feat(cutover): hard legacy cutover — drop projects/stacks/sites/deploys
Build / build (push) Successful in 10m39s
Build / build (push) Successful in 10m39s
The clean-break delete that closes the workload-first refactor arc.
Net diff: ~30 backend files deleted, ~20 modified, ~12k LOC removed
on the Go side; entire /projects /stacks /sites /deploy frontend
trees gone; ~6.7k LOC removed on the Svelte/TypeScript side.
Backend
- API handlers gone: internal/api/{projects,stages,stage_env,stacks,
static_sites,deploys,instances,volume_browser}.go
- Store CRUD + tests gone: internal/store/{projects,stages,stage_env,
stacks,static_sites,static_site_secrets,deploys,poll_state,volumes,
workload_sync}.go (+ _test.go siblings)
- Legacy deployer pipeline gone: internal/deployer/{bluegreen,promote,
rollback,subdomain,resolver_test}.go; deployer.go trimmed to just the
dispatch surface used by the plugin pipeline
- internal/staticsite/{manager,healthcheck}.go and
internal/stack/manager.go gone (the rest of those packages stay as
helpers imported by the static + compose plugins)
- internal/registry/poller.go gone (legacy registry poller)
- internal/volume.ResolvePath gone; ResolveWorkloadPath stays
- internal/webhook: handleWebhook (project) + handleSiteWebhook (site)
gone; only POST /api/webhook/triggers/{secret} remains
- workload-side webhook URL handlers (getWorkloadWebhook +
regenerateWorkloadWebhook + EnsureWorkloadWebhookSecret +
SetWorkloadWebhookSecret + GetWorkloadByWebhookSecret) gone — they
minted URLs that would 404 against the new trigger-only ingress
- cmd/server/main.go: dropped staticsite.Manager, stack.Manager,
staticsite.HealthChecker, registry poller, SetSiteSyncTriggerer,
SetStaticSiteManager, SetStackManager, wireStaticBackend
- store/store.go: idempotent DROP TABLE IF EXISTS for every legacy
table (projects, stages, stage_env, volumes, deploys, deploy_logs,
poll_states, stacks, stack_revisions, stack_deploys, static_sites,
static_site_secrets); FK order children-then-parents
- store/models.go: dropped Project, Stage, Deploy, DeployLog, StageEnv,
Volume, StaticSite, StaticSiteSecret, Stack, StackRevision,
StackDeploy types; kept WorkloadKind constants as documented strings
- internal/store/helpers.go (new): BoolToInt, rowScanner,
GenerateWebhookSecret extracted from deleted CRUD files
- internal/api/secrets.go (new): forwards to store.GenerateWebhookSecret
so api + store paths share one secret-generation impl (no
panic-vs-UUID-fallback divergence)
- internal/reconciler/reconciler.go: dropped legacy stack-by-compose
+ static-site label paths; only canonical tinyforge.workload.id
dispatch remains
- providers (gitea_content/github_provider/gitlab_provider) gained
path-traversal rejection on every tree entry
- internal/webhook ParsedImage / ParseImageRef demoted to package-
private (no external callers)
Frontend
- /projects /stacks /sites /deploy routes deleted (entire trees)
- ProjectCard / InstanceCard / StaleContainerCard components deleted
- api.ts: dropped every project/stage/stack/site/deploy/instance
helper + types (Project, Stage, Stack, StaticSite, Deploy,
Instance, Volume, etc.); kept Workload, Container, App, Settings,
Registry, EventTrigger, LogScanRule, webhook envelopes
- WorkloadWebhook type + getWorkloadWebhook/regenerateWorkloadWebhook
api functions gone (mirror of the backend deletion above)
- web/src/routes/+layout.svelte: dropped /projects /sites /stacks
/deploy nav entries, trimmed quick-nav keymap
- web/src/routes/+page.svelte: dashboard rewrite — reads
listWorkloads + listContainers only; 4-card stat grid
(workloads/running/failed/stale) + recent workloads strip
- navCounts.ts, SystemHealthCard.svelte, ContainerLogs.svelte,
ContainerStats.svelte, StatusBadge.svelte, TagCombobox.svelte,
proxies/+page.svelte, containers/+page.svelte all rewired to the
workload-first surface
- AbortController plumbing on dashboard, nav-counts, stale page,
SystemHealthCard so navigation doesn't leave dangling fetches
- i18n: dropped projects.*, projectDetail.*, envEditor.*,
volumeEditor.*, volumeBrowser.*, quickDeploy.*, sites.*, stacks.*,
instance.*, confirm.* namespaces; en/ru parity preserved (1042
keys each)
Hardening from go-reviewer + security-reviewer + typescript-reviewer
subagent passes (0 CRITICAL across all three; 1 HIGH + ~12 MEDIUM
addressed inline before commit):
- Sec H1: dead-end workload webhook URL handlers (would mint URLs
that 404 the new trigger-only ingress) deleted across backend +
frontend
- Go M1: IsTerminalDeployStatus dropped (no production callers)
- Go M2: ParsedImage/ParseImageRef lowercased (in-package only)
- Go M6: generateWebhookSecret unified — api shim forwards to
store.GenerateWebhookSecret
- Doc/comment freshness: stage_id (no longer FK), ProxyRoute legacy
field names, workloadIDRow rationale, webhook_deliveries.target_type
enum, WebhookDeliveryLog component header
Doc
- WORKLOAD_REFACTOR_TODO: cutover marked DONE; all three Priority 1
items are now shipped. Next focus is Priority 3 polish (apps.* i18n
+ codemap entries) and Priority 4 tests.
