Blame · canopy.ts

80fafdf	1	import type { FastifyInstance } from "fastify";
80fafdf	2	import { z } from "zod";
80fafdf	3	import type { CanopyRunner } from "../services/canopy-runner.js";
5bcd5db	4	import type { CanopyEventBus, CanopyEvent } from "../services/canopy-events.js";
80fafdf	5
791afd4	6	function lookupRepo(db: any, repo: string) {
80fafdf	7	return db
791afd4	8	.prepare(`SELECT id, name, default_branch FROM repos WHERE name = ?`)
791afd4	9	.get(repo) as any;
80fafdf	10	}
80fafdf	11
1da9874	12	export async function canopyGlobalRoutes(app: FastifyInstance) {
1da9874	13	const db = (app as any).db;
5bcd5db	14	const eventBus = (app as any).canopyEventBus as CanopyEventBus \| undefined;
5bcd5db	15
5bcd5db	16	// SSE endpoint for live updates
5bcd5db	17	app.get<{
5bcd5db	18	Querystring: { scope?: string; runId?: string; owner?: string; repo?: string };
5bcd5db	19	}>("/canopy/events", async (request, reply) => {
5bcd5db	20	const { scope = "global", runId, owner, repo } = request.query;
5bcd5db	21
5bcd5db	22	// Resolve owner/repo to repoId for repo-scoped filtering
5bcd5db	23	let repoId: number \| null = null;
5bcd5db	24	if (scope === "repo" && repo) {
5bcd5db	25	const repoRow = lookupRepo(db, repo);
5bcd5db	26	if (repoRow) repoId = repoRow.id;
5bcd5db	27	}
5bcd5db	28
5bcd5db	29	const numericRunId = runId ? parseInt(runId) : null;
5bcd5db	30
5bcd5db	31	reply.raw.writeHead(200, {
5bcd5db	32	"Content-Type": "text/event-stream",
5bcd5db	33	"Cache-Control": "no-cache",
5bcd5db	34	"Connection": "keep-alive",
5bcd5db	35	"X-Accel-Buffering": "no",
5bcd5db	36	});
5bcd5db	37	reply.raw.write(": connected\n\n");
5bcd5db	38
5bcd5db	39	const keepalive = setInterval(() => {
5bcd5db	40	reply.raw.write(": keepalive\n\n");
5bcd5db	41	}, 15000);
5bcd5db	42
5bcd5db	43	const listener = (event: CanopyEvent) => {
5bcd5db	44	// Filter by scope
5bcd5db	45	if (scope === "run" && event.runId !== numericRunId) return;
5bcd5db	46	if (scope === "repo" && repoId !== null && event.repoId !== repoId) return;
5bcd5db	47	if (scope === "repo" && event.type === "log:append") return;
5bcd5db	48	if (scope === "global" && !["run:created", "run:completed", "run:cancelled", "run:started"].includes(event.type)) return;
5bcd5db	49
5bcd5db	50	try {
5bcd5db	51	reply.raw.write(`event: ${event.type}\ndata: ${JSON.stringify(event)}\n\n`);
5bcd5db	52	} catch {
5bcd5db	53	// Client disconnected
5bcd5db	54	}
5bcd5db	55	};
5bcd5db	56
5bcd5db	57	const unsubscribe = eventBus?.subscribe(listener);
5bcd5db	58
5bcd5db	59	request.raw.on("close", () => {
5bcd5db	60	clearInterval(keepalive);
5bcd5db	61	unsubscribe?.();
5bcd5db	62	});
5bcd5db	63
5bcd5db	64	await reply.hijack();
5bcd5db	65	});
1da9874	66
721afa6	67	// Recent runs across all repos (optionally filtered by owner).
721afa6	68	// Returns the N most recent runs per repo so active repos don't crowd out others.
