+34

api/tangled/pipelinecancelPipeline.go

··· 1 1 + // Code generated by cmd/lexgen (see Makefile's lexgen); DO NOT EDIT. 2 2 + 3 3 + package tangled 4 4 + 5 5 + // schema: sh.tangled.pipeline.cancelPipeline 6 6 + 7 7 + import ( 8 8 + "context" 9 9 + 10 10 + "github.com/bluesky-social/indigo/lex/util" 11 11 + ) 12 12 + 13 13 + const ( 14 14 + PipelineCancelPipelineNSID = "sh.tangled.pipeline.cancelPipeline" 15 15 + ) 16 16 + 17 17 + // PipelineCancelPipeline_Input is the input argument to a sh.tangled.pipeline.cancelPipeline call. 18 18 + type PipelineCancelPipeline_Input struct { 19 19 + // pipeline: pipeline at-uri 20 20 + Pipeline string `json:"pipeline" cborgen:"pipeline"` 21 21 + // repo: repo at-uri, spindle can't resolve repo from pipeline at-uri yet 22 22 + Repo string `json:"repo" cborgen:"repo"` 23 23 + // workflow: workflow name 24 24 + Workflow string `json:"workflow" cborgen:"workflow"` 25 25 + } 26 26 + 27 27 + // PipelineCancelPipeline calls the XRPC method "sh.tangled.pipeline.cancelPipeline". 28 28 + func PipelineCancelPipeline(ctx context.Context, c util.LexClient, input *PipelineCancelPipeline_Input) error { 29 29 + if err := c.LexDo(ctx, util.Procedure, "application/json", "sh.tangled.pipeline.cancelPipeline", nil, input, nil); err != nil { 30 30 + return err 31 31 + } 32 32 + 33 33 + return nil 34 34 + }

+10

appview/pages/templates/repo/pipelines/workflow.html

··· 12 12 {{ block "sidebar" . }} {{ end }} 13 13 </div> 14 14 <div class="col-span-1 md:col-span-3"> 15 15 + <div class="flex justify-end mb-2"> 16 16 + <button 17 17 + class="btn" 18 18 + hx-post="/{{ $.RepoInfo.FullName }}/pipelines/{{ .Pipeline.Id }}/workflow/{{ .Workflow }}/cancel" 19 19 + hx-swap="none" 20 20 + {{ if (index .Pipeline.Statuses .Workflow).Latest.Status.IsFinish -}} 21 21 + disabled 22 22 + {{- end }} 23 23 + >Cancel</button> 24 24 + </div> 15 25 {{ block "logs" . }} {{ end }} 16 26 </div> 17 27 </section>

+82

appview/pipelines/pipelines.go

··· 4 4 "bytes" 5 5 "context" 6 6 "encoding/json" 7 7 + "fmt" 7 8 "log/slog" 8 9 "net/http" 9 10 "strings" 10 11 "time" 11 12 13 13 + "tangled.org/core/api/tangled" 12 14 "tangled.org/core/appview/config" 13 15 "tangled.org/core/appview/db" 16 16 + "tangled.org/core/appview/models" 14 17 "tangled.org/core/appview/oauth" 15 18 "tangled.org/core/appview/pages" 16 19 "tangled.org/core/appview/reporesolver" ··· 41 44 r.Get("/", p.Index) 42 45 r.Get("/{pipeline}/workflow/{workflow}", p.Workflow) 43 46 r.Get("/{pipeline}/workflow/{workflow}/logs", p.Logs) 47 47 + r.Post("/{pipeline}/workflow/{workflow}/cancel", p.Cancel) 44 48 45 49 return r 46 50 } ··· 314 318 } 315 319 } 316 320 } 321 321 + } 322 322 + 323 323 + func (p *Pipelines) Cancel(w http.ResponseWriter, r *http.Request) { 324 324 + l := p.logger.With("handler", "Cancel") 325 325 + 326 326 + var ( 327 327 + pipelineId = chi.URLParam(r, "pipeline") 328 328 + workflow = chi.URLParam(r, "workflow") 329 329 + ) 330 330 + if pipelineId == "" || workflow == "" { 331 331 + http.Error(w, "missing pipeline ID or workflow", http.StatusBadRequest) 332 332 + return 333 333 + } 334 334 + 335 335 + f, err := p.repoResolver.Resolve(r) 336 336 + if err != nil { 337 337 + l.Error("failed to get repo and knot", "err", err) 338 338 + http.Error(w, "bad repo/knot", http.StatusBadRequest) 339 339 + return 340 340 + } 341 341 + 342 342 + pipeline, err := func() (models.Pipeline, error) { 343 343 + ps, err := db.GetPipelineStatuses( 344 344 + p.db, 345 345 + 1, 346 346 + orm.FilterEq("repo_owner", f.Did), 347 347 + orm.FilterEq("repo_name", f.Name), 348 348 + orm.FilterEq("knot", f.Knot), 349 349 + orm.FilterEq("id", pipelineId), 350 350 + ) 351 351 + if err != nil { 352 352 + return models.Pipeline{}, err 353 353 + } 354 354 + if len(ps) != 1 { 355 355 + return models.Pipeline{}, fmt.Errorf("wrong pipeline count %d", len(ps)) 356 356 + } 357 357 + return ps[0], nil 358 358 + }() 359 359 + if err != nil { 360 360 + l.Error("pipeline query failed", "err", err) 361 361 + http.Error(w, "pipeline not found", http.StatusNotFound) 362 362 + } 363 363 + var ( 364 364 + spindle = f.Spindle 365 365 + knot = f.Knot 366 366 + rkey = pipeline.Rkey 367 367 + ) 368 368 + 369 369 + if spindle == "" || knot == "" || rkey == "" { 370 370 + http.Error(w, "invalid repo info", http.StatusBadRequest) 371 371 + return 372 372 + } 373 373 + 374 374 + spindleClient, err := p.oauth.ServiceClient( 375 375 + r, 376 376 + oauth.WithService(f.Spindle), 377 377 + oauth.WithLxm(tangled.PipelineCancelPipelineNSID), 378 378 + oauth.WithExp(60), 379 379 + oauth.WithDev(p.config.Core.Dev), 380 380 + oauth.WithTimeout(time.Second*30), // workflow cleanup usually takes time 381 381 + ) 382 382 + 383 383 + err = tangled.PipelineCancelPipeline( 384 384 + r.Context(), 385 385 + spindleClient, 386 386 + &tangled.PipelineCancelPipeline_Input{ 387 387 + Repo: string(f.RepoAt()), 388 388 + Pipeline: pipeline.AtUri().String(), 389 389 + Workflow: workflow, 390 390 + }, 391 391 + ) 392 392 + errorId := "pipeline-action" 393 393 + if err != nil { 394 394 + l.Error("failed to cancel pipeline", "err", err) 395 395 + p.pages.Notice(w, errorId, "Failed to add secret.") 396 396 + return 397 397 + } 398 398 + l.Debug("canceled pipeline", "uri", pipeline.AtUri()) 317 399 } 318 400 319 401 // either a message or an error

