alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
739b67856a26844f32c55b9ffd8919c8cfe647b7
tiny-forge/internal/staticsite/gitlab_provider.go
T
alexei.dolgolyov 234c3c711e
Build / build (push) Successful in 10m43s
Details
feat(static): inline static-source plugin; drop phantom-row adapter 
Lift the static-site deploy pipeline from internal/staticsite/manager.go
into internal/workload/plugin/source/static/ so plugin-native static
workloads operate directly on plugin.Workload + the containers table +
workload_env. The cmd/server/static_backend.go phantom-row adapter is
gone; the legacy static_sites table is no longer touched on plugin
deploys.

Backend
- new state.go: runtimeState (last_commit_sha, last_sync_at,
  last_error, status) persisted in containers.extra_json under the
  deterministic row id <workloadID>:site
- per-workload sync.Mutex serializes saveState read-modify-write so
  parallel deploys for the same workload can't race container_id /
  proxy_route_id writes
- extra_json round-trips through map[string]json.RawMessage so
  unknown keys survive — typed runtimeStateKeys are stripped before
  merge so clearing a typed field actually drops the key
- new env.go reads workload_env (replaces static_site_secrets for
  plugin-native sites); decrypt-failure logs and skips one entry
  rather than failing the whole deploy
- new build.go ports prepareDenoBuild + prepareStaticBuild + copyDir;
  copyDir uses filepath.WalkDir + Lstat to refuse symlinks and
  non-regular files
- new deploy.go is the ~300-line core; intent.Reason gates force vs
  skip-if-no-changes; success-path saveState failure rolls back
  container + proxy route and writes "failed" state (no orphans)
- new teardown.go combines Remove + Stop; idempotent on
  never-deployed workloads
- new reconcile.go refreshes container state from Docker; flips
  runtimeState.Status to failed when the container is missing/crashed

Hardening (from go-reviewer + security-reviewer subagent passes;
1 CRITICAL + 5 HIGH + 3 MEDIUM addressed before merge)
- path-traversal defense in all 3 providers (gitea_content,
  github_provider, gitlab_provider): reject tree entries whose
  resolved local path escapes destDir
- verifyDownloadInsideRoot walks the build dir post-download as a
  second line of defense
- sanitizeError redacts the access token, collapses to one line, and
  clamps to 240 bytes before persisting to extra_json or fanning out
  to the notification webhook
- container/image/volume names suffixed with workload-id short prefix
  (workload name is not UNIQUE in schema)
- primaryDomain reads settings.Domain to complete a bare subdomain
  face into a full FQDN (matches legacy Manager behavior)
- ctx-aware health-check sleep
- json.Marshal for event metadata (was fmt.Sprintf JSON template)
- strings.HasPrefix for failed-status detection (was brittle slice
  expression)

Wire-up
- cmd/server/main.go: removed wireStaticBackend(...) call; existing
  blank import on _ ".../source/static" drives init() registration
- cmd/server/static_backend.go deleted

Doc
- WORKLOAD_REFACTOR_TODO: static port marked DONE; next focus is
  the hard legacy cutover (drop /api/projects, /api/stacks,
  /api/sites, /api/stages + their tables, internal/stack +
  internal/staticsite packages, frontend /projects /stacks /sites)

Behavior notes for operators
- plugin-native static workloads no longer write to static_sites;
  legacy /api/sites/* still serves original rows unchanged
- legacy tinyforge.static-site / .static-site-name container labels
  dropped on plugin deploys; canonical tinyforge.workload.id / .kind
  cover ownership
- container/image/volume names gained an 8-char ID suffix
  (e.g. dw-site-mysite-a1b2c3d4); legacy-deployed sites keep the
  old shape until redeployed through the plugin path
2026-05-16 02:56:23 +03:00