1da9874	69	app.get<{
721afa6	70	Querystring: { limit?: string; owner?: string; per_repo?: string };
1da9874	71	}>("/canopy/recent-runs", async (request) => {
721afa6	72	const perRepo = parseInt(request.query.per_repo ?? "30") \|\| 30;
fe3b509	73	const owner = request.query.owner;
721afa6	74	const ownerClause = owner ? `WHERE rwo.owner_name = ?` : "";
721afa6	75	const query = `
721afa6	76	SELECT * FROM (
721afa6	77	SELECT pr.*, pr.pipeline_name, r.name AS repo_name, rwo.owner_name,
721afa6	78	ROW_NUMBER() OVER (PARTITION BY pr.repo_id ORDER BY pr.created_at DESC) AS rn
721afa6	79	FROM pipeline_runs pr
721afa6	80	JOIN repos r ON pr.repo_id = r.id
721afa6	81	JOIN repos_with_owner rwo ON r.id = rwo.id
721afa6	82	${ownerClause}
721afa6	83	) WHERE rn <= ?
721afa6	84	ORDER BY created_at DESC`;
fe3b509	85	const params: any[] = [];
721afa6	86	if (owner) params.push(owner);
721afa6	87	params.push(perRepo);
fe3b509	88	const runs = db.prepare(query).all(...params);
1da9874	89	return { runs };
1da9874	90	});
1da9874	91	}
1da9874	92
f0bb192	93	export async function canopyWebhookRoute(app: FastifyInstance) {
80fafdf	94	const runner = (app as any).canopyRunner as CanopyRunner \| undefined;
80fafdf	95
80fafdf	96	// Internal webhook — no auth (only reachable from Docker network)
f0bb192	97	app.post("/canopy/webhook", async (request, reply) => {
80fafdf	98	const { event, repo, bookmark, old_id, new_id } = request.body as any;
80fafdf	99	if (event !== "push" \|\| !repo \|\| !bookmark \|\| !new_id) {
80fafdf	100	return reply.code(400).send({ error: "Invalid webhook payload" });
80fafdf	101	}
80fafdf	102	if (!runner) {
80fafdf	103	return reply.code(503).send({ error: "Canopy not enabled" });
80fafdf	104	}
c98936c	105	try {
c98936c	106	await runner.onPush({
c98936c	107	repo,
c98936c	108	branch: bookmark,
c98936c	109	oldCommitId: old_id ?? "",
c98936c	110	newCommitId: new_id,
c98936c	111	});
c98936c	112	} catch {
c98936c	113	return reply.code(500).send({ error: "Failed to queue pipeline runs" });
c98936c	114	}
80fafdf	115	return { ok: true };
80fafdf	116	});
f0bb192	117	}
f0bb192	118
f0bb192	119	export async function canopyRoutes(app: FastifyInstance) {
f0bb192	120	const db = (app as any).db;
f0bb192	121	const runner = (app as any).canopyRunner as CanopyRunner \| undefined;
80fafdf	122
37f6938	123	const RUN_SELECT = `
2d074a3	124	SELECT
2d074a3	125	pr.*,
2d074a3	126	COALESCE(p.name, pr.pipeline_name) AS pipeline_name,
2d074a3	127	COALESCE(p.file, pr.pipeline_file) AS pipeline_file,
2d074a3	128	pr.repo_id
37f6938	129	FROM pipeline_runs pr
2d074a3	130	LEFT JOIN pipelines p ON pr.pipeline_id = p.id`;
37f6938	131
80fafdf	132	// List pipeline runs
80fafdf	133	app.get<{
80fafdf	134	Params: { owner: string; repo: string };
80fafdf	135	Querystring: { status?: string; limit?: string };
f0bb192	136	}>("/:owner/:repo/canopy/runs", async (request, reply) => {
791afd4	137	const { repo } = request.params;
80fafdf	138	const { status, limit } = request.query;
791afd4	139	const repoRow = lookupRepo(db, repo);
791afd4	140	if (!repoRow) return { runs: [] };
80fafdf	141
2d074a3	142	let query = `${RUN_SELECT} WHERE pr.repo_id = ?`;
80fafdf	143	const params: any[] = [repoRow.id];
80fafdf	144	if (status) {
