Compare commits
1 Commits
main
...
067cb86124
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
067cb86124 |
@@ -13,4 +13,4 @@ jobs:
|
|||||||
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4, 2024-10-13
|
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4, 2024-10-13
|
||||||
|
|
||||||
- name: Build (runs make check inside Dockerfile)
|
- name: Build (runs make check inside Dockerfile)
|
||||||
run: script/cibuild
|
run: docker build .
|
||||||
|
|||||||
30
Makefile
30
Makefile
@@ -1,4 +1,4 @@
|
|||||||
.PHONY: all bootstrap setup build lint fmt fmt-check test check clean docker hooks
|
.PHONY: all build lint fmt fmt-check test check clean docker hooks
|
||||||
|
|
||||||
BINARY := upaasd
|
BINARY := upaasd
|
||||||
VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
|
VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
|
||||||
@@ -7,37 +7,37 @@ LDFLAGS := -X main.Version=$(VERSION) -X main.Buildarch=$(BUILDARCH)
|
|||||||
|
|
||||||
all: check build
|
all: check build
|
||||||
|
|
||||||
bootstrap:
|
|
||||||
@script/bootstrap
|
|
||||||
|
|
||||||
setup:
|
|
||||||
@script/setup
|
|
||||||
|
|
||||||
build:
|
build:
|
||||||
go build -ldflags "$(LDFLAGS)" -o bin/$(BINARY) ./cmd/upaasd
|
go build -ldflags "$(LDFLAGS)" -o bin/$(BINARY) ./cmd/upaasd
|
||||||
|
|
||||||
lint:
|
lint:
|
||||||
@script/lint
|
golangci-lint run --config .golangci.yml ./...
|
||||||
|
|
||||||
fmt:
|
fmt:
|
||||||
@script/fmt
|
gofmt -s -w .
|
||||||
|
goimports -w .
|
||||||
|
npx prettier --write --tab-width 4 static/js/*.js
|
||||||
|
|
||||||
fmt-check:
|
fmt-check:
|
||||||
@script/fmt-check
|
@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)
|
||||||
|
|
||||||
test:
|
test:
|
||||||
@script/test
|
go test -v -race -cover -timeout 30s ./...
|
||||||
|
|
||||||
# Check runs all validation without making changes
|
# Check runs all validation without making changes
|
||||||
# Used by CI and Docker build - fails if anything is wrong
|
# Used by CI and Docker build - fails if anything is wrong
|
||||||
check:
|
check: fmt-check lint test
|
||||||
@script/check
|
@echo "==> All checks passed!"
|
||||||
|
|
||||||
docker:
|
docker:
|
||||||
@script/docker
|
docker build .
|
||||||
|
|
||||||
hooks:
|
hooks:
|
||||||
@script/install-precommit
|
@echo "Installing pre-commit hook..."
|
||||||
|
@mkdir -p .git/hooks
|
||||||
|
@printf '#!/bin/sh\nmake check\n' > .git/hooks/pre-commit
|
||||||
|
@chmod +x .git/hooks/pre-commit
|
||||||
|
@echo "Pre-commit hook installed."
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -rf bin/
|
rm -rf bin/
|
||||||
|
|||||||
41
README.md
41
README.md
@@ -1,14 +1,14 @@
|
|||||||
# µPaaS by [@sneak](https://sneak.berlin)
|
# µPaaS by [@sneak](https://sneak.berlin)
|
||||||
|
|
||||||
A simple self-hosted PaaS that auto-deploys Docker containers from Git repositories via webhooks from Gitea, GitHub, or GitLab.
|
A simple self-hosted PaaS that auto-deploys Docker containers from Git repositories via Gitea webhooks.
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- Single admin user with argon2id password hashing
|
- Single admin user with argon2id password hashing
|
||||||
- Per-app SSH keypairs for read-only deploy keys
|
- Per-app SSH keypairs for read-only deploy keys
|
||||||
- Per-app UUID-based webhook URLs with auto-detection of Gitea, GitHub, and GitLab
|
- Per-app UUID-based webhook URLs for Gitea integration
|
||||||
- Branch filtering - only deploy on configured branch changes
|
- Branch filtering - only deploy on configured branch changes
|
||||||
- Environment variables, labels, and volume mounts per app
|
- Environment variables, labels, volume mounts, and custom health checks per app
|
||||||
- CPU and memory resource limits per app
|
- CPU and memory resource limits per app
|
||||||
- Docker builds via socket access
|
- Docker builds via socket access
|
||||||
- Notifications via ntfy and Slack-compatible webhooks
|
- Notifications via ntfy and Slack-compatible webhooks
|
||||||
@@ -20,7 +20,7 @@ A simple self-hosted PaaS that auto-deploys Docker containers from Git repositor
|
|||||||
- Complex CI pipelines
|
- Complex CI pipelines
|
||||||
- Multiple container orchestration
|
- Multiple container orchestration
|
||||||
- SPA/API-first design
|
- SPA/API-first design
|
||||||
- Support for non-push webhook events (e.g. issues, merge requests)
|
- Support for non-Gitea webhooks
|
||||||
|
|
||||||
## Architecture
|
## Architecture
|
||||||
|
|
||||||
@@ -45,7 +45,7 @@ upaas/
|
|||||||
│ │ ├── auth/ # Authentication service
|
│ │ ├── auth/ # Authentication service
|
||||||
│ │ ├── deploy/ # Deployment orchestration
|
│ │ ├── deploy/ # Deployment orchestration
|
||||||
│ │ ├── notify/ # Notifications (ntfy, Slack)
|
│ │ ├── notify/ # Notifications (ntfy, Slack)
|
||||||
│ │ └── webhook/ # Webhook processing (Gitea, GitHub, GitLab)
|
│ │ └── webhook/ # Gitea webhook processing
|
||||||
│ └── ssh/ # SSH key generation
|
│ └── ssh/ # SSH key generation
|
||||||
├── static/ # Embedded CSS/JS assets
|
├── static/ # Embedded CSS/JS assets
|
||||||
└── templates/ # Embedded HTML templates
|
└── templates/ # Embedded HTML templates
|
||||||
@@ -100,31 +100,6 @@ chi Router ──► Middleware Stack ──► Handler
|
|||||||
- **Async deployments**: Webhook triggers deploy via goroutine with `context.WithoutCancel()`
|
- **Async deployments**: Webhook triggers deploy via goroutine with `context.WithoutCancel()`
|
||||||
- **Embedded assets**: Templates and static files embedded via `//go:embed`
|
- **Embedded assets**: Templates and static files embedded via `//go:embed`
|
||||||
|
|
||||||
## Entrypoints
|
|
||||||
|
|
||||||
This repository adheres to the
|
|
||||||
[Scripts to Rule Them All](https://github.com/github/scripts-to-rule-them-all)
|
|
||||||
standard: normalized scripts in `script/` are the entrypoints for the
|
|
||||||
development workflow, and the Makefile targets are thin shims that call
|
|
||||||
them. We provide:
|
|
||||||
|
|
||||||
- `script/bootstrap` — install all dependencies (idempotent)
|
|
||||||
- `script/setup` — make a fresh clone ready for development
|
|
||||||
(bootstrap, then install-precommit)
|
|
||||||
- `script/projectname` — output the project name ("upaas")
|
|
||||||
- `script/test` — run the test suite
|
|
||||||
- `script/lint` — run golangci-lint
|
|
||||||
- `script/fmt` — format all code (writes)
|
|
||||||
- `script/fmt-check` — check formatting (read-only)
|
|
||||||
- `script/check` — run test, lint, and fmt-check
|
|
||||||
- `script/docker` — build the Docker image tagged via `script/projectname`
|
|
||||||
- `script/cibuild` — CI entrypoint: `docker build .` (the Dockerfile
|
|
||||||
runs the checks, so a green build implies a green repo)
|
|
||||||
- `script/precommit` — pre-commit checks (`go mod tidy` guard, then
|
|
||||||
`script/check`)
|
|
||||||
- `script/install-precommit` — install the git pre-commit hook that
|
|
||||||
runs `script/precommit`
|
|
||||||
|
|
||||||
## Development
|
## Development
|
||||||
|
|
||||||
### Prerequisites
|
### Prerequisites
|
||||||
@@ -136,16 +111,14 @@ them. We provide:
|
|||||||
### Commands
|
### Commands
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
make bootstrap # Install all dependencies (idempotent)
|
|
||||||
make setup # Bootstrap + install git pre-commit hook
|
|
||||||
make fmt # Format code
|
make fmt # Format code
|
||||||
make fmt-check # Check formatting (read-only, fails if unformatted)
|
make fmt-check # Check formatting (read-only, fails if unformatted)
|
||||||
make lint # Run comprehensive linting
|
make lint # Run comprehensive linting
|
||||||
make test # Run tests with race detection (30s timeout)
|
make test # Run tests with race detection (30s timeout)
|
||||||
make check # Verify everything passes (test, lint, fmt-check)
|
make check # Verify everything passes (fmt-check, lint, test)
|
||||||
make build # Build binary
|
make build # Build binary
|
||||||
make docker # Build Docker image
|
make docker # Build Docker image
|
||||||
make hooks # Install pre-commit hook (runs script/precommit)
|
make hooks # Install pre-commit hook (runs make check)
|
||||||
```
|
```
|
||||||
|
|
||||||
### Commit Requirements
|
### Commit Requirements
|
||||||
|
|||||||
250
REPO_POLICIES.md
250
REPO_POLICIES.md
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Repository Policies
|
title: Repository Policies
|
||||||
last_modified: 2026-07-06
|
last_modified: 2026-02-22
|
||||||
---
|
---
|
||||||
|
|
||||||
This document covers repository structure, tooling, and workflow standards. Code
|
This document covers repository structure, tooling, and workflow standards. Code
|
||||||
@@ -34,46 +34,10 @@ style conventions are in separate documents:
|
|||||||
every file before committing. There are zero exceptions to this rule.
|
every file before committing. There are zero exceptions to this rule.
|
||||||
|
|
||||||
- Every repo with software must have a root `Makefile` with these targets:
|
- Every repo with software must have a root `Makefile` with these targets:
|
||||||
`make bootstrap`, `make setup`, `make test`, `make lint`, `make fmt` (writes),
|
`make test`, `make lint`, `make fmt` (writes), `make fmt-check` (read-only),
|
||||||
`make fmt-check` (read-only), `make check` (runs `test`, `lint`, `fmt-check`),
|
`make check` (prereqs: `test`, `lint`, `fmt-check`), `make docker`, and
|
||||||
`make docker`, and `make hooks` (installs pre-commit hook). A model Makefile
|
`make hooks` (installs pre-commit hook). A model Makefile is at
|
||||||
is at `https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`.
|
`https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`.
|
||||||
|
|
||||||
- Repos follow the
|
|
||||||
[Scripts to Rule Them All](https://github.com/github/scripts-to-rule-them-all)
|
|
||||||
pattern: the implementation of each Makefile target lives in an executable
|
|
||||||
script in `script/` (`script/bootstrap`, `script/setup`, `script/test`,
|
|
||||||
`script/lint`, `script/fmt`, `script/fmt-check`, `script/check`,
|
|
||||||
`script/docker`), and the Makefile targets are thin shims that call them. The
|
|
||||||
scripts must be POSIX sh (`#!/bin/sh`, `set -eu`, no bashisms) so they run in
|
|
||||||
minimal containers (e.g. alpine images have no bash); locate the repo root
|
|
||||||
with `$(cd "$(dirname "$0")/.." && pwd -P)` and `cd` there before acting. From
|
|
||||||
the standard's canonical set we use `bootstrap`, `setup` (make the repo ready
|
|
||||||
for development after a fresh clone: runs `bootstrap`, then
|
|
||||||
`install-precommit`, plus any repo-specific initialization), `test`, and
|
|
||||||
`cibuild`. `script/bootstrap` installs all dependencies idempotently and
|
|
||||||
assumes nothing is present: base tools come from nix, apt, brew, or apk
|
|
||||||
(detected in that order; apt runs noninteractive). For node it uses the
|
|
||||||
installed node if present; otherwise it installs a PINNED node version via
|
|
||||||
nvm, first installing nvm itself if missing — from a hash-verified GitHub
|
|
||||||
release archive (never `curl | sh`), with bash installed as an explicit
|
|
||||||
prerequisite since nvm requires bash. yarn is then pinned via
|
|
||||||
`corepack prepare yarn@<version> --activate`. Never install "latest" or "lts";
|
|
||||||
always exact versions. `script/cibuild` runs the CI build: it changes to the
|
|
||||||
repo root and runs `docker build .`; the Gitea workflow calls it. Four further
|
|
||||||
scripts are our own extensions to the standard: `script/check` runs
|
|
||||||
`script/test`, `script/lint`, and `script/fmt-check`; `script/precommit` is
|
|
||||||
what the git pre-commit hook runs, and it calls `script/check`;
|
|
||||||
`script/install-precommit` installs the git pre-commit hook (the `make hooks`
|
|
||||||
target shims to it); and `script/projectname` (literally that filename) simply
|
|
||||||
outputs the project's name. Scripts that need the name call
|
|
||||||
`script/projectname` — e.g. `script/docker` assembles its image tag from it —
|
|
||||||
so those scripts stay byte-identical across all repos. Repo-type-specific
|
|
||||||
pre-commit extras (e.g. `go mod tidy` verification in Go repos) belong in
|
|
||||||
`script/precommit`, not in the hook itself. Model scripts are at
|
|
||||||
`https://git.eeqj.de/sneak/prompts/raw/branch/main/script/<name>`. The README
|
|
||||||
must document the provided scripts in an **Entrypoints** section (see the
|
|
||||||
README requirements below).
|
|
||||||
|
|
||||||
- Always use Makefile targets (`make fmt`, `make test`, `make lint`, etc.)
|
- Always use Makefile targets (`make fmt`, `make test`, `make lint`, etc.)
|
||||||
instead of invoking the underlying tools directly. The Makefile is the single
|
instead of invoking the underlying tools directly. The Makefile is the single
|
||||||
@@ -93,83 +57,11 @@ style conventions are in separate documents:
|
|||||||
as a build step so the build fails if the branch is not green. For non-server
|
as a build step so the build fails if the branch is not green. For non-server
|
||||||
repos, the Dockerfile should bring up a development environment and run
|
repos, the Dockerfile should bring up a development environment and run
|
||||||
`make check`. For server repos, `make check` should run as an early build
|
`make check`. For server repos, `make check` should run as an early build
|
||||||
stage before the final image is assembled. Dockerfiles install development
|
stage before the final image is assembled.
|
||||||
prerequisites by running `script/bootstrap` rather than duplicating installs
|
|
||||||
inline; COPY `script/` and the dependency manifests (`package.json` +
|
|
||||||
`yarn.lock`, `go.mod` + `go.sum`, etc.) before running it so the bootstrap
|
|
||||||
layer stays cached until dependencies change.
|
|
||||||
|
|
||||||
- **Dockerfiles must use a separate lint stage for fail-fast feedback.** Go
|
|
||||||
repos use a multistage build where linting runs in an independent stage based
|
|
||||||
on the `golangci/golangci-lint` image (pinned by hash). This stage runs
|
|
||||||
`make fmt-check` and `make lint` before the full build begins. The build stage
|
|
||||||
then declares an explicit dependency on the lint stage via
|
|
||||||
`COPY --from=lint /src/go.sum /dev/null`, which forces BuildKit to complete
|
|
||||||
linting before proceeding to compilation and tests. This ensures lint failures
|
|
||||||
surface in seconds rather than minutes, without blocking on dependency
|
|
||||||
download or compilation in the build stage.
|
|
||||||
|
|
||||||
The standard pattern for a Go repo Dockerfile is:
|
|
||||||
|
|
||||||
```dockerfile
|
|
||||||
# Lint stage — fast feedback on formatting and lint issues
|
|
||||||
# golangci/golangci-lint:v2.x.x, YYYY-MM-DD
|
|
||||||
FROM golangci/golangci-lint@sha256:... AS lint
|
|
||||||
WORKDIR /src
|
|
||||||
COPY go.mod go.sum ./
|
|
||||||
RUN go mod download
|
|
||||||
COPY . .
|
|
||||||
RUN make fmt-check
|
|
||||||
RUN make lint
|
|
||||||
|
|
||||||
# Build stage
|
|
||||||
# golang:1.x-alpine, YYYY-MM-DD
|
|
||||||
FROM golang@sha256:... AS builder
|
|
||||||
WORKDIR /src
|
|
||||||
|
|
||||||
# Force BuildKit to run the lint stage before proceeding
|
|
||||||
COPY --from=lint /src/go.sum /dev/null
|
|
||||||
|
|
||||||
COPY go.mod go.sum ./
|
|
||||||
RUN go mod download
|
|
||||||
COPY . .
|
|
||||||
RUN make test
|
|
||||||
|
|
||||||
ARG VERSION=dev
|
|
||||||
RUN CGO_ENABLED=0 go build -trimpath \
|
|
||||||
-ldflags="-s -w -X main.Version=${VERSION}" \
|
|
||||||
-o /app ./cmd/app/
|
|
||||||
|
|
||||||
# Runtime stage
|
|
||||||
FROM alpine@sha256:...
