alexei.dolgolyov
410a131cec
This session (frontend focus):
- Rebuild /apps/new as a 4-step wizard (Basics → Configure → Trigger → Review):
WizardRail, SourceKindPicker card grid, AppManifest review, per-step validation,
ConfirmDialog-based unsaved-changes guard.
- Extract lib/workload/sourceForms.ts (single source of truth for source_config)
+ {Image,Compose,Static,Dockerfile}SourceForm + StaticDiscoveryWizard; fold the
/apps/[id] edit form onto the same components (removes the duplication). Add
vitest + sourceForms unit tests.
- Branch preview environments UI: /chain is_preview/preview_branch + a Preview
environments panel on /apps/[id] (per-branch URLs, ConfirmDialog teardown, armed
state); RegistryImagePicker on the registry trigger and the image source.
- Fixes: image-inspect 404 -> admin-gated POST /api/discovery/image/inspect;
conflict-panel blur flicker; friendly localized discovery errors; CPU/Memory
label hints; dashboard + /apps "Total workloads" count only source_kind workloads
(drop stale trigger_kind gate); NPM cert/access-list name cache; EntityPicker
empty-list guard.
- Update CLAUDE.md frontend conventions + add a Build & Test section.
Also captures pre-existing in-progress platform work (not from this session):
workload notifications, Prometheus metrics export, store lockfile, health probes,
backup hardening, and related store/webhook/scheduler changes.
180 lines
5.8 KiB
Go
180 lines
5.8 KiB
Go
package dockerfile
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"log/slog"
|
|
"sync"
|
|
|
|
"github.com/alexei/tinyforge/internal/store"
|
|
"github.com/alexei/tinyforge/internal/workload/plugin"
|
|
)
|
|
|
|
// runtimeState is the per-workload state we persist inside the
|
|
// container row's extra_json blob. Mirrors the static plugin's
|
|
// runtimeState shape so anyone reading the DB can interpret the two
|
|
// kinds identically.
|
|
//
|
|
// LastImageDigest is the build's image ID — distinct from a registry
|
|
// digest (we never push) but useful for "did the build actually
|
|
// produce a different artifact?" diffing when we add caching later.
|
|
type runtimeState struct {
|
|
LastCommitSHA string `json:"last_commit_sha,omitempty"`
|
|
LastImageDigest string `json:"last_image_digest,omitempty"`
|
|
LastSyncAt string `json:"last_sync_at,omitempty"`
|
|
LastError string `json:"last_error,omitempty"`
|
|
Status string `json:"status,omitempty"`
|
|
}
|
|
|
|
// runtimeStateKeys lists every JSON field name owned by runtimeState.
|
|
// saveState strips these from the generic map before re-emitting so
|
|
// the typed values do not double-write under both their JSON tag and
|
|
// any subsequent extension's tag.
|
|
var runtimeStateKeys = []string{
|
|
"last_commit_sha", "last_image_digest", "last_sync_at", "last_error", "status",
|
|
}
|
|
|
|
// containerRowID is the deterministic container row ID. Stable across
|
|
// redeploys so saveState upserts in place.
|
|
func containerRowID(w plugin.Workload) string {
|
|
return w.ID + ":dockerfile"
|
|
}
|
|
|
|
// loadState returns the persisted runtime state plus the underlying
|
|
// container row. Both values are zero on first deploy.
|
|
func loadState(deps plugin.Deps, w plugin.Workload) (runtimeState, *store.Container, error) {
|
|
row, err := deps.Store.GetContainerByID(containerRowID(w))
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
return runtimeState{}, nil, nil
|
|
}
|
|
return runtimeState{}, nil, fmt.Errorf("dockerfile source: load state: %w", err)
|
|
}
|
|
st := runtimeState{}
|
|
if row.ExtraJSON != "" && row.ExtraJSON != "{}" {
|
|
if err := json.Unmarshal([]byte(row.ExtraJSON), &st); err != nil {
|
|
slog.Debug("dockerfile source: decode extra_json", "workload", w.ID, "error", err)
|
|
}
|
|
}
|
|
return st, &row, nil
|
|
}
|
|
|
|
// saveLocks serializes per-workload RMW of the container row. Same
|
|
// pattern as the static plugin — SQLite's MaxOpenConns=1 serializes
|
|
// statements but not the caller's read-then-write intent, so two
|
|
// concurrent deploys for the same workload could stomp each other's
|
|
// container_id / proxy_route_id without this mutex.
