refactor(workload): plugin architecture wave + apps UI + volume scopes
Completes the workload-first refactor's plugin layer:
- internal/workload/plugin/ — Source/Trigger plugin contract,
registry, types (Workload, DeploymentIntent, InboundEvent,
PublicFace). Self-registering init() pattern + blank-import
in cmd/server/main.go.
- Source plugins: image (blue-green with multi-face proxy routing),
compose, static. Trigger plugins: registry, git, manual.
- internal/deployer/dispatch.go — DispatchPlugin/Teardown/Reconcile
seam routing the legacy deployer through plugins.
- internal/api/workload_*.go — REST surface: workloads, env,
volumes, chain (parent/children), promote-from. hooks.go
serves /api/hooks/kinds/{kind}/schema for the wizard.
- internal/store: workload_env (encrypt-at-rest secrets) and
workload_volumes tables, keyed on workload_id.
- cmd/server/static_backend.go — phantom-row adapter delegating
the static source plugin to the legacy staticsite.Manager
(deleted at hard cutover once the static inline port lands).
- web/src/routes/apps/ — /apps list + /apps/new wizard +
/apps/[id] detail with kind-aware compose / image / static
forms (Advanced JSON toggle), env panel, volumes panel,
webhook panel, chain panel, manual deploy.
Volume scope generalization (v2 resolver):
- internal/volume.ResolveWorkloadPath (workload-keyed, sits
next to legacy ResolvePath). Honors all VolumeScope values:
absolute, ephemeral, instance, stage, project, project_named,
named. internal/workload/plugin/source/image/image.go
computeMounts wires settings + imageTag through. Coverage in
internal/volume/resolver_test.go (portable Linux/Windows via
t.TempDir).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/alexei/tinyforge/internal/store"
|
||||
@@ -106,3 +107,122 @@ func parseAllowedPaths(jsonStr string) ([]string, error) {
|
||||
func ParseAllowedPaths(jsonStr string) ([]string, error) {
|
||||
return parseAllowedPaths(jsonStr)
|
||||
}
|
||||
|
||||
// ResolveWorkloadParams holds the parameters needed to resolve a
|
||||
// workload-volume's host path. Unlike ResolveParams it is keyed on the
|
||||
// workload identity (name + id) rather than the legacy project/stage
|
||||
// dual-key, so it survives the Workload-first cutover.
|
||||
type ResolveWorkloadParams struct {
|
||||
BasePath string
|
||||
WorkloadID string
|
||||
WorkloadName string
|
||||
ImageTag string // required for "instance" scope only
|
||||
AllowedVolumePaths string // JSON array of allowed absolute paths
|
||||
}
|
||||
|
||||
// ResolveWorkloadPath returns the absolute host path for a WorkloadVolume.
|
||||
// Scope semantics map onto the workload-first model:
|
||||
//
|
||||
// - absolute — host bind, must lie under settings.AllowedVolumePaths.
|
||||
// - ephemeral — caller renders this as tmpfs; the function returns an
|
||||
// error because there is no host path.
|
||||
// - instance — per-tag isolation under <workload>/instance-<tag>/<source>.
|
||||
// Useful for blue-green when each running instance needs its own dir.
|
||||
// - stage, project — both legacy names collapse to "shared across all
|
||||
// instances of this workload" under <workload>/<source>. Two names
|
||||
// for one shape is intentional: it lets legacy data migrate without
|
||||
// a path rewrite.
|
||||
// - project_named — workload-scoped named volume under
|
||||
// <workload>/_named/<name>/<source>.
|
||||
// - named — globally-scoped named volume under
|
||||
// _named/<name>/<source>.
|
||||
//
|
||||
// The <workload> directory segment is `<sanitized-name>-<short-id>`. The
|
||||
// short-id suffix prevents collisions when two workloads share a name
|
||||
// (the workloads table only enforces uniqueness on (kind, ref_id)).
