will/unitforge
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: will/unitforge:a0ae5f869ec4b29c5a224735767e83e657e05d95
Branches Tags
will/unitforge:main
...
compare: will/unitforge:c48cd87d16067e2ecc4350900baac9ec4a162d53
Branches Tags
will/unitforge:main

10 Commits
a0ae5f869e ... c48cd87d16

Author SHA1 Message Date
William Valentin c48cd87d16 feat(frontend): add theme switcher with light dark and system modes
Build Multi-Arch Container Image / build-and-push (push) Has been cancelled
Details
Build Multi-Arch Container Image / security-scan (push) Has been cancelled
Details
Build Multi-Arch Container Image / deploy-staging (push) Has been cancelled
Details
Build Multi-Arch Container Image / deploy-production (push) Has been cancelled
Details
Nightly Build / check-changes (push) Has been cancelled
Details
Nightly Build / nightly-tests (3.10) (push) Has been cancelled
Details
Nightly Build / nightly-tests (3.11) (push) Has been cancelled
Details
Nightly Build / nightly-tests (3.12) (push) Has been cancelled
Details
Nightly Build / nightly-tests (3.8) (push) Has been cancelled
Details
Nightly Build / nightly-tests (3.9) (push) Has been cancelled
Details
Nightly Build / build-nightly (push) Has been cancelled
Details
Nightly Build / performance-test (push) Has been cancelled
Details
Nightly Build / security-scan-nightly (push) Has been cancelled
Details
Nightly Build / cleanup-old-nightlies (push) Has been cancelled
Details
Build Multi-Arch Container Image / test (push) Has been cancelled
Details
Nightly Build / notify-results (push) Has been cancelled
Details
2025-09-21 20:28:33 -07:00
William Valentin f38e0c1276 fix: Resolve lint errors in validate_config.py 
- Fix E501 line too long errors by breaking long lines appropriately
- Fix F541 f-string without placeholders error
- Add proper type annotations for mypy compatibility
- Suppress false positive bandit security warning for valid host check
- Apply black and isort formatting fixes

All flake8, mypy, black, isort, and bandit checks now pass.
 2025-09-15 02:35:53 -07:00
William Valentin 0f891aab2d chore: Remove temporary .env.example.new file 2025-09-15 02:26:34 -07:00
William Valentin e44234805c docs: Update documentation index with CI/CD references 
- Add CI/CD Secrets Setup guide to docs index
- Add CI/CD Workflows documentation reference
- Add quick start section for CI/CD setup
- Clean up temporary files
 2025-09-15 02:26:23 -07:00
William Valentin 03fa856199 feat: Add CI/CD secrets configuration and documentation 
- Add comprehensive CI/CD secrets section to .env.example
- Create detailed CI-CD-SECRETS.md guide with:
  - Step-by-step secret setup instructions
  - Container registry authentication examples
  - PyPI token configuration
  - GitHub integration setup
  - Security best practices
  - Troubleshooting guide
  - Workflow-specific requirements

Includes support for:
- Docker Hub, GitLab, GitHub container registries
- Automated PyPI publishing
- Slack/Discord notifications
- Kubernetes deployment secrets
- Security scanning integration

Updated .env template with placeholder values and detailed comments.
 2025-09-15 02:26:02 -07:00
William Valentin 25666a76cf feat: Add comprehensive Gitea CI/CD workflows for multi-arch container builds 
- Add build-container.yml: Main build pipeline with multi-arch support
- Add pr-check.yml: Pull request validation with comprehensive testing
- Add release.yml: Automated release pipeline with security scanning
- Add nightly.yml: Daily builds with performance testing
- Add health_check.sh: Container health validation script
- Add setup-ci.sh: Local CI/CD environment setup script
- Add comprehensive CI/CD documentation

Features:
- Multi-architecture builds (linux/amd64, linux/arm64)
- Security scanning with Trivy
- Automated PyPI publishing for releases
- Container registry integration
- Performance testing and validation
- Artifact management and cleanup
- Build caching and optimization

Supports full development workflow from PR to production deployment.
 2025-09-15 02:04:07 -07:00
William Valentin 1f0604cba6 make: add docker buildx multi-arch targets (linux/amd64, linux/arm64) with setup, push, and local build 2025-09-15 01:31:53 -07:00
William Valentin b544399f9c backend: remove __main__ runner; typing: fix mypy across core and routes; tooling: use uv for pytest in pre-commit; security: narrow broad except in config; mypy: relax untyped decorator check for backend.app.main 2025-09-15 01:25:25 -07:00
William Valentin be520c14e9 feat(k8s): Update ingress host and service port, set VPA 
controlledValues to RequestsOnly
 2025-09-15 01:00:03 -07:00
William Valentin ec68e52e28 fix: Use uv to run pytest in pre-commit hook 2025-09-15 00:59:44 -07:00
31 changed files with 3421 additions and 326 deletions
Expand all files Collapse all files
.gitea/workflows/README.md
+373
View File
@@ -0,0 +1,373 @@
# Gitea CI/CD Workflows
This directory contains the CI/CD workflows for UnitForge using Gitea Actions. These workflows automate testing, building, and deploying multi-architecture container images.
## Workflows Overview
### 1. `build-container.yml` - Main Build Pipeline
**Triggers:** Push to `main`/`develop`, tags starting with `v*`
**Features:**
- Runs comprehensive tests (linting, type checking, security)
- Builds multi-arch container images (linux/amd64, linux/arm64)
- Pushes to container registry
- Security scanning with Trivy
- Automatic deployment to staging/production
**Jobs:**
- `test` - Run linting, tests, and security checks
- `build-and-push` - Build and push multi-arch container images
- `security-scan` - Vulnerability scanning
- `deploy-staging` - Deploy to staging (develop branch)
- `deploy-production` - Deploy to production (tags)
### 2. `pr-check.yml` - Pull Request Validation
**Triggers:** Pull requests to `main`/`develop`
**Features:**
- Full test suite including coverage reporting
- Multi-arch build testing (no push)
- Container startup verification
- Configuration validation
- PR summary with build status
**Jobs:**
- `test` - Complete test suite with coverage
- `build-test` - Test multi-arch builds without pushing
- `validate-config` - Validate project configuration
- `pr-summary` - Generate build status summary
### 3. `release.yml` - Release Pipeline
**Triggers:** Tags matching `v*` pattern
**Features:**
- Version validation and metadata extraction
- Full test suite across all Python versions
- Multi-arch container builds with release tags
- Security scanning with vulnerability blocking
- GitHub release creation with artifacts
- PyPI package publishing (stable releases only)
- Production deployment
**Jobs:**
- `validate-release` - Version format and metadata validation
- `test-and-build` - Comprehensive testing and Python package build
- `build-container` - Multi-arch container build with release tags
- `security-scan` - Security scanning with critical vulnerability blocking
- `create-release` - GitHub release with artifacts and changelog
- `publish-package` - PyPI publishing (stable releases only)
- `deploy-production` - Production deployment
- `notify-release` - Release completion notification
### 4. `nightly.yml` - Nightly Builds
**Triggers:** Daily at 2 AM UTC, manual dispatch
**Features:**
- Change detection (skips if no commits in 24h)
- Multi-Python version testing matrix
- Performance testing
- Comprehensive security scanning
- Old image cleanup
- Detailed reporting
**Jobs:**
- `check-changes` - Detect if build is needed
- `nightly-tests` - Test across Python versions (3.8-3.12)
- `build-nightly` - Build nightly images with date/commit tags
- `performance-test` - Basic performance validation
- `security-scan-nightly` - Comprehensive security analysis
- `cleanup-old-nightlies` - Remove old nightly images
- `notify-results` - Build status notification
## Configuration
### Required Secrets
Set these secrets in your Gitea repository settings:
```bash
# Container Registry
CONTAINER_REGISTRY_USERNAME=your-registry-username
CONTAINER_REGISTRY_PASSWORD=your-registry-password
# PyPI Publishing (for releases)
PYPI_API_TOKEN=your-pypi-token
# GitHub (if using GitHub releases)
GITHUB_TOKEN=your-github-token
```
### Environment Variables
The workflows use these environment variables:
```yaml
env:
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
```
Update these in each workflow file to match your registry and image name.
### Multi-Architecture Support
All workflows build for multiple architectures:
- `linux/amd64` - Standard x86_64 architecture
- `linux/arm64` - ARM64 architecture (Apple Silicon, ARM servers)
This is configured using Docker Buildx with the platform specification:
```yaml
platforms: linux/amd64,linux/arm64
```
## Container Registry Integration
### Image Tags
Different workflows create different image tags:
**Main builds (build-container.yml):**
- `main` - Latest from main branch
- `develop` - Latest from develop branch
- `latest` - Latest stable release
**Release builds (release.yml):**
- `v1.2.3` - Specific version
- `1.2` - Major.minor version
- `1` - Major version (stable releases only)
- `latest` - Latest stable release
**Nightly builds (nightly.yml):**
- `nightly-20240101-abc1234` - Date and commit SHA
- `nightly-latest` - Latest nightly build
### Registry Configuration
The workflows are configured for a self-hosted registry. To use a different registry:
1. Update the `REGISTRY` environment variable
2. Ensure authentication secrets are set correctly
3. Verify registry supports multi-arch manifests
## Development Workflow
### Branch Strategy
- `main` - Production-ready code
- `develop` - Integration branch for features
- `feature/*` - Feature branches (create PRs to develop)
- `hotfix/*` - Critical fixes (create PRs to main)
### Release Process
1. **Prepare Release:**
```bash
git checkout main
git pull origin main
git tag v1.2.3
git push origin v1.2.3
```
2. **Automatic Process:**
- Release workflow triggers
- Tests run across all Python versions
- Multi-arch container images built
- Security scanning performed
- GitHub release created
- PyPI package published (if stable)
- Production deployment triggered
3. **Manual Verification:**
- Check workflow completion
- Verify container images in registry
- Test deployed application
- Monitor for issues
### Local Development
Test builds locally using the Makefile:
```bash
# Setup development environment
make setup-dev
# Run tests and linting
make dev
# Build container image locally
make docker-buildx-local
# Test multi-arch build (requires buildx)
make docker-buildx-setup
docker buildx build --platform linux/amd64,linux/arm64 -t unitforge:test .
```
## Debugging Workflows
### Common Issues
1. **Missing Vendor Assets:**
```
Error: Missing bootstrap CSS file
```
Ensure all static assets are committed to the repository.
2. **Registry Authentication:**
```
Error: unauthorized
```
Verify `CONTAINER_REGISTRY_USERNAME` and `CONTAINER_REGISTRY_PASSWORD` secrets.
3. **Build Platform Issues:**
```
Error: multiple platforms feature is currently not supported
```
Ensure Docker Buildx is properly set up in the runner.
### Workflow Debugging
1. **Enable Debug Logging:**
Add to workflow:
```yaml
env:
ACTIONS_STEP_DEBUG: true
ACTIONS_RUNNER_DEBUG: true
```
2. **Test Locally:**
Use `act` to test workflows locally:
```bash
act -j test -s CONTAINER_REGISTRY_USERNAME=test -s CONTAINER_REGISTRY_PASSWORD=test
```
3. **Check Build Logs:**
- View detailed logs in Gitea Actions UI
- Check container registry for pushed images
- Verify security scan results
## Security
### Image Scanning
All container images are scanned for vulnerabilities using Trivy:
- **PR builds:** Informational scanning
- **Main builds:** Upload results to security dashboard
- **Release builds:** Block on critical vulnerabilities
- **Nightly builds:** Comprehensive analysis
### Secrets Management
- Use Gitea repository secrets for sensitive data
- Never commit credentials to repository
- Rotate secrets regularly
- Use least-privilege access
### Build Security
- Multi-stage Dockerfile minimizes attack surface
- Non-root user in containers
- Dependency scanning included
- Static analysis with security tools
## Monitoring and Notifications
### Build Status
Monitor workflow status:
- Gitea Actions dashboard
- Email notifications (configure in Gitea)
- External monitoring (webhook integrations)
### Metrics
Track important metrics:
- Build success rate
- Build duration
- Image size trends
- Security vulnerability counts
### Alerts
Set up alerts for:
- Failed builds on main/develop
- Security vulnerabilities in releases
- Performance regression in nightly builds
- Registry storage usage
## Customization
### Adding New Platforms
To support additional architectures:
1. Update platform list:
```yaml
platforms: linux/amd64,linux/arm64,linux/arm/v7
```
2. Ensure base images support the platform
3. Test builds on target architecture
### Custom Deployment
Modify deployment jobs for your infrastructure:
```yaml
deploy-production:
steps:
- name: Deploy to Kubernetes
run: |
kubectl set image deployment/unitforge \
unitforge=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
```
### Integration with External Tools
Add steps for external integrations:
```yaml
- name: Update monitoring
run: |
curl -X POST "$MONITORING_WEBHOOK" \
-d "version=${{ github.ref_name }}" \
-d "image=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}"
```
## Troubleshooting
### Performance Issues
If builds are slow:
- Enable build caching (already configured)
- Use faster runners if available
- Parallelize independent jobs
- Optimize Docker layer caching
### Storage Issues
Manage registry storage:
- Implement cleanup policies
- Use image compression
- Remove unused layers
- Monitor storage usage
### Network Issues
For registry connectivity problems:
- Check network policies
- Verify DNS resolution
- Test registry endpoint manually
- Review firewall rules
## Contributing
When modifying workflows:
1. Test changes in feature branch
2. Document any new requirements
3. Update this README if needed
4. Ensure backward compatibility
5. Test with actual builds before merging
For questions or issues with the CI/CD workflows, please create an issue in the repository.