|
|
||||||
COPY --from=builder /app /usr/local/bin/app
|
|
||||||
ENTRYPOINT ["app"]
|
|
||||||
```
|
|
||||||
|
|
||||||
Key points:
|
|
||||||
- The lint stage uses the `golangci/golangci-lint` image directly (it
|
|
||||||
includes both Go and the linter), so there is no need to install the
|
|
||||||
linter separately.
|
|
||||||
- `COPY --from=lint /src/go.sum /dev/null` is a no-op file copy that creates
|
|
||||||
a stage dependency. BuildKit runs stages in parallel by default; without
|
|
||||||
this line, the build stage would not wait for lint to finish and a lint
|
|
||||||
failure might not fail the overall build.
|
|
||||||
- If the project uses `//go:embed` directives that reference build artifacts
|
|
||||||
(e.g. a web frontend compiled in a separate stage), the lint stage must
|
|
||||||
create placeholder files so the embed directives resolve. Example:
|
|
||||||
`RUN mkdir -p web/dist && touch web/dist/index.html web/dist/style.css`.
|
|
||||||
The lint stage should not depend on the actual build output — it exists to
|
|
||||||
fail fast.
|
|
||||||
- If the project requires CGO or system libraries for linting (e.g.
|
|
||||||
`vips-dev`), install them in the lint stage with `apk add`.
|
|
||||||
- The build stage runs `make test` after compilation setup. Tests run in the
|
|
||||||
build stage, not the lint stage, because they may require compiled
|
|
||||||
artifacts or heavier dependencies.
|
|
||||||
|
|
||||||
- Every repo should have a Gitea Actions workflow (`.gitea/workflows/`) that
|
- Every repo should have a Gitea Actions workflow (`.gitea/workflows/`) that
|
||||||
runs `script/cibuild` (which runs `docker build .`) on push. Since the
|
runs `docker build .` on push. Since the Dockerfile already runs `make check`,
|
||||||
Dockerfile already runs `make check`, a successful build implies all checks
|
a successful build implies all checks pass.
|
||||||
pass.
|
|
||||||
|
|
||||||
- Use platform-standard formatters: `black` for Python, `prettier` for
|
- Use platform-standard formatters: `black` for Python, `prettier` for
|
||||||
JS/CSS/Markdown/HTML, `go fmt` for Go. Always use default configuration with
|
JS/CSS/Markdown/HTML, `go fmt` for Go. Always use default configuration with
|
||||||
@@ -177,11 +69,9 @@ style conventions are in separate documents:
|
|||||||
Markdown (hard-wrap at 80 columns). Documentation and writing repos (Markdown,
|
Markdown (hard-wrap at 80 columns). Documentation and writing repos (Markdown,
|
||||||
HTML, CSS) should also have `.prettierrc` and `.prettierignore`.
|
HTML, CSS) should also have `.prettierrc` and `.prettierignore`.
|
||||||
|
|
||||||
- Pre-commit hook: runs `script/precommit`, which calls `script/check`. If local
|
- Pre-commit hook: `make check` if local testing is possible, otherwise
|
||||||
testing is not possible in the repo, `script/precommit` may skip `script/test`
|
`make lint && make fmt-check`. The Makefile should provide a `make hooks`
|
||||||
and run only `script/lint` and `script/fmt-check`. The hook is installed by
|
target to install the pre-commit hook.
|
||||||
`script/install-precommit`; the Makefile must provide a `make hooks` target
|
|
||||||
that shims to it.
|
|
||||||
|
|
||||||
- All repos with software must have tests that run via the platform-standard
|
- All repos with software must have tests that run via the platform-standard
|
||||||
test framework (`go test`, `pytest`, `jest`/`vitest`, etc.). If no meaningful
|
test framework (`go test`, `pytest`, `jest`/`vitest`, etc.). If no meaningful
|
||||||
@@ -192,42 +82,6 @@ style conventions are in separate documents:
|
|||||||
- `make test` must complete in under 20 seconds. Add a 30-second timeout in the
|
- `make test` must complete in under 20 seconds. Add a 30-second timeout in the
|
||||||
Makefile.
|
Makefile.
|
||||||
|
|
||||||
- **`make test` should use the conditional verbose rerun pattern.** Run tests
|
|
||||||
without `-v` (verbose) first. If tests fail, automatically rerun with `-v` to
|
|
||||||
show full output. This keeps CI logs and `docker build` output clean on
|
|
||||||
success (just package/suite summaries) while providing full diagnostic detail
|
|
||||||
on failure (every test case, every assertion). The general shell pattern:
|
|
||||||
|
|
||||||
```makefile
|
|
||||||
test:
|
|
||||||
@<test-command> || \
|
|
||||||
{ echo "--- Rerunning with -v for details ---"; \
|
|
||||||
<test-command-with-v>; exit 1; }
|
|
||||||
```
|
|
||||||
|
|
||||||
Go example:
|
|
||||||
|
|
||||||
```makefile
|
|
||||||
test:
|
|
||||||
@go test -timeout 30s -race -cover ./... || \
|
|
||||||
{ echo "--- Rerunning with -v for details ---"; \
|
|
||||||
go test -timeout 30s -race -v ./...; exit 1; }
|
|
||||||
```
|
|
||||||
|
|
||||||
Python example:
|
|
||||||
|
|
||||||
```makefile
|
|
||||||
test:
|
|
||||||
@python -m pytest || \
|
|
||||||
{ echo "--- Rerunning with -v for details ---"; \
|
|
||||||
python -m pytest -v; exit 1; }
|
|
||||||
```
|
|
||||||
|
|
||||||
The `exit 1` ensures the target always fails after a rerun — the first run
|
|
||||||
already proved the tests are broken, so the build must not pass even if a
|
|
||||||
flaky test happens to succeed on the second attempt. The rerun exists solely
|
|
||||||
for diagnostic output.
|
|
||||||
|
|
||||||
- Docker builds must complete in under 5 minutes.
|
- Docker builds must complete in under 5 minutes.
|
||||||
|
|
||||||
- `make check` must not modify any files in the repo. Tests may use temporary
|
- `make check` must not modify any files in the repo. Tests may use temporary
|
||||||
@@ -244,13 +98,6 @@ style conventions are in separate documents:
|
|||||||
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
|
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
|
||||||
a new repo.
|
a new repo.
|
||||||
|
|
||||||
- **No build artifacts in version control.** Code-derived data (compiled
|
|
||||||
bundles, minified output, generated assets) must never be committed to the
|
|
||||||
repository if it can be avoided. The build process (e.g. Dockerfile, Makefile)
|
|
||||||
should generate these at build time. Notable exception: Go protobuf generated
|
|
||||||
files (`.pb.go`) ARE committed because repos need to work with `go get`, which
|
|
||||||
downloads code but does not execute code generation.
|
|
||||||
|
|
||||||
- Never use `git add -A` or `git add .`. Always stage files explicitly by name.
|
- Never use `git add -A` or `git add .`. Always stage files explicitly by name.
|
||||||
|
|
||||||
- Never force-push to `main`.
|
- Never force-push to `main`.
|
||||||
@@ -274,76 +121,12 @@ style conventions are in separate documents:
|
|||||||
- Dockerized web services listen on port 8080 by default, overridable with
|
- Dockerized web services listen on port 8080 by default, overridable with
|
||||||
`PORT`.
|
`PORT`.
|
||||||
|
|
||||||
- **HTTP/web services must be hardened for production internet exposure before
|
|
||||||
tagging 1.0.** This means full compliance with security best practices
|
|
||||||
including, without limitation, all of the following:
|
|
||||||
- **Security headers** on every response:
|
|
||||||
- `Strict-Transport-Security` (HSTS) with `max-age` of at least one year
|
|
||||||
and `includeSubDomains`.
|
|
||||||
- `Content-Security-Policy` (CSP) with a restrictive default policy
|
|
||||||
(`default-src 'self'` as a baseline, tightened per-resource as
|
|
||||||
needed). Never use `unsafe-inline` or `unsafe-eval` unless
|
|
||||||
unavoidable, and document the reason.
|
|
||||||
- `X-Frame-Options: DENY` (or `SAMEORIGIN` if framing is required).
|
|
||||||
Prefer the `frame-ancestors` CSP directive as the primary control.
|
|
||||||
- `X-Content-Type-Options: nosniff`.
|
|
||||||
- `Referrer-Policy: strict-origin-when-cross-origin` (or stricter).
|
|
||||||
- `Permissions-Policy` restricting access to browser features the
|
|
||||||
application does not use (camera, microphone, geolocation, etc.).
|
|
||||||
- **Request and response limits:**
|
|
||||||
- Maximum request body size enforced on all endpoints (e.g. Go
|
|
||||||
`http.MaxBytesReader`). Choose a sane default per-route; never accept
|
|
||||||
unbounded input.
|
|
||||||
- Maximum response body size where applicable (e.g. paginated APIs).
|
|
||||||
- `ReadTimeout` and `ReadHeaderTimeout` on the `http.Server` to defend
|
|
||||||
against slowloris attacks.
|
|
||||||
- `WriteTimeout` on the `http.Server`.
|
|
||||||
- `IdleTimeout` on the `http.Server`.
|
|
||||||
- Per-handler execution time limits via `context.WithTimeout` or
|
|
||||||
chi/stdlib `middleware.Timeout`.
|
|
||||||
- **Authentication and session security:**
|
|
||||||
- Rate limiting on password-based authentication endpoints. API keys are
|
|
||||||
high-entropy and not susceptible to brute force, so they are exempt.
|
|
||||||
- CSRF tokens on all state-mutating HTML forms. API endpoints
|
|
||||||
authenticated via `Authorization` header (Bearer token, API key) are
|
|
||||||
exempt because the browser does not attach these automatically.
|
|
||||||
- Passwords stored using bcrypt, scrypt, or argon2 — never plain-text,
|
|
||||||
MD5, or SHA.
|
|
||||||
- Session cookies set with `HttpOnly`, `Secure`, and `SameSite=Lax` (or
|
|
||||||
`Strict`) attributes.
|
|
||||||
- **Reverse proxy awareness:**
|
|
||||||
- True client IP detection when behind a reverse proxy
|
|
||||||
(`X-Forwarded-For`, `X-Real-IP`). The application must accept
|
|
||||||
forwarded headers only from a configured set of trusted proxy
|
|
||||||
addresses — never trust `X-Forwarded-For` unconditionally.
|
|
||||||
- **CORS:**
|
|
||||||
- Authenticated endpoints must restrict `Access-Control-Allow-Origin` to
|
|
||||||
an explicit allowlist of known origins. Wildcard (`*`) is acceptable
|
|
||||||
only for public, unauthenticated read-only APIs.
|
|
||||||
- **Error handling:**
|
|
||||||
- Internal errors must never leak stack traces, SQL queries, file paths,
|
|
||||||
or other implementation details to the client. Return generic error
|
|
||||||
messages in production; detailed errors only when `DEBUG` is enabled.
|
|
||||||
- **TLS:**
|
|
||||||
- Services never terminate TLS directly. They are always deployed behind
|
|
||||||
a TLS-terminating reverse proxy. The service itself listens on plain
|
|
||||||
HTTP. However, HSTS headers and `Secure` cookie flags must still be
|
|
||||||
set by the application so that the browser enforces HTTPS end-to-end.
|
|
||||||
|
|
||||||
This list is non-exhaustive. Apply defense-in-depth: if a standard security
|
|
||||||
hardening measure exists for HTTP services and is not listed here, it is
|
|
||||||
still expected. When in doubt, harden.
|
|
||||||
|
|
||||||
- `README.md` is the primary documentation. Required sections:
|
- `README.md` is the primary documentation. Required sections:
|
||||||
- **Description**: First line must include the project name, purpose,
|
- **Description**: First line must include the project name, purpose,
|
||||||
category (web server, SPA, CLI tool, etc.), license, and author. Example:
|
category (web server, SPA, CLI tool, etc.), license, and author. Example:
|
||||||
"µPaaS is an MIT-licensed Go web application by @sneak that receives
|
"µPaaS is an MIT-licensed Go web application by @sneak that receives
|
||||||
git-frontend webhooks and deploys applications via Docker in realtime."
|
git-frontend webhooks and deploys applications via Docker in realtime."
|
||||||
- **Getting Started**: Copy-pasteable install/usage code block.
|
- **Getting Started**: Copy-pasteable install/usage code block.
|
||||||
- **Entrypoints**: Opens by stating that the repo adheres to the
|
|
||||||
[Scripts to Rule Them All](https://github.com/github/scripts-to-rule-them-all)
|
|
||||||
standard (with that link), then documents each provided `script/`
|
|
||||||
entrypoint and its purpose.
|
|
||||||
- **Rationale**: Why does this exist?
|
- **Rationale**: Why does this exist?
|
||||||
- **Design**: How is the program structured?
|
- **Design**: How is the program structured?
|
||||||
- **TODO**: Update meticulously, even between commits. When planning, put
|
- **TODO**: Update meticulously, even between commits. When planning, put
|
||||||
@@ -362,11 +145,11 @@ style conventions are in separate documents:
|
|||||||
|
|
||||||
- Database migrations live in `internal/db/migrations/` and must be embedded in
|
- Database migrations live in `internal/db/migrations/` and must be embedded in
|
||||||
the binary.
|
the binary.
|
||||||
- `000_migration.sql` — contains ONLY the creation of the migrations
|
- `000_migration.sql` — contains ONLY the creation of the migrations tracking
|
||||||
tracking table itself. Nothing else.
|
table itself. Nothing else.
|
||||||
- `001_schema.sql` — the full application schema.
|
- `001_schema.sql` — the full application schema.
|
||||||
- **Pre-1.0.0:** never add additional migration files (002, 003, etc.).
|
- **Pre-1.0.0:** never add additional migration files (002, 003, etc.). There
|
||||||
There is no installed base to migrate. Edit `001_schema.sql` directly.
|
is no installed base to migrate. Edit `001_schema.sql` directly.
|
||||||
- **Post-1.0.0:** add new numbered migration files for each schema change.
|
- **Post-1.0.0:** add new numbered migration files for each schema change.
|
||||||
Never edit existing migrations after release.
|
Never edit existing migrations after release.
|
||||||
|
|
||||||
@@ -398,9 +181,6 @@ style conventions are in separate documents:
|
|||||||
- `README.md`, `.git`, `.gitignore`, `.editorconfig`
|
- `README.md`, `.git`, `.gitignore`, `.editorconfig`
|
||||||
- `LICENSE`, `REPO_POLICIES.md` (copy from the `prompts` repo)
|
- `LICENSE`, `REPO_POLICIES.md` (copy from the `prompts` repo)
|
||||||
- `Makefile`
|
- `Makefile`
|
||||||
- `script/` entrypoints (`bootstrap`, `setup`, `projectname`, `test`,
|
|
||||||
`lint`, `fmt`, `fmt-check`, `check`, `docker`, `cibuild`, `precommit`,
|
|
||||||
`install-precommit`)
|
|
||||||
- `Dockerfile`, `.dockerignore`
|
- `Dockerfile`, `.dockerignore`
|
||||||
- `.gitea/workflows/check.yml`
|
- `.gitea/workflows/check.yml`
|
||||||
- Go: `go.mod`, `go.sum`, `.golangci.yml`
|
- Go: `go.mod`, `go.sum`, `.golangci.yml`
|
||||||
|
|||||||
55
TODO.md
55
TODO.md
@@ -1,55 +0,0 @@
|
|||||||
# Workflow
|
|
||||||
|
|
||||||
* branch (from `main`)
|
|
||||||
* do the work in Next Step
|
|
||||||
* move Next Step to the top of Completed Steps
|
|
||||||
* move the top item of Future Steps into Next Step
|
|
||||||
* commit (`TODO.md` changes in the same commit as the work)
|
|
||||||
* merge to `main` if the branch is not protected, otherwise open a PR
|
|
||||||
* push
|
|
||||||
|
|
||||||
# Status
|
|
||||||
|
|
||||||
1.0+. Tagged 1.0.0 on 2026-02-26; 8 commits on main since. Policy
|
|
||||||
violation: main currently fails make check (91 lint issues), so the tree
|
|
||||||
is out of compliance until fixed.
|
|
||||||
|
|
||||||
# Next Step
|
|
||||||
|
|
||||||
Fix the 47 noctx lint findings (HTTP requests without context) in one
|
|
||||||
commit and confirm the count drops under make check. This is the largest
|
|
||||||
of the three lint classes blocking a green main.
|
|
||||||
|
|
||||||
# Completed Steps
|
|
||||||
|
|
||||||
- 2026-07-07 Adopted scripts-to-rule-them-all: `script/` entrypoints,
|
|
||||||
Makefile shims, README Entrypoints section
|
|
||||||
- 2026-03-11: Monolithic env var editing with bulk save (#158).
|
|
||||||
- 2026-03-10: Webhook event history UI page (#164); added missing
|
|
||||||
Makefile docker and hooks targets plus test timeout (#159);
|
|
||||||
notification settings passed from create form (#160).
|
|
||||||
- 2026-03-03: REPO_POLICIES compliance file set added (#155).
|
|
||||||
- 2026-03-01: Module path changed to sneak.berlin/go/upaas (#143);
|
|
||||||
Dockerfile split into lint and build stages with forced lint
|
|
||||||
execution (#152, #154).
