alexei.dolgolyov
ea55d31177
Build / build (push) Successful in 10m43s
Two-stage feature arc closing the gaps left by the hard legacy cutover.
The static-site creation wizard regains its auto-discovery + connection-test
flow; /apps/[id] grows the runtime/storage/lifecycle surface the legacy
/sites/[id] page used to expose.
Backend (Go)
- internal/api/discovery.go: six admin-gated endpoints wrapping
staticsite.GitProvider — POST /api/discovery/git/{detect-provider,
test-connection,repos,branches,tree} + GET /api/discovery/image/conflicts.
Identifier validation (validateGitIdent / validateGitBranch) at the
boundary so provider URL interpolation cannot be hijacked via `..`.
Upstream errors scrubbed: detailed slog on the server, generic 502 to
the client (mitigates token-reflection-in-error-page).
- internal/api/workload_runtime.go: four endpoints —
GET /api/workloads/{id}/runtime-state decodes containers.extra_json for
static workloads; GET /api/workloads/{id}/storage execs `du -sb /app/data`
with a 30s in-process cache (storageProbeCache) so polling can't turn
into per-request execs; POST /api/workloads/{id}/{stop,start} iterate
ListContainersByWorkload and call docker.StopContainer / StartContainer,
returning 200 / 409 (nothing to act on) / 502 (all failed).
- internal/staticsite/safehttp.go: NewSafeHTTPClient + ValidateBaseURL +
blockReason. DialContext re-resolves hostnames and refuses loopback /
link-local / multicast / unspecified addresses. RFC1918 + ULA explicitly
allowed (self-hosted Gitea on LAN is the dominant deployment).
Replaced four raw &http.Client{} constructions in the provider files.
- internal/staticsite/gitlab_provider.go: url.PathEscape each segment in
the raw-file URL builder for parity with projectPath().
- Test coverage: 26 cases in discovery_test.go (image-tag stripping,
source-config decoding, conflict scenarios, validator boundaries,
scheme rejection), 14 in workload_runtime_test.go (404 / 409 / nil-docker
/ probe-cache), 16 in safehttp_test.go (URL validation + block-reason
policy matrix + live dial against loopback + AWS metadata literals).
Frontend (Svelte 5 + runes)
- web/src/lib/api.ts: typed wrappers for every endpoint, AbortSignal
threaded through post(); ApiError exported so callers can narrow on
e.status; new DetectedGitProvider narrow union.
- web/src/routes/apps/new/+page.svelte: static-form discovery controls
(auto-detect provider, test connection, repo / branch / folder
EntityPickers, Deno auto-detect); image-form conflict panel with
debounced lookup + double-click submit guard ("Forge anyway") + Inspect
button that pre-fills port/healthcheck; English error fallbacks routed
through apps.new.errors.* (en + ru).
- web/src/routes/apps/[id]/+page.svelte: runtime-state panel + storage
panel + Stop / Start / Open-site toolbar; universal live-state badge
in the hero lede for image/compose/static (RUNNING / TRANSITIONING /
STOPPED / NOT DEPLOYED / MIXED · n/m RUNNING); ContainerStats panel
per row (auto-collapsing native <details> when N > 2); read-only
webhook bindings summary card; responsive toolbar overflow with native
<details> at <640px (z-index 100 above sticky nav).
- web/src/app.css: project-wide .forge-btn-ghost:focus-visible outline.
Hardening from go-reviewer + security-reviewer + typescript-reviewer +
frontend-design UI/UX subagents (0 CRITICAL, all HIGH/BLOCKER addressed
inline, IMPORTANT applied before commit):
- AbortController + per-call sequence tokens on every long-running
fetch (loadRuntimeState / loadStorage / loadTriggerMeta / inspectImage /
listImageConflicts) plus onDestroy cleanup so late resolves cannot
mutate dead component state.
- doStop / doStart snapshot and restore `error` across the finally-block
reload so a load()-cleared message doesn't hide a real failure.
- triggersById refreshed after inline trigger creation so the webhook
card doesn't silently exclude the just-created trigger.
- Live-state badge wraps in role=status / aria-live=polite (no redundant
aria-label).
- Webhook row has a single click target (was two pointing at the same URL).
- Empty webhook section hides entirely.
- Dropped role=menu / role=menuitem from the overflow menu (they would
promise arrow-key nav we don't wire; native Tab + ESC carry it).
Doc
- docs/CODEMAPS/INDEX.md + new docs/CODEMAPS/discovery-and-runtime.md
map the endpoint surface, security posture, frontend integration
patterns, and an "add a new probe" recipe.
Verification
- svelte-check: 0 errors, 3 pre-existing a11y warnings.
- go build + go vet + go test ./...: all green.
- i18n parity: en + ru at 1413 keys each.
- Live smoke against :8090: 404 / 409 / 502 envelopes correct, discovery
sanity passes, ProbeError surfaces on no-container path.
