refactor(workload): plugin architecture wave + apps UI + volume scopes
Completes the workload-first refactor's plugin layer:
- internal/workload/plugin/ — Source/Trigger plugin contract,
registry, types (Workload, DeploymentIntent, InboundEvent,
PublicFace). Self-registering init() pattern + blank-import
in cmd/server/main.go.
- Source plugins: image (blue-green with multi-face proxy routing),
compose, static. Trigger plugins: registry, git, manual.
- internal/deployer/dispatch.go — DispatchPlugin/Teardown/Reconcile
seam routing the legacy deployer through plugins.
- internal/api/workload_*.go — REST surface: workloads, env,
volumes, chain (parent/children), promote-from. hooks.go
serves /api/hooks/kinds/{kind}/schema for the wizard.
- internal/store: workload_env (encrypt-at-rest secrets) and
workload_volumes tables, keyed on workload_id.
- cmd/server/static_backend.go — phantom-row adapter delegating
the static source plugin to the legacy staticsite.Manager
(deleted at hard cutover once the static inline port lands).
- web/src/routes/apps/ — /apps list + /apps/new wizard +
/apps/[id] detail with kind-aware compose / image / static
forms (Advanced JSON toggle), env panel, volumes panel,
webhook panel, chain panel, manual deploy.
Volume scope generalization (v2 resolver):
- internal/volume.ResolveWorkloadPath (workload-keyed, sits
next to legacy ResolvePath). Honors all VolumeScope values:
absolute, ephemeral, instance, stage, project, project_named,
named. internal/workload/plugin/source/image/image.go
computeMounts wires settings + imageTag through. Coverage in
internal/volume/resolver_test.go (portable Linux/Windows via
t.TempDir).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -9,6 +9,8 @@ import (
|
||||
)
|
||||
|
||||
const workloadColumns = `id, kind, ref_id, name, app_id,
|
||||
source_kind, source_config, trigger_kind, trigger_config,
|
||||
public_faces, parent_workload_id,
|
||||
notification_url, notification_secret,
|
||||
webhook_secret, webhook_signing_secret, webhook_require_signature,
|
||||
created_at, updated_at`
|
||||
@@ -17,6 +19,8 @@ func scanWorkload(scanner interface{ Scan(...any) error }) (Workload, error) {
|
||||
var w Workload
|
||||
err := scanner.Scan(
|
||||
&w.ID, &w.Kind, &w.RefID, &w.Name, &w.AppID,
|
||||
&w.SourceKind, &w.SourceConfig, &w.TriggerKind, &w.TriggerConfig,
|
||||
&w.PublicFaces, &w.ParentWorkloadID,
|
||||
&w.NotificationURL, &w.NotificationSecret,
|
||||
&w.WebhookSecret, &w.WebhookSigningSecret, &w.WebhookRequireSignature,
|
||||
&w.CreatedAt, &w.UpdatedAt,
|
||||
@@ -33,10 +37,21 @@ func (s *Store) CreateWorkload(w Workload) (Workload, error) {
|
||||
w.CreatedAt = Now()
|
||||
w.UpdatedAt = w.CreatedAt
|
||||
|
||||
if w.SourceConfig == "" {
|
||||
w.SourceConfig = "{}"
|
||||
}
|
||||
if w.TriggerConfig == "" {
|
||||
w.TriggerConfig = "{}"
|
||||
}
|
||||
if w.PublicFaces == "" {
|
||||
w.PublicFaces = "[]"
|
||||
}
|
||||
_, err := s.db.Exec(
|
||||
`INSERT INTO workloads (`+workloadColumns+`)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
|
||||
w.ID, w.Kind, w.RefID, w.Name, w.AppID,
|
||||
w.SourceKind, w.SourceConfig, w.TriggerKind, w.TriggerConfig,
|
||||
w.PublicFaces, w.ParentWorkloadID,
|
||||
w.NotificationURL, w.NotificationSecret,
|
||||
w.WebhookSecret, w.WebhookSigningSecret, BoolToInt(w.WebhookRequireSignature),
|
||||
w.CreatedAt, w.UpdatedAt,
|
||||
@@ -128,16 +143,30 @@ func (s *Store) ListWorkloads(kind WorkloadKind) ([]Workload, error) {
|
||||
}
|
||||
|
||||
// UpdateWorkload updates the mutable fields of a workload (name, app_id,
|
||||
// notification config, webhook config). Kind and RefID are immutable post-create.
