studio/wfe
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 10 Activity

Compare commits

base: studio:v1.8.1
Branches Tags
studio:mainline
studio:v1.8.1 studio:v1.8.0 studio:v1.7.0 studio:v1.6.3 studio:v1.6.2 studio:v1.6.1 studio:v1.6.0 studio:v1.5.0 studio:v1.4.0 studio:v1.0.0
..
compare: studio:mainline
Branches Tags
studio:mainline
studio:v1.8.1 studio:v1.8.0 studio:v1.7.0 studio:v1.6.3 studio:v1.6.2 studio:v1.6.1 studio:v1.6.0 studio:v1.5.0 studio:v1.4.0 studio:v1.0.0

17 Commits
v1.8.1 ... mainline

Author SHA1 Message Date
Sienna Meridian Satterwhite
8473b9ca8d test: comprehensive coverage expansion for 1.9 
Expand tests across three main areas:

1. **Host name/resolve tests** (10 new): auto-sequence naming,
   explicit override, whitespace rejection, UUID/name interchangeable
   lookup, suspend/resume/terminate via name, nonexistent error,
   resume-non-suspended no-op.

2. **Shared persistence suite** (14 new, shared by sqlite/postgres/
   in-memory): next_definition_sequence, get_workflow_instance_by_name,
   root_workflow_id round-trip, subscription token lifecycle, first
   open subscription, persist_workflow_with_subscriptions,
   mark_event_unprocessed, get_events filtering, batch
   get_workflow_instances, WorkflowNotFound, ensure_store_exists
   idempotency, execution pointer full round-trip, scheduled commands.
   Queue suite: 4 new. Lock suite: 3 new.

3. **Multi-step K8s integration test**: 4-step pipeline across 3
   different container images proving cross-image /workspace sharing
   through a SharedVolume PVC, bash shell override with pipefail +
   arrays, workflow.data env mapping, and output capture.
 2026-04-09 15:48:24 +01:00
Sienna Meridian Satterwhite
f6a7a3c360 feat(workflows.yaml): shared_volume + shell config; fix(wfe-server): log_search probe + webhook tests 
- workflows.yaml: declare `shared_volume: { mount_path: /workspace,
  size: 30Gi }` on the ci workflow so all sub-workflows share a PVC;
  set `shell: /bin/bash` on ci_config/ci_long_config anchors.

- log_search.rs: fix opensearch_url() TCP probe to resolve hostnames
  (not just IPs); make ensure_index handle resource_already_exists
  races gracefully.

- webhook.rs: 14 new handler-level tests covering generic event auth
  (accept/reject/missing), GitHub/Gitea HMAC verification, bad JSON
  400s, trigger matching, trigger ref-mismatch skip, and real
  workflow-start side effect verification.
 2026-04-09 15:46:25 +01:00
Sienna Meridian Satterwhite
48e5d9a26f feat(persistence+k8s): root_workflow_id schema, PVC provisioning, name fallback, host name-or-UUID 2026-04-09 15:45:47 +01:00
Sienna Meridian Satterwhite
2aaf3c16c9 feat(wfe-core): root_workflow_id, SharedVolume, configurable shell, StepExecutionContext.definition 2026-04-09 15:44:59 +01:00
Sienna Meridian Satterwhite
7214d0ab5d style: cargo fmt fixup for 1.9 feature edits 2026-04-07 20:14:50 +01:00
Sienna Meridian Satterwhite
41df3c2dfd chore: bump workspace to 1.9.0 + CHANGELOG 
Workspace version goes from 1.8.1 → 1.9.0. Internal crate deps that
carry an explicit version (wfe-buildkit-protos, wfe-containerd-protos,
wfe in wfe-deno) are bumped to match.

CHANGELOG.md documents the release under `## [1.9.0] - 2026-04-07`:

* wfectl CLI with 17 subcommands
* wfectl validate (local YAML compile, no round-trip)
* Human-friendly workflow names (instance sequencing + definition
  display name)
* wfe-server full feature set (kubernetes + deno + buildkit +
  containerd + rustlang) on a debian base
* wfe-ci builder Dockerfile
* /bin/bash for run scripts
* ensure_store_exists called on host start
* SubWorkflowStep parent data inheritance
* workflows.yaml restructured for YAML 1.1 shallow-merge semantics
 2026-04-07 19:12:26 +01:00
Sienna Meridian Satterwhite
6cc1437f0c feat(workflows.yaml): display names + restructure for shallow-merge 
Two scope changes that together get the self-hosted wfe CI pipeline
passing against builds.sunbeam.pt.

1. Add `name:` display names to all 12 workflow definitions
   (Continuous Integration, Unit Tests, Build Image, etc.) so the
   new wfectl tables and UIs have human-friendly labels alongside
   the slug ids.

2. Restructure step references from the old `<<: *ci_step` / `<<:
   *ci_long` anchors to inner-config merges of the form:

       - name: foo
         type: kubernetes
         config:
           <<: *ci_config
           run: |
             ...

   YAML 1.1 merge keys are *shallow*. The old anchors put `config:`
   on the top-level step, then the step's own `config:` block
   replaced it wholesale — image, memory, cpu, env all vanished.
   The new pattern merges at the `config:` level so step-specific
   fields (`run:`, `outputs:`, etc.) sit alongside the inherited
   `image:`, `memory:`, `cpu:`, `env:`.

3. Secret env vars (GITEA_TOKEN, TEA_TOKEN, CARGO_REGISTRIES_*,
   BUILDKIT_*) moved into the shared `ci_env` anchor. Individual
   steps used to declare their own `env:` blocks which — again due
   to shallow merge — would replace the whole inherited env map.
 2026-04-07 19:11:50 +01:00
Sienna Meridian Satterwhite
0c239cd484 feat(wfectl): new CLI client + wfe-ci builder image 
wfectl is a command-line client for wfe-server with 17 subcommands
covering the full workflow lifecycle:

* Auth: login (OAuth2 PKCE via Ory Hydra), logout, whoami
* Definitions: register (YAML → gRPC), validate (local compile),
  definitions list
* Instances: run, get, list, cancel, suspend, resume
* Events: publish
* Streaming: watch (lifecycle), logs, search-logs (full-text)

Key design points:

* `validate` compiles YAML locally via `wfe-yaml::load_workflow_from_str`
  with the full executor feature set enabled — instant feedback, no
  server round-trip, no auth required. Uses the same compile path as
  the server's `register` RPC so what passes validation is guaranteed
  to register.
* Lookup commands accept either UUID or human name; the server
  resolves the identifier for us. Display tables show both columns.
* `run --name <N>` lets users override the auto-generated
  `{def_id}-{N}` instance name when they want a sticky reference.
* Table and JSON output formats, shared bearer-token or cached-login
  auth path, direct token injection via `WFECTL_TOKEN`.
* 5 new unit tests for the validate command cover happy path, unknown
  step type rejection, and missing file handling.

Dockerfile.ci ships the prebuilt image used as the `image:` for
kubernetes CI steps: rust stable, cargo-nextest, cargo-llvm-cov,
sccache (configured via WFE_SCCACHE_* env), buildctl for in-cluster
buildkitd, kubectl, tea for Gitea releases, and git. Published to
`src.sunbeam.pt/studio/wfe-ci:latest`.
 2026-04-07 19:09:26 +01:00
Sienna Meridian Satterwhite
34209470c3 feat(wfe-server): full feature set, debian base, name resolution in gRPC 
Proto changes:

* Add `name` to `WorkflowInstance`, `WorkflowSearchResult`,
  `RegisteredDefinition`, and `DefinitionSummary` messages.
* Add optional `name` override to `StartWorkflowRequest` and echo the
  assigned name back in `StartWorkflowResponse`.
* Document that `GetWorkflowRequest.workflow_id` accepts UUID or
  human name.

gRPC handler changes:

* `start_workflow` honors the optional name override and reads the
  instance back to return the assigned name to clients.
* `get_workflow` flows through `WorkflowHost::get_workflow`, which
  already falls back from UUID to name lookup.
* `stream_logs`, `watch_lifecycle`, and `search_logs` resolve
  name-or-UUID up front so the LogStore/lifecycle bus (keyed by
  UUID) subscribe to the right instance.
* `register_workflow` propagates the definition's display name into
  `RegisteredDefinition.name`.

Crate build changes:

* Enable the full executor feature set on wfe-yaml —
  `rustlang,buildkit,containerd,kubernetes,deno` — so the shipped
  binary recognizes every step type users can write.
* Dockerfile switched from `rust:alpine` to `rust:1-bookworm` +
  `debian:bookworm-slim` runtime. `deno_core` bundles a v8 binary
  that only ships glibc; alpine/musl can't link it without building
  v8 from source.
 2026-04-07 19:07:52 +01:00
Sienna Meridian Satterwhite
d88af54db9 feat(wfe-yaml): optional display name on workflow spec + schema tests 
Add an optional `name` field to `WorkflowSpec` so YAML authors can
declare a human-friendly display name alongside the existing slug
`id`. The compiler copies it through to `WorkflowDefinition.name`,
which surfaces in definitions listings, run tables, and JSON output.
Slug `id` remains the primary lookup key.

Also adds a small smoke test for the schema generators to catch
regressions in `generate_json_schema` / `generate_yaml_schema`.
 2026-04-07 19:07:30 +01:00
Sienna Meridian Satterwhite
be0b93e959 feat(wfe): auto-assign workflow names + ensure store + name-or-UUID lookups 
Three related host.rs changes that together make the 1.9 name support
end-to-end functional.

1. `WorkflowHost::start()` now calls `persistence.ensure_store_exists()`.
   The method existed on the trait and was implemented by every
   provider but nothing ever invoked it, so the Postgres/SQLite schema
   was never auto-created on startup — deployments failed on first
   persist with `relation "wfc.workflows" does not exist`.

2. New `start_workflow_with_name` entry point accepting an optional
   caller-supplied name override. The normal `start_workflow` is now a
   thin wrapper that passes `None` (auto-assign). The default path
   calls `next_definition_sequence(definition_id)` and formats the
   result as `{definition_id}-{N}` before persisting. Sub-workflow
   children also get auto-assigned names via HostContextImpl.

3. `get_workflow`/`suspend_workflow`/`resume_workflow`/
   `terminate_workflow` now accept either a UUID or a human-friendly
   name. `get_workflow` tries the UUID index first, then falls back to
   name lookup. A new `resolve_workflow_id` helper returns the
   canonical UUID so the gRPC log/lifecycle streams (which are keyed
   by UUID internally) can translate before subscribing.
 2026-04-07 19:01:02 +01:00
Sienna Meridian Satterwhite
9af1a0d276 feat(persistence): name column, name lookup, definition sequence counter 
Land the `name` field and `next_definition_sequence` counter in the
two real persistence backends. Both providers:

* Add `name TEXT NOT NULL UNIQUE` to the `workflows` table.
* Add a `definition_sequences` table (`definition_id, next_num`) with
  an atomic UPSERT + RETURNING to give the host a race-free monotonic
  counter for `{def_id}-{N}` name generation.
* INSERT/UPDATE queries now include `name`; SELECT row parsers hydrate
  it back onto `WorkflowInstance`.
* New `get_workflow_instance_by_name` method for name-based lookups
  used by grpc handlers.

Postgres includes a DO-block migration that back-fills `name` from
`id` on pre-existing deployments so the NOT NULL + UNIQUE invariant
holds retroactively; callers can overwrite with a real name on the
next persist.
 2026-04-07 18:58:25 +01:00
Sienna Meridian Satterwhite
d9b9c5651e feat(wfe-core): human-friendly workflow names 
Add a `name` field to both `WorkflowDefinition` (optional display name
declared in YAML, e.g. "Continuous Integration") and `WorkflowInstance`
(required, unique alongside the UUID primary key). Instance names are
auto-assigned as `{definition_id}-{N}` via a per-definition monotonic
counter so the 42nd run of `ci` becomes `ci-42`.

Persistence trait gains two methods:

* `get_workflow_instance_by_name` — name-based lookup for Get/Cancel/
  Suspend/Resume/Watch/Logs RPCs so callers can address instances
  interchangeably as either UUID or human name.
* `next_definition_sequence` — atomic per-definition counter used by
  the host at start time to allocate the next N.

This commit wires the in-memory test provider and touches the deno
bridge test helper; the real postgres/sqlite impls follow in the next
commit. UUIDs remain the primary key throughout — names are a second
unique index, never a replacement.
 2026-04-07 18:58:12 +01:00
Sienna Meridian Satterwhite
883471181d fix(wfe-kubernetes): run scripts under /bin/bash for pipefail support 
Kubernetes step jobs with a `run:` block were invoked via
`/bin/sh -c <script>`. On debian-family base images that resolves to
dash, which rejects `set -o pipefail` ("Illegal option") and other
bashisms (arrays, process substitution, `{1..10}`). The first line of
nearly every real CI script relies on `set -euo pipefail`, so the
steps were failing with exit code 2 before running a single command.

Switch to `/bin/bash -c` so `run:` scripts can rely on the bash
feature set. Containers that lack bash should use the explicit
`command:` form instead.
 2026-04-07 18:55:10 +01:00
Sienna Meridian Satterwhite
02a574b24e style: apply cargo fmt workspace-wide 
Pure formatting pass from `cargo fmt --all`. No logic changes. Separating
this out so the 1.9 release feature commits that follow show only their
intentional edits.
 2026-04-07 18:44:21 +01:00
Sienna Meridian Satterwhite
3915bcc1ec fix(wfe-core): sub-workflow inherits parent workflow data 
SubWorkflowStep was hard-coding `inputs: serde_json::Value::Null` from
the YAML compiler, so every `type: workflow` step kicked off a child
instance with an empty data object. Scripts in child workflows then
saw empty `$REPO_URL`, `$COMMIT_SHA`, etc. and failed immediately.

Now: when no explicit inputs are set, the child inherits the parent
workflow's data (when it's an object). Scripts in child workflows can
reference the same top-level inputs the parent was started with without
every `type: workflow` step needing to re-declare them.
 2026-04-07 18:38:41 +01:00
Sienna Meridian Satterwhite
da26f142ee chore: ignore local dev sqlite + generated schema artifacts 
Local dev runs with the SQLite backend leave `wfe.db{,-shm,-wal}` files
in the repo root, and `workflows.schema.yaml` is a generated artifact
we prefer to fetch from the running server's `/schema/workflow.yaml`
endpoint rather than checking in.
 2026-04-07 18:37:30 +01:00
162 changed files with 9715 additions and 2142 deletions
Expand all files Collapse all files

6
.gitignore vendored
View File

@@ -4,3 +4,9 @@ Cargo.lock
*.swo
.DS_Store
.env*
# Local dev SQLite database + WAL companions
/wfe.db
/wfe.db-shm
/wfe.db-wal
# Auto-generated schema artifact (server endpoint is the source of truth)
/workflows.schema.yaml

51
CHANGELOG.md
View File

@@ -2,6 +2,57 @@
All notable changes to this project will be documented in this file.
## [1.9.0] - 2026-04-07
### Added
- **wfectl**: New command-line client for wfe-server with 17 subcommands
(login, logout, whoami, register, validate, definitions, run, get, list,
cancel, suspend, resume, publish, watch, logs, search-logs). Supports
OAuth2 PKCE login flow via Ory Hydra, direct bearer-token auth, and
configurable output formats (table/JSON).
- **wfectl validate**: Local YAML validation command that compiles workflow
files in-process via `wfe-yaml` with the full executor feature set
(rustlang, buildkit, containerd, kubernetes, deno). No server round-trip
or auth required — instant feedback before push.
- **Human-friendly workflow names**: `WorkflowInstance` now has a `name`
field (unique alongside the UUID primary key). The host auto-assigns
`{definition_id}-{N}` using a per-definition monotonic counter, with
optional caller override via `start_workflow_with_name` /
`StartWorkflowRequest.name`. All gRPC read/mutate APIs accept either the
UUID or the human name interchangeably. `WorkflowDefinition` now has an
optional display `name` declared in YAML (e.g. `name: "Continuous
Integration"`) that surfaces in listings.
- **wfe-server**: Full executor feature set enabled in the shipped binary —
kubernetes, deno, buildkit, containerd, rustlang step types all compiled
in.
- **wfe-server**: Dockerfile switched from `rust:alpine` to
`rust:1-bookworm` + `debian:bookworm-slim` runtime because `deno_core`'s
bundled v8 only ships glibc binaries.
- **wfe-ci**: New `Dockerfile.ci` builder image with rust stable,
cargo-nextest, cargo-llvm-cov, sccache, buildctl, kubectl, tea, git.
Used as the base image for kubernetes-executed CI steps.
- **wfe-kubernetes**: `run:` scripts now execute under `/bin/bash -c`
instead of `/bin/sh -c` so workflows can rely on `set -o pipefail`,
process substitution, arrays, and other bashisms dash doesn't support.
### Fixed
- **wfe**: `WorkflowHost::start()` now calls
`persistence.ensure_store_exists()`, which was previously defined but
never invoked — the Postgres/SQLite schema was never auto-created on
startup, causing `relation "wfc.workflows" does not exist` errors on
first run.
- **wfe-core**: `SubWorkflowStep` now inherits the parent workflow's data
when no explicit inputs are set, so child workflows see the same
top-level fields (e.g. `$REPO_URL`, `$COMMIT_SHA`) without every
`type: workflow` step having to re-declare them.
- **workflows.yaml**: Restructured all step references from
`<<: *ci_step` / `<<: *ci_long` (which relied on YAML 1.1 shallow merge
over-writing the `config:` block) to inner-config merges of the form
`config: {<<: *ci_config, ...}`. Secret env vars moved into the shared
`ci_env` anchor so individual steps don't fight the shallow merge.
## [1.8.1] - 2026-04-06
### Added

25
Cargo.toml
View File

@@ -1,9 +1,9 @@
[workspace]
members = ["wfe-core", "wfe-sqlite", "wfe-postgres", "wfe-opensearch", "wfe-valkey", "wfe", "wfe-yaml", "wfe-buildkit", "wfe-containerd", "wfe-containerd-protos", "wfe-buildkit-protos", "wfe-rustlang", "wfe-server-protos", "wfe-server", "wfe-kubernetes", "wfe-deno"]
members = ["wfe-core", "wfe-sqlite", "wfe-postgres", "wfe-opensearch", "wfe-valkey", "wfe", "wfe-yaml", "wfe-buildkit", "wfe-containerd", "wfe-containerd-protos", "wfe-buildkit-protos", "wfe-rustlang", "wfe-server-protos", "wfe-server", "wfe-kubernetes", "wfe-deno", "wfectl"]
resolver = "2"
[workspace.package]
version = "1.8.1"
version = "1.9.0"
edition = "2024"
license = "MIT"
repository = "https://src.sunbeam.pt/studio/wfe"
@@ -38,16 +38,17 @@ redis = { version = "0.27", features = ["tokio-comp", "connection-manager"] }
opensearch = "2"
# Internal crates
wfe-core = { version = "1.8.1", path = "wfe-core", registry = "sunbeam" }
wfe-sqlite = { version = "1.8.1", path = "wfe-sqlite", registry = "sunbeam" }
wfe-postgres = { version = "1.8.1", path = "wfe-postgres", registry = "sunbeam" }
wfe-opensearch = { version = "1.8.1", path = "wfe-opensearch", registry = "sunbeam" }
wfe-valkey = { version = "1.8.1", path = "wfe-valkey", registry = "sunbeam" }
wfe-yaml = { version = "1.8.1", path = "wfe-yaml", registry = "sunbeam" }
wfe-buildkit = { version = "1.8.1", path = "wfe-buildkit", registry = "sunbeam" }
wfe-containerd = { version = "1.8.1", path = "wfe-containerd", registry = "sunbeam" }
wfe-rustlang = { version = "1.8.1", path = "wfe-rustlang", registry = "sunbeam" }
wfe-kubernetes = { version = "1.8.1", path = "wfe-kubernetes", registry = "sunbeam" }
wfe-core = { version = "1.9.0", path = "wfe-core", registry = "sunbeam" }
wfe-sqlite = { version = "1.9.0", path = "wfe-sqlite", registry = "sunbeam" }
wfe-postgres = { version = "1.9.0", path = "wfe-postgres", registry = "sunbeam" }
wfe-opensearch = { version = "1.9.0", path = "wfe-opensearch", registry = "sunbeam" }
wfe-valkey = { version = "1.9.0", path = "wfe-valkey", registry = "sunbeam" }
wfe-yaml = { version = "1.9.0", path = "wfe-yaml", registry = "sunbeam" }
wfe-buildkit = { version = "1.9.0", path = "wfe-buildkit", registry = "sunbeam" }
wfe-containerd = { version = "1.9.0", path = "wfe-containerd", registry = "sunbeam" }
wfe-rustlang = { version = "1.9.0", path = "wfe-rustlang", registry = "sunbeam" }
wfe-kubernetes = { version = "1.9.0", path = "wfe-kubernetes", registry = "sunbeam" }
wfe-server-protos = { version = "1.9.0", path = "wfe-server-protos", registry = "sunbeam" }
# YAML
serde_yaml = "0.9"

21
Dockerfile
View File

@@ -1,7 +1,14 @@
# Stage 1: Build
FROM rust:alpine AS builder
#
# Using debian-slim (glibc) rather than alpine because deno_core's bundled v8
# only ships glibc binaries — building v8 under musl from source is impractical
# and we need the full feature set (rustlang, buildkit, containerd, kubernetes,
# deno) compiled into wfe-server.
FROM rust:1-bookworm AS builder
RUN apk add --no-cache musl-dev protobuf-dev openssl-dev openssl-libs-static pkgconfig
RUN apt-get update && apt-get install -y --no-install-recommends \
protobuf-compiler libprotobuf-dev libssl-dev pkg-config ca-certificates \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /build
COPY . .
@@ -11,17 +18,19 @@ RUN mkdir -p .cargo && printf '[registries.sunbeam]\nindex = "sparse+https://src
RUN cargo build --release --bin wfe-server \
-p wfe-server \
--features "wfe-yaml/rustlang,wfe-yaml/buildkit,wfe-yaml/containerd,wfe-yaml/kubernetes" \
--features "wfe-yaml/rustlang,wfe-yaml/buildkit,wfe-yaml/containerd,wfe-yaml/kubernetes,wfe-yaml/deno" \
&& strip target/release/wfe-server
# Stage 2: Runtime
FROM alpine:3.21
FROM debian:bookworm-slim
RUN apk add --no-cache ca-certificates tini
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates tini libssl3 \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /build/target/release/wfe-server /usr/local/bin/wfe-server
RUN adduser -D -u 1000 wfe
RUN useradd -u 1000 -m wfe
USER wfe
EXPOSE 50051 8080

55
Dockerfile.ci Normal file
View File

@@ -0,0 +1,55 @@
# wfe-ci: Prebuilt image for running wfe CI workflows in Kubernetes.
#
# Contains:
# - Rust stable toolchain
# - cargo-nextest, cargo-llvm-cov
# - sccache (configured via env vars from Vault)
# - buildkit client (buildctl) for in-cluster buildkitd
# - tea CLI for Gitea release management
# - git, curl, kubectl
#
# Usage in workflows: type: kubernetes, image: src.sunbeam.pt/studio/wfe-ci:latest
FROM rust:bookworm
# System packages
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
curl \
git \
jq \
libssl-dev \
pkg-config \
protobuf-compiler \
unzip \
xz-utils \
&& rm -rf /var/lib/apt/lists/*
# Cargo tools
RUN cargo install --locked cargo-nextest cargo-llvm-cov sccache && \
rm -rf /usr/local/cargo/registry
# Buildkit client (buildctl)
ARG BUILDKIT_VERSION=v0.28.0
RUN curl -fsSL "https://github.com/moby/buildkit/releases/download/${BUILDKIT_VERSION}/buildkit-${BUILDKIT_VERSION}.linux-amd64.tar.gz" \
| tar -xz -C /usr/local --strip-components=1 bin/buildctl
# kubectl
RUN curl -fsSL "https://dl.k8s.io/release/$(curl -fsSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
-o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl
# tea CLI for Gitea
ARG TEA_VERSION=0.11.0
RUN curl -fsSL "https://gitea.com/gitea/tea/releases/download/v${TEA_VERSION}/tea-${TEA_VERSION}-linux-amd64" \
-o /usr/local/bin/tea && chmod +x /usr/local/bin/tea
# llvm tools (needed by cargo-llvm-cov)
RUN rustup component add llvm-tools-preview
# Sccache wrapper config — expects SCCACHE_S3_ENDPOINT, SCCACHE_BUCKET, etc. via env.
ENV RUSTC_WRAPPER=/usr/local/cargo/bin/sccache \
CARGO_INCREMENTAL=0
WORKDIR /workspace
CMD ["bash"]

2
wfe-buildkit/Cargo.toml
View File

@@ -16,7 +16,7 @@ async-trait = { workspace = true }
tracing = { workspace = true }
thiserror = { workspace = true }
regex = { workspace = true }
wfe-buildkit-protos = { version = "1.8.1", path = "../wfe-buildkit-protos", registry = "sunbeam" }
wfe-buildkit-protos = { version = "1.9.0", path = "../wfe-buildkit-protos", registry = "sunbeam" }
tonic = "0.14"
tower = { version = "0.4", features = ["util"] }
hyper-util = { version = "0.1", features = ["tokio"] }

2
wfe-buildkit/src/lib.rs
View File

@@ -2,4 +2,4 @@ pub mod config;
pub mod step;
pub use config::{BuildkitConfig, RegistryAuth, TlsConfig};
pub use step::{build_output_data, parse_digest, BuildkitStep};
pub use step::{BuildkitStep, build_output_data, parse_digest};

50
wfe-buildkit/src/step.rs
View File

@@ -9,9 +9,9 @@ use wfe_buildkit_protos::moby::buildkit::v1::control_client::ControlClient;
use wfe_buildkit_protos::moby::buildkit::v1::{
CacheOptions, CacheOptionsEntry, Exporter, SolveRequest, StatusRequest,
};
use wfe_core::WfeError;
use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_core::WfeError;
use crate::config::BuildkitConfig;
@@ -45,10 +45,7 @@ impl BuildkitStep {
tracing::info!(addr = %addr, "connecting to BuildKit daemon");
let channel = if addr.starts_with("unix://") {
let socket_path = addr
.strip_prefix("unix://")
.unwrap()
.to_string();
let socket_path = addr.strip_prefix("unix://").unwrap().to_string();
// Verify the socket exists before attempting connection.
if !Path::new(&socket_path).exists() {
@@ -60,9 +57,7 @@ impl BuildkitStep {
// tonic requires a dummy URI for Unix sockets; the actual path
// is provided via the connector.
Endpoint::try_from("http://[::]:50051")
.map_err(|e| {
WfeError::StepExecution(format!("failed to create endpoint: {e}"))
})?
.map_err(|e| WfeError::StepExecution(format!("failed to create endpoint: {e}")))?
.connect_with_connector(tower::service_fn(move |_: Uri| {
let path = socket_path.clone();
async move {
@@ -231,10 +226,7 @@ impl BuildkitStep {
let context_name = "context";
let dockerfile_name = "dockerfile";
frontend_attrs.insert(
"context".to_string(),
format!("local://{context_name}"),
);
frontend_attrs.insert("context".to_string(), format!("local://{context_name}"));
frontend_attrs.insert(
format!("local-sessionid:{context_name}"),
session_id.clone(),
@@ -276,20 +268,18 @@ impl BuildkitStep {
// The x-docker-expose-session-uuid header tells buildkitd which
// session owns the local sources. The x-docker-expose-session-grpc-method
// header lists the gRPC methods the session implements.
if let Ok(key) =
"x-docker-expose-session-uuid"
.parse::<tonic::metadata::MetadataKey<tonic::metadata::Ascii>>()
&& let Ok(val) = session_id
.parse::<tonic::metadata::MetadataValue<tonic::metadata::Ascii>>()
if let Ok(key) = "x-docker-expose-session-uuid"
.parse::<tonic::metadata::MetadataKey<tonic::metadata::Ascii>>()
&& let Ok(val) =
session_id.parse::<tonic::metadata::MetadataValue<tonic::metadata::Ascii>>()
{
metadata.insert(key, val);
}
// Advertise the filesync method so the daemon knows it can request
// local file content from our session.
if let Ok(key) =
"x-docker-expose-session-grpc-method"
.parse::<tonic::metadata::MetadataKey<tonic::metadata::Ascii>>()
if let Ok(key) = "x-docker-expose-session-grpc-method"
.parse::<tonic::metadata::MetadataKey<tonic::metadata::Ascii>>()
{
if let Ok(val) = "/moby.filesync.v1.FileSync/DiffCopy"
.parse::<tonic::metadata::MetadataValue<tonic::metadata::Ascii>>()
@@ -598,7 +588,8 @@ mod tests {
#[test]
fn parse_digest_with_digest_prefix() {
let output = "digest: sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef\n";
let output =
"digest: sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef\n";
let digest = parse_digest(output);
assert_eq!(
digest,
@@ -630,8 +621,7 @@ mod tests {
#[test]
fn parse_digest_wrong_prefix() {
let output =
"sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789";
let output = "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789";
assert_eq!(parse_digest(output), None);
}
@@ -651,7 +641,10 @@ mod tests {
"#;
assert_eq!(
parse_digest(output),
Some("sha256:aabbccdd0011223344556677aabbccdd0011223344556677aabbccdd00112233".to_string())
Some(
"sha256:aabbccdd0011223344556677aabbccdd0011223344556677aabbccdd00112233"
.to_string()
)
);
}
@@ -659,9 +652,7 @@ mod tests {
fn parse_digest_first_match_wins() {
let hash1 = "a".repeat(64);
let hash2 = "b".repeat(64);
let output = format!(
"exporting manifest sha256:{hash1}\ndigest: sha256:{hash2}"
);
let output = format!("exporting manifest sha256:{hash1}\ndigest: sha256:{hash2}");
let digest = parse_digest(&output).unwrap();
assert_eq!(digest, format!("sha256:{hash1}"));
}
@@ -806,10 +797,7 @@ mod tests {
exporters[0].attrs.get("name"),
Some(&"myapp:latest,myapp:v1.0".to_string())
);
assert_eq!(
exporters[0].attrs.get("push"),
Some(&"true".to_string())
);
assert_eq!(exporters[0].attrs.get("push"), Some(&"true".to_string()));
}
#[test]

45
wfe-buildkit/tests/integration_test.rs
View File

@@ -9,17 +9,16 @@
use std::collections::HashMap;
use std::path::Path;
use wfe_buildkit::config::{BuildkitConfig, TlsConfig};
use wfe_buildkit::BuildkitStep;
use wfe_buildkit::config::{BuildkitConfig, TlsConfig};
use wfe_core::models::{ExecutionPointer, WorkflowInstance, WorkflowStep};
use wfe_core::traits::step::{StepBody, StepExecutionContext};
/// Get the BuildKit daemon address from the environment or use the default.
fn buildkit_addr() -> String {
std::env::var("WFE_BUILDKIT_ADDR").unwrap_or_else(|_| {
"unix:///Users/sienna/.lima/wfe-test/sock/buildkitd.sock".to_string()
})
std::env::var("WFE_BUILDKIT_ADDR")
.unwrap_or_else(|_| "unix:///Users/sienna/.lima/wfe-test/sock/buildkitd.sock".to_string())
}
/// Check whether the BuildKit daemon socket is reachable.
@@ -33,13 +32,7 @@ fn buildkitd_available() -> bool {
}
}
fn make_test_context(
step_name: &str,
) -> (
WorkflowStep,
ExecutionPointer,
WorkflowInstance,
) {
fn make_test_context(step_name: &str) -> (WorkflowStep, ExecutionPointer, WorkflowInstance) {
let mut step = WorkflowStep::new(0, "buildkit");
step.name = Some(step_name.to_string());
let pointer = ExecutionPointer::new(0);
@@ -50,21 +43,14 @@ fn make_test_context(
#[tokio::test]
async fn build_simple_dockerfile_via_grpc() {
if !buildkitd_available() {
eprintln!(
"SKIP: BuildKit daemon not available at {}",
buildkit_addr()
);
eprintln!("SKIP: BuildKit daemon not available at {}", buildkit_addr());
return;
}
// Create a temp directory with a trivial Dockerfile.
let tmp = tempfile::tempdir().unwrap();
let dockerfile = tmp.path().join("Dockerfile");
std::fs::write(
&dockerfile,
"FROM alpine:latest\nRUN echo built\n",
)
.unwrap();
std::fs::write(&dockerfile, "FROM alpine:latest\nRUN echo built\n").unwrap();
let config = BuildkitConfig {
dockerfile: "Dockerfile".to_string(),
@@ -87,6 +73,7 @@ async fn build_simple_dockerfile_via_grpc() {
let (ws, pointer, instance) = make_test_context("integration-build");
let cancel = tokio_util::sync::CancellationToken::new();
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -94,7 +81,7 @@ async fn build_simple_dockerfile_via_grpc() {
workflow: &instance,
cancellation_token: cancel,
host_context: None,
log_sink: None,
log_sink: None,
};
let result = step.run(&ctx).await.expect("build should succeed");
@@ -135,10 +122,7 @@ async fn build_simple_dockerfile_via_grpc() {
#[tokio::test]
async fn build_with_build_args() {
if !buildkitd_available() {
eprintln!(
"SKIP: BuildKit daemon not available at {}",
buildkit_addr()
);
eprintln!("SKIP: BuildKit daemon not available at {}", buildkit_addr());
return;
}
@@ -174,6 +158,7 @@ async fn build_with_build_args() {
let (ws, pointer, instance) = make_test_context("build-args-test");
let cancel = tokio_util::sync::CancellationToken::new();
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -181,10 +166,13 @@ async fn build_with_build_args() {
workflow: &instance,
cancellation_token: cancel,
host_context: None,
log_sink: None,
log_sink: None,
};
let result = step.run(&ctx).await.expect("build with args should succeed");
let result = step
.run(&ctx)
.await
.expect("build with args should succeed");
assert!(result.proceed);
let data = result.output_data.expect("should have output_data");
@@ -222,6 +210,7 @@ async fn connect_to_unavailable_daemon_returns_error() {
let (ws, pointer, instance) = make_test_context("error-test");
let cancel = tokio_util::sync::CancellationToken::new();
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -229,7 +218,7 @@ async fn connect_to_unavailable_daemon_returns_error() {
workflow: &instance,
cancellation_token: cancel,
host_context: None,
log_sink: None,
log_sink: None,
};
let err = step.run(&ctx).await;

2
wfe-containerd/Cargo.toml
View File

@@ -9,7 +9,7 @@ description = "containerd container runner executor for WFE"
[dependencies]
wfe-core = { workspace = true }
wfe-containerd-protos = { version = "1.8.1", path = "../wfe-containerd-protos", registry = "sunbeam" }
wfe-containerd-protos = { version = "1.9.0", path = "../wfe-containerd-protos", registry = "sunbeam" }
tokio = { workspace = true }
serde = { workspace = true }
serde_json = { workspace = true }

6
wfe-containerd/src/config.rs
View File

@@ -133,7 +133,11 @@ mod tests {
assert_eq!(deserialized.tls.ca, Some("/ca.pem".to_string()));
assert_eq!(deserialized.tls.cert, Some("/cert.pem".to_string()));
assert_eq!(deserialized.tls.key, Some("/key.pem".to_string()));
assert!(deserialized.registry_auth.contains_key("registry.example.com"));
assert!(
deserialized
.registry_auth
.contains_key("registry.example.com")
);
assert_eq!(deserialized.timeout_ms, Some(30000));
}

