Phase 3C — Commit Summary
feat: workspaces — collaborative repo namespaces Backend - internal/models/workspace.go — Workspace (handle, displayName, description, createdBy) + WorkspaceMember (workspaceId, userId, username, role: owner/admin/member) - internal/models/repo.go — added nullable workspace_id column; existing user repos unaffected - internal/models/migrations/011_workspaces.go — syncs both tables + adds column to repository - internal/api/handlers/workspace.go — ListWorkspaces, CreateWorkspace, GetWorkspace, UpdateWorkspace, DeleteWorkspace (blocks if repos remain), ListRepos, ListMembers, AddMember, UpdateMember, RemoveMember - internal/api/handlers/repos.go — lookupRepo resolves workspace handles; Create accepts workspace field; List includes workspace member repos; withOwnerName uses workspace handle for workspace-owned repos - internal/api/handlers/dashboard.go — recentRuns + repo list include workspace repos the user is a member of - internal/api/router.go — /workspaces, /workspaces/:handle/* routes Workspace rules enforced: - Handle globally unique across usernames + workspace handles (409 on collision) - Creator auto-assigned owner role - Delete blocked if repos exist - Last owner cannot be demoted/removed --- feat: secret management hierarchy (Global → Workspace → Repo → Env) Backend - internal/models/secret.go — Secret struct + EncryptSecret/DecryptSecret with AES-256-GCM (key = SHA-256 of SESSION_SECRET); values never serialised to JSON - internal/models/migrations/012_secrets.go — syncs secret table - internal/api/handlers/secret.go — List/Upsert/Delete for all four scopes; ResolveSecretsForRun builds merged env map for CI - internal/domain/ci/executor.go — JobContext.Secrets field; secrets injected as --env KEY=VALUE into docker run; buildJobContext calls resolveSecrets(Global < Workspace < Repo < Env) - internal/domain/ci/runner_manager.go — passes cfg.SessionSecret to buildJobContext - internal/api/router.go — /repos/:owner/:repo/secrets, /environments/:envName/secrets, /workspaces/:handle/secrets, /admin/secrets --- feat: workspace + secret management UI Frontend - types/api.ts — Workspace, WorkspaceWithMeta, WorkspaceMember, SecretListItem types - api/queries/workspaces.ts — full CRUD hooks + WorkspaceRepo type - api/queries/secrets.ts — repo/env/workspace secret hooks - pages/WorkspacesPage.tsx — list + create modal - pages/WorkspacePage.tsx — workspace dashboard with repo list - pages/WorkspaceSettingsPage.tsx — general settings, members CRUD, workspace secrets, danger zone - pages/RepoSecretsPage.tsx — repo secrets + per-environment secret sections with priority hierarchy callout - pages/CreateRepoPage.tsx — ?workspace= query param pre-fills owner selector; only admin/owner workspaces shown - components/layout/Sidebar.tsx — "Workspaces" global nav item + workspace quick-links; "Secrets" in RepoSubNav; new SecretsIcon, WorkspaceIcon - App.tsx — routes for /workspaces, /workspaces/:handle, /workspaces/:handle/settings, /repos/:owner/:repo/secrets
This commit is contained in:
@@ -89,9 +89,21 @@ type dashboardResponse struct {
|
||||
func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
|
||||
userID, _ := middleware.UserIDFromContext(r.Context())
|
||||
|
||||
// 1. Repos owned by this user.
|
||||
// 1. Repos owned by this user (user-level) + workspace repos where user is a member.
|
||||
var repos []models.Repository
|
||||
h.db.Where("owner_id = ?", userID).Desc("updated_at").Find(&repos)
|
||||
h.db.Where("owner_id = ? AND workspace_id IS NULL", userID).Desc("updated_at").Find(&repos)
|
||||
|
||||
var memberships []models.WorkspaceMember
|
||||
h.db.Where("user_id = ?", userID).Find(&memberships)
|
||||
if len(memberships) > 0 {
|
||||
wsIDs := make([]int64, len(memberships))
|
||||
for i, m := range memberships {
|
||||
wsIDs[i] = m.WorkspaceID
|
||||
}
|
||||
var wsRepos []models.Repository
|
||||
h.db.In("workspace_id", wsIDs).Desc("updated_at").Find(&wsRepos)
|
||||
repos = append(repos, wsRepos...)
|
||||
}
|
||||
|
||||
repoIDs := make([]int64, len(repos))
|
||||
repoByID := make(map[int64]models.Repository, len(repos))
|
||||
@@ -184,8 +196,22 @@ func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
|
||||
return dp
|
||||
}
|
||||
|
||||
// Cache workspace handles to avoid N+1.
|
||||
wsHandleByID := map[int64]string{}
|
||||
|
||||
dashRepos := make([]dashRepo, 0, len(repos))
|
||||
for _, rp := range repos {
|
||||
ownerName := owner.Username
|
||||
if rp.WorkspaceID != nil && *rp.WorkspaceID != 0 {
|
||||
if wsHandle, ok := wsHandleByID[*rp.WorkspaceID]; ok {
|
||||
ownerName = wsHandle
|
||||
} else {
|
||||
var ws models.Workspace
|
||||
h.db.ID(*rp.WorkspaceID).Cols("handle").Get(&ws)
|
||||
wsHandleByID[*rp.WorkspaceID] = ws.Handle
|
||||
ownerName = ws.Handle
|
||||
}
|
||||
}
|
||||
dashRepos = append(dashRepos, dashRepo{
|
||||
ID: rp.ID,
|
||||
Name: rp.Name,
|
||||
@@ -193,8 +219,8 @@ func (h *DashboardHandler) Get(w http.ResponseWriter, r *http.Request) {
|
||||
IsPrivate: rp.IsPrivate,
|
||||
DefaultBranch: rp.DefaultBranch,
|
||||
UpdatedAt: rp.UpdatedAt.Format("2006-01-02T15:04:05Z"),
|
||||
OwnerName: owner.Username,
|
||||
AvatarURL: "/api/v1/repos/" + owner.Username + "/" + rp.Name + "/avatar",
|
||||
OwnerName: ownerName,
|
||||
AvatarURL: "/api/v1/repos/" + ownerName + "/" + rp.Name + "/avatar",
|
||||
OpenPRCount: prCountByRepo[rp.ID],
|
||||
OpenIssueCount: issueCountByRepo[rp.ID],
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user