3247ce3ca0
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
RC-1: Workers now get a Kubernetes Deployment on component creation.
NeedsPort() (port assignment) was incorrectly used to gate Deployment
creation - workers have no HTTP port but still need a Deployment so
CI `kubectl set image` can succeed. Added NeedsDeployment() returning
true for service/worker/app-react/app-astro/app-nextjs. AddIngressPath
is now guarded by port > 0 so workers don't attempt HTTP routing.
RC-2: JWT_SECRET is now auto-provisioned per-project when the first
code component is added. The skeleton service template fatally requires
JWT_SECRET at startup; previously fetchProjectCredentials() never fetched
it. ensureProjectJWTSecret() generates a cryptographically random 32-byte
secret, stores it as "{projectID}:JWT_SECRET", and JWT_SECRET is now
included in projectScopedKeys so it's injected into every deployment.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
84 lines
2.4 KiB
Go
84 lines
2.4 KiB
Go
// Package domain contains core business entities.
|
|
package domain
|
|
|
|
import "time"
|
|
|
|
// Credential represents a stored secret/credential for infrastructure adapters.
|
|
// Credentials are encrypted at rest and accessed by key name.
|
|
type Credential struct {
|
|
// Key is the unique identifier (e.g., "GITEA_TOKEN", "CLOUDFLARE_API_TOKEN")
|
|
Key string
|
|
|
|
// Value is the credential value (stored encrypted in database)
|
|
Value string
|
|
|
|
// Description explains what this credential is for
|
|
Description string
|
|
|
|
// Category groups related credentials (e.g., "gitea", "cloudflare", "woodpecker")
|
|
Category string
|
|
|
|
// CreatedAt is when the credential was first stored
|
|
CreatedAt time.Time
|
|
|
|
// UpdatedAt is when the credential was last modified
|
|
UpdatedAt time.Time
|
|
|
|
// UpdatedBy tracks who last modified the credential
|
|
UpdatedBy string
|
|
}
|
|
|
|
// CredentialCategories for grouping.
|
|
const (
|
|
CredentialCategoryGitea = "gitea"
|
|
CredentialCategoryCloudflare = "cloudflare"
|
|
CredentialCategoryWoodpecker = "woodpecker"
|
|
CredentialCategoryDatabase = "database"
|
|
CredentialCategoryRegistry = "registry"
|
|
CredentialCategoryWorker = "worker"
|
|
CredentialCategoryStorage = "storage"
|
|
CredentialCategoryAI = "ai"
|
|
CredentialCategoryNotify = "notify"
|
|
)
|
|
|
|
// Known credential keys.
|
|
const (
|
|
// Gitea
|
|
CredKeyGiteaToken = "GITEA_TOKEN"
|
|
CredKeyGiteaURL = "GITEA_URL"
|
|
|
|
// Cloudflare
|
|
CredKeyCloudflareAPIToken = "CLOUDFLARE_API_TOKEN"
|
|
CredKeyCloudflareZoneID = "CLOUDFLARE_ZONE_ID"
|
|
|
|
// Woodpecker
|
|
CredKeyWoodpeckerURL = "WOODPECKER_URL"
|
|
CredKeyWoodpeckerAPIToken = "WOODPECKER_API_TOKEN"
|
|
CredKeyWoodpeckerWebhookSecret = "WOODPECKER_WEBHOOK_SECRET"
|
|
|
|
// Registry
|
|
CredKeyRegistryURL = "REGISTRY_URL"
|
|
|
|
// GCS
|
|
CredKeyGCSBucket = "GCS_BUCKET"
|
|
CredKeyGCSServiceAccountJSON = "GCS_SERVICE_ACCOUNT_JSON"
|
|
|
|
// AI Providers
|
|
CredKeyLaozhangAPIKey = "LAOZHANG_API_KEY"
|
|
CredKeyGeminiAPIKey = "GEMINI_API_KEY"
|
|
|
|
// Notify service (email delivery)
|
|
CredKeyNotifyURL = "NOTIFY_URL"
|
|
CredKeyNotifyAdminKey = "NOTIFY_ADMIN_KEY"
|
|
CredKeyNotifyAPIKey = "NOTIFY_API_KEY"
|
|
CredKeyNotifyHost = "NOTIFY_HOST"
|
|
CredKeyNotifyFrom = "NOTIFY_FROM"
|
|
CredKeyNotifyResendDomainID = "NOTIFY_RESEND_DOMAIN_ID"
|
|
|
|
// Resend (email provider for per-project domain provisioning)
|
|
CredKeyResendAPIKey = "RESEND_API_KEY"
|
|
|
|
// Project-scoped auth secret (unique per project, auto-generated on first code component)
|
|
CredKeyJWTSecret = "JWT_SECRET"
|
|
)
|