From 4595db7a7a7149d50fc6b1cdb63ff0758898ebb0 Mon Sep 17 00:00:00 2001 From: MechaCat02 Date: Wed, 3 Jun 2026 21:44:12 +0200 Subject: [PATCH] chore(v1.1.5): version bumps, CI workflow, schema-snapshot un-ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Workspace 1.1.4 → 1.1.5; SDK 1.5 → 1.6; dashboard 0.10.0 → 0.11.0. - CHANGELOG v1.1.5 entry; CLAUDE.md runtime-config table gains PICLOUD_FILES_ROOT + PICLOUD_FILES_MAX_FILE_SIZE_BYTES. - schema_snapshot test: drop #[ignore] + #[sqlx::test]; run against DATABASE_URL when set, skip cleanly when absent. Re-blessed golden picks up files / files_trigger_details / pubsub_trigger_details, the two widened CHECKs, and the pubsub partial index. - First CI workflow (.github/workflows/ci.yml): postgres:15 service + fmt + clippy + cargo test --workspace; separate dashboard check job. - Add files/pubsub admin-trigger reject-coverage tests (module + cross-app + bad-pattern), mirroring the v1.1.3 regression set. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/ci.yml | 72 +++++ CHANGELOG.md | 71 +++++ CLAUDE.md | 2 + Cargo.lock | 18 +- Cargo.toml | 2 +- crates/manager-core/src/triggers_api.rs | 254 ++++++++++++++++++ crates/manager-core/tests/expected_schema.txt | 50 +++- crates/manager-core/tests/schema_snapshot.rs | 36 ++- crates/shared/src/version.rs | 12 +- dashboard/package.json | 2 +- 10 files changed, 499 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..fcfd6da --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,72 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + +env: + CARGO_TERM_COLOR: always + # Matches what docker-compose produces locally; the schema-snapshot + # guardrail and any other DB-backed tests run against this service. + DATABASE_URL: postgres://picloud:picloud@localhost:5432/picloud + +jobs: + rust: + name: Rust — fmt, clippy, test + runs-on: ubuntu-latest + services: + postgres: + image: postgres:15 + env: + POSTGRES_USER: picloud + POSTGRES_PASSWORD: picloud + POSTGRES_DB: picloud + ports: + - 5432:5432 + options: >- + --health-cmd "pg_isready -U picloud" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + steps: + - uses: actions/checkout@v4 + + # rust-toolchain.toml pins the channel; this action honors it. + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@stable + with: + components: rustfmt, clippy + + - name: Cache cargo + uses: Swatinem/rust-cache@v2 + + - name: Format check + run: cargo fmt --all -- --check + + - name: Clippy + run: cargo clippy --all-targets --all-features -- -D warnings + + # Runs the whole workspace, including the schema-snapshot guardrail + # (it picks up DATABASE_URL from the env above and the postgres + # service; without a DB it would skip cleanly). + - name: Test + run: cargo test --workspace + + dashboard: + name: Dashboard — check + runs-on: ubuntu-latest + defaults: + run: + working-directory: dashboard + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: npm + cache-dependency-path: dashboard/package-lock.json + - name: Install deps + run: npm ci + - name: Svelte check + run: npm run check diff --git a/CHANGELOG.md b/CHANGELOG.md index 0805a82..81a0593 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,76 @@ # PiCloud Changelog +## v1.1.5 — Files & Pub/Sub (unreleased) + +Two stateful services + two trigger kinds. **`files::*`** is +filesystem-backed blob storage (atomic writes, path-sharded layout, +single-pass SHA-256 with checksum-verified reads); the metadata row +lives in Postgres, the bytes on disk. **`pubsub::publish_durable`** is +durable pub/sub through the universal outbox, fanning out one delivery +row per matching subscriber **at publish time** inside a single +transaction. Both ride the v1.1.1 trigger framework as the fifth and +sixth concrete kinds via the established Layout-E extension pattern. + +### Added + +- **`files::collection(name).