.gitea/workflows/build-container.yml
+173
View File
@@ -0,0 +1,173 @@
name: Build Multi-Arch Container Image
on:
push:
branches:
- main
- develop
tags:
- "v*"
pull_request:
branches:
- main
- develop
env:
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Install dependencies
run: |
uv venv
uv pip install -e ".[dev]"
- name: Run linting
run: |
source .venv/bin/activate
make lint
- name: Run tests
run: |
source .venv/bin/activate
make test-cov
- name: Security check
run: |
source .venv/bin/activate
make security-check
build-and-push:
needs: test
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix={{branch}}-
- name: Verify vendor assets
run: |
if [ ! -f frontend/static/vendor/bootstrap/css/bootstrap.min.css ]; then
echo "Error: Missing bootstrap CSS file"
exit 1
fi
if [ ! -f frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js ]; then
echo "Error: Missing bootstrap JS file"
exit 1
fi
if [ ! -f frontend/static/vendor/fontawesome/css/all.min.css ]; then
echo "Error: Missing FontAwesome CSS file"
exit 1
fi
if [ ! -f frontend/static/vendor/fontawesome/webfonts/fa-solid-900.woff2 ]; then
echo "Error: Missing FontAwesome font file"
exit 1
fi
if [ ! -f frontend/static/img/osi-logo.svg ]; then
echo "Error: Missing OSI logo"
exit 1
fi
echo "All vendor assets verified"
- name: Build and push multi-arch image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
- name: Image digest
run: echo ${{ steps.build.outputs.digest }}
security-scan:
needs: build-and-push
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: "trivy-results.sarif"
deploy-staging:
needs: [build-and-push, security-scan]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
environment: staging
steps:
- name: Deploy to staging
run: |
echo "Deploying ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:develop to staging environment"
# Add your staging deployment commands here
# This could include updating k8s manifests, helm charts, etc.
deploy-production:
needs: [build-and-push, security-scan]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
environment: production
steps:
- name: Deploy to production
run: |
echo "Deploying ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} to production environment"
# Add your production deployment commands here
# This could include updating k8s manifests, helm charts, etc.
.gitea/workflows/nightly.yml
+296
View File
@@ -0,0 +1,296 @@
name: Nightly Build
on:
schedule:
# Run every night at 2 AM UTC
- cron: "0 2 * * *"
workflow_dispatch:
inputs:
force_build:
description: "Force build even if no changes"
required: false
default: "false"
type: boolean
env:
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
jobs:
check-changes:
runs-on: ubuntu-latest
outputs:
should_build: ${{ steps.changes.outputs.should_build }}
commit_sha: ${{ steps.changes.outputs.commit_sha }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Check for changes
id: changes
run: |
# Get the latest commit from the last 24 hours
YESTERDAY=$(date -d "24 hours ago" --iso-8601)
RECENT_COMMITS=$(git log --since="$YESTERDAY" --format="%H" | wc -l)
FORCE_BUILD="${{ github.event.inputs.force_build }}"
if [[ "$FORCE_BUILD" == "true" ]] || [[ $RECENT_COMMITS -gt 0 ]]; then
echo "should_build=true" >> $GITHUB_OUTPUT
echo "Found $RECENT_COMMITS commits in the last 24 hours or force build requested"
else
echo "should_build=false" >> $GITHUB_OUTPUT
echo "No changes in the last 24 hours, skipping build"
fi
echo "commit_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
nightly-tests:
needs: check-changes
runs-on: ubuntu-latest
if: needs.check-changes.outputs.should_build == 'true'
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install dependencies
run: |
uv venv --python ${{ matrix.python-version }}
uv pip install -e ".[dev]"
- name: Run comprehensive tests
run: |
source .venv/bin/activate
# Run all checks
make lint
make type-check
make security-check
make test-cov
# Additional nightly-specific tests
echo "Running extended test suite..."
python -m pytest tests/ -v --durations=10 --tb=short
- name: Upload coverage for Python ${{ matrix.python-version }}
uses: codecov/codecov-action@v3
if: matrix.python-version == '3.11'
with:
file: ./htmlcov/coverage.xml
flags: nightly-${{ matrix.python-version }}
build-nightly:
needs: [check-changes, nightly-tests]
runs-on: ubuntu-latest
if: needs.check-changes.outputs.should_build == 'true'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
- name: Generate nightly tags
id: tags
run: |
COMMIT_SHA="${{ needs.check-changes.outputs.commit_sha }}"
DATE=$(date +%Y%m%d)
SHORT_SHA=${COMMIT_SHA:0:7}
echo "nightly_tag=nightly-${DATE}-${SHORT_SHA}" >> $GITHUB_OUTPUT
echo "nightly_latest=nightly-latest" >> $GITHUB_OUTPUT
- name: Verify vendor assets
run: |
assets=(
"frontend/static/vendor/bootstrap/css/bootstrap.min.css"
"frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js"
"frontend/static/vendor/fontawesome/css/all.min.css"
"frontend/static/vendor/fontawesome/webfonts/fa-solid-900.woff2"
"frontend/static/img/osi-logo.svg"
)
for asset in "${assets[@]}"; do
if [ ! -f "$asset" ]; then
echo "Error: Missing required asset: $asset"
exit 1
fi
done
echo "All vendor assets verified"
- name: Build and push nightly image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tags.outputs.nightly_tag }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tags.outputs.nightly_latest }}
labels: |
org.opencontainers.image.title=UnitForge Nightly
org.opencontainers.image.description=Nightly build of UnitForge
org.opencontainers.image.version=nightly-${{ steps.tags.outputs.nightly_tag }}
org.opencontainers.image.revision=${{ needs.check-changes.outputs.commit_sha }}
org.opencontainers.image.created=${{ github.event.repository.pushed_at }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
performance-test:
needs: [check-changes, build-nightly]
runs-on: ubuntu-latest
if: needs.check-changes.outputs.should_build == 'true'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run performance tests
run: |
# Pull the nightly image
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly-latest
# Start the container
docker run -d --name unitforge-perf \
-p 8000:8000 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly-latest
# Wait for startup
sleep 15
# Basic performance test
echo "Running basic performance test..."
for i in {1..10}; do
curl -s -o /dev/null -w "%{http_code} %{time_total}s\n" \
http://localhost:8000/
done
# Memory usage check
echo "Checking memory usage..."
docker stats unitforge-perf --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
# Cleanup
docker stop unitforge-perf
docker rm unitforge-perf
security-scan-nightly:
needs: [check-changes, build-nightly]
runs-on: ubuntu-latest
if: needs.check-changes.outputs.should_build == 'true'
steps:
- name: Run comprehensive security scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly-latest
format: "sarif"
output: "trivy-nightly.sarif"
- name: Upload security scan results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: "trivy-nightly.sarif"
- name: Generate security report
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly-latest
format: "json"
output: "security-report.json"
- name: Upload security report
uses: actions/upload-artifact@v3
with:
name: nightly-security-report
path: security-report.json
cleanup-old-nightlies:
needs: [check-changes, build-nightly]
runs-on: ubuntu-latest
if: needs.check-changes.outputs.should_build == 'true'
steps:
- name: Clean up old nightly images
run: |
echo "Cleaning up nightly images older than 7 days..."
# Note: This would require registry API access or container registry-specific tools
# For now, we'll just log what would be cleaned
CUTOFF_DATE=$(date -d "7 days ago" +%Y%m%d)
echo "Would clean images tagged before: nightly-${CUTOFF_DATE}"
# Add actual cleanup logic here based on your registry
# Examples:
# - Use registry API to list and delete old tags
# - Use container registry CLI tools
# - Use registry-specific cleanup policies
notify-results:
needs:
[
check-changes,
nightly-tests,
build-nightly,
performance-test,
security-scan-nightly,
]
runs-on: ubuntu-latest
if: always() && needs.check-changes.outputs.should_build == 'true'
steps:
- name: Generate build report
run: |
echo "## Nightly Build Report - $(date)" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Component | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-----------|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Tests | ${{ needs.nightly-tests.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Build | ${{ needs.build-nightly.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Performance | ${{ needs.performance-test.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Security | ${{ needs.security-scan-nightly.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [[ "${{ needs.nightly-tests.result }}" == "success" && "${{ needs.build-nightly.result }}" == "success" ]]; then
echo "🌙 Nightly build completed successfully!" >> $GITHUB_STEP_SUMMARY
echo "📦 Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly-latest" >> $GITHUB_STEP_SUMMARY
else
echo "❌ Nightly build encountered issues. Check failed jobs above." >> $GITHUB_STEP_SUMMARY
fi
- name: Send notification
if: failure()
run: |
echo "🚨 Nightly build failed!"
echo "Check the workflow run for details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
# Add notification logic here (webhook, email, Slack, etc.)
.gitea/workflows/pr-check.yml
+156
View File
@@ -0,0 +1,156 @@
name: Pull Request Checks
on:
pull_request:
branches:
- main
- develop
env:
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Install dependencies
run: |
uv venv
uv pip install -e ".[dev]"
- name: Run linting
run: |
source .venv/bin/activate
make lint
- name: Run type checking
run: |
source .venv/bin/activate
make type-check
- name: Run tests with coverage
run: |
source .venv/bin/activate
make test-cov
- name: Security check
run: |
source .venv/bin/activate
make security-check
- name: Upload coverage reports
uses: codecov/codecov-action@v3
if: always()
with:
file: ./htmlcov/coverage.xml
flags: unittests
name: codecov-umbrella
build-test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Verify vendor assets
run: |
if [ ! -f frontend/static/vendor/bootstrap/css/bootstrap.min.css ]; then
echo "Error: Missing bootstrap CSS file"
exit 1
fi
if [ ! -f frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js ]; then
echo "Error: Missing bootstrap JS file"
exit 1
fi
if [ ! -f frontend/static/vendor/fontawesome/css/all.min.css ]; then
echo "Error: Missing FontAwesome CSS file"
exit 1
fi
if [ ! -f frontend/static/vendor/fontawesome/webfonts/fa-solid-900.woff2 ]; then
echo "Error: Missing FontAwesome font file"
exit 1
fi
if [ ! -f frontend/static/img/osi-logo.svg ]; then
echo "Error: Missing OSI logo"
exit 1
fi
echo "All vendor assets verified"
- name: Build multi-arch image (test only)
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: false
tags: unitforge:pr-${{ github.event.number }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Test container startup
run: |
docker run --rm -d --name unitforge-test -p 8080:8000 unitforge:pr-${{ github.event.number }}
sleep 10
# Basic health check
curl -f http://localhost:8080/health || exit 1
docker stop unitforge-test
validate-config:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Install dependencies
run: |
uv venv
uv pip install -e ".[dev]"
- name: Validate configuration
run: |
source .venv/bin/activate
make validate-config
pr-summary:
needs: [test, build-test, validate-config]
runs-on: ubuntu-latest
if: always()
steps:
- name: PR Summary
run: |
echo "## Pull Request Build Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
echo "| Tests | ${{ needs.test.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Build | ${{ needs.build-test.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Config | ${{ needs.validate-config.result == 'success' && '✅ Passed' || '❌ Failed' }} |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
if [[ "${{ needs.test.result }}" == "success" && "${{ needs.build-test.result }}" == "success" && "${{ needs.validate-config.result }}" == "success" ]]; then
echo "🎉 All checks passed! This PR is ready for review." >> $GITHUB_STEP_SUMMARY
else
echo "❌ Some checks failed. Please review the failed jobs above." >> $GITHUB_STEP_SUMMARY
fi
.gitea/workflows/release.yml
+299
View File
@@ -0,0 +1,299 @@
name: Release
on:
push:
tags:
- "v*"
env:
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
jobs:
validate-release:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.extract.outputs.version }}
is_prerelease: ${{ steps.extract.outputs.is_prerelease }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Extract version info
id: extract
run: |
VERSION=${GITHUB_REF#refs/tags/}
echo "version=$VERSION" >> $GITHUB_OUTPUT
# Check if this is a pre-release (contains alpha, beta, rc, etc.)
if [[ $VERSION =~ (alpha|beta|rc|pre) ]]; then
echo "is_prerelease=true" >> $GITHUB_OUTPUT
else
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
echo "Releasing version: $VERSION"
echo "Is pre-release: ${{ steps.extract.outputs.is_prerelease }}"
- name: Validate version format
run: |
if [[ ! "${{ steps.extract.outputs.version }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
echo "Invalid version format: ${{ steps.extract.outputs.version }}"
echo "Version must follow semantic versioning (e.g., v1.0.0, v1.0.0-alpha.1)"
exit 1
fi
test-and-build:
needs: validate-release
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Install dependencies
run: |
uv venv
uv pip install -e ".[dev]"
- name: Run full test suite
run: |
source .venv/bin/activate
make check-all
- name: Build Python package
run: |
source .venv/bin/activate
make build
- name: Upload build artifacts
uses: actions/upload-artifact@v3
with:
name: python-package
path: dist/
build-container:
needs: [validate-release, test-and-build]
runs-on: ubuntu-latest
outputs:
image-digest: ${{ steps.build.outputs.digest }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !needs.validate-release.outputs.is_prerelease }}
type=raw,value=latest,enable=${{ !needs.validate-release.outputs.is_prerelease }}
- name: Verify vendor assets
run: |
assets=(
"frontend/static/vendor/bootstrap/css/bootstrap.min.css"
"frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js"
"frontend/static/vendor/fontawesome/css/all.min.css"
"frontend/static/vendor/fontawesome/webfonts/fa-solid-900.woff2"
"frontend/static/img/osi-logo.svg"
)
for asset in "${assets[@]}"; do
if [ ! -f "$asset" ]; then
echo "Error: Missing required asset: $asset"
exit 1
fi
done
echo "All vendor assets verified"
- name: Build and push release image
id: build
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
VERSION=${{ needs.validate-release.outputs.version }}
security-scan:
needs: [validate-release, build-container]
runs-on: ubuntu-latest
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.validate-release.outputs.version }}
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: "trivy-results.sarif"
- name: Fail on critical vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.validate-release.outputs.version }}
format: "table"
exit-code: 1
severity: "CRITICAL"
create-release:
needs: [validate-release, test-and-build, build-container, security-scan]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
name: python-package
path: dist/
- name: Generate changelog
id: changelog
run: |
# Extract changelog for this version
VERSION=${{ needs.validate-release.outputs.version }}
# Create release notes
cat > release-notes.md << EOF
## UnitForge $VERSION
### Container Images
- **Multi-arch support**: linux/amd64, linux/arm64
- **Registry**: \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$VERSION\`
- **Digest**: \`${{ needs.build-container.outputs.image-digest }}\`
### Installation
#### Docker
\`\`\`bash
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$VERSION
docker run -p 8000:8000 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$VERSION
\`\`\`
#### Python Package
\`\`\`bash
pip install unitforge==$VERSION
\`\`\`
### Verification
All container images are scanned for security vulnerabilities and signed for authenticity.
EOF
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
body_path: release-notes.md
files: |
dist/*
prerelease: ${{ needs.validate-release.outputs.is_prerelease }}
generate_release_notes: true
tag_name: ${{ needs.validate-release.outputs.version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-package:
needs: [validate-release, create-release]
runs-on: ubuntu-latest
if: ${{ !needs.validate-release.outputs.is_prerelease }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
name: python-package
path: dist/
- name: Publish to PyPI
run: |
uv pip install twine
twine upload dist/* --non-interactive
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
deploy-production:
needs: [validate-release, create-release, security-scan]
runs-on: ubuntu-latest
if: ${{ !needs.validate-release.outputs.is_prerelease }}
environment: production
steps:
- name: Deploy to production
run: |
echo "🚀 Deploying UnitForge ${{ needs.validate-release.outputs.version }} to production"
echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.validate-release.outputs.version }}"
# Add your production deployment commands here
# Examples:
# - Update Kubernetes manifests
# - Update Helm charts
# - Trigger deployment pipeline
# - Update Docker Swarm services
echo "✅ Production deployment completed"
notify-release:
needs: [validate-release, create-release, deploy-production]
runs-on: ubuntu-latest
if: always()
steps:
- name: Notify release completion
run: |
if [[ "${{ needs.deploy-production.result }}" == "success" ]]; then
echo "🎉 UnitForge ${{ needs.validate-release.outputs.version }} has been successfully released!"
echo "📦 Container image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.validate-release.outputs.version }}"
echo "🌐 Production deployment: ✅ Complete"
else
echo "⚠️ UnitForge ${{ needs.validate-release.outputs.version }} release completed with issues"
echo "📦 Container image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.validate-release.outputs.version }}"
echo "🌐 Production deployment: ❌ Failed or skipped"
fi
# Add notification logic here (Slack, Discord, email, etc.)
.pre-commit-config.yaml
+1 -1
View File
@@ -86,7 +86,7 @@ repos:
hooks:
- id: pytest-check
name: pytest-check
entry: python -m pytest tests/ --tb=short
entry: uv run pytest tests/ --tb=short
language: system
pass_filenames: false
always_run: true
.rules
+5
View File
@@ -10,6 +10,9 @@ RULE: keep_code_lean
RULE: keep_tests_consistent
RULE: remove_legacy_code
RULE: use_makefile_services
RULE: use_browser_tools
RULE: git_commit_often
RULE: keep_docs_consolidated
SERVER: uvicorn
PACKAGE_MANAGER: uv
@@ -26,3 +29,5 @@ STYLE: python_formatter_black
STYLE: code_no_duplication
STYLE: code_high_cohesion
STYLE: code_minimal_complexity
STYLE: code_commit_accordingly
STYLE: code_no_changelog
Makefile
+26 -2
View File
@@ -218,11 +218,35 @@ validate-config: ## Validate environment configuration
fi
# Docker targets
docker-build: ## Build Docker images
$(call info,Building Docker images...)
