alexei.dolgolyov
0c4c338bfe
Two additions to the app detail page, each backed by a per-workload
endpoint.
Deploy history + rollback:
- New deploy_history table — a structured, version-pinned ledger of every
dispatch (success AND failure), distinct from the free-text event_log.
Recorded at the single DispatchPlugin choke point so every source kind
is covered. The raw deploy error is never persisted (it can carry
registry-auth / compose-stdout secrets) — only a generic marker, with
detail going to slog. Pruned to the newest N per workload; cascade-
deleted with the workload.
- GET /api/workloads/{id}/deploys lists the ledger; POST .../rollback
(admin) replays a prior successful deploy's pinned reference as a
rollback-reason dispatch. Phase 1 is image-source only (RollbackCapable);
git-built sources need checkout-by-commit, a later phase.
- DeployHistoryPanel.svelte renders the ledger with confirm-gated rollback.
Per-workload metrics:
- ListContainerStatsSamplesByWorkload joins the existing container stats
samples through the containers index; GET /api/workloads/{id}/stats/history
aggregates CPU/memory per timestamp across the workload's containers.
- WorkloadMetricsPanel.svelte reuses ResourceChart (CPU% + memory MiB,
windowed, 15s poll).
en/ru i18n added with parity. Tests: store CRUD + cascade + workload-scoped
join, deployer recording (incl. secret-non-leak on failure), API rollback
guards, and per-timestamp aggregation. Plans under docs/plans/.
152 lines
4.9 KiB
Go
152 lines
4.9 KiB
Go
package api
|
|
|
|
import (
|
|
"errors"
|
|
"log/slog"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"github.com/alexei/tinyforge/internal/auth"
|
|
"github.com/alexei/tinyforge/internal/store"
|
|
"github.com/alexei/tinyforge/internal/workload/plugin"
|
|
)
|
|
|
|
// parseOffset parses a pagination offset, clamping anything invalid or
|
|
// negative to 0. parseLimit (secrets.go) handles the limit half.
|
|
func parseOffset(raw string) int {
|
|
n, err := strconv.Atoi(raw)
|
|
if err != nil || n < 0 {
|
|
return 0
|
|
}
|
|
return n
|
|
}
|
|
|
|
// rollbackCapableKinds is the single source of truth for which source kinds
|
|
// support reference-pinned redeploy. The image source resolves
|
|
// intent.Reference as the tag, so replaying a prior tag is a real rollback.
|
|
// static/dockerfile clone branch HEAD and cannot yet check out an arbitrary
|
|
// commit (a later phase); compose has no single artifact handle.
|
|
var rollbackCapableKinds = map[string]bool{"image": true}
|
|
|
|
// RollbackCapable reports whether a source kind supports one-click rollback.
|
|
// Used by both the list response (per-row `rollbackable` flag) and the
|
|
// rollback guard so the UI and the server never disagree.
|
|
func RollbackCapable(sourceKind string) bool { return rollbackCapableKinds[sourceKind] }
|
|
|
|
// listWorkloadDeploys handles GET /api/workloads/{id}/deploys. Read-only,
|
|
// open to any authenticated user (mirrors the per-workload events feed).
|
|
// Returns the structured deploy ledger newest-first with a server-computed
|
|
// `rollbackable` flag per row.
