feat: static sites feature with Gitea/GitHub/GitLab support and Deno backend
Deploy static content from Git repository folders with optional server-side
API endpoints. Supports Gitea/Forgejo/Gogs, GitHub, and GitLab with provider
autodetection.
- New Sites entity with CRUD, encrypted secrets, and manual/push/tag sync triggers
- Pluggable GitProvider interface with three implementations
- Deno container mode: auto-generates router from API_{method}_{name} exports
- Static container mode: nginx serving files with optional markdown rendering
- Wizard UI with provider selector, repo picker, branch/folder tree pickers
- Deploy pipeline builds fresh image, starts container, configures NPM proxy
- Stop/Start buttons, force redeploy on manual trigger
- Periodic health checker detects crashed containers
- Proxy route existence check during auto-sync
This commit is contained in:
@@ -195,6 +195,43 @@ type Volume struct {
|
||||
UpdatedAt string `json:"updated_at"`
|
||||
}
|
||||
|
||||
// StaticSite represents a static site deployed from a Git repository folder.
|
||||
type StaticSite struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Provider string `json:"provider"` // "gitea", "github", "gitlab"; empty = autodetect
|
||||
GiteaURL string `json:"gitea_url"` // base URL, e.g. https://git.example.com
|
||||
RepoOwner string `json:"repo_owner"`
|
||||
RepoName string `json:"repo_name"`
|
||||
Branch string `json:"branch"`
|
||||
FolderPath string `json:"folder_path"` // path within repo, e.g. "Pages"
|
||||
AccessToken string `json:"access_token"` // encrypted; optional for public repos
|
||||
Domain string `json:"domain"` // full domain for proxy
|
||||
Mode string `json:"mode"` // "static" or "deno"
|
||||
RenderMarkdown bool `json:"render_markdown"`
|
||||
SyncTrigger string `json:"sync_trigger"` // "push", "tag", "manual"
|
||||
TagPattern string `json:"tag_pattern"` // glob pattern for tag-based sync
|
||||
ContainerID string `json:"container_id"`
|
||||
ProxyRouteID string `json:"proxy_route_id"`
|
||||
Status string `json:"status"` // idle, syncing, deployed, failed
|
||||
LastSyncAt string `json:"last_sync_at"`
|
||||
LastCommitSHA string `json:"last_commit_sha"`
|
||||
Error string `json:"error"`
|
||||
CreatedAt string `json:"created_at"`
|
||||
UpdatedAt string `json:"updated_at"`
|
||||
}
|
||||
|
||||
// StaticSiteSecret represents an encrypted environment variable for a static site's Deno backend.
|
||||
type StaticSiteSecret struct {
|
||||
ID string `json:"id"`
|
||||
SiteID string `json:"site_id"`
|
||||
Key string `json:"key"`
|
||||
Value string `json:"value"`
|
||||
Encrypted bool `json:"encrypted"`
|
||||
CreatedAt string `json:"created_at"`
|
||||
UpdatedAt string `json:"updated_at"`
|
||||
}
|
||||
|
||||
// EventLog represents a persistent event log entry.
|
||||
type EventLog struct {
|
||||
ID int64 `json:"id"`
|
||||
|
||||
@@ -0,0 +1,112 @@
|
||||
package store
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// CreateStaticSiteSecret inserts a new secret for a static site.
|
||||
func (s *Store) CreateStaticSiteSecret(secret StaticSiteSecret) (StaticSiteSecret, error) {
|
||||
secret.ID = uuid.New().String()
|
||||
secret.CreatedAt = Now()
|
||||
secret.UpdatedAt = secret.CreatedAt
|
||||
|
||||
_, err := s.db.Exec(
|
||||
`INSERT INTO static_site_secrets (id, site_id, key, value, encrypted, created_at, updated_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?)`,
|
||||
secret.ID, secret.SiteID, secret.Key, secret.Value,
|
||||
BoolToInt(secret.Encrypted), secret.CreatedAt, secret.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return StaticSiteSecret{}, fmt.Errorf("insert static site secret: %w", err)
|
||||
}
|
||||
return secret, nil
|
||||
}
|
||||
|
||||
// GetStaticSiteSecretsBySiteID returns all secrets for a static site.
|
||||
func (s *Store) GetStaticSiteSecretsBySiteID(siteID string) ([]StaticSiteSecret, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT id, site_id, key, value, encrypted, created_at, updated_at
|
||||
FROM static_site_secrets WHERE site_id = ? ORDER BY key`, siteID,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("query static site secrets: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
secrets := []StaticSiteSecret{}
|
||||
for rows.Next() {
|
||||
secret, err := scanStaticSiteSecret(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
secrets = append(secrets, secret)
|
||||
}
|
||||
return secrets, rows.Err()
|
||||
}
|
||||
|
||||
// GetStaticSiteSecretByID returns a single secret by ID.
