tangled.org
Monorepo for Tangled
tangled.org
oppi.li
1package state
2
3import (
4 "context"
5 "database/sql"
6 "encoding/json"
7 "errors"
8 "fmt"
9 "slices"
10 "time"
11
12 "tangled.org/core/appview/cloudflare"
13 "tangled.org/core/appview/notify"
14
15 "tangled.org/core/api/tangled"
16 "tangled.org/core/appview/cache"
17 "tangled.org/core/appview/config"
18 "tangled.org/core/appview/db"
19 "tangled.org/core/appview/models"
20 "tangled.org/core/appview/sites"
21 ec "tangled.org/core/eventconsumer"
22 "tangled.org/core/eventconsumer/cursor"
23 knotdb "tangled.org/core/knotserver/db"
24 "tangled.org/core/log"
25 "tangled.org/core/orm"
26 "tangled.org/core/rbac"
27 "tangled.org/core/workflow"
28
29 "github.com/bluesky-social/indigo/atproto/syntax"
30 "github.com/go-git/go-git/v5/plumbing"
31 "github.com/posthog/posthog-go"
32)
33
34func Knotstream(ctx context.Context, c *config.Config, d *db.DB, enforcer *rbac.Enforcer, posthog posthog.Client, notifier notify.Notifier, cfClient *cloudflare.Client) (*ec.Consumer, error) {
35 logger := log.FromContext(ctx)
36 logger = log.SubLogger(logger, "knotstream")
37
38 knots, err := db.GetRegistrations(
39 d,
40 orm.FilterIsNot("registered", "null"),
41 )
42 if err != nil {
43 return nil, err
44 }
45
46 srcs := make(map[ec.Source]struct{})
47 for _, k := range knots {
48 s := ec.NewKnotSource(k.Domain)
49 srcs[s] = struct{}{}
50 }
51
52 cache := cache.New(c.Redis.Addr)
53 cursorStore := cursor.NewRedisCursorStore(cache)
54
55 cfg := ec.ConsumerConfig{
56 Sources: srcs,
57 ProcessFunc: knotIngester(d, enforcer, posthog, notifier, c.Core.Dev, c, cfClient),
58 RetryInterval: c.Knotstream.RetryInterval,
59 MaxRetryInterval: c.Knotstream.MaxRetryInterval,
60 ConnectionTimeout: c.Knotstream.ConnectionTimeout,
61 WorkerCount: c.Knotstream.WorkerCount,
62 QueueSize: c.Knotstream.QueueSize,
63 Logger: logger,
64 Dev: c.Core.Dev,
65 CursorStore: &cursorStore,
66 }
67
68 return ec.NewConsumer(cfg), nil
69}
70
71func resolveRepo(d *db.DB, repoDid *string, ownerDid, repoName string) (*models.Repo, error) {
72 if repoDid != nil && *repoDid != "" {
73 return db.GetRepoByDid(d, *repoDid)
74 }
75 repos, err := db.GetRepos(d, orm.FilterEq("did", ownerDid), orm.FilterEq("name", repoName))
76 if err != nil {
77 return nil, err
78 }
79 if len(repos) == 0 {
80 return nil, sql.ErrNoRows
81 }
82 return &repos[0], nil
83}
84
85func knotIngester(d *db.DB, enforcer *rbac.Enforcer, posthog posthog.Client, notifier notify.Notifier, dev bool, c *config.Config, cfClient *cloudflare.Client) ec.ProcessFunc {
86 return func(ctx context.Context, source ec.Source, msg ec.Message) error {
87 switch msg.Nsid {
88 case tangled.GitRefUpdateNSID:
89 return ingestRefUpdate(ctx, d, enforcer, posthog, notifier, dev, c, cfClient, source, msg)
90 case tangled.PipelineNSID:
91 return ingestPipeline(d, source, msg)
92 case knotdb.RepoDIDAssignNSID:
93 return ingestDIDAssign(d, enforcer, source, msg, ctx)
94 }
95
96 return nil
97 }
98}
99
100func ingestRefUpdate(ctx context.Context, d *db.DB, enforcer *rbac.Enforcer, pc posthog.Client, notifier notify.Notifier, dev bool, c *config.Config, cfClient *cloudflare.Client, source ec.Source, msg ec.Message) error {
101 logger := log.FromContext(ctx)
102
103 var record tangled.GitRefUpdate
104 err := json.Unmarshal(msg.EventJson, &record)
105 if err != nil {
106 return err
107 }
108
109 knownKnots, err := enforcer.GetKnotsForUser(record.CommitterDid)
110 if err != nil {
111 return err
112 }
113 if !slices.Contains(knownKnots, source.Key()) {