Behavioral notes for operators upgrading from a pre-cutover build
- Existing rows in the dropped tables disappear on first boot.
- Legacy webhook URLs at /api/webhook/{secret} and
/api/webhook/sites/{secret} return 404; CI configs must repoint to
/api/webhook/triggers/{secret} (the trigger-split boot backfill
lifted any embedded workload secret onto a Trigger row, so the
secret value itself carries over).
- Frontend routes /projects /stacks /sites /deploy are gone; nav
links replaced with /apps and /triggers.
This commit is contained in:
+10
-84
@@ -18,9 +18,9 @@ import (
|
||||
tinyforge "github.com/alexei/tinyforge"
|
||||
"github.com/alexei/tinyforge/internal/api"
|
||||
"github.com/alexei/tinyforge/internal/auth"
|
||||
"github.com/alexei/tinyforge/internal/backup"
|
||||
"github.com/alexei/tinyforge/internal/config"
|
||||
"github.com/alexei/tinyforge/internal/crypto"
|
||||
"github.com/alexei/tinyforge/internal/backup"
|
||||
"github.com/alexei/tinyforge/internal/deployer"
|
||||
"github.com/alexei/tinyforge/internal/dns"
|
||||
"github.com/alexei/tinyforge/internal/docker"
|
||||
@@ -32,11 +32,8 @@ import (
|
||||
"github.com/alexei/tinyforge/internal/npm"
|
||||
"github.com/alexei/tinyforge/internal/proxy"
|
||||
"github.com/alexei/tinyforge/internal/reconciler"
|
||||
"github.com/alexei/tinyforge/internal/registry"
|
||||
"github.com/alexei/tinyforge/internal/stale"
|
||||
"github.com/alexei/tinyforge/internal/stack"
|
||||
"github.com/alexei/tinyforge/internal/stats"
|
||||
"github.com/alexei/tinyforge/internal/staticsite"
|
||||
"github.com/alexei/tinyforge/internal/store"
|
||||
"github.com/alexei/tinyforge/internal/webhook"
|
||||
|
||||
@@ -85,13 +82,6 @@ func main() {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Backfill workload rows for any project / stack / static site that
|
||||
// predates the workload refactor. Idempotent — safe on every boot.
|
||||
if err := db.BackfillWorkloads(); err != nil {
|
||||
slog.Error("workload backfill", "error", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Ensure default admin user exists on first launch.
|
||||
if err := ensureDefaultAdmin(db); err != nil {
|
||||
slog.Error("ensure default admin", "error", err)
|
||||
@@ -109,16 +99,10 @@ func main() {
|
||||
// Start the container index reconciler. Runs one boot pass and then
|
||||
// ticks every 30s. Boot pass populates the containers table from any
|
||||
// running containers that predate the workload refactor; subsequent
|
||||
// ticks catch state drift the deployer didn't witness (e.g., a stack
|
||||
// service that exited on its own). Stop() cancels its own child context
|
||||
// before waiting on the goroutine, so a hung `docker ps` doesn't block
|
||||
// shutdown.
|
||||
// ticks catch state drift the deployer didn't witness.
|
||||
rec := reconciler.New(db, dockerClient, 30*time.Second)
|
||||
rec.Start(context.Background())
|
||||
defer rec.Stop()
|
||||
// The plugin pass is wired after the deployer is constructed (below);
|
||||
// the reconciler tolerates a nil dispatcher until then. SetPluginReconciler
|
||||
// is safe to call at any time, including mid-tick.