|
||||
func (s *Store) GetStaticSiteSecretByID(id string) (StaticSiteSecret, error) {
|
||||
var secret StaticSiteSecret
|
||||
var encrypted int
|
||||
err := s.db.QueryRow(
|
||||
`SELECT id, site_id, key, value, encrypted, created_at, updated_at
|
||||
FROM static_site_secrets WHERE id = ?`, id,
|
||||
).Scan(&secret.ID, &secret.SiteID, &secret.Key, &secret.Value, &encrypted,
|
||||
&secret.CreatedAt, &secret.UpdatedAt)
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return StaticSiteSecret{}, fmt.Errorf("static site secret %s: %w", id, ErrNotFound)
|
||||
}
|
||||
if err != nil {
|
||||
return StaticSiteSecret{}, fmt.Errorf("query static site secret: %w", err)
|
||||
}
|
||||
secret.Encrypted = encrypted != 0
|
||||
return secret, nil
|
||||
}
|
||||
|
||||
// UpdateStaticSiteSecret updates an existing secret.
|
||||
func (s *Store) UpdateStaticSiteSecret(secret StaticSiteSecret) error {
|
||||
secret.UpdatedAt = Now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE static_site_secrets SET key=?, value=?, encrypted=?, updated_at=?
|
||||
WHERE id=?`,
|
||||
secret.Key, secret.Value, BoolToInt(secret.Encrypted), secret.UpdatedAt, secret.ID,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update static site secret: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("static site secret %s: %w", secret.ID, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteStaticSiteSecret removes a secret by ID.
|
||||
func (s *Store) DeleteStaticSiteSecret(id string) error {
|
||||
result, err := s.db.Exec(`DELETE FROM static_site_secrets WHERE id = ?`, id)
|
||||
if err != nil {
|
||||
return fmt.Errorf("delete static site secret: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("static site secret %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// scanStaticSiteSecret scans a secret row from a *sql.Rows cursor.
|
||||
func scanStaticSiteSecret(rows *sql.Rows) (StaticSiteSecret, error) {
|
||||
var secret StaticSiteSecret
|
||||
var encrypted int
|
||||
err := rows.Scan(&secret.ID, &secret.SiteID, &secret.Key, &secret.Value, &encrypted,
|
||||
&secret.CreatedAt, &secret.UpdatedAt)
|
||||
if err != nil {
|
||||
return StaticSiteSecret{}, fmt.Errorf("scan static site secret: %w", err)
|
||||
}
|
||||
secret.Encrypted = encrypted != 0
|
||||
return secret, nil
|
||||
}
|
||||
@@ -0,0 +1,202 @@
|
||||
package store
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// staticSiteCols is the column list for static_sites queries.
|
||||
const staticSiteCols = `id, name, provider, gitea_url, repo_owner, repo_name, branch, folder_path,
|
||||
access_token, domain, mode, render_markdown, sync_trigger, tag_pattern,
|
||||
container_id, proxy_route_id, status, last_sync_at, last_commit_sha, error,
|
||||
created_at, updated_at`
|
||||
|
||||
// CreateStaticSite inserts a new static site and returns it.
|
||||
func (s *Store) CreateStaticSite(site StaticSite) (StaticSite, error) {
|
||||
site.ID = uuid.New().String()
|
||||
site.CreatedAt = Now()
|
||||
site.UpdatedAt = site.CreatedAt
|
||||
|
||||
_, err := s.db.Exec(
|
||||
`INSERT INTO static_sites (`+staticSiteCols+`)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
|
||||
site.ID, site.Name, site.Provider, site.GiteaURL, site.RepoOwner, site.RepoName,
|
||||
site.Branch, site.FolderPath, site.AccessToken, site.Domain, site.Mode,
|
||||
BoolToInt(site.RenderMarkdown), site.SyncTrigger, site.TagPattern,
|
||||
site.ContainerID, site.ProxyRouteID, site.Status, site.LastSyncAt,
|
||||
site.LastCommitSHA, site.Error, site.CreatedAt, site.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return StaticSite{}, fmt.Errorf("insert static site: %w", err)
|
||||
}
|
||||
return site, nil
|
||||
}
|
||||
|
||||
// GetStaticSiteByID returns a single static site by its ID.
