feat(discovery+runtime): restore static-site wizard discovery + close /sites/[id] feature parity
Build / build (push) Successful in 10m43s
Build / build (push) Successful in 10m43s
Two-stage feature arc closing the gaps left by the hard legacy cutover.
The static-site creation wizard regains its auto-discovery + connection-test
flow; /apps/[id] grows the runtime/storage/lifecycle surface the legacy
/sites/[id] page used to expose.
Backend (Go)
- internal/api/discovery.go: six admin-gated endpoints wrapping
staticsite.GitProvider — POST /api/discovery/git/{detect-provider,
test-connection,repos,branches,tree} + GET /api/discovery/image/conflicts.
Identifier validation (validateGitIdent / validateGitBranch) at the
boundary so provider URL interpolation cannot be hijacked via `..`.
Upstream errors scrubbed: detailed slog on the server, generic 502 to
the client (mitigates token-reflection-in-error-page).
- internal/api/workload_runtime.go: four endpoints —
GET /api/workloads/{id}/runtime-state decodes containers.extra_json for
static workloads; GET /api/workloads/{id}/storage execs `du -sb /app/data`
with a 30s in-process cache (storageProbeCache) so polling can't turn
into per-request execs; POST /api/workloads/{id}/{stop,start} iterate
ListContainersByWorkload and call docker.StopContainer / StartContainer,
returning 200 / 409 (nothing to act on) / 502 (all failed).
- internal/staticsite/safehttp.go: NewSafeHTTPClient + ValidateBaseURL +
blockReason. DialContext re-resolves hostnames and refuses loopback /
link-local / multicast / unspecified addresses. RFC1918 + ULA explicitly
allowed (self-hosted Gitea on LAN is the dominant deployment).
Replaced four raw &http.Client{} constructions in the provider files.
- internal/staticsite/gitlab_provider.go: url.PathEscape each segment in
the raw-file URL builder for parity with projectPath().
- Test coverage: 26 cases in discovery_test.go (image-tag stripping,
source-config decoding, conflict scenarios, validator boundaries,
scheme rejection), 14 in workload_runtime_test.go (404 / 409 / nil-docker
/ probe-cache), 16 in safehttp_test.go (URL validation + block-reason
policy matrix + live dial against loopback + AWS metadata literals).
Frontend (Svelte 5 + runes)
- web/src/lib/api.ts: typed wrappers for every endpoint, AbortSignal
threaded through post(); ApiError exported so callers can narrow on
e.status; new DetectedGitProvider narrow union.
- web/src/routes/apps/new/+page.svelte: static-form discovery controls
(auto-detect provider, test connection, repo / branch / folder
EntityPickers, Deno auto-detect); image-form conflict panel with
debounced lookup + double-click submit guard ("Forge anyway") + Inspect
button that pre-fills port/healthcheck; English error fallbacks routed
through apps.new.errors.* (en + ru).
- web/src/routes/apps/[id]/+page.svelte: runtime-state panel + storage
panel + Stop / Start / Open-site toolbar; universal live-state badge
in the hero lede for image/compose/static (RUNNING / TRANSITIONING /
STOPPED / NOT DEPLOYED / MIXED · n/m RUNNING); ContainerStats panel
per row (auto-collapsing native <details> when N > 2); read-only
webhook bindings summary card; responsive toolbar overflow with native
<details> at <640px (z-index 100 above sticky nav).
- web/src/app.css: project-wide .forge-btn-ghost:focus-visible outline.
Hardening from go-reviewer + security-reviewer + typescript-reviewer +
frontend-design UI/UX subagents (0 CRITICAL, all HIGH/BLOCKER addressed
inline, IMPORTANT applied before commit):
- AbortController + per-call sequence tokens on every long-running
fetch (loadRuntimeState / loadStorage / loadTriggerMeta / inspectImage /
listImageConflicts) plus onDestroy cleanup so late resolves cannot
mutate dead component state.
- doStop / doStart snapshot and restore `error` across the finally-block
reload so a load()-cleared message doesn't hide a real failure.
- triggersById refreshed after inline trigger creation so the webhook
card doesn't silently exclude the just-created trigger.
- Live-state badge wraps in role=status / aria-live=polite (no redundant
aria-label).
- Webhook row has a single click target (was two pointing at the same URL).
- Empty webhook section hides entirely.
