HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

completed phase 2b

Browse Source
This commit is contained in:
erangel1
2026-05-11 20:10:45 +02:00
parent 83d96d0a1e
commit 4002a3b84d
20 changed files with 1566 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/handlers/artifacts.go
+186
View File
@@ -0,0 +1,186 @@
package handlers
import (
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"strconv"
"github.com/go-chi/chi/v5"
"xorm.io/xorm"
"github.com/forgeo/forgebucket/internal/models"
)
type ArtifactHandler struct {
db *xorm.Engine
artifactRoot string
}
func NewArtifactHandler(db *xorm.Engine, artifactRoot string) *ArtifactHandler {
return &ArtifactHandler{db: db, artifactRoot: artifactRoot}
}
// ListArtifacts returns all artifacts for a pipeline run.
func (h *ArtifactHandler) List(w http.ResponseWriter, r *http.Request) {
repoID, runID, ok := h.resolveRunIDs(w, r)
if !ok {
return
}
var artifacts []models.Artifact
if err := h.db.Where("run_id = ? AND repo_id = ?", runID, repoID).Find(&artifacts); err != nil {
jsonError(w, "could not list artifacts", http.StatusInternalServerError)
return
}
if artifacts == nil {
artifacts = []models.Artifact{}
}
jsonOK(w, artifacts)
}
// Upload accepts a multipart file upload and stores it as an artifact.
// Callers must provide a valid Bearer access token with write scope (runner auth).
func (h *ArtifactHandler) Upload(w http.ResponseWriter, r *http.Request) {
repoID, runID, ok := h.resolveRunIDs(w, r)
if !ok {
return
}
r.Body = http.MaxBytesReader(w, r.Body, 512<<20) // 512 MB max
if err := r.ParseMultipartForm(32 << 20); err != nil {
jsonError(w, "multipart parse failed", http.StatusBadRequest)
return
}
file, header, err := r.FormFile("file")
if err != nil {
jsonError(w, "file field is required", http.StatusBadRequest)
return
}
defer file.Close()
name := r.FormValue("name")
if name == "" {
name = header.Filename
}
// Sanitize name: no path separators.
for _, c := range []byte(name) {
if c == '/' || c == '\\' || c == 0 {
jsonError(w, "artifact name must not contain path separators", http.StatusBadRequest)
return
}
}
dir := filepath.Join(h.artifactRoot, fmt.Sprintf("%d", runID))
if err := os.MkdirAll(dir, 0755); err != nil {
jsonError(w, "could not create storage directory", http.StatusInternalServerError)
return
}
storagePath := filepath.Join(dir, name)
dst, err := os.Create(storagePath)
if err != nil {
jsonError(w, "could not create file", http.StatusInternalServerError)
return
}
defer dst.Close()
size, err := io.Copy(dst, file)
if err != nil {
jsonError(w, "could not write file", http.StatusInternalServerError)
return
}
ct := header.Header.Get("Content-Type")
if ct == "" {
ct = "application/octet-stream"
}
// Store path relative to artifactRoot for portability.
relPath := fmt.Sprintf("%d/%s", runID, name)
artifact := &models.Artifact{
RunID: runID,
RepoID: repoID,
Name: name,
StoragePath: relPath,
Size: size,
ContentType: ct,
}
if _, err := h.db.Insert(artifact); err != nil {
jsonError(w, "could not record artifact", http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusCreated)
jsonOK(w, artifact)
}
// Download streams the artifact file to the client.
func (h *ArtifactHandler) Download(w http.ResponseWriter, r *http.Request) {
artifactID, err := strconv.ParseInt(chi.URLParam(r, "artifactID"), 10, 64)
if err != nil {
jsonError(w, "invalid artifact ID", http.StatusBadRequest)
return
}
var artifact models.Artifact
if found, _ := h.db.ID(artifactID).Get(&artifact); !found {
jsonError(w, "artifact not found", http.StatusNotFound)
return
}
fullPath := filepath.Join(h.artifactRoot, filepath.FromSlash(artifact.StoragePath))
// Ensure the resolved path stays within artifactRoot (traversal guard).
