Compare commits
1 Commits
main
...
5d3e0667de
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
5d3e0667de |
@@ -1,10 +0,0 @@
|
||||
.git
|
||||
bin/
|
||||
.editorconfig
|
||||
.vscode/
|
||||
.idea/
|
||||
*.test
|
||||
LICENSE
|
||||
CONVENTIONS.md
|
||||
REPO_POLICIES.md
|
||||
README.md
|
||||
@@ -1,15 +0,0 @@
|
||||
root = true
|
||||
|
||||
[*]
|
||||
charset = utf-8
|
||||
end_of_line = lf
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
|
||||
[*.go]
|
||||
indent_style = tab
|
||||
|
||||
[Makefile]
|
||||
indent_style = tab
|
||||
@@ -13,4 +13,4 @@ jobs:
|
||||
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4, 2024-10-13
|
||||
|
||||
- name: Build (runs make check inside Dockerfile)
|
||||
run: script/cibuild
|
||||
run: docker build .
|
||||
|
||||
31
.gitignore
vendored
31
.gitignore
vendored
@@ -1,31 +0,0 @@
|
||||
# OS
|
||||
.DS_Store
|
||||
Thumbs.db
|
||||
|
||||
# Editors
|
||||
*.swp
|
||||
*.swo
|
||||
*~
|
||||
*.bak
|
||||
.idea/
|
||||
.vscode/
|
||||
*.sublime-*
|
||||
|
||||
# Node
|
||||
node_modules/
|
||||
|
||||
# Environment / secrets
|
||||
.env
|
||||
.env.*
|
||||
*.pem
|
||||
*.key
|
||||
|
||||
# Go
|
||||
bin/
|
||||
*.exe
|
||||
*.exe~
|
||||
*.dll
|
||||
*.so
|
||||
*.dylib
|
||||
*.test
|
||||
*.out
|
||||
28
Makefile
28
Makefile
@@ -1,4 +1,4 @@
|
||||
.PHONY: all bootstrap setup build lint fmt fmt-check test check clean docker hooks
|
||||
.PHONY: all build lint fmt fmt-check test check clean
|
||||
|
||||
BINARY := upaasd
|
||||
VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
|
||||
@@ -7,37 +7,27 @@ LDFLAGS := -X main.Version=$(VERSION) -X main.Buildarch=$(BUILDARCH)
|
||||
|
||||
all: check build
|
||||
|
||||
bootstrap:
|
||||
@script/bootstrap
|
||||
|
||||
setup:
|
||||
@script/setup
|
||||
|
||||
build:
|
||||
go build -ldflags "$(LDFLAGS)" -o bin/$(BINARY) ./cmd/upaasd
|
||||
|
||||
lint:
|
||||
@script/lint
|
||||
golangci-lint run --config .golangci.yml ./...
|
||||
|
||||
fmt:
|
||||
@script/fmt
|
||||
gofmt -s -w .
|
||||
goimports -w .
|
||||
npx prettier --write --tab-width 4 static/js/*.js
|
||||
|
||||
fmt-check:
|
||||
@script/fmt-check
|
||||
@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)
|
||||
|
||||
test:
|
||||
@script/test
|
||||
go test -v -race -cover ./...
|
||||
|
||||
# Check runs all validation without making changes
|
||||
# Used by CI and Docker build - fails if anything is wrong
|
||||
check:
|
||||
@script/check
|
||||
|
||||
docker:
|
||||
@script/docker
|
||||
|
||||
hooks:
|
||||
@script/install-precommit
|
||||
check: fmt-check lint test
|
||||
@echo "==> All checks passed!"
|
||||
|
||||
clean:
|
||||
rm -rf bin/
|
||||
|
||||
49
README.md
49
README.md
@@ -1,15 +1,14 @@
|
||||
# µPaaS by [@sneak](https://sneak.berlin)
|
||||
|
||||
A simple self-hosted PaaS that auto-deploys Docker containers from Git repositories via webhooks from Gitea, GitHub, or GitLab.
|
||||
A simple self-hosted PaaS that auto-deploys Docker containers from Git repositories via Gitea webhooks.
|
||||
|
||||
## Features
|
||||
|
||||
- Single admin user with argon2id password hashing
|
||||
- Per-app SSH keypairs for read-only deploy keys
|
||||
- Per-app UUID-based webhook URLs with auto-detection of Gitea, GitHub, and GitLab
|
||||
- Per-app UUID-based webhook URLs for Gitea integration
|
||||
- Branch filtering - only deploy on configured branch changes
|
||||
- Environment variables, labels, and volume mounts per app
|
||||
- CPU and memory resource limits per app
|
||||
- Docker builds via socket access
|
||||
- Notifications via ntfy and Slack-compatible webhooks
|
||||
- Simple server-rendered UI with Tailwind CSS
|
||||
@@ -20,7 +19,7 @@ A simple self-hosted PaaS that auto-deploys Docker containers from Git repositor
|
||||
- Complex CI pipelines
|
||||
- Multiple container orchestration
|
||||
- SPA/API-first design
|
||||
- Support for non-push webhook events (e.g. issues, merge requests)
|
||||
- Support for non-Gitea webhooks
|
||||
|
||||
## Architecture
|
||||
|
||||
@@ -45,7 +44,7 @@ upaas/
|
||||
│ │ ├── auth/ # Authentication service
|
||||
│ │ ├── deploy/ # Deployment orchestration
|
||||
│ │ ├── notify/ # Notifications (ntfy, Slack)
|
||||
│ │ └── webhook/ # Webhook processing (Gitea, GitHub, GitLab)
|
||||
│ │ └── webhook/ # Gitea webhook processing
|
||||
│ └── ssh/ # SSH key generation
|
||||
├── static/ # Embedded CSS/JS assets
|
||||
└── templates/ # Embedded HTML templates
|
||||
@@ -100,31 +99,6 @@ chi Router ──► Middleware Stack ──► Handler
|
||||
- **Async deployments**: Webhook triggers deploy via goroutine with `context.WithoutCancel()`
|
||||
- **Embedded assets**: Templates and static files embedded via `//go:embed`
|
||||
|
||||
## Entrypoints
|
||||
|
||||
This repository adheres to the
|
||||
[Scripts to Rule Them All](https://github.com/github/scripts-to-rule-them-all)
|
||||
standard: normalized scripts in `script/` are the entrypoints for the
|
||||
development workflow, and the Makefile targets are thin shims that call
|
||||
them. We provide:
|
||||
|
||||
- `script/bootstrap` — install all dependencies (idempotent)
|
||||
- `script/setup` — make a fresh clone ready for development
|
||||
(bootstrap, then install-precommit)
|
||||
- `script/projectname` — output the project name ("upaas")
|
||||
- `script/test` — run the test suite
|
||||
- `script/lint` — run golangci-lint
|
||||
- `script/fmt` — format all code (writes)
|
||||
- `script/fmt-check` — check formatting (read-only)
|
||||
- `script/check` — run test, lint, and fmt-check
|
||||
- `script/docker` — build the Docker image tagged via `script/projectname`
|
||||
- `script/cibuild` — CI entrypoint: `docker build .` (the Dockerfile
|
||||
runs the checks, so a green build implies a green repo)
|
||||
- `script/precommit` — pre-commit checks (`go mod tidy` guard, then
|
||||
`script/check`)
|
||||
- `script/install-precommit` — install the git pre-commit hook that
|
||||
runs `script/precommit`
|
||||
|
||||
## Development
|
||||
|
||||
### Prerequisites
|
||||
@@ -136,16 +110,11 @@ them. We provide:
|
||||
### Commands
|
||||
|
||||
```bash
|
||||
make bootstrap # Install all dependencies (idempotent)
|
||||
make setup # Bootstrap + install git pre-commit hook
|
||||
make fmt # Format code
|
||||
make fmt-check # Check formatting (read-only, fails if unformatted)
|
||||
make lint # Run comprehensive linting
|
||||
make test # Run tests with race detection (30s timeout)
|
||||
make check # Verify everything passes (test, lint, fmt-check)
|
||||
make build # Build binary
|
||||
make docker # Build Docker image
|
||||
make hooks # Install pre-commit hook (runs script/precommit)
|
||||
make fmt # Format code
|
||||
make lint # Run comprehensive linting
|
||||
make test # Run tests with race detection
|
||||
make check # Verify everything passes (lint, test, build, format)
|
||||
make build # Build binary
|
||||
```
|
||||
|
||||
### Commit Requirements
|
||||
|
||||
408
REPO_POLICIES.md
408
REPO_POLICIES.md
@@ -1,408 +0,0 @@
|
||||
---
|
||||
title: Repository Policies
|
||||
last_modified: 2026-07-06
|
||||
---
|
||||
|
||||
This document covers repository structure, tooling, and workflow standards. Code
|
||||
style conventions are in separate documents:
|
||||
|
||||
- [Code Styleguide](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE.md)
|
||||
(general, bash, Docker)
|
||||
- [Go](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_GO.md)
|
||||
- [JavaScript](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_JS.md)
|
||||
- [Python](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_PYTHON.md)
|
||||
- [Go HTTP Server Conventions](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/GO_HTTP_SERVER_CONVENTIONS.md)
|
||||
|
||||
---
|
||||
|
||||
- Cross-project documentation (such as this file) must include
|
||||
`last_modified: YYYY-MM-DD` in the YAML front matter so it can be kept in sync
|
||||
with the authoritative source as policies evolve.
|
||||
|
||||
- **ALL external references must be pinned by cryptographic hash.** This
|
||||
includes Docker base images, Go modules, npm packages, GitHub Actions, and
|
||||
anything else fetched from a remote source. Version tags (`@v4`, `@latest`,
|
||||
`:3.21`, etc.) are server-mutable and therefore remote code execution
|
||||
vulnerabilities. The ONLY acceptable way to reference an external dependency
|
||||
is by its content hash (Docker `@sha256:...`, Go module hash in `go.sum`, npm
|
||||
integrity hash in lockfile, GitHub Actions `@<commit-sha>`). No exceptions.
|
||||
This also means never `curl | bash` to install tools like pyenv, nvm, rustup,
|
||||
etc. Instead, download a specific release archive from GitHub, verify its hash
|
||||
(hardcoded in the Dockerfile or script), and only then install. Unverified
|
||||
install scripts are arbitrary remote code execution. This is the single most
|
||||
important rule in this document. Double-check every external reference in
|
||||
every file before committing. There are zero exceptions to this rule.
|
||||
|
||||
- Every repo with software must have a root `Makefile` with these targets:
|
||||
`make bootstrap`, `make setup`, `make test`, `make lint`, `make fmt` (writes),
|
||||
`make fmt-check` (read-only), `make check` (runs `test`, `lint`, `fmt-check`),
|
||||
`make docker`, and `make hooks` (installs pre-commit hook). A model Makefile
|
||||
is at `https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`.
|
||||
|
||||
- Repos follow the
|
||||
[Scripts to Rule Them All](https://github.com/github/scripts-to-rule-them-all)
|
||||
pattern: the implementation of each Makefile target lives in an executable
|
||||
script in `script/` (`script/bootstrap`, `script/setup`, `script/test`,
|
||||
`script/lint`, `script/fmt`, `script/fmt-check`, `script/check`,
|
||||
`script/docker`), and the Makefile targets are thin shims that call them. The
|
||||
scripts must be POSIX sh (`#!/bin/sh`, `set -eu`, no bashisms) so they run in
|
||||
minimal containers (e.g. alpine images have no bash); locate the repo root
|
||||
with `$(cd "$(dirname "$0")/.." && pwd -P)` and `cd` there before acting. From
|
||||
the standard's canonical set we use `bootstrap`, `setup` (make the repo ready
|
||||
for development after a fresh clone: runs `bootstrap`, then
|
||||
`install-precommit`, plus any repo-specific initialization), `test`, and
|
||||
`cibuild`. `script/bootstrap` installs all dependencies idempotently and
|
||||
assumes nothing is present: base tools come from nix, apt, brew, or apk
|
||||
(detected in that order; apt runs noninteractive). For node it uses the
|
||||
installed node if present; otherwise it installs a PINNED node version via
|
||||
nvm, first installing nvm itself if missing — from a hash-verified GitHub
|
||||
release archive (never `curl | sh`), with bash installed as an explicit
|
||||
prerequisite since nvm requires bash. yarn is then pinned via
|
||||
`corepack prepare yarn@<version> --activate`. Never install "latest" or "lts";
|
||||
always exact versions. `script/cibuild` runs the CI build: it changes to the
|
||||
repo root and runs `docker build .`; the Gitea workflow calls it. Four further
|
||||
scripts are our own extensions to the standard: `script/check` runs
|
||||
`script/test`, `script/lint`, and `script/fmt-check`; `script/precommit` is
|
||||
what the git pre-commit hook runs, and it calls `script/check`;
|
||||
`script/install-precommit` installs the git pre-commit hook (the `make hooks`
|
||||
target shims to it); and `script/projectname` (literally that filename) simply
|
||||
outputs the project's name. Scripts that need the name call
|
||||
`script/projectname` — e.g. `script/docker` assembles its image tag from it —
|
||||
so those scripts stay byte-identical across all repos. Repo-type-specific
|
||||
pre-commit extras (e.g. `go mod tidy` verification in Go repos) belong in
|
||||
`script/precommit`, not in the hook itself. Model scripts are at
|
||||
`https://git.eeqj.de/sneak/prompts/raw/branch/main/script/<name>`. The README
|
||||
must document the provided scripts in an **Entrypoints** section (see the
|
||||
README requirements below).
|
||||
|
||||
- Always use Makefile targets (`make fmt`, `make test`, `make lint`, etc.)
|
||||
instead of invoking the underlying tools directly. The Makefile is the single
|
||||
source of truth for how these operations are run.
|
||||
|
||||
- The Makefile is authoritative documentation for how the repo is used. Beyond
|
||||
the required targets above, it should have targets for every common operation:
|
||||
running a local development server (`make run`, `make dev`), re-initializing
|
||||
or migrating the database (`make db-reset`, `make migrate`), building
|
||||
artifacts (`make build`), generating code, seeding data, or anything else a
|
||||
developer would do regularly. If someone checks out the repo and types
|
||||
`make<tab>`, they should see every meaningful operation available. A new
|
||||
contributor should be able to understand the entire development workflow by
|
||||
reading the Makefile.
|
||||
|
||||
- Every repo should have a `Dockerfile`. All Dockerfiles must run `make check`
|
||||
as a build step so the build fails if the branch is not green. For non-server
|
||||
repos, the Dockerfile should bring up a development environment and run
|
||||
`make check`. For server repos, `make check` should run as an early build
|
||||
stage before the final image is assembled. Dockerfiles install development
|
||||
prerequisites by running `script/bootstrap` rather than duplicating installs
|
||||
inline; COPY `script/` and the dependency manifests (`package.json` +
|
||||
`yarn.lock`, `go.mod` + `go.sum`, etc.) before running it so the bootstrap
|
||||
layer stays cached until dependencies change.
|
||||
|
||||
- **Dockerfiles must use a separate lint stage for fail-fast feedback.** Go
|
||||
repos use a multistage build where linting runs in an independent stage based
|
||||
on the `golangci/golangci-lint` image (pinned by hash). This stage runs
|
||||
`make fmt-check` and `make lint` before the full build begins. The build stage
|
||||
then declares an explicit dependency on the lint stage via
|
||||
`COPY --from=lint /src/go.sum /dev/null`, which forces BuildKit to complete
|
||||
linting before proceeding to compilation and tests. This ensures lint failures
|
||||
surface in seconds rather than minutes, without blocking on dependency
|
||||
download or compilation in the build stage.
|
||||
|
||||
The standard pattern for a Go repo Dockerfile is:
|
||||
|
||||
```dockerfile
|
||||
# Lint stage — fast feedback on formatting and lint issues
|
||||
# golangci/golangci-lint:v2.x.x, YYYY-MM-DD
|
||||
FROM golangci/golangci-lint@sha256:... AS lint
|
||||
WORKDIR /src
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
COPY . .
|
||||
RUN make fmt-check
|
||||
RUN make lint
|
||||
|
||||
# Build stage
|
||||
# golang:1.x-alpine, YYYY-MM-DD
|
||||
FROM golang@sha256:... AS builder
|
||||
WORKDIR /src
|
||||
|
||||
# Force BuildKit to run the lint stage before proceeding
|
||||
COPY --from=lint /src/go.sum /dev/null
|
||||
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
COPY . .
|
||||
RUN make test
|
||||
|
||||
ARG VERSION=dev
|
||||
RUN CGO_ENABLED=0 go build -trimpath \
|
||||
-ldflags="-s -w -X main.Version=${VERSION}" \
|
||||
-o /app ./cmd/app/
|
||||
|
||||
# Runtime stage
|
||||
FROM alpine@sha256:...
|
||||
COPY --from=builder /app /usr/local/bin/app
|
||||
ENTRYPOINT ["app"]
|
||||
```
|
||||
|
||||
Key points:
|
||||
- The lint stage uses the `golangci/golangci-lint` image directly (it
|
||||
includes both Go and the linter), so there is no need to install the
|
||||
linter separately.
|
||||
- `COPY --from=lint /src/go.sum /dev/null` is a no-op file copy that creates
|
||||
a stage dependency. BuildKit runs stages in parallel by default; without
|
||||
this line, the build stage would not wait for lint to finish and a lint
|
||||
failure might not fail the overall build.
|
||||
- If the project uses `//go:embed` directives that reference build artifacts
|
||||
(e.g. a web frontend compiled in a separate stage), the lint stage must
|
||||
create placeholder files so the embed directives resolve. Example:
|
||||
`RUN mkdir -p web/dist && touch web/dist/index.html web/dist/style.css`.
|
||||
The lint stage should not depend on the actual build output — it exists to
|
||||
fail fast.
|
||||
- If the project requires CGO or system libraries for linting (e.g.
|
||||
`vips-dev`), install them in the lint stage with `apk add`.
|
||||
- The build stage runs `make test` after compilation setup. Tests run in the
|
||||
build stage, not the lint stage, because they may require compiled
|
||||
artifacts or heavier dependencies.
|
||||
|
||||
- Every repo should have a Gitea Actions workflow (`.gitea/workflows/`) that
|
||||
runs `script/cibuild` (which runs `docker build .`) on push. Since the
|
||||
Dockerfile already runs `make check`, a successful build implies all checks
|
||||
pass.
|
||||
|
||||
- Use platform-standard formatters: `black` for Python, `prettier` for
|
||||
JS/CSS/Markdown/HTML, `go fmt` for Go. Always use default configuration with
|
||||
two exceptions: four-space indents (except Go), and `proseWrap: always` for
|
||||
Markdown (hard-wrap at 80 columns). Documentation and writing repos (Markdown,
|
||||
HTML, CSS) should also have `.prettierrc` and `.prettierignore`.
|
||||
|
||||
- Pre-commit hook: runs `script/precommit`, which calls `script/check`. If local
|
||||
testing is not possible in the repo, `script/precommit` may skip `script/test`
|
||||
and run only `script/lint` and `script/fmt-check`. The hook is installed by
|
||||
`script/install-precommit`; the Makefile must provide a `make hooks` target
|
||||
that shims to it.
|
||||
|
||||
- All repos with software must have tests that run via the platform-standard
|
||||
test framework (`go test`, `pytest`, `jest`/`vitest`, etc.). If no meaningful
|
||||
tests exist yet, add the most minimal test possible — e.g. importing the
|
||||
module under test to verify it compiles/parses. There is no excuse for
|
||||
`make test` to be a no-op.
|
||||
|
||||
- `make test` must complete in under 20 seconds. Add a 30-second timeout in the
|
||||
Makefile.
|
||||
|
||||
- **`make test` should use the conditional verbose rerun pattern.** Run tests
|
||||
without `-v` (verbose) first. If tests fail, automatically rerun with `-v` to
|
||||
show full output. This keeps CI logs and `docker build` output clean on
|
||||
success (just package/suite summaries) while providing full diagnostic detail
|
||||
on failure (every test case, every assertion). The general shell pattern:
|
||||
|
||||
```makefile
|
||||
test:
|
||||
@<test-command> || \
|
||||
{ echo "--- Rerunning with -v for details ---"; \
|
||||
<test-command-with-v>; exit 1; }
|
||||
```
|
||||
|
||||
Go example:
|
||||
|
||||
```makefile
|
||||
test:
|
||||
@go test -timeout 30s -race -cover ./... || \
|
||||
{ echo "--- Rerunning with -v for details ---"; \
|
||||
go test -timeout 30s -race -v ./...; exit 1; }
|
||||
```
|
||||
|
||||
Python example:
|
||||
|
||||
```makefile
|
||||
test:
|
||||
@python -m pytest || \
|
||||
{ echo "--- Rerunning with -v for details ---"; \
|
||||
python -m pytest -v; exit 1; }
|
||||
```
|
||||
|
||||
The `exit 1` ensures the target always fails after a rerun — the first run
|
||||
already proved the tests are broken, so the build must not pass even if a
|
||||
flaky test happens to succeed on the second attempt. The rerun exists solely
|
||||
for diagnostic output.
|
||||
|
||||
- Docker builds must complete in under 5 minutes.
|
||||
|
||||
- `make check` must not modify any files in the repo. Tests may use temporary
|
||||
directories.
|
||||
|
||||
- `main` must always pass `make check`, no exceptions.
|
||||
|
||||
- Never commit secrets. `.env` files, credentials, API keys, and private keys
|
||||
must be in `.gitignore`. No exceptions.
|
||||
|
||||
- `.gitignore` should be comprehensive from the start: OS files (`.DS_Store`),
|
||||
editor files (`.swp`, `*~`), language build artifacts, and `node_modules/`.
|
||||
Fetch the standard `.gitignore` from
|
||||
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
|
||||
a new repo.
|
||||
|
||||
- **No build artifacts in version control.** Code-derived data (compiled
|
||||
bundles, minified output, generated assets) must never be committed to the
|
||||
repository if it can be avoided. The build process (e.g. Dockerfile, Makefile)
|
||||
should generate these at build time. Notable exception: Go protobuf generated
|
||||
files (`.pb.go`) ARE committed because repos need to work with `go get`, which
|
||||
downloads code but does not execute code generation.
|
||||
|
||||
- Never use `git add -A` or `git add .`. Always stage files explicitly by name.
|
||||
|
||||
- Never force-push to `main`.
|
||||
|
||||
- Make all changes on a feature branch. You can do whatever you want on a
|
||||
feature branch.
|
||||
|
||||
- `.golangci.yml` is standardized and must _NEVER_ be modified by an agent, only
|
||||
manually by the user. Fetch from
|
||||
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.golangci.yml`.
|
||||
|
||||
- When pinning images or packages by hash, add a comment above the reference
|
||||
with the version and date (YYYY-MM-DD).
|
||||
|
||||
- Use `yarn`, not `npm`.
|
||||
|
||||
- Write all dates as YYYY-MM-DD (ISO 8601).
|
||||
|
||||
- Simple projects should be configured with environment variables.
|
||||
|
||||
- Dockerized web services listen on port 8080 by default, overridable with
|
||||
`PORT`.
|
||||
|
||||
- **HTTP/web services must be hardened for production internet exposure before
|
||||
tagging 1.0.** This means full compliance with security best practices
|
||||
including, without limitation, all of the following:
|
||||
- **Security headers** on every response:
|
||||
- `Strict-Transport-Security` (HSTS) with `max-age` of at least one year
|
||||
and `includeSubDomains`.
|
||||
- `Content-Security-Policy` (CSP) with a restrictive default policy
|
||||
(`default-src 'self'` as a baseline, tightened per-resource as
|
||||
needed). Never use `unsafe-inline` or `unsafe-eval` unless
|
||||
unavoidable, and document the reason.
|
||||
- `X-Frame-Options: DENY` (or `SAMEORIGIN` if framing is required).
|
||||
Prefer the `frame-ancestors` CSP directive as the primary control.
|
||||
- `X-Content-Type-Options: nosniff`.
|
||||
- `Referrer-Policy: strict-origin-when-cross-origin` (or stricter).
|
||||
- `Permissions-Policy` restricting access to browser features the
|
||||
application does not use (camera, microphone, geolocation, etc.).
|
||||
- **Request and response limits:**
|
||||
- Maximum request body size enforced on all endpoints (e.g. Go
|
||||
`http.MaxBytesReader`). Choose a sane default per-route; never accept
|
||||
unbounded input.
|
||||
- Maximum response body size where applicable (e.g. paginated APIs).
|
||||
- `ReadTimeout` and `ReadHeaderTimeout` on the `http.Server` to defend
|
||||
against slowloris attacks.
|
||||
- `WriteTimeout` on the `http.Server`.
|
||||
- `IdleTimeout` on the `http.Server`.
|
||||
- Per-handler execution time limits via `context.WithTimeout` or
|
||||
chi/stdlib `middleware.Timeout`.
|
||||
- **Authentication and session security:**
|
||||
- Rate limiting on password-based authentication endpoints. API keys are
|
||||
high-entropy and not susceptible to brute force, so they are exempt.
|
||||
- CSRF tokens on all state-mutating HTML forms. API endpoints
|
||||
authenticated via `Authorization` header (Bearer token, API key) are
|
||||
exempt because the browser does not attach these automatically.
|
||||
- Passwords stored using bcrypt, scrypt, or argon2 — never plain-text,
|
||||
MD5, or SHA.
|
||||
- Session cookies set with `HttpOnly`, `Secure`, and `SameSite=Lax` (or
|
||||
`Strict`) attributes.
|
||||
- **Reverse proxy awareness:**
|
||||
- True client IP detection when behind a reverse proxy
|
||||
(`X-Forwarded-For`, `X-Real-IP`). The application must accept
|
||||
forwarded headers only from a configured set of trusted proxy
|
||||
addresses — never trust `X-Forwarded-For` unconditionally.
|
||||
- **CORS:**
|
||||
- Authenticated endpoints must restrict `Access-Control-Allow-Origin` to
|
||||
an explicit allowlist of known origins. Wildcard (`*`) is acceptable
|
||||
only for public, unauthenticated read-only APIs.
|
||||
- **Error handling:**
|
||||
- Internal errors must never leak stack traces, SQL queries, file paths,
|
||||
or other implementation details to the client. Return generic error
|
||||
messages in production; detailed errors only when `DEBUG` is enabled.
|
||||
- **TLS:**
|
||||
- Services never terminate TLS directly. They are always deployed behind
|
||||
a TLS-terminating reverse proxy. The service itself listens on plain
|
||||
HTTP. However, HSTS headers and `Secure` cookie flags must still be
|
||||
set by the application so that the browser enforces HTTPS end-to-end.
|
||||
|
||||
This list is non-exhaustive. Apply defense-in-depth: if a standard security
|
||||
hardening measure exists for HTTP services and is not listed here, it is
|
||||
still expected. When in doubt, harden.
