alexei.dolgolyov
7733e64b08
A dockerfile or static workload can opt in to reading its deploy config from a
.tinyforge.yml in its own repo. Tinyforge fetches the file, shows field-level
drift vs the live config, and an admin applies it with an explicit Sync. The
repo becomes the source of truth for the declared fields. Manual-sync only;
no auto-apply on deploy, no multi-workload reconcile, no create/delete in v1.
Scope is deliberately source-aware and source_config-resident: dockerfile
declares port/healthcheck/deploy_strategy, static declares deploy_strategy.
The file never carries repo coords or secrets (those stay in the encrypted
DB), which keeps credentials out of the repo.
Backend:
- internal/gitops: Spec/ParseSpec (KnownFields rejects unknown keys), a
source-aware ApplyPlan/BuildPlan, MergeAndValidate (omitted-field-preserving
deep merge + validate-the-merged-result-then-commit — never a partial
config), declared-only Drift with normalization, and Fetch with
ok/no_file/fetch_failed/invalid statuses and token-redacted messages.
- staticsite: DownloadFile added to GitProvider + Gitea/GitHub/GitLab impls,
reusing each provider's SSRF-safe client; 64 KiB cap; ErrFileNotFound.
- store: 4 additive gitops_* columns + setters (disjoint from UpdateWorkload
so the edit-form save and a sync never clobber each other).
- api: GET /workloads/{id}/gitops (status + raw + live drift + managed_fields),
PUT /gitops (admin, enable/path, traversal-safe), POST /gitops/sync (admin,
per-workload locked read->merge->validate->write, audited to event_log).
Frontend:
- GitOpsPanel.svelte: status pill, a purpose-built field-level drift view,
.tinyforge.yml preview, enable ToggleSwitch, Sync via ConfirmDialog; all five
statuses handled, admin affordances gated on the real viewer role.
- GitOps-managed badge (list + detail hero) and a read-only edit-form banner.
- api.ts fetchers + types; i18n apps.detail.gitops.* (en + ru parity).
Built phase-by-phase with an adversarial plan review (caught 5 design flaws
pre-implementation) and an independent review per phase (go / security / ts /
final) — all APPROVE, 0 CRITICAL/HIGH. docs/gitops.md documents the schema and
what's intentionally out of v1. Plan: plans/gitops/.
126 lines
4.6 KiB
Go
126 lines
4.6 KiB
Go
package staticsite
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"testing"
|
|
)
|
|
|
|
// fakeReporterProvider is a stub GitProvider that records SetCommitStatus
|
|
// calls. Only the methods the reporter exercises are meaningful; the rest
|
|
// satisfy the interface and panic if ever hit so a mis-wired test is loud.
|
|
type fakeReporterProvider struct {
|
|
calls []reporterStatusCall
|
|
failErr error // when set, SetCommitStatus returns it (best-effort path)
|
|
}
|
|
|
|
type reporterStatusCall struct {
|
|
owner, repo, sha string
|
|
status CommitStatus
|
|
targetURL, descr string
|
|
}
|
|
|
|
func (f *fakeReporterProvider) SetCommitStatus(_ context.Context, owner, repo, sha string, status CommitStatus, targetURL, description string) error {
|
|
f.calls = append(f.calls, reporterStatusCall{owner, repo, sha, status, targetURL, description})
|
|
return f.failErr
|
|
}
|
|
|
|
func (*fakeReporterProvider) Name() string { return "fake" }
|
|
func (*fakeReporterProvider) TestConnection(context.Context, string, string) error {
|
|
panic("unused")
|
|
}
|
|
func (*fakeReporterProvider) ListRepos(context.Context, string) ([]RepoInfo, error) {
|
|
panic("unused")
|
|
}
|
|
func (*fakeReporterProvider) ListBranches(context.Context, string, string) ([]string, error) {
|
|
panic("unused")
|
|
}
|
|
func (*fakeReporterProvider) GetLatestCommitSHA(context.Context, string, string, string) (string, error) {
|
|
panic("unused")
|
|
}
|
|
func (*fakeReporterProvider) ListTree(context.Context, string, string, string) ([]FolderEntry, error) {
|
|
panic("unused")
|
|
}
|
|
func (*fakeReporterProvider) DownloadFolder(context.Context, string, string, string, string, string) error {
|
|
panic("unused")
|
|
}
|
|
func (*fakeReporterProvider) DownloadFile(context.Context, string, string, string, string, int64) ([]byte, error) {
|
|
panic("unused")
|
|
}
|
|
|
|
// Enabled: forwards to the provider with the captured identifiers + target.