if !isUnder(h.artifactRoot, fullPath) {
jsonError(w, "forbidden", http.StatusForbidden)
return
}
f, err := os.Open(fullPath)
if err != nil {
jsonError(w, "artifact file not found", http.StatusNotFound)
return
}
defer f.Close()
ct := artifact.ContentType
if ct == "" {
ct = "application/octet-stream"
}
w.Header().Set("Content-Type", ct)
w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename=%q`, artifact.Name))
w.Header().Set("Content-Length", strconv.FormatInt(artifact.Size, 10))
io.Copy(w, f) //nolint:errcheck
}
func (h *ArtifactHandler) resolveRunIDs(w http.ResponseWriter, r *http.Request) (repoID, runID int64, ok bool) {
owner := chi.URLParam(r, "owner")
repoName := chi.URLParam(r, "repo")
var u models.User
if found, _ := h.db.Where("username = ?", owner).Get(&u); !found {
jsonError(w, "repository not found", http.StatusNotFound)
return 0, 0, false
}
var repo models.Repository
if found, _ := h.db.Where("owner_id = ? AND name = ?", u.ID, repoName).Get(&repo); !found {
jsonError(w, "repository not found", http.StatusNotFound)
return 0, 0, false
}
runID, err := strconv.ParseInt(chi.URLParam(r, "runID"), 10, 64)
if err != nil {
jsonError(w, "invalid run ID", http.StatusBadRequest)
return 0, 0, false
}
return repo.ID, runID, true
}
func isUnder(root, path string) bool {
root = filepath.Clean(root)
path = filepath.Clean(path)
if len(path) <= len(root) {
return false
}
return path[:len(root)] == root && path[len(root)] == filepath.Separator
}
internal/api/handlers/githttp.go
+50 -20
View File
@@ -11,22 +11,32 @@ import (
"path/filepath"
"strconv"
"strings"
"time"
"github.com/go-chi/chi/v5"
"golang.org/x/crypto/bcrypt"
"xorm.io/xorm"
"github.com/forgeo/forgebucket/internal/config"
"github.com/forgeo/forgebucket/internal/events"
"github.com/forgeo/forgebucket/internal/models"
)
type GitHTTPHandler struct {
db *xorm.Engine
cfg *config.Config
bus events.EventBus
}
func NewGitHTTPHandler(db *xorm.Engine, cfg *config.Config) *GitHTTPHandler {
return &GitHTTPHandler{db: db, cfg: cfg}
func NewGitHTTPHandler(db *xorm.Engine, cfg *config.Config, bus events.EventBus) *GitHTTPHandler {
return &GitHTTPHandler{db: db, cfg: cfg, bus: bus}
}
// refUpdate captures one ref-update line from a git-receive-pack request.
type refUpdate struct {
OldRev string
NewRev string
Ref string
}
// ServeGit is the entry point for all git smart-HTTP requests.
@@ -107,13 +117,15 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {
// Branch protection check: parse pkt-lines from the receive-pack body,
// check each ref against stored protection rules, then restore the body.
var pushedRefs []refUpdate
if service == "git-receive-pack" {
if reason, newBody := checkProtectionsFromBody(h.db, repo.ID, authedUser, r.Body); reason != "" {
reason, refs, newBody := parseAndCheckBody(h.db, repo.ID, authedUser, r.Body)
if reason != "" {
http.Error(w, reason, http.StatusForbidden)
return
} else {
r.Body = io.NopCloser(newBody)
}
pushedRefs = refs
r.Body = io.NopCloser(newBody)
}
// Build PATH_INFO: /{reponame}.git/{suffix}
@@ -157,6 +169,27 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {
if err := runGitBackend(r.Context(), w, r.Body, gitExec, env); err != nil {
http.Error(w, fmt.Sprintf("git http-backend: %v", err), http.StatusInternalServerError)
return
}
// Publish push.received for each ref pushed so the CI orchestrator can react.
