uffizzi-core 0.1.12

data/app/services/uffizzi_core/controller_service.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module UffizziCore::ControllerService
+  class << self
+    def apply_config_file(deployment, config_file)
+      body = {
+        config_file: UffizziCore::Controller::ApplyConfigFile::ConfigFileSerializer.new(config_file).as_json,
+      }
+
+      controller_client.apply_config_file(deployment_id: deployment.id, config_file_id: config_file.id, body: body)
+    end
+
+    def create_deployment(deployment)
+      body = UffizziCore::Controller::CreateDeployment::DeploymentSerializer.new(deployment).as_json
+      controller_client.create_deployment(deployment_id: deployment.id, body: body)
+    end
+
+    def update_deployment(deployment)
+      body = UffizziCore::Controller::UpdateDeployment::DeploymentSerializer.new(deployment).as_json
+      controller_client.update_deployment(deployment_id: deployment.id, body: body)
+    end
+
+    def delete_deployment(deployment_id)
+      controller_client.delete_deployment(deployment_id: deployment_id)
+    end
+
+    def apply_credential(deployment, credential)
+      image = if credential.github_container_registry?
+        deployment.containers.by_repo_type(UffizziCore::Repo::GithubContainerRegistry.name).first&.image
+      end
+
+      options = { image: image }
+
+      body = UffizziCore::Controller::CreateCredential::CredentialSerializer.new(credential, options).as_json
+      controller_client.apply_credential(deployment_id: deployment.id, body: body)
+    end
+
+    def delete_credential(deployment, credential)
+      controller_client.delete_credential(deployment_id: deployment.id, credential_id: credential.id)
+    end
+
+    def deploy_containers(deployment, containers)
+      containers = containers.map do |container|
+        UffizziCore::Controller::DeployContainers::ContainerSerializer.new(container).as_json(include: '**')
+      end
+      credentials = deployment.credentials.deployable.map do |credential|
+        UffizziCore::Controller::DeployContainers::CredentialSerializer.new(credential).as_json
+      end
+
+      body = {
+        containers: containers,
+        credentials: credentials,
+        deployment_url: UffizziCore::DeploymentService.build_preview_url(deployment),
+      }
+
+      controller_client.deploy_containers(deployment_id: deployment.id, body: body)
+    end
+
+    def deployment_exists?(deployment)
+      controller_client.deployment(deployment_id: deployment.id).code == 200
+    end
+
+    def fetch_deployment_events(deployment)
+      request_events(deployment) || []
+    end
+
+    def fetch_pods(deployment)
+      pods = controller_client.deployment_containers(deployment_id: deployment.id).result || []
+      pods.filter { |pod| pod.metadata.name.start_with?(Settings.controller.namespace_prefix) }
+    end
+
+    def fetch_namespace(deployment)
+      controller_client.deployment(deployment_id: deployment.id).result || nil
+    end
+
+    private
+
+    def request_events(deployment)
+      controller_client.deployment_containers_events(deployment_id: deployment.id)
+    end
+
+    def controller_client
+      UffizziCore::ControllerClient.new
+    end
+  end
+end

data/app/services/uffizzi_core/credential_service.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module UffizziCore::CredentialService
+  class << self
+    def correct_credentials?(credential)
+      status = case credential.type
+               when UffizziCore::Credential::DockerHub.name
+                 UffizziCore::DockerHub::CredentialService.credential_correct?(credential)
+               when UffizziCore::Credential::GithubContainerRegistry.name
+                 UffizziCore::GithubContainerRegistry::CredentialService.credential_correct?(credential)
+               when UffizziCore::Credential::Azure.name
+                 UffizziCore::Azure::CredentialService.credential_correct?(credential)
+               when UffizziCore::Credential::Google.name
+                 UffizziCore::Google::CredentialService.credential_correct?(credential)
+               when UffizziCore::Credential::Amazon.name
+                 UffizziCore::Amazon::CredentialService.credential_correct?(credential)
+               else
+                 false
+      end
+
+      if credential.persisted? && credential.active? && !status
+        Rails.logger.warn("broken credentials, credential_correct? credential_id=#{credential.id}")
+        credential.unauthorize!
+      end
+
+      status
+    end
+
+    def update_expired_credentials
+      currect_date = DateTime.now
+      credentials = UffizziCore::Credential::Amazon.active.where('updated_at < ?', currect_date - 10.hours)
+
+      credentials.each do |credential|
+        deployments = UffizziCore::Deployment.where(project_id: credential.account.projects.select(:id)).with_amazon_repos
+
+        deployments.each do |deployment|
+          UffizziCore::Deployment::CreateCredentialJob.perform_async(deployment.id, credential.id)
+        end
+
+        credential.update(updated_at: currect_date)
+      end
+    end
+  end
+end

