completed phase 2b

2026-05-11 20:10:45 +02:00
parent 83d96d0a1e
commit 4002a3b84d
20 changed files with 1566 additions and 50 deletions
@@ -0,0 +1,186 @@
+package handlers
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+
+	"github.com/go-chi/chi/v5"
+	"xorm.io/xorm"
+
+	"github.com/forgeo/forgebucket/internal/models"
+)
+
+type ArtifactHandler struct {
+	db           *xorm.Engine
+	artifactRoot string
+}
+
+func NewArtifactHandler(db *xorm.Engine, artifactRoot string) *ArtifactHandler {
+	return &ArtifactHandler{db: db, artifactRoot: artifactRoot}
+}
+
+// ListArtifacts returns all artifacts for a pipeline run.
+func (h *ArtifactHandler) List(w http.ResponseWriter, r *http.Request) {
+	repoID, runID, ok := h.resolveRunIDs(w, r)
+	if !ok {
+		return
+	}
+	var artifacts []models.Artifact
+	if err := h.db.Where("run_id = ? AND repo_id = ?", runID, repoID).Find(&artifacts); err != nil {
+		jsonError(w, "could not list artifacts", http.StatusInternalServerError)
+		return
+	}
+	if artifacts == nil {
+		artifacts = []models.Artifact{}
+	}
+	jsonOK(w, artifacts)
+}
+
+// Upload accepts a multipart file upload and stores it as an artifact.
+// Callers must provide a valid Bearer access token with write scope (runner auth).
+func (h *ArtifactHandler) Upload(w http.ResponseWriter, r *http.Request) {
+	repoID, runID, ok := h.resolveRunIDs(w, r)
+	if !ok {
+		return
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, 512<<20) // 512 MB max
+	if err := r.ParseMultipartForm(32 << 20); err != nil {
+		jsonError(w, "multipart parse failed", http.StatusBadRequest)
+		return
+	}
+	file, header, err := r.FormFile("file")
+	if err != nil {
+		jsonError(w, "file field is required", http.StatusBadRequest)
+		return
+	}
+	defer file.Close()
+
+	name := r.FormValue("name")
+	if name == "" {
+		name = header.Filename
+	}
+
+	// Sanitize name: no path separators.
+	for _, c := range []byte(name) {
+		if c == '/' || c == '\\' || c == 0 {
+			jsonError(w, "artifact name must not contain path separators", http.StatusBadRequest)
+			return
+		}
+	}
+
+	dir := filepath.Join(h.artifactRoot, fmt.Sprintf("%d", runID))
+	if err := os.MkdirAll(dir, 0755); err != nil {
+		jsonError(w, "could not create storage directory", http.StatusInternalServerError)
+		return
+	}
+
+	storagePath := filepath.Join(dir, name)
+	dst, err := os.Create(storagePath)
+	if err != nil {
+		jsonError(w, "could not create file", http.StatusInternalServerError)
+		return
+	}
+	defer dst.Close()
+
+	size, err := io.Copy(dst, file)
+	if err != nil {
+		jsonError(w, "could not write file", http.StatusInternalServerError)
+		return
+	}
+
+	ct := header.Header.Get("Content-Type")
+	if ct == "" {
+		ct = "application/octet-stream"
+	}
+
+	// Store path relative to artifactRoot for portability.
+	relPath := fmt.Sprintf("%d/%s", runID, name)
+
+	artifact := &models.Artifact{
+		RunID:       runID,
+		RepoID:      repoID,
+		Name:        name,
+		StoragePath: relPath,
+		Size:        size,
+		ContentType: ct,
+	}
+	if _, err := h.db.Insert(artifact); err != nil {
+		jsonError(w, "could not record artifact", http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	jsonOK(w, artifact)
+}
+
+// Download streams the artifact file to the client.
+func (h *ArtifactHandler) Download(w http.ResponseWriter, r *http.Request) {
+	artifactID, err := strconv.ParseInt(chi.URLParam(r, "artifactID"), 10, 64)
+	if err != nil {
+		jsonError(w, "invalid artifact ID", http.StatusBadRequest)
+		return
+	}
+	var artifact models.Artifact
+	if found, _ := h.db.ID(artifactID).Get(&artifact); !found {
+		jsonError(w, "artifact not found", http.StatusNotFound)
+		return
+	}
+
+	fullPath := filepath.Join(h.artifactRoot, filepath.FromSlash(artifact.StoragePath))
+	// Ensure the resolved path stays within artifactRoot (traversal guard).
+	if !isUnder(h.artifactRoot, fullPath) {
+		jsonError(w, "forbidden", http.StatusForbidden)
+		return
+	}
+
+	f, err := os.Open(fullPath)
+	if err != nil {
+		jsonError(w, "artifact file not found", http.StatusNotFound)
+		return
+	}
+	defer f.Close()
+
+	ct := artifact.ContentType
+	if ct == "" {
+		ct = "application/octet-stream"
+	}
+	w.Header().Set("Content-Type", ct)
+	w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename=%q`, artifact.Name))
+	w.Header().Set("Content-Length", strconv.FormatInt(artifact.Size, 10))
+	io.Copy(w, f) //nolint:errcheck
+}
+
+func (h *ArtifactHandler) resolveRunIDs(w http.ResponseWriter, r *http.Request) (repoID, runID int64, ok bool) {
+	owner := chi.URLParam(r, "owner")
+	repoName := chi.URLParam(r, "repo")
+	var u models.User
+	if found, _ := h.db.Where("username = ?", owner).Get(&u); !found {
+		jsonError(w, "repository not found", http.StatusNotFound)
+		return 0, 0, false
+	}
+	var repo models.Repository
+	if found, _ := h.db.Where("owner_id = ? AND name = ?", u.ID, repoName).Get(&repo); !found {
+		jsonError(w, "repository not found", http.StatusNotFound)
+		return 0, 0, false
+	}
+	runID, err := strconv.ParseInt(chi.URLParam(r, "runID"), 10, 64)
+	if err != nil {
+		jsonError(w, "invalid run ID", http.StatusBadRequest)
+		return 0, 0, false
+	}
+	return repo.ID, runID, true
+}
+
+func isUnder(root, path string) bool {
+	root = filepath.Clean(root)
+	path = filepath.Clean(path)
+	if len(path) <= len(root) {
+		return false
+	}
+	return path[:len(root)] == root && path[len(root)] == filepath.Separator
+}
@@ -11,22 +11,32 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/go-chi/chi/v5"
 	"golang.org/x/crypto/bcrypt"
 	"xorm.io/xorm"

