUpperCase() + status.slice(1);
},
/**
* Check if status indicates active deployment
*/
isDeploying(status) {
return status === "building" || status === "deploying";
},
/**
* Scroll an element to the bottom
*/
scrollToBottom(el) {
if (el) {
requestAnimationFrame(() => {
el.scrollTop = el.scrollHeight;
});
}
},
/**
* Check if a scrollable element is at (or near) the bottom.
* Tolerance of 30px accounts for rounding and partial lines.
*/
isScrolledToBottom(el, tolerance = 30) {
if (!el) return true;
return (
el.scrollHeight - el.scrollTop - el.clientHeight <= tolerance
);
},
/**
* Copy text to clipboard
*/
async copyToClipboard(text, button) {
try {
await navigator.clipboard.writeText(text);
return true;
} catch (err) {
// Fallback for older browsers
const textArea = document.createElement("textarea");
textArea.value = text;
textArea.style.position = "fixed";
textArea.style.left = "-9999px";
document.body.appendChild(textArea);
textArea.select();
try {
document.execCommand("copy");
document.body.removeChild(textArea);
return true;
} catch (e) {
document.body.removeChild(textArea);
return false;
}
}
},
});
});
// ============================================
// Legacy support - expose utilities globally
// ============================================
window.upaas = {
// These are kept for backwards compatibility but templates should use Alpine.js
formatRelativeTime(dateStr) {
if (!dateStr) return "";
const date = new Date(dateStr);
const now = new Date();
const diffMs = now - date;
const diffSec = Math.floor(diffMs / 1000);
const diffMin = Math.floor(diffSec / 60);
const diffHour = Math.floor(diffMin / 60);
const diffDay = Math.floor(diffHour / 24);
if (diffSec < 60) return "just now";
if (diffMin < 60)
return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
if (diffHour < 24)
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
if (diffDay < 7)
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
return date.toLocaleDateString();
},
// Placeholder functions - templates should migrate to Alpine.js
initAppDetailPage() {},
initDeploymentsPage() {},
};
// Update relative times on page load for non-Alpine elements
document.addEventListener("DOMContentLoaded", () => {
document.querySelectorAll(".relative-time[data-time]").forEach((el) => {
const time = el.getAttribute("data-time");
if (time) {
el.textContent = window.upaas.formatRelativeTime(time);
}
});
});

