feat(cutover): hard legacy cutover — drop projects/stacks/sites/deploys
Build / build (push) Successful in 10m39s
Build / build (push) Successful in 10m39s
The clean-break delete that closes the workload-first refactor arc.
Net diff: ~30 backend files deleted, ~20 modified, ~12k LOC removed
on the Go side; entire /projects /stacks /sites /deploy frontend
trees gone; ~6.7k LOC removed on the Svelte/TypeScript side.
Backend
- API handlers gone: internal/api/{projects,stages,stage_env,stacks,
static_sites,deploys,instances,volume_browser}.go
- Store CRUD + tests gone: internal/store/{projects,stages,stage_env,
stacks,static_sites,static_site_secrets,deploys,poll_state,volumes,
workload_sync}.go (+ _test.go siblings)
- Legacy deployer pipeline gone: internal/deployer/{bluegreen,promote,
rollback,subdomain,resolver_test}.go; deployer.go trimmed to just the
dispatch surface used by the plugin pipeline
- internal/staticsite/{manager,healthcheck}.go and
internal/stack/manager.go gone (the rest of those packages stay as
helpers imported by the static + compose plugins)
- internal/registry/poller.go gone (legacy registry poller)
- internal/volume.ResolvePath gone; ResolveWorkloadPath stays
- internal/webhook: handleWebhook (project) + handleSiteWebhook (site)
gone; only POST /api/webhook/triggers/{secret} remains
- workload-side webhook URL handlers (getWorkloadWebhook +
regenerateWorkloadWebhook + EnsureWorkloadWebhookSecret +
SetWorkloadWebhookSecret + GetWorkloadByWebhookSecret) gone — they
minted URLs that would 404 against the new trigger-only ingress
- cmd/server/main.go: dropped staticsite.Manager, stack.Manager,
staticsite.HealthChecker, registry poller, SetSiteSyncTriggerer,
SetStaticSiteManager, SetStackManager, wireStaticBackend
- store/store.go: idempotent DROP TABLE IF EXISTS for every legacy
table (projects, stages, stage_env, volumes, deploys, deploy_logs,
poll_states, stacks, stack_revisions, stack_deploys, static_sites,
static_site_secrets); FK order children-then-parents
- store/models.go: dropped Project, Stage, Deploy, DeployLog, StageEnv,
Volume, StaticSite, StaticSiteSecret, Stack, StackRevision,
StackDeploy types; kept WorkloadKind constants as documented strings
- internal/store/helpers.go (new): BoolToInt, rowScanner,
GenerateWebhookSecret extracted from deleted CRUD files
- internal/api/secrets.go (new): forwards to store.GenerateWebhookSecret
so api + store paths share one secret-generation impl (no
panic-vs-UUID-fallback divergence)
- internal/reconciler/reconciler.go: dropped legacy stack-by-compose
+ static-site label paths; only canonical tinyforge.workload.id
dispatch remains
- providers (gitea_content/github_provider/gitlab_provider) gained
path-traversal rejection on every tree entry
- internal/webhook ParsedImage / ParseImageRef demoted to package-
private (no external callers)
Frontend
- /projects /stacks /sites /deploy routes deleted (entire trees)
- ProjectCard / InstanceCard / StaleContainerCard components deleted
- api.ts: dropped every project/stage/stack/site/deploy/instance
helper + types (Project, Stage, Stack, StaticSite, Deploy,
Instance, Volume, etc.); kept Workload, Container, App, Settings,
Registry, EventTrigger, LogScanRule, webhook envelopes
- WorkloadWebhook type + getWorkloadWebhook/regenerateWorkloadWebhook
api functions gone (mirror of the backend deletion above)
- web/src/routes/+layout.svelte: dropped /projects /sites /stacks
/deploy nav entries, trimmed quick-nav keymap
- web/src/routes/+page.svelte: dashboard rewrite — reads
listWorkloads + listContainers only; 4-card stat grid
(workloads/running/failed/stale) + recent workloads strip
- navCounts.ts, SystemHealthCard.svelte, ContainerLogs.svelte,
ContainerStats.svelte, StatusBadge.svelte, TagCombobox.svelte,
proxies/+page.svelte, containers/+page.svelte all rewired to the
workload-first surface
- AbortController plumbing on dashboard, nav-counts, stale page,
SystemHealthCard so navigation doesn't leave dangling fetches
- i18n: dropped projects.*, projectDetail.*, envEditor.*,
volumeEditor.*, volumeBrowser.*, quickDeploy.*, sites.*, stacks.*,
instance.*, confirm.* namespaces; en/ru parity preserved (1042
keys each)
Hardening from go-reviewer + security-reviewer + typescript-reviewer
subagent passes (0 CRITICAL across all three; 1 HIGH + ~12 MEDIUM
addressed inline before commit):
- Sec H1: dead-end workload webhook URL handlers (would mint URLs
that 404 the new trigger-only ingress) deleted across backend +
frontend
- Go M1: IsTerminalDeployStatus dropped (no production callers)
- Go M2: ParsedImage/ParseImageRef lowercased (in-package only)
- Go M6: generateWebhookSecret unified — api shim forwards to
store.GenerateWebhookSecret
- Doc/comment freshness: stage_id (no longer FK), ProxyRoute legacy
field names, workloadIDRow rationale, webhook_deliveries.target_type
enum, WebhookDeliveryLog component header
Doc
- WORKLOAD_REFACTOR_TODO: cutover marked DONE; all three Priority 1
items are now shipped. Next focus is Priority 3 polish (apps.* i18n
+ codemap entries) and Priority 4 tests.