 	"github.com/forgeo/forgebucket/internal/config"
+	"github.com/forgeo/forgebucket/internal/events"
 	"github.com/forgeo/forgebucket/internal/models"
 )

 type GitHTTPHandler struct {
 	db  *xorm.Engine
 	cfg *config.Config
+	bus events.EventBus
 }

-func NewGitHTTPHandler(db *xorm.Engine, cfg *config.Config) *GitHTTPHandler {
-	return &GitHTTPHandler{db: db, cfg: cfg}
+func NewGitHTTPHandler(db *xorm.Engine, cfg *config.Config, bus events.EventBus) *GitHTTPHandler {
+	return &GitHTTPHandler{db: db, cfg: cfg, bus: bus}
+}
+
+// refUpdate captures one ref-update line from a git-receive-pack request.
+type refUpdate struct {
+	OldRev string
+	NewRev string
+	Ref    string
 }

 // ServeGit is the entry point for all git smart-HTTP requests.
@@ -107,13 +117,15 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {

 	// Branch protection check: parse pkt-lines from the receive-pack body,
 	// check each ref against stored protection rules, then restore the body.
+	var pushedRefs []refUpdate
 	if service == "git-receive-pack" {
-		if reason, newBody := checkProtectionsFromBody(h.db, repo.ID, authedUser, r.Body); reason != "" {
+		reason, refs, newBody := parseAndCheckBody(h.db, repo.ID, authedUser, r.Body)
+		if reason != "" {
 			http.Error(w, reason, http.StatusForbidden)
 			return
-		} else {
-			r.Body = io.NopCloser(newBody)
 		}
+		pushedRefs = refs
+		r.Body = io.NopCloser(newBody)
 	}