DOCKER_PLATFORMS := linux/amd64,linux/arm64
docker-build: ## Build Docker images (docker-compose)
$(call info,Building Docker images with docker-compose...)
docker-compose build
$(call success,Docker images built)
docker-buildx-setup: ## Ensure docker buildx builder exists and is bootstrapped
$(call info,Setting up docker buildx builder...)
@docker buildx create --name unitforge-builder --use 2>/dev/null || true
@docker buildx inspect --bootstrap
$(call success,Buildx builder ready)
docker-buildx: docker-buildx-setup ## Build and push multi-arch image (linux/amd64, linux/arm64)
$(call info,Building multi-arch image with buildx...)
@if [ -f ".env" ]; then \
REGISTRY_URL=$$(grep '^CONTAINER_REGISTRY_URL=' .env | cut -d'=' -f2 | sed 's|^https\?://||'); \
CONTAINER_TAG=$$(grep '^CONTAINER_TAG=' .env | cut -d'=' -f2); \
docker buildx build --platform $(DOCKER_PLATFORMS) -t $${REGISTRY_URL}:$${CONTAINER_TAG} -t $${REGISTRY_URL}:latest --push -f Dockerfile .; \
else \
echo -e "$(YELLOW)$(WARNING_SYMBOL)$(NC) .env file not found. Set CONTAINER_REGISTRY_URL and CONTAINER_TAG to enable push."; \
fi
$(call success,Multi-arch image built and pushed)
docker-buildx-local: docker-buildx-setup ## Build for current arch locally (no push)
$(call info,Building local image for current architecture...)
docker buildx build --load -t unitforge:local -f Dockerfile .
$(call success,Local image built: unitforge:local)
# Container Registry targets
docker-tag: ## Tag Docker images with registry URL
$(call info,Tagging Docker images for registry...)
README.md
+75
View File
@@ -478,6 +478,81 @@ For comprehensive guides and references, see the [**Documentation Index**](docs/
- [systemd.socket(5)](https://www.freedesktop.org/software/systemd/man/systemd.socket.html) - Socket units
- [systemd documentation](https://systemd.io/) - Official documentation
## 🔄 CI/CD
UnitForge includes comprehensive CI/CD workflows for automated testing, building, and deployment using Gitea Actions.
### Workflow Overview
- **Pull Request Checks** (`pr-check.yml`) - Validates PRs with tests, builds, and configuration checks
- **Main Build Pipeline** (`build-container.yml`) - Builds and pushes multi-arch container images
- **Release Pipeline** (`release.yml`) - Automated releases with security scanning and PyPI publishing
- **Nightly Builds** (`nightly.yml`) - Daily builds with comprehensive testing and performance checks
### Multi-Architecture Support
All container images are built for multiple architectures:
- `linux/amd64` - Standard x86_64 architecture
- `linux/arm64` - ARM64 architecture (Apple Silicon, ARM servers)
### Container Registry
Images are pushed to the configured container registry:
```bash
# Default registry configuration
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
# Available tags
latest # Latest stable release
develop # Latest development build
v1.2.3 # Specific version
nightly-latest # Latest nightly build
```
### Local CI/CD Testing
Set up your local environment for CI/CD development:
```bash
# Setup CI/CD environment
./scripts/setup-ci.sh
# Test local builds
./scripts/setup-ci.sh --test-build
# Test container health
./scripts/health_check.sh
# Build multi-arch locally
make docker-buildx-local
# Build and push to registry
make registry-push
```
### Required Secrets
Configure these secrets in your Gitea repository:
```bash
CONTAINER_REGISTRY_USERNAME=your-registry-username
CONTAINER_REGISTRY_PASSWORD=your-registry-password
PYPI_API_TOKEN=your-pypi-token
GITHUB_TOKEN=your-github-token
```
### Workflow Features
- **Automated Testing**: Comprehensive test suite across Python versions
- **Security Scanning**: Trivy vulnerability scanning with blocking on critical issues
- **Performance Testing**: Basic performance validation and memory usage checks
- **Multi-stage Deployment**: Staging and production environment support
- **Artifact Management**: Automatic cleanup of old nightly builds
- **Build Caching**: GitHub Actions cache for faster builds
For detailed CI/CD documentation, see [`.gitea/workflows/README.md`](.gitea/workflows/README.md).
## 🤝 Contributing
**New contributors**: Please see the [**Contributing Guide**](CONTRIBUTING.md) for complete development setup and workflow instructions.
backend/app/core/config.py
+1 -1
View File
@@ -207,7 +207,7 @@ class Settings:
parsed = self._parse_list("CORS_ORIGINS", [])
if parsed:
return parsed
except Exception:
except (ValueError, SyntaxError, json.JSONDecodeError, TypeError):
# Fall back to comma-separated parsing if JSON/literal parsing fails
pass
backend/app/core/templates.py
+10 -10
View File
@@ -43,7 +43,7 @@ class UnitTemplate:
class WebApplicationTemplate(UnitTemplate):
"""Template for web application services."""
def __init__(self):
def __init__(self) -> None:
super().__init__(
name="webapp",
description="Web application service (Node.js, Python, etc.)",
@@ -159,7 +159,7 @@ class WebApplicationTemplate(UnitTemplate):
class DatabaseTemplate(UnitTemplate):
"""Template for database services."""
def __init__(self):
def __init__(self) -> None:
super().__init__(
name="database",
description="Database service (PostgreSQL, MySQL, MongoDB, etc.)",
@@ -249,7 +249,7 @@ class DatabaseTemplate(UnitTemplate):
class BackupTimerTemplate(UnitTemplate):
"""Template for backup timer services."""
def __init__(self):
def __init__(self) -> None:
super().__init__(
name="backup-timer",
description="Scheduled backup service with timer",
@@ -334,7 +334,7 @@ class BackupTimerTemplate(UnitTemplate):
class ProxySocketTemplate(UnitTemplate):
"""Template for socket-activated proxy services."""
def __init__(self):
def __init__(self) -> None:
super().__init__(
name="proxy-socket",
description="Socket-activated proxy service",
@@ -436,7 +436,7 @@ class ProxySocketTemplate(UnitTemplate):
class ContainerTemplate(UnitTemplate):
"""Template for containerized services (Docker/Podman)."""
def __init__(self):
def __init__(self) -> None:
super().__init__(
name="container",
description="Containerized service (Docker/Podman)",
@@ -596,11 +596,11 @@ class ContainerTemplate(UnitTemplate):
class TemplateRegistry:
"""Registry for managing available unit file templates."""
def __init__(self):
self._templates = {}
def __init__(self) -> None:
self._templates: Dict[str, UnitTemplate] = {}
self._register_default_templates()
def _register_default_templates(self):
def _register_default_templates(self) -> None:
"""Register all default templates."""
templates = [
WebApplicationTemplate(),
@@ -613,7 +613,7 @@ class TemplateRegistry:
for template in templates:
self.register(template)
def register(self, template: UnitTemplate):
def register(self, template: UnitTemplate) -> None:
"""Register a new template."""
self._templates[template.name] = template
@@ -636,7 +636,7 @@ class TemplateRegistry:
def search(self, query: str) -> List[UnitTemplate]:
"""Search templates by name, description, or tags."""
query = query.lower()
results = []
results: List[UnitTemplate] = []
for template in self._templates.values():
# Search in name and description
backend/app/core/unit_file.py
+23 -16
View File
@@ -9,7 +9,7 @@ import configparser
import re
from dataclasses import dataclass, field
from enum import Enum
from typing import List, Optional
from typing import Any, Dict, List, Optional
class UnitType(Enum):
@@ -46,6 +46,11 @@ class UnitFileInfo:
conflicts: List[str] = field(default_factory=list)
class CaseConfigParser(configparser.ConfigParser):
def optionxform(self, optionstr: str) -> str:
return str(optionstr)
class SystemdUnitFile:
"""
Parser and validator for systemd unit files.
@@ -306,7 +311,7 @@ class SystemdUnitFile:
}
# Service types and their requirements
SERVICE_TYPES = {
SERVICE_TYPES: Dict[str, Dict[str, List[str]]] = {
"simple": {"required": ["ExecStart"], "conflicts": ["BusName", "Type=forking"]},
"exec": {"required": ["ExecStart"], "conflicts": ["BusName"]},
"forking": {"recommended": ["PIDFile"], "conflicts": ["BusName"]},
@@ -320,11 +325,10 @@ class SystemdUnitFile:
"""Initialize with either content string or file path."""
self.content = content or ""
self.file_path = file_path
self.config = configparser.ConfigParser(
self.config = CaseConfigParser(
interpolation=None, allow_no_value=True, delimiters=("=",)
)
self.config.optionxform = lambda optionstr: str(optionstr) # Preserve case
self._parse_errors = []
self._parse_errors: List[ValidationError] = []
if content:
self._parse_content(content)
@@ -419,7 +423,7 @@ class SystemdUnitFile:
def validate(self) -> List[ValidationError]:
"""Validate the unit file and return list of errors/warnings."""
errors = self._parse_errors.copy()
errors: List[ValidationError] = self._parse_errors.copy()
# Check for basic structure
if not self.config.sections():
@@ -443,7 +447,7 @@ class SystemdUnitFile:
def _validate_section(self, section: str) -> List[ValidationError]:
"""Validate a specific section."""
errors = []
errors: List[ValidationError] = []
# Check if section is known
if section not in self.COMMON_SECTIONS:
@@ -477,7 +481,7 @@ class SystemdUnitFile:
self, section: str, key: str, value: str
) -> List[ValidationError]:
"""Validate specific key-value pairs."""
errors = []
errors: List[ValidationError] = []
# Service-specific validations
if section == "Service":
@@ -574,7 +578,7 @@ class SystemdUnitFile:
def _validate_unit_type(self, unit_type: UnitType) -> List[ValidationError]:
"""Perform type-specific validation."""
errors = []
errors: List[ValidationError] = []
if unit_type == UnitType.SERVICE:
errors.extend(self._validate_service())
@@ -589,13 +593,14 @@ class SystemdUnitFile:
def _validate_service(self) -> List[ValidationError]:
"""Validate service-specific requirements."""
errors = []
errors: List[ValidationError] = []
if not self.config.has_section("Service"):
return errors
service_type = self.config.get("Service", "Type", fallback="simple")
type_config = self.SERVICE_TYPES.get(service_type, {})
tmp = self.SERVICE_TYPES.get(service_type)
type_config: Dict[str, List[str]] = {} if tmp is None else tmp
# Check required keys
for required_key in type_config.get("required", []):
@@ -648,7 +653,7 @@ class SystemdUnitFile:
def _validate_timer(self) -> List[ValidationError]:
"""Validate timer-specific requirements."""
errors = []
errors: List[ValidationError] = []
if not self.config.has_section("Timer"):
return errors
@@ -678,7 +683,7 @@ class SystemdUnitFile:
def _validate_socket(self) -> List[ValidationError]:
"""Validate socket-specific requirements."""
errors = []
errors: List[ValidationError] = []
if not self.config.has_section("Socket"):
return errors
@@ -709,7 +714,7 @@ class SystemdUnitFile:
def _validate_mount(self) -> List[ValidationError]:
"""Validate mount-specific requirements."""
errors = []
errors: List[ValidationError] = []
if not self.config.has_section("Mount"):
return errors
@@ -755,7 +760,9 @@ class SystemdUnitFile:
for section in self.config.sections():
lines.append(f"[{section}]")
for key in self.config.options(section):
value = self.config.get(section, key)
from typing import cast
value = cast(Optional[str], self.config.get(section, key))
if value is None:
lines.append(key)
else:
@@ -796,7 +803,7 @@ class SystemdUnitFile:
return self.config.options(section)
def create_unit_file(unit_type: UnitType, **kwargs) -> SystemdUnitFile:
def create_unit_file(unit_type: UnitType, **kwargs: Any) -> SystemdUnitFile:
"""
Create a new unit file of the specified type with basic structure.
backend/app/main.py
+23 -28
View File
@@ -9,12 +9,12 @@ import tempfile
from pathlib import Path
from typing import Any, Dict, List, Optional
from fastapi import FastAPI, File, HTTPException, Request, UploadFile # type: ignore
from fastapi.middleware.cors import CORSMiddleware # type: ignore
from fastapi.middleware.gzip import GZipMiddleware # type: ignore
from fastapi.responses import FileResponse, HTMLResponse # type: ignore
from fastapi.staticfiles import StaticFiles # type: ignore
from fastapi.templating import Jinja2Templates # type: ignore
from fastapi import FastAPI, File, HTTPException, Request, UploadFile
from fastapi.middleware.cors import CORSMiddleware
from fastapi.middleware.gzip import GZipMiddleware
from fastapi.responses import FileResponse, HTMLResponse
from fastapi.staticfiles import StaticFiles
from fastapi.templating import Jinja2Templates
from pydantic import BaseModel
from .core.config import settings
@@ -137,7 +137,7 @@ def template_to_dict(template: UnitTemplate) -> Dict[str, Any]:
# Web UI Routes
@app.get("/", response_class=HTMLResponse)
async def index(request: Request):
async def index(request: Request) -> Any:
"""Serve the main web interface."""
context = {"request": request}
context.update(settings.get_template_context())
@@ -145,7 +145,7 @@ async def index(request: Request):
@app.get("/editor", response_class=HTMLResponse)
async def editor(request: Request):
async def editor(request: Request) -> Any:
"""Serve the unit file editor interface."""
context = {"request": request}
context.update(settings.get_template_context())
@@ -153,15 +153,16 @@ async def editor(request: Request):
@app.get("/templates", response_class=HTMLResponse)
async def templates_page(request: Request):
async def templates_page(request: Request) -> Any:
"""Serve the templates browser interface."""
context = {"request": request}
context.update(settings.get_template_context())
return templates.TemplateResponse("templates.html", context)
# CLI Info Page
@app.get("/cli", response_class=HTMLResponse)
async def cli_page(request: Request):
async def cli_page(request: Request) -> Any:
"""Serve the CLI information page."""
context = {"request": request}
context.update(settings.get_template_context())
@@ -170,7 +171,7 @@ async def cli_page(request: Request):
# API Routes
@app.post("/api/validate", response_model=ValidationResult)
async def validate_unit_file(unit_file: UnitFileContent):
async def validate_unit_file(unit_file: UnitFileContent) -> ValidationResult:
"""Validate a systemd unit file."""
try:
systemd_unit = SystemdUnitFile(content=unit_file.content)
@@ -194,7 +195,7 @@ async def validate_unit_file(unit_file: UnitFileContent):
@app.post("/api/generate")
async def generate_unit_file(request: GenerateRequest):
async def generate_unit_file(request: GenerateRequest) -> Dict[str, Any]:
"""Generate a unit file from a template."""
try:
template = template_registry.get_template(request.template_name)
@@ -246,7 +247,7 @@ async def generate_unit_file(request: GenerateRequest):
@app.post("/api/create")
async def create_unit_file_endpoint(request: CreateUnitRequest):
async def create_unit_file_endpoint(request: CreateUnitRequest) -> Dict[str, Any]:
"""Create a basic unit file."""
try:
# Parse unit type
@@ -293,14 +294,14 @@ async def create_unit_file_endpoint(request: CreateUnitRequest):
@app.get("/api/templates", response_model=List[TemplateInfo])
async def list_templates():
async def list_templates() -> List[TemplateInfo]:
"""List all available templates."""
