feat(docker-watcher): phase 11 - frontend embed & SSE
Embed SvelteKit static build in Go binary via go:embed. Event bus for pub/sub with deploy log, instance status, and deploy status events. SSE endpoints for real-time streaming. Frontend SSE client with exponential backoff reconnection. Makefile for build pipeline. Update Phase 12 auth plan with OAuth2/OIDC support.
This commit is contained in:
@@ -11,22 +11,31 @@ Production hardening — blue-green deploys, promote flow, dashboard auth, grace
|
||||
|
||||
- [ ] Task 1: Blue-green deploys — start new container, health check, swap NPM proxy, then stop old container (zero downtime)
|
||||
- [ ] Task 2: Promote flow — enforce `promote_from` for production deploys (only tags running in source stage are eligible)
|
||||
- [ ] Task 3: Dashboard auth — basic auth or token-based authentication for the web UI
|
||||
- [ ] Task 4: Auth middleware — protect all /api/* routes except webhook
|
||||
- [ ] Task 5: Graceful shutdown — handle SIGTERM/SIGINT, drain in-progress deploys, close DB, stop poller
|
||||
- [ ] Task 6: Structured logging — JSON logs with deploy context (project, stage, tag, instance ID)
|
||||
- [ ] Task 7: Config export — download current SQLite state as YAML (reverse of seed import)
|
||||
- [ ] Task 8: Dockerfile — multi-stage build (build frontend + Go, copy to minimal image)
|
||||
- [ ] Task 9: docker-compose.yml — production-ready compose file with volumes, network, env
|
||||
- [ ] Task 10: Final wiring review — ensure all services are properly initialized and shut down
|
||||
- [ ] Task 3: Local auth — username/password stored in SQLite (bcrypt hashed), login endpoint, session token (JWT or cookie)
|
||||
- [ ] Task 4: OAuth2/OIDC auth — integration with Authentik or any OIDC provider (configurable client ID, client secret, discovery URL)
|
||||
- [ ] Task 5: Auth settings UI — settings page to choose auth mode (local/OIDC), configure OIDC provider, manage local users
|
||||
- [ ] Task 6: Auth middleware — protect all /api/* routes except webhook; check session/JWT/OIDC token
|
||||
- [ ] Task 7: Graceful shutdown — handle SIGTERM/SIGINT, drain in-progress deploys, close DB, stop poller
|
||||
- [ ] Task 8: Structured logging — JSON logs with deploy context (project, stage, tag, instance ID)
|
||||
- [ ] Task 9: Config export — download current SQLite state as YAML (reverse of seed import)
|
||||
- [ ] Task 10: Dockerfile — multi-stage build (build frontend + Go, copy to minimal image)
|
||||
- [ ] Task 11: docker-compose.yml — production-ready compose file with volumes, network, env
|
||||
- [ ] Task 12: Final wiring review — ensure all services are properly initialized and shut down
|
||||
|
||||
## Files to Modify/Create
|
||||
- `internal/deployer/bluegreen.go` — blue-green deploy strategy
|
||||
- `internal/deployer/promote.go` — promote flow logic
|
||||
- `internal/api/auth.go` — authentication middleware
|
||||
- `internal/auth/local.go` — local auth (bcrypt password hashing, session tokens)
|
||||
- `internal/auth/oidc.go` — OAuth2/OIDC provider integration
|
||||
- `internal/auth/middleware.go` — auth middleware (session/JWT/OIDC token validation)
|
||||
- `internal/auth/models.go` — user model, auth settings, session store
|
||||
- `internal/api/auth.go` — auth API endpoints (login, logout, OIDC callback, user management)
|
||||
- `internal/config/export.go` — config export to YAML
|
||||
- `internal/logging/logger.go` — structured JSON logger
|
||||
- `cmd/server/main.go` — graceful shutdown, structured logging init
|
||||
- `internal/store/users.go` — user CRUD, auth settings persistence
|
||||
- `web/src/routes/login/+page.svelte` — login page
|
||||
- `web/src/routes/settings/auth/+page.svelte` — auth settings UI
|
||||
- `cmd/server/main.go` — graceful shutdown, structured logging, auth init
|
||||
- `Dockerfile` — multi-stage build
|
||||
- `docker-compose.yml` — production compose file
|
||||
|
||||
@@ -41,11 +50,15 @@ Production hardening — blue-green deploys, promote flow, dashboard auth, grace
|
||||
|
||||
## Notes
|
||||
- Blue-green: keep old container running until new one passes health check, then swap NPM proxy and stop old
|
||||
- Auth: start simple (basic auth via env var), can be enhanced later (JWT, OIDC)
|
||||
- Auth has two modes configurable via settings:
|
||||
- **Local auth**: username/password in SQLite (bcrypt hashed), JWT session tokens
|
||||
- **OAuth2/OIDC**: integration with Authentik or any OIDC provider (client ID, secret, discovery URL)
|
||||
- First launch: create default admin user with configurable password via ADMIN_PASSWORD env var
|
||||
- OIDC flow: redirect to provider → callback → create/link local user → issue session
|
||||
- SIGTERM handling: use Go's `os/signal` + `context.WithCancel`
|
||||
- Structured logging: use `log/slog` (Go stdlib since 1.21)
|
||||
- Dockerfile: build stage with Node.js + Go, runtime stage with scratch/alpine
|
||||
- This is the FINAL phase — build and full test suite MUST pass here
|
||||
- Phase 13 (UI Polish) and Phase 14 (Volumes & Env) follow this phase
|
||||
|
||||
## Review Checklist
|
||||
- [ ] All tasks completed
|
||||
|
||||
Reference in New Issue
Block a user