if service == "git-receive-pack" {
zeroOID := strings.Repeat("0", 40)
for _, ref := range pushedRefs {
if ref.NewRev == zeroOID {
continue // branch deletion — skip CI trigger
}
go h.bus.Publish(events.SubjectPushReceived, events.PushEvent{ //nolint:errcheck
RepoID: repo.ID,
RepoName: repoName,
OwnerName: owner,
Ref: ref.Ref,
Before: ref.OldRev,
After: ref.NewRev,
Pusher: authedUser,
At: time.Now().UTC(),
})
}
}
}
@@ -239,15 +272,14 @@ func runGitBackend(ctx context.Context, w http.ResponseWriter, body io.Reader, g
return waitErr
}
// checkProtectionsFromBody parses git pkt-line ref updates from a receive-pack body,
// checks each ref against stored branch protection rules, and returns a denial reason
// (or "") plus a restored reader so the body can still be passed to http-backend.
func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body io.Reader) (reason string, restored io.Reader) {
// parseAndCheckBody parses git pkt-line ref updates from a receive-pack body,
// checks each ref against stored branch protection rules, and returns a denial
// reason (or ""), the list of parsed ref updates, and a restored reader.
func parseAndCheckBody(db *xorm.Engine, repoID int64, pusher string, body io.Reader) (reason string, refs []refUpdate, restored io.Reader) {
var buf bytes.Buffer
zeroOID := strings.Repeat("0", 40)
for {
// Every pkt-line starts with a 4-hex-digit length that includes itself.
lenBuf := make([]byte, 4)
if _, err := io.ReadFull(body, lenBuf); err != nil {
break
@@ -259,8 +291,7 @@ func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body
break
}
if pktLen64 == 0 {
// Flush packet — end of ref-update list.
break
break // flush packet — end of ref-update list
}
dataLen := int(pktLen64) - 4
if dataLen <= 0 {
@@ -280,16 +311,15 @@ func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body
}
oldRev, newRev, refname := parts[0], parts[1], parts[2]
// New branches (oldRev all zeros) are not subject to protection.
if oldRev == zeroOID {
continue
}
// Detect force push: if newRev is all zeros it's a branch deletion.
isForcePush := newRev == zeroOID
refs = append(refs, refUpdate{OldRev: oldRev, NewRev: newRev, Ref: refname})
if oldRev == zeroOID {
continue // new branch — not subject to protection
}
isForcePush := newRev == zeroOID
if msg := CheckBranchProtection(db, repoID, pusher, refname, isForcePush); msg != "" {
return msg, io.MultiReader(&buf, body)
return msg, refs, io.MultiReader(&buf, body)
}
}
return "", io.MultiReader(&buf, body)
return "", refs, io.MultiReader(&buf, body)
}
internal/api/handlers/pipelines.go
+192 -18
View File
@@ -2,6 +2,8 @@ package handlers
import (
"net/http"
"strconv"
"time"
"github.com/go-chi/chi/v5"
"xorm.io/xorm"
@@ -17,37 +19,209 @@ func NewPipelineHandler(db *xorm.Engine) *PipelineHandler {
return &PipelineHandler{db: db}
}
func (h *PipelineHandler) List(w http.ResponseWriter, r *http.Request) {
ownerName := chi.URLParam(r, "owner")
repoName := chi.URLParam(r, "repo")
repoID, ok := h.repoID(w, ownerName, repoName)
// ListPipelines returns all pipeline definitions for a repository.
func (h *PipelineHandler) ListPipelines(w http.ResponseWriter, r *http.Request) {
repoID, ok := h.repoID(w, r)
if !ok {
return
}
_ = repoID
// Pipeline records will be added in Phase 3 (CI integration).
// Return empty list so the client doesn't break.
jsonOK(w, []any{})
var pipelines []models.Pipeline
if err := h.db.Where("repo_id = ?", repoID).Find(&pipelines); err != nil {
jsonError(w, "could not list pipelines", http.StatusInternalServerError)
return
}
if pipelines == nil {
pipelines = []models.Pipeline{}
}
jsonOK(w, pipelines)
}
func (h *PipelineHandler) Get(w http.ResponseWriter, r *http.Request) {
jsonError(w, "not implemented", http.StatusNotImplemented)
// ListRuns returns pipeline runs for a repository, most recent first.