 	// Build PATH_INFO: /{reponame}.git/{suffix}
@@ -157,6 +169,27 @@ func (h *GitHTTPHandler) ServeGit(w http.ResponseWriter, r *http.Request) {

 	if err := runGitBackend(r.Context(), w, r.Body, gitExec, env); err != nil {
 		http.Error(w, fmt.Sprintf("git http-backend: %v", err), http.StatusInternalServerError)
+		return
+	}
+
+	// Publish push.received for each ref pushed so the CI orchestrator can react.
+	if service == "git-receive-pack" {
+		zeroOID := strings.Repeat("0", 40)
+		for _, ref := range pushedRefs {
+			if ref.NewRev == zeroOID {
+				continue // branch deletion — skip CI trigger
+			}
+			go h.bus.Publish(events.SubjectPushReceived, events.PushEvent{ //nolint:errcheck
+				RepoID:    repo.ID,
+				RepoName:  repoName,
+				OwnerName: owner,
+				Ref:       ref.Ref,
+				Before:    ref.OldRev,
+				After:     ref.NewRev,
+				Pusher:    authedUser,
+				At:        time.Now().UTC(),
+			})
+		}
 	}
 }

@@ -239,15 +272,14 @@ func runGitBackend(ctx context.Context, w http.ResponseWriter, body io.Reader, g
 	return waitErr
 }

-// checkProtectionsFromBody parses git pkt-line ref updates from a receive-pack body,
-// checks each ref against stored branch protection rules, and returns a denial reason
-// (or "") plus a restored reader so the body can still be passed to http-backend.
-func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body io.Reader) (reason string, restored io.Reader) {
+// parseAndCheckBody parses git pkt-line ref updates from a receive-pack body,
+// checks each ref against stored branch protection rules, and returns a denial
+// reason (or ""), the list of parsed ref updates, and a restored reader.
+func parseAndCheckBody(db *xorm.Engine, repoID int64, pusher string, body io.Reader) (reason string, refs []refUpdate, restored io.Reader) {
 	var buf bytes.Buffer
 	zeroOID := strings.Repeat("0", 40)

 	for {
-		// Every pkt-line starts with a 4-hex-digit length that includes itself.
 		lenBuf := make([]byte, 4)
 		if _, err := io.ReadFull(body, lenBuf); err != nil {
 			break
@@ -259,8 +291,7 @@ func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body
 			break
 		}
 		if pktLen64 == 0 {
-			// Flush packet — end of ref-update list.
-			break
+			break // flush packet — end of ref-update list
 		}
 		dataLen := int(pktLen64) - 4
 		if dataLen <= 0 {
@@ -280,16 +311,15 @@ func checkProtectionsFromBody(db *xorm.Engine, repoID int64, pusher string, body
 		}
 		oldRev, newRev, refname := parts[0], parts[1], parts[2]

-		// New branches (oldRev all zeros) are not subject to protection.
-		if oldRev == zeroOID {
-			continue
-		}
-		// Detect force push: if newRev is all zeros it's a branch deletion.
-		isForcePush := newRev == zeroOID
+		refs = append(refs, refUpdate{OldRev: oldRev, NewRev: newRev, Ref: refname})

+		if oldRev == zeroOID {
+			continue // new branch — not subject to protection
+		}
+		isForcePush := newRev == zeroOID
 		if msg := CheckBranchProtection(db, repoID, pusher, refname, isForcePush); msg != "" {
-			return msg, io.MultiReader(&buf, body)
+			return msg, refs, io.MultiReader(&buf, body)
 		}
 	}
-	return "", io.MultiReader(&buf, body)
+	return "", refs, io.MultiReader(&buf, body)
 }
@@ -2,6 +2,8 @@ package handlers

 import (
 	"net/http"
+	"strconv"
+	"time"