|
|
||||||
- 2026-02-26: 1.0.0 tagged; dashboard CSRFField crash fixed (#146).
|
|
||||||
- 1.0 audit bug fixes (#120-#125): deferred rollback on commit error,
|
|
||||||
deployment log size cap, error path rendering, docker-compose bind
|
|
||||||
mount, domain type refactor.
|
|
||||||
- CI simplified to docker build only (#130).
|
|
||||||
- 2025-12-29 onward: core PaaS built out: deploys with real-time build
|
|
||||||
log streaming, container start/stop/restart and logs, TCP/UDP port
|
|
||||||
mapping, Alpine.js UI, Slack notifications, ULID app IDs, session
|
|
||||||
handling.
|
|
||||||
|
|
||||||
# Future Steps
|
|
||||||
|
|
||||||
- Get main green (compliance, ordered):
|
|
||||||
- Fix 47 noctx findings (Next Step).
|
|
||||||
- Fix 23 gosec findings.
|
|
||||||
- Fix 21 goconst findings.
|
|
||||||
- Run make check clean on main and keep it green; main must always
|
|
||||||
pass.
|
|
||||||
- Confirm .gitea/workflows/check.yml gates merges on make check so main
|
|
||||||
cannot regress.
|
|
||||||
- Resume feature work only after main is green.
|
|
||||||
@@ -2,74 +2,36 @@ package database
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"database/sql"
|
|
||||||
"embed"
|
"embed"
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/fs"
|
"io/fs"
|
||||||
"log/slog"
|
|
||||||
"sort"
|
"sort"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
//go:embed migrations/*.sql
|
//go:embed migrations/*.sql
|
||||||
var migrationsFS embed.FS
|
var migrationsFS embed.FS
|
||||||
|
|
||||||
// bootstrapVersion is the migration that creates the schema_migrations
|
func (d *Database) migrate(ctx context.Context) error {
|
||||||
// table itself. It is applied before the normal migration loop.
|
// Create migrations table if not exists
|
||||||
const bootstrapVersion = 0
|
_, err := d.database.ExecContext(ctx, `
|
||||||
|
CREATE TABLE IF NOT EXISTS schema_migrations (
|
||||||
// ErrInvalidMigrationFilename indicates a migration filename does not follow
|
version TEXT PRIMARY KEY,
|
||||||
// the expected "<version>.sql" or "<version>_<description>.sql" pattern.
|
applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||||
var ErrInvalidMigrationFilename = errors.New("invalid migration filename")
|
|
||||||
|
|
||||||
// ParseMigrationVersion extracts the numeric version prefix from a migration
|
|
||||||
// filename. Filenames must follow the pattern "<version>.sql" or
|
|
||||||
// "<version>_<description>.sql", where version is a zero-padded numeric
|
|
||||||
// string (e.g. "001", "002"). Returns the version as an integer and an
|
|
||||||
// error if the filename does not match the expected pattern.
|
|
||||||
func ParseMigrationVersion(filename string) (int, error) {
|
|
||||||
name := strings.TrimSuffix(filename, ".sql")
|
|
||||||
if name == "" || name == filename {
|
|
||||||
return 0, fmt.Errorf("%w: %q has no .sql extension or is empty", ErrInvalidMigrationFilename, filename)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Split on underscore to separate version from description.
|
|
||||||
// If there's no underscore, the entire stem is the version.
|
|
||||||
versionStr, _, _ := strings.Cut(name, "_")
|
|
||||||
|
|
||||||
if versionStr == "" {
|
|
||||||
return 0, fmt.Errorf("%w: %q has empty version prefix", ErrInvalidMigrationFilename, filename)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Validate the version is purely numeric.
|
|
||||||
for _, ch := range versionStr {
|
|
||||||
if ch < '0' || ch > '9' {
|
|
||||||
return 0, fmt.Errorf(
|
|
||||||
"%w: %q version %q contains non-numeric character %q",
|
|
||||||
ErrInvalidMigrationFilename, filename, versionStr, string(ch),
|
|
||||||
)
|
)
|
||||||
}
|
`)
|
||||||
}
|
|
||||||
|
|
||||||
version, err := strconv.Atoi(versionStr)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, fmt.Errorf("%w: %q: %w", ErrInvalidMigrationFilename, filename, err)
|
return fmt.Errorf("failed to create migrations table: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return version, nil
|
// Get list of migration files
|
||||||
}
|
|
||||||
|
|
||||||
// collectMigrations reads the embedded migrations directory and returns
|
|
||||||
// migration filenames sorted lexicographically.
|
|
||||||
func collectMigrations() ([]string, error) {
|
|
||||||
entries, err := fs.ReadDir(migrationsFS, "migrations")
|
entries, err := fs.ReadDir(migrationsFS, "migrations")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to read migrations directory: %w", err)
|
return fmt.Errorf("failed to read migrations directory: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var migrations []string
|
// Sort migrations by name
|
||||||
|
migrations := make([]string, 0, len(entries))
|
||||||
|
|
||||||
for _, entry := range entries {
|
for _, entry := range entries {
|
||||||
if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") {
|
if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") {
|
||||||
@@ -79,113 +41,54 @@ func collectMigrations() ([]string, error) {
|
|||||||
|
|
||||||
sort.Strings(migrations)
|
sort.Strings(migrations)
|
||||||
|
|
||||||
return migrations, nil
|
// Apply each migration
|
||||||
}
|
|
||||||
|
|
||||||
// bootstrapMigrationsTable ensures the schema_migrations table exists by
|
|
||||||
// applying 000_migration.sql if the table is missing.
|
|
||||||
func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger) error {
|
|
||||||
var tableExists int
|
|
||||||
|
|
||||||
err := db.QueryRowContext(ctx,
|
|
||||||
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
|
|
||||||
).Scan(&tableExists)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to check for migrations table: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if tableExists == 0 {
|
|
||||||
return applyBootstrapMigration(ctx, db, log)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// applyBootstrapMigration reads and executes 000_migration.sql to create the
|
|
||||||
// schema_migrations table on a fresh database.
|
|
||||||
func applyBootstrapMigration(ctx context.Context, db *sql.DB, log *slog.Logger) error {
|
|
||||||
content, err := migrationsFS.ReadFile("migrations/000_migration.sql")
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to read bootstrap migration 000_migration.sql: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if log != nil {
|
|
||||||
log.Info("applying bootstrap migration", "version", bootstrapVersion)
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err = db.ExecContext(ctx, string(content))
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("failed to apply bootstrap migration: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ApplyMigrations applies all pending migrations to db. An optional logger
|
|
||||||
// may be provided for informational output; pass nil for silent operation.
|
|
||||||
// This is exported so tests can apply the real schema without the full fx
|
|
||||||
// lifecycle.
|
|
||||||
func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error {
|
|
||||||
bootstrapErr := bootstrapMigrationsTable(ctx, db, log)
|
|
||||||
if bootstrapErr != nil {
|
|
||||||
return bootstrapErr
|
|
||||||
}
|
|
||||||
|
|
||||||
migrations, err := collectMigrations()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, migration := range migrations {
|
for _, migration := range migrations {
|
||||||
version, parseErr := ParseMigrationVersion(migration)
|
applied, err := d.isMigrationApplied(ctx, migration)
|
||||||
if parseErr != nil {
|
|
||||||
return parseErr
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if already applied.
|
|
||||||
var count int
|
|
||||||
|
|
||||||
err = db.QueryRowContext(ctx,
|
|
||||||
"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
|
|
||||||
version,
|
|
||||||
).Scan(&count)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to check migration %s: %w", migration, err)
|
return fmt.Errorf("failed to check migration %s: %w", migration, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if count > 0 {
|
if applied {
|
||||||
if log != nil {
|
d.log.Debug("migration already applied", "migration", migration)
|
||||||
log.Debug("migration already applied", "version", version)
|
|
||||||
}
|
|
||||||
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// Apply migration in a transaction.
|
err = d.applyMigration(ctx, migration)
|
||||||
applyErr := applyMigrationTx(ctx, db, migration, version)
|
if err != nil {
|
||||||
if applyErr != nil {
|
return fmt.Errorf("failed to apply migration %s: %w", migration, err)
|
||||||
return applyErr
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if log != nil {
|
d.log.Info("migration applied", "migration", migration)
|
||||||
log.Info("migration applied", "version", version)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// applyMigrationTx reads and executes a migration file within a transaction,
|
func (d *Database) isMigrationApplied(ctx context.Context, version string) (bool, error) {
|
||||||
// recording the version in schema_migrations on success.
|
var count int
|
||||||
func applyMigrationTx(ctx context.Context, db *sql.DB, filename string, version int) error {
|
|
||||||
content, err := migrationsFS.ReadFile("migrations/" + filename)
|
err := d.database.QueryRowContext(
|
||||||
|
ctx,
|
||||||
|
"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
|
||||||
|
version,
|
||||||
|
).Scan(&count)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to read migration %s: %w", filename, err)
|
return false, fmt.Errorf("failed to query migration status: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
transaction, err := db.BeginTx(ctx, nil)
|
return count > 0, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *Database) applyMigration(ctx context.Context, filename string) error {
|
||||||
|
content, err := migrationsFS.ReadFile("migrations/" + filename)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to begin transaction for migration %s: %w", filename, err)
|
return fmt.Errorf("failed to read migration file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
transaction, err := d.database.BeginTx(ctx, nil)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to begin transaction: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
defer func() {
|
defer func() {
|
||||||
@@ -194,27 +97,26 @@ func applyMigrationTx(ctx context.Context, db *sql.DB, filename string, version
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
// Execute migration
|
||||||
_, err = transaction.ExecContext(ctx, string(content))
|
_, err = transaction.ExecContext(ctx, string(content))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to execute migration %s: %w", filename, err)
|
return fmt.Errorf("failed to execute migration: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = transaction.ExecContext(ctx,
|
// Record migration
|
||||||
|
_, err = transaction.ExecContext(
|
||||||
|
ctx,
|
||||||
"INSERT INTO schema_migrations (version) VALUES (?)",
|
"INSERT INTO schema_migrations (version) VALUES (?)",
|
||||||
version,
|
filename,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to record migration %s: %w", filename, err)
|
return fmt.Errorf("failed to record migration: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = transaction.Commit()
|
err = transaction.Commit()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to commit migration %s: %w", filename, err)
|
return fmt.Errorf("failed to commit migration: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *Database) migrate(ctx context.Context) error {
|
|
||||||
return ApplyMigrations(ctx, d.database, d.log)
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -1,9 +0,0 @@
|
|||||||
-- Migration 000: Schema migrations tracking table
|
|
||||||
-- Applied as a bootstrap step before the normal migration loop.
|
|
||||||
|
|
||||||
CREATE TABLE IF NOT EXISTS schema_migrations (
|
|
||||||
version INTEGER PRIMARY KEY,
|
|
||||||
applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
|
||||||
);
|
|
||||||
|
|
||||||
INSERT OR IGNORE INTO schema_migrations (version) VALUES (0);
|
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
-- Add custom health check command per app
|
||||||
|
ALTER TABLE apps ADD COLUMN healthcheck_command TEXT;
|
||||||
@@ -1,117 +0,0 @@
|
|||||||
package database_test
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"database/sql"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
_ "github.com/mattn/go-sqlite3"
|
|
||||||
"github.com/stretchr/testify/assert"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
|
|
||||||
"sneak.berlin/go/upaas/internal/database"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestParseMigrationVersion(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
tests := []struct {
|
|
||||||
filename string
|
|
||||||
wantVersion int
|
|
||||||
wantErr bool
|
|
||||||
}{
|
|
||||||
{filename: "000_migration.sql", wantVersion: 0},
|
|
||||||
{filename: "001_initial.sql", wantVersion: 1},
|
|
||||||
{filename: "002_remove_container_id.sql", wantVersion: 2},
|
|
||||||
{filename: "007_add_resource_limits.sql", wantVersion: 7},
|
|
||||||
{filename: "100_large_version.sql", wantVersion: 100},
|
|
||||||
{filename: ".sql", wantErr: true},
|
|
||||||
{filename: "_foo.sql", wantErr: true},
|
|
||||||
{filename: "abc_foo.sql", wantErr: true},
|
|
||||||
{filename: "1a2_bad.sql", wantErr: true},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tt := range tests {
|
|
||||||
t.Run(tt.filename, func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
version, err := database.ParseMigrationVersion(tt.filename)
|
|
||||||
if tt.wantErr {
|
|
||||||
assert.Error(t, err)
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, tt.wantVersion, version)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestApplyMigrationsFreshDatabase(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
db, err := sql.Open("sqlite3", ":memory:?_foreign_keys=on")
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
defer func() { _ = db.Close() }()
|
|
||||||
|
|
||||||
ctx := context.Background()
|
|
||||||
|
|
||||||
err = database.ApplyMigrations(ctx, db, nil)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// Verify schema_migrations table exists with INTEGER version column.
|
|
||||||
var version int
|
|
||||||
|
|
||||||
err = db.QueryRowContext(ctx,
|
|
||||||
"SELECT version FROM schema_migrations WHERE version = 0",
|
|
||||||
).Scan(&version)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, 0, version)
|
|
||||||
|
|
||||||
// Verify that all migrations were recorded.
|
|
||||||
var count int
|
|
||||||
|
|
||||||
err = db.QueryRowContext(ctx,
|
|
||||||
"SELECT COUNT(*) FROM schema_migrations",
|
|
||||||
).Scan(&count)
|
|
||||||
require.NoError(t, err)
|
|
||||||
// 000 bootstrap + 001 through 007 = 8 entries.
|
|
||||||
assert.Equal(t, 8, count)
|
|
||||||
|
|
||||||
// Verify application tables were created by the migrations.
|
|
||||||
var tableCount int
|
|
||||||
|
|
||||||
err = db.QueryRowContext(ctx,
|
|
||||||
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='users'",
|
|
||||||
).Scan(&tableCount)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, 1, tableCount)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestApplyMigrationsIdempotent(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
db, err := sql.Open("sqlite3", ":memory:?_foreign_keys=on")
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
defer func() { _ = db.Close() }()
|
|
||||||
|
|
||||||
ctx := context.Background()
|
|
||||||
|
|
||||||
// Apply twice — second run should be a no-op.
|
|
||||||
err = database.ApplyMigrations(ctx, db, nil)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
err = database.ApplyMigrations(ctx, db, nil)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
var count int
|
|
||||||
|
|
||||||
err = db.QueryRowContext(ctx,
|
|
||||||
"SELECT COUNT(*) FROM schema_migrations",
|
|
||||||
).Scan(&count)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, 8, count)
|
|
||||||
}
|
|
||||||
@@ -13,6 +13,7 @@ import (
|
|||||||
"regexp"
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
dockertypes "github.com/docker/docker/api/types"
|
dockertypes "github.com/docker/docker/api/types"
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
@@ -147,6 +148,7 @@ type CreateContainerOptions struct {
|
|||||||
Network string
|
Network string
|
||||||
CPULimit float64 // CPU cores (e.g. 0.5 = half a core, 2.0 = two cores). 0 means unlimited.
|
CPULimit float64 // CPU cores (e.g. 0.5 = half a core, 2.0 = two cores). 0 means unlimited.
|
||||||
MemoryLimit int64 // Memory in bytes. 0 means unlimited.
|
MemoryLimit int64 // Memory in bytes. 0 means unlimited.
|
||||||
|
HealthcheckCommand string // Custom health check shell command (empty = use image default)
|
||||||
}
|
}
|
||||||
|
|
||||||
// VolumeMount represents a volume mount.
|
// VolumeMount represents a volume mount.
|
||||||
@@ -237,6 +239,29 @@ func buildResources(opts CreateContainerOptions) container.Resources {
|
|||||||
return resources
|
return resources
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// healthcheckInterval is the time between health check attempts.
|
||||||
|
const healthcheckInterval = 30 * time.Second
|
||||||
|
|
||||||
|
// healthcheckTimeout is the maximum time a single health check can take.
|
||||||
|
const healthcheckTimeout = 10 * time.Second
|
||||||
|
|
||||||
|
// healthcheckStartPeriod is the grace period before health checks start counting failures.
|
||||||
|
const healthcheckStartPeriod = 15 * time.Second
|
||||||
|
|
||||||
|
// healthcheckRetries is the number of consecutive failures needed to mark unhealthy.
|
||||||
|
const healthcheckRetries = 3
|
||||||
|
|
||||||
|
// buildHealthcheck creates a Docker health check config from a shell command string.
|
||||||
|
func buildHealthcheck(command string) *container.HealthConfig {
|
||||||
|
return &container.HealthConfig{
|
||||||
|
Test: []string{"CMD-SHELL", command},
|
||||||
|
Interval: healthcheckInterval,
|
||||||
|
Timeout: healthcheckTimeout,
|
||||||
|
StartPeriod: healthcheckStartPeriod,
|
||||||
|
Retries: healthcheckRetries,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// CreateContainer creates a new container.
|
// CreateContainer creates a new container.