templates = template_registry.list_templates()
return [TemplateInfo(**template_to_dict(template)) for template in templates]
@app.get("/api/templates/{template_name}", response_model=TemplateInfo)
async def get_template(template_name: str):
async def get_template(template_name: str) -> TemplateInfo:
"""Get details of a specific template."""
template = template_registry.get_template(template_name)
if not template:
@@ -312,14 +313,14 @@ async def get_template(template_name: str):
@app.get("/api/templates/category/{category}", response_model=List[TemplateInfo])
async def get_templates_by_category(category: str):
async def get_templates_by_category(category: str) -> List[TemplateInfo]:
"""Get templates by category."""
templates = template_registry.get_by_category(category)
return [TemplateInfo(**template_to_dict(template)) for template in templates]
@app.get("/api/templates/type/{unit_type}", response_model=List[TemplateInfo])
async def get_templates_by_type(unit_type: str):
async def get_templates_by_type(unit_type: str) -> List[TemplateInfo]:
"""Get templates by unit type."""
try:
unit_type_enum = UnitType(unit_type.lower())
@@ -331,14 +332,14 @@ async def get_templates_by_type(unit_type: str):
@app.get("/api/search/{query}", response_model=List[TemplateInfo])
async def search_templates(query: str):
async def search_templates(query: str) -> List[TemplateInfo]:
"""Search templates by name, description, or tags."""
templates = template_registry.search(query)
return [TemplateInfo(**template_to_dict(template)) for template in templates]
@app.post("/api/download")
async def download_unit_file(unit_file: UnitFileContent):
async def download_unit_file(unit_file: UnitFileContent) -> FileResponse:
"""Download a unit file."""
try:
# Create a temporary file
@@ -359,7 +360,7 @@ async def download_unit_file(unit_file: UnitFileContent):
@app.post("/api/upload")
async def upload_unit_file(file: UploadFile = File(...)):
async def upload_unit_file(file: UploadFile = File(...)) -> Dict[str, Any]:
"""Upload and validate a unit file."""
try:
# Check file size
@@ -424,7 +425,7 @@ async def upload_unit_file(file: UploadFile = File(...)):
@app.get("/api/info")
async def get_info():
async def get_info() -> Dict[str, Any]:
"""Get application information."""
return {
"name": settings.app_name,
@@ -449,7 +450,7 @@ async def get_info():
# Health check
@app.get("/health")
async def health_check():
async def health_check() -> Dict[str, Any]:
"""Health check endpoint."""
if not settings.health_check_enabled:
raise HTTPException(status_code=404, detail="Health check disabled")
@@ -461,9 +462,3 @@ async def health_check():
"environment": settings.environment,
"timestamp": __import__("datetime").datetime.utcnow().isoformat(),
}
if __name__ == "__main__":
import uvicorn # type: ignore
uvicorn.run(app, host=settings.host, port=settings.port) # nosec B104
docs/CI-CD-SECRETS.md
+274
View File
@@ -0,0 +1,274 @@
# CI/CD Secrets Setup Guide
This guide explains how to configure the required secrets for UnitForge's Gitea CI/CD workflows.
## Overview
UnitForge's CI/CD pipelines require several secrets to function properly:
- **Container Registry** credentials for pushing multi-arch images
- **PyPI** token for automated package publishing
- **GitHub** token for release management
- **Optional** notification and deployment secrets
## Required Secrets
### 1. Container Registry Authentication
**Required for:** All build workflows (`build-container.yml`, `release.yml`, `nightly.yml`)
```bash
CONTAINER_REGISTRY_USERNAME=your-registry-username
CONTAINER_REGISTRY_PASSWORD=your-registry-password-or-token
```
#### Docker Hub Example:
```bash
CONTAINER_REGISTRY_USERNAME=dockerhubusername
CONTAINER_REGISTRY_PASSWORD=dckr_pat_xxxxxxxxxxxxxxxxxxxxxxxxxx
```
#### GitLab Container Registry Example:
```bash
CONTAINER_REGISTRY_USERNAME=gitlab-ci-token
CONTAINER_REGISTRY_PASSWORD=glpat-xxxxxxxxxxxxxxxxxxxx
```
#### GitHub Container Registry Example:
```bash
CONTAINER_REGISTRY_USERNAME=github-username
CONTAINER_REGISTRY_PASSWORD=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
### 2. PyPI Publishing Token
**Required for:** Release workflow (`release.yml`) - stable releases only
```bash
PYPI_API_TOKEN=pypi-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
#### How to get PyPI token:
1. Go to [PyPI Account Settings](https://pypi.org/manage/account/token/)
2. Click "Add API token"
3. Set scope to "Entire account" or specific project
4. Copy the token (starts with `pypi-`)
### 3. GitHub Token (Optional)
**Required for:** GitHub releases and integration
```bash
GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
#### How to get GitHub token:
1. Go to GitHub Settings > Developer settings > Personal access tokens
2. Click "Generate new token (classic)"
3. Select scopes: `repo`, `write:packages`
4. Copy the token (starts with `ghp_`)
## Setting Up Secrets in Gitea
### Repository Secrets
1. Navigate to your repository in Gitea
2. Go to **Settings** > **Secrets and Variables** > **Actions**
3. Click **New repository secret**
4. Add each required secret:
```
Name: CONTAINER_REGISTRY_USERNAME
Value: your-registry-username
Name: CONTAINER_REGISTRY_PASSWORD
Value: your-registry-password
Name: PYPI_API_TOKEN
Value: pypi-your-token-here
Name: GITHUB_TOKEN
Value: ghp_your-token-here
```
### Organization Secrets (Optional)
For multiple repositories, set up organization-level secrets:
1. Go to your Gitea organization
2. Navigate to **Settings** > **Secrets and Variables** > **Actions**
3. Add secrets that will be shared across repositories
## Optional Secrets
### Notification Services
```bash
# Slack notifications
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
# Discord notifications
DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/000000000000000000/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Email notifications
EMAIL_NOTIFICATION_ADDRESS=ci-notifications@yourdomain.com
```
### Deployment Secrets
```bash
# SSH key for server deployments (base64 encoded)
DEPLOYMENT_SSH_KEY=LS0tLS1CRUdJTi...
# Kubernetes service account token
KUBERNETES_TOKEN=eyJhbGciOiJSUzI1NiIsImtpZCI6Ii...
# Production API key
PRODUCTION_API_KEY=prod-api-key-xxxxxxxxxxxx
```
### Security Scanning
```bash
# Enhanced security scanning (Snyk, etc.)
SECURITY_SCAN_TOKEN=your-security-service-token
```
## Environment Configuration
Update your `.env` file with registry and configuration details:
```bash
# Container Registry Configuration
CONTAINER_REGISTRY_URL=https://your-registry.example.com/your-namespace/unitforge
CONTAINER_TAG=latest
# Build Configuration
DOCKER_PLATFORMS=linux/amd64,linux/arm64
BUILDX_CACHE_FROM=type=gha
BUILDX_CACHE_TO=type=gha,mode=max
```
## Workflow-Specific Requirements
### Pull Request Workflow (`pr-check.yml`)
- **No secrets required** - Only builds and tests, no pushing
### Build Container Workflow (`build-container.yml`)
- `CONTAINER_REGISTRY_USERNAME` ✅ Required
- `CONTAINER_REGISTRY_PASSWORD` ✅ Required
### Release Workflow (`release.yml`)
- `CONTAINER_REGISTRY_USERNAME` ✅ Required
- `CONTAINER_REGISTRY_PASSWORD` ✅ Required
- `PYPI_API_TOKEN` ✅ Required (stable releases)
- `GITHUB_TOKEN` ⚠️ Optional (for GitHub releases)
### Nightly Workflow (`nightly.yml`)
- `CONTAINER_REGISTRY_USERNAME` ✅ Required
- `CONTAINER_REGISTRY_PASSWORD` ✅ Required
## Security Best Practices
### 1. Secret Rotation
- Rotate secrets regularly (quarterly recommended)
- Use tokens with limited scope and expiration
- Monitor token usage in registry/service dashboards
### 2. Principle of Least Privilege
- Grant minimum required permissions
- Use service-specific tokens where possible
- Avoid using personal access tokens in production
### 3. Token Security
- Never commit secrets to version control
- Use environment-specific secrets
- Enable audit logging where available
### 4. Backup and Recovery
- Document secret sources and renewal procedures
- Maintain secure backup of critical tokens
- Test secret rotation procedures
## Troubleshooting
### Common Issues
**Authentication Failed:**
```
Error: unauthorized: authentication required
```
- Verify `CONTAINER_REGISTRY_USERNAME` and `CONTAINER_REGISTRY_PASSWORD`
- Check token permissions and expiration
- Ensure registry URL matches token scope
**PyPI Publishing Failed:**
```
Error: 403 Forbidden
```
- Verify `PYPI_API_TOKEN` format (should start with `pypi-`)
- Check token scope (project vs account-wide)
- Ensure package name matches PyPI project
**GitHub Release Failed:**
```
Error: Resource not accessible by integration
```
- Verify `GITHUB_TOKEN` permissions include `repo` scope
- Check if token is expired
- Ensure repository access is granted
### Testing Secrets
Test your secrets locally:
```bash
# Test container registry login
echo "$CONTAINER_REGISTRY_PASSWORD" | docker login "$CONTAINER_REGISTRY_URL" -u "$CONTAINER_REGISTRY_USERNAME" --password-stdin
# Test PyPI token (dry run)
twine check dist/* --repository testpypi
# Test GitHub API access
curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user
```
## Monitoring and Alerts
### Registry Usage
- Monitor container registry storage and bandwidth
- Set up alerts for failed pushes
- Track image pull statistics
### Build Metrics
- Monitor workflow success rates
- Track build duration trends
- Alert on consecutive failures
### Security Monitoring
- Enable security scanning alerts
- Monitor vulnerability trends
- Set up notifications for critical issues
## Support
For additional help:
- Check [Gitea Actions Documentation](https://docs.gitea.io/en-us/usage/actions/)
- Review workflow logs in Gitea Actions UI
- Open an issue in the UnitForge repository
- Consult your container registry documentation
## Quick Reference
| Secret | Required For | Format | Purpose |
|--------|-------------|--------|---------|
| `CONTAINER_REGISTRY_USERNAME` | All builds | Username | Registry authentication |
| `CONTAINER_REGISTRY_PASSWORD` | All builds | Token/Password | Registry authentication |
| `PYPI_API_TOKEN` | Releases | `pypi-...` | Package publishing |
| `GITHUB_TOKEN` | Releases | `ghp_...` | GitHub integration |
| `SLACK_WEBHOOK_URL` | Notifications | HTTPS URL | Slack alerts |
| `DEPLOYMENT_SSH_KEY` | Deployments | Base64 SSH key | Server access |
---
*Last updated: December 2024*
*For the latest information, see the [CI/CD Workflows README](.gitea/workflows/README.md)*
docs/README.md
+4
View File
@@ -7,6 +7,8 @@
| [**Main README**](../README.md) | Project overview, installation, and usage |
| [**Contributing Guide**](../CONTRIBUTING.md) | Development setup and workflow |
| [**Environment Configuration**](ENVIRONMENT.md) | Environment variable reference |
| [**CI/CD Secrets Setup**](CI-CD-SECRETS.md) | CI/CD secrets configuration guide |
| [**CI/CD Workflows**](../.gitea/workflows/README.md) | Gitea Actions workflows documentation |
| [**Docker Setup**](../docker/README.md) | Container development |
| [**Scripts & Utilities**](../scripts/README.md) | Development tools |
@@ -18,6 +20,8 @@
**Configuration**: See [Environment Variables](ENVIRONMENT.md)
**CI/CD Setup**: Configure secrets with [CI/CD Secrets Guide](CI-CD-SECRETS.md)
## 🔗 External References
- [systemd documentation](https://systemd.io/)
docs/ci-cd/local-testing.md
+58
View File
@@ -0,0 +1,58 @@
# Local CI/CD Testing
This guide helps you test CI/CD workflows locally before pushing to the repository.