|
|
//
|
|
// Entries are reference-counted and removed only when the last holder
|
|
// releases. This bounds memory (no per-workload-ID leak) WITHOUT the
|
|
// use-after-delete hazard of deleting an entry on teardown: deleting a
|
|
// live entry while a concurrent saveState still holds (or is about to
|
|
// lock) it would let a fresh saveState mint a SECOND mutex for the same
|
|
// workload, losing the RMW serialization the lock exists to provide.
|
|
var saveLocks struct {
|
|
mu sync.Mutex
|
|
locks map[string]*saveLock
|
|
}
|
|
|
|
type saveLock struct {
|
|
mu sync.Mutex
|
|
refs int
|
|
}
|
|
|
|
// acquireSaveLock returns the per-workload lock (creating it on first use),
|
|
// registers this caller as a holder, and takes the lock. Pair with
|
|
// releaseSaveLock. The outer mutex is held only for the bookkeeping; callers
|
|
// contend on the returned per-workload lock.
|
|
func acquireSaveLock(workloadID string) *saveLock {
|
|
saveLocks.mu.Lock()
|
|
if saveLocks.locks == nil {
|
|
saveLocks.locks = map[string]*saveLock{}
|
|
}
|
|
l, ok := saveLocks.locks[workloadID]
|
|
if !ok {
|
|
l = &saveLock{}
|
|
saveLocks.locks[workloadID] = l
|
|
}
|
|
l.refs++
|
|
saveLocks.mu.Unlock()
|
|
l.mu.Lock()
|
|
return l
|
|
}
|
|
|
|
// releaseSaveLock unlocks and drops the caller's reference, removing the map
|
|
// entry once no holders remain. Because refs is incremented under saveLocks.mu
|
|
// before the entry can be observed for deletion, an entry with a pending
|
|
// acquirer is never deleted.
|
|
func releaseSaveLock(workloadID string, l *saveLock) {
|
|
l.mu.Unlock()
|
|
saveLocks.mu.Lock()
|
|
l.refs--
|
|
if l.refs == 0 {
|
|
delete(saveLocks.locks, workloadID)
|
|
}
|
|
saveLocks.mu.Unlock()
|
|
}
|
|
|
|
// saveState upserts the container row, calling mutate so callers can
|
|
// adjust both the typed runtime state and the row's first-class fields
|
|
// in one transaction. Unknown keys in extra_json survive the round-trip
|
|
// so future writers can extend the blob without forcing this struct to
|
|
// grow.
|
|
func saveState(deps plugin.Deps, w plugin.Workload, mutate func(*runtimeState, *store.Container)) error {
|
|
lk := acquireSaveLock(w.ID)
|
|
defer releaseSaveLock(w.ID, lk)
|
|
|
|
prev, prevRow, err := loadState(deps, w)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
row := store.Container{
|
|
ID: containerRowID(w),
|
|
WorkloadID: w.ID,
|
|
WorkloadKind: string(store.WorkloadKindBuild),
|
|
Host: "local",
|
|
}
|
|
if prevRow != nil {
|
|
row = *prevRow
|
|
}
|
|
|
|
generic := map[string]json.RawMessage{}
|
|
if row.ExtraJSON != "" && row.ExtraJSON != "{}" {
|
|
if err := json.Unmarshal([]byte(row.ExtraJSON), &generic); err != nil {
|
|
slog.Debug("dockerfile source: decode extra_json (generic)", "workload", w.ID, "error", err)
|
|
}
|
|
}
|
|
for _, k := range runtimeStateKeys {
|
|
delete(generic, k)
|
|
}
|
|
|
|
state := prev
|
|
mutate(&state, &row)
|
|
|
|
typedBytes, err := json.Marshal(state)
|
|
if err != nil {
|
|
return fmt.Errorf("dockerfile source: marshal state: %w", err)
|
|
}
|
|
typedMap := map[string]json.RawMessage{}
|
|
if err := json.Unmarshal(typedBytes, &typedMap); err != nil {
|
|
return fmt.Errorf("dockerfile source: re-decode typed state: %w", err)
|
|
}
|
|
for k, v := range typedMap {
|
|
generic[k] = v
|
|
}
|
|
|
|
merged, err := json.Marshal(generic)
|
|
if err != nil {
|
|
return fmt.Errorf("dockerfile source: marshal merged state: %w", err)
|
|
}
|
|
row.ExtraJSON = string(merged)
|
|
row.LastSeenAt = store.Now()
|
|
|
|
if err := deps.Store.UpsertContainer(row); err != nil {
|
|
return fmt.Errorf("dockerfile source: upsert container row: %w", err)
|
|
}
|
|
return nil
|
|
}
|