refactor(workload): plugin architecture wave + apps UI + volume scopes
Completes the workload-first refactor's plugin layer:
- internal/workload/plugin/ — Source/Trigger plugin contract,
registry, types (Workload, DeploymentIntent, InboundEvent,
PublicFace). Self-registering init() pattern + blank-import
in cmd/server/main.go.
- Source plugins: image (blue-green with multi-face proxy routing),
compose, static. Trigger plugins: registry, git, manual.
- internal/deployer/dispatch.go — DispatchPlugin/Teardown/Reconcile
seam routing the legacy deployer through plugins.
- internal/api/workload_*.go — REST surface: workloads, env,
volumes, chain (parent/children), promote-from. hooks.go
serves /api/hooks/kinds/{kind}/schema for the wizard.
- internal/store: workload_env (encrypt-at-rest secrets) and
workload_volumes tables, keyed on workload_id.
- cmd/server/static_backend.go — phantom-row adapter delegating
the static source plugin to the legacy staticsite.Manager
(deleted at hard cutover once the static inline port lands).
- web/src/routes/apps/ — /apps list + /apps/new wizard +
/apps/[id] detail with kind-aware compose / image / static
forms (Advanced JSON toggle), env panel, volumes panel,
webhook panel, chain panel, manual deploy.
Volume scope generalization (v2 resolver):
- internal/volume.ResolveWorkloadPath (workload-keyed, sits
next to legacy ResolvePath). Honors all VolumeScope values:
absolute, ephemeral, instance, stage, project, project_named,
named. internal/workload/plugin/source/image/image.go
computeMounts wires settings + imageTag through. Coverage in
internal/volume/resolver_test.go (portable Linux/Windows via
t.TempDir).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,115 @@
|
||||
// Package registry implements the "registry" trigger: matches inbound image
|
||||
// push events from container registries (Docker Hub, Gitea, ghcr, generic
|
||||
// webhooks, polling) against a repo + tag-pattern filter.
|
||||
package registry
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"path"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/alexei/tinyforge/internal/workload/plugin"
|
||||
)
|
||||
|
||||
// Config is the per-workload trigger config blob. Image is the
|
||||
// fully-qualified image reference the workload deploys (e.g.
|
||||
// "registry.example.com/owner/app"); a push of any matching tag fires a
|
||||
// deploy. TagPattern is a path.Match glob ("*" matches all).
|
||||
type Config struct {
|
||||
Image string `json:"image"`
|
||||
TagPattern string `json:"tag_pattern"`
|
||||
}
|
||||
|
||||
type trigger struct{}
|
||||
|
||||
func init() { plugin.RegisterTrigger(&trigger{}) }
|
||||
|
||||
func (*trigger) Kind() string { return "registry" }
|
||||
|
||||
func (*trigger) SchemaSample() any {
|
||||
return Config{
|
||||
Image: "registry.example.com/owner/app",
|
||||
TagPattern: "v*",
|
||||
}
|
||||
}
|
||||
|
||||
func (*trigger) Validate(cfg json.RawMessage) error {
|
||||
var c Config
|
||||
if len(cfg) == 0 {
|
||||
return fmt.Errorf("registry trigger: config is required")
|
||||
}
|
||||
if err := json.Unmarshal(cfg, &c); err != nil {
|
||||
return fmt.Errorf("registry trigger: invalid json: %w", err)
|
||||
}
|
||||
if strings.TrimSpace(c.Image) == "" {
|
||||
return fmt.Errorf("registry trigger: image is required")
|
||||
}
|
||||
pattern := c.TagPattern
|
||||
if pattern == "" {
|
||||
pattern = "*"
|
||||
}
|
||||
if _, err := path.Match(pattern, "probe"); err != nil {
|
||||
return fmt.Errorf("registry trigger: invalid tag_pattern %q: %w", pattern, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (*trigger) Match(ctx context.Context, deps plugin.Deps, w plugin.Workload, evt plugin.InboundEvent) (*plugin.DeploymentIntent, error) {
|
||||
if evt.Kind != "image-push" || evt.Image == nil {
|
||||
return nil, nil
|
||||
}
|
||||
cfg, err := plugin.TriggerConfigOf[Config](w)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("registry trigger: decode config: %w", err)
|
||||
}
|
||||
if !imageMatches(cfg.Image, fullRepo(evt.Image)) {
|
||||
return nil, nil
|
||||
}
|
||||
pattern := cfg.TagPattern
|
||||
if pattern == "" {
|
||||
pattern = "*"
|
||||
}
|
||||
matched, err := path.Match(pattern, evt.Image.Tag)
|
||||
if err != nil || !matched {
|
||||
return nil, nil
|
||||
}
|
||||
return &plugin.DeploymentIntent{
|
||||
Reason: "registry-push",
|
||||
Reference: evt.Image.Tag,
|
||||
Metadata: map[string]string{"digest": evt.Image.Digest, "repo": evt.Image.Repo},
|
||||
TriggeredAt: time.Now().UTC(),
|
||||
TriggeredBy: "registry-webhook",
|
||||
}, nil
|
||||
}
|
||||
|
||||
func fullRepo(e *plugin.ImagePushEvent) string {
|
||||
if e.Registry == "" {
|
||||
return e.Repo
|
||||
}
|
||||
return e.Registry + "/" + e.Repo
|
||||
}
|
||||
|
||||
// imageMatches: registry host case-insensitive, path/owner/name exact.
|
||||
// Single-segment refs (e.g. Docker Hub officials like "nginx") have no
|
||||
// `/` and match by exact equality of the bare name.
|
||||
func imageMatches(want, got string) bool {
|
||||
if want == got {
|
||||
return true
|
||||
}
|
||||
wIdx := strings.IndexByte(want, '/')
|
||||
gIdx := strings.IndexByte(got, '/')
|
||||
// Both single-segment: equality already failed above, so no match.
|
||||
if wIdx < 0 && gIdx < 0 {
|
||||
return false
|
||||
}
|
||||
// One side single-segment, the other qualified — does not match.
|
||||
if wIdx < 0 || gIdx < 0 {
|
||||
return false
|
||||
}
|
||||
wHost, wPath := want[:wIdx], want[wIdx:]
|
||||
gHost, gPath := got[:gIdx], got[gIdx:]
|
||||
return strings.EqualFold(wHost, gHost) && wPath == gPath
|
||||
}
|
||||
Reference in New Issue
Block a user