alexei.dolgolyov
410a131cec
This session (frontend focus):
- Rebuild /apps/new as a 4-step wizard (Basics → Configure → Trigger → Review):
WizardRail, SourceKindPicker card grid, AppManifest review, per-step validation,
ConfirmDialog-based unsaved-changes guard.
- Extract lib/workload/sourceForms.ts (single source of truth for source_config)
+ {Image,Compose,Static,Dockerfile}SourceForm + StaticDiscoveryWizard; fold the
/apps/[id] edit form onto the same components (removes the duplication). Add
vitest + sourceForms unit tests.
- Branch preview environments UI: /chain is_preview/preview_branch + a Preview
environments panel on /apps/[id] (per-branch URLs, ConfirmDialog teardown, armed
state); RegistryImagePicker on the registry trigger and the image source.
- Fixes: image-inspect 404 -> admin-gated POST /api/discovery/image/inspect;
conflict-panel blur flicker; friendly localized discovery errors; CPU/Memory
label hints; dashboard + /apps "Total workloads" count only source_kind workloads
(drop stale trigger_kind gate); NPM cert/access-list name cache; EntityPicker
empty-list guard.
- Update CLAUDE.md frontend conventions + add a Build & Test section.
Also captures pre-existing in-progress platform work (not from this session):
workload notifications, Prometheus metrics export, store lockfile, health probes,
backup hardening, and related store/webhook/scheduler changes.
65 lines
2.5 KiB
Go
65 lines
2.5 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"log/slog"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/alexei/tinyforge/internal/metrics"
|
|
)
|
|
|
|
// livez always returns 200 if the process is up. Used by container
|
|
// orchestrators / load balancers / Docker HEALTHCHECK as the "is the
|
|
// binary alive" probe. Intentionally does NOT touch the DB or Docker —
|
|
// a slow DB must not cause restart loops.
|
|
func (s *Server) livez(w http.ResponseWriter, _ *http.Request) {
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
_, _ = w.Write([]byte("ok\n"))
|
|
}
|
|
|
|
// readyz returns 200 only when the process can actually serve traffic:
|
|
// SQLite is reachable, the encryption key is loaded, the deployer is
|
|
// not draining. The response body is intentionally minimal — the
|
|
// specific failing probe name is recorded in slog (operator-visible)
|
|
// rather than returned to unauthenticated callers. This avoids handing
|
|
// reconnaissance to an attacker who can hit /readyz during an outage
|
|
// ("DB down" vs "encryption key missing" leaks operational state).
|
|
func (s *Server) readyz(w http.ResponseWriter, r *http.Request) {
|
|
ctx, cancel := context.WithTimeout(r.Context(), 2*time.Second)
|
|
defer cancel()
|
|
|
|
// DB ping: cheap and exact — exercises the connection pool, file
|
|
// lock, and busy-timeout. A failing ping means SQLite WAL is wedged
|
|
// or the data dir is gone.
|
|
if err := s.store.DB().PingContext(ctx); err != nil {
|
|
slog.Warn("readyz: db ping failed", "error", err)
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
w.WriteHeader(http.StatusServiceUnavailable)
|
|
_, _ = w.Write([]byte("not ready\n"))
|
|
return
|
|
}
|
|
|
|
// Encryption key sanity: if it's zero we cannot decrypt any stored
|
|
// secret, so the deployer paths will all explode at first use.
|
|
if s.encKey == ([32]byte{}) {
|
|
slog.Warn("readyz: encryption key not loaded")
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
w.WriteHeader(http.StatusServiceUnavailable)
|
|
_, _ = w.Write([]byte("not ready\n"))
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
_, _ = w.Write([]byte("ready\n"))
|
|
}
|
|
|
|
// metricsExport writes the process-wide metrics registry in Prometheus
|
|
// text format. Admin-only by router placement; surface is intentionally
|
|
// thin (no histograms / quantiles, only counters) to keep the binary
|
|
// dependency-free.
|
|
func (s *Server) metricsExport(w http.ResponseWriter, _ *http.Request) {
|
|
w.Header().Set("Content-Type", "text/plain; version=0.0.4; charset=utf-8")
|
|
_ = metrics.DefaultRegistry.WritePrometheus(w)
|
|
}
|