|
|
func TestCommitStatusReporter_Enabled_Calls(t *testing.T) {
|
|
fp := &fakeReporterProvider{}
|
|
r := NewCommitStatusReporter(fp, "owner", "pages", "abc123", "https://app.example.com", true)
|
|
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusPending, "Tinyforge: deploying")
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusSuccess, "Tinyforge: deployed")
|
|
|
|
if len(fp.calls) != 2 {
|
|
t.Fatalf("calls = %d, want 2", len(fp.calls))
|
|
}
|
|
first := fp.calls[0]
|
|
if first.owner != "owner" || first.repo != "pages" || first.sha != "abc123" {
|
|
t.Errorf("identifiers wrong: %+v", first)
|
|
}
|
|
if first.status != CommitStatusPending {
|
|
t.Errorf("first status = %q, want pending", first.status)
|
|
}
|
|
if first.targetURL != "https://app.example.com" {
|
|
t.Errorf("targetURL = %q", first.targetURL)
|
|
}
|
|
if fp.calls[1].status != CommitStatusSuccess {
|
|
t.Errorf("second status = %q, want success", fp.calls[1].status)
|
|
}
|
|
}
|
|
|
|
// Disabled: the reporter is inert.
|
|
func TestCommitStatusReporter_Disabled_NoCalls(t *testing.T) {
|
|
fp := &fakeReporterProvider{}
|
|
r := NewCommitStatusReporter(fp, "owner", "pages", "abc123", "", false)
|
|
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusSuccess, "x")
|
|
if len(fp.calls) != 0 {
|
|
t.Fatalf("expected no calls when disabled, got %d", len(fp.calls))
|
|
}
|
|
}
|
|
|
|
// An empty SHA (e.g. a provider that couldn't resolve the branch) must not
|
|
// produce a status call even when reporting is enabled.
|
|
func TestCommitStatusReporter_EmptySHA_NoCalls(t *testing.T) {
|
|
fp := &fakeReporterProvider{}
|
|
r := NewCommitStatusReporter(fp, "owner", "pages", "", "", true)
|
|
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusPending, "x")
|
|
if len(fp.calls) != 0 {
|
|
t.Fatalf("expected no calls with empty SHA, got %d", len(fp.calls))
|
|
}
|
|
}
|
|
|
|
// A provider error must be swallowed (best-effort) — Report never panics or
|
|
// propagates. We assert it returns normally after a failing provider call.
|
|
func TestCommitStatusReporter_ProviderError_Swallowed(t *testing.T) {
|
|
fp := &fakeReporterProvider{failErr: errors.New("boom")}
|
|
r := NewCommitStatusReporter(fp, "owner", "pages", "abc123", "", true)
|
|
|
|
// Should not panic / propagate.
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusFailure, "Tinyforge: deploy failed")
|
|
if len(fp.calls) != 1 {
|
|
t.Fatalf("expected the failing call to still be recorded, got %d", len(fp.calls))
|
|
}
|
|
}
|
|
|
|
// A nil reporter (constructed only when needed in some call paths) is safe.
|
|
func TestCommitStatusReporter_NilSafe(t *testing.T) {
|
|
var r *CommitStatusReporter
|
|
// Must not panic.
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusSuccess, "x")
|
|
}
|
|
|
|
// A nil provider on an enabled reporter is also a no-op (defensive guard).
|
|
func TestCommitStatusReporter_NilProvider_NoPanic(t *testing.T) {
|
|
r := NewCommitStatusReporter(nil, "owner", "pages", "abc123", "", true)
|
|
// Must not panic.
|
|
r.Report(context.Background(), "site", "wid-1", CommitStatusSuccess, "x")
|
|
}
|