|
||||||
func (c *Client) CreateContainer(
|
func (c *Client) CreateContainer(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
@@ -250,13 +275,22 @@ func (c *Client) CreateContainer(
|
|||||||
|
|
||||||
exposedPorts, portBindings := buildPortConfig(opts.Ports)
|
exposedPorts, portBindings := buildPortConfig(opts.Ports)
|
||||||
|
|
||||||
resp, err := c.docker.ContainerCreate(ctx,
|
// Build container config
|
||||||
&container.Config{
|
containerConfig := &container.Config{
|
||||||
Image: opts.Image,
|
Image: opts.Image,
|
||||||
Env: buildEnvSlice(opts.Env),
|
Env: buildEnvSlice(opts.Env),
|
||||||
Labels: opts.Labels,
|
Labels: opts.Labels,
|
||||||
ExposedPorts: exposedPorts,
|
ExposedPorts: exposedPorts,
|
||||||
},
|
}
|
||||||
|
|
||||||
|
// Apply custom health check if configured
|
||||||
|
if opts.HealthcheckCommand != "" {
|
||||||
|
containerConfig.Healthcheck = buildHealthcheck(opts.HealthcheckCommand)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create container
|
||||||
|
resp, err := c.docker.ContainerCreate(ctx,
|
||||||
|
containerConfig,
|
||||||
&container.HostConfig{
|
&container.HostConfig{
|
||||||
Mounts: buildMounts(opts.Volumes),
|
Mounts: buildMounts(opts.Volumes),
|
||||||
PortBindings: portBindings,
|
PortBindings: portBindings,
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestValidBranchRegex(t *testing.T) {
|
func TestValidBranchRegex(t *testing.T) {
|
||||||
@@ -146,3 +147,52 @@ func TestCloneRepoRejectsInjection(t *testing.T) { //nolint:funlen // table-driv
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBuildHealthcheck(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("creates CMD-SHELL health check", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
cmd := "curl -f http://localhost:8080/healthz || exit 1"
|
||||||
|
hc := buildHealthcheck(cmd)
|
||||||
|
|
||||||
|
if len(hc.Test) != 2 {
|
||||||
|
t.Fatalf("expected 2 test elements, got %d", len(hc.Test))
|
||||||
|
}
|
||||||
|
|
||||||
|
if hc.Test[0] != "CMD-SHELL" {
|
||||||
|
t.Errorf("expected Test[0]=%q, got %q", "CMD-SHELL", hc.Test[0])
|
||||||
|
}
|
||||||
|
|
||||||
|
if hc.Test[1] != cmd {
|
||||||
|
t.Errorf("expected Test[1]=%q, got %q", cmd, hc.Test[1])
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("sets expected intervals", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
hc := buildHealthcheck("true")
|
||||||
|
|
||||||
|
expectedInterval := 30 * time.Second
|
||||||
|
if hc.Interval != expectedInterval {
|
||||||
|
t.Errorf("expected Interval=%v, got %v", expectedInterval, hc.Interval)
|
||||||
|
}
|
||||||
|
|
||||||
|
expectedTimeout := 10 * time.Second
|
||||||
|
if hc.Timeout != expectedTimeout {
|
||||||
|
t.Errorf("expected Timeout=%v, got %v", expectedTimeout, hc.Timeout)
|
||||||
|
}
|
||||||
|
|
||||||
|
expectedStartPeriod := 15 * time.Second
|
||||||
|
if hc.StartPeriod != expectedStartPeriod {
|
||||||
|
t.Errorf("expected StartPeriod=%v, got %v", expectedStartPeriod, hc.StartPeriod)
|
||||||
|
}
|
||||||
|
|
||||||
|
expectedRetries := 3
|
||||||
|
if hc.Retries != expectedRetries {
|
||||||
|
t.Errorf("expected Retries=%d, got %d", expectedRetries, hc.Retries)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|||||||
@@ -57,6 +57,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
|
|||||||
dockerNetwork := request.FormValue("docker_network")
|
dockerNetwork := request.FormValue("docker_network")
|
||||||
ntfyTopic := request.FormValue("ntfy_topic")
|
ntfyTopic := request.FormValue("ntfy_topic")
|
||||||
slackWebhook := request.FormValue("slack_webhook")
|
slackWebhook := request.FormValue("slack_webhook")
|
||||||
|
healthcheckCommand := request.FormValue("healthcheck_command")
|
||||||
|
|
||||||
data := h.addGlobals(map[string]any{
|
data := h.addGlobals(map[string]any{
|
||||||
"Name": name,
|
"Name": name,
|
||||||
@@ -66,6 +67,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
|
|||||||
"DockerNetwork": dockerNetwork,
|
"DockerNetwork": dockerNetwork,
|
||||||
"NtfyTopic": ntfyTopic,
|
"NtfyTopic": ntfyTopic,
|
||||||
"SlackWebhook": slackWebhook,
|
"SlackWebhook": slackWebhook,
|
||||||
|
"HealthcheckCommand": healthcheckCommand,
|
||||||
}, request)
|
}, request)
|
||||||
|
|
||||||
if name == "" || repoURL == "" {
|
if name == "" || repoURL == "" {
|
||||||
@@ -109,6 +111,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
|
|||||||
DockerNetwork: dockerNetwork,
|
DockerNetwork: dockerNetwork,
|
||||||
NtfyTopic: ntfyTopic,
|
NtfyTopic: ntfyTopic,
|
||||||
SlackWebhook: slackWebhook,
|
SlackWebhook: slackWebhook,
|
||||||
|
HealthcheckCommand: healthcheckCommand,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
if createErr != nil {
|
if createErr != nil {
|
||||||
@@ -260,6 +263,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
|
|||||||
application.DockerNetwork = optionalNullString(request.FormValue("docker_network"))
|
application.DockerNetwork = optionalNullString(request.FormValue("docker_network"))
|
||||||
application.NtfyTopic = optionalNullString(request.FormValue("ntfy_topic"))
|
application.NtfyTopic = optionalNullString(request.FormValue("ntfy_topic"))
|
||||||
application.SlackWebhook = optionalNullString(request.FormValue("slack_webhook"))
|
application.SlackWebhook = optionalNullString(request.FormValue("slack_webhook"))
|
||||||
|
application.HealthcheckCommand = optionalNullString(request.FormValue("healthcheck_command"))
|
||||||
|
|
||||||
limitsErr := applyResourceLimits(application, request)
|
limitsErr := applyResourceLimits(application, request)
|
||||||
if limitsErr != "" {
|
if limitsErr != "" {
|
||||||
|
|||||||
@@ -7,14 +7,12 @@ import (
|
|||||||
"github.com/go-chi/chi/v5"
|
"github.com/go-chi/chi/v5"
|
||||||
|
|
||||||
"sneak.berlin/go/upaas/internal/models"
|
"sneak.berlin/go/upaas/internal/models"
|
||||||
"sneak.berlin/go/upaas/internal/service/webhook"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// maxWebhookBodySize is the maximum allowed size of a webhook request body (1MB).
|
// maxWebhookBodySize is the maximum allowed size of a webhook request body (1MB).
|
||||||
const maxWebhookBodySize = 1 << 20
|
const maxWebhookBodySize = 1 << 20
|
||||||
|
|
||||||
// HandleWebhook handles incoming webhooks from Gitea, GitHub, or GitLab.
|
// HandleWebhook handles incoming Gitea webhooks.
|
||||||
// The webhook source is auto-detected from HTTP headers.
|
|
||||||
func (h *Handlers) HandleWebhook() http.HandlerFunc {
|
func (h *Handlers) HandleWebhook() http.HandlerFunc {
|
||||||
return func(writer http.ResponseWriter, request *http.Request) {
|
return func(writer http.ResponseWriter, request *http.Request) {
|
||||||
secret := chi.URLParam(request, "secret")
|
secret := chi.URLParam(request, "secret")
|
||||||
@@ -52,17 +50,16 @@ func (h *Handlers) HandleWebhook() http.HandlerFunc {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Auto-detect webhook source from headers
|
// Get event type from header
|
||||||
source := webhook.DetectWebhookSource(request.Header)
|
eventType := request.Header.Get("X-Gitea-Event")
|
||||||
|
if eventType == "" {
|
||||||
// Extract event type based on detected source
|
eventType = "push"
|
||||||
eventType := webhook.DetectEventType(request.Header, source)
|
}
|
||||||
|
|
||||||
// Process webhook
|
// Process webhook
|
||||||
webhookErr := h.webhook.HandleWebhook(
|
webhookErr := h.webhook.HandleWebhook(
|
||||||
request.Context(),
|
request.Context(),
|
||||||
application,
|
application,
|
||||||
source,
|
|
||||||
eventType,
|
eventType,
|
||||||
body,
|
body,
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -14,8 +14,8 @@ import (
|
|||||||
const appColumns = `id, name, repo_url, branch, dockerfile_path, webhook_secret,
|
const appColumns = `id, name, repo_url, branch, dockerfile_path, webhook_secret,
|
||||||
ssh_private_key, ssh_public_key, image_id, status,
|
ssh_private_key, ssh_public_key, image_id, status,
|
||||||
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
|
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
|
||||||
previous_image_id, cpu_limit, memory_limit,
|
previous_image_id, cpu_limit, memory_limit,
|
||||||
created_at, updated_at`
|
healthcheck_command, created_at, updated_at`
|
||||||
|
|
||||||
// AppStatus represents the status of an app.
|
// AppStatus represents the status of an app.
|
||||||
type AppStatus string
|
type AppStatus string
|
||||||
@@ -50,6 +50,7 @@ type App struct {
|
|||||||
SlackWebhook sql.NullString
|
SlackWebhook sql.NullString
|
||||||
CPULimit sql.NullFloat64
|
CPULimit sql.NullFloat64
|
||||||
MemoryLimit sql.NullInt64
|
MemoryLimit sql.NullInt64
|
||||||
|
HealthcheckCommand sql.NullString
|
||||||
CreatedAt time.Time
|
CreatedAt time.Time
|
||||||
UpdatedAt time.Time
|
UpdatedAt time.Time
|
||||||
}
|
}
|
||||||
@@ -145,14 +146,16 @@ func (a *App) insert(ctx context.Context) error {
|
|||||||
id, name, repo_url, branch, dockerfile_path, webhook_secret,
|
id, name, repo_url, branch, dockerfile_path, webhook_secret,
|
||||||
ssh_private_key, ssh_public_key, image_id, status,
|
ssh_private_key, ssh_public_key, image_id, status,
|
||||||
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
|
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
|
||||||
previous_image_id, cpu_limit, memory_limit
|
previous_image_id, cpu_limit, memory_limit,
|
||||||
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
|
healthcheck_command
|
||||||
|
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
|
||||||
|
|
||||||
_, err := a.db.Exec(ctx, query,
|
_, err := a.db.Exec(ctx, query,
|
||||||
a.ID, a.Name, a.RepoURL, a.Branch, a.DockerfilePath, a.WebhookSecret,
|
a.ID, a.Name, a.RepoURL, a.Branch, a.DockerfilePath, a.WebhookSecret,
|
||||||
a.SSHPrivateKey, a.SSHPublicKey, a.ImageID, a.Status,
|
a.SSHPrivateKey, a.SSHPublicKey, a.ImageID, a.Status,
|
||||||
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook, a.WebhookSecretHash,
|
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook, a.WebhookSecretHash,
|
||||||
a.PreviousImageID, a.CPULimit, a.MemoryLimit,
|
a.PreviousImageID, a.CPULimit, a.MemoryLimit,
|
||||||
|
a.HealthcheckCommand,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -167,8 +170,9 @@ func (a *App) update(ctx context.Context) error {
|
|||||||
name = ?, repo_url = ?, branch = ?, dockerfile_path = ?,
|
name = ?, repo_url = ?, branch = ?, dockerfile_path = ?,
|
||||||
image_id = ?, status = ?,
|
image_id = ?, status = ?,
|
||||||
docker_network = ?, ntfy_topic = ?, slack_webhook = ?,
|
docker_network = ?, ntfy_topic = ?, slack_webhook = ?,
|
||||||
previous_image_id = ?,
|
previous_image_id = ?,
|
||||||
cpu_limit = ?, memory_limit = ?,
|
cpu_limit = ?, memory_limit = ?,
|
||||||
|
healthcheck_command = ?,
|
||||||
updated_at = CURRENT_TIMESTAMP
|
updated_at = CURRENT_TIMESTAMP
|
||||||
WHERE id = ?`
|
WHERE id = ?`
|
||||||
|
|
||||||
@@ -178,6 +182,7 @@ func (a *App) update(ctx context.Context) error {
|
|||||||
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook,
|
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook,
|
||||||
a.PreviousImageID,
|
a.PreviousImageID,
|
||||||
a.CPULimit, a.MemoryLimit,
|
a.CPULimit, a.MemoryLimit,
|
||||||
|
a.HealthcheckCommand,
|
||||||
a.ID,
|
a.ID,
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -194,6 +199,7 @@ func (a *App) scan(row *sql.Row) error {
|
|||||||
&a.WebhookSecretHash,
|
&a.WebhookSecretHash,
|
||||||
&a.PreviousImageID,
|
&a.PreviousImageID,
|
||||||
&a.CPULimit, &a.MemoryLimit,
|
&a.CPULimit, &a.MemoryLimit,
|
||||||
|
&a.HealthcheckCommand,
|
||||||
&a.CreatedAt, &a.UpdatedAt,
|
&a.CreatedAt, &a.UpdatedAt,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -213,6 +219,7 @@ func scanApps(appDB *database.Database, rows *sql.Rows) ([]*App, error) {
|
|||||||
&app.WebhookSecretHash,
|
&app.WebhookSecretHash,
|
||||||
&app.PreviousImageID,
|
&app.PreviousImageID,
|
||||||
&app.CPULimit, &app.MemoryLimit,
|
&app.CPULimit, &app.MemoryLimit,
|
||||||
|
&app.HealthcheckCommand,
|
||||||
&app.CreatedAt, &app.UpdatedAt,
|
&app.CreatedAt, &app.UpdatedAt,
|
||||||
)
|
)
|
||||||
if scanErr != nil {
|
if scanErr != nil {
|
||||||
|
|||||||
@@ -704,6 +704,72 @@ func TestAppGetWebhookEvents(t *testing.T) {
|
|||||||
assert.Len(t, events, 1)
|
assert.Len(t, events, 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// App HealthcheckCommand Tests.
|
||||||
|
|
||||||
|
func TestAppHealthcheckCommand(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
t.Run("saves and loads healthcheck command", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
testDB, cleanup := setupTestDB(t)
|
||||||
|
defer cleanup()
|
||||||
|
|
||||||
|
app := createTestApp(t, testDB)
|
||||||
|
app.HealthcheckCommand = sql.NullString{
|
||||||
|
String: "curl -f http://localhost:8080/healthz || exit 1",
|
||||||
|
Valid: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := app.Save(context.Background())
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NotNil(t, found)
|
||||||
|
assert.True(t, found.HealthcheckCommand.Valid)
|
||||||
|
assert.Equal(t, "curl -f http://localhost:8080/healthz || exit 1", found.HealthcheckCommand.String)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("null when not set", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
testDB, cleanup := setupTestDB(t)
|
||||||
|
defer cleanup()
|
||||||
|
|
||||||
|
app := createTestApp(t, testDB)
|
||||||
|
|
||||||
|
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NotNil(t, found)
|
||||||
|
assert.False(t, found.HealthcheckCommand.Valid)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("can be cleared", func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
testDB, cleanup := setupTestDB(t)
|
||||||
|
defer cleanup()
|
||||||
|
|
||||||
|
app := createTestApp(t, testDB)
|
||||||
|
app.HealthcheckCommand = sql.NullString{String: "true", Valid: true}
|
||||||
|
|
||||||
|
err := app.Save(context.Background())
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
// Clear it
|
||||||
|
app.HealthcheckCommand = sql.NullString{}
|
||||||
|
|
||||||
|
err = app.Save(context.Background())
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NotNil(t, found)
|
||||||
|
assert.False(t, found.HealthcheckCommand.Valid)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
// Cascade Delete Tests.
|
// Cascade Delete Tests.
|
||||||
|
|
||||||
//nolint:funlen // Test function with many assertions - acceptable for integration tests
|
//nolint:funlen // Test function with many assertions - acceptable for integration tests
|
||||||
|
|||||||
@@ -53,6 +53,7 @@ type CreateAppInput struct {
|
|||||||
DockerNetwork string
|
DockerNetwork string
|
||||||
NtfyTopic string
|
NtfyTopic string
|
||||||
SlackWebhook string
|
SlackWebhook string
|
||||||
|
HealthcheckCommand string
|
||||||
}
|
}
|
||||||
|
|
||||||
// CreateApp creates a new application with generated SSH keys and webhook secret.
|
// CreateApp creates a new application with generated SSH keys and webhook secret.
|
||||||
@@ -100,6 +101,10 @@ func (svc *Service) CreateApp(
|
|||||||
app.SlackWebhook = sql.NullString{String: input.SlackWebhook, Valid: true}
|
app.SlackWebhook = sql.NullString{String: input.SlackWebhook, Valid: true}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if input.HealthcheckCommand != "" {
|
||||||
|
app.HealthcheckCommand = sql.NullString{String: input.HealthcheckCommand, Valid: true}
|
||||||
|
}
|
||||||
|
|
||||||
saveErr := app.Save(ctx)
|
saveErr := app.Save(ctx)
|
||||||
if saveErr != nil {
|
if saveErr != nil {
|
||||||
return nil, fmt.Errorf("failed to save app: %w", saveErr)
|
return nil, fmt.Errorf("failed to save app: %w", saveErr)
|
||||||
@@ -119,6 +124,7 @@ type UpdateAppInput struct {
|
|||||||
DockerNetwork string
|
DockerNetwork string
|
||||||
NtfyTopic string
|
NtfyTopic string
|
||||||
SlackWebhook string
|
SlackWebhook string
|
||||||
|
HealthcheckCommand string
|
||||||
}
|
}
|
||||||
|
|
||||||
// UpdateApp updates an existing application.
