feat(deploy): commit-status reporting to Git providers

Report deploy status back to the Git provider as a commit status (pending/success/failure) for git-sourced workloads (static + dockerfile). - GitProvider.SetCommitStatus on gitea/github/gitlab over the existing SSRF-safe client; fixed "tinyforge" context so redeploys update one row. postJSON returns status-code-only errors (never echoes the upstream body, which a hostile provider could use to reflect the auth token into the best-effort log line). - Best-effort deploy hook: pending on deploy start, success/failure on outcome, gated on a per-workload report_commit_status flag. Never fails or blocks a deploy; emits nothing on the unchanged-SHA short-circuit. - UI ToggleSwitch (create + edit) + reportCommitStatus in sourceForms.ts + en/ru i18n. - Tests: per-provider state mapping + request shape; reporter gating (enabled/disabled/empty-SHA/nil/error-swallow). Reviewed via go-reviewer + security-reviewer (0 CRITICAL/HIGH; one MEDIUM body-echo log-leak fixed).
2026-05-29 11:37:56 +03:00
parent 410a131cec
commit 3071cda512
17 changed files with 1051 additions and 10 deletions
@@ -37,6 +37,10 @@ type Config struct {
 	RenderMarkdown bool   `json:"render_markdown"`
 	StorageEnabled bool   `json:"storage_enabled"`
 	StorageLimitMB int    `json:"storage_limit_mb"`
+	// ReportCommitStatus, when true, pushes the deploy outcome back to the
+	// git provider as a commit status (pending/success/failure) on the
+	// deployed SHA. Best-effort — a reporting failure never fails a deploy.
+	ReportCommitStatus bool `json:"report_commit_status"`
 }

 type source struct{}