|
||||
|
||||
// Read settings for NPM URL and polling interval.
|
||||
settings, err := db.GetSettings()
|
||||
@@ -181,33 +165,19 @@ func main() {
|
||||
defer stopLogger()
|
||||
|
||||
// Event-trigger dispatcher: consume EventLog publishes off the bus
|
||||
// and fan out to operator-configured webhook actions. Loop-prevention
|
||||
// is structural — the dispatcher never writes back to event_log; all
|
||||
// delivery outcomes land in notifier audit logging.
|
||||
// and fan out to operator-configured webhook actions.
|
||||
stopTriggerDispatcher := events.RegisterEventTriggerDispatcher(eventBus, db, notifier)
|
||||
defer stopTriggerDispatcher()
|
||||
|
||||
dep := deployer.New(dockerClient, proxyProvider, db, healthChecker, notifier, eventBus, encKey)
|
||||
rec.SetPluginReconciler(dep)
|
||||
|
||||
// Initialize webhook handler. Per-project and per-site secrets are stored
|
||||
// on their respective rows; the static-site triggerer is wired in below
|
||||
// once the site manager has been constructed.
|
||||
webhookHandler := webhook.NewHandler(db, dep, nil)
|
||||
// Plugin-pipeline dispatcher for /api/webhook/workloads/{secret}.
|
||||
// Wired here so the same *deployer.Deployer serves both legacy and
|
||||
// plugin-native paths from one place.
|
||||
// Initialize webhook handler. The single inbound surface is
|
||||
// /api/webhook/triggers/{secret}; the plugin dispatcher wires the
|
||||
// trigger fan-out to the deployer.
|
||||
webhookHandler := webhook.NewHandler(db)
|
||||
webhookHandler.SetPluginDispatcher(dep)
|
||||
|
||||
// Initialize registry poller.
|
||||
poller := registry.NewPoller(db, dep, encKey)
|
||||
pollingInterval := envOrDefault("POLLING_INTERVAL", settings.PollingInterval)
|
||||
if pollingInterval != "" {
|
||||
if err := poller.Start(pollingInterval); err != nil {
|
||||
slog.Warn("failed to start poller", "error", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize stale container scanner.
|
||||
staleScanner := stale.New(db, dockerClient, eventBus)
|
||||
if err := staleScanner.Start("1h"); err != nil {
|
||||
@@ -228,9 +198,7 @@ func main() {
|
||||
}); err != nil {
|
||||
slog.Warn("failed to schedule event prune cron", "error", err)
|
||||
}
|
||||
// Webhook delivery log: keep 14 days of audit trail. Same daily cadence
|
||||
// so an admin always has a recent window for debugging without
|
||||
// unbounded growth on a noisy CI.
|
||||
// Webhook delivery log: keep 14 days of audit trail.
|
||||
if _, err := cronScheduler.AddFunc("@daily", func() {
|
||||
cutoff := time.Now().UTC().AddDate(0, 0, -14).Format("2006-01-02 15:04:05")
|
||||
pruned, err := db.PruneWebhookDeliveriesBefore(cutoff)
|
||||
@@ -339,41 +307,12 @@ func main() {
|
||||
}
|
||||
scheduleAutobackup(settings.BackupEnabled, settings.BackupIntervalHours)
|
||||
|
||||
// Initialize resource stats collector. Interval + retention are read from
|
||||
// settings on each tick, so configuration changes take effect within one
|
||||
// tick without a restart.
|
||||
// Initialize resource stats collector.
|
||||
statsCollector := stats.New(db, dockerClient)
|
||||
statsCollector.Start()
|
||||
|
||||
// Initialize static site manager and health checker.
|
||||
staticSiteMgr := staticsite.NewManager(db, dockerClient, proxyProvider, eventBus, notifier, encKey)
|
||||
webhookHandler.SetSiteSyncTriggerer(staticSiteMgr)
|
||||
// The plugin static source registers itself eagerly in its init()
|
||||
// now that the deploy pipeline is implemented inline (see
|
||||
// internal/workload/plugin/source/static). The legacy Manager kept
|
||||
// here keeps the /api/sites/* HTTP routes alive during the cutover
|
||||
// window.
|
||||
staticSiteHealth := staticsite.NewHealthChecker(db, dockerClient, staticSiteMgr)
|
||||
if err := staticSiteHealth.Start("2m"); err != nil {
|
||||
slog.Warn("failed to start static site health checker", "error", err)
|
||||
}
|
||||
|
||||
// Initialize stack (docker-compose) manager. Disabled gracefully if
|
||||
// `docker compose` is not available on the host.