260
wfe-containerd/src/step.rs
View File

@@ -8,21 +8,20 @@ use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_containerd_protos::containerd::services::containers::v1::{
containers_client::ContainersClient, Container, CreateContainerRequest,
DeleteContainerRequest, container::Runtime,
Container, CreateContainerRequest, DeleteContainerRequest, container::Runtime,
containers_client::ContainersClient,
};
use wfe_containerd_protos::containerd::services::content::v1::{
content_client::ContentClient, ReadContentRequest,
ReadContentRequest, content_client::ContentClient,
};
use wfe_containerd_protos::containerd::services::images::v1::{
images_client::ImagesClient, GetImageRequest,
GetImageRequest, images_client::ImagesClient,
};
use wfe_containerd_protos::containerd::services::snapshots::v1::{
snapshots_client::SnapshotsClient, MountsRequest, PrepareSnapshotRequest,
MountsRequest, PrepareSnapshotRequest, snapshots_client::SnapshotsClient,
};
use wfe_containerd_protos::containerd::services::tasks::v1::{
tasks_client::TasksClient, CreateTaskRequest, DeleteTaskRequest, StartRequest,
WaitRequest,
CreateTaskRequest, DeleteTaskRequest, StartRequest, WaitRequest, tasks_client::TasksClient,
};
use wfe_containerd_protos::containerd::services::version::v1::version_client::VersionClient;
@@ -49,10 +48,7 @@ impl ContainerdStep {
/// TCP/HTTP endpoints.
pub(crate) async fn connect(addr: &str) -> Result<Channel, WfeError> {
let channel = if addr.starts_with('/') || addr.starts_with("unix://") {
let socket_path = addr
.strip_prefix("unix://")
.unwrap_or(addr)
.to_string();
let socket_path = addr.strip_prefix("unix://").unwrap_or(addr).to_string();
if !Path::new(&socket_path).exists() {
return Err(WfeError::StepExecution(format!(
@@ -61,9 +57,7 @@ impl ContainerdStep {
}
Endpoint::try_from("http://[::]:50051")
.map_err(|e| {
WfeError::StepExecution(format!("failed to create endpoint: {e}"))
})?
.map_err(|e| WfeError::StepExecution(format!("failed to create endpoint: {e}")))?
.connect_with_connector(tower::service_fn(move |_: Uri| {
let path = socket_path.clone();
async move {
@@ -112,20 +106,14 @@ impl ContainerdStep {
/// `ctr image pull` or `nerdctl pull`.
///
/// TODO: implement full image pull via TransferService or content ingest.
async fn ensure_image(
channel: &Channel,
image: &str,
namespace: &str,
) -> Result<(), WfeError> {
async fn ensure_image(channel: &Channel, image: &str, namespace: &str) -> Result<(), WfeError> {
let mut client = ImagesClient::new(channel.clone());
let mut req = tonic::Request::new(GetImageRequest {
name: image.to_string(),
});
req.metadata_mut().insert(
"containerd-namespace",
namespace.parse().unwrap(),
);
req.metadata_mut()
.insert("containerd-namespace", namespace.parse().unwrap());
match client.get(req).await {
Ok(_) => Ok(()),
@@ -151,20 +139,24 @@ impl ContainerdStep {
image: &str,
namespace: &str,
) -> Result<String, WfeError> {
use sha2::{Sha256, Digest};
use sha2::{Digest, Sha256};
// 1. Get the image record to find the manifest digest.
let mut images_client = ImagesClient::new(channel.clone());
let req = Self::with_namespace(
GetImageRequest { name: image.to_string() },
GetImageRequest {
name: image.to_string(),
},
namespace,
);
let image_resp = images_client.get(req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to get image '{image}': {e}"))
})?;
let img = image_resp.into_inner().image.ok_or_else(|| {
WfeError::StepExecution(format!("image '{image}' has no record"))
})?;
let image_resp = images_client
.get(req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to get image '{image}': {e}")))?;
let img = image_resp
.into_inner()
.image
.ok_or_else(|| WfeError::StepExecution(format!("image '{image}' has no record")))?;
let target = img.target.ok_or_else(|| {
WfeError::StepExecution(format!("image '{image}' has no target descriptor"))
})?;
@@ -188,22 +180,26 @@ impl ContainerdStep {
let manifests = manifest_json["manifests"].as_array().ok_or_else(|| {
WfeError::StepExecution("image index has no manifests array".to_string())
})?;
let platform_manifest = manifests.iter().find(|m| {
m.get("platform")
.and_then(|p| p.get("architecture"))
.and_then(|a| a.as_str())
== Some(oci_arch)
}).ok_or_else(|| {
WfeError::StepExecution(format!(
"no manifest for architecture '{oci_arch}' in image index"
))
})?;
let platform_manifest = manifests
.iter()
.find(|m| {
m.get("platform")
.and_then(|p| p.get("architecture"))
.and_then(|a| a.as_str())
== Some(oci_arch)
})
.ok_or_else(|| {
WfeError::StepExecution(format!(
"no manifest for architecture '{oci_arch}' in image index"
))
})?;
let digest = platform_manifest["digest"].as_str().ok_or_else(|| {
WfeError::StepExecution("platform manifest has no digest".to_string())
})?;
let bytes = Self::read_content(channel, digest, namespace).await?;
serde_json::from_slice(&bytes)
.map_err(|e| WfeError::StepExecution(format!("failed to parse platform manifest: {e}")))?
serde_json::from_slice(&bytes).map_err(|e| {
WfeError::StepExecution(format!("failed to parse platform manifest: {e}"))
})?
} else {
manifest_json
};
@@ -211,9 +207,7 @@ impl ContainerdStep {
// 3. Get the config digest from the manifest.
let config_digest = manifest_json["config"]["digest"]
.as_str()
.ok_or_else(|| {
WfeError::StepExecution("manifest has no config.digest".to_string())
})?;
.ok_or_else(|| WfeError::StepExecution("manifest has no config.digest".to_string()))?;
// 4. Read the image config.
let config_bytes = Self::read_content(channel, config_digest, namespace).await?;
@@ -239,9 +233,9 @@ impl ContainerdStep {
.to_string();
for diff_id in &diff_ids[1..] {
let diff = diff_id.as_str().ok_or_else(|| {
WfeError::StepExecution("diff_id is not a string".to_string())
})?;
let diff = diff_id
.as_str()
.ok_or_else(|| WfeError::StepExecution("diff_id is not a string".to_string()))?;
let mut hasher = Sha256::new();
hasher.update(format!("{chain_id} {diff}"));
chain_id = format!("sha256:{:x}", hasher.finalize());
@@ -269,9 +263,11 @@ impl ContainerdStep {
namespace,
);
let mut stream = client.read(req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to read content {digest}: {e}"))
})?.into_inner();
let mut stream = client
.read(req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to read content {digest}: {e}")))?
.into_inner();
let mut data = Vec::new();
while let Some(chunk) = stream.next().await {
@@ -288,10 +284,7 @@ impl ContainerdStep {
///
/// The spec is serialized as JSON and wrapped in a protobuf Any with
/// the containerd OCI spec type URL.
pub(crate) fn build_oci_spec(
&self,
merged_env: &HashMap<String, String>,
) -> prost_types::Any {
pub(crate) fn build_oci_spec(&self, merged_env: &HashMap<String, String>) -> prost_types::Any {
// Build the args array for the process.
let args: Vec<String> = if let Some(ref run) = self.config.run {
vec!["/bin/sh".to_string(), "-c".to_string(), run.clone()]
@@ -302,10 +295,7 @@ impl ContainerdStep {
};
// Build env in KEY=VALUE form.
let env: Vec<String> = merged_env
.iter()
.map(|(k, v)| format!("{k}={v}"))
.collect();
let env: Vec<String> = merged_env.iter().map(|(k, v)| format!("{k}={v}")).collect();
// Build mounts.
let mut mounts = vec![
@@ -360,10 +350,20 @@ impl ContainerdStep {
// capability set so tools like apt-get work. Non-root gets nothing.
let caps = if uid == 0 {
serde_json::json!([
"CAP_AUDIT_WRITE", "CAP_CHOWN", "CAP_DAC_OVERRIDE",
"CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_MKNOD",
"CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP",
"CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT",
"CAP_AUDIT_WRITE",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_MKNOD",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT",
])
} else {
serde_json::json!([])
@@ -405,10 +405,9 @@ impl ContainerdStep {
/// Inject a `containerd-namespace` header into a tonic request.
pub(crate) fn with_namespace<T>(req: T, namespace: &str) -> tonic::Request<T> {
let mut request = tonic::Request::new(req);
request.metadata_mut().insert(
"containerd-namespace",
namespace.parse().unwrap(),
);
request
.metadata_mut()
.insert("containerd-namespace", namespace.parse().unwrap());
request
}
@@ -492,8 +491,7 @@ impl ContainerdStep {
match snapshots_client.mounts(mounts_req).await {
Ok(resp) => resp.into_inner().mounts,
Err(_) => {
let parent =
Self::resolve_image_chain_id(&channel, image, namespace).await?;
let parent = Self::resolve_image_chain_id(&channel, image, namespace).await?;
let prepare_req = Self::with_namespace(
PrepareSnapshotRequest {
snapshotter: DEFAULT_SNAPSHOTTER.to_string(),
@@ -531,9 +529,10 @@ impl ContainerdStep {
},
namespace,
);
tasks_client.create(create_task_req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to create service task: {e}"))
})?;
tasks_client
.create(create_task_req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to create service task: {e}")))?;
let start_req = Self::with_namespace(
StartRequest {
@@ -542,9 +541,10 @@ impl ContainerdStep {
},
namespace,
);
tasks_client.start(start_req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to start service task: {e}"))
})?;
tasks_client
.start(start_req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to start service task: {e}")))?;
tracing::info!(container_id = %container_id, image = %image, "service container started");
Ok(())
@@ -701,9 +701,10 @@ impl StepBody for ContainerdStep {
namespace,
);
containers_client.create(create_req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to create container: {e}"))
})?;
containers_client
.create(create_req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to create container: {e}")))?;
// 6. Prepare snapshot with the image's layers as parent.
let mut snapshots_client = SnapshotsClient::new(channel.clone());
@@ -723,7 +724,8 @@ impl StepBody for ContainerdStep {
Err(_) => {
// Resolve the image's chain ID to use as snapshot parent.
let parent = if should_check {
Self::resolve_image_chain_id(&channel, &self.config.image, namespace).await?
Self::resolve_image_chain_id(&channel, &self.config.image, namespace)
.await?
} else {
String::new()
};
@@ -741,9 +743,7 @@ impl StepBody for ContainerdStep {
.prepare(prepare_req)
.await
.map_err(|e| {
WfeError::StepExecution(format!(
"failed to prepare snapshot: {e}"
))
WfeError::StepExecution(format!("failed to prepare snapshot: {e}"))
})?
.into_inner()
.mounts
@@ -758,9 +758,8 @@ impl StepBody for ContainerdStep {
.map(std::path::PathBuf::from)
.unwrap_or_else(|_| std::env::temp_dir());
let tmp_dir = io_base.join(format!("wfe-io-{container_id}"));
std::fs::create_dir_all(&tmp_dir).map_err(|e| {
WfeError::StepExecution(format!("failed to create IO temp dir: {e}"))
})?;
std::fs::create_dir_all(&tmp_dir)
.map_err(|e| WfeError::StepExecution(format!("failed to create IO temp dir: {e}")))?;
let stdout_path = tmp_dir.join("stdout");
let stderr_path = tmp_dir.join("stderr");
@@ -802,9 +801,10 @@ impl StepBody for ContainerdStep {
namespace,
);
tasks_client.create(create_task_req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to create task: {e}"))
})?;
tasks_client
.create(create_task_req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to create task: {e}")))?;
// Start the task.
let start_req = Self::with_namespace(
@@ -815,9 +815,10 @@ impl StepBody for ContainerdStep {
namespace,
);
tasks_client.start(start_req).await.map_err(|e| {
WfeError::StepExecution(format!("failed to start task: {e}"))
})?;
tasks_client
.start(start_req)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to start task: {e}")))?;
tracing::info!(container_id = %container_id, "task started");
@@ -836,12 +837,7 @@ impl StepBody for ContainerdStep {
Ok(result) => result,
Err(_) => {
// Attempt cleanup before returning timeout error.
let _ = Self::cleanup(
&channel,
&container_id,
namespace,
)
.await;
let _ = Self::cleanup(&channel, &container_id, namespace).await;
let _ = std::fs::remove_dir_all(&tmp_dir);
return Err(WfeError::StepExecution(format!(
"container execution timed out after {timeout_ms}ms"
@@ -887,8 +883,13 @@ impl StepBody for ContainerdStep {
// 13. Parse outputs and build result.
let parsed = Self::parse_outputs(&stdout_content);
let output_data =
Self::build_output_data(step_name, &stdout_content, &stderr_content, exit_code, &parsed);
let output_data = Self::build_output_data(
step_name,
&stdout_content,
&stderr_content,
exit_code,
&parsed,
);
Ok(ExecutionResult {
proceed: true,
@@ -927,9 +928,7 @@ impl ContainerdStep {
containers_client
.delete(del_container_req)
.await
.map_err(|e| {
WfeError::StepExecution(format!("failed to delete container: {e}"))
})?;
.map_err(|e| WfeError::StepExecution(format!("failed to delete container: {e}")))?;
Ok(())
}
@@ -1013,10 +1012,7 @@ mod tests {
let stdout = "##wfe[output url=https://example.com?a=1&b=2]\n";
let outputs = ContainerdStep::parse_outputs(stdout);
assert_eq!(outputs.len(), 1);
assert_eq!(
outputs.get("url").unwrap(),
"https://example.com?a=1&b=2"
);
assert_eq!(outputs.get("url").unwrap(), "https://example.com?a=1&b=2");
}
#[test]
@@ -1043,13 +1039,7 @@ mod tests {
#[test]
fn build_output_data_basic() {
let parsed = HashMap::from([("result".to_string(), "success".to_string())]);
let data = ContainerdStep::build_output_data(
"my_step",
"hello world\n",
"",
0,
&parsed,
);
let data = ContainerdStep::build_output_data("my_step", "hello world\n", "", 0, &parsed);
let obj = data.as_object().unwrap();
assert_eq!(obj.get("result").unwrap(), "success");
@@ -1060,13 +1050,7 @@ mod tests {
#[test]
fn build_output_data_no_parsed_outputs() {
let data = ContainerdStep::build_output_data(
"step1",
"out",
"err",
1,
&HashMap::new(),
);
let data = ContainerdStep::build_output_data("step1", "out", "err", 1, &HashMap::new());
let obj = data.as_object().unwrap();
assert_eq!(obj.len(), 3); // stdout, stderr, exit_code
@@ -1150,7 +1134,11 @@ mod tests {
fn build_oci_spec_with_command() {
let mut config = minimal_config();
config.run = None;
config.command = Some(vec!["echo".to_string(), "hello".to_string(), "world".to_string()]);
config.command = Some(vec![
"echo".to_string(),
"hello".to_string(),
"world".to_string(),
]);
let step = ContainerdStep::new(config);
let spec = step.build_oci_spec(&HashMap::new());
@@ -1227,10 +1215,8 @@ mod tests {
// 3 default + 2 user = 5
assert_eq!(mounts.len(), 5);
let bind_mounts: Vec<&serde_json::Value> = mounts
.iter()
.filter(|m| m["type"] == "bind")
.collect();
let bind_mounts: Vec<&serde_json::Value> =
mounts.iter().filter(|m| m["type"] == "bind").collect();
assert_eq!(bind_mounts.len(), 2);
let ro_mount = bind_mounts
@@ -1274,10 +1260,9 @@ mod tests {
#[tokio::test]
async fn connect_to_missing_unix_socket_with_scheme_returns_error() {
let err =
ContainerdStep::connect("unix:///tmp/nonexistent-wfe-containerd-test.sock")
.await
.unwrap_err();
let err = ContainerdStep::connect("unix:///tmp/nonexistent-wfe-containerd-test.sock")
.await
.unwrap_err();
let msg = format!("{err}");
assert!(
msg.contains("socket not found"),
@@ -1304,9 +1289,11 @@ mod tests {
let config = minimal_config();
let step = ContainerdStep::new(config);
assert_eq!(step.config.image, "alpine:3.18");
assert_eq!(step.config.containerd_addr, "/run/containerd/containerd.sock");
assert_eq!(
step.config.containerd_addr,
"/run/containerd/containerd.sock"
);
}
}
/// Integration tests that require a live containerd daemon.
@@ -1323,9 +1310,7 @@ mod e2e_tests {
)
});
let socket_path = addr
.strip_prefix("unix://")
.unwrap_or(addr.as_str());
let socket_path = addr.strip_prefix("unix://").unwrap_or(addr.as_str());
if Path::new(socket_path).exists() {
Some(addr)
@@ -1350,6 +1335,9 @@ mod e2e_tests {
assert!(!version.version.is_empty(), "version should not be empty");
assert!(!version.revision.is_empty(), "revision should not be empty");
eprintln!("containerd version={} revision={}", version.version, version.revision);
eprintln!(
"containerd version={} revision={}",
version.version, version.revision
);
}
}

19
wfe-containerd/tests/integration.rs
View File

@@ -10,8 +10,8 @@
use std::collections::HashMap;
use std::path::Path;
use wfe_containerd::config::{ContainerdConfig, TlsConfig};
use wfe_containerd::ContainerdStep;
use wfe_containerd::config::{ContainerdConfig, TlsConfig};
use wfe_core::models::{ExecutionPointer, WorkflowInstance, WorkflowStep};
use wfe_core::traits::step::{StepBody, StepExecutionContext};
@@ -68,6 +68,7 @@ fn make_context<'a>(
pointer: &'a ExecutionPointer,
) -> StepExecutionContext<'a> {
StepExecutionContext {
definition: None,
item: None,
execution_pointer: pointer,
persistence_data: None,
@@ -75,7 +76,7 @@ fn make_context<'a>(
workflow,
cancellation_token: tokio_util::sync::CancellationToken::new(),
host_context: None,
log_sink: None,
log_sink: None,
}
}
@@ -204,8 +205,7 @@ async fn run_container_with_volume_mount() {
return;
};
let shared_dir = std::env::var("WFE_IO_DIR")
.unwrap_or_else(|_| "/tmp/wfe-io".to_string());
let shared_dir = std::env::var("WFE_IO_DIR").unwrap_or_else(|_| "/tmp/wfe-io".to_string());
let vol_dir = format!("{shared_dir}/test-vol");
std::fs::create_dir_all(&vol_dir).unwrap();
@@ -249,8 +249,7 @@ async fn run_debian_with_volume_and_network() {
return;
};
let shared_dir = std::env::var("WFE_IO_DIR")
.unwrap_or_else(|_| "/tmp/wfe-io".to_string());
let shared_dir = std::env::var("WFE_IO_DIR").unwrap_or_else(|_| "/tmp/wfe-io".to_string());
let cargo_dir = format!("{shared_dir}/test-cargo");
let rustup_dir = format!("{shared_dir}/test-rustup");
std::fs::create_dir_all(&cargo_dir).unwrap();
@@ -263,8 +262,12 @@ async fn run_debian_with_volume_and_network() {
config.user = "0:0".to_string();
config.network = "host".to_string();
config.timeout_ms = Some(30_000);
config.env.insert("CARGO_HOME".to_string(), "/cargo".to_string());
config.env.insert("RUSTUP_HOME".to_string(), "/rustup".to_string());
config
.env
.insert("CARGO_HOME".to_string(), "/cargo".to_string());
config
.env
.insert("RUSTUP_HOME".to_string(), "/rustup".to_string());
config.volumes = vec![
wfe_containerd::VolumeMountConfig {
source: cargo_dir.clone(),

43
wfe-core/src/builder/step_builder.rs
View File

@@ -67,7 +67,10 @@ impl<D: WorkflowData> StepBuilder<D> {
}
/// Chain an inline function step.
pub fn then_fn(mut self, f: impl Fn() -> ExecutionResult + Send + Sync + 'static) -> StepBuilder<D> {
pub fn then_fn(
mut self,
f: impl Fn() -> ExecutionResult + Send + Sync + 'static,
) -> StepBuilder<D> {
let next_id = self.builder.add_step(std::any::type_name::<InlineStep>());
self.builder.wire_outcome(self.step_id, next_id, None);
self.builder.last_step = Some(next_id);
@@ -77,7 +80,9 @@ impl<D: WorkflowData> StepBuilder<D> {
/// Insert a WaitFor step.
pub fn wait_for(mut self, event_name: &str, event_key: &str) -> StepBuilder<D> {
let next_id = self.builder.add_step(std::any::type_name::<primitives::wait_for::WaitForStep>());
let next_id = self
.builder
.add_step(std::any::type_name::<primitives::wait_for::WaitForStep>());
self.builder.wire_outcome(self.step_id, next_id, None);
self.builder.last_step = Some(next_id);
self.builder.steps[next_id].step_config = Some(serde_json::json!({
@@ -89,7 +94,9 @@ impl<D: WorkflowData> StepBuilder<D> {
/// Insert a Delay step.
pub fn delay(mut self, duration: std::time::Duration) -> StepBuilder<D> {
let next_id = self.builder.add_step(std::any::type_name::<primitives::delay::DelayStep>());
let next_id = self
.builder
.add_step(std::any::type_name::<primitives::delay::DelayStep>());
self.builder.wire_outcome(self.step_id, next_id, None);
self.builder.last_step = Some(next_id);
self.builder.steps[next_id].step_config = Some(serde_json::json!({
@@ -104,7 +111,9 @@ impl<D: WorkflowData> StepBuilder<D> {
mut self,
build_children: impl FnOnce(&mut WorkflowBuilder<D>),
) -> StepBuilder<D> {
let if_id = self.builder.add_step(std::any::type_name::<primitives::if_step::IfStep>());
let if_id = self
.builder
.add_step(std::any::type_name::<primitives::if_step::IfStep>());
self.builder.wire_outcome(self.step_id, if_id, None);
// Build children
@@ -126,7 +135,9 @@ impl<D: WorkflowData> StepBuilder<D> {
mut self,
build_children: impl FnOnce(&mut WorkflowBuilder<D>),
) -> StepBuilder<D> {
let while_id = self.builder.add_step(std::any::type_name::<primitives::while_step::WhileStep>());
let while_id = self
.builder
.add_step(std::any::type_name::<primitives::while_step::WhileStep>());
self.builder.wire_outcome(self.step_id, while_id, None);
let before_count = self.builder.steps.len();
@@ -146,7 +157,9 @@ impl<D: WorkflowData> StepBuilder<D> {
mut self,
build_children: impl FnOnce(&mut WorkflowBuilder<D>),
) -> StepBuilder<D> {
let fe_id = self.builder.add_step(std::any::type_name::<primitives::foreach_step::ForEachStep>());
let fe_id = self
.builder
.add_step(std::any::type_name::<primitives::foreach_step::ForEachStep>());
self.builder.wire_outcome(self.step_id, fe_id, None);
let before_count = self.builder.steps.len();
@@ -162,11 +175,10 @@ impl<D: WorkflowData> StepBuilder<D> {
}
/// Insert a Saga container step with child steps.
pub fn saga(
mut self,
build_children: impl FnOnce(&mut WorkflowBuilder<D>),
) -> StepBuilder<D> {
let saga_id = self.builder.add_step(std::any::type_name::<primitives::saga_container::SagaContainerStep>());
pub fn saga(mut self, build_children: impl FnOnce(&mut WorkflowBuilder<D>)) -> StepBuilder<D> {
let saga_id = self.builder.add_step(std::any::type_name::<
primitives::saga_container::SagaContainerStep,
>());
self.builder.steps[saga_id].saga = true;
self.builder.wire_outcome(self.step_id, saga_id, None);
@@ -187,7 +199,9 @@ impl<D: WorkflowData> StepBuilder<D> {
mut self,
build_branches: impl FnOnce(ParallelBuilder<D>) -> ParallelBuilder<D>,
) -> StepBuilder<D> {
let seq_id = self.builder.add_step(std::any::type_name::<primitives::sequence::SequenceStep>());
let seq_id = self
.builder
.add_step(std::any::type_name::<primitives::sequence::SequenceStep>());
self.builder.wire_outcome(self.step_id, seq_id, None);
let pb = ParallelBuilder {
@@ -213,10 +227,7 @@ impl<D: WorkflowData> StepBuilder<D> {
impl<D: WorkflowData> ParallelBuilder<D> {
/// Add a parallel branch.
pub fn branch(
mut self,
build_branch: impl FnOnce(&mut WorkflowBuilder<D>),
) -> Self {
pub fn branch(mut self, build_branch: impl FnOnce(&mut WorkflowBuilder<D>)) -> Self {
let before_count = self.builder.steps.len();
build_branch(&mut self.builder);
let after_count = self.builder.steps.len();

11
wfe-core/src/builder/workflow_builder.rs
View File

@@ -1,9 +1,7 @@
use std::collections::HashMap;
use std::marker::PhantomData;
use crate::models::{
ExecutionResult, StepOutcome, WorkflowDefinition, WorkflowStep,
};
use crate::models::{ExecutionResult, StepOutcome, WorkflowDefinition, WorkflowStep};
use crate::traits::step::{StepBody, WorkflowData};
use super::inline_step::InlineStep;
@@ -77,7 +75,12 @@ impl<D: WorkflowData> WorkflowBuilder<D> {
}
/// Wire an outcome from `from_step` to `to_step`.
pub fn wire_outcome(&mut self, from_step: usize, to_step: usize, value: Option<serde_json::Value>) {
pub fn wire_outcome(
&mut self,
from_step: usize,
to_step: usize,
value: Option<serde_json::Value>,
) {
if let Some(step) = self.steps.get_mut(from_step) {
step.outcomes.push(StepOutcome {
next_step: to_step,

33
wfe-core/src/executor/condition.rs
View File

@@ -1,5 +1,5 @@
use crate::models::condition::{ComparisonOp, FieldComparison, StepCondition};
use crate::WfeError;
use crate::models::condition::{ComparisonOp, FieldComparison, StepCondition};
/// Evaluate a step condition against workflow data.
///
@@ -29,10 +29,7 @@ impl From<WfeError> for EvalError {
}
}
fn evaluate_inner(
condition: &StepCondition,
data: &serde_json::Value,
) -> Result<bool, EvalError> {
fn evaluate_inner(condition: &StepCondition, data: &serde_json::Value) -> Result<bool, EvalError> {
match condition {
StepCondition::All(conditions) => {
for c in conditions {
@@ -582,22 +579,14 @@ mod tests {
#[test]
fn not_true_becomes_false() {
let data = json!({"a": 1});
let cond = StepCondition::Not(Box::new(comp(
".a",
ComparisonOp::Equals,
Some(json!(1)),
)));
let cond = StepCondition::Not(Box::new(comp(".a", ComparisonOp::Equals, Some(json!(1)))));
assert!(!evaluate(&cond, &data).unwrap());
}
#[test]
fn not_false_becomes_true() {
let data = json!({"a": 99});
let cond = StepCondition::Not(Box::new(comp(
".a",
ComparisonOp::Equals,
Some(json!(1)),
)));
let cond = StepCondition::Not(Box::new(comp(".a", ComparisonOp::Equals, Some(json!(1)))));
assert!(evaluate(&cond, &data).unwrap());
}
@@ -639,11 +628,7 @@ mod tests {
comp(".a", ComparisonOp::Equals, Some(json!(1))),
comp(".a", ComparisonOp::Equals, Some(json!(99))),
]),
StepCondition::Not(Box::new(comp(
".c",
ComparisonOp::Equals,
Some(json!(99)),
))),
StepCondition::Not(Box::new(comp(".c", ComparisonOp::Equals, Some(json!(99))))),
]);
assert!(evaluate(&cond, &data).unwrap());
}
@@ -742,7 +727,13 @@ mod tests {
let data = json!({"score": 3.14});
assert!(evaluate(&comp(".score", ComparisonOp::Gt, Some(json!(3.0))), &data).unwrap());
assert!(evaluate(&comp(".score", ComparisonOp::Lt, Some(json!(4.0))), &data).unwrap());
assert!(!evaluate(&comp(".score", ComparisonOp::Equals, Some(json!(3.0))), &data).unwrap());
assert!(
!evaluate(
&comp(".score", ComparisonOp::Equals, Some(json!(3.0))),
&data
)
.unwrap()
);
}
#[test]

14
wfe-core/src/executor/error_handler.rs
View File

@@ -29,7 +29,10 @@ pub fn handle_error(
.unwrap_or_else(|| definition.default_error_behavior.clone());
match behavior {
ErrorBehavior::Retry { interval, max_retries } => {
ErrorBehavior::Retry {
interval,
max_retries,
} => {
if max_retries > 0 && pointer.retry_count >= max_retries {
// Exceeded max retries, suspend the workflow
pointer.status = PointerStatus::Failed;
@@ -44,9 +47,8 @@ pub fn handle_error(
pointer.retry_count += 1;
pointer.status = PointerStatus::Sleeping;
pointer.active = true;
pointer.sleep_until = Some(
Utc::now() + chrono::Duration::milliseconds(interval.as_millis() as i64),
);
pointer.sleep_until =
Some(Utc::now() + chrono::Duration::milliseconds(interval.as_millis() as i64));
}
}
ErrorBehavior::Suspend => {
@@ -67,7 +69,9 @@ pub fn handle_error(
&& let Some(comp_step_id) = step.compensation_step_id
{
let mut comp_pointer = ExecutionPointer::new(comp_step_id);
comp_pointer.step_name = definition.steps.iter()
comp_pointer.step_name = definition
.steps
.iter()
.find(|s| s.id == comp_step_id)
.and_then(|s| s.name.clone());
comp_pointer.predecessor_id = Some(pointer.id.clone());

15
wfe-core/src/executor/result_processor.rs
View File

@@ -36,7 +36,9 @@ pub fn process_result(
let next_step_id = find_next_step(step, &result.outcome_value);
if let Some(next_id) = next_step_id {
let mut next_pointer = ExecutionPointer::new(next_id);
next_pointer.step_name = definition.steps.iter()
next_pointer.step_name = definition
.steps
.iter()
.find(|s| s.id == next_id)
.and_then(|s| s.name.clone());
next_pointer.predecessor_id = Some(pointer.id.clone());
@@ -62,7 +64,9 @@ pub fn process_result(
for value in branch_values {
for &child_step_id in &child_step_ids {
let mut child_pointer = ExecutionPointer::new(child_step_id);
child_pointer.step_name = definition.steps.iter()
child_pointer.step_name = definition
.steps
.iter()
.find(|s| s.id == child_step_id)
.and_then(|s| s.name.clone());
child_pointer.context_item = Some(value.clone());
@@ -79,9 +83,7 @@ pub fn process_result(
pointer.event_name = result.event_name.clone();
pointer.event_key = result.event_key.clone();
if let (Some(event_name), Some(event_key)) =
(&result.event_name, &result.event_key)
{
if let (Some(event_name), Some(event_key)) = (&result.event_name, &result.event_key) {
let as_of = result.event_as_of.unwrap_or_else(Utc::now);
let sub = EventSubscription::new(
workflow_id,
@@ -107,8 +109,7 @@ pub fn process_result(
pointer.status = PointerStatus::Sleeping;
pointer.active = true;
pointer.sleep_until = Some(
Utc::now()
+ chrono::Duration::milliseconds(poll_config.interval.as_millis() as i64),
Utc::now() + chrono::Duration::milliseconds(poll_config.interval.as_millis() as i64),
);
pointer.persistence_data = result.persistence_data.clone();
} else if result.persistence_data.is_some() {

3
wfe-core/src/executor/step_registry.rs
View File

@@ -17,7 +17,8 @@ impl StepRegistry {
/// Register a step type using its full type name as the key.
pub fn register<S: StepBody + Default + 'static>(&mut self) {
let key = std::any::type_name::<S>().to_string();
self.factories.insert(key, Box::new(|| Box::new(S::default())));
self.factories
.insert(key, Box::new(|| Box::new(S::default())));
}
/// Register a step factory with an explicit key and factory function.

473
wfe-core/src/executor/workflow_executor.rs
View File

@@ -119,12 +119,12 @@ impl WorkflowExecutor {
host_context: Option<&dyn crate::traits::HostContext>,
) -> Result<()> {
// 2. Load workflow instance.
let mut workflow = self
.persistence
.get_workflow_instance(workflow_id)
.await?;
let mut workflow = self.persistence.get_workflow_instance(workflow_id).await?;
tracing::Span::current().record("workflow.definition_id", workflow.workflow_definition_id.as_str());
tracing::Span::current().record(
"workflow.definition_id",
workflow.workflow_definition_id.as_str(),
);
if workflow.status != WorkflowStatus::Runnable {
debug!(workflow_id, status = ?workflow.status, "Workflow not runnable, skipping");
@@ -179,15 +179,15 @@ impl WorkflowExecutor {
// Activate next step via outcomes (same as Complete).
let next_step_id = step.outcomes.first().map(|o| o.next_step);
if let Some(next_id) = next_step_id {
let mut next_pointer =
crate::models::ExecutionPointer::new(next_id);
next_pointer.step_name = definition.steps.iter()
let mut next_pointer = crate::models::ExecutionPointer::new(next_id);
next_pointer.step_name = definition
.steps
.iter()
.find(|s| s.id == next_id)
.and_then(|s| s.name.clone());
next_pointer.predecessor_id =
Some(workflow.execution_pointers[idx].id.clone());
next_pointer.scope =
workflow.execution_pointers[idx].scope.clone();
next_pointer.scope = workflow.execution_pointers[idx].scope.clone();
workflow.execution_pointers.push(next_pointer);
}
@@ -208,12 +208,12 @@ impl WorkflowExecutor {
);
// b. Resolve the step body.
let mut step_body = step_registry
.resolve(&step.step_type)
.ok_or_else(|| WfeError::StepExecution(format!(
let mut step_body = step_registry.resolve(&step.step_type).ok_or_else(|| {
WfeError::StepExecution(format!(
"Step type not found in registry: {}",
step.step_type
)))?;
))
})?;
// Mark pointer as running before building context.
if workflow.execution_pointers[idx].start_time.is_none() {
@@ -229,7 +229,8 @@ impl WorkflowExecutor {
step_id,
step_name: step.name.clone(),
},
)).await;
))
.await;
// c. Build StepExecutionContext (borrows workflow immutably).
let cancellation_token = tokio_util::sync::CancellationToken::new();
@@ -239,6 +240,7 @@ impl WorkflowExecutor {
persistence_data: workflow.execution_pointers[idx].persistence_data.as_ref(),
step,
workflow: &workflow,
definition: Some(definition),
cancellation_token,
host_context,
log_sink: self.log_sink.as_deref(),
@@ -277,19 +279,15 @@ impl WorkflowExecutor {
step_id,
step_name: step.name.clone(),
},
)).await;
))
.await;
// e. Process the ExecutionResult.
// Extract workflow_id before mutable borrow.
let wf_id = workflow.id.clone();
let process_result = {
let pointer = &mut workflow.execution_pointers[idx];
result_processor::process_result(
&result,
pointer,
definition,
&wf_id,
)
result_processor::process_result(&result, pointer, definition, &wf_id)
};
all_subscriptions.extend(process_result.subscriptions);
@@ -320,7 +318,8 @@ impl WorkflowExecutor {
crate::models::LifecycleEventType::Error {
message: error_msg.clone(),
},
)).await;
))
.await;
let pointer_id = workflow.execution_pointers[idx].id.clone();
execution_errors.push(ExecutionError::new(
@@ -331,11 +330,7 @@ impl WorkflowExecutor {
let handler_result = {
let pointer = &mut workflow.execution_pointers[idx];
error_handler::handle_error(
&error_msg,
pointer,
definition,
)
error_handler::handle_error(&error_msg, pointer, definition)
};
// Apply workflow-level status changes from error handler.
@@ -348,7 +343,8 @@ impl WorkflowExecutor {
&workflow.workflow_definition_id,
workflow.version,
crate::models::LifecycleEventType::Terminated,
)).await;
))
.await;
}
}
@@ -382,7 +378,8 @@ impl WorkflowExecutor {
&workflow.workflow_definition_id,
workflow.version,
crate::models::LifecycleEventType::Completed,
)).await;
))
.await;
// Publish completion event for SubWorkflow parents.
let completion_event = Event::new(
@@ -427,9 +424,7 @@ impl WorkflowExecutor {
// Persist errors.
if !execution_errors.is_empty() {
self.persistence
.persist_errors(&execution_errors)
.await?;
self.persistence.persist_errors(&execution_errors).await?;
}
// 8. Queue any follow-up work.
@@ -512,10 +507,7 @@ mod tests {
#[async_trait]
impl StepBody for PassStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::next())
}
}
@@ -525,10 +517,7 @@ mod tests {
#[async_trait]
impl StepBody for OutcomeStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::outcome(serde_json::json!("yes")))
}
}
@@ -538,10 +527,7 @@ mod tests {
#[async_trait]
impl StepBody for PersistStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::persist(serde_json::json!({"count": 1})))
}
}
@@ -551,10 +537,7 @@ mod tests {
#[async_trait]
impl StepBody for SleepStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::sleep(Duration::from_secs(30), None))
}
}
@@ -564,10 +547,7 @@ mod tests {
#[async_trait]
impl StepBody for WaitEventStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::wait_for_event(
"order.completed",
"order-123",
@@ -581,10 +561,7 @@ mod tests {
#[async_trait]
impl StepBody for EventResumeStep {
async fn run(
&mut self,
ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
if ctx.execution_pointer.event_published {
Ok(ExecutionResult::next())
} else {
@@ -602,10 +579,7 @@ mod tests {
#[async_trait]
impl StepBody for BranchStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::branch(
vec![
serde_json::json!(1),
@@ -622,10 +596,7 @@ mod tests {
#[async_trait]
impl StepBody for FailStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Err(WfeError::StepExecution("step failed".into()))
}
}
@@ -635,10 +606,7 @@ mod tests {
#[async_trait]
impl StepBody for CompensateStep {
async fn run(
&mut self,
_ctx: &StepExecutionContext<'_>,
) -> crate::Result<ExecutionResult> {
async fn run(&mut self, _ctx: &StepExecutionContext<'_>) -> crate::Result<ExecutionResult> {
Ok(ExecutionResult::next())
}
}
@@ -680,7 +648,8 @@ mod tests {
registry.register::<PassStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
let pointer = ExecutionPointer::new(0);
@@ -688,11 +657,20 @@ mod tests {
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Complete);
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Complete);
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Complete
);
assert!(updated.complete_time.is_some());
}
@@ -712,27 +690,46 @@ mod tests {
value: None,
});
def.steps.push(step0);
def.steps.push(WorkflowStep::new(1, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(1, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
// First execution: step 0 completes, step 1 pointer created.
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.execution_pointers.len(), 2);
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Complete);
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Complete
);
// Step 1 pointer should be active and pending.
assert_eq!(updated.execution_pointers[1].step_id, 1);
// Second execution: step 1 completes.
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Complete);
assert_eq!(updated.execution_pointers[1].status, PointerStatus::Complete);
assert_eq!(
updated.execution_pointers[1].status,
PointerStatus::Complete
);
}
#[tokio::test]
@@ -745,9 +742,17 @@ mod tests {
let mut def = WorkflowDefinition::new("test", 1);
let mut s0 = WorkflowStep::new(0, step_type::<PassStep>());
s0.outcomes.push(StepOutcome { next_step: 1, label: None, value: None });
s0.outcomes.push(StepOutcome {
next_step: 1,
label: None,
value: None,
});
let mut s1 = WorkflowStep::new(1, step_type::<PassStep>());
s1.outcomes.push(StepOutcome { next_step: 2, label: None, value: None });
s1.outcomes.push(StepOutcome {
next_step: 2,
label: None,
value: None,
});
let s2 = WorkflowStep::new(2, step_type::<PassStep>());
def.steps.push(s0);
def.steps.push(s1);
@@ -759,10 +764,16 @@ mod tests {
// Execute three times for three steps.
for _ in 0..3 {
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
}
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Complete);
assert_eq!(updated.execution_pointers.len(), 3);
for p in &updated.execution_pointers {
@@ -792,16 +803,24 @@ mod tests {
value: Some(serde_json::json!("yes")),
});
def.steps.push(s0);
def.steps.push(WorkflowStep::new(1, step_type::<PassStep>()));
def.steps.push(WorkflowStep::new(2, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(1, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(2, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.execution_pointers.len(), 2);
// Should route to step 2 (the "yes" branch).
assert_eq!(updated.execution_pointers[1].step_id, 2);
@@ -816,15 +835,22 @@ mod tests {
registry.register::<PersistStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<PersistStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<PersistStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Runnable);
assert!(updated.execution_pointers[0].active);
assert_eq!(
@@ -842,16 +868,26 @@ mod tests {
registry.register::<SleepStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<SleepStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<SleepStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Sleeping);
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Sleeping
);
assert!(updated.execution_pointers[0].sleep_until.is_some());
assert!(updated.execution_pointers[0].active);
}
@@ -865,15 +901,22 @@ mod tests {
registry.register::<WaitEventStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<WaitEventStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<WaitEventStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::WaitingForEvent
@@ -899,7 +942,8 @@ mod tests {
registry.register::<EventResumeStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<EventResumeStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<EventResumeStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
let mut pointer = ExecutionPointer::new(0);
@@ -911,10 +955,19 @@ mod tests {
instance.execution_pointers.push(pointer);
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Complete);
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Complete
);
assert_eq!(updated.status, WorkflowStatus::Complete);
}
@@ -931,15 +984,22 @@ mod tests {
let mut s0 = WorkflowStep::new(0, step_type::<BranchStep>());
s0.children.push(1);
def.steps.push(s0);
def.steps.push(WorkflowStep::new(1, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(1, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
// 1 original + 3 children.
assert_eq!(updated.execution_pointers.len(), 4);
// Children should have scope containing the parent pointer id.
@@ -973,11 +1033,20 @@ mod tests {
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.execution_pointers[0].retry_count, 1);
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Sleeping);
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Sleeping
);
assert!(updated.execution_pointers[0].sleep_until.is_some());
assert_eq!(updated.status, WorkflowStatus::Runnable);
}
@@ -999,9 +1068,15 @@ mod tests {
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Suspended);
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Failed);
}
@@ -1023,9 +1098,15 @@ mod tests {
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Terminated);
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Failed);
assert!(updated.complete_time.is_some());
@@ -1045,15 +1126,22 @@ mod tests {
s0.error_behavior = Some(ErrorBehavior::Compensate);
s0.compensation_step_id = Some(1);
def.steps.push(s0);
def.steps.push(WorkflowStep::new(1, step_type::<CompensateStep>()));
def.steps
.push(WorkflowStep::new(1, step_type::<CompensateStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Failed);
// Compensation pointer should be created.
assert_eq!(updated.execution_pointers.len(), 2);
@@ -1070,8 +1158,10 @@ mod tests {
registry.register::<PassStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<PassStep>()));
def.steps.push(WorkflowStep::new(1, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(1, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
// Two independent active pointers.
@@ -1079,14 +1169,22 @@ mod tests {
instance.execution_pointers.push(ExecutionPointer::new(1));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Complete);
assert!(updated
.execution_pointers
.iter()
.all(|p| p.status == PointerStatus::Complete));
assert!(
updated
.execution_pointers
.iter()
.all(|p| p.status == PointerStatus::Complete)
);
}
#[tokio::test]
@@ -1114,9 +1212,15 @@ mod tests {
persistence.create_new_workflow(&instance).await.unwrap();
// Should not error on a completed workflow.
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Complete);
}
@@ -1129,7 +1233,8 @@ mod tests {
registry.register::<SleepStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<SleepStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<SleepStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
let mut pointer = ExecutionPointer::new(0);
@@ -1139,11 +1244,20 @@ mod tests {
instance.execution_pointers.push(pointer);
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
// Should still be sleeping since sleep_until is in the future.
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Sleeping);
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Sleeping
);
}
#[tokio::test]
@@ -1163,7 +1277,10 @@ mod tests {
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let errors = persistence.get_errors().await;
assert_eq!(errors.len(), 1);
@@ -1174,24 +1291,31 @@ mod tests {
async fn lifecycle_events_published() {
let (persistence, lock, queue) = create_providers();
let lifecycle = Arc::new(InMemoryLifecyclePublisher::new());
let executor = create_executor(persistence.clone(), lock, queue)
.with_lifecycle(lifecycle.clone());
let executor =
create_executor(persistence.clone(), lock, queue).with_lifecycle(lifecycle.clone());
let mut registry = StepRegistry::new();
registry.register::<PassStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
// Executor itself doesn't publish lifecycle events in the current implementation,
// but the with_lifecycle builder works correctly.
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Complete);
}
@@ -1206,15 +1330,22 @@ mod tests {
let mut def = WorkflowDefinition::new("test", 1);
def.default_error_behavior = ErrorBehavior::Terminate;
// Step has no error_behavior override.
def.steps.push(WorkflowStep::new(0, step_type::<FailStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<FailStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Terminated);
}
@@ -1227,15 +1358,22 @@ mod tests {
registry.register::<PassStep>();
let mut def = WorkflowDefinition::new("test", 1);
def.steps.push(WorkflowStep::new(0, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(0, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert!(updated.execution_pointers[0].start_time.is_some());
assert!(updated.execution_pointers[0].end_time.is_some());
}
@@ -1257,15 +1395,22 @@ mod tests {
value: Some(serde_json::json!("yes")),
});
def.steps.push(s0);
def.steps.push(WorkflowStep::new(1, step_type::<PassStep>()));
def.steps
.push(WorkflowStep::new(1, step_type::<PassStep>()));
let mut instance = WorkflowInstance::new("test", 1, serde_json::json!({}));
instance.execution_pointers.push(ExecutionPointer::new(0));
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(
updated.execution_pointers[0].outcome,
Some(serde_json::json!("yes"))
@@ -1318,15 +1463,33 @@ mod tests {
persistence.create_new_workflow(&instance).await.unwrap();
// First execution: fails, retry scheduled.
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.execution_pointers[0].retry_count, 1);
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Sleeping);
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Sleeping
);
// Second execution: succeeds (sleep_until is in the past with 0ms interval).
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
assert_eq!(updated.execution_pointers[0].status, PointerStatus::Complete);
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(
updated.execution_pointers[0].status,
PointerStatus::Complete
);
assert_eq!(updated.status, WorkflowStatus::Complete);
}
@@ -1342,9 +1505,15 @@ mod tests {
// No execution pointers at all.
persistence.create_new_workflow(&instance).await.unwrap();
executor.execute(&instance.id, &def, &registry, None).await.unwrap();
executor
.execute(&instance.id, &def, &registry, None)
.await
.unwrap();
let updated = persistence.get_workflow_instance(&instance.id).await.unwrap();
let updated = persistence
.get_workflow_instance(&instance.id)
.await
.unwrap();
assert_eq!(updated.status, WorkflowStatus::Runnable);
}
}

