uffizzi_core 0.1.3

data/app/services/uffizzi_core/docker_hub_service.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+module UffizziCore::DockerHubService
+  HOOK_NAME = 'Uffizzi OpenSource Deploy Webhook'
+  HOOK_URL = "#{Settings.app.host}api/cli/v1/webhooks/docker_hub"
+  REGISTRY = 'registry-1.docker.io'
+
+  class << self
+    def create_webhook(credential, image)
+      client = user_client(credential)
+
+      webhooks_response = client.get_webhooks(slug: image, registry: REGISTRY)
+      Rails.logger.info("DockerHubService create_webhook get_webhooks_response=#{webhooks_response.inspect}")
+
+      return false if webhooks_response.status != 200
+
+      webhooks = webhooks_response.result['results']
+
+      webhook = webhooks.detect { |hook| hook['name'] == HOOK_NAME }
+
+      return true if !webhook.nil?
+
+      params = {
+        slug: image,
+        name: HOOK_NAME,
+        expect_final_callback: false,
+        webhooks: [{ name: HOOK_NAME, hook_url: HOOK_URL, registry: REGISTRY }],
+      }
+
+      response = client.create_webhook(params)
+
+      Rails.logger.info("DockerHubService create_webhook create_webhook_response=#{response.inspect} params=#{params.inspect}")
+
+      response.status == 201
+    end
+
+    def send_webhook_answer(callback_url)
+      params = { state: 'success', description: 'Successfully deployed to Uffizzi' }
+      public_docker_hub_client.send_webhook_answer(callback_url, params)
+    end
+
+    def accounts(credential)
+      client = user_client(credential)
+      response = client.accounts
+      Rails.logger.info("DockerHubService accounts response=#{response.inspect} credential_id=#{credential.id}")
+
+      accounts_response = response.result
+      accounts_response.nil? ? [] : accounts_response.namespaces
+    end
+
+    def user_client(credential)
+      if @client.nil?
+        @client = UffizziCore::DockerHubClient.new(credential)
+
+        unless @client.authentificated?
+          Rails.logger.warn("broken credentials, DockerHubService credential_id=#{credential.id}")
+          credential.unauthorize! unless credential.unauthorized?
+        end
+      end
+
+      @client
+    end
+
+    def digest(credential, image, tag)
+      docker_hub_client = UffizziCore::DockerHubClient.new(credential)
+      token = docker_hub_client.get_token(image).result.token
+      response = docker_hub_client.digest(image: image, tag: tag, token: token)
+      response.headers['docker-content-digest']
+    end
+
+    private
+
+    def public_docker_hub_client
+      @public_docker_hub_client ||= UffizziCore::DockerHubClient.new
+    end
+  end
+end

data/app/services/uffizzi_core/github/app_service.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+class UffizziCore::Github::AppService
+  class << self
+    def create_preview_message_into_pull_request(deployment)
+      project = deployment.project
+      credential = project.credentials.github.last
+      return if credential.nil?
+
+      pull_request_payload = deployment.continuous_preview_payload['pull_request']
+      installation_id = credential.provider_ref
+      message = UffizziCore::Github::MessageService.build_preview_message(deployment)
+
+      create_comment(installation_id, pull_request_payload['repository_full_name'], pull_request_payload['id'], message)
+    end
+
+    private
+
+    def create_comment(installation_id, repository, issue_id, message)
+      access_token = create_installation_access_token(installation_id)
+
+      installation_client = UffizziCore::Github::InstallationClient.new(access_token)
+
+      installation_client.add_comment(repository, issue_id, message)
+    end
+
+    def create_installation_access_token(installation_id)
+      access_token_response = app_client.create_app_installation_access_token(installation_id)
+      access_token_response[:token]
+    end
+
+    def app_client
+      UffizziCore::Github::AppClient.new(generate_jwt_token)
+    end
+
+    def generate_jwt_token
+      rsa_armor = '-----'
+      parts = Settings.github.private_key.split(rsa_armor)
+      parts[2].gsub!(/\s/, "\n")
+      private_key = OpenSSL::PKey::RSA.new(parts.join(rsa_armor))
+
+      payload = {}.tap do |opts|
+        opts[:iat] = Time.now.to_i
+        opts[:exp] = opts[:iat] + 60
+        opts[:iss] = Settings.github.app_id
+      end
+
+      JWT.encode(payload, private_key, 'RS256')
+    end
+  end
+end