|
||||
|
||||
- `README.md` is the primary documentation. Required sections:
|
||||
- **Description**: First line must include the project name, purpose,
|
||||
category (web server, SPA, CLI tool, etc.), license, and author. Example:
|
||||
"µPaaS is an MIT-licensed Go web application by @sneak that receives
|
||||
git-frontend webhooks and deploys applications via Docker in realtime."
|
||||
- **Getting Started**: Copy-pasteable install/usage code block.
|
||||
- **Entrypoints**: Opens by stating that the repo adheres to the
|
||||
[Scripts to Rule Them All](https://github.com/github/scripts-to-rule-them-all)
|
||||
standard (with that link), then documents each provided `script/`
|
||||
entrypoint and its purpose.
|
||||
- **Rationale**: Why does this exist?
|
||||
- **Design**: How is the program structured?
|
||||
- **TODO**: Update meticulously, even between commits. When planning, put
|
||||
the todo list in the README so a new agent can pick up where the last one
|
||||
left off.
|
||||
- **License**: MIT, GPL, or WTFPL. Ask the user for new projects. Include a
|
||||
`LICENSE` file in the repo root and a License section in the README.
|
||||
- **Author**: [@sneak](https://sneak.berlin).
|
||||
|
||||
- First commit of a new repo should contain only `README.md`.
|
||||
|
||||
- Go module root: `sneak.berlin/go/<name>`. Always run `go mod tidy` before
|
||||
committing.
|
||||
|
||||
- Use SemVer.
|
||||
|
||||
- Database migrations live in `internal/db/migrations/` and must be embedded in
|
||||
the binary.
|
||||
- `000_migration.sql` — contains ONLY the creation of the migrations
|
||||
tracking table itself. Nothing else.
|
||||
- `001_schema.sql` — the full application schema.
|
||||
- **Pre-1.0.0:** never add additional migration files (002, 003, etc.).
|
||||
There is no installed base to migrate. Edit `001_schema.sql` directly.
|
||||
- **Post-1.0.0:** add new numbered migration files for each schema change.
|
||||
Never edit existing migrations after release.
|
||||
|
||||
- All repos should have an `.editorconfig` enforcing the project's indentation
|
||||
settings.
|
||||
|
||||
- Avoid putting files in the repo root unless necessary. Root should contain
|
||||
only project-level config files (`README.md`, `Makefile`, `Dockerfile`,
|
||||
`LICENSE`, `.gitignore`, `.editorconfig`, `REPO_POLICIES.md`, and
|
||||
language-specific config). Everything else goes in a subdirectory. Canonical
|
||||
subdirectory names:
|
||||
- `bin/` — executable scripts and tools
|
||||
- `cmd/` — Go command entrypoints
|
||||
- `configs/` — configuration templates and examples
|
||||
- `deploy/` — deployment manifests (k8s, compose, terraform)
|
||||
- `docs/` — documentation and markdown (README.md stays in root)
|
||||
- `internal/` — Go internal packages
|
||||
- `internal/db/migrations/` — database migrations
|
||||
- `pkg/` — Go library packages
|
||||
- `share/` — systemd units, data files
|
||||
- `static/` — static assets (images, fonts, etc.)
|
||||
- `web/` — web frontend source
|
||||
|
||||
- When setting up a new repo, files from the `prompts` repo may be used as
|
||||
templates. Fetch them from
|
||||
`https://git.eeqj.de/sneak/prompts/raw/branch/main/<path>`.
|
||||
|
||||
- New repos must contain at minimum:
|
||||
- `README.md`, `.git`, `.gitignore`, `.editorconfig`
|
||||
- `LICENSE`, `REPO_POLICIES.md` (copy from the `prompts` repo)
|
||||
- `Makefile`
|
||||
- `script/` entrypoints (`bootstrap`, `setup`, `projectname`, `test`,
|
||||
`lint`, `fmt`, `fmt-check`, `check`, `docker`, `cibuild`, `precommit`,
|
||||
`install-precommit`)
|
||||
- `Dockerfile`, `.dockerignore`
|
||||
- `.gitea/workflows/check.yml`
|
||||
- Go: `go.mod`, `go.sum`, `.golangci.yml`
|
||||
- JS: `package.json`, `yarn.lock`, `.prettierrc`, `.prettierignore`
|
||||
- Python: `pyproject.toml`
|
||||
55
TODO.md
55
TODO.md
@@ -1,55 +0,0 @@
|
||||
# Workflow
|
||||
|
||||
* branch (from `main`)
|
||||
* do the work in Next Step
|
||||
* move Next Step to the top of Completed Steps
|
||||
* move the top item of Future Steps into Next Step
|
||||
* commit (`TODO.md` changes in the same commit as the work)
|
||||
* merge to `main` if the branch is not protected, otherwise open a PR
|
||||
* push
|
||||
|
||||
# Status
|
||||
|
||||
1.0+. Tagged 1.0.0 on 2026-02-26; 8 commits on main since. Policy
|
||||
violation: main currently fails make check (91 lint issues), so the tree
|
||||
is out of compliance until fixed.
|
||||
|
||||
# Next Step
|
||||
|
||||
Fix the 47 noctx lint findings (HTTP requests without context) in one
|
||||
commit and confirm the count drops under make check. This is the largest
|
||||
of the three lint classes blocking a green main.
|
||||
|
||||
# Completed Steps
|
||||
|
||||
- 2026-07-07 Adopted scripts-to-rule-them-all: `script/` entrypoints,
|
||||
Makefile shims, README Entrypoints section
|
||||
- 2026-03-11: Monolithic env var editing with bulk save (#158).
|
||||
- 2026-03-10: Webhook event history UI page (#164); added missing
|
||||
Makefile docker and hooks targets plus test timeout (#159);
|
||||
notification settings passed from create form (#160).
|
||||
- 2026-03-03: REPO_POLICIES compliance file set added (#155).
|
||||
- 2026-03-01: Module path changed to sneak.berlin/go/upaas (#143);
|
||||
Dockerfile split into lint and build stages with forced lint
|
||||
execution (#152, #154).
|
||||
- 2026-02-26: 1.0.0 tagged; dashboard CSRFField crash fixed (#146).
|
||||
- 1.0 audit bug fixes (#120-#125): deferred rollback on commit error,
|
||||
deployment log size cap, error path rendering, docker-compose bind
|
||||
mount, domain type refactor.
|
||||
- CI simplified to docker build only (#130).
|
||||
- 2025-12-29 onward: core PaaS built out: deploys with real-time build
|
||||
log streaming, container start/stop/restart and logs, TCP/UDP port
|
||||
mapping, Alpine.js UI, Slack notifications, ULID app IDs, session
|
||||
handling.
|
||||
|
||||
# Future Steps
|
||||
|
||||
- Get main green (compliance, ordered):
|
||||
- Fix 47 noctx findings (Next Step).
|
||||
- Fix 23 gosec findings.
|
||||
- Fix 21 goconst findings.
|
||||
- Run make check clean on main and keep it green; main must always
|
||||
pass.
|
||||
- Confirm .gitea/workflows/check.yml gates merges on make check so main
|
||||
cannot regress.
|
||||
- Resume feature work only after main is green.
|
||||
@@ -2,74 +2,36 @@ package database
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"embed"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"log/slog"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
//go:embed migrations/*.sql
|
||||
var migrationsFS embed.FS
|
||||
|
||||
// bootstrapVersion is the migration that creates the schema_migrations
|
||||
// table itself. It is applied before the normal migration loop.
|
||||
const bootstrapVersion = 0
|
||||
|
||||
// ErrInvalidMigrationFilename indicates a migration filename does not follow
|
||||
// the expected "<version>.sql" or "<version>_<description>.sql" pattern.
|
||||
var ErrInvalidMigrationFilename = errors.New("invalid migration filename")
|
||||
|
||||
// ParseMigrationVersion extracts the numeric version prefix from a migration
|
||||
// filename. Filenames must follow the pattern "<version>.sql" or
|
||||
// "<version>_<description>.sql", where version is a zero-padded numeric
|
||||
// string (e.g. "001", "002"). Returns the version as an integer and an
|
||||
// error if the filename does not match the expected pattern.
|
||||
func ParseMigrationVersion(filename string) (int, error) {
|
||||
name := strings.TrimSuffix(filename, ".sql")
|
||||
if name == "" || name == filename {
|
||||
return 0, fmt.Errorf("%w: %q has no .sql extension or is empty", ErrInvalidMigrationFilename, filename)
|
||||
}
|
||||
|
||||
// Split on underscore to separate version from description.
|
||||
// If there's no underscore, the entire stem is the version.
|
||||
versionStr, _, _ := strings.Cut(name, "_")
|
||||
|
||||
if versionStr == "" {
|
||||
return 0, fmt.Errorf("%w: %q has empty version prefix", ErrInvalidMigrationFilename, filename)
|
||||
}
|
||||
|
||||
// Validate the version is purely numeric.
|
||||
for _, ch := range versionStr {
|
||||
if ch < '0' || ch > '9' {
|
||||
return 0, fmt.Errorf(
|
||||
"%w: %q version %q contains non-numeric character %q",
|
||||
ErrInvalidMigrationFilename, filename, versionStr, string(ch),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
version, err := strconv.Atoi(versionStr)
|
||||
func (d *Database) migrate(ctx context.Context) error {
|
||||
// Create migrations table if not exists
|
||||
_, err := d.database.ExecContext(ctx, `
|
||||
CREATE TABLE IF NOT EXISTS schema_migrations (
|
||||
version TEXT PRIMARY KEY,
|
||||
applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||
)
|
||||
`)
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("%w: %q: %w", ErrInvalidMigrationFilename, filename, err)
|
||||
return fmt.Errorf("failed to create migrations table: %w", err)
|
||||
}
|
||||
|
||||
return version, nil
|
||||
}
|
||||
|
||||
// collectMigrations reads the embedded migrations directory and returns
|
||||
// migration filenames sorted lexicographically.
|
||||
func collectMigrations() ([]string, error) {
|
||||
// Get list of migration files
|
||||
entries, err := fs.ReadDir(migrationsFS, "migrations")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read migrations directory: %w", err)
|
||||
return fmt.Errorf("failed to read migrations directory: %w", err)
|
||||
}
|
||||
|
||||
var migrations []string
|
||||
// Sort migrations by name
|
||||
migrations := make([]string, 0, len(entries))
|
||||
|
||||
for _, entry := range entries {
|
||||
if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") {
|
||||
@@ -79,113 +41,54 @@ func collectMigrations() ([]string, error) {
|
||||
|
||||
sort.Strings(migrations)
|
||||
|
||||
return migrations, nil
|
||||
}
|
||||
|
||||
// bootstrapMigrationsTable ensures the schema_migrations table exists by
|
||||
// applying 000_migration.sql if the table is missing.
|
||||
func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger) error {
|
||||
var tableExists int
|
||||
|
||||
err := db.QueryRowContext(ctx,
|
||||
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
|
||||
).Scan(&tableExists)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to check for migrations table: %w", err)
|
||||
}
|
||||
|
||||
if tableExists == 0 {
|
||||
return applyBootstrapMigration(ctx, db, log)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// applyBootstrapMigration reads and executes 000_migration.sql to create the
|
||||
// schema_migrations table on a fresh database.
|
||||
func applyBootstrapMigration(ctx context.Context, db *sql.DB, log *slog.Logger) error {
|
||||
content, err := migrationsFS.ReadFile("migrations/000_migration.sql")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read bootstrap migration 000_migration.sql: %w", err)
|
||||
}
|
||||
|
||||
if log != nil {
|
||||
log.Info("applying bootstrap migration", "version", bootstrapVersion)
|
||||
}
|
||||
|
||||
_, err = db.ExecContext(ctx, string(content))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to apply bootstrap migration: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ApplyMigrations applies all pending migrations to db. An optional logger
|
||||
// may be provided for informational output; pass nil for silent operation.
|
||||
// This is exported so tests can apply the real schema without the full fx
|
||||
// lifecycle.
|
||||
func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error {
|
||||
bootstrapErr := bootstrapMigrationsTable(ctx, db, log)
|
||||
if bootstrapErr != nil {
|
||||
return bootstrapErr
|
||||
}
|
||||
|
||||
migrations, err := collectMigrations()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Apply each migration
|
||||
for _, migration := range migrations {
|
||||
version, parseErr := ParseMigrationVersion(migration)
|
||||
if parseErr != nil {
|
||||
return parseErr
|
||||
}
|
||||
|
||||
// Check if already applied.
|
||||
var count int
|
||||
|
||||
err = db.QueryRowContext(ctx,
|
||||
"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
|
||||
version,
|
||||
).Scan(&count)
|
||||
applied, err := d.isMigrationApplied(ctx, migration)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to check migration %s: %w", migration, err)
|
||||
}
|
||||
|
||||
if count > 0 {
|
||||
if log != nil {
|
||||
log.Debug("migration already applied", "version", version)
|
||||
}
|
||||
if applied {
|
||||
d.log.Debug("migration already applied", "migration", migration)
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
// Apply migration in a transaction.
|
||||
applyErr := applyMigrationTx(ctx, db, migration, version)
|
||||
if applyErr != nil {
|
||||
return applyErr
|
||||
err = d.applyMigration(ctx, migration)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to apply migration %s: %w", migration, err)
|
||||
}
|
||||
|
||||
if log != nil {
|
||||
log.Info("migration applied", "version", version)
|
||||
}
|
||||
d.log.Info("migration applied", "migration", migration)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// applyMigrationTx reads and executes a migration file within a transaction,
|
||||
// recording the version in schema_migrations on success.
|
||||
func applyMigrationTx(ctx context.Context, db *sql.DB, filename string, version int) error {
|
||||
content, err := migrationsFS.ReadFile("migrations/" + filename)
|
||||
func (d *Database) isMigrationApplied(ctx context.Context, version string) (bool, error) {
|
||||
var count int
|
||||
|
||||
err := d.database.QueryRowContext(
|
||||
ctx,
|
||||
"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
|
||||
version,
|
||||
).Scan(&count)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read migration %s: %w", filename, err)
|
||||
return false, fmt.Errorf("failed to query migration status: %w", err)
|
||||
}
|
||||
|
||||
transaction, err := db.BeginTx(ctx, nil)
|
||||
return count > 0, nil
|
||||
}
|
||||
|
||||
func (d *Database) applyMigration(ctx context.Context, filename string) error {
|
||||
content, err := migrationsFS.ReadFile("migrations/" + filename)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to begin transaction for migration %s: %w", filename, err)
|
||||
return fmt.Errorf("failed to read migration file: %w", err)
|
||||
}
|
||||
|
||||
transaction, err := d.database.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to begin transaction: %w", err)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
@@ -194,27 +97,26 @@ func applyMigrationTx(ctx context.Context, db *sql.DB, filename string, version
|
||||
}
|
||||
}()
|
||||
|
||||
// Execute migration
|
||||
_, err = transaction.ExecContext(ctx, string(content))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to execute migration %s: %w", filename, err)
|
||||
return fmt.Errorf("failed to execute migration: %w", err)
|
||||
}
|
||||
|
||||
_, err = transaction.ExecContext(ctx,
|
||||
// Record migration
|
||||
_, err = transaction.ExecContext(
|
||||
ctx,
|
||||
"INSERT INTO schema_migrations (version) VALUES (?)",
|
||||
version,
|
||||
filename,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to record migration %s: %w", filename, err)
|
||||
return fmt.Errorf("failed to record migration: %w", err)
|
||||
}
|
||||
|
||||
err = transaction.Commit()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to commit migration %s: %w", filename, err)
|
||||
return fmt.Errorf("failed to commit migration: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d *Database) migrate(ctx context.Context) error {
|
||||
return ApplyMigrations(ctx, d.database, d.log)
|
||||
}
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
-- Migration 000: Schema migrations tracking table
|
||||
-- Applied as a bootstrap step before the normal migration loop.
|
||||
|
||||
CREATE TABLE IF NOT EXISTS schema_migrations (
|
||||
version INTEGER PRIMARY KEY,
|
||||
applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||
);
|
||||
|
||||
INSERT OR IGNORE INTO schema_migrations (version) VALUES (0);
|
||||
@@ -1,3 +0,0 @@
|
||||
-- Add CPU and memory resource limits per app
|
||||
ALTER TABLE apps ADD COLUMN cpu_limit REAL;
|
||||
ALTER TABLE apps ADD COLUMN memory_limit INTEGER;
|
||||
@@ -1,117 +0,0 @@
|
||||
package database_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"testing"
|
||||
|
||||
_ "github.com/mattn/go-sqlite3"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"sneak.berlin/go/upaas/internal/database"
|
||||
)
|
||||
|
||||
func TestParseMigrationVersion(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
filename string
|
||||
wantVersion int
|
||||
wantErr bool
|
||||
}{
|
||||
{filename: "000_migration.sql", wantVersion: 0},
|
||||
{filename: "001_initial.sql", wantVersion: 1},
|
||||
{filename: "002_remove_container_id.sql", wantVersion: 2},
|
||||
{filename: "007_add_resource_limits.sql", wantVersion: 7},
|
||||
{filename: "100_large_version.sql", wantVersion: 100},
|
||||
{filename: ".sql", wantErr: true},
|
||||
{filename: "_foo.sql", wantErr: true},
|
||||
{filename: "abc_foo.sql", wantErr: true},
|
||||
{filename: "1a2_bad.sql", wantErr: true},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.filename, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
version, err := database.ParseMigrationVersion(tt.filename)
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, tt.wantVersion, version)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestApplyMigrationsFreshDatabase(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, err := sql.Open("sqlite3", ":memory:?_foreign_keys=on")
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() { _ = db.Close() }()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
err = database.ApplyMigrations(ctx, db, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Verify schema_migrations table exists with INTEGER version column.
|
||||
var version int
|
||||
|
||||
err = db.QueryRowContext(ctx,
|
||||
"SELECT version FROM schema_migrations WHERE version = 0",
|
||||
).Scan(&version)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, 0, version)
|
||||
|
||||
// Verify that all migrations were recorded.
|
||||
var count int
|
||||
|
||||
err = db.QueryRowContext(ctx,
|
||||
"SELECT COUNT(*) FROM schema_migrations",
|
||||
).Scan(&count)
|
||||
require.NoError(t, err)
|
||||
// 000 bootstrap + 001 through 007 = 8 entries.
|
||||
assert.Equal(t, 8, count)
|
||||
|
||||
// Verify application tables were created by the migrations.
|
||||
var tableCount int
|
||||
|
||||
err = db.QueryRowContext(ctx,
|
||||
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='users'",
|
||||
).Scan(&tableCount)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, 1, tableCount)
|
||||
}
|
||||
|
||||
func TestApplyMigrationsIdempotent(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db, err := sql.Open("sqlite3", ":memory:?_foreign_keys=on")
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() { _ = db.Close() }()
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
// Apply twice — second run should be a no-op.
|
||||
err = database.ApplyMigrations(ctx, db, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = database.ApplyMigrations(ctx, db, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
var count int
|
||||
|
||||
err = db.QueryRowContext(ctx,
|
||||
"SELECT COUNT(*) FROM schema_migrations",
|
||||
).Scan(&count)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, 8, count)
|
||||
}
|
||||
@@ -138,15 +138,13 @@ func (c *Client) BuildImage(
|
||||
|
||||
// CreateContainerOptions contains options for creating a container.
|
||||
type CreateContainerOptions struct {
|
||||
Name string
|
||||
Image string
|
||||
Env map[string]string
|
||||
Labels map[string]string
|
||||
Volumes []VolumeMount
|
||||
Ports []PortMapping
|
||||
Network string
|
||||
CPULimit float64 // CPU cores (e.g. 0.5 = half a core, 2.0 = two cores). 0 means unlimited.
|
||||
MemoryLimit int64 // Memory in bytes. 0 means unlimited.
|
||||
Name string
|
||||
Image string
|
||||
Env map[string]string
|
||||
Labels map[string]string
|
||||
Volumes []VolumeMount
|
||||
Ports []PortMapping
|
||||
Network string
|
||||
}
|
||||
|
||||
// VolumeMount represents a volume mount.
|
||||
@@ -163,14 +161,6 @@ type PortMapping struct {
|
||||
Protocol string // "tcp" or "udp"
|
||||
}
|
||||
|
||||
// nanoCPUsPerCPU is the number of NanoCPUs per CPU core.
|
||||
const nanoCPUsPerCPU = 1e9
|
||||
|
||||
// cpuLimitToNanoCPUs converts a CPU limit (e.g. 0.5 cores) to Docker NanoCPUs.
|
||||
func cpuLimitToNanoCPUs(cpuLimit float64) int64 {
|
||||
return int64(cpuLimit * nanoCPUsPerCPU)
|
||||
}
|
||||
|
||||
// buildPortConfig converts port mappings to Docker port configuration.
|
||||
func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) {
|
||||
exposedPorts := make(nat.PortSet)
|
||||
@@ -195,48 +185,6 @@ func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) {
|
||||
return exposedPorts, portBindings
|
||||
}
|
||||
|
||||
// buildEnvSlice converts an env map to a Docker-compatible env slice.
|
||||
func buildEnvSlice(env map[string]string) []string {
|
||||
envSlice := make([]string, 0, len(env))
|
||||
|
||||
for key, val := range env {
|
||||
envSlice = append(envSlice, key+"="+val)
|
||||
}
|
||||
|
||||
return envSlice
|
||||
}
|
||||
|
||||
// buildMounts converts volume mounts to Docker mount configuration.
|
||||
func buildMounts(volumes []VolumeMount) []mount.Mount {
|
||||
mounts := make([]mount.Mount, 0, len(volumes))
|
||||
|
||||
for _, vol := range volumes {
|
||||
mounts = append(mounts, mount.Mount{
|
||||
Type: mount.TypeBind,
|
||||
Source: vol.HostPath,
|
||||
Target: vol.ContainerPath,
|
||||
ReadOnly: vol.ReadOnly,
|
||||
})
|
||||
}
|
||||
|
||||
return mounts
|
||||
}
|
||||
|
||||
// buildResources builds Docker resource constraints from container options.
|
||||
func buildResources(opts CreateContainerOptions) container.Resources {
|
||||
resources := container.Resources{}
|
||||
|
||||
if opts.CPULimit > 0 {
|
||||
resources.NanoCPUs = cpuLimitToNanoCPUs(opts.CPULimit)
|
||||
}
|
||||
|
||||
if opts.MemoryLimit > 0 {
|
||||
resources.Memory = opts.MemoryLimit
|
||||
}
|
||||
|
||||
return resources
|
||||
}
|
||||
|
||||
// CreateContainer creates a new container.
|
||||
func (c *Client) CreateContainer(
|
||||
ctx context.Context,
|
||||
@@ -248,20 +196,40 @@ func (c *Client) CreateContainer(
|
||||
|
||||
c.log.Info("creating container", "name", opts.Name, "image", opts.Image)
|
||||
|
||||
// Convert env map to slice
|
||||
envSlice := make([]string, 0, len(opts.Env))
|
||||
|
||||
for key, val := range opts.Env {
|
||||
envSlice = append(envSlice, key+"="+val)
|
||||
}
|
||||
|
||||
// Convert volumes to mounts
|
||||
mounts := make([]mount.Mount, 0, len(opts.Volumes))
|
||||
|
||||
for _, vol := range opts.Volumes {
|
||||
mounts = append(mounts, mount.Mount{
|
||||
Type: mount.TypeBind,
|
||||
Source: vol.HostPath,
|
||||
Target: vol.ContainerPath,
|
||||
ReadOnly: vol.ReadOnly,
|
||||
})
|
||||
}
|
||||
|
||||
// Convert ports to exposed ports and port bindings
|
||||
exposedPorts, portBindings := buildPortConfig(opts.Ports)
|
||||
|
||||
// Create container
|
||||
resp, err := c.docker.ContainerCreate(ctx,
|
||||
&container.Config{
|
||||
Image: opts.Image,
|
||||
Env: buildEnvSlice(opts.Env),
|
||||
Env: envSlice,
|
||||
Labels: opts.Labels,
|
||||
ExposedPorts: exposedPorts,
|
||||
},
|
||||
&container.HostConfig{
|
||||
Mounts: buildMounts(opts.Volumes),
|
||||
Mounts: mounts,
|
||||
PortBindings: portBindings,
|
||||
NetworkMode: container.NetworkMode(opts.Network),
|
||||
Resources: buildResources(opts),
|
||||
RestartPolicy: container.RestartPolicy{
|
||||
Name: container.RestartPolicyUnlessStopped,
|
||||
},
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
package docker //nolint:testpackage // tests unexported cpuLimitToNanoCPUs
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCpuLimitToNanoCPUs(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
cpuLimit float64
|
||||
expected int64
|
||||
}{
|
||||
{"one core", 1.0, 1_000_000_000},
|
||||
{"half core", 0.5, 500_000_000},
|
||||
{"two cores", 2.0, 2_000_000_000},
|
||||
{"quarter core", 0.25, 250_000_000},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
got := cpuLimitToNanoCPUs(tt.cpuLimit)
|
||||
if got != tt.expected {
|
||||
t.Errorf("cpuLimitToNanoCPUs(%v) = %d, want %d", tt.cpuLimit, got, tt.expected)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -54,18 +54,12 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
|
||||
repoURL := request.FormValue("repo_url")
|
||||
branch := request.FormValue("branch")
|
||||
dockerfilePath := request.FormValue("dockerfile_path")
|
||||
dockerNetwork := request.FormValue("docker_network")
|
||||
ntfyTopic := request.FormValue("ntfy_topic")
|
||||
slackWebhook := request.FormValue("slack_webhook")
|
||||
|
||||
data := h.addGlobals(map[string]any{
|
||||
"Name": name,
|
||||
"RepoURL": repoURL,
|
||||
"Branch": branch,
|
||||
"DockerfilePath": dockerfilePath,
|
||||
"DockerNetwork": dockerNetwork,
|
||||
"NtfyTopic": ntfyTopic,
|
||||
"SlackWebhook": slackWebhook,
|
||||
}, request)
|
||||
|
||||
if name == "" || repoURL == "" {
|
||||
@@ -106,9 +100,6 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
|
||||
RepoURL: repoURL,
|
||||
Branch: branch,
|
||||
DockerfilePath: dockerfilePath,
|
||||
DockerNetwork: dockerNetwork,
|
||||
NtfyTopic: ntfyTopic,
|
||||
SlackWebhook: slackWebhook,
|
||||
},
|
||||
)
|
||||
if createErr != nil {
|
||||
@@ -257,19 +248,23 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
|
||||
application.RepoURL = request.FormValue("repo_url")
|
||||
application.Branch = request.FormValue("branch")
|
||||
application.DockerfilePath = request.FormValue("dockerfile_path")
|
||||
application.DockerNetwork = optionalNullString(request.FormValue("docker_network"))
|
||||
application.NtfyTopic = optionalNullString(request.FormValue("ntfy_topic"))
|
||||
application.SlackWebhook = optionalNullString(request.FormValue("slack_webhook"))
|
||||
|
||||
limitsErr := applyResourceLimits(application, request)
|
||||
if limitsErr != "" {
|
||||
data := h.addGlobals(map[string]any{
|
||||
"App": application,
|
||||
"Error": limitsErr,
|
||||
}, request)
|
||||
h.renderTemplate(writer, tmpl, "app_edit.html", data)
|
||||
if network := request.FormValue("docker_network"); network != "" {
|
||||
application.DockerNetwork = sql.NullString{String: network, Valid: true}
|
||||
} else {
|
||||
application.DockerNetwork = sql.NullString{}
|
||||
}
|
||||
|
||||
return
|
||||
if ntfy := request.FormValue("ntfy_topic"); ntfy != "" {
|
||||
application.NtfyTopic = sql.NullString{String: ntfy, Valid: true}
|
||||
} else {
|
||||
application.NtfyTopic = sql.NullString{}
|
||||
}
|
||||
|
||||
if slack := request.FormValue("slack_webhook"); slack != "" {
|
||||
application.SlackWebhook = sql.NullString{String: slack, Valid: true}
|
||||
} else {
|
||||
application.SlackWebhook = sql.NullString{}
|
||||
}
|
||||
|
||||
saveErr := application.Save(request.Context())
|
||||
@@ -899,92 +894,50 @@ func (h *Handlers) addKeyValueToApp(
|
||||
http.Redirect(writer, request, "/apps/"+application.ID, http.StatusSeeOther)
|
||||
}
|
||||
|
||||
// envPairJSON represents a key-value pair in the JSON request body.