func (h *PipelineHandler) ListRuns(w http.ResponseWriter, r *http.Request) {
repoID, ok := h.repoID(w, r)
if !ok {
return
}
limit := 30
if l, err := strconv.Atoi(r.URL.Query().Get("limit")); err == nil && l > 0 && l <= 100 {
limit = l
}
var runs []models.PipelineRun
if err := h.db.Where("repo_id = ?", repoID).Desc("id").Limit(limit).Find(&runs); err != nil {
jsonError(w, "could not list runs", http.StatusInternalServerError)
return
}
if runs == nil {
runs = []models.PipelineRun{}
}
jsonOK(w, runs)
}
func (h *PipelineHandler) repoID(w http.ResponseWriter, ownerName, repoName string) (int64, bool) {
var owner models.User
found, err := h.db.Where("username = ?", ownerName).Get(&owner)
if err != nil || !found {
type runDetailResponse struct {
models.PipelineRun
Jobs []jobDetailResponse `json:"jobs"`
}
type jobDetailResponse struct {
models.PipelineJob
Steps []models.PipelineStep `json:"steps"`
}
// GetRun returns a run with its full job + step tree.
func (h *PipelineHandler) GetRun(w http.ResponseWriter, r *http.Request) {
run, ok := h.lookupRun(w, r)
if !ok {
return
}
var jobs []models.PipelineJob
h.db.Where("run_id = ?", run.ID).Asc("id").Find(&jobs)
jobDetails := make([]jobDetailResponse, len(jobs))
for i, job := range jobs {
var steps []models.PipelineStep
h.db.Where("job_id = ?", job.ID).Asc("seq").Find(&steps)
if steps == nil {
steps = []models.PipelineStep{}
}
jobDetails[i] = jobDetailResponse{PipelineJob: job, Steps: steps}
}
jsonOK(w, runDetailResponse{PipelineRun: *run, Jobs: jobDetails})
}
// GetJobLogs returns all log chunks for a job, ordered by step seq and chunk index.
func (h *PipelineHandler) GetJobLogs(w http.ResponseWriter, r *http.Request) {
_, ok := h.lookupRun(w, r)
if !ok {
return
}
jobID, err := strconv.ParseInt(chi.URLParam(r, "jobID"), 10, 64)
if err != nil {
jsonError(w, "invalid job ID", http.StatusBadRequest)
return
}
// Verify job belongs to this run.
var job models.PipelineJob
runID, _ := strconv.ParseInt(chi.URLParam(r, "runID"), 10, 64)
if found, _ := h.db.Where("id = ? AND run_id = ?", jobID, runID).Get(&job); !found {
jsonError(w, "job not found", http.StatusNotFound)
return
}
var steps []models.PipelineStep
h.db.Where("job_id = ?", jobID).Asc("seq").Find(&steps)
type stepLogs struct {
models.PipelineStep
Logs []models.PipelineStepLog `json:"logs"`
}
result := make([]stepLogs, len(steps))
for i, step := range steps {
var logs []models.PipelineStepLog
h.db.Where("step_id = ?", step.ID).Asc("chunk_index").Find(&logs)
if logs == nil {
logs = []models.PipelineStepLog{}
}
result[i] = stepLogs{PipelineStep: step, Logs: logs}
}
jsonOK(w, result)
}
// CancelRun marks a queued or running run as cancelled.
func (h *PipelineHandler) CancelRun(w http.ResponseWriter, r *http.Request) {
run, ok := h.lookupRun(w, r)
if !ok {
return
}
if run.Status != "queued" && run.Status != "running" {
jsonError(w, "run is not cancellable in its current state", http.StatusConflict)
return
}
now := time.Now().UTC()
run.Status = "cancelled"
run.FinishedAt = &now
if _, err := h.db.ID(run.ID).Cols("status", "finished_at").Update(run); err != nil {
jsonError(w, "could not cancel run", http.StatusInternalServerError)
return
}
// Cancel any queued jobs.
h.db.Where("run_id = ? AND status = 'queued'", run.ID). //nolint:errcheck
Cols("status").Update(&models.PipelineJob{Status: "cancelled"})
jsonOK(w, run)
}
// RetryJob re-queues a failed job by resetting its status and re-publishing job.queued.