data/app/services/uffizzi_core/github/credential_service.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+class UffizziCore::Github::CredentialService
+  class << self
+    def repository_contains_file?(credential, repository_id, branch, path)
+      client(credential).contents?(repository_id, ref: branch, path: path)
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, repository_contains_file? credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def credential_correct?(credential)
+      valid_installation?(credential)
+    rescue Octokit::Unauthorized
+      false
+    end
+
+    def search_repositories(credential, search_query)
+      result = client(credential).search_repositories(search_query)
+
+      result[:items]
+    rescue Octokit::UnprocessableEntity
+      []
+    end
+
+    def repositories(credential, query = '', page = 1)
+      repo_attributes = {
+        sort: :updated,
+        page: page,
+      }
+
+      repos = client(credential).installation_repositories(credential.provider_ref, repo_attributes)
+      filter_repos(repos, query)
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, repositories credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def branches(credential, repository_id)
+      client(credential).branches(repository_id)
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, branches credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def branch(credential, repository_id, branch)
+      client(credential).branch(repository_id, branch)
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, branch credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def commit(credential, repository_id, commit_sha)
+      commit = client(credential).commit(repository_id, commit_sha)
+
+      {
+        message: commit[:message],
+        committer: commit[:committer][:name],
+        commit: commit_sha,
+      }
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, commit credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def contents(credential, repository_id, options)
+      client(credential).contents(repository_id, options)
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, contents credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def repo(credential, repository_id)
+      client(credential).repo(repository_id)
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, repo credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    def repo_url(credential, repository_id)
+      repo = repo(credential, repository_id)
+      repo[:clone_url].split(%r{https://}).last
+    end
+
+    def file_content(credential, repository_id, branch, file_path)
+      file = contents(credential, repository_id, ref: branch, path: file_path)
+      Base64.decode64(file[:content])
+    rescue Octokit::Unauthorized
+      Rails.logger.warn("broken credentials, file_content credential_id=#{credential.id}")
+      credential.unauthorize! unless credential.unauthorized?
+      raise
+    end
+
+    private
+
+    def client(credential)
+      UffizziCore::Github::UserClient.new(credential.password)
+    end
+
+    def valid_installation?(credential)
+      user_installations = client(credential).user_installations
+
+      installation = user_installations.detect do |user_installation|
+        user_installation[:id].to_s == credential.provider_ref
+      end
+
+      installation.present?
+    end
+
+    def filter_repos(repos, query)
+      return repos if query.blank?
+
+      prepared_query = query.downcase
+      repos.select { |repo| repo.full_name.downcase.include?(prepared_query) || repo.description&.downcase&.include?(prepared_query) }
+    end
+  end
+end

data/app/services/uffizzi_core/github/message_service.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class UffizziCore::Github::MessageService
+  class << self
+    def build_preview_message(deployment)
+      preview_url = UffizziCore::DeploymentService.build_preview_url(deployment)
+      deployment_url = UffizziCore::DeploymentService.build_deployment_url(deployment)
+
+      "**This branch has been deployed using Uffizzi.**
+
+      Preview URL:
+      https://#{preview_url}
+
+      View deployment details here:
+      https://#{deployment_url}
+
+      This is an automated comment. To turn off commenting, visit uffizzi.com."
+    end
+  end
+end

data/app/services/uffizzi_core/github_service.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class UffizziCore::GithubService
+  class << self
+    def send_preview_message(deployment)
+      image = deployment.continuous_preview_payload['pull_request']['repository_full_name']
+      containers = deployment.containers.where(image: image)
+      repo = UffizziCore::Repo.find_by(id: containers.select(:repo_id))
+
+      preview_message_is_enabled = !!repo.share_to_github
+
+      return if !preview_message_is_enabled
+
+      continuous_preview_payload = deployment.continuous_preview_payload
+      pull_request_payload = continuous_preview_payload['pull_request']
+      new_preview_message = UffizziCore::Github::MessageService.build_preview_message(deployment)
+
+      return if new_preview_message == pull_request_payload['message']
+
+      pull_request_payload['message'] = new_preview_message
+      continuous_preview_payload['pull_request'] = pull_request_payload
+
+      deployment.update(continuous_preview_payload: continuous_preview_payload)
+
+      UffizziCore::Github::AppService.create_preview_message_into_pull_request(deployment)
+    end
+  end
+end