|
||||
func (s *Store) GetStaticSiteByID(id string) (StaticSite, error) {
|
||||
site, err := scanStaticSiteRow(s.db.QueryRow(
|
||||
`SELECT `+staticSiteCols+` FROM static_sites WHERE id = ?`, id,
|
||||
))
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return StaticSite{}, fmt.Errorf("static site %s: %w", id, ErrNotFound)
|
||||
}
|
||||
if err != nil {
|
||||
return StaticSite{}, fmt.Errorf("query static site: %w", err)
|
||||
}
|
||||
return site, nil
|
||||
}
|
||||
|
||||
// GetAllStaticSites returns every static site ordered by name.
|
||||
func (s *Store) GetAllStaticSites() ([]StaticSite, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT ` + staticSiteCols + ` FROM static_sites ORDER BY name`,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("query static sites: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
sites := []StaticSite{}
|
||||
for rows.Next() {
|
||||
site, err := scanStaticSiteRows(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sites = append(sites, site)
|
||||
}
|
||||
return sites, rows.Err()
|
||||
}
|
||||
|
||||
// GetStaticSitesByRepo returns all static sites for a given repo owner/name.
|
||||
func (s *Store) GetStaticSitesByRepo(giteaURL, owner, name string) ([]StaticSite, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT `+staticSiteCols+`
|
||||
FROM static_sites WHERE gitea_url = ? AND repo_owner = ? AND repo_name = ?
|
||||
ORDER BY name`,
|
||||
giteaURL, owner, name,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("query static sites by repo: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
sites := []StaticSite{}
|
||||
for rows.Next() {
|
||||
site, err := scanStaticSiteRows(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sites = append(sites, site)
|
||||
}
|
||||
return sites, rows.Err()
|
||||
}
|
||||
|
||||
// UpdateStaticSite updates an existing static site's configuration fields.
|
||||
func (s *Store) UpdateStaticSite(site StaticSite) error {
|
||||
site.UpdatedAt = Now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE static_sites SET name=?, provider=?, gitea_url=?, repo_owner=?, repo_name=?, branch=?,
|
||||
folder_path=?, access_token=?, domain=?, mode=?, render_markdown=?,
|
||||
sync_trigger=?, tag_pattern=?, updated_at=?
|
||||
WHERE id=?`,
|
||||
site.Name, site.Provider, site.GiteaURL, site.RepoOwner, site.RepoName, site.Branch,
|
||||
site.FolderPath, site.AccessToken, site.Domain, site.Mode,
|
||||
BoolToInt(site.RenderMarkdown), site.SyncTrigger, site.TagPattern,
|
||||
site.UpdatedAt, site.ID,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update static site: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("static site %s: %w", site.ID, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// UpdateStaticSiteStatus updates the deployment status fields.
|
||||
func (s *Store) UpdateStaticSiteStatus(id, status, commitSHA, errMsg string) error {
|
||||
now := Now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE static_sites SET status=?, last_commit_sha=?, last_sync_at=?, error=?, updated_at=?
|
||||
WHERE id=?`,
|
||||
status, commitSHA, now, errMsg, now, id,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update static site status: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("static site %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// UpdateStaticSiteContainer updates the container and proxy route IDs after deployment.
|
||||
func (s *Store) UpdateStaticSiteContainer(id, containerID, proxyRouteID string) error {
|
||||
now := Now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE static_sites SET container_id=?, proxy_route_id=?, updated_at=? WHERE id=?`,
|
||||
containerID, proxyRouteID, now, id,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update static site container: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("static site %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteStaticSite removes a static site by ID. Cascading deletes handle secrets.
|
||||
func (s *Store) DeleteStaticSite(id string) error {
|
||||
result, err := s.db.Exec(`DELETE FROM static_sites WHERE id = ?`, id)
|
||||
if err != nil {
|
||||
return fmt.Errorf("delete static site: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("static site %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// scanStaticSiteRow scans a static site from a *sql.Row.
|
||||
func scanStaticSiteRow(row *sql.Row) (StaticSite, error) {
|
||||
var site StaticSite
|
||||
var renderMarkdown int
|
||||
err := row.Scan(
|
||||
&site.ID, &site.Name, &site.Provider, &site.GiteaURL, &site.RepoOwner, &site.RepoName,
|
||||
&site.Branch, &site.FolderPath, &site.AccessToken, &site.Domain, &site.Mode,
|
||||
&renderMarkdown, &site.SyncTrigger, &site.TagPattern,
|
||||
&site.ContainerID, &site.ProxyRouteID, &site.Status, &site.LastSyncAt,
|
||||
&site.LastCommitSHA, &site.Error, &site.CreatedAt, &site.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return StaticSite{}, err
|
||||
}
|
||||
site.RenderMarkdown = renderMarkdown != 0
|
||||
return site, nil
|
||||
}
|
||||
|
||||
// scanStaticSiteRows scans a static site from a *sql.Rows cursor.
