Documentation
¶
Index ¶
- Constants
- Variables
- func ApplyPagination[T any](d *ListOptions, slice []T) []T
- func GenerateNewAgentToken() string
- func GenerateNewAutoscalerToken() string
- func GeneratePersistentID(token, name, platform, backend string) string
- func IsThereRunningStage(workflows []*Workflow) bool
- func ParseRepo(str string) (user, repo string, err error)
- type AccessToken
- func (at *AccessToken) Copy() *AccessToken
- func (at *AccessToken) GetScopes() []AccessTokenScope
- func (at *AccessToken) HasScope(required AccessTokenScope) bool
- func (at *AccessToken) IsExpired() bool
- func (at *AccessToken) IsOrgScoped() bool
- func (at *AccessToken) IsRepoScoped() bool
- func (at *AccessToken) IsUserLevel() bool
- func (AccessToken) TableName() string
- func (at *AccessToken) Validate(isAdmin bool) error
- type AccessTokenScope
- type AccessTokenStore
- type AdminMetrics
- type Agent
- type AgentListOptions
- type AgentMetric
- type AgentMetricData
- type AgentWithStats
- type ApprovalMode
- type ApprovedPullRequest
- type Autoscaler
- type AutoscalerListOptions
- type AutoscalerWithToken
- type CacheEntry
- type Commit
- type Config
- type Cron
- type CronWithRepo
- type DistributedLock
- type DistributedMessage
- type EmailUnsubscribe
- type EmailUnsubscribeStore
- type Entity
- type EntityType
- type Environ
- type Event
- type EventType
- type ExternalSecretRef
- type Feed
- type Forge
- type ForgeRemoteID
- type ForgeType
- type Integration
- func (i *Integration) BeforeInsert()
- func (i *Integration) Copy() *Integration
- func (i *Integration) CopyWithRedactedConfig() *Integration
- func (i *Integration) GetVaultConfig() (*VaultConfig, error)
- func (i *Integration) HasAccess(userID int64, orgID int64, repoID int64) bool
- func (i *Integration) SetVaultConfig(config *VaultConfig) error
- func (Integration) TableName() string
- func (i *Integration) Validate() error
- type IntegrationStore
- type IntegrationType
- type JSONMapStringAny
- type JSONMapStringStatusValue
- type JSONMapStringString
- type JSONSliceInt64
- type JSONSliceNotificationEvent
- type JSONSlicePipelineError
- type JSONSliceString
- type JSONSliceWebhookEvent
- type ListOptions
- type LogEntry
- type LogEntryType
- type MaintenanceConfig
- type MaintenanceLog
- type MaintenanceOperationConfig
- type MaintenanceStats
- type Metrics
- type MetricsTimeFilter
- type Netrc
- type NotificationConfig
- type NotificationConfigStore
- type NotificationEvent
- type NotifyYAMLConfig
- type Org
- type OrgMetric
- type OrgPerm
- type Perm
- type Pipeline
- type PipelineConfig
- type PipelineFilter
- type PipelineOptions
- type PullRequest
- type QueueInfo
- type QueueTask
- type Redirection
- type Registry
- func (r *Registry) Copy() *Registry
- func (r Registry) IsGlobal() bool
- func (r Registry) IsOrganization() bool
- func (r Registry) IsRepository() bool
- func (r Registry) TableName() string
- func (r *Registry) Validate() error
- func (r *Registry) WithOrg(orgName string, isPersonalOrg bool, forgeID int64, ...) *RegistryWithOrg
- type RegistryWithOrg
- type Repo
- type RepoLastPipeline
- type RepoMetric
- type RepoPatch
- type RepoVisibility
- type Secret
- func (s *Secret) BeforeInsert()
- func (s *Secret) BeforeUpdate()
- func (s *Secret) Copy() *Secret
- func (s *Secret) CopyWithAbbreviatedValue() *Secret
- func (s Secret) IsGlobal() bool
- func (s Secret) IsOrganization() bool
- func (s Secret) IsRepository() bool
- func (Secret) TableName() string
- func (s *Secret) Validate() error
- func (s *Secret) WithOrg(orgName string, isPersonalOrg bool, forgeID int64, ...) *SecretWithOrg
- func (s *Secret) WithRepo(repoName string, forgeID int64, forgeName, forgeIcon, forgeType string) *SecretWithOrg
- type SecretStore
- type SecretWithOrg
- type ServerConfig
- type StatusValue
- type Step
- type StepType
- type Task
- type Team
- type TrustedConfiguration
- type TrustedConfigurationPatch
- type User
- type UserForge
- type VaultConfig
- type VaultTLSConfig
- type WebhookEvent
- type WebhookEventList
- type Workflow
Constants ¶
View Source
const ( FailureIgnore = "ignore" FailureFail = "fail" )
Different ways to handle failure states.
View Source
const ( // DefaultProvisionTimeoutSeconds is the default time after which pending agents // are considered stale (5 minutes). DefaultProvisionTimeoutSeconds = 300 )
View Source
const (
IDNotSet = -1
)
Variables ¶
View Source
var ( ErrAccessTokenNameInvalid = errors.New("invalid access token name") ErrAccessTokenNameTooLong = errors.New("access token name too long") ErrAccessTokenScopesInvalid = errors.New("invalid access token scopes") ErrAccessTokenScopesEmpty = errors.New("at least one scope is required") ErrAccessTokenExpired = errors.New("access token expired") ErrAccessTokenAdminScope = errors.New("admin scopes not allowed for non-admin users") )
View Source
var ( ErrIntegrationNameInvalid = errors.New("invalid integration name") ErrIntegrationTypeInvalid = errors.New("invalid integration type") ErrIntegrationConfigInvalid = errors.New("invalid integration configuration") ErrIntegrationAccessDenied = errors.New("access denied to integration") ErrIntegrationNotFound = errors.New("integration not found") ErrIntegrationInactive = errors.New("integration is not active") )
Integration errors.
View Source
var ( ErrSecretNameInvalid = errors.New("invalid secret name") ErrSecretImageInvalid = errors.New("invalid secret image") ErrSecretValueInvalid = errors.New("invalid secret value") ErrSecretEventInvalid = errors.New("invalid secret event") )
View Source
var ErrInvalidStatusValue = errors.New("invalid status value")
View Source
var ErrInvalidWebhookEvent = errors.New("invalid webhook event")
View Source
var ErrNotificationConfigNotFound = errors.New("notification config not found")
View Source
var ValidIntegrationTypes = []IntegrationType{ IntegrationTypeVault, }
ValidIntegrationTypes lists all supported integration types.
Functions ¶
func ApplyPagination ¶
func ApplyPagination[T any](d *ListOptions, slice []T) []T
func GenerateNewAgentToken ¶
func GenerateNewAgentToken() string
func GenerateNewAutoscalerToken ¶
func GenerateNewAutoscalerToken() string
GenerateNewAutoscalerToken generates a new random token for autoscaler authentication.
func GeneratePersistentID ¶
GeneratePersistentID creates a stable identity hash for an agent. For individual token agents, the token alone provides uniqueness. For master token agents, the name (hostname) differentiates agents sharing the same token. This hash persists across agent restarts and ID changes, allowing metrics aggregation.
func IsThereRunningStage ¶
IsThereRunningStage determine if it contains workflows running or pending to run. Only considers the latest attempt of each workflow.
Types ¶
type AccessToken ¶
type AccessToken struct {
bun.BaseModel `bun:"table:access_tokens"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
UserID int64 `json:"user_id" bun:"user_id,notnull"`
OrgID int64 `json:"org_id" bun:"org_id,notnull,default:0"`
RepoID int64 `json:"repo_id" bun:"repo_id,notnull,default:0"`
Name string `json:"name" bun:"name,notnull"`
TokenHash string `json:"-" bun:"token_hash,unique,type:varchar(64)"`
Scopes JSONSliceString `json:"scopes" bun:"scopes,type:text"`
ExpiresAt int64 `json:"expires_at" bun:"expires_at"`
LastUsed int64 `json:"last_used" bun:"last_used"`
CreatedAt int64 `json:"created_at" bun:"created_at,nullzero"`
UpdatedAt int64 `json:"updated_at" bun:"updated_at,nullzero"`
} // @name AccessToken
AccessToken represents a user-created API access token.
func (*AccessToken) Copy ¶
func (at *AccessToken) Copy() *AccessToken
Copy returns a copy of the access token without sensitive data.
func (*AccessToken) GetScopes ¶
func (at *AccessToken) GetScopes() []AccessTokenScope
GetScopes returns the scopes as AccessTokenScope slice.
func (*AccessToken) HasScope ¶
func (at *AccessToken) HasScope(required AccessTokenScope) bool
HasScope returns true if the token has the specified scope.
func (*AccessToken) IsExpired ¶
func (at *AccessToken) IsExpired() bool
IsExpired returns true if the token has expired.