37f6938	145	query += ` AND pr.status = ?`;
80fafdf	146	params.push(status);
80fafdf	147	}
37f6938	148	query += ` ORDER BY pr.created_at DESC LIMIT ?`;
80fafdf	149	params.push(parseInt(limit ?? "20") \|\| 20);
80fafdf	150
80fafdf	151	const runs = db.prepare(query).all(...params);
80fafdf	152	return { runs };
80fafdf	153	});
80fafdf	154
80fafdf	155	// Get single run with steps
80fafdf	156	app.get<{
80fafdf	157	Params: { owner: string; repo: string; id: string };
f0bb192	158	}>("/:owner/:repo/canopy/runs/:id", async (request, reply) => {
80fafdf	159	const { id } = request.params;
80fafdf	160	const run = db
37f6938	161	.prepare(`${RUN_SELECT} WHERE pr.id = ?`)
80fafdf	162	.get(parseInt(id));
80fafdf	163	if (!run) return reply.code(404).send({ error: "Run not found" });
80fafdf	164
80fafdf	165	const steps = db
80fafdf	166	.prepare(
80fafdf	167	`SELECT * FROM pipeline_steps WHERE run_id = ? ORDER BY step_index`
80fafdf	168	)
80fafdf	169	.all(parseInt(id));
80fafdf	170
80fafdf	171	return { run, steps };
80fafdf	172	});
80fafdf	173
80fafdf	174	// Get step logs
80fafdf	175	app.get<{
80fafdf	176	Params: { owner: string; repo: string; id: string; idx: string };
f0bb192	177	}>("/:owner/:repo/canopy/runs/:id/logs/:idx", async (request, reply) => {
80fafdf	178	const { id, idx } = request.params;
80fafdf	179	const step = db
80fafdf	180	.prepare(
80fafdf	181	`SELECT id FROM pipeline_steps WHERE run_id = ? AND step_index = ?`
80fafdf	182	)
80fafdf	183	.get(parseInt(id), parseInt(idx)) as any;
80fafdf	184	if (!step) return reply.code(404).send({ error: "Step not found" });
80fafdf	185
80fafdf	186	const logs = db
80fafdf	187	.prepare(
80fafdf	188	`SELECT stream, content, created_at FROM step_logs WHERE step_id = ? ORDER BY id`
80fafdf	189	)
80fafdf	190	.all(step.id);
80fafdf	191
80fafdf	192	return { logs };
80fafdf	193	});
80fafdf	194
80fafdf	195	// Cancel a running pipeline
80fafdf	196	app.post<{
80fafdf	197	Params: { owner: string; repo: string; id: string };
80fafdf	198	}>(
f0bb192	199	"/:owner/:repo/canopy/runs/:id/cancel",
80fafdf	200	{ preHandler: [(app as any).authenticate] },
80fafdf	201	async (request, reply) => {
80fafdf	202	if (!runner) {
80fafdf	203	return reply.code(503).send({ error: "Canopy not enabled" });
80fafdf	204	}
80fafdf	205	const { id } = request.params;
80fafdf	206	const run = db
37f6938	207	.prepare(`${RUN_SELECT} WHERE pr.id = ?`)
80fafdf	208	.get(parseInt(id)) as any;
57c315f	209	if (!run \|\| (run.status !== "running" && run.status !== "pending")) {
57c315f	210	return reply.code(400).send({ error: "Run is not running or pending" });
80fafdf	211	}
80fafdf	212
80fafdf	213	runner.cancelRun(parseInt(id));
80fafdf	214	db.prepare(
80fafdf	215	`UPDATE pipeline_runs SET status = 'cancelled', finished_at = datetime('now') WHERE id = ?`
80fafdf	216	).run(parseInt(id));
57c315f	217	// Also cancel any pending/running steps
57c315f	218	db.prepare(
57c315f	219	`UPDATE pipeline_steps SET status = 'cancelled' WHERE run_id = ? AND status IN ('pending', 'running')`
57c315f	220	).run(parseInt(id));
80fafdf	221
80fafdf	222	const updated = db
37f6938	223	.prepare(`${RUN_SELECT} WHERE pr.id = ?`)
80fafdf	224	.get(parseInt(id));
80fafdf	225	return { run: updated };
80fafdf	226	}
80fafdf	227	);
80fafdf	228
