alexei.dolgolyov
8d6a527a2b
Completes the workload-first refactor's plugin layer:
- internal/workload/plugin/ — Source/Trigger plugin contract,
registry, types (Workload, DeploymentIntent, InboundEvent,
PublicFace). Self-registering init() pattern + blank-import
in cmd/server/main.go.
- Source plugins: image (blue-green with multi-face proxy routing),
compose, static. Trigger plugins: registry, git, manual.
- internal/deployer/dispatch.go — DispatchPlugin/Teardown/Reconcile
seam routing the legacy deployer through plugins.
- internal/api/workload_*.go — REST surface: workloads, env,
volumes, chain (parent/children), promote-from. hooks.go
serves /api/hooks/kinds/{kind}/schema for the wizard.
- internal/store: workload_env (encrypt-at-rest secrets) and
workload_volumes tables, keyed on workload_id.
- cmd/server/static_backend.go — phantom-row adapter delegating
the static source plugin to the legacy staticsite.Manager
(deleted at hard cutover once the static inline port lands).
- web/src/routes/apps/ — /apps list + /apps/new wizard +
/apps/[id] detail with kind-aware compose / image / static
forms (Advanced JSON toggle), env panel, volumes panel,
webhook panel, chain panel, manual deploy.
Volume scope generalization (v2 resolver):
- internal/volume.ResolveWorkloadPath (workload-keyed, sits
next to legacy ResolvePath). Honors all VolumeScope values:
absolute, ephemeral, instance, stage, project, project_named,
named. internal/workload/plugin/source/image/image.go
computeMounts wires settings + imageTag through. Coverage in
internal/volume/resolver_test.go (portable Linux/Windows via
t.TempDir).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
111 lines
3.5 KiB
Go
111 lines
3.5 KiB
Go
package api
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/alexei/tinyforge/internal/store"
|
|
"github.com/go-chi/chi/v5"
|
|
)
|
|
|
|
// listWorkloads handles GET /api/workloads. Optional ?kind=project|stack|site
|
|
// filter narrows the result. The shape mirrors the projects/stacks/sites
|
|
// listing endpoints — clients use this to render the global Workloads view.
|
|
func (s *Server) listWorkloads(w http.ResponseWriter, r *http.Request) {
|
|
kind := store.WorkloadKind(r.URL.Query().Get("kind"))
|
|
out, err := s.store.ListWorkloads(kind)
|
|
if err != nil {
|
|
respondError(w, http.StatusInternalServerError, "list workloads")
|
|
return
|
|
}
|
|
respondJSON(w, http.StatusOK, out)
|
|
}
|
|
|
|
// getWorkload handles GET /api/workloads/{id}.
|
|
func (s *Server) getWorkload(w http.ResponseWriter, r *http.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
wl, err := s.store.GetWorkloadByID(id)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
respondNotFound(w, "workload")
|
|
return
|
|
}
|
|
respondError(w, http.StatusInternalServerError, "get workload")
|
|
return
|
|
}
|
|
respondJSON(w, http.StatusOK, wl)
|
|
}
|
|
|
|
// streamWorkloadContainerLogs handles GET /api/workloads/{id}/containers/{cid}/logs.
|
|
// Reuses the shared SSE/JSON log streamer; ownership is verified by joining
|
|
// through workload_id on the container row so an attacker can't stream
|
|
// logs from a foreign container by guessing IDs under the wrong workload URL.
|
|
func (s *Server) streamWorkloadContainerLogs(w http.ResponseWriter, r *http.Request) {
|
|
workloadID := chi.URLParam(r, "id")
|
|
containerRowID := chi.URLParam(r, "cid")
|
|
|
|
c, err := s.store.GetContainerByID(containerRowID)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
respondNotFound(w, "container")
|
|
return
|
|
}
|
|
respondError(w, http.StatusInternalServerError, "internal server error")
|
|
return
|
|
}
|
|
if c.WorkloadID != workloadID {
|
|
// Returning 404 (not 403) so the existence of a container under
|
|
// another workload is not confirmed.
|
|
respondNotFound(w, "container")
|
|
return
|
|
}
|
|
if c.ContainerID == "" {
|
|
respondError(w, http.StatusBadRequest, "container row has no docker container bound")
|
|
return
|
|
}
|
|
s.streamLogsForContainer(w, r, c.ContainerID)
|
|
}
|
|
|
|
// listWorkloadContainers handles GET /api/workloads/{id}/containers.
|
|
// Returns every Container row owned by this workload, newest first. The
|
|
// frontend's <WorkloadContainers> component uses this on every kind-specific
|
|
// detail page (project, stack, site) so the table shape is uniform.
|
|
func (s *Server) listWorkloadContainers(w http.ResponseWriter, r *http.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
out, err := s.store.ListContainersByWorkload(id)
|
|
if err != nil {
|
|
respondError(w, http.StatusInternalServerError, "list workload containers")
|
|
return
|
|
}
|
|
respondJSON(w, http.StatusOK, out)
|
|
}
|
|
|
|
// updateWorkloadAppID handles PATCH /api/workloads/{id}/app. Body: {"app_id": "..."}.
|
|
// Empty string clears the app assignment. Used by the (optional) Apps UI.
|
|
func (s *Server) updateWorkloadAppID(w http.ResponseWriter, r *http.Request) {
|
|
id := chi.URLParam(r, "id")
|
|
|
|
var req struct {
|
|
AppID string `json:"app_id"`
|
|
}
|
|
if !decodeJSON(w, r, &req) {
|
|
return
|
|
}
|
|
|
|
wl, err := s.store.GetWorkloadByID(id)
|
|
if err != nil {
|
|
if errors.Is(err, store.ErrNotFound) {
|
|
respondNotFound(w, "workload")
|
|
return
|
|
}
|
|
respondError(w, http.StatusInternalServerError, "get workload")
|
|
return
|
|
}
|
|
wl.AppID = req.AppID
|
|
if err := s.store.UpdateWorkload(wl); err != nil {
|
|
respondError(w, http.StatusInternalServerError, "update workload")
|
|
return
|
|
}
|
|
respondJSON(w, http.StatusOK, wl)
|
|
}
|