Behavioral notes for operators upgrading from a pre-cutover build
- Existing rows in the dropped tables disappear on first boot.
- Legacy webhook URLs at /api/webhook/{secret} and
/api/webhook/sites/{secret} return 404; CI configs must repoint to
/api/webhook/triggers/{secret} (the trigger-split boot backfill
lifted any embedded workload secret onto a Trigger row, so the
secret value itself carries over).
- Frontend routes /projects /stacks /sites /deploy are gone; nav
links replaced with /apps and /triggers.
This commit is contained in:
@@ -1,24 +1,17 @@
|
||||
package api
|
||||
|
||||
// Outgoing-webhook signing-secret + send-test endpoints. There are four
|
||||
// tiers — settings, project, stage, site — each exposing the same three
|
||||
// operations: reveal (lazy-gen), regenerate, and send a synthetic test
|
||||
// event. Returning a 200 from "send test" doesn't mean the receiver
|
||||
// processed the event correctly — only that it answered with 2xx. The UI
|
||||
// surfaces the receiver's status code + body preview so operators can
|
||||
// distinguish "wired" from "wired and accepted".
|
||||
// Outgoing-webhook signing-secret + send-test endpoints. After the hard
|
||||
// cutover only the settings tier survives at the API surface; per-workload
|
||||
// notification settings live on the workload row itself and are accessed
|
||||
// via the workload endpoints.
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
|
||||
"github.com/alexei/tinyforge/internal/notify"
|
||||
"github.com/alexei/tinyforge/internal/store"
|
||||
)
|
||||
|
||||
// notificationSecretResponse is what the GET / regenerate endpoints return.
|
||||
@@ -92,8 +85,7 @@ func (s *Server) disableSettingsNotificationSigning(w http.ResponseWriter, r *ht
|
||||
|
||||
// settingsNotificationTest handles POST /api/settings/notification-test.
|
||||
// Sends a synthetic test event to the global webhook URL using the global
|
||||
// secret. No tier resolution — that's the whole point: each tier's test
|
||||
// button proves *that* tier is wired correctly.
|
||||
// secret.