{create,head,get,update,delete,list}`** — + blob storage SDK. `create`/`update` take a Rhai `Blob`; `get` returns + a `Blob` (or `()` if missing); `head`/`list` return metadata maps + (`id, name, content_type, size, checksum, created_at, updated_at`). + `create`/`update`/`delete` throw on failure; `get`/`head` return `()` + for a missing file; `delete` returns a was-present bool. Missing + required field on `create` throws naming the field. +- **Atomic writes** — temp file → fsync → rename → fsync parent dir → + DB row, so a crash never leaves a readable half-written file. SHA-256 + is computed in a single pass during the write; `get` re-verifies it + and surfaces `FilesError::Corrupted` (logged with the path, never + auto-deleted) on a mismatch. Shard dirs are created `0o700`. +- **`files:*` trigger kind** — `ctx.event.files` carries the metadata + only (never the bytes; a handler that wants them calls + `files::collection(c).get(id)`). `prev` is `()` on create, the prior + metadata on update, the deleted metadata on delete. +- **`pubsub::publish_durable(topic, message)`** — durable publish. + Message is any JSON-serializable Rhai value; Blobs encode as base64 + (at any nesting depth). No matching subscriber → the publish succeeds + silently with zero outbox rows. +- **`pubsub:*` trigger kind** — topic patterns are exact, `.*`, + or `*`; mid-pattern wildcards are rejected at trigger creation. + `ctx.event.pubsub` carries `topic`, `message`, `published_at`. +- **`FilesService` + `PubsubService` traits** (`picloud-shared`) + + `FsFilesRepo`/`FilesServiceImpl` and `PostgresPubsubRepo`/ + `PubsubServiceImpl` (manager-core). Wired into the `Services` bundle + as `files` and `pubsub`. +- **Capabilities** `AppFilesRead`/`AppFilesWrite` → `script:read`/ + `script:write`, `AppPubsubPublish` → `script:write`. No new `Scope` + variant — the seven-scope commitment holds. Script-as-gate: skipped + when the script runs unauthenticated. +- **Admin files API** (`GET`/`DELETE /apps/{id}/files`) + dashboard + Files view per app; **Pub/Sub trigger form** on the Triggers tab. +- **CI** — first `.github/workflows/ci.yml` (Postgres service, fmt + + clippy + `cargo test --workspace`); the schema-snapshot guardrail now + runs instead of being `#[ignore]`'d. + +### Changed + +- Workspace version: 1.1.4 → 1.1.5 +- Rhai SDK version: 1.5 → 1.6 +- Dashboard version: 0.10.0 → 0.11.0 +- `schema_snapshot` test: no longer `#[ignore]`'d — runs against + `DATABASE_URL` when set, skips cleanly when absent. + +### Migrations + +- 0018_files.sql — `files` metadata table (bytes live on disk). +- 0019_files_triggers.sql — widen kind/source_kind CHECKs + add + `files_trigger_details`. +- 0020_pubsub_triggers.sql — widen kind/source_kind CHECKs + add + `pubsub_trigger_details` + partial index. + +### New environment variables + +- `PICLOUD_FILES_ROOT` (default `./data`) +- `PICLOUD_FILES_MAX_FILE_SIZE_BYTES` (default 100 MB) + ## v1.1.4 — Outbound HTTP & Cron triggers (unreleased) Two surfaces. **`http::*`** lets Rhai scripts make outbound HTTP diff --git a/CLAUDE.md b/CLAUDE.md index a1aacbb..95d365f 