114 return fmt.Errorf("%s does not belong to %s, something is fishy", record.CommitterDid, source.Key())
115 }
116
117 ownerDid := ""
118 if record.OwnerDid != nil {
119 ownerDid = *record.OwnerDid
120 } else {
121 // handle legacy event
122 if record.RepoDid != nil {
123 ownerDid = *record.RepoDid
124 }
125 }
126
127 repo, lookupErr := resolveRepo(d, record.RepoDid, ownerDid, record.RepoName)
128 if lookupErr != nil {
129 return fmt.Errorf("failed to look up repo: %w", lookupErr)
130 }
131
132 logger.Info("processing gitRefUpdate event",
133 "repo", repo.RepoIdentifier(),
134 "ref", record.Ref,
135 "old_sha", record.OldSha,
136 "new_sha", record.NewSha)
137
138 notifier.Push(ctx, repo, record.Ref, record.OldSha, record.NewSha, record.CommitterDid)
139
140 errPunchcard := populatePunchcard(d, record)
141 errLanguages := updateRepoLanguages(d, record)
142
143 var errPosthog error
144 if !dev && record.CommitterDid != "" {
145 errPosthog = pc.Enqueue(posthog.Capture{
146 DistinctId: record.CommitterDid,
147 Event: "git_ref_update",
148 })
149 }
150
151 // Trigger a sites redeploy if this push is to the configured sites branch.
152 if cfClient.Enabled() {
153 go triggerSitesDeployIfNeeded(ctx, d, cfClient, c, record, source)
154 }
155
156 return errors.Join(errPunchcard, errLanguages, errPosthog)
157}
158
159// triggerSitesDeployIfNeeded checks whether the pushed ref matches the sites
160// branch configured for this repo and, if so, syncs the site to R2
161func triggerSitesDeployIfNeeded(ctx context.Context, d *db.DB, cfClient *cloudflare.Client, cfg *config.Config, record tangled.GitRefUpdate, source ec.Source) {
162 logger := log.FromContext(ctx)
163
164 ref := plumbing.ReferenceName(record.Ref)
165 if !ref.IsBranch() {
166 return
167 }
168 pushedBranch := ref.Short()
169
170 ownerDid := ""
171 if record.OwnerDid != nil {
172 ownerDid = *record.OwnerDid
173 }
174
175 repo, err := resolveRepo(d, record.RepoDid, ownerDid, record.RepoName)
176 if err != nil {
177 return
178 }
179
180 siteConfig, err := db.GetRepoSiteConfig(d, repo.RepoAt().String())
181 if err != nil || siteConfig == nil {
182 return
183 }
184 if siteConfig.Branch != pushedBranch {
185 return
186 }
187
188 deploy := &models.SiteDeploy{
189 RepoAt: repo.RepoAt().String(),
190 Branch: siteConfig.Branch,
191 Dir: siteConfig.Dir,
192 CommitSHA: record.NewSha,
193 Trigger: models.SiteDeployTriggerPush,
194 }
195
196 deployErr := sites.Deploy(ctx, cfClient, cfg, repo, siteConfig.Branch, siteConfig.Dir)
197 if deployErr != nil {
198 logger.Error("sites: R2 sync failed on push", "repo", repo.RepoIdentifier(), "err", deployErr)
199 deploy.Status = models.SiteDeployStatusFailure
200 deploy.Error = deployErr.Error()
201 } else {
202 deploy.Status = models.SiteDeployStatusSuccess
203 }
204
205 if err := db.AddSiteDeploy(d, deploy); err != nil {
206 logger.Error("sites: failed to record deploy", "repo", repo.RepoIdentifier(), "err", err)
207 }
208
209 if deployErr == nil {
210 logger.Info("site deployed to r2", "repo", repo.RepoIdentifier())
211 }
212}
213
214func populatePunchcard(d *db.DB, record tangled.GitRefUpdate) error {
215 if record.CommitterDid == "" {
216 return nil
217 }
218
219 knownEmails, err := db.GetAllEmails(d, record.CommitterDid)
220 if err != nil {
221 return err
222 }
223
224 count := 0
225 for _, ke := range knownEmails {
226 if record.Meta == nil {
227 continue
228 }
229 if record.Meta.CommitCount == nil {
230 continue
231 }
232 for _, ce := range record.Meta.CommitCount.ByEmail {
233 if ce == nil {
234 continue
235 }
236 if ce.Email == ke.Address || ce.Email == record.CommitterDid {