data/app/services/uffizzi_core/deployment_service.rb

@@ -0,0 +1,307 @@
+# frozen_string_literal: true
+
+module UffizziCore::DeploymentService
+  MIN_TARGET_PORT_RANGE = 37_000
+  MAX_TARGET_PORT_RANGE = 39_999
+
+  DEPLOYMENT_PROCESS_STATUSES = {
+    building: :building,
+    deploying: :deploying,
+    failed: :failed,
+    queued: :queued,
+  }.freeze
+
+  class << self
+    def create_from_compose(compose_file, project, user)
+      deployment_attributes = ActionController::Parameters.new(compose_file.template.payload)
+      deployment_form = UffizziCore::Api::Cli::V1::Deployment::CreateForm.new(deployment_attributes)
+      deployment_form.assign_dependences!(project, user)
+      deployment_form.compose_file = compose_file
+      deployment_form.creation_source = UffizziCore::Deployment.creation_source.compose_file_manual
+
+      if deployment_form.save
+        update_subdomain!(deployment_form)
+
+        UffizziCore::Deployment::CreateJob.perform_async(deployment_form.id)
+        UffizziCore::Deployment::CreateWebhooksJob.perform_async(deployment_form.id)
+      end
+
+      deployment_form
+    end
+
+    def update_from_compose(compose_file, project, user, deployment_id)
+      deployment_attributes = ActionController::Parameters.new(compose_file.template.payload)
+
+      deployment_form = UffizziCore::Api::Cli::V1::Deployment::UpdateForm.new(deployment_attributes)
+      deployment_form.assign_dependences!(project, user)
+      deployment_form.compose_file = compose_file
+
+      if deployment_form.valid?
+        deployment = UffizziCore::Deployment.find(deployment_id)
+        deployment.containers.destroy_all
+        deployment.compose_file.destroy if deployment.compose_file.kind.temporary?
+        deployment.update!(containers: deployment_form.containers, compose_file_id: compose_file.id)
+
+        return deployment
+      end
+
+      deployment_form
+    end
+
+    def deploy_containers(deployment, repeated = false)
+      if !repeated
+        create_activity_items(deployment)
+        update_controller_container_names(deployment)
+      end
+
+      case deployment_process_status(deployment)
+      when DEPLOYMENT_PROCESS_STATUSES[:building]
+        Rails.logger.info("DEPLOYMENT_PROCESS deployment_id=#{deployment.id} repeat deploy_containers")
+        UffizziCore::Deployment::DeployContainersJob.perform_in(1.minute, deployment.id, true)
+      when DEPLOYMENT_PROCESS_STATUSES[:deploying]
+        Rails.logger.info("DEPLOYMENT_PROCESS deployment_id=#{deployment.id} start deploying into controller")
+
+        containers = deployment.active_containers
+        containers = add_default_deployment_variables!(containers)
+
+        UffizziCore::ControllerService.deploy_containers(deployment, containers)
+      else
+        Rails.logger.info("DEPLOYMENT_PROCESS deployment_id=#{deployment.id} deployment has builds errors, stopping")
+      end
+    end
+
+    def disable!(deployment)
+      deployment.disable!
+      compose_file = deployment.compose_file || deployment.template&.compose_file
+      return unless compose_file&.kind&.temporary?
+
+      compose_file.destroy!
+    end
+
+    def fail!(deployment)
+      deployment.fail!
+      compose_file = deployment.compose_file || deployment.template&.compose_file
+      return unless compose_file&.kind&.temporary?
+
+      compose_file.destroy!
+    end
+
+    def build_subdomain(deployment)
+      if deployment.continuous_preview_payload.present?
+        continuous_preview_payload = deployment.continuous_preview_payload
+
+        return build_pull_request_subdomain(deployment) if continuous_preview_payload['pull_request'].present?
+        return build_docker_continuous_preview_subdomain(deployment) if continuous_preview_payload['docker'].present?
+      end
+
+      build_default_subdomain(deployment)
+    end
+