func (h *PipelineHandler) RetryJob(w http.ResponseWriter, r *http.Request) {
run, ok := h.lookupRun(w, r)
if !ok {
return
}
jobID, err := strconv.ParseInt(chi.URLParam(r, "jobID"), 10, 64)
if err != nil {
jsonError(w, "invalid job ID", http.StatusBadRequest)
return
}
var job models.PipelineJob
if found, _ := h.db.Where("id = ? AND run_id = ?", jobID, run.ID).Get(&job); !found {
jsonError(w, "job not found", http.StatusNotFound)
return
}
if job.Status != "failed" && job.Status != "cancelled" {
jsonError(w, "only failed or cancelled jobs can be retried", http.StatusConflict)
return
}
job.Status = "queued"
job.StartedAt = nil
job.FinishedAt = nil
h.db.ID(job.ID).Cols("status", "started_at", "finished_at").Update(&job) //nolint:errcheck
// Reset step statuses.
h.db.Where("job_id = ?", job.ID).Cols("status", "exit_code", "started_at", "finished_at"). //nolint:errcheck
Update(&models.PipelineStep{Status: "queued"})
// Also reset the run status if it was failed/cancelled.
if run.Status == "failed" || run.Status == "cancelled" {
run.Status = "running"
run.FinishedAt = nil
h.db.ID(run.ID).Cols("status", "finished_at").Update(run) //nolint:errcheck
}
jsonOK(w, job)
}
// ── Helpers ───────────────────────────────────────────────────────────────────
func (h *PipelineHandler) repoID(w http.ResponseWriter, r *http.Request) (int64, bool) {
owner := chi.URLParam(r, "owner")
repoName := chi.URLParam(r, "repo")
var u models.User
if found, _ := h.db.Where("username = ?", owner).Get(&u); !found {
jsonError(w, "repository not found", http.StatusNotFound)
return 0, false
}
var repo models.Repository
found, err = h.db.Where("owner_id = ? AND name = ?", owner.ID, repoName).Get(&repo)
if err != nil || !found {
if found, _ := h.db.Where("owner_id = ? AND name = ?", u.ID, repoName).Get(&repo); !found {
jsonError(w, "repository not found", http.StatusNotFound)
return 0, false
}
return repo.ID, true
}
func (h *PipelineHandler) lookupRun(w http.ResponseWriter, r *http.Request) (*models.PipelineRun, bool) {
repoID, ok := h.repoID(w, r)
if !ok {
return nil, false
}
runID, err := strconv.ParseInt(chi.URLParam(r, "runID"), 10, 64)
if err != nil {
jsonError(w, "invalid run ID", http.StatusBadRequest)
return nil, false
}
var run models.PipelineRun
if found, _ := h.db.Where("id = ? AND repo_id = ?", runID, repoID).Get(&run); !found {
jsonError(w, "run not found", http.StatusNotFound)
return nil, false
}
return &run, true
}
internal/api/handlers/runners.go
+94
View File
@@ -0,0 +1,94 @@
package handlers
import (
"crypto/rand"
"encoding/base64"
"encoding/json"
"net/http"
"golang.org/x/crypto/bcrypt"
"xorm.io/xorm"
"github.com/forgeo/forgebucket/internal/api/middleware"
"github.com/forgeo/forgebucket/internal/models"
)
type RunnerHandler struct{ db *xorm.Engine }
func NewRunnerHandler(db *xorm.Engine) *RunnerHandler { return &RunnerHandler{db: db} }
// List returns all registered runners. Admin-only.
func (h *RunnerHandler) List(w http.ResponseWriter, r *http.Request) {
if !isAdmin(r) {
jsonError(w, "admin access required", http.StatusForbidden)
return
}
var runners []models.Runner
if err := h.db.Find(&runners); err != nil {
jsonError(w, "could not list runners", http.StatusInternalServerError)
return
}
if runners == nil {
runners = []models.Runner{}
}
jsonOK(w, runners)
}
// Register creates a new runner record and returns the plaintext registration token
// (shown once; the server stores only the bcrypt hash).