|
// UpdateApp updates an existing application.
|
||||||
@@ -144,6 +150,10 @@ func (svc *Service) UpdateApp(
|
|||||||
String: input.SlackWebhook,
|
String: input.SlackWebhook,
|
||||||
Valid: input.SlackWebhook != "",
|
Valid: input.SlackWebhook != "",
|
||||||
}
|
}
|
||||||
|
app.HealthcheckCommand = sql.NullString{
|
||||||
|
String: input.HealthcheckCommand,
|
||||||
|
Valid: input.HealthcheckCommand != "",
|
||||||
|
}
|
||||||
|
|
||||||
saveErr := app.Save(ctx)
|
saveErr := app.Save(ctx)
|
||||||
if saveErr != nil {
|
if saveErr != nil {
|
||||||
|
|||||||
@@ -1094,16 +1094,11 @@ func (svc *Service) buildContainerOptions(
|
|||||||
network = app.DockerNetwork.String
|
network = app.DockerNetwork.String
|
||||||
}
|
}
|
||||||
|
|
||||||
var cpuLimit float64
|
cpuLimit, memoryLimit := extractResourceLimits(app)
|
||||||
|
|
||||||
if app.CPULimit.Valid {
|
healthcheckCmd := ""
|
||||||
cpuLimit = app.CPULimit.Float64
|
if app.HealthcheckCommand.Valid {
|
||||||
}
|
healthcheckCmd = app.HealthcheckCommand.String
|
||||||
|
|
||||||
var memoryLimit int64
|
|
||||||
|
|
||||||
if app.MemoryLimit.Valid {
|
|
||||||
memoryLimit = app.MemoryLimit.Int64
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return docker.CreateContainerOptions{
|
return docker.CreateContainerOptions{
|
||||||
@@ -1116,9 +1111,27 @@ func (svc *Service) buildContainerOptions(
|
|||||||
Network: network,
|
Network: network,
|
||||||
CPULimit: cpuLimit,
|
CPULimit: cpuLimit,
|
||||||
MemoryLimit: memoryLimit,
|
MemoryLimit: memoryLimit,
|
||||||
|
HealthcheckCommand: healthcheckCmd,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// extractResourceLimits returns CPU and memory limits from the app model.
|
||||||
|
func extractResourceLimits(app *models.App) (float64, int64) {
|
||||||
|
var cpuLimit float64
|
||||||
|
|
||||||
|
if app.CPULimit.Valid {
|
||||||
|
cpuLimit = app.CPULimit.Float64
|
||||||
|
}
|
||||||
|
|
||||||
|
var memoryLimit int64
|
||||||
|
|
||||||
|
if app.MemoryLimit.Valid {
|
||||||
|
memoryLimit = app.MemoryLimit.Int64
|
||||||
|
}
|
||||||
|
|
||||||
|
return cpuLimit, memoryLimit
|
||||||
|
}
|
||||||
|
|
||||||
func buildLabelMap(app *models.App, labels []*models.Label) map[string]string {
|
func buildLabelMap(app *models.App, labels []*models.Label) map[string]string {
|
||||||
labelMap := make(map[string]string, len(labels)+upaasLabelCount)
|
labelMap := make(map[string]string, len(labels)+upaasLabelCount)
|
||||||
for _, label := range labels {
|
for _, label := range labels {
|
||||||
|
|||||||
@@ -134,3 +134,64 @@ func TestBuildContainerOptionsMemoryLimit(t *testing.T) {
|
|||||||
t.Errorf("expected MemoryLimit=536870912, got %v", opts.MemoryLimit)
|
t.Errorf("expected MemoryLimit=536870912, got %v", opts.MemoryLimit)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBuildContainerOptionsHealthcheckSet(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
db := database.NewTestDatabase(t)
|
||||||
|
|
||||||
|
app := models.NewApp(db)
|
||||||
|
app.Name = "hc-app"
|
||||||
|
app.HealthcheckCommand = sql.NullString{
|
||||||
|
String: "curl -f http://localhost:8080/healthz || exit 1",
|
||||||
|
Valid: true,
|
||||||
|
}
|
||||||
|
|
||||||
|
err := app.Save(context.Background())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("failed to save app: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
|
||||||
|
svc := deploy.NewTestService(log)
|
||||||
|
|
||||||
|
opts, err := svc.BuildContainerOptionsExported(
|
||||||
|
context.Background(), app, "sha256:test",
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("buildContainerOptions returned error: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
expected := "curl -f http://localhost:8080/healthz || exit 1"
|
||||||
|
if opts.HealthcheckCommand != expected {
|
||||||
|
t.Errorf("expected HealthcheckCommand=%q, got %q", expected, opts.HealthcheckCommand)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestBuildContainerOptionsHealthcheckEmpty(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
db := database.NewTestDatabase(t)
|
||||||
|
|
||||||
|
app := models.NewApp(db)
|
||||||
|
app.Name = "no-hc-app"
|
||||||
|
|
||||||
|
err := app.Save(context.Background())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("failed to save app: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
|
||||||
|
svc := deploy.NewTestService(log)
|
||||||
|
|
||||||
|
opts, err := svc.BuildContainerOptionsExported(
|
||||||
|
context.Background(), app, "sha256:test",
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("buildContainerOptions returned error: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if opts.HealthcheckCommand != "" {
|
||||||
|
t.Errorf("expected empty HealthcheckCommand, got %q", opts.HealthcheckCommand)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,248 +0,0 @@
|
|||||||
package webhook
|
|
||||||
|
|
||||||
import "encoding/json"
|
|
||||||
|
|
||||||
// GiteaPushPayload represents a Gitea push webhook payload.
|
|
||||||
//
|
|
||||||
//nolint:tagliatelle // Field names match Gitea API (snake_case)
|
|
||||||
type GiteaPushPayload struct {
|
|
||||||
Ref string `json:"ref"`
|
|
||||||
Before string `json:"before"`
|
|
||||||
After string `json:"after"`
|
|
||||||
CompareURL UnparsedURL `json:"compare_url"`
|
|
||||||
Repository struct {
|
|
||||||
FullName string `json:"full_name"`
|
|
||||||
CloneURL UnparsedURL `json:"clone_url"`
|
|
||||||
SSHURL string `json:"ssh_url"`
|
|
||||||
HTMLURL UnparsedURL `json:"html_url"`
|
|
||||||
} `json:"repository"`
|
|
||||||
Pusher struct {
|
|
||||||
Username string `json:"username"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
} `json:"pusher"`
|
|
||||||
Commits []struct {
|
|
||||||
ID string `json:"id"`
|
|
||||||
URL UnparsedURL `json:"url"`
|
|
||||||
Message string `json:"message"`
|
|
||||||
Author struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
} `json:"author"`
|
|
||||||
} `json:"commits"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// GitHubPushPayload represents a GitHub push webhook payload.
|
|
||||||
//
|
|
||||||
//nolint:tagliatelle // Field names match GitHub API (snake_case)
|
|
||||||
type GitHubPushPayload struct {
|
|
||||||
Ref string `json:"ref"`
|
|
||||||
Before string `json:"before"`
|
|
||||||
After string `json:"after"`
|
|
||||||
CompareURL string `json:"compare"`
|
|
||||||
Repository struct {
|
|
||||||
FullName string `json:"full_name"`
|
|
||||||
CloneURL UnparsedURL `json:"clone_url"`
|
|
||||||
SSHURL string `json:"ssh_url"`
|
|
||||||
HTMLURL UnparsedURL `json:"html_url"`
|
|
||||||
} `json:"repository"`
|
|
||||||
Pusher struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
} `json:"pusher"`
|
|
||||||
HeadCommit *struct {
|
|
||||||
ID string `json:"id"`
|
|
||||||
URL UnparsedURL `json:"url"`
|
|
||||||
Message string `json:"message"`
|
|
||||||
} `json:"head_commit"`
|
|
||||||
Commits []struct {
|
|
||||||
ID string `json:"id"`
|
|
||||||
URL UnparsedURL `json:"url"`
|
|
||||||
Message string `json:"message"`
|
|
||||||
Author struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
} `json:"author"`
|
|
||||||
} `json:"commits"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// GitLabPushPayload represents a GitLab push webhook payload.
|
|
||||||
//
|
|
||||||
//nolint:tagliatelle // Field names match GitLab API (snake_case)
|
|
||||||
type GitLabPushPayload struct {
|
|
||||||
Ref string `json:"ref"`
|
|
||||||
Before string `json:"before"`
|
|
||||||
After string `json:"after"`
|
|
||||||
UserName string `json:"user_name"`
|
|
||||||
UserEmail string `json:"user_email"`
|
|
||||||
Project struct {
|
|
||||||
PathWithNamespace string `json:"path_with_namespace"`
|
|
||||||
GitHTTPURL UnparsedURL `json:"git_http_url"`
|
|
||||||
GitSSHURL string `json:"git_ssh_url"`
|
|
||||||
WebURL UnparsedURL `json:"web_url"`
|
|
||||||
} `json:"project"`
|
|
||||||
Commits []struct {
|
|
||||||
ID string `json:"id"`
|
|
||||||
URL UnparsedURL `json:"url"`
|
|
||||||
Message string `json:"message"`
|
|
||||||
Author struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Email string `json:"email"`
|
|
||||||
} `json:"author"`
|
|
||||||
} `json:"commits"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ParsePushPayload parses a raw webhook payload into a normalized PushEvent
|
|
||||||
// based on the detected webhook source. Returns an error if JSON unmarshaling
|
|
||||||
// fails. For SourceUnknown, falls back to Gitea format for backward
|
|
||||||
// compatibility.
|
|
||||||
func ParsePushPayload(source Source, payload []byte) (*PushEvent, error) {
|
|
||||||
switch source {
|
|
||||||
case SourceGitHub:
|
|
||||||
return parseGitHubPush(payload)
|
|
||||||
case SourceGitLab:
|
|
||||||
return parseGitLabPush(payload)
|
|
||||||
case SourceGitea, SourceUnknown:
|
|
||||||
// Gitea and unknown both use Gitea format for backward compatibility.
|
|
||||||
return parseGiteaPush(payload)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Unreachable for known source values, but satisfies exhaustive checker.
|
|
||||||
return parseGiteaPush(payload)
|
|
||||||
}
|
|
||||||
|
|
||||||
func parseGiteaPush(payload []byte) (*PushEvent, error) {
|
|
||||||
var p GiteaPushPayload
|
|
||||||
|
|
||||||
unmarshalErr := json.Unmarshal(payload, &p)
|
|
||||||
if unmarshalErr != nil {
|
|
||||||
return nil, unmarshalErr
|
|
||||||
}
|
|
||||||
|
|
||||||
commitURL := extractGiteaCommitURL(p)
|
|
||||||
|
|
||||||
return &PushEvent{
|
|
||||||
Source: SourceGitea,
|
|
||||||
Ref: p.Ref,
|
|
||||||
Before: p.Before,
|
|
||||||
After: p.After,
|
|
||||||
Branch: extractBranch(p.Ref),
|
|
||||||
RepoName: p.Repository.FullName,
|
|
||||||
CloneURL: p.Repository.CloneURL,
|
|
||||||
HTMLURL: p.Repository.HTMLURL,
|
|
||||||
CommitURL: commitURL,
|
|
||||||
Pusher: p.Pusher.Username,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func parseGitHubPush(payload []byte) (*PushEvent, error) {
|
|
||||||
var p GitHubPushPayload
|
|
||||||
|
|
||||||
unmarshalErr := json.Unmarshal(payload, &p)
|
|
||||||
if unmarshalErr != nil {
|
|
||||||
return nil, unmarshalErr
|
|
||||||
}
|
|
||||||
|
|
||||||
commitURL := extractGitHubCommitURL(p)
|
|
||||||
|
|
||||||
return &PushEvent{
|
|
||||||
Source: SourceGitHub,
|
|
||||||
Ref: p.Ref,
|
|
||||||
Before: p.Before,
|
|
||||||
After: p.After,
|
|
||||||
Branch: extractBranch(p.Ref),
|
|
||||||
RepoName: p.Repository.FullName,
|
|
||||||
CloneURL: p.Repository.CloneURL,
|
|
||||||
HTMLURL: p.Repository.HTMLURL,
|
|
||||||
CommitURL: commitURL,
|
|
||||||
Pusher: p.Pusher.Name,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func parseGitLabPush(payload []byte) (*PushEvent, error) {
|
|
||||||
var p GitLabPushPayload
|
|
||||||
|
|
||||||
unmarshalErr := json.Unmarshal(payload, &p)
|
|
||||||
if unmarshalErr != nil {
|
|
||||||
return nil, unmarshalErr
|
|
||||||
}
|
|
||||||
|
|
||||||
commitURL := extractGitLabCommitURL(p)
|
|
||||||
|
|
||||||
return &PushEvent{
|
|
||||||
Source: SourceGitLab,
|
|
||||||
Ref: p.Ref,
|
|
||||||
Before: p.Before,
|
|
||||||
After: p.After,
|
|
||||||
Branch: extractBranch(p.Ref),
|
|
||||||
RepoName: p.Project.PathWithNamespace,
|
|
||||||
CloneURL: p.Project.GitHTTPURL,
|
|
||||||
HTMLURL: p.Project.WebURL,
|
|
||||||
CommitURL: commitURL,
|
|
||||||
Pusher: p.UserName,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// extractBranch extracts the branch name from a git ref.
|
|
||||||
func extractBranch(ref string) string {
|
|
||||||
// refs/heads/main -> main
|
|
||||||
const prefix = "refs/heads/"
|
|
||||||
|
|
||||||
if len(ref) >= len(prefix) && ref[:len(prefix)] == prefix {
|
|
||||||
return ref[len(prefix):]
|
|
||||||
}
|
|
||||||
|
|
||||||
return ref
|
|
||||||
}
|
|
||||||
|
|
||||||
// extractGiteaCommitURL extracts the commit URL from a Gitea push payload.
|
|
||||||
// Prefers the URL from the head commit, falls back to constructing from repo URL.
|
|
||||||
func extractGiteaCommitURL(payload GiteaPushPayload) UnparsedURL {
|
|
||||||
for _, commit := range payload.Commits {
|
|
||||||
if commit.ID == payload.After && commit.URL != "" {
|
|
||||||
return commit.URL
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if payload.Repository.HTMLURL != "" && payload.After != "" {
|
|
||||||
return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
|
|
||||||
}
|
|
||||||
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
// extractGitHubCommitURL extracts the commit URL from a GitHub push payload.
|
|
||||||
// Prefers head_commit.url, then searches commits, then constructs from repo URL.
|
|
||||||
func extractGitHubCommitURL(payload GitHubPushPayload) UnparsedURL {
|
|
||||||
if payload.HeadCommit != nil && payload.HeadCommit.URL != "" {
|
|
||||||
return payload.HeadCommit.URL
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, commit := range payload.Commits {
|
|
||||||
if commit.ID == payload.After && commit.URL != "" {
|
|
||||||
return commit.URL
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if payload.Repository.HTMLURL != "" && payload.After != "" {
|
|
||||||
return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
|
|
||||||
}
|
|
||||||
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
// extractGitLabCommitURL extracts the commit URL from a GitLab push payload.
|
|
||||||
// Prefers commit URL from the commits list, falls back to constructing from
|
|
||||||
// project web URL.
|
|
||||||
func extractGitLabCommitURL(payload GitLabPushPayload) UnparsedURL {
|
|
||||||
for _, commit := range payload.Commits {
|
|
||||||
if commit.ID == payload.After && commit.URL != "" {
|
|
||||||
return commit.URL
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if payload.Project.WebURL != "" && payload.After != "" {
|
|
||||||
return UnparsedURL(payload.Project.WebURL.String() + "/-/commit/" + payload.After)
|
|
||||||
}
|
|
||||||
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
@@ -1,7 +1,5 @@
|
|||||||
package webhook
|
package webhook
|
||||||
|
|
||||||
import "net/http"
|
|
||||||
|
|
||||||
// UnparsedURL is a URL stored as a plain string without parsing.
|
// UnparsedURL is a URL stored as a plain string without parsing.
|
||||||
// Use this instead of string when the value is known to be a URL
|
// Use this instead of string when the value is known to be a URL
|
||||||
// but should not be parsed into a net/url.URL (e.g. webhook URLs,
|
// but should not be parsed into a net/url.URL (e.g. webhook URLs,
|
||||||
@@ -10,84 +8,3 @@ type UnparsedURL string
|
|||||||
|
|
||||||
// String implements the fmt.Stringer interface.
|
// String implements the fmt.Stringer interface.
|
||||||
func (u UnparsedURL) String() string { return string(u) }
|
func (u UnparsedURL) String() string { return string(u) }
|
||||||
|
|
||||||
// Source identifies which git hosting platform sent the webhook.