|
||||
type envPairJSON struct {
|
||||
Key string `json:"key"`
|
||||
Value string `json:"value"`
|
||||
}
|
||||
// HandleEnvVarAdd handles adding an environment variable.
|
||||
func (h *Handlers) HandleEnvVarAdd() http.HandlerFunc {
|
||||
return func(writer http.ResponseWriter, request *http.Request) {
|
||||
h.addKeyValueToApp(
|
||||
writer,
|
||||
request,
|
||||
func(ctx context.Context, application *models.App, key, value string) error {
|
||||
envVar := models.NewEnvVar(h.db)
|
||||
envVar.AppID = application.ID
|
||||
envVar.Key = key
|
||||
envVar.Value = value
|
||||
|
||||
// envVarMaxBodyBytes is the maximum allowed request body size for env var saves (1 MB).
|
||||
const envVarMaxBodyBytes = 1 << 20
|
||||
|
||||
// validateEnvPairs validates env var pairs.
|
||||
// It rejects empty keys and duplicate keys (returns a non-empty error string).
|
||||
func validateEnvPairs(pairs []envPairJSON) ([]models.EnvVarPair, string) {
|
||||
seen := make(map[string]bool, len(pairs))
|
||||
|
||||
result := make([]models.EnvVarPair, 0, len(pairs))
|
||||
|
||||
for _, p := range pairs {
|
||||
trimmedKey := strings.TrimSpace(p.Key)
|
||||
if trimmedKey == "" {
|
||||
return nil, "empty environment variable key is not allowed"
|
||||
}
|
||||
|
||||
if seen[trimmedKey] {
|
||||
return nil, "duplicate environment variable key: " + trimmedKey
|
||||
}
|
||||
|
||||
seen[trimmedKey] = true
|
||||
|
||||
result = append(result, models.EnvVarPair{Key: trimmedKey, Value: p.Value})
|
||||
return envVar.Save(ctx)
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
return result, ""
|
||||
}
|
||||
|
||||
// HandleEnvVarSave handles bulk saving of all environment variables.
|
||||
// It reads a JSON array of {key, value} objects from the request body,
|
||||
// deletes all existing env vars for the app, and inserts the full
|
||||
// submitted set atomically within a database transaction.
|
||||
// Duplicate keys are rejected with a 400 Bad Request error.
|
||||
func (h *Handlers) HandleEnvVarSave() http.HandlerFunc {
|
||||
// HandleEnvVarDelete handles deleting an environment variable.
|
||||
func (h *Handlers) HandleEnvVarDelete() http.HandlerFunc {
|
||||
return func(writer http.ResponseWriter, request *http.Request) {
|
||||
appID := chi.URLParam(request, "id")
|
||||
envVarIDStr := chi.URLParam(request, "varID")
|
||||
|
||||
application, findErr := models.FindApp(request.Context(), h.db, appID)
|
||||
if findErr != nil || application == nil {
|
||||
envVarID, parseErr := strconv.ParseInt(envVarIDStr, 10, 64)
|
||||
if parseErr != nil {
|
||||
http.NotFound(writer, request)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Limit request body size to prevent abuse
|
||||
request.Body = http.MaxBytesReader(writer, request.Body, envVarMaxBodyBytes)
|
||||
|
||||
var pairs []envPairJSON
|
||||
|
||||
decodeErr := json.NewDecoder(request.Body).Decode(&pairs)
|
||||
if decodeErr != nil {
|
||||
h.respondJSON(writer, request, map[string]string{
|
||||
"error": "invalid request body",
|
||||
}, http.StatusBadRequest)
|
||||
envVar, findErr := models.FindEnvVar(request.Context(), h.db, envVarID)
|
||||
if findErr != nil || envVar == nil || envVar.AppID != appID {
|
||||
http.NotFound(writer, request)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
modelPairs, validationErr := validateEnvPairs(pairs)
|
||||
if validationErr != "" {
|
||||
h.respondJSON(writer, request, map[string]string{
|
||||
"error": validationErr,
|
||||
}, http.StatusBadRequest)
|
||||
|
||||
return
|
||||
deleteErr := envVar.Delete(request.Context())
|
||||
if deleteErr != nil {
|
||||
h.log.Error("failed to delete env var", "error", deleteErr)
|
||||
}
|
||||
|
||||
replaceErr := models.ReplaceEnvVarsByAppID(
|
||||
request.Context(), h.db, application.ID, modelPairs,
|
||||
)
|
||||
if replaceErr != nil {
|
||||
h.log.Error("failed to replace env vars", "error", replaceErr)
|
||||
h.respondJSON(writer, request, map[string]string{
|
||||
"error": "failed to save environment variables",
|
||||
}, http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
h.respondJSON(writer, request, map[string]bool{"ok": true}, http.StatusOK)
|
||||
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1243,6 +1196,59 @@ func ValidateVolumePath(p string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// HandleEnvVarEdit handles editing an existing environment variable.
|
||||
func (h *Handlers) HandleEnvVarEdit() http.HandlerFunc {
|
||||
return func(writer http.ResponseWriter, request *http.Request) {
|
||||
appID := chi.URLParam(request, "id")
|
||||
envVarIDStr := chi.URLParam(request, "varID")
|
||||
|
||||
envVarID, parseErr := strconv.ParseInt(envVarIDStr, 10, 64)
|
||||
if parseErr != nil {
|
||||
http.NotFound(writer, request)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
envVar, findErr := models.FindEnvVar(request.Context(), h.db, envVarID)
|
||||
if findErr != nil || envVar == nil || envVar.AppID != appID {
|
||||
http.NotFound(writer, request)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
formErr := request.ParseForm()
|
||||
if formErr != nil {
|
||||
http.Error(writer, "Bad Request", http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
key := request.FormValue("key")
|
||||
value := request.FormValue("value")
|
||||
|
||||
if key == "" || value == "" {
|
||||
http.Redirect(writer, request, "/apps/"+appID, http.StatusSeeOther)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
envVar.Key = key
|
||||
envVar.Value = value
|
||||
|
||||
saveErr := envVar.Save(request.Context())
|
||||
if saveErr != nil {
|
||||
h.log.Error("failed to update env var", "error", saveErr)
|
||||
}
|
||||
|
||||
http.Redirect(
|
||||
writer,
|
||||
request,
|
||||
"/apps/"+appID+"?success=env-updated",
|
||||
http.StatusSeeOther,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
// HandleLabelEdit handles editing an existing label.
|
||||
func (h *Handlers) HandleLabelEdit() http.HandlerFunc {
|
||||
return func(writer http.ResponseWriter, request *http.Request) {
|
||||
@@ -1364,129 +1370,6 @@ func validateVolumePaths(hostPath, containerPath string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ErrInvalidMemoryFormat is returned when a memory limit string cannot be parsed.
|
||||
var ErrInvalidMemoryFormat = errors.New(
|
||||
"must be a number with optional unit suffix (e.g. 256m, 1g, 512000000)",
|
||||
)
|
||||
|
||||
// ErrNegativeValue is returned when a resource limit is negative.
|
||||
var ErrNegativeValue = errors.New("value must be positive")
|
||||
|
||||
// Memory unit byte multipliers.
|
||||
const (
|
||||
kilobyte = 1024
|
||||
megabyte = 1024 * 1024
|
||||
gigabyte = 1024 * 1024 * 1024
|
||||
)
|
||||
|
||||
// optionalNullString converts a form value to a sql.NullString.
|
||||
// Returns a valid NullString if non-empty, invalid (NULL) if empty.
|
||||
func optionalNullString(s string) sql.NullString {
|
||||
if s != "" {
|
||||
return sql.NullString{String: s, Valid: true}
|
||||
}
|
||||
|
||||
return sql.NullString{}
|
||||
}
|
||||
|
||||
// applyResourceLimits parses CPU and memory limit form values and applies them to the app.
|
||||
// Returns an error message string if validation fails, or empty string on success.
|
||||
func applyResourceLimits(application *models.App, request *http.Request) string {
|
||||
cpuLimit, cpuErr := parseOptionalFloat64(request.FormValue("cpu_limit"))
|
||||
if cpuErr != nil {
|
||||
return "Invalid CPU limit: must be a positive number (e.g. 0.5, 1, 2)"
|
||||
}
|
||||
|
||||
application.CPULimit = cpuLimit
|
||||
|
||||
memoryLimit, memErr := parseOptionalMemoryBytes(request.FormValue("memory_limit"))
|
||||
if memErr != nil {
|
||||
return "Invalid memory limit: " + memErr.Error()
|
||||
}
|
||||
|
||||
application.MemoryLimit = memoryLimit
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
// memoryUnitMultiplier returns the byte multiplier for a memory unit suffix.
|
||||
// Returns 0 if the suffix is not recognized.
|
||||
func memoryUnitMultiplier(suffix byte) int64 {
|
||||
switch suffix {
|
||||
case 'k':
|
||||
return kilobyte
|
||||
case 'm':
|
||||
return megabyte
|
||||
case 'g':
|
||||
return gigabyte
|
||||
default:
|
||||
return 0
|
||||
}
|
||||
}
|
||||
|
||||
// parseOptionalFloat64 parses an optional float64 form field.
|
||||
// Returns a valid NullFloat64 if the string is non-empty and parses to a positive number.
|
||||
// Returns an empty NullFloat64 if the string is empty.
|
||||
// Returns an error if the string is non-empty but invalid or non-positive.
|
||||
func parseOptionalFloat64(s string) (sql.NullFloat64, error) {
|
||||
s = strings.TrimSpace(s)
|
||||
if s == "" {
|
||||
return sql.NullFloat64{}, nil
|
||||
}
|
||||
|
||||
val, err := strconv.ParseFloat(s, 64)
|
||||
if err != nil {
|
||||
return sql.NullFloat64{}, fmt.Errorf("invalid number: %w", err)
|
||||
}
|
||||
|
||||
if val <= 0 {
|
||||
return sql.NullFloat64{}, ErrNegativeValue
|
||||
}
|
||||
|
||||
return sql.NullFloat64{Float64: val, Valid: true}, nil
|
||||
}
|
||||
|
||||
// parseOptionalMemoryBytes parses an optional memory limit string into bytes.
|
||||
// Accepts plain bytes (e.g. "536870912") or suffixed values (e.g. "512m", "1g", "256k").
|
||||
// Returns a valid NullInt64 with bytes if non-empty, empty NullInt64 if blank.
|
||||
func parseOptionalMemoryBytes(s string) (sql.NullInt64, error) {
|
||||
s = strings.TrimSpace(s)
|
||||
if s == "" {
|
||||
return sql.NullInt64{}, nil
|
||||
}
|
||||
|
||||
s = strings.ToLower(s)
|
||||
|
||||
// Check for unit suffix
|
||||
multiplier := memoryUnitMultiplier(s[len(s)-1])
|
||||
if multiplier > 0 {
|
||||
numStr := s[:len(s)-1]
|
||||
|
||||
val, err := strconv.ParseFloat(numStr, 64)
|
||||
if err != nil {
|
||||
return sql.NullInt64{}, ErrInvalidMemoryFormat
|
||||
}
|
||||
|
||||
if val <= 0 {
|
||||
return sql.NullInt64{}, ErrNegativeValue
|
||||
}
|
||||
|
||||
return sql.NullInt64{Int64: int64(val * float64(multiplier)), Valid: true}, nil
|
||||
}
|
||||
|
||||
// Plain bytes
|
||||
val, err := strconv.ParseInt(s, 10, 64)
|
||||
if err != nil {
|
||||
return sql.NullInt64{}, ErrInvalidMemoryFormat
|
||||
}
|
||||
|
||||
if val <= 0 {
|
||||
return sql.NullInt64{}, ErrNegativeValue
|
||||
}
|
||||
|
||||
return sql.NullInt64{Int64: val, Valid: true}, nil
|
||||
}
|
||||
|
||||
// formatDeployKey formats an SSH public key with a descriptive comment.
|
||||
// Format: ssh-ed25519 AAAA... upaas_2025-01-15_myapp
|
||||
func formatDeployKey(pubKey string, createdAt time.Time, appName string) string {
|
||||
|
||||
@@ -560,242 +560,45 @@ func testOwnershipVerification(t *testing.T, cfg ownedResourceTestConfig) {
|
||||
cfg.verifyFn(t, testCtx, resourceID)
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveBulk tests that HandleEnvVarSave replaces all env vars
|
||||
// for an app with the submitted set (monolithic delete-all + insert-all).
|
||||
func TestHandleEnvVarSaveBulk(t *testing.T) {
|
||||
// TestDeleteEnvVarOwnershipVerification tests that deleting an env var
|
||||
// via another app's URL path returns 404 (IDOR prevention).
|
||||
func TestDeleteEnvVarOwnershipVerification(t *testing.T) { //nolint:dupl // intentionally similar IDOR test pattern
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
createdApp := createTestApp(t, testCtx, "envvar-bulk-app")
|
||||
testOwnershipVerification(t, ownedResourceTestConfig{
|
||||
appPrefix1: "envvar-owner-app",
|
||||
appPrefix2: "envvar-other-app",
|
||||
createFn: func(t *testing.T, tc *testContext, ownerApp *models.App) int64 {
|
||||
t.Helper()
|
||||
|
||||
// Create some pre-existing env vars
|
||||
for _, kv := range [][2]string{{"OLD_KEY", "old_value"}, {"REMOVE_ME", "gone"}} {
|
||||
ev := models.NewEnvVar(testCtx.database)
|
||||
ev.AppID = createdApp.ID
|
||||
ev.Key = kv[0]
|
||||
ev.Value = kv[1]
|
||||
require.NoError(t, ev.Save(context.Background()))
|
||||
}
|
||||
envVar := models.NewEnvVar(tc.database)
|
||||
envVar.AppID = ownerApp.ID
|
||||
envVar.Key = "SECRET"
|
||||
envVar.Value = "hunter2"
|
||||
require.NoError(t, envVar.Save(context.Background()))
|
||||
|
||||
// Submit a new set as a JSON array of key/value objects
|
||||
body := `[{"key":"NEW_KEY","value":"new_value"},{"key":"ANOTHER","value":"42"}]`
|
||||
return envVar.ID
|
||||
},
|
||||
deletePath: func(appID string, resourceID int64) string {
|
||||
return "/apps/" + appID + "/env/" + strconv.FormatInt(resourceID, 10) + "/delete"
|
||||
},
|
||||
chiParams: func(appID string, resourceID int64) map[string]string {
|
||||
return map[string]string{"id": appID, "varID": strconv.FormatInt(resourceID, 10)}
|
||||
},
|
||||
handler: func(h *handlers.Handlers) http.HandlerFunc { return h.HandleEnvVarDelete() },
|
||||
verifyFn: func(t *testing.T, tc *testContext, resourceID int64) {
|
||||
t.Helper()
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+createdApp.ID+"/env",
|
||||
strings.NewReader(body),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusOK, recorder.Code)
|
||||
|
||||
// Verify old env vars are gone and new ones exist
|
||||
envVars, err := models.FindEnvVarsByAppID(
|
||||
context.Background(), testCtx.database, createdApp.ID,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
assert.Len(t, envVars, 2)
|
||||
|
||||
keys := make(map[string]string)
|
||||
for _, ev := range envVars {
|
||||
keys[ev.Key] = ev.Value
|
||||
}
|
||||
|
||||
assert.Equal(t, "new_value", keys["NEW_KEY"])
|
||||
assert.Equal(t, "42", keys["ANOTHER"])
|
||||
assert.Empty(t, keys["OLD_KEY"], "old env vars should be deleted")
|
||||
assert.Empty(t, keys["REMOVE_ME"], "old env vars should be deleted")
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveAppNotFound tests that HandleEnvVarSave returns 404
|
||||
// for a non-existent app.
|
||||
func TestHandleEnvVarSaveAppNotFound(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
|
||||
body := `[{"key":"KEY","value":"value"}]`
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/nonexistent-id/env",
|
||||
strings.NewReader(body),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusNotFound, recorder.Code)
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveEmptyKeyRejected verifies that submitting a JSON
|
||||
// array containing an entry with an empty key returns 400.
|
||||
func TestHandleEnvVarSaveEmptyKeyRejected(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
createdApp := createTestApp(t, testCtx, "envvar-emptykey-app")
|
||||
|
||||
body := `[{"key":"VALID_KEY","value":"ok"},{"key":"","value":"bad"}]`
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+createdApp.ID+"/env",
|
||||
strings.NewReader(body),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, recorder.Code)
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveDuplicateKeyRejected verifies that when the client
|
||||
// sends duplicate keys, the server rejects them with 400 Bad Request.
|
||||
func TestHandleEnvVarSaveDuplicateKeyRejected(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
createdApp := createTestApp(t, testCtx, "envvar-dedup-app")
|
||||
|
||||
// Send two entries with the same key — should be rejected
|
||||
body := `[{"key":"FOO","value":"first"},{"key":"BAR","value":"bar"},{"key":"FOO","value":"second"}]`
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+createdApp.ID+"/env",
|
||||
strings.NewReader(body),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, recorder.Code)
|
||||
assert.Contains(t, recorder.Body.String(), "duplicate environment variable key: FOO")
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveCrossAppIsolation verifies that posting env vars
|
||||
// to appA's endpoint does not affect appB's env vars (IDOR prevention).
|
||||
func TestHandleEnvVarSaveCrossAppIsolation(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
appA := createTestApp(t, testCtx, "envvar-iso-appA")
|
||||
appB := createTestApp(t, testCtx, "envvar-iso-appB")
|
||||
|
||||
// Give appB some env vars
|
||||
for _, kv := range [][2]string{{"B_KEY1", "b_val1"}, {"B_KEY2", "b_val2"}} {
|
||||
ev := models.NewEnvVar(testCtx.database)
|
||||
ev.AppID = appB.ID
|
||||
ev.Key = kv[0]
|
||||
ev.Value = kv[1]
|
||||
require.NoError(t, ev.Save(context.Background()))
|
||||
}
|
||||
|
||||
// POST new env vars to appA's endpoint
|
||||
body := `[{"key":"A_KEY","value":"a_val"}]`
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+appA.ID+"/env",
|
||||
strings.NewReader(body),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusOK, recorder.Code)
|
||||
|
||||
// Verify appA has exactly what we sent
|
||||
appAVars, err := models.FindEnvVarsByAppID(
|
||||
context.Background(), testCtx.database, appA.ID,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
assert.Len(t, appAVars, 1)
|
||||
assert.Equal(t, "A_KEY", appAVars[0].Key)
|
||||
|
||||
// Verify appB's env vars are completely untouched
|
||||
appBVars, err := models.FindEnvVarsByAppID(
|
||||
context.Background(), testCtx.database, appB.ID,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
assert.Len(t, appBVars, 2, "appB env vars must not be affected")
|
||||
|
||||
bKeys := make(map[string]string)
|
||||
for _, ev := range appBVars {
|
||||
bKeys[ev.Key] = ev.Value
|
||||
}
|
||||
|
||||
assert.Equal(t, "b_val1", bKeys["B_KEY1"])
|
||||
assert.Equal(t, "b_val2", bKeys["B_KEY2"])
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveBodySizeLimit verifies that a request body
|
||||
// exceeding the 1 MB limit is rejected.
|
||||
func TestHandleEnvVarSaveBodySizeLimit(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
createdApp := createTestApp(t, testCtx, "envvar-sizelimit-app")
|
||||
|
||||
// Build a JSON body that exceeds 1 MB
|
||||
// Each entry is ~30 bytes; 40000 entries ≈ 1.2 MB
|
||||
var sb strings.Builder
|
||||
|
||||
sb.WriteString("[")
|
||||
|
||||
for i := range 40000 {
|
||||
if i > 0 {
|
||||
sb.WriteString(",")
|
||||
}
|
||||
|
||||
sb.WriteString(`{"key":"K` + strconv.Itoa(i) + `","value":"val"}`)
|
||||
}
|
||||
|
||||
sb.WriteString("]")
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+createdApp.ID+"/env",
|
||||
strings.NewReader(sb.String()),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, recorder.Code,
|
||||
"oversized body should be rejected with 400")
|
||||
found, findErr := models.FindEnvVar(context.Background(), tc.database, resourceID)
|
||||
require.NoError(t, findErr)
|
||||
assert.NotNil(t, found, "env var should still exist after IDOR attempt")
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
// TestDeleteLabelOwnershipVerification tests that deleting a label
|
||||
// via another app's URL path returns 404 (IDOR prevention).
|
||||
func TestDeleteLabelOwnershipVerification(t *testing.T) {
|
||||
func TestDeleteLabelOwnershipVerification(t *testing.T) { //nolint:dupl // intentionally similar IDOR test pattern
|
||||
t.Parallel()
|
||||
|
||||
testOwnershipVerification(t, ownedResourceTestConfig{
|
||||
@@ -911,43 +714,41 @@ func TestDeletePortOwnershipVerification(t *testing.T) {
|
||||
assert.NotNil(t, found, "port should still exist after IDOR attempt")
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveEmptyClears verifies that submitting an empty JSON
|
||||
// array deletes all existing env vars for the app.
|
||||
func TestHandleEnvVarSaveEmptyClears(t *testing.T) {
|
||||
// TestHandleEnvVarDeleteUsesCorrectRouteParam verifies that HandleEnvVarDelete
|
||||
// reads the "varID" chi URL parameter (matching the route definition {varID}),
|
||||
// not a mismatched name like "envID".
|
||||
func TestHandleEnvVarDeleteUsesCorrectRouteParam(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
createdApp := createTestApp(t, testCtx, "envvar-clear-app")
|
||||
|
||||
// Create a pre-existing env var
|
||||
ev := models.NewEnvVar(testCtx.database)
|
||||
ev.AppID = createdApp.ID
|
||||
ev.Key = "DELETE_ME"
|
||||
ev.Value = "gone"
|
||||
require.NoError(t, ev.Save(context.Background()))
|
||||
createdApp := createTestApp(t, testCtx, "envdelete-param-app")
|
||||
|
||||
// Submit empty JSON array
|
||||
envVar := models.NewEnvVar(testCtx.database)
|
||||
envVar.AppID = createdApp.ID
|
||||
envVar.Key = "DELETE_ME"
|
||||
envVar.Value = "gone"
|
||||
require.NoError(t, envVar.Save(context.Background()))
|
||||
|
||||
// Use chi router with the real route pattern to test param name
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
r.Post("/apps/{id}/env-vars/{varID}/delete", testCtx.handlers.HandleEnvVarDelete())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+createdApp.ID+"/env",
|
||||
strings.NewReader("[]"),
|
||||
"/apps/"+createdApp.ID+"/env-vars/"+strconv.FormatInt(envVar.ID, 10)+"/delete",
|
||||
nil,
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusOK, recorder.Code)
|
||||
assert.Equal(t, http.StatusSeeOther, recorder.Code)
|
||||
|
||||
// Verify all env vars are gone
|
||||
envVars, err := models.FindEnvVarsByAppID(
|
||||
context.Background(), testCtx.database, createdApp.ID,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
assert.Empty(t, envVars, "all env vars should be deleted")
|
||||
// Verify the env var was actually deleted
|
||||
found, findErr := models.FindEnvVar(context.Background(), testCtx.database, envVar.ID)
|
||||
require.NoError(t, findErr)
|
||||
assert.Nil(t, found, "env var should be deleted when using correct route param")
|
||||
}
|
||||
|
||||
// TestHandleVolumeAddValidatesPaths verifies that HandleVolumeAdd validates
|
||||
|
||||
@@ -1,195 +0,0 @@
|
||||
package handlers //nolint:testpackage // tests unexported parsing functions
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestParseOptionalFloat64(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("empty string returns invalid", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalFloat64("")
|
||||
require.NoError(t, err)
|
||||
assert.False(t, result.Valid)
|
||||
})
|
||||
|
||||
t.Run("whitespace only returns invalid", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalFloat64(" ")
|
||||
require.NoError(t, err)
|
||||
assert.False(t, result.Valid)
|
||||
})
|
||||
|
||||
t.Run("valid float", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalFloat64("0.5")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.InDelta(t, 0.5, result.Float64, 0.001)
|
||||
})
|
||||
|
||||
t.Run("valid integer", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalFloat64("2")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.InDelta(t, 2.0, result.Float64, 0.001)
|
||||
})
|
||||
|
||||
t.Run("negative value rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalFloat64("-1")
|
||||
require.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run("zero value rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalFloat64("0")
|
||||
require.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run("non-numeric rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalFloat64("abc")
|
||||
require.Error(t, err)
|
||||
})
|
||||
}
|
||||
|
||||
func TestParseOptionalMemoryBytes(t *testing.T) { //nolint:funlen // table-driven test
|
||||
t.Parallel()
|
||||
|
||||
t.Run("empty string returns invalid", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("")
|
||||
require.NoError(t, err)
|
||||
assert.False(t, result.Valid)
|
||||
})
|
||||
|
||||
t.Run("whitespace only returns invalid", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes(" ")
|
||||
require.NoError(t, err)
|
||||
assert.False(t, result.Valid)
|
||||
})
|
||||
|
||||
t.Run("plain bytes", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("536870912")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.Equal(t, int64(536870912), result.Int64)
|
||||
})
|
||||
|
||||
t.Run("megabytes suffix", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("256m")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.Equal(t, int64(256*1024*1024), result.Int64)
|
||||
})
|
||||
|
||||
t.Run("megabytes suffix uppercase", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("256M")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.Equal(t, int64(256*1024*1024), result.Int64)
|
||||
})
|
||||
|
||||
t.Run("gigabytes suffix", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("1g")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.Equal(t, int64(1024*1024*1024), result.Int64)
|
||||
})
|
||||
|
||||
t.Run("kilobytes suffix", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("512k")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.Equal(t, int64(512*1024), result.Int64)
|
||||
})
|
||||
|
||||
t.Run("fractional gigabytes", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes("1.5g")
|
||||
require.NoError(t, err)
|
||||
assert.True(t, result.Valid)
|
||||
assert.Equal(t, int64(1.5*1024*1024*1024), result.Int64)
|
||||
})
|
||||
|
||||
t.Run("negative value rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalMemoryBytes("-256m")
|
||||
require.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run("zero value rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalMemoryBytes("0")
|
||||
require.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run("invalid string rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalMemoryBytes("abc")
|
||||
require.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run("negative plain bytes rejected", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := parseOptionalMemoryBytes("-100")
|
||||
require.Error(t, err)
|
||||
})
|
||||
}
|
||||
|
||||
func TestAppResourceLimitsRoundTrip(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Test that parsing and formatting are consistent
|
||||
tests := []struct {
|
||||
input string
|
||||
expected sql.NullInt64
|
||||
format string
|
||||
}{
|
||||
{"256m", sql.NullInt64{Int64: 256 * 1024 * 1024, Valid: true}, "256m"},
|
||||
{"1g", sql.NullInt64{Int64: 1024 * 1024 * 1024, Valid: true}, "1g"},
|
||||
{"512k", sql.NullInt64{Int64: 512 * 1024, Valid: true}, "512k"},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.input, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result, err := parseOptionalMemoryBytes(tt.input)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, tt.expected, result)
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -7,14 +7,12 @@ import (
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"sneak.berlin/go/upaas/internal/models"
|
||||
"sneak.berlin/go/upaas/internal/service/webhook"
|
||||
)
|
||||
|
||||
// maxWebhookBodySize is the maximum allowed size of a webhook request body (1MB).