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -118,6 +118,8 @@ Environment variables consumed by the `picloud` binary: | `DATABASE_URL` | — | Required. Postgres connection string. | | `PICLOUD_SESSION_TTL_HOURS` | `24` | Sliding-window session lifetime. | | `PICLOUD_SANDBOX_MAX_*` | conservative defaults | Per-knob admin ceilings on Rhai sandbox overrides. See `manager-core::sandbox::SandboxCeiling`. | +| `PICLOUD_FILES_ROOT` | `./data` | Filesystem root for `files::*` blob storage (v1.1.5). Bytes live at `/files////`; metadata in Postgres. | +| `PICLOUD_FILES_MAX_FILE_SIZE_BYTES` | `104857600` (100 MB) | Per-file hard size cap for `files::*` (v1.1.5). Per-app quotas deferred to v1.2. | ## Out of MVP diff --git a/Cargo.lock b/Cargo.lock index 3307711..8d989b3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1610,7 +1610,7 @@ dependencies = [ [[package]] name = "picloud" -version = "1.1.4" +version = "1.1.5" dependencies = [ "anyhow", "async-trait", @@ -1636,7 +1636,7 @@ dependencies = [ [[package]] name = "picloud-cli" -version = "1.1.4" +version = "1.1.5" dependencies = [ "anyhow", "assert_cmd", @@ -1657,7 +1657,7 @@ dependencies = [ [[package]] name = "picloud-executor" -version = "1.1.4" +version = "1.1.5" dependencies = [ "anyhow", "picloud-executor-core", @@ -1669,7 +1669,7 @@ dependencies = [ [[package]] name = "picloud-executor-core" -version = "1.1.4" +version = "1.1.5" dependencies = [ "async-trait", "base64", @@ -1693,7 +1693,7 @@ dependencies = [ [[package]] name = "picloud-manager" -version = "1.1.4" +version = "1.1.5" dependencies = [ "anyhow", "picloud-manager-core", @@ -1705,7 +1705,7 @@ dependencies = [ [[package]] name = "picloud-manager-core" -version = "1.1.4" +version = "1.1.5" dependencies = [ "argon2", "async-trait", @@ -1733,7 +1733,7 @@ dependencies = [ [[package]] name = "picloud-orchestrator" -version = "1.1.4" +version = "1.1.5" dependencies = [ "anyhow", "picloud-orchestrator-core", @@ -1745,7 +1745,7 @@ dependencies = [ [[package]] name = "picloud-orchestrator-core" -version = "1.1.4" +version = "1.1.5" dependencies = [ "async-trait", "axum", @@ -1766,7 +1766,7 @@ dependencies = [ [[package]] name = "picloud-shared" -version = "1.1.4" +version = "1.1.5" dependencies = [ "async-trait", "chrono", diff --git a/Cargo.toml b/Cargo.toml index f2c38aa..36e112e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,7 @@ members = [ ] [workspace.package] -version = "1.1.4" +version = "1.1.5" edition = "2021" rust-version = "1.92" license = "MIT OR Apache-2.0" diff --git a/crates/manager-core/src/triggers_api.rs b/crates/manager-core/src/triggers_api.rs index a9ba63a..aac77e2 100644 --- a/crates/manager-core/src/triggers_api.rs +++ b/crates/manager-core/src/triggers_api.rs @@ -1739,4 +1739,258 @@ mod tests { .expect("endpoint target should succeed"); assert_eq!(status, StatusCode::CREATED); } + + // ---------------------------------------------------------------- + // v1.1.5: files + pubsub trigger create (Layout-E reject coverage). + // ---------------------------------------------------------------- + + fn files_req(script_id: ScriptId, glob: &str) -> CreateFilesTriggerRequest { + CreateFilesTriggerRequest { + script_id, + collection_glob: glob.into(), + ops: vec![FilesEventOp::Create], + dispatch_mode: TriggerDispatchMode::Async, + retry_max_attempts: None, + retry_backoff: None, + retry_base_ms: None, + } + } + + #[tokio::test] + async fn files_trigger_create_succeeds() { + let app_id = AppId::new(); + let script_id = ScriptId::new(); + let state = state_with_endpoint(Arc::new(AlwaysAllowAuthzRepo), app_id, script_id); + let (status, Json(trigger)) = create_files_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(files_req(script_id, "avatars")), + ) + .await + .unwrap(); + assert_eq!