54
templates/app_detail.html
View File

@@ -77,7 +77,10 @@
<!-- Webhook URL --> <!-- Webhook URL -->
<div class="card p-6 mb-6"> <div class="card p-6 mb-6">
<h2 class="section-title mb-4">Webhook URL</h2> <div class="flex items-center justify-between mb-4">
<h2 class="section-title">Webhook URL</h2>
<a href="/apps/{{.App.ID}}/webhooks" class="text-primary-600 hover:text-primary-800 text-sm">Event History</a>
</div>
<p class="text-sm text-gray-500 mb-3">Add this URL as a push webhook in your Gitea repository:</p> <p class="text-sm text-gray-500 mb-3">Add this URL as a push webhook in your Gitea repository:</p>
<div class="copy-field" x-data="copyButton('webhook-url')"> <div class="copy-field" x-data="copyButton('webhook-url')">
<code id="webhook-url" class="copy-field-value text-xs">{{.WebhookURL}}</code> <code id="webhook-url" class="copy-field-value text-xs">{{.WebhookURL}}</code>
@@ -98,9 +101,10 @@
</div> </div>
<!-- Environment Variables --> <!-- Environment Variables -->
<div class="card p-6 mb-6"> <div class="card p-6 mb-6" x-data="envVarEditor('{{.App.ID}}')">
<h2 class="section-title mb-4">Environment Variables</h2> <h2 class="section-title mb-4">Environment Variables</h2>
{{if .EnvVars}} {{range .EnvVars}}<span class="env-init hidden" data-key="{{.Key}}" data-value="{{.Value}}"></span>{{end}}
<template x-if="vars.length > 0">
<div class="overflow-x-auto mb-4"> <div class="overflow-x-auto mb-4">
<table class="table"> <table class="table">
<thead class="table-header"> <thead class="table-header">
@@ -111,47 +115,43 @@
</tr> </tr>
</thead> </thead>
<tbody class="table-body"> <tbody class="table-body">
{{range .EnvVars}} <template x-for="(env, idx) in vars" :key="idx">
<tr x-data="{ editing: false }"> <tr>
<template x-if="!editing"> <template x-if="editIdx !== idx">
<td class="font-mono font-medium">{{.Key}}</td> <td class="font-mono font-medium" x-text="env.key"></td>
</template> </template>
<template x-if="!editing"> <template x-if="editIdx !== idx">
<td class="font-mono text-gray-500">{{.Value}}</td> <td class="font-mono text-gray-500" x-text="env.value"></td>
</template> </template>
<template x-if="!editing"> <template x-if="editIdx !== idx">
<td class="text-right"> <td class="text-right">
<button @click="editing = true" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button> <button @click="startEdit(idx)" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button>
<form method="POST" action="/apps/{{$.App.ID}}/env-vars/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this environment variable?')" @submit="confirm($event)"> <button @click="removeVar(idx)" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
{{ $.CSRFField }}
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
</form>
</td> </td>
</template> </template>
<template x-if="editing"> <template x-if="editIdx === idx">
<td colspan="3"> <td colspan="3">
<form method="POST" action="/apps/{{$.App.ID}}/env-vars/{{.ID}}/edit" class="flex gap-2 items-center"> <form @submit.prevent="saveEdit(idx)" class="flex gap-2 items-center">
{{ $.CSRFField }} <input type="text" x-model="editKey" required class="input flex-1 font-mono text-sm">
<input type="text" name="key" value="{{.Key}}" required class="input flex-1 font-mono text-sm"> <input type="text" x-model="editVal" required class="input flex-1 font-mono text-sm">
<input type="text" name="value" value="{{.Value}}" required class="input flex-1 font-mono text-sm">
<button type="submit" class="btn-primary text-sm">Save</button> <button type="submit" class="btn-primary text-sm">Save</button>
<button type="button" @click="editing = false" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button> <button type="button" @click="editIdx = -1" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button>
</form> </form>
<p class="text-xs text-amber-600 mt-1">⚠ Container restart needed after env var changes.</p> <p class="text-xs text-amber-600 mt-1">⚠ Container restart needed after env var changes.</p>
</td> </td>
</template> </template>
</tr> </tr>
{{end}} </template>
</tbody> </tbody>
</table> </table>
</div> </div>
{{end}} </template>
<form method="POST" action="/apps/{{.App.ID}}/env" class="flex flex-col sm:flex-row gap-2"> <form @submit.prevent="addVar($refs.newKey, $refs.newVal)" class="flex flex-col sm:flex-row gap-2">
{{ .CSRFField }} <input x-ref="newKey" type="text" placeholder="KEY" required class="input flex-1 font-mono text-sm">
<input type="text" name="key" placeholder="KEY" required class="input flex-1 font-mono text-sm"> <input x-ref="newVal" type="text" placeholder="value" required class="input flex-1 font-mono text-sm">
<input type="text" name="value" placeholder="value" required class="input flex-1 font-mono text-sm">
<button type="submit" class="btn-primary">Add</button> <button type="submit" class="btn-primary">Add</button>
</form> </form>
<div class="hidden">{{ .CSRFField }}</div>
</div> </div>
<!-- Labels --> <!-- Labels -->

6
templates/base.html
View File

@@ -15,7 +15,11 @@
</div> </div>
{{template "footer" .}} {{template "footer" .}}
<script defer src="/s/js/alpine.min.js"></script> <script defer src="/s/js/alpine.min.js"></script>
<script src="/s/js/app.js"></script> <script src="/s/js/utils.js"></script>
<script src="/s/js/components.js"></script>
<script src="/s/js/app-detail.js"></script>
<script src="/s/js/deployment.js"></script>
<script src="/s/js/dashboard.js"></script>
</body> </body>
</html> </html>
{{end}} {{end}}