|
||||
func (s *Server) settingsNotificationTest(w http.ResponseWriter, r *http.Request) {
|
||||
settings, err := s.store.GetSettings()
|
||||
if err != nil {
|
||||
@@ -112,292 +104,3 @@ func (s *Server) settingsNotificationTest(w http.ResponseWriter, r *http.Request
|
||||
)
|
||||
respondJSON(w, http.StatusOK, result)
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Project tier
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
func (s *Server) getProjectNotificationSecret(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
secret, err := s.store.EnsureProjectNotificationSecret(id)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "project")
|
||||
return
|
||||
}
|
||||
slog.Error("get project notification secret", "project", id, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to load secret")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: secret, HasSecret: secret != ""})
|
||||
}
|
||||
|
||||
func (s *Server) regenerateProjectNotificationSecret(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
if _, err := s.store.GetProjectByID(id); err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "project")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load project")
|
||||
return
|
||||
}
|
||||
secret := generateWebhookSecret()
|
||||
if err := s.store.SetProjectNotificationSecret(id, secret); err != nil {
|
||||
slog.Error("regenerate project notification secret", "project", id, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to rotate secret")
|
||||
return
|
||||
}
|
||||
slog.Info("project notification secret rotated", "project", id)
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: secret, HasSecret: true})
|
||||
}
|
||||
|
||||
func (s *Server) disableProjectNotificationSigning(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
if err := s.store.SetProjectNotificationSecret(id, ""); err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "project")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to disable signing")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: "", HasSecret: false})
|
||||
}
|
||||
|
||||
func (s *Server) projectNotificationTest(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
project, err := s.store.GetProjectByID(id)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "project")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load project")
|
||||
return
|
||||
}
|
||||
settings, err := s.store.GetSettings()
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, "failed to load settings")
|
||||
return
|
||||
}
|
||||
url, secret, tier := resolveProjectTestTarget(project, settings)
|
||||
if url == "" {
|
||||
respondError(w, http.StatusBadRequest, "no notification URL configured for this project (and no global fallback)")
|
||||
return
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(r.Context(), testEventTimeout)
|
||||
defer cancel()
|
||||
result := s.notifier.SendSyncForTest(
|
||||
ctx, url, secret, tier,
|
||||
buildTestEvent(project.Name, ""),
|
||||
)
|
||||
respondJSON(w, http.StatusOK, result)
|
||||
}
|
||||
|
||||
// resolveProjectTestTarget mirrors the deploy-time stage→project→global
|
||||
// resolution but without a stage in scope. Used by the project-level test
|
||||
// button so the operator sees exactly what a project-only event would do.
|
||||
func resolveProjectTestTarget(project store.Project, settings store.Settings) (string, string, notify.Tier) {
|
||||
if project.NotificationURL != "" {
|
||||
return project.NotificationURL, project.NotificationSecret, notify.TierProject
|
||||
}
|
||||
return settings.NotificationURL, settings.NotificationSecret, notify.TierSettings
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Stage tier
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
func (s *Server) getStageNotificationSecret(w http.ResponseWriter, r *http.Request) {
|
||||
stageID := chi.URLParam(r, "stage")
|
||||
secret, err := s.store.EnsureStageNotificationSecret(stageID)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "stage")
|
||||
return
|
||||
}
|
||||
slog.Error("get stage notification secret", "stage", stageID, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to load secret")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: secret, HasSecret: secret != ""})
|
||||
}
|
||||
|
||||
func (s *Server) regenerateStageNotificationSecret(w http.ResponseWriter, r *http.Request) {
|
||||
stageID := chi.URLParam(r, "stage")
|
||||
if _, err := s.store.GetStageByID(stageID); err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "stage")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load stage")
|
||||
return
|
||||
}
|
||||
secret := generateWebhookSecret()
|
||||
if err := s.store.SetStageNotificationSecret(stageID, secret); err != nil {
|
||||
slog.Error("regenerate stage notification secret", "stage", stageID, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to rotate secret")
|
||||
return
|
||||
}
|
||||
slog.Info("stage notification secret rotated", "stage", stageID)
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: secret, HasSecret: true})
|
||||
}
|
||||
|
||||
func (s *Server) disableStageNotificationSigning(w http.ResponseWriter, r *http.Request) {
|
||||
stageID := chi.URLParam(r, "stage")
|
||||
if err := s.store.SetStageNotificationSecret(stageID, ""); err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "stage")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to disable signing")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: "", HasSecret: false})
|
||||
}
|
||||
|
||||
func (s *Server) stageNotificationTest(w http.ResponseWriter, r *http.Request) {
|
||||
projectID := chi.URLParam(r, "id")
|
||||
stageID := chi.URLParam(r, "stage")
|
||||
stage, err := s.store.GetStageByID(stageID)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "stage")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load stage")
|
||||
return
|
||||
}
|
||||
project, err := s.store.GetProjectByID(projectID)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "project")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load project")
|
||||
return
|
||||
}
|
||||
settings, err := s.store.GetSettings()
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, "failed to load settings")
|
||||
return
|
||||
}
|
||||
// Reuse the production resolver so the test button exercises the exact
|
||||
// fall-through logic a real deploy would.