237 count += int(ce.Count)
238 }
239 }
240 }
241
242 punch := models.Punch{
243 Did: record.CommitterDid,
244 Date: time.Now(),
245 Count: count,
246 }
247 return db.AddPunch(d, punch)
248}
249
250func updateRepoLanguages(d *db.DB, record tangled.GitRefUpdate) error {
251 if record.Meta == nil || record.Meta.LangBreakdown == nil || record.Meta.LangBreakdown.Inputs == nil {
252 return fmt.Errorf("empty language data for repo: %v/%s", record.OwnerDid, record.RepoName)
253 }
254
255 ownerDid := ""
256 if record.OwnerDid != nil {
257 ownerDid = *record.OwnerDid
258 }
259
260 r, lookupErr := resolveRepo(d, record.RepoDid, ownerDid, record.RepoName)
261 if lookupErr != nil {
262 return fmt.Errorf("failed to look up repo: %w", lookupErr)
263 }
264 repo := *r
265
266 ref := plumbing.ReferenceName(record.Ref)
267 if !ref.IsBranch() {
268 return fmt.Errorf("%s is not a valid reference name", ref)
269 }
270
271 var langs []models.RepoLanguage
272 for _, l := range record.Meta.LangBreakdown.Inputs {
273 if l == nil {
274 continue
275 }
276
277 langs = append(langs, models.RepoLanguage{
278 RepoAt: repo.RepoAt(),
279 Ref: ref.Short(),
280 IsDefaultRef: record.Meta.IsDefaultRef,
281 Language: l.Lang,
282 Bytes: l.Size,
283 })
284 }
285
286 tx, err := d.Begin()
287 if err != nil {
288 return err
289 }
290 defer tx.Rollback()
291
292 // update appview's cache
293 err = db.UpdateRepoLanguages(tx, repo.RepoAt(), ref.Short(), langs)
294 if err != nil {
295 fmt.Printf("failed; %s\n", err)
296 // non-fatal
297 }
298
299 return tx.Commit()
300}
301
302func ingestPipeline(d *db.DB, source ec.Source, msg ec.Message) error {
303 var record tangled.Pipeline
304 err := json.Unmarshal(msg.EventJson, &record)
305 if err != nil {
306 return err
307 }
308
309 if record.TriggerMetadata == nil {
310 return fmt.Errorf("empty trigger metadata: nsid %s, rkey %s", msg.Nsid, msg.Rkey)
311 }
312
313 if record.TriggerMetadata.Repo == nil {
314 return fmt.Errorf("empty repo: nsid %s, rkey %s", msg.Nsid, msg.Rkey)
315 }
316
317 repoName := ""
318 if record.TriggerMetadata.Repo.Repo != nil {
319 repoName = *record.TriggerMetadata.Repo.Repo
320 }
321
322 repo, lookupErr := resolveRepo(d, record.TriggerMetadata.Repo.RepoDid, record.TriggerMetadata.Repo.Did, repoName)
323 if lookupErr != nil {
324 return fmt.Errorf("failed to look up repo: %w", lookupErr)
325 }
326 if repo.Spindle == "" {
327 return fmt.Errorf("repo does not have a spindle configured yet: nsid %s, rkey %s", msg.Nsid, msg.Rkey)
328 }
329
330 // trigger info
331 var trigger models.Trigger
332 var sha string
333 trigger.Kind = workflow.TriggerKind(record.TriggerMetadata.Kind)
334 switch trigger.Kind {
335 case workflow.TriggerKindPush:
336 trigger.PushRef = &record.TriggerMetadata.Push.Ref
337 trigger.PushNewSha = &record.TriggerMetadata.Push.NewSha
338 trigger.PushOldSha = &record.TriggerMetadata.Push.OldSha
339 sha = *trigger.PushNewSha
340 case workflow.TriggerKindPullRequest:
341 trigger.PRSourceBranch = &record.TriggerMetadata.PullRequest.SourceBranch
342 trigger.PRTargetBranch = &record.TriggerMetadata.PullRequest.TargetBranch
343 trigger.PRSourceSha = &record.TriggerMetadata.PullRequest.SourceSha
344 trigger.PRAction = &record.TriggerMetadata.PullRequest.Action
345 sha = *trigger.PRSourceSha
346 }
347
348 tx, err := d.Begin()
349 if err != nil {
350 return fmt.Errorf("failed to start txn: %w", err)
351 }
352
353 triggerId, err := db.AddTrigger(tx, trigger)
354 if err != nil {
355 return fmt.Errorf("failed to add trigger entry: %w", err)
356 }
357
358 pipeline := models.Pipeline{
359 Rkey: msg.Rkey,
