feat(deploy): commit-status reporting to Git providers
Report deploy status back to the Git provider as a commit status (pending/success/failure) for git-sourced workloads (static + dockerfile). - GitProvider.SetCommitStatus on gitea/github/gitlab over the existing SSRF-safe client; fixed "tinyforge" context so redeploys update one row. postJSON returns status-code-only errors (never echoes the upstream body, which a hostile provider could use to reflect the auth token into the best-effort log line). - Best-effort deploy hook: pending on deploy start, success/failure on outcome, gated on a per-workload report_commit_status flag. Never fails or blocks a deploy; emits nothing on the unchanged-SHA short-circuit. - UI ToggleSwitch (create + edit) + reportCommitStatus in sourceForms.ts + en/ru i18n. - Tests: per-provider state mapping + request shape; reporter gating (enabled/disabled/empty-SHA/nil/error-swallow). Reviewed via go-reviewer + security-reviewer (0 CRITICAL/HIGH; one MEDIUM body-echo log-leak fixed).
This commit is contained in:
@@ -43,7 +43,7 @@ const healthCheckDelay = 3 * time.Second
|
||||
// Each step writes its own status update so the dashboard's runtime-
|
||||
// state panel can show a useful intermediate state when the deploy
|
||||
// stalls on the slow step (almost always the build).
|
||||
func deploy(ctx context.Context, deps plugin.Deps, w plugin.Workload, intent plugin.DeploymentIntent) error {
|
||||
func deploy(ctx context.Context, deps plugin.Deps, w plugin.Workload, intent plugin.DeploymentIntent) (retErr error) {
|
||||
cfg, err := plugin.SourceConfigOf[Config](w)
|
||||
if err != nil {
|
||||
return fmt.Errorf("dockerfile source: decode config: %w", err)
|
||||
@@ -90,6 +90,25 @@ func deploy(ctx context.Context, deps plugin.Deps, w plugin.Workload, intent plu
|
||||
|
||||
domain := primaryDomain(deps, w)
|
||||
|
||||
// Commit-status reporter (best-effort; gated on cfg.ReportCommitStatus).
|
||||
// The deferred terminal report fires Success/Failure based on the
|
||||
// deploy's outcome, but ONLY once an actual build/deploy began
|
||||
// (deployStarted). The unchanged-SHA short-circuit below returns via
|
||||
// healUnchanged before that flips, so no status is reported when
|
||||
// nothing was built. retErr is the named return the defer inspects.
|
||||
reporter := newCommitStatusReporter(provider, cfg, latestSHA, statusTargetURL(domain))
|
||||
deployStarted := false
|
||||
defer func() {
|
||||
if !deployStarted {
|
||||
return
|
||||
}
|
||||
if retErr != nil {
|
||||
reporter.report(ctx, w, staticsite.CommitStatusFailure, "Tinyforge: build failed")
|
||||
} else {
|
||||
reporter.report(ctx, w, staticsite.CommitStatusSuccess, "Tinyforge: deployed")
|
||||
}
|
||||
}()
|
||||
|
||||
prevContainerID := ""
|
||||
prevProxyRouteID := ""
|
||||
if prevContainer != nil {
|
||||
@@ -129,8 +148,13 @@ func deploy(ctx context.Context, deps plugin.Deps, w plugin.Workload, intent plu
|
||||
}
|
||||
}
|
||||
|
||||
// From here on a deploy is genuinely underway, so the deferred terminal
|
||||
// status report should fire. Push a "pending" commit status (best-
|
||||
// effort) and arm the deferred Success/Failure report.
|
||||
updateStatus(deps, w, "syncing", prev.LastCommitSHA, "")
|
||||
publishEvent(deps, w, "syncing")
|
||||
deployStarted = true
|
||||
reporter.report(ctx, w, staticsite.CommitStatusPending, "Tinyforge: deploying")
|
||||
|
||||
// Clone the repo into a temp dir. We always download the entire
|
||||
// repo tree (folderPath = ""); a ContextPath subset is applied
|
||||
@@ -371,6 +395,55 @@ func deploy(ctx context.Context, deps plugin.Deps, w plugin.Workload, intent plu
|
||||
return nil
|
||||
}
|
||||
|
||||
// commitStatusReporter pushes deploy outcomes back to the git provider as
|
||||
// a commit status, gated on the per-workload report_commit_status flag.
|
||||
// Strictly best-effort: every call is wrapped so a reporting failure is
|
||||
// logged at Warn and NEVER propagates to fail or block the deploy. Mirrors
|
||||
// the static plugin's reporter of the same name.
|
||||
type commitStatusReporter struct {
|
||||
provider staticsite.GitProvider
|
||||
owner string
|
||||
repo string
|
||||
sha string
|
||||
targetURL string
|
||||
enabled bool
|
||||
}
|
||||
|
||||
// newCommitStatusReporter builds a reporter from the decoded config. When
|
||||
// report_commit_status is off (or the SHA is empty) the returned reporter's
|
||||
// report method is inert.
|
||||
func newCommitStatusReporter(provider staticsite.GitProvider, cfg Config, sha, targetURL string) *commitStatusReporter {
|
||||
return &commitStatusReporter{
|
||||
provider: provider,
|
||||
owner: cfg.RepoOwner,
|
||||
repo: cfg.RepoName,
|
||||
sha: sha,
|
||||
targetURL: targetURL,
|
||||
enabled: cfg.ReportCommitStatus,
|
||||
}
|
||||
}
|
||||
|
||||
// report sends one commit status, swallowing (and logging) any error. Safe
|
||||
// to call on a disabled reporter or with a nil provider/empty SHA.
|
||||
func (r *commitStatusReporter) report(ctx context.Context, w plugin.Workload, status staticsite.CommitStatus, description string) {
|
||||
if r == nil || !r.enabled || r.provider == nil || r.sha == "" {
|
||||
return
|
||||
}
|
||||
if err := r.provider.SetCommitStatus(ctx, r.owner, r.repo, r.sha, status, r.targetURL, description); err != nil {
|
||||
slog.Warn("dockerfile: commit-status report failed (ignored)",
|
||||
"workload", w.Name, "status", string(status), "error", err)
|
||||
}
|
||||
}
|
||||
|
||||
// statusTargetURL derives the https URL the commit status links back to —
|
||||
// the workload's primary public face, or "" when it has none.
|
||||
func statusTargetURL(domain string) string {
|
||||
if domain == "" {
|
||||
return ""
|
||||
}
|
||||
return "https://" + domain
|
||||
}
|
||||
|
||||
// updateStatus writes the runtime-state status/error/commit and (on
|
||||
// terminal states) fires the side effects the static plugin's helper
|
||||
// does: failures land in the event log, and a "deployed" or "failed"
|
||||
|
||||
Reference in New Issue
Block a user