|
||||
const maxWebhookBodySize = 1 << 20
|
||||
|
||||
// HandleWebhook handles incoming webhooks from Gitea, GitHub, or GitLab.
|
||||
// The webhook source is auto-detected from HTTP headers.
|
||||
// HandleWebhook handles incoming Gitea webhooks.
|
||||
func (h *Handlers) HandleWebhook() http.HandlerFunc {
|
||||
return func(writer http.ResponseWriter, request *http.Request) {
|
||||
secret := chi.URLParam(request, "secret")
|
||||
@@ -52,17 +50,16 @@ func (h *Handlers) HandleWebhook() http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
// Auto-detect webhook source from headers
|
||||
source := webhook.DetectWebhookSource(request.Header)
|
||||
|
||||
// Extract event type based on detected source
|
||||
eventType := webhook.DetectEventType(request.Header, source)
|
||||
// Get event type from header
|
||||
eventType := request.Header.Get("X-Gitea-Event")
|
||||
if eventType == "" {
|
||||
eventType = "push"
|
||||
}
|
||||
|
||||
// Process webhook
|
||||
webhookErr := h.webhook.HandleWebhook(
|
||||
request.Context(),
|
||||
application,
|
||||
source,
|
||||
eventType,
|
||||
body,
|
||||
)
|
||||
|
||||
@@ -1,56 +0,0 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"sneak.berlin/go/upaas/internal/models"
|
||||
"sneak.berlin/go/upaas/templates"
|
||||
)
|
||||
|
||||
// webhookEventsLimit is the number of webhook events to show in history.
|
||||
const webhookEventsLimit = 100
|
||||
|
||||
// HandleAppWebhookEvents returns the webhook event history handler.
|
||||
func (h *Handlers) HandleAppWebhookEvents() http.HandlerFunc {
|
||||
tmpl := templates.GetParsed()
|
||||
|
||||
return func(writer http.ResponseWriter, request *http.Request) {
|
||||
appID := chi.URLParam(request, "id")
|
||||
|
||||
application, findErr := models.FindApp(request.Context(), h.db, appID)
|
||||
if findErr != nil {
|
||||
h.log.Error("failed to find app", "error", findErr)
|
||||
http.Error(writer, "Internal Server Error", http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if application == nil {
|
||||
http.NotFound(writer, request)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
events, eventsErr := application.GetWebhookEvents(
|
||||
request.Context(),
|
||||
webhookEventsLimit,
|
||||
)
|
||||
if eventsErr != nil {
|
||||
h.log.Error("failed to get webhook events",
|
||||
"error", eventsErr,
|
||||
"app", appID,
|
||||
)
|
||||
|
||||
events = []*models.WebhookEvent{}
|
||||
}
|
||||
|
||||
data := h.addGlobals(map[string]any{
|
||||
"App": application,
|
||||
"Events": events,
|
||||
}, request)
|
||||
|
||||
h.renderTemplate(writer, tmpl, "webhook_events.html", data)
|
||||
}
|
||||
}
|
||||
@@ -14,8 +14,7 @@ import (
|
||||
const appColumns = `id, name, repo_url, branch, dockerfile_path, webhook_secret,
|
||||
ssh_private_key, ssh_public_key, image_id, status,
|
||||
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
|
||||
previous_image_id, cpu_limit, memory_limit,
|
||||
created_at, updated_at`
|
||||
previous_image_id, created_at, updated_at`
|
||||
|
||||
// AppStatus represents the status of an app.
|
||||
type AppStatus string
|
||||
@@ -48,8 +47,6 @@ type App struct {
|
||||
DockerNetwork sql.NullString
|
||||
NtfyTopic sql.NullString
|
||||
SlackWebhook sql.NullString
|
||||
CPULimit sql.NullFloat64
|
||||
MemoryLimit sql.NullInt64
|
||||
CreatedAt time.Time
|
||||
UpdatedAt time.Time
|
||||
}
|
||||
@@ -145,14 +142,14 @@ func (a *App) insert(ctx context.Context) error {
|
||||
id, name, repo_url, branch, dockerfile_path, webhook_secret,
|
||||
ssh_private_key, ssh_public_key, image_id, status,
|
||||
docker_network, ntfy_topic, slack_webhook, webhook_secret_hash,
|
||||
previous_image_id, cpu_limit, memory_limit
|
||||
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
|
||||
previous_image_id
|
||||
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
|
||||
|
||||
_, err := a.db.Exec(ctx, query,
|
||||
a.ID, a.Name, a.RepoURL, a.Branch, a.DockerfilePath, a.WebhookSecret,
|
||||
a.SSHPrivateKey, a.SSHPublicKey, a.ImageID, a.Status,
|
||||
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook, a.WebhookSecretHash,
|
||||
a.PreviousImageID, a.CPULimit, a.MemoryLimit,
|
||||
a.PreviousImageID,
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -168,7 +165,6 @@ func (a *App) update(ctx context.Context) error {
|
||||
image_id = ?, status = ?,
|
||||
docker_network = ?, ntfy_topic = ?, slack_webhook = ?,
|
||||
previous_image_id = ?,
|
||||
cpu_limit = ?, memory_limit = ?,
|
||||
updated_at = CURRENT_TIMESTAMP
|
||||
WHERE id = ?`
|
||||
|
||||
@@ -177,7 +173,6 @@ func (a *App) update(ctx context.Context) error {
|
||||
a.ImageID, a.Status,
|
||||
a.DockerNetwork, a.NtfyTopic, a.SlackWebhook,
|
||||
a.PreviousImageID,
|
||||
a.CPULimit, a.MemoryLimit,
|
||||
a.ID,
|
||||
)
|
||||
|
||||
@@ -193,7 +188,6 @@ func (a *App) scan(row *sql.Row) error {
|
||||
&a.DockerNetwork, &a.NtfyTopic, &a.SlackWebhook,
|
||||
&a.WebhookSecretHash,
|
||||
&a.PreviousImageID,
|
||||
&a.CPULimit, &a.MemoryLimit,
|
||||
&a.CreatedAt, &a.UpdatedAt,
|
||||
)
|
||||
}
|
||||
@@ -212,7 +206,6 @@ func scanApps(appDB *database.Database, rows *sql.Rows) ([]*App, error) {
|
||||
&app.DockerNetwork, &app.NtfyTopic, &app.SlackWebhook,
|
||||
&app.WebhookSecretHash,
|
||||
&app.PreviousImageID,
|
||||
&app.CPULimit, &app.MemoryLimit,
|
||||
&app.CreatedAt, &app.UpdatedAt,
|
||||
)
|
||||
if scanErr != nil {
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//nolint:dupl // Active Record pattern - similar structure to label.go is intentional
|
||||
package models
|
||||
|
||||
import (
|
||||
@@ -128,48 +129,13 @@ func FindEnvVarsByAppID(
|
||||
return envVars, rows.Err()
|
||||
}
|
||||
|
||||
// EnvVarPair is a key-value pair for bulk env var operations.
|
||||
type EnvVarPair struct {
|
||||
Key string
|
||||
Value string
|
||||
}
|
||||
|
||||
// ReplaceEnvVarsByAppID atomically replaces all env vars for an app
|
||||
// within a single database transaction. It deletes all existing env
|
||||
// vars and inserts the provided pairs. If any operation fails, the
|
||||
// entire transaction is rolled back.
|
||||
func ReplaceEnvVarsByAppID(
|
||||
// DeleteEnvVarsByAppID deletes all env vars for an app.
|
||||
func DeleteEnvVarsByAppID(
|
||||
ctx context.Context,
|
||||
db *database.Database,
|
||||
appID string,
|
||||
pairs []EnvVarPair,
|
||||
) error {
|
||||
tx, err := db.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("beginning transaction: %w", err)
|
||||
}
|
||||
_, err := db.Exec(ctx, "DELETE FROM app_env_vars WHERE app_id = ?", appID)
|
||||
|
||||
defer func() { _ = tx.Rollback() }()
|
||||
|
||||
_, err = tx.ExecContext(ctx, "DELETE FROM app_env_vars WHERE app_id = ?", appID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("deleting env vars: %w", err)
|
||||
}
|
||||
|
||||
for _, p := range pairs {
|
||||
_, err = tx.ExecContext(ctx,
|
||||
"INSERT INTO app_env_vars (app_id, key, value) VALUES (?, ?, ?)",
|
||||
appID, p.Key, p.Value,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("inserting env var %q: %w", p.Key, err)
|
||||
}
|
||||
}
|
||||
|
||||
err = tx.Commit()
|
||||
if err != nil {
|
||||
return fmt.Errorf("committing transaction: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
//nolint:dupl // Active Record pattern - similar structure to env_var.go is intentional
|
||||
package models
|
||||
|
||||
import (
|
||||
|
||||
@@ -781,96 +781,6 @@ func TestCascadeDelete(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
// Resource Limits Tests.
|
||||
|
||||
func TestAppResourceLimits(t *testing.T) { //nolint:funlen // integration test with multiple subtests
|
||||
t.Parallel()
|
||||
|
||||
t.Run("saves and loads CPU limit", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testDB, cleanup := setupTestDB(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, testDB)
|
||||
|
||||
app.CPULimit = sql.NullFloat64{Float64: 0.5, Valid: true}
|
||||
|
||||
err := app.Save(context.Background())
|
||||
require.NoError(t, err)
|
||||
|
||||
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, found)
|
||||
assert.True(t, found.CPULimit.Valid)
|
||||
assert.InDelta(t, 0.5, found.CPULimit.Float64, 0.001)
|
||||
})
|
||||
|
||||
t.Run("saves and loads memory limit", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testDB, cleanup := setupTestDB(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, testDB)
|
||||
|
||||
app.MemoryLimit = sql.NullInt64{Int64: 536870912, Valid: true} // 512m
|
||||
|
||||
err := app.Save(context.Background())
|
||||
require.NoError(t, err)
|
||||
|
||||
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, found)
|
||||
assert.True(t, found.MemoryLimit.Valid)
|
||||
assert.Equal(t, int64(536870912), found.MemoryLimit.Int64)
|
||||
})
|
||||
|
||||
t.Run("null limits by default", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testDB, cleanup := setupTestDB(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, testDB)
|
||||
|
||||
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, found)
|
||||
assert.False(t, found.CPULimit.Valid)
|
||||
assert.False(t, found.MemoryLimit.Valid)
|
||||
})
|
||||
|
||||
t.Run("clears limits when set to null", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testDB, cleanup := setupTestDB(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, testDB)
|
||||
|
||||
// Set limits
|
||||
app.CPULimit = sql.NullFloat64{Float64: 1.0, Valid: true}
|
||||
app.MemoryLimit = sql.NullInt64{Int64: 1073741824, Valid: true} // 1g
|
||||
|
||||
err := app.Save(context.Background())
|
||||
require.NoError(t, err)
|
||||
|
||||
// Clear limits
|
||||
app.CPULimit = sql.NullFloat64{}
|
||||
app.MemoryLimit = sql.NullInt64{}
|
||||
|
||||
err = app.Save(context.Background())
|
||||
require.NoError(t, err)
|
||||
|
||||
found, err := models.FindApp(context.Background(), testDB, app.ID)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, found)
|
||||
assert.False(t, found.CPULimit.Valid)
|
||||
assert.False(t, found.MemoryLimit.Valid)
|
||||
})
|
||||
}
|
||||
|
||||
// Helper function to create a test app.
|
||||
func createTestApp(t *testing.T, testDB *database.Database) *models.App {
|
||||
t.Helper()
|
||||
|
||||
@@ -52,20 +52,6 @@ func (w *WebhookEvent) Reload(ctx context.Context) error {
|
||||
return w.scan(row)
|
||||
}
|
||||
|
||||
// ShortCommit returns a truncated commit SHA for display.
|
||||
func (w *WebhookEvent) ShortCommit() string {
|
||||
if !w.CommitSHA.Valid {
|
||||
return ""
|
||||
}
|
||||
|
||||
sha := w.CommitSHA.String
|
||||
if len(sha) > shortCommitLength {
|
||||
return sha[:shortCommitLength]
|
||||
}
|
||||
|
||||
return sha
|
||||
}
|
||||
|
||||
func (w *WebhookEvent) insert(ctx context.Context) error {
|
||||
query := `
|
||||
INSERT INTO webhook_events (
|
||||
|
||||
@@ -70,7 +70,6 @@ func (s *Server) SetupRoutes() {
|
||||
r.Post("/apps/{id}/deploy", s.handlers.HandleAppDeploy())
|
||||
r.Post("/apps/{id}/deployments/cancel", s.handlers.HandleCancelDeploy())
|
||||
r.Get("/apps/{id}/deployments", s.handlers.HandleAppDeployments())
|
||||
r.Get("/apps/{id}/webhooks", s.handlers.HandleAppWebhookEvents())
|
||||
r.Get("/apps/{id}/deployments/{deploymentID}/logs", s.handlers.HandleDeploymentLogsAPI())
|
||||
r.Get("/apps/{id}/deployments/{deploymentID}/download", s.handlers.HandleDeploymentLogDownload())
|
||||
r.Get("/apps/{id}/logs", s.handlers.HandleAppLogs())
|
||||
@@ -82,8 +81,10 @@ func (s *Server) SetupRoutes() {
|
||||
r.Post("/apps/{id}/stop", s.handlers.HandleAppStop())
|
||||
r.Post("/apps/{id}/start", s.handlers.HandleAppStart())
|
||||
|
||||
// Environment variables (monolithic bulk save)
|
||||
r.Post("/apps/{id}/env", s.handlers.HandleEnvVarSave())
|
||||
// Environment variables
|
||||
r.Post("/apps/{id}/env-vars", s.handlers.HandleEnvVarAdd())
|
||||
r.Post("/apps/{id}/env-vars/{varID}/edit", s.handlers.HandleEnvVarEdit())
|
||||
r.Post("/apps/{id}/env-vars/{varID}/delete", s.handlers.HandleEnvVarDelete())
|
||||
|
||||
// Labels
|
||||
r.Post("/apps/{id}/labels", s.handlers.HandleLabelAdd())
|
||||
|
||||
@@ -1094,28 +1094,14 @@ func (svc *Service) buildContainerOptions(
|
||||
network = app.DockerNetwork.String
|
||||
}
|
||||
|
||||
var cpuLimit float64
|
||||
|
||||
if app.CPULimit.Valid {
|
||||
cpuLimit = app.CPULimit.Float64
|
||||
}
|
||||
|
||||
var memoryLimit int64
|
||||
|
||||
if app.MemoryLimit.Valid {
|
||||
memoryLimit = app.MemoryLimit.Int64
|
||||
}
|
||||
|
||||
return docker.CreateContainerOptions{
|
||||
Name: "upaas-" + app.Name,
|
||||
Image: imageID.String(),
|
||||
Env: envMap,
|
||||
Labels: buildLabelMap(app, labels),
|
||||
Volumes: buildVolumeMounts(volumes),
|
||||
Ports: buildPortMappings(ports),
|
||||
Network: network,
|
||||
CPULimit: cpuLimit,
|
||||
MemoryLimit: memoryLimit,
|
||||
Name: "upaas-" + app.Name,
|
||||
Image: imageID.String(),
|
||||
Env: envMap,
|
||||
Labels: buildLabelMap(app, labels),
|
||||
Volumes: buildVolumeMounts(volumes),
|
||||
Ports: buildPortMappings(ports),
|
||||
Network: network,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,6 @@ package deploy_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"log/slog"
|
||||
"os"
|
||||
"testing"
|
||||
@@ -44,93 +43,3 @@ func TestBuildContainerOptionsUsesImageID(t *testing.T) {
|
||||
t.Errorf("expected Name=%q, got %q", "upaas-myapp", opts.Name)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildContainerOptionsNoResourceLimits(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db := database.NewTestDatabase(t)
|
||||
|
||||
app := models.NewApp(db)
|
||||
app.Name = "nolimits"
|
||||
|
||||
err := app.Save(context.Background())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to save app: %v", err)
|
||||
}
|
||||
|
||||
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
|
||||
svc := deploy.NewTestService(log)
|
||||
|
||||
opts, err := svc.BuildContainerOptionsExported(
|
||||
context.Background(), app, docker.ImageID("test:latest"),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("buildContainerOptions returned error: %v", err)
|
||||
}
|
||||
|
||||
if opts.CPULimit != 0 {
|
||||
t.Errorf("expected CPULimit=0, got %v", opts.CPULimit)
|
||||
}
|
||||
|
||||
if opts.MemoryLimit != 0 {
|
||||
t.Errorf("expected MemoryLimit=0, got %v", opts.MemoryLimit)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildContainerOptionsCPULimit(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db := database.NewTestDatabase(t)
|
||||
|
||||
app := models.NewApp(db)
|
||||
app.Name = "cpulimit"
|
||||
app.CPULimit = sql.NullFloat64{Float64: 0.5, Valid: true}
|
||||
|
||||
err := app.Save(context.Background())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to save app: %v", err)
|
||||
}
|
||||
|
||||
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
|
||||
svc := deploy.NewTestService(log)
|
||||
|
||||
opts, err := svc.BuildContainerOptionsExported(
|
||||
context.Background(), app, docker.ImageID("test:latest"),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("buildContainerOptions returned error: %v", err)
|
||||
}
|
||||
|
||||
if opts.CPULimit != 0.5 {
|
||||
t.Errorf("expected CPULimit=0.5, got %v", opts.CPULimit)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBuildContainerOptionsMemoryLimit(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
db := database.NewTestDatabase(t)
|
||||
|
||||
app := models.NewApp(db)
|
||||
app.Name = "memlimit"
|
||||
app.MemoryLimit = sql.NullInt64{Int64: 536870912, Valid: true} // 512m
|
||||
|
||||
err := app.Save(context.Background())
|
||||
if err != nil {
|
||||
t.Fatalf("failed to save app: %v", err)
|
||||
}
|
||||
|
||||
log := slog.New(slog.NewTextHandler(os.Stderr, nil))
|
||||
svc := deploy.NewTestService(log)
|
||||
|
||||
opts, err := svc.BuildContainerOptionsExported(
|
||||
context.Background(), app, docker.ImageID("test:latest"),
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("buildContainerOptions returned error: %v", err)
|
||||
}
|
||||
|
||||
if opts.MemoryLimit != 536870912 {
|
||||
t.Errorf("expected MemoryLimit=536870912, got %v", opts.MemoryLimit)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,248 +0,0 @@
|
||||
package webhook
|
||||
|
||||
import "encoding/json"
|
||||
|
||||
// GiteaPushPayload represents a Gitea push webhook payload.
|
||||
//
|
||||
//nolint:tagliatelle // Field names match Gitea API (snake_case)
|
||||
type GiteaPushPayload struct {
|
||||
Ref string `json:"ref"`
|
||||
Before string `json:"before"`
|
||||
After string `json:"after"`
|
||||
CompareURL UnparsedURL `json:"compare_url"`
|
||||
Repository struct {
|
||||
FullName string `json:"full_name"`
|
||||
CloneURL UnparsedURL `json:"clone_url"`
|
||||
SSHURL string `json:"ssh_url"`
|
||||
HTMLURL UnparsedURL `json:"html_url"`
|
||||
} `json:"repository"`
|
||||
Pusher struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
} `json:"pusher"`
|
||||
Commits []struct {
|
||||
ID string `json:"id"`
|
||||
URL UnparsedURL `json:"url"`
|
||||
Message string `json:"message"`
|
||||
Author struct {
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
} `json:"author"`
|
||||
} `json:"commits"`
|
||||
}
|
||||
|
||||
// GitHubPushPayload represents a GitHub push webhook payload.
|
||||
//
|
||||
//nolint:tagliatelle // Field names match GitHub API (snake_case)
|
||||
type GitHubPushPayload struct {
|
||||
Ref string `json:"ref"`
|
||||
Before string `json:"before"`
|
||||
After string `json:"after"`
|
||||
CompareURL string `json:"compare"`
|
||||
Repository struct {
|
||||
FullName string `json:"full_name"`
|
||||
CloneURL UnparsedURL `json:"clone_url"`
|
||||
SSHURL string `json:"ssh_url"`
|
||||
HTMLURL UnparsedURL `json:"html_url"`
|
||||
} `json:"repository"`
|
||||
Pusher struct {
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
} `json:"pusher"`
|
||||
HeadCommit *struct {
|
||||
ID string `json:"id"`
|
||||
URL UnparsedURL `json:"url"`
|
||||
Message string `json:"message"`
|
||||
} `json:"head_commit"`
|
||||
Commits []struct {
|
||||
ID string `json:"id"`
|
||||
URL UnparsedURL `json:"url"`
|
||||
Message string `json:"message"`
|
||||
Author struct {
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
} `json:"author"`
|
||||
} `json:"commits"`
|
||||
}
|
||||
|
||||
// GitLabPushPayload represents a GitLab push webhook payload.
|
||||
//
|
||||
//nolint:tagliatelle // Field names match GitLab API (snake_case)
|
||||
type GitLabPushPayload struct {
|
||||
Ref string `json:"ref"`
|
||||
Before string `json:"before"`
|
||||
After string `json:"after"`
|
||||
UserName string `json:"user_name"`
|
||||
UserEmail string `json:"user_email"`
|
||||
Project struct {
|
||||
PathWithNamespace string `json:"path_with_namespace"`
|
||||
GitHTTPURL UnparsedURL `json:"git_http_url"`
|
||||
GitSSHURL string `json:"git_ssh_url"`
|
||||
WebURL UnparsedURL `json:"web_url"`
|
||||
} `json:"project"`
|
||||
Commits []struct {
|
||||
ID string `json:"id"`
|
||||
URL UnparsedURL `json:"url"`
|
||||
Message string `json:"message"`
|
||||
Author struct {
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
} `json:"author"`
|
||||
} `json:"commits"`
|
||||
}
|
||||
|
||||
// ParsePushPayload parses a raw webhook payload into a normalized PushEvent
|
||||
// based on the detected webhook source. Returns an error if JSON unmarshaling
|
||||
// fails. For SourceUnknown, falls back to Gitea format for backward
|
||||
// compatibility.
|
||||
func ParsePushPayload(source Source, payload []byte) (*PushEvent, error) {
|
||||
switch source {
|
||||
case SourceGitHub:
|
||||
return parseGitHubPush(payload)
|
||||
case SourceGitLab:
|
||||
return parseGitLabPush(payload)
|
||||
case SourceGitea, SourceUnknown:
|
||||
// Gitea and unknown both use Gitea format for backward compatibility.
|
||||
return parseGiteaPush(payload)
|
||||
}
|
||||
|
||||
// Unreachable for known source values, but satisfies exhaustive checker.
|
||||
return parseGiteaPush(payload)
|
||||
}
|
||||
|
||||
func parseGiteaPush(payload []byte) (*PushEvent, error) {
|
||||
var p GiteaPushPayload
|
||||
|
||||
unmarshalErr := json.Unmarshal(payload, &p)
|
||||
if unmarshalErr != nil {
|
||||
return nil, unmarshalErr
|
||||
}
|
||||
|
||||
commitURL := extractGiteaCommitURL(p)
|
||||
|
||||
return &PushEvent{
|
||||
Source: SourceGitea,
|
||||
Ref: p.Ref,
|
||||
Before: p.Before,
|
||||
After: p.After,
|
||||
Branch: extractBranch(p.Ref),
|
||||
RepoName: p.Repository.FullName,
|
||||
CloneURL: p.Repository.CloneURL,
|
||||
HTMLURL: p.Repository.HTMLURL,
|
||||
CommitURL: commitURL,
|
||||
Pusher: p.Pusher.Username,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func parseGitHubPush(payload []byte) (*PushEvent, error) {
|
||||
var p GitHubPushPayload
|
||||
|
||||
unmarshalErr := json.Unmarshal(payload, &p)
|
||||
if unmarshalErr != nil {
|
||||
return nil, unmarshalErr
|
||||
}
|
||||
|
||||
commitURL := extractGitHubCommitURL(p)
|
||||
|
||||
return &PushEvent{
|
||||
Source: SourceGitHub,
|
||||
Ref: p.Ref,
|
||||
Before: p.Before,
|
||||
After: p.After,
|
||||
Branch: extractBranch(p.Ref),
|
||||
RepoName: p.Repository.FullName,
|
||||
CloneURL: p.Repository.CloneURL,
|
||||
HTMLURL: p.Repository.HTMLURL,
|
||||
CommitURL: commitURL,
|
||||
Pusher: p.Pusher.Name,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func parseGitLabPush(payload []byte) (*PushEvent, error) {
|
||||
var p GitLabPushPayload
|
||||
|
||||
unmarshalErr := json.Unmarshal(payload, &p)
|
||||
if unmarshalErr != nil {
|
||||
return nil, unmarshalErr
|
||||
}
|
||||
|
||||
commitURL := extractGitLabCommitURL(p)
|
||||
|
||||
return &PushEvent{
|
||||
Source: SourceGitLab,
|
||||
Ref: p.Ref,
|
||||
Before: p.Before,
|
||||
After: p.After,
|
||||
Branch: extractBranch(p.Ref),
|
||||
RepoName: p.Project.PathWithNamespace,
|
||||
CloneURL: p.Project.GitHTTPURL,
|
||||
HTMLURL: p.Project.WebURL,
|
||||
CommitURL: commitURL,
|
||||
Pusher: p.UserName,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// extractBranch extracts the branch name from a git ref.