2
templates/dashboard.html
View File

@@ -69,7 +69,7 @@
<a href="/apps/{{.App.ID}}" class="btn-text text-sm py-1 px-2">View</a> <a href="/apps/{{.App.ID}}" class="btn-text text-sm py-1 px-2">View</a>
<a href="/apps/{{.App.ID}}/edit" class="btn-secondary text-sm py-1 px-2">Edit</a> <a href="/apps/{{.App.ID}}/edit" class="btn-secondary text-sm py-1 px-2">Edit</a>
<form method="POST" action="/apps/{{.App.ID}}/deploy" class="inline"> <form method="POST" action="/apps/{{.App.ID}}/deploy" class="inline">
{{ .CSRFField }} {{ $.CSRFField }}
<button type="submit" class="btn-success text-sm py-1 px-2">Deploy</button> <button type="submit" class="btn-success text-sm py-1 px-2">Deploy</button>
</form> </form>
</div> </div>

1
templates/templates.go
View File

@@ -44,6 +44,7 @@ func initTemplates() {
"app_detail.html", "app_detail.html",
"app_edit.html", "app_edit.html",
"deployments.html", "deployments.html",
"webhook_events.html",
} }
pageTemplates = make(map[string]*template.Template) pageTemplates = make(map[string]*template.Template)

79
templates/webhook_events.html Normal file
View File

@@ -0,0 +1,79 @@
{{template "base" .}}
{{define "title"}}Webhook Events - {{.App.Name}} - µPaaS{{end}}
{{define "content"}}
{{template "nav" .}}
<main class="max-w-4xl mx-auto px-4 py-8">
<div class="mb-6">
<a href="/apps/{{.App.ID}}" class="text-primary-600 hover:text-primary-800 inline-flex items-center">
<svg class="w-4 h-4 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 19l-7-7 7-7"/>
</svg>
Back to {{.App.Name}}
</a>
</div>
<div class="section-header">
<h1 class="text-2xl font-medium text-gray-900">Webhook Events</h1>
</div>
{{if .Events}}
<div class="card overflow-hidden">
<table class="table">
<thead class="table-header">
<tr>
<th>Time</th>
<th>Event</th>
<th>Branch</th>
<th>Commit</th>
<th>Status</th>
</tr>
</thead>
<tbody class="table-body">
{{range .Events}}
<tr>
<td class="text-gray-500 text-sm whitespace-nowrap">
<span x-data="relativeTime('{{.CreatedAt.Format `2006-01-02T15:04:05Z07:00`}}')" x-text="display" class="cursor-default" title="{{.CreatedAt.Format `2006-01-02 15:04:05`}}"></span>
</td>
<td class="text-gray-700 text-sm">{{.EventType}}</td>
<td class="font-mono text-gray-500 text-sm">{{.Branch}}</td>
<td class="font-mono text-gray-500 text-xs">
{{if and .CommitSHA.Valid .CommitURL.Valid}}
<a href="{{.CommitURL.String}}" target="_blank" rel="noopener noreferrer" class="text-primary-600 hover:text-primary-800">{{.ShortCommit}}</a>
{{else if .CommitSHA.Valid}}
{{.ShortCommit}}
{{else}}
<span class="text-gray-400">-</span>
{{end}}
</td>
<td>
{{if .Matched}}
{{if .Processed}}
<span class="badge-success">Matched</span>
{{else}}
<span class="badge-warning">Matched (pending)</span>
{{end}}
{{else}}
<span class="badge-neutral">No match</span>
{{end}}
</td>
</tr>
{{end}}
</tbody>
</table>
</div>
{{else}}
<div class="card">
<div class="empty-state">
<svg class="empty-state-icon" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M13 10V3L4 14h7v7l9-11h-7z"/>
</svg>
<h3 class="empty-state-title">No webhook events yet</h3>
<p class="empty-state-description">Webhook events will appear here once your repository sends push notifications.</p>
</div>
</div>
{{end}}
</main>
{{end}}