 	"github.com/go-chi/chi/v5"
 	"xorm.io/xorm"
@@ -17,37 +19,209 @@ func NewPipelineHandler(db *xorm.Engine) *PipelineHandler {
 	return &PipelineHandler{db: db}
 }

-func (h *PipelineHandler) List(w http.ResponseWriter, r *http.Request) {
-	ownerName := chi.URLParam(r, "owner")
-	repoName := chi.URLParam(r, "repo")
-
-	repoID, ok := h.repoID(w, ownerName, repoName)
+// ListPipelines returns all pipeline definitions for a repository.
+func (h *PipelineHandler) ListPipelines(w http.ResponseWriter, r *http.Request) {
+	repoID, ok := h.repoID(w, r)
 	if !ok {
 		return
 	}
-	_ = repoID
-	// Pipeline records will be added in Phase 3 (CI integration).
-	// Return empty list so the client doesn't break.
-	jsonOK(w, []any{})
+	var pipelines []models.Pipeline
+	if err := h.db.Where("repo_id = ?", repoID).Find(&pipelines); err != nil {
+		jsonError(w, "could not list pipelines", http.StatusInternalServerError)
+		return
+	}
+	if pipelines == nil {
+		pipelines = []models.Pipeline{}
+	}
+	jsonOK(w, pipelines)
 }

-func (h *PipelineHandler) Get(w http.ResponseWriter, r *http.Request) {
-	jsonError(w, "not implemented", http.StatusNotImplemented)
+// ListRuns returns pipeline runs for a repository, most recent first.
+func (h *PipelineHandler) ListRuns(w http.ResponseWriter, r *http.Request) {
+	repoID, ok := h.repoID(w, r)
+	if !ok {
+		return
+	}
+	limit := 30
+	if l, err := strconv.Atoi(r.URL.Query().Get("limit")); err == nil && l > 0 && l <= 100 {
+		limit = l
+	}
+	var runs []models.PipelineRun
+	if err := h.db.Where("repo_id = ?", repoID).Desc("id").Limit(limit).Find(&runs); err != nil {
+		jsonError(w, "could not list runs", http.StatusInternalServerError)
+		return
+	}
+	if runs == nil {
+		runs = []models.PipelineRun{}
+	}
+	jsonOK(w, runs)
 }