## Prerequisites
- Docker with Buildx support
- uv package manager
- Python 3.8+
## Local Testing Commands
```bash
# Test local build
make docker-build
# Test multi-arch build
make docker-buildx-local
# Test full development workflow
make dev
# Run health checks
./scripts/health_check.sh
```
## Workflow Testing
Use `act` to test GitHub/Gitea workflows locally:
```bash
# Install act
curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
# Test PR workflow
act pull_request -s CONTAINER_REGISTRY_USERNAME=test -s CONTAINER_REGISTRY_PASSWORD=test
# Test release workflow
act push -e tests/fixtures/release-event.json
```
## Troubleshooting
### Build Issues
- Ensure all vendor assets are committed
- Check Docker daemon is running
- Verify buildx is properly configured
### Registry Issues
- Check .env file configuration
- Verify registry credentials
- Test registry connectivity
### Performance Issues
- Use build cache: `--cache-from type=gha`
- Optimize Docker layers
- Use multi-stage builds
```
frontend/static/css/style.css
+201 -145
View File
@@ -1,6 +1,7 @@
/* UnitForge CSS Styles */
:root {
color-scheme: light;
--primary-color: #0d6efd;
--secondary-color: #6c757d;
--success-color: #198754;
@@ -12,6 +13,80 @@
--border-radius: 0.375rem;
--box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.075);
--box-shadow-lg: 0 0.5rem 1rem rgba(0, 0, 0, 0.15);
--body-bg: #ffffff;
--surface-bg: #ffffff;
--surface-alt-bg: #f8f9fa;
--surface-border: #dee2e6;
--text-color: #212529;
--muted-color: #6c757d;
--muted-on-dark-color: #cbd5e0;
--divider-color: #f1f3f4;
--hero-bg-start: #f8f9fa;
--hero-bg-stop: #e9ecef;
--code-bg: #1a202c;
--code-color: #f7fafc;
--placeholder-color: #6c757d;
--input-bg: #ffffff;
--input-text-color: #212529;
--theme-color: #0d6efd;
}
:root[data-theme="dark"] {
color-scheme: dark;
--primary-color: #3b82f6;
--secondary-color: #94a3b8;
--success-color: #34d399;
--danger-color: #f87171;
--warning-color: #facc15;
--info-color: #38bdf8;
--light-color: #1f2937;
--dark-color: #e2e8f0;
--body-bg: #0f172a;
--surface-bg: #1e293b;
--surface-alt-bg: #16213b;
--surface-border: #334155;
--text-color: #e2e8f0;
--muted-color: #94a3b8;
--muted-on-dark-color: #a8b4cc;
--divider-color: #273449;
--hero-bg-start: #111c2f;
--hero-bg-stop: #1e293b;
--code-bg: #111c2f;
--code-color: #e2e8f0;
--placeholder-color: #94a3b8;
--input-bg: #16213b;
--input-text-color: #e2e8f0;
--theme-color: #0b1120;
}
@media (prefers-color-scheme: dark) {
:root:not([data-theme]) {
color-scheme: dark;
--primary-color: #3b82f6;
--secondary-color: #94a3b8;
--success-color: #34d399;
--danger-color: #f87171;
--warning-color: #facc15;
--info-color: #38bdf8;
--light-color: #1f2937;
--dark-color: #e2e8f0;
--body-bg: #0f172a;
--surface-bg: #1e293b;
--surface-alt-bg: #16213b;
--surface-border: #334155;
--text-color: #e2e8f0;
--muted-color: #94a3b8;
--muted-on-dark-color: #a8b4cc;
--divider-color: #273449;
--hero-bg-start: #111c2f;
--hero-bg-stop: #1e293b;
--code-bg: #111c2f;
--code-color: #e2e8f0;
--placeholder-color: #94a3b8;
--input-bg: #16213b;
--input-text-color: #e2e8f0;
--theme-color: #0b1120;
}
}
/* General Styles */
@@ -29,12 +104,14 @@
body {
font-family: "Segoe UI", Tahoma, Geneva, Verdana, sans-serif;
line-height: 1.6;
color: var(--dark-color);
background-color: var(--body-bg);
color: var(--text-color);
transition: background-color 0.3s ease, color 0.3s ease;
}
.hero-section {
background: linear-gradient(135deg, #f8f9fa 0%, #e9ecef 100%);
border-bottom: 1px solid #dee2e6;
background: linear-gradient(135deg, var(--hero-bg-start) 0%, var(--hero-bg-stop) 100%);
border-bottom: 1px solid var(--surface-border);
}
/* Feature Icons */
@@ -57,15 +134,22 @@ body {
box-shadow: var(--box-shadow-lg);
}
.card {
background-color: var(--surface-bg);
border-color: var(--surface-border);
color: var(--text-color);
transition: background-color 0.3s ease, color 0.3s ease, border-color 0.3s ease, box-shadow 0.3s ease;
}
/* Unit Type Badges */
.unit-type-badge {
background: var(--light-color);
border: 1px solid #dee2e6;
background: var(--surface-alt-bg);
border: 1px solid var(--surface-border);
border-radius: var(--border-radius);
padding: 0.75rem 1rem;
text-align: center;
font-weight: 500;
color: var(--dark-color);
color: var(--text-color);
transition: all 0.2s ease;
}
@@ -113,41 +197,28 @@ body {
color: #f7fafc !important;
}
/* Fix text-muted contrast issues */
.bg-light {
background-color: var(--surface-alt-bg) !important;
color: var(--text-color) !important;
}
/* Muted text helpers */
.text-muted {
color: #6c757d !important;
color: var(--muted-color) !important;
}
/* Better contrast for text-muted on dark backgrounds */
.bg-dark .text-muted,
.card.bg-dark .text-muted {
color: #cbd5e0 !important;
}
/* Better contrast for text-muted in cards */
.card .text-muted {
color: #495057 !important;
}
/* Ensure text-muted in footer has proper contrast */
footer.bg-dark .text-muted {
color: #9ca3af !important;
}
/* Fix text-muted in modals with dark backgrounds */
.modal.bg-dark .text-muted,
.modal-content.bg-dark .text-muted {
color: #cbd5e0 !important;
}
/* Better contrast for text-muted in forms on dark backgrounds */
.bg-dark .form-text.text-muted {
color: #a0aec0 !important;
}
/* Specific override for hero section text-muted */
.card .text-muted,
.hero-section .text-muted {
color: #495057 !important;
color: var(--muted-color) !important;
}
.bg-dark .text-muted,
.card.bg-dark .text-muted,
footer.bg-dark .text-muted,
.modal.bg-dark .text-muted,
.modal-content.bg-dark .text-muted,
.bg-dark .form-text.text-muted {
color: var(--muted-on-dark-color) !important;
}
/* Editor Specific Styles */
@@ -218,7 +289,7 @@ footer.bg-dark .text-muted {
/* Info Items */
.info-item {
padding: 0.25rem 0;
border-bottom: 1px solid #f1f3f4;
border-bottom: 1px solid var(--divider-color);
}
.info-item:last-child {
@@ -260,8 +331,8 @@ footer.bg-dark .text-muted {
}
.template-tag {
background: var(--light-color);
color: #495057;
background: var(--surface-alt-bg);
color: var(--text-color);
padding: 0.125rem 0.5rem;
border-radius: 1rem;
font-size: 0.75rem;
@@ -281,19 +352,36 @@ footer.bg-dark .text-muted {
}
.nav-pills .nav-link:hover:not(.active) {
background-color: var(--light-color);
color: var(--dark-color);
background-color: var(--surface-alt-bg);
color: var(--text-color);
}
.form-control,
.form-select {
background-color: var(--input-bg);
color: var(--input-text-color);
border-color: var(--surface-border);
transition: background-color 0.3s ease, color 0.3s ease, border-color 0.3s ease, box-shadow 0.3s ease;
}
.form-control::placeholder {
color: var(--placeholder-color);
opacity: 1;
}
/* Form Styles */
.form-control:focus {
border-color: var(--primary-color);
box-shadow: 0 0 0 0.2rem rgba(13, 110, 253, 0.25);
background-color: var(--input-bg);
color: var(--input-text-color);
}
.form-select:focus {
border-color: var(--primary-color);
box-shadow: 0 0 0 0.2rem rgba(13, 110, 253, 0.25);
background-color: var(--input-bg);
color: var(--input-text-color);
}
/* Button Styles */
@@ -320,19 +408,21 @@ footer.bg-dark .text-muted {
/* Modal Styles */
.modal-content {
border: none;
border: 1px solid var(--surface-border);
border-radius: var(--border-radius);
box-shadow: var(--box-shadow-lg);
background-color: var(--surface-bg);
color: var(--text-color);
}
.modal-header {
border-bottom: 1px solid #f1f3f4;
background: var(--light-color);
border-bottom: 1px solid var(--surface-border);
background: var(--surface-alt-bg);
}
.modal-footer {
border-top: 1px solid #f1f3f4;
background: var(--light-color);
border-top: 1px solid var(--surface-border);
background: var(--surface-alt-bg);
}
/* Loading States */
@@ -345,14 +435,14 @@ footer.bg-dark .text-muted {
.parameter-group {
margin-bottom: 1rem;
padding: 1rem;
background: var(--light-color);
background: var(--surface-alt-bg);
border-radius: var(--border-radius);
border: 1px solid #e9ecef;
border: 1px solid var(--surface-border);
}
.parameter-label {
font-weight: 600;
color: var(--dark-color);
color: var(--text-color);
margin-bottom: 0.25rem;
}
@@ -374,8 +464,8 @@ footer.bg-dark .text-muted {
/* Preview Code Block */
.preview-code {
background: #1a202c;
color: #f7fafc;
background: var(--code-bg);
color: var(--code-color);
border-radius: var(--border-radius);
padding: 1rem;
font-family: "Courier New", Consolas, "Liberation Mono", monospace;
@@ -487,103 +577,69 @@ footer.bg-dark .text-muted {
border-left: 4px solid var(--danger-color) !important;
}
/* Dark Theme Support */
@media (prefers-color-scheme: dark) {
.card {
background-color: #2d3748;
border-color: #4a5568;
color: #f7fafc;
}
.card pre,
.card code {
color: #f7fafc !important;
}
.card .text-muted {
color: #cbd5e0 !important;
}
.text-muted {
color: #a0aec0 !important;
}
/* Better text-muted for dark theme forms */
.form-text.text-muted {
color: #9ca3af !important;
}
.modal-content {
background-color: #2d3748;
color: #f7fafc;
}
.form-control {
background-color: #1f2937;
border-color: #4a5568;
color: #f7fafc;
}
.form-control::placeholder {
color: #cbd5e0;
opacity: 1;
}
.form-control:focus {
background-color: #1f2937;
border-color: var(--primary-color);
color: #f7fafc;
}
/* Improve outline-secondary contrast on dark backgrounds */
.card.bg-dark .btn-outline-secondary,
.bg-dark .btn-outline-secondary,
.card .btn-outline-secondary {
color: #e2e8f0;
border-color: #e2e8f0;
}
.card.bg-dark .btn-outline-secondary:hover,
.bg-dark .btn-outline-secondary:hover,
.card .btn-outline-secondary:hover {
color: #1a202c;
background-color: #e2e8f0;
border-color: #e2e8f0;
}
/* Outline button contrast helpers */
.btn-outline-secondary {
color: var(--muted-color);
border-color: var(--muted-color);
}
/* Increase link and outline-primary contrast on dark backgrounds */
@media (prefers-color-scheme: dark) {
.card.bg-dark a,
.bg-dark a {
color: #93c5fd;
}
.card.bg-dark a:hover,
.bg-dark a:hover {
color: #bfdbfe;
}
.btn-outline-secondary:hover,
.btn-outline-secondary:focus {
color: #ffffff;
background-color: var(--muted-color);
border-color: var(--muted-color);
}
.card.bg-dark .btn-outline-primary,
.bg-dark .btn-outline-primary,
.card .btn-outline-primary {
color: #e2e8f0;
border-color: #93c5fd;
}
.card.bg-dark .btn-outline-primary:hover,
.bg-dark .btn-outline-primary:hover,
.card .btn-outline-primary:hover {
color: #1a202c;
background-color: #93c5fd;
border-color: #93c5fd;
}
.card.bg-dark .btn-outline-secondary,
.bg-dark .btn-outline-secondary {
color: #e2e8f0;
border-color: #e2e8f0;
}
/* High-contrast link utility */
.link-contrast {
color: #93c5fd !important;
}
.link-contrast:hover,
.link-contrast:focus {
color: #bfdbfe !important;
text-decoration: underline;
}
.card.bg-dark .btn-outline-secondary:hover,
.bg-dark .btn-outline-secondary:hover,
.card.bg-dark .btn-outline-secondary:focus,
.bg-dark .btn-outline-secondary:focus {
color: #1a202c;
background-color: #e2e8f0;
border-color: #e2e8f0;
}
.card.bg-dark a,
.bg-dark a {
color: #93c5fd;
}
.card.bg-dark a:hover,
.bg-dark a:hover,
.card.bg-dark a:focus,
.bg-dark a:focus {
color: #bfdbfe;
}
.card.bg-dark .btn-outline-primary,
.bg-dark .btn-outline-primary {
color: #e2e8f0;
border-color: #93c5fd;
}
.card.bg-dark .btn-outline-primary:hover,
.bg-dark .btn-outline-primary:hover,
.card.bg-dark .btn-outline-primary:focus,
.bg-dark .btn-outline-primary:focus {
color: #1a202c;
background-color: #93c5fd;
border-color: #93c5fd;
}
.link-contrast {
color: #93c5fd !important;
}
.link-contrast:hover,
.link-contrast:focus {
color: #bfdbfe !important;
text-decoration: underline;
}
/* Footer OSI logo */
frontend/static/js/main.js
+146
View File
@@ -1,8 +1,152 @@
// UnitForge Main JavaScript
// Handles general functionality across the application
class ThemeManager {
constructor() {
this.storageKey = 'unitforge-theme';
this.themeToggleButton = document.querySelector('[data-theme-toggle]');
this.themeLabel = document.querySelector('[data-theme-label]');
this.themeIcon = document.querySelector('[data-theme-icon]');
this.themeOptions = Array.from(document.querySelectorAll('[data-theme-option]'));
this.metaThemeColor = document.querySelector('meta[name="theme-color"]');
this.mediaQuery = window.matchMedia('(prefers-color-scheme: dark)');
this.iconMap = {
light: 'fa-sun',
dark: 'fa-moon',
system: 'fa-circle-half-stroke'
};
this.labelMap = {
light: 'Light',
dark: 'Dark',
system: 'System'
};
this.currentTheme = 'system';
this.init();
}
init() {
const storedTheme = this.getStoredTheme();
this.applyTheme(storedTheme, false);
this.attachEvents();
}
getStoredTheme() {
try {
const stored = localStorage.getItem(this.storageKey);
return this.normalizeTheme(stored);
} catch (error) {
console.warn('Theme preference unavailable:', error);
return 'system';
}
}
normalizeTheme(value) {
return value === 'light' || value === 'dark' ? value : 'system';
}
attachEvents() {
this.themeOptions.forEach((option) => {
option.addEventListener('click', (event) => {
event.preventDefault();
const selection = this.normalizeTheme(option.dataset.themeOption);
this.applyTheme(selection);
});
});
const handleChange = () => this.handleSystemPreferenceChange();
if (typeof this.mediaQuery.addEventListener === 'function') {
this.mediaQuery.addEventListener('change', handleChange);
} else if (typeof this.mediaQuery.addListener === 'function') {
this.mediaQuery.addListener(handleChange);
}
}
handleSystemPreferenceChange() {
if (this.currentTheme === 'system') {
this.applyTheme('system', false);
}
}
applyTheme(theme, persist = true) {
const normalized = this.normalizeTheme(theme);
const root = document.documentElement;
this.currentTheme = normalized;
if (persist) {
try {
localStorage.setItem(this.storageKey, normalized);
} catch (error) {
console.warn('Unable to persist theme preference:', error);
}
}
if (normalized === 'light' || normalized === 'dark') {
root.setAttribute('data-theme', normalized);
} else {
root.removeAttribute('data-theme');
}
root.setAttribute('data-theme-preference', normalized);
this.updateToggleUI(normalized);
this.updateMetaThemeColor();
const resolved = this.getResolvedTheme(normalized);
document.dispatchEvent(new CustomEvent('themechange', {
detail: {
preference: normalized,
theme: resolved
}
}));
}
updateToggleUI(theme) {
const label = this.labelMap[theme] || this.labelMap.system;
const icon = this.iconMap[theme] || this.iconMap.system;
if (this.themeLabel) {
this.themeLabel.textContent = label;
}
if (this.themeIcon) {
this.themeIcon.className = `fas ${icon} me-2`;
}
if (this.themeToggleButton) {
this.themeToggleButton.setAttribute('aria-label', `Theme: ${label}`);
}
this.themeOptions.forEach((option) => {
const isActive = option.dataset.themeOption === theme;
option.classList.toggle('active', isActive);
option.setAttribute('aria-checked', String(isActive));
});
}
updateMetaThemeColor() {
if (!this.metaThemeColor) return;
const computedColor = getComputedStyle(document.documentElement)
.getPropertyValue('--theme-color')
.trim();
if (computedColor) {
this.metaThemeColor.setAttribute('content', computedColor);
}
}
getResolvedTheme(theme = this.currentTheme) {
if (theme === 'system') {
return this.mediaQuery.matches ? 'dark' : 'light';
}
return theme;
}
}
class UnitForge {
constructor() {
this.themeManager = new ThemeManager();
this.baseUrl = window.location.origin;
this.apiUrl = `${this.baseUrl}/api`;
this.init();
@@ -377,3 +521,5 @@ const unitforge = new UnitForge();
// Export for use in other modules