|
||||
stackWorkDir := filepath.Join(filepath.Dir(dbPath), "stacks")
|
||||
stackMgr, err := stack.NewManager(db, stack.NewCompose(""), eventBus, stackWorkDir)
|
||||
if err != nil {
|
||||
slog.Warn("failed to init stack manager", "error", err)
|
||||
stackMgr = nil
|
||||
} else if err := stackMgr.Available(context.Background()); err != nil {
|
||||
slog.Warn("docker compose not available — stacks feature disabled", "error", err)
|
||||
stackMgr = nil
|
||||
}
|
||||
|
||||
// Log-scan manager: tails running containers and emits event_log
|
||||
// entries when log lines match operator-configured regex rules.
|
||||
// Start before the API server is wired so the reload callback can
|
||||
// be plugged in via SetLogScanReloader.
|
||||
logScanMgr := logscanner.NewManager(logscanner.Config{
|
||||
Rules: db,
|
||||
Containers: db,
|
||||
@@ -382,9 +321,6 @@ func main() {
|
||||
Bus: eventBus,
|
||||
PollInterval: 5 * time.Second,
|
||||
})
|
||||
// Manager owns its own cancellation; Stop() drives the loop and
|
||||
// every tail to exit. Using Background here matches the
|
||||
// reconciler + stale-scanner pattern elsewhere in this file.
|
||||
if err := logScanMgr.Start(context.Background()); err != nil {
|
||||
slog.Warn("logscanner: initial rule load failed", "error", err)
|
||||
}
|
||||
@@ -392,10 +328,6 @@ func main() {
|
||||
|
||||
// Build API server.
|
||||
apiServer := api.NewServer(db, dockerClient, npmClient, proxyProvider, dep, notifier, webhookHandler, eventBus, encKey)
|
||||
apiServer.SetStaticSiteManager(staticSiteMgr)
|
||||
if stackMgr != nil {
|
||||
apiServer.SetStackManager(stackMgr)
|
||||
}
|
||||
apiServer.SetStaleScanner(staleScanner)
|
||||
apiServer.SetLogScanReloader(logScanMgr)
|
||||
apiServer.SetBackupEngine(backupEngine)
|
||||
@@ -411,13 +343,11 @@ func main() {
|
||||
router := apiServer.Router()
|
||||
|
||||
// Serve embedded static files for the SPA frontend.
|
||||
// The embed.FS has "web/build" as a prefix, so we sub it to get the root.
|
||||
webBuildFS, err := fs.Sub(tinyforge.WebBuildFS, "web/build")
|
||||
if err != nil {
|
||||
slog.Warn("embedded frontend not available", "error", err)
|
||||
} else {
|
||||
staticHandler := api.StaticHandler(webBuildFS)
|
||||
// Handle all non-API routes with the static file server.
|
||||
router.NotFound(staticHandler.ServeHTTP)
|
||||
}
|
||||
|
||||
@@ -428,7 +358,6 @@ func main() {
|
||||
Handler: router,
|
||||
ReadTimeout: 30 * time.Second,
|
||||
// WriteTimeout is disabled (0) to support SSE long-lived connections.
|
||||
// Individual non-SSE handlers should use context timeouts as needed.
|
||||
WriteTimeout: 0,
|
||||
IdleTimeout: 120 * time.Second,
|
||||
}
|
||||
@@ -456,12 +385,10 @@ func main() {
|
||||
// Stop accepting new work.
|
||||
cronScheduler.Stop()
|
||||
eventBus.Unsubscribe(notifySub)
|
||||
staticSiteHealth.Stop()
|
||||
staleScanner.Stop()
|
||||
poller.Stop()
|
||||
statsCollector.Stop()
|
||||
|
||||
// Drain in-progress deploys, site syncs, and notifications.
|
||||
// Drain in-progress deploys and notifications.
|
||||
dep.Drain()
|
||||
webhookHandler.Drain()
|
||||
notifier.Drain()
|
||||
@@ -491,7 +418,6 @@ func envOrDefault(key, fallback string) string {
|
||||
}
|
||||
|
||||
// ensureDefaultAdmin creates a default admin user on first launch if no users exist.
|
||||
// The password comes from ADMIN_PASSWORD env var, defaulting to "admin".
|
||||
func ensureDefaultAdmin(db *store.Store) error {
|
||||
count, err := db.UserCount()
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user