func (*AccessToken) IsOrgScoped ¶
func (at *AccessToken) IsOrgScoped() bool
IsOrgScoped returns true if the token is scoped to a specific organization.
func (*AccessToken) IsRepoScoped ¶
func (at *AccessToken) IsRepoScoped() bool
IsRepoScoped returns true if the token is scoped to a specific repository.
func (*AccessToken) IsUserLevel ¶
func (at *AccessToken) IsUserLevel() bool
IsUserLevel returns true if the token is not scoped to an org or repo.
func (AccessToken) TableName ¶
func (AccessToken) TableName() string
TableName returns the database table name.
func (*AccessToken) Validate ¶
func (at *AccessToken) Validate(isAdmin bool) error
Validate validates the access token fields.
type AccessTokenScope ¶
type AccessTokenScope string
AccessTokenScope represents permission scopes for access tokens.
const ( // User scopes - available to all users. ScopeRepoRead AccessTokenScope = "repo:read" ScopeRepoWrite AccessTokenScope = "repo:write" ScopeRepoAdmin AccessTokenScope = "repo:admin" ScopeUserRead AccessTokenScope = "user:read" ScopeUserWrite AccessTokenScope = "user:write" // Admin-only scopes. ScopeAdminRead AccessTokenScope = "admin:read" ScopeAdminWrite AccessTokenScope = "admin:write" )
func AllAdminScopes ¶
func AllAdminScopes() []AccessTokenScope
AllAdminScopes returns all scopes available only to admins.
func AllUserScopes ¶
func AllUserScopes() []AccessTokenScope
AllUserScopes returns all scopes available to regular users.
func (AccessTokenScope) IsAdminScope ¶
func (s AccessTokenScope) IsAdminScope() bool
IsAdminScope returns true if the scope requires admin privileges.
func (AccessTokenScope) IsValid ¶
func (s AccessTokenScope) IsValid() bool
IsValid returns true if the scope is a valid defined scope.
type AccessTokenStore ¶
type AccessTokenStore interface {
AccessTokenCreate(*AccessToken) error
AccessTokenFind(int64) (*AccessToken, error)
AccessTokenFindByHash(string) (*AccessToken, error)
AccessTokenList(userID int64, p *ListOptions) ([]*AccessToken, error)
AccessTokenDelete(*AccessToken) error
AccessTokenUpdateLastUsed(int64, int64) error
}
AccessTokenStore defines the interface for access token persistence.
type AdminMetrics ¶
type AdminMetrics = Metrics
AdminMetrics is deprecated, use Metrics instead. Keeping for backward compatibility during migration.
type Agent ¶
type Agent struct {
bun.BaseModel `bun:"table:agents"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
Created int64 `json:"created" bun:",nullzero"`
Updated int64 `json:"updated" bun:",nullzero"`
Name string `json:"name" bun:"name"`
OwnerID int64 `json:"owner_id" bun:"owner_id"`
Token string `json:"token" bun:"token"`
PersistentID string `json:"persistent_id" bun:"persistent_id,type:varchar(64)"`
LastContact int64 `json:"last_contact" bun:"last_contact"`
WorkflowPollingHealthy bool `json:"workflow_polling_healthy" bun:"workflow_polling_healthy"`
LastWork int64 `json:"last_work" bun:"last_work"`
Platform string `json:"platform" bun:"platform,type:varchar(100)"`
Backend string `json:"backend" bun:"backend,type:varchar(100)"`
Hostname string `json:"hostname" bun:"hostname,type:varchar(255)"`
Capacity int32 `json:"capacity" bun:"capacity"`
Version string `json:"version" bun:"version"`
BuildDate string `json:"build_date" bun:"build_date"`
NoSchedule bool `json:"no_schedule" bun:"no_schedule"`
Priority int32 `json:"priority" bun:"priority,default:0"`
CustomLabels JSONMapStringString `json:"custom_labels" bun:"custom_labels,type:text"`
LimitMem int64 `json:"limit_mem" bun:"limit_mem"`
LimitCPUQuota int64 `json:"limit_cpu_quota" bun:"limit_cpu_quota"`
// OrgID is counted as unset if set to -1, this is done to ensure a new(Agent) still enforce the OrgID check by default
OrgID int64 `json:"org_id" bun:"org_id"`
} // @name Agent
func (*Agent) CanAccessRepo ¶
func (*Agent) IsSystemAgent ¶
type AgentListOptions ¶
type AgentListOptions struct {
ListOptions
Search string // Search in name, platform, backend, custom labels
Platform string // Filter by platform
Backend string // Filter by backend
OrgID *int64 // Filter by org_id (nil = all, -1 = global agents only)
Sort string // Sort field: id, name, platform, backend, last_contact
Order string // Sort order: asc or desc
}
AgentListOptions defines filtering options for listing agents.
type AgentMetric ¶
type AgentMetric struct {
AgentID int64 `json:"agent_id"`
AgentPersistentID string `json:"agent_persistent_id,omitempty"`
AgentName string `json:"agent_name"`
WorkflowCount int64 `json:"workflow_count"`
AvgBuildTime float64 `json:"avg_build_time"` // in seconds
Platform string `json:"platform"`
Backend string `json:"backend"`
}
AgentMetric represents metrics for a specific agent.
type AgentMetricData ¶
type AgentMetricData struct {
AgentPersistentID string
AgentName string
Platform string
Count int64
}
AgentMetricData holds aggregated workflow data for an agent persistent ID. Used by store methods to return agent metrics grouped by persistent ID.
type AgentWithStats ¶
AgentWithStats is used for API responses to include runtime stats.
type ApprovalMode ¶
type ApprovalMode string
const ( RequireApprovalNone ApprovalMode = "none" // require approval for no events RequireApprovalForks ApprovalMode = "forks" // require approval for PRs from forks (default) RequireApprovalPullRequests ApprovalMode = "pull_requests" // require approval for all PRs RequireApprovalAllEvents ApprovalMode = "all_events" // require approval for all external events )
func (ApprovalMode) Valid ¶
func (mode ApprovalMode) Valid() bool
type ApprovedPullRequest ¶ added in v5.5.0
type ApprovedPullRequest struct {
bun.BaseModel `bun:"table:approved_pull_requests"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
RepoID int64 `json:"repo_id" bun:"repo_id,unique:s"`
Ref string `json:"ref" bun:"ref,unique:s"`
ApprovedBy string `json:"approved_by" bun:"approved_by"`
Created int64 `json:"created" bun:"created,notnull,default:0"`
}
func (ApprovedPullRequest) TableName ¶ added in v5.5.0
func (ApprovedPullRequest) TableName() string
type Autoscaler ¶
type Autoscaler struct {
bun.BaseModel `bun:"table:autoscalers"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
Created int64 `json:"created" bun:",nullzero"`
Updated int64 `json:"updated" bun:",nullzero"`
Name string `json:"name" bun:"name,unique,notnull"`
Token string `json:"-" bun:"token"`
OwnerID int64 `json:"owner_id" bun:"owner_id"`
LastContact int64 `json:"last_contact" bun:"last_contact"`
MinAgents int32 `json:"min_agents" bun:"min_agents"`
MaxAgents int32 `json:"max_agents" bun:"max_agents"`
WorkflowsPerAgent int32 `json:"workflows_per_agent" bun:"workflows_per_agent"`
Provider string `json:"provider" bun:"provider,type:varchar(50)"`
InstanceType string `json:"instance_type" bun:"instance_type,type:varchar(100)"`
Region string `json:"region" bun:"region,type:varchar(100)"`
AgentLabels JSONMapStringString `json:"agent_labels" bun:"agent_labels,type:text"`
LimitCPUQuota string `json:"limit_cpu_quota" bun:"limit_cpu_quota,type:varchar(50)"`
LimitMem string `json:"limit_mem" bun:"limit_mem,type:varchar(50)"`
Enabled bool `json:"enabled" bun:"enabled,default:true"`
Version string `json:"version" bun:"version"`
ActiveAgents int32 `json:"active_agents" bun:"active_agents"`
PendingAgents int32 `json:"pending_agents" bun:"pending_agents"`
PendingSince int64 `json:"pending_since" bun:"pending_since"`
OrgID int64 `json:"org_id" bun:"org_id"`
} // @name Autoscaler
Autoscaler represents an autoscaler instance that provisions agents on demand.
func (*Autoscaler) CanProvision ¶
func (a *Autoscaler) CanProvision(requiredLabels map[string]string) bool
CanProvision checks if the autoscaler can provision an agent with the given labels. This performs label matching similar to agent label matching logic.
func (*Autoscaler) IsHealthy ¶
func (a *Autoscaler) IsHealthy() bool
IsHealthy returns true if the autoscaler has sent a heartbeat recently (within 120 seconds).