+    def build_pull_request_subdomain(deployment)
+      project = deployment.project
+      continuous_preview_payload = deployment.continuous_preview_payload
+      pull_request_payload = continuous_preview_payload['pull_request']
+      repo_name = pull_request_payload['repository_full_name'].split('/').last
+      deployment_name = name(deployment)
+      subdomain = "pr#{pull_request_payload['id']}-#{deployment_name}-#{repo_name}-#{project.slug}"
+
+      format_subdomain(subdomain)
+    end
+
+    def build_docker_continuous_preview_subdomain(deployment)
+      project = deployment.project
+      continuous_preview_payload = deployment.continuous_preview_payload
+      docker_payload = continuous_preview_payload['docker']
+      repo_name = docker_payload['image'].split('/').last.gsub('_', '-')
+      image_tag = docker_payload['tag'].gsub('_', '-')
+      deployment_name = name(deployment)
+      subdomain = "#{image_tag}-#{deployment_name}-#{repo_name}-#{project.slug}"
+
+      format_subdomain(subdomain)
+    end
+
+    def build_default_subdomain(deployment)
+      deployment_name = name(deployment)
+      slug = deployment.project.slug.to_s
+      subdomain = "#{deployment_name}-#{slug}"
+
+      format_subdomain(subdomain)
+    end
+
+    def build_preview_url(deployment)
+      "#{deployment.subdomain}.#{Settings.app.managed_dns_zone}"
+    end
+
+    def build_deployment_url(deployment)
+      "#{Settings.app.managed_dns_zone}/projects/#{deployment.project_id}/deployments"
+    end
+
+    def all_containers_have_unique_ports?(containers)
+      ports = containers.map(&:port).compact
+      containers.empty? || ports.size == ports.uniq.size
+    end
+
+    def valid_containers_memory_limit?(deployment)
+      containers = deployment.containers
+      container_memory_limit = deployment.project.account.container_memory_limit
+      return true if container_memory_limit.nil?
+
+      containers.all? { |container| container.memory_limit <= container_memory_limit }
+    end
+
+    def valid_containers_memory_request?(deployment)
+      containers = deployment.containers
+      container_memory_limit = deployment.project.account.container_memory_limit
+      return true if container_memory_limit.nil?
+
+      containers.all? { |container| container.memory_request <= container_memory_limit }
+    end
+
+    def ingress_container?(containers)
+      containers.empty? || containers.map(&:receive_incoming_requests).count(true) == 1
+    end
+
+    def find_unused_port(deployment)
+      selected_port = nil
+
+      Timeout.timeout(20) do
+        loop do
+          selected_port = rand(MIN_TARGET_PORT_RANGE..MAX_TARGET_PORT_RANGE)
+
+          break if !deployment.containers.exists?(target_port: selected_port)
+        end
+      end
+
+      selected_port
+    end
+
+    def setup_ingress_container(deployment, ingress_container, port)
+      old_deployment_subdomain = deployment.subdomain
+
+      containers = deployment.containers.active
+
+      UffizziCore::Container.transaction do
+        containers.update_all(receive_incoming_requests: false, port: nil, public: false)
+        containers.find(ingress_container.id).update!(port: port, public: true, receive_incoming_requests: true)
+      end
+
+      deployment.reload
+
+      new_deployment_subdomain = build_subdomain(deployment)
+
+      if new_deployment_subdomain != old_deployment_subdomain
+        deployment.update(subdomain: new_deployment_subdomain)
+      end
+
+      UffizziCore::Deployment::DeployContainersJob.perform_async(deployment.id)
+    end
+
+    def name(deployment)
+      "deployment-#{deployment.id}"
+    end
+
+    def update_subdomain!(deployment)
+      deployment.subdomain = build_subdomain(deployment)
+
+      deployment.save!
+    end
+
+    def create_webhooks(deployment)
+      credential = deployment.project.account.credentials.docker_hub.active.first