265 lines
6.7 KiB
Go
Raw Blame History

package staticsite
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"os"
"path/filepath"
"strings"
"time"
)
// GitLabProvider implements GitProvider for GitLab repositories.
type GitLabProvider struct {
apiBase string // e.g., "https://gitlab.com/api/v4"
rawBase string // e.g., "https://gitlab.com"
token string
httpClient *http.Client
}
// NewGitLabProvider creates a new GitLab provider.
// baseURL should be "https://gitlab.com" or a self-hosted GitLab URL.
func NewGitLabProvider(baseURL, token string) *GitLabProvider {
base := strings.TrimRight(baseURL, "/")
return &GitLabProvider{
apiBase: base + "/api/v4",
rawBase: base,
token: token,
httpClient: &http.Client{
Timeout: 60 * time.Second,
},
}
}
func (g *GitLabProvider) Name() string { return "gitlab" }
// projectPath returns the URL-encoded project path (owner/repo → owner%2Frepo).
func projectPath(owner, repo string) string {
return url.PathEscape(owner + "/" + repo)
}
func (g *GitLabProvider) ListRepos(ctx context.Context, query string) ([]RepoInfo, error) {
var allRepos []RepoInfo
page := 1
for {
apiURL := fmt.Sprintf("%s/projects?membership=true&per_page=100&page=%d&order_by=last_activity_at", g.apiBase, page)
if query != "" {
apiURL += "&search=" + url.QueryEscape(query)
}
body, err := g.doGet(ctx, apiURL)
if err != nil {
return nil, fmt.Errorf("list repos: %w", err)
}
var projects []struct {
PathWithNamespace string `json:"path_with_namespace"`
Name string `json:"name"`
Description string `json:"description"`
Visibility string `json:"visibility"`
WebURL string `json:"web_url"`
Namespace struct {
Path string `json:"path"`
} `json:"namespace"`
}
if err := json.Unmarshal(body, &projects); err != nil {
return nil, fmt.Errorf("decode repos: %w", err)
}
for _, p := range projects {
allRepos = append(allRepos, RepoInfo{
Owner: p.Namespace.Path,
Name: p.Name,
FullName: p.PathWithNamespace,
Description: p.Description,
Private: p.Visibility != "public",
HTMLURL: p.WebURL,
})
}
if len(projects) < 100 {
break
}
page++
}
return allRepos, nil
}
func (g *GitLabProvider) TestConnection(ctx context.Context, owner, repo string) error {
apiURL := fmt.Sprintf("%s/projects/%s", g.apiBase, projectPath(owner, repo))
_, err := g.doGet(ctx, apiURL)
return err
}
func (g *GitLabProvider) ListBranches(ctx context.Context, owner, repo string) ([]string, error) {
var allBranches []string
page := 1
for {
apiURL := fmt.Sprintf("%s/projects/%s/repository/branches?per_page=100&page=%d",
g.apiBase, projectPath(owner, repo), page)
body, err := g.doGet(ctx, apiURL)
if err != nil {
return nil, fmt.Errorf("list branches: %w", err)
}
var branches []struct {
Name string `json:"name"`
}
if err := json.Unmarshal(body, &branches); err != nil {
return nil, fmt.Errorf("decode branches: %w", err)
}
for _, b := range branches {
allBranches = append(allBranches, b.Name)
}
if len(branches) < 100 {
break
}
page++
}
return allBranches, nil
}
func (g *GitLabProvider) GetLatestCommitSHA(ctx context.Context, owner, repo, branch string) (string, error) {
apiURL := fmt.Sprintf("%s/projects/%s/repository/branches/%s",
g.apiBase, projectPath(owner, repo), url.PathEscape(branch))
body, err := g.doGet(ctx, apiURL)
if err != nil {
return "", fmt.Errorf("get branch: %w", err)
}
var result struct {
Commit struct {
ID string `json:"id"`
} `json:"commit"`
}
if err := json.Unmarshal(body, &result); err != nil {
return "", fmt.Errorf("decode branch: %w", err)
}
return result.Commit.ID, nil
}
func (g *GitLabProvider) ListTree(ctx context.Context, owner, repo, branch string) ([]FolderEntry, error) {
var allEntries []FolderEntry
page := 1
for {
apiURL := fmt.Sprintf("%s/projects/%s/repository/tree?ref=%s&recursive=true&per_page=100&page=%d",
g.apiBase, projectPath(owner, repo), url.QueryEscape(branch), page)
body, err := g.doGet(ctx, apiURL)
if err != nil {
return nil, fmt.Errorf("list tree: %w", err)
}
var entries []struct {
Path string `json:"path"`
Type string `json:"type"` // "blob" or "tree"
}
if err := json.Unmarshal(body, &entries); err != nil {
return nil, fmt.Errorf("decode tree: %w", err)
}
for _, e := range entries {
allEntries = append(allEntries, FolderEntry{
Path: e.Path,
IsDir: e.Type == "tree",
})
}
if len(entries) < 100 {
break
}
page++
}
return allEntries, nil
}
func (g *GitLabProvider) DownloadFolder(ctx context.Context, owner, repo, branch, folderPath, destDir string) error {
entries, err := g.ListTree(ctx, owner, repo, branch)
if err != nil {
return fmt.Errorf("list tree: %w", err)
}
folderPath = strings.TrimPrefix(folderPath, "/")
folderPath = strings.TrimSuffix(folderPath, "/")
prefix := folderPath + "/"
for _, entry := range entries {
if entry.IsDir {
continue
}
if !strings.HasPrefix(entry.Path, prefix) {
continue
}
relativePath := strings.TrimPrefix(entry.Path, prefix)
localPath := filepath.Join(destDir, filepath.FromSlash(relativePath))
// Path-traversal defense: reject tree entries whose resolved
// path escapes destDir (e.g. `../etc/passwd` smuggled through
// a hostile self-hosted GitLab).
cleanDest := filepath.Clean(destDir)
if cleanRel := filepath.Clean(localPath); cleanRel != cleanDest &&
!strings.HasPrefix(cleanRel, cleanDest+string(os.PathSeparator)) {
return fmt.Errorf("rejecting tree entry outside dest: %s", relativePath)
}
// GitLab raw file URL: {base}/{owner}/{repo}/-/raw/{branch}/{path}
fileURL := fmt.Sprintf("%s/%s/%s/-/raw/%s/%s",
g.rawBase, owner, repo, branch, entry.Path)
if err := downloadFileHTTP(ctx, g.httpClient, fileURL, localPath, g.setAuth); err != nil {
return fmt.Errorf("download %s: %w", relativePath, err)
}
}
return nil
}
func (g *GitLabProvider) doGet(ctx context.Context, apiURL string) ([]byte, error) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, apiURL, nil)
if err != nil {
return nil, fmt.Errorf("create request: %w", err)
}
g.setAuth(req)
req.Header.Set("Accept", "application/json")
resp, err := g.httpClient.Do(req)
if err != nil {
return nil, fmt.Errorf("execute request: %w", err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("read response: %w", err)
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("unexpected status %d: %s", resp.StatusCode, string(body))
}
return body, nil
}
func (g *GitLabProvider) setAuth(req *http.Request) {
if g.token != "" {
req.Header.Set("PRIVATE-TOKEN", g.token)
}
}
Reference in New Issue View Git Blame Copy Permalink