window.UnitForge = UnitForge;
window.unitforge = unitforge;
window.ThemeManager = ThemeManager;
window.themeManager = unitforge.themeManager;
frontend/static/vendor/bootstrap/css/bootstrap.min.css
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
frontend/static/vendor/fontawesome/css/all.min.css
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
frontend/templates/cli.html
+80 -1
View File
@@ -14,6 +14,34 @@
<meta name="mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<meta name="apple-mobile-web-app-title" content="{{ app_name }}" />
<script>
(function () {
const storageKey = 'unitforge-theme';
try {
const stored = localStorage.getItem(storageKey);
const theme = stored === 'light' || stored === 'dark' ? stored : 'system';
const root = document.documentElement;
root.setAttribute('data-theme-preference', theme);
if (theme === 'light' || theme === 'dark') {
root.setAttribute('data-theme', theme);
} else {
root.removeAttribute('data-theme');
}
const meta = document.querySelector('meta[name="theme-color"]');
if (meta) {
const prefersDark = typeof window !== 'undefined' &&
window.matchMedia &&
window.matchMedia('(prefers-color-scheme: dark)').matches;
const appliedTheme = theme === 'system' ? (prefersDark ? 'dark' : 'light') : theme;
meta.setAttribute('content', appliedTheme === 'dark' ? '#0b1120' : '#0d6efd');
}
} catch (error) {
console.warn('Theme bootstrap failed:', error);
}
})();
</script>
<meta name="description" content="{{ app_name }} CLI — command-line interface to create, validate, and manage systemd unit files." />
<link href="/static/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet" />
<link rel="stylesheet" href="/static/vendor/fontawesome/css/all.min.css" />
@@ -48,7 +76,58 @@
<a class="nav-link active" href="/cli">CLI</a>
</li>
</ul>
<ul class="navbar-nav">
<ul class="navbar-nav align-items-lg-center gap-2 mt-3 mt-lg-0 ms-lg-3">
<li class="nav-item dropdown">
<button
class="btn btn-outline-light dropdown-toggle w-100 w-lg-auto"
id="themeDropdown"
type="button"
data-bs-toggle="dropdown"
aria-expanded="false"
data-theme-toggle
>
<i class="fas fa-circle-half-stroke me-2" data-theme-icon></i>
<span data-theme-label>System</span>
</button>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="themeDropdown">
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="light"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-sun me-2 text-warning"></i>
Light
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="dark"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-moon me-2 text-info"></i>
Dark
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="system"
role="menuitemradio"
aria-checked="true"
>
<i class="fas fa-circle-half-stroke me-2 text-secondary"></i>
System
</button>
</li>
</ul>
</li>
<li class="nav-item">
<a class="nav-link" href="{{ api_docs_url }}" target="_blank">
<i class="fas fa-book me-1"></i>API Docs
frontend/templates/editor.html
+82 -3
View File
@@ -15,6 +15,34 @@
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<meta name="apple-mobile-web-app-title" content="{{ app_name }}">
<script>
(function () {
const storageKey = 'unitforge-theme';
try {
const stored = localStorage.getItem(storageKey);
const theme = stored === 'light' || stored === 'dark' ? stored : 'system';
const root = document.documentElement;
root.setAttribute('data-theme-preference', theme);
if (theme === 'light' || theme === 'dark') {
root.setAttribute('data-theme', theme);
} else {
root.removeAttribute('data-theme');
}
const meta = document.querySelector('meta[name="theme-color"]');
if (meta) {
const prefersDark = typeof window !== 'undefined' &&
window.matchMedia &&
window.matchMedia('(prefers-color-scheme: dark)').matches;
const appliedTheme = theme === 'system' ? (prefersDark ? 'dark' : 'light') : theme;
meta.setAttribute('content', appliedTheme === 'dark' ? '#0b1120' : '#0d6efd');
}
} catch (error) {
console.warn('Theme bootstrap failed:', error);
}
})();
</script>
<link rel="preconnect" href="https://cdn.jsdelivr.net" crossorigin>
<link rel="preconnect" href="https://cdnjs.cloudflare.com" crossorigin>
<link href="/static/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
@@ -45,11 +73,62 @@
<a class="nav-link" href="/cli">CLI</a>
</li>
</ul>
<div class="navbar-nav">
<button class="btn btn-light btn-sm me-2" onclick="downloadFile()">
<div class="navbar-nav ms-auto align-items-lg-center gap-2 mt-3 mt-lg-0">
<div class="nav-item dropdown w-100 w-lg-auto">
<button
class="btn btn-outline-light dropdown-toggle w-100 w-lg-auto"
id="themeDropdown"
type="button"
data-bs-toggle="dropdown"
aria-expanded="false"
data-theme-toggle
>
<i class="fas fa-circle-half-stroke me-2" data-theme-icon></i>
<span data-theme-label>System</span>
</button>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="themeDropdown">
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="light"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-sun me-2 text-warning"></i>
Light
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="dark"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-moon me-2 text-info"></i>
Dark
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="system"
role="menuitemradio"
aria-checked="true"
>
<i class="fas fa-circle-half-stroke me-2 text-secondary"></i>
System
</button>
</li>
</ul>
</div>
<button class="btn btn-light btn-sm w-100 w-lg-auto" onclick="downloadFile()">
<i class="fas fa-download me-1"></i>Download
</button>
<button class="btn btn-light btn-sm" onclick="showUploadModal()">
<button class="btn btn-light btn-sm w-100 w-lg-auto" onclick="showUploadModal()">
<i class="fas fa-upload me-1"></i>Upload
</button>
</div>
frontend/templates/index.html
+80 -1
View File
@@ -20,6 +20,34 @@
<meta name="mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<meta name="apple-mobile-web-app-title" content="{{ app_name }}" />
<script>
(function () {
const storageKey = 'unitforge-theme';
try {
const stored = localStorage.getItem(storageKey);
const theme = stored === 'light' || stored === 'dark' ? stored : 'system';
const root = document.documentElement;
root.setAttribute('data-theme-preference', theme);
if (theme === 'light' || theme === 'dark') {
root.setAttribute('data-theme', theme);
} else {
root.removeAttribute('data-theme');
}
const meta = document.querySelector('meta[name="theme-color"]');
if (meta) {
const prefersDark = typeof window !== 'undefined' &&
window.matchMedia &&
window.matchMedia('(prefers-color-scheme: dark)').matches;
const appliedTheme = theme === 'system' ? (prefersDark ? 'dark' : 'light') : theme;
meta.setAttribute('content', appliedTheme === 'dark' ? '#0b1120' : '#0d6efd');
}
} catch (error) {
console.warn('Theme bootstrap failed:', error);
}
})();
</script>
<link href="/static/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet" />
<link rel="stylesheet" href="/static/vendor/fontawesome/css/all.min.css" />
<link href="/static/css/style.css" rel="stylesheet" />
@@ -53,7 +81,58 @@
<a class="nav-link" href="/cli">CLI</a>
</li>
</ul>
<ul class="navbar-nav">
<ul class="navbar-nav align-items-lg-center gap-2 mt-3 mt-lg-0 ms-lg-3">
<li class="nav-item dropdown">
<button
class="btn btn-outline-light dropdown-toggle w-100 w-lg-auto"
id="themeDropdown"
type="button"
data-bs-toggle="dropdown"
aria-expanded="false"
data-theme-toggle
>
<i class="fas fa-circle-half-stroke me-2" data-theme-icon></i>
<span data-theme-label>System</span>
</button>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="themeDropdown">
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="light"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-sun me-2 text-warning"></i>
Light
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="dark"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-moon me-2 text-info"></i>
Dark
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="system"
role="menuitemradio"
aria-checked="true"
>
<i class="fas fa-circle-half-stroke me-2 text-secondary"></i>
System
</button>
</li>
</ul>
</li>
<li class="nav-item">
<a
class="nav-link"
frontend/templates/templates.html
+81
View File
@@ -20,6 +20,34 @@
<meta name="apple-mobile-web-app-status-bar-style" content="default" />
<meta name="description" content="{{ app_name }} Templates — generate production-ready systemd unit files from curated templates." />
<meta name="apple-mobile-web-app-title" content="{{ app_name }}" />
<script>
(function () {
const storageKey = 'unitforge-theme';
try {
const stored = localStorage.getItem(storageKey);
const theme = stored === 'light' || stored === 'dark' ? stored : 'system';
const root = document.documentElement;
root.setAttribute('data-theme-preference', theme);
if (theme === 'light' || theme === 'dark') {
root.setAttribute('data-theme', theme);
} else {
root.removeAttribute('data-theme');
}
const meta = document.querySelector('meta[name="theme-color"]');
if (meta) {
const prefersDark = typeof window !== 'undefined' &&
window.matchMedia &&
window.matchMedia('(prefers-color-scheme: dark)').matches;
const appliedTheme = theme === 'system' ? (prefersDark ? 'dark' : 'light') : theme;
meta.setAttribute('content', appliedTheme === 'dark' ? '#0b1120' : '#0d6efd');
}
} catch (error) {
console.warn('Theme bootstrap failed:', error);
}
})();
</script>
<link href="/static/vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet" />
<link rel="stylesheet" href="/static/vendor/fontawesome/css/all.min.css" />
<link href="/static/css/style.css" rel="stylesheet" />
@@ -55,6 +83,59 @@
<a class="nav-link" href="/cli">CLI</a>
</li>
</ul>
<ul class="navbar-nav align-items-lg-center gap-2 mt-3 mt-lg-0 ms-lg-3">
<li class="nav-item dropdown w-100 w-lg-auto">
<button
class="btn btn-outline-light dropdown-toggle w-100 w-lg-auto"
id="themeDropdown"
type="button"
data-bs-toggle="dropdown"
aria-expanded="false"
data-theme-toggle
>
<i class="fas fa-circle-half-stroke me-2" data-theme-icon></i>
<span data-theme-label>System</span>
</button>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="themeDropdown">
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="light"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-sun me-2 text-warning"></i>
Light
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="dark"
role="menuitemradio"
aria-checked="false"
>
<i class="fas fa-moon me-2 text-info"></i>
Dark
</button>
</li>
<li>
<button
class="dropdown-item d-flex align-items-center"
type="button"
data-theme-option="system"
role="menuitemradio"
aria-checked="true"
>
<i class="fas fa-circle-half-stroke me-2 text-secondary"></i>
System
</button>
</li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
k8s/ingress.yaml
+2 -2
View File
@@ -15,7 +15,7 @@ metadata:
spec:
ingressClassName: nginx
rules:
- host: app.unitforge.192.168.153.243.nip.io
- host: unitforge.tools.192.168.153.243.nip.io
http:
paths:
- path: /
@@ -24,4 +24,4 @@ spec:
service:
name: unitforge
port:
number: 8000
name: http
k8s/vpa.yaml
+1 -1
View File
@@ -26,4 +26,4 @@ spec:
memory: 512Mi # Pi 5 can handle this but keep reasonable
# Controlled resource recommendations for Pi hardware
controlledResources: ["cpu", "memory"]
controlledValues: Requests
controlledValues: RequestsOnly
pyproject.toml
+4
View File
@@ -183,3 +183,7 @@ exclude = [
".venv",
"venv",
]
[[tool.mypy.overrides]]
module = ["backend.app.main"]
disable_error_code = ["misc"]
scripts/health_check.sh
Executable
+306
View File
@@ -0,0 +1,306 @@
#!/bin/bash
# Health check script for UnitForge CI/CD workflows
# Tests basic functionality of the running application
set -e
# Configuration
HOST=${HOST:-localhost}
PORT=${PORT:-8000}
TIMEOUT=${TIMEOUT:-30}
MAX_RETRIES=${MAX_RETRIES:-5}
RETRY_DELAY=${RETRY_DELAY:-2}
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Helper functions
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if application is responding
check_health() {
local url="http://${HOST}:${PORT}/health"
local retry_count=0
log_info "Checking health endpoint: $url"
while [ $retry_count -lt "$MAX_RETRIES" ]; do
if curl -s -f --max-time "$TIMEOUT" "$url" > /dev/null 2>&1; then
log_info "Health check passed"
return 0
fi
retry_count=$((retry_count + 1))
log_warn "Health check failed (attempt $retry_count/$MAX_RETRIES)"
if [ $retry_count -lt "$MAX_RETRIES" ]; then
log_info "Retrying in ${RETRY_DELAY} seconds..."
sleep "$RETRY_DELAY"
fi
done
log_error "Health check failed after $MAX_RETRIES attempts"
return 1
}
# Check if main page loads
check_main_page() {
local url="http://${HOST}:${PORT}/"
log_info "Checking main page: $url"
local response
response=$(curl -s -w "%{http_code}" --max-time "$TIMEOUT" "$url")
local http_code="${response: -3}"
if [ "$http_code" = "200" ]; then
log_info "Main page check passed (HTTP $http_code)"
return 0
else
log_error "Main page check failed (HTTP $http_code)"
return 1
fi
}
# Check API endpoints
check_api() {
local base_url="http://${HOST}:${PORT}/api"
log_info "Checking API endpoints"
# Check API health
local api_health_url="${base_url}/health"
if curl -s -f --max-time "$TIMEOUT" "$api_health_url" > /dev/null 2>&1; then
log_info "API health endpoint passed"
else
log_warn "API health endpoint failed or not available"
fi
# Check API version
local api_version_url="${base_url}/version"
if curl -s -f --max-time "$TIMEOUT" "$api_version_url" > /dev/null 2>&1; then
log_info "API version endpoint passed"
else
log_warn "API version endpoint failed or not available"
fi
return 0
}
# Check static assets
check_static_assets() {
log_info "Checking static assets"
local assets=(
"/static/css/style.css"
"/static/js/app.js"
"/static/vendor/bootstrap/css/bootstrap.min.css"
"/static/vendor/fontawesome/css/all.min.css"
)
local failed_assets=0
for asset in "${assets[@]}"; do
local url="http://${HOST}:${PORT}${asset}"
if curl -s -f --max-time "$TIMEOUT" "$url" > /dev/null 2>&1; then
log_info "Asset check passed: $asset"
else
log_warn "Asset check failed: $asset"
failed_assets=$((failed_assets + 1))
fi
done
if [ $failed_assets -eq 0 ]; then
log_info "All static assets available"
return 0
else
log_warn "$failed_assets static assets failed to load"
return 0 # Don't fail health check for missing assets
fi
}
# Performance test
check_performance() {
log_info "Running basic performance test"
local url="http://${HOST}:${PORT}/"
local response_time
# Test response time
local response_time
response_time=$(curl -s -w "%{time_total}" --max-time "$TIMEOUT" -o /dev/null "$url")
if curl -s -w "%{time_total}" --max-time "$TIMEOUT" -o /dev/null "$url" > /dev/null 2>&1; then
log_info "Response time: ${response_time}s"
# Check if response time is reasonable (< 5 seconds)
if (( $(echo "$response_time < 5.0" | bc -l) )); then
log_info "Performance check passed"
return 0
else
log_warn "Performance check warning: slow response time (${response_time}s)"
return 0 # Don't fail health check for slow response
fi
else
log_error "Performance check failed: no response"
return 1
fi
}
# Memory usage check (if running in container)
check_memory() {
if command -v docker > /dev/null 2>&1 && [ -n "$CONTAINER_NAME" ]; then
log_info "Checking container memory usage"
local memory_usage
memory_usage=$(docker stats "$CONTAINER_NAME" --no-stream --format "{{.MemUsage}}" | cut -d'/' -f1)
if [ -n "$memory_usage" ]; then
log_info "Memory usage: $memory_usage"
else
log_warn "Could not determine memory usage"
fi
fi
}
# Wait for application to start
wait_for_startup() {
log_info "Waiting for application to start..."