data/app/services/uffizzi_core/google/credential_service.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class UffizziCore::Google::CredentialService
+  class << self
+    def credential_correct?(credential)
+      client(credential).authentificated?
+    rescue URI::InvalidURIError, Faraday::ConnectionFailed
+      false
+    end
+
+    private
+
+    def client(credential)
+      UffizziCore::GoogleRegistryClient.new(registry_url: credential.registry_url, username: credential.username,
+                                            password: credential.password)
+    end
+  end
+end

data/app/services/uffizzi_core/logs_service.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class UffizziCore::LogsService
+  NOT_ALLOWED_SYMBOLS_IN_NAME_REGEX = /[^a-zA-Z0-9-]/.freeze
+
+  class << self
+    def fetch_container_logs(container, query = {})
+      response = request_logs(container, query).result || {}
+      response = Hashie::Mash.new(response)
+      logs = response.logs || []
+
+      {
+        logs: logs,
+      }
+    end
+
+    private
+
+    def request_logs(container, query)
+      deployment = container.deployment
+
+      controller_client.deployment_container_logs(
+        deployment_id: deployment.id,
+        container_name: UffizziCore::ContainerService.pod_name(container),
+        limit: query[:limit],
+      )
+    end
+
+    def controller_client
+      UffizziCore::ControllerClient.new
+    end
+  end
+end

data/app/services/uffizzi_core/manage_activity_items_service.rb

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+
+class UffizziCore::ManageActivityItemsService
+  attr_accessor :deployment, :containers, :pods, :namespace_data
+
+  def initialize(deployment)
+    @deployment = deployment
+    @containers = deployment.active_containers
+    @namespace_data = UffizziCore::ControllerService.fetch_namespace(deployment)
+    @pods = UffizziCore::ControllerService.fetch_pods(deployment)
+  end
+
+  def container_status_item(container)
+    container_status_items.detect { |container_statuses| container_statuses[:id] == container.id }
+  end
+
+  def container_status_items
+    network_connectivities = build_network_connectivities
+    containers_replicas = build_containers_replicas
+
+    build_container_status_items(network_connectivities, containers_replicas)
+  end
+
+  private
+
+  def build_network_connectivities
+    containers.with_public_access.map do |container|
+      { id: container.id, items: build_container_network_connectivity_items(container) }
+    end
+  end
+
+  def build_container_network_connectivity_items(container)
+    network_connectivities = container_network_connectivities(container)
+    return [] if network_connectivities.nil?
+
+    network_connectivities.map do |network_connectivity|
+      type, value = network_connectivity
+
+      { type: type, status: value.status }
+    end
+  end
+
+  def build_containers_replicas
+    containers.map do |container|
+      repo = container.repo
+
+      if repo.github?
+        build = container.repo.builds.deployed.last
+
+        if build.nil? || build.building?
+          return [{ id: container.id,
+                    items: [{ name: container.image_name, status: UffizziCore::Event.state.building }] }]
+        end
+        if !build.successful?
+          return [{ id: container.id,
+                    items: [{ name: container.image_name, status: UffizziCore::Event.state.failed }] }]
+        end
+      end
+
+      items = pods.map do |pod|
+        {
+          name: item_name(pod, container),
+          status: get_status(pod, container),
+        }
+      end
+
+      { id: container.id, items: items }
+    end
+  end
+
+  def build_container_status_items(network_connectivities, containers_replicas)
+    containers.map do |container|
+      network_connectivity = network_connectivities.detect { |item| item[:id] == container.id }
+      any_container_is_building = containers_replicas.any? do |container_replicas|
+        container_replicas[:items].any? do |item|
+          item[:status] == UffizziCore::Event.state.building
+        end
+      end
+      container_replicas = containers_replicas.detect { |item| item[:id] == container.id }
+
+      {
+        id: container.id,
+        status: build_container_status(container, network_connectivity, container_replicas, any_container_is_building),
+      }
+    end
+  end
+
+  def replicas_contains_status?(replicas, status)
+    replicas.any? { |replica| replica[:status] == status }
+  end
+
+  def build_container_status(container, network_connectivity, container_replicas, any_container_is_building)
+    return building_container_status(container) if any_container_is_building
+
+    error = replicas_contains_status?(container_replicas[:items], UffizziCore::Event.state.failed)
+    container_is_running = replicas_contains_status?(container_replicas[:items], UffizziCore::Event.state.deployed)
+    deployed = !error && container_is_running
+    return container_status(error, deployed) unless container.public?
+
+    network_connectivity[:items].each do |item|
+      status = item[:status].to_sym
+      error ||= status == :failed
+      deployed &&= status == :success
+    end
+
+    container_status(error, deployed)
+  end
+
+  def building_container_status(container)
+    return UffizziCore::Event.state.building if container.repo.github?
+
+    UffizziCore::Event.state.deploying
+  end
+
+  def container_status(error, deployed)
+    return UffizziCore::Event.state.failed if error
+    return UffizziCore::Event.state.deployed if deployed
+
+    UffizziCore::Event.state.deploying
+  end
+
+  def item_name(pod, container)
+    hash = pod.metadata.name.split('-').last
+    "#{container.image_name}-#{hash}"
+  end
+
+  def get_status(pod, container)
+    pod_container = pod_container(pod, container)
+
+    return UffizziCore::Event.state.deploying if pod_container.nil? || pod_container[:state].to_h.empty?
+
+    pod_container_status = pod_container[:state].keys.first
+    state = pod_container[:state][pod_container_status]
+    reason = state&.reason
+
+    case pod_container_status.to_sym
+    when :running
+      UffizziCore::Event.state.deployed
+    when :terminated
+      UffizziCore::Event.state.failed
+    when :waiting
+      return Event.state.failed if ['ErrImagePull', 'ImagePullBackOff', 'CrashLoopBackOff'].include?(reason)
+
+      UffizziCore::Event.state.deploying
+    else
+      UffizziCore::Event.state.deploying
+    end
+  end
+
+  def pod_container(pod, container)
+    pod_name = UffizziCore::ContainerService.pod_name(container)
+
+    pod&.status&.container_statuses&.detect { |cs| cs.name.include?(pod_name) }
+  end
+
+  def container_network_connectivities(container)
+    network_connectivity = Hashie::Mash.new(JSON.parse(deployment_network_connectivity))
+    containers_network_connectivity = network_connectivity&.containers
+
+    containers_network_connectivity[container.id.to_s] if !containers_network_connectivity.nil?
+  end
+
+  def deployment_network_connectivity
+    namespace_data&.metadata&.annotations&.network_connectivity || '{}'
+  end
+end