24
wfe-core/src/models/condition.rs
View File

@@ -136,13 +136,11 @@ mod tests {
#[test]
fn step_condition_any_serde_round_trip() {
let condition = StepCondition::Any(vec![
StepCondition::Comparison(FieldComparison {
field: ".x".to_string(),
operator: ComparisonOp::IsNull,
value: None,
}),
]);
let condition = StepCondition::Any(vec![StepCondition::Comparison(FieldComparison {
field: ".x".to_string(),
operator: ComparisonOp::IsNull,
value: None,
})]);
let json_str = serde_json::to_string(&condition).unwrap();
let deserialized: StepCondition = serde_json::from_str(&json_str).unwrap();
assert_eq!(condition, deserialized);
@@ -150,13 +148,11 @@ mod tests {
#[test]
fn step_condition_none_serde_round_trip() {
let condition = StepCondition::None(vec![
StepCondition::Comparison(FieldComparison {
field: ".err".to_string(),
operator: ComparisonOp::IsNotNull,
value: None,
}),
]);
let condition = StepCondition::None(vec![StepCondition::Comparison(FieldComparison {
field: ".err".to_string(),
operator: ComparisonOp::IsNotNull,
value: None,
})]);
let json_str = serde_json::to_string(&condition).unwrap();
let deserialized: StepCondition = serde_json::from_str(&json_str).unwrap();
assert_eq!(condition, deserialized);

6
wfe-core/src/models/event.rs
View File

@@ -75,7 +75,11 @@ mod tests {
#[test]
fn new_event_defaults() {
let event = Event::new("order.created", "order-456", serde_json::json!({"amount": 100}));
let event = Event::new(
"order.created",
"order-456",
serde_json::json!({"amount": 100}),
);
assert_eq!(event.event_name, "order.created");
assert_eq!(event.event_key, "order-456");
assert!(!event.is_processed);

14
wfe-core/src/models/execution_result.rs
View File

@@ -59,7 +59,10 @@ impl ExecutionResult {
}
/// Create child branches for parallel/foreach execution.
pub fn branch(values: Vec<serde_json::Value>, persistence_data: Option<serde_json::Value>) -> Self {
pub fn branch(
values: Vec<serde_json::Value>,
persistence_data: Option<serde_json::Value>,
) -> Self {
Self {
proceed: false,
branch_values: Some(values),
@@ -137,7 +140,11 @@ mod tests {
#[test]
fn branch_creates_child_values() {
let values = vec![serde_json::json!(1), serde_json::json!(2), serde_json::json!(3)];
let values = vec![
serde_json::json!(1),
serde_json::json!(2),
serde_json::json!(3),
];
let result = ExecutionResult::branch(values.clone(), None);
assert!(!result.proceed);
assert_eq!(result.branch_values, Some(values));
@@ -181,7 +188,8 @@ mod tests {
#[test]
fn serde_round_trip() {
let result = ExecutionResult::sleep(Duration::from_secs(30), Some(serde_json::json!({"x": 1})));
let result =
ExecutionResult::sleep(Duration::from_secs(30), Some(serde_json::json!({"x": 1})));
let json = serde_json::to_string(&result).unwrap();
let deserialized: ExecutionResult = serde_json::from_str(&json).unwrap();
assert_eq!(result.proceed, deserialized.proceed);

19
wfe-core/src/models/lifecycle.rs
View File

@@ -18,9 +18,17 @@ pub enum LifecycleEventType {
Suspended,
Completed,
Terminated,
Error { message: String },
StepStarted { step_id: usize, step_name: Option<String> },
StepCompleted { step_id: usize, step_name: Option<String> },
Error {
message: String,
},
StepStarted {
step_id: usize,
step_name: Option<String>,
},
StepCompleted {
step_id: usize,
step_name: Option<String>,
},
}
impl LifecycleEvent {
@@ -56,7 +64,10 @@ mod tests {
let event = LifecycleEvent::new("wf-1", "def-1", 1, LifecycleEventType::Started);
let json = serde_json::to_string(&event).unwrap();
let deserialized: LifecycleEvent = serde_json::from_str(&json).unwrap();
assert_eq!(event.workflow_instance_id, deserialized.workflow_instance_id);
assert_eq!(
event.workflow_instance_id,
deserialized.workflow_instance_id
);
assert_eq!(event.event_type, deserialized.event_type);
}

8
wfe-core/src/models/mod.rs
View File

@@ -1,7 +1,6 @@
pub mod condition;
pub mod error_behavior;
pub mod event;
pub mod service;
pub mod execution_error;
pub mod execution_pointer;
pub mod execution_result;
@@ -10,6 +9,7 @@ pub mod poll_config;
pub mod queue_type;
pub mod scheduled_command;
pub mod schema;
pub mod service;
pub mod status;
pub mod workflow_definition;
pub mod workflow_instance;
@@ -25,9 +25,11 @@ pub use poll_config::{HttpMethod, PollCondition, PollEndpointConfig};
pub use queue_type::QueueType;
pub use scheduled_command::{CommandName, ScheduledCommand};
pub use schema::{SchemaType, WorkflowSchema};
pub use service::{
ReadinessCheck, ReadinessProbe, ServiceDefinition, ServiceEndpoint, ServicePort,
};
pub use status::{PointerStatus, WorkflowStatus};
pub use workflow_definition::{StepOutcome, WorkflowDefinition, WorkflowStep};
pub use service::{ReadinessCheck, ReadinessProbe, ServiceDefinition, ServiceEndpoint, ServicePort};
pub use workflow_definition::{SharedVolume, StepOutcome, WorkflowDefinition, WorkflowStep};
pub use workflow_instance::WorkflowInstance;
/// Serde helper for `Option<Duration>` as milliseconds.

10
wfe-core/src/models/schema.rs
View File

@@ -63,9 +63,7 @@ pub fn parse_type(s: &str) -> crate::Result<SchemaType> {
"integer" => Ok(SchemaType::Integer),
"bool" => Ok(SchemaType::Bool),
"any" => Ok(SchemaType::Any),
_ => Err(crate::WfeError::StepExecution(format!(
"Unknown type: {s}"
))),
_ => Err(crate::WfeError::StepExecution(format!("Unknown type: {s}"))),
}
}
@@ -110,8 +108,7 @@ pub fn validate_value(value: &serde_json::Value, expected: &SchemaType) -> Resul
SchemaType::List(inner) => {
if let Some(arr) = value.as_array() {
for (i, item) in arr.iter().enumerate() {
validate_value(item, inner)
.map_err(|e| format!("list element [{i}]: {e}"))?;
validate_value(item, inner).map_err(|e| format!("list element [{i}]: {e}"))?;
}
Ok(())
} else {
@@ -121,8 +118,7 @@ pub fn validate_value(value: &serde_json::Value, expected: &SchemaType) -> Resul
SchemaType::Map(inner) => {
if let Some(obj) = value.as_object() {
for (key, val) in obj {
validate_value(val, inner)
.map_err(|e| format!("map key \"{key}\": {e}"))?;
validate_value(val, inner).map_err(|e| format!("map key \"{key}\": {e}"))?;
}
Ok(())
} else {

51
wfe-core/src/models/workflow_definition.rs
View File

@@ -6,10 +6,48 @@ use super::condition::StepCondition;
use super::error_behavior::ErrorBehavior;
use super::service::ServiceDefinition;
/// Declaration of a volume that persists across every step in a workflow
/// run, including sub-workflows started via `type: workflow` steps. Backends
/// that support it (currently just Kubernetes) provision a single volume
/// per top-level workflow instance and mount it on every step container at
/// `mount_path`. Sub-workflows see the same volume because they share the
/// parent's isolation domain (namespace, in the K8s case).
///
/// Declared once on the top-level workflow (e.g. `ci`) that orchestrates
/// the sub-workflows. Declarations on non-root workflows are ignored in
/// favor of the root's declaration.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct SharedVolume {
/// Absolute path the volume is mounted at inside every step container.
/// Typical value: `/workspace`.
pub mount_path: String,
/// Optional size override (e.g. `"20Gi"`). When unset the backend falls
/// back to its configured default (ClusterConfig::default_shared_volume_size
/// for the Kubernetes executor).
#[serde(default, skip_serializing_if = "Option::is_none")]
pub size: Option<String>,
}
impl Default for SharedVolume {
fn default() -> Self {
Self {
mount_path: "/workspace".to_string(),
size: None,
}
}
}
/// A compiled workflow definition ready for execution.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct WorkflowDefinition {
/// Stable slug used as the primary key (e.g. "ci", "checkout"). Must be
/// unique within a host. Referenced by other workflows, webhooks, and
/// clients when starting new instances.
pub id: String,
/// Optional human-friendly display name surfaced in UIs, listings, and
/// logs (e.g. "Continuous Integration"). Falls back to `id` when unset.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub name: Option<String>,
pub version: u32,
pub description: Option<String>,
pub steps: Vec<WorkflowStep>,
@@ -19,20 +57,33 @@ pub struct WorkflowDefinition {
/// Infrastructure services required by this workflow (databases, caches, etc.).
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub services: Vec<ServiceDefinition>,
/// When set, the backend provisions a single persistent volume for the
/// top-level workflow instance and mounts it on every step container.
/// All sub-workflows inherit the same volume through their shared
/// namespace/isolation domain. Sub-workflow declarations are ignored.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub shared_volume: Option<SharedVolume>,
}
impl WorkflowDefinition {
pub fn new(id: impl Into<String>, version: u32) -> Self {
Self {
id: id.into(),
name: None,
version,
description: None,
steps: Vec::new(),
default_error_behavior: ErrorBehavior::default(),
default_error_retry_interval: None,
services: Vec::new(),
shared_volume: None,
}
}
/// Return the display name when set, otherwise fall back to the slug id.
pub fn display_name(&self) -> &str {
self.name.as_deref().unwrap_or(&self.id)
}
}
/// A single step in a workflow definition.

36
wfe-core/src/models/workflow_instance.rs
View File

@@ -6,7 +6,26 @@ use super::status::{PointerStatus, WorkflowStatus};
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct WorkflowInstance {
/// UUID — the primary key, always unique, never changes.
pub id: String,
/// Human-friendly unique name, e.g. "ci-42". Auto-assigned as
/// `{definition_id}-{N}` via a per-definition monotonic counter when
/// the caller does not supply an override. Used interchangeably with
/// `id` in lookup APIs. Empty when the instance has not yet been
/// persisted (the host fills it in before the first insert).
pub name: String,
/// UUID of the top-level ancestor workflow. `None` on the root
/// (user-started) workflow; set to the parent's `root_workflow_id`
/// (or the parent's `id` if the parent is itself a root) on every
/// `SubWorkflowStep`-created child.
///
/// Used by the Kubernetes executor to place all workflows in a tree
/// under a single namespace — siblings started via `type: workflow`
/// steps share the parent's namespace and any provisioned shared
/// volume. Backends that don't care about workflow topology can
/// ignore this field.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub root_workflow_id: Option<String>,
pub workflow_definition_id: String,
pub version: u32,
pub description: Option<String>,
@@ -20,9 +39,19 @@ pub struct WorkflowInstance {
}
impl WorkflowInstance {
pub fn new(workflow_definition_id: impl Into<String>, version: u32, data: serde_json::Value) -> Self {
pub fn new(
workflow_definition_id: impl Into<String>,
version: u32,
data: serde_json::Value,
) -> Self {
Self {
id: uuid::Uuid::new_v4().to_string(),
// Filled in by WorkflowHost::start_workflow before persisting.
name: String::new(),
// None by default — caller (HostContextImpl) sets this when
// starting a sub-workflow so children share the parent tree's
// namespace/volume.
root_workflow_id: None,
workflow_definition_id: workflow_definition_id.into(),
version,
description: None,
@@ -134,7 +163,10 @@ mod tests {
let json = serde_json::to_string(&instance).unwrap();
let deserialized: WorkflowInstance = serde_json::from_str(&json).unwrap();
assert_eq!(instance.id, deserialized.id);
assert_eq!(instance.workflow_definition_id, deserialized.workflow_definition_id);
assert_eq!(
instance.workflow_definition_id,
deserialized.workflow_definition_id
);
assert_eq!(instance.version, deserialized.version);
assert_eq!(instance.status, deserialized.status);
assert_eq!(instance.data, deserialized.data);

5
wfe-core/src/primitives/foreach_step.rs
View File

@@ -130,7 +130,10 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.branch_values, Some(vec![json!(1), json!(2), json!(3)]));
assert_eq!(
result.branch_values,
Some(vec![json!(1), json!(2), json!(3)])
);
}
#[tokio::test]

10
wfe-core/src/primitives/if_step.rs
View File

@@ -60,7 +60,10 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.branch_values, Some(vec![json!(null)]));
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
#[tokio::test]
@@ -116,6 +119,9 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
}

3
wfe-core/src/primitives/mod.rs
View File

@@ -38,6 +38,7 @@ mod test_helpers {
workflow: &'a WorkflowInstance,
) -> StepExecutionContext<'a> {
StepExecutionContext {
definition: None,
item: None,
execution_pointer: pointer,
persistence_data: pointer.persistence_data.as_ref(),
@@ -45,7 +46,7 @@ mod test_helpers {
workflow,
cancellation_token: CancellationToken::new(),
host_context: None,
log_sink: None,
log_sink: None,
}
}

4
wfe-core/src/primitives/poll_endpoint.rs
View File

@@ -1,7 +1,7 @@
use async_trait::async_trait;
use crate::models::poll_config::PollEndpointConfig;
use crate::models::ExecutionResult;
use crate::models::poll_config::PollEndpointConfig;
use crate::traits::step::{StepBody, StepExecutionContext};
/// A step that polls an external HTTP endpoint until a condition is met.
@@ -21,8 +21,8 @@ impl StepBody for PollEndpointStep {
#[cfg(test)]
mod tests {
use super::*;
use crate::models::poll_config::{HttpMethod, PollCondition};
use crate::models::ExecutionPointer;
use crate::models::poll_config::{HttpMethod, PollCondition};
use crate::primitives::test_helpers::*;
use std::collections::HashMap;
use std::time::Duration;

10
wfe-core/src/primitives/recur.rs
View File

@@ -85,7 +85,10 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.sleep_for, Some(Duration::from_secs(10)));
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
#[tokio::test]
@@ -130,6 +133,9 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert!(result.sleep_for.is_none());
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
}

5
wfe-core/src/primitives/saga_container.rs
View File

@@ -89,7 +89,10 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.branch_values, Some(vec![json!(null)]));
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
#[tokio::test]

10
wfe-core/src/primitives/schedule.rs
View File

@@ -60,7 +60,10 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.sleep_for, Some(Duration::from_secs(30)));
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
#[tokio::test]
@@ -101,6 +104,9 @@ mod tests {
let ctx = make_context(&pointer, &wf_step, &workflow);
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
}

5
wfe-core/src/primitives/sequence.rs
View File

@@ -61,7 +61,10 @@ mod tests {
let ctx = make_context(&pointer, &wf_step, &workflow);
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
#[tokio::test]

50
wfe-core/src/primitives/sub_workflow.rs
View File

@@ -1,8 +1,8 @@
use async_trait::async_trait;
use chrono::Utc;
use crate::models::schema::WorkflowSchema;
use crate::models::ExecutionResult;
use crate::models::schema::WorkflowSchema;
use crate::traits::step::{StepBody, StepExecutionContext};
/// A step that starts a child workflow and waits for its completion.
@@ -110,15 +110,31 @@ impl StepBody for SubWorkflowStep {
)
})?;
// Use inputs if set, otherwise pass an empty object so the child
// workflow has a valid JSON object for storing step outputs.
let child_data = if self.inputs.is_null() {
serde_json::json!({})
} else {
// Use explicit inputs if set; otherwise inherit the parent workflow's
// data so child steps can reference the same top-level fields (e.g.
// REPO_URL, COMMIT_SHA) without every `type: workflow` step having to
// re-declare them. Fall back to an empty object when the parent has
// no data either so the child still has a valid JSON object for
// storing step outputs.
let child_data = if !self.inputs.is_null() {
self.inputs.clone()
} else if context.workflow.data.is_object() {
context.workflow.data.clone()
} else {
serde_json::json!({})
};
// Inherit the parent's root — or, if the parent is itself a root
// (has no root set), use the parent's own id as the root for the
// child. This makes every descendant of a top-level ci run share
// the same root_workflow_id and therefore the same namespace and
// shared volume on backends that care.
let parent_root = context
.workflow
.root_workflow_id
.clone()
.or_else(|| Some(context.workflow.id.clone()));
let child_instance_id = host
.start_workflow(&self.workflow_id, self.version, child_data)
.start_workflow(&self.workflow_id, self.version, child_data, parent_root)
.await?;
Ok(ExecutionResult::wait_for_event(
@@ -132,8 +148,8 @@ impl StepBody for SubWorkflowStep {
#[cfg(test)]
mod tests {
use super::*;
use crate::models::schema::SchemaType;
use crate::models::ExecutionPointer;
use crate::models::schema::SchemaType;
use crate::primitives::test_helpers::*;
use crate::traits::step::HostContext;
use serde_json::json;
@@ -165,15 +181,13 @@ mod tests {
definition_id: &str,
version: u32,
data: serde_json::Value,
_parent_root_workflow_id: Option<String>,
) -> std::pin::Pin<Box<dyn std::future::Future<Output = crate::Result<String>> + Send + '_>>
{
let def_id = definition_id.to_string();
let result_id = self.result_id.clone();
Box::pin(async move {
self.started
.lock()
.unwrap()
.push((def_id, version, data));
self.started.lock().unwrap().push((def_id, version, data));
Ok(result_id)
})
}
@@ -188,6 +202,7 @@ mod tests {
_definition_id: &str,
_version: u32,
_data: serde_json::Value,
_parent_root_workflow_id: Option<String>,
) -> std::pin::Pin<Box<dyn std::future::Future<Output = crate::Result<String>> + Send + '_>>
{
Box::pin(async {
@@ -205,6 +220,7 @@ mod tests {
host: &'a dyn HostContext,
) -> StepExecutionContext<'a> {
StepExecutionContext {
definition: None,
item: None,
execution_pointer: pointer,
persistence_data: pointer.persistence_data.as_ref(),
@@ -265,10 +281,7 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(result.proceed);
assert_eq!(
result.output_data,
Some(json!({"result": "success"}))
);
assert_eq!(result.output_data, Some(json!({"result": "success"})));
}
#[tokio::test]
@@ -292,10 +305,7 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(result.proceed);
assert_eq!(
result.output_data,
Some(json!({"a": 1, "b": 2}))
);
assert_eq!(result.output_data, Some(json!({"a": 1, "b": 2})));
}
#[tokio::test]

10
wfe-core/src/primitives/while_step.rs
View File

@@ -69,7 +69,10 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert_eq!(result.branch_values, Some(vec![json!(null)]));
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
#[tokio::test]
@@ -141,6 +144,9 @@ mod tests {
let result = step.run(&ctx).await.unwrap();
assert!(!result.proceed);
assert!(result.branch_values.is_none());
assert_eq!(result.persistence_data, Some(json!({"children_active": true})));
assert_eq!(
result.persistence_data,
Some(json!({"children_active": true}))
);
}
}

2
wfe-core/src/test_support/in_memory_lifecycle.rs
View File

@@ -3,9 +3,9 @@ use std::sync::Arc;
use async_trait::async_trait;
use tokio::sync::Mutex;
use crate::Result;
use crate::models::LifecycleEvent;
use crate::traits::LifecyclePublisher;
use crate::Result;
/// An in-memory implementation of `LifecyclePublisher` for testing.
#[derive(Debug, Clone)]

2
wfe-core/src/test_support/in_memory_lock.rs
View File

@@ -4,8 +4,8 @@ use std::sync::Arc;
use async_trait::async_trait;
use tokio::sync::Mutex;
use crate::traits::DistributedLockProvider;
use crate::Result;
use crate::traits::DistributedLockProvider;
/// An in-memory implementation of `DistributedLockProvider` for testing.
#[derive(Debug, Clone)]

58
wfe-core/src/test_support/in_memory_persistence.rs
View File

@@ -5,9 +5,7 @@ use async_trait::async_trait;
use chrono::{DateTime, Utc};
use tokio::sync::RwLock;
use crate::models::{
Event, EventSubscription, ExecutionError, ScheduledCommand, WorkflowInstance,
};
use crate::models::{Event, EventSubscription, ExecutionError, ScheduledCommand, WorkflowInstance};
use crate::traits::{
EventRepository, PersistenceProvider, ScheduledCommandRepository, SubscriptionRepository,
WorkflowRepository,
@@ -22,6 +20,9 @@ pub struct InMemoryPersistenceProvider {
subscriptions: Arc<RwLock<HashMap<String, EventSubscription>>>,
errors: Arc<RwLock<Vec<ExecutionError>>>,
scheduled_commands: Arc<RwLock<Vec<ScheduledCommand>>>,
/// Per-definition monotonic counter used to generate human-friendly
/// workflow instance names of the form `{definition_id}-{N}`.
sequences: Arc<RwLock<HashMap<String, u64>>>,
}
impl InMemoryPersistenceProvider {
@@ -32,6 +33,7 @@ impl InMemoryPersistenceProvider {
subscriptions: Arc::new(RwLock::new(HashMap::new())),
errors: Arc::new(RwLock::new(Vec::new())),
scheduled_commands: Arc::new(RwLock::new(Vec::new())),
sequences: Arc::new(RwLock::new(HashMap::new())),
}
}
@@ -57,6 +59,11 @@ impl WorkflowRepository for InMemoryPersistenceProvider {
};
let mut stored = instance.clone();
stored.id = id.clone();
// Fall back to UUID when the caller didn't assign a human name, so
// name-based lookups work (the UUID is always unique).
if stored.name.is_empty() {
stored.name = id.clone();
}
self.workflows.write().await.insert(id.clone(), stored);
Ok(id)
}
@@ -107,6 +114,23 @@ impl WorkflowRepository for InMemoryPersistenceProvider {
.ok_or_else(|| WfeError::WorkflowNotFound(id.to_string()))
}
async fn get_workflow_instance_by_name(&self, name: &str) -> Result<WorkflowInstance> {
self.workflows
.read()
.await
.values()
.find(|w| w.name == name)
.cloned()
.ok_or_else(|| WfeError::WorkflowNotFound(name.to_string()))
}
async fn next_definition_sequence(&self, definition_id: &str) -> Result<u64> {
let mut seqs = self.sequences.write().await;
let next = seqs.get(definition_id).copied().unwrap_or(0) + 1;
seqs.insert(definition_id.to_string(), next);
Ok(next)
}
async fn get_workflow_instances(&self, ids: &[String]) -> Result<Vec<WorkflowInstance>> {
let workflows = self.workflows.read().await;
let mut result = Vec::new();
@@ -121,10 +145,7 @@ impl WorkflowRepository for InMemoryPersistenceProvider {
#[async_trait]
impl SubscriptionRepository for InMemoryPersistenceProvider {
async fn create_event_subscription(
&self,
subscription: &EventSubscription,
) -> Result<String> {
async fn create_event_subscription(&self, subscription: &EventSubscription) -> Result<String> {
let id = if subscription.id.is_empty() {
uuid::Uuid::new_v4().to_string()
} else {
@@ -217,11 +238,7 @@ impl SubscriptionRepository for InMemoryPersistenceProvider {
}
}
async fn clear_subscription_token(
&self,
subscription_id: &str,
token: &str,
) -> Result<()> {
async fn clear_subscription_token(&self, subscription_id: &str, token: &str) -> Result<()> {
let mut subs = self.subscriptions.write().await;
match subs.get_mut(subscription_id) {
Some(sub) => {
@@ -282,7 +299,9 @@ impl EventRepository for InMemoryPersistenceProvider {
let events = self.events.read().await;
let ids = events
.values()
.filter(|e| e.event_name == event_name && e.event_key == event_key && e.event_time <= as_of)
.filter(|e| {
e.event_name == event_name && e.event_key == event_key && e.event_time <= as_of
})
.map(|e| e.id.clone())
.collect();
Ok(ids)
@@ -325,9 +344,14 @@ impl ScheduledCommandRepository for InMemoryPersistenceProvider {
async fn process_commands(
&self,
as_of: DateTime<Utc>,
handler: &(dyn Fn(ScheduledCommand) -> std::pin::Pin<Box<dyn std::future::Future<Output = Result<()>> + Send>>
+ Send
+ Sync),
handler: &(
dyn Fn(
ScheduledCommand,
)
-> std::pin::Pin<Box<dyn std::future::Future<Output = Result<()>> + Send>>
+ Send
+ Sync
),
) -> Result<()> {
let as_of_millis = as_of.timestamp_millis();
let due: Vec<ScheduledCommand> = {
@@ -360,7 +384,7 @@ impl PersistenceProvider for InMemoryPersistenceProvider {
#[cfg(test)]
mod tests {
use super::*;
use crate::models::{Event, EventSubscription, ExecutionError, ScheduledCommand, CommandName};
use crate::models::{CommandName, Event, EventSubscription, ExecutionError, ScheduledCommand};
use crate::traits::{
EventRepository, PersistenceProvider, ScheduledCommandRepository, SubscriptionRepository,
WorkflowRepository,

2
wfe-core/src/test_support/in_memory_queue.rs
View File

@@ -4,9 +4,9 @@ use std::sync::Arc;
use async_trait::async_trait;
use tokio::sync::Mutex;
use crate::Result;
use crate::models::QueueType;
use crate::traits::QueueProvider;
use crate::Result;
/// An in-memory implementation of `QueueProvider` for testing.
#[derive(Debug, Clone)]

33
wfe-core/src/test_support/lock_suite.rs
View File

@@ -44,6 +44,39 @@ macro_rules! lock_suite {
// Should not error even if lock was never acquired
provider.release_lock("nonexistent").await.unwrap();
}
#[tokio::test]
async fn different_resources_are_independent() {
let provider = ($factory)().await;
assert!(provider.acquire_lock("resource-a").await.unwrap());
// Different resource id doesn't block on the first.
assert!(provider.acquire_lock("resource-b").await.unwrap());
// Now trying to reacquire either fails while held.
assert!(!provider.acquire_lock("resource-a").await.unwrap());
assert!(!provider.acquire_lock("resource-b").await.unwrap());
provider.release_lock("resource-a").await.unwrap();
provider.release_lock("resource-b").await.unwrap();
}
#[tokio::test]
async fn start_and_stop_lifecycle_are_idempotent() {
let provider = ($factory)().await;
provider.start().await.unwrap();
provider.start().await.unwrap();
provider.stop().await.unwrap();
provider.stop().await.unwrap();
}
#[tokio::test]
async fn acquire_release_acquire_roundtrip() {
let provider = ($factory)().await;
for _ in 0..5 {
assert!(provider.acquire_lock("cycling").await.unwrap());
provider.release_lock("cycling").await.unwrap();
}
assert!(provider.acquire_lock("cycling").await.unwrap());
assert!(!provider.acquire_lock("cycling").await.unwrap());
}
}
};
}

373
wfe-core/src/test_support/persistence_suite.rs
View File

@@ -238,6 +238,379 @@ macro_rules! persistence_suite {
assert_eq!(w.id, *id);
}
}
// ─── 1.9 name / sequence / root_workflow_id coverage ────────
#[tokio::test]
async fn next_definition_sequence_is_monotonic_per_definition() {
let provider = ($factory)().await;
// Persistent backends (postgres) keep the sequence counter
// table across test runs, so we need unique definition ids
// per test invocation to get deterministic starting values.
let id_a = format!(
"ci-{}",
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_nanos()
);
let id_b = format!("{id_a}-other");
// First definition counter starts at 1 and increments.
assert_eq!(provider.next_definition_sequence(&id_a).await.unwrap(), 1);
assert_eq!(provider.next_definition_sequence(&id_a).await.unwrap(), 2);
assert_eq!(provider.next_definition_sequence(&id_a).await.unwrap(), 3);
// Second definition has an independent counter.
assert_eq!(provider.next_definition_sequence(&id_b).await.unwrap(), 1);
assert_eq!(provider.next_definition_sequence(&id_b).await.unwrap(), 2);
// First definition's counter unaffected.
assert_eq!(provider.next_definition_sequence(&id_a).await.unwrap(), 4);
}
#[tokio::test]
async fn get_workflow_instance_by_name_resolves_human_name() {
let provider = ($factory)().await;
let mut w = WorkflowInstance::new("test-wf", 1, serde_json::json!({}));
w.name = "ci-42".into();
let id = provider.create_new_workflow(&w).await.unwrap();
// Fetch by human name returns the same row as fetch-by-id.
let by_name = provider.get_workflow_instance_by_name("ci-42").await.unwrap();
assert_eq!(by_name.id, id);
assert_eq!(by_name.name, "ci-42");
// Nonexistent name surfaces WorkflowNotFound.
let missing = provider
.get_workflow_instance_by_name("no-such-name")
.await;
assert!(missing.is_err());
}
#[tokio::test]
async fn root_workflow_id_persists_across_save_and_load() {
let provider = ($factory)().await;
let parent_id = {
let mut p = WorkflowInstance::new("parent", 1, serde_json::json!({}));
p.name = "parent-1".into();
provider.create_new_workflow(&p).await.unwrap()
};
let mut child = WorkflowInstance::new("child", 1, serde_json::json!({}));
child.name = "child-1".into();
child.root_workflow_id = Some(parent_id.clone());
let child_id = provider.create_new_workflow(&child).await.unwrap();
let loaded = provider.get_workflow_instance(&child_id).await.unwrap();
assert_eq!(loaded.root_workflow_id.as_deref(), Some(parent_id.as_str()));
// Round-trip through persist_workflow too.
let mut updated = loaded.clone();
updated.description = Some("updated".into());
provider.persist_workflow(&updated).await.unwrap();
let reloaded = provider.get_workflow_instance(&child_id).await.unwrap();
assert_eq!(
reloaded.root_workflow_id.as_deref(),
Some(parent_id.as_str())
);
assert_eq!(reloaded.description.as_deref(), Some("updated"));
}
// ─── Additional SubscriptionRepository coverage ────────────
#[tokio::test]
async fn subscription_token_lifecycle() {
let provider = ($factory)().await;
let now = Utc::now();
let sub =
EventSubscription::new("wf-1", 0, "ptr-1", "evt", "key", now);
let id = provider.create_event_subscription(&sub).await.unwrap();
// Claim the subscription with a token — returns true on success.
let claimed = provider
.set_subscription_token(&id, "tok-a", "worker-1", now + Duration::seconds(30))
.await
.unwrap();
assert!(claimed);
// A second set_subscription_token with a different token while
// the first is still held should fail to claim.
let reclaimed = provider
.set_subscription_token(&id, "tok-b", "worker-2", now + Duration::seconds(30))
.await
.unwrap_or(false);
assert!(!reclaimed, "token should not be reclaimed while still held");
// Clearing with the correct token releases the subscription.
provider.clear_subscription_token(&id, "tok-a").await.unwrap();
// Now another worker can claim it.
let re = provider
.set_subscription_token(&id, "tok-b", "worker-2", now + Duration::seconds(30))
.await
.unwrap();
assert!(re);
}
#[tokio::test]
async fn get_first_open_subscription_returns_unlocked_only() {
let provider = ($factory)().await;
let now = Utc::now();
// Two subscriptions matching the same (event_name, event_key)
// — the first gets claimed, then get_first_open should return
// the second.
let sub1 =
EventSubscription::new("wf-1", 0, "p1", "order.created", "k", now);
let id1 = provider.create_event_subscription(&sub1).await.unwrap();
let sub2 =
EventSubscription::new("wf-2", 0, "p2", "order.created", "k", now);
let _id2 = provider.create_event_subscription(&sub2).await.unwrap();
provider
.set_subscription_token(&id1, "tok", "w", now + Duration::seconds(30))
.await
.unwrap();
let first_open = provider
.get_first_open_subscription("order.created", "k", now + Duration::seconds(1))
.await
.unwrap();
assert!(first_open.is_some());
// The open one is the un-claimed wf-2, not the claimed wf-1.
let open = first_open.unwrap();
assert_eq!(open.workflow_id, "wf-2");
}
#[tokio::test]
async fn persist_workflow_with_subscriptions_round_trip() {
let provider = ($factory)().await;
let mut w = WorkflowInstance::new("sub-wf", 1, serde_json::json!({}));
let id = provider.create_new_workflow(&w).await.unwrap();
w.id = id.clone();
let now = Utc::now();
let subs = vec![
EventSubscription::new(&id, 0, "p-0", "a.evt", "k1", now),
EventSubscription::new(&id, 1, "p-1", "b.evt", "k2", now),
];
provider
.persist_workflow_with_subscriptions(&w, &subs)
.await
.unwrap();
let fetched = provider
.get_subscriptions("a.evt", "k1", now + Duration::seconds(1))
.await
.unwrap();
assert_eq!(fetched.len(), 1);
assert_eq!(fetched[0].workflow_id, id);
}
// ─── Additional EventRepository coverage ────────────────────
#[tokio::test]
async fn mark_event_unprocessed_reverses_processed_flag() {
let provider = ($factory)().await;
let event = Event::new("evt", "key", serde_json::json!(null));
let id = provider.create_event(&event).await.unwrap();
provider.mark_event_processed(&id).await.unwrap();
let processed = provider.get_event(&id).await.unwrap();
assert!(processed.is_processed);
provider.mark_event_unprocessed(&id).await.unwrap();
let unprocessed = provider.get_event(&id).await.unwrap();
assert!(!unprocessed.is_processed);
}
#[tokio::test]
async fn get_events_returns_matching_ids() {
let provider = ($factory)().await;
let now = Utc::now();
let e1 = Event::new("foo.created", "abc", serde_json::json!({}));
let id1 = provider.create_event(&e1).await.unwrap();
let e2 = Event::new("foo.created", "xyz", serde_json::json!({}));
let _id2 = provider.create_event(&e2).await.unwrap();
let e3 = Event::new("bar.created", "abc", serde_json::json!({}));
let _id3 = provider.create_event(&e3).await.unwrap();
let matching = provider
.get_events("foo.created", "abc", now + Duration::seconds(1))
.await
.unwrap();
assert!(matching.contains(&id1));
assert_eq!(matching.len(), 1);
}
// ─── get_workflow_instances (batch fetch) ─────────────────
#[tokio::test]
async fn get_workflow_instances_fetches_multiple_by_id() {
let provider = ($factory)().await;
let w1 = WorkflowInstance::new("a", 1, serde_json::json!({}));
let id1 = provider.create_new_workflow(&w1).await.unwrap();
let w2 = WorkflowInstance::new("b", 1, serde_json::json!({}));
let id2 = provider.create_new_workflow(&w2).await.unwrap();
let w3 = WorkflowInstance::new("c", 1, serde_json::json!({}));
let id3 = provider.create_new_workflow(&w3).await.unwrap();
let fetched = provider
.get_workflow_instances(&[id1.clone(), id2.clone(), id3.clone()])
.await
.unwrap();
assert_eq!(fetched.len(), 3);
// Missing ids are silently filtered out.
let partial = provider
.get_workflow_instances(&[id1.clone(), "never".into()])
.await
.unwrap();
assert_eq!(partial.len(), 1);
assert_eq!(partial[0].id, id1);
}
// ─── WorkflowNotFound on bogus id ─────────────────────────
#[tokio::test]
async fn get_workflow_instance_missing_is_workflow_not_found() {
let provider = ($factory)().await;
let err = provider
.get_workflow_instance("definitely-not-an-id")
.await
.unwrap_err();
assert!(matches!(err, $crate::WfeError::WorkflowNotFound(_)));
}
// ─── ensure_store_exists idempotency ──────────────────────
#[tokio::test]
async fn ensure_store_exists_is_idempotent() {
let provider = ($factory)().await;
// Calling twice in a row should not error (schema already there).
provider.ensure_store_exists().await.unwrap();
provider.ensure_store_exists().await.unwrap();
}
// ─── Execution pointer round-trip ──────────────────────────
//
// Pointers carry the bulk of the per-step state and touch the
// trickiest serialization paths (persistence_data, event_data,
// scope, children, extension_attributes). Explicitly round-trip
// one through create → update → fetch to catch marshalling bugs.
#[tokio::test]
async fn execution_pointer_round_trip() {
use $crate::models::{ExecutionPointer, PointerStatus};
let provider = ($factory)().await;
let mut instance =
WorkflowInstance::new("ptr-test", 1, serde_json::json!({}));
let mut ptr = ExecutionPointer::new(0);
ptr.status = PointerStatus::Running;
ptr.step_name = Some("first".into());
ptr.persistence_data = Some(serde_json::json!({"cursor": 7}));
ptr.event_name = Some("order.paid".into());
ptr.event_key = Some("order-42".into());
ptr.event_published = false;
ptr.retry_count = 2;
ptr.scope = vec!["parent-scope".into()];
ptr.children = vec!["child-a".into(), "child-b".into()];
ptr.extension_attributes = {
let mut m = std::collections::HashMap::new();
m.insert("owner".to_string(), serde_json::json!("alice"));
m
};
instance.execution_pointers.push(ptr);
let id = provider.create_new_workflow(&instance).await.unwrap();
let fetched = provider.get_workflow_instance(&id).await.unwrap();
assert_eq!(fetched.execution_pointers.len(), 1);
let out = &fetched.execution_pointers[0];
assert_eq!(out.status, PointerStatus::Running);
assert_eq!(out.step_name.as_deref(), Some("first"));
assert_eq!(
out.persistence_data.as_ref().map(|v| v["cursor"].as_u64()),
Some(Some(7))
);
assert_eq!(out.event_name.as_deref(), Some("order.paid"));
assert_eq!(out.retry_count, 2);
assert_eq!(out.scope, vec!["parent-scope".to_string()]);
assert_eq!(out.children.len(), 2);
assert_eq!(
out.extension_attributes.get("owner"),
Some(&serde_json::json!("alice"))
);
}
// ─── ScheduledCommandRepository ────────────────────────────
#[tokio::test]
async fn scheduled_commands_round_trip_when_supported() {
use $crate::models::{CommandName, ScheduledCommand};
use $crate::traits::ScheduledCommandRepository;
let provider = ($factory)().await;
// Some backends (postgres, sqlite) support scheduled
// commands; others don't. Skip the test cleanly on backends
// that report no support rather than forcing a hard-coded
// opt-in list here.
if !provider.supports_scheduled_commands() {
return;
}
// Use a unique data payload so the UNIQUE(command_name, data)
// index doesn't collide with previous runs on persistent
// backends.
let unique = format!(
"payload-{}",
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_nanos()
);
let cmd = ScheduledCommand {
command_name: CommandName::ProcessWorkflow,
data: unique.clone(),
execute_time: 0,
};
provider.schedule_command(&cmd).await.unwrap();
// Double-scheduling the same (command_name, data) must not
// blow up — the implementation uses ON CONFLICT DO NOTHING
// semantics so this is idempotent.
provider.schedule_command(&cmd).await.unwrap();
// Process due commands at a point well past execute_time.
let processed = std::sync::Arc::new(std::sync::atomic::AtomicUsize::new(0));
let counter = processed.clone();
provider
.process_commands(
Utc::now() + Duration::seconds(1),
&|_c: ScheduledCommand| {
let counter = counter.clone();
Box::pin(async move {
counter.fetch_add(1, std::sync::atomic::Ordering::SeqCst);
Ok(())
})
},
)
.await
.unwrap();
assert!(
processed.load(std::sync::atomic::Ordering::SeqCst) >= 1,
"expected at least one scheduled command to be processed"
);
}
}
};
}