func (h *RunnerHandler) Register(w http.ResponseWriter, r *http.Request) {
if !isAdmin(r) {
jsonError(w, "admin access required", http.StatusForbidden)
return
}
var body struct {
Name string `json:"name"`
Labels []string `json:"labels"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
jsonError(w, "invalid request body", http.StatusBadRequest)
return
}
if body.Name == "" {
jsonError(w, "name is required", http.StatusBadRequest)
return
}
raw := make([]byte, 32)
if _, err := rand.Read(raw); err != nil {
jsonError(w, "could not generate token", http.StatusInternalServerError)
return
}
token := base64.RawURLEncoding.EncodeToString(raw)
hash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost)
if err != nil {
jsonError(w, "could not hash token", http.StatusInternalServerError)
return
}
labelsJSON, _ := json.Marshal(body.Labels)
runner := &models.Runner{
Name: body.Name,
Labels: string(labelsJSON),
Status: "idle",
TokenHash: string(hash),
}
if _, err := h.db.Insert(runner); err != nil {
jsonError(w, "runner name already taken", http.StatusConflict)
return
}
w.WriteHeader(http.StatusCreated)
jsonOK(w, map[string]any{
"id": runner.ID,
"name": runner.Name,
"token": token, // shown once — store it securely
})
}
func isAdmin(r *http.Request) bool {
v, _ := r.Context().Value(middleware.ContextKeyIsAdmin).(bool)
return v
}
internal/api/router.go
+23 -5
View File
@@ -20,7 +20,7 @@ import (
"github.com/forgeo/forgebucket/internal/events"
)
func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus events.EventBus, staticFiles fs.FS) http.Handler {
func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus events.EventBus, artifactRoot string, staticFiles fs.FS) http.Handler {
r := chi.NewRouter()
r.Use(chimiddleware.Logger)
@@ -43,7 +43,7 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
prH := handlers.NewPRHandler(engine)
pipeH := handlers.NewPipelineHandler(engine)
wsH := handlers.NewWSHandler(bus)
gitH := handlers.NewGitHTTPHandler(engine, cfg)
gitH := handlers.NewGitHTTPHandler(engine, cfg, bus)
issueH := handlers.NewIssueHandler(engine)
sshKeyH := handlers.NewSSHKeyHandler(engine)
memberH := handlers.NewMemberHandler(engine)
@@ -56,6 +56,8 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
exploreH := handlers.NewExploreHandler(engine)
dashH := handlers.NewDashboardHandler(engine)
auditH := handlers.NewAuditHandler(engine)
artifactH := handlers.NewArtifactHandler(engine, artifactRoot)
runnerH := handlers.NewRunnerHandler(engine)
// ── Git smart-HTTP transport ───────────────────────────────────────────────
// Regex constraint ensures only *.git paths match, so asset/SPA URLs
@@ -103,6 +105,11 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
r.Get("/dashboard", dashH.Get)
r.Get("/audit", auditH.List)
r.Route("/admin", func(r chi.Router) {
r.Get("/runners", runnerH.List)
r.With(csrf).Post("/runners/register", runnerH.Register)
})
// SSH key management
r.Get("/user/keys", sshKeyH.List)
r.With(csrf).Post("/user/keys", sshKeyH.Add)
@@ -140,10 +147,21 @@ func New(cfg *config.Config, engine *xorm.Engine, store sessions.Store, bus even
r.With(csrf).Post("/{issueNum}/close", issueH.Close)
r.With(csrf).Post("/{issueNum}/reopen", issueH.Reopen)
})
r.Route("/pipelines", func(r chi.Router) {
r.Get("/", pipeH.List)
r.Get("/{runID}", pipeH.Get)
r.Get("/pipelines", pipeH.ListPipelines)
r.Route("/runs", func(r chi.Router) {
r.Get("/", pipeH.ListRuns)
r.Route("/{runID}", func(r chi.Router) {
r.Get("/", pipeH.GetRun)
r.With(csrf).Post("/cancel", pipeH.CancelRun)
r.Route("/jobs/{jobID}", func(r chi.Router) {
r.Get("/logs", pipeH.GetJobLogs)
r.With(csrf).Post("/retry", pipeH.RetryJob)
})
r.Get("/artifacts", artifactH.List)
r.With(csrf).Post("/artifacts", artifactH.Upload)
})
})
r.Get("/artifacts/{artifactID}/download", artifactH.Download)
r.Route("/members", func(r chi.Router) {
r.Get("/", memberH.List)
r.With(csrf).Post("/", memberH.Add)