80fafdf	229	// Manual trigger
80fafdf	230	app.post<{
80fafdf	231	Params: { owner: string; repo: string };
80fafdf	232	}>(
f0bb192	233	"/:owner/:repo/canopy/trigger",
80fafdf	234	{ preHandler: [(app as any).authenticate] },
80fafdf	235	async (request, reply) => {
80fafdf	236	if (!runner) {
80fafdf	237	return reply.code(503).send({ error: "Canopy not enabled" });
80fafdf	238	}
b5baf6d	239	const { owner, repo } = request.params;
191af2a	240	const { ref, pipeline } = (request.body as any) ?? {};
791afd4	241	const branch = ref \|\| "main";
80fafdf	242	const bridgeUrl =
80fafdf	243	process.env.GROVE_BRIDGE_URL ?? "http://localhost:3100";
80fafdf	244	const resolveRes = await fetch(
80fafdf	245	`${bridgeUrl}/repos/${repo}/resolve/${branch}`
80fafdf	246	);
80fafdf	247	if (!resolveRes.ok) {
80fafdf	248	return reply.code(400).send({ error: "Could not resolve branch" });
80fafdf	249	}
80fafdf	250	const { commit_id } = (await resolveRes.json()) as any;
80fafdf	251
c98936c	252	try {
c98936c	253	await runner.onPush({
c98936c	254	repo,
c98936c	255	branch,
c98936c	256	oldCommitId: "",
c98936c	257	newCommitId: commit_id,
191af2a	258	}, pipeline);
c98936c	259	} catch {
c98936c	260	return reply.code(500).send({ error: "Failed to queue pipeline runs" });
c98936c	261	}
4b55905	262
4b55905	263	// Deploy pages if applicable
4b55905	264	const pagesDeployer = (app as any).pagesDeployer;
4b55905	265	if (pagesDeployer) {
b5baf6d	266	void pagesDeployer.deploy(owner, repo, branch).catch((err: any) => {
4b55905	267	app.log.error({ err, repo, branch }, "Pages deployment failed (manual trigger)");
4b55905	268	});
4b55905	269	}
4b55905	270
80fafdf	271	return { triggered: true, branch, commit_id };
80fafdf	272	}
80fafdf	273	);
80fafdf	274
80fafdf	275	// List pipeline definitions from repo HEAD
80fafdf	276	app.get<{
80fafdf	277	Params: { owner: string; repo: string };
f0bb192	278	}>("/:owner/:repo/canopy/pipelines", async (request, reply) => {
791afd4	279	const { repo } = request.params;
80fafdf	280	const bridgeUrl =
80fafdf	281	process.env.GROVE_BRIDGE_URL ?? "http://localhost:3100";
791afd4	282	const branch = "main";
80fafdf	283
80fafdf	284	try {
80fafdf	285	const treeRes = await fetch(
791afd4	286	`${bridgeUrl}/repos/${repo}/tree/${branch}/.canopy`
80fafdf	287	);
80fafdf	288	if (!treeRes.ok) return { pipelines: [] };
80fafdf	289	const tree = await treeRes.json();
80fafdf	290
80fafdf	291	const pipelines: Array<{ file: string; name: string }> = [];
80fafdf	292	for (const entry of (tree as any).entries) {
80fafdf	293	if (!entry.name.endsWith(".yml") && !entry.name.endsWith(".yaml"))
80fafdf	294	continue;
80fafdf	295	const blobRes = await fetch(
791afd4	296	`${bridgeUrl}/repos/${repo}/blob/${branch}/.canopy/${entry.name}`
80fafdf	297	);
80fafdf	298	if (!blobRes.ok) continue;
80fafdf	299	const blob = (await blobRes.json()) as any;
80fafdf	300	try {
80fafdf	301	const { parse: parseYaml } = await import("yaml");
80fafdf	302	const config = parseYaml(blob.content);
80fafdf	303	if (config?.name) {
80fafdf	304	pipelines.push({ file: `.canopy/${entry.name}`, name: config.name });
80fafdf	305	}
80fafdf	306	} catch {}
80fafdf	307	}
80fafdf	308	return { pipelines };
80fafdf	309	} catch {
80fafdf	310	return { pipelines: [] };
80fafdf	311	}