local startup_timeout=60
local elapsed=0
while [ $elapsed -lt $startup_timeout ]; do
if curl -s --max-time 5 "http://${HOST}:${PORT}/" > /dev/null 2>&1; then
log_info "Application is responding"
return 0
fi
sleep 5
elapsed=$((elapsed + 5))
log_info "Waiting... (${elapsed}s/${startup_timeout}s)"
done
log_error "Application failed to start within ${startup_timeout} seconds"
return 1
}
# Main health check function
run_health_check() {
log_info "Starting UnitForge health check"
log_info "Target: http://${HOST}:${PORT}"
local failed_checks=0
# Wait for startup if needed
if ! curl -s --max-time 5 "http://${HOST}:${PORT}/" > /dev/null 2>&1; then
wait_for_startup || return 1
fi
# Run all checks
check_health || failed_checks=$((failed_checks + 1))
check_main_page || failed_checks=$((failed_checks + 1))
check_api || failed_checks=$((failed_checks + 1))
check_static_assets || true # Don't count static asset failures
check_performance || true # Don't count performance warnings
check_memory || true # Don't count memory check failures
# Summary
if [ $failed_checks -eq 0 ]; then
log_info "✅ All health checks passed"
return 0
else
log_error "$failed_checks health checks failed"
return 1
fi
}
# Usage information
usage() {
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " -h, --host HOST Target host (default: localhost)"
echo " -p, --port PORT Target port (default: 8000)"
echo " -t, --timeout TIMEOUT Request timeout in seconds (default: 30)"
echo " -r, --retries RETRIES Maximum retry attempts (default: 5)"
echo " -d, --delay DELAY Retry delay in seconds (default: 2)"
echo " -c, --container NAME Container name for memory checks"
echo " --help Show this help message"
echo ""
echo "Environment variables:"
echo " HOST Same as --host"
echo " PORT Same as --port"
echo " TIMEOUT Same as --timeout"
echo " MAX_RETRIES Same as --retries"
echo " RETRY_DELAY Same as --delay"
echo " CONTAINER_NAME Same as --container"
echo ""
echo "Examples:"
echo " $0 # Check localhost:8000"
echo " $0 -h production.example.com -p 80 # Check production server"
echo " $0 -c unitforge-container # Include container memory check"
}
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
-h|--host)
HOST="$2"
shift 2
;;
-p|--port)
PORT="$2"
shift 2
;;
-t|--timeout)
TIMEOUT="$2"
shift 2
;;
-r|--retries)
MAX_RETRIES="$2"
shift 2
;;
-d|--delay)
RETRY_DELAY="$2"
shift 2
;;
-c|--container)
CONTAINER_NAME="$2"
shift 2
;;
--help)
usage
exit 0
;;
*)
echo "Unknown option: $1"
usage
exit 1
;;
esac
done
# Check dependencies
if ! command -v curl > /dev/null 2>&1; then
log_error "curl is required but not installed"
exit 1
fi
if ! command -v bc > /dev/null 2>&1; then
log_warn "bc is not installed, performance timing may not work properly"
fi
# Run the health check
run_health_check
exit $?
scripts/setup-ci.sh
Executable
+445
View File
@@ -0,0 +1,445 @@
#!/bin/bash
# CI/CD Setup Script for UnitForge
# Sets up local environment for testing CI/CD workflows
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Helper functions
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
log_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
# Check if command exists
command_exists() {
command -v "$1" >/dev/null 2>&1
}
# Check Docker and Docker Buildx
check_docker() {
log_step "Checking Docker installation..."
if ! command_exists docker; then
log_error "Docker is not installed"
echo "Please install Docker from: https://docs.docker.com/get-docker/"
return 1
fi
log_info "Docker found: $(docker --version)"
# Check if Docker daemon is running
if ! docker info >/dev/null 2>&1; then
log_error "Docker daemon is not running"
echo "Please start Docker daemon"
return 1
fi
# Check Docker Buildx
if ! docker buildx version >/dev/null 2>&1; then
log_warn "Docker Buildx not found, installing..."
docker buildx install 2>/dev/null || true
fi
log_info "Docker Buildx found: $(docker buildx version)"
return 0
}
# Setup Docker Buildx for multi-arch builds
setup_buildx() {
log_step "Setting up Docker Buildx for multi-arch builds..."
# Create builder if it doesn't exist
if ! docker buildx ls | grep -q "unitforge-builder"; then
log_info "Creating unitforge-builder..."
docker buildx create --name unitforge-builder --use
else
log_info "Using existing unitforge-builder"
docker buildx use unitforge-builder
fi
# Bootstrap the builder
log_info "Bootstrapping builder..."
docker buildx inspect --bootstrap
log_info "Builder setup complete"
return 0
}
# Check container registry access
check_registry() {
log_step "Checking container registry configuration..."
if [ -f ".env" ]; then
log_info "Found .env file"
if grep -q "CONTAINER_REGISTRY_URL" .env; then
local registry_url
registry_url=$(grep '^CONTAINER_REGISTRY_URL=' .env | cut -d'=' -f2)
log_info "Registry URL: $registry_url"
else
log_warn "CONTAINER_REGISTRY_URL not found in .env"
fi
if grep -q "CONTAINER_TAG" .env; then
local container_tag
container_tag=$(grep '^CONTAINER_TAG=' .env | cut -d'=' -f2)
log_info "Container tag: $container_tag"
else
log_warn "CONTAINER_TAG not found in .env"
fi
else
log_warn ".env file not found"
log_info "Creating sample .env file..."
cat > .env << EOF
# Container Registry Configuration
CONTAINER_REGISTRY_URL=gitea-http.taildb3494.ts.net/will/unitforge
CONTAINER_TAG=latest
# Development Configuration
DEBUG=true
LOG_LEVEL=debug
EOF
log_info "Sample .env file created. Please update with your registry details."
fi
return 0
}
# Verify vendor assets
check_vendor_assets() {
log_step "Checking vendor assets..."
local assets=(
"frontend/static/vendor/bootstrap/css/bootstrap.min.css"
"frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js"
"frontend/static/vendor/fontawesome/css/all.min.css"
"frontend/static/vendor/fontawesome/webfonts/fa-solid-900.woff2"
"frontend/static/img/osi-logo.svg"
)
local missing_assets=0
for asset in "${assets[@]}"; do
if [ ! -f "$asset" ]; then
log_warn "Missing asset: $asset"
missing_assets=$((missing_assets + 1))
else
log_info "Found asset: $asset"
fi
done
if [ $missing_assets -gt 0 ]; then
log_error "$missing_assets vendor assets are missing"
log_info "Please ensure all vendor assets are downloaded and committed"
log_info "Run: make setup-dev to download missing assets"
return 1
fi
log_info "All vendor assets found"
return 0
}
# Test local build
test_local_build() {
log_step "Testing local Docker build..."
if docker build -t unitforge:test . >/dev/null 2>&1; then
log_info "Local Docker build successful"
# Test container startup
log_info "Testing container startup..."
if docker run -d --name unitforge-test -p 8080:8000 unitforge:test >/dev/null 2>&1; then
sleep 5
if curl -s -f http://localhost:8080/ >/dev/null 2>&1; then
log_info "Container startup test successful"
else
log_warn "Container started but not responding on port 8080"
fi
docker stop unitforge-test >/dev/null 2>&1
docker rm unitforge-test >/dev/null 2>&1
else
log_warn "Container startup test failed"
fi
# Clean up test image
docker rmi unitforge:test >/dev/null 2>&1 || true
return 0
else
log_error "Local Docker build failed"
return 1
fi
}
# Test multi-arch build
test_multiarch_build() {
log_step "Testing multi-architecture build..."
if docker buildx build --platform linux/amd64,linux/arm64 -t unitforge:multiarch-test . >/dev/null 2>&1; then
log_info "Multi-architecture build successful"
# Clean up
docker buildx rm --force >/dev/null 2>&1 || true
return 0
else
log_error "Multi-architecture build failed"
return 1
fi
}
# Check development environment
check_dev_environment() {
log_step "Checking development environment..."
# Check uv
if ! command_exists uv; then
log_error "uv is not installed"
echo "Install with: curl -LsSf https://astral.sh/uv/install.sh | sh"
return 1
fi
log_info "uv found: $(uv --version)"
# Check Python
if ! command_exists python3; then
log_error "Python 3 is not installed"
return 1
fi
log_info "Python found: $(python3 --version)"
# Check if virtual environment exists
if [ -d ".venv" ]; then
log_info "Virtual environment exists"
else
log_warn "Virtual environment not found"
log_info "Run: make setup-dev to create it"
fi
return 0
}
# Test CI/CD workflow syntax
check_workflow_syntax() {
log_step "Checking workflow syntax..."
local workflows_dir=".gitea/workflows"
if [ ! -d "$workflows_dir" ]; then
log_error "Workflows directory not found: $workflows_dir"
return 1
fi
local yaml_files=("$workflows_dir"/*.yml)
if [ ${#yaml_files[@]} -eq 0 ]; then
log_warn "No YAML workflow files found"
return 0
fi
local syntax_errors=0
for file in "${yaml_files[@]}"; do
if [ -f "$file" ]; then
log_info "Checking syntax: $(basename "$file")"
# Basic YAML syntax check (if python3 is available)
if command_exists python3; then
if python3 -c "import yaml; yaml.safe_load(open('$file'))" 2>/dev/null; then
log_info "$(basename "$file") syntax OK"
else
log_error "$(basename "$file") has syntax errors"
syntax_errors=$((syntax_errors + 1))
fi
else
log_warn "Python3 not available, skipping YAML syntax check"
fi
fi
done
if [ $syntax_errors -eq 0 ]; then
log_info "All workflow files have valid syntax"
return 0
else
log_error "$syntax_errors workflow files have syntax errors"
return 1
fi
}
# Generate CI/CD documentation
generate_docs() {
log_step "Generating CI/CD documentation..."
local docs_dir="docs/ci-cd"
mkdir -p "$docs_dir"
cat > "$docs_dir/local-testing.md" << 'EOF'
# Local CI/CD Testing
This guide helps you test CI/CD workflows locally before pushing to the repository.
## Prerequisites
- Docker with Buildx support
- uv package manager
- Python 3.8+
## Local Testing Commands
```bash
# Test local build
make docker-build
# Test multi-arch build
make docker-buildx-local
# Test full development workflow
make dev
# Run health checks
./scripts/health_check.sh
```
## Workflow Testing
Use `act` to test GitHub/Gitea workflows locally:
```bash
# Install act
curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
# Test PR workflow
act pull_request -s CONTAINER_REGISTRY_USERNAME=test -s CONTAINER_REGISTRY_PASSWORD=test
# Test release workflow
act push -e tests/fixtures/release-event.json
```
## Troubleshooting
### Build Issues
- Ensure all vendor assets are committed
- Check Docker daemon is running
- Verify buildx is properly configured
### Registry Issues
- Check .env file configuration
- Verify registry credentials
- Test registry connectivity
### Performance Issues
- Use build cache: `--cache-from type=gha`
- Optimize Docker layers
- Use multi-stage builds
```
EOF
log_info "Local testing documentation generated: $docs_dir/local-testing.md"
return 0
}
# Main setup function
main() {
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE} UnitForge CI/CD Setup${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
local failed_checks=0
# Run all checks
check_docker || failed_checks=$((failed_checks + 1))
setup_buildx || failed_checks=$((failed_checks + 1))
check_registry || true # Don't fail on registry issues
check_vendor_assets || failed_checks=$((failed_checks + 1))
check_dev_environment || failed_checks=$((failed_checks + 1))
check_workflow_syntax || failed_checks=$((failed_checks + 1))
# Optional tests
if [ "$1" = "--test-build" ]; then
test_local_build || failed_checks=$((failed_checks + 1))
test_multiarch_build || failed_checks=$((failed_checks + 1))
fi
# Generate documentation
generate_docs || true
echo ""
echo -e "${BLUE}========================================${NC}"
if [ $failed_checks -eq 0 ]; then
log_info "✅ CI/CD setup completed successfully!"
echo ""
echo "Next steps:"
echo "1. Update .env with your registry details"
echo "2. Test local build: make docker-buildx-local"
echo "3. Run full test suite: make dev"
echo "4. Check workflow syntax: ./scripts/setup-ci.sh"
echo ""
echo "For testing builds:"
echo " ./scripts/setup-ci.sh --test-build"
else
log_error "❌ CI/CD setup completed with $failed_checks issues"
echo ""
echo "Please fix the issues above before proceeding."
exit 1
fi
echo -e "${BLUE}========================================${NC}"
}
# Usage information
usage() {
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " --test-build Run local and multi-arch build tests"
echo " --help Show this help message"
echo ""
echo "This script sets up your local environment for CI/CD development."
echo "It checks Docker, Buildx, dependencies, and workflow syntax."
}
# Parse command line arguments
case "${1:-}" in
--help)
usage
exit 0
;;
--test-build)
main --test-build
;;
"")
main
;;
*)
echo "Unknown option: $1"
usage
exit 1
;;
esac
scripts/validate_config.py
+193 -112
View File
@@ -12,13 +12,13 @@ Usage:
python scripts/validate_config.py --check-all
"""
import os
import sys
import json
import argparse
from pathlib import Path
from typing import List, Dict, Any, Tuple, Optional
import json
import os
import re
import sys
from pathlib import Path
from typing import Any, Dict, List, Optional, Tuple
class ConfigValidator:
@@ -42,17 +42,17 @@ class ConfigValidator:
def _load_env_file(self, env_file: str) -> None:
"""Load environment variables from file."""
try:
with open(env_file, 'r', encoding='utf-8') as f:
with open(env_file, "r", encoding="utf-8") as f:
for line_num, line in enumerate(f, 1):
line = line.strip()
if line and not line.startswith('#') and '=' in line:
key, value = line.split('=', 1)
if line and not line.startswith("#") and "=" in line:
key, value = line.split("=", 1)
key = key.strip()
value = value.strip().strip('"\'')
value = value.strip().strip("\"'")
# Remove inline comments
if '#' in value:
value = value.split('#')[0].strip()
if "#" in value:
value = value.split("#")[0].strip()
# Don't override existing environment variables
if key not in self.original_env:
@@ -71,15 +71,20 @@ class ConfigValidator:
if not value:
return True # Empty is valid (uses default)
valid_true = ('true', '1', 'yes', 'on')
valid_false = ('false', '0', 'no', 'off')
valid_true = ("true", "1", "yes", "on")
valid_false = ("false", "0", "no", "off")
if value.lower() not in valid_true + valid_false:
self.errors.append(f"{key}: Invalid boolean value '{value}'. Use: {valid_true + valid_false}")
valid_options = valid_true + valid_false
self.errors.append(
f"{key}: Invalid boolean value '{value}'. " f"Use: {valid_options}"
)
return False
return True
def _validate_integer(self, key: str, value: str, min_val: int = 0, max_val: int = None) -> bool:
def _validate_integer(
self, key: str, value: str, min_val: int = 0, max_val: Optional[int] = None
) -> bool:
"""Validate integer environment variable."""
if not value:
return True # Empty is valid (uses default)
@@ -103,12 +108,14 @@ class ConfigValidator:
return True # Empty is valid for optional URLs
url_pattern = re.compile(
r'^https?://' # http:// or https://
r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' # domain
r'localhost|' # localhost
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # IP
r'(?::\d+)?' # optional port
r'(?:/?|[/?]\S+)$', re.IGNORECASE)
r"^https?://" # http:// or https://
r"(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|"
r"localhost|" # localhost
r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" # IP
r"(?::\d+)?" # optional port
r"(?:/?|[/?]\S+)$",
re.IGNORECASE,
)
if not url_pattern.match(value):
self.errors.append(f"{key}: Invalid URL format '{value}'")
@@ -120,7 +127,7 @@ class ConfigValidator:
if not value:
return True # Empty is valid for optional emails
email_pattern = re.compile(r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$')
email_pattern = re.compile(r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$")
if not email_pattern.match(value):
self.errors.append(f"{key}: Invalid email format '{value}'")
return False
@@ -134,13 +141,18 @@ class ConfigValidator:
try:
parsed = json.loads(value)
if not isinstance(parsed, list):
self.errors.append(f"{key}: Must be a JSON array, got {type(parsed).__name__}")
self.errors.append(
f"{key}: Must be a JSON array, got {type(parsed).__name__}"
)
return False
return True
except json.JSONDecodeError as e:
# Try comma-separated format
if ',' in value and not value.startswith('['):
self.warnings.append(f"{key}: Using comma-separated format. Consider JSON array format for clarity")
if "," in value and not value.startswith("["):
self.warnings.append(
f"{key}: Using comma-separated format. "
"Consider JSON array format for clarity"
)
return True
self.errors.append(f"{key}: Invalid JSON array format: {e}")
return False
@@ -150,9 +162,11 @@ class ConfigValidator:
if not value:
return True
valid_levels = ('debug', 'info', 'warning', 'error', 'critical')
valid_levels = ("debug", "info", "warning", "error", "critical")
if value.lower() not in valid_levels:
self.errors.append(f"{key}: Invalid log level '{value}'. Valid levels: {valid_levels}")
self.errors.append(
f"{key}: Invalid log level '{value}'. Valid levels: {valid_levels}"
)
return False
return True
@@ -161,9 +175,11 @@ class ConfigValidator:
if not value:
return True
valid_envs = ('development', 'staging', 'production', 'test')
valid_envs = ("development", "staging", "production", "test")
if value.lower() not in valid_envs:
self.warnings.append(f"{key}: Unusual environment '{value}'. Common values: {valid_envs}")
self.warnings.append(
f"{key}: Unusual environment '{value}'. Common values: {valid_envs}"
)
return True
def _validate_file_extensions(self, key: str, value: str) -> bool:
@@ -172,7 +188,7 @@ class ConfigValidator:
return True
try:
if value.startswith('['):
if value.startswith("["):
# JSON array format
extensions = json.loads(value)
if not isinstance(extensions, list):
@@ -180,11 +196,13 @@ class ConfigValidator:
return False
else:
# Comma-separated format
extensions = [ext.strip() for ext in value.split(',')]
extensions = [ext.strip() for ext in value.split(",")]
for ext in extensions:
if not ext.startswith('.'):
self.errors.append(f"{key}: Extension '{ext}' should start with '.'")
if not ext.startswith("."):
self.errors.append(
f"{key}: Extension '{ext}' should start with '.'"
