HomeLab/ForgeBucket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
2d6aabab9f1d453e9b48bbe5685d1629471897da
ForgeBucket/internal/models/workspace.go
T
erangel1 edf3c9824e Phase 3C — Commit Summary 
feat: workspaces — collaborative repo namespaces
Backend
- internal/models/workspace.go — Workspace (handle, displayName,
  description, createdBy) + WorkspaceMember (workspaceId, userId,
  username, role: owner/admin/member)
- internal/models/repo.go — added nullable workspace_id column; existing
  user repos unaffected
- internal/models/migrations/011_workspaces.go — syncs both tables +
  adds column to repository
- internal/api/handlers/workspace.go — ListWorkspaces, CreateWorkspace,
  GetWorkspace, UpdateWorkspace, DeleteWorkspace (blocks if repos
  remain), ListRepos, ListMembers, AddMember, UpdateMember, RemoveMember
- internal/api/handlers/repos.go — lookupRepo resolves workspace
  handles; Create accepts workspace field; List includes workspace
  member repos; withOwnerName uses workspace handle for workspace-owned
  repos
- internal/api/handlers/dashboard.go — recentRuns + repo list include
  workspace repos the user is a member of
- internal/api/router.go — /workspaces, /workspaces/:handle/* routes
  Workspace rules enforced:
- Handle globally unique across usernames + workspace handles (409 on
  collision)
- Creator auto-assigned owner role
- Delete blocked if repos exist
- Last owner cannot be demoted/removed
  ---
  feat: secret management hierarchy (Global → Workspace → Repo → Env)
  Backend
- internal/models/secret.go — Secret struct +
  EncryptSecret/DecryptSecret with AES-256-GCM (key = SHA-256 of
  SESSION_SECRET); values never serialised to JSON
- internal/models/migrations/012_secrets.go — syncs secret table
- internal/api/handlers/secret.go — List/Upsert/Delete for all four
  scopes; ResolveSecretsForRun builds merged env map for CI
- internal/domain/ci/executor.go — JobContext.Secrets field; secrets
  injected as --env KEY=VALUE into docker run; buildJobContext calls
  resolveSecrets(Global < Workspace < Repo < Env)
- internal/domain/ci/runner_manager.go — passes cfg.SessionSecret to
  buildJobContext
- internal/api/router.go — /repos/:owner/:repo/secrets,
  /environments/:envName/secrets, /workspaces/:handle/secrets,
  /admin/secrets
  ---
  feat: workspace + secret management UI
  Frontend
- types/api.ts — Workspace, WorkspaceWithMeta, WorkspaceMember,
  SecretListItem types
- api/queries/workspaces.ts — full CRUD hooks + WorkspaceRepo type
- api/queries/secrets.ts — repo/env/workspace secret hooks
- pages/WorkspacesPage.tsx — list + create modal
- pages/WorkspacePage.tsx — workspace dashboard with repo list
- pages/WorkspaceSettingsPage.tsx — general settings, members CRUD,
  workspace secrets, danger zone
- pages/RepoSecretsPage.tsx — repo secrets + per-environment secret
  sections with priority hierarchy callout
- pages/CreateRepoPage.tsx — ?workspace= query param pre-fills owner
  selector; only admin/owner workspaces shown
- components/layout/Sidebar.tsx — "Workspaces" global nav item +
  workspace quick-links; "Secrets" in RepoSubNav; new SecretsIcon,
  WorkspaceIcon
- App.tsx — routes for /workspaces, /workspaces/:handle,
  /workspaces/:handle/settings, /repos/:owner/:repo/secrets
2026-05-11 23:34:46 +02:00

37 lines
1.8 KiB
Go
Raw Blame History

package models
import "time"
// WorkspaceRole controls what a member can do inside a workspace.
type WorkspaceRole string
const (
WorkspaceRoleOwner WorkspaceRole = "owner"
WorkspaceRoleAdmin WorkspaceRole = "admin"
WorkspaceRoleMember WorkspaceRole = "member"
)
// Workspace is a named collaborative namespace that can own repositories.
// Its handle must be globally unique across all usernames and workspace handles
// so that /{owner}/{repo} URLs remain unambiguous.
type Workspace struct {
ID int64 `xorm:"'id' pk autoincr" json:"id"`
Handle string `xorm:"'handle' unique notnull varchar(64)" json:"handle"`
DisplayName string `xorm:"'display_name' varchar(255)" json:"displayName"`
Description string `xorm:"'description' text" json:"description"`
AvatarURL string `xorm:"'avatar_url' varchar(500)" json:"avatarUrl"`
CreatedBy int64 `xorm:"'created_by' notnull" json:"createdBy"`
CreatedAt time.Time `xorm:"'created_at' created" json:"createdAt"`
UpdatedAt time.Time `xorm:"'updated_at' updated" json:"updatedAt"`
}
// WorkspaceMember links a User to a Workspace with a role.
type WorkspaceMember struct {
ID int64 `xorm:"'id' pk autoincr" json:"id"`
WorkspaceID int64 `xorm:"'workspace_id' notnull index" json:"workspaceId"`
UserID int64 `xorm:"'user_id' notnull index" json:"userId"`
Username string `xorm:"'username' varchar(64)" json:"username"`
Role WorkspaceRole `xorm:"'role' varchar(20)" json:"role"`
AddedAt time.Time `xorm:"'added_at' created" json:"addedAt"`
}
Reference in New Issue View Git Blame Copy Permalink