studio/wfe - wfe - Gitea: Git with a cup of tea

studio/wfe

Author	SHA1	Message	Date
Sienna Meridian Satterwhite	02a574b24e	style: apply cargo fmt workspace-wide Pure formatting pass from `cargo fmt --all`. No logic changes. Separating this out so the 1.9 release feature commits that follow show only their intentional edits.	2026-04-07 18:44:21 +01:00
Sienna Meridian Satterwhite	1b873d93f3	feat(wfe-server): gRPC reflection, auto-generated schema endpoints, Dockerfile - tonic-reflection for gRPC service discovery - /schema/workflow.json (JSON Schema from schemars derives) - /schema/workflow.yaml (same schema in YAML) - /schema/workflow.proto (raw proto file) - Multi-stage alpine Dockerfile with all executor features - Comprehensive configuration reference (wfe-server/README.md) - Release script (scripts/release.sh) - Bumped to 1.8.1	2026-04-06 23:47:42 +01:00
Sienna Meridian Satterwhite	6f4700ef89	feat(wfe-server): Dockerfile and configuration reference Multi-stage alpine build targeting sunbeam-remote buildx builder. Comprehensive README documenting all config options, env vars, auth methods (static tokens, OIDC/JWT, webhook HMAC), and backends.	2026-04-06 21:01:28 +01:00
Sienna Meridian Satterwhite	2f6dba296f	chore: bump version to 1.8.0, update CHANGELOG	2026-04-06 18:14:03 +01:00
Sienna Meridian Satterwhite	4b8e544ab8	chore: bump version to 1.7.0, update CHANGELOG	2026-04-05 22:29:05 +01:00
Sienna Meridian Satterwhite	ead883f714	chore: bump version to 1.6.3, update CHANGELOG	2026-04-05 19:55:44 +01:00
Sienna Meridian Satterwhite	2b244348ca	chore: bump version to 1.6.2, update CHANGELOG	2026-04-05 12:45:25 +01:00
Sienna Meridian Satterwhite	6c16c89379	fix: add version + registry to wfe-server path deps for publishing	2026-04-05 12:01:02 +01:00
Sienna Meridian Satterwhite	cbbeaf6d67	feat(wfe-server): headless workflow server with gRPC, webhooks, and OIDC auth Single-binary server exposing the WFE engine over gRPC (13 RPCs) with HTTP webhook support (GitHub, Gitea, generic events). Features: - gRPC API: workflow CRUD, lifecycle event streaming, log streaming, log search via OpenSearch - HTTP webhooks: HMAC-SHA256 verified GitHub/Gitea webhooks with configurable triggers that auto-start workflows - OIDC/JWT auth: discovers JWKS from issuer, validates with asymmetric algorithm allowlist to prevent algorithm confusion attacks - Static bearer token auth with constant-time comparison - Lifecycle event broadcasting via tokio::broadcast - Log streaming: real-time stdout/stderr via LogSink trait, history replay, follow mode - Log search: full-text search via OpenSearch with workflow/step/stream filters - Layered config: CLI flags > env vars > TOML file - Fail-closed on OIDC discovery failure, fail-loud on config parse errors - 2MB webhook payload size limit - Blocked sensitive env var injection (PATH, LD_PRELOAD, etc.)	2026-04-01 14:37:25 +01:00

9 Commits