|
||||
url, secret, tier := resolveDeployTarget(stage, project, settings)
|
||||
if url == "" {
|
||||
respondError(w, http.StatusBadRequest, "no notification URL configured for this stage, project, or globally")
|
||||
return
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(r.Context(), testEventTimeout)
|
||||
defer cancel()
|
||||
result := s.notifier.SendSyncForTest(
|
||||
ctx, url, secret, tier,
|
||||
buildTestEvent(project.Name, stage.Name),
|
||||
)
|
||||
respondJSON(w, http.StatusOK, result)
|
||||
}
|
||||
|
||||
// resolveDeployTarget here mirrors the deployer's helper. Duplicated rather
|
||||
// than imported to avoid an api → deployer dependency cycle and to keep the
|
||||
// test-endpoint code self-contained. If divergence becomes a risk we can
|
||||
// move this into a shared internal/notify subpackage.
|
||||
func resolveDeployTarget(stage store.Stage, project store.Project, settings store.Settings) (string, string, notify.Tier) {
|
||||
if stage.NotificationURL != "" {
|
||||
return stage.NotificationURL, stage.NotificationSecret, notify.TierStage
|
||||
}
|
||||
if project.NotificationURL != "" {
|
||||
return project.NotificationURL, project.NotificationSecret, notify.TierProject
|
||||
}
|
||||
return settings.NotificationURL, settings.NotificationSecret, notify.TierSettings
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Static-site tier
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
func (s *Server) getStaticSiteNotificationSecret(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
secret, err := s.store.EnsureStaticSiteNotificationSecret(id)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "static site")
|
||||
return
|
||||
}
|
||||
slog.Error("get static site notification secret", "site", id, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to load secret")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: secret, HasSecret: secret != ""})
|
||||
}
|
||||
|
||||
func (s *Server) regenerateStaticSiteNotificationSecret(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
if _, err := s.store.GetStaticSiteByID(id); err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "static site")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load static site")
|
||||
return
|
||||
}
|
||||
secret := generateWebhookSecret()
|
||||
if err := s.store.SetStaticSiteNotificationSecret(id, secret); err != nil {
|
||||
slog.Error("regenerate static site notification secret", "site", id, "error", err)
|
||||
respondError(w, http.StatusInternalServerError, "failed to rotate secret")
|
||||
return
|
||||
}
|
||||
slog.Info("static site notification secret rotated", "site", id)
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: secret, HasSecret: true})
|
||||
}
|
||||
|
||||
func (s *Server) disableStaticSiteNotificationSigning(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
if err := s.store.SetStaticSiteNotificationSecret(id, ""); err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "static site")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to disable signing")
|
||||
return
|
||||
}
|
||||
respondJSON(w, http.StatusOK, notificationSecretResponse{Secret: "", HasSecret: false})
|
||||
}
|
||||
|
||||
func (s *Server) staticSiteNotificationTest(w http.ResponseWriter, r *http.Request) {
|
||||
id := chi.URLParam(r, "id")
|
||||
site, err := s.store.GetStaticSiteByID(id)
|
||||
if err != nil {
|
||||
if errors.Is(err, store.ErrNotFound) {
|
||||
respondNotFound(w, "static site")
|
||||
return
|
||||
}
|
||||
respondError(w, http.StatusInternalServerError, "failed to load static site")
|
||||
return
|
||||
}
|
||||
settings, err := s.store.GetSettings()
|
||||
if err != nil {
|
||||
respondError(w, http.StatusInternalServerError, "failed to load settings")
|
||||
return
|
||||
}
|
||||
url, secret, tier := resolveSiteTestTarget(site, settings)
|
||||
if url == "" {
|
||||
respondError(w, http.StatusBadRequest, "no notification URL configured for this site (and no global fallback)")
|
||||
return
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(r.Context(), testEventTimeout)
|
||||
defer cancel()
|
||||
result := s.notifier.SendSyncForTest(
|
||||
ctx, url, secret, tier,
|
||||
buildTestEvent(site.Name, ""),
|
||||
)
|
||||
respondJSON(w, http.StatusOK, result)
|
||||
}
|
||||
|
||||
func resolveSiteTestTarget(site store.StaticSite, settings store.Settings) (string, string, notify.Tier) {
|
||||
if site.NotificationURL != "" {
|
||||
return site.NotificationURL, site.NotificationSecret, notify.TierSite
|
||||
}
|
||||
return settings.NotificationURL, settings.NotificationSecret, notify.TierSettings
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user