feat(fastdeploy): git-webhook → Decofile CR → KV-sync Job#25
Open
hugo-ccabral wants to merge 1 commit into
Open
feat(fastdeploy): git-webhook → Decofile CR → KV-sync Job#25hugo-ccabral wants to merge 1 commit into
hugo-ccabral wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
7 issues found across 16 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="internal/deploy/tanstack_kv.go">
<violation number="1" location="internal/deploy/tanstack_kv.go:246">
P3: This adds a second copy of nodeSelector/tolerations env parsing logic already present in cfworkers. Moving these helpers to a shared internal utility would keep behavior consistent and reduce maintenance drift.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
|
|
||
| // parseNodeSelector parses a JSON object string into a map. Returns nil on empty | ||
| // input or parse error. | ||
| func parseNodeSelector(s string) map[string]string { |
There was a problem hiding this comment.
P3: This adds a second copy of nodeSelector/tolerations env parsing logic already present in cfworkers. Moving these helpers to a shared internal utility would keep behavior consistent and reduce maintenance drift.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At internal/deploy/tanstack_kv.go, line 246:
<comment>This adds a second copy of nodeSelector/tolerations env parsing logic already present in cfworkers. Moving these helpers to a shared internal utility would keep behavior consistent and reduce maintenance drift.</comment>
<file context>
@@ -0,0 +1,268 @@
+
+// parseNodeSelector parses a JSON object string into a map. Returns nil on empty
+// input or parse error.
+func parseNodeSelector(s string) map[string]string {
+ if s == "" {
+ return nil
</file context>
9aa91cd to
dbb9e7d
Compare
Collaborator
Author
|
Addressed all 7 review findings (rebased onto latest
|
8dc9c8c to
cb9d858
Compare
Operator-owned, CR-driven fast deploy for content (.deco/blocks). Two pluggable interfaces (internal/deploy): - DeploymentTarget: maps a git push to desired-state CRs. cloudflare-workers impl resolves the repo's Deco CR and emits a Decofile CR (target: tanstack-kv) on a content-only push to a fast-deploy-enabled site. - FastDeployment: drives a Decofile CR to its effect. tanstack-kv impl creates a self-cleaning batch/v1 Job (decofile-syncer image) that pushes the decofile to Cloudflare KV; the existing ConfigMap/Knative path stays the default. Adds POST /webhooks/github (HMAC-verified, outside basic-auth) to the operator API; Decofile CRD gains target/tanstackKV; Deco CRD gains fastDeploy; Decofile reconciler dispatches non-configmap targets and owns Jobs (batch RBAC). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cb9d858 to
c12c78d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Builds the git-driven, KV-first content fast-deploy path entirely inside the operator — no studio, no GitHub Actions, no admin.
Design — two pluggable interfaces (
internal/deploy)DeploymentTarget(push → desired-state CR), registry keyed byserving.type. First implcloudflare-workersgates on content-only +fastDeploy.enabledand emits aDecofileCR.FastDeployment(Decofile CR → effect), registry keyed by the CR'starget. First impltanstack-kvbuilds/creates/watches the KV-sync Job and reports status. The existing ConfigMap/Knative reconcile stays the default path — zero regression; onlytarget: tanstack-kvdiverts.A sandbox-backed
FastDeployment(warm pool) can be added later behind the same interface if warm-start ever matters; a plain Job was chosen now because the agent-sandbox CR is a long-running daemon (no run-to-completion) and a Job self-cleans viattlSecondsAfterFinished.Changes
Decofilegainstarget(enumconfigmap|tanstack-kv, defaultconfigmap) +tanstackKV{kvNamespaceId,siteOrigin}+ statusjobName;DecogainsfastDeploy{enabled,kvNamespaceId,siteOrigin}. Deepcopy + CRDs regenerated.internal/api/webhook.go— signature-verifiedPOST /webhooks/github, mounted outside basic-auth;server.goroutes it; the API server now also starts whenGITHUB_WEBHOOK_SECRETis set.decofile_controller.godispatches non-configmaptargets to theFastDeploymentregistry;Owns(&Job{})+batch/jobsRBAC (patch/updateverbs added to the existing rule).cmd/main.goregisters both registries;tanstack-kvconfig from env.docs/fast-deploy-webhook.md(operator env, per-siteDecoconfig, GitHub webhook setup, verification).Verified
go build ./...,go vet ./internal/... ./cmd/...,go test ./internal/api/... ./internal/deploy/..., andcontroller-gen(deepcopy + CRD + RBAC) all clean.Deploy config required (not in this PR)
Operator Deployment env:
GITHUB_WEBHOOK_SECRET,DECOFILE_SYNCER_IMAGE,CLOUDFLARE_ACCOUNT_ID,CLOUDFLARE_KV_API_TOKEN(+ optionalGITHUB_TOKEN,DECO_PURGE_TOKEN). Per-site:Deco.spec.fastDeploy+ a KV namespace + the GitHub webhook. Seedocs/fast-deploy-webhook.md.Related
🤖 Generated with Claude Code
Summary by cubic
Adds a git-driven fast-deploy path that turns content-only pushes into a Cloudflare KV sync for TanStack/Workers sites, fully inside the operator. This removes Studio/GitHub Actions for content updates and speeds up publish time.
New Features
POST /webhooks/github(outside basic auth) processes default-branch,.deco/blocks/**-only pushes and upserts aDecofilewithtarget: tanstack-kv.DeploymentTarget(webhook) with acloudflare-workerimpl that emits a per-siteDecofile;FastDeployment(reconciler) with atanstack-kvimpl that runs a self-cleaningbatch/v1 Jobto clonerepo@commitand push blocks to Cloudflare KV, then setsstatus.jobNameand aSyncedcondition.Decofileaddstarget(configmap|tanstack-kv) andtanstackKV{kvNamespaceId,siteOrigin}with validations requiringtanstackKVandsource: githubwhentarget: tanstack-kv;DecoaddsfastDeploy{enabled,kvNamespaceId,siteOrigin}with validation thatkvNamespaceIdis required when enabled.GITHUB_TOKEN. Reconciler ownsJobresources; RBAC updated. Default ConfigMap/Knative flow is unchanged. Helm chart bumps to0.3.0and adds a unifiedsecretEnv.existingSecretfor injecting operator secrets. Docs atdocs/fast-deploy-webhook.md.Migration
GITHUB_WEBHOOK_SECRET,DECOFILE_SYNCER_IMAGE,CLOUDFLARE_ACCOUNT_ID,CLOUDFLARE_KV_API_TOKEN.GITHUB_APP_ID,GITHUB_APP_PRIVATE_KEY; fallback:GITHUB_TOKEN. Optional:DECO_PURGE_TOKEN,BUILD_SERVICE_ACCOUNT,BUILD_NODE_SELECTOR,BUILD_TOLERATIONS,OPERATOR_API_ADDR.fastDeploy.syncerImage. UsesecretEnv.existingSecretto inject all secret envs (CLOUDFLARE_*,GITHUB_*,GITHUB_WEBHOOK_SECRET,DECO_*) viaenvFrom(preferred over per-feature secrets).spec.fastDeployto eachDecowithserving.type: cloudflare-worker; setkvNamespaceId(optionalsiteOrigin). Add a GitHub push webhook toPOST /webhooks/githubwith the shared secret. The API server starts when either basic-auth creds or the webhook secret is set.Written for commit c12c78d. Summary will update on new commits.