80fafdf	312	});
80fafdf	313
80fafdf	314	// --- Secrets CRUD ---
80fafdf	315
80fafdf	316	const createSecretSchema = z.object({
80fafdf	317	name: z
80fafdf	318	.string()
80fafdf	319	.min(1)
80fafdf	320	.max(100)
80fafdf	321	.regex(/^\w+$/),
80fafdf	322	value: z.string().min(1),
80fafdf	323	});
80fafdf	324
80fafdf	325	// List secret names (no values)
80fafdf	326	app.get<{ Params: { owner: string; repo: string } }>(
f0bb192	327	"/:owner/:repo/canopy/secrets",
80fafdf	328	{ preHandler: [(app as any).authenticate] },
80fafdf	329	async (request, reply) => {
80fafdf	330	const { owner, repo } = request.params;
791afd4	331	const repoRow = lookupRepo(db, repo);
80fafdf	332	if (!repoRow)
80fafdf	333	return reply.code(404).send({ error: "Repository not found" });
80fafdf	334
80fafdf	335	const secrets = db
80fafdf	336	.prepare(
80fafdf	337	`SELECT name, created_at, updated_at FROM canopy_secrets WHERE repo_id = ? ORDER BY name`
80fafdf	338	)
80fafdf	339	.all(repoRow.id);
80fafdf	340	return { secrets };
80fafdf	341	}
80fafdf	342	);
80fafdf	343
80fafdf	344	// Create/update secret
80fafdf	345	app.post<{ Params: { owner: string; repo: string } }>(
f0bb192	346	"/:owner/:repo/canopy/secrets",
80fafdf	347	{ preHandler: [(app as any).authenticate] },
80fafdf	348	async (request, reply) => {
80fafdf	349	if (!runner) {
80fafdf	350	return reply.code(503).send({ error: "Canopy not enabled" });
80fafdf	351	}
80fafdf	352	const parsed = createSecretSchema.safeParse(request.body);
80fafdf	353	if (!parsed.success) {
80fafdf	354	return reply.code(400).send({ error: parsed.error.flatten() });
80fafdf	355	}
80fafdf	356
80fafdf	357	const { owner, repo } = request.params;
791afd4	358	const repoRow = lookupRepo(db, repo);
80fafdf	359	if (!repoRow)
80fafdf	360	return reply.code(404).send({ error: "Repository not found" });
80fafdf	361
80fafdf	362	const { name, value } = parsed.data;
80fafdf	363	const encrypted = runner.encryptSecret(value);
80fafdf	364
80fafdf	365	db.prepare(
80fafdf	366	`INSERT INTO canopy_secrets (repo_id, name, encrypted_value)
80fafdf	367	VALUES (?, ?, ?)
80fafdf	368	ON CONFLICT(repo_id, name) DO UPDATE SET
80fafdf	369	encrypted_value = excluded.encrypted_value,
80fafdf	370	updated_at = datetime('now')`
80fafdf	371	).run(repoRow.id, name, encrypted);
80fafdf	372
80fafdf	373	return { ok: true };
80fafdf	374	}
80fafdf	375	);
80fafdf	376
80fafdf	377	// Delete secret
80fafdf	378	app.delete<{ Params: { owner: string; repo: string; name: string } }>(
f0bb192	379	"/:owner/:repo/canopy/secrets/:name",
80fafdf	380	{ preHandler: [(app as any).authenticate] },
80fafdf	381	async (request, reply) => {
80fafdf	382	const { owner, repo, name } = request.params;
791afd4	383	const repoRow = lookupRepo(db, repo);
80fafdf	384	if (!repoRow)
80fafdf	385	return reply.code(404).send({ error: "Repository not found" });
80fafdf	386
80fafdf	387	const result = db
80fafdf	388	.prepare(
80fafdf	389	`DELETE FROM canopy_secrets WHERE repo_id = ? AND name = ?`
80fafdf	390	)
80fafdf	391	.run(repoRow.id, name);
80fafdf	392
80fafdf	393	if (result.changes === 0) {
80fafdf	394	return reply.code(404).send({ error: "Secret not found" });
80fafdf	395	}
80fafdf	396	return reply.code(204).send();
80fafdf	397	}
80fafdf	398	);
80fafdf	399	}