|
||||
func extractBranch(ref string) string {
|
||||
// refs/heads/main -> main
|
||||
const prefix = "refs/heads/"
|
||||
|
||||
if len(ref) >= len(prefix) && ref[:len(prefix)] == prefix {
|
||||
return ref[len(prefix):]
|
||||
}
|
||||
|
||||
return ref
|
||||
}
|
||||
|
||||
// extractGiteaCommitURL extracts the commit URL from a Gitea push payload.
|
||||
// Prefers the URL from the head commit, falls back to constructing from repo URL.
|
||||
func extractGiteaCommitURL(payload GiteaPushPayload) UnparsedURL {
|
||||
for _, commit := range payload.Commits {
|
||||
if commit.ID == payload.After && commit.URL != "" {
|
||||
return commit.URL
|
||||
}
|
||||
}
|
||||
|
||||
if payload.Repository.HTMLURL != "" && payload.After != "" {
|
||||
return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
// extractGitHubCommitURL extracts the commit URL from a GitHub push payload.
|
||||
// Prefers head_commit.url, then searches commits, then constructs from repo URL.
|
||||
func extractGitHubCommitURL(payload GitHubPushPayload) UnparsedURL {
|
||||
if payload.HeadCommit != nil && payload.HeadCommit.URL != "" {
|
||||
return payload.HeadCommit.URL
|
||||
}
|
||||
|
||||
for _, commit := range payload.Commits {
|
||||
if commit.ID == payload.After && commit.URL != "" {
|
||||
return commit.URL
|
||||
}
|
||||
}
|
||||
|
||||
if payload.Repository.HTMLURL != "" && payload.After != "" {
|
||||
return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
// extractGitLabCommitURL extracts the commit URL from a GitLab push payload.
|
||||
// Prefers commit URL from the commits list, falls back to constructing from
|
||||
// project web URL.
|
||||
func extractGitLabCommitURL(payload GitLabPushPayload) UnparsedURL {
|
||||
for _, commit := range payload.Commits {
|
||||
if commit.ID == payload.After && commit.URL != "" {
|
||||
return commit.URL
|
||||
}
|
||||
}
|
||||
|
||||
if payload.Project.WebURL != "" && payload.After != "" {
|
||||
return UnparsedURL(payload.Project.WebURL.String() + "/-/commit/" + payload.After)
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
@@ -1,7 +1,5 @@
|
||||
package webhook
|
||||
|
||||
import "net/http"
|
||||
|
||||
// UnparsedURL is a URL stored as a plain string without parsing.
|
||||
// Use this instead of string when the value is known to be a URL
|
||||
// but should not be parsed into a net/url.URL (e.g. webhook URLs,
|
||||
@@ -10,84 +8,3 @@ type UnparsedURL string
|
||||
|
||||
// String implements the fmt.Stringer interface.
|
||||
func (u UnparsedURL) String() string { return string(u) }
|
||||
|
||||
// Source identifies which git hosting platform sent the webhook.
|
||||
type Source string
|
||||
|
||||
const (
|
||||
// SourceGitea indicates the webhook was sent by a Gitea instance.
|
||||
SourceGitea Source = "gitea"
|
||||
|
||||
// SourceGitHub indicates the webhook was sent by GitHub.
|
||||
SourceGitHub Source = "github"
|
||||
|
||||
// SourceGitLab indicates the webhook was sent by a GitLab instance.
|
||||
SourceGitLab Source = "gitlab"
|
||||
|
||||
// SourceUnknown indicates the webhook source could not be determined.
|
||||
SourceUnknown Source = "unknown"
|
||||
)
|
||||
|
||||
// String implements the fmt.Stringer interface.
|
||||
func (s Source) String() string { return string(s) }
|
||||
|
||||
// DetectWebhookSource determines the webhook source from HTTP headers.
|
||||
// It checks for platform-specific event headers in this order:
|
||||
// Gitea (X-Gitea-Event), GitHub (X-GitHub-Event), GitLab (X-Gitlab-Event).
|
||||
// Returns SourceUnknown if no recognized header is found.
|
||||
func DetectWebhookSource(headers http.Header) Source {
|
||||
if headers.Get("X-Gitea-Event") != "" {
|
||||
return SourceGitea
|
||||
}
|
||||
|
||||
if headers.Get("X-Github-Event") != "" {
|
||||
return SourceGitHub
|
||||
}
|
||||
|
||||
if headers.Get("X-Gitlab-Event") != "" {
|
||||
return SourceGitLab
|
||||
}
|
||||
|
||||
return SourceUnknown
|
||||
}
|
||||
|
||||
// DetectEventType extracts the event type string from HTTP headers
|
||||
// based on the detected webhook source. Returns "push" as a fallback
|
||||
// when no event header is found.
|
||||
func DetectEventType(headers http.Header, source Source) string {
|
||||
switch source {
|
||||
case SourceGitea:
|
||||
if v := headers.Get("X-Gitea-Event"); v != "" {
|
||||
return v
|
||||
}
|
||||
case SourceGitHub:
|
||||
if v := headers.Get("X-Github-Event"); v != "" {
|
||||
return v
|
||||
}
|
||||
case SourceGitLab:
|
||||
if v := headers.Get("X-Gitlab-Event"); v != "" {
|
||||
return v
|
||||
}
|
||||
case SourceUnknown:
|
||||
// Fall through to default
|
||||
}
|
||||
|
||||
return "push"
|
||||
}
|
||||
|
||||
// PushEvent is a normalized representation of a push webhook payload
|
||||
// from any supported source (Gitea, GitHub, GitLab). The webhook
|
||||
// service converts source-specific payloads into this format before
|
||||
// processing.
|
||||
type PushEvent struct {
|
||||
Source Source
|
||||
Ref string
|
||||
Before string
|
||||
After string
|
||||
Branch string
|
||||
RepoName string
|
||||
CloneURL UnparsedURL
|
||||
HTMLURL UnparsedURL
|
||||
CommitURL UnparsedURL
|
||||
Pusher string
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ package webhook
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
|
||||
@@ -43,46 +44,68 @@ func New(_ fx.Lifecycle, params ServiceParams) (*Service, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
// HandleWebhook processes a webhook request from any supported source
|
||||
// (Gitea, GitHub, or GitLab). The source parameter determines which
|
||||
// payload format to use for parsing.
|
||||
// GiteaPushPayload represents a Gitea push webhook payload.
|
||||
//
|
||||
//nolint:tagliatelle // Field names match Gitea API (snake_case)
|
||||
type GiteaPushPayload struct {
|
||||
Ref string `json:"ref"`
|
||||
Before string `json:"before"`
|
||||
After string `json:"after"`
|
||||
CompareURL UnparsedURL `json:"compare_url"`
|
||||
Repository struct {
|
||||
FullName string `json:"full_name"`
|
||||
CloneURL UnparsedURL `json:"clone_url"`
|
||||
SSHURL string `json:"ssh_url"`
|
||||
HTMLURL UnparsedURL `json:"html_url"`
|
||||
} `json:"repository"`
|
||||
Pusher struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
} `json:"pusher"`
|
||||
Commits []struct {
|
||||
ID string `json:"id"`
|
||||
URL UnparsedURL `json:"url"`
|
||||
Message string `json:"message"`
|
||||
Author struct {
|
||||
Name string `json:"name"`
|
||||
Email string `json:"email"`
|
||||
} `json:"author"`
|
||||
} `json:"commits"`
|
||||
}
|
||||
|
||||
// HandleWebhook processes a webhook request.
|
||||
func (svc *Service) HandleWebhook(
|
||||
ctx context.Context,
|
||||
app *models.App,
|
||||
source Source,
|
||||
eventType string,
|
||||
payload []byte,
|
||||
) error {
|
||||
svc.log.Info("processing webhook",
|
||||
"app", app.Name,
|
||||
"source", source.String(),
|
||||
"event", eventType,
|
||||
)
|
||||
svc.log.Info("processing webhook", "app", app.Name, "event", eventType)
|
||||
|
||||
// Parse payload into normalized push event
|
||||
pushEvent, parseErr := ParsePushPayload(source, payload)
|
||||
if parseErr != nil {
|
||||
svc.log.Warn("failed to parse webhook payload",
|
||||
"error", parseErr,
|
||||
"source", source.String(),
|
||||
)
|
||||
// Continue with empty push event to still log the webhook
|
||||
pushEvent = &PushEvent{Source: source}
|
||||
// Parse payload
|
||||
var pushPayload GiteaPushPayload
|
||||
|
||||
unmarshalErr := json.Unmarshal(payload, &pushPayload)
|
||||
if unmarshalErr != nil {
|
||||
svc.log.Warn("failed to parse webhook payload", "error", unmarshalErr)
|
||||
// Continue anyway to log the event
|
||||
}
|
||||
|
||||
// Extract branch from ref
|
||||
branch := extractBranch(pushPayload.Ref)
|
||||
commitSHA := pushPayload.After
|
||||
commitURL := extractCommitURL(pushPayload)
|
||||
|
||||
// Check if branch matches
|
||||
matched := pushEvent.Branch == app.Branch
|
||||
matched := branch == app.Branch
|
||||
|
||||
// Create webhook event record
|
||||
event := models.NewWebhookEvent(svc.db)
|
||||
event.AppID = app.ID
|
||||
event.EventType = eventType
|
||||
event.Branch = pushEvent.Branch
|
||||
event.CommitSHA = sql.NullString{String: pushEvent.After, Valid: pushEvent.After != ""}
|
||||
event.CommitURL = sql.NullString{
|
||||
String: pushEvent.CommitURL.String(),
|
||||
Valid: pushEvent.CommitURL != "",
|
||||
}
|
||||
event.Branch = branch
|
||||
event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""}
|
||||
event.CommitURL = sql.NullString{String: commitURL.String(), Valid: commitURL != ""}
|
||||
event.Payload = sql.NullString{String: string(payload), Valid: true}
|
||||
event.Matched = matched
|
||||
event.Processed = false
|
||||
@@ -94,10 +117,9 @@ func (svc *Service) HandleWebhook(
|
||||
|
||||
svc.log.Info("webhook event recorded",
|
||||
"app", app.Name,
|
||||
"source", source.String(),
|
||||
"branch", pushEvent.Branch,
|
||||
"branch", branch,
|
||||
"matched", matched,
|
||||
"commit", pushEvent.After,
|
||||
"commit", commitSHA,
|
||||
)
|
||||
|
||||
// If branch matches, trigger deployment
|
||||
@@ -132,3 +154,33 @@ func (svc *Service) triggerDeployment(
|
||||
_ = event.Save(deployCtx)
|
||||
}()
|
||||
}
|
||||
|
||||
// extractBranch extracts the branch name from a git ref.
|
||||
func extractBranch(ref string) string {
|
||||
// refs/heads/main -> main
|
||||
const prefix = "refs/heads/"
|
||||
|
||||
if len(ref) >= len(prefix) && ref[:len(prefix)] == prefix {
|
||||
return ref[len(prefix):]
|
||||
}
|
||||
|
||||
return ref
|
||||
}
|
||||
|
||||
// extractCommitURL extracts the commit URL from the webhook payload.
|
||||
// Prefers the URL from the head commit, falls back to constructing from repo URL.
|
||||
func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
|
||||
// Try to find the URL from the head commit (matching After SHA)
|
||||
for _, commit := range payload.Commits {
|
||||
if commit.ID == payload.After && commit.URL != "" {
|
||||
return commit.URL
|
||||
}
|
||||
}
|
||||
|
||||
// Fall back to constructing URL from repo HTML URL
|
||||
if payload.Repository.HTMLURL != "" && payload.After != "" {
|
||||
return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@ package webhook_test
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
@@ -103,114 +102,44 @@ func createTestApp(
|
||||
return app
|
||||
}
|
||||
|
||||
// TestDetectWebhookSource tests auto-detection of webhook source from HTTP headers.
|
||||
//
|
||||
//nolint:funlen // table-driven test with comprehensive test cases
|
||||
func TestDetectWebhookSource(testingT *testing.T) {
|
||||
func TestExtractBranch(testingT *testing.T) {
|
||||
testingT.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
headers map[string]string
|
||||
expected webhook.Source
|
||||
}{
|
||||
{
|
||||
name: "detects Gitea from X-Gitea-Event header",
|
||||
headers: map[string]string{"X-Gitea-Event": "push"},
|
||||
expected: webhook.SourceGitea,
|
||||
},
|
||||
{
|
||||
name: "detects GitHub from X-GitHub-Event header",
|
||||
headers: map[string]string{"X-GitHub-Event": "push"},
|
||||
expected: webhook.SourceGitHub,
|
||||
},
|
||||
{
|
||||
name: "detects GitLab from X-Gitlab-Event header",
|
||||
headers: map[string]string{"X-Gitlab-Event": "Push Hook"},
|
||||
expected: webhook.SourceGitLab,
|
||||
},
|
||||
{
|
||||
name: "returns unknown when no recognized header",
|
||||
headers: map[string]string{"Content-Type": "application/json"},
|
||||
expected: webhook.SourceUnknown,
|
||||
},
|
||||
{
|
||||
name: "returns unknown for empty headers",
|
||||
headers: map[string]string{},
|
||||
expected: webhook.SourceUnknown,
|
||||
},
|
||||
{
|
||||
name: "Gitea takes precedence over GitHub",
|
||||
headers: map[string]string{
|
||||
"X-Gitea-Event": "push",
|
||||
"X-GitHub-Event": "push",
|
||||
},
|
||||
expected: webhook.SourceGitea,
|
||||
},
|
||||
{
|
||||
name: "GitHub takes precedence over GitLab",
|
||||
headers: map[string]string{
|
||||
"X-GitHub-Event": "push",
|
||||
"X-Gitlab-Event": "Push Hook",
|
||||
},
|
||||
expected: webhook.SourceGitHub,
|
||||
},
|
||||
}
|
||||
|
||||
for _, testCase := range tests {
|
||||
testingT.Run(testCase.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
headers := http.Header{}
|
||||
for key, value := range testCase.headers {
|
||||
headers.Set(key, value)
|
||||
}
|
||||
|
||||
result := webhook.DetectWebhookSource(headers)
|
||||
assert.Equal(t, testCase.expected, result)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestDetectEventType tests event type extraction from HTTP headers.
|
||||
func TestDetectEventType(testingT *testing.T) {
|
||||
testingT.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
headers map[string]string
|
||||
source webhook.Source
|
||||
ref string
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
name: "extracts Gitea event type",
|
||||
headers: map[string]string{"X-Gitea-Event": "push"},
|
||||
source: webhook.SourceGitea,
|
||||
expected: "push",
|
||||
name: "extracts main branch",
|
||||
ref: "refs/heads/main",
|
||||
expected: "main",
|
||||
},
|
||||
{
|
||||
name: "extracts GitHub event type",
|
||||
headers: map[string]string{"X-GitHub-Event": "push"},
|
||||
source: webhook.SourceGitHub,
|
||||
expected: "push",
|
||||
name: "extracts feature branch",
|
||||
ref: "refs/heads/feature/new-feature",
|
||||
expected: "feature/new-feature",
|
||||
},
|
||||
{
|
||||
name: "extracts GitLab event type",
|
||||
headers: map[string]string{"X-Gitlab-Event": "Push Hook"},
|
||||
source: webhook.SourceGitLab,
|
||||
expected: "Push Hook",
|
||||
name: "extracts develop branch",
|
||||
ref: "refs/heads/develop",
|
||||
expected: "develop",
|
||||
},
|
||||
{
|
||||
name: "returns push for unknown source",
|
||||
headers: map[string]string{},
|
||||
source: webhook.SourceUnknown,
|
||||
expected: "push",
|
||||
name: "returns raw ref if no prefix",
|
||||
ref: "main",
|
||||
expected: "main",
|
||||
},
|
||||
{
|
||||
name: "returns push when header missing for source",
|
||||
headers: map[string]string{},
|
||||
source: webhook.SourceGitea,
|
||||
expected: "push",
|
||||
name: "handles empty ref",
|
||||
ref: "",
|
||||
expected: "",
|
||||
},
|
||||
{
|
||||
name: "handles partial prefix",
|
||||
ref: "refs/heads/",
|
||||
expected: "",
|
||||
},
|
||||
}
|
||||
|
||||
@@ -218,318 +147,123 @@ func TestDetectEventType(testingT *testing.T) {
|
||||
testingT.Run(testCase.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
headers := http.Header{}
|
||||
for key, value := range testCase.headers {
|
||||
headers.Set(key, value)
|
||||
}
|
||||
// We test via HandleWebhook since extractBranch is not exported.
|
||||
// The test verifies behavior indirectly through the webhook event's branch.
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
result := webhook.DetectEventType(headers, testCase.source)
|
||||
assert.Equal(t, testCase.expected, result)
|
||||
})
|
||||
}
|
||||
}
|
||||
app := createTestApp(t, dbInst, testCase.expected)
|
||||
|
||||
// TestWebhookSourceString tests the String method on WebhookSource.
|
||||
func TestWebhookSourceString(t *testing.T) {
|
||||
t.Parallel()
|
||||
payload := []byte(`{"ref": "` + testCase.ref + `"}`)
|
||||
|
||||
assert.Equal(t, "gitea", webhook.SourceGitea.String())
|
||||
assert.Equal(t, "github", webhook.SourceGitHub.String())
|
||||
assert.Equal(t, "gitlab", webhook.SourceGitLab.String())
|
||||
assert.Equal(t, "unknown", webhook.SourceUnknown.String())
|
||||
}
|
||||
|
||||
// TestUnparsedURLString tests the String method on UnparsedURL.
|
||||
func TestUnparsedURLString(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
u := webhook.UnparsedURL("https://example.com/test")
|
||||
assert.Equal(t, "https://example.com/test", u.String())
|
||||
|
||||
empty := webhook.UnparsedURL("")
|
||||
assert.Empty(t, empty.String())
|
||||
}
|
||||
|
||||
// TestParsePushPayloadGitea tests parsing of Gitea push payloads.
|
||||
func TestParsePushPayloadGitea(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"before": "0000000000000000000000000000000000000000",
|
||||
"after": "abc123def456789",
|
||||
"compare_url": "https://gitea.example.com/myorg/myrepo/compare/000...abc",
|
||||
"repository": {
|
||||
"full_name": "myorg/myrepo",
|
||||
"clone_url": "https://gitea.example.com/myorg/myrepo.git",
|
||||
"ssh_url": "git@gitea.example.com:myorg/myrepo.git",
|
||||
"html_url": "https://gitea.example.com/myorg/myrepo"
|
||||
},
|
||||
"pusher": {"username": "developer", "email": "dev@example.com"},
|
||||
"commits": [
|
||||
{
|
||||
"id": "abc123def456789",
|
||||
"url": "https://gitea.example.com/myorg/myrepo/commit/abc123def456789",
|
||||
"message": "Fix bug",
|
||||
"author": {"name": "Developer", "email": "dev@example.com"}
|
||||
}
|
||||
]
|
||||
}`)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitea, payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, webhook.SourceGitea, event.Source)
|
||||
assert.Equal(t, "refs/heads/main", event.Ref)
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.Equal(t, "abc123def456789", event.After)
|
||||
assert.Equal(t, "myorg/myrepo", event.RepoName)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo.git"), event.CloneURL)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo"), event.HTMLURL)
|
||||
assert.Equal(t,
|
||||
webhook.UnparsedURL("https://gitea.example.com/myorg/myrepo/commit/abc123def456789"),
|
||||
event.CommitURL,
|
||||
)
|
||||
assert.Equal(t, "developer", event.Pusher)
|
||||
}
|
||||
|
||||
// TestParsePushPayloadGitHub tests parsing of GitHub push payloads.
|
||||
func TestParsePushPayloadGitHub(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"before": "0000000000000000000000000000000000000000",
|
||||
"after": "abc123def456789",
|
||||
"compare": "https://github.com/myorg/myrepo/compare/000...abc",
|
||||
"repository": {
|
||||
"full_name": "myorg/myrepo",
|
||||
"clone_url": "https://github.com/myorg/myrepo.git",
|
||||
"ssh_url": "git@github.com:myorg/myrepo.git",
|
||||
"html_url": "https://github.com/myorg/myrepo"
|
||||
},
|
||||
"pusher": {"name": "developer", "email": "dev@example.com"},
|
||||
"head_commit": {
|
||||
"id": "abc123def456789",
|
||||
"url": "https://github.com/myorg/myrepo/commit/abc123def456789",
|
||||
"message": "Fix bug"
|
||||
},
|
||||
"commits": [
|
||||
{
|
||||
"id": "abc123def456789",
|
||||
"url": "https://github.com/myorg/myrepo/commit/abc123def456789",
|
||||
"message": "Fix bug",
|
||||
"author": {"name": "Developer", "email": "dev@example.com"}
|
||||
}
|
||||
]
|
||||
}`)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, webhook.SourceGitHub, event.Source)
|
||||
assert.Equal(t, "refs/heads/main", event.Ref)
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.Equal(t, "abc123def456789", event.After)
|
||||
assert.Equal(t, "myorg/myrepo", event.RepoName)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/myorg/myrepo.git"), event.CloneURL)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/myorg/myrepo"), event.HTMLURL)
|
||||
assert.Equal(t,
|
||||
webhook.UnparsedURL("https://github.com/myorg/myrepo/commit/abc123def456789"),
|
||||
event.CommitURL,
|
||||
)
|
||||
assert.Equal(t, "developer", event.Pusher)
|
||||
}
|
||||
|
||||
// TestParsePushPayloadGitLab tests parsing of GitLab push payloads.
|
||||
func TestParsePushPayloadGitLab(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/develop",
|
||||
"before": "0000000000000000000000000000000000000000",
|
||||
"after": "abc123def456789",
|
||||
"user_name": "developer",
|
||||
"user_email": "dev@example.com",
|
||||
"project": {
|
||||
"path_with_namespace": "mygroup/myproject",
|
||||
"git_http_url": "https://gitlab.com/mygroup/myproject.git",
|
||||
"git_ssh_url": "git@gitlab.com:mygroup/myproject.git",
|
||||
"web_url": "https://gitlab.com/mygroup/myproject"
|
||||
},
|
||||
"commits": [
|
||||
{
|
||||
"id": "abc123def456789",
|
||||
"url": "https://gitlab.com/mygroup/myproject/-/commit/abc123def456789",
|
||||
"message": "Fix bug",
|
||||
"author": {"name": "Developer", "email": "dev@example.com"}
|
||||
}
|
||||
]
|
||||
}`)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, webhook.SourceGitLab, event.Source)
|
||||
assert.Equal(t, "refs/heads/develop", event.Ref)
|
||||
assert.Equal(t, "develop", event.Branch)
|
||||
assert.Equal(t, "abc123def456789", event.After)
|
||||
assert.Equal(t, "mygroup/myproject", event.RepoName)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/mygroup/myproject.git"), event.CloneURL)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/mygroup/myproject"), event.HTMLURL)
|
||||
assert.Equal(t,
|
||||
webhook.UnparsedURL("https://gitlab.com/mygroup/myproject/-/commit/abc123def456789"),
|
||||
event.CommitURL,
|
||||
)
|
||||
assert.Equal(t, "developer", event.Pusher)
|
||||
}
|
||||
|
||||
// TestParsePushPayloadUnknownFallsBackToGitea tests that unknown source uses Gitea parser.
|
||||
func TestParsePushPayloadUnknownFallsBackToGitea(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "abc123",
|
||||
"repository": {"full_name": "user/repo"},
|
||||
"pusher": {"username": "user"}
|
||||
}`)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceUnknown, payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, webhook.SourceGitea, event.Source)
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.Equal(t, "abc123", event.After)
|
||||
}
|
||||
|
||||
// TestParsePushPayloadInvalidJSON tests that invalid JSON returns an error.
|
||||
func TestParsePushPayloadInvalidJSON(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
sources := []webhook.Source{
|
||||
webhook.SourceGitea,
|
||||
webhook.SourceGitHub,
|
||||
webhook.SourceGitLab,
|
||||
}
|
||||
|
||||
for _, source := range sources {
|
||||
t.Run(source.String(), func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
_, err := webhook.ParsePushPayload(source, []byte(`{invalid json}`))
|
||||
require.Error(t, err)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestParsePushPayloadEmptyPayload tests parsing of empty JSON objects.
|
||||
func TestParsePushPayloadEmptyPayload(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
sources := []webhook.Source{
|
||||
webhook.SourceGitea,
|
||||
webhook.SourceGitHub,
|
||||
webhook.SourceGitLab,
|
||||
}
|
||||
|
||||
for _, source := range sources {
|
||||
t.Run(source.String(), func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
event, err := webhook.ParsePushPayload(source, []byte(`{}`))
|
||||
err := svc.HandleWebhook(context.Background(), app, "push", payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Empty(t, event.Branch)
|
||||
assert.Empty(t, event.After)
|
||||
// Allow async deployment goroutine to complete before test cleanup
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
assert.Equal(t, testCase.expected, events[0].Branch)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestGitHubCommitURLFallback tests commit URL extraction fallback paths for GitHub.
|
||||
func TestGitHubCommitURLFallback(t *testing.T) {
|
||||
func TestHandleWebhookMatchingBranch(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("uses head_commit URL when available", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "abc123",
|
||||
"head_commit": {"id": "abc123", "url": "https://github.com/u/r/commit/abc123"},
|
||||
"repository": {"html_url": "https://github.com/u/r"}
|
||||
}`)
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL)
|
||||
})
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"before": "0000000000000000000000000000000000000000",
|
||||
"after": "abc123def456",
|
||||
"repository": {
|
||||
"full_name": "user/repo",
|
||||
"clone_url": "https://gitea.example.com/user/repo.git",
|
||||
"ssh_url": "git@gitea.example.com:user/repo.git"
|
||||
},
|
||||
"pusher": {"username": "testuser", "email": "test@example.com"},
|
||||
"commits": [{"id": "abc123def456", "message": "Test commit",
|
||||
"author": {"name": "Test User", "email": "test@example.com"}}]
|
||||
}`)
|
||||
|
||||
t.Run("falls back to commits list", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
err := svc.HandleWebhook(context.Background(), app, "push", payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "abc123",
|
||||
"commits": [{"id": "abc123", "url": "https://github.com/u/r/commit/abc123"}],
|
||||
"repository": {"html_url": "https://github.com/u/r"}
|
||||
}`)
|
||||
// Allow async deployment goroutine to complete before test cleanup
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL)
|
||||
})
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
t.Run("constructs URL from repo HTML URL", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "abc123",
|
||||
"repository": {"html_url": "https://github.com/u/r"}
|
||||
}`)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitHub, payload)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://github.com/u/r/commit/abc123"), event.CommitURL)
|
||||
})
|
||||
event := events[0]
|
||||
assert.Equal(t, "push", event.EventType)
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.True(t, event.Matched)
|
||||
assert.Equal(t, "abc123def456", event.CommitSHA.String)
|
||||
}
|
||||
|
||||
// TestGitLabCommitURLFallback tests commit URL extraction fallback paths for GitLab.
