alexei.dolgolyov
cba2149aa9
Wraps up the workload refactor with the fixes that came out of the multi-agent code review (see docs/plans/workload-refactor.md "What actually shipped"). Backend: - store.ReconcileContainer: separate write path so the 30s reconciler tick no longer overwrites deployer-owned fields (subdomain, proxy_route_id, npm_proxy_id, image_tag). - Container.stage_id column + index; ListProxyRoutes / ListContainersByStageID join via stage_id (survives stage rename), with legacy fallback to (project_id, role=stage_name). - Reconciler: workload-existence check (rejects forged tinyforge.workload.id labels), skips inventing project-kind rows, child-context cancel before wg.Wait() on shutdown. - Transactional CRUD across projects / stacks / static_sites: parent UPDATE and workload sync land in one transaction so secret rotations are durable. - Webhook routing reads exclusively through workloads.webhook_secret; legacy GetProjectByWebhookSecret / GetStaticSiteByWebhookSecret fallback removed. - store.GetStackByComposeProjectName + indexed lookup (no more full-table stack scan per compose container per tick). - store.ListMissingSweepRows: filtered query for the missing-sweep. - /api/instances/* handlers verify (workload_id, role) match URL (project_id, stage_name) before mutating — closes the cross-project hijack the security review flagged. - extra_json no longer referenced from Go (column kept on disk for now). Frontend: - WorkloadContainers.svelte: generic detail-page panel reusable by stack and site detail pages. - Containers page polish: client-side kind/state filters over an unfiltered fetch, URL-synced filters, race-safe loads via sequence number, EN+RU i18n, sidebar counter via navCounts.containers. Misc: - scripts/dev-server.sh: tolerate empty netstat grep result. - .gitignore: ignore docker-watcher binaries, .claude/worktrees/, .facts-sync.json.
42 lines
1.3 KiB
Bash
42 lines
1.3 KiB
Bash
#!/usr/bin/env bash
|
|
# Start (or restart) the Tinyforge dev server on port 8090.
|
|
# Usage: ./scripts/dev-server.sh
|
|
|
|
set -euo pipefail
|
|
|
|
PORT="${LISTEN_ADDR:-:8090}"
|
|
PORT_NUM="${PORT#:}"
|
|
|
|
# Kill existing process on the port if any.
|
|
PID=$(netstat -aon 2>/dev/null | { grep ":${PORT_NUM}.*LISTEN" || true; } | awk '{print $5}' | head -1)
|
|
if [ -n "$PID" ] && [ "$PID" != "0" ]; then
|
|
echo "Stopping existing process on port ${PORT_NUM} (PID ${PID})..."
|
|
taskkill //F //PID "$PID" 2>/dev/null || kill "$PID" 2>/dev/null || true
|
|
sleep 1
|
|
fi
|
|
|
|
# Use a stable encryption key for development.
|
|
# Generate once and save to data/.dev-key so encrypted tokens survive restarts.
|
|
if [ -z "${ENCRYPTION_KEY:-}" ]; then
|
|
KEY_FILE="./data/.dev-key"
|
|
mkdir -p ./data
|
|
if [ -f "$KEY_FILE" ]; then
|
|
ENCRYPTION_KEY=$(cat "$KEY_FILE")
|
|
else
|
|
ENCRYPTION_KEY=$(openssl rand -hex 32)
|
|
echo "$ENCRYPTION_KEY" > "$KEY_FILE"
|
|
echo "Generated new dev encryption key (saved to $KEY_FILE)"
|
|
fi
|
|
fi
|
|
export ENCRYPTION_KEY
|
|
export ADMIN_PASSWORD="${ADMIN_PASSWORD:-admin123}"
|
|
export LISTEN_ADDR="${PORT}"
|
|
|
|
# Rebuild frontend so go:embed picks up changes.
|
|
echo "Building frontend..."
|
|
(cd web && npm run build --silent)
|
|
|
|
echo "Starting Tinyforge on http://localhost:${PORT_NUM}"
|
|
echo "Login: admin / ${ADMIN_PASSWORD}"
|
|
exec go run ./cmd/server
|