+33

lexicons/pipeline/cancelPipeline.json

··· 1 1 + { 2 2 + "lexicon": 1, 3 3 + "id": "sh.tangled.pipeline.cancelPipeline", 4 4 + "defs": { 5 5 + "main": { 6 6 + "type": "procedure", 7 7 + "description": "Cancel a running pipeline", 8 8 + "input": { 9 9 + "encoding": "application/json", 10 10 + "schema": { 11 11 + "type": "object", 12 12 + "required": ["repo", "pipeline", "workflow"], 13 13 + "properties": { 14 14 + "repo": { 15 15 + "type": "string", 16 16 + "format": "at-uri", 17 17 + "description": "repo at-uri, spindle can't resolve repo from pipeline at-uri yet" 18 18 + }, 19 19 + "pipeline": { 20 20 + "type": "string", 21 21 + "format": "at-uri", 22 22 + "description": "pipeline at-uri" 23 23 + }, 24 24 + "workflow": { 25 25 + "type": "string", 26 26 + "description": "workflow name" 27 27 + } 28 28 + } 29 29 + } 30 30 + } 31 31 + } 32 32 + } 33 33 + }

+4

spindle/db/events.go

··· 150 150 return d.createStatusEvent(workflowId, models.StatusKindFailed, &workflowError, &exitCode, n) 151 151 } 152 152 153 153 + func (d *DB) StatusCancelled(workflowId models.WorkflowId, workflowError string, exitCode int64, n *notifier.Notifier) error { 154 154 + return d.createStatusEvent(workflowId, models.StatusKindCancelled, &workflowError, &exitCode, n) 155 155 + } 156 156 + 153 157 func (d *DB) StatusSuccess(workflowId models.WorkflowId, n *notifier.Notifier) error { 154 158 return d.createStatusEvent(workflowId, models.StatusKindSuccess, nil, nil, n) 155 159 }

+1

spindle/server.go

··· 268 268 Config: s.cfg, 269 269 Resolver: s.res, 270 270 Vault: s.vault, 271 271 + Notifier: s.Notifier(), 271 272 ServiceAuth: serviceAuth, 272 273 } 273 274