125
wfe-core/src/test_support/queue_suite.rs
View File

@@ -17,18 +17,9 @@ macro_rules! queue_suite {
#[tokio::test]
async fn enqueue_dequeue_fifo() {
let provider = ($factory)().await;
provider
.queue_work("a", QueueType::Workflow)
.await
.unwrap();
provider
.queue_work("b", QueueType::Workflow)
.await
.unwrap();
provider
.queue_work("c", QueueType::Workflow)
.await
.unwrap();
provider.queue_work("a", QueueType::Workflow).await.unwrap();
provider.queue_work("b", QueueType::Workflow).await.unwrap();
provider.queue_work("c", QueueType::Workflow).await.unwrap();
assert_eq!(
provider
@@ -94,16 +85,110 @@ macro_rules! queue_suite {
);
// Both should now be empty
assert!(provider
.dequeue_work(QueueType::Event)
assert!(
provider
.dequeue_work(QueueType::Event)
.await
.unwrap()
.is_none()
);
assert!(
provider
.dequeue_work(QueueType::Workflow)
.await
.unwrap()
.is_none()
);
}
#[tokio::test]
async fn index_queue_type_is_isolated() {
let provider = ($factory)().await;
provider
.queue_work("idx-1", QueueType::Index)
.await
.unwrap()
.is_none());
assert!(provider
.dequeue_work(QueueType::Workflow)
.unwrap();
provider
.queue_work("idx-2", QueueType::Index)
.await
.unwrap()
.is_none());
.unwrap();
provider
.queue_work("wf-1", QueueType::Workflow)
.await
.unwrap();
// Index queue drains in FIFO order...
assert_eq!(
provider
.dequeue_work(QueueType::Index)
.await
.unwrap()
.as_deref(),
Some("idx-1")
);
assert_eq!(
provider
.dequeue_work(QueueType::Index)
.await
.unwrap()
.as_deref(),
Some("idx-2")
);
// ...and doesn't disturb the Workflow queue.
assert_eq!(
provider
.dequeue_work(QueueType::Workflow)
.await
.unwrap()
.as_deref(),
Some("wf-1")
);
}
#[tokio::test]
async fn start_and_stop_lifecycle_are_idempotent() {
let provider = ($factory)().await;
// Both start and stop should be no-ops that can be called
// multiple times without error regardless of backend.
provider.start().await.unwrap();
provider.start().await.unwrap();
provider.stop().await.unwrap();
provider.stop().await.unwrap();
}
#[tokio::test]
async fn is_dequeue_blocking_is_stable() {
let provider = ($factory)().await;
// Pure property — just make sure it doesn't panic and is
// consistent between calls. Different backends return
// different values; we only care the call works.
let a = provider.is_dequeue_blocking();
let b = provider.is_dequeue_blocking();
assert_eq!(a, b);
}
#[tokio::test]
async fn enqueue_many_then_drain() {
let provider = ($factory)().await;
for i in 0..20u32 {
provider
.queue_work(&format!("item-{i}"), QueueType::Workflow)
.await
.unwrap();
}
for i in 0..20u32 {
let got = provider.dequeue_work(QueueType::Workflow).await.unwrap();
assert_eq!(got.as_deref(), Some(format!("item-{i}").as_str()));
}
assert!(
provider
.dequeue_work(QueueType::Workflow)
.await
.unwrap()
.is_none()
);
}
}
};

6
wfe-core/src/traits/middleware.rs
View File

@@ -62,6 +62,7 @@ mod tests {
let pointer = ExecutionPointer::new(0);
let step = WorkflowStep::new(0, "test_step");
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -69,7 +70,7 @@ mod tests {
workflow: &instance,
cancellation_token: tokio_util::sync::CancellationToken::new(),
host_context: None,
log_sink: None,
log_sink: None,
};
mw.pre_step(&ctx).await.unwrap();
}
@@ -82,6 +83,7 @@ mod tests {
let pointer = ExecutionPointer::new(0);
let step = WorkflowStep::new(0, "test_step");
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -89,7 +91,7 @@ mod tests {
workflow: &instance,
cancellation_token: tokio_util::sync::CancellationToken::new(),
host_context: None,
log_sink: None,
log_sink: None,
};
let result = ExecutionResult::next();
mw.post_step(&ctx, &result).await.unwrap();

2
wfe-core/src/traits/mod.rs
View File

@@ -1,12 +1,12 @@
pub mod lifecycle;
pub mod lock;
pub mod service;
pub mod log_sink;
pub mod middleware;
pub mod persistence;
pub mod queue;
pub mod registry;
pub mod search;
pub mod service;
pub mod step;
pub use lifecycle::LifecyclePublisher;

22
wfe-core/src/traits/persistence.rs
View File

@@ -1,9 +1,7 @@
use async_trait::async_trait;
use chrono::{DateTime, Utc};
use crate::models::{
Event, EventSubscription, ExecutionError, ScheduledCommand, WorkflowInstance,
};
use crate::models::{Event, EventSubscription, ExecutionError, ScheduledCommand, WorkflowInstance};
/// Persistence for workflow instances.
#[async_trait]
@@ -17,7 +15,14 @@ pub trait WorkflowRepository: Send + Sync {
) -> crate::Result<()>;
async fn get_runnable_instances(&self, as_at: DateTime<Utc>) -> crate::Result<Vec<String>>;
async fn get_workflow_instance(&self, id: &str) -> crate::Result<WorkflowInstance>;
async fn get_workflow_instance_by_name(&self, name: &str) -> crate::Result<WorkflowInstance>;
async fn get_workflow_instances(&self, ids: &[String]) -> crate::Result<Vec<WorkflowInstance>>;
/// Atomically allocate the next sequence number for a given workflow
/// definition id. Used by the host to assign human-friendly names of the
/// form `{definition_id}-{N}` before inserting a new workflow instance.
/// Guaranteed monotonic per definition_id; no guarantees across definitions.
async fn next_definition_sequence(&self, definition_id: &str) -> crate::Result<u64>;
}
/// Persistence for event subscriptions.
@@ -79,9 +84,14 @@ pub trait ScheduledCommandRepository: Send + Sync {
async fn process_commands(
&self,
as_of: DateTime<Utc>,
handler: &(dyn Fn(ScheduledCommand) -> std::pin::Pin<Box<dyn std::future::Future<Output = crate::Result<()>> + Send>>
+ Send
+ Sync),
handler: &(
dyn Fn(
ScheduledCommand,
) -> std::pin::Pin<
Box<dyn std::future::Future<Output = crate::Result<()>> + Send>,
> + Send
+ Sync
),
) -> crate::Result<()>;
}

20
wfe-core/src/traits/step.rs
View File

@@ -1,8 +1,10 @@
use async_trait::async_trait;
use serde::de::DeserializeOwned;
use serde::Serialize;
use serde::de::DeserializeOwned;
use crate::models::{ExecutionPointer, ExecutionResult, WorkflowInstance, WorkflowStep};
use crate::models::{
ExecutionPointer, ExecutionResult, WorkflowDefinition, WorkflowInstance, WorkflowStep,
};
/// Marker trait for all data types that flow between workflow steps.
/// Anything that is serializable and deserializable qualifies.
@@ -13,12 +15,19 @@ impl<T> WorkflowData for T where T: Serialize + DeserializeOwned + Send + Sync +
/// Context for steps that need to interact with the workflow host.
/// Implemented by WorkflowHost to allow steps like SubWorkflow to start child workflows.
///
/// The `parent_root_workflow_id` argument carries the UUID of the top-level
/// ancestor workflow so backends (notably Kubernetes) can place every
/// descendant of a given root run in the same isolation domain — namespace,
/// shared volume, RBAC — so sub-workflows can share state like a cloned
/// repo checkout. Pass `None` when starting a brand-new root workflow.
pub trait HostContext: Send + Sync {
fn start_workflow(
&self,
definition_id: &str,
version: u32,
data: serde_json::Value,
parent_root_workflow_id: Option<String>,
) -> std::pin::Pin<Box<dyn std::future::Future<Output = crate::Result<String>> + Send + '_>>;
}
@@ -34,6 +43,12 @@ pub struct StepExecutionContext<'a> {
pub step: &'a WorkflowStep,
/// The running workflow instance.
pub workflow: &'a WorkflowInstance,
/// The compiled workflow definition the instance was created from.
/// `None` on code paths that don't have it available (some test fixtures);
/// production execution always populates this so executor-specific
/// features (e.g. Kubernetes shared volumes) can inspect the
/// definition-level configuration.
pub definition: Option<&'a WorkflowDefinition>,
/// Cancellation token.
pub cancellation_token: tokio_util::sync::CancellationToken,
/// Host context for starting child workflows. None if not available.
@@ -51,6 +66,7 @@ impl<'a> std::fmt::Debug for StepExecutionContext<'a> {
.field("persistence_data", &self.persistence_data)
.field("step", &self.step)
.field("workflow", &self.workflow)
.field("definition", &self.definition.is_some())
.field("host_context", &self.host_context.is_some())
.field("log_sink", &self.log_sink.is_some())
.finish()

2
wfe-deno/Cargo.toml
View File

@@ -9,7 +9,7 @@ description = "Deno bindings for the WFE workflow engine"
[dependencies]
wfe-core = { workspace = true, features = ["test-support"] }
wfe = { version = "1.8.1", path = "../wfe", registry = "sunbeam" }
wfe = { version = "1.9.0", path = "../wfe", registry = "sunbeam" }
deno_core = { workspace = true }
deno_error = { workspace = true }
tokio = { workspace = true }

17
wfe-deno/src/bridge.rs
View File

@@ -3,9 +3,9 @@ use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::time::Duration;
use tokio::sync::{mpsc, oneshot};
use wfe_core::WfeError;
use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_core::WfeError;
/// A request sent from the executor (tokio) to the V8 thread.
pub struct StepRequest {
@@ -160,7 +160,9 @@ pub fn deserialize_execution_result(
value: &serde_json::Value,
) -> wfe_core::Result<ExecutionResult> {
let js_result: JsExecutionResult = serde_json::from_value(value.clone()).map_err(|e| {
WfeError::StepExecution(format!("failed to deserialize ExecutionResult from JS: {e}"))
WfeError::StepExecution(format!(
"failed to deserialize ExecutionResult from JS: {e}"
))
})?;
Ok(ExecutionResult {
@@ -186,6 +188,8 @@ mod tests {
fn make_test_context() -> (WorkflowInstance, WorkflowStep, ExecutionPointer) {
let instance = WorkflowInstance {
id: "wf-1".into(),
name: "test-def-1".into(),
root_workflow_id: None,
workflow_definition_id: "test-def".into(),
version: 1,
description: None,
@@ -209,6 +213,7 @@ mod tests {
step.step_config = Some(serde_json::json!({"key": "val"}));
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -233,6 +238,7 @@ mod tests {
let item = serde_json::json!({"id": 42});
let ctx = StepExecutionContext {
definition: None,
item: Some(&item),
execution_pointer: &pointer,
persistence_data: Some(&serde_json::json!({"saved": true})),
@@ -357,6 +363,7 @@ mod tests {
let (instance, step, pointer) = make_test_context();
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -373,7 +380,9 @@ mod tests {
assert_eq!(req.step_type, "MyStep");
assert_eq!(req.request_id, 0);
req.response_tx
.send(Ok(serde_json::json!({"proceed": true, "outputData": {"done": true}})))
.send(Ok(
serde_json::json!({"proceed": true, "outputData": {"done": true}}),
))
.unwrap();
});
@@ -392,6 +401,7 @@ mod tests {
let (instance, step, pointer) = make_test_context();
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -423,6 +433,7 @@ mod tests {
let (instance, step, pointer) = make_test_context();
let ctx = StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,

2
wfe-deno/src/ops/builder.rs
View File

@@ -1,7 +1,7 @@
use std::time::Duration;
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
use wfe_core::builder::WorkflowBuilder;
use wfe_core::models::ErrorBehavior;

2
wfe-deno/src/ops/event.rs
View File

@@ -1,5 +1,5 @@
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
use crate::state::WfeState;

2
wfe-deno/src/ops/host.rs
View File

@@ -1,7 +1,7 @@
use std::sync::Arc;
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
use crate::state::WfeState;

9
wfe-deno/src/ops/step.rs
View File

@@ -1,7 +1,7 @@
use std::sync::Arc;
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
use crate::bridge::JsStepBody;
use crate::state::WfeState;
@@ -23,10 +23,9 @@ pub async fn op_register_step(
};
let counter = Arc::new(std::sync::atomic::AtomicU32::new(0));
host.register_step_factory(
&step_type,
move || Box::new(JsStepBody::new(tx.clone(), counter.clone())),
)
host.register_step_factory(&step_type, move || {
Box::new(JsStepBody::new(tx.clone(), counter.clone()))
})
.await;
Ok(())

2
wfe-deno/src/ops/workflow.rs
View File

@@ -1,5 +1,5 @@
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
use crate::state::WfeState;

6
wfe-deno/tests/integration.rs
View File

@@ -16,8 +16,7 @@ async fn run_js(code: &str) -> Result<(), Box<dyn std::error::Error>> {
/// Helper: run a JS module in a fresh wfe runtime and drive the event loop.
async fn run_module(code: &str) -> Result<(), Box<dyn std::error::Error>> {
let mut runtime = create_wfe_runtime();
let specifier =
deno_core::ModuleSpecifier::parse("ext:wfe-deno/test-module.js").unwrap();
let specifier = deno_core::ModuleSpecifier::parse("ext:wfe-deno/test-module.js").unwrap();
let module_id = runtime
.load_main_es_module_from_code(&specifier, code.to_string())
.await
@@ -27,8 +26,7 @@ async fn run_module(code: &str) -> Result<(), Box<dyn std::error::Error>> {
.run_event_loop(Default::default())
.await
.map_err(|e| format!("event loop error: {e}"))?;
eval.await
.map_err(|e| format!("module eval error: {e}"))?;
eval.await.map_err(|e| format!("module eval error: {e}"))?;
Ok(())
}

33
wfe-kubernetes/src/config.rs
View File

@@ -20,6 +20,18 @@ pub struct ClusterConfig {
/// Node selector labels for Job pods.
#[serde(default)]
pub node_selector: HashMap<String, String>,
/// Default size (e.g. "10Gi") used when a workflow declares a
/// `shared_volume` without specifying its own `size`. The K8s executor
/// creates one PVC per top-level workflow instance and mounts it on
/// every step container so sub-workflows can share a cloned checkout,
/// sccache directory, etc. Cluster operators tune this based on the
/// typical working-set size of their pipelines.
#[serde(default = "default_shared_volume_size")]
pub default_shared_volume_size: String,
/// Optional StorageClass to use when provisioning shared-volume PVCs.
/// Falls back to the cluster's default StorageClass when unset.
#[serde(default)]
pub shared_volume_storage_class: Option<String>,
}
impl Default for ClusterConfig {
@@ -30,6 +42,8 @@ impl Default for ClusterConfig {
service_account: None,
image_pull_secrets: Vec::new(),
node_selector: HashMap::new(),
default_shared_volume_size: default_shared_volume_size(),
shared_volume_storage_class: None,
}
}
}
@@ -38,6 +52,10 @@ fn default_namespace_prefix() -> String {
"wfe-".to_string()
}
fn default_shared_volume_size() -> String {
"10Gi".to_string()
}
/// Per-step configuration for a Kubernetes Job execution.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KubernetesStepConfig {
@@ -46,9 +64,19 @@ pub struct KubernetesStepConfig {
/// Override entrypoint.
#[serde(default)]
pub command: Option<Vec<String>>,
/// Shorthand: runs via `/bin/sh -c "..."`. Mutually exclusive with `command`.
/// Shorthand: runs the given script via the configured `shell`
/// (default `/bin/sh`). Mutually exclusive with `command`. For scripts
/// that rely on bashisms like `set -o pipefail`, process substitution,
/// or arrays, set `shell: /bin/bash` explicitly — the default /bin/sh
/// keeps alpine/busybox containers working out of the box.
#[serde(default)]
pub run: Option<String>,
/// Shell used to execute a `run:` script. Defaults to `/bin/sh` so
/// minimal containers (alpine, distroless) work unchanged. Override
/// to `/bin/bash` or any other interpreter when the script needs
/// features dash doesn't support.
#[serde(default)]
pub shell: Option<String>,
/// Environment variables injected into the container.
#[serde(default)]
pub env: HashMap<String, String>,
@@ -95,6 +123,8 @@ mod tests {
service_account: Some("wfe-runner".into()),
image_pull_secrets: vec!["ghcr-secret".into()],
node_selector: [("tier".into(), "compute".into())].into(),
default_shared_volume_size: "20Gi".into(),
shared_volume_storage_class: Some("fast-ssd".into()),
};
let json = serde_json::to_string(&config).unwrap();
let parsed: ClusterConfig = serde_json::from_str(&json).unwrap();
@@ -119,6 +149,7 @@ mod tests {
image: "node:20-alpine".into(),
command: None,
run: Some("npm test".into()),
shell: None,
env: [("NODE_ENV".into(), "test".into())].into(),
working_dir: Some("/app".into()),
memory: Some("512Mi".into()),

1
wfe-kubernetes/src/lib.rs
View File

@@ -5,6 +5,7 @@ pub mod logs;
pub mod manifests;
pub mod namespace;
pub mod output;
pub mod pvc;
pub mod service_manifests;
pub mod service_provider;
pub mod step;

8
wfe-kubernetes/src/logs.rs
View File

@@ -1,10 +1,10 @@
use futures::io::AsyncBufReadExt;
use futures::StreamExt;
use futures::io::AsyncBufReadExt;
use k8s_openapi::api::core::v1::Pod;
use kube::api::LogParams;
use kube::{Api, Client};
use wfe_core::traits::log_sink::{LogChunk, LogSink, LogStreamType};
use wfe_core::WfeError;
use wfe_core::traits::log_sink::{LogChunk, LogSink, LogStreamType};
/// Stream logs from a pod container, optionally forwarding to a LogSink.
///
@@ -29,9 +29,7 @@ pub async fn stream_logs(
};
let stream = pods.log_stream(pod_name, &params).await.map_err(|e| {
WfeError::StepExecution(format!(
"failed to stream logs from pod '{pod_name}': {e}"
))
WfeError::StepExecution(format!("failed to stream logs from pod '{pod_name}': {e}"))
})?;
let mut stdout = String::new();

143
wfe-kubernetes/src/manifests.rs
View File

@@ -2,7 +2,8 @@ use std::collections::{BTreeMap, HashMap};
use k8s_openapi::api::batch::v1::{Job, JobSpec};
use k8s_openapi::api::core::v1::{
Container, EnvVar, LocalObjectReference, PodSpec, PodTemplateSpec, ResourceRequirements,
Container, EnvVar, LocalObjectReference, PersistentVolumeClaimVolumeSource, PodSpec,
PodTemplateSpec, ResourceRequirements, Volume, VolumeMount,
};
use k8s_openapi::apimachinery::pkg::api::resource::Quantity;
use kube::api::ObjectMeta;
@@ -11,6 +12,18 @@ use crate::config::{ClusterConfig, KubernetesStepConfig};
const LABEL_STEP_NAME: &str = "wfe.sunbeam.pt/step-name";
const LABEL_MANAGED_BY: &str = "wfe.sunbeam.pt/managed-by";
/// Name of the pod volume referencing the shared PVC. Stable so VolumeMount
/// name and Volume name stay in sync inside a single pod spec.
const SHARED_VOLUME_NAME: &str = "wfe-workspace";
/// Request that the generated Job mount a pre-existing PVC into every
/// step container at `mount_path`. Passed in by the step executor, which
/// is responsible for creating the PVC before calling `build_job`.
#[derive(Debug, Clone)]
pub struct SharedVolumeMount {
pub claim_name: String,
pub mount_path: String,
}
/// Build a Kubernetes Job manifest from step configuration.
pub fn build_job(
@@ -19,6 +32,7 @@ pub fn build_job(
namespace: &str,
env_overrides: &HashMap<String, String>,
cluster: &ClusterConfig,
shared_volume: Option<&SharedVolumeMount>,
) -> Job {
let job_name = sanitize_name(step_name);
@@ -41,6 +55,14 @@ pub fn build_job(
labels.insert(LABEL_STEP_NAME.into(), step_name.to_string());
labels.insert(LABEL_MANAGED_BY.into(), "wfe-kubernetes".into());
let volume_mounts = shared_volume.map(|sv| {
vec![VolumeMount {
name: SHARED_VOLUME_NAME.into(),
mount_path: sv.mount_path.clone(),
..Default::default()
}]
});
let container = Container {
name: "step".into(),
image: Some(config.image.clone()),
@@ -50,6 +72,7 @@ pub fn build_job(
working_dir: config.working_dir.clone(),
resources: Some(resources),
image_pull_policy: Some(pull_policy),
volume_mounts,
..Default::default()
};
@@ -60,9 +83,7 @@ pub fn build_job(
cluster
.image_pull_secrets
.iter()
.map(|s| LocalObjectReference {
name: s.clone(),
})
.map(|s| LocalObjectReference { name: s.clone() })
.collect(),
)
};
@@ -70,9 +91,26 @@ pub fn build_job(
let node_selector = if cluster.node_selector.is_empty() {
None
} else {
Some(cluster.node_selector.iter().map(|(k, v)| (k.clone(), v.clone())).collect::<BTreeMap<_, _>>())
Some(
cluster
.node_selector
.iter()
.map(|(k, v)| (k.clone(), v.clone()))
.collect::<BTreeMap<_, _>>(),
)
};
let volumes = shared_volume.map(|sv| {
vec![Volume {
name: SHARED_VOLUME_NAME.into(),
persistent_volume_claim: Some(PersistentVolumeClaimVolumeSource {
claim_name: sv.claim_name.clone(),
read_only: Some(false),
}),
..Default::default()
}]
});
Job {
metadata: ObjectMeta {
name: Some(job_name),
@@ -94,6 +132,7 @@ pub fn build_job(
service_account_name: cluster.service_account.clone(),
image_pull_secrets,
node_selector,
volumes,
..Default::default()
}),
},
@@ -108,10 +147,15 @@ fn resolve_command(config: &KubernetesStepConfig) -> (Option<Vec<String>>, Optio
if let Some(ref cmd) = config.command {
(Some(cmd.clone()), None)
} else if let Some(ref run) = config.run {
(
Some(vec!["/bin/sh".into(), "-c".into()]),
Some(vec![run.clone()]),
)
// Default to /bin/sh so minimal container images (alpine/busybox,
// distroless) work unchanged. Scripts that need bash features
// (pipefail, arrays, process substitution) should set
// `shell: /bin/bash` explicitly on the step config.
let shell = config
.shell
.clone()
.unwrap_or_else(|| "/bin/sh".to_string());
(Some(vec![shell, "-c".into()]), Some(vec![run.clone()]))
} else {
(None, None)
}
@@ -174,7 +218,13 @@ pub fn sanitize_name(name: &str) -> String {
let sanitized: String = name
.to_lowercase()
.chars()
.map(|c| if c.is_ascii_alphanumeric() || c == '-' { c } else { '-' })
.map(|c| {
if c.is_ascii_alphanumeric() || c == '-' {
c
} else {
'-'
}
})
.take(63)
.collect();
sanitized.trim_end_matches('-').to_string()
@@ -195,6 +245,7 @@ mod tests {
image: "alpine:3.18".into(),
command: None,
run: None,
shell: None,
env: HashMap::new(),
working_dir: None,
memory: None,
@@ -203,7 +254,14 @@ mod tests {
pull_policy: None,
namespace: None,
};
let job = build_job(&config, "test-step", "wfe-abc", &HashMap::new(), &default_cluster());
let job = build_job(
&config,
"test-step",
"wfe-abc",
&HashMap::new(),
&default_cluster(),
None,
);
assert_eq!(job.metadata.name, Some("test-step".into()));
assert_eq!(job.metadata.namespace, Some("wfe-abc".into()));
@@ -229,6 +287,7 @@ mod tests {
image: "node:20".into(),
command: None,
run: Some("npm test".into()),
shell: None,
env: HashMap::new(),
working_dir: Some("/app".into()),
memory: None,
@@ -237,13 +296,17 @@ mod tests {
pull_policy: None,
namespace: None,
};
let job = build_job(&config, "test", "ns", &HashMap::new(), &default_cluster());
let job = build_job(
&config,
"test",
"ns",
&HashMap::new(),
&default_cluster(),
None,
);
let container = &job.spec.unwrap().template.spec.unwrap().containers[0];
assert_eq!(
container.command,
Some(vec!["/bin/sh".into(), "-c".into()])
);
assert_eq!(container.command, Some(vec!["/bin/sh".into(), "-c".into()]));
assert_eq!(container.args, Some(vec!["npm test".into()]));
assert_eq!(container.working_dir, Some("/app".into()));
}
@@ -254,6 +317,7 @@ mod tests {
image: "gcc:latest".into(),
command: Some(vec!["make".into(), "build".into()]),
run: None,
shell: None,
env: HashMap::new(),
working_dir: None,
memory: None,
@@ -262,13 +326,17 @@ mod tests {
pull_policy: None,
namespace: None,
};
let job = build_job(&config, "build", "ns", &HashMap::new(), &default_cluster());
let job = build_job(
&config,
"build",
"ns",
&HashMap::new(),
&default_cluster(),
None,
);
let container = &job.spec.unwrap().template.spec.unwrap().containers[0];
assert_eq!(
container.command,
Some(vec!["make".into(), "build".into()])
);
assert_eq!(container.command, Some(vec!["make".into(), "build".into()]));
assert!(container.args.is_none());
}
@@ -278,6 +346,7 @@ mod tests {
image: "alpine".into(),
command: None,
run: None,
shell: None,
env: [("APP_ENV".into(), "production".into())].into(),
working_dir: None,
memory: None,
@@ -286,10 +355,13 @@ mod tests {
pull_policy: None,
namespace: None,
};
let overrides: HashMap<String, String> =
[("WORKFLOW_ID".into(), "wf-123".into()), ("APP_ENV".into(), "staging".into())].into();
let overrides: HashMap<String, String> = [
("WORKFLOW_ID".into(), "wf-123".into()),
("APP_ENV".into(), "staging".into()),
]
.into();
let job = build_job(&config, "step", "ns", &overrides, &default_cluster());
let job = build_job(&config, "step", "ns", &overrides, &default_cluster(), None);
let container = &job.spec.unwrap().template.spec.unwrap().containers[0];
let env = container.env.as_ref().unwrap();
@@ -308,6 +380,7 @@ mod tests {
image: "alpine".into(),
command: None,
run: None,
shell: None,
env: HashMap::new(),
working_dir: None,
memory: Some("512Mi".into()),
@@ -316,7 +389,14 @@ mod tests {
pull_policy: None,
namespace: None,
};
let job = build_job(&config, "step", "ns", &HashMap::new(), &default_cluster());
let job = build_job(
&config,
"step",
"ns",
&HashMap::new(),
&default_cluster(),
None,
);
let container = &job.spec.unwrap().template.spec.unwrap().containers[0];
let resources = container.resources.as_ref().unwrap();
@@ -340,6 +420,7 @@ mod tests {
image: "alpine".into(),
command: None,
run: None,
shell: None,
env: HashMap::new(),
working_dir: None,
memory: None,
@@ -348,7 +429,7 @@ mod tests {
pull_policy: Some("Always".into()),
namespace: None,
};
let job = build_job(&config, "step", "ns", &HashMap::new(), &cluster);
let job = build_job(&config, "step", "ns", &HashMap::new(), &cluster, None);
let pod_spec = job.spec.unwrap().template.spec.unwrap();
assert_eq!(pod_spec.service_account_name, Some("wfe-runner".into()));
@@ -368,6 +449,7 @@ mod tests {
image: "alpine".into(),
command: None,
run: None,
shell: None,
env: HashMap::new(),
working_dir: None,
memory: None,
@@ -376,7 +458,14 @@ mod tests {
pull_policy: None,
namespace: None,
};
let job = build_job(&config, "my-step", "ns", &HashMap::new(), &default_cluster());
let job = build_job(
&config,
"my-step",
"ns",
&HashMap::new(),
&default_cluster(),
None,
);
let labels = job.metadata.labels.as_ref().unwrap();
assert_eq!(labels.get(LABEL_STEP_NAME), Some(&"my-step".to_string()));
assert_eq!(

20
wfe-kubernetes/src/namespace.rs
View File

@@ -16,7 +16,13 @@ pub fn namespace_name(prefix: &str, workflow_id: &str) -> String {
let sanitized: String = raw
.to_lowercase()
.chars()
.map(|c| if c.is_ascii_alphanumeric() || c == '-' { c } else { '-' })
.map(|c| {
if c.is_ascii_alphanumeric() || c == '-' {
c
} else {
'-'
}
})
.take(63)
.collect();
// Trim trailing hyphens
@@ -55,9 +61,9 @@ pub async fn ensure_namespace(
..Default::default()
};
api.create(&PostParams::default(), &ns)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to create namespace '{name}': {e}")))?;
api.create(&PostParams::default(), &ns).await.map_err(|e| {
WfeError::StepExecution(format!("failed to create namespace '{name}': {e}"))
})?;
Ok(())
}
@@ -65,9 +71,9 @@ pub async fn ensure_namespace(
/// Delete a namespace and all resources within it.
pub async fn delete_namespace(client: &Client, name: &str) -> Result<(), WfeError> {
let api: Api<Namespace> = Api::all(client.clone());
api.delete(name, &Default::default())
.await
.map_err(|e| WfeError::StepExecution(format!("failed to delete namespace '{name}': {e}")))?;
api.delete(name, &Default::default()).await.map_err(|e| {
WfeError::StepExecution(format!("failed to delete namespace '{name}': {e}"))
})?;
Ok(())
}

10
wfe-kubernetes/src/output.rs
View File

@@ -152,10 +152,12 @@ mod tests {
#[test]
fn build_output_data_json_value() {
let parsed: HashMap<String, String> =
[("count".into(), "42".into()), ("flag".into(), "true".into())]
.into_iter()
.collect();
let parsed: HashMap<String, String> = [
("count".into(), "42".into()),
("flag".into(), "true".into()),
]
.into_iter()
.collect();
let data = build_output_data("s", "", "", 0, &parsed);
// Numbers and booleans should be parsed as JSON, not strings.
assert_eq!(data["count"], 42);

96
wfe-kubernetes/src/pvc.rs Normal file
View File

@@ -0,0 +1,96 @@
//! PersistentVolumeClaim provisioning for cross-step shared workspaces.
//!
//! When a workflow definition declares a `shared_volume`, the K8s executor
//! materializes it as a single PVC in the workflow's namespace. Every step
//! container mounts that PVC at the declared `mount_path`, so sub-workflows
//! of a top-level run see the same filesystem — a clone in `checkout` is
//! still visible to `cargo fmt --check` in `lint`.
//!
//! The PVC name is derived from the namespace (one PVC per namespace) so
//! multiple steps racing to create it are idempotent: the first `ensure_pvc`
//! wins, and every subsequent call sees the existing claim.
use std::collections::BTreeMap;
use k8s_openapi::api::core::v1::{
PersistentVolumeClaim, PersistentVolumeClaimSpec, VolumeResourceRequirements,
};
use k8s_openapi::apimachinery::pkg::api::resource::Quantity;
use kube::api::{ObjectMeta, PostParams};
use kube::{Api, Client};
use wfe_core::WfeError;
const LABEL_MANAGED_BY: &str = "wfe.sunbeam.pt/managed-by";
const MANAGED_BY_VALUE: &str = "wfe-kubernetes";
/// Canonical name for the shared volume PVC within a given namespace. Using
/// a stable name (rather than e.g. a UUID) means every step in the same
/// namespace references the same claim without needing to pass the name
/// through workflow metadata.
pub fn shared_volume_pvc_name() -> &'static str {
"wfe-workspace"
}
/// Create the shared-volume PVC in `namespace` if it does not already exist.
/// `size` is a K8s resource quantity string (e.g. `"10Gi"`). `storage_class`
/// is optional — when `None` the PVC uses the cluster's default StorageClass.
pub async fn ensure_shared_volume_pvc(
client: &Client,
namespace: &str,
size: &str,
storage_class: Option<&str>,
) -> Result<(), WfeError> {
let api: Api<PersistentVolumeClaim> = Api::namespaced(client.clone(), namespace);
let name = shared_volume_pvc_name();
// Idempotent: if it already exists we're done. This races cleanly with
// concurrent steps because `get` + `create(AlreadyExists)` is tolerated.
if api.get(name).await.is_ok() {
return Ok(());
}
let mut labels = BTreeMap::new();
labels.insert(LABEL_MANAGED_BY.into(), MANAGED_BY_VALUE.into());
let pvc = PersistentVolumeClaim {
metadata: ObjectMeta {
name: Some(name.to_string()),
namespace: Some(namespace.to_string()),
labels: Some(labels),
..Default::default()
},
spec: Some(PersistentVolumeClaimSpec {
access_modes: Some(vec!["ReadWriteOnce".to_string()]),
resources: Some(VolumeResourceRequirements {
requests: Some(
[("storage".to_string(), Quantity(size.to_string()))]
.into_iter()
.collect(),
),
..Default::default()
}),
storage_class_name: storage_class.map(|s| s.to_string()),
..Default::default()
}),
..Default::default()
};
match api.create(&PostParams::default(), &pvc).await {
Ok(_) => Ok(()),
// Another step created it between our get and create — also fine.
Err(kube::Error::Api(err)) if err.code == 409 => Ok(()),
Err(e) => Err(WfeError::StepExecution(format!(
"failed to create shared-volume PVC '{name}' in '{namespace}': {e}"
))),
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn shared_volume_pvc_name_is_stable() {
assert_eq!(shared_volume_pvc_name(), "wfe-workspace");
}
}

22
wfe-kubernetes/src/service_manifests.rs
View File

@@ -77,8 +77,16 @@ pub fn build_service_pod(svc: &ServiceDefinition, namespace: &str) -> Pod {
command,
args,
resources: Some(ResourceRequirements {
limits: if limits.is_empty() { None } else { Some(limits) },
requests: if requests.is_empty() { None } else { Some(requests) },
limits: if limits.is_empty() {
None
} else {
Some(limits)
},
requests: if requests.is_empty() {
None
} else {
Some(requests)
},
..Default::default()
}),
..Default::default()
@@ -230,10 +238,7 @@ mod tests {
let ports = spec.ports.as_ref().unwrap();
assert_eq!(ports.len(), 1);
assert_eq!(ports[0].port, 5432);
assert_eq!(
ports[0].target_port,
Some(IntOrString::Int(5432))
);
assert_eq!(ports[0].target_port, Some(IntOrString::Int(5432)));
}
#[test]
@@ -241,10 +246,7 @@ mod tests {
let svc = ServiceDefinition {
name: "app".into(),
image: "myapp".into(),
ports: vec![
WfeServicePort::tcp(8080),
WfeServicePort::tcp(8443),
],
ports: vec![WfeServicePort::tcp(8080), WfeServicePort::tcp(8443)],
env: Default::default(),
readiness: None,
command: vec![],

9
wfe-kubernetes/src/service_provider.rs
View File

@@ -4,9 +4,9 @@ use async_trait::async_trait;
use k8s_openapi::api::core::v1::Pod;
use kube::api::PostParams;
use kube::{Api, Client};
use wfe_core::WfeError;
use wfe_core::models::service::{ServiceDefinition, ServiceEndpoint};
use wfe_core::traits::ServiceProvider;
use wfe_core::WfeError;
use crate::config::ClusterConfig;
use crate::logs::wait_for_pod_running;
@@ -77,11 +77,8 @@ impl ServiceProvider for KubernetesServiceProvider {
.map(|r| Duration::from_millis(r.timeout_ms))
.unwrap_or(Duration::from_secs(120));
match tokio::time::timeout(
timeout,
wait_for_pod_running(&self.client, &ns, &svc.name),
)
.await
match tokio::time::timeout(timeout, wait_for_pod_running(&self.client, &ns, &svc.name))
.await
{
Ok(Ok(())) => {}
Ok(Err(e)) => {