|
|
||||||
type Source string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// SourceGitea indicates the webhook was sent by a Gitea instance.
|
|
||||||
SourceGitea Source = "gitea"
|
|
||||||
|
|
||||||
// SourceGitHub indicates the webhook was sent by GitHub.
|
|
||||||
SourceGitHub Source = "github"
|
|
||||||
|
|
||||||
// SourceGitLab indicates the webhook was sent by a GitLab instance.
|
|
||||||
SourceGitLab Source = "gitlab"
|
|
||||||
|
|
||||||
// SourceUnknown indicates the webhook source could not be determined.
|
|
||||||
SourceUnknown Source = "unknown"
|
|
||||||
)
|
|
||||||
|
|
||||||
// String implements the fmt.Stringer interface.
|
|
||||||
func (s Source) String() string { return string(s) }
|
|
||||||
|
|
||||||
// DetectWebhookSource determines the webhook source from HTTP headers.
|
|
||||||
// It checks for platform-specific event headers in this order:
|
|
||||||
// Gitea (X-Gitea-Event), GitHub (X-GitHub-Event), GitLab (X-Gitlab-Event).
|
|
||||||
// Returns SourceUnknown if no recognized header is found.
|
|
||||||
func DetectWebhookSource(headers http.Header) Source {
|
|
||||||
if headers.Get("X-Gitea-Event") != "" {
|
|
||||||
return SourceGitea
|
|
||||||
}
|
|
||||||
|
|
||||||
if headers.Get("X-Github-Event") != "" {
|
|
||||||
return SourceGitHub
|
|
||||||
}
|
|
||||||
|
|
||||||
if headers.Get("X-Gitlab-Event") != "" {
|
|
||||||
return SourceGitLab
|
|
||||||
}
|
|
||||||
|
|
||||||
return SourceUnknown
|
|
||||||
}
|
|
||||||
|
|
||||||
// DetectEventType extracts the event type string from HTTP headers
|
|
||||||
// based on the detected webhook source. Returns "push" as a fallback
|
|
||||||
// when no event header is found.
|
|
||||||
func DetectEventType(headers http.Header, source Source) string {
|
|
||||||
switch source {
|
|
||||||
case SourceGitea:
|
|
||||||
if v := headers.Get("X-Gitea-Event"); v != "" {
|
|
||||||
return v
|
|
||||||
}
|
|
||||||
case SourceGitHub:
|
|
||||||
if v := headers.Get("X-Github-Event"); v != "" {
|
|
||||||
return v
|
|
||||||
}
|
|
||||||
case SourceGitLab:
|
|
||||||
if v := headers.Get("X-Gitlab-Event"); v != "" {
|
|
||||||
return v
|
|
||||||
}
|
|
||||||
case SourceUnknown:
|
|
||||||
// Fall through to default
|
|
||||||
}
|
|
||||||
|
|
||||||
return "push"
|
|
||||||
}
|
|
||||||
|
|
||||||
// PushEvent is a normalized representation of a push webhook payload
|
|
||||||
// from any supported source (Gitea, GitHub, GitLab). The webhook
|
|
||||||
// service converts source-specific payloads into this format before
|
|
||||||
// processing.
|
|
||||||
type PushEvent struct {
|
|
||||||
Source Source
|
|
||||||
Ref string
|
|
||||||
Before string
|
|
||||||
After string
|
|
||||||
Branch string
|
|
||||||
RepoName string
|
|
||||||
CloneURL UnparsedURL
|
|
||||||
HTMLURL UnparsedURL
|
|
||||||
CommitURL UnparsedURL
|
|
||||||
Pusher string
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ package webhook
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
|
|
||||||
@@ -43,46 +44,68 @@ func New(_ fx.Lifecycle, params ServiceParams) (*Service, error) {
|
|||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// HandleWebhook processes a webhook request from any supported source
|
// GiteaPushPayload represents a Gitea push webhook payload.
|
||||||
// (Gitea, GitHub, or GitLab). The source parameter determines which
|
//
|
||||||
// payload format to use for parsing.
|
//nolint:tagliatelle // Field names match Gitea API (snake_case)
|
||||||
|
type GiteaPushPayload struct {
|
||||||
|
Ref string `json:"ref"`
|
||||||
|
Before string `json:"before"`
|
||||||
|
After string `json:"after"`
|
||||||
|
CompareURL UnparsedURL `json:"compare_url"`
|
||||||
|
Repository struct {
|
||||||
|
FullName string `json:"full_name"`
|
||||||
|
CloneURL UnparsedURL `json:"clone_url"`
|
||||||
|
SSHURL string `json:"ssh_url"`
|
||||||
|
HTMLURL UnparsedURL `json:"html_url"`
|
||||||
|
} `json:"repository"`
|
||||||
|
Pusher struct {
|
||||||
|
Username string `json:"username"`
|
||||||
|
Email string `json:"email"`
|
||||||
|
} `json:"pusher"`
|
||||||
|
Commits []struct {
|
||||||
|
ID string `json:"id"`
|
||||||
|
URL UnparsedURL `json:"url"`
|
||||||
|
Message string `json:"message"`
|
||||||
|
Author struct {
|
||||||
|
Name string `json:"name"`
|
||||||
|
Email string `json:"email"`
|
||||||
|
} `json:"author"`
|
||||||
|
} `json:"commits"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// HandleWebhook processes a webhook request.
|
||||||
func (svc *Service) HandleWebhook(
|
func (svc *Service) HandleWebhook(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
app *models.App,
|
app *models.App,
|
||||||
source Source,
|
|
||||||
eventType string,
|
eventType string,
|
||||||
payload []byte,
|
payload []byte,
|
||||||
) error {
|
) error {
|
||||||
svc.log.Info("processing webhook",
|
svc.log.Info("processing webhook", "app", app.Name, "event", eventType)
|
||||||
"app", app.Name,
|
|
||||||
"source", source.String(),
|
|
||||||
"event", eventType,
|
|
||||||
)
|
|
||||||
|
|
||||||
// Parse payload into normalized push event
|
// Parse payload
|
||||||
pushEvent, parseErr := ParsePushPayload(source, payload)
|
var pushPayload GiteaPushPayload
|
||||||
if parseErr != nil {
|
|
||||||
svc.log.Warn("failed to parse webhook payload",
|
unmarshalErr := json.Unmarshal(payload, &pushPayload)
|
||||||
"error", parseErr,
|
if unmarshalErr != nil {
|
||||||
"source", source.String(),
|
svc.log.Warn("failed to parse webhook payload", "error", unmarshalErr)
|
||||||
)
|
// Continue anyway to log the event
|
||||||
// Continue with empty push event to still log the webhook
|
|
||||||
pushEvent = &PushEvent{Source: source}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Extract branch from ref
|
||||||
|
branch := extractBranch(pushPayload.Ref)
|
||||||
|
commitSHA := pushPayload.After
|
||||||
|
commitURL := extractCommitURL(pushPayload)
|
||||||
|
|
||||||
// Check if branch matches
|
// Check if branch matches
|
||||||
matched := pushEvent.Branch == app.Branch
|
matched := branch == app.Branch
|
||||||
|
|
||||||
// Create webhook event record
|
// Create webhook event record
|
||||||
event := models.NewWebhookEvent(svc.db)
|
event := models.NewWebhookEvent(svc.db)
|
||||||
event.AppID = app.ID
|
event.AppID = app.ID
|
||||||
event.EventType = eventType
|
event.EventType = eventType
|
||||||
event.Branch = pushEvent.Branch
|
event.Branch = branch
|
||||||
event.CommitSHA = sql.NullString{String: pushEvent.After, Valid: pushEvent.After != ""}
|
event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""}
|
||||||
event.CommitURL = sql.NullString{
|
event.CommitURL = sql.NullString{String: commitURL.String(), Valid: commitURL != ""}
|
||||||
String: pushEvent.CommitURL.String(),
|
|
||||||
Valid: pushEvent.CommitURL != "",
|
|
||||||
}
|
|
||||||
event.Payload = sql.NullString{String: string(payload), Valid: true}
|
event.Payload = sql.NullString{String: string(payload), Valid: true}
|
||||||
event.Matched = matched
|
event.Matched = matched
|
||||||
event.Processed = false
|
event.Processed = false
|
||||||
@@ -94,10 +117,9 @@ func (svc *Service) HandleWebhook(
|
|||||||
|
|
||||||
svc.log.Info("webhook event recorded",
|
svc.log.Info("webhook event recorded",
|
||||||
"app", app.Name,
|
"app", app.Name,
|
||||||
"source", source.String(),
|
"branch", branch,
|
||||||
"branch", pushEvent.Branch,
|
|
||||||
"matched", matched,
|
"matched", matched,
|
||||||
"commit", pushEvent.After,
|
"commit", commitSHA,
|
||||||
)
|
)
|
||||||
|
|
||||||
// If branch matches, trigger deployment
|
// If branch matches, trigger deployment
|
||||||
@@ -132,3 +154,33 @@ func (svc *Service) triggerDeployment(
|
|||||||
_ = event.Save(deployCtx)
|
_ = event.Save(deployCtx)
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// extractBranch extracts the branch name from a git ref.
|
||||||
|
func extractBranch(ref string) string {
|
||||||
|
// refs/heads/main -> main
|
||||||
|
const prefix = "refs/heads/"
|
||||||
|
|
||||||
|
if len(ref) >= len(prefix) && ref[:len(prefix)] == prefix {
|
||||||
|
return ref[len(prefix):]
|
||||||
|
}
|
||||||
|
|
||||||
|
return ref
|
||||||
|
}
|
||||||
|
|
||||||
|
// extractCommitURL extracts the commit URL from the webhook payload.
|
||||||
|
// Prefers the URL from the head commit, falls back to constructing from repo URL.
|
||||||
|
func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
|
||||||
|
// Try to find the URL from the head commit (matching After SHA)
|
||||||
|
for _, commit := range payload.Commits {
|
||||||
|
if commit.ID == payload.After && commit.URL != "" {
|
||||||
|
return commit.URL
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fall back to constructing URL from repo HTML URL
|
||||||
|
if payload.Repository.HTMLURL != "" && payload.After != "" {
|
||||||
|
return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
|
||||||
|
}
|
||||||
|
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ package webhook_test
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
@@ -103,114 +102,44 @@ func createTestApp(
|
|||||||
return app
|
return app
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestDetectWebhookSource tests auto-detection of webhook source from HTTP headers.
|
|
||||||
//
|
|
||||||
//nolint:funlen // table-driven test with comprehensive test cases
|
//nolint:funlen // table-driven test with comprehensive test cases
|
||||||
func TestDetectWebhookSource(testingT *testing.T) {
|
func TestExtractBranch(testingT *testing.T) {
|
||||||
testingT.Parallel()
|
testingT.Parallel()
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
headers map[string]string
|
ref string
|
||||||
expected webhook.Source
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
name: "detects Gitea from X-Gitea-Event header",
|
|
||||||
headers: map[string]string{"X-Gitea-Event": "push"},
|
|
||||||
expected: webhook.SourceGitea,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "detects GitHub from X-GitHub-Event header",
|
|
||||||
headers: map[string]string{"X-GitHub-Event": "push"},
|
|
||||||
expected: webhook.SourceGitHub,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "detects GitLab from X-Gitlab-Event header",
|
|
||||||
headers: map[string]string{"X-Gitlab-Event": "Push Hook"},
|
|
||||||
expected: webhook.SourceGitLab,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "returns unknown when no recognized header",
|
|
||||||
headers: map[string]string{"Content-Type": "application/json"},
|
|
||||||
expected: webhook.SourceUnknown,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "returns unknown for empty headers",
|
|
||||||
headers: map[string]string{},
|
|
||||||
expected: webhook.SourceUnknown,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "Gitea takes precedence over GitHub",
|
|
||||||
headers: map[string]string{
|
|
||||||
"X-Gitea-Event": "push",
|
|
||||||
"X-GitHub-Event": "push",
|
|
||||||
},
|
|
||||||
expected: webhook.SourceGitea,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "GitHub takes precedence over GitLab",
|
|
||||||
headers: map[string]string{
|
|
||||||
"X-GitHub-Event": "push",
|
|
||||||
"X-Gitlab-Event": "Push Hook",
|
|
||||||
},
|
|
||||||
expected: webhook.SourceGitHub,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, testCase := range tests {
|
|
||||||
testingT.Run(testCase.name, func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
headers := http.Header{}
|
|
||||||
for key, value := range testCase.headers {
|
|
||||||
headers.Set(key, value)
|
|
||||||
}
|
|
||||||
|
|
||||||
result := webhook.DetectWebhookSource(headers)
|
|
||||||
assert.Equal(t, testCase.expected, result)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestDetectEventType tests event type extraction from HTTP headers.
|
|
||||||
func TestDetectEventType(testingT *testing.T) {
|
|
||||||
testingT.Parallel()
|
|
||||||
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
headers map[string]string
|
|
||||||
source webhook.Source
|
|
||||||
expected string
|
expected string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "extracts Gitea event type",
|
name: "extracts main branch",
|
||||||
headers: map[string]string{"X-Gitea-Event": "push"},
|
ref: "refs/heads/main",
|
||||||
source: webhook.SourceGitea,
|
expected: "main",
|
||||||
expected: "push",
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "extracts GitHub event type",
|
name: "extracts feature branch",
|
||||||
headers: map[string]string{"X-GitHub-Event": "push"},
|
ref: "refs/heads/feature/new-feature",
|
||||||
source: webhook.SourceGitHub,
|
expected: "feature/new-feature",
|
||||||
expected: "push",
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "extracts GitLab event type",
|
name: "extracts develop branch",
|
||||||
headers: map[string]string{"X-Gitlab-Event": "Push Hook"},
|
ref: "refs/heads/develop",
|
||||||
source: webhook.SourceGitLab,
|
expected: "develop",
|
||||||
expected: "Push Hook",
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "returns push for unknown source",
|
name: "returns raw ref if no prefix",
|
||||||
headers: map[string]string{},
|
ref: "main",
|
||||||
source: webhook.SourceUnknown,
|
expected: "main",
|
||||||
expected: "push",
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "returns push when header missing for source",
|
name: "handles empty ref",
|
||||||
headers: map[string]string{},
|
ref: "",
|
||||||
source: webhook.SourceGitea,
|
expected: "",
|
||||||
expected: "push",
|
},
|
||||||
|
{
|
||||||
|
name: "handles partial prefix",
|
||||||
|
ref: "refs/heads/",
|
||||||
|
expected: "",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -218,318 +147,123 @@ func TestDetectEventType(testingT *testing.T) {
|
|||||||
testingT.Run(testCase.name, func(t *testing.T) {
|
testingT.Run(testCase.name, func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
headers := http.Header{}
|
// We test via HandleWebhook since extractBranch is not exported.
|
||||||
for key, value := range testCase.headers {
|
// The test verifies behavior indirectly through the webhook event's branch.
|
||||||
headers.Set(key, value)
|
svc, dbInst, cleanup := setupTestService(t)
|
||||||
}
|
defer cleanup()
|
||||||
|
|
||||||
result := webhook.DetectEventType(headers, testCase.source)
|
app := createTestApp(t, dbInst, testCase.expected)
|
||||||
assert.Equal(t, testCase.expected, result)
|
|
||||||
|
payload := []byte(`{"ref": "` + testCase.ref + `"}`)
|
||||||
|
|
||||||
|
err := svc.HandleWebhook(context.Background(), app, "push", payload)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
// Allow async deployment goroutine to complete before test cleanup
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
|
||||||
|
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Len(t, events, 1)
|
||||||
|
|
||||||
|
assert.Equal(t, testCase.expected, events[0].Branch)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestWebhookSourceString tests the String method on WebhookSource.
|
func TestHandleWebhookMatchingBranch(t *testing.T) {
|
||||||
func TestWebhookSourceString(t *testing.T) {
|
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
assert.Equal(t, "gitea", webhook.SourceGitea.String())
|
svc, dbInst, cleanup := setupTestService(t)
|
||||||
assert.Equal(t, "github", webhook.SourceGitHub.String())
|
defer cleanup()
|
||||||
assert.Equal(t, "gitlab", webhook.SourceGitLab.String())
|
|
||||||
assert.Equal(t, "unknown", webhook.SourceUnknown.String())
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestUnparsedURLString tests the String method on UnparsedURL.
|
app := createTestApp(t, dbInst, "main")
|
||||||
func TestUnparsedURLString(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
u := webhook.UnparsedURL("https://example.com/test")
|
|
||||||
assert.Equal(t, "https://example.com/test", u.String())
|
|
||||||
|
|
||||||
empty := webhook.UnparsedURL("")
|
|
||||||
assert.Empty(t, empty.String())
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestParsePushPayloadGitea tests parsing of Gitea push payloads.