|
||||
func TestGitLabCommitURLFallback(t *testing.T) {
|
||||
func TestHandleWebhookNonMatchingBranch(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("uses commit URL from list", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "abc123",
|
||||
"project": {"web_url": "https://gitlab.com/g/p"},
|
||||
"commits": [{"id": "abc123", "url": "https://gitlab.com/g/p/-/commit/abc123"}]
|
||||
}`)
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/g/p/-/commit/abc123"), event.CommitURL)
|
||||
})
|
||||
payload := []byte(`{"ref": "refs/heads/develop", "after": "def789ghi012"}`)
|
||||
|
||||
t.Run("constructs URL from project web URL", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
err := svc.HandleWebhook(context.Background(), app, "push", payload)
|
||||
require.NoError(t, err)
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "abc123",
|
||||
"project": {"web_url": "https://gitlab.com/g/p"}
|
||||
}`)
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
event, err := webhook.ParsePushPayload(webhook.SourceGitLab, payload)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, webhook.UnparsedURL("https://gitlab.com/g/p/-/commit/abc123"), event.CommitURL)
|
||||
})
|
||||
assert.Equal(t, "develop", events[0].Branch)
|
||||
assert.False(t, events[0].Matched)
|
||||
}
|
||||
|
||||
func TestHandleWebhookInvalidJSON(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
err := svc.HandleWebhook(context.Background(), app, "push", []byte(`{invalid json}`))
|
||||
require.NoError(t, err)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
}
|
||||
|
||||
func TestHandleWebhookEmptyPayload(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
err := svc.HandleWebhook(context.Background(), app, "push", []byte(`{}`))
|
||||
require.NoError(t, err)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
assert.False(t, events[0].Matched)
|
||||
}
|
||||
|
||||
// TestGiteaPushPayloadParsing tests direct deserialization of the Gitea payload struct.
|
||||
func TestGiteaPushPayloadParsing(testingT *testing.T) {
|
||||
testingT.Parallel()
|
||||
|
||||
@@ -588,354 +322,6 @@ func TestGiteaPushPayloadParsing(testingT *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
// TestGitHubPushPayloadParsing tests direct deserialization of the GitHub payload struct.
|
||||
func TestGitHubPushPayloadParsing(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"before": "0000000000",
|
||||
"after": "abc123",
|
||||
"compare": "https://github.com/o/r/compare/000...abc",
|
||||
"repository": {
|
||||
"full_name": "o/r",
|
||||
"clone_url": "https://github.com/o/r.git",
|
||||
"ssh_url": "git@github.com:o/r.git",
|
||||
"html_url": "https://github.com/o/r"
|
||||
},
|
||||
"pusher": {"name": "octocat", "email": "octocat@github.com"},
|
||||
"head_commit": {
|
||||
"id": "abc123",
|
||||
"url": "https://github.com/o/r/commit/abc123",
|
||||
"message": "Update README"
|
||||
},
|
||||
"commits": [
|
||||
{
|
||||
"id": "abc123",
|
||||
"url": "https://github.com/o/r/commit/abc123",
|
||||
"message": "Update README",
|
||||
"author": {"name": "Octocat", "email": "octocat@github.com"}
|
||||
}
|
||||
]
|
||||
}`)
|
||||
|
||||
var p webhook.GitHubPushPayload
|
||||
|
||||
err := json.Unmarshal(payload, &p)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, "refs/heads/main", p.Ref)
|
||||
assert.Equal(t, "abc123", p.After)
|
||||
assert.Equal(t, "o/r", p.Repository.FullName)
|
||||
assert.Equal(t, "octocat", p.Pusher.Name)
|
||||
assert.NotNil(t, p.HeadCommit)
|
||||
assert.Equal(t, "abc123", p.HeadCommit.ID)
|
||||
assert.Len(t, p.Commits, 1)
|
||||
}
|
||||
|
||||
// TestGitLabPushPayloadParsing tests direct deserialization of the GitLab payload struct.
|
||||
func TestGitLabPushPayloadParsing(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"before": "0000000000",
|
||||
"after": "abc123",
|
||||
"user_name": "gitlab-user",
|
||||
"user_email": "user@gitlab.com",
|
||||
"project": {
|
||||
"path_with_namespace": "group/project",
|
||||
"git_http_url": "https://gitlab.com/group/project.git",
|
||||
"git_ssh_url": "git@gitlab.com:group/project.git",
|
||||
"web_url": "https://gitlab.com/group/project"
|
||||
},
|
||||
"commits": [
|
||||
{
|
||||
"id": "abc123",
|
||||
"url": "https://gitlab.com/group/project/-/commit/abc123",
|
||||
"message": "Fix pipeline",
|
||||
"author": {"name": "GitLab User", "email": "user@gitlab.com"}
|
||||
}
|
||||
]
|
||||
}`)
|
||||
|
||||
var p webhook.GitLabPushPayload
|
||||
|
||||
err := json.Unmarshal(payload, &p)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, "refs/heads/main", p.Ref)
|
||||
assert.Equal(t, "abc123", p.After)
|
||||
assert.Equal(t, "group/project", p.Project.PathWithNamespace)
|
||||
assert.Equal(t, "gitlab-user", p.UserName)
|
||||
assert.Len(t, p.Commits, 1)
|
||||
}
|
||||
|
||||
// TestExtractBranch tests branch extraction via HandleWebhook integration (extractBranch is unexported).
|
||||
//
|
||||
//nolint:funlen // table-driven test with comprehensive test cases
|
||||
func TestExtractBranch(testingT *testing.T) {
|
||||
testingT.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
ref string
|
||||
expected string
|
||||
}{
|
||||
{
|
||||
name: "extracts main branch",
|
||||
ref: "refs/heads/main",
|
||||
expected: "main",
|
||||
},
|
||||
{
|
||||
name: "extracts feature branch",
|
||||
ref: "refs/heads/feature/new-feature",
|
||||
expected: "feature/new-feature",
|
||||
},
|
||||
{
|
||||
name: "extracts develop branch",
|
||||
ref: "refs/heads/develop",
|
||||
expected: "develop",
|
||||
},
|
||||
{
|
||||
name: "returns raw ref if no prefix",
|
||||
ref: "main",
|
||||
expected: "main",
|
||||
},
|
||||
{
|
||||
name: "handles empty ref",
|
||||
ref: "",
|
||||
expected: "",
|
||||
},
|
||||
{
|
||||
name: "handles partial prefix",
|
||||
ref: "refs/heads/",
|
||||
expected: "",
|
||||
},
|
||||
}
|
||||
|
||||
for _, testCase := range tests {
|
||||
testingT.Run(testCase.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// We test via HandleWebhook since extractBranch is not exported.
|
||||
// The test verifies behavior indirectly through the webhook event's branch.
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, testCase.expected)
|
||||
|
||||
payload := []byte(`{"ref": "` + testCase.ref + `"}`)
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitea, "push", payload,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Allow async deployment goroutine to complete before test cleanup
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
assert.Equal(t, testCase.expected, events[0].Branch)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandleWebhookMatchingBranch(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"before": "0000000000000000000000000000000000000000",
|
||||
"after": "abc123def456",
|
||||
"repository": {
|
||||
"full_name": "user/repo",
|
||||
"clone_url": "https://gitea.example.com/user/repo.git",
|
||||
"ssh_url": "git@gitea.example.com:user/repo.git"
|
||||
},
|
||||
"pusher": {"username": "testuser", "email": "test@example.com"},
|
||||
"commits": [{"id": "abc123def456", "message": "Test commit",
|
||||
"author": {"name": "Test User", "email": "test@example.com"}}]
|
||||
}`)
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitea, "push", payload,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Allow async deployment goroutine to complete before test cleanup
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
event := events[0]
|
||||
assert.Equal(t, "push", event.EventType)
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.True(t, event.Matched)
|
||||
assert.Equal(t, "abc123def456", event.CommitSHA.String)
|
||||
}
|
||||
|
||||
func TestHandleWebhookNonMatchingBranch(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
payload := []byte(`{"ref": "refs/heads/develop", "after": "def789ghi012"}`)
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitea, "push", payload,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
assert.Equal(t, "develop", events[0].Branch)
|
||||
assert.False(t, events[0].Matched)
|
||||
}
|
||||
|
||||
func TestHandleWebhookInvalidJSON(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitea, "push", []byte(`{invalid json}`),
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
}
|
||||
|
||||
func TestHandleWebhookEmptyPayload(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitea, "push", []byte(`{}`),
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
assert.False(t, events[0].Matched)
|
||||
}
|
||||
|
||||
// TestHandleWebhookGitHubSource tests HandleWebhook with a GitHub push payload.
|
||||
func TestHandleWebhookGitHubSource(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "github123",
|
||||
"repository": {
|
||||
"full_name": "org/repo",
|
||||
"clone_url": "https://github.com/org/repo.git",
|
||||
"html_url": "https://github.com/org/repo"
|
||||
},
|
||||
"pusher": {"name": "octocat", "email": "octocat@github.com"},
|
||||
"head_commit": {
|
||||
"id": "github123",
|
||||
"url": "https://github.com/org/repo/commit/github123",
|
||||
"message": "Update feature"
|
||||
}
|
||||
}`)
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitHub, "push", payload,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Allow async deployment goroutine to complete before test cleanup
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
event := events[0]
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.True(t, event.Matched)
|
||||
assert.Equal(t, "github123", event.CommitSHA.String)
|
||||
assert.Equal(t, "https://github.com/org/repo/commit/github123", event.CommitURL.String)
|
||||
}
|
||||
|
||||
// TestHandleWebhookGitLabSource tests HandleWebhook with a GitLab push payload.
|
||||
func TestHandleWebhookGitLabSource(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
svc, dbInst, cleanup := setupTestService(t)
|
||||
defer cleanup()
|
||||
|
||||
app := createTestApp(t, dbInst, "main")
|
||||
|
||||
payload := []byte(`{
|
||||
"ref": "refs/heads/main",
|
||||
"after": "gitlab456",
|
||||
"user_name": "gitlab-dev",
|
||||
"user_email": "dev@gitlab.com",
|
||||
"project": {
|
||||
"path_with_namespace": "group/project",
|
||||
"git_http_url": "https://gitlab.com/group/project.git",
|
||||
"web_url": "https://gitlab.com/group/project"
|
||||
},
|
||||
"commits": [
|
||||
{
|
||||
"id": "gitlab456",
|
||||
"url": "https://gitlab.com/group/project/-/commit/gitlab456",
|
||||
"message": "Deploy fix"
|
||||
}
|
||||
]
|
||||
}`)
|
||||
|
||||
err := svc.HandleWebhook(
|
||||
context.Background(), app, webhook.SourceGitLab, "push", payload,
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Allow async deployment goroutine to complete before test cleanup
|
||||
time.Sleep(100 * time.Millisecond)
|
||||
|
||||
events, err := app.GetWebhookEvents(context.Background(), 10)
|
||||
require.NoError(t, err)
|
||||
require.Len(t, events, 1)
|
||||
|
||||
event := events[0]
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.True(t, event.Matched)
|
||||
assert.Equal(t, "gitlab456", event.CommitSHA.String)
|
||||
assert.Equal(t, "https://gitlab.com/group/project/-/commit/gitlab456", event.CommitURL.String)
|
||||
}
|
||||
|
||||
// TestSetupTestService verifies the test helper creates a working test service.
|
||||
func TestSetupTestService(testingT *testing.T) {
|
||||
testingT.Parallel()
|
||||
@@ -955,25 +341,3 @@ func TestSetupTestService(testingT *testing.T) {
|
||||
require.NoError(t, err)
|
||||
})
|
||||
}
|
||||
|
||||
// TestPushEventConstruction tests that PushEvent can be constructed directly.
|
||||
func TestPushEventConstruction(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
event := webhook.PushEvent{
|
||||
Source: webhook.SourceGitHub,
|
||||
Ref: "refs/heads/main",
|
||||
Before: "000",
|
||||
After: "abc",
|
||||
Branch: "main",
|
||||
RepoName: "org/repo",
|
||||
CloneURL: webhook.UnparsedURL("https://github.com/org/repo.git"),
|
||||
HTMLURL: webhook.UnparsedURL("https://github.com/org/repo"),
|
||||
CommitURL: webhook.UnparsedURL("https://github.com/org/repo/commit/abc"),
|
||||
Pusher: "user",
|
||||
}
|
||||
|
||||
assert.Equal(t, "main", event.Branch)
|
||||
assert.Equal(t, webhook.SourceGitHub, event.Source)
|
||||
assert.Equal(t, "abc", event.After)
|
||||
}
|
||||
|
||||
121
script/bootstrap
121
script/bootstrap
@@ -1,121 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/bootstrap: install all dependencies needed to build and develop
|
||||
# this repo. Idempotent: every install is guarded by a check so already
|
||||
# installed tools are skipped. Base tooling comes from nix, apt, brew,
|
||||
# or apk (detected in that order); assumes NOTHING is present (not git,
|
||||
# make, or go). golangci-lint is packaged in nix, brew, and apk; on apt
|
||||
# it is installed from a hash-verified GitHub release archive (never
|
||||
# curl | sh).
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
# Pinned versions, 2026-07-07. Never "latest"; exact versions only.
|
||||
GOLANGCI_LINT_VERSION="2.10.1"
|
||||
# sha256 of golangci-lint-2.10.1-linux-<arch>.tar.gz release archives
|
||||
GOLANGCI_LINT_SHA256_AMD64="dfa775874cf0561b404a02a8f4481fc69b28091da95aa697259820d429b09c99"
|
||||
GOLANGCI_LINT_SHA256_ARM64="6652b42ae02915eb2f9cb2a2e0cac99514c8eded8388d88ae3e06e1a52c00de8"
|
||||
|
||||
PKGMGR=""
|
||||
SUDO=""
|
||||
|
||||
detect_pkgmgr() {
|
||||
[ -n "$PKGMGR" ] && return 0
|
||||
if command -v nix-env >/dev/null 2>&1; then
|
||||
PKGMGR="nix"
|
||||
elif command -v apt-get >/dev/null 2>&1; then
|
||||
PKGMGR="apt"
|
||||
elif command -v brew >/dev/null 2>&1; then
|
||||
PKGMGR="brew"
|
||||
elif command -v apk >/dev/null 2>&1; then
|
||||
PKGMGR="apk"
|
||||
else
|
||||
echo "bootstrap: no supported package manager (nix, apt, brew, apk)" >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ "$PKGMGR" = "apt" ]; then
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
SUDO="sudo"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# pkg_install <nix-attr> <apt-pkg> <brew-formula> <apk-pkg>
|
||||
pkg_install() {
|
||||
detect_pkgmgr
|
||||
case "$PKGMGR" in
|
||||
nix) nix-env -iA "nixpkgs.$1" ;;
|
||||
apt) $SUDO env DEBIAN_FRONTEND=noninteractive apt-get install -y "$2" ;;
|
||||
brew) brew install "$3" ;;
|
||||
apk) apk add --no-cache "$4" ;;
|
||||
esac
|
||||
}
|
||||
|
||||
missing() {
|
||||
! command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# verify_sha256 <file> <expected-hash>
|
||||
verify_sha256() {
|
||||
if command -v sha256sum >/dev/null 2>&1; then
|
||||
actual="$(sha256sum "$1" | cut -d' ' -f1)"
|
||||
else
|
||||
actual="$(shasum -a 256 "$1" | cut -d' ' -f1)"
|
||||
fi
|
||||
if [ "$actual" != "$2" ]; then
|
||||
echo "bootstrap: sha256 mismatch for $1" >&2
|
||||
echo " expected: $2" >&2
|
||||
echo " actual: $actual" >&2
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# apt has no golangci-lint package: install a pinned release archive
|
||||
# from GitHub, verified by hardcoded sha256 (never curl | sh).
|
||||
install_golangci_lint_release() {
|
||||
case "$(uname -m)" in
|
||||
x86_64) goarch="amd64"; sha="$GOLANGCI_LINT_SHA256_AMD64" ;;
|
||||
aarch64|arm64) goarch="arm64"; sha="$GOLANGCI_LINT_SHA256_ARM64" ;;
|
||||
*)
|
||||
echo "bootstrap: unsupported architecture $(uname -m)" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
if missing curl; then pkg_install curl curl curl curl; fi
|
||||
name="golangci-lint-${GOLANGCI_LINT_VERSION}-linux-${goarch}"
|
||||
tmp="$(mktemp -d)"
|
||||
curl -fsSL -o "$tmp/$name.tar.gz" \
|
||||
"https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/${name}.tar.gz"
|
||||
verify_sha256 "$tmp/$name.tar.gz" "$sha"
|
||||
tar -xzf "$tmp/$name.tar.gz" -C "$tmp"
|
||||
$SUDO install -m 0755 "$tmp/$name/golangci-lint" /usr/local/bin/golangci-lint
|
||||
rm -rf "$tmp"
|
||||
}
|
||||
|
||||
ensure_golangci_lint() {
|
||||
if ! missing golangci-lint; then return 0; fi
|
||||
detect_pkgmgr
|
||||
case "$PKGMGR" in
|
||||
apt) install_golangci_lint_release ;;
|
||||
*) pkg_install golangci-lint golangci-lint golangci-lint golangci-lint ;;
|
||||
esac
|
||||
}
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
|
||||
# Base tooling
|
||||
if missing git; then pkg_install git git git git; fi
|
||||
if missing make; then pkg_install gnumake make make make; fi
|
||||
|
||||
# Go toolchain and linter
|
||||
if missing go; then pkg_install go golang go go; fi
|
||||
ensure_golangci_lint
|
||||
|
||||
go mod download
|
||||
|
||||
echo "bootstrap complete"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
15
script/check
15
script/check
@@ -1,15 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/check: run all checks (test, lint, fmt-check). Our own
|
||||
# extension to scripts-to-rule-them-all. Must not modify any files.
|
||||
# Generic: usually needs no adaptation.
|
||||
set -eu
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
||||
|
||||
main() {
|
||||
"$SCRIPT_DIR/test"
|
||||
"$SCRIPT_DIR/lint"
|
||||
"$SCRIPT_DIR/fmt-check"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -1,15 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/cibuild: run the CI build. The Dockerfile runs the checks
|
||||
# (make fmt-check, lint, test), so a successful build implies a green
|
||||
# repo. Generic: needs no adaptation. The Gitea workflow runs this on
|
||||
# push.
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
docker build .
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -1,15 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/docker: build the Docker image tagged with the project name.
|
||||
# Identical in all repos; the tag comes from script/projectname.
|
||||
# Generic: needs no adaptation.
|
||||
set -eu
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
||||
ROOT="$(cd "$SCRIPT_DIR/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
docker build -t "$("$SCRIPT_DIR/projectname")" .
|
||||
}
|
||||
|
||||
main "$@"
|
||||
14
script/fmt
14
script/fmt
@@ -1,14 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/fmt: format all files (writes).
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
gofmt -s -w .
|
||||
goimports -w .
|
||||
npx prettier --write --tab-width 4 static/js/*.js
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -1,17 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/fmt-check: check formatting (read-only). Same scope as
|
||||
# script/fmt, but fails instead of writing.
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
if [ -n "$(gofmt -l .)" ]; then
|
||||
echo "Files not formatted:"
|
||||
gofmt -l .
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -1,16 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/install-precommit: install the git pre-commit hook that runs
|
||||
# script/precommit. Our own extension to scripts-to-rule-them-all.
|
||||
# Generic: needs no adaptation.
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
printf '#!/bin/sh\nset -e\nscript/precommit\n' > .git/hooks/pre-commit
|
||||
chmod +x .git/hooks/pre-commit
|
||||
echo "pre-commit hook installed: runs script/precommit"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
12
script/lint
12
script/lint
@@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/lint: run the linter.
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
golangci-lint run --config .golangci.yml ./...
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -1,21 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/precommit: run by the git pre-commit hook; fails the commit if
|
||||
# checks fail. Our own extension to scripts-to-rule-them-all. Go repo
|
||||
# extras: go mod tidy must not change go.mod/go.sum.
|
||||
set -eu
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
||||
ROOT="$(cd "$SCRIPT_DIR/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
go mod tidy
|
||||
git diff --exit-code -- go.mod go.sum || {
|
||||
echo "precommit: go mod tidy changed go.mod/go.sum;" \
|
||||
"stage the changes and retry" >&2
|
||||
exit 1
|
||||
}
|
||||
"$SCRIPT_DIR/check"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/projectname: output the name of this project. Our own
|
||||
# extension to scripts-to-rule-them-all. Other scripts that need the
|
||||
# name (e.g. script/docker) call this, so they can stay identical
|
||||
# across all repos.
|
||||
set -eu
|
||||
|
||||
main() {
|
||||
echo "upaas"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
14
script/setup
14
script/setup
@@ -1,14 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/setup: set up the repo for development after a fresh clone:
|
||||
# installs dependencies (script/bootstrap) and the git pre-commit hook.
|
||||
# Add any repo-specific initialization (db init, .env template) here.
|
||||
set -eu
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
||||
|
||||
main() {
|
||||
"$SCRIPT_DIR/bootstrap"
|
||||
"$SCRIPT_DIR/install-precommit"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
12
script/test
12
script/test
@@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
# script/test: run the test suite.
|
||||
set -eu
|
||||
|
||||
ROOT="$(cd "$(dirname "$0")/.." && pwd -P)"
|
||||
|
||||
main() {
|
||||
cd "$ROOT"
|
||||
go test -v -race -cover -timeout 30s ./...
|
||||
}
|
||||
|
||||
main "$@"
|
||||
@@ -6,312 +6,189 @@
|
||||
*/
|
||||
|
||||
document.addEventListener("alpine:init", () => {
|
||||
// ============================================
|
||||
// Environment Variable Editor Component
|
||||
// ============================================
|
||||
Alpine.data("envVarEditor", (appId) => ({
|
||||
vars: [],
|
||||
editIdx: -1,
|
||||
editKey: "",
|
||||
editVal: "",
|
||||
appId: appId,
|
||||
Alpine.data("appDetail", (config) => ({
|
||||
appId: config.appId,
|
||||
currentDeploymentId: config.initialDeploymentId,
|
||||
appStatus: config.initialStatus || "unknown",
|
||||
containerLogs: "Loading container logs...",
|
||||
containerStatus: "unknown",
|
||||
buildLogs: config.initialDeploymentId
|
||||
? "Loading build logs..."
|
||||
: "No deployments yet",
|
||||
buildStatus: config.initialBuildStatus || "unknown",
|
||||
showBuildLogs: !!config.initialDeploymentId,
|
||||
deploying: false,
|
||||
deployments: [],
|
||||
// Track whether user wants auto-scroll (per log pane)
|
||||
_containerAutoScroll: true,
|
||||
_buildAutoScroll: true,
|
||||
_pollTimer: null,
|
||||
|
||||
init() {
|
||||
this.vars = Array.from(this.$el.querySelectorAll(".env-init")).map(
|
||||
(span) => ({
|
||||
key: span.dataset.key,
|
||||
value: span.dataset.value,
|
||||
}),
|
||||
);
|
||||
},
|
||||
init() {
|
||||
this.deploying = Alpine.store("utils").isDeploying(this.appStatus);
|
||||
this.fetchAll();
|
||||
this._schedulePoll();
|
||||
|
||||
startEdit(i) {
|
||||
this.editIdx = i;
|
||||
this.editKey = this.vars[i].key;
|
||||
this.editVal = this.vars[i].value;
|
||||
},
|
||||
// Set up scroll listeners after DOM is ready
|
||||
this.$nextTick(() => {
|
||||
this._initScrollTracking(this.$refs.containerLogsWrapper, '_containerAutoScroll');
|
||||
this._initScrollTracking(this.$refs.buildLogsWrapper, '_buildAutoScroll');
|
||||
});
|
||||
},
|
||||
|
||||
saveEdit(i) {
|
||||
this.vars[i] = { key: this.editKey, value: this.editVal };
|
||||
this.editIdx = -1;
|
||||
this.submitAll();
|
||||
},
|
||||
_schedulePoll() {
|
||||
if (this._pollTimer) clearTimeout(this._pollTimer);
|
||||
const interval = Alpine.store("utils").isDeploying(this.appStatus) ? 1000 : 10000;
|
||||
this._pollTimer = setTimeout(() => {
|
||||
this.fetchAll();
|
||||
this._schedulePoll();
|
||||
}, interval);
|
||||
},
|
||||
|
||||
removeVar(i) {
|
||||
if (!window.confirm("Delete this environment variable?")) {
|
||||
return;
|
||||
}
|
||||
_initScrollTracking(el, flag) {
|
||||
if (!el) return;
|
||||
el.addEventListener('scroll', () => {
|
||||
this[flag] = Alpine.store("utils").isScrolledToBottom(el);
|
||||
}, { passive: true });
|
||||
},
|
||||
|
||||
this.vars.splice(i, 1);
|
||||
this.submitAll();
|
||||
},
|
||||
fetchAll() {
|
||||
this.fetchAppStatus();
|
||||
// Only fetch logs when the respective pane is visible
|
||||
if (this.$refs.containerLogsWrapper && this._isElementVisible(this.$refs.containerLogsWrapper)) {
|
||||
this.fetchContainerLogs();
|
||||
}
|
||||
if (this.showBuildLogs && this.$refs.buildLogsWrapper && this._isElementVisible(this.$refs.buildLogsWrapper)) {
|
||||
this.fetchBuildLogs();
|
||||
}
|
||||
this.fetchRecentDeployments();
|
||||
},
|
||||
|
||||
addVar(keyEl, valEl) {
|
||||
const k = keyEl.value.trim();
|
||||
const v = valEl.value.trim();
|
||||
_isElementVisible(el) {
|
||||
if (!el) return false;
|
||||
// Check if element is in viewport (roughly)
|
||||
const rect = el.getBoundingClientRect();
|
||||
return rect.bottom > 0 && rect.top < window.innerHeight;
|
||||
},
|
||||
|
||||
if (!k) {
|
||||
return;
|
||||
}
|
||||
async fetchAppStatus() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/status`);
|
||||
const data = await res.json();
|
||||
const wasDeploying = this.deploying;
|
||||
this.appStatus = data.status;
|
||||
this.deploying = Alpine.store("utils").isDeploying(data.status);
|
||||
|
||||
this.vars.push({ key: k, value: v });
|
||||
this.submitAll();
|
||||
},
|
||||
// Re-schedule polling when deployment state changes
|
||||
if (this.deploying !== wasDeploying) {
|
||||
this._schedulePoll();
|
||||
}
|
||||
|
||||
submitAll() {
|
||||
const csrfInput = this.$el.querySelector(
|
||||
'input[name="gorilla.csrf.Token"]',
|
||||
);
|
||||
const csrfToken = csrfInput ? csrfInput.value : "";
|
||||
if (
|
||||
data.latestDeploymentID &&
|
||||
data.latestDeploymentID !== this.currentDeploymentId
|
||||
) {
|
||||
this.currentDeploymentId = data.latestDeploymentID;
|
||||
this.showBuildLogs = true;
|
||||
this.fetchBuildLogs();
|
||||
}
|
||||
} catch (err) {
|
||||
console.error("Status fetch error:", err);
|
||||
}
|
||||
},
|
||||
|
||||
fetch("/apps/" + this.appId + "/env", {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
"X-CSRF-Token": csrfToken,
|
||||
},
|
||||
body: JSON.stringify(
|
||||
this.vars.map((e) => ({ key: e.key, value: e.value })),
|
||||
),
|
||||
})
|
||||
.then((res) => {
|
||||
if (res.ok) {
|
||||
window.location.reload();
|
||||
return;
|
||||
}
|
||||
res.json()
|
||||
.then((data) => {
|
||||
window.alert(
|
||||
data.error ||
|
||||
"Failed to save environment variables.",
|
||||
);
|
||||
})
|
||||
.catch(() => {
|
||||
window.alert(
|
||||
"Failed to save environment variables.",
|
||||
);
|
||||
});
|
||||
})
|
||||
.catch(() => {
|
||||
window.alert(
|
||||
"Network error: could not save environment variables.",
|
||||
);
|
||||
});
|
||||
},
|
||||
}));
|
||||
async fetchContainerLogs() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/container-logs`);
|
||||
const data = await res.json();
|
||||
const newLogs = data.logs || "No logs available";
|
||||
const changed = newLogs !== this.containerLogs;
|
||||
this.containerLogs = newLogs;
|
||||
this.containerStatus = data.status;
|
||||
if (changed && this._containerAutoScroll) {
|
||||
this.$nextTick(() => {
|
||||
Alpine.store("utils").scrollToBottom(this.$refs.containerLogsWrapper);
|
||||
});
|
||||
}
|
||||
} catch (err) {
|
||||
this.containerLogs = "Failed to fetch logs";
|
||||
}
|
||||
},
|
||||
|
||||
// ============================================
|
||||
// App Detail Page Component
|
||||
// ============================================
|
||||
Alpine.data("appDetail", (config) => ({
|
||||
appId: config.appId,
|
||||
currentDeploymentId: config.initialDeploymentId,
|
||||
appStatus: config.initialStatus || "unknown",
|
||||
containerLogs: "Loading container logs...",
|
||||
containerStatus: "unknown",
|
||||
buildLogs: config.initialDeploymentId
|
||||
? "Loading build logs..."