func (*Autoscaler) IsProvisioningStale ¶ added in v5.7.0
func (a *Autoscaler) IsProvisioningStale() bool
IsProvisioningStale returns true if agents have been pending longer than the timeout.
func (*Autoscaler) IsSystemAutoscaler ¶
func (a *Autoscaler) IsSystemAutoscaler() bool
IsSystemAutoscaler returns true if the autoscaler is a system-level (global) autoscaler.
func (Autoscaler) TableName ¶
func (Autoscaler) TableName() string
TableName returns the database table name.
type AutoscalerListOptions ¶
type AutoscalerListOptions struct {
ListOptions
Search string // Search in name, provider
Provider string // Filter by provider
Enabled *bool // Filter by enabled status (nil = all)
OrgID *int64 // Filter by org_id (nil = all, -1 = global autoscalers only)
Sort string // Sort field: id, name, provider, last_contact
Order string // Sort order: asc or desc
}
AutoscalerListOptions defines filtering options for listing autoscalers.
type AutoscalerWithToken ¶
type AutoscalerWithToken struct {
Autoscaler
Token string `json:"token"`
} // @name AutoscalerWithToken
AutoscalerWithToken is used for API responses that include the token (only on creation).
type CacheEntry ¶
type CacheEntry struct {
bun.BaseModel `bun:"table:cache_entries"`
Key string `json:"key" bun:"key,pk"`
Data []byte `json:"data" bun:"data"`
ExpiresAt int64 `json:"expires_at" bun:"expires_at"`
CreatedAt int64 `json:"created_at" bun:"created_at"`
}
CacheEntry represents a distributed cache entry.
func (CacheEntry) TableName ¶
func (CacheEntry) TableName() string
TableName returns the table name for cache entries.
type Config ¶
type Config struct {
bun.BaseModel `bun:"table:configs"`
ID int64 `json:"-" bun:"id,pk,autoincrement"`
RepoID int64 `json:"-" bun:"repo_id,unique:s"`
Hash string `json:"hash" bun:"hash,unique:s"`
Name string `json:"name" bun:"name,unique:s"`
Data []byte `json:"data" bun:"data"`
} // @name Config
Config represents a pipeline configuration.
type Cron ¶
type Cron struct {
bun.BaseModel `bun:"table:crons"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
Name string `json:"name" bun:"name,unique:s"`
RepoID int64 `json:"repo_id" bun:"repo_id,unique:s"`
CreatorID int64 `json:"creator_id" bun:"creator_id"`
NextExec int64 `json:"next_exec" bun:"next_exec"`
Schedule string `json:"schedule" bun:"schedule,notnull"`
Created int64 `json:"created" bun:"created,notnull,default:0"`
Branch string `json:"branch" bun:"branch"`
FailCount int `json:"fail_count" bun:"fail_count,notnull,default:0"`
FailMsg string `json:"fail_msg" bun:"fail_msg,type:text"`
Disabled bool `json:"disabled" bun:"disabled,notnull,default:false"`
} // @name Cron
type CronWithRepo ¶
type CronWithRepo struct {
Cron
RepoName string `json:"repo_name"`
RepoOwner string `json:"repo_owner"`
RepoDefaultBranch string `json:"repo_default_branch"`
ForgeID int64 `json:"forge_id,omitempty"` // forge ID for multi-forge display
ForgeName string `json:"forge_name,omitempty"` // forge hostname for multi-forge display
ForgeIcon string `json:"forge_icon,omitempty"` // forge icon name/URL for multi-forge display
ForgeType string `json:"forge_type,omitempty"` // forge type (github, gitlab, etc.) for icon fallback
}
CronWithRepo extends Cron with repository context for user views.
type DistributedLock ¶
type DistributedLock struct {
bun.BaseModel `bun:"table:distributed_locks"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
Name string `json:"name" bun:"name,unique,notnull"`
InstanceID string `json:"instance_id" bun:"instance_id,notnull"`
AcquiredAt int64 `json:"acquired_at" bun:"acquired_at"`
ExpiresAt int64 `json:"expires_at" bun:"expires_at"`
} // @name DistributedLock
DistributedLock represents a distributed lock for coordinating operations across multiple server instances in HA deployments.
func (DistributedLock) TableName ¶
func (DistributedLock) TableName() string
TableName returns the table name for DistributedLock.
type DistributedMessage ¶
type DistributedMessage struct {
bun.BaseModel `bun:"table:pubsub_messages"`
ID string `json:"id" bun:"id,pk"`
Data []byte `json:"data" bun:"data"`
Labels JSONMapStringString `json:"labels" bun:"labels,type:text"`
CreatedAt int64 `json:"created_at" bun:"created_at"`
InstanceID string `json:"instance_id" bun:"instance_id"`
} // @name DistributedMessage
DistributedMessage represents a message stored in the database for distributed pub/sub.
func (DistributedMessage) TableName ¶
func (DistributedMessage) TableName() string
TableName returns the database table name.
type EmailUnsubscribe ¶ added in v5.8.2
type EmailUnsubscribe struct {
bun.BaseModel `bun:"table:email_unsubscribes"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
UserID int64 `json:"user_id" bun:"user_id,notnull"`
RepoID int64 `json:"repo_id" bun:"repo_id,notnull"`
Email string `json:"email" bun:"email,notnull"`
CreatedAt int64 `json:"created_at" bun:",nullzero"`
}
EmailUnsubscribe records that a user has opted out of email notifications for a repo.
type EmailUnsubscribeStore ¶ added in v5.8.2
type EmailUnsubscribeStore interface {
EmailUnsubscribeFind(userID, repoID int64) (*EmailUnsubscribe, error)
EmailUnsubscribeCreate(*EmailUnsubscribe) error
EmailUnsubscribeDelete(userID, repoID int64) error
}
EmailUnsubscribeStore persists email unsubscribe records.
type Entity ¶
type Entity struct {
ID int64 `json:"id"`
EntityType EntityType `json:"entity_type"`
Name string `json:"name"`
ForgeID int64 `json:"forge_id,omitempty"`
// User-specific fields (nil for orgs)
Email *string `json:"email,omitempty"`
Avatar *string `json:"avatar,omitempty"`
Admin *bool `json:"admin,omitempty"`
Description *string `json:"description,omitempty"`
Timezone *string `json:"timezone,omitempty"`
// Org-specific fields (nil for users)
IsUser *bool `json:"is_user,omitempty"`
Private *bool `json:"private,omitempty"`
} // @name Entity
Entity represents a unified view of users and organizations for admin management.
func OrgToEntity ¶
OrgToEntity converts an Org model to an Entity.
func UserToEntity ¶
UserToEntity converts a User model to an Entity.
type EntityType ¶
type EntityType string
EntityType represents the type of entity (user or organization).
const ( EntityTypeUser EntityType = "user" EntityTypeOrg EntityType = "org" )
type Environ ¶
Environ represents an environment variable.
type ExternalSecretRef ¶
type ExternalSecretRef struct {
IntegrationID int64 `json:"integration_id" yaml:"integration_id"`
Path string `json:"path" yaml:"path"`
Key string `json:"key" yaml:"key"`
Version int `json:"version" yaml:"version,omitempty"`
}
ExternalSecretRef represents a reference to an external secret in YAML.
func (*ExternalSecretRef) CacheKey ¶
func (r *ExternalSecretRef) CacheKey() string
CacheKey returns a unique key for caching this secret.
func (*ExternalSecretRef) Validate ¶
func (r *ExternalSecretRef) Validate() error
Validate validates the external secret reference.
type Feed ¶
type Feed struct {
RepoID int64 `json:"repo_id" bun:"repo_id"`
ID int64 `json:"id,omitempty" bun:"pipeline_id"`
Number int64 `json:"number,omitempty" bun:"pipeline_number"`
Event string `json:"event,omitempty" bun:"pipeline_event"`
Status string `json:"status,omitempty" bun:"pipeline_status"`
Created int64 `json:"created,omitempty" bun:"pipeline_created"`
Started int64 `json:"started,omitempty" bun:"pipeline_started"`
Finished int64 `json:"finished,omitempty" bun:"pipeline_finished"`
Commit string `json:"commit,omitempty" bun:"pipeline_commit"`
Branch string `json:"branch,omitempty" bun:"pipeline_branch"`
Ref string `json:"ref,omitempty" bun:"pipeline_ref"`
Refspec string `json:"refspec,omitempty" bun:"pipeline_refspec"`
Title string `json:"title,omitempty" bun:"pipeline_title"`
Message string `json:"message,omitempty" bun:"pipeline_message"`
Author string `json:"author,omitempty" bun:"pipeline_author"`
Avatar string `json:"author_avatar,omitempty" bun:"pipeline_avatar"`
Email string `json:"author_email,omitempty" bun:"pipeline_email"`
} // @name Feed
Feed represents an item in the user's feed or timeline.