- Dropped role=menu / role=menuitem from the overflow menu (they would
promise arrow-key nav we don't wire; native Tab + ESC carry it).
Doc
- docs/CODEMAPS/INDEX.md + new docs/CODEMAPS/discovery-and-runtime.md
map the endpoint surface, security posture, frontend integration
patterns, and an "add a new probe" recipe.
Verification
- svelte-check: 0 errors, 3 pre-existing a11y warnings.
- go build + go vet + go test ./...: all green.
- i18n parity: en + ru at 1413 keys each.
- Live smoke against :8090: 404 / 409 / 502 envelopes correct, discovery
sanity passes, ProbeError surfaces on no-container path.
This commit is contained in:
+146
-7
@@ -32,7 +32,7 @@ import type {
|
||||
|
||||
// ── Helpers ─────────────────────────────────────────────────────────
|
||||
|
||||
class ApiError extends Error {
|
||||
export class ApiError extends Error {
|
||||
constructor(
|
||||
message: string,
|
||||
public readonly status: number
|
||||
@@ -141,11 +141,13 @@ function get<T>(path: string, signal?: AbortSignal): Promise<T> {
|
||||
return request<T>(path, signal ? { signal } : undefined);
|
||||
}
|
||||
|
||||
function post<T>(path: string, body?: unknown): Promise<T> {
|
||||
return request<T>(path, {
|
||||
function post<T>(path: string, body?: unknown, signal?: AbortSignal): Promise<T> {
|
||||
const init: RequestInit = {
|
||||
method: 'POST',
|
||||
body: body !== undefined ? JSON.stringify(body) : undefined
|
||||
});
|
||||
};
|
||||
if (signal) init.signal = signal;
|
||||
return request<T>(path, init);
|
||||
}
|
||||
|
||||
function put<T>(path: string, body: unknown): Promise<T> {
|
||||
@@ -171,8 +173,146 @@ function patch<T>(path: string, body: unknown): Promise<T> {
|
||||
// image port/healthcheck. `quickDeploy` (POST /api/deploy/quick) is gone:
|
||||
// it created a legacy Project + Stage in the now-dead path.
|
||||
|
||||
export function inspectImage(image: string): Promise<InspectResult> {
|
||||
return post<InspectResult>('/api/deploy/inspect', { image });
|
||||
export function inspectImage(image: string, signal?: AbortSignal): Promise<InspectResult> {
|
||||
return post<InspectResult>('/api/deploy/inspect', { image }, signal);
|
||||
}
|
||||
|
||||
// ── Discovery (/apps/new wizard helpers) ───────────────────────────
|
||||
// These endpoints back the auto-discovery + connection-test flow that
|
||||
// the static-site creation wizard used in the legacy /sites/new page.
|
||||
// They are admin-gated; the token is plaintext over HTTPS and is not
|
||||
// persisted server-side.
|
||||
|
||||
// GitProviderKind is the union the *frontend* sends. The empty string
|
||||
// means "auto-detect server-side" (DetectProviderWithProbe runs).
|
||||
export type GitProviderKind = '' | 'gitea' | 'github' | 'gitlab';
|
||||
|
||||
// DetectedGitProvider is the narrower union the backend's detect
|
||||
// endpoint actually returns — `staticsite.DetectProviderWithProbe`
|
||||
// always resolves to one of the three concrete kinds (it falls back to
|
||||
// `gitea` for unknown hosts). Kept distinct from GitProviderKind so a
|
||||
// successful detection cannot ever set the dropdown back to "".