|
||||
: "No deployments yet",
|
||||
buildStatus: config.initialBuildStatus || "unknown",
|
||||
showBuildLogs: !!config.initialDeploymentId,
|
||||
deploying: false,
|
||||
deployments: [],
|
||||
// Track whether user wants auto-scroll (per log pane)
|
||||
_containerAutoScroll: true,
|
||||
_buildAutoScroll: true,
|
||||
_pollTimer: null,
|
||||
async fetchBuildLogs() {
|
||||
if (!this.currentDeploymentId) return;
|
||||
try {
|
||||
const res = await fetch(
|
||||
`/apps/${this.appId}/deployments/${this.currentDeploymentId}/logs`,
|
||||
);
|
||||
const data = await res.json();
|
||||
const newLogs = data.logs || "No build logs available";
|
||||
const changed = newLogs !== this.buildLogs;
|
||||
this.buildLogs = newLogs;
|
||||
this.buildStatus = data.status;
|
||||
if (changed && this._buildAutoScroll) {
|
||||
this.$nextTick(() => {
|
||||
Alpine.store("utils").scrollToBottom(this.$refs.buildLogsWrapper);
|
||||
});
|
||||
}
|
||||
} catch (err) {
|
||||
this.buildLogs = "Failed to fetch logs";
|
||||
}
|
||||
},
|
||||
|
||||
init() {
|
||||
this.deploying = Alpine.store("utils").isDeploying(this.appStatus);
|
||||
this.fetchAll();
|
||||
this._schedulePoll();
|
||||
async fetchRecentDeployments() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/recent-deployments`);
|
||||
const data = await res.json();
|
||||
this.deployments = data.deployments || [];
|
||||
} catch (err) {
|
||||
console.error("Deployments fetch error:", err);
|
||||
}
|
||||
},
|
||||
|
||||
// Set up scroll listeners after DOM is ready
|
||||
this.$nextTick(() => {
|
||||
this._initScrollTracking(
|
||||
this.$refs.containerLogsWrapper,
|
||||
"_containerAutoScroll",
|
||||
);
|
||||
this._initScrollTracking(
|
||||
this.$refs.buildLogsWrapper,
|
||||
"_buildAutoScroll",
|
||||
);
|
||||
});
|
||||
},
|
||||
submitDeploy() {
|
||||
this.deploying = true;
|
||||
},
|
||||
|
||||
_schedulePoll() {
|
||||
if (this._pollTimer) clearTimeout(this._pollTimer);
|
||||
const interval = Alpine.store("utils").isDeploying(this.appStatus)
|
||||
? 1000
|
||||
: 10000;
|
||||
this._pollTimer = setTimeout(() => {
|
||||
this.fetchAll();
|
||||
this._schedulePoll();
|
||||
}, interval);
|
||||
},
|
||||
get statusBadgeClass() {
|
||||
return Alpine.store("utils").statusBadgeClass(this.appStatus);
|
||||
},
|
||||
|
||||
_initScrollTracking(el, flag) {
|
||||
if (!el) return;
|
||||
el.addEventListener(
|
||||
"scroll",
|
||||
() => {
|
||||
this[flag] = Alpine.store("utils").isScrolledToBottom(el);
|
||||
},
|
||||
{ passive: true },
|
||||
);
|
||||
},
|
||||
get statusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.appStatus);
|
||||
},
|
||||
|
||||
fetchAll() {
|
||||
this.fetchAppStatus();
|
||||
// Only fetch logs when the respective pane is visible
|
||||
if (
|
||||
this.$refs.containerLogsWrapper &&
|
||||
this._isElementVisible(this.$refs.containerLogsWrapper)
|
||||
) {
|
||||
this.fetchContainerLogs();
|
||||
}
|
||||
if (
|
||||
this.showBuildLogs &&
|
||||
this.$refs.buildLogsWrapper &&
|
||||
this._isElementVisible(this.$refs.buildLogsWrapper)
|
||||
) {
|
||||
this.fetchBuildLogs();
|
||||
}
|
||||
this.fetchRecentDeployments();
|
||||
},
|
||||
get containerStatusBadgeClass() {
|
||||
return (
|
||||
Alpine.store("utils").statusBadgeClass(this.containerStatus) +
|
||||
" text-xs"
|
||||
);
|
||||
},
|
||||
|
||||
_isElementVisible(el) {
|
||||
if (!el) return false;
|
||||
// Check if element is in viewport (roughly)
|
||||
const rect = el.getBoundingClientRect();
|
||||
return rect.bottom > 0 && rect.top < window.innerHeight;
|
||||
},
|
||||
get containerStatusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.containerStatus);
|
||||
},
|
||||
|
||||
async fetchAppStatus() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/status`);
|
||||
const data = await res.json();
|
||||
const wasDeploying = this.deploying;
|
||||
this.appStatus = data.status;
|
||||
this.deploying = Alpine.store("utils").isDeploying(data.status);
|
||||
get buildStatusBadgeClass() {
|
||||
return (
|
||||
Alpine.store("utils").statusBadgeClass(this.buildStatus) + " text-xs"
|
||||
);
|
||||
},
|
||||
|
||||
// Re-schedule polling when deployment state changes
|
||||
if (this.deploying !== wasDeploying) {
|
||||
this._schedulePoll();
|
||||
}
|
||||
get buildStatusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.buildStatus);
|
||||
},
|
||||
|
||||
if (
|
||||
data.latestDeploymentID &&
|
||||
data.latestDeploymentID !== this.currentDeploymentId
|
||||
) {
|
||||
this.currentDeploymentId = data.latestDeploymentID;
|
||||
this.showBuildLogs = true;
|
||||
this.fetchBuildLogs();
|
||||
}
|
||||
} catch (err) {
|
||||
console.error("Status fetch error:", err);
|
||||
}
|
||||
},
|
||||
deploymentStatusClass(status) {
|
||||
return Alpine.store("utils").statusBadgeClass(status);
|
||||
},
|
||||
|
||||
async fetchContainerLogs() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/container-logs`);
|
||||
const data = await res.json();
|
||||
const newLogs = data.logs || "No logs available";
|
||||
const changed = newLogs !== this.containerLogs;
|
||||
this.containerLogs = newLogs;
|
||||
this.containerStatus = data.status;
|
||||
if (changed && this._containerAutoScroll) {
|
||||
this.$nextTick(() => {
|
||||
Alpine.store("utils").scrollToBottom(
|
||||
this.$refs.containerLogsWrapper,
|
||||
);
|
||||
});
|
||||
}
|
||||
} catch (err) {
|
||||
this.containerLogs = "Failed to fetch logs";
|
||||
}
|
||||
},
|
||||
deploymentStatusLabel(status) {
|
||||
return Alpine.store("utils").statusLabel(status);
|
||||
},
|
||||
|
||||
async fetchBuildLogs() {
|
||||
if (!this.currentDeploymentId) return;
|
||||
try {
|
||||
const res = await fetch(
|
||||
`/apps/${this.appId}/deployments/${this.currentDeploymentId}/logs`,
|
||||
);
|
||||
const data = await res.json();
|
||||
const newLogs = data.logs || "No build logs available";
|
||||
const changed = newLogs !== this.buildLogs;
|
||||
this.buildLogs = newLogs;
|
||||
this.buildStatus = data.status;
|
||||
if (changed && this._buildAutoScroll) {
|
||||
this.$nextTick(() => {
|
||||
Alpine.store("utils").scrollToBottom(
|
||||
this.$refs.buildLogsWrapper,
|
||||
);
|
||||
});
|
||||
}
|
||||
} catch (err) {
|
||||
this.buildLogs = "Failed to fetch logs";
|
||||
}
|
||||
},
|
||||
|
||||
async fetchRecentDeployments() {
|
||||
try {
|
||||
const res = await fetch(
|
||||
`/apps/${this.appId}/recent-deployments`,
|
||||
);
|
||||
const data = await res.json();
|
||||
this.deployments = data.deployments || [];
|
||||
} catch (err) {
|
||||
console.error("Deployments fetch error:", err);
|
||||
}
|
||||
},
|
||||
|
||||
submitDeploy() {
|
||||
this.deploying = true;
|
||||
},
|
||||
|
||||
get statusBadgeClass() {
|
||||
return Alpine.store("utils").statusBadgeClass(this.appStatus);
|
||||
},
|
||||
|
||||
get statusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.appStatus);
|
||||
},
|
||||
|
||||
get containerStatusBadgeClass() {
|
||||
return (
|
||||
Alpine.store("utils").statusBadgeClass(this.containerStatus) +
|
||||
" text-xs"
|
||||
);
|
||||
},
|
||||
|
||||
get containerStatusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.containerStatus);
|
||||
},
|
||||
|
||||
get buildStatusBadgeClass() {
|
||||
return (
|
||||
Alpine.store("utils").statusBadgeClass(this.buildStatus) +
|
||||
" text-xs"
|
||||
);
|
||||
},
|
||||
|
||||
get buildStatusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.buildStatus);
|
||||
},
|
||||
|
||||
deploymentStatusClass(status) {
|
||||
return Alpine.store("utils").statusBadgeClass(status);
|
||||
},
|
||||
|
||||
deploymentStatusLabel(status) {
|
||||
return Alpine.store("utils").statusLabel(status);
|
||||
},
|
||||
|
||||
formatTime(isoTime) {
|
||||
return Alpine.store("utils").formatRelativeTime(isoTime);
|
||||
},
|
||||
}));
|
||||
formatTime(isoTime) {
|
||||
return Alpine.store("utils").formatRelativeTime(isoTime);
|
||||
},
|
||||
}));
|
||||
});
|
||||
|
||||
@@ -6,66 +6,66 @@
|
||||
*/
|
||||
|
||||
document.addEventListener("alpine:init", () => {
|
||||
// ============================================
|
||||
// Copy Button Component
|
||||
// ============================================
|
||||
Alpine.data("copyButton", (targetId) => ({
|
||||
copied: false,
|
||||
async copy() {
|
||||
const target = document.getElementById(targetId);
|
||||
if (!target) return;
|
||||
const text = target.textContent || target.value;
|
||||
const success = await Alpine.store("utils").copyToClipboard(text);
|
||||
if (success) {
|
||||
this.copied = true;
|
||||
setTimeout(() => {
|
||||
this.copied = false;
|
||||
}, 2000);
|
||||
}
|
||||
},
|
||||
}));
|
||||
// ============================================
|
||||
// Copy Button Component
|
||||
// ============================================
|
||||
Alpine.data("copyButton", (targetId) => ({
|
||||
copied: false,
|
||||
async copy() {
|
||||
const target = document.getElementById(targetId);
|
||||
if (!target) return;
|
||||
const text = target.textContent || target.value;
|
||||
const success = await Alpine.store("utils").copyToClipboard(text);
|
||||
if (success) {
|
||||
this.copied = true;
|
||||
setTimeout(() => {
|
||||
this.copied = false;
|
||||
}, 2000);
|
||||
}
|
||||
},
|
||||
}));
|
||||
|
||||
// ============================================
|
||||
// Confirm Action Component
|
||||
// ============================================
|
||||
Alpine.data("confirmAction", (message) => ({
|
||||
confirm(event) {
|
||||
if (!window.confirm(message)) {
|
||||
event.preventDefault();
|
||||
}
|
||||
},
|
||||
}));
|
||||
// ============================================
|
||||
// Confirm Action Component
|
||||
// ============================================
|
||||
Alpine.data("confirmAction", (message) => ({
|
||||
confirm(event) {
|
||||
if (!window.confirm(message)) {
|
||||
event.preventDefault();
|
||||
}
|
||||
},
|
||||
}));
|
||||
|
||||
// ============================================
|
||||
// Auto-dismiss Alert Component
|
||||
// ============================================
|
||||
Alpine.data("autoDismiss", (delay = 5000) => ({
|
||||
show: true,
|
||||
init() {
|
||||
setTimeout(() => {
|
||||
this.dismiss();
|
||||
}, delay);
|
||||
},
|
||||
dismiss() {
|
||||
this.show = false;
|
||||
setTimeout(() => {
|
||||
this.$el.remove();
|
||||
}, 300);
|
||||
},
|
||||
}));
|
||||
// ============================================
|
||||
// Auto-dismiss Alert Component
|
||||
// ============================================
|
||||
Alpine.data("autoDismiss", (delay = 5000) => ({
|
||||
show: true,
|
||||
init() {
|
||||
setTimeout(() => {
|
||||
this.dismiss();
|
||||
}, delay);
|
||||
},
|
||||
dismiss() {
|
||||
this.show = false;
|
||||
setTimeout(() => {
|
||||
this.$el.remove();
|
||||
}, 300);
|
||||
},
|
||||
}));
|
||||
|
||||
// ============================================
|
||||
// Relative Time Component
|
||||
// ============================================
|
||||
Alpine.data("relativeTime", (isoTime) => ({
|
||||
display: "",
|
||||
init() {
|
||||
this.update();
|
||||
// Update every minute
|
||||
setInterval(() => this.update(), 60000);
|
||||
},
|
||||
update() {
|
||||
this.display = Alpine.store("utils").formatRelativeTime(isoTime);
|
||||
},
|
||||
}));
|
||||
// ============================================
|
||||
// Relative Time Component
|
||||
// ============================================
|
||||
Alpine.data("relativeTime", (isoTime) => ({
|
||||
display: "",
|
||||
init() {
|
||||
this.update();
|
||||
// Update every minute
|
||||
setInterval(() => this.update(), 60000);
|
||||
},
|
||||
update() {
|
||||
this.display = Alpine.store("utils").formatRelativeTime(isoTime);
|
||||
},
|
||||
}));
|
||||
});
|
||||
|
||||
@@ -5,18 +5,17 @@
|
||||
*/
|
||||
|
||||
document.addEventListener("alpine:init", () => {
|
||||
Alpine.data("dashboard", () => ({
|
||||
init() {
|
||||
// Update relative times every minute
|
||||
setInterval(() => {
|
||||
this.$el.querySelectorAll("[data-time]").forEach((el) => {
|
||||
const time = el.getAttribute("data-time");
|
||||
if (time) {
|
||||
el.textContent =
|
||||
Alpine.store("utils").formatRelativeTime(time);
|
||||
}
|
||||
});
|
||||
}, 60000);
|
||||
},
|
||||
}));
|
||||
Alpine.data("dashboard", () => ({
|
||||
init() {
|
||||
// Update relative times every minute
|
||||
setInterval(() => {
|
||||
this.$el.querySelectorAll("[data-time]").forEach((el) => {
|
||||
const time = el.getAttribute("data-time");
|
||||
if (time) {
|
||||
el.textContent = Alpine.store("utils").formatRelativeTime(time);
|
||||
}
|
||||
});
|
||||
}, 60000);
|
||||
},
|
||||
}));
|
||||
});
|
||||
|
||||
@@ -6,180 +6,171 @@
|
||||
*/
|
||||
|
||||
document.addEventListener("alpine:init", () => {
|
||||
// ============================================
|
||||
// Deployment Card Component (for individual deployment cards)
|
||||
// ============================================
|
||||
Alpine.data("deploymentCard", (config) => ({
|
||||
appId: config.appId,
|
||||
deploymentId: config.deploymentId,
|
||||
logs: "",
|
||||
status: config.status || "",
|
||||
pollInterval: null,
|
||||
_autoScroll: true,
|
||||
// ============================================
|
||||
// Deployment Card Component (for individual deployment cards)
|
||||
// ============================================
|
||||
Alpine.data("deploymentCard", (config) => ({
|
||||
appId: config.appId,
|
||||
deploymentId: config.deploymentId,
|
||||
logs: "",
|
||||
status: config.status || "",
|
||||
pollInterval: null,
|
||||
_autoScroll: true,
|
||||
|
||||
init() {
|
||||
// Read initial logs from script tag (avoids escaping issues)
|
||||
const initialLogsEl = this.$el.querySelector(".initial-logs");
|
||||
this.logs = initialLogsEl?.dataset.logs || "Loading...";
|
||||
init() {
|
||||
// Read initial logs from script tag (avoids escaping issues)
|
||||
const initialLogsEl = this.$el.querySelector(".initial-logs");
|
||||
this.logs = initialLogsEl?.dataset.logs || "Loading...";
|
||||
|
||||
// Set up scroll tracking
|
||||
this.$nextTick(() => {
|
||||
const wrapper = this.$refs.logsWrapper;
|
||||
if (wrapper) {
|
||||
wrapper.addEventListener(
|
||||
"scroll",
|
||||
() => {
|
||||
this._autoScroll =
|
||||
Alpine.store("utils").isScrolledToBottom(
|
||||
wrapper,
|
||||
);
|
||||
},
|
||||
{ passive: true },
|
||||
);
|
||||
}
|
||||
});
|
||||
// Set up scroll tracking
|
||||
this.$nextTick(() => {
|
||||
const wrapper = this.$refs.logsWrapper;
|
||||
if (wrapper) {
|
||||
wrapper.addEventListener('scroll', () => {
|
||||
this._autoScroll = Alpine.store("utils").isScrolledToBottom(wrapper);
|
||||
}, { passive: true });
|
||||
}
|
||||
});
|
||||
|
||||
// Only poll if deployment is in progress
|
||||
if (Alpine.store("utils").isDeploying(this.status)) {
|
||||
this.fetchLogs();
|
||||
this.pollInterval = setInterval(() => this.fetchLogs(), 1000);
|
||||
}
|
||||
},
|
||||
// Only poll if deployment is in progress
|
||||
if (Alpine.store("utils").isDeploying(this.status)) {
|
||||
this.fetchLogs();
|
||||
this.pollInterval = setInterval(() => this.fetchLogs(), 1000);
|
||||
}
|
||||
},
|
||||
|
||||
destroy() {
|
||||
if (this.pollInterval) {
|
||||
clearInterval(this.pollInterval);
|
||||
}
|
||||
},
|
||||
destroy() {
|
||||
if (this.pollInterval) {
|
||||
clearInterval(this.pollInterval);
|
||||
}
|
||||
},
|
||||
|
||||
async fetchLogs() {
|
||||
try {
|
||||
const res = await fetch(
|
||||
`/apps/${this.appId}/deployments/${this.deploymentId}/logs`,
|
||||
);
|
||||
const data = await res.json();
|
||||
const newLogs = data.logs || "No logs available";
|
||||
const logsChanged = newLogs !== this.logs;
|
||||
this.logs = newLogs;
|
||||
this.status = data.status;
|
||||
async fetchLogs() {
|
||||
try {
|
||||
const res = await fetch(
|
||||
`/apps/${this.appId}/deployments/${this.deploymentId}/logs`,
|
||||
);
|
||||
const data = await res.json();
|
||||
const newLogs = data.logs || "No logs available";
|
||||
const logsChanged = newLogs !== this.logs;
|
||||
this.logs = newLogs;
|
||||
this.status = data.status;
|
||||
|
||||
// Scroll to bottom only when content changes AND user hasn't scrolled up
|
||||
if (logsChanged && this._autoScroll) {
|
||||
this.$nextTick(() => {
|
||||
Alpine.store("utils").scrollToBottom(
|
||||
this.$refs.logsWrapper,
|
||||
);
|
||||
});
|
||||
}
|
||||
// Scroll to bottom only when content changes AND user hasn't scrolled up
|
||||
if (logsChanged && this._autoScroll) {
|
||||
this.$nextTick(() => {
|
||||
Alpine.store("utils").scrollToBottom(this.$refs.logsWrapper);
|
||||
});
|
||||
}
|
||||
|
||||
// Stop polling if deployment is done
|
||||
if (!Alpine.store("utils").isDeploying(data.status)) {
|
||||
if (this.pollInterval) {
|
||||
clearInterval(this.pollInterval);
|
||||
this.pollInterval = null;
|
||||
}
|
||||
// Reload page to show final state with duration etc
|
||||
window.location.reload();
|
||||
}
|
||||
} catch (err) {
|
||||
console.error("Logs fetch error:", err);
|
||||
}
|
||||
},
|
||||
// Stop polling if deployment is done
|
||||
if (!Alpine.store("utils").isDeploying(data.status)) {
|
||||
if (this.pollInterval) {
|
||||
clearInterval(this.pollInterval);
|
||||
this.pollInterval = null;
|
||||
}
|
||||
// Reload page to show final state with duration etc
|
||||
window.location.reload();
|
||||
}
|
||||
} catch (err) {
|
||||
console.error("Logs fetch error:", err);
|
||||
}
|
||||
},
|
||||
|
||||
get statusBadgeClass() {
|
||||
return Alpine.store("utils").statusBadgeClass(this.status);
|
||||
},
|
||||
get statusBadgeClass() {
|
||||
return Alpine.store("utils").statusBadgeClass(this.status);
|
||||
},
|
||||
|
||||
get statusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.status);
|
||||
},
|
||||
}));
|
||||
get statusLabel() {
|
||||
return Alpine.store("utils").statusLabel(this.status);
|
||||
},
|
||||
}));
|
||||
|
||||
// ============================================
|
||||
// Deployments History Page Component
|
||||
// ============================================
|
||||
Alpine.data("deploymentsPage", (config) => ({
|
||||
appId: config.appId,
|
||||
currentDeploymentId: null,
|
||||
isDeploying: false,
|
||||
// ============================================
|
||||
// Deployments History Page Component
|
||||
// ============================================
|
||||
Alpine.data("deploymentsPage", (config) => ({
|
||||
appId: config.appId,
|
||||
currentDeploymentId: null,
|
||||
isDeploying: false,
|
||||
|
||||
init() {
|
||||
// Check for in-progress deployments on page load
|
||||
const inProgressCard = document.querySelector(
|
||||
'[data-status="building"], [data-status="deploying"]',
|
||||
);
|
||||
if (inProgressCard) {
|
||||
this.currentDeploymentId = parseInt(
|
||||
inProgressCard.getAttribute("data-deployment-id"),
|
||||
10,
|
||||
);
|
||||
this.isDeploying = true;
|
||||
}
|
||||
init() {
|
||||
// Check for in-progress deployments on page load
|
||||
const inProgressCard = document.querySelector(
|
||||
'[data-status="building"], [data-status="deploying"]',
|
||||
);
|
||||
if (inProgressCard) {
|
||||
this.currentDeploymentId = parseInt(
|
||||
inProgressCard.getAttribute("data-deployment-id"),
|
||||
10,
|
||||
);
|
||||
this.isDeploying = true;
|
||||
}
|
||||
|
||||
this.fetchAppStatus();
|
||||
this._scheduleStatusPoll();
|
||||
},
|
||||
this.fetchAppStatus();
|
||||
this._scheduleStatusPoll();
|
||||
},
|
||||
|
||||
_statusPollTimer: null,
|
||||
_statusPollTimer: null,
|
||||
|
||||
_scheduleStatusPoll() {
|
||||
if (this._statusPollTimer) clearTimeout(this._statusPollTimer);
|
||||
const interval = this.isDeploying ? 1000 : 10000;
|
||||
this._statusPollTimer = setTimeout(() => {
|
||||
this.fetchAppStatus();
|
||||
this._scheduleStatusPoll();
|
||||
}, interval);
|
||||
},
|
||||
_scheduleStatusPoll() {
|
||||
if (this._statusPollTimer) clearTimeout(this._statusPollTimer);
|
||||
const interval = this.isDeploying ? 1000 : 10000;
|
||||
this._statusPollTimer = setTimeout(() => {
|
||||
this.fetchAppStatus();
|
||||
this._scheduleStatusPoll();
|
||||
}, interval);
|
||||
},
|
||||
|
||||
async fetchAppStatus() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/status`);
|
||||
const data = await res.json();
|
||||
// Use deployment status, not app status - it's more reliable during transitions
|
||||
const deploying = Alpine.store("utils").isDeploying(
|
||||
data.latestDeploymentStatus,
|
||||
);
|
||||
async fetchAppStatus() {
|
||||
try {
|
||||
const res = await fetch(`/apps/${this.appId}/status`);
|
||||
const data = await res.json();
|
||||
// Use deployment status, not app status - it's more reliable during transitions
|
||||
const deploying = Alpine.store("utils").isDeploying(
|
||||
data.latestDeploymentStatus,
|
||||
);
|
||||
|
||||
// Detect new deployment
|
||||
if (
|
||||
data.latestDeploymentID &&
|
||||
data.latestDeploymentID !== this.currentDeploymentId
|
||||
) {
|
||||
// Check if we have a card for this deployment
|
||||
const hasCard = document.querySelector(
|
||||
`[data-deployment-id="${data.latestDeploymentID}"]`,
|
||||
);
|
||||
// Detect new deployment
|
||||
if (
|
||||
data.latestDeploymentID &&
|
||||
data.latestDeploymentID !== this.currentDeploymentId
|
||||
) {
|
||||
// Check if we have a card for this deployment
|
||||
const hasCard = document.querySelector(
|
||||
`[data-deployment-id="${data.latestDeploymentID}"]`,
|
||||
);
|
||||
|
||||
if (deploying && !hasCard) {
|
||||
// New deployment started but no card exists - reload to show it
|
||||
window.location.reload();
|
||||
if (deploying && !hasCard) {
|
||||
// New deployment started but no card exists - reload to show it
|
||||
window.location.reload();
|
||||
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
this.currentDeploymentId = data.latestDeploymentID;
|
||||
}
|
||||
this.currentDeploymentId = data.latestDeploymentID;
|
||||
}
|
||||
|
||||
// Update deploying state based on latest deployment status
|
||||
if (deploying && !this.isDeploying) {
|
||||
this.isDeploying = true;
|
||||
this._scheduleStatusPoll(); // Switch to fast polling
|
||||
} else if (!deploying && this.isDeploying) {
|
||||
// Deployment finished - reload to show final state
|
||||
this.isDeploying = false;
|
||||
window.location.reload();
|
||||
}
|
||||
} catch (err) {
|
||||
console.error("Status fetch error:", err);
|
||||
}
|
||||
},
|
||||
// Update deploying state based on latest deployment status
|
||||
if (deploying && !this.isDeploying) {
|
||||
this.isDeploying = true;
|
||||
this._scheduleStatusPoll(); // Switch to fast polling
|
||||
} else if (!deploying && this.isDeploying) {
|
||||
// Deployment finished - reload to show final state
|
||||
this.isDeploying = false;
|
||||
window.location.reload();
|
||||
}
|
||||
} catch (err) {
|
||||
console.error("Status fetch error:", err);
|
||||
}
|
||||
},
|
||||
|
||||
submitDeploy() {
|
||||
this.isDeploying = true;
|
||||
},
|
||||
submitDeploy() {
|
||||
this.isDeploying = true;
|
||||
},
|
||||
|
||||
formatTime(isoTime) {
|
||||
return Alpine.store("utils").formatRelativeTime(isoTime);
|
||||
},
|
||||
}));
|
||||
formatTime(isoTime) {
|
||||
return Alpine.store("utils").formatRelativeTime(isoTime);
|
||||
},
|
||||
}));
|
||||
});
|
||||
|
||||
@@ -5,144 +5,139 @@
|
||||
*/
|
||||
|
||||
document.addEventListener("alpine:init", () => {
|
||||
Alpine.store("utils", {
|
||||
/**
|
||||
* Format a date string as relative time (e.g., "5 minutes ago")
|
||||
*/
|
||||
formatRelativeTime(dateStr) {
|
||||
if (!dateStr) return "";
|
||||
const date = new Date(dateStr);
|
||||
const now = new Date();
|
||||
const diffMs = now - date;
|
||||
const diffSec = Math.floor(diffMs / 1000);
|
||||
const diffMin = Math.floor(diffSec / 60);
|
||||
const diffHour = Math.floor(diffMin / 60);
|
||||
const diffDay = Math.floor(diffHour / 24);
|
||||
Alpine.store("utils", {
|
||||
/**
|
||||
* Format a date string as relative time (e.g., "5 minutes ago")
|
||||
*/
|
||||
formatRelativeTime(dateStr) {
|
||||
if (!dateStr) return "";
|
||||
const date = new Date(dateStr);
|
||||
const now = new Date();
|
||||
const diffMs = now - date;
|
||||
const diffSec = Math.floor(diffMs / 1000);
|
||||
const diffMin = Math.floor(diffSec / 60);
|
||||
const diffHour = Math.floor(diffMin / 60);
|
||||
const diffDay = Math.floor(diffHour / 24);
|
||||
|
||||
if (diffSec < 60) return "just now";
|
||||
if (diffMin < 60)
|
||||
return (
|
||||
diffMin + (diffMin === 1 ? " minute ago" : " minutes ago")
|
||||
);
|
||||
if (diffHour < 24)
|
||||
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
|
||||
if (diffDay < 7)
|
||||
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
|
||||
return date.toLocaleDateString();
|
||||
},
|
||||
if (diffSec < 60) return "just now";
|
||||
if (diffMin < 60)
|
||||
return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
|
||||
if (diffHour < 24)
|
||||
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
|
||||
if (diffDay < 7)
|
||||
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
|
||||
return date.toLocaleDateString();
|
||||
},
|
||||
|
||||
/**
|
||||
* Get the badge class for a given status
|
||||
*/
|
||||
statusBadgeClass(status) {
|
||||
if (status === "running" || status === "success")
|
||||
return "badge-success";
|
||||
if (status === "building" || status === "deploying")
|
||||
return "badge-warning";
|
||||
if (status === "failed" || status === "error") return "badge-error";
|
||||
return "badge-neutral";
|
||||
},
|
||||
/**
|
||||
* Get the badge class for a given status
|
||||
*/
|
||||
statusBadgeClass(status) {
|
||||
if (status === "running" || status === "success") return "badge-success";
|
||||
if (status === "building" || status === "deploying")
|
||||
return "badge-warning";
|
||||
if (status === "failed" || status === "error") return "badge-error";
|
||||
return "badge-neutral";
|
||||
},
|
||||
|
||||
/**
|
||||
* Format status for display (capitalize first letter)
|
||||
*/
|
||||
statusLabel(status) {
|
||||
if (!status) return "";
|
||||
return status.charAt(0).toUpperCase() + status.slice(1);
|
||||
},
|
||||
/**
|
||||
* Format status for display (capitalize first letter)
|
||||
*/
|
||||
statusLabel(status) {
|
||||
if (!status) return "";
|
||||
return status.charAt(0).toUpperCase() + status.slice(1);
|
||||
},
|
||||
|
||||
/**
|
||||
* Check if status indicates active deployment
|
||||
*/
|
||||
isDeploying(status) {
|
||||
return status === "building" || status === "deploying";
|
||||
},
|
||||
/**
|
||||
* Check if status indicates active deployment
|
||||
*/
|
||||
isDeploying(status) {
|
||||
return status === "building" || status === "deploying";
|
||||
},
|
||||
|
||||
/**
|
||||
* Scroll an element to the bottom
|
||||
*/
|
||||
scrollToBottom(el) {
|
||||
if (el) {
|
||||
requestAnimationFrame(() => {
|
||||
el.scrollTop = el.scrollHeight;
|
||||
});
|
||||
}
|
||||
},
|
||||
/**
|
||||
* Scroll an element to the bottom
|
||||
*/
|
||||
scrollToBottom(el) {
|
||||
if (el) {
|
||||
requestAnimationFrame(() => {
|
||||
el.scrollTop = el.scrollHeight;
|
||||
});
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* Check if a scrollable element is at (or near) the bottom.