type Forge ¶
type Forge struct {
bun.BaseModel `bun:"table:forges"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
Type ForgeType `json:"type" bun:"type,type:varchar(250)"`
URL string `json:"url" bun:"url,type:varchar(500)"`
Client string `json:"client,omitempty" bun:"client,type:varchar(250)"`
ClientSecret string `json:"-" bun:"client_secret,type:varchar(250)"`
SkipVerify bool `json:"skip_verify,omitempty" bun:"skip_verify"`
OAuthHost string `json:"oauth_host,omitempty" bun:"oauth_host,type:varchar(250)"`
Icon string `json:"icon,omitempty" bun:"icon,type:varchar(250)"`
AdditionalOptions JSONMapStringAny `json:"additional_options,omitempty" bun:"additional_options,type:text"`
} // @name Forge
func (*Forge) PublicCopy ¶
PublicCopy returns a copy of the forge without sensitive information and technical details.
type ForgeRemoteID ¶
type ForgeRemoteID string
func (ForgeRemoteID) IsValid ¶
func (r ForgeRemoteID) IsValid() bool
type Integration ¶
type Integration struct {
bun.BaseModel `bun:"table:integrations"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
UserID int64 `json:"user_id" bun:"user_id,notnull"`
Name string `json:"name" bun:"name,notnull,type:varchar(255)"`
Type IntegrationType `json:"type" bun:"type,notnull,type:varchar(50)"`
Description string `json:"description" bun:"description,type:text"`
// Configuration (provider-specific, encrypted in storage)
Config string `json:"config,omitempty" bun:"config,type:text"`
// Access Control - who can use this integration
AllowedUserIDs JSONSliceInt64 `json:"allowed_user_ids" bun:"allowed_user_ids,type:text"`
AllowedOrgIDs JSONSliceInt64 `json:"allowed_org_ids" bun:"allowed_org_ids,type:text"`
AllowedRepoIDs JSONSliceInt64 `json:"allowed_repo_ids" bun:"allowed_repo_ids,type:text"`
// Status
IsActive bool `json:"is_active" bun:"is_active,default:true"`
// Metadata
CreatedAt int64 `json:"created_at" bun:",nullzero"`
UpdatedAt int64 `json:"updated_at" bun:",nullzero"`
} // @name Integration
Integration represents an external secret store integration.
func (*Integration) BeforeInsert ¶
func (i *Integration) BeforeInsert()
BeforeInsert sets defaults before insertion.
func (*Integration) Copy ¶
func (i *Integration) Copy() *Integration
Copy returns a copy of the integration without sensitive configuration.
func (*Integration) CopyWithRedactedConfig ¶
func (i *Integration) CopyWithRedactedConfig() *Integration
CopyWithRedactedConfig returns a copy with configuration redacted for display.
func (*Integration) GetVaultConfig ¶
func (i *Integration) GetVaultConfig() (*VaultConfig, error)
GetVaultConfig parses and returns the Vault configuration.
func (*Integration) HasAccess ¶
func (i *Integration) HasAccess(userID int64, orgID int64, repoID int64) bool
HasAccess checks if the given user/org/repo has access to use this integration. Access is explicitly granted via allowlists - if no allowlists are configured, no one can use the integration (owner can still manage it, but not use it for secrets).
func (*Integration) SetVaultConfig ¶
func (i *Integration) SetVaultConfig(config *VaultConfig) error
SetVaultConfig sets the Vault configuration.
func (Integration) TableName ¶
func (Integration) TableName() string
TableName returns the database table name.
func (*Integration) Validate ¶
func (i *Integration) Validate() error
Validate validates the integration fields.
type IntegrationStore ¶
type IntegrationStore interface {
IntegrationFind(int64) (*Integration, error)
IntegrationFindByName(userID int64, name string) (*Integration, error)
IntegrationList(userID int64, opts *ListOptions) ([]*Integration, error)
IntegrationListAll() ([]*Integration, error)
IntegrationListAccessible(userID int64, orgIDs []int64, repoIDs []int64, opts *ListOptions) ([]*Integration, error)
IntegrationCreate(*Integration) error
IntegrationUpdate(*Integration) error
IntegrationDelete(*Integration) error
}
IntegrationStore persists integration information to storage.
type IntegrationType ¶
type IntegrationType string
IntegrationType represents the type of external integration.
const (
IntegrationTypeVault IntegrationType = "vault"
)
func (IntegrationType) IsValid ¶
func (t IntegrationType) IsValid() bool
IsValid checks if the integration type is valid.
type JSONMapStringAny ¶ added in v5.7.0
JSONMapStringAny is a map[string]any that serializes to/from JSON in the database.
func (*JSONMapStringAny) Scan ¶ added in v5.7.0
func (j *JSONMapStringAny) Scan(src any) error
type JSONMapStringStatusValue ¶ added in v5.7.0
type JSONMapStringStatusValue map[string]StatusValue
JSONMapStringStatusValue is a map[string]StatusValue that serializes to/from JSON in the database.
func (*JSONMapStringStatusValue) Scan ¶ added in v5.7.0
func (j *JSONMapStringStatusValue) Scan(src any) error
type JSONMapStringString ¶ added in v5.7.0
JSONMapStringString is a map[string]string that serializes to/from JSON in the database.
func (*JSONMapStringString) Scan ¶ added in v5.7.0
func (j *JSONMapStringString) Scan(src any) error
type JSONSliceInt64 ¶ added in v5.7.0
type JSONSliceInt64 []int64
JSONSliceInt64 is a []int64 that serializes to/from JSON in the database.
func (*JSONSliceInt64) Scan ¶ added in v5.7.0
func (j *JSONSliceInt64) Scan(src any) error
type JSONSliceNotificationEvent ¶ added in v5.7.0
type JSONSliceNotificationEvent []NotificationEvent
JSONSliceNotificationEvent is a []NotificationEvent that serializes to/from JSON in the database.
func (*JSONSliceNotificationEvent) Scan ¶ added in v5.7.0
func (j *JSONSliceNotificationEvent) Scan(src any) error
type JSONSlicePipelineError ¶ added in v5.7.0
type JSONSlicePipelineError []*types.PipelineError
JSONSlicePipelineError is a []*types.PipelineError that serializes to/from JSON in the database.
func (*JSONSlicePipelineError) Scan ¶ added in v5.7.0
func (j *JSONSlicePipelineError) Scan(src any) error
type JSONSliceString ¶ added in v5.7.0
type JSONSliceString []string
JSONSliceString is a []string that serializes to/from JSON in the database.
func (*JSONSliceString) Scan ¶ added in v5.7.0
func (j *JSONSliceString) Scan(src any) error
type JSONSliceWebhookEvent ¶ added in v5.7.0
type JSONSliceWebhookEvent []WebhookEvent
JSONSliceWebhookEvent is a []WebhookEvent that serializes to/from JSON in the database.
func (*JSONSliceWebhookEvent) Scan ¶ added in v5.7.0
func (j *JSONSliceWebhookEvent) Scan(src any) error
type ListOptions ¶
type LogEntry ¶
type LogEntry struct {
bun.BaseModel `bun:"table:log_entries"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
StepID int64 `json:"step_id" bun:"step_id"`
Time int64 `json:"time" bun:"time"`
Line int `json:"line" bun:"line"`
Data []byte `json:"data" bun:"data,type:bytea"`
Created int64 `json:"-" bun:",nullzero"`
Type LogEntryType `json:"type" bun:"type"`
} // @name LogEntry
type LogEntryType ¶
type LogEntryType int // @name LogEntryType
LogEntryType identifies the type of line in the logs.
const ( LogEntryStdout LogEntryType = iota LogEntryStderr LogEntryExitCode LogEntryMetadata LogEntryProgress )
type MaintenanceConfig ¶
type MaintenanceConfig struct {
bun.BaseModel `bun:"table:maintenance_config"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
ActionType string `json:"action_type" bun:"action_type,unique"`
Enabled bool `json:"enabled" bun:"enabled"`
Schedule string `json:"schedule" bun:"schedule"`
DryRun bool `json:"dry_run" bun:"dry_run,default:false"`
// Action-specific statistics
TotalRuns int64 `json:"total_runs" bun:"total_runs,default:0"`
SuccessfulRuns int64 `json:"successful_runs" bun:"successful_runs,default:0"`
LastRun time.Time `json:"last_run" bun:"last_run"`
LastRunSuccess bool `json:"last_run_success" bun:"last_run_success,default:false"`
LastRunDuration int64 `json:"last_run_duration" bun:"last_run_duration,default:0"`
LastRunError string `json:"last_run_error" bun:"last_run_error"`
Created int64 `json:"created" bun:",nullzero"`
Updated int64 `json:"updated" bun:",nullzero"`
StaleThreshold int64 `json:"stale_threshold" bun:"stale_threshold,default:3600"`
// Runtime flags (not persisted)
KubernetesCleanupAvailable bool `json:"kubernetes_cleanup_available" bun:"-"`
DockerCleanupAvailable bool `json:"docker_cleanup_available" bun:"-"`
// Environment variable override flags (not persisted)
EnvVarsSet bool `json:"env_vars_set" bun:"-"`
} // @name MaintenanceConfig
MaintenanceConfig represents the configuration for database maintenance operations.
