alexei.dolgolyov
7733e64b08
A dockerfile or static workload can opt in to reading its deploy config from a
.tinyforge.yml in its own repo. Tinyforge fetches the file, shows field-level
drift vs the live config, and an admin applies it with an explicit Sync. The
repo becomes the source of truth for the declared fields. Manual-sync only;
no auto-apply on deploy, no multi-workload reconcile, no create/delete in v1.
Scope is deliberately source-aware and source_config-resident: dockerfile
declares port/healthcheck/deploy_strategy, static declares deploy_strategy.
The file never carries repo coords or secrets (those stay in the encrypted
DB), which keeps credentials out of the repo.
Backend:
- internal/gitops: Spec/ParseSpec (KnownFields rejects unknown keys), a
source-aware ApplyPlan/BuildPlan, MergeAndValidate (omitted-field-preserving
deep merge + validate-the-merged-result-then-commit — never a partial
config), declared-only Drift with normalization, and Fetch with
ok/no_file/fetch_failed/invalid statuses and token-redacted messages.
- staticsite: DownloadFile added to GitProvider + Gitea/GitHub/GitLab impls,
reusing each provider's SSRF-safe client; 64 KiB cap; ErrFileNotFound.
- store: 4 additive gitops_* columns + setters (disjoint from UpdateWorkload
so the edit-form save and a sync never clobber each other).
- api: GET /workloads/{id}/gitops (status + raw + live drift + managed_fields),
PUT /gitops (admin, enable/path, traversal-safe), POST /gitops/sync (admin,
per-workload locked read->merge->validate->write, audited to event_log).
Frontend:
- GitOpsPanel.svelte: status pill, a purpose-built field-level drift view,
.tinyforge.yml preview, enable ToggleSwitch, Sync via ConfirmDialog; all five
statuses handled, admin affordances gated on the real viewer role.
- GitOps-managed badge (list + detail hero) and a read-only edit-form banner.
- api.ts fetchers + types; i18n apps.detail.gitops.* (en + ru parity).
Built phase-by-phase with an adversarial plan review (caught 5 design flaws
pre-implementation) and an independent review per phase (go / security / ts /
final) — all APPROVE, 0 CRITICAL/HIGH. docs/gitops.md documents the schema and
what's intentionally out of v1. Plan: plans/gitops/.
49 lines
1.3 KiB
Go
49 lines
1.3 KiB
Go
package api
|
|
|
|
import (
|
|
"sort"
|
|
"testing"
|
|
|
|
"github.com/alexei/tinyforge/internal/gitops"
|
|
)
|
|
|
|
func TestValidGitOpsPath(t *testing.T) {
|
|
cases := []struct {
|
|
path string
|
|
ok bool
|
|
}{
|
|
{".tinyforge.yml", true},
|
|
{"deploy/.tinyforge.yml", true},
|
|
{"config/app.yaml", true},
|
|
{"/etc/passwd", false}, // absolute
|
|
{"\\windows\\path", false}, // absolute (backslash)
|
|
{"../../etc/passwd", false}, // traversal
|
|
{"deploy/../../x", false}, // traversal mid-path
|
|
{"foo?ref=evil", false}, // query-param injection (LOW-1)
|
|
{"foo#frag", false}, // fragment injection
|
|
{"with space.yml", false}, // whitespace
|
|
{"", false}, // empty
|
|
}
|
|
for _, c := range cases {
|
|
if got := validGitOpsPath(c.path); got != c.ok {
|
|
t.Errorf("validGitOpsPath(%q) = %v, want %v", c.path, got, c.ok)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestPlanFields(t *testing.T) {
|
|
spec := gitops.Spec{Version: 1, Deploy: gitops.DeploySpec{
|
|
Port: ptrInt(8080),
|
|
DeployStrategy: ptrStr("blue-green"),
|
|
}}
|
|
got := planFields(gitops.BuildPlan(spec, gitops.SourceDockerfile))
|
|
sort.Strings(got)
|
|
want := []string{"deploy_strategy", "port"}
|
|
if len(got) != len(want) || got[0] != want[0] || got[1] != want[1] {
|
|
t.Fatalf("planFields = %v, want %v", got, want)
|
|
}
|
|
}
|
|
|
|
func ptrInt(i int) *int { return &i }
|
|
func ptrStr(s string) *string { return &s }
|