88
wfe-kubernetes/src/step.rs
View File

@@ -6,16 +6,17 @@ use k8s_openapi::api::batch::v1::Job;
use k8s_openapi::api::core::v1::Pod;
use kube::api::{ListParams, PostParams};
use kube::{Api, Client};
use wfe_core::WfeError;
use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_core::WfeError;
use crate::cleanup::delete_job;
use crate::config::{ClusterConfig, KubernetesStepConfig};
use crate::logs::{stream_logs, wait_for_pod_running};
use crate::manifests::build_job;
use crate::manifests::{SharedVolumeMount, build_job};
use crate::namespace::{ensure_namespace, namespace_name};
use crate::output::{build_output_data, parse_outputs};
use crate::pvc::{ensure_shared_volume_pvc, shared_volume_pvc_name};
/// A workflow step that runs as a Kubernetes Job.
pub struct KubernetesStep {
@@ -65,6 +66,15 @@ impl StepBody for KubernetesStep {
.unwrap_or("unknown")
.to_string();
// Isolation domain is keyed on the *root* workflow when set so
// sub-workflows started via `type: workflow` share their parent's
// namespace + PVC. Top-level (user-started) workflows fall back
// to their own id.
let isolation_id = context
.workflow
.root_workflow_id
.as_deref()
.unwrap_or(&context.workflow.id);
let workflow_id = &context.workflow.id;
let definition_id = &context.workflow.workflow_definition_id;
@@ -72,16 +82,47 @@ impl StepBody for KubernetesStep {
let _ = self.get_client().await?;
let client = self.client.as_ref().unwrap().clone();
// 1. Determine namespace.
// 1. Determine namespace. Honors explicit step-level override,
// otherwise derives from the isolation domain.
let ns = self
.config
.namespace
.clone()
.unwrap_or_else(|| namespace_name(&self.cluster.namespace_prefix, workflow_id));
.unwrap_or_else(|| namespace_name(&self.cluster.namespace_prefix, isolation_id));
// 2. Ensure namespace exists.
ensure_namespace(&client, &ns, workflow_id).await?;
// 2b. If the definition declares a shared volume, ensure the PVC
// exists in the namespace and compute the mount spec we'll inject
// into the Job. The PVC is created once per namespace (one per
// top-level workflow run) and reused by every step and
// sub-workflow. Backends with no definition in the step context
// (test fixtures) just skip the shared volume.
let shared_mount = if let Some(def) = context.definition {
if let Some(sv) = &def.shared_volume {
let size = sv
.size
.as_deref()
.unwrap_or(&self.cluster.default_shared_volume_size);
ensure_shared_volume_pvc(
&client,
&ns,
size,
self.cluster.shared_volume_storage_class.as_deref(),
)
.await?;
Some(SharedVolumeMount {
claim_name: shared_volume_pvc_name().to_string(),
mount_path: sv.mount_path.clone(),
})
} else {
None
}
} else {
None
};
// 3. Merge env vars: workflow.data (uppercased) + config.env.
let env_overrides = extract_workflow_env(&context.workflow.data);
@@ -92,6 +133,7 @@ impl StepBody for KubernetesStep {
&ns,
&env_overrides,
&self.cluster,
shared_mount.as_ref(),
);
let job_name = job_manifest
.metadata
@@ -111,7 +153,15 @@ impl StepBody for KubernetesStep {
let result = if let Some(timeout_ms) = self.config.timeout_ms {
match tokio::time::timeout(
Duration::from_millis(timeout_ms),
self.execute_job(&client, &ns, &job_name, &step_name, definition_id, workflow_id, context),
self.execute_job(
&client,
&ns,
&job_name,
&step_name,
definition_id,
workflow_id,
context,
),
)
.await
{
@@ -125,8 +175,16 @@ impl StepBody for KubernetesStep {
}
}
} else {
self.execute_job(&client, &ns, &job_name, &step_name, definition_id, workflow_id, context)
.await
self.execute_job(
&client,
&ns,
&job_name,
&step_name,
definition_id,
workflow_id,
context,
)
.await
};
// Always attempt cleanup.
@@ -205,9 +263,7 @@ async fn wait_for_job_pod(
.list(&ListParams::default().labels(&selector))
.await
.map_err(|e| {
WfeError::StepExecution(format!(
"failed to list pods for job '{job_name}': {e}"
))
WfeError::StepExecution(format!("failed to list pods for job '{job_name}': {e}"))
})?;
if let Some(pod) = pod_list.items.first() {
@@ -236,9 +292,10 @@ async fn wait_for_job_completion(
// Poll Job status.
for _ in 0..600 {
let job = jobs.get(job_name).await.map_err(|e| {
WfeError::StepExecution(format!("failed to get job '{job_name}': {e}"))
})?;
let job = jobs
.get(job_name)
.await
.map_err(|e| WfeError::StepExecution(format!("failed to get job '{job_name}': {e}")))?;
if let Some(status) = &job.status {
if let Some(conditions) = &status.conditions {
@@ -352,9 +409,6 @@ mod tests {
let data = serde_json::json!({"config": {"nested": true}});
let env = extract_workflow_env(&data);
// Nested object serialized as JSON string.
assert_eq!(
env.get("CONFIG"),
Some(&r#"{"nested":true}"#.to_string())
);
assert_eq!(env.get("CONFIG"), Some(&r#"{"nested":true}"#.to_string()));
}
}

286
wfe-kubernetes/tests/integration.rs
View File

@@ -1,13 +1,13 @@
use std::collections::HashMap;
use wfe_core::models::service::{ReadinessCheck, ReadinessProbe, ServiceDefinition, ServicePort};
use wfe_core::traits::step::StepBody;
use wfe_core::traits::ServiceProvider;
use wfe_kubernetes::config::{ClusterConfig, KubernetesStepConfig};
use wfe_kubernetes::namespace;
use wfe_core::traits::step::StepBody;
use wfe_kubernetes::KubernetesServiceProvider;
use wfe_kubernetes::cleanup;
use wfe_kubernetes::client;
use wfe_kubernetes::KubernetesServiceProvider;
use wfe_kubernetes::config::{ClusterConfig, KubernetesStepConfig};
use wfe_kubernetes::namespace;
/// Path to the Lima sunbeam VM kubeconfig.
fn kubeconfig_path() -> String {
@@ -38,6 +38,7 @@ fn step_config(image: &str, run: &str) -> KubernetesStepConfig {
image: image.into(),
command: None,
run: Some(run.into()),
shell: None,
env: HashMap::new(),
working_dir: None,
memory: None,
@@ -64,10 +65,14 @@ async fn namespace_create_and_delete() {
let client = client::create_client(&config).await.unwrap();
let ns = "wfe-test-ns-lifecycle";
namespace::ensure_namespace(&client, ns, "test-wf").await.unwrap();
namespace::ensure_namespace(&client, ns, "test-wf")
.await
.unwrap();
// Idempotent — creating again should succeed.
namespace::ensure_namespace(&client, ns, "test-wf").await.unwrap();
namespace::ensure_namespace(&client, ns, "test-wf")
.await
.unwrap();
namespace::delete_namespace(&client, ns).await.unwrap();
}
@@ -93,6 +98,7 @@ async fn run_echo_job() {
let pointer = wfe_core::models::ExecutionPointer::new(0);
let ctx = wfe_core::traits::step::StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -107,10 +113,12 @@ async fn run_echo_job() {
assert!(result.proceed);
let output = result.output_data.unwrap();
assert!(output["echo-step.stdout"]
.as_str()
.unwrap()
.contains("hello from k8s"));
assert!(
output["echo-step.stdout"]
.as_str()
.unwrap()
.contains("hello from k8s")
);
assert_eq!(output["echo-step.exit_code"], 0);
// Cleanup namespace.
@@ -125,20 +133,20 @@ async fn run_job_with_wfe_output() {
let ns = unique_id("output");
let mut step_cfg = step_config(
"alpine:3.18",
r#"echo '##wfe[output version=1.2.3]' && echo '##wfe[output status=ok]'"#,
r###"echo '##wfe[output version=1.2.3]' && echo '##wfe[output status=ok]'"###,
);
step_cfg.namespace = Some(ns.clone());
let mut step =
wfe_kubernetes::KubernetesStep::new(step_cfg, config.clone(), k8s_client.clone());
let instance =
wfe_core::models::WorkflowInstance::new("output-wf", 1, serde_json::json!({}));
let instance = wfe_core::models::WorkflowInstance::new("output-wf", 1, serde_json::json!({}));
let mut ws = wfe_core::models::WorkflowStep::new(0, "alpine-output");
ws.name = Some("output-step".into());
let pointer = wfe_core::models::ExecutionPointer::new(0);
let ctx = wfe_core::traits::step::StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -182,6 +190,7 @@ async fn run_job_with_env_vars() {
let pointer = wfe_core::models::ExecutionPointer::new(0);
let ctx = wfe_core::traits::step::StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -219,6 +228,7 @@ async fn run_job_nonzero_exit_fails() {
let pointer = wfe_core::models::ExecutionPointer::new(0);
let ctx = wfe_core::traits::step::StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -250,13 +260,13 @@ async fn run_job_with_timeout() {
let mut step =
wfe_kubernetes::KubernetesStep::new(step_cfg, config.clone(), k8s_client.clone());
let instance =
wfe_core::models::WorkflowInstance::new("timeout-wf", 1, serde_json::json!({}));
let instance = wfe_core::models::WorkflowInstance::new("timeout-wf", 1, serde_json::json!({}));
let mut ws = wfe_core::models::WorkflowStep::new(0, "alpine-timeout");
ws.name = Some("timeout-step".into());
let pointer = wfe_core::models::ExecutionPointer::new(0);
let ctx = wfe_core::traits::step::StepExecutionContext {
definition: None,
item: None,
execution_pointer: &pointer,
persistence_data: None,
@@ -484,7 +494,10 @@ async fn service_provider_provision_duplicate_name_fails() {
};
// First provision succeeds.
let endpoints = provider.provision(workflow_id, &[svc.clone()]).await.unwrap();
let endpoints = provider
.provision(workflow_id, &[svc.clone()])
.await
.unwrap();
assert_eq!(endpoints.len(), 1);
// Second provision with same name should fail (pod already exists).
@@ -505,7 +518,9 @@ async fn service_provider_provision_service_object_conflict() {
let workflow_id = &unique_id("svc-conflict");
let ns = namespace::namespace_name(&config.namespace_prefix, workflow_id);
namespace::ensure_namespace(&k8s_client, &ns, workflow_id).await.unwrap();
namespace::ensure_namespace(&k8s_client, &ns, workflow_id)
.await
.unwrap();
// Pre-create just the K8s Service (not the pod).
let svc_def = nginx_service();
@@ -539,3 +554,240 @@ async fn service_provider_teardown_without_provision() {
// Namespace doesn't exist, so delete_namespace returns an error.
assert!(result.is_err());
}
// ── End-to-end: multi-step workflow with shared volume ──────────────
//
// The tests above exercise the K8s step executor one step at a time. This
// test drives a realistic multi-step pipeline end-to-end, covering every
// feature that real CI workflows depend on:
//
// * multiple step containers in the same workflow (different images
// per step so we can confirm cross-image sharing through the PVC)
// * a `shared_volume` PVC provisioned on the first step, persisting
// to every subsequent step
// * the `/bin/bash` shell override so a step can use bash-only features
// * `extract_workflow_env` threading inputs through as uppercase env
// vars to every step
// * `##wfe[output ...]` capture from a later step's stdout
// * a deliberate non-zero exit on a trailing step proving downstream
// error propagation
// * namespace lifecycle: created on first step, reused by all
// siblings, deleted at the end
//
// The pipeline simulates a tiny CI run:
//
// 1. `write-files` (alpine:3.18) → writes `version.txt` + `input.sh`
// to /workspace via `/bin/sh`
// 2. `compute-hash` (busybox:1.36) → reads files from /workspace,
// computes a sha256 with `sha256sum`,
// emits ##wfe[output] lines
// 3. `verify-bash` (alpine:3.18+bash) → uses `set -o pipefail` and
// arrays to verify the hash
// 4. `inject-env` (alpine:3.18) → echoes workflow-data env vars
// (REPO, BRANCH) through outputs
//
// Without the shared volume, step 2 couldn't see step 1's files. Without
// the shell override, step 3 would fail at `set -o pipefail`. Without
// inputs → env mapping, step 4's $REPO would be empty.
#[tokio::test]
async fn multi_step_workflow_with_shared_volume() {
use tokio_util::sync::CancellationToken;
use wfe_core::models::{
ExecutionPointer, SharedVolume, WorkflowDefinition, WorkflowInstance, WorkflowStep,
};
use wfe_core::traits::step::{StepBody, StepExecutionContext};
let cluster = cluster_config();
let client = client::create_client(&cluster).await.unwrap();
let root_id = unique_id("multistep");
// The definition declares a shared /workspace volume. The K8s
// executor reads this from `ctx.definition` and provisions a PVC
// on the first step; every subsequent step in the same namespace
// mounts the same claim.
let definition = WorkflowDefinition {
id: "multistep-ci".into(),
name: Some("Multi-Step Integration Test".into()),
version: 1,
description: None,
steps: vec![],
default_error_behavior: Default::default(),
default_error_retry_interval: None,
services: vec![],
shared_volume: Some(SharedVolume {
mount_path: "/workspace".into(),
size: Some("1Gi".into()),
}),
};
// Single WorkflowInstance for the whole pipeline. Each step below
// reuses it so they all share the same namespace (derived from
// root_workflow_id → id fallback) and therefore the same PVC.
let instance = WorkflowInstance {
id: root_id.clone(),
name: "multistep-1".into(),
root_workflow_id: None,
workflow_definition_id: "multistep-ci".into(),
version: 1,
description: None,
reference: None,
execution_pointers: vec![],
next_execution: None,
status: wfe_core::models::WorkflowStatus::Runnable,
data: serde_json::json!({"repo": "wfe", "branch": "mainline"}),
create_time: chrono::Utc::now(),
complete_time: None,
};
let ns = crate::namespace::namespace_name(&cluster.namespace_prefix, &root_id);
// Shared helper to run one step and assert the proceed flag + return
// the captured output JSON.
async fn run_step(
step_cfg: KubernetesStepConfig,
step_name: &str,
instance: &WorkflowInstance,
definition: &WorkflowDefinition,
cluster: &wfe_kubernetes::config::ClusterConfig,
client: &kube::Client,
) -> serde_json::Value {
let mut step =
wfe_kubernetes::KubernetesStep::new(step_cfg, cluster.clone(), client.clone());
let mut ws = WorkflowStep::new(0, step_name);
ws.name = Some(step_name.into());
let pointer = ExecutionPointer::new(0);
let ctx = StepExecutionContext {
item: None,
execution_pointer: &pointer,
persistence_data: None,
step: &ws,
workflow: instance,
definition: Some(definition),
cancellation_token: CancellationToken::new(),
host_context: None,
log_sink: None,
};
let result = step.run(&ctx).await.unwrap_or_else(|e| {
panic!("step '{step_name}' failed: {e}");
});
assert!(result.proceed, "step '{step_name}' did not proceed");
result.output_data.expect("output_data missing")
}
// The final cleanup call at the bottom of this function handles the
// happy-path teardown. If any assertion below panics the namespace
// will be left behind; the test harness runs `cleanup_stale_namespaces`
// to reap those on the next run.
let _ = &client; // acknowledge unused in guard-less form
// ── Step 1: write files to /workspace via /bin/sh on alpine ────
let mut s1 = step_config(
"alpine:3.18",
r###"
mkdir -p /workspace/pipeline
echo "1.9.0-test" > /workspace/pipeline/version.txt
printf 'hello from step 1\n' > /workspace/pipeline/input.sh
ls -la /workspace/pipeline
echo "##wfe[output step1_ok=true]"
"###,
);
s1.namespace = Some(ns.clone());
let out1 = run_step(s1, "write-files", &instance, &definition, &cluster, &client).await;
// `true` parses as a JSON boolean in build_output_data, not a string.
assert_eq!(out1["step1_ok"], serde_json::Value::Bool(true));
// ── Step 2: read the files written by step 1, hash them ────────
// Uses a DIFFERENT image (busybox) so we prove cross-image
// /workspace sharing through the PVC, not just container layer
// reuse. sha256sum output is emitted as ##wfe[output hash=...].
let mut s2 = step_config(
"busybox:1.36",
r###"
cd /workspace/pipeline
test -f version.txt || { echo "version.txt missing" >&2; exit 1; }
test -f input.sh || { echo "input.sh missing" >&2; exit 1; }
HASH=$(sha256sum version.txt | cut -c1-16)
VERSION=$(cat version.txt)
echo "##wfe[output hash=$HASH]"
echo "##wfe[output version=$VERSION]"
"###,
);
s2.namespace = Some(ns.clone());
let out2 = run_step(
s2,
"compute-hash",
&instance,
&definition,
&cluster,
&client,
)
.await;
assert_eq!(out2["version"], "1.9.0-test");
let hash = out2["hash"].as_str().expect("hash in output");
assert_eq!(hash.len(), 16, "hash should be 16 hex chars: {hash}");
assert!(
hash.chars().all(|c| c.is_ascii_hexdigit()),
"hash not hex: {hash}"
);
// ── Step 3: bash-only features (pipefail + arrays) ──────────────
// `alpine:3.18` doesn't have bash; use the bash-tagged image and
// explicit shell override to prove the `shell:` config works
// end-to-end.
// Use debian:bookworm-slim — the `bash:5` image on docker hub mangles
// its entrypoint such that `/bin/bash -c <script>` exits 128 before
// the script runs. debian-slim has /bin/bash at the conventional path
// and runs vanilla.
let mut s3 = step_config(
"debian:bookworm-slim",
r###"
set -euo pipefail
# Bash-only: array + [[ ]] + process substitution
declare -a files=(version.txt input.sh)
for f in "${files[@]}"; do
test -f /workspace/pipeline/$f
done
# pipefail makes `false | true` fail — if we reach the echo, pipefail
# actually caused the || branch to fire, which is the bash behavior
# we want to confirm.
if ! { false | true ; }; then
echo "##wfe[output pipefail_ok=true]"
else
echo "##wfe[output pipefail_ok=false]"
fi
echo "##wfe[output bash_features_ok=true]"
"###,
);
s3.shell = Some("/bin/bash".into());
s3.namespace = Some(ns.clone());
let out3 = run_step(s3, "verify-bash", &instance, &definition, &cluster, &client).await;
assert_eq!(out3["bash_features_ok"], serde_json::Value::Bool(true));
assert_eq!(out3["pipefail_ok"], serde_json::Value::Bool(true));
// ── Step 4: confirm workflow.data env injection ────────────────
// The instance was started with data {"repo": "wfe", "branch":
// "mainline"}; extract_workflow_env uppercases keys so $REPO and
// $BRANCH must be present inside the container.
let mut s4 = step_config(
"alpine:3.18",
r###"
echo "##wfe[output repo=$REPO]"
echo "##wfe[output branch=$BRANCH]"
# Prove the volume is still there by listing files from step 1.
COUNT=$(ls /workspace/pipeline | wc -l | tr -d ' ')
echo "##wfe[output file_count=$COUNT]"
"###,
);
s4.namespace = Some(ns.clone());
let out4 = run_step(s4, "inject-env", &instance, &definition, &cluster, &client).await;
assert_eq!(out4["repo"], "wfe");
assert_eq!(out4["branch"], "mainline");
// `2` parses as a JSON number, not a string.
assert_eq!(out4["file_count"], serde_json::Value::Number(2.into()));
// Explicit cleanup (the guard still runs on panic paths).
namespace::delete_namespace(&client, &ns).await.ok();
}

2
wfe-opensearch/src/lib.rs
View File

@@ -80,7 +80,7 @@ impl SearchIndex for OpenSearchIndex {
.client
.indices()
.exists(opensearch::indices::IndicesExistsParts::Index(&[
&self.index_name,
&self.index_name
]))
.send()
.await

9
wfe-opensearch/tests/search.rs
View File

@@ -1,6 +1,6 @@
use chrono::Utc;
use opensearch::http::transport::Transport;
use opensearch::OpenSearch;
use opensearch::http::transport::Transport;
use pretty_assertions::assert_eq;
use serde_json::json;
use uuid::Uuid;
@@ -60,7 +60,7 @@ async fn cleanup(provider: &OpenSearchIndex) {
.client()
.indices()
.delete(opensearch::indices::IndicesDeleteParts::Index(&[
provider.index_name(),
provider.index_name()
]))
.send()
.await;
@@ -164,7 +164,10 @@ async fn index_multiple_and_paginate() {
refresh_index(&provider).await;
// Search all, but skip 2 and take 2
let page = provider.search("Paginated workflow", 2, 2, &[]).await.unwrap();
let page = provider
.search("Paginated workflow", 2, 2, &[])
.await
.unwrap();
assert_eq!(page.total, 5);
assert_eq!(page.data.len(), 2);

203
wfe-postgres/src/lib.rs
View File

@@ -6,8 +6,8 @@ use sqlx::postgres::PgPoolOptions;
use sqlx::{PgPool, Row};
use wfe_core::models::{
CommandName, Event, EventSubscription, ExecutionError, ExecutionPointer, ScheduledCommand,
WorkflowInstance, WorkflowStatus, PointerStatus,
CommandName, Event, EventSubscription, ExecutionError, ExecutionPointer, PointerStatus,
ScheduledCommand, WorkflowInstance, WorkflowStatus,
};
use wfe_core::traits::{
EventRepository, PersistenceProvider, ScheduledCommandRepository, SubscriptionRepository,
@@ -57,7 +57,9 @@ impl PostgresPersistenceProvider {
"Suspended" => Ok(WorkflowStatus::Suspended),
"Complete" => Ok(WorkflowStatus::Complete),
"Terminated" => Ok(WorkflowStatus::Terminated),
other => Err(WfeError::Persistence(format!("Unknown workflow status: {other}"))),
other => Err(WfeError::Persistence(format!(
"Unknown workflow status: {other}"
))),
}
}
@@ -88,7 +90,9 @@ impl PostgresPersistenceProvider {
"Compensated" => Ok(PointerStatus::Compensated),
"Cancelled" => Ok(PointerStatus::Cancelled),
"PendingPredecessor" => Ok(PointerStatus::PendingPredecessor),
other => Err(WfeError::Persistence(format!("Unknown pointer status: {other}"))),
other => Err(WfeError::Persistence(format!(
"Unknown pointer status: {other}"
))),
}
}
@@ -103,7 +107,9 @@ impl PostgresPersistenceProvider {
match s {
"ProcessWorkflow" => Ok(CommandName::ProcessWorkflow),
"ProcessEvent" => Ok(CommandName::ProcessEvent),
other => Err(WfeError::Persistence(format!("Unknown command name: {other}"))),
other => Err(WfeError::Persistence(format!(
"Unknown command name: {other}"
))),
}
}
@@ -118,8 +124,9 @@ impl PostgresPersistenceProvider {
.map_err(|e| WfeError::Persistence(format!("Failed to serialize children: {e}")))?;
let scope_json = serde_json::to_value(&p.scope)
.map_err(|e| WfeError::Persistence(format!("Failed to serialize scope: {e}")))?;
let ext_json = serde_json::to_value(&p.extension_attributes)
.map_err(|e| WfeError::Persistence(format!("Failed to serialize extension_attributes: {e}")))?;
let ext_json = serde_json::to_value(&p.extension_attributes).map_err(|e| {
WfeError::Persistence(format!("Failed to serialize extension_attributes: {e}"))
})?;
sqlx::query(
r#"INSERT INTO wfc.execution_pointers
@@ -158,13 +165,11 @@ impl PostgresPersistenceProvider {
}
async fn load_pointers(&self, workflow_id: &str) -> Result<Vec<ExecutionPointer>> {
let rows = sqlx::query(
"SELECT * FROM wfc.execution_pointers WHERE workflow_id = $1",
)
.bind(workflow_id)
.fetch_all(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
let rows = sqlx::query("SELECT * FROM wfc.execution_pointers WHERE workflow_id = $1")
.bind(workflow_id)
.fetch_all(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
let mut pointers = Vec::with_capacity(rows.len());
for row in &rows {
@@ -183,8 +188,9 @@ impl PostgresPersistenceProvider {
let scope: Vec<String> = serde_json::from_value(scope_json)
.map_err(|e| WfeError::Persistence(format!("Failed to deserialize scope: {e}")))?;
let extension_attributes: HashMap<String, serde_json::Value> =
serde_json::from_value(ext_json)
.map_err(|e| WfeError::Persistence(format!("Failed to deserialize extension_attributes: {e}")))?;
serde_json::from_value(ext_json).map_err(|e| {
WfeError::Persistence(format!("Failed to deserialize extension_attributes: {e}"))
})?;
let status_str: String = row.get("status");
@@ -221,16 +227,27 @@ impl WorkflowRepository for PostgresPersistenceProvider {
} else {
instance.id.clone()
};
// Fall back to the UUID when the caller didn't assign a human name.
// In production `WorkflowHost::start_workflow` always fills this in
// via `next_definition_sequence`, but test fixtures and any external
// caller that forgets shouldn't trip the UNIQUE constraint.
let name = if instance.name.is_empty() {
id.clone()
} else {
instance.name.clone()
};
let mut tx = self.pool.begin().await.map_err(Self::map_sqlx_err)?;
sqlx::query(
r#"INSERT INTO wfc.workflows
(id, definition_id, version, description, reference, status, data,
next_execution, create_time, complete_time)
VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10)"#,
(id, name, root_workflow_id, definition_id, version, description, reference,
status, data, next_execution, create_time, complete_time)
VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12)"#,
)
.bind(&id)
.bind(&name)
.bind(&instance.root_workflow_id)
.bind(&instance.workflow_definition_id)
.bind(instance.version as i32)
.bind(&instance.description)
@@ -245,7 +262,8 @@ impl WorkflowRepository for PostgresPersistenceProvider {
.map_err(Self::map_sqlx_err)?;
// Insert execution pointers
self.insert_pointers(&mut tx, &id, &instance.execution_pointers).await?;
self.insert_pointers(&mut tx, &id, &instance.execution_pointers)
.await?;
tx.commit().await.map_err(Self::map_sqlx_err)?;
Ok(id)
@@ -256,11 +274,14 @@ impl WorkflowRepository for PostgresPersistenceProvider {
sqlx::query(
r#"UPDATE wfc.workflows SET
definition_id=$2, version=$3, description=$4, reference=$5,
status=$6, data=$7, next_execution=$8, create_time=$9, complete_time=$10
name=$2, root_workflow_id=$3, definition_id=$4, version=$5,
description=$6, reference=$7, status=$8, data=$9, next_execution=$10,
create_time=$11, complete_time=$12
WHERE id=$1"#,
)
.bind(&instance.id)
.bind(&instance.name)
.bind(&instance.root_workflow_id)
.bind(&instance.workflow_definition_id)
.bind(instance.version as i32)
.bind(&instance.description)
@@ -297,11 +318,14 @@ impl WorkflowRepository for PostgresPersistenceProvider {
sqlx::query(
r#"UPDATE wfc.workflows SET
definition_id=$2, version=$3, description=$4, reference=$5,
status=$6, data=$7, next_execution=$8, create_time=$9, complete_time=$10
name=$2, root_workflow_id=$3, definition_id=$4, version=$5,
description=$6, reference=$7, status=$8, data=$9, next_execution=$10,
create_time=$11, complete_time=$12
WHERE id=$1"#,
)
.bind(&instance.id)
.bind(&instance.name)
.bind(&instance.root_workflow_id)
.bind(&instance.workflow_definition_id)
.bind(instance.version as i32)
.bind(&instance.description)
@@ -385,6 +409,8 @@ impl WorkflowRepository for PostgresPersistenceProvider {
Ok(WorkflowInstance {
id: row.get("id"),
name: row.get("name"),
root_workflow_id: row.get("root_workflow_id"),
workflow_definition_id: row.get("definition_id"),
version: row.get::<i32, _>("version") as u32,
description: row.get("description"),
@@ -398,6 +424,35 @@ impl WorkflowRepository for PostgresPersistenceProvider {
})
}
async fn get_workflow_instance_by_name(&self, name: &str) -> Result<WorkflowInstance> {
let row = sqlx::query("SELECT id FROM wfc.workflows WHERE name = $1")
.bind(name)
.fetch_optional(&self.pool)
.await
.map_err(Self::map_sqlx_err)?
.ok_or_else(|| WfeError::WorkflowNotFound(name.to_string()))?;
let id: String = row.get("id");
self.get_workflow_instance(&id).await
}
async fn next_definition_sequence(&self, definition_id: &str) -> Result<u64> {
// UPSERT the counter atomically and return the new value. `RETURNING`
// gives us the post-increment number in a single round trip.
let row = sqlx::query(
r#"INSERT INTO wfc.definition_sequences (definition_id, next_num)
VALUES ($1, 1)
ON CONFLICT (definition_id) DO UPDATE
SET next_num = wfc.definition_sequences.next_num + 1
RETURNING next_num"#,
)
.bind(definition_id)
.fetch_one(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
let next: i64 = row.get("next_num");
Ok(next as u64)
}
async fn get_workflow_instances(&self, ids: &[String]) -> Result<Vec<WorkflowInstance>> {
let mut result = Vec::new();
for id in ids {
@@ -413,10 +468,7 @@ impl WorkflowRepository for PostgresPersistenceProvider {
#[async_trait]
impl SubscriptionRepository for PostgresPersistenceProvider {
async fn create_event_subscription(
&self,
subscription: &EventSubscription,
) -> Result<String> {
async fn create_event_subscription(&self, subscription: &EventSubscription) -> Result<String> {
let id = if subscription.id.is_empty() {
uuid::Uuid::new_v4().to_string()
} else {
@@ -471,18 +523,14 @@ impl SubscriptionRepository for PostgresPersistenceProvider {
}
async fn terminate_subscription(&self, subscription_id: &str) -> Result<()> {
let result = sqlx::query(
"DELETE FROM wfc.event_subscriptions WHERE id = $1",
)
.bind(subscription_id)
.execute(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
let result = sqlx::query("DELETE FROM wfc.event_subscriptions WHERE id = $1")
.bind(subscription_id)
.execute(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
if result.rows_affected() == 0 {
return Err(WfeError::SubscriptionNotFound(
subscription_id.to_string(),
));
return Err(WfeError::SubscriptionNotFound(subscription_id.to_string()));
}
Ok(())
}
@@ -550,20 +598,14 @@ impl SubscriptionRepository for PostgresPersistenceProvider {
.await
.map_err(Self::map_sqlx_err)?;
if exists.is_none() {
return Err(WfeError::SubscriptionNotFound(
subscription_id.to_string(),
));
return Err(WfeError::SubscriptionNotFound(subscription_id.to_string()));
}
return Ok(false);
}
Ok(true)
}
async fn clear_subscription_token(
&self,
subscription_id: &str,
token: &str,
) -> Result<()> {
async fn clear_subscription_token(&self, subscription_id: &str, token: &str) -> Result<()> {
let result = sqlx::query(
r#"UPDATE wfc.event_subscriptions
SET external_token = NULL, external_worker_id = NULL, external_token_expiry = NULL
@@ -576,9 +618,7 @@ impl SubscriptionRepository for PostgresPersistenceProvider {
.map_err(Self::map_sqlx_err)?;
if result.rows_affected() == 0 {
return Err(WfeError::SubscriptionNotFound(
subscription_id.to_string(),
));
return Err(WfeError::SubscriptionNotFound(subscription_id.to_string()));
}
Ok(())
}
@@ -731,20 +771,23 @@ impl ScheduledCommandRepository for PostgresPersistenceProvider {
async fn process_commands(
&self,
as_of: DateTime<Utc>,
handler: &(dyn Fn(ScheduledCommand) -> std::pin::Pin<Box<dyn std::future::Future<Output = Result<()>> + Send>>
+ Send
+ Sync),
handler: &(
dyn Fn(
ScheduledCommand,
)
-> std::pin::Pin<Box<dyn std::future::Future<Output = Result<()>> + Send>>
+ Send
+ Sync
),
) -> Result<()> {
let as_of_millis = as_of.timestamp_millis();
// 1. SELECT due commands (do not delete yet)
let rows = sqlx::query(
"SELECT * FROM wfc.scheduled_commands WHERE execute_time <= $1",
)
.bind(as_of_millis)
.fetch_all(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
let rows = sqlx::query("SELECT * FROM wfc.scheduled_commands WHERE execute_time <= $1")
.bind(as_of_millis)
.fetch_all(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
let commands: Vec<ScheduledCommand> = rows
.iter()
@@ -803,6 +846,8 @@ impl PersistenceProvider for PostgresPersistenceProvider {
sqlx::query(
r#"CREATE TABLE IF NOT EXISTS wfc.workflows (
id TEXT PRIMARY KEY,
name TEXT NOT NULL UNIQUE,
root_workflow_id TEXT,
definition_id TEXT NOT NULL,
version INT NOT NULL,
description TEXT,
@@ -818,6 +863,46 @@ impl PersistenceProvider for PostgresPersistenceProvider {
.await
.map_err(Self::map_sqlx_err)?;
// Upgrade older databases that lack the `name` column. Back-fill with
// the UUID so the NOT NULL + UNIQUE invariant holds retroactively;
// callers can re-run with a real name on the next persist.
sqlx::query(
r#"DO $$
BEGIN
IF NOT EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_schema = 'wfc' AND table_name = 'workflows'
AND column_name = 'name'
) THEN
ALTER TABLE wfc.workflows ADD COLUMN name TEXT;
UPDATE wfc.workflows SET name = id WHERE name IS NULL;
ALTER TABLE wfc.workflows ALTER COLUMN name SET NOT NULL;
CREATE UNIQUE INDEX IF NOT EXISTS idx_workflows_name
ON wfc.workflows (name);
END IF;
IF NOT EXISTS (
SELECT 1 FROM information_schema.columns
WHERE table_schema = 'wfc' AND table_name = 'workflows'
AND column_name = 'root_workflow_id'
) THEN
ALTER TABLE wfc.workflows ADD COLUMN root_workflow_id TEXT;
END IF;
END$$;"#,
)
.execute(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
sqlx::query(
r#"CREATE TABLE IF NOT EXISTS wfc.definition_sequences (
definition_id TEXT PRIMARY KEY,
next_num BIGINT NOT NULL
)"#,
)
.execute(&self.pool)
.await
.map_err(Self::map_sqlx_err)?;
sqlx::query(
r#"CREATE TABLE IF NOT EXISTS wfc.execution_pointers (
id TEXT PRIMARY KEY,

15
wfe-rustlang/src/cargo/config.rs
View File

@@ -229,7 +229,10 @@ mod tests {
#[test]
fn subcommand_args_nextest_has_run() {
assert_eq!(CargoCommand::Nextest.subcommand_args(), vec!["nextest", "run"]);
assert_eq!(
CargoCommand::Nextest.subcommand_args(),
vec!["nextest", "run"]
);
}
#[test]
@@ -241,8 +244,14 @@ mod tests {
fn install_package_external_tools() {
assert_eq!(CargoCommand::Audit.install_package(), Some("cargo-audit"));
assert_eq!(CargoCommand::Deny.install_package(), Some("cargo-deny"));
assert_eq!(CargoCommand::Nextest.install_package(), Some("cargo-nextest"));
assert_eq!(CargoCommand::LlvmCov.install_package(), Some("cargo-llvm-cov"));
assert_eq!(
CargoCommand::Nextest.install_package(),
Some("cargo-nextest")
);
assert_eq!(
CargoCommand::LlvmCov.install_package(),
Some("cargo-llvm-cov")
);
}
#[test]