)
return False
return True
except Exception as e:
@@ -196,45 +214,48 @@ class ConfigValidator:
print("🔍 Validating basic configuration...")
# Application Information
app_name = self._get_env_value('APP_NAME')
app_name = self._get_env_value("APP_NAME")
if not app_name:
self.warnings.append("APP_NAME: Not set, using default")
elif len(app_name) > 100:
self.warnings.append("APP_NAME: Very long name (>100 chars)")
app_version = self._get_env_value('APP_VERSION')
if app_version and not re.match(r'^\d+\.\d+\.\d+', app_version):
app_version = self._get_env_value("APP_VERSION")
if app_version and not re.match(r"^\d+\.\d+\.\d+", app_version):
self.warnings.append(f"APP_VERSION: Unusual version format '{app_version}'")
# URLs
self._validate_url('GITHUB_URL', self._get_env_value('GITHUB_URL'))
self._validate_url('DOCUMENTATION_URL', self._get_env_value('DOCUMENTATION_URL'))
self._validate_url('BUG_REPORTS_URL', self._get_env_value('BUG_REPORTS_URL'))
self._validate_url("GITHUB_URL", self._get_env_value("GITHUB_URL"))
self._validate_url(
"DOCUMENTATION_URL", self._get_env_value("DOCUMENTATION_URL")
)
self._validate_url("BUG_REPORTS_URL", self._get_env_value("BUG_REPORTS_URL"))
# Email
self._validate_email('CONTACT_EMAIL', self._get_env_value('CONTACT_EMAIL'))
self._validate_email("CONTACT_EMAIL", self._get_env_value("CONTACT_EMAIL"))
def validate_server_config(self) -> None:
"""Validate server configuration."""
print("🔍 Validating server configuration...")
# Boolean values
self._validate_boolean('DEBUG', self._get_env_value('DEBUG'))
self._validate_boolean('RELOAD', self._get_env_value('RELOAD'))
self._validate_boolean("DEBUG", self._get_env_value("DEBUG"))
self._validate_boolean("RELOAD", self._get_env_value("RELOAD"))
# Environment
self._validate_environment('ENVIRONMENT', self._get_env_value('ENVIRONMENT'))
self._validate_log_level('LOG_LEVEL', self._get_env_value('LOG_LEVEL'))
self._validate_environment("ENVIRONMENT", self._get_env_value("ENVIRONMENT"))
self._validate_log_level("LOG_LEVEL", self._get_env_value("LOG_LEVEL"))
# Integer values
self._validate_integer('PORT', self._get_env_value('PORT'), 1, 65535)
self._validate_integer('WORKERS', self._get_env_value('WORKERS'), 1, 64)
self._validate_integer("PORT", self._get_env_value("PORT"), 1, 65535)
self._validate_integer("WORKERS", self._get_env_value("WORKERS"), 1, 64)
# Host validation
host = self._get_env_value('HOST')
if host and host not in ('0.0.0.0', '127.0.0.1', 'localhost'):
host = self._get_env_value("HOST")
valid_hosts = ("0.0.0.0", "127.0.0.1", "localhost") # nosec B104
if host and host not in valid_hosts:
# Basic IP validation
if not re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', host):
if not re.match(r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$", host):
self.warnings.append(f"HOST: Unusual host value '{host}'")
def validate_security_config(self) -> None:
@@ -242,45 +263,66 @@ class ConfigValidator:
print("🔍 Validating security configuration...")
# Secret key
secret_key = self._get_env_value('SECRET_KEY')
env = self._get_env_value('ENVIRONMENT', 'production').lower()
secret_key = self._get_env_value("SECRET_KEY")
env = self._get_env_value("ENVIRONMENT", "production").lower()
if secret_key:
if len(secret_key) < 32:
self.warnings.append("SECRET_KEY: Too short, use at least 32 characters")
if secret_key in ('your-secret-key-here', 'dev-secret-key-change-in-production'):
if env == 'production':
self.errors.append("SECRET_KEY: Using default/example secret key in production!")
self.warnings.append(
"SECRET_KEY: Too short, use at least 32 characters"
)
example_keys = (
"your-secret-key-here",
"dev-secret-key-change-in-production",
)
if secret_key in example_keys:
if env == "production":
self.errors.append(
"SECRET_KEY: Using default/example secret key " "in production!"
)
else:
self.warnings.append("SECRET_KEY: Using example secret key (OK for development)")
elif env == 'production':
self.warnings.append(
"SECRET_KEY: Using example secret key " "(OK for development)"
)
elif env == "production":
self.warnings.append("SECRET_KEY: Not set in production environment")
# Boolean security settings
self._validate_boolean('SECURITY_HEADERS', self._get_env_value('SECURITY_HEADERS'))
self._validate_boolean('CSP_ENABLED', self._get_env_value('CSP_ENABLED'))
self._validate_boolean(
"SECURITY_HEADERS", self._get_env_value("SECURITY_HEADERS")
)
self._validate_boolean("CSP_ENABLED", self._get_env_value("CSP_ENABLED"))
# HSTS settings
self._validate_integer('HSTS_MAX_AGE', self._get_env_value('HSTS_MAX_AGE'), 0)
self._validate_integer("HSTS_MAX_AGE", self._get_env_value("HSTS_MAX_AGE"), 0)
# CORS
cors_origins = self._get_env_value('CORS_ORIGINS')
if cors_origins != '*':
self._validate_json_array('CORS_ORIGINS', cors_origins)
cors_origins = self._get_env_value("CORS_ORIGINS")
if cors_origins != "*":
self._validate_json_array("CORS_ORIGINS", cors_origins)
# Allowed hosts
self._validate_json_array('ALLOWED_HOSTS', self._get_env_value('ALLOWED_HOSTS'))
self._validate_json_array("ALLOWED_HOSTS", self._get_env_value("ALLOWED_HOSTS"))
def validate_feature_flags(self) -> None:
"""Validate feature flags."""
print("🔍 Validating feature flags...")
feature_flags = [
'ENABLE_API_METRICS', 'ENABLE_REQUEST_LOGGING',
'ENABLE_TEMPLATE_CACHING', 'ENABLE_VALIDATION_CACHING',
'HEALTH_CHECK_ENABLED', 'METRICS_ENABLED', 'TRACING_ENABLED',
'API_DOCS_ENABLED', 'SWAGGER_UI_ENABLED', 'REDOC_ENABLED',
'HOT_RELOAD', 'SOURCE_MAPS', 'MINIFY_ASSETS', 'COMPRESS_RESPONSES'
"ENABLE_API_METRICS",
"ENABLE_REQUEST_LOGGING",
"ENABLE_TEMPLATE_CACHING",
"ENABLE_VALIDATION_CACHING",
"HEALTH_CHECK_ENABLED",
"METRICS_ENABLED",
"TRACING_ENABLED",
"API_DOCS_ENABLED",
"SWAGGER_UI_ENABLED",
"REDOC_ENABLED",
"HOT_RELOAD",
"SOURCE_MAPS",
"MINIFY_ASSETS",
"COMPRESS_RESPONSES",
]
for flag in feature_flags:
@@ -291,64 +333,107 @@ class ConfigValidator:
print("🔍 Validating performance configuration...")
# Timeout settings
self._validate_integer('REQUEST_TIMEOUT', self._get_env_value('REQUEST_TIMEOUT'), 1, 3600)
self._validate_integer('KEEPALIVE_TIMEOUT', self._get_env_value('KEEPALIVE_TIMEOUT'), 1, 300)
self._validate_integer('MAX_CONNECTIONS', self._get_env_value('MAX_CONNECTIONS'), 1, 10000)
self._validate_integer(
"REQUEST_TIMEOUT", self._get_env_value("REQUEST_TIMEOUT"), 1, 3600
)
self._validate_integer(
"KEEPALIVE_TIMEOUT", self._get_env_value("KEEPALIVE_TIMEOUT"), 1, 300
)
self._validate_integer(
"MAX_CONNECTIONS", self._get_env_value("MAX_CONNECTIONS"), 1, 10000
)
# Cache settings
self._validate_integer('TEMPLATE_CACHE_TTL', self._get_env_value('TEMPLATE_CACHE_TTL'), 0)
self._validate_integer('VALIDATION_CACHE_TTL', self._get_env_value('VALIDATION_CACHE_TTL'), 0)
self._validate_integer(
"TEMPLATE_CACHE_TTL", self._get_env_value("TEMPLATE_CACHE_TTL"), 0
)
self._validate_integer(
"VALIDATION_CACHE_TTL", self._get_env_value("VALIDATION_CACHE_TTL"), 0
)
# File upload
self._validate_integer('MAX_UPLOAD_SIZE', self._get_env_value('MAX_UPLOAD_SIZE'), 1024)
self._validate_file_extensions('ALLOWED_EXTENSIONS', self._get_env_value('ALLOWED_EXTENSIONS'))
self._validate_integer(
"MAX_UPLOAD_SIZE", self._get_env_value("MAX_UPLOAD_SIZE"), 1024
)
self._validate_file_extensions(
"ALLOWED_EXTENSIONS", self._get_env_value("ALLOWED_EXTENSIONS")
)
def validate_production_readiness(self) -> None:
"""Validate production readiness."""
print("🔍 Validating production readiness...")
env = self._get_env_value('ENVIRONMENT', 'production').lower()
debug = self._get_env_value('DEBUG', 'false').lower() in ('true', '1', 'yes', 'on')
env = self._get_env_value("ENVIRONMENT", "production").lower()
debug = self._get_env_value("DEBUG", "false").lower() in (
"true",
"1",
"yes",
"on",
)
if env == 'production':
if env == "production":
if debug:
self.errors.append("Production environment should not have DEBUG=true")
if not self._get_env_value('SECRET_KEY'):
if not self._get_env_value("SECRET_KEY"):
self.errors.append("Production environment must have SECRET_KEY set")
cors_origins = self._get_env_value('CORS_ORIGINS', '*')
if cors_origins == '*':
self.warnings.append("Production environment using wildcard CORS origins")
cors_origins = self._get_env_value("CORS_ORIGINS", "*")
if cors_origins == "*":
self.warnings.append(
"Production environment using wildcard CORS origins"
)
if self._get_env_value('SECURITY_HEADERS', 'true').lower() not in ('true', '1', 'yes', 'on'):
self.warnings.append("Production environment should enable SECURITY_HEADERS")
security_headers = self._get_env_value("SECURITY_HEADERS", "true").lower()
if security_headers not in ("true", "1", "yes", "on"):
self.warnings.append(
"Production environment should enable SECURITY_HEADERS"
)
workers = int(self._get_env_value('WORKERS', '4'))
workers = int(self._get_env_value("WORKERS", "4"))
if workers < 2:
self.warnings.append("Production environment should use multiple workers")
self.warnings.append(
"Production environment should use multiple workers"
)
def check_environment_consistency(self) -> None:
"""Check for environment consistency issues."""
print("🔍 Checking environment consistency...")
# Debug mode consistency
debug = self._get_env_value('DEBUG', 'false').lower() in ('true', '1', 'yes', 'on')
env = self._get_env_value('ENVIRONMENT', 'production').lower()
log_level = self._get_env_value('LOG_LEVEL', 'info').lower()
debug = self._get_env_value("DEBUG", "false").lower() in (
"true",
"1",
"yes",
"on",
)
env = self._get_env_value("ENVIRONMENT", "production").lower()
log_level = self._get_env_value("LOG_LEVEL", "info").lower()
if debug and env == 'production':
if debug and env == "production":
self.warnings.append("DEBUG mode enabled in production environment")
if debug and log_level not in ('debug', 'info'):
if debug and log_level not in ("debug", "info"):
self.warnings.append("DEBUG mode with non-debug log level")
# Performance consistency
hot_reload = self._get_env_value('HOT_RELOAD', 'false').lower() in ('true', '1', 'yes', 'on')
minify = self._get_env_value('MINIFY_ASSETS', 'true').lower() in ('true', '1', 'yes', 'on')
hot_reload = self._get_env_value("HOT_RELOAD", "false").lower() in (
"true",
"1",
"yes",
"on",
)
minify = self._get_env_value("MINIFY_ASSETS", "true").lower() in (
"true",
"1",
"yes",
"on",
)
if hot_reload and minify:
self.warnings.append("HOT_RELOAD and MINIFY_ASSETS both enabled (unusual for development)")
self.warnings.append(
"HOT_RELOAD and MINIFY_ASSETS both enabled " "(unusual for development)"
)
def validate_all(self) -> Tuple[int, int, int]:
"""Run all validations and return counts."""
@@ -366,9 +451,9 @@ class ConfigValidator:
def print_results(self) -> None:
"""Print validation results."""
print("\n" + "="*60)
print("\n" + "=" * 60)
print("🔍 CONFIGURATION VALIDATION RESULTS")
print("="*60)
print("=" * 60)
if self.info:
print(f"\n📋 Information ({len(self.info)}):")
@@ -385,7 +470,7 @@ class ConfigValidator:
for msg in self.errors:
print(f"{msg}")
print(f"\n📊 Summary:")
print("\n📊 Summary:")
print(f" • Errors: {len(self.errors)}")
print(f" • Warnings: {len(self.warnings)}")
print(f" • Info: {len(self.info)}")
@@ -397,37 +482,33 @@ class ConfigValidator:
else:
print("\n❌ Configuration validation failed.")
print("="*60)
print("=" * 60)
def main():
def main() -> None:
"""Main function."""
parser = argparse.ArgumentParser(
description="Validate UnitForge environment configuration",
formatter_class=argparse.RawDescriptionHelpFormatter
formatter_class=argparse.RawDescriptionHelpFormatter,
)
parser.add_argument(
'--env-file',
type=str,
help="Path to environment file to load (default: .env)"
"--env-file", type=str, help="Path to environment file to load (default: .env)"
)
parser.add_argument(
'--check-all',
action='store_true',
help="Run all validation checks including production readiness"
"--check-all",
action="store_true",
help="Run all validation checks including production readiness",
)
parser.add_argument(
'--quiet',
action='store_true',
help="Suppress informational output"
"--quiet", action="store_true", help="Suppress informational output"
)
args = parser.parse_args()
# Default to .env if it exists
env_file = args.env_file
if not env_file and Path('.env').exists():
env_file = '.env'
if not env_file and Path(".env").exists():
env_file = ".env"
validator = ConfigValidator(env_file)