285 lines
7.5 KiB
Go
285 lines
7.5 KiB
Go
package staticsite
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// GitHubProvider implements GitProvider for GitHub repositories.
|
|
type GitHubProvider struct {
|
|
apiBase string // "https://api.github.com" for github.com
|
|
token string
|
|
httpClient *http.Client
|
|
}
|
|
|
|
// NewGitHubProvider creates a new GitHub provider.
|
|
// baseURL should be "https://github.com" or a GitHub Enterprise URL.
|
|
func NewGitHubProvider(baseURL, token string) *GitHubProvider {
|
|
apiBase := "https://api.github.com"
|
|
base := strings.TrimRight(baseURL, "/")
|
|
if base != "https://github.com" && base != "http://github.com" {
|
|
// GitHub Enterprise: API is at {base}/api/v3
|
|
apiBase = base + "/api/v3"
|
|
}
|
|
|
|
return &GitHubProvider{
|
|
apiBase: apiBase,
|
|
token: token,
|
|
httpClient: NewSafeHTTPClient(60 * time.Second),
|
|
}
|
|
}
|
|
|
|
func (g *GitHubProvider) Name() string { return "github" }
|
|
|
|
func (g *GitHubProvider) ListRepos(ctx context.Context, query string) ([]RepoInfo, error) {
|
|
var allRepos []RepoInfo
|
|
|
|
if query != "" {
|
|
// Use search API.
|
|
url := fmt.Sprintf("%s/search/repositories?q=%s&per_page=50", g.apiBase, query)
|
|
body, err := g.doGet(ctx, url)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("search repos: %w", err)
|
|
}
|
|
|
|
var result struct {
|
|
Items []struct {
|
|
Owner struct {
|
|
Login string `json:"login"`
|
|
} `json:"owner"`
|
|
Name string `json:"name"`
|
|
FullName string `json:"full_name"`
|
|
Description string `json:"description"`
|
|
Private bool `json:"private"`
|
|
HTMLURL string `json:"html_url"`
|
|
} `json:"items"`
|
|
}
|
|
if err := json.Unmarshal(body, &result); err != nil {
|
|
return nil, fmt.Errorf("decode search: %w", err)
|
|
}
|
|
for _, r := range result.Items {
|
|
allRepos = append(allRepos, RepoInfo{
|
|
Owner: r.Owner.Login, Name: r.Name, FullName: r.FullName,
|
|
Description: r.Description, Private: r.Private, HTMLURL: r.HTMLURL,
|
|
})
|
|
}
|
|
return allRepos, nil
|
|
}
|
|
|
|
// List authenticated user's repos.
|
|
page := 1
|
|
for {
|
|
url := fmt.Sprintf("%s/user/repos?per_page=100&page=%d&sort=updated", g.apiBase, page)
|
|
body, err := g.doGet(ctx, url)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("list repos: %w", err)
|
|
}
|
|
|
|
var repos []struct {
|
|
Owner struct {
|
|
Login string `json:"login"`
|
|
} `json:"owner"`
|
|
Name string `json:"name"`
|
|
FullName string `json:"full_name"`
|
|
Description string `json:"description"`
|
|
Private bool `json:"private"`
|
|
HTMLURL string `json:"html_url"`
|
|
}
|
|
if err := json.Unmarshal(body, &repos); err != nil {
|
|
return nil, fmt.Errorf("decode repos: %w", err)
|
|
}
|
|
for _, r := range repos {
|
|
allRepos = append(allRepos, RepoInfo{
|
|
Owner: r.Owner.Login, Name: r.Name, FullName: r.FullName,
|
|
Description: r.Description, Private: r.Private, HTMLURL: r.HTMLURL,
|
|
})
|
|
}
|
|
if len(repos) < 100 {
|
|
break
|
|
}
|
|
page++
|
|
}
|
|
return allRepos, nil
|
|
}
|
|
|
|
func (g *GitHubProvider) TestConnection(ctx context.Context, owner, repo string) error {
|
|
url := fmt.Sprintf("%s/repos/%s/%s", g.apiBase, owner, repo)
|
|
_, err := g.doGet(ctx, url)
|
|
return err
|
|
}
|
|
|
|
func (g *GitHubProvider) ListBranches(ctx context.Context, owner, repo string) ([]string, error) {
|
|
var allBranches []string
|
|
page := 1
|
|
|
|
for {
|
|
url := fmt.Sprintf("%s/repos/%s/%s/branches?per_page=100&page=%d",
|
|
g.apiBase, owner, repo, page)
|
|
|
|
body, err := g.doGet(ctx, url)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("list branches: %w", err)
|
|
}
|
|
|
|
var branches []struct {
|
|
Name string `json:"name"`
|
|
}
|
|
if err := json.Unmarshal(body, &branches); err != nil {
|
|
return nil, fmt.Errorf("decode branches: %w", err)
|
|
}
|
|
|
|
for _, b := range branches {
|
|
allBranches = append(allBranches, b.Name)
|
|
}
|
|
|
|
if len(branches) < 100 {
|
|
break
|
|
}
|
|
page++
|
|
}
|
|
|
|
return allBranches, nil
|
|
}
|
|
|
|