data/app/services/uffizzi_core/project_service.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module UffizziCore::ProjectService
+  class << self
+    def update_compose_secrets(project)
+      compose_file = project.compose_file
+      return if compose_file&.template.nil?
+
+      project.secrets.each do |secret|
+        if UffizziCore::ComposeFileService.has_secret?(compose_file, secret)
+          UffizziCore::ComposeFileService.update_secret!(compose_file, secret)
+        end
+      end
+
+      return unless UffizziCore::ComposeFileService.secrets_valid?(compose_file, project.secrets)
+
+      secrets_error_key = UffizziCore::ComposeFile::ErrorsService::SECRETS_ERROR_KEY
+      return unless UffizziCore::ComposeFile::ErrorsService.has_error?(compose_file, secrets_error_key)
+
+      UffizziCore::ComposeFile::ErrorsService.reset_error!(compose_file, secrets_error_key)
+      compose_file.set_valid! unless UffizziCore::ComposeFile::ErrorsService.has_errors?(compose_file)
+    end
+
+    def update_compose_secret_errors(project, secret)
+      compose_file = project.compose_file
+      return if compose_file.nil?
+      return unless UffizziCore::ComposeFileService.has_secret?(compose_file, secret)
+
+      error_message = I18n.t('compose.project_secret_not_found', secret: secret['name'])
+      error = { UffizziCore::ComposeFile::ErrorsService::SECRETS_ERROR_KEY => [error_message] }
+
+      existing_errors = compose_file.payload['errors'].presence || {}
+      new_errors = existing_errors.merge(error)
+
+      UffizziCore::ComposeFile::ErrorsService.update_compose_errors!(compose_file, new_errors, compose_file.content)
+    end
+  end
+end