(status, StatusCode::CREATED); + assert!(matches!( + trigger.kind, + crate::trigger_repo::TriggerKind::Files + )); + match trigger.details { + TriggerDetails::Files { + collection_glob, + ops, + } => { + assert_eq!(collection_glob, "avatars"); + assert_eq!(ops, vec![FilesEventOp::Create]); + } + other => panic!("expected Files details, got {other:?}"), + } + } + + #[tokio::test] + async fn files_trigger_empty_glob_rejected() { + let app_id = AppId::new(); + let state = state_with(Arc::new(AlwaysAllowAuthzRepo), app_id); + let res = create_files_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(files_req(ScriptId::new(), " ")), + ) + .await; + assert!(matches!( + res.expect_err("empty glob"), + TriggersApiError::Invalid(_) + )); + } + + #[tokio::test] + async fn files_trigger_rejects_module_target() { + let app_id = AppId::new(); + let script_id = ScriptId::new(); + let state = TriggersState { + triggers: Arc::new(InMemoryTriggerRepo::default()), + apps: InMemoryAppRepo::with(app_id), + authz: Arc::new(AlwaysAllowAuthzRepo), + scripts: InMemoryScriptRepo::with_module(app_id, script_id), + config: TriggerConfig::conservative(), + }; + let res = create_files_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(files_req(script_id, "avatars")), + ) + .await; + let msg = match res.expect_err("module rejected") { + TriggersApiError::Invalid(m) => m, + other => panic!("expected Invalid, got {other:?}"), + }; + assert!(msg.to_lowercase().contains("module")); + } + + #[tokio::test] + async fn files_trigger_rejects_cross_app_script() { + let app_a = AppId::new(); + let app_b = AppId::new(); + let script_id = ScriptId::new(); + let state = TriggersState { + triggers: Arc::new(InMemoryTriggerRepo::default()), + apps: InMemoryAppRepo::with(app_a), + authz: Arc::new(AlwaysAllowAuthzRepo), + scripts: InMemoryScriptRepo::with_endpoint(app_b, script_id), + config: TriggerConfig::conservative(), + }; + let res = create_files_trigger( + State(state), + Extension(member_principal()), + Path(app_a), + Json(files_req(script_id, "avatars")), + ) + .await; + let msg = match res.expect_err("cross-app rejected") { + TriggersApiError::Invalid(m) => m, + other => panic!("expected Invalid, got {other:?}"), + }; + assert!(msg.to_lowercase().contains("does not belong")); + } + + #[tokio::test] + async fn files_trigger_member_without_role_is_forbidden() { + let app_id = AppId::new(); + let state = state_with(Arc::new(AlwaysDenyAuthzRepo), app_id); + let res = create_files_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(files_req(ScriptId::new(), "avatars")), + ) + .await; + assert!(matches!( + res.expect_err("forbidden"), + TriggersApiError::Forbidden + )); + } + + fn pubsub_req(script_id: ScriptId, pattern: &str) -> CreatePubsubTriggerRequest { + CreatePubsubTriggerRequest { + script_id, + topic_pattern: pattern.into(), + dispatch_mode: TriggerDispatchMode::Async, + retry_max_attempts: None, + retry_backoff: None, + retry_base_ms: None, + } + } + + #[tokio::test] + async fn pubsub_trigger_create_succeeds() { + let app_id = AppId::new(); + let script_id = ScriptId::new(); + let state = state_with_endpoint(Arc::new(AlwaysAllowAuthzRepo), app_id, script_id); + let (status, Json(trigger)) = create_pubsub_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(pubsub_req(script_id, "user.