252
wfe-rustlang/src/cargo/step.rs
View File

@@ -1,7 +1,7 @@
use async_trait::async_trait;
use wfe_core::WfeError;
use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_core::WfeError;
use crate::cargo::config::{CargoCommand, CargoConfig};
@@ -88,7 +88,10 @@ impl CargoStep {
/// Ensures an external cargo tool is installed before running it.
/// For built-in cargo subcommands, this is a no-op.
async fn ensure_tool_available(&self) -> Result<(), WfeError> {
let (binary, package) = match (self.config.command.binary_name(), self.config.command.install_package()) {
let (binary, package) = match (
self.config.command.binary_name(),
self.config.command.install_package(),
) {
(Some(b), Some(p)) => (b, p),
_ => return Ok(()),
};
@@ -117,9 +120,11 @@ impl CargoStep {
.stderr(std::process::Stdio::piped())
.output()
.await
.map_err(|e| WfeError::StepExecution(format!(
"Failed to add llvm-tools-preview component: {e}"
)))?;
.map_err(|e| {
WfeError::StepExecution(format!(
"Failed to add llvm-tools-preview component: {e}"
))
})?;
if !component.status.success() {
let stderr = String::from_utf8_lossy(&component.stderr);
@@ -135,9 +140,7 @@ impl CargoStep {
.stderr(std::process::Stdio::piped())
.output()
.await
.map_err(|e| WfeError::StepExecution(format!(
"Failed to install {package}: {e}"
)))?;
.map_err(|e| WfeError::StepExecution(format!("Failed to install {package}: {e}")))?;
if !install.status.success() {
let stderr = String::from_utf8_lossy(&install.stderr);
@@ -162,17 +165,16 @@ impl CargoStep {
let doc_dir = std::path::Path::new(working_dir).join("target/doc");
let json_path = std::fs::read_dir(&doc_dir)
.map_err(|e| WfeError::StepExecution(format!(
"failed to read target/doc: {e}"
)))?
.map_err(|e| WfeError::StepExecution(format!("failed to read target/doc: {e}")))?
.filter_map(|entry| entry.ok())
.find(|entry| {
entry.path().extension().is_some_and(|ext| ext == "json")
})
.find(|entry| entry.path().extension().is_some_and(|ext| ext == "json"))
.map(|entry| entry.path())
.ok_or_else(|| WfeError::StepExecution(
"no JSON file found in target/doc/ — did rustdoc --output-format json succeed?".to_string()
))?;
.ok_or_else(|| {
WfeError::StepExecution(
"no JSON file found in target/doc/ — did rustdoc --output-format json succeed?"
.to_string(),
)
})?;
tracing::info!(path = %json_path.display(), "reading rustdoc JSON");
@@ -180,20 +182,20 @@ impl CargoStep {
WfeError::StepExecution(format!("failed to read {}: {e}", json_path.display()))
})?;
let krate: rustdoc_types::Crate = serde_json::from_str(&json_content).map_err(|e| {
WfeError::StepExecution(format!("failed to parse rustdoc JSON: {e}"))
})?;
let krate: rustdoc_types::Crate = serde_json::from_str(&json_content)
.map_err(|e| WfeError::StepExecution(format!("failed to parse rustdoc JSON: {e}")))?;
let mdx_files = transform_to_mdx(&krate);
let output_dir = self.config.output_dir
let output_dir = self
.config
.output_dir
.as_deref()
.unwrap_or("target/doc/mdx");
let output_path = std::path::Path::new(working_dir).join(output_dir);
write_mdx_files(&mdx_files, &output_path).map_err(|e| {
WfeError::StepExecution(format!("failed to write MDX files: {e}"))
})?;
write_mdx_files(&mdx_files, &output_path)
.map_err(|e| WfeError::StepExecution(format!("failed to write MDX files: {e}")))?;
let file_count = mdx_files.len();
tracing::info!(
@@ -214,7 +216,10 @@ impl CargoStep {
outputs.insert(
"mdx.files".to_string(),
serde_json::Value::Array(
file_paths.into_iter().map(serde_json::Value::String).collect(),
file_paths
.into_iter()
.map(serde_json::Value::String)
.collect(),
),
);
@@ -224,7 +229,10 @@ impl CargoStep {
#[async_trait]
impl StepBody for CargoStep {
async fn run(&mut self, context: &StepExecutionContext<'_>) -> wfe_core::Result<ExecutionResult> {
async fn run(
&mut self,
context: &StepExecutionContext<'_>,
) -> wfe_core::Result<ExecutionResult> {
let step_name = context.step.name.as_deref().unwrap_or("unknown");
let subcmd = self.config.command.as_str();
@@ -248,9 +256,9 @@ impl StepBody for CargoStep {
}
}
} else {
cmd.output()
.await
.map_err(|e| WfeError::StepExecution(format!("Failed to spawn cargo {subcmd}: {e}")))?
cmd.output().await.map_err(|e| {
WfeError::StepExecution(format!("Failed to spawn cargo {subcmd}: {e}"))
})?
};
let stdout = String::from_utf8_lossy(&output.stdout).to_string();
@@ -317,7 +325,11 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "cargo");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["build"]);
}
@@ -329,7 +341,11 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "rustup");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["run", "nightly", "cargo", "test"]);
}
@@ -340,8 +356,15 @@ mod tests {
config.features = vec!["feat1".to_string(), "feat2".to_string()];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["check", "-p", "my-crate", "--features", "feat1,feat2"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec!["check", "-p", "my-crate", "--features", "feat1,feat2"]
);
}
#[test]
@@ -351,8 +374,20 @@ mod tests {
config.target = Some("aarch64-unknown-linux-gnu".to_string());
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["build", "--release", "--target", "aarch64-unknown-linux-gnu"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec![
"build",
"--release",
"--target",
"aarch64-unknown-linux-gnu"
]
);
}
#[test]
@@ -364,10 +399,23 @@ mod tests {
config.extra_args = vec!["--".to_string(), "-D".to_string(), "warnings".to_string()];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec!["clippy", "--all-features", "--no-default-features", "--profile", "dev", "--", "-D", "warnings"]
vec![
"clippy",
"--all-features",
"--no-default-features",
"--profile",
"dev",
"--",
"-D",
"warnings"
]
);
}
@@ -377,17 +425,29 @@ mod tests {
config.extra_args = vec!["--check".to_string()];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["fmt", "--check"]);
}
#[test]
fn build_command_publish_dry_run() {
let mut config = minimal_config(CargoCommand::Publish);
config.extra_args = vec!["--dry-run".to_string(), "--registry".to_string(), "my-reg".to_string()];
config.extra_args = vec![
"--dry-run".to_string(),
"--registry".to_string(),
"my-reg".to_string(),
];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["publish", "--dry-run", "--registry", "my-reg"]);
}
@@ -398,18 +458,27 @@ mod tests {
config.release = true;
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["doc", "--release", "--no-deps"]);
}
#[test]
fn build_command_env_vars() {
let mut config = minimal_config(CargoCommand::Build);
config.env.insert("RUSTFLAGS".to_string(), "-D warnings".to_string());
config
.env
.insert("RUSTFLAGS".to_string(), "-D warnings".to_string());
let step = CargoStep::new(config);
let cmd = step.build_command();
let envs: Vec<_> = cmd.as_std().get_envs().collect();
assert!(envs.iter().any(|(k, v)| *k == "RUSTFLAGS" && v == &Some("-D warnings".as_ref())));
assert!(
envs.iter()
.any(|(k, v)| *k == "RUSTFLAGS" && v == &Some("-D warnings".as_ref()))
);
}
#[test]
@@ -418,14 +487,21 @@ mod tests {
config.working_dir = Some("/my/project".to_string());
let step = CargoStep::new(config);
let cmd = step.build_command();
assert_eq!(cmd.as_std().get_current_dir(), Some(std::path::Path::new("/my/project")));
assert_eq!(
cmd.as_std().get_current_dir(),
Some(std::path::Path::new("/my/project"))
);
}
#[test]
fn build_command_audit() {
let step = CargoStep::new(minimal_config(CargoCommand::Audit));
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["audit"]);
}
@@ -435,7 +511,11 @@ mod tests {
config.extra_args = vec!["check".to_string()];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["deny", "check"]);
}
@@ -443,7 +523,11 @@ mod tests {
fn build_command_nextest() {
let step = CargoStep::new(minimal_config(CargoCommand::Nextest));
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["nextest", "run"]);
}
@@ -454,25 +538,44 @@ mod tests {
config.extra_args = vec!["--no-fail-fast".to_string()];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["nextest", "run", "--features", "feat1", "--no-fail-fast"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec!["nextest", "run", "--features", "feat1", "--no-fail-fast"]
);
}
#[test]
fn build_command_llvm_cov() {
let step = CargoStep::new(minimal_config(CargoCommand::LlvmCov));
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["llvm-cov"]);
}
#[test]
fn build_command_llvm_cov_with_args() {
let mut config = minimal_config(CargoCommand::LlvmCov);
config.extra_args = vec!["--html".to_string(), "--output-dir".to_string(), "coverage".to_string()];
config.extra_args = vec![
"--html".to_string(),
"--output-dir".to_string(),
"coverage".to_string(),
];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["llvm-cov", "--html", "--output-dir", "coverage"]);
}
@@ -482,10 +585,24 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "rustup");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec!["run", "nightly", "cargo", "rustdoc", "--", "-Z", "unstable-options", "--output-format", "json"]
vec![
"run",
"nightly",
"cargo",
"rustdoc",
"--",
"-Z",
"unstable-options",
"--output-format",
"json"
]
);
}
@@ -496,10 +613,27 @@ mod tests {
config.extra_args = vec!["--no-deps".to_string()];
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec!["run", "nightly", "cargo", "rustdoc", "-p", "my-crate", "--no-deps", "--", "-Z", "unstable-options", "--output-format", "json"]
vec![
"run",
"nightly",
"cargo",
"rustdoc",
"-p",
"my-crate",
"--no-deps",
"--",
"-Z",
"unstable-options",
"--output-format",
"json"
]
);
}
@@ -509,7 +643,11 @@ mod tests {
config.toolchain = Some("nightly-2024-06-01".to_string());
let step = CargoStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert!(args.contains(&"nightly-2024-06-01"));
}

385
wfe-rustlang/src/rustdoc/transformer.rs
View File

@@ -117,8 +117,7 @@ fn render_module(module_path: &str, items: &[(&Item, &str)], krate: &Crate) -> S
items
.iter()
.find(|(item, kind)| {
*kind == "Modules"
&& item.name.as_deref() == module_path.split("::").last()
*kind == "Modules" && item.name.as_deref() == module_path.split("::").last()
})
.and_then(|(item, _)| item.docs.as_ref())
.map(|d| first_sentence(d))
@@ -136,8 +135,15 @@ fn render_module(module_path: &str, items: &[(&Item, &str)], krate: &Crate) -> S
}
let kind_order = [
"Modules", "Structs", "Enums", "Traits", "Functions",
"Type Aliases", "Constants", "Statics", "Macros",
"Modules",
"Structs",
"Enums",
"Traits",
"Functions",
"Type Aliases",
"Constants",
"Statics",
"Macros",
];
for kind in &kind_order {
@@ -266,16 +272,15 @@ fn render_signature(item: &Item, krate: &Crate) -> Option<String> {
}
Some(sig)
}
ItemEnum::TypeAlias(ta) => {
Some(format!("pub type {name} = {}", render_type(&ta.type_, krate)))
}
ItemEnum::Constant { type_, const_: c } => {
Some(format!(
"pub const {name}: {} = {}",
render_type(type_, krate),
c.value.as_deref().unwrap_or("...")
))
}
ItemEnum::TypeAlias(ta) => Some(format!(
"pub type {name} = {}",
render_type(&ta.type_, krate)
)),
ItemEnum::Constant { type_, const_: c } => Some(format!(
"pub const {name}: {} = {}",
render_type(type_, krate),
c.value.as_deref().unwrap_or("...")
)),
ItemEnum::Macro(_) => Some(format!("macro_rules! {name} {{ ... }}")),
_ => None,
}
@@ -309,7 +314,11 @@ fn render_type(ty: &Type, krate: &Crate) -> String {
}
Type::Generic(name) => name.clone(),
Type::Primitive(name) => name.clone(),
Type::BorrowedRef { lifetime, is_mutable, type_ } => {
Type::BorrowedRef {
lifetime,
is_mutable,
type_,
} => {
let mut s = String::from("&");
if let Some(lt) = lifetime {
s.push_str(lt);
@@ -346,7 +355,12 @@ fn render_type(ty: &Type, krate: &Crate) -> String {
.collect();
format!("impl {}", rendered.join(" + "))
}
Type::QualifiedPath { name, self_type, trait_, .. } => {
Type::QualifiedPath {
name,
self_type,
trait_,
..
} => {
let self_str = render_type(self_type, krate);
if let Some(t) = trait_ {
format!("<{self_str} as {}>::{name}", t.path)
@@ -417,11 +431,17 @@ mod tests {
deprecation: None,
inner: ItemEnum::Function(Function {
sig: FunctionSignature {
inputs: params.into_iter().map(|(n, t)| (n.to_string(), t)).collect(),
inputs: params
.into_iter()
.map(|(n, t)| (n.to_string(), t))
.collect(),
output,
is_c_variadic: false,
},
generics: Generics { params: vec![], where_predicates: vec![] },
generics: Generics {
params: vec![],
where_predicates: vec![],
},
header: FunctionHeader {
is_const: false,
is_unsafe: false,
@@ -446,7 +466,10 @@ mod tests {
deprecation: None,
inner: ItemEnum::Struct(Struct {
kind: StructKind::Unit,
generics: Generics { params: vec![], where_predicates: vec![] },
generics: Generics {
params: vec![],
where_predicates: vec![],
},
impls: vec![],
}),
}
@@ -464,7 +487,10 @@ mod tests {
attrs: vec![],
deprecation: None,
inner: ItemEnum::Enum(Enum {
generics: Generics { params: vec![], where_predicates: vec![] },
generics: Generics {
params: vec![],
where_predicates: vec![],
},
variants: vec![],
has_stripped_variants: false,
impls: vec![],
@@ -488,7 +514,10 @@ mod tests {
is_unsafe: false,
is_dyn_compatible: true,
items: vec![],
generics: Generics { params: vec![], where_predicates: vec![] },
generics: Generics {
params: vec![],
where_predicates: vec![],
},
bounds: vec![],
implementations: vec![],
}),
@@ -540,35 +569,57 @@ mod tests {
#[test]
fn render_type_tuple() {
let krate = empty_crate();
let ty = Type::Tuple(vec![Type::Primitive("u32".into()), Type::Primitive("String".into())]);
let ty = Type::Tuple(vec![
Type::Primitive("u32".into()),
Type::Primitive("String".into()),
]);
assert_eq!(render_type(&ty, &krate), "(u32, String)");
}
#[test]
fn render_type_slice() {
let krate = empty_crate();
assert_eq!(render_type(&Type::Slice(Box::new(Type::Primitive("u8".into()))), &krate), "[u8]");
assert_eq!(
render_type(&Type::Slice(Box::new(Type::Primitive("u8".into()))), &krate),
"[u8]"
);
}
#[test]
fn render_type_array() {
let krate = empty_crate();
let ty = Type::Array { type_: Box::new(Type::Primitive("u8".into())), len: "32".into() };
let ty = Type::Array {
type_: Box::new(Type::Primitive("u8".into())),
len: "32".into(),
};
assert_eq!(render_type(&ty, &krate), "[u8; 32]");
}
#[test]
fn render_type_raw_pointer() {
let krate = empty_crate();
let ty = Type::RawPointer { is_mutable: true, type_: Box::new(Type::Primitive("u8".into())) };
let ty = Type::RawPointer {
is_mutable: true,
type_: Box::new(Type::Primitive("u8".into())),
};
assert_eq!(render_type(&ty, &krate), "*mut u8");
}
#[test]
fn render_function_signature() {
let krate = empty_crate();
let item = make_function("add", vec![("a", Type::Primitive("u32".into())), ("b", Type::Primitive("u32".into()))], Some(Type::Primitive("u32".into())));
assert_eq!(render_signature(&item, &krate).unwrap(), "fn add(a: u32, b: u32) -> u32");
let item = make_function(
"add",
vec![
("a", Type::Primitive("u32".into())),
("b", Type::Primitive("u32".into())),
],
Some(Type::Primitive("u32".into())),
);
assert_eq!(
render_signature(&item, &krate).unwrap(),
"fn add(a: u32, b: u32) -> u32"
);
}
#[test]
@@ -581,25 +632,51 @@ mod tests {
#[test]
fn render_struct_signature() {
let krate = empty_crate();
assert_eq!(render_signature(&make_struct("MyStruct"), &krate).unwrap(), "pub struct MyStruct;");
assert_eq!(
render_signature(&make_struct("MyStruct"), &krate).unwrap(),
"pub struct MyStruct;"
);
}
#[test]
fn render_enum_signature() {
let krate = empty_crate();
assert_eq!(render_signature(&make_enum("Color"), &krate).unwrap(), "pub enum Color { }");
assert_eq!(
render_signature(&make_enum("Color"), &krate).unwrap(),
"pub enum Color { }"
);
}
#[test]
fn render_trait_signature() {
let krate = empty_crate();
assert_eq!(render_signature(&make_trait("Drawable"), &krate).unwrap(), "pub trait Drawable");
assert_eq!(
render_signature(&make_trait("Drawable"), &krate).unwrap(),
"pub trait Drawable"
);
}
#[test]
fn item_kind_labels() {
assert_eq!(item_kind_label(&ItemEnum::Module(Module { is_crate: false, items: vec![], is_stripped: false })), Some("Modules"));
assert_eq!(item_kind_label(&ItemEnum::Struct(Struct { kind: StructKind::Unit, generics: Generics { params: vec![], where_predicates: vec![] }, impls: vec![] })), Some("Structs"));
assert_eq!(
item_kind_label(&ItemEnum::Module(Module {
is_crate: false,
items: vec![],
is_stripped: false
})),
Some("Modules")
);
assert_eq!(
item_kind_label(&ItemEnum::Struct(Struct {
kind: StructKind::Unit,
generics: Generics {
params: vec![],
where_predicates: vec![]
},
impls: vec![]
})),
Some("Structs")
);
}
#[test]
@@ -613,7 +690,14 @@ mod tests {
let func = make_function("hello", vec![], None);
let id = Id(1);
krate.index.insert(id.clone(), func);
krate.paths.insert(id, ItemSummary { crate_id: 0, path: vec!["my_crate".into(), "hello".into()], kind: ItemKind::Function });
krate.paths.insert(
id,
ItemSummary {
crate_id: 0,
path: vec!["my_crate".into(), "hello".into()],
kind: ItemKind::Function,
},
);
let files = transform_to_mdx(&krate);
assert_eq!(files.len(), 1);
@@ -628,11 +712,25 @@ mod tests {
let mut krate = empty_crate();
let func = make_function("do_thing", vec![], None);
krate.index.insert(Id(1), func);
krate.paths.insert(Id(1), ItemSummary { crate_id: 0, path: vec!["mc".into(), "do_thing".into()], kind: ItemKind::Function });
krate.paths.insert(
Id(1),
ItemSummary {
crate_id: 0,
path: vec!["mc".into(), "do_thing".into()],
kind: ItemKind::Function,
},
);
let st = make_struct("Widget");
krate.index.insert(Id(2), st);
krate.paths.insert(Id(2), ItemSummary { crate_id: 0, path: vec!["mc".into(), "Widget".into()], kind: ItemKind::Struct });
krate.paths.insert(
Id(2),
ItemSummary {
crate_id: 0,
path: vec!["mc".into(), "Widget".into()],
kind: ItemKind::Struct,
},
);
let files = transform_to_mdx(&krate);
assert_eq!(files.len(), 1);
@@ -654,7 +752,11 @@ mod tests {
links: HashMap::new(),
attrs: vec![],
deprecation: None,
inner: ItemEnum::Module(Module { is_crate: true, items: vec![Id(1)], is_stripped: false }),
inner: ItemEnum::Module(Module {
is_crate: true,
items: vec![Id(1)],
is_stripped: false,
}),
};
krate.root = Id(0);
krate.index.insert(Id(0), root_module);
@@ -662,12 +764,23 @@ mod tests {
// Add a function so the module generates a file.
let func = make_function("f", vec![], None);
krate.index.insert(Id(1), func);
krate.paths.insert(Id(1), ItemSummary { crate_id: 0, path: vec!["f".into()], kind: ItemKind::Function });
krate.paths.insert(
Id(1),
ItemSummary {
crate_id: 0,
path: vec!["f".into()],
kind: ItemKind::Function,
},
);
let files = transform_to_mdx(&krate);
// The root module's description in frontmatter should have escaped quotes.
let index = files.iter().find(|f| f.path == "index.mdx").unwrap();
assert!(index.content.contains("\\\"quoted\\\""), "content: {}", index.content);
assert!(
index.content.contains("\\\"quoted\\\""),
"content: {}",
index.content
);
}
#[test]
@@ -677,7 +790,9 @@ mod tests {
path: "Option".into(),
id: Id(99),
args: Some(Box::new(rustdoc_types::GenericArgs::AngleBracketed {
args: vec![rustdoc_types::GenericArg::Type(Type::Primitive("u32".into()))],
args: vec![rustdoc_types::GenericArg::Type(Type::Primitive(
"u32".into(),
))],
constraints: vec![],
})),
});
@@ -687,13 +802,15 @@ mod tests {
#[test]
fn render_type_impl_trait() {
let krate = empty_crate();
let ty = Type::ImplTrait(vec![
rustdoc_types::GenericBound::TraitBound {
trait_: rustdoc_types::Path { path: "Display".into(), id: Id(99), args: None },
generic_params: vec![],
modifier: rustdoc_types::TraitBoundModifier::None,
let ty = Type::ImplTrait(vec![rustdoc_types::GenericBound::TraitBound {
trait_: rustdoc_types::Path {
path: "Display".into(),
id: Id(99),
args: None,
},
]);
generic_params: vec![],
modifier: rustdoc_types::TraitBoundModifier::None,
}]);
assert_eq!(render_type(&ty, &krate), "impl Display");
}
@@ -702,7 +819,11 @@ mod tests {
let krate = empty_crate();
let ty = Type::DynTrait(rustdoc_types::DynTrait {
traits: vec![rustdoc_types::PolyTrait {
trait_: rustdoc_types::Path { path: "Error".into(), id: Id(99), args: None },
trait_: rustdoc_types::Path {
path: "Error".into(),
id: Id(99),
args: None,
},
generic_params: vec![],
}],
lifetime: None,
@@ -720,7 +841,12 @@ mod tests {
is_c_variadic: false,
},
generic_params: vec![],
header: FunctionHeader { is_const: false, is_unsafe: false, is_async: false, abi: Abi::Rust },
header: FunctionHeader {
is_const: false,
is_unsafe: false,
is_async: false,
abi: Abi::Rust,
},
}));
assert_eq!(render_type(&ty, &krate), "fn(u32) -> bool");
}
@@ -728,7 +854,10 @@ mod tests {
#[test]
fn render_type_const_pointer() {
let krate = empty_crate();
let ty = Type::RawPointer { is_mutable: false, type_: Box::new(Type::Primitive("u8".into())) };
let ty = Type::RawPointer {
is_mutable: false,
type_: Box::new(Type::Primitive("u8".into())),
};
assert_eq!(render_type(&ty, &krate), "*const u8");
}
@@ -743,9 +872,16 @@ mod tests {
let krate = empty_crate();
let ty = Type::QualifiedPath {
name: "Item".into(),
args: Box::new(rustdoc_types::GenericArgs::AngleBracketed { args: vec![], constraints: vec![] }),
args: Box::new(rustdoc_types::GenericArgs::AngleBracketed {
args: vec![],
constraints: vec![],
}),
self_type: Box::new(Type::Generic("T".into())),
trait_: Some(rustdoc_types::Path { path: "Iterator".into(), id: Id(99), args: None }),
trait_: Some(rustdoc_types::Path {
path: "Iterator".into(),
id: Id(99),
args: None,
}),
};
assert_eq!(render_type(&ty, &krate), "<T as Iterator>::Item");
}
@@ -753,74 +889,137 @@ mod tests {
#[test]
fn item_kind_label_all_variants() {
// Test the remaining untested variants
assert_eq!(item_kind_label(&ItemEnum::Enum(Enum {
generics: Generics { params: vec![], where_predicates: vec![] },
variants: vec![], has_stripped_variants: false, impls: vec![],
})), Some("Enums"));
assert_eq!(item_kind_label(&ItemEnum::Trait(Trait {
is_auto: false, is_unsafe: false, is_dyn_compatible: true,
items: vec![], generics: Generics { params: vec![], where_predicates: vec![] },
bounds: vec![], implementations: vec![],
})), Some("Traits"));
assert_eq!(
item_kind_label(&ItemEnum::Enum(Enum {
generics: Generics {
params: vec![],
where_predicates: vec![]
},
variants: vec![],
has_stripped_variants: false,
impls: vec![],
})),
Some("Enums")
);
assert_eq!(
item_kind_label(&ItemEnum::Trait(Trait {
is_auto: false,
is_unsafe: false,
is_dyn_compatible: true,
items: vec![],
generics: Generics {
params: vec![],
where_predicates: vec![]
},
bounds: vec![],
implementations: vec![],
})),
Some("Traits")
);
assert_eq!(item_kind_label(&ItemEnum::Macro("".into())), Some("Macros"));
assert_eq!(item_kind_label(&ItemEnum::Static(rustdoc_types::Static {
type_: Type::Primitive("u32".into()),
is_mutable: false,
is_unsafe: false,
expr: String::new(),
})), Some("Statics"));
assert_eq!(
item_kind_label(&ItemEnum::Static(rustdoc_types::Static {
type_: Type::Primitive("u32".into()),
is_mutable: false,
is_unsafe: false,
expr: String::new(),
})),
Some("Statics")
);
// Impl blocks should be skipped
assert_eq!(item_kind_label(&ItemEnum::Impl(rustdoc_types::Impl {
is_unsafe: false, generics: Generics { params: vec![], where_predicates: vec![] },
provided_trait_methods: vec![], trait_: None, for_: Type::Primitive("u32".into()),
items: vec![], is_negative: false, is_synthetic: false,
blanket_impl: None,
})), None);
assert_eq!(
item_kind_label(&ItemEnum::Impl(rustdoc_types::Impl {
is_unsafe: false,
generics: Generics {
params: vec![],
where_predicates: vec![]
},
provided_trait_methods: vec![],
trait_: None,
for_: Type::Primitive("u32".into()),
items: vec![],
is_negative: false,
is_synthetic: false,
blanket_impl: None,
})),
None
);
}
#[test]
fn render_constant_signature() {
let krate = empty_crate();
let item = Item {
id: Id(5), crate_id: 0,
name: Some("MAX_SIZE".into()), span: None,
visibility: Visibility::Public, docs: None,
links: HashMap::new(), attrs: vec![], deprecation: None,
id: Id(5),
crate_id: 0,
name: Some("MAX_SIZE".into()),
span: None,
visibility: Visibility::Public,
docs: None,
links: HashMap::new(),
attrs: vec![],
deprecation: None,
inner: ItemEnum::Constant {
type_: Type::Primitive("usize".into()),
const_: rustdoc_types::Constant { expr: "1024".into(), value: Some("1024".into()), is_literal: true },
const_: rustdoc_types::Constant {
expr: "1024".into(),
value: Some("1024".into()),
is_literal: true,
},
},
};
assert_eq!(render_signature(&item, &krate).unwrap(), "pub const MAX_SIZE: usize = 1024");
assert_eq!(
render_signature(&item, &krate).unwrap(),
"pub const MAX_SIZE: usize = 1024"
);
}
#[test]
fn render_type_alias_signature() {
let krate = empty_crate();
let item = Item {
id: Id(6), crate_id: 0,
name: Some("Result".into()), span: None,
visibility: Visibility::Public, docs: None,
links: HashMap::new(), attrs: vec![], deprecation: None,
id: Id(6),
crate_id: 0,
name: Some("Result".into()),
span: None,
visibility: Visibility::Public,
docs: None,
links: HashMap::new(),
attrs: vec![],
deprecation: None,
inner: ItemEnum::TypeAlias(rustdoc_types::TypeAlias {
type_: Type::Primitive("u32".into()),
generics: Generics { params: vec![], where_predicates: vec![] },
generics: Generics {
params: vec![],
where_predicates: vec![],
},
}),
};
assert_eq!(render_signature(&item, &krate).unwrap(), "pub type Result = u32");
assert_eq!(
render_signature(&item, &krate).unwrap(),
"pub type Result = u32"
);
}
#[test]
fn render_macro_signature() {
let krate = empty_crate();
let item = Item {
id: Id(7), crate_id: 0,
name: Some("my_macro".into()), span: None,
visibility: Visibility::Public, docs: None,
links: HashMap::new(), attrs: vec![], deprecation: None,
id: Id(7),
crate_id: 0,
name: Some("my_macro".into()),
span: None,
visibility: Visibility::Public,
docs: None,
links: HashMap::new(),
attrs: vec![],
deprecation: None,
inner: ItemEnum::Macro("macro body".into()),
};
assert_eq!(render_signature(&item, &krate).unwrap(), "macro_rules! my_macro { ... }");
assert_eq!(
render_signature(&item, &krate).unwrap(),
"macro_rules! my_macro { ... }"
);
}
#[test]
@@ -839,9 +1038,15 @@ mod tests {
#[test]
fn write_mdx_files_creates_directories() {
let tmp = tempfile::tempdir().unwrap();
let files = vec![MdxFile { path: "nested/module.mdx".into(), content: "# Test\n".into() }];
let files = vec![MdxFile {
path: "nested/module.mdx".into(),
content: "# Test\n".into(),
}];
write_mdx_files(&files, tmp.path()).unwrap();
assert!(tmp.path().join("nested/module.mdx").exists());
assert_eq!(std::fs::read_to_string(tmp.path().join("nested/module.mdx")).unwrap(), "# Test\n");
assert_eq!(
std::fs::read_to_string(tmp.path().join("nested/module.mdx")).unwrap(),
"# Test\n"
);
}
}

21
wfe-rustlang/src/rustup/config.rs
View File

@@ -60,7 +60,10 @@ mod tests {
#[test]
fn command_as_str() {
assert_eq!(RustupCommand::Install.as_str(), "install");
assert_eq!(RustupCommand::ToolchainInstall.as_str(), "toolchain-install");
assert_eq!(
RustupCommand::ToolchainInstall.as_str(),
"toolchain-install"
);
assert_eq!(RustupCommand::ComponentAdd.as_str(), "component-add");
assert_eq!(RustupCommand::TargetAdd.as_str(), "target-add");
}
@@ -118,7 +121,11 @@ mod tests {
let config = RustupConfig {
command: RustupCommand::ComponentAdd,
toolchain: Some("nightly".to_string()),
components: vec!["clippy".to_string(), "rustfmt".to_string(), "rust-src".to_string()],
components: vec![
"clippy".to_string(),
"rustfmt".to_string(),
"rust-src".to_string(),
],
targets: vec![],
profile: None,
default_toolchain: None,
@@ -138,7 +145,10 @@ mod tests {
command: RustupCommand::TargetAdd,
toolchain: Some("stable".to_string()),
components: vec![],
targets: vec!["wasm32-unknown-unknown".to_string(), "aarch64-linux-android".to_string()],
targets: vec![
"wasm32-unknown-unknown".to_string(),
"aarch64-linux-android".to_string(),
],
profile: None,
default_toolchain: None,
extra_args: vec![],
@@ -147,7 +157,10 @@ mod tests {
let json = serde_json::to_string(&config).unwrap();
let de: RustupConfig = serde_json::from_str(&json).unwrap();
assert_eq!(de.command, RustupCommand::TargetAdd);
assert_eq!(de.targets, vec!["wasm32-unknown-unknown", "aarch64-linux-android"]);
assert_eq!(
de.targets,
vec!["wasm32-unknown-unknown", "aarch64-linux-android"]
);
}
#[test]

129
wfe-rustlang/src/rustup/step.rs
View File

@@ -1,7 +1,7 @@
use async_trait::async_trait;
use wfe_core::WfeError;
use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_core::WfeError;
use crate::rustup::config::{RustupCommand, RustupConfig};
@@ -26,7 +26,8 @@ impl RustupStep {
fn build_install_command(&self) -> tokio::process::Command {
let mut cmd = tokio::process::Command::new("sh");
// Pipe rustup-init through sh with non-interactive flag.
let mut script = "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y".to_string();
let mut script =
"curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y".to_string();
if let Some(ref profile) = self.config.profile {
script.push_str(&format!(" --profile {profile}"));
@@ -112,7 +113,10 @@ impl RustupStep {
#[async_trait]
impl StepBody for RustupStep {
async fn run(&mut self, context: &StepExecutionContext<'_>) -> wfe_core::Result<ExecutionResult> {
async fn run(
&mut self,
context: &StepExecutionContext<'_>,
) -> wfe_core::Result<ExecutionResult> {
let step_name = context.step.name.as_deref().unwrap_or("unknown");
let subcmd = self.config.command.as_str();
@@ -133,9 +137,9 @@ impl StepBody for RustupStep {
}
}
} else {
cmd.output()
.await
.map_err(|e| WfeError::StepExecution(format!("Failed to spawn rustup {subcmd}: {e}")))?
cmd.output().await.map_err(|e| {
WfeError::StepExecution(format!("Failed to spawn rustup {subcmd}: {e}"))
})?
};
let stdout = String::from_utf8_lossy(&output.stdout).to_string();
@@ -189,7 +193,11 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "sh");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args[0], "-c");
assert!(args[1].contains("rustup.rs"));
assert!(args[1].contains("-y"));
@@ -202,7 +210,11 @@ mod tests {
config.default_toolchain = Some("nightly".to_string());
let step = RustupStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert!(args[1].contains("--profile minimal"));
assert!(args[1].contains("--default-toolchain nightly"));
}
@@ -213,7 +225,11 @@ mod tests {
config.extra_args = vec!["--no-modify-path".to_string()];
let step = RustupStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert!(args[1].contains("--no-modify-path"));
}
@@ -233,8 +249,21 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "rustup");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["toolchain", "install", "nightly-2024-06-01", "--profile", "minimal"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec![
"toolchain",
"install",
"nightly-2024-06-01",
"--profile",
"minimal"
]
);
}
#[test]
@@ -251,7 +280,11 @@ mod tests {
};
let step = RustupStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["toolchain", "install", "stable", "--force"]);
}
@@ -271,8 +304,22 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "rustup");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["component", "add", "clippy", "rustfmt", "--toolchain", "nightly"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec![
"component",
"add",
"clippy",
"rustfmt",
"--toolchain",
"nightly"
]
);
}
#[test]
@@ -289,7 +336,11 @@ mod tests {
};
let step = RustupStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(args, vec!["component", "add", "rust-src"]);
}
@@ -309,8 +360,21 @@ mod tests {
let cmd = step.build_command();
let prog = cmd.as_std().get_program().to_str().unwrap();
assert_eq!(prog, "rustup");
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["target", "add", "wasm32-unknown-unknown", "--toolchain", "stable"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec![
"target",
"add",
"wasm32-unknown-unknown",
"--toolchain",
"stable"
]
);
}
#[test]
@@ -330,8 +394,20 @@ mod tests {
};
let step = RustupStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
assert_eq!(args, vec!["target", "add", "wasm32-unknown-unknown", "aarch64-linux-android"]);
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec![
"target",
"add",
"wasm32-unknown-unknown",
"aarch64-linux-android"
]
);
}
#[test]
@@ -348,10 +424,21 @@ mod tests {
};
let step = RustupStep::new(config);
let cmd = step.build_command();
let args: Vec<_> = cmd.as_std().get_args().map(|a| a.to_str().unwrap()).collect();
let args: Vec<_> = cmd
.as_std()
.get_args()
.map(|a| a.to_str().unwrap())
.collect();
assert_eq!(
args,
vec!["target", "add", "x86_64-unknown-linux-musl", "--toolchain", "nightly", "--force"]
vec![
"target",
"add",
"x86_64-unknown-linux-musl",
"--toolchain",
"nightly",
"--force"
]
);
}
}

6
wfe-server-protos/build.rs
View File

@@ -13,11 +13,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
.build_server(true)
.build_client(true)
.file_descriptor_set_path(&descriptor_path)
.compile_with_config(
prost_config,
&proto_files,
&["proto"],
)?;
.compile_with_config(prost_config, &proto_files, &["proto"])?;
Ok(())
}

23
wfe-server-protos/proto/wfe/v1/wfe.proto
View File

@@ -45,6 +45,9 @@ message RegisteredDefinition {
string definition_id = 1;
uint32 version = 2;
uint32 step_count = 3;
// Human-friendly display name declared in the YAML (e.g. "Continuous
// Integration"). Empty when the definition did not set one.
string name = 4;
}
message ListDefinitionsRequest {}
@@ -58,6 +61,10 @@ message DefinitionSummary {
uint32 version = 2;
string description = 3;
uint32 step_count = 4;
// Human-friendly display name declared in the YAML (e.g. "Continuous
// Integration"). Empty when the definition did not set one; clients should
// fall back to `id` for presentation.
string name = 5;
}
// ─── Instances ───────────────────────────────────────────────────────
@@ -66,13 +73,23 @@ message StartWorkflowRequest {
string definition_id = 1;
uint32 version = 2;
google.protobuf.Struct data = 3;
// Optional caller-supplied name for this instance. Must be unique across
// all workflow instances. When unset the server auto-assigns
// `{definition_id}-{N}` using a per-definition monotonic counter.
string name = 4;
}
message StartWorkflowResponse {
string workflow_id = 1;
// Human-friendly name that was assigned to the new instance (either the
// caller override or the auto-generated `{definition_id}-{N}`).
string name = 2;
}
message GetWorkflowRequest {
// Accepts either the UUID `workflow_id` or the human-friendly instance
// name (e.g. "ci-42"). The server tries UUID first, then falls back to
// name-based lookup.
string workflow_id = 1;
}
@@ -201,6 +218,10 @@ message WorkflowInstance {
google.protobuf.Timestamp create_time = 8;
google.protobuf.Timestamp complete_time = 9;
repeated ExecutionPointer execution_pointers = 10;
// Human-friendly unique name, auto-assigned as `{definition_id}-{N}` at
// start time, or the caller-supplied override from StartWorkflowRequest.
// Interchangeable with `id` in Get/Cancel/Suspend/Resume/Watch/Logs RPCs.
string name = 11;
}
message ExecutionPointer {
@@ -222,6 +243,8 @@ message WorkflowSearchResult {
string reference = 5;
string description = 6;
google.protobuf.Timestamp create_time = 7;
// Human-friendly instance name (e.g. "ci-42").
string name = 8;
}
enum WorkflowStatus {

3
wfe-server-protos/src/lib.rs
View File

@@ -17,4 +17,5 @@ pub use prost_types;
pub use tonic;
/// Encoded file descriptor set for gRPC reflection.
pub const FILE_DESCRIPTOR_SET: &[u8] = include_bytes!(concat!(env!("OUT_DIR"), "/wfe_descriptor.bin"));
pub const FILE_DESCRIPTOR_SET: &[u8] =
include_bytes!(concat!(env!("OUT_DIR"), "/wfe_descriptor.bin"));

6
wfe-server/Cargo.toml
View File

@@ -14,9 +14,9 @@ path = "src/main.rs"
[dependencies]
# Internal
wfe-core = { workspace = true, features = ["test-support"] }
wfe = { version = "1.8.1", path = "../wfe", registry = "sunbeam" }
wfe-yaml = { version = "1.8.1", path = "../wfe-yaml", registry = "sunbeam", features = ["rustlang", "buildkit", "containerd"] }
wfe-server-protos = { version = "1.8.1", path = "../wfe-server-protos", registry = "sunbeam" }
wfe = { version = "1.9.0", path = "../wfe", registry = "sunbeam" }
wfe-yaml = { version = "1.9.0", path = "../wfe-yaml", registry = "sunbeam", features = ["rustlang", "buildkit", "containerd", "kubernetes", "deno"] }
wfe-server-protos = { version = "1.9.0", path = "../wfe-server-protos", registry = "sunbeam" }
wfe-sqlite = { workspace = true }
wfe-postgres = { workspace = true }
wfe-valkey = { workspace = true }

35
wfe-server/src/auth.rs
View File

@@ -1,6 +1,6 @@
use std::sync::Arc;
use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
use jsonwebtoken::{Algorithm, DecodingKey, Validation, decode};
use serde::Deserialize;
use tokio::sync::RwLock;
use tonic::{Request, Status};
@@ -99,7 +99,10 @@ impl AuthState {
let resp: JwksResponse = reqwest::get(uri).await?.json().await?;
let mut cache = self.jwks.write().await;
*cache = Some(JwksCache { keys: resp.keys });
tracing::debug!(key_count = cache.as_ref().unwrap().keys.len(), "JWKS refreshed");
tracing::debug!(
key_count = cache.as_ref().unwrap().keys.len(),
"JWKS refreshed"
);
Ok(())
}
@@ -128,7 +131,9 @@ impl AuthState {
/// Validate a JWT against the cached JWKS (synchronous — for use in interceptors).
/// Shared logic used by both `check()` and `make_interceptor()`.
fn validate_jwt_cached(&self, token: &str) -> Result<(), Status> {
let cache = self.jwks.try_read()
let cache = self
.jwks
.try_read()
.map_err(|_| Status::unavailable("JWKS refresh in progress"))?;
let jwks = cache
.as_ref()
@@ -228,9 +233,7 @@ fn extract_bearer_token<T>(request: &Request<T>) -> Result<&str, Status> {
}
/// Map JWK key algorithm to jsonwebtoken Algorithm.
fn key_algorithm_to_jwt_algorithm(
ka: jsonwebtoken::jwk::KeyAlgorithm,
) -> Option<Algorithm> {
fn key_algorithm_to_jwt_algorithm(ka: jsonwebtoken::jwk::KeyAlgorithm) -> Option<Algorithm> {
use jsonwebtoken::jwk::KeyAlgorithm as KA;
match ka {
KA::RS256 => Some(Algorithm::RS256),
@@ -473,7 +476,7 @@ mod tests {
issuer: &str,
audience: Option<&str>,
) -> (Vec<jsonwebtoken::jwk::Jwk>, String) {
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
use base64::{Engine, engine::general_purpose::URL_SAFE_NO_PAD};
use rsa::RsaPrivateKey;
let mut rng = rand::thread_rng();
@@ -498,8 +501,7 @@ mod tests {
let pem = private_key
.to_pkcs1_pem(rsa::pkcs1::LineEnding::LF)
.unwrap();
let encoding_key =
jsonwebtoken::EncodingKey::from_rsa_pem(pem.as_bytes()).unwrap();
let encoding_key = jsonwebtoken::EncodingKey::from_rsa_pem(pem.as_bytes()).unwrap();
let mut header = jsonwebtoken::Header::new(jsonwebtoken::Algorithm::RS256);
header.kid = Some("test-key-1".to_string());
@@ -684,9 +686,18 @@ mod tests {
#[test]
fn key_algorithm_mapping() {
use jsonwebtoken::jwk::KeyAlgorithm as KA;
assert_eq!(key_algorithm_to_jwt_algorithm(KA::RS256), Some(Algorithm::RS256));
assert_eq!(key_algorithm_to_jwt_algorithm(KA::ES256), Some(Algorithm::ES256));
assert_eq!(key_algorithm_to_jwt_algorithm(KA::EdDSA), Some(Algorithm::EdDSA));
assert_eq!(
key_algorithm_to_jwt_algorithm(KA::RS256),
Some(Algorithm::RS256)
);
assert_eq!(
key_algorithm_to_jwt_algorithm(KA::ES256),
Some(Algorithm::ES256)
);
assert_eq!(
key_algorithm_to_jwt_algorithm(KA::EdDSA),
Some(Algorithm::EdDSA)
);
// HS256 should be rejected (symmetric algorithm).
assert_eq!(key_algorithm_to_jwt_algorithm(KA::HS256), None);
assert_eq!(key_algorithm_to_jwt_algorithm(KA::HS384), None);