-func (h *PipelineHandler) repoID(w http.ResponseWriter, ownerName, repoName string) (int64, bool) {
-	var owner models.User
-	found, err := h.db.Where("username = ?", ownerName).Get(&owner)
-	if err != nil || !found {
+type runDetailResponse struct {
+	models.PipelineRun
+	Jobs []jobDetailResponse `json:"jobs"`
+}
+
+type jobDetailResponse struct {
+	models.PipelineJob
+	Steps []models.PipelineStep `json:"steps"`
+}
+
+// GetRun returns a run with its full job + step tree.
+func (h *PipelineHandler) GetRun(w http.ResponseWriter, r *http.Request) {
+	run, ok := h.lookupRun(w, r)
+	if !ok {
+		return
+	}
+	var jobs []models.PipelineJob
+	h.db.Where("run_id = ?", run.ID).Asc("id").Find(&jobs)
+
+	jobDetails := make([]jobDetailResponse, len(jobs))
+	for i, job := range jobs {
+		var steps []models.PipelineStep
+		h.db.Where("job_id = ?", job.ID).Asc("seq").Find(&steps)
+		if steps == nil {
+			steps = []models.PipelineStep{}
+		}
+		jobDetails[i] = jobDetailResponse{PipelineJob: job, Steps: steps}
+	}
+	jsonOK(w, runDetailResponse{PipelineRun: *run, Jobs: jobDetails})
+}
+
+// GetJobLogs returns all log chunks for a job, ordered by step seq and chunk index.
+func (h *PipelineHandler) GetJobLogs(w http.ResponseWriter, r *http.Request) {
+	_, ok := h.lookupRun(w, r)
+	if !ok {
+		return
+	}
+	jobID, err := strconv.ParseInt(chi.URLParam(r, "jobID"), 10, 64)
+	if err != nil {
+		jsonError(w, "invalid job ID", http.StatusBadRequest)
+		return
+	}
+
+	// Verify job belongs to this run.
+	var job models.PipelineJob
+	runID, _ := strconv.ParseInt(chi.URLParam(r, "runID"), 10, 64)
+	if found, _ := h.db.Where("id = ? AND run_id = ?", jobID, runID).Get(&job); !found {
+		jsonError(w, "job not found", http.StatusNotFound)
+		return
+	}
+
+	var steps []models.PipelineStep
+	h.db.Where("job_id = ?", jobID).Asc("seq").Find(&steps)
+
+	type stepLogs struct {
+		models.PipelineStep
+		Logs []models.PipelineStepLog `json:"logs"`
+	}
+	result := make([]stepLogs, len(steps))
+	for i, step := range steps {
+		var logs []models.PipelineStepLog
+		h.db.Where("step_id = ?", step.ID).Asc("chunk_index").Find(&logs)
+		if logs == nil {
+			logs = []models.PipelineStepLog{}
+		}
+		result[i] = stepLogs{PipelineStep: step, Logs: logs}
+	}
+	jsonOK(w, result)
+}
+
+// CancelRun marks a queued or running run as cancelled.
+func (h *PipelineHandler) CancelRun(w http.ResponseWriter, r *http.Request) {
+	run, ok := h.lookupRun(w, r)
+	if !ok {
+		return
+	}
+	if run.Status != "queued" && run.Status != "running" {
+		jsonError(w, "run is not cancellable in its current state", http.StatusConflict)
+		return
+	}
+	now := time.Now().UTC()
+	run.Status = "cancelled"
+	run.FinishedAt = &now
+	if _, err := h.db.ID(run.ID).Cols("status", "finished_at").Update(run); err != nil {
+		jsonError(w, "could not cancel run", http.StatusInternalServerError)
+		return
+	}
+	// Cancel any queued jobs.
+	h.db.Where("run_id = ? AND status = 'queued'", run.ID). //nolint:errcheck
+		Cols("status").Update(&models.PipelineJob{Status: "cancelled"})
+	jsonOK(w, run)
+}
+
+// RetryJob re-queues a failed job by resetting its status and re-publishing job.queued.
+func (h *PipelineHandler) RetryJob(w http.ResponseWriter, r *http.Request) {
+	run, ok := h.lookupRun(w, r)
+	if !ok {
+		return
+	}
+	jobID, err := strconv.ParseInt(chi.URLParam(r, "jobID"), 10, 64)
+	if err != nil {
+		jsonError(w, "invalid job ID", http.StatusBadRequest)
+		return
+	}
+	var job models.PipelineJob
+	if found, _ := h.db.Where("id = ? AND run_id = ?", jobID, run.ID).Get(&job); !found {
+		jsonError(w, "job not found", http.StatusNotFound)
+		return
+	}
+	if job.Status != "failed" && job.Status != "cancelled" {
+		jsonError(w, "only failed or cancelled jobs can be retried", http.StatusConflict)
+		return
+	}
+
+	job.Status = "queued"
+	job.StartedAt = nil
+	job.FinishedAt = nil
+	h.db.ID(job.ID).Cols("status", "started_at", "finished_at").Update(&job) //nolint:errcheck
+
+	// Reset step statuses.
+	h.db.Where("job_id = ?", job.ID).Cols("status", "exit_code", "started_at", "finished_at"). //nolint:errcheck