func (MaintenanceConfig) TableName ¶
func (MaintenanceConfig) TableName() string
type MaintenanceLog ¶
type MaintenanceLog struct {
bun.BaseModel `bun:"table:maintenance_logs"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
RunTime time.Time `json:"run_time" bun:"run_time"`
Success bool `json:"success" bun:"success"`
Error string `json:"error" bun:"error"`
Duration int64 `json:"duration" bun:"duration"`
Details string `json:"details" bun:"details"`
Created int64 `json:"created" bun:",nullzero"`
} // @name MaintenanceLog
MaintenanceLog represents a log entry for maintenance operations.
func (MaintenanceLog) TableName ¶
func (MaintenanceLog) TableName() string
type MaintenanceOperationConfig ¶
type MaintenanceOperationConfig struct {
bun.BaseModel `bun:"table:maintenance_operation_config"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
Operation string `json:"operation" bun:"operation,unique"`
Enabled bool `json:"enabled" bun:"enabled"`
Schedule string `json:"schedule" bun:"schedule"`
TotalRuns int64 `json:"total_runs" bun:"total_runs"`
LastRun time.Time `json:"last_run" bun:"last_run"`
Created int64 `json:"created" bun:",nullzero"`
Updated int64 `json:"updated" bun:",nullzero"`
} // @name MaintenanceOperationConfig
MaintenanceOperationConfig represents the configuration for individual maintenance operations.
func (MaintenanceOperationConfig) TableName ¶
func (MaintenanceOperationConfig) TableName() string
type MaintenanceStats ¶
type MaintenanceStats struct {
bun.BaseModel `bun:"table:maintenance_stats"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
LastRun time.Time `json:"last_run" bun:"last_run"`
LastRunSuccess bool `json:"last_run_success" bun:"last_run_success"`
LastRunError string `json:"last_run_error" bun:"last_run_error"`
LastRunDuration int64 `json:"last_run_duration" bun:"last_run_duration"`
TotalRuns int64 `json:"total_runs" bun:"total_runs"`
SuccessfulRuns int64 `json:"successful_runs" bun:"successful_runs"`
Created int64 `json:"created" bun:",nullzero"`
Updated int64 `json:"updated" bun:",nullzero"`
} // @name MaintenanceStats
MaintenanceStats represents statistics about maintenance operations.
func (MaintenanceStats) TableName ¶
func (MaintenanceStats) TableName() string
type Metrics ¶
type Metrics struct {
TotalRepos int64 `json:"total_repos"`
TotalOrgs int64 `json:"total_orgs"`
TotalPipelines int64 `json:"total_pipelines"`
AvgBuildTime float64 `json:"avg_build_time"` // in seconds
AvgStepsPerFlow float64 `json:"avg_steps_per_flow"`
PipelinesByRepo map[string]int64 `json:"pipelines_by_repo"` // repo name -> count
PipelinesByOrg map[string]int64 `json:"pipelines_by_org"` // org name -> count
WorkflowsByAgent map[string]int64 `json:"workflows_by_agent"` // agent name -> count
RepoDetails []RepoMetric `json:"repo_details"`
OrgDetails []OrgMetric `json:"org_details"`
AgentDetails []AgentMetric `json:"agent_details"`
IsAdminScope bool `json:"is_admin_scope"` // true if showing all instance metrics
}
Metrics represents overall system metrics.
type MetricsTimeFilter ¶
type MetricsTimeFilter struct {
After int64 `json:"after,omitempty"` // Unix timestamp
Before int64 `json:"before,omitempty"` // Unix timestamp
}
MetricsTimeFilter represents time-based filtering for metrics queries.
type NotificationConfig ¶ added in v5.6.0
type NotificationConfig struct {
bun.BaseModel `bun:"table:notification_configs"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
RepoID int64 `json:"repo_id" bun:"repo_id,notnull,unique"`
IsEnabled bool `json:"is_enabled" bun:"is_enabled,default:true"`
Events JSONSliceNotificationEvent `json:"events" bun:"events,type:text"`
CreatedAt int64 `json:"created_at" bun:",nullzero"`
UpdatedAt int64 `json:"updated_at" bun:",nullzero"`
} // @name NotificationConfig
NotificationConfig stores per-repo email notification settings.
func (NotificationConfig) TableName ¶ added in v5.6.0
func (NotificationConfig) TableName() string
TableName returns the database table name.
type NotificationConfigStore ¶ added in v5.6.0
type NotificationConfigStore interface {
NotificationConfigFind(repoID int64) (*NotificationConfig, error)
NotificationConfigUpsert(*NotificationConfig) error
NotificationConfigDelete(repoID int64) error
}
NotificationConfigStore persists notification configuration to storage.
type NotificationEvent ¶ added in v5.6.0
type NotificationEvent string
NotificationEvent represents when a notification should be sent.
const ( NotificationEventSuccess NotificationEvent = "success" NotificationEventFailure NotificationEvent = "failure" NotificationEventStatusChange NotificationEvent = "status_change" )
type NotifyYAMLConfig ¶ added in v5.6.0
type NotifyYAMLConfig struct {
Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`
Events []NotificationEvent `json:"events,omitempty" yaml:"events,omitempty"`
}
NotifyYAMLConfig represents per-pipeline notification overrides from .crow.yml.
func (*NotifyYAMLConfig) Scan ¶ added in v5.7.0
func (n *NotifyYAMLConfig) Scan(src any) error
type Org ¶
type Org struct {
bun.BaseModel `bun:"table:orgs"`
ID int64 `json:"id,omitempty" bun:"id,pk,autoincrement"`
ForgeID int64 `json:"forge_id,omitempty" bun:"forge_id,unique:s"`
Name string `json:"name" bun:"name,unique:s"`
IsUser bool `json:"is_user" bun:"is_user"`
// if name lookup has to check for membership or not
Private bool `json:"-" bun:"private"`
} // @name Org
Org represents an organization.
type OrgMetric ¶
type OrgMetric struct {
OrgID int64 `json:"org_id"`
OrgName string `json:"org_name"`
PipelineCount int64 `json:"pipeline_count"`
RepoCount int64 `json:"repo_count"`
AvgBuildTime float64 `json:"avg_build_time"` // in seconds
TotalBuildTime float64 `json:"total_build_time"` // in seconds
}
OrgMetric represents metrics for a specific organization.
type Perm ¶
type Perm struct {
bun.BaseModel `bun:"table:perms"`
UserID int64 `json:"-" bun:"user_id,notnull,unique:s"`
RepoID int64 `json:"-" bun:"repo_id,notnull,unique:s"`
Repo *Repo `json:"-" bun:"-"`
Pull bool `json:"pull" bun:"pull"`
Push bool `json:"push" bun:"push"`
Admin bool `json:"admin" bun:"admin"`
Synced int64 `json:"synced" bun:"synced"`
Created int64 `json:"created" bun:",nullzero"`
Updated int64 `json:"updated" bun:",nullzero"`
} // @name Perm
Perm defines a repository permission for an individual user.
type Pipeline ¶
type Pipeline struct {
bun.BaseModel `bun:"table:pipelines"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
RepoID int64 `json:"-" bun:"repo_id,unique:s"`
Number int64 `json:"number" bun:"number,unique:s"`
Author string `json:"author" bun:"author"`
Parent int64 `json:"parent" bun:"parent"`
Event WebhookEvent `json:"event" bun:"event"`
Status StatusValue `json:"status" bun:"status"`
Errors JSONSlicePipelineError `json:"errors" bun:"errors,type:text"`
Created int64 `json:"created" bun:"created,notnull,default:0"`
Updated int64 `json:"updated" bun:"updated,notnull,default:0"`
Started int64 `json:"started" bun:"started"`
Finished int64 `json:"finished" bun:"finished"`
DeployTo string `json:"deploy_to" bun:"deploy"`
DeployTask string `json:"deploy_task" bun:"deploy_task"`
Commit string `json:"commit" bun:"commit"`
Branch string `json:"branch" bun:"branch"`
Ref string `json:"ref" bun:"ref"`
Refspec string `json:"refspec" bun:"refspec"`
Title string `json:"title" bun:"title"`
Message string `json:"message" bun:"message,type:text"`
Timestamp int64 `json:"timestamp" bun:"timestamp"`
Sender string `json:"sender" bun:"sender"`
Avatar string `json:"author_avatar" bun:"avatar,type:varchar(500)"`
Email string `json:"author_email" bun:"email,type:varchar(500)"`
ForgeURL string `json:"forge_url" bun:"forge_url"`
Reviewer string `json:"reviewed_by" bun:"reviewer"`
Reviewed int64 `json:"reviewed" bun:"reviewed"`
Workflows []*Workflow `json:"workflows,omitempty" bun:"-"`
ChangedFiles JSONSliceString `json:"changed_files,omitempty" bun:"changed_files,type:text"`
AdditionalVariables JSONMapStringString `json:"variables,omitempty" bun:"additional_variables,type:text"`
PullRequestLabels JSONSliceString `json:"pr_labels,omitempty" bun:"pr_labels,type:text"`
IsPrerelease bool `json:"is_prerelease,omitempty" bun:"is_prerelease"`
FromFork bool `json:"from_fork,omitempty" bun:"from_fork"`
LogsDeleted bool `json:"logs_deleted,omitempty" bun:"logs_deleted"`
IsAlwaysApproved bool `json:"is_always_approved,omitempty" bun:"-"`
NotifyOverride *NotifyYAMLConfig `json:"notify_override,omitempty" bun:"notify_override,type:text"`
} // @name Pipeline
func (Pipeline) IsMultiPipeline ¶
IsMultiPipeline checks if step list contain more than one parent step.