38
wfe-server/src/config.rs
View File

@@ -174,10 +174,7 @@ pub fn load(cli: &Cli) -> ServerConfig {
// Persistence override.
if let Some(ref backend) = cli.persistence {
let url = cli
.db_url
.clone()
.unwrap_or_else(|| "wfe.db".to_string());
let url = cli.db_url.clone().unwrap_or_else(|| "wfe.db".to_string());
config.persistence = match backend.as_str() {
"postgres" => PersistenceConfig::Postgres { url },
_ => PersistenceConfig::Sqlite { path: url },
@@ -231,7 +228,10 @@ mod tests {
let config = ServerConfig::default();
assert_eq!(config.grpc_addr, "0.0.0.0:50051".parse().unwrap());
assert_eq!(config.http_addr, "0.0.0.0:8080".parse().unwrap());
assert!(matches!(config.persistence, PersistenceConfig::Sqlite { .. }));
assert!(matches!(
config.persistence,
PersistenceConfig::Sqlite { .. }
));
assert!(matches!(config.queue, QueueConfig::InMemory));
assert!(config.search.is_none());
assert!(config.auth.tokens.is_empty());
@@ -270,11 +270,17 @@ version = 1
"#;
let config: ServerConfig = toml::from_str(toml).unwrap();
assert_eq!(config.grpc_addr, "127.0.0.1:9090".parse().unwrap());
assert!(matches!(config.persistence, PersistenceConfig::Postgres { .. }));
assert!(matches!(
config.persistence,
PersistenceConfig::Postgres { .. }
));
assert!(matches!(config.queue, QueueConfig::Valkey { .. }));
assert!(config.search.is_some());
assert_eq!(config.auth.tokens.len(), 2);
assert_eq!(config.auth.webhook_secrets.get("github").unwrap(), "mysecret");
assert_eq!(
config.auth.webhook_secrets.get("github").unwrap(),
"mysecret"
);
assert_eq!(config.webhook.triggers.len(), 1);
assert_eq!(config.webhook.triggers[0].workflow_id, "ci");
}
@@ -295,8 +301,12 @@ version = 1
};
let config = load(&cli);
assert_eq!(config.grpc_addr, "127.0.0.1:9999".parse().unwrap());
assert!(matches!(config.persistence, PersistenceConfig::Postgres { ref url } if url == "postgres://db/wfe"));
assert!(matches!(config.queue, QueueConfig::Valkey { ref url } if url == "redis://valkey:6379"));
assert!(
matches!(config.persistence, PersistenceConfig::Postgres { ref url } if url == "postgres://db/wfe")
);
assert!(
matches!(config.queue, QueueConfig::Valkey { ref url } if url == "redis://valkey:6379")
);
assert_eq!(config.search.unwrap().url, "http://os:9200");
assert_eq!(config.workflows_dir.unwrap(), PathBuf::from("/workflows"));
assert_eq!(config.auth.tokens, vec!["tok1", "tok2"]);
@@ -317,7 +327,10 @@ version = 1
auth_tokens: None,
};
let config = load(&cli);
assert!(matches!(config.persistence, PersistenceConfig::Postgres { .. }));
assert!(matches!(
config.persistence,
PersistenceConfig::Postgres { .. }
));
}
// ── Security regression tests ──
@@ -358,6 +371,9 @@ commit = "$.head_commit.id"
"#;
let config: WebhookConfig = toml::from_str(toml).unwrap();
assert_eq!(config.triggers[0].data_mapping.len(), 2);
assert_eq!(config.triggers[0].data_mapping["repo"], "$.repository.full_name");
assert_eq!(
config.triggers[0].data_mapping["repo"],
"$.repository.full_name"
);
}
}

188
wfe-server/src/grpc.rs
View File

@@ -2,8 +2,8 @@ use std::collections::{BTreeMap, HashMap};
use std::sync::Arc;
use tonic::{Request, Response, Status};
use wfe_server_protos::wfe::v1::*;
use wfe_server_protos::wfe::v1::wfe_server::Wfe;
use wfe_server_protos::wfe::v1::*;
pub struct WfeService {
host: Arc<wfe::WorkflowHost>,
@@ -18,7 +18,12 @@ impl WfeService {
lifecycle_bus: Arc<crate::lifecycle_bus::BroadcastLifecyclePublisher>,
log_store: Arc<crate::log_store::LogStore>,
) -> Self {
Self { host, lifecycle_bus, log_store, log_search: None }
Self {
host,
lifecycle_bus,
log_store,
log_search: None,
}
}
pub fn with_log_search(mut self, index: Arc<crate::log_search::LogSearchIndex>) -> Self {
@@ -56,6 +61,7 @@ impl Wfe for WfeService {
let id = compiled.definition.id.clone();
let version = compiled.definition.version;
let step_count = compiled.definition.steps.len() as u32;
let name = compiled.definition.name.clone().unwrap_or_default();
self.host
.register_workflow_definition(compiled.definition)
@@ -65,6 +71,7 @@ impl Wfe for WfeService {
definition_id: id,
version,
step_count,
name,
});
}
@@ -94,13 +101,33 @@ impl Wfe for WfeService {
.map(struct_to_json)
.unwrap_or_else(|| serde_json::json!({}));
// Empty `name` means "auto-assign"; pass None through so the host
// generates `{definition_id}-{N}` via the persistence sequence.
let name_override = if req.name.trim().is_empty() {
None
} else {
Some(req.name)
};
let workflow_id = self
.host
.start_workflow(&req.definition_id, req.version, data)
.start_workflow_with_name(&req.definition_id, req.version, data, name_override)
.await
.map_err(|e| Status::internal(format!("failed to start workflow: {e}")))?;
Ok(Response::new(StartWorkflowResponse { workflow_id }))
// Load the instance back so we can return the assigned name to the
// client. Cheap read, single row, avoids plumbing the name through
// the host's return signature.
let instance = self
.host
.get_workflow(&workflow_id)
.await
.map_err(|e| Status::internal(format!("failed to load new workflow: {e}")))?;
Ok(Response::new(StartWorkflowResponse {
workflow_id,
name: instance.name,
}))
}
async fn get_workflow(
@@ -206,10 +233,18 @@ impl Wfe for WfeService {
request: Request<WatchLifecycleRequest>,
) -> Result<Response<Self::WatchLifecycleStream>, Status> {
let req = request.into_inner();
// Resolve name-or-UUID to the canonical UUID upfront. Lifecycle events
// carry UUIDs, so filtering by a human name would silently drop
// everything. Empty filter means "all workflows".
let filter_workflow_id = if req.workflow_id.is_empty() {
None
} else {
Some(req.workflow_id)
let resolved = self
.host
.resolve_workflow_id(&req.workflow_id)
.await
.map_err(|e| Status::not_found(format!("workflow not found: {e}")))?;
Some(resolved)
};
let mut broadcast_rx = self.lifecycle_bus.subscribe();
@@ -239,7 +274,9 @@ impl Wfe for WfeService {
}
});
Ok(Response::new(tokio_stream::wrappers::ReceiverStream::new(rx)))
Ok(Response::new(tokio_stream::wrappers::ReceiverStream::new(
rx,
)))
}
type StreamLogsStream = tokio_stream::wrappers::ReceiverStream<Result<LogEntry, Status>>;
@@ -249,7 +286,13 @@ impl Wfe for WfeService {
request: Request<StreamLogsRequest>,
) -> Result<Response<Self::StreamLogsStream>, Status> {
let req = request.into_inner();
let workflow_id = req.workflow_id.clone();
// Resolve name-or-UUID so the log_store (which is keyed by UUID)
// returns history for the right instance.
let workflow_id = self
.host
.resolve_workflow_id(&req.workflow_id)
.await
.map_err(|e| Status::not_found(format!("workflow not found: {e}")))?;
let step_name_filter = if req.step_name.is_empty() {
None
} else {
@@ -301,7 +344,9 @@ impl Wfe for WfeService {
// If not follow mode, the stream ends after history replay.
});
Ok(Response::new(tokio_stream::wrappers::ReceiverStream::new(rx)))
Ok(Response::new(tokio_stream::wrappers::ReceiverStream::new(
rx,
)))
}
// ── Search ───────────────────────────────────────────────────────
@@ -311,12 +356,31 @@ impl Wfe for WfeService {
request: Request<SearchLogsRequest>,
) -> Result<Response<SearchLogsResponse>, Status> {
let Some(ref search) = self.log_search else {
return Err(Status::unavailable("log search not configured — set --search-url"));
return Err(Status::unavailable(
"log search not configured — set --search-url",
));
};
let req = request.into_inner();
let workflow_id = if req.workflow_id.is_empty() { None } else { Some(req.workflow_id.as_str()) };
let step_name = if req.step_name.is_empty() { None } else { Some(req.step_name.as_str()) };
// Resolve name-or-UUID upfront so the search index (keyed by UUID)
// matches the requested instance. We materialize into a String so
// the borrowed reference below has a stable lifetime.
let resolved_workflow_id = if req.workflow_id.is_empty() {
None
} else {
Some(
self.host
.resolve_workflow_id(&req.workflow_id)
.await
.map_err(|e| Status::not_found(format!("workflow not found: {e}")))?,
)
};
let workflow_id = resolved_workflow_id.as_deref();
let step_name = if req.step_name.is_empty() {
None
} else {
Some(req.step_name.as_str())
};
let stream_filter = match req.stream_filter {
x if x == LogStream::Stdout as i32 => Some("stdout"),
x if x == LogStream::Stderr as i32 => Some("stderr"),
@@ -325,7 +389,14 @@ impl Wfe for WfeService {
let take = if req.take == 0 { 50 } else { req.take };
let (hits, total) = search
.search(&req.query, workflow_id, step_name, stream_filter, req.skip, take)
.search(
&req.query,
workflow_id,
step_name,
stream_filter,
req.skip,
take,
)
.await
.map_err(|e| Status::internal(format!("search failed: {e}")))?;
@@ -431,8 +502,18 @@ fn lifecycle_event_to_proto(e: &wfe_core::models::LifecycleEvent) -> LifecycleEv
LET::Suspended => (PLET::Suspended as i32, 0, String::new(), String::new()),
LET::Resumed => (PLET::Resumed as i32, 0, String::new(), String::new()),
LET::Error { message } => (PLET::Error as i32, 0, String::new(), message.clone()),
LET::StepStarted { step_id, step_name } => (PLET::StepStarted as i32, *step_id as u32, step_name.clone().unwrap_or_default(), String::new()),
LET::StepCompleted { step_id, step_name } => (PLET::StepCompleted as i32, *step_id as u32, step_name.clone().unwrap_or_default(), String::new()),
LET::StepStarted { step_id, step_name } => (
PLET::StepStarted as i32,
*step_id as u32,
step_name.clone().unwrap_or_default(),
String::new(),
),
LET::StepCompleted { step_id, step_name } => (
PLET::StepCompleted as i32,
*step_id as u32,
step_name.clone().unwrap_or_default(),
String::new(),
),
};
LifecycleEvent {
event_time: Some(datetime_to_timestamp(&e.event_time_utc)),
@@ -456,6 +537,7 @@ fn datetime_to_timestamp(dt: &chrono::DateTime<chrono::Utc>) -> prost_types::Tim
fn workflow_to_proto(w: &wfe_core::models::WorkflowInstance) -> WorkflowInstance {
WorkflowInstance {
id: w.id.clone(),
name: w.name.clone(),
definition_id: w.workflow_definition_id.clone(),
version: w.version,
description: w.description.clone().unwrap_or_default(),
@@ -469,11 +551,7 @@ fn workflow_to_proto(w: &wfe_core::models::WorkflowInstance) -> WorkflowInstance
data: Some(json_to_struct(&w.data)),
create_time: Some(datetime_to_timestamp(&w.create_time)),
complete_time: w.complete_time.as_ref().map(datetime_to_timestamp),
execution_pointers: w
.execution_pointers
.iter()
.map(pointer_to_proto)
.collect(),
execution_pointers: w.execution_pointers.iter().map(pointer_to_proto).collect(),
}
}
@@ -630,7 +708,10 @@ mod tests {
assert_eq!(pointer_to_proto(&p).status, PointerStatus::Sleeping as i32);
p.status = PS::WaitingForEvent;
assert_eq!(pointer_to_proto(&p).status, PointerStatus::WaitingForEvent as i32);
assert_eq!(
pointer_to_proto(&p).status,
PointerStatus::WaitingForEvent as i32
);
p.status = PS::Failed;
assert_eq!(pointer_to_proto(&p).status, PointerStatus::Failed as i32);
@@ -644,7 +725,8 @@ mod tests {
#[test]
fn workflow_to_proto_basic() {
let w = wfe_core::models::WorkflowInstance::new("my-wf", 1, serde_json::json!({"key": "val"}));
let w =
wfe_core::models::WorkflowInstance::new("my-wf", 1, serde_json::json!({"key": "val"}));
let p = workflow_to_proto(&w);
assert_eq!(p.definition_id, "my-wf");
assert_eq!(p.version, 1);
@@ -674,7 +756,8 @@ mod tests {
host.start().await.unwrap();
let lifecycle_bus = std::sync::Arc::new(crate::lifecycle_bus::BroadcastLifecyclePublisher::new(64));
let lifecycle_bus =
std::sync::Arc::new(crate::lifecycle_bus::BroadcastLifecyclePublisher::new(64));
let log_store = std::sync::Arc::new(crate::log_store::LogStore::new());
WfeService::new(std::sync::Arc::new(host), lifecycle_bus, log_store)
@@ -695,7 +778,8 @@ workflow:
type: shell
config:
run: echo hi
"#.to_string(),
"#
.to_string(),
config: Default::default(),
});
let resp = svc.register_workflow(req).await.unwrap().into_inner();
@@ -709,6 +793,7 @@ workflow:
definition_id: "test-wf".to_string(),
version: 1,
data: None,
name: String::new(),
});
let resp = svc.start_workflow(req).await.unwrap().into_inner();
assert!(!resp.workflow_id.is_empty());
@@ -741,6 +826,7 @@ workflow:
definition_id: "nonexistent".to_string(),
version: 1,
data: None,
name: String::new(),
});
let err = svc.start_workflow(req).await.unwrap_err();
assert_eq!(err.code(), tonic::Code::Internal);
@@ -771,16 +857,30 @@ workflow:
definition_id: "cancel-test".to_string(),
version: 1,
data: None,
name: String::new(),
});
let wf_id = svc.start_workflow(req).await.unwrap().into_inner().workflow_id;
let wf_id = svc
.start_workflow(req)
.await
.unwrap()
.into_inner()
.workflow_id;
// Cancel it.
let req = Request::new(CancelWorkflowRequest { workflow_id: wf_id.clone() });
let req = Request::new(CancelWorkflowRequest {
workflow_id: wf_id.clone(),
});
svc.cancel_workflow(req).await.unwrap();
// Verify it's terminated.
let req = Request::new(GetWorkflowRequest { workflow_id: wf_id });
let instance = svc.get_workflow(req).await.unwrap().into_inner().instance.unwrap();
let instance = svc
.get_workflow(req)
.await
.unwrap()
.into_inner()
.instance
.unwrap();
assert_eq!(instance.status, WorkflowStatus::Terminated as i32);
}
@@ -798,23 +898,47 @@ workflow:
definition_id: "sr-test".to_string(),
version: 1,
data: None,
name: String::new(),
});
let wf_id = svc.start_workflow(req).await.unwrap().into_inner().workflow_id;
let wf_id = svc
.start_workflow(req)
.await
.unwrap()
.into_inner()
.workflow_id;
// Suspend.
let req = Request::new(SuspendWorkflowRequest { workflow_id: wf_id.clone() });
let req = Request::new(SuspendWorkflowRequest {
workflow_id: wf_id.clone(),
});
svc.suspend_workflow(req).await.unwrap();
let req = Request::new(GetWorkflowRequest { workflow_id: wf_id.clone() });
let instance = svc.get_workflow(req).await.unwrap().into_inner().instance.unwrap();
let req = Request::new(GetWorkflowRequest {
workflow_id: wf_id.clone(),
});
let instance = svc
.get_workflow(req)
.await
.unwrap()
.into_inner()
.instance
.unwrap();
assert_eq!(instance.status, WorkflowStatus::Suspended as i32);
// Resume.
let req = Request::new(ResumeWorkflowRequest { workflow_id: wf_id.clone() });
let req = Request::new(ResumeWorkflowRequest {
workflow_id: wf_id.clone(),
});
svc.resume_workflow(req).await.unwrap();
let req = Request::new(GetWorkflowRequest { workflow_id: wf_id });
let instance = svc.get_workflow(req).await.unwrap().into_inner().instance.unwrap();
let instance = svc
.get_workflow(req)
.await
.unwrap()
.into_inner()
.instance
.unwrap();
assert_eq!(instance.status, WorkflowStatus::Runnable as i32);
}

22
wfe-server/src/lifecycle_bus.rs
View File

@@ -52,9 +52,14 @@ mod tests {
let mut rx1 = bus.subscribe();
let mut rx2 = bus.subscribe();
bus.publish(LifecycleEvent::new("wf-1", "def-1", 1, LifecycleEventType::Completed))
.await
.unwrap();
bus.publish(LifecycleEvent::new(
"wf-1",
"def-1",
1,
LifecycleEventType::Completed,
))
.await
.unwrap();
let e1 = rx1.recv().await.unwrap();
let e2 = rx2.recv().await.unwrap();
@@ -66,9 +71,14 @@ mod tests {
async fn no_subscribers_does_not_error() {
let bus = BroadcastLifecyclePublisher::new(16);
// No subscribers — should not panic.
bus.publish(LifecycleEvent::new("wf-1", "def-1", 1, LifecycleEventType::Started))
.await
.unwrap();
bus.publish(LifecycleEvent::new(
"wf-1",
"def-1",
1,
LifecycleEventType::Started,
))
.await
.unwrap();
}
#[tokio::test]

85
wfe-server/src/log_search.rs
View File

@@ -100,6 +100,13 @@ impl LogSearchIndex {
if !response.status_code().is_success() {
let text = response.text().await.unwrap_or_default();
// Race: another caller created the index between our
// `exists` probe and the `create` call. OpenSearch returns
// a 400 with `resource_already_exists_exception`; treat that
// as a successful no-op rather than failing the call.
if text.contains("resource_already_exists_exception") {
return Ok(());
}
return Err(wfe_core::WfeError::Persistence(format!(
"Failed to create log index: {text}"
)));
@@ -304,17 +311,21 @@ mod tests {
// ── OpenSearch integration tests ────────────────────────────────
fn opensearch_url() -> Option<String> {
let url = std::env::var("WFE_SEARCH_URL")
.unwrap_or_else(|_| "http://localhost:9200".to_string());
// Quick TCP probe to check if OpenSearch is reachable.
let addr = url
let url =
std::env::var("WFE_SEARCH_URL").unwrap_or_else(|_| "http://localhost:9200".to_string());
// Quick TCP probe to check if OpenSearch is reachable. Use
// `to_socket_addrs` so hostnames resolve — the previous
// implementation parsed `"localhost:9200"` as a SocketAddr, which
// fails (hostnames aren't valid SocketAddrs), silently skipping
// every OpenSearch test even when the daemon was available.
use std::net::ToSocketAddrs;
let host_port = url
.strip_prefix("http://")
.or_else(|| url.strip_prefix("https://"))
.unwrap_or("localhost:9200");
match std::net::TcpStream::connect_timeout(
&addr.parse().ok()?,
std::time::Duration::from_secs(1),
) {
let mut addrs = host_port.to_socket_addrs().ok()?;
let addr = addrs.next()?;
match std::net::TcpStream::connect_timeout(&addr, std::time::Duration::from_secs(1)) {
Ok(_) => Some(url),
Err(_) => None,
}
@@ -340,10 +351,7 @@ mod tests {
/// Delete the test index to start clean.
async fn cleanup_index(url: &str) {
let client = reqwest::Client::new();
let _ = client
.delete(format!("{url}/{LOG_INDEX}"))
.send()
.await;
let _ = client.delete(format!("{url}/{LOG_INDEX}")).send().await;
}
#[tokio::test]
@@ -375,18 +383,37 @@ mod tests {
index.ensure_index().await.unwrap();
// Index some log chunks.
let chunk = make_test_chunk("wf-search-1", "build", LogStreamType::Stdout, "compiling wfe-core v1.5.0");
let chunk = make_test_chunk(
"wf-search-1",
"build",
LogStreamType::Stdout,
"compiling wfe-core v1.5.0",
);
index.index_chunk(&chunk).await.unwrap();
let chunk = make_test_chunk("wf-search-1", "build", LogStreamType::Stderr, "warning: unused variable");
let chunk = make_test_chunk(
"wf-search-1",
"build",
LogStreamType::Stderr,
"warning: unused variable",
);
index.index_chunk(&chunk).await.unwrap();
let chunk = make_test_chunk("wf-search-1", "test", LogStreamType::Stdout, "test result: ok. 79 passed");
let chunk = make_test_chunk(
"wf-search-1",
"test",
LogStreamType::Stdout,
"test result: ok. 79 passed",
);
index.index_chunk(&chunk).await.unwrap();
// OpenSearch needs a refresh to make docs searchable.
let client = reqwest::Client::new();
client.post(format!("{url}/{LOG_INDEX}/_refresh")).send().await.unwrap();
client
.post(format!("{url}/{LOG_INDEX}/_refresh"))
.send()
.await
.unwrap();
// Search by text.
let (results, total) = index
@@ -456,12 +483,21 @@ mod tests {
// Index 5 chunks.
for i in 0..5 {
let chunk = make_test_chunk("wf-page", "build", LogStreamType::Stdout, &format!("line {i}"));
let chunk = make_test_chunk(
"wf-page",
"build",
LogStreamType::Stdout,
&format!("line {i}"),
);
index.index_chunk(&chunk).await.unwrap();
}
let client = reqwest::Client::new();
client.post(format!("{url}/{LOG_INDEX}/_refresh")).send().await.unwrap();
client
.post(format!("{url}/{LOG_INDEX}/_refresh"))
.send()
.await
.unwrap();
// Get first 2.
let (results, total) = index
@@ -506,11 +542,20 @@ mod tests {
let index = LogSearchIndex::new(&url).unwrap();
index.ensure_index().await.unwrap();
let chunk = make_test_chunk("wf-fields", "clippy", LogStreamType::Stderr, "error: type mismatch");
let chunk = make_test_chunk(
"wf-fields",
"clippy",
LogStreamType::Stderr,
"error: type mismatch",
);
index.index_chunk(&chunk).await.unwrap();
let client = reqwest::Client::new();
client.post(format!("{url}/{LOG_INDEX}/_refresh")).send().await.unwrap();
client
.post(format!("{url}/{LOG_INDEX}/_refresh"))
.send()
.await
.unwrap();
let (results, _) = index
.search("type mismatch", None, None, None, 0, 10)

36
wfe-server/src/log_store.rs
View File

@@ -109,8 +109,12 @@ mod tests {
#[tokio::test]
async fn write_and_read_history() {
let store = LogStore::new();
store.write_chunk(make_chunk("wf-1", 0, "build", "line 1\n")).await;
store.write_chunk(make_chunk("wf-1", 0, "build", "line 2\n")).await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "line 1\n"))
.await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "line 2\n"))
.await;
let history = store.get_history("wf-1", None);
assert_eq!(history.len(), 2);
@@ -121,8 +125,12 @@ mod tests {
#[tokio::test]
async fn history_filtered_by_step() {
let store = LogStore::new();
store.write_chunk(make_chunk("wf-1", 0, "build", "build log\n")).await;
store.write_chunk(make_chunk("wf-1", 1, "test", "test log\n")).await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "build log\n"))
.await;
store
.write_chunk(make_chunk("wf-1", 1, "test", "test log\n"))
.await;
let build_only = store.get_history("wf-1", Some(0));
assert_eq!(build_only.len(), 1);
@@ -144,7 +152,9 @@ mod tests {
let store = LogStore::new();
let mut rx = store.subscribe("wf-1");
store.write_chunk(make_chunk("wf-1", 0, "build", "hello\n")).await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "hello\n"))
.await;
let received = rx.recv().await.unwrap();
assert_eq!(received.data, b"hello\n");
@@ -157,8 +167,12 @@ mod tests {
let mut rx1 = store.subscribe("wf-1");
let mut rx2 = store.subscribe("wf-2");
store.write_chunk(make_chunk("wf-1", 0, "build", "wf1 log\n")).await;
store.write_chunk(make_chunk("wf-2", 0, "test", "wf2 log\n")).await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "wf1 log\n"))
.await;
store
.write_chunk(make_chunk("wf-2", 0, "test", "wf2 log\n"))
.await;
let e1 = rx1.recv().await.unwrap();
assert_eq!(e1.workflow_id, "wf-1");
@@ -171,7 +185,9 @@ mod tests {
async fn no_subscribers_does_not_error() {
let store = LogStore::new();
// No subscribers — should not panic.
store.write_chunk(make_chunk("wf-1", 0, "build", "orphan log\n")).await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "orphan log\n"))
.await;
// History should still be stored.
assert_eq!(store.get_history("wf-1", None).len(), 1);
}
@@ -182,7 +198,9 @@ mod tests {
let mut rx1 = store.subscribe("wf-1");
let mut rx2 = store.subscribe("wf-1");
store.write_chunk(make_chunk("wf-1", 0, "build", "shared\n")).await;
store
.write_chunk(make_chunk("wf-1", 0, "build", "shared\n"))
.await;
let e1 = rx1.recv().await.unwrap();
let e2 = rx2.recv().await.unwrap();

44
wfe-server/src/main.rs
View File

@@ -152,9 +152,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
wfe_service = wfe_service.with_log_search(index);
}
let (health_reporter, health_service) = tonic_health::server::health_reporter();
health_reporter
.set_serving::<WfeServer<WfeService>>()
.await;
health_reporter.set_serving::<WfeServer<WfeService>>().await;
// 11. Build auth state.
let auth_state = Arc::new(auth::AuthState::new(config.auth.clone()).await);
@@ -168,13 +166,31 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
// HIGH-08: Limit webhook payload size to 2 MB to prevent OOM DoS.
let http_router = axum::Router::new()
.route("/webhooks/events", axum::routing::post(webhook::handle_generic_event))
.route("/webhooks/github", axum::routing::post(webhook::handle_github_webhook))
.route("/webhooks/gitea", axum::routing::post(webhook::handle_gitea_webhook))
.route(
"/webhooks/events",
axum::routing::post(webhook::handle_generic_event),
)
.route(
"/webhooks/github",
axum::routing::post(webhook::handle_github_webhook),
)
.route(
"/webhooks/gitea",
axum::routing::post(webhook::handle_gitea_webhook),
)
.route("/healthz", axum::routing::get(webhook::health_check))
.route("/schema/workflow.proto", axum::routing::get(serve_proto_schema))
.route("/schema/workflow.json", axum::routing::get(serve_json_schema))
.route("/schema/workflow.yaml", axum::routing::get(serve_yaml_example))
.route(
"/schema/workflow.proto",
axum::routing::get(serve_proto_schema),
)
.route(
"/schema/workflow.json",
axum::routing::get(serve_json_schema),
)
.route(
"/schema/workflow.yaml",
axum::routing::get(serve_yaml_example),
)
.layer(axum::extract::DefaultBodyLimit::max(2 * 1024 * 1024))
.with_state(webhook_state);
@@ -234,7 +250,10 @@ async fn load_yaml_definitions(host: &wfe::WorkflowHost, dir: &std::path::Path)
for entry in entries.flatten() {
let path = entry.path();
if path.extension().is_some_and(|ext| ext == "yaml" || ext == "yml") {
if path
.extension()
.is_some_and(|ext| ext == "yaml" || ext == "yml")
{
match wfe_yaml::load_workflow_from_str(
&std::fs::read_to_string(&path).unwrap_or_default(),
&config,
@@ -261,7 +280,10 @@ async fn load_yaml_definitions(host: &wfe::WorkflowHost, dir: &std::path::Path)
/// Serve the raw .proto schema file.
async fn serve_proto_schema() -> impl axum::response::IntoResponse {
(
[(axum::http::header::CONTENT_TYPE, "text/plain; charset=utf-8")],
[(
axum::http::header::CONTENT_TYPE,
"text/plain; charset=utf-8",
)],
include_str!("../../wfe-server-protos/proto/wfe/v1/wfe.proto"),
)
}

318
wfe-server/src/webhook.rs
View File

@@ -1,10 +1,10 @@
use std::sync::Arc;
use axum::Json;
use axum::body::Bytes;
use axum::extract::State;
use axum::http::{HeaderMap, StatusCode};
use axum::response::IntoResponse;
use axum::Json;
use hmac::{Hmac, Mac};
use sha2::Sha256;
@@ -107,7 +107,11 @@ pub async fn handle_github_webhook(
// Publish as event (for workflows waiting on events).
if let Err(e) = state
.host
.publish_event(&forge_event.event_name, &forge_event.event_key, forge_event.data.clone())
.publish_event(
&forge_event.event_name,
&forge_event.event_key,
forge_event.data.clone(),
)
.await
{
tracing::error!(error = %e, "failed to publish forge event");
@@ -208,7 +212,11 @@ pub async fn handle_gitea_webhook(
if let Err(e) = state
.host
.publish_event(&forge_event.event_name, &forge_event.event_key, forge_event.data.clone())
.publish_event(
&forge_event.event_name,
&forge_event.event_key,
forge_event.data.clone(),
)
.await
{
tracing::error!(error = %e, "failed to publish forge event");
@@ -362,10 +370,7 @@ fn map_forge_event(event_type: &str, payload: &serde_json::Value) -> ForgeEvent
/// Extract data fields from payload using simple JSONPath-like mapping.
/// Supports `$.field.nested` syntax.
fn map_trigger_data(
trigger: &WebhookTrigger,
payload: &serde_json::Value,
) -> serde_json::Value {
fn map_trigger_data(trigger: &WebhookTrigger, payload: &serde_json::Value) -> serde_json::Value {
let mut data = serde_json::Map::new();
for (key, path) in &trigger.data_mapping {
if let Some(value) = resolve_json_path(payload, path) {
@@ -376,7 +381,10 @@ fn map_trigger_data(
}
/// Resolve a simple JSONPath expression like `$.repository.full_name`.
fn resolve_json_path<'a>(value: &'a serde_json::Value, path: &str) -> Option<&'a serde_json::Value> {
fn resolve_json_path<'a>(
value: &'a serde_json::Value,
path: &str,
) -> Option<&'a serde_json::Value> {
let path = path.strip_prefix("$.").unwrap_or(path);
let mut current = value;
for segment in path.split('.') {
@@ -553,4 +561,298 @@ mod tests {
let data = map_trigger_data(&trigger, &payload);
assert!(data.get("missing").is_none());
}
// ─── Handler-level coverage ──────────────────────────────────────
//
// The block below exercises handle_generic_event / handle_github_webhook /
// handle_gitea_webhook directly with an in-memory WorkflowHost to cover
// auth branches, signature verification, JSON parse errors, trigger
// matching, and the happy path that fires a workflow start.
use crate::config::{ServerConfig, WebhookConfig};
use std::sync::Arc;
use wfe::WorkflowHostBuilder;
use wfe_core::test_support::{
InMemoryLockProvider, InMemoryPersistenceProvider, InMemoryQueueProvider,
};
async fn test_webhook_state() -> WebhookState {
let persistence = Arc::new(InMemoryPersistenceProvider::new());
let lock = Arc::new(InMemoryLockProvider::new());
let queue = Arc::new(InMemoryQueueProvider::new());
let host = WorkflowHostBuilder::new()
.use_persistence(persistence as Arc<dyn wfe_core::traits::PersistenceProvider>)
.use_lock_provider(lock as Arc<dyn wfe_core::traits::DistributedLockProvider>)
.use_queue_provider(queue as Arc<dyn wfe_core::traits::QueueProvider>)
.build()
.unwrap();
host.start().await.unwrap();
WebhookState {
host: Arc::new(host),
config: ServerConfig::default(),
}
}
async fn test_state_with_secret(source: &str, secret: &str) -> WebhookState {
let mut state = test_webhook_state().await;
state
.config
.auth
.webhook_secrets
.insert(source.to_string(), secret.to_string());
state
}
#[tokio::test]
async fn health_check_always_ok() {
let resp = health_check().await.into_response();
assert_eq!(resp.status(), StatusCode::OK);
}
#[tokio::test]
async fn generic_event_no_auth_configured_publishes() {
let state = test_webhook_state().await;
let payload = GenericEventPayload {
event_name: "order.paid".into(),
event_key: "42".into(),
data: Some(serde_json::json!({"amount": 99})),
};
let resp = handle_generic_event(State(state), HeaderMap::new(), Json(payload))
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
}
#[tokio::test]
async fn generic_event_with_static_token_accepts_valid_bearer() {
let mut state = test_webhook_state().await;
state.config.auth.tokens = vec!["the-token".into()];
let mut headers = HeaderMap::new();
headers.insert("authorization", "Bearer the-token".parse().unwrap());
let payload = GenericEventPayload {
event_name: "evt".into(),
event_key: "k".into(),
data: None,
};
let resp = handle_generic_event(State(state), headers, Json(payload))
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
}
#[tokio::test]
async fn generic_event_with_static_token_rejects_bad_bearer() {
let mut state = test_webhook_state().await;
state.config.auth.tokens = vec!["the-token".into()];
let mut headers = HeaderMap::new();
headers.insert("authorization", "Bearer wrong".parse().unwrap());
let payload = GenericEventPayload {
event_name: "evt".into(),
event_key: "k".into(),
data: None,
};
let resp = handle_generic_event(State(state), headers, Json(payload))
.await
.into_response();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}
#[tokio::test]
async fn generic_event_with_static_token_rejects_missing_header() {
let mut state = test_webhook_state().await;
state.config.auth.tokens = vec!["t".into()];
let payload = GenericEventPayload {
event_name: "evt".into(),
event_key: "k".into(),
data: None,
};
let resp = handle_generic_event(State(state), HeaderMap::new(), Json(payload))
.await
.into_response();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}
#[tokio::test]
async fn github_webhook_accepts_unauthenticated_when_no_secret() {
let state = test_webhook_state().await;
let body = Bytes::from(
r#"{"ref":"refs/heads/main","head_commit":{"id":"deadbeef"},"repository":{"full_name":"me/repo"}}"#,
);
let mut headers = HeaderMap::new();
headers.insert("x-github-event", "push".parse().unwrap());
let resp = handle_github_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
}
#[tokio::test]
async fn github_webhook_rejects_bad_signature() {
let state = test_state_with_secret("github", "supersecret").await;
let body = Bytes::from(r#"{"ref":"refs/heads/main"}"#);
let mut headers = HeaderMap::new();
headers.insert("x-github-event", "push".parse().unwrap());
headers.insert("x-hub-signature-256", "sha256=invalid".parse().unwrap());
let resp = handle_github_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}
#[tokio::test]
async fn github_webhook_accepts_valid_signature() {
let state = test_state_with_secret("github", "s3cret").await;
let body_bytes = r#"{"ref":"refs/heads/main","repository":{"full_name":"me/repo"}}"#;
let body = Bytes::from(body_bytes);
let mut mac = HmacSha256::new_from_slice(b"s3cret").unwrap();
mac.update(body_bytes.as_bytes());
let sig = format!("sha256={}", hex::encode(mac.finalize().into_bytes()));
let mut headers = HeaderMap::new();
headers.insert("x-github-event", "push".parse().unwrap());
headers.insert("x-hub-signature-256", sig.parse().unwrap());
let resp = handle_github_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
}
#[tokio::test]
async fn github_webhook_returns_400_on_bad_json() {
let state = test_webhook_state().await;
let body = Bytes::from("not { valid } json");
let mut headers = HeaderMap::new();
headers.insert("x-github-event", "push".parse().unwrap());
let resp = handle_github_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
}
#[tokio::test]
async fn github_webhook_fires_matching_trigger() {
// Define a workflow that the webhook can start, then wire a trigger
// that matches the incoming push. Confirm a workflow instance was
// created on the host.
let mut state = test_webhook_state().await;
// Register the workflow definition so start_workflow can find it.
// The step has no registered factory, which is fine — the workflow
// reaches runnable state and the background executor would fail on
// first run, but handle_github_webhook only cares that
// `host.start_workflow` succeeds in creating the instance.
let mut def = wfe_core::models::WorkflowDefinition::new("ci", 1);
let mut s0 = wfe_core::models::WorkflowStep::new(0, "noop");
s0.outcomes.push(wfe_core::models::StepOutcome {
next_step: 0,
label: None,
value: None,
});
def.steps.push(s0);
state.host.register_workflow_definition(def).await;
state.config.webhook = WebhookConfig {
triggers: vec![WebhookTrigger {
source: "github".into(),
event: "push".into(),
match_ref: Some("refs/heads/main".into()),
workflow_id: "ci".into(),
version: 1,
data_mapping: [("repo".into(), "$.repository.full_name".into())].into(),
}],
};
let body = Bytes::from(r#"{"ref":"refs/heads/main","repository":{"full_name":"me/repo"}}"#);
let mut headers = HeaderMap::new();
headers.insert("x-github-event", "push".parse().unwrap());
let host = state.host.clone();
let resp = handle_github_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
// At least one `ci` instance should now exist. The webhook
// handler logs the started id, so we just confirm the side
// effect via get_workflow by name fallback.
let ci1 = host.get_workflow("ci-1").await;
assert!(ci1.is_ok(), "expected ci-1 to exist after webhook trigger");
}
#[tokio::test]
async fn github_webhook_trigger_skips_non_matching_ref() {
let mut state = test_webhook_state().await;
state.config.webhook = WebhookConfig {
triggers: vec![WebhookTrigger {
source: "github".into(),
event: "push".into(),
match_ref: Some("refs/heads/release".into()),
workflow_id: "ci".into(),
version: 1,
data_mapping: Default::default(),
}],
};
let body = Bytes::from(r#"{"ref":"refs/heads/main","repository":{"full_name":"me/repo"}}"#);
let mut headers = HeaderMap::new();
headers.insert("x-github-event", "push".parse().unwrap());
let host = state.host.clone();
let resp = handle_github_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
// No workflow should have been started — trigger.match_ref didn't match.
let none = host.get_workflow("ci-1").await;
assert!(none.is_err());
}
#[tokio::test]
async fn gitea_webhook_accepts_raw_hex_signature() {
let state = test_state_with_secret("gitea", "gitkey").await;
let body_bytes = r#"{"ref":"refs/heads/main","repository":{"full_name":"me/repo"}}"#;
let body = Bytes::from(body_bytes);
let mut mac = HmacSha256::new_from_slice(b"gitkey").unwrap();
mac.update(body_bytes.as_bytes());
let sig = hex::encode(mac.finalize().into_bytes());
let mut headers = HeaderMap::new();
headers.insert("x-gitea-event", "push".parse().unwrap());
headers.insert("x-gitea-signature", sig.parse().unwrap());
let resp = handle_gitea_webhook(State(state), headers, body)
.await
.into_response();
assert_eq!(resp.status(), StatusCode::OK);
}
#[tokio::test]
async fn gitea_webhook_rejects_bad_signature() {
let state = test_state_with_secret("gitea", "gitkey").await;
let mut headers = HeaderMap::new();
headers.insert("x-gitea-event", "push".parse().unwrap());
headers.insert("x-gitea-signature", "totallybogus".parse().unwrap());
let resp = handle_gitea_webhook(State(state), headers, Bytes::from(r#"{}"#))
.await
.into_response();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}
#[tokio::test]
async fn gitea_webhook_returns_400_on_bad_json() {
let state = test_webhook_state().await;
let mut headers = HeaderMap::new();
headers.insert("x-gitea-event", "push".parse().unwrap());
let resp = handle_gitea_webhook(State(state), headers, Bytes::from("not-json"))
.await
.into_response();
assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
}
// Sanity: the WebhookConfig must exist in ServerConfig for these tests
// to compile.
#[allow(dead_code)]
fn _assert_webhook_config_type() -> WebhookConfig {
WebhookConfig::default()
}
}

207
wfe-sqlite/src/lib.rs
View File

@@ -57,6 +57,8 @@ impl SqlitePersistenceProvider {
sqlx::query(
"CREATE TABLE IF NOT EXISTS workflows (
id TEXT PRIMARY KEY,
name TEXT NOT NULL UNIQUE,
root_workflow_id TEXT,
definition_id TEXT NOT NULL,
version INTEGER NOT NULL,
description TEXT,
@@ -71,6 +73,17 @@ impl SqlitePersistenceProvider {
.execute(&self.pool)
.await?;
// Per-definition monotonic counter used to generate human-friendly
// instance names of the form `{definition_id}-{N}`.
sqlx::query(
"CREATE TABLE IF NOT EXISTS definition_sequences (
definition_id TEXT PRIMARY KEY,
next_num INTEGER NOT NULL
)",
)
.execute(&self.pool)
.await?;
sqlx::query(
"CREATE TABLE IF NOT EXISTS execution_pointers (
id TEXT PRIMARY KEY,
@@ -157,30 +170,28 @@ impl SqlitePersistenceProvider {
.await?;
// Indexes
sqlx::query("CREATE INDEX IF NOT EXISTS idx_workflows_next_execution ON workflows(next_execution)")
.execute(&self.pool)
.await?;
sqlx::query(
"CREATE INDEX IF NOT EXISTS idx_workflows_status ON workflows(status)",
"CREATE INDEX IF NOT EXISTS idx_workflows_next_execution ON workflows(next_execution)",
)
.execute(&self.pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS idx_workflows_status ON workflows(status)")
.execute(&self.pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS idx_execution_pointers_workflow_id ON execution_pointers(workflow_id)")
.execute(&self.pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS idx_events_name_key ON events(event_name, event_key)")
sqlx::query(
"CREATE INDEX IF NOT EXISTS idx_events_name_key ON events(event_name, event_key)",
)
.execute(&self.pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS idx_events_is_processed ON events(is_processed)")
.execute(&self.pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS idx_events_event_time ON events(event_time)")
.execute(&self.pool)
.await?;
sqlx::query(
"CREATE INDEX IF NOT EXISTS idx_events_is_processed ON events(is_processed)",
)
.execute(&self.pool)
.await?;
sqlx::query(
"CREATE INDEX IF NOT EXISTS idx_events_event_time ON events(event_time)",
)
.execute(&self.pool)
.await?;
sqlx::query("CREATE INDEX IF NOT EXISTS idx_event_subscriptions_name_key ON event_subscriptions(event_name, event_key)")
.execute(&self.pool)
.await?;
@@ -226,10 +237,8 @@ fn row_to_workflow(
pointers: Vec<ExecutionPointer>,
) -> std::result::Result<WorkflowInstance, WfeError> {
let status_str: String = row.try_get("status").map_err(to_persistence_err)?;
let status: WorkflowStatus =
serde_json::from_str(&format!("\"{status_str}\"")).map_err(|e| {
WfeError::Persistence(format!("Failed to deserialize WorkflowStatus: {e}"))
})?;
let status: WorkflowStatus = serde_json::from_str(&format!("\"{status_str}\""))
.map_err(|e| WfeError::Persistence(format!("Failed to deserialize WorkflowStatus: {e}")))?;
let data_str: String = row.try_get("data").map_err(to_persistence_err)?;
let data: serde_json::Value = serde_json::from_str(&data_str)
@@ -241,6 +250,10 @@ fn row_to_workflow(
Ok(WorkflowInstance {
id: row.try_get("id").map_err(to_persistence_err)?,
name: row.try_get("name").map_err(to_persistence_err)?,
root_workflow_id: row
.try_get("root_workflow_id")
.map_err(to_persistence_err)?,
workflow_definition_id: row.try_get("definition_id").map_err(to_persistence_err)?,
version: row
.try_get::<i64, _>("version")
@@ -272,10 +285,11 @@ fn row_to_pointer(
.as_deref()
.map(serde_json::from_str)
.transpose()
.map_err(|e| WfeError::Persistence(format!("Failed to deserialize persistence_data: {e}")))?;
.map_err(|e| {
WfeError::Persistence(format!("Failed to deserialize persistence_data: {e}"))
})?;
let event_data_str: Option<String> =
row.try_get("event_data").map_err(to_persistence_err)?;
let event_data_str: Option<String> = row.try_get("event_data").map_err(to_persistence_err)?;
let event_data: Option<serde_json::Value> = event_data_str
.as_deref()
.map(serde_json::from_str)
@@ -308,15 +322,13 @@ fn row_to_pointer(
let ext_str: String = row
.try_get("extension_attributes")
.map_err(to_persistence_err)?;
let extension_attributes: HashMap<String, serde_json::Value> =
serde_json::from_str(&ext_str).map_err(|e| {
WfeError::Persistence(format!("Failed to deserialize extension_attributes: {e}"))
})?;
let extension_attributes: HashMap<String, serde_json::Value> = serde_json::from_str(&ext_str)
.map_err(|e| {
WfeError::Persistence(format!("Failed to deserialize extension_attributes: {e}"))
})?;
let sleep_until_str: Option<String> =
row.try_get("sleep_until").map_err(to_persistence_err)?;
let start_time_str: Option<String> =
row.try_get("start_time").map_err(to_persistence_err)?;
let sleep_until_str: Option<String> = row.try_get("sleep_until").map_err(to_persistence_err)?;
let start_time_str: Option<String> = row.try_get("start_time").map_err(to_persistence_err)?;
let end_time_str: Option<String> = row.try_get("end_time").map_err(to_persistence_err)?;
Ok(ExecutionPointer {
@@ -373,8 +385,7 @@ fn row_to_event(row: &sqlx::sqlite::SqliteRow) -> std::result::Result<Event, Wfe
fn row_to_subscription(
row: &sqlx::sqlite::SqliteRow,
) -> std::result::Result<EventSubscription, WfeError> {
let subscribe_as_of_str: String =
row.try_get("subscribe_as_of").map_err(to_persistence_err)?;
let subscribe_as_of_str: String = row.try_get("subscribe_as_of").map_err(to_persistence_err)?;
let subscription_data_str: Option<String> = row
.try_get("subscription_data")
@@ -422,6 +433,15 @@ impl WorkflowRepository for SqlitePersistenceProvider {
} else {
instance.id.clone()
};
// Fall back to the UUID when the caller didn't assign a human name.
// Production callers go through `WorkflowHost::start_workflow` which
// always fills this in, but test fixtures and external callers
// shouldn't trip the UNIQUE constraint.
let name = if instance.name.is_empty() {
id.clone()
} else {
instance.name.clone()
};
let status_str = serde_json::to_value(instance.status)
.map_err(|e| WfeError::Persistence(e.to_string()))?
@@ -436,10 +456,12 @@ impl WorkflowRepository for SqlitePersistenceProvider {
let mut tx = self.pool.begin().await.map_err(to_persistence_err)?;
sqlx::query(
"INSERT INTO workflows (id, definition_id, version, description, reference, status, data, next_execution, create_time, complete_time)
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)",
"INSERT INTO workflows (id, name, root_workflow_id, definition_id, version, description, reference, status, data, next_execution, create_time, complete_time)
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12)",
)
.bind(&id)
.bind(&name)
.bind(&instance.root_workflow_id)
.bind(&instance.workflow_definition_id)
.bind(instance.version as i64)
.bind(&instance.description)
@@ -474,10 +496,13 @@ impl WorkflowRepository for SqlitePersistenceProvider {
let mut tx = self.pool.begin().await.map_err(to_persistence_err)?;
sqlx::query(
"UPDATE workflows SET definition_id = ?1, version = ?2, description = ?3, reference = ?4,
status = ?5, data = ?6, next_execution = ?7, complete_time = ?8
WHERE id = ?9",
"UPDATE workflows SET name = ?1, root_workflow_id = ?2, definition_id = ?3,
version = ?4, description = ?5, reference = ?6, status = ?7, data = ?8,
next_execution = ?9, complete_time = ?10
WHERE id = ?11",
)
.bind(&instance.name)
.bind(&instance.root_workflow_id)
.bind(&instance.workflow_definition_id)
.bind(instance.version as i64)
.bind(&instance.description)
@@ -523,10 +548,13 @@ impl WorkflowRepository for SqlitePersistenceProvider {
let mut tx = self.pool.begin().await.map_err(to_persistence_err)?;
sqlx::query(
"UPDATE workflows SET definition_id = ?1, version = ?2, description = ?3, reference = ?4,
status = ?5, data = ?6, next_execution = ?7, complete_time = ?8
WHERE id = ?9",
"UPDATE workflows SET name = ?1, root_workflow_id = ?2, definition_id = ?3,
version = ?4, description = ?5, reference = ?6, status = ?7, data = ?8,
next_execution = ?9, complete_time = ?10
WHERE id = ?11",
)
.bind(&instance.name)
.bind(&instance.root_workflow_id)
.bind(&instance.workflow_definition_id)
.bind(instance.version as i64)
.bind(&instance.description)
@@ -583,12 +611,11 @@ impl WorkflowRepository for SqlitePersistenceProvider {
.map_err(to_persistence_err)?
.ok_or_else(|| WfeError::WorkflowNotFound(id.to_string()))?;
let pointer_rows =
sqlx::query("SELECT * FROM execution_pointers WHERE workflow_id = ?1")
.bind(id)
.fetch_all(&self.pool)
.await
.map_err(to_persistence_err)?;
let pointer_rows = sqlx::query("SELECT * FROM execution_pointers WHERE workflow_id = ?1")
.bind(id)
.fetch_all(&self.pool)
.await
.map_err(to_persistence_err)?;
let pointers = pointer_rows
.iter()
@@ -598,6 +625,36 @@ impl WorkflowRepository for SqlitePersistenceProvider {
row_to_workflow(&row, pointers)
}
async fn get_workflow_instance_by_name(&self, name: &str) -> Result<WorkflowInstance> {
let row = sqlx::query("SELECT id FROM workflows WHERE name = ?1")
.bind(name)
.fetch_optional(&self.pool)
.await
.map_err(to_persistence_err)?
.ok_or_else(|| WfeError::WorkflowNotFound(name.to_string()))?;
let id: String = row.try_get("id").map_err(to_persistence_err)?;
self.get_workflow_instance(&id).await
}
async fn next_definition_sequence(&self, definition_id: &str) -> Result<u64> {
// SQLite doesn't support `INSERT ... ON CONFLICT ... RETURNING` prior
// to 3.35, but sqlx bundles a new-enough build. Emulate an atomic
// increment via UPSERT + RETURNING so concurrent callers don't collide.
let row = sqlx::query(
"INSERT INTO definition_sequences (definition_id, next_num)
VALUES (?1, 1)
ON CONFLICT(definition_id) DO UPDATE
SET next_num = next_num + 1
RETURNING next_num",
)
.bind(definition_id)
.fetch_one(&self.pool)
.await
.map_err(to_persistence_err)?;
let next: i64 = row.try_get("next_num").map_err(to_persistence_err)?;
Ok(next as u64)
}
async fn get_workflow_instances(&self, ids: &[String]) -> Result<Vec<WorkflowInstance>> {
if ids.is_empty() {
return Ok(Vec::new());
@@ -735,10 +792,7 @@ async fn insert_subscription(
#[async_trait]
impl SubscriptionRepository for SqlitePersistenceProvider {
async fn create_event_subscription(
&self,
subscription: &EventSubscription,
) -> Result<String> {
async fn create_event_subscription(&self, subscription: &EventSubscription) -> Result<String> {
let id = if subscription.id.is_empty() {
uuid::Uuid::new_v4().to_string()
} else {
@@ -776,18 +830,14 @@ impl SubscriptionRepository for SqlitePersistenceProvider {
}
async fn terminate_subscription(&self, subscription_id: &str) -> Result<()> {
let result = sqlx::query(
"UPDATE event_subscriptions SET terminated = 1 WHERE id = ?1",
)
.bind(subscription_id)
.execute(&self.pool)
.await
.map_err(to_persistence_err)?;
let result = sqlx::query("UPDATE event_subscriptions SET terminated = 1 WHERE id = ?1")
.bind(subscription_id)
.execute(&self.pool)
.await
.map_err(to_persistence_err)?;
if result.rows_affected() == 0 {
return Err(WfeError::SubscriptionNotFound(
subscription_id.to_string(),
));
return Err(WfeError::SubscriptionNotFound(subscription_id.to_string()));
}
Ok(())
}
@@ -860,20 +910,14 @@ impl SubscriptionRepository for SqlitePersistenceProvider {
.await
.map_err(to_persistence_err)?;
if exists.is_none() {
return Err(WfeError::SubscriptionNotFound(
subscription_id.to_string(),
));
return Err(WfeError::SubscriptionNotFound(subscription_id.to_string()));
}
return Ok(false);
}
Ok(true)
}
async fn clear_subscription_token(
&self,
subscription_id: &str,
token: &str,
) -> Result<()> {
async fn clear_subscription_token(&self, subscription_id: &str, token: &str) -> Result<()> {
let result = sqlx::query(
"UPDATE event_subscriptions
SET external_token = NULL, external_worker_id = NULL, external_token_expiry = NULL
@@ -886,9 +930,7 @@ impl SubscriptionRepository for SqlitePersistenceProvider {
.map_err(to_persistence_err)?;
if result.rows_affected() == 0 {
return Err(WfeError::SubscriptionNotFound(
subscription_id.to_string(),
));
return Err(WfeError::SubscriptionNotFound(subscription_id.to_string()));
}
Ok(())
}
@@ -937,13 +979,11 @@ impl EventRepository for SqlitePersistenceProvider {
async fn get_runnable_events(&self, as_at: DateTime<Utc>) -> Result<Vec<String>> {
let as_at_str = dt_to_string(&as_at);
let rows = sqlx::query(
"SELECT id FROM events WHERE is_processed = 0 AND event_time <= ?1",
)
.bind(&as_at_str)
.fetch_all(&self.pool)
.await
.map_err(to_persistence_err)?;
let rows = sqlx::query("SELECT id FROM events WHERE is_processed = 0 AND event_time <= ?1")
.bind(&as_at_str)
.fetch_all(&self.pool)
.await
.map_err(to_persistence_err)?;
rows.iter()
.map(|r| r.try_get("id").map_err(to_persistence_err))
@@ -1029,9 +1069,14 @@ impl ScheduledCommandRepository for SqlitePersistenceProvider {
async fn process_commands(
&self,
as_of: DateTime<Utc>,
handler: &(dyn Fn(ScheduledCommand) -> std::pin::Pin<Box<dyn std::future::Future<Output = Result<()>> + Send>>
+ Send
+ Sync),
handler: &(
dyn Fn(
ScheduledCommand,
)
-> std::pin::Pin<Box<dyn std::future::Future<Output = Result<()>> + Send>>
+ Send
+ Sync
),
) -> Result<()> {
let as_of_millis = as_of.timestamp_millis();

5
wfe-valkey/src/lifecycle.rs
View File

@@ -28,10 +28,7 @@ impl LifecyclePublisher for ValkeyLifecyclePublisher {
let mut conn = self.conn.clone();
let json = serde_json::to_string(&event)?;
let instance_channel = format!(
"{}:lifecycle:{}",
self.prefix, event.workflow_instance_id
);
let instance_channel = format!("{}:lifecycle:{}", self.prefix, event.workflow_instance_id);
let all_channel = format!("{}:lifecycle:all", self.prefix);
// Publish to the instance-specific channel.

24
wfe-valkey/tests/lifecycle.rs
View File

@@ -17,8 +17,9 @@ async fn publish_subscribe_round_trip() {
}
let prefix = format!("wfe_test_{}", uuid::Uuid::new_v4().simple());
let publisher =
wfe_valkey::ValkeyLifecyclePublisher::new("redis://localhost:6379", &prefix).await.unwrap();
let publisher = wfe_valkey::ValkeyLifecyclePublisher::new("redis://localhost:6379", &prefix)
.await
.unwrap();
let instance_id = "wf-lifecycle-test-1";
let channel = format!("{}:lifecycle:{}", prefix, instance_id);
@@ -42,12 +43,7 @@ async fn publish_subscribe_round_trip() {
// Small delay to ensure the subscription is active before publishing.
tokio::time::sleep(Duration::from_millis(200)).await;
let event = LifecycleEvent::new(
instance_id,
"def-1",
1,
LifecycleEventType::Started,
);
let event = LifecycleEvent::new(instance_id, "def-1", 1, LifecycleEventType::Started);
publisher.publish(event).await.unwrap();
// Wait for the message with a timeout.
@@ -71,8 +67,9 @@ async fn publish_to_all_channel() {
}
let prefix = format!("wfe_test_{}", uuid::Uuid::new_v4().simple());
let publisher =
wfe_valkey::ValkeyLifecyclePublisher::new("redis://localhost:6379", &prefix).await.unwrap();
let publisher = wfe_valkey::ValkeyLifecyclePublisher::new("redis://localhost:6379", &prefix)
.await
.unwrap();
let all_channel = format!("{}:lifecycle:all", prefix);
@@ -93,12 +90,7 @@ async fn publish_to_all_channel() {
tokio::time::sleep(Duration::from_millis(200)).await;
let event = LifecycleEvent::new(
"wf-all-test",
"def-1",
1,
LifecycleEventType::Completed,
);
let event = LifecycleEvent::new("wf-all-test", "def-1", 1, LifecycleEventType::Completed);
publisher.publish(event).await.unwrap();
let received = tokio::time::timeout(Duration::from_secs(5), rx.recv())

4
wfe-valkey/tests/lock.rs
View File

@@ -2,7 +2,9 @@ use wfe_core::lock_suite;
async fn make_provider() -> wfe_valkey::ValkeyLockProvider {
let prefix = format!("wfe_test_{}", uuid::Uuid::new_v4().simple());
wfe_valkey::ValkeyLockProvider::new("redis://localhost:6379", &prefix).await.unwrap()
wfe_valkey::ValkeyLockProvider::new("redis://localhost:6379", &prefix)
.await
.unwrap()
}
lock_suite!(make_provider);

4
wfe-valkey/tests/queue.rs
View File

@@ -2,7 +2,9 @@ use wfe_core::queue_suite;
async fn make_provider() -> wfe_valkey::ValkeyQueueProvider {
let prefix = format!("wfe_test_{}", uuid::Uuid::new_v4().simple());
wfe_valkey::ValkeyQueueProvider::new("redis://localhost:6379", &prefix).await.unwrap()
wfe_valkey::ValkeyQueueProvider::new("redis://localhost:6379", &prefix)
.await
.unwrap()
}
queue_suite!(make_provider);

114
wfe-yaml/src/compiler.rs
View File

@@ -7,21 +7,23 @@ use wfe_core::models::workflow_definition::{StepOutcome, WorkflowDefinition, Wor
use wfe_core::traits::StepBody;
use crate::error::YamlWorkflowError;
use crate::executors::shell::{ShellConfig, ShellStep};
#[cfg(feature = "deno")]
use crate::executors::deno::{DenoConfig, DenoPermissions, DenoStep};
use crate::executors::shell::{ShellConfig, ShellStep};
#[cfg(feature = "buildkit")]
use wfe_buildkit::{BuildkitConfig, BuildkitStep};
#[cfg(feature = "containerd")]
use wfe_containerd::{ContainerdConfig, ContainerdStep};
use wfe_core::models::condition::{ComparisonOp, FieldComparison, StepCondition};
use wfe_core::primitives::sub_workflow::SubWorkflowStep;
#[cfg(feature = "kubernetes")]
use wfe_kubernetes::{ClusterConfig, KubernetesStep, KubernetesStepConfig};
#[cfg(feature = "rustlang")]
use wfe_rustlang::{CargoCommand, CargoConfig, CargoStep, RustupCommand, RustupConfig, RustupStep};
#[cfg(feature = "kubernetes")]
use wfe_kubernetes::{ClusterConfig, KubernetesStepConfig, KubernetesStep};
use wfe_core::primitives::sub_workflow::SubWorkflowStep;
use wfe_core::models::condition::{ComparisonOp, FieldComparison, StepCondition};
use crate::schema::{WorkflowSpec, YamlCombinator, YamlComparison, YamlCondition, YamlErrorBehavior, YamlStep};
use crate::schema::{
WorkflowSpec, YamlCombinator, YamlComparison, YamlCondition, YamlErrorBehavior, YamlStep,
};
/// Configuration for a sub-workflow step.
#[derive(Debug, Clone, Serialize)]
@@ -43,7 +45,15 @@ pub struct CompiledWorkflow {
/// Compile a parsed WorkflowSpec into a CompiledWorkflow.
pub fn compile(spec: &WorkflowSpec) -> Result<CompiledWorkflow, YamlWorkflowError> {
let mut definition = WorkflowDefinition::new(&spec.id, spec.version);
definition.name = spec.name.clone();
definition.description = spec.description.clone();
definition.shared_volume =
spec.shared_volume
.as_ref()
.map(|v| wfe_core::models::SharedVolume {
mount_path: v.mount_path.clone(),
size: v.size.clone(),
});
if let Some(ref eb) = spec.error_behavior {
definition.default_error_behavior = map_error_behavior(eb)?;
@@ -77,10 +87,8 @@ fn compile_steps(
let container_id = *next_id;
*next_id += 1;
let mut container = WorkflowStep::new(
container_id,
"wfe_core::primitives::sequence::SequenceStep",
);
let mut container =
WorkflowStep::new(container_id, "wfe_core::primitives::sequence::SequenceStep");
container.name = Some(yaml_step.name.clone());
if let Some(ref eb) = yaml_step.error_behavior {
@@ -88,8 +96,7 @@ fn compile_steps(
}
// Compile children.
let child_ids =
compile_steps(parallel_children, definition, factories, next_id)?;
let child_ids = compile_steps(parallel_children, definition, factories, next_id)?;
container.children = child_ids;
// Compile condition if present.
@@ -104,10 +111,7 @@ fn compile_steps(
let step_id = *next_id;
*next_id += 1;
let step_type = yaml_step
.step_type
.as_deref()
.unwrap_or("shell");
let step_type = yaml_step.step_type.as_deref().unwrap_or("shell");
let (step_type_key, step_config_value, factory): (
String,
@@ -133,10 +137,7 @@ fn compile_steps(
let comp_id = *next_id;
*next_id += 1;
let on_failure_type = on_failure
.step_type
.as_deref()
.unwrap_or("shell");
let on_failure_type = on_failure.step_type.as_deref().unwrap_or("shell");
let (comp_key, comp_config_value, comp_factory) =
build_step_config_and_factory(on_failure, on_failure_type)?;
@@ -156,10 +157,7 @@ fn compile_steps(
let success_id = *next_id;
*next_id += 1;
let on_success_type = on_success
.step_type
.as_deref()
.unwrap_or("shell");
let on_success_type = on_success.step_type.as_deref().unwrap_or("shell");
let (success_key, success_config_value, success_factory) =
build_step_config_and_factory(on_success, on_success_type)?;
@@ -183,10 +181,7 @@ fn compile_steps(
let ensure_id = *next_id;
*next_id += 1;
let ensure_type = ensure
.step_type
.as_deref()
.unwrap_or("shell");
let ensure_type = ensure.step_type.as_deref().unwrap_or("shell");
let (ensure_key, ensure_config_value, ensure_factory) =
build_step_config_and_factory(ensure, ensure_type)?;
@@ -407,9 +402,7 @@ fn build_step_config_and_factory(
let config = build_shell_config(step)?;
let key = format!("wfe_yaml::shell::{}", step.name);
let value = serde_json::to_value(&config).map_err(|e| {
YamlWorkflowError::Compilation(format!(
"Failed to serialize shell config: {e}"
))
YamlWorkflowError::Compilation(format!("Failed to serialize shell config: {e}"))
})?;
let config_clone = config.clone();
let factory: StepFactory = Box::new(move || {
@@ -422,9 +415,7 @@ fn build_step_config_and_factory(
let config = build_deno_config(step)?;
let key = format!("wfe_yaml::deno::{}", step.name);
let value = serde_json::to_value(&config).map_err(|e| {
YamlWorkflowError::Compilation(format!(
"Failed to serialize deno config: {e}"
))
YamlWorkflowError::Compilation(format!("Failed to serialize deno config: {e}"))
})?;
let config_clone = config.clone();
let factory: StepFactory = Box::new(move || {
@@ -437,9 +428,7 @@ fn build_step_config_and_factory(
let config = build_buildkit_config(step)?;
let key = format!("wfe_yaml::buildkit::{}", step.name);
let value = serde_json::to_value(&config).map_err(|e| {
YamlWorkflowError::Compilation(format!(
"Failed to serialize buildkit config: {e}"
))
YamlWorkflowError::Compilation(format!("Failed to serialize buildkit config: {e}"))
})?;
let config_clone = config.clone();
let factory: StepFactory = Box::new(move || {
@@ -474,8 +463,10 @@ fn build_step_config_and_factory(
let step_config = config.0;
let cluster_config = config.1;
let factory: StepFactory = Box::new(move || {
Box::new(KubernetesStep::lazy(step_config.clone(), cluster_config.clone()))
as Box<dyn StepBody>
Box::new(KubernetesStep::lazy(
step_config.clone(),
cluster_config.clone(),
)) as Box<dyn StepBody>
});
Ok((key, value, factory))
}
@@ -486,9 +477,7 @@ fn build_step_config_and_factory(
let config = build_cargo_config(step, step_type)?;
let key = format!("wfe_yaml::cargo::{}", step.name);
let value = serde_json::to_value(&config).map_err(|e| {
YamlWorkflowError::Compilation(format!(
"Failed to serialize cargo config: {e}"
))
YamlWorkflowError::Compilation(format!("Failed to serialize cargo config: {e}"))
})?;
let config_clone = config.clone();
let factory: StepFactory = Box::new(move || {
@@ -501,9 +490,7 @@ fn build_step_config_and_factory(
let config = build_rustup_config(step, step_type)?;
let key = format!("wfe_yaml::rustup::{}", step.name);
let value = serde_json::to_value(&config).map_err(|e| {
YamlWorkflowError::Compilation(format!(
"Failed to serialize rustup config: {e}"
))
YamlWorkflowError::Compilation(format!("Failed to serialize rustup config: {e}"))
})?;
let config_clone = config.clone();
let factory: StepFactory = Box::new(move || {
@@ -534,9 +521,7 @@ fn build_step_config_and_factory(
let key = format!("wfe_yaml::workflow::{}", step.name);
let value = serde_json::to_value(&sub_config).map_err(|e| {
YamlWorkflowError::Compilation(format!(
"Failed to serialize workflow config: {e}"
))
YamlWorkflowError::Compilation(format!("Failed to serialize workflow config: {e}"))
})?;
let config_clone = sub_config.clone();
let factory: StepFactory = Box::new(move || {
@@ -603,10 +588,7 @@ fn build_deno_config(step: &YamlStep) -> Result<DenoConfig, YamlWorkflowError> {
fn build_shell_config(step: &YamlStep) -> Result<ShellConfig, YamlWorkflowError> {
let config = step.config.as_ref().ok_or_else(|| {
YamlWorkflowError::Compilation(format!(
"Step '{}' is missing 'config' section",
step.name
))
YamlWorkflowError::Compilation(format!("Step '{}' is missing 'config' section", step.name))
})?;
let run = config
@@ -634,10 +616,7 @@ fn build_shell_config(step: &YamlStep) -> Result<ShellConfig, YamlWorkflowError>
}
#[cfg(feature = "rustlang")]
fn build_cargo_config(
step: &YamlStep,
step_type: &str,
) -> Result<CargoConfig, YamlWorkflowError> {
fn build_cargo_config(step: &YamlStep, step_type: &str) -> Result<CargoConfig, YamlWorkflowError> {
let command = match step_type {
"cargo-build" => CargoCommand::Build,
"cargo-test" => CargoCommand::Test,
@@ -730,9 +709,7 @@ fn parse_duration_ms(s: &str) -> Option<u64> {
}
#[cfg(feature = "buildkit")]
fn build_buildkit_config(
step: &YamlStep,
) -> Result<BuildkitConfig, YamlWorkflowError> {
fn build_buildkit_config(step: &YamlStep) -> Result<BuildkitConfig, YamlWorkflowError> {
let config = step.config.as_ref().ok_or_else(|| {
YamlWorkflowError::Compilation(format!(
"BuildKit step '{}' is missing 'config' section",
@@ -805,9 +782,7 @@ fn build_buildkit_config(
}
#[cfg(feature = "containerd")]
fn build_containerd_config(
step: &YamlStep,
) -> Result<ContainerdConfig, YamlWorkflowError> {
fn build_containerd_config(step: &YamlStep) -> Result<ContainerdConfig, YamlWorkflowError> {
let config = step.config.as_ref().ok_or_else(|| {
YamlWorkflowError::Compilation(format!(
"Containerd step '{}' is missing 'config' section",
@@ -869,11 +844,17 @@ fn build_containerd_config(
env: config.env.clone(),
volumes,
working_dir: config.working_dir.clone(),
user: config.user.clone().unwrap_or_else(|| "65534:65534".to_string()),
user: config
.user
.clone()
.unwrap_or_else(|| "65534:65534".to_string()),
network: config.network.clone().unwrap_or_else(|| "none".to_string()),
memory: config.memory.clone(),
cpu: config.cpu.clone(),
pull: config.pull.clone().unwrap_or_else(|| "if-not-present".to_string()),
pull: config
.pull
.clone()
.unwrap_or_else(|| "if-not-present".to_string()),
containerd_addr: config
.containerd_addr
.clone()
@@ -909,6 +890,7 @@ fn build_kubernetes_config(
image,
command: config.command.clone(),
run: config.run.clone(),
shell: config.shell.clone(),
env: config.env.clone(),
working_dir: config.working_dir.clone(),
memory: config.memory.clone(),
@@ -944,9 +926,7 @@ fn compile_services(
}
} else {
// Default: TCP check on first port.
ReadinessCheck::TcpSocket(
yaml_svc.ports.first().copied().unwrap_or(0),
)
ReadinessCheck::TcpSocket(yaml_svc.ports.first().copied().unwrap_or(0))
};
let interval_ms = r

54
wfe-yaml/src/executors/deno/module_loader.rs
View File

@@ -96,15 +96,13 @@ impl ModuleLoader for WfeModuleLoader {
// Relative or bare path — resolve against referrer.
// This handles ./foo, ../foo, and /foo (absolute path on same origin, e.g. esm.sh redirects)
if specifier.starts_with("./")
|| specifier.starts_with("../")
|| specifier.starts_with('/')
if specifier.starts_with("./") || specifier.starts_with("../") || specifier.starts_with('/')
{
let base = ModuleSpecifier::parse(referrer)
.map_err(|e| JsErrorBox::generic(format!("Invalid referrer '{referrer}': {e}")))?;
let resolved = base
.join(specifier)
.map_err(|e| JsErrorBox::generic(format!("Failed to resolve '{specifier}': {e}")))?;
let resolved = base.join(specifier).map_err(|e| {
JsErrorBox::generic(format!("Failed to resolve '{specifier}': {e}"))
})?;
// Check permissions based on scheme.
match resolved.scheme() {
@@ -172,11 +170,9 @@ impl ModuleLoader for WfeModuleLoader {
.map_err(|e| JsErrorBox::new("PermissionError", e.to_string()))?;
}
let response = reqwest::get(&url)
.await
.map_err(|e| {
JsErrorBox::generic(format!("Failed to fetch module '{url}': {e}"))
})?;
let response = reqwest::get(&url).await.map_err(|e| {
JsErrorBox::generic(format!("Failed to fetch module '{url}': {e}"))
})?;
if !response.status().is_success() {
return Err(JsErrorBox::generic(format!(
@@ -224,9 +220,10 @@ impl ModuleLoader for WfeModuleLoader {
&specifier,
None,
))),
Err(e) => ModuleLoadResponse::Sync(Err(JsErrorBox::generic(
format!("Failed to read module '{}': {e}", path.display()),
))),
Err(e) => ModuleLoadResponse::Sync(Err(JsErrorBox::generic(format!(
"Failed to read module '{}': {e}",
path.display()
)))),
}
}
Err(e) => ModuleLoadResponse::Sync(Err(e)),
@@ -274,7 +271,11 @@ mod tests {
..Default::default()
});
let result = loader
.resolve("npm:lodash@4", "ext:wfe/bootstrap.js", ResolutionKind::Import)
.resolve(
"npm:lodash@4",
"ext:wfe/bootstrap.js",
ResolutionKind::Import,
)
.unwrap();
assert_eq!(result.as_str(), "https://esm.sh/lodash@4");
}
@@ -304,7 +305,12 @@ mod tests {
ResolutionKind::Import,
);
assert!(result.is_err());
assert!(result.unwrap_err().to_string().contains("Permission denied"));
assert!(
result
.unwrap_err()
.to_string()
.contains("Permission denied")
);
}
#[test]
@@ -320,10 +326,12 @@ mod tests {
ResolutionKind::DynamicImport,
);
assert!(result.is_err());
assert!(result
.unwrap_err()
.to_string()
.contains("Dynamic import is not allowed"));
assert!(
result
.unwrap_err()
.to_string()
.contains("Dynamic import is not allowed")
);
}
#[test]
@@ -361,11 +369,7 @@ mod tests {
..Default::default()
});
let result = loader
.resolve(
"./helper.js",
"file:///tmp/main.js",
ResolutionKind::Import,
)
.resolve("./helper.js", "file:///tmp/main.js", ResolutionKind::Import)
.unwrap();
assert_eq!(result.as_str(), "file:///tmp/helper.js");
}

2
wfe-yaml/src/executors/deno/ops/http.rs
View File

@@ -2,8 +2,8 @@ use std::cell::RefCell;
use std::collections::HashMap;
use std::rc::Rc;
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
use deno_error::JsErrorBox;
use serde::{Deserialize, Serialize};

19
wfe-yaml/src/executors/deno/ops/workflow.rs
View File

@@ -1,7 +1,7 @@
use std::collections::HashMap;
use deno_core::op2;
use deno_core::OpState;
use deno_core::op2;
/// Workflow data available to the script via `inputs()`.
pub struct WorkflowInputs {
@@ -28,11 +28,7 @@ pub fn op_inputs(state: &mut OpState) -> serde_json::Value {
/// Stores a key/value pair in the step outputs.
#[op2]
pub fn op_output(
state: &mut OpState,
#[string] key: String,
#[serde] value: serde_json::Value,
) {
pub fn op_output(state: &mut OpState, #[string] key: String, #[serde] value: serde_json::Value) {
let outputs = state.borrow_mut::<StepOutputs>();
outputs.map.insert(key, value);
}
@@ -56,7 +52,8 @@ pub async fn op_read_file(
{
let s = state.borrow();
let checker = s.borrow::<super::super::permissions::PermissionChecker>();
checker.check_read(&path)
checker
.check_read(&path)
.map_err(|e| deno_error::JsErrorBox::new("PermissionError", e.to_string()))?;
}
tokio::fs::read_to_string(&path)
@@ -66,7 +63,13 @@ pub async fn op_read_file(
deno_core::extension!(
wfe_ops,
ops = [op_inputs, op_output, op_log, op_read_file, super::http::op_fetch],
ops = [
op_inputs,
op_output,
op_log,
op_read_file,
super::http::op_fetch
],
esm_entry_point = "ext:wfe/bootstrap.js",
esm = ["ext:wfe/bootstrap.js" = "src/executors/deno/js/bootstrap.js"],
);

21
wfe-yaml/src/executors/deno/permissions.rs
View File

@@ -120,9 +120,9 @@ impl PermissionChecker {
/// Detect `..` path traversal components.
fn has_traversal(path: &str) -> bool {
Path::new(path).components().any(|c| {
matches!(c, std::path::Component::ParentDir)
})
Path::new(path)
.components()
.any(|c| matches!(c, std::path::Component::ParentDir))
}
}
@@ -130,12 +130,7 @@ impl PermissionChecker {
mod tests {
use super::*;
fn perms(
net: &[&str],
read: &[&str],
write: &[&str],
env: &[&str],
) -> PermissionChecker {
fn perms(net: &[&str], read: &[&str], write: &[&str], env: &[&str]) -> PermissionChecker {
PermissionChecker::from_config(&DenoPermissions {
net: net.iter().map(|s| s.to_string()).collect(),
read: read.iter().map(|s| s.to_string()).collect(),
@@ -182,9 +177,7 @@ mod tests {
#[test]
fn read_path_traversal_blocked() {
let checker = perms(&[], &["/tmp"], &[], &[]);
let err = checker
.check_read("/tmp/../../../etc/passwd")
.unwrap_err();
let err = checker.check_read("/tmp/../../../etc/passwd").unwrap_err();
assert_eq!(err.kind, "read");
assert!(err.resource.contains(".."));
}
@@ -205,9 +198,7 @@ mod tests {
#[test]
fn write_path_traversal_blocked() {
let checker = perms(&[], &[], &["/tmp/out"], &[]);
assert!(checker
.check_write("/tmp/out/../../etc/shadow")
.is_err());
assert!(checker.check_write("/tmp/out/../../etc/shadow").is_err());
}
#[test]

4
wfe-yaml/src/executors/deno/runtime.rs
View File

@@ -8,7 +8,7 @@ use wfe_core::WfeError;
use super::config::DenoConfig;
use super::module_loader::WfeModuleLoader;
use super::ops::workflow::{wfe_ops, StepMeta, StepOutputs, WorkflowInputs};
use super::ops::workflow::{StepMeta, StepOutputs, WorkflowInputs, wfe_ops};
use super::permissions::PermissionChecker;
/// Create a configured `JsRuntime` for executing a workflow step script.
@@ -61,8 +61,8 @@ pub fn would_auto_add_esm_sh(config: &DenoConfig) -> bool {
#[cfg(test)]
mod tests {
use super::*;
use super::super::config::DenoPermissions;
use super::*;
#[test]
fn create_runtime_succeeds() {

11
wfe-yaml/src/executors/deno/step.rs
View File

@@ -1,7 +1,7 @@
use async_trait::async_trait;
use wfe_core::WfeError;
use wfe_core::models::ExecutionResult;
use wfe_core::traits::step::{StepBody, StepExecutionContext};
use wfe_core::WfeError;
use super::config::DenoConfig;
use super::ops::workflow::StepOutputs;
@@ -95,7 +95,9 @@ impl StepBody for DenoStep {
/// Check if the source code uses ES module syntax or top-level await.
fn needs_module_evaluation(source: &str) -> bool {
// Top-level await requires module evaluation. ES import/export also require it.
source.contains("import ") || source.contains("import(") || source.contains("export ")
source.contains("import ")
|| source.contains("import(")
|| source.contains("export ")
|| source.contains("await ")
}
@@ -191,9 +193,8 @@ async fn run_module_inner(
"wfe:///inline-module.js".to_string()
};
let specifier = deno_core::ModuleSpecifier::parse(&module_url).map_err(|e| {
WfeError::StepExecution(format!("Invalid module URL '{module_url}': {e}"))
})?;
let specifier = deno_core::ModuleSpecifier::parse(&module_url)
.map_err(|e| WfeError::StepExecution(format!("Invalid module URL '{module_url}': {e}")))?;
let module_id = runtime
.load_main_es_module_from_code(&specifier, source.to_string())

Some files were not shown because too many files have changed in this diff Show More