+
+      if !deployment.containers.with_docker_hub_repo.exists? || !credential.present?
+        Rails.logger.info("DEPLOYMENT_PROCESS deployment_id=#{deployment.id} create_webhooks no dockerhub containers or credential")
+        return
+      end
+
+      accounts = UffizziCore::DockerHubService.accounts(credential)
+
+      deployment.containers.with_docker_hub_repo.find_each do |container|
+        if !accounts.include?(container.repo.namespace)
+          logger_message = "DEPLOYMENT_PROCESS deployment_id=#{deployment.id} no namespace(#{container.repo.namespace})
+          in accounts(#{accounts.inspect})"
+          Rails.logger.info(logger_message)
+          next
+        end
+
+        UffizziCore::Credential::DockerHub::CreateWebhookJob.perform_async(credential.id, container.image, deployment.id)
+      end
+    end
+
+    def pull_request_payload_present?(deployment)
+      deployment.continuous_preview_payload.present? && deployment.continuous_preview_payload['pull_request'].present?
+    end
+
+    def failed?(deployment)
+      deployment_status = deployment_process_status(deployment)
+
+      deployment_status == DEPLOYMENT_PROCESS_STATUSES[:failed]
+    end
+
+    private
+
+    def deployment_process_status(deployment)
+      containers = deployment.active_containers
+      activity_items = containers.map { |container| container.activity_items.order_by_id.last }.compact
+      events = activity_items.map { |activity_item| activity_item.events.order_by_id.last&.state }
+      events = events.flatten.uniq
+
+      return DEPLOYMENT_PROCESS_STATUSES[:queued] if containers.present? && events.empty?
+      return DEPLOYMENT_PROCESS_STATUSES[:failed] if events.include?(UffizziCore::Event.state.failed)
+      return DEPLOYMENT_PROCESS_STATUSES[:building] if events.include?(UffizziCore::Event.state.building)
+
+      DEPLOYMENT_PROCESS_STATUSES[:deploying]
+    end
+
+    def create_activity_items(deployment)
+      deployment.active_containers.each do |container|
+        repo = container.repo
+        activity_item = UffizziCore::ActivityItemService.create_docker_item!(repo, container)
+
+        create_default_activity_item_event(activity_item)
+
+        if UffizziCore::RepoService.credential(repo).present? && activity_item.docker?
+          UffizziCore::ActivityItem::Docker::UpdateDigestJob.perform_async(activity_item.id)
+        end
+        UffizziCore::Deployment::ManageDeployActivityItemJob.perform_in(5.seconds, activity_item.id)
+      end
+    end
+
+    def create_default_activity_item_event(activity_item)
+      activity_item.events.create(state: UffizziCore::Event.state.deploying) if activity_item.docker?
+    end
+
+    def update_controller_container_names(deployment)
+      deployment.active_containers.each do |container|
+        next if container.controller_name.present?
+
+        controller_name = generate_controller_container_name(container)
+        container.update!(controller_name: controller_name)
+      end
+    end
+
+    def generate_controller_container_name(container)
+      Digest::SHA256.hexdigest("#{container.id}:#{container.image}")[0, 10]
+    end
+
+    def add_default_deployment_variables!(containers)
+      containers.each do |container|
+        envs = []
+        if container.port.present? && !UffizziCore::ContainerService.defines_env?(container, 'PORT')
+          envs.push('name' => 'PORT', 'value' => container.target_port.to_s)
+        end
+
+        container.variables = [] if container.variables.nil?
+
+        container.variables.push(*envs)
+      end
+    end
+
+    def format_subdomain(full_subdomain_name)
+      subdomain_length_limit = Settings.deployment.subdomain.length_limit
+      return full_subdomain_name if full_subdomain_name.length <= subdomain_length_limit
+
+      full_subdomain_name.slice(0, subdomain_length_limit)
+    end
+  end
+end