type PipelineConfig ¶
type PipelineConfig struct {
bun.BaseModel `bun:"table:pipeline_configs"`
ConfigID int64 `json:"-" bun:"config_id,notnull,unique:s"`
PipelineID int64 `json:"-" bun:"pipeline_id,notnull,unique:s"`
}
PipelineConfig is the n:n relation between Pipeline and Config.
func (PipelineConfig) TableName ¶
func (PipelineConfig) TableName() string
type PipelineFilter ¶
type PipelineFilter struct {
Before int64
After int64
Branch string
Events []WebhookEvent
RefContains string
Status StatusValue
Search string // Search query for number, message, branch, author
}
type PipelineOptions ¶
type PullRequest ¶
type PullRequest struct {
Index ForgeRemoteID `json:"index"`
Title string `json:"title"`
} // @name PullRequest
type QueueInfo ¶
type QueueInfo struct {
Pending []QueueTask `json:"pending"`
WaitingOnDeps []QueueTask `json:"waiting_on_deps"`
Running []QueueTask `json:"running"`
Stats struct {
WorkerCount int `json:"worker_count"`
PendingCount int `json:"pending_count"`
WaitingOnDepsCount int `json:"waiting_on_deps_count"`
RunningCount int `json:"running_count"`
} `json:"stats"`
Paused bool `json:"paused"`
} // @name QueueInfo
QueueInfo represents the response structure for queue information API.
type QueueTask ¶
type QueueTask struct {
Task
PipelineNumber int64 `json:"pipeline_number"`
AgentName string `json:"agent_name"`
PipelineCreated int64 `json:"pipeline_created"` // Unix timestamp when the pipeline was created
PipelineStarted int64 `json:"pipeline_started"` // Unix timestamp when the pipeline started running (0 if not started)
}
QueueTask represents a task in the queue with additional API-specific fields.
type Redirection ¶
type Redirection struct {
bun.BaseModel `bun:"table:redirections"`
ID int64 `bun:"id,pk,autoincrement"`
ForgeID int64 `bun:"forge_id,unique:forge"`
RepoID int64 `bun:"repo_id"`
FullName string `bun:"repo_full_name,unique:forge"`
}
func (Redirection) TableName ¶
func (r Redirection) TableName() string
type Registry ¶
type Registry struct {
bun.BaseModel `bun:"table:registries"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
OrgID int64 `json:"org_id" bun:"org_id,notnull,default:0,unique:s"`
RepoID int64 `json:"repo_id" bun:"repo_id,notnull,default:0,unique:s"`
Address string `json:"address" bun:"address,notnull,unique:s"`
Username string `json:"username" bun:"username,type:varchar(2000)"`
Password string `json:"password" bun:"password,type:text"`
ReadOnly bool `json:"readonly" bun:"-"`
CreatedAt int64 `json:"created_at" bun:",nullzero"`
UpdatedAt int64 `json:"updated_at" bun:",nullzero"`
} // @name Registry
Registry represents a docker registry with credentials.
type RegistryWithOrg ¶
type RegistryWithOrg struct {
*Registry
OrgName string `json:"org_name"`
ScopeType string `json:"scope_type"` // "user", "org", or "global"
ForgeID int64 `json:"forge_id,omitempty"` // forge ID for multi-forge display
ForgeName string `json:"forge_name,omitempty"` // forge hostname for multi-forge display
ForgeIcon string `json:"forge_icon,omitempty"` // forge icon name/URL for multi-forge display
ForgeType string `json:"forge_type,omitempty"` // forge type (github, gitlab, etc.) for icon fallback
} // @name RegistryWithOrg
RegistryWithOrg extends Registry with organization context for user views.
type Repo ¶
type Repo struct {
bun.BaseModel `bun:"table:repos"`
ID int64 `json:"id,omitempty" bun:"id,pk,autoincrement"`
UserID int64 `json:"-" bun:"user_id"`
ForgeID int64 `json:"forge_id,omitempty" bun:"forge_id,unique:forge"`
// ForgeRemoteID is the unique identifier for the repository on the forge.
ForgeRemoteID ForgeRemoteID `json:"forge_remote_id" bun:"forge_remote_id"`
OrgID int64 `json:"org_id" bun:"org_id"`
Owner string `json:"owner" bun:"owner,unique:forge"`
Name string `json:"name" bun:"name,unique:forge"`
FullName string `json:"full_name" bun:"full_name,unique:forge_full_name"`
Avatar string `json:"avatar_url,omitempty" bun:"avatar,type:varchar(500)"`
ForgeURL string `json:"forge_url,omitempty" bun:"forge_url,type:varchar(1000)"`
Clone string `json:"clone_url,omitempty" bun:"clone,type:varchar(1000)"`
CloneSSH string `json:"clone_url_ssh" bun:"clone_ssh,type:varchar(1000)"`
Branch string `json:"default_branch,omitempty" bun:"branch,type:varchar(500)"`
PREnabled bool `json:"pr_enabled" bun:"pr_enabled,default:true"`
Timeout int64 `json:"timeout,omitempty" bun:"timeout"`
Visibility RepoVisibility `json:"visibility" bun:"visibility,type:varchar(10)"`
IsSCMPrivate bool `json:"private" bun:"private"`
Trusted TrustedConfiguration `json:"trusted" bun:"trusted,type:text"`
RequireApproval ApprovalMode `json:"require_approval" bun:"require_approval,type:varchar(50)"`
IsActive bool `json:"active" bun:"active"`
AllowPull bool `json:"allow_pr" bun:"allow_pr"`
AllowDeploy bool `json:"allow_deploy" bun:"allow_deploy"`
AllowManual bool `json:"allow_manual" bun:"allow_manual"`
DeployTeam string `json:"deploy_team" bun:"deploy_team,type:varchar(250)"`
Config string `json:"config_file" bun:"config_path,type:varchar(500)"`
Hash string `json:"-" bun:"hash,type:varchar(500)"`
Perm *Perm `json:"-" bun:"-"`
CancelPreviousPipelineEvents JSONSliceWebhookEvent `json:"cancel_previous_pipeline_events" bun:"cancel_previous_pipeline_events,type:text"`
NetrcTrustedPlugins JSONSliceString `json:"netrc_trusted" bun:"netrc_trusted,type:text"`
LogsPipelinesKeepMin int64 `json:"logs_keep_min,omitempty" bun:"logs_keep_min"`
LogsDurationKeep string `json:"logs_keep_duration" bun:"logs_keep_duration,type:varchar(500)"`
} // @name Repo
Repo represents a repository.
func (*Repo) ResetVisibility ¶
func (r *Repo) ResetVisibility()
type RepoLastPipeline ¶
type RepoLastPipeline struct {
*Repo
LastPipeline *Pipeline `json:"last_pipeline,omitempty"`
} // @name RepoLastPipeline
RepoLastPipeline represents a repository with last pipeline execution information.
type RepoMetric ¶
type RepoMetric struct {
RepoID int64 `json:"repo_id"`
RepoName string `json:"repo_name"`
RepoFullName string `json:"repo_full_name"`
PipelineCount int64 `json:"pipeline_count"`
AvgBuildTime float64 `json:"avg_build_time"` // in seconds
TotalBuildTime float64 `json:"total_build_time"` // in seconds
}
RepoMetric represents metrics for a specific repository.
