alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd7a11d4e76fa3785e1fd028df3fad0c34b1ca9f
tiny-forge/internal/workload/plugin/env.go
T
alexei.dolgolyov bd7a11d4e7 refactor(source): dedup shared helpers across static + dockerfile plugins 
Extract the verbatim-duplicated helpers into shared homes:
- buildEnv -> plugin.BuildWorkloadEnv (base plugin pkg; a sourceName param
  preserves each plugin's slog prefix / log-scraper text)
- idShort -> plugin.IDShort
- commitStatusReporter -> staticsite.CommitStatusReporter, re-parameterized
  on primitives (owner/repo/sha/targetURL/enabled) so staticsite needs no
  dependency on the plugin package; reporter tests ported to staticsite
  (plus a new nil-provider case)

containerNameFor/imageTagFor are intentionally left per-plugin: their
prefixes differ (dw-site- vs tf-build-) and name real Docker resources,
so merging them would risk mis-routing. Behavior-preserving; the
static/dockerfile test suites pass unchanged.

Reviewed: go APPROVE (0 CRITICAL/HIGH).
2026-05-29 14:57:30 +03:00

44 lines
1.4 KiB
Go
Raw Blame History

package plugin
import (
"log/slog"
"github.com/alexei/tinyforge/internal/crypto"
)
// BuildWorkloadEnv flattens workload_env rows into the KEY=VALUE list Docker
// expects. Shared by the source plugins (static, dockerfile) so they all
// handle decrypt failures the same way.
//
// Encrypted rows are decrypted lazily so plaintext never lives in the store
// output. A decrypt failure logs and skips the entry rather than failing the
// whole deploy: bricking a sync/build because one rotated key missed an env
// entry would be worse than running with the variable unset and surfacing the
// warning.
//
// sourceName is the slog prefix the caller wants on the two warning lines
// (e.g. "static source" / "dockerfile source") so existing log scrapers keep
// matching the per-source message text.
func BuildWorkloadEnv(deps Deps, workloadID, sourceName string) []string {
rows, err := deps.Store.ListWorkloadEnv(workloadID)
if err != nil {
slog.Warn(sourceName+": list workload env", "workload", workloadID, "error", err)
return nil
}
out := make([]string, 0, len(rows))
for _, e := range rows {
value := e.Value
if e.Encrypted {
decrypted, err := crypto.Decrypt(deps.EncKey, e.Value)
if err != nil {
slog.Warn(sourceName+": decrypt env value",
"workload", workloadID, "key", e.Key, "error", err)
continue
}
value = decrypted
}
out = append(out, e.Key+"="+value)
}
return out
}
Reference in New Issue View Git Blame Copy Permalink