|
||||
func scanStaticSiteRows(rows *sql.Rows) (StaticSite, error) {
|
||||
var site StaticSite
|
||||
var renderMarkdown int
|
||||
err := rows.Scan(
|
||||
&site.ID, &site.Name, &site.Provider, &site.GiteaURL, &site.RepoOwner, &site.RepoName,
|
||||
&site.Branch, &site.FolderPath, &site.AccessToken, &site.Domain, &site.Mode,
|
||||
&renderMarkdown, &site.SyncTrigger, &site.TagPattern,
|
||||
&site.ContainerID, &site.ProxyRouteID, &site.Status, &site.LastSyncAt,
|
||||
&site.LastCommitSHA, &site.Error, &site.CreatedAt, &site.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return StaticSite{}, fmt.Errorf("scan static site: %w", err)
|
||||
}
|
||||
site.RenderMarkdown = renderMarkdown != 0
|
||||
return site, nil
|
||||
}
|
||||
@@ -123,6 +123,8 @@ func (s *Store) runMigrations() error {
|
||||
`ALTER TABLE settings ADD COLUMN public_ip TEXT NOT NULL DEFAULT ''`,
|
||||
// Image prune threshold (MB). Warn on dashboard when exceeded. 0 = disabled.
|
||||
`ALTER TABLE settings ADD COLUMN image_prune_threshold_mb INTEGER NOT NULL DEFAULT 1024`,
|
||||
// Add provider column to static_sites (2026-04-11).
|
||||
`ALTER TABLE static_sites ADD COLUMN provider TEXT NOT NULL DEFAULT ''`,
|
||||
}
|
||||
|
||||
for _, m := range migrations {
|
||||
@@ -144,6 +146,7 @@ func (s *Store) runMigrations() error {
|
||||
`CREATE INDEX IF NOT EXISTS idx_event_log_source ON event_log(source)`,
|
||||
`CREATE INDEX IF NOT EXISTS idx_event_log_created_at ON event_log(created_at)`,
|
||||
`CREATE INDEX IF NOT EXISTS idx_dns_records_consumer ON dns_records(consumer_type, consumer_id)`,
|
||||
`CREATE INDEX IF NOT EXISTS idx_static_site_secrets_site_id ON static_site_secrets(site_id)`,
|
||||
}
|
||||
for _, idx := range indexes {
|
||||
if _, err := s.db.Exec(idx); err != nil {
|
||||
@@ -361,6 +364,42 @@ CREATE TABLE IF NOT EXISTS backups (
|
||||
backup_type TEXT NOT NULL DEFAULT 'manual',
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS static_sites (
|
||||
id TEXT PRIMARY KEY,
|
||||
name TEXT NOT NULL UNIQUE,
|
||||
provider TEXT NOT NULL DEFAULT '',
|
||||
gitea_url TEXT NOT NULL DEFAULT '',
|
||||
repo_owner TEXT NOT NULL DEFAULT '',
|
||||
repo_name TEXT NOT NULL DEFAULT '',
|
||||
branch TEXT NOT NULL DEFAULT 'main',
|
||||
folder_path TEXT NOT NULL DEFAULT '',
|
||||
access_token TEXT NOT NULL DEFAULT '',
|
||||
domain TEXT NOT NULL DEFAULT '',
|
||||
mode TEXT NOT NULL DEFAULT 'static',
|
||||
render_markdown INTEGER NOT NULL DEFAULT 0,
|
||||
sync_trigger TEXT NOT NULL DEFAULT 'manual',
|
||||
tag_pattern TEXT NOT NULL DEFAULT '',
|
||||
container_id TEXT NOT NULL DEFAULT '',
|
||||
proxy_route_id TEXT NOT NULL DEFAULT '',
|
||||
status TEXT NOT NULL DEFAULT 'idle',
|
||||
last_sync_at TEXT NOT NULL DEFAULT '',
|
||||
last_commit_sha TEXT NOT NULL DEFAULT '',
|
||||
error TEXT NOT NULL DEFAULT '',
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS static_site_secrets (
|
||||
id TEXT PRIMARY KEY,
|
||||
site_id TEXT NOT NULL REFERENCES static_sites(id) ON DELETE CASCADE,
|
||||
key TEXT NOT NULL,
|
||||
value TEXT NOT NULL DEFAULT '',
|
||||
encrypted INTEGER NOT NULL DEFAULT 0,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
UNIQUE(site_id, key)
|
||||
);
|
||||
`
|
||||
|
||||
// Now returns the current time formatted for SQLite storage.
|
||||
|
||||
Reference in New Issue
Block a user