type RepoPatch ¶
type RepoPatch struct {
Config *string `json:"config_file,omitempty"`
RequireApproval *string `json:"require_approval,omitempty"`
Timeout *int64 `json:"timeout,omitempty"`
Visibility *string `json:"visibility,omitempty"`
AllowPull *bool `json:"allow_pr,omitempty"`
AllowDeploy *bool `json:"allow_deploy,omitempty"`
AllowManual *bool `json:"allow_manual,omitempty"`
DeployTeam *string `json:"deploy_team,omitempty"`
CancelPreviousPipelineEvents *[]WebhookEvent `json:"cancel_previous_pipeline_events,omitempty"`
LogsPipelinesKeepMin int64 `json:"logs_keep_min,omitempty"`
LogsDurationKeep string `json:"logs_keep_duration,omitempty"`
NetrcTrusted *[]string `json:"netrc_trusted,omitempty"`
Trusted *TrustedConfigurationPatch `json:"trusted,omitempty"`
} // @name RepoPatch
RepoPatch represents a repository patch object.
type RepoVisibility ¶
type RepoVisibility string // @name RepoVisibility
RepoVisibility represent to what state a repo in woodpecker is visible to others.
const ( VisibilityPublic RepoVisibility = "public" VisibilityPrivate RepoVisibility = "private" VisibilityInternal RepoVisibility = "internal" )
type Secret ¶
type Secret struct {
bun.BaseModel `bun:"table:secrets"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
OrgID int64 `json:"org_id" bun:"org_id,notnull,default:0,unique:s"`
RepoID int64 `json:"repo_id" bun:"repo_id,notnull,default:0,unique:s"`
Name string `json:"name" bun:"name,notnull,unique:s"`
Value string `json:"value,omitempty" bun:"value,type:text"`
Images JSONSliceString `json:"images" bun:"images,type:text"`
Events JSONSliceWebhookEvent `json:"events" bun:"events,type:text"`
Source string `json:"source" bun:"source,type:varchar(50),default:'internal'"`
CreatedAt int64 `json:"created_at" bun:",nullzero"`
UpdatedAt int64 `json:"updated_at" bun:",nullzero"`
} // @name Secret
Secret represents a secret variable, such as a password or token.
func (*Secret) BeforeInsert ¶
func (s *Secret) BeforeInsert()
BeforeInsert will sort events and set defaults before inserted into database.
func (*Secret) BeforeUpdate ¶ added in v5.6.0
func (s *Secret) BeforeUpdate()
BeforeUpdate normalizes PEM values before updating in the database.
func (*Secret) CopyWithAbbreviatedValue ¶
CopyWithAbbreviatedValue makes a copy of the secret with an abbreviated value. The abbreviated value shows the first 6 and last 6 characters for verification.
type SecretStore ¶
type SecretStore interface {
SecretFind(*Repo, string) (*Secret, error)
SecretList(*Repo, bool, *ListOptions) ([]*Secret, error)
SecretCreate(*Secret) error
SecretUpdate(*Secret) error
SecretDelete(*Secret) error
OrgSecretFind(int64, string) (*Secret, error)
OrgSecretList(int64, *ListOptions) ([]*Secret, error)
GlobalSecretFind(string) (*Secret, error)
GlobalSecretList(*ListOptions) ([]*Secret, error)
SecretListAll() ([]*Secret, error)
}
SecretStore persists secret information to storage.
type SecretWithOrg ¶
type SecretWithOrg struct {
*Secret
OrgName string `json:"org_name"`
RepoName string `json:"repo_name,omitempty"`
ScopeType string `json:"scope_type"` // "user", "org", "repo", or "global"
ForgeID int64 `json:"forge_id,omitempty"` // forge ID for multi-forge display
ForgeName string `json:"forge_name,omitempty"` // forge hostname for multi-forge display
ForgeIcon string `json:"forge_icon,omitempty"` // forge icon name/URL for multi-forge display
ForgeType string `json:"forge_type,omitempty"` // forge type (github, gitlab, etc.) for icon fallback
} // @name SecretWithOrg
SecretWithOrg extends Secret with organization and repository context for user views.
type ServerConfig ¶
type ServerConfig struct {
bun.BaseModel `bun:"table:server_configs"`
Key string `json:"key" bun:"key,pk"`
Value string `json:"value" bun:"value"`
}
ServerConfig represents a key-value pair for storing server configurations.
func (ServerConfig) TableName ¶
func (ServerConfig) TableName() string
TableName returns the database table name.
type StatusValue ¶
type StatusValue string // @name StatusValue
StatusValue represent pipeline states woodpecker know.
const ( StatusSkipped StatusValue = "skipped" // skipped as another step failed StatusPending StatusValue = "pending" // pending to be executed StatusRunning StatusValue = "running" // currently running StatusSuccess StatusValue = "success" // successfully finished StatusFailure StatusValue = "failure" // failed to finish (exit code != 0) StatusKilled StatusValue = "killed" // killed by user StatusError StatusValue = "error" // error with the config / while parsing / some other system problem StatusBlocked StatusValue = "blocked" // waiting for approval StatusDeclined StatusValue = "declined" // blocked and declined StatusCreated StatusValue = "created" // created / internal use only )
func PipelineStatus ¶
func PipelineStatus(workflows []*Workflow) StatusValue
PipelineStatus determine pipeline status based on corresponding workflow list. Only considers the latest attempt of each workflow.
func WorkflowStatus ¶
func WorkflowStatus(steps []*Step) StatusValue
WorkflowStatus determine workflow status based on corresponding step list.
func (StatusValue) Validate ¶
func (s StatusValue) Validate() error
type Step ¶
type Step struct {
bun.BaseModel `bun:"table:steps"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
UUID string `json:"uuid" bun:"uuid"`
PipelineID int64 `json:"pipeline_id" bun:"pipeline_id,unique:s"`
PID int `json:"pid" bun:"pid,unique:s"`
PPID int `json:"ppid" bun:"ppid"`
Name string `json:"name" bun:"name"`
State StatusValue `json:"state" bun:"state"`
Error string `json:"error,omitempty" bun:"error,type:text"`
Failure string `json:"-" bun:"failure"`
ExitCode int `json:"exit_code" bun:"exit_code"`
Started int64 `json:"started,omitempty" bun:"started"`
Finished int64 `json:"finished,omitempty" bun:"finished"`
Type StepType `json:"type,omitempty" bun:"type"`
DependsOn JSONSliceString `json:"depends_on,omitempty" bun:"depends_on,type:text"`
} // @name Step
Step represents a process in the pipeline.
type Task ¶
type Task struct {
bun.BaseModel `bun:"table:tasks"`
ID string `json:"id" bun:"id,pk"`
PID int `json:"pid" bun:"pid"`
Name string `json:"name" bun:"name"`
Data []byte `json:"-" bun:"data"`
Labels JSONMapStringString `json:"labels" bun:"labels,type:text"`
Dependencies JSONSliceString `json:"dependencies" bun:"dependencies,type:text"`
RunOn JSONSliceString `json:"run_on" bun:"run_on,type:text"`
DepStatus JSONMapStringStatusValue `json:"dep_status" bun:"dependencies_status,type:text"`
AgentID int64 `json:"agent_id" bun:"agent_id"`
PipelineID int64 `json:"pipeline_id" bun:"pipeline_id"`
RepoID int64 `json:"repo_id" bun:"repo_id"`
} // @name Task
Task defines scheduled pipeline Task.
func (*Task) ApplyLabelsFromRepo ¶
type Team ¶
type Team struct {
// Login is the username for this team.
Login string `json:"login"`
// the avatar url for this team.
Avatar string `json:"avatar_url"`
}
Team represents a team or organization in the forge.
type TrustedConfiguration ¶
type TrustedConfiguration struct {
Network bool `json:"network"`
Volumes bool `json:"volumes"`
Security bool `json:"security"`
}
func (*TrustedConfiguration) Scan ¶ added in v5.7.0
func (t *TrustedConfiguration) Scan(src any) error
type User ¶
type User struct {
bun.BaseModel `bun:"table:users"`
// the id for this user.
//
// required: true
ID int64 `json:"id" bun:"id,pk,autoincrement"`
// ForgeID is the forge this user originally registered with.
//
// Deprecated: Use PrimaryForgeID and UserForge table for multi-forge support.
ForgeID int64 `json:"forge_id,omitempty" bun:"forge_id"`
// ForgeRemoteID is the user's ID on their original forge.
//
// Deprecated: Use UserForge table for multi-forge support.
ForgeRemoteID ForgeRemoteID `json:"-" bun:"forge_remote_id"`
// PrimaryForgeID references the user_forges.id of the user's primary forge connection.
// The primary forge is the first forge the user registered with and cannot be unlinked.
PrimaryForgeID int64 `json:"primary_forge_id,omitempty" bun:"primary_forge_id"`
// Login is the username for this user.
//
// required: true
Login string `json:"login" bun:"login,unique"`
// AccessToken is the oauth2 access token.
//
// Deprecated: Use UserForge table for multi-forge support.
AccessToken string `json:"-" bun:"access_token,type:text"`
// RefreshToken is the oauth2 refresh token.