*")), + ) + .await + .unwrap(); + assert_eq!(status, StatusCode::CREATED); + match trigger.details { + TriggerDetails::Pubsub { topic_pattern } => assert_eq!(topic_pattern, "user.*"), + other => panic!("expected Pubsub details, got {other:?}"), + } + } + + #[tokio::test] + async fn pubsub_trigger_rejects_bad_pattern() { + let app_id = AppId::new(); + let script_id = ScriptId::new(); + let state = state_with_endpoint(Arc::new(AlwaysAllowAuthzRepo), app_id, script_id); + for bad in ["*.created", "a.*.b", "**"] { + let res = create_pubsub_trigger( + State(state.clone()), + Extension(member_principal()), + Path(app_id), + Json(pubsub_req(script_id, bad)), + ) + .await; + let msg = match res.expect_err("bad pattern") { + TriggersApiError::Invalid(m) => m, + other => panic!("expected Invalid, got {other:?}"), + }; + assert!( + msg.contains("unsupported pubsub topic pattern"), + "got {msg} for {bad}" + ); + } + } + + #[tokio::test] + async fn pubsub_trigger_rejects_module_target() { + let app_id = AppId::new(); + let script_id = ScriptId::new(); + let state = TriggersState { + triggers: Arc::new(InMemoryTriggerRepo::default()), + apps: InMemoryAppRepo::with(app_id), + authz: Arc::new(AlwaysAllowAuthzRepo), + scripts: InMemoryScriptRepo::with_module(app_id, script_id), + config: TriggerConfig::conservative(), + }; + let res = create_pubsub_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(pubsub_req(script_id, "user.*")), + ) + .await; + let msg = match res.expect_err("module rejected") { + TriggersApiError::Invalid(m) => m, + other => panic!("expected Invalid, got {other:?}"), + }; + assert!(msg.to_lowercase().contains("module")); + } + + #[tokio::test] + async fn pubsub_trigger_rejects_cross_app_script() { + let app_a = AppId::new(); + let app_b = AppId::new(); + let script_id = ScriptId::new(); + let state = TriggersState { + triggers: Arc::new(InMemoryTriggerRepo::default()), + apps: InMemoryAppRepo::with(app_a), + authz: Arc::new(AlwaysAllowAuthzRepo), + scripts: InMemoryScriptRepo::with_endpoint(app_b, script_id), + config: TriggerConfig::conservative(), + }; + let res = create_pubsub_trigger( + State(state), + Extension(member_principal()), + Path(app_a), + Json(pubsub_req(script_id, "user.*")), + ) + .await; + let msg = match res.expect_err("cross-app rejected") { + TriggersApiError::Invalid(m) => m, + other => panic!("expected Invalid, got {other:?}"), + }; + assert!(msg.to_lowercase().contains("does not belong")); + } + + #[tokio::test] + async fn pubsub_trigger_member_without_role_is_forbidden() { + let app_id = AppId::new(); + let state = state_with(Arc::new(AlwaysDenyAuthzRepo), app_id); + let res = create_pubsub_trigger( + State(state), + Extension(member_principal()), + Path(app_id), + Json(pubsub_req(ScriptId::new(), "user.*")), + ) + .await; + assert!(matches!( + res.expect_err("forbidden"), + TriggersApiError::Forbidden + )); + } } diff --git a/crates/manager-core/tests/expected_schema.txt b/crates/manager-core/tests/expected_schema.txt index c444b4a..7eaab9c 100644 --- a/crates/manager-core/tests/expected_schema.txt +++ b/crates/manager-core/tests/expected_schema.txt @@ -128,6 +128,22 @@ table: execution_logs created_at: timestamp with time zone NOT NULL default=now() app_id: uuid NOT NULL +table: files + app_id: uuid NOT NULL + collection: text NOT NULL + id: uuid NOT NULL + name: text NOT NULL + content_type: text NOT