feat(apps): per-workload deploy history, rollback, and resource metrics
Two additions to the app detail page, each backed by a per-workload
endpoint.
Deploy history + rollback:
- New deploy_history table — a structured, version-pinned ledger of every
dispatch (success AND failure), distinct from the free-text event_log.
Recorded at the single DispatchPlugin choke point so every source kind
is covered. The raw deploy error is never persisted (it can carry
registry-auth / compose-stdout secrets) — only a generic marker, with
detail going to slog. Pruned to the newest N per workload; cascade-
deleted with the workload.
- GET /api/workloads/{id}/deploys lists the ledger; POST .../rollback
(admin) replays a prior successful deploy's pinned reference as a
rollback-reason dispatch. Phase 1 is image-source only (RollbackCapable);
git-built sources need checkout-by-commit, a later phase.
- DeployHistoryPanel.svelte renders the ledger with confirm-gated rollback.
Per-workload metrics:
- ListContainerStatsSamplesByWorkload joins the existing container stats
samples through the containers index; GET /api/workloads/{id}/stats/history
aggregates CPU/memory per timestamp across the workload's containers.
- WorkloadMetricsPanel.svelte reuses ResourceChart (CPU% + memory MiB,
windowed, 15s poll).
en/ru i18n added with parity. Tests: store CRUD + cascade + workload-scoped
join, deployer recording (incl. secret-non-leak on failure), API rollback
guards, and per-timestamp aggregation. Plans under docs/plans/.
This commit is contained in:
@@ -0,0 +1,151 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"github.com/alexei/tinyforge/internal/auth"
|
||||
"github.com/alexei/tinyforge/internal/store"
|
||||
"github.com/alexei/tinyforge/internal/workload/plugin"
|
||||
)
|
||||
|
||||
// parseOffset parses a pagination offset, clamping anything invalid or
|
||||
// negative to 0. parseLimit (secrets.go) handles the limit half.
|
||||
func parseOffset(raw string) int {
|
||||
n, err := strconv.Atoi(raw)
|
||||
if err != nil || n < 0 {
|
||||
return 0
|
||||
}
|
||||
return n
|
||||
}
|
||||
|
||||
// rollbackCapableKinds is the single source of truth for which source kinds
|
||||
// support reference-pinned redeploy. The image source resolves
|
||||
// intent.Reference as the tag, so replaying a prior tag is a real rollback.
|
||||
// static/dockerfile clone branch HEAD and cannot yet check out an arbitrary
|
||||
// commit (a later phase); compose has no single artifact handle.
|
||||
var rollbackCapableKinds = map[string]bool{"image": true}
|
||||
|
||||
// RollbackCapable reports whether a source kind supports one-click rollback.
|
||||
// Used by both the list response (per-row `rollbackable` flag) and the
|
||||
// rollback guard so the UI and the server never disagree.
|
||||
func RollbackCapable(sourceKind string) bool { return rollbackCapableKinds[sourceKind] }
|
||||
|
||||
// listWorkloadDeploys handles GET /api/workloads/{id}/deploys. Read-only,
|
||||
// open to any authenticated user (mirrors the per-workload events feed).
|
||||
// Returns the structured deploy ledger newest-first with a server-computed
|
||||
// `rollbackable` flag per row.
|
||||
func (s *Server) listWorkloadDeploys(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
if id == "" {
|
||||
respondError(w, http.StatusBadRequest, "workload id is required")
|
||||
return
|
||||
}
|
||||
|
||||
q := r.URL.Query()
|
||||
limit := parseLimit(q.Get("limit"), 50, 200)
|
||||
offset := parseOffset(q.Get("offset"))
|
||||
|
||||
rows, err := s.store.ListDeployHistory(id, limit, offset)
|
||||
if err != nil {
|
||||
slog.Error("failed to list deploy history", "workload", id, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to list deploy history")
|
||||
return
|
||||
}
|
||||
for i := range rows {
|
||||
rows[i].Rollbackable = rows[i].Outcome == "success" &&
|
||||
rows[i].Reference != "" &&
|
||||
RollbackCapable(rows[i].SourceKind)
|
||||
}
|
||||
respondJSON(w, http.StatusOK, rows)
|
||||
}
|
||||
|
||||
// rollbackWorkload handles POST /api/workloads/{id}/rollback. Admin-only
|
||||
// (same gate as /deploy). Body: {"deploy_id": <id>}. It resolves the pinned
|
||||
// reference from a prior successful, rollback-capable ledger row belonging
|
||||
// to this workload and replays it as a `rollback`-reason deploy.
|
||||
func (s *Server) rollbackWorkload(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
|
||||
row, err := s.store.GetWorkloadByID(id)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "workload")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "get workload")
|
||||
return
|
||||
}
|
||||
if row.SourceKind == "" {
|
||||
respondError(w, http.StatusBadRequest, "workload has no source_kind; cannot roll back")
|
||||
return
|
||||
}
|
||||
|
||||
var body struct {
|
||||
DeployID int64 `json:"deploy_id"`
|
||||
}
|
||||
if !decodeJSONStrict(w, r, &body) {
|
||||
return
|
||||
}
|
||||
if body.DeployID <= 0 {
|
||||
respondError(w, http.StatusBadRequest, "deploy_id is required")
|
||||
return
|
||||
}
|
||||
|
||||
entry, err := s.store.GetDeployHistory(body.DeployID)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "deploy history entry")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "get deploy history")
|
||||
return
|
||||
}
|
||||
// No cross-workload replay: the entry must belong to the path workload.
|
||||
if entry.WorkloadID != id {
|
||||
respondError(w, http.StatusBadRequest, "deploy entry does not belong to this workload")
|
||||
return
|
||||
}
|
||||
if entry.Outcome != "success" {
|
||||
respondError(w, http.StatusBadRequest, "cannot roll back to a failed deploy")
|
||||
return
|
||||
}
|
||||
if entry.Reference == "" || !RollbackCapable(row.SourceKind) {
|
||||
respondError(w, http.StatusBadRequest, "this deploy is not rollback-capable")
|
||||
return
|
||||
}
|
||||
|
||||
actor := "manual"
|
||||
if claims, ok := auth.ClaimsFromContext(r.Context()); ok && claims.Username != "" {
|
||||
actor = claims.Username
|
||||
}
|
||||
intent := plugin.DeploymentIntent{
|
||||
Reason: "rollback",
|
||||
Reference: entry.Reference,
|
||||
Metadata: map[string]string{
|
||||
"note": "rollback to " + entry.Reference,
|
||||
"rollback_of": strconv.FormatInt(entry.ID, 10),
|
||||
},
|
||||
TriggeredAt: time.Now().UTC(),
|
||||
TriggeredBy: actor,
|
||||
}
|
||||
if err := s.deployer.DispatchPlugin(r.Context(), toPluginWorkload(row), intent); err != nil {
|
||||
// Raw error stays in the server log; client gets a generic message
|
||||
// (the wrapped error can carry registry-auth bytes).
|
||||
slog.Warn("rollback dispatch failed", "workload", id, "actor", actor,
|
||||
"reference", entry.Reference, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "rollback failed; see server logs")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusAccepted, map[string]any{
|
||||
"workload_id": id,
|
||||
"reference": entry.Reference,
|
||||
"rollback_of": entry.ID,
|
||||
"triggered_by": actor,
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user