+		Update(&models.PipelineStep{Status: "queued"})
+
+	// Also reset the run status if it was failed/cancelled.
+	if run.Status == "failed" || run.Status == "cancelled" {
+		run.Status = "running"
+		run.FinishedAt = nil
+		h.db.ID(run.ID).Cols("status", "finished_at").Update(run) //nolint:errcheck
+	}
+
+	jsonOK(w, job)
+}
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+
+func (h *PipelineHandler) repoID(w http.ResponseWriter, r *http.Request) (int64, bool) {
+	owner := chi.URLParam(r, "owner")
+	repoName := chi.URLParam(r, "repo")
+	var u models.User
+	if found, _ := h.db.Where("username = ?", owner).Get(&u); !found {
 		jsonError(w, "repository not found", http.StatusNotFound)
 		return 0, false
 	}
-
 	var repo models.Repository
-	found, err = h.db.Where("owner_id = ? AND name = ?", owner.ID, repoName).Get(&repo)
-	if err != nil || !found {
+	if found, _ := h.db.Where("owner_id = ? AND name = ?", u.ID, repoName).Get(&repo); !found {
 		jsonError(w, "repository not found", http.StatusNotFound)
 		return 0, false
 	}
 	return repo.ID, true
 }
+
+func (h *PipelineHandler) lookupRun(w http.ResponseWriter, r *http.Request) (*models.PipelineRun, bool) {
+	repoID, ok := h.repoID(w, r)
+	if !ok {
+		return nil, false
+	}
+	runID, err := strconv.ParseInt(chi.URLParam(r, "runID"), 10, 64)
+	if err != nil {
+		jsonError(w, "invalid run ID", http.StatusBadRequest)
+		return nil, false
+	}
+	var run models.PipelineRun
+	if found, _ := h.db.Where("id = ? AND repo_id = ?", runID, repoID).Get(&run); !found {
+		jsonError(w, "run not found", http.StatusNotFound)
+		return nil, false
+	}
+	return &run, true
+}
@@ -0,0 +1,94 @@
+package handlers
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/json"
+	"net/http"
+
+	"golang.org/x/crypto/bcrypt"
+	"xorm.io/xorm"
+
+	"github.com/forgeo/forgebucket/internal/api/middleware"
+	"github.com/forgeo/forgebucket/internal/models"
+)
+
+type RunnerHandler struct{ db *xorm.Engine }
+
+func NewRunnerHandler(db *xorm.Engine) *RunnerHandler { return &RunnerHandler{db: db} }
+
+// List returns all registered runners. Admin-only.
+func (h *RunnerHandler) List(w http.ResponseWriter, r *http.Request) {
+	if !isAdmin(r) {
+		jsonError(w, "admin access required", http.StatusForbidden)
+		return
+	}
+	var runners []models.Runner
+	if err := h.db.Find(&runners); err != nil {
+		jsonError(w, "could not list runners", http.StatusInternalServerError)
+		return
+	}
+	if runners == nil {
+		runners = []models.Runner{}
+	}
+	jsonOK(w, runners)
+}
+
+// Register creates a new runner record and returns the plaintext registration token
+// (shown once; the server stores only the bcrypt hash).
+func (h *RunnerHandler) Register(w http.ResponseWriter, r *http.Request) {
+	if !isAdmin(r) {
+		jsonError(w, "admin access required", http.StatusForbidden)
+		return
+	}
+
+	var body struct {
+		Name   string   `json:"name"`
+		Labels []string `json:"labels"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		jsonError(w, "invalid request body", http.StatusBadRequest)
+		return
+	}
+	if body.Name == "" {
+		jsonError(w, "name is required", http.StatusBadRequest)
+		return
+	}
+
+	raw := make([]byte, 32)
+	if _, err := rand.Read(raw); err != nil {
+		jsonError(w, "could not generate token", http.StatusInternalServerError)
+		return
+	}
+	token := base64.RawURLEncoding.EncodeToString(raw)
+
+	hash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost)
+	if err != nil {
+		jsonError(w, "could not hash token", http.StatusInternalServerError)
+		return
+	}
+
+	labelsJSON, _ := json.Marshal(body.Labels)
+	runner := &models.Runner{
+		Name:      body.Name,
+		Labels:    string(labelsJSON),
+		Status:    "idle",
+		TokenHash: string(hash),
+	}
+	if _, err := h.db.Insert(runner); err != nil {
+		jsonError(w, "runner name already taken", http.StatusConflict)
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	jsonOK(w, map[string]any{
+		"id":    runner.ID,
+		"name":  runner.Name,
+		"token": token, // shown once — store it securely
+	})
+}
+
+func isAdmin(r *http.Request) bool {
+	v, _ := r.Context().Value(middleware.ContextKeyIsAdmin).(bool)
+	return v
+}