|
||||
export type DetectedGitProvider = 'gitea' | 'github' | 'gitlab';
|
||||
|
||||
export interface RepoInfo {
|
||||
owner: string;
|
||||
name: string;
|
||||
full_name: string;
|
||||
description: string;
|
||||
private: boolean;
|
||||
html_url: string;
|
||||
}
|
||||
|
||||
export interface FolderEntry {
|
||||
path: string;
|
||||
is_dir: boolean;
|
||||
}
|
||||
|
||||
export interface DiscoveryGitRequest {
|
||||
provider?: GitProviderKind;
|
||||
base_url: string;
|
||||
access_token?: string;
|
||||
repo_owner?: string;
|
||||
repo_name?: string;
|
||||
branch?: string;
|
||||
query?: string;
|
||||
}
|
||||
|
||||
export interface ImageConflict {
|
||||
id: string;
|
||||
name: string;
|
||||
image: string;
|
||||
app_id?: string;
|
||||
}
|
||||
|
||||
export function detectGitProvider(
|
||||
baseURL: string,
|
||||
signal?: AbortSignal
|
||||
): Promise<{ provider: DetectedGitProvider }> {
|
||||
return post<{ provider: DetectedGitProvider }>(
|
||||
'/api/discovery/git/detect-provider',
|
||||
{ base_url: baseURL },
|
||||
signal
|
||||
);
|
||||
}
|
||||
|
||||
export function testGitConnection(
|
||||
req: DiscoveryGitRequest,
|
||||
signal?: AbortSignal
|
||||
): Promise<{ status: string }> {
|
||||
return post<{ status: string }>('/api/discovery/git/test-connection', req, signal);
|
||||
}
|
||||
|
||||
export function listGitRepos(req: DiscoveryGitRequest, signal?: AbortSignal): Promise<RepoInfo[]> {
|
||||
return post<RepoInfo[]>('/api/discovery/git/repos', req, signal);
|
||||
}
|
||||
|
||||
export function listGitBranches(
|
||||
req: DiscoveryGitRequest,
|
||||
signal?: AbortSignal
|
||||
): Promise<string[]> {
|
||||
return post<string[]>('/api/discovery/git/branches', req, signal);
|
||||
}
|
||||
|
||||
export function listGitTree(req: DiscoveryGitRequest, signal?: AbortSignal): Promise<FolderEntry[]> {
|
||||
return post<FolderEntry[]>('/api/discovery/git/tree', req, signal);
|
||||
}
|
||||
|
||||
export function listImageConflicts(image: string, signal?: AbortSignal): Promise<ImageConflict[]> {
|
||||
return get<ImageConflict[]>(
|
||||
`/api/discovery/image/conflicts?image=${encodeURIComponent(image)}`,
|
||||
signal
|
||||
);
|
||||
}
|
||||
|
||||
// ── Workload runtime view (runtime-state, storage, stop, start) ────
|
||||
// Backed by internal/api/workload_runtime.go. The shapes mirror the
|
||||
// Go side exactly so the UI can render without further normalization.
|
||||
|
||||
export interface WorkloadRuntimeState {
|
||||
source_kind: string;
|
||||
has_state: boolean;
|
||||
container_id?: string;
|
||||
state?: string;
|
||||
status?: string;
|
||||
last_commit_sha?: string;
|
||||
last_sync_at?: string;
|
||||
last_error?: string;
|
||||
}
|
||||
|
||||
export interface WorkloadStorageUsage {
|
||||
source_kind: string;
|
||||
enabled: boolean;
|
||||
used_bytes: number;
|
||||
limit_mb?: number;
|
||||
probe_error?: string;
|
||||
}
|
||||
|
||||
export interface StopStartResult {
|
||||
touched: number;
|
||||
failed: number;
|
||||
}
|
||||
|
||||
export function getWorkloadRuntimeState(
|
||||
id: string,
|
||||
signal?: AbortSignal
|
||||
): Promise<WorkloadRuntimeState> {
|
||||
return get<WorkloadRuntimeState>(`/api/workloads/${id}/runtime-state`, signal);
|
||||
}
|
||||
|
||||
export function getWorkloadStorage(
|
||||
id: string,
|
||||
signal?: AbortSignal
|
||||
): Promise<WorkloadStorageUsage> {
|
||||
return get<WorkloadStorageUsage>(`/api/workloads/${id}/storage`, signal);
|
||||
}
|
||||
|
||||
export function stopWorkload(id: string): Promise<StopStartResult> {
|
||||
return post<StopStartResult>(`/api/workloads/${id}/stop`);
|
||||
}
|
||||
|
||||
export function startWorkload(id: string): Promise<StopStartResult> {
|
||||
return post<StopStartResult>(`/api/workloads/${id}/start`);
|
||||
}
|
||||
|
||||
// ── Registries ──────────────────────────────────────────────────────
|
||||
@@ -1055,4 +1195,3 @@ export function getLogScanStats(signal?: AbortSignal): Promise<LogScanStats> {
|
||||
return get<LogScanStats>('/api/log-scan-rules/stats', signal);
|
||||
}
|
||||
|
||||
export { ApiError };
|
||||
|
||||
Reference in New Issue
Block a user