360 Knot: source.Key(),
361 RepoOwner: syntax.DID(record.TriggerMetadata.Repo.Did),
362 RepoName: repoName,
363 RepoDid: repo.RepoDid,
364 TriggerId: int(triggerId),
365 Sha: sha,
366 }
367
368 err = db.AddPipeline(tx, pipeline)
369 if err != nil {
370 return fmt.Errorf("failed to add pipeline: %w", err)
371 }
372
373 err = tx.Commit()
374 if err != nil {
375 return fmt.Errorf("failed to commit txn: %w", err)
376 }
377
378 return nil
379}
380
381func ingestDIDAssign(d *db.DB, enforcer *rbac.Enforcer, source ec.Source, msg ec.Message, ctx context.Context) error {
382 logger := log.FromContext(ctx)
383
384 var record knotdb.RepoDIDAssign
385 if err := json.Unmarshal(msg.EventJson, &record); err != nil {
386 return fmt.Errorf("unmarshal didAssign: %w", err)
387 }
388
389 if record.RepoDid == "" || record.OwnerDid == "" || record.RepoName == "" {
390 return fmt.Errorf("didAssign missing required fields: repoDid=%q ownerDid=%q repoName=%q",
391 record.RepoDid, record.OwnerDid, record.RepoName)
392 }
393
394 logger.Info("processing didAssign event",
395 "repo_did", record.RepoDid,
396 "owner_did", record.OwnerDid,
397 "repo_name", record.RepoName)
398
399 repos, err := db.GetRepos(d,
400 orm.FilterEq("did", record.OwnerDid),
401 orm.FilterEq("name", record.RepoName),
402 )
403 if err != nil || len(repos) == 0 {
404 logger.Warn("didAssign for unknown repo, skipping",
405 "owner_did", record.OwnerDid,
406 "repo_name", record.RepoName)
407 return nil
408 }
409 repo := repos[0]
410 knot := source.Key()
411
412 if repo.Knot != knot {
413 return fmt.Errorf("didAssign from %s for repo hosted on %s, rejecting", knot, repo.Knot)
414 }
415
416 repoAtUri := repo.RepoAt().String()
417 legacyResource := record.OwnerDid + "/" + record.RepoName
418
419 if repo.RepoDid != record.RepoDid {
420 tx, err := d.Begin()
421 if err != nil {
422 return fmt.Errorf("begin didAssign txn: %w", err)
423 }
424 defer tx.Rollback()
425
426 if err := db.CascadeRepoDid(tx, repoAtUri, record.RepoDid); err != nil {
427 return fmt.Errorf("cascade repo_did: %w", err)
428 }
429
430 if err := db.EnqueuePdsRewritesForRepo(tx, record.RepoDid, repoAtUri); err != nil {
431 return fmt.Errorf("enqueue pds rewrites: %w", err)
432 }
433
434 if err := tx.Commit(); err != nil {
435 return fmt.Errorf("commit didAssign txn: %w", err)
436 }
437 }
438
439 if err := enforcer.RemoveRepo(record.OwnerDid, knot, legacyResource); err != nil {
440 return fmt.Errorf("remove legacy RBAC policies for %s: %w", legacyResource, err)
441 }
442 if err := enforcer.AddRepo(record.OwnerDid, knot, record.RepoDid); err != nil {
443 return fmt.Errorf("add RBAC policies for %s: %w", record.RepoDid, err)
444 }
445
446 collabs, collabErr := db.GetCollaborators(d, orm.FilterEq("repo_at", repoAtUri))
447 if collabErr != nil {
448 return fmt.Errorf("get collaborators for RBAC update: %w", collabErr)
449 }
450 for _, c := range collabs {
451 collabDid := c.SubjectDid.String()
452 if err := enforcer.RemoveCollaborator(collabDid, knot, legacyResource); err != nil {
453 return fmt.Errorf("remove collaborator RBAC for %s: %w", collabDid, err)
454 }
455 if err := enforcer.AddCollaborator(collabDid, knot, record.RepoDid); err != nil {
456 return fmt.Errorf("add collaborator RBAC for %s: %w", collabDid, err)
457 }
458 }
459
460 if err := enforcer.E.SavePolicy(); err != nil {
461 return fmt.Errorf("save RBAC policies after didAssign: %w", err)
462 }
463
464 logger.Info("didAssign processed successfully",
465 "repo_did", record.RepoDid,
466 "owner_did", record.OwnerDid,
467 "repo_name", record.RepoName)
468
469 return nil
470}