alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd7a11d4e76fa3785e1fd028df3fad0c34b1ca9f
tiny-forge/internal/staticsite/provider.go
T
alexei.dolgolyov 3071cda512 feat(deploy): commit-status reporting to Git providers 
Report deploy status back to the Git provider as a commit status
(pending/success/failure) for git-sourced workloads (static + dockerfile).

- GitProvider.SetCommitStatus on gitea/github/gitlab over the existing
  SSRF-safe client; fixed "tinyforge" context so redeploys update one row.
  postJSON returns status-code-only errors (never echoes the upstream body,
  which a hostile provider could use to reflect the auth token into the
  best-effort log line).
- Best-effort deploy hook: pending on deploy start, success/failure on
  outcome, gated on a per-workload report_commit_status flag. Never fails or
  blocks a deploy; emits nothing on the unchanged-SHA short-circuit.
- UI ToggleSwitch (create + edit) + reportCommitStatus in sourceForms.ts
  + en/ru i18n.
- Tests: per-provider state mapping + request shape; reporter gating
  (enabled/disabled/empty-SHA/nil/error-swallow).

Reviewed via go-reviewer + security-reviewer (0 CRITICAL/HIGH; one MEDIUM
body-echo log-leak fixed).
2026-05-29 11:37:56 +03:00