|
|
||||||
func TestParsePushPayloadGitea(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
payload := []byte(`{
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"before": "0000000000000000000000000000000000000000",
|
"before": "0000000000000000000000000000000000000000",
|
||||||
"after": "abc123def456789",
|
"after": "abc123def456",
|
||||||
"compare_url": "https://gitea.example.com/myorg/myrepo/compare/000...abc",
|
|
||||||
"repository": {
|
"repository": {
|
||||||
"full_name": "myorg/myrepo",
|
"full_name": "user/repo",
|
||||||
"clone_url": "https://gitea.example.com/myorg/myrepo.git",
|
"clone_url": "https://gitea.example.com/user/repo.git",
|
||||||
"ssh_url": "git@gitea.example.com:myorg/myrepo.git",
|
"ssh_url": "git@gitea.example.com:user/repo.git"
|
||||||
"html_url": "https://gitea.example.com/myorg/myrepo"
|
|
||||||
},
|
},
|
||||||
"pusher": {"username": "developer", "email": "dev@example.com"},
|
"pusher": {"username": "testuser", "email": "test@example.com"},
|
||||||
"commits": [
|
"commits": [{"id": "abc123def456", "message": "Test commit",
|
||||||
{
|
"author": {"name": "Test User", "email": "test@example.com"}}]
|
||||||
"id": "abc123def456789",
|
|
||||||
"url": "https://gitea.example.com/myorg/myrepo/commit/abc123def456789",
|
|
||||||
"message": "Fix bug",
|
|
||||||
"author": {"name": "Developer", "email": "dev@example.com"}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}`)
|
}`)
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitea, payload)
|
err := svc.HandleWebhook(context.Background(), app, "push", payload)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, webhook.SourceGitea, event.Source)
|
// Allow async deployment goroutine to complete before test cleanup
|
||||||
assert.Equal(t, "refs/heads/main", event.Ref)
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
|
||||||
|
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Len(t, events, 1)
|
||||||
|
|
||||||
|
event := events[0]
|
||||||
|
assert.Equal(t, "push", event.EventType)
|
||||||
assert.Equal(t, "main", event.Branch)
|
assert.Equal(t, "main", event.Branch)
|
||||||
assert.Equal(t, "abc123def456789", event.After)
|
assert.True(t, event.Matched)
|
||||||
assert.Equal(t, "myorg/myrepo", event.RepoName)
|
assert.Equal(t, "abc123def456", event.CommitSHA.String)
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo.git"), event.CloneURL)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo"), event.HTMLURL)
|
|
||||||
assert.Equal(t,
|
|
||||||
webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo/commit/abc123def456789"),
|
|
||||||
event.CommitURL,
|
|
||||||
)
|
|
||||||
assert.Equal(t, "developer", event.Pusher)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestParsePushPayloadGitHub tests parsing of GitHub push payloads.
|
func TestHandleWebhookNonMatchingBranch(t *testing.T) {
|
||||||
func TestParsePushPayloadGitHub(t *testing.T) {
|
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
payload := []byte(`{
|
svc, dbInst, cleanup := setupTestService(t)
|
||||||
"ref": "refs/heads/main",
|
defer cleanup()
|
||||||
"before": "0000000000000000000000000000000000000000",
|
|
||||||
"after": "abc123def456789",
|
|
||||||
"compare": "https://github.com/myorg/myrepo/compare/000...abc",
|
|
||||||
"repository": {
|
|
||||||
"full_name": "myorg/myrepo",
|
|
||||||
"clone_url": "https://github.com/myorg/myrepo.git",
|
|
||||||
"ssh_url": "git@github.com:myorg/myrepo.git",
|
|
||||||
"html_url": "https://github.com/myorg/myrepo"
|
|
||||||
},
|
|
||||||
"pusher": {"name": "developer", "email": "dev@example.com"},
|
|
||||||
"head_commit": {
|
|
||||||
"id": "abc123def456789",
|
|
||||||
"url": "https://github.com/myorg/myrepo/commit/abc123def456789",
|
|
||||||
"message": "Fix bug"
|
|
||||||
},
|
|
||||||
"commits": [
|
|
||||||
{
|
|
||||||
"id": "abc123def456789",
|
|
||||||
"url": "https://github.com/myorg/myrepo/commit/abc123def456789",
|
|
||||||
"message": "Fix bug",
|
|
||||||
"author": {"name": "Developer", "email": "dev@example.com"}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
app := createTestApp(t, dbInst, "main")
|
||||||
|
|
||||||
|
payload := []byte(`{"ref": "refs/heads/develop", "after": "def789ghi012"}`)
|
||||||
|
|
||||||
|
err := svc.HandleWebhook(context.Background(), app, "push", payload)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, webhook.SourceGitHub, event.Source)
|
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||||
assert.Equal(t, "refs/heads/main", event.Ref)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, "main", event.Branch)
|
require.Len(t, events, 1)
|
||||||
assert.Equal(t, "abc123def456789", event.After)
|
|
||||||
assert.Equal(t, "myorg/myrepo", event.RepoName)
|
assert.Equal(t, "develop", events[0].Branch)
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/myorg/myrepo.git"), event.CloneURL)
|
assert.False(t, events[0].Matched)
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/myorg/myrepo"), event.HTMLURL)
|
|
||||||
assert.Equal(t,
|
|
||||||
webhook.UnparsedURL("https://github.com/myorg/myrepo/commit/abc123def456789"),
|
|
||||||
event.CommitURL,
|
|
||||||
)
|
|
||||||
assert.Equal(t, "developer", event.Pusher)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestParsePushPayloadGitLab tests parsing of GitLab push payloads.
|
func TestHandleWebhookInvalidJSON(t *testing.T) {
|
||||||
func TestParsePushPayloadGitLab(t *testing.T) {
|
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
payload := []byte(`{
|
svc, dbInst, cleanup := setupTestService(t)
|
||||||
"ref": "refs/heads/develop",
|
defer cleanup()
|
||||||
"before": "0000000000000000000000000000000000000000",
|
|
||||||
"after": "abc123def456789",
|
|
||||||
"user_name": "developer",
|
|
||||||
"user_email": "dev@example.com",
|
|
||||||
"project": {
|
|
||||||
"path_with_namespace": "mygroup/myproject",
|
|
||||||
"git_http_url": "https://gitlab.com/mygroup/myproject.git",
|
|
||||||
"git_ssh_url": "git@gitlab.com:mygroup/myproject.git",
|
|
||||||
"web_url": "https://gitlab.com/mygroup/myproject"
|
|
||||||
},
|
|
||||||
"commits": [
|
|
||||||
{
|
|
||||||
"id": "abc123def456789",
|
|
||||||
"url": "https://gitlab.com/mygroup/myproject/-/commit/abc123def456789",
|
|
||||||
"message": "Fix bug",
|
|
||||||
"author": {"name": "Developer", "email": "dev@example.com"}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload)
|
app := createTestApp(t, dbInst, "main")
|
||||||
|
|
||||||
|
err := svc.HandleWebhook(context.Background(), app, "push", []byte(`{invalid json}`))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, webhook.SourceGitLab, event.Source)
|
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||||
assert.Equal(t, "refs/heads/develop", event.Ref)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, "develop", event.Branch)
|
require.Len(t, events, 1)
|
||||||
assert.Equal(t, "abc123def456789", event.After)
|
|
||||||
assert.Equal(t, "mygroup/myproject", event.RepoName)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/mygroup/myproject.git"), event.CloneURL)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/mygroup/myproject"), event.HTMLURL)
|
|
||||||
assert.Equal(t,
|
|
||||||
webhook.UnparsedURL("https://gitlab.com/mygroup/myproject/-/commit/abc123def456789"),
|
|
||||||
event.CommitURL,
|
|
||||||
)
|
|
||||||
assert.Equal(t, "developer", event.Pusher)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestParsePushPayloadUnknownFallsBackToGitea tests that unknown source uses Gitea parser.
|
func TestHandleWebhookEmptyPayload(t *testing.T) {
|
||||||
func TestParsePushPayloadUnknownFallsBackToGitea(t *testing.T) {
|
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
payload := []byte(`{
|
svc, dbInst, cleanup := setupTestService(t)
|
||||||
"ref": "refs/heads/main",
|
defer cleanup()
|
||||||
"after": "abc123",
|
|
||||||
"repository": {"full_name": "user/repo"},
|
|
||||||
"pusher": {"username": "user"}
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceUnknown, payload)
|
app := createTestApp(t, dbInst, "main")
|
||||||
|
|
||||||
|
err := svc.HandleWebhook(context.Background(), app, "push", []byte(`{}`))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, webhook.SourceGitea, event.Source)
|
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||||
assert.Equal(t, "main", event.Branch)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, "abc123", event.After)
|
require.Len(t, events, 1)
|
||||||
|
assert.False(t, events[0].Matched)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestParsePushPayloadInvalidJSON tests that invalid JSON returns an error.
|
|
||||||
func TestParsePushPayloadInvalidJSON(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
sources := []webhook.Source{
|
|
||||||
webhook.SourceGitea,
|
|
||||||
webhook.SourceGitHub,
|
|
||||||
webhook.SourceGitLab,
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, source := range sources {
|
|
||||||
t.Run(source.String(), func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
_, err := webhook.ParsePushPayload(source, []byte(`{invalid json}`))
|
|
||||||
require.Error(t, err)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestParsePushPayloadEmptyPayload tests parsing of empty JSON objects.
|
|
||||||
func TestParsePushPayloadEmptyPayload(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
sources := []webhook.Source{
|
|
||||||
webhook.SourceGitea,
|
|
||||||
webhook.SourceGitHub,
|
|
||||||
webhook.SourceGitLab,
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, source := range sources {
|
|
||||||
t.Run(source.String(), func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(source, []byte(`{}`))
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
assert.Empty(t, event.Branch)
|
|
||||||
assert.Empty(t, event.After)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestGitHubCommitURLFallback tests commit URL extraction fallback paths for GitHub.
|
|
||||||
func TestGitHubCommitURLFallback(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
t.Run("uses head_commit URL when available", func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "abc123",
|
|
||||||
"head_commit": {"id": "abc123", "url": "https://github.com/u/r/commit/abc123"},
|
|
||||||
"repository": {"html_url": "https://github.com/u/r"}
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL)
|
|
||||||
})
|
|
||||||
|
|
||||||
t.Run("falls back to commits list", func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "abc123",
|
|
||||||
"commits": [{"id": "abc123", "url": "https://github.com/u/r/commit/abc123"}],
|
|
||||||
"repository": {"html_url": "https://github.com/u/r"}
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL)
|
|
||||||
})
|
|
||||||
|
|
||||||
t.Run("constructs URL from repo HTML URL", func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "abc123",
|
|
||||||
"repository": {"html_url": "https://github.com/u/r"}
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestGitLabCommitURLFallback tests commit URL extraction fallback paths for GitLab.
|
|
||||||
func TestGitLabCommitURLFallback(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
t.Run("uses commit URL from list", func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "abc123",
|
|
||||||
"project": {"web_url": "https://gitlab.com/g/p"},
|
|
||||||
"commits": [{"id": "abc123", "url": "https://gitlab.com/g/p/-/commit/abc123"}]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/g/p/-/commit/abc123"), event.CommitURL)
|
|
||||||
})
|
|
||||||
|
|
||||||
t.Run("constructs URL from project web URL", func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "abc123",
|
|
||||||
"project": {"web_url": "https://gitlab.com/g/p"}
|
|
||||||
}`)
|
|
||||||
|
|
||||||
event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload)
|
|
||||||
require.NoError(t, err)
|
|
||||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/g/p/-/commit/abc123"), event.CommitURL)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestGiteaPushPayloadParsing tests direct deserialization of the Gitea payload struct.
|
|
||||||
func TestGiteaPushPayloadParsing(testingT *testing.T) {
|
func TestGiteaPushPayloadParsing(testingT *testing.T) {
|
||||||
testingT.Parallel()
|
testingT.Parallel()
|
||||||
|
|
||||||
@@ -588,354 +322,6 @@ func TestGiteaPushPayloadParsing(testingT *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestGitHubPushPayloadParsing tests direct deserialization of the GitHub payload struct.
|
|
||||||
func TestGitHubPushPayloadParsing(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"before": "0000000000",
|
|
||||||
"after": "abc123",
|
|
||||||
"compare": "https://github.com/o/r/compare/000...abc",
|
|
||||||
"repository": {
|
|
||||||
"full_name": "o/r",
|
|
||||||
"clone_url": "https://github.com/o/r.git",
|
|
||||||
"ssh_url": "git@github.com:o/r.git",
|
|
||||||
"html_url": "https://github.com/o/r"
|
|
||||||
},
|
|
||||||
"pusher": {"name": "octocat", "email": "octocat@github.com"},
|
|
||||||
"head_commit": {
|
|
||||||
"id": "abc123",
|
|
||||||
"url": "https://github.com/o/r/commit/abc123",
|
|
||||||
"message": "Update README"
|
|
||||||
},
|
|
||||||
"commits": [
|
|
||||||
{
|
|
||||||
"id": "abc123",
|
|
||||||
"url": "https://github.com/o/r/commit/abc123",
|
|
||||||
"message": "Update README",
|
|
||||||
"author": {"name": "Octocat", "email": "octocat@github.com"}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
var p webhook.GitHubPushPayload
|
|
||||||
|
|
||||||
err := json.Unmarshal(payload, &p)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
assert.Equal(t, "refs/heads/main", p.Ref)
|
|
||||||
assert.Equal(t, "abc123", p.After)
|
|
||||||
assert.Equal(t, "o/r", p.Repository.FullName)
|
|
||||||
assert.Equal(t, "octocat", p.Pusher.Name)
|
|
||||||
assert.NotNil(t, p.HeadCommit)
|
|
||||||
assert.Equal(t, "abc123", p.HeadCommit.ID)
|
|
||||||
assert.Len(t, p.Commits, 1)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestGitLabPushPayloadParsing tests direct deserialization of the GitLab payload struct.
|
|
||||||
func TestGitLabPushPayloadParsing(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"before": "0000000000",
|
|
||||||
"after": "abc123",
|
|
||||||
"user_name": "gitlab-user",
|
|
||||||
"user_email": "user@gitlab.com",
|
|
||||||
"project": {
|
|
||||||
"path_with_namespace": "group/project",
|
|
||||||
"git_http_url": "https://gitlab.com/group/project.git",
|
|
||||||
"git_ssh_url": "git@gitlab.com:group/project.git",
|
|
||||||
"web_url": "https://gitlab.com/group/project"
|
|
||||||
},
|
|
||||||
"commits": [
|
|
||||||
{
|
|
||||||
"id": "abc123",
|
|
||||||
"url": "https://gitlab.com/group/project/-/commit/abc123",
|
|
||||||
"message": "Fix pipeline",
|
|
||||||
"author": {"name": "GitLab User", "email": "user@gitlab.com"}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
var p webhook.GitLabPushPayload
|
|
||||||
|
|
||||||
err := json.Unmarshal(payload, &p)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
assert.Equal(t, "refs/heads/main", p.Ref)
|
|
||||||
assert.Equal(t, "abc123", p.After)
|
|
||||||
assert.Equal(t, "group/project", p.Project.PathWithNamespace)
|
|
||||||
assert.Equal(t, "gitlab-user", p.UserName)
|
|
||||||
assert.Len(t, p.Commits, 1)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestExtractBranch tests branch extraction via HandleWebhook integration (extractBranch is unexported).
|
|
||||||
//
|
|
||||||
//nolint:funlen // table-driven test with comprehensive test cases
|
|
||||||
func TestExtractBranch(testingT *testing.T) {
|
|
||||||
testingT.Parallel()
|
|
||||||
|
|
||||||
tests := []struct {
|
|
||||||
name string
|
|
||||||
ref string
|
|
||||||
expected string
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
name: "extracts main branch",
|
|
||||||
ref: "refs/heads/main",
|
|
||||||
expected: "main",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "extracts feature branch",
|
|
||||||
ref: "refs/heads/feature/new-feature",
|
|
||||||
expected: "feature/new-feature",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "extracts develop branch",
|
|
||||||
ref: "refs/heads/develop",
|
|
||||||
expected: "develop",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "returns raw ref if no prefix",
|
|
||||||
ref: "main",
|
|
||||||
expected: "main",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "handles empty ref",
|
|
||||||
ref: "",
|
|
||||||
expected: "",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: "handles partial prefix",
|
|
||||||
ref: "refs/heads/",
|
|
||||||
expected: "",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, testCase := range tests {
|
|
||||||
testingT.Run(testCase.name, func(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
// We test via HandleWebhook since extractBranch is not exported.
|
|
||||||
// The test verifies behavior indirectly through the webhook event's branch.
