feat(docker-watcher): phase 13 - volumes & environment
Per-stage env var overrides with encryption for secrets.
Volume mounts with shared/isolated modes (isolated appends
/{stage}-{tag}/ to source path). Store CRUD, API endpoints,
and frontend editors for both. Env merge during deploy.
This commit is contained in:
@@ -91,3 +91,25 @@ type DeployLog struct {
|
||||
Level string `json:"level"` // info, warn, error
|
||||
CreatedAt string `json:"created_at"`
|
||||
}
|
||||
|
||||
// StageEnv represents a per-stage environment variable override.
|
||||
type StageEnv struct {
|
||||
ID string `json:"id"`
|
||||
StageID string `json:"stage_id"`
|
||||
Key string `json:"key"`
|
||||
Value string `json:"value"`
|
||||
Encrypted bool `json:"encrypted"`
|
||||
CreatedAt string `json:"created_at"`
|
||||
UpdatedAt string `json:"updated_at"`
|
||||
}
|
||||
|
||||
// Volume represents a volume mount configuration for a project.
|
||||
type Volume struct {
|
||||
ID string `json:"id"`
|
||||
ProjectID string `json:"project_id"`
|
||||
Source string `json:"source"`
|
||||
Target string `json:"target"`
|
||||
Mode string `json:"mode"` // shared or isolated
|
||||
CreatedAt string `json:"created_at"`
|
||||
UpdatedAt string `json:"updated_at"`
|
||||
}
|
||||
|
||||
@@ -0,0 +1,112 @@
|
||||
package store
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// CreateStageEnv inserts a new stage environment variable override.
|
||||
func (s *Store) CreateStageEnv(env StageEnv) (StageEnv, error) {
|
||||
env.ID = uuid.New().String()
|
||||
env.CreatedAt = now()
|
||||
env.UpdatedAt = env.CreatedAt
|
||||
|
||||
_, err := s.db.Exec(
|
||||
`INSERT INTO stage_env (id, stage_id, key, value, encrypted, created_at, updated_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?)`,
|
||||
env.ID, env.StageID, env.Key, env.Value, boolToInt(env.Encrypted),
|
||||
env.CreatedAt, env.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return StageEnv{}, fmt.Errorf("insert stage env: %w", err)
|
||||
}
|
||||
return env, nil
|
||||
}
|
||||
|
||||
// GetStageEnvByStageID returns all environment variable overrides for a stage.
|
||||
func (s *Store) GetStageEnvByStageID(stageID string) ([]StageEnv, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT id, stage_id, key, value, encrypted, created_at, updated_at
|
||||
FROM stage_env WHERE stage_id = ? ORDER BY key`, stageID,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("query stage env: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
var envs []StageEnv
|
||||
for rows.Next() {
|
||||
env, err := scanStageEnv(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
envs = append(envs, env)
|
||||
}
|
||||
return envs, rows.Err()
|
||||
}
|
||||
|
||||
// GetStageEnvByID returns a single stage env override by ID.
|
||||
func (s *Store) GetStageEnvByID(id string) (StageEnv, error) {
|
||||
var env StageEnv
|
||||
var encrypted int
|
||||
err := s.db.QueryRow(
|
||||
`SELECT id, stage_id, key, value, encrypted, created_at, updated_at
|
||||
FROM stage_env WHERE id = ?`, id,
|
||||
).Scan(&env.ID, &env.StageID, &env.Key, &env.Value, &encrypted,
|
||||
&env.CreatedAt, &env.UpdatedAt)
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return StageEnv{}, fmt.Errorf("stage env %s: %w", id, ErrNotFound)
|
||||
}
|
||||
if err != nil {
|
||||
return StageEnv{}, fmt.Errorf("query stage env: %w", err)
|
||||
}
|
||||
env.Encrypted = encrypted != 0
|
||||
return env, nil
|
||||
}
|
||||
|
||||
// UpdateStageEnv updates an existing stage environment variable override.
|
||||
func (s *Store) UpdateStageEnv(env StageEnv) error {
|
||||
env.UpdatedAt = now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE stage_env SET key=?, value=?, encrypted=?, updated_at=?
|
||||
WHERE id=?`,
|
||||
env.Key, env.Value, boolToInt(env.Encrypted), env.UpdatedAt, env.ID,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update stage env: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("stage env %s: %w", env.ID, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteStageEnv removes a stage env override by ID.
|
||||
func (s *Store) DeleteStageEnv(id string) error {
|
||||
result, err := s.db.Exec(`DELETE FROM stage_env WHERE id = ?`, id)
|
||||
if err != nil {
|
||||
return fmt.Errorf("delete stage env: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("stage env %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// scanStageEnv scans a stage env row from a *sql.Rows cursor.
|
||||
func scanStageEnv(rows *sql.Rows) (StageEnv, error) {
|
||||
var env StageEnv
|
||||
var encrypted int
|
||||
err := rows.Scan(&env.ID, &env.StageID, &env.Key, &env.Value, &encrypted,
|
||||
&env.CreatedAt, &env.UpdatedAt)
|
||||
if err != nil {
|
||||
return StageEnv{}, fmt.Errorf("scan stage env: %w", err)
|
||||
}
|
||||
env.Encrypted = encrypted != 0
|
||||
return env, nil
|
||||
}
|
||||
@@ -180,6 +180,27 @@ INSERT OR IGNORE INTO settings (id) VALUES (1);
|
||||
|
||||
-- Seed the auth_settings row if it does not exist.
|
||||
INSERT OR IGNORE INTO auth_settings (id) VALUES (1);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS stage_env (
|
||||
id TEXT PRIMARY KEY,
|
||||
stage_id TEXT NOT NULL REFERENCES stages(id) ON DELETE CASCADE,
|
||||
key TEXT NOT NULL,
|
||||
value TEXT NOT NULL DEFAULT '',
|
||||
encrypted INTEGER NOT NULL DEFAULT 0,
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
UNIQUE(stage_id, key)
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS volumes (
|
||||
id TEXT PRIMARY KEY,
|
||||
project_id TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
|
||||
source TEXT NOT NULL,
|
||||
target TEXT NOT NULL,
|
||||
mode TEXT NOT NULL DEFAULT 'shared',
|
||||
created_at TEXT NOT NULL DEFAULT (datetime('now')),
|
||||
updated_at TEXT NOT NULL DEFAULT (datetime('now'))
|
||||
);
|
||||
`
|
||||
|
||||
// now returns the current time formatted for SQLite storage.
|
||||
|
||||
@@ -0,0 +1,112 @@
|
||||
package store
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// CreateVolume inserts a new volume configuration for a project.
|
||||
func (s *Store) CreateVolume(vol Volume) (Volume, error) {
|
||||
vol.ID = uuid.New().String()
|
||||
vol.CreatedAt = now()
|
||||
vol.UpdatedAt = vol.CreatedAt
|
||||
|
||||
if vol.Mode == "" {
|
||||
vol.Mode = "shared"
|
||||
}
|
||||
|
||||
_, err := s.db.Exec(
|
||||
`INSERT INTO volumes (id, project_id, source, target, mode, created_at, updated_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?)`,
|
||||
vol.ID, vol.ProjectID, vol.Source, vol.Target, vol.Mode,
|
||||
vol.CreatedAt, vol.UpdatedAt,
|
||||
)
|
||||
if err != nil {
|
||||
return Volume{}, fmt.Errorf("insert volume: %w", err)
|
||||
}
|
||||
return vol, nil
|
||||
}
|
||||
|
||||
// GetVolumesByProjectID returns all volume configurations for a project.
|
||||
func (s *Store) GetVolumesByProjectID(projectID string) ([]Volume, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT id, project_id, source, target, mode, created_at, updated_at
|
||||
FROM volumes WHERE project_id = ? ORDER BY target`, projectID,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("query volumes: %w", err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
var vols []Volume
|
||||
for rows.Next() {
|
||||
vol, err := scanVolume(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
vols = append(vols, vol)
|
||||
}
|
||||
return vols, rows.Err()
|
||||
}
|
||||
|
||||
// GetVolumeByID returns a single volume by its ID.
|
||||
func (s *Store) GetVolumeByID(id string) (Volume, error) {
|
||||
var vol Volume
|
||||
err := s.db.QueryRow(
|
||||
`SELECT id, project_id, source, target, mode, created_at, updated_at
|
||||
FROM volumes WHERE id = ?`, id,
|
||||
).Scan(&vol.ID, &vol.ProjectID, &vol.Source, &vol.Target, &vol.Mode,
|
||||
&vol.CreatedAt, &vol.UpdatedAt)
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return Volume{}, fmt.Errorf("volume %s: %w", id, ErrNotFound)
|
||||
}
|
||||
if err != nil {
|
||||
return Volume{}, fmt.Errorf("query volume: %w", err)
|
||||
}
|
||||
return vol, nil
|
||||
}
|
||||
|
||||
// UpdateVolume updates an existing volume configuration.
|
||||
func (s *Store) UpdateVolume(vol Volume) error {
|
||||
vol.UpdatedAt = now()
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE volumes SET source=?, target=?, mode=?, updated_at=?
|
||||
WHERE id=?`,
|
||||
vol.Source, vol.Target, vol.Mode, vol.UpdatedAt, vol.ID,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("update volume: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("volume %s: %w", vol.ID, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteVolume removes a volume configuration by ID.
|
||||
func (s *Store) DeleteVolume(id string) error {
|
||||
result, err := s.db.Exec(`DELETE FROM volumes WHERE id = ?`, id)
|
||||
if err != nil {
|
||||
return fmt.Errorf("delete volume: %w", err)
|
||||
}
|
||||
n, _ := result.RowsAffected()
|
||||
if n == 0 {
|
||||
return fmt.Errorf("volume %s: %w", id, ErrNotFound)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// scanVolume scans a volume row from a *sql.Rows cursor.
|
||||
func scanVolume(rows *sql.Rows) (Volume, error) {
|
||||
var vol Volume
|
||||
err := rows.Scan(&vol.ID, &vol.ProjectID, &vol.Source, &vol.Target, &vol.Mode,
|
||||
&vol.CreatedAt, &vol.UpdatedAt)
|
||||
if err != nil {
|
||||
return Volume{}, fmt.Errorf("scan volume: %w", err)
|
||||
}
|
||||
return vol, nil
|
||||
}
|
||||
Reference in New Issue
Block a user