func (g *GitHubProvider) GetLatestCommitSHA(ctx context.Context, owner, repo, branch string) (string, error) {
|
|
url := fmt.Sprintf("%s/repos/%s/%s/branches/%s", g.apiBase, owner, repo, branch)
|
|
|
|
body, err := g.doGet(ctx, url)
|
|
if err != nil {
|
|
return "", fmt.Errorf("get branch: %w", err)
|
|
}
|
|
|
|
var result struct {
|
|
Commit struct {
|
|
SHA string `json:"sha"`
|
|
} `json:"commit"`
|
|
}
|
|
if err := json.Unmarshal(body, &result); err != nil {
|
|
return "", fmt.Errorf("decode branch: %w", err)
|
|
}
|
|
|
|
return result.Commit.SHA, nil
|
|
}
|
|
|
|
func (g *GitHubProvider) ListTree(ctx context.Context, owner, repo, branch string) ([]FolderEntry, error) {
|
|
url := fmt.Sprintf("%s/repos/%s/%s/git/trees/%s?recursive=1",
|
|
g.apiBase, owner, repo, branch)
|
|
|
|
body, err := g.doGet(ctx, url)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("list tree: %w", err)
|
|
}
|
|
|
|
var tree struct {
|
|
Tree []struct {
|
|
Path string `json:"path"`
|
|
Type string `json:"type"` // "blob" or "tree"
|
|
} `json:"tree"`
|
|
}
|
|
if err := json.Unmarshal(body, &tree); err != nil {
|
|
return nil, fmt.Errorf("decode tree: %w", err)
|
|
}
|
|
|
|
entries := make([]FolderEntry, 0, len(tree.Tree))
|
|
for _, e := range tree.Tree {
|
|
entries = append(entries, FolderEntry{
|
|
Path: e.Path,
|
|
IsDir: e.Type == "tree",
|
|
})
|
|
}
|
|
|
|
return entries, nil
|
|
}
|
|
|
|
func (g *GitHubProvider) DownloadFolder(ctx context.Context, owner, repo, branch, folderPath, destDir string) error {
|
|
// Get tree to find files in folder.
|
|
entries, err := g.ListTree(ctx, owner, repo, branch)
|
|
if err != nil {
|
|
return fmt.Errorf("list tree: %w", err)
|
|
}
|
|
|
|
folderPath = strings.TrimPrefix(folderPath, "/")
|
|
folderPath = strings.TrimSuffix(folderPath, "/")
|
|
prefix := folderPath + "/"
|
|
|
|
for _, entry := range entries {
|
|
if entry.IsDir {
|
|
continue
|
|
}
|
|
if !strings.HasPrefix(entry.Path, prefix) {
|
|
continue
|
|
}
|
|
|
|
relativePath := strings.TrimPrefix(entry.Path, prefix)
|
|
localPath := filepath.Join(destDir, filepath.FromSlash(relativePath))
|
|
|
|
// Path-traversal defense: refuse tree entries whose resolved
|
|
// path escapes destDir. A hostile/compromised GHE could
|
|
// otherwise deliver `..`-laden entries.
|
|
cleanDest := filepath.Clean(destDir)
|
|
if cleanRel := filepath.Clean(localPath); cleanRel != cleanDest &&
|
|
!strings.HasPrefix(cleanRel, cleanDest+string(os.PathSeparator)) {
|
|
return fmt.Errorf("rejecting tree entry outside dest: %s", relativePath)
|
|
}
|
|
|
|
// GitHub raw content URL.
|
|
// For github.com: https://raw.githubusercontent.com/{owner}/{repo}/{branch}/{path}
|
|
// For GHE: {baseURL}/{owner}/{repo}/raw/{branch}/{path}
|
|
var fileURL string
|
|
if g.apiBase == "https://api.github.com" {
|
|
fileURL = fmt.Sprintf("https://raw.githubusercontent.com/%s/%s/%s/%s",
|
|
owner, repo, branch, entry.Path)
|
|
} else {
|
|
// GHE: use API contents endpoint.
|
|
fileURL = fmt.Sprintf("%s/repos/%s/%s/contents/%s?ref=%s",
|
|
g.apiBase, owner, repo, entry.Path, branch)
|
|
}
|
|
|
|
if err := downloadFileHTTP(ctx, g.httpClient, fileURL, localPath, g.setAuth); err != nil {
|
|
return fmt.Errorf("download %s: %w", relativePath, err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (g *GitHubProvider) doGet(ctx context.Context, url string) ([]byte, error) {
|
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("create request: %w", err)
|
|
}
|
|
|
|
g.setAuth(req)
|
|
req.Header.Set("Accept", "application/vnd.github+json")
|
|
|
|
resp, err := g.httpClient.Do(req)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("execute request: %w", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("read response: %w", err)
|
|
}
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return nil, fmt.Errorf("unexpected status %d: %s", resp.StatusCode, string(body))
|
|
}
|
|
|
|
return body, nil
|
|
}
|
|
|
|
func (g *GitHubProvider) setAuth(req *http.Request) {
|
|
if g.token != "" {
|
|
req.Header.Set("Authorization", "Bearer "+g.token)
|
|
}
|
|
}
|