//
// Deprecated: Use UserForge table for multi-forge support.
RefreshToken string `json:"-" bun:"refresh_token,type:text"`
// Expiry is the AccessToken expiration timestamp (unix seconds).
//
// Deprecated: Use UserForge table for multi-forge support.
Expiry int64 `json:"-" bun:"expiry"`
// Email is the email address for this user.
//
// required: true
Email string `json:"email" bun:"email,type:varchar(500)"`
// the avatar url for this user.
Avatar string `json:"avatar_url" bun:"avatar,type:varchar(500)"`
// Admin indicates the user is a system administrator.
//
// NOTE: If the username is part of the WOODPECKER_ADMIN
// environment variable, this value will be set to true on login.
Admin bool `json:"admin,omitempty" bun:"admin"`
// Hash is a unique token used to sign tokens.
Hash string `json:"-" bun:"hash,unique,type:varchar(500)"`
// OrgID is the of the user as model.Org.
OrgID int64 `json:"org_id" bun:"org_id"`
// Description is a short bio or description for this user.
Description string `json:"description,omitempty" bun:"description,type:text"`
// Timezone is the user's timezone (e.g., "America/New_York", "Europe/Berlin").
Timezone string `json:"timezone,omitempty" bun:"timezone,type:varchar(100)"`
} // @name User
User represents a registered user.
type UserForge ¶
type UserForge struct {
bun.BaseModel `bun:"table:user_forges"`
// ID is the unique identifier for this user-forge connection.
ID int64 `json:"id" bun:"id,pk,autoincrement"`
// UserID references the user who owns this forge connection.
UserID int64 `json:"user_id" bun:"user_id,notnull"`
// ForgeID references the forge this connection is for.
ForgeID int64 `json:"forge_id" bun:"forge_id,notnull,unique:forge_user"`
// ForgeRemoteID is the user's unique identifier on the forge (e.g., GitHub user ID).
// Combined with ForgeID, this must be unique across all users.
ForgeRemoteID ForgeRemoteID `json:"-" bun:"forge_remote_id,unique:forge_user"`
// IsPrimary indicates if this is the user's primary forge (first registered).
// Each user has exactly one primary forge which cannot be unlinked.
IsPrimary bool `json:"is_primary" bun:"is_primary,notnull,default:false"`
// OAuth tokens for this forge connection
AccessToken string `json:"-" bun:"access_token,type:text"`
RefreshToken string `json:"-" bun:"refresh_token,type:text"`
Expiry int64 `json:"-" bun:"expiry"`
// ForgeLogin is the username on this forge (may differ from User.Login).
ForgeLogin string `json:"forge_login" bun:"forge_login,type:varchar(250)"`
// ForgeEmail is the email address on this forge.
ForgeEmail string `json:"forge_email,omitempty" bun:"forge_email,type:varchar(500)"`
// ForgeAvatar is the avatar URL on this forge.
ForgeAvatar string `json:"forge_avatar,omitempty" bun:"forge_avatar,type:varchar(500)"`
// LinkedAt is the unix timestamp when this forge was linked.
LinkedAt int64 `json:"linked_at" bun:"linked_at,notnull"`
// LastUsed is the unix timestamp when this forge was last used for an operation.
LastUsed int64 `json:"last_used,omitempty" bun:"last_used"`
} // @name UserForge
UserForge represents a user's OAuth credentials for a specific forge. A user can have multiple forge connections (e.g., GitHub + GitLab), allowing them to manage repositories from different forges under one account.
type VaultConfig ¶
type VaultConfig struct {
// Connection
Address string `json:"address"` // Vault server URL (e.g., https://vault.example.com)
Namespace string `json:"namespace,omitempty"` // Vault Enterprise namespace
// AppRole Authentication
RoleID string `json:"role_id"` // AppRole Role ID
SecretID string `json:"secret_id"` // AppRole Secret ID (encrypted in storage)
// Paths
MountPath string `json:"mount_path"` // Secrets engine mount path (default: "secret")
AuthPath string `json:"auth_path"` // Auth method path (default: "auth/approle")
// TLS Configuration
TLSConfig *VaultTLSConfig `json:"tls_config,omitempty"`
}
VaultConfig holds HashiCorp Vault/OpenBao specific configuration.
func (*VaultConfig) Redacted ¶
func (c *VaultConfig) Redacted() *VaultConfig
Redacted returns a copy with sensitive fields redacted.
func (*VaultConfig) Validate ¶
func (c *VaultConfig) Validate() error
Validate validates the Vault configuration.
func (*VaultConfig) WithDefaults ¶
func (c *VaultConfig) WithDefaults() *VaultConfig
WithDefaults returns a copy with default values applied.
type VaultTLSConfig ¶
type VaultTLSConfig struct {
CACert string `json:"ca_cert,omitempty"` // CA certificate (PEM)
ClientCert string `json:"client_cert,omitempty"` // Client certificate (PEM)
ClientKey string `json:"client_key,omitempty"` // Client private key (PEM)
TLSServerName string `json:"tls_server_name,omitempty"` // Server name for SNI
Insecure bool `json:"insecure,omitempty"` // Skip TLS verification (for dev only)
}
VaultTLSConfig holds TLS configuration for Vault connections.
type WebhookEvent ¶
type WebhookEvent string // @name WebhookEvent
const ( EventPush WebhookEvent = "push" EventPull WebhookEvent = "pull_request" EventPullClosed WebhookEvent = "pull_request_closed" EventPullMerged WebhookEvent = "pull_request_merged" EventPullEdited WebhookEvent = "pull_request_edited" EventTag WebhookEvent = "tag" EventRelease WebhookEvent = "release" EventDeploy WebhookEvent = "deployment" EventCron WebhookEvent = "cron" EventManual WebhookEvent = "manual" )
func (WebhookEvent) Validate ¶
func (s WebhookEvent) Validate() error
type WebhookEventList ¶
type WebhookEventList []WebhookEvent
func (WebhookEventList) Len ¶
func (wel WebhookEventList) Len() int
func (WebhookEventList) Less ¶
func (wel WebhookEventList) Less(i, j int) bool
func (WebhookEventList) Swap ¶
func (wel WebhookEventList) Swap(i, j int)
type Workflow ¶
type Workflow struct {
bun.BaseModel `bun:"table:workflows"`
ID int64 `json:"id" bun:"id,pk,autoincrement"`
PipelineID int64 `json:"pipeline_id" bun:"pipeline_id,unique:s"`
PID int `json:"pid" bun:"pid,unique:s"`
Name string `json:"name" bun:"name"`
PipelineName string `json:"pipeline_name" bun:"pipeline_name"`
State StatusValue `json:"state" bun:"state"`
Error string `json:"error,omitempty" bun:"error,type:text"`
Started int64 `json:"started,omitempty" bun:"started"`
Finished int64 `json:"finished,omitempty" bun:"finished"`
AgentID int64 `json:"agent_id,omitempty" bun:"agent_id"`
AgentPersistentID string `json:"agent_persistent_id,omitempty" bun:"agent_persistent_id,type:varchar(64)"`
AgentName string `json:"agent_name,omitempty" bun:"agent_name,type:varchar(255)"`
Platform string `json:"platform,omitempty" bun:"platform"`
Environ JSONMapStringString `json:"environ,omitempty" bun:"environ,type:text"`
DependsOn JSONSliceString `json:"depends_on,omitempty" bun:"depends_on,type:text"`
AxisID int `json:"-" bun:"axis_id"`
OriginalWorkflowID int64 `json:"original_workflow_id" bun:"original_workflow_id,default:0"`
Attempt int `json:"attempt" bun:"attempt,default:1"`
Children []*Step `json:"children,omitempty" bun:"-"`
AutoscalerProvisioning bool `json:"autoscaler_provisioning,omitempty" bun:"-"`
AutoscalerProvisioningStale bool `json:"autoscaler_provisioning_stale,omitempty" bun:"-"`
}
Workflow represents a workflow in the pipeline.
func LatestAttempts ¶ added in v5.5.0
LatestAttempts returns only the latest attempt of each workflow, grouping by OriginalWorkflowID (or by the workflow's own ID if it is the original).
Source Files
¶
- access_token.go
- agent.go
- approved_pull_request.go
- autoscaler.go
- cache.go
- commit.go
- config.go
- const.go
- cron.go
- entity.go
- environ.go
- event.go
- feed.go
- forge.go
- integration.go
- json_types.go
- lock.go
- log.go
- maintenance.go
- metrics.go
- netrc.go
- notification.go
- org.go
- pagination.go
- perm.go
- pipeline.go
- pubsub.go
- pull_request.go
- queue.go
- redirection.go
- registry.go
- repo.go
- secret.go
- server_config.go
- step.go
- task.go
- team.go
- user.go
- user_forge.go
- workflow.go
Directories
Click to show internal directories.
Click to hide internal directories.