+97

spindle/xrpc/pipeline_cancelPipeline.go

··· 1 1 + package xrpc 2 2 + 3 3 + import ( 4 4 + "encoding/json" 5 5 + "fmt" 6 6 + "net/http" 7 7 + "strings" 8 8 + 9 9 + "github.com/bluesky-social/indigo/api/atproto" 10 10 + "github.com/bluesky-social/indigo/atproto/syntax" 11 11 + "github.com/bluesky-social/indigo/xrpc" 12 12 + securejoin "github.com/cyphar/filepath-securejoin" 13 13 + "tangled.org/core/api/tangled" 14 14 + "tangled.org/core/rbac" 15 15 + "tangled.org/core/spindle/models" 16 16 + xrpcerr "tangled.org/core/xrpc/errors" 17 17 + ) 18 18 + 19 19 + func (x *Xrpc) CancelPipeline(w http.ResponseWriter, r *http.Request) { 20 20 + l := x.Logger 21 21 + fail := func(e xrpcerr.XrpcError) { 22 22 + l.Error("failed", "kind", e.Tag, "error", e.Message) 23 23 + writeError(w, e, http.StatusBadRequest) 24 24 + } 25 25 + l.Debug("cancel pipeline") 26 26 + 27 27 + actorDid, ok := r.Context().Value(ActorDid).(syntax.DID) 28 28 + if !ok { 29 29 + fail(xrpcerr.MissingActorDidError) 30 30 + return 31 31 + } 32 32 + 33 33 + var input tangled.PipelineCancelPipeline_Input 34 34 + if err := json.NewDecoder(r.Body).Decode(&input); err != nil { 35 35 + fail(xrpcerr.GenericError(err)) 36 36 + return 37 37 + } 38 38 + 39 39 + aturi := syntax.ATURI(input.Pipeline) 40 40 + wid := models.WorkflowId{ 41 41 + PipelineId: models.PipelineId{ 42 42 + Knot: strings.TrimPrefix(aturi.Authority().String(), "did:web:"), 43 43 + Rkey: aturi.RecordKey().String(), 44 44 + }, 45 45 + Name: input.Workflow, 46 46 + } 47 47 + l.Debug("cancel pipeline", "wid", wid) 48 48 + 49 49 + // unfortunately we have to resolve repo-at here 50 50 + repoAt, err := syntax.ParseATURI(input.Repo) 51 51 + if err != nil { 52 52 + fail(xrpcerr.InvalidRepoError(input.Repo)) 53 53 + return 54 54 + } 55 55 + 56 56 + ident, err := x.Resolver.ResolveIdent(r.Context(), repoAt.Authority().String()) 57 57 + if err != nil || ident.Handle.IsInvalidHandle() { 58 58 + fail(xrpcerr.GenericError(fmt.Errorf("failed to resolve handle: %w", err))) 59 59 + return 60 60 + } 61 61 + 62 62 + xrpcc := xrpc.Client{Host: ident.PDSEndpoint()} 63 63 + resp, err := atproto.RepoGetRecord(r.Context(), &xrpcc, "", tangled.RepoNSID, repoAt.Authority().String(), repoAt.RecordKey().String()) 64 64 + if err != nil { 65 65 + fail(xrpcerr.GenericError(err)) 66 66 + return 67 67 + } 68 68 + 69 69 + repo := resp.Value.Val.(*tangled.Repo) 70 70 + didSlashRepo, err := securejoin.SecureJoin(ident.DID.String(), repo.Name) 71 71 + if err != nil { 72 72 + fail(xrpcerr.GenericError(err)) 73 73 + return 74 74 + } 75 75 + 76 76 + // TODO: fine-grained role based control 77 77 + isRepoOwner, err := x.Enforcer.IsRepoOwner(actorDid.String(), rbac.ThisServer, didSlashRepo) 78 78 + if err != nil || !isRepoOwner { 79 79 + fail(xrpcerr.AccessControlError(actorDid.String())) 80 80 + return 81 81 + } 82 82 + for _, engine := range x.Engines { 83 83 + l.Debug("destorying workflow", "wid", wid) 84 84 + err = engine.DestroyWorkflow(r.Context(), wid) 85 85 + if err != nil { 86 86 + fail(xrpcerr.GenericError(fmt.Errorf("dailed to destroy workflow: %w", err))) 87 87 + return 88 88 + } 89 89 + err = x.Db.StatusCancelled(wid, "User canceled the workflow", -1, x.Notifier) 90 90 + if err != nil { 91 91 + fail(xrpcerr.GenericError(fmt.Errorf("dailed to emit status failed: %w", err))) 92 92 + return 93 93 + } 94 94 + } 95 95 + 96 96 + w.WriteHeader(http.StatusOK) 97 97 + }

+3

spindle/xrpc/xrpc.go

··· 10 10 11 11 "tangled.org/core/api/tangled" 12 12 "tangled.org/core/idresolver" 13 13 + "tangled.org/core/notifier" 13 14 "tangled.org/core/rbac" 14 15 "tangled.org/core/spindle/config" 15 16 "tangled.org/core/spindle/db" ··· 29 30 Config *config.Config 30 31 Resolver *idresolver.Resolver 31 32 Vault secrets.Manager 33 33 + Notifier *notifier.Notifier 32 34 ServiceAuth *serviceauth.ServiceAuth 33 35 } 34 36 ··· 41 43 r.Post("/"+tangled.RepoAddSecretNSID, x.AddSecret) 42 44 r.Post("/"+tangled.RepoRemoveSecretNSID, x.RemoveSecret) 43 45 r.Get("/"+tangled.RepoListSecretsNSID, x.ListSecrets) 46 46 + r.Post("/"+tangled.PipelineCancelPipelineNSID, x.CancelPipeline) 44 47 }) 45 48 46 49 // service query endpoints (no auth required)