|
||||
// source/trigger config, public faces, parent chain, notification + webhook
|
||||
// config). Kind and RefID are immutable post-create.
|
||||
func (s *Store) UpdateWorkload(w Workload) error {
|
||||
w.UpdatedAt = Now()
|
||||
if w.SourceConfig == "" {
|
||||
w.SourceConfig = "{}"
|
||||
}
|
||||
if w.TriggerConfig == "" {
|
||||
w.TriggerConfig = "{}"
|
||||
}
|
||||
if w.PublicFaces == "" {
|
||||
w.PublicFaces = "[]"
|
||||
}
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE workloads SET name=?, app_id=?,
|
||||
source_kind=?, source_config=?, trigger_kind=?, trigger_config=?,
|
||||
public_faces=?, parent_workload_id=?,
|
||||
notification_url=?, notification_secret=?,
|
||||
webhook_secret=?, webhook_signing_secret=?, webhook_require_signature=?,
|
||||
updated_at=?
|
||||
WHERE id=?`,
|
||||
w.Name, w.AppID,
|
||||
w.SourceKind, w.SourceConfig, w.TriggerKind, w.TriggerConfig,
|
||||
w.PublicFaces, w.ParentWorkloadID,
|
||||
w.NotificationURL, w.NotificationSecret,
|
||||
w.WebhookSecret, w.WebhookSigningSecret, BoolToInt(w.WebhookRequireSignature),
|
||||
w.UpdatedAt, w.ID,
|
||||
@@ -173,6 +202,70 @@ func (s *Store) DeleteWorkload(id string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ListChildrenByParent returns every workload whose parent_workload_id
|
||||
// equals the given id. Used to render the stages chain ("dev → staging
|
||||
// → prod") on /apps/[id] without forcing a separate stages table.
|
||||
//
|
||||
// Returns rows ordered by name for a stable UI.
|
||||
func (s *Store) ListChildrenByParent(parentID string) ([]Workload, error) {
|
||||
if parentID == "" {
|
||||
return []Workload{}, nil
|
||||
}
|
||||
rows, err := s.db.Query(
|
||||
`SELECT `+workloadColumns+` FROM workloads WHERE parent_workload_id = ? ORDER BY name`,
|
||||
parentID,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("query workload children: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
out := []Workload{}
|
||||
for rows.Next() {
|
||||
w, err := scanWorkload(rows)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("scan child workload: %w", err)
|
||||
}
|
||||
out = append(out, w)
|
||||
}
|
||||
return out, rows.Err()
|
||||
}
|
||||
|
||||
// SetWorkloadWebhookSecret rotates the inbound webhook URL secret. Pass
|
||||
// empty to disable inbound webhooks for this workload.
|
||||
func (s *Store) SetWorkloadWebhookSecret(id, secret string) error {
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE workloads SET webhook_secret=?, updated_at=? WHERE id=?`,
|
||||
secret, Now(), id,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update workload webhook_secret: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("workload %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// EnsureWorkloadWebhookSecret returns the current secret, generating one
|
||||
// lazily for workloads that predate the column. Mirrors the project /
|
||||
// site equivalents.
|
||||
func (s *Store) EnsureWorkloadWebhookSecret(id string) (string, error) {
|
||||
w, err := s.GetWorkloadByID(id)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
if w.WebhookSecret != "" {
|
||||
return w.WebhookSecret, nil
|
||||
}
|
||||
secret := generateWebhookSecret()
|
||||
if err := s.SetWorkloadWebhookSecret(id, secret); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return secret, nil
|
||||
}
|
||||
|
||||
// DeleteWorkloadByRef removes the workload paired with a given (kind, ref_id).
|
||||
// Idempotent — returns nil if no row exists, since the kind-specific Delete
|
||||
// callers don't always know whether a workload row was created.
|
||||
|
||||
Reference in New Issue
Block a user