|
|
func (s *Server) listWorkloadDeploys(w http.ResponseWriter, r *http.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
if id == "" {
|
|
respondError(w, http.StatusBadRequest, "workload id is required")
|
|
return
|
|
}
|
|
|
|
q := r.URL.Query()
|
|
limit := parseLimit(q.Get("limit"), 50, 200)
|
|
offset := parseOffset(q.Get("offset"))
|
|
|
|
rows, err := s.store.ListDeployHistory(id, limit, offset)
|
|
if err != nil {
|
|
slog.Error("failed to list deploy history", "workload", id, "error", err)
|
|
respondError(w, http.StatusInternalServerError, "failed to list deploy history")
|
|
return
|
|
}
|
|
for i := range rows {
|
|
rows[i].Rollbackable = rows[i].Outcome == "success" &&
|
|
rows[i].Reference != "" &&
|
|
RollbackCapable(rows[i].SourceKind)
|
|
}
|
|
respondJSON(w, http.StatusOK, rows)
|
|
}
|
|
|
|
// rollbackWorkload handles POST /api/workloads/{id}/rollback. Admin-only
|
|
// (same gate as /deploy). Body: {"deploy_id": <id>}. It resolves the pinned
|
|
// reference from a prior successful, rollback-capable ledger row belonging
|
|
// to this workload and replays it as a `rollback`-reason deploy.
|
|
func (s *Server) rollbackWorkload(w http.ResponseWriter, r *http.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
|
|
row, err := s.store.GetWorkloadByID(id)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
respondNotFound(w, "workload")
|
|
return
|
|
}
|
|
respondError(w, http.StatusInternalServerError, "get workload")
|
|
return
|
|
}
|
|
if row.SourceKind == "" {
|
|
respondError(w, http.StatusBadRequest, "workload has no source_kind; cannot roll back")
|
|
return
|
|
}
|
|
|
|
var body struct {
|
|
DeployID int64 `json:"deploy_id"`
|
|
}
|
|
if !decodeJSONStrict(w, r, &body) {
|
|
return
|
|
}
|
|
if body.DeployID <= 0 {
|
|
respondError(w, http.StatusBadRequest, "deploy_id is required")
|
|
return
|
|
}
|
|
|
|
entry, err := s.store.GetDeployHistory(body.DeployID)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
respondNotFound(w, "deploy history entry")
|
|
return
|
|
}
|
|
respondError(w, http.StatusInternalServerError, "get deploy history")
|
|
return
|
|
}
|
|
// No cross-workload replay: the entry must belong to the path workload.
|
|
if entry.WorkloadID != id {
|
|
respondError(w, http.StatusBadRequest, "deploy entry does not belong to this workload")
|
|
return
|
|
}
|
|
if entry.Outcome != "success" {
|
|
respondError(w, http.StatusBadRequest, "cannot roll back to a failed deploy")
|
|
return
|
|
}
|
|
if entry.Reference == "" || !RollbackCapable(row.SourceKind) {
|
|
respondError(w, http.StatusBadRequest, "this deploy is not rollback-capable")
|
|
return
|
|
}
|
|
|
|
actor := "manual"
|
|
if claims, ok := auth.ClaimsFromContext(r.Context()); ok && claims.Username != "" {
|
|
actor = claims.Username
|
|
}
|
|
intent := plugin.DeploymentIntent{
|
|
Reason: "rollback",
|
|
Reference: entry.Reference,
|
|
Metadata: map[string]string{
|
|
"note": "rollback to " + entry.Reference,
|
|
"rollback_of": strconv.FormatInt(entry.ID, 10),
|
|
},
|
|
TriggeredAt: time.Now().UTC(),
|
|
TriggeredBy: actor,
|
|
}
|
|
if err := s.deployer.DispatchPlugin(r.Context(), toPluginWorkload(row), intent); err != nil {
|
|
// Raw error stays in the server log; client gets a generic message
|
|
// (the wrapped error can carry registry-auth bytes).
|
|
slog.Warn("rollback dispatch failed", "workload", id, "actor", actor,
|
|
"reference", entry.Reference, "error", err)
|
|
respondError(w, http.StatusInternalServerError, "rollback failed; see server logs")
|
|
return
|
|
}
|
|
respondJSON(w, http.StatusAccepted, map[string]any{
|
|
"workload_id": id,
|
|
"reference": entry.Reference,
|
|
"rollback_of": entry.ID,
|
|
"triggered_by": actor,
|
|
})
|
|
}
|