245 lines
8.2 KiB
Go
Raw Blame History

package staticsite
import (
"bytes"
"context"
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"strings"
"time"
)
// RepoInfo represents a repository returned by the provider's list/search API.
type RepoInfo struct {
Owner string `json:"owner"`
Name string `json:"name"`
FullName string `json:"full_name"` // "owner/name"
Description string `json:"description"`
Private bool `json:"private"`
HTMLURL string `json:"html_url"`
}
// CommitStatus is the deploy outcome reported back to the git provider as
// a commit status. The values are provider-agnostic; each implementation
// maps them onto its own API vocabulary (Gitea/GitHub use the same four
// words, GitLab collapses failure/error into "failed").
type CommitStatus string
const (
CommitStatusPending CommitStatus = "pending"
CommitStatusSuccess CommitStatus = "success"
CommitStatusFailure CommitStatus = "failure"
CommitStatusError CommitStatus = "error"
)
// commitStatusContext is the status "context"/"name" key reported to every
// provider so repeated deploys update the same status row rather than
// piling up new ones.
const commitStatusContext = "tinyforge"
// maxCommitStatusDescription caps the human-readable description so a
// provider can't reject the request for an over-long field.
const maxCommitStatusDescription = 140
// truncateDescription clamps a status description to the provider-safe
// length, appending an ellipsis when it had to cut.
func truncateDescription(s string) string {
if len(s) <= maxCommitStatusDescription {
return s
}
// Reserve room for the ellipsis rune; cut on a byte boundary that
// stays under the cap. Descriptions are short ASCII strings in
// practice, so a simple byte cut is fine here.
return s[:maxCommitStatusDescription-1] + "…"
}
// GitProvider abstracts Git hosting API operations.
// Implementations exist for Gitea/Forgejo/Gogs, GitHub, and GitLab.
type GitProvider interface {
// Name returns the provider identifier (e.g., "gitea", "github", "gitlab").
Name() string
// TestConnection verifies that the repository is accessible.
TestConnection(ctx context.Context, owner, repo string) error
// ListRepos returns repositories accessible with the current token.
// If query is non-empty, results are filtered by name.
ListRepos(ctx context.Context, query string) ([]RepoInfo, error)
// ListBranches returns all branch names for a repository.
ListBranches(ctx context.Context, owner, repo string) ([]string, error)
// GetLatestCommitSHA returns the latest commit SHA for a branch.
GetLatestCommitSHA(ctx context.Context, owner, repo, branch string) (string, error)
// ListTree returns the full directory tree for a branch.
ListTree(ctx context.Context, owner, repo, branch string) ([]FolderEntry, error)
// DownloadFolder downloads all files from a folder path to a local directory.
DownloadFolder(ctx context.Context, owner, repo, branch, folderPath, destDir string) error
// SetCommitStatus reports a deploy status on a commit. Best-effort;
// callers ignore errors beyond logging. targetURL and description are
// optional (pass "" to omit); description is truncated to a provider-
// safe length by the implementation.
SetCommitStatus(ctx context.Context, owner, repo, sha string, status CommitStatus, targetURL, description string) error
}
// ProviderType identifies a Git hosting provider.
type ProviderType string
const (
ProviderGitea ProviderType = "gitea" // Also works for Forgejo and Gogs.
ProviderGitHub ProviderType = "github"
ProviderGitLab ProviderType = "gitlab"
)
// ValidProviderTypes lists all supported provider types.
var ValidProviderTypes = []ProviderType{ProviderGitea, ProviderGitHub, ProviderGitLab}
// NewGitProvider creates a GitProvider for the given type.
// If providerType is empty, it attempts autodetection from the baseURL.
func NewGitProvider(providerType ProviderType, baseURL, token string) (GitProvider, error) {
if providerType == "" {
providerType = DetectProvider(baseURL)
}
switch providerType {
case ProviderGitea:
return NewGiteaContentFetcher(baseURL, token), nil
case ProviderGitHub:
return NewGitHubProvider(baseURL, token), nil
case ProviderGitLab:
return NewGitLabProvider(baseURL, token), nil
default:
return nil, fmt.Errorf("unsupported git provider: %s", providerType)
}
}
// DetectProvider guesses the provider type from a base URL.
func DetectProvider(baseURL string) ProviderType {
lower := strings.ToLower(baseURL)
switch {
case strings.Contains(lower, "github.com"):
return ProviderGitHub
case strings.Contains(lower, "gitlab.com"):
return ProviderGitLab
default:
// Default to Gitea for self-hosted instances (Gitea/Forgejo/Gogs all share the same API).
return ProviderGitea
}
}
// DetectProviderWithProbe tries to autodetect the provider by probing known API endpoints.
// Falls back to URL-based detection if probing fails.
func DetectProviderWithProbe(ctx context.Context, baseURL string) ProviderType {
// First try URL-based detection for well-known hosts.
urlBased := DetectProvider(baseURL)
if urlBased == ProviderGitHub || urlBased == ProviderGitLab {
return urlBased
}
// For unknown hosts, probe for Gitea/GitLab API signatures using the
// SSRF-safe client so a probe URL cannot be used to reach loopback
// or cloud-metadata addresses.
client := NewSafeHTTPClient(5 * time.Second)
base := strings.TrimRight(baseURL, "/")
// Try Gitea/Forgejo API.
if resp, err := httpGet(ctx, client, base+"/api/v1/version"); err == nil && resp == http.StatusOK {
return ProviderGitea
}
// Try GitLab API.
if resp, err := httpGet(ctx, client, base+"/api/v4/version"); err == nil && resp == http.StatusOK {
return ProviderGitLab
}
// Default to Gitea.
return ProviderGitea
}
// httpGet performs a simple GET and returns the status code.
func httpGet(ctx context.Context, client *http.Client, url string) (int, error) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
if err != nil {
return 0, err
}
resp, err := client.Do(req)
if err != nil {
return 0, err
}
resp.Body.Close()
return resp.StatusCode, nil
}
// postJSON is a shared helper for POSTing a JSON body to a provider API
// endpoint with the caller's auth applied. It accepts any 2xx as success
// (status APIs return 201 Created on Gitea/GitHub, 200/201 on GitLab) and
// returns a status-code-only error on non-2xx — it must NOT echo the
// response body: the deploy hook logs this error best-effort, and a
// hostile/misconfigured provider could reflect the request's auth token
// back in its body. The body bytes must already be marshalled by the caller.
func postJSON(ctx context.Context, client *http.Client, url string, body []byte, authHeader func(r *http.Request)) error {
req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, bytes.NewReader(body))
if err != nil {
return fmt.Errorf("create request: %w", err)
}
if authHeader != nil {
authHeader(req)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Accept", "application/json")
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("execute request: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
return fmt.Errorf("unexpected status %d", resp.StatusCode)
}
return nil
}
// downloadFileHTTP is a shared helper for downloading a file from a URL.
func downloadFileHTTP(ctx context.Context, client *http.Client, url, localPath string, authHeader func(r *http.Request)) error {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
if err != nil {
return fmt.Errorf("create request: %w", err)
}
if authHeader != nil {
authHeader(req)
}
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("execute request: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("unexpected status %d for %s", resp.StatusCode, url)
}
if err := os.MkdirAll(filepath.Dir(localPath), 0o755); err != nil {
return fmt.Errorf("create directory: %w", err)
}
file, err := os.Create(localPath)
if err != nil {
return fmt.Errorf("create file: %w", err)
}
defer file.Close()
if _, err := io.Copy(file, resp.Body); err != nil {
return fmt.Errorf("write file: %w", err)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink