alexei.dolgolyov
739b67856a
Build / build (push) Successful in 10m39s
The clean-break delete that closes the workload-first refactor arc.
Net diff: ~30 backend files deleted, ~20 modified, ~12k LOC removed
on the Go side; entire /projects /stacks /sites /deploy frontend
trees gone; ~6.7k LOC removed on the Svelte/TypeScript side.
Backend
- API handlers gone: internal/api/{projects,stages,stage_env,stacks,
static_sites,deploys,instances,volume_browser}.go
- Store CRUD + tests gone: internal/store/{projects,stages,stage_env,
stacks,static_sites,static_site_secrets,deploys,poll_state,volumes,
workload_sync}.go (+ _test.go siblings)
- Legacy deployer pipeline gone: internal/deployer/{bluegreen,promote,
rollback,subdomain,resolver_test}.go; deployer.go trimmed to just the
dispatch surface used by the plugin pipeline
- internal/staticsite/{manager,healthcheck}.go and
internal/stack/manager.go gone (the rest of those packages stay as
helpers imported by the static + compose plugins)
- internal/registry/poller.go gone (legacy registry poller)
- internal/volume.ResolvePath gone; ResolveWorkloadPath stays
- internal/webhook: handleWebhook (project) + handleSiteWebhook (site)
gone; only POST /api/webhook/triggers/{secret} remains
- workload-side webhook URL handlers (getWorkloadWebhook +
regenerateWorkloadWebhook + EnsureWorkloadWebhookSecret +
SetWorkloadWebhookSecret + GetWorkloadByWebhookSecret) gone — they
minted URLs that would 404 against the new trigger-only ingress
- cmd/server/main.go: dropped staticsite.Manager, stack.Manager,
staticsite.HealthChecker, registry poller, SetSiteSyncTriggerer,
SetStaticSiteManager, SetStackManager, wireStaticBackend
- store/store.go: idempotent DROP TABLE IF EXISTS for every legacy
table (projects, stages, stage_env, volumes, deploys, deploy_logs,
poll_states, stacks, stack_revisions, stack_deploys, static_sites,
static_site_secrets); FK order children-then-parents
- store/models.go: dropped Project, Stage, Deploy, DeployLog, StageEnv,
Volume, StaticSite, StaticSiteSecret, Stack, StackRevision,
StackDeploy types; kept WorkloadKind constants as documented strings
- internal/store/helpers.go (new): BoolToInt, rowScanner,
GenerateWebhookSecret extracted from deleted CRUD files
- internal/api/secrets.go (new): forwards to store.GenerateWebhookSecret
so api + store paths share one secret-generation impl (no
panic-vs-UUID-fallback divergence)
- internal/reconciler/reconciler.go: dropped legacy stack-by-compose
+ static-site label paths; only canonical tinyforge.workload.id
dispatch remains
- providers (gitea_content/github_provider/gitlab_provider) gained
path-traversal rejection on every tree entry
- internal/webhook ParsedImage / ParseImageRef demoted to package-
private (no external callers)
Frontend
- /projects /stacks /sites /deploy routes deleted (entire trees)
- ProjectCard / InstanceCard / StaleContainerCard components deleted
- api.ts: dropped every project/stage/stack/site/deploy/instance
helper + types (Project, Stage, Stack, StaticSite, Deploy,
Instance, Volume, etc.); kept Workload, Container, App, Settings,
Registry, EventTrigger, LogScanRule, webhook envelopes
- WorkloadWebhook type + getWorkloadWebhook/regenerateWorkloadWebhook
api functions gone (mirror of the backend deletion above)
- web/src/routes/+layout.svelte: dropped /projects /sites /stacks
/deploy nav entries, trimmed quick-nav keymap
- web/src/routes/+page.svelte: dashboard rewrite — reads
listWorkloads + listContainers only; 4-card stat grid
(workloads/running/failed/stale) + recent workloads strip
- navCounts.ts, SystemHealthCard.svelte, ContainerLogs.svelte,
ContainerStats.svelte, StatusBadge.svelte, TagCombobox.svelte,
proxies/+page.svelte, containers/+page.svelte all rewired to the
workload-first surface
- AbortController plumbing on dashboard, nav-counts, stale page,
SystemHealthCard so navigation doesn't leave dangling fetches
- i18n: dropped projects.*, projectDetail.*, envEditor.*,
volumeEditor.*, volumeBrowser.*, quickDeploy.*, sites.*, stacks.*,
instance.*, confirm.* namespaces; en/ru parity preserved (1042
keys each)
Hardening from go-reviewer + security-reviewer + typescript-reviewer
subagent passes (0 CRITICAL across all three; 1 HIGH + ~12 MEDIUM
addressed inline before commit):
- Sec H1: dead-end workload webhook URL handlers (would mint URLs
that 404 the new trigger-only ingress) deleted across backend +
frontend
- Go M1: IsTerminalDeployStatus dropped (no production callers)
- Go M2: ParsedImage/ParseImageRef lowercased (in-package only)
- Go M6: generateWebhookSecret unified — api shim forwards to
store.GenerateWebhookSecret
- Doc/comment freshness: stage_id (no longer FK), ProxyRoute legacy
field names, workloadIDRow rationale, webhook_deliveries.target_type
enum, WebhookDeliveryLog component header
Doc
- WORKLOAD_REFACTOR_TODO: cutover marked DONE; all three Priority 1
items are now shipped. Next focus is Priority 3 polish (apps.* i18n
+ codemap entries) and Priority 4 tests.
Behavioral notes for operators upgrading from a pre-cutover build
- Existing rows in the dropped tables disappear on first boot.
- Legacy webhook URLs at /api/webhook/{secret} and
/api/webhook/sites/{secret} return 404; CI configs must repoint to
/api/webhook/triggers/{secret} (the trigger-split boot backfill
lifted any embedded workload secret onto a Trigger row, so the
secret value itself carries over).
- Frontend routes /projects /stacks /sites /deploy are gone; nav
links replaced with /apps and /triggers.
138 lines
5.0 KiB
Go
138 lines
5.0 KiB
Go
package store
|
|
|
|
import (
|
|
"fmt"
|
|
)
|
|
|
|
// GetSettings returns the global settings (single-row pattern, always row id=1).
|
|
func (s *Store) GetSettings() (Settings, error) {
|
|
var st Settings
|
|
var wildcardDNS, npmRemote, backupEnabled, autoBackupBeforeDeploy int
|
|
err := s.db.QueryRow(
|
|
`SELECT domain, server_ip, public_ip, network, subdomain_pattern, notification_url,
|
|
notification_secret,
|
|
npm_url, npm_email, npm_password, polling_interval,
|
|
base_volume_path, ssl_certificate_id, stale_threshold_days,
|
|
allowed_volume_paths, wildcard_dns, dns_provider,
|
|
cloudflare_api_token, cloudflare_zone_id,
|
|
npm_remote, npm_access_list_id, proxy_provider,
|
|
traefik_entrypoint, traefik_cert_resolver, traefik_network, traefik_api_url,
|
|
image_prune_threshold_mb,
|
|
backup_enabled, backup_interval_hours, backup_retention_count,
|
|
auto_backup_before_deploy,
|
|
stats_interval_seconds, stats_retention_hours,
|
|
updated_at
|
|
FROM settings WHERE id = 1`,
|
|
).Scan(&st.Domain, &st.ServerIP, &st.PublicIP, &st.Network, &st.SubdomainPattern, &st.NotificationURL,
|
|
&st.NotificationSecret,
|
|
&st.NpmURL, &st.NpmEmail, &st.NpmPassword, &st.PollingInterval,
|
|
&st.BaseVolumePath, &st.SSLCertificateID, &st.StaleThresholdDays,
|
|
&st.AllowedVolumePaths, &wildcardDNS, &st.DNSProvider,
|
|
&st.CloudflareAPIToken, &st.CloudflareZoneID,
|
|
&npmRemote, &st.NpmAccessListID, &st.ProxyProvider,
|
|
&st.TraefikEntrypoint, &st.TraefikCertResolver, &st.TraefikNetwork, &st.TraefikAPIURL,
|
|
&st.ImagePruneThresholdMB,
|
|
&backupEnabled, &st.BackupIntervalHours, &st.BackupRetentionCount,
|
|
&autoBackupBeforeDeploy,
|
|
&st.StatsIntervalSeconds, &st.StatsRetentionHours,
|
|
&st.UpdatedAt)
|
|
if err != nil {
|
|
return Settings{}, fmt.Errorf("query settings: %w", err)
|
|
}
|
|
st.WildcardDNS = wildcardDNS != 0
|
|
st.NpmRemote = npmRemote != 0
|
|
st.BackupEnabled = backupEnabled != 0
|
|
st.AutoBackupBeforeDeploy = autoBackupBeforeDeploy != 0
|
|
return st, nil
|
|
}
|
|
|
|
// UpdateSettings upserts the global settings row.
|
|
func (s *Store) UpdateSettings(st Settings) error {
|
|
st.UpdatedAt = Now()
|
|
wildcardDNS := 0
|
|
if st.WildcardDNS {
|
|
wildcardDNS = 1
|
|
}
|
|
npmRemote := 0
|
|
if st.NpmRemote {
|
|
npmRemote = 1
|
|
}
|
|
backupEnabled := 0
|
|
if st.BackupEnabled {
|
|
backupEnabled = 1
|
|
}
|
|
autoBackupBeforeDeploy := 0
|
|
if st.AutoBackupBeforeDeploy {
|
|
autoBackupBeforeDeploy = 1
|
|
}
|
|
_, err := s.db.Exec(
|
|
`UPDATE settings SET
|
|
domain=?, server_ip=?, public_ip=?, network=?, subdomain_pattern=?, notification_url=?,
|
|
notification_secret=?,
|
|
npm_url=?, npm_email=?, npm_password=?, polling_interval=?,
|
|
base_volume_path=?, ssl_certificate_id=?, stale_threshold_days=?,
|
|
allowed_volume_paths=?, wildcard_dns=?, dns_provider=?,
|
|
cloudflare_api_token=?, cloudflare_zone_id=?,
|
|
npm_remote=?, npm_access_list_id=?, proxy_provider=?,
|
|
traefik_entrypoint=?, traefik_cert_resolver=?, traefik_network=?, traefik_api_url=?,
|
|
image_prune_threshold_mb=?,
|
|
backup_enabled=?, backup_interval_hours=?, backup_retention_count=?,
|
|
auto_backup_before_deploy=?,
|
|
stats_interval_seconds=?, stats_retention_hours=?,
|
|
updated_at=?
|
|
WHERE id = 1`,
|
|
st.Domain, st.ServerIP, st.PublicIP, st.Network, st.SubdomainPattern, st.NotificationURL,
|
|
st.NotificationSecret,
|
|
st.NpmURL, st.NpmEmail, st.NpmPassword, st.PollingInterval,
|
|
st.BaseVolumePath, st.SSLCertificateID, st.StaleThresholdDays,
|
|
st.AllowedVolumePaths, wildcardDNS, st.DNSProvider,
|
|
st.CloudflareAPIToken, st.CloudflareZoneID,
|
|
npmRemote, st.NpmAccessListID, st.ProxyProvider,
|
|
st.TraefikEntrypoint, st.TraefikCertResolver, st.TraefikNetwork, st.TraefikAPIURL,
|
|
st.ImagePruneThresholdMB,
|
|
backupEnabled, st.BackupIntervalHours, st.BackupRetentionCount,
|
|
autoBackupBeforeDeploy,
|
|
st.StatsIntervalSeconds, st.StatsRetentionHours,
|
|
st.UpdatedAt,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("update settings: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// EnsureSettingsNotificationSecret returns the current global notification
|
|
// secret, lazily generating + persisting one if none is set. Lets the
|
|
// settings UI render a stable secret on first load for any install that
|
|
// predates the signing feature.
|
|
func (s *Store) EnsureSettingsNotificationSecret() (string, error) {
|
|
var secret string
|
|
if err := s.db.QueryRow(
|
|
`SELECT notification_secret FROM settings WHERE id = 1`,
|
|
).Scan(&secret); err != nil {
|
|
return "", fmt.Errorf("get settings notification secret: %w", err)
|
|
}
|
|
if secret != "" {
|
|
return secret, nil
|
|
}
|
|
secret = generateWebhookSecret()
|
|
if err := s.SetSettingsNotificationSecret(secret); err != nil {
|
|
return "", err
|
|
}
|
|
return secret, nil
|
|
}
|
|
|
|
// SetSettingsNotificationSecret rewrites only the global outgoing-webhook
|
|
// signing secret on the singleton settings row. Pass an empty string to
|
|
// disable signing globally (notifications still send, just without HMAC).
|
|
func (s *Store) SetSettingsNotificationSecret(secret string) error {
|
|
_, err := s.db.Exec(
|
|
`UPDATE settings SET notification_secret=?, updated_at=? WHERE id = 1`,
|
|
secret, Now(),
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("set settings notification secret: %w", err)
|
|
}
|
|
return nil
|
|
}
|