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, testCase.expected)
|
|
||||||
|
|
||||||
payload := []byte(`{"ref": "` + testCase.ref + `"}`)
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitea, "push", payload,
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// Allow async deployment goroutine to complete before test cleanup
|
|
||||||
time.Sleep(100 * time.Millisecond)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
|
|
||||||
assert.Equal(t, testCase.expected, events[0].Branch)
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestHandleWebhookMatchingBranch(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, "main")
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"before": "0000000000000000000000000000000000000000",
|
|
||||||
"after": "abc123def456",
|
|
||||||
"repository": {
|
|
||||||
"full_name": "user/repo",
|
|
||||||
"clone_url": "https://gitea.example.com/user/repo.git",
|
|
||||||
"ssh_url": "git@gitea.example.com:user/repo.git"
|
|
||||||
},
|
|
||||||
"pusher": {"username": "testuser", "email": "test@example.com"},
|
|
||||||
"commits": [{"id": "abc123def456", "message": "Test commit",
|
|
||||||
"author": {"name": "Test User", "email": "test@example.com"}}]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitea, "push", payload,
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// Allow async deployment goroutine to complete before test cleanup
|
|
||||||
time.Sleep(100 * time.Millisecond)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
|
|
||||||
event := events[0]
|
|
||||||
assert.Equal(t, "push", event.EventType)
|
|
||||||
assert.Equal(t, "main", event.Branch)
|
|
||||||
assert.True(t, event.Matched)
|
|
||||||
assert.Equal(t, "abc123def456", event.CommitSHA.String)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestHandleWebhookNonMatchingBranch(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, "main")
|
|
||||||
|
|
||||||
payload := []byte(`{"ref": "refs/heads/develop", "after": "def789ghi012"}`)
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitea, "push", payload,
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
|
|
||||||
assert.Equal(t, "develop", events[0].Branch)
|
|
||||||
assert.False(t, events[0].Matched)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestHandleWebhookInvalidJSON(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, "main")
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitea, "push", []byte(`{invalid json}`),
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestHandleWebhookEmptyPayload(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, "main")
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitea, "push", []byte(`{}`),
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
assert.False(t, events[0].Matched)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestHandleWebhookGitHubSource tests HandleWebhook with a GitHub push payload.
|
|
||||||
func TestHandleWebhookGitHubSource(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, "main")
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "github123",
|
|
||||||
"repository": {
|
|
||||||
"full_name": "org/repo",
|
|
||||||
"clone_url": "https://github.com/org/repo.git",
|
|
||||||
"html_url": "https://github.com/org/repo"
|
|
||||||
},
|
|
||||||
"pusher": {"name": "octocat", "email": "octocat@github.com"},
|
|
||||||
"head_commit": {
|
|
||||||
"id": "github123",
|
|
||||||
"url": "https://github.com/org/repo/commit/github123",
|
|
||||||
"message": "Update feature"
|
|
||||||
}
|
|
||||||
}`)
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitHub, "push", payload,
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// Allow async deployment goroutine to complete before test cleanup
|
|
||||||
time.Sleep(100 * time.Millisecond)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
|
|
||||||
event := events[0]
|
|
||||||
assert.Equal(t, "main", event.Branch)
|
|
||||||
assert.True(t, event.Matched)
|
|
||||||
assert.Equal(t, "github123", event.CommitSHA.String)
|
|
||||||
assert.Equal(t, "https://github.com/org/repo/commit/github123", event.CommitURL.String)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestHandleWebhookGitLabSource tests HandleWebhook with a GitLab push payload.
|
|
||||||
func TestHandleWebhookGitLabSource(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
svc, dbInst, cleanup := setupTestService(t)
|
|
||||||
defer cleanup()
|
|
||||||
|
|
||||||
app := createTestApp(t, dbInst, "main")
|
|
||||||
|
|
||||||
payload := []byte(`{
|
|
||||||
"ref": "refs/heads/main",
|
|
||||||
"after": "gitlab456",
|
|
||||||
"user_name": "gitlab-dev",
|
|
||||||
"user_email": "dev@gitlab.com",
|
|
||||||
"project": {
|
|
||||||
"path_with_namespace": "group/project",
|
|
||||||
"git_http_url": "https://gitlab.com/group/project.git",
|
|
||||||
"web_url": "https://gitlab.com/group/project"
|
|
||||||
},
|
|
||||||
"commits": [
|
|
||||||
{
|
|
||||||
"id": "gitlab456",
|
|
||||||
"url": "https://gitlab.com/group/project/-/commit/gitlab456",
|
|
||||||
"message": "Deploy fix"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}`)
|
|
||||||
|
|
||||||
err := svc.HandleWebhook(
|
|
||||||
context.Background(), app, webhook.SourceGitLab, "push", payload,
|
|
||||||
)
|
|
||||||
require.NoError(t, err)
|
|
||||||
|
|
||||||
// Allow async deployment goroutine to complete before test cleanup
|
|
||||||
time.Sleep(100 * time.Millisecond)
|
|
||||||
|
|
||||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
|
||||||
require.NoError(t, err)
|
|
||||||
require.Len(t, events, 1)
|
|
||||||
|
|
||||||
event := events[0]
|
|
||||||
assert.Equal(t, "main", event.Branch)
|
|
||||||
assert.True(t, event.Matched)
|
|
||||||
assert.Equal(t, "gitlab456", event.CommitSHA.String)
|
|
||||||
assert.Equal(t, "https://gitlab.com/group/project/-/commit/gitlab456", event.CommitURL.String)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TestSetupTestService verifies the test helper creates a working test service.
|
// TestSetupTestService verifies the test helper creates a working test service.
|
||||||
func TestSetupTestService(testingT *testing.T) {
|
func TestSetupTestService(testingT *testing.T) {
|
||||||
testingT.Parallel()
|
testingT.Parallel()
|
||||||
@@ -955,25 +341,3 @@ func TestSetupTestService(testingT *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestPushEventConstruction tests that PushEvent can be constructed directly.
|
|
||||||
func TestPushEventConstruction(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
event := webhook.PushEvent{
|
|
||||||
Source: webhook.SourceGitHub,
|
|
||||||
Ref: "refs/heads/main",
|
|
||||||
Before: "000",
|
|
||||||
After: "abc",
|
|
||||||
Branch: "main",
|
|
||||||
RepoName: "org/repo",
|
|
||||||
CloneURL: webhook.UnparsedURL("https://github.com/org/repo.git"),
|
|
||||||
HTMLURL: webhook.UnparsedURL("https://github.com/org/repo"),
|
|
||||||
CommitURL: webhook.UnparsedURL("https://github.com/org/repo/commit/abc"),
|
|
||||||
Pusher: "user",
|
|
||||||
}
|
|
||||||
|
|
||||||
assert.Equal(t, "main", event.Branch)
|
|
||||||
assert.Equal(t, webhook.SourceGitHub, event.Source)
|
|
||||||
assert.Equal(t, "abc", event.After)
|
|
||||||
}
|
|
||||||
|
|||||||
121
script/bootstrap
121
script/bootstrap
@@ -1,121 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/bootstrap: install all dependencies needed to build and develop
|
|
||||||
# this repo. Idempotent: every install is guarded by a check so already
|
|
||||||
# installed tools are skipped. Base tooling comes from nix, apt, brew,
|
|
||||||
# or apk (detected in that order); assumes NOTHING is present (not git,
|
|
||||||
# make, or go). golangci-lint is packaged in nix, brew, and apk; on apt
|
|
||||||
# it is installed from a hash-verified GitHub release archive (never
|
|
||||||
# curl | sh).
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
# Pinned versions, 2026-07-07. Never "latest"; exact versions only.
|
|
||||||
GOLANGCI_LINT_VERSION="2.10.1"
|
|
||||||
# sha256 of golangci-lint-2.10.1-linux-<arch>.tar.gz release archives
|
|
||||||
GOLANGCI_LINT_SHA256_AMD64="dfa775874cf0561b404a02a8f4481fc69b28091da95aa697259820d429b09c99"
|
|
||||||
GOLANGCI_LINT_SHA256_ARM64="6652b42ae02915eb2f9cb2a2e0cac99514c8eded8388d88ae3e06e1a52c00de8"
|
|
||||||
|
|
||||||
PKGMGR=""
|
|
||||||
SUDO=""
|
|
||||||
|
|
||||||
detect_pkgmgr() {
|
|
||||||
[ -n "$PKGMGR" ] && return 0
|
|
||||||
if command -v nix-env >/dev/null 2>&1; then
|
|
||||||
PKGMGR="nix"
|
|
||||||
elif command -v apt-get >/dev/null 2>&1; then
|
|
||||||
PKGMGR="apt"
|
|
||||||
elif command -v brew >/dev/null 2>&1; then
|
|
||||||
PKGMGR="brew"
|
|
||||||
elif command -v apk >/dev/null 2>&1; then
|
|
||||||
PKGMGR="apk"
|
|
||||||
else
|
|
||||||
echo "bootstrap: no supported package manager (nix, apt, brew, apk)" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ "$PKGMGR" = "apt" ]; then
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
|
||||||
if [ "$(id -u)" != "0" ]; then
|
|
||||||
SUDO="sudo"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# pkg_install <nix-attr> <apt-pkg> <brew-formula> <apk-pkg>
|
|
||||||
pkg_install() {
|
|
||||||
detect_pkgmgr
|
|
||||||
case "$PKGMGR" in
|
|
||||||
nix) nix-env -iA "nixpkgs.$1" ;;
|
|
||||||
apt) $SUDO env DEBIAN_FRONTEND=noninteractive apt-get install -y "$2" ;;
|
|
||||||
brew) brew install "$3" ;;
|
|
||||||
apk) apk add --no-cache "$4" ;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
missing() {
|
|
||||||
! command -v "$1" >/dev/null 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
# verify_sha256 <file> <expected-hash>
|
|
||||||
verify_sha256() {
|
|
||||||
if command -v sha256sum >/dev/null 2>&1; then
|
|
||||||
actual="$(sha256sum "$1" | cut -d' ' -f1)"
|
|
||||||
else
|
|
||||||
actual="$(shasum -a 256 "$1" | cut -d' ' -f1)"
|
|
||||||
fi
|
|
||||||
if [ "$actual" != "$2" ]; then
|
|
||||||
echo "bootstrap: sha256 mismatch for $1" >&2
|
|
||||||
echo " expected: $2" >&2
|
|
||||||
echo " actual: $actual" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# apt has no golangci-lint package: install a pinned release archive
|
|
||||||
# from GitHub, verified by hardcoded sha256 (never curl | sh).
|
|
||||||
install_golangci_lint_release() {
|
|
||||||
case "$(uname -m)" in
|
|
||||||
x86_64) goarch="amd64"; sha="$GOLANGCI_LINT_SHA256_AMD64" ;;
|
|
||||||
aarch64|arm64) goarch="arm64"; sha="$GOLANGCI_LINT_SHA256_ARM64" ;;
|
|
||||||
*)
|
|
||||||
echo "bootstrap: unsupported architecture $(uname -m)" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
if missing curl; then pkg_install curl curl curl curl; fi
|
|
||||||
name="golangci-lint-${GOLANGCI_LINT_VERSION}-linux-${goarch}"
|
|
||||||
tmp="$(mktemp -d)"
|
|
||||||
curl -fsSL -o "$tmp/$name.tar.gz" \
|
|
||||||
"https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/${name}.tar.gz"
|
|
||||||
verify_sha256 "$tmp/$name.tar.gz" "$sha"
|
|
||||||
tar -xzf "$tmp/$name.tar.gz" -C "$tmp"
|
|
||||||
$SUDO install -m 0755 "$tmp/$name/golangci-lint" /usr/local/bin/golangci-lint
|
|
||||||
rm -rf "$tmp"
|
|
||||||
}
|
|
||||||
|
|
||||||
ensure_golangci_lint() {
|
|
||||||
if ! missing golangci-lint; then return 0; fi
|
|
||||||
detect_pkgmgr
|
|
||||||
case "$PKGMGR" in
|
|
||||||
apt) install_golangci_lint_release ;;
|
|
||||||
*) pkg_install golangci-lint golangci-lint golangci-lint golangci-lint ;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
|
|
||||||
# Base tooling
|
|
||||||
if missing git; then pkg_install git git git git; fi
|
|
||||||
if missing make; then pkg_install gnumake make make make; fi
|
|
||||||
|
|
||||||
# Go toolchain and linter
|
|
||||||
if missing go; then pkg_install go golang go go; fi
|
|
||||||
ensure_golangci_lint
|
|
||||||
|
|
||||||
go mod download
|
|
||||||
|
|
||||||
echo "bootstrap complete"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
15
script/check
15
script/check
@@ -1,15 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/check: run all checks (test, lint, fmt-check). Our own
|
|
||||||
# extension to scripts-to-rule-them-all. Must not modify any files.
|
|
||||||
# Generic: usually needs no adaptation.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
"$SCRIPT_DIR/test"
|
|
||||||
"$SCRIPT_DIR/lint"
|
|
||||||
"$SCRIPT_DIR/fmt-check"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/cibuild: run the CI build. The Dockerfile runs the checks
|
|
||||||
# (make fmt-check, lint, test), so a successful build implies a green
|
|
||||||
# repo. Generic: needs no adaptation. The Gitea workflow runs this on
|
|
||||||
# push.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
docker build .
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/docker: build the Docker image tagged with the project name.
|
|
||||||
# Identical in all repos; the tag comes from script/projectname.
|
|
||||||
# Generic: needs no adaptation.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
|
||||||
ROOT="$(cd "$SCRIPT_DIR/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
docker build -t "$("$SCRIPT_DIR/projectname")" .
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
14
script/fmt
14
script/fmt
@@ -1,14 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/fmt: format all files (writes).
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
gofmt -s -w .
|
|
||||||
goimports -w .
|
|
||||||
npx prettier --write --tab-width 4 static/js/*.js
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/fmt-check: check formatting (read-only). Same scope as
|
|
||||||
# script/fmt, but fails instead of writing.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
if [ -n "$(gofmt -l .)" ]; then
|
|
||||||
echo "Files not formatted:"
|
|
||||||
gofmt -l .
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/install-precommit: install the git pre-commit hook that runs
|
|
||||||
# script/precommit. Our own extension to scripts-to-rule-them-all.
|
|
||||||
# Generic: needs no adaptation.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
printf '#!/bin/sh\nset -e\nscript/precommit\n' > .git/hooks/pre-commit
|
|
||||||
chmod +x .git/hooks/pre-commit
|
|
||||||
echo "pre-commit hook installed: runs script/precommit"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
12
script/lint
12
script/lint
@@ -1,12 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/lint: run the linter.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
golangci-lint run --config .golangci.yml ./...
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/precommit: run by the git pre-commit hook; fails the commit if
|
|
||||||
# checks fail. Our own extension to scripts-to-rule-them-all. Go repo
|
|
||||||
# extras: go mod tidy must not change go.mod/go.sum.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
|
||||||
ROOT="$(cd "$SCRIPT_DIR/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
go mod tidy
|
|
||||||
git diff --exit-code -- go.mod go.sum || {
|
|
||||||
echo "precommit: go mod tidy changed go.mod/go.sum;" \
|
|
||||||
"stage the changes and retry" >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
"$SCRIPT_DIR/check"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -1,12 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/projectname: output the name of this project. Our own
|
|
||||||
# extension to scripts-to-rule-them-all. Other scripts that need the
|
|
||||||
# name (e.g. script/docker) call this, so they can stay identical
|
|
||||||
# across all repos.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
main() {
|
|
||||||
echo "upaas"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
14
script/setup
14
script/setup
@@ -1,14 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/setup: set up the repo for development after a fresh clone:
|
|
||||||
# installs dependencies (script/bootstrap) and the git pre-commit hook.
|
|
||||||
# Add any repo-specific initialization (db init, .env template) here.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
"$SCRIPT_DIR/bootstrap"
|
|
||||||
"$SCRIPT_DIR/install-precommit"
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
12
script/test
12
script/test
@@ -1,12 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# script/test: run the test suite.
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
|
||||||
|
|
||||||
main() {
|
|
||||||
cd "$ROOT"
|
|
||||||
go test -v -race -cover -timeout 30s ./...
|
|
||||||
}
|
|
||||||
|
|
||||||
main "$@"
|
|
||||||
@@ -114,6 +114,19 @@
|
|||||||
>
|
>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="healthcheck_command" class="label">Health Check Command</label>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
id="healthcheck_command"
|
||||||
|
name="healthcheck_command"
|
||||||
|
value="{{if .App.HealthcheckCommand.Valid}}{{.App.HealthcheckCommand.String}}{{end}}"
|
||||||
|
class="input font-mono"
|
||||||
|
placeholder="curl -f http://localhost:8080/healthz || exit 1"
|
||||||
|
>
|
||||||
|
<p class="text-sm text-gray-500 mt-1">Custom shell command to check container health. Leave empty to use the image's default health check.</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
<hr class="border-gray-200">
|
<hr class="border-gray-200">
|
||||||
|
|
||||||
<h3 class="text-lg font-medium text-gray-900">Resource Limits</h3>
|
<h3 class="text-lg font-medium text-gray-900">Resource Limits</h3>
|
||||||
|
|||||||
@@ -117,6 +117,19 @@
|
|||||||
>
|
>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="healthcheck_command" class="label">Health Check Command</label>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
id="healthcheck_command"
|
||||||
|
name="healthcheck_command"
|
||||||
|
value="{{.HealthcheckCommand}}"
|
||||||
|
class="input font-mono"
|
||||||
|
placeholder="curl -f http://localhost:8080/healthz || exit 1"
|
||||||
|
>
|
||||||
|
<p class="text-sm text-gray-500 mt-1">Custom shell command to check container health. Leave empty to use the image's default health check.</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="flex justify-end gap-3 pt-4">
|
<div class="flex justify-end gap-3 pt-4">
|
||||||
<a href="/" class="btn-secondary">Cancel</a>
|
<a href="/" class="btn-secondary">Cancel</a>
|
||||||
<button type="submit" class="btn-primary">Create App</button>
|
<button type="submit" class="btn-primary">Create App</button>
|
||||||
|
|||||||
Reference in New Issue
Block a user