data/app/services/uffizzi_core/docker_hub/credential_service.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class UffizziCore::DockerHub::CredentialService
+  class << self
+    def credential_correct?(credential)
+      client(credential).authentificated?
+    end
+
+    private
+
+    def client(credential)
+      UffizziCore::DockerHubClient.new(credential)
+    end
+  end
+end

data/app/services/uffizzi_core/docker_hub_service.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+module UffizziCore::DockerHubService
+  HOOK_NAME = 'Uffizzi OpenSource Deploy Webhook'
+  HOOK_URL = "#{Settings.app.host}api/cli/v1/webhooks/docker_hub"
+  REGISTRY = 'registry-1.docker.io'
+
+  class << self
+    def create_webhook(credential, image)
+      client = user_client(credential)
+
+      webhooks_response = client.get_webhooks(slug: image, registry: REGISTRY)
+      Rails.logger.info("DockerHubService create_webhook get_webhooks_response=#{webhooks_response.inspect}")
+
+      return false if webhooks_response.status != 200
+
+      webhooks = webhooks_response.result['results']
+
+      webhook = webhooks.detect { |hook| hook['name'] == HOOK_NAME }
+
+      return true if !webhook.nil?
+
+      params = {
+        slug: image,
+        name: HOOK_NAME,
+        expect_final_callback: false,
+        webhooks: [{ name: HOOK_NAME, hook_url: HOOK_URL, registry: REGISTRY }],
+      }
+
+      response = client.create_webhook(params)
+
+      Rails.logger.info("DockerHubService create_webhook create_webhook_response=#{response.inspect} params=#{params.inspect}")
+
+      response.status == 201
+    end
+
+    def send_webhook_answer(callback_url)
+      params = { state: 'success', description: 'Successfully deployed to Uffizzi' }
+      public_docker_hub_client.send_webhook_answer(callback_url, params)
+    end
+
+    def accounts(credential)
+      client = user_client(credential)
+      response = client.accounts
+      Rails.logger.info("DockerHubService accounts response=#{response.inspect} credential_id=#{credential.id}")
+
+      accounts_response = response.result
+      accounts_response.nil? ? [] : accounts_response.namespaces
+    end
+
+    def user_client(credential)
+      if @client.nil?
+        @client = UffizziCore::DockerHubClient.new(credential)
+
+        unless @client.authentificated?
+          Rails.logger.warn("broken credentials, DockerHubService credential_id=#{credential.id}")
+          credential.unauthorize! unless credential.unauthorized?
+        end
+      end
+
+      @client
+    end
+
+    def digest(credential, image, tag)
+      docker_hub_client = UffizziCore::DockerHubClient.new(credential)
+      token = docker_hub_client.get_token(image).result.token
+      response = docker_hub_client.digest(image: image, tag: tag, token: token)
+      response.headers['docker-content-digest']
+    end
+
+    private
+
+    def public_docker_hub_client
+      @public_docker_hub_client ||= UffizziCore::DockerHubClient.new
+    end
+  end
+end

data/app/services/uffizzi_core/github_container_registry/credential_service.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+class UffizziCore::GithubContainerRegistry::CredentialService
+  class << self
+    def credential_correct?(credential)
+      client(credential).authentificated?
+    rescue URI::InvalidURIError, Faraday::ConnectionFailed
+      false
+    end
+
+    def access_token(credential)
+      client(credential).token
+    rescue URI::InvalidURIError, Faraday::ConnectionFailed
+      false
+    end
+
+    private
+
+    def client(credential)
+      UffizziCore::GithubContainerRegistryClient.new(registry_url: credential.registry_url, username: credential.username,
+                                                     password: credential.password)
+    end
+  end
+end

data/app/services/uffizzi_core/google/credential_service.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class UffizziCore::Google::CredentialService
+  class << self
+    def credential_correct?(credential)
+      client(credential).authentificated?
+    rescue URI::InvalidURIError, Faraday::ConnectionFailed
+      false
+    end
+
+    private
+
+    def client(credential)
+      UffizziCore::GoogleRegistryClient.new(registry_url: credential.registry_url, username: credential.username,
+                                            password: credential.password)
+    end
+  end
+end

data/app/services/uffizzi_core/logs_service.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class UffizziCore::LogsService
+  NOT_ALLOWED_SYMBOLS_IN_NAME_REGEX = /[^a-zA-Z0-9-]/.freeze
+
+  class << self
+    def fetch_container_logs(container, query = {})
+      response = request_logs(container, query).result || {}
+      response = Hashie::Mash.new(response)
+      logs = response.logs || []
+
+      {
+        logs: logs,
+      }
+    end
+
+    private
+
+    def request_logs(container, query)
+      deployment = container.deployment
+
+      controller_client.deployment_container_logs(
+        deployment_id: deployment.id,
+        container_name: UffizziCore::ContainerService.pod_name(container),
+        limit: query[:limit],
+      )
+    end
+
+    def controller_client
+      UffizziCore::ControllerClient.new
+    end
+  end
+end