|
||||
* Tolerance of 30px accounts for rounding and partial lines.
|
||||
*/
|
||||
isScrolledToBottom(el, tolerance = 30) {
|
||||
if (!el) return true;
|
||||
return (
|
||||
el.scrollHeight - el.scrollTop - el.clientHeight <= tolerance
|
||||
);
|
||||
},
|
||||
/**
|
||||
* Check if a scrollable element is at (or near) the bottom.
|
||||
* Tolerance of 30px accounts for rounding and partial lines.
|
||||
*/
|
||||
isScrolledToBottom(el, tolerance = 30) {
|
||||
if (!el) return true;
|
||||
return el.scrollHeight - el.scrollTop - el.clientHeight <= tolerance;
|
||||
},
|
||||
|
||||
/**
|
||||
* Copy text to clipboard
|
||||
*/
|
||||
async copyToClipboard(text, button) {
|
||||
try {
|
||||
await navigator.clipboard.writeText(text);
|
||||
return true;
|
||||
} catch (err) {
|
||||
// Fallback for older browsers
|
||||
const textArea = document.createElement("textarea");
|
||||
textArea.value = text;
|
||||
textArea.style.position = "fixed";
|
||||
textArea.style.left = "-9999px";
|
||||
document.body.appendChild(textArea);
|
||||
textArea.select();
|
||||
try {
|
||||
document.execCommand("copy");
|
||||
document.body.removeChild(textArea);
|
||||
return true;
|
||||
} catch (e) {
|
||||
document.body.removeChild(textArea);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
},
|
||||
});
|
||||
/**
|
||||
* Copy text to clipboard
|
||||
*/
|
||||
async copyToClipboard(text, button) {
|
||||
try {
|
||||
await navigator.clipboard.writeText(text);
|
||||
return true;
|
||||
} catch (err) {
|
||||
// Fallback for older browsers
|
||||
const textArea = document.createElement("textarea");
|
||||
textArea.value = text;
|
||||
textArea.style.position = "fixed";
|
||||
textArea.style.left = "-9999px";
|
||||
document.body.appendChild(textArea);
|
||||
textArea.select();
|
||||
try {
|
||||
document.execCommand("copy");
|
||||
document.body.removeChild(textArea);
|
||||
return true;
|
||||
} catch (e) {
|
||||
document.body.removeChild(textArea);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
},
|
||||
});
|
||||
});
|
||||
|
||||
// ============================================
|
||||
// Legacy support - expose utilities globally
|
||||
// ============================================
|
||||
window.upaas = {
|
||||
// These are kept for backwards compatibility but templates should use Alpine.js
|
||||
formatRelativeTime(dateStr) {
|
||||
if (!dateStr) return "";
|
||||
const date = new Date(dateStr);
|
||||
const now = new Date();
|
||||
const diffMs = now - date;
|
||||
const diffSec = Math.floor(diffMs / 1000);
|
||||
const diffMin = Math.floor(diffSec / 60);
|
||||
const diffHour = Math.floor(diffMin / 60);
|
||||
const diffDay = Math.floor(diffHour / 24);
|
||||
// These are kept for backwards compatibility but templates should use Alpine.js
|
||||
formatRelativeTime(dateStr) {
|
||||
if (!dateStr) return "";
|
||||
const date = new Date(dateStr);
|
||||
const now = new Date();
|
||||
const diffMs = now - date;
|
||||
const diffSec = Math.floor(diffMs / 1000);
|
||||
const diffMin = Math.floor(diffSec / 60);
|
||||
const diffHour = Math.floor(diffMin / 60);
|
||||
const diffDay = Math.floor(diffHour / 24);
|
||||
|
||||
if (diffSec < 60) return "just now";
|
||||
if (diffMin < 60)
|
||||
return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
|
||||
if (diffHour < 24)
|
||||
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
|
||||
if (diffDay < 7)
|
||||
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
|
||||
return date.toLocaleDateString();
|
||||
},
|
||||
// Placeholder functions - templates should migrate to Alpine.js
|
||||
initAppDetailPage() {},
|
||||
initDeploymentsPage() {},
|
||||
if (diffSec < 60) return "just now";
|
||||
if (diffMin < 60)
|
||||
return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
|
||||
if (diffHour < 24)
|
||||
return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
|
||||
if (diffDay < 7)
|
||||
return diffDay + (diffDay === 1 ? " day ago" : " days ago");
|
||||
return date.toLocaleDateString();
|
||||
},
|
||||
// Placeholder functions - templates should migrate to Alpine.js
|
||||
initAppDetailPage() {},
|
||||
initDeploymentsPage() {},
|
||||
};
|
||||
|
||||
// Update relative times on page load for non-Alpine elements
|
||||
document.addEventListener("DOMContentLoaded", () => {
|
||||
document.querySelectorAll(".relative-time[data-time]").forEach((el) => {
|
||||
const time = el.getAttribute("data-time");
|
||||
if (time) {
|
||||
el.textContent = window.upaas.formatRelativeTime(time);
|
||||
}
|
||||
});
|
||||
document.querySelectorAll(".relative-time[data-time]").forEach((el) => {
|
||||
const time = el.getAttribute("data-time");
|
||||
if (time) {
|
||||
el.textContent = window.upaas.formatRelativeTime(time);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
@@ -77,10 +77,7 @@
|
||||
|
||||
<!-- Webhook URL -->
|
||||
<div class="card p-6 mb-6">
|
||||
<div class="flex items-center justify-between mb-4">
|
||||
<h2 class="section-title">Webhook URL</h2>
|
||||
<a href="/apps/{{.App.ID}}/webhooks" class="text-primary-600 hover:text-primary-800 text-sm">Event History</a>
|
||||
</div>
|
||||
<h2 class="section-title mb-4">Webhook URL</h2>
|
||||
<p class="text-sm text-gray-500 mb-3">Add this URL as a push webhook in your Gitea repository:</p>
|
||||
<div class="copy-field" x-data="copyButton('webhook-url')">
|
||||
<code id="webhook-url" class="copy-field-value text-xs">{{.WebhookURL}}</code>
|
||||
@@ -101,10 +98,9 @@
|
||||
</div>
|
||||
|
||||
<!-- Environment Variables -->
|
||||
<div class="card p-6 mb-6" x-data="envVarEditor('{{.App.ID}}')">
|
||||
<div class="card p-6 mb-6">
|
||||
<h2 class="section-title mb-4">Environment Variables</h2>
|
||||
{{range .EnvVars}}<span class="env-init hidden" data-key="{{.Key}}" data-value="{{.Value}}"></span>{{end}}
|
||||
<template x-if="vars.length > 0">
|
||||
{{if .EnvVars}}
|
||||
<div class="overflow-x-auto mb-4">
|
||||
<table class="table">
|
||||
<thead class="table-header">
|
||||
@@ -115,43 +111,47 @@
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody class="table-body">
|
||||
<template x-for="(env, idx) in vars" :key="idx">
|
||||
<tr>
|
||||
<template x-if="editIdx !== idx">
|
||||
<td class="font-mono font-medium" x-text="env.key"></td>
|
||||
{{range .EnvVars}}
|
||||
<tr x-data="{ editing: false }">
|
||||
<template x-if="!editing">
|
||||
<td class="font-mono font-medium">{{.Key}}</td>
|
||||
</template>
|
||||
<template x-if="editIdx !== idx">
|
||||
<td class="font-mono text-gray-500" x-text="env.value"></td>
|
||||
<template x-if="!editing">
|
||||
<td class="font-mono text-gray-500">{{.Value}}</td>
|
||||
</template>
|
||||
<template x-if="editIdx !== idx">
|
||||
<template x-if="!editing">
|
||||
<td class="text-right">
|
||||
<button @click="startEdit(idx)" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button>
|
||||
<button @click="removeVar(idx)" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
|
||||
<button @click="editing = true" class="text-primary-600 hover:text-primary-800 text-sm mr-2">Edit</button>
|
||||
<form method="POST" action="/apps/{{$.App.ID}}/env-vars/{{.ID}}/delete" class="inline" x-data="confirmAction('Delete this environment variable?')" @submit="confirm($event)">
|
||||
{{ $.CSRFField }}
|
||||
<button type="submit" class="text-error-500 hover:text-error-700 text-sm">Delete</button>
|
||||
</form>
|
||||
</td>
|
||||
</template>
|
||||
<template x-if="editIdx === idx">
|
||||
<template x-if="editing">
|
||||
<td colspan="3">
|
||||
<form @submit.prevent="saveEdit(idx)" class="flex gap-2 items-center">
|
||||
<input type="text" x-model="editKey" required class="input flex-1 font-mono text-sm">
|
||||
<input type="text" x-model="editVal" required class="input flex-1 font-mono text-sm">
|
||||
<form method="POST" action="/apps/{{$.App.ID}}/env-vars/{{.ID}}/edit" class="flex gap-2 items-center">
|
||||
{{ $.CSRFField }}
|
||||
<input type="text" name="key" value="{{.Key}}" required class="input flex-1 font-mono text-sm">
|
||||
<input type="text" name="value" value="{{.Value}}" required class="input flex-1 font-mono text-sm">
|
||||
<button type="submit" class="btn-primary text-sm">Save</button>
|
||||
<button type="button" @click="editIdx = -1" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button>
|
||||
<button type="button" @click="editing = false" class="text-gray-500 hover:text-gray-700 text-sm">Cancel</button>
|
||||
</form>
|
||||
<p class="text-xs text-amber-600 mt-1">⚠ Container restart needed after env var changes.</p>
|
||||
</td>
|
||||
</template>
|
||||
</tr>
|
||||
</template>
|
||||
{{end}}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</template>
|
||||
<form @submit.prevent="addVar($refs.newKey, $refs.newVal)" class="flex flex-col sm:flex-row gap-2">
|
||||
<input x-ref="newKey" type="text" placeholder="KEY" required class="input flex-1 font-mono text-sm">
|
||||
<input x-ref="newVal" type="text" placeholder="value" required class="input flex-1 font-mono text-sm">
|
||||
{{end}}
|
||||
<form method="POST" action="/apps/{{.App.ID}}/env" class="flex flex-col sm:flex-row gap-2">
|
||||
{{ .CSRFField }}
|
||||
<input type="text" name="key" placeholder="KEY" required class="input flex-1 font-mono text-sm">
|
||||
<input type="text" name="value" placeholder="value" required class="input flex-1 font-mono text-sm">
|
||||
<button type="submit" class="btn-primary">Add</button>
|
||||
</form>
|
||||
<div class="hidden">{{ .CSRFField }}</div>
|
||||
</div>
|
||||
|
||||
<!-- Labels -->
|
||||
|
||||
@@ -114,38 +114,6 @@
|
||||
>
|
||||
</div>
|
||||
|
||||
<hr class="border-gray-200">
|
||||
|
||||
<h3 class="text-lg font-medium text-gray-900">Resource Limits</h3>
|
||||
|
||||
<div class="grid grid-cols-2 gap-4">
|
||||
<div class="form-group">
|
||||
<label for="cpu_limit" class="label">CPU Limit (cores)</label>
|
||||
<input
|
||||
type="text"
|
||||
id="cpu_limit"
|
||||
name="cpu_limit"
|
||||
value="{{if .App.CPULimit.Valid}}{{.App.CPULimit.Float64}}{{end}}"
|
||||
class="input"
|
||||
placeholder="e.g. 0.5, 1, 2"
|
||||
>
|
||||
<p class="text-sm text-gray-500 mt-1">Number of CPU cores (e.g. 0.5 = half a core)</p>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="memory_limit" class="label">Memory Limit</label>
|
||||
<input
|
||||
type="text"
|
||||
id="memory_limit"
|
||||
name="memory_limit"
|
||||
value="{{if .App.MemoryLimit.Valid}}{{formatMemoryBytes .App.MemoryLimit.Int64}}{{end}}"
|
||||
class="input"
|
||||
placeholder="e.g. 256m, 1g"
|
||||
>
|
||||
<p class="text-sm text-gray-500 mt-1">Memory with unit suffix (k, m, g) or plain bytes</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="flex justify-end gap-3 pt-4">
|
||||
<a href="/apps/{{.App.ID}}" class="btn-secondary">Cancel</a>
|
||||
<button type="submit" class="btn-primary">Save Changes</button>
|
||||
|
||||
@@ -6,7 +6,6 @@ import (
|
||||
"fmt"
|
||||
"html/template"
|
||||
"io"
|
||||
"strconv"
|
||||
"sync"
|
||||
)
|
||||
|
||||
@@ -24,34 +23,6 @@ var (
|
||||
templatesMutex sync.RWMutex
|
||||
)
|
||||
|
||||
// templateFuncs returns the custom template function map.
|
||||
func templateFuncs() template.FuncMap {
|
||||
return template.FuncMap{
|
||||
"formatMemoryBytes": formatMemoryBytes,
|
||||
}
|
||||
}
|
||||
|
||||
// Memory unit constants.
|
||||
const (
|
||||
memGigabyte = 1024 * 1024 * 1024
|
||||
memMegabyte = 1024 * 1024
|
||||
memKilobyte = 1024
|
||||
)
|
||||
|
||||
// formatMemoryBytes formats bytes into a human-readable string with unit suffix.
|
||||
func formatMemoryBytes(bytes int64) string {
|
||||
switch {
|
||||
case bytes >= memGigabyte && bytes%memGigabyte == 0:
|
||||
return strconv.FormatInt(bytes/memGigabyte, 10) + "g"
|
||||
case bytes >= memMegabyte && bytes%memMegabyte == 0:
|
||||
return strconv.FormatInt(bytes/memMegabyte, 10) + "m"
|
||||
case bytes >= memKilobyte && bytes%memKilobyte == 0:
|
||||
return strconv.FormatInt(bytes/memKilobyte, 10) + "k"
|
||||
default:
|
||||
return strconv.FormatInt(bytes, 10)
|
||||
}
|
||||
}
|
||||
|
||||
// initTemplates parses base template and creates cloned templates for each page.
|
||||
func initTemplates() {
|
||||
templatesMutex.Lock()
|
||||
@@ -61,10 +32,8 @@ func initTemplates() {
|
||||
return
|
||||
}
|
||||
|
||||
// Parse base template with shared components and custom functions
|
||||
baseTemplate = template.Must(
|
||||
template.New("base.html").Funcs(templateFuncs()).ParseFS(templatesRaw, "base.html"),
|
||||
)
|
||||
// Parse base template with shared components
|
||||
baseTemplate = template.Must(template.ParseFS(templatesRaw, "base.html"))
|
||||
|
||||
// Pages that extend base
|
||||
pages := []string{
|
||||
@@ -75,7 +44,6 @@ func initTemplates() {
|
||||
"app_detail.html",
|
||||
"app_edit.html",
|
||||
"deployments.html",
|
||||
"webhook_events.html",
|
||||
}
|
||||
|
||||
pageTemplates = make(map[string]*template.Template)
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
package templates //nolint:testpackage // tests unexported formatMemoryBytes
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestFormatMemoryBytes(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
bytes int64
|
||||
expected string
|
||||
}{
|
||||
{"gigabytes", 1024 * 1024 * 1024, "1g"},
|
||||
{"two gigabytes", 2 * 1024 * 1024 * 1024, "2g"},
|
||||
{"megabytes", 256 * 1024 * 1024, "256m"},
|
||||
{"kilobytes", 512 * 1024, "512k"},
|
||||
{"plain bytes", 12345, "12345"},
|
||||
{"non-even megabytes", 256*1024*1024 + 1, "268435457"},
|
||||
{"zero", 0, "0"},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
got := formatMemoryBytes(tt.bytes)
|
||||
if got != tt.expected {
|
||||
t.Errorf("formatMemoryBytes(%d) = %q, want %q", tt.bytes, got, tt.expected)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
@@ -1,79 +0,0 @@
|
||||
{{template "base" .}}
|
||||
|
||||
{{define "title"}}Webhook Events - {{.App.Name}} - µPaaS{{end}}
|
||||
|
||||
{{define "content"}}
|
||||
{{template "nav" .}}
|
||||
|
||||
<main class="max-w-4xl mx-auto px-4 py-8">
|
||||
<div class="mb-6">
|
||||
<a href="/apps/{{.App.ID}}" class="text-primary-600 hover:text-primary-800 inline-flex items-center">
|
||||
<svg class="w-4 h-4 mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24">
|
||||
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 19l-7-7 7-7"/>
|
||||
</svg>
|
||||
Back to {{.App.Name}}
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<div class="section-header">
|
||||
<h1 class="text-2xl font-medium text-gray-900">Webhook Events</h1>
|
||||
</div>
|
||||
|
||||
{{if .Events}}
|
||||
<div class="card overflow-hidden">
|
||||
<table class="table">
|
||||
<thead class="table-header">
|
||||
<tr>
|
||||
<th>Time</th>
|
||||
<th>Event</th>
|
||||
<th>Branch</th>
|
||||
<th>Commit</th>
|
||||
<th>Status</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody class="table-body">
|
||||
{{range .Events}}
|
||||
<tr>
|
||||
<td class="text-gray-500 text-sm whitespace-nowrap">
|
||||
<span x-data="relativeTime('{{.CreatedAt.Format `2006-01-02T15:04:05Z07:00`}}')" x-text="display" class="cursor-default" title="{{.CreatedAt.Format `2006-01-02 15:04:05`}}"></span>
|
||||
</td>
|
||||
<td class="text-gray-700 text-sm">{{.EventType}}</td>
|
||||
<td class="font-mono text-gray-500 text-sm">{{.Branch}}</td>
|
||||
<td class="font-mono text-gray-500 text-xs">
|
||||
{{if and .CommitSHA.Valid .CommitURL.Valid}}
|
||||
<a href="{{.CommitURL.String}}" target="_blank" rel="noopener noreferrer" class="text-primary-600 hover:text-primary-800">{{.ShortCommit}}</a>
|
||||
{{else if .CommitSHA.Valid}}
|
||||
{{.ShortCommit}}
|
||||
{{else}}
|
||||
<span class="text-gray-400">-</span>
|
||||
{{end}}
|
||||
</td>
|
||||
<td>
|
||||
{{if .Matched}}
|
||||
{{if .Processed}}
|
||||
<span class="badge-success">Matched</span>
|
||||
{{else}}
|
||||
<span class="badge-warning">Matched (pending)</span>
|
||||
{{end}}
|
||||
{{else}}
|
||||
<span class="badge-neutral">No match</span>
|
||||
{{end}}
|
||||
</td>
|
||||
</tr>
|
||||
{{end}}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
{{else}}
|
||||
<div class="card">
|
||||
<div class="empty-state">
|
||||
<svg class="empty-state-icon" fill="none" stroke="currentColor" viewBox="0 0 24 24">
|
||||
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M13 10V3L4 14h7v7l9-11h-7z"/>
|
||||
</svg>
|
||||
<h3 class="empty-state-title">No webhook events yet</h3>
|
||||
<p class="empty-state-description">Webhook events will appear here once your repository sends push notifications.</p>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
</main>
|
||||
{{end}}
|
||||
Reference in New Issue
Block a user