|
||||
func ResolveWorkloadPath(vol store.WorkloadVolume, params ResolveWorkloadParams) (string, error) {
|
||||
scope := vol.Scope
|
||||
if scope == "" {
|
||||
return "", fmt.Errorf("workload volume: scope is required")
|
||||
}
|
||||
if scope == string(store.VolumeScopeEphemeral) {
|
||||
return "", fmt.Errorf("ephemeral volumes have no host path")
|
||||
}
|
||||
if scope == string(store.VolumeScopeAbsolute) {
|
||||
return resolveAbsolute(vol.Source, params.AllowedVolumePaths)
|
||||
}
|
||||
if params.BasePath == "" {
|
||||
return "", fmt.Errorf("workload volume: base path is required for scope %q", scope)
|
||||
}
|
||||
|
||||
workloadDir, err := workloadPathSegment(params.WorkloadName, params.WorkloadID)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
switch scope {
|
||||
case string(store.VolumeScopeInstance):
|
||||
if params.ImageTag == "" {
|
||||
return "", fmt.Errorf("instance scope requires image tag")
|
||||
}
|
||||
tag := sanitizePathSegment(params.ImageTag)
|
||||
if tag == "" {
|
||||
return "", fmt.Errorf("instance scope requires non-empty image tag")
|
||||
}
|
||||
return filepath.Join(params.BasePath, workloadDir, "instance-"+tag, vol.Source), nil
|
||||
case string(store.VolumeScopeStage), string(store.VolumeScopeProject):
|
||||
return filepath.Join(params.BasePath, workloadDir, vol.Source), nil
|
||||
case string(store.VolumeScopeProjectNamed):
|
||||
name := sanitizePathSegment(vol.Name)
|
||||
if name == "" {
|
||||
return "", fmt.Errorf("project_named scope requires name")
|
||||
}
|
||||
return filepath.Join(params.BasePath, workloadDir, "_named", name, vol.Source), nil
|
||||
case string(store.VolumeScopeNamed):
|
||||
name := sanitizePathSegment(vol.Name)
|
||||
if name == "" {
|
||||
return "", fmt.Errorf("named scope requires name")
|
||||
}
|
||||
return filepath.Join(params.BasePath, "_named", name, vol.Source), nil
|
||||
default:
|
||||
return "", fmt.Errorf("unknown volume scope %q", scope)
|
||||
}
|
||||
}
|
||||
|
||||
// pathSegmentSanitizer collapses anything outside the [a-zA-Z0-9_.-] set
|
||||
// to a single dash. The character set matches Docker's permissive segment
|
||||
// rules; the additional Trim afterward keeps the segment from starting
|
||||
// or ending with a separator.
|
||||
var pathSegmentSanitizer = regexp.MustCompile(`[^a-zA-Z0-9_.-]+`)
|
||||
|
||||
func sanitizePathSegment(s string) string {
|
||||
s = strings.TrimSpace(s)
|
||||
if s == "" {
|
||||
return ""
|
||||
}
|
||||
return strings.Trim(pathSegmentSanitizer.ReplaceAllString(s, "-"), "-")
|
||||
}
|
||||
|
||||
// workloadPathSegment builds the per-workload directory name. The
|
||||
// 8-char id-short suffix disambiguates same-named workloads — only
|
||||
// (kind, ref_id) is unique at the DB level, so names alone are unsafe.
|
||||
// Returns an error when both identity fields are empty, since the
|
||||
// resulting path would not be workload-scoped.
|
||||
func workloadPathSegment(name, id string) (string, error) {
|
||||
cleanName := sanitizePathSegment(name)
|
||||
idShort := id
|
||||
if len(idShort) > 8 {
|
||||
idShort = idShort[:8]
|
||||
}
|
||||
idShort = sanitizePathSegment(idShort)
|
||||
if cleanName == "" && idShort == "" {
|
||||
return "", fmt.Errorf("workload volume: workload id or name required")
|
||||
}
|
||||
if cleanName == "" {
|
||||
return idShort, nil
|
||||
}
|
||||
if idShort == "" {
|
||||
return cleanName, nil
|
||||
}
|
||||
return cleanName + "-" + idShort, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user