NULL + size_bytes: bigint NOT NULL + checksum_sha256: text NOT NULL + created_at: timestamp with time zone NOT NULL default=now() + updated_at: timestamp with time zone NOT NULL default=now() + +table: files_trigger_details + trigger_id: uuid NOT NULL + collection_glob: text NOT NULL + ops: ARRAY NOT NULL + table: kv_entries app_id: uuid NOT NULL collection: text NOT NULL @@ -158,6 +174,10 @@ table: outbox claimed_by: text NULL created_at: timestamp with time zone NOT NULL default=now() +table: pubsub_trigger_details + trigger_id: uuid NOT NULL + topic_pattern: text NOT NULL + table: routes id: uuid NOT NULL default=gen_random_uuid() script_id: uuid NOT NULL @@ -268,6 +288,13 @@ indexes on execution_logs: execution_logs_pkey: public.execution_logs USING btree (id) execution_logs_script_id_created_at_idx: public.execution_logs USING btree (script_id, created_at DESC) +indexes on files: + files_pkey: public.files USING btree (app_id, collection, id) + idx_files_app_collection: public.files USING btree (app_id, collection) + +indexes on files_trigger_details: + files_trigger_details_pkey: public.files_trigger_details USING btree (trigger_id) + indexes on kv_entries: idx_kv_entries_app_collection: public.kv_entries USING btree (app_id, collection) kv_entries_pkey: public.kv_entries USING btree (app_id, collection, key) @@ -280,6 +307,9 @@ indexes on outbox: idx_outbox_due: public.outbox USING btree (next_attempt_at) WHERE (claimed_at IS NULL) outbox_pkey: public.outbox USING btree (id) +indexes on pubsub_trigger_details: + pubsub_trigger_details_pkey: public.pubsub_trigger_details USING btree (trigger_id) + indexes on routes: routes_app_id_idx: public.routes USING btree (app_id) routes_lookup_idx: public.routes USING btree (host_kind, host) @@ -300,6 +330,7 @@ indexes on scripts: indexes on triggers: idx_triggers_app_kind_enabled: public.triggers USING btree (app_id, kind) WHERE (enabled = true) + idx_triggers_app_pubsub_enabled: public.triggers USING btree (app_id, kind) WHERE ((enabled = true) AND (kind = 'pubsub'::text)) triggers_pkey: public.triggers USING btree (id) ## constraints @@ -370,6 +401,14 @@ constraints on execution_logs: [FOREIGN KEY] execution_logs_script_id_fkey: FOREIGN KEY (script_id) REFERENCES scripts(id) ON DELETE CASCADE [PRIMARY KEY] execution_logs_pkey: PRIMARY KEY (id) +constraints on files: + [FOREIGN KEY] files_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE + [PRIMARY KEY] files_pkey: PRIMARY KEY (app_id, collection, id) + +constraints on files_trigger_details: + [FOREIGN KEY] files_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE + [PRIMARY KEY] files_trigger_details_pkey: PRIMARY KEY (trigger_id) + constraints on kv_entries: [FOREIGN KEY] kv_entries_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE [PRIMARY KEY] kv_entries_pkey: PRIMARY KEY (app_id, collection, key) @@ -379,10 +418,14 @@ constraints on kv_trigger_details: [PRIMARY KEY] kv_trigger_details_pkey: PRIMARY KEY (trigger_id) constraints on outbox: - [CHECK] outbox_source_kind_check: CHECK ((source_kind = ANY (ARRAY['http'::text, 'kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text]))) + [CHECK] outbox_source_kind_check: CHECK ((source_kind = ANY (ARRAY['http'::text, 'kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text, 'files'::text, 'pubsub'::text]))) [FOREIGN KEY] outbox_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE [PRIMARY KEY] outbox_pkey: PRIMARY KEY (id) +constraints on pubsub_trigger_details: + [FOREIGN KEY] pubsub_trigger_details_trigger_id_fkey: FOREIGN KEY (trigger_id) REFERENCES triggers(id) ON DELETE CASCADE + [PRIMARY KEY] pubsub_trigger_details_pkey: PRIMARY KEY (trigger_id) + constraints on routes: [CHECK] routes_dispatch_mode_check: CHECK ((dispatch_mode = ANY (ARRAY['sync'::text, 'async'::text]))) [CHECK] routes_host_kind_check: CHECK ((host_kind = ANY (ARRAY['any'::text, 'strict'::text, 'wildcard'::text]))) @@ -407,7 +450,7 @@ constraints on scripts: constraints on triggers: [CHECK] triggers_dispatch_mode_check: CHECK ((dispatch_mode = ANY (ARRAY['sync'::text, 'async'::text]))) - [CHECK] triggers_kind_check: CHECK ((kind = ANY (ARRAY['kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text]))) + [CHECK] triggers_kind_check: CHECK ((kind = ANY (ARRAY['kv'::text, 'dead_letter'::text, 'docs'::text, 'cron'::text, 'files'::text, 'pubsub'::text]))) [CHECK] triggers_retry_backoff_check: CHECK ((retry_backoff = ANY (ARRAY['exponential'::text, 'linear'::text, 'constant'::text]))) [FOREIGN KEY] triggers_app_id_fkey: FOREIGN KEY (app_id) REFERENCES apps(id) ON DELETE CASCADE [FOREIGN KEY] triggers_registered_by_principal_fkey: FOREIGN KEY (registered_by_principal) REFERENCES admin_users(id) ON DELETE CASCADE @@ -432,3 +475,6 @@ constraints on triggers: 0015: scripts kind 0016: script imports 0017: cron triggers + 0018: files + 0019: files triggers + 0020: pubsub triggers diff --git a/crates/manager-core/tests/schema_snapshot.rs b/crates/manager-core/tests/schema_snapshot.rs index dacf5e5..bacf9b0 100644 --- a/crates/manager-core/tests/schema_snapshot.rs +++ b/crates/manager-core/tests/schema_snapshot.rs @@ -25,22 +25,46 @@ //! //! Review the resulting diff in the same PR as the new migration. //! -//! Like the orchestrator integration tests, this is `#[ignore]`'d by -//! default so plain `cargo test --workspace` stays green without -//! infrastructure. +//! v1.1.5: this test is no longer `#[ignore]`'d. It runs whenever +//! `DATABASE_URL` is set (CI wires a `postgres:15` service) and **skips +//! cleanly** when it's absent, so plain `cargo test --workspace` stays +//! green on machines without Postgres. Unlike the previous +//! `#[sqlx::test]` form (which spun up an isolated throwaway database), +//! it now applies the migrations against the `DATABASE_URL` database +//! directly — migrations are forward-only and idempotent, and CI's +//! Postgres is fresh, so the structural dump is identical either way. use std::fmt::Write as _; use std::path::PathBuf; +use sqlx::postgres::PgPoolOptions; use sqlx::{PgPool, Row}; const SCHEMA: &str = "public"; const SNAPSHOT_PATH: &str = "tests/expected_schema.txt"; -#[ignore = "needs DATABASE_URL pointing at a running Postgres"] -#[sqlx::test(migrations = "./migrations")] -async fn schema_after_replay_matches_snapshot(pool: PgPool) { +#[tokio::test] +async fn schema_after_replay_matches_snapshot() { + // Skip cleanly when DATABASE_URL is unset so `cargo test --workspace` + // stays green without Postgres. CI sets it (postgres:15 service). + let Ok(url) = std::env::var("DATABASE_URL") else { + eprintln!( + "schema_snapshot: DATABASE_URL unset — skipping. Set it (e.g. \ + postgres://picloud:picloud@localhost:5432/picloud) to run this guardrail." + ); + return; + }; + let pool = PgPoolOptions::new() + .max_connections(1) + .connect(&url) + .await + .expect("connect to DATABASE_URL"); + sqlx::migrate!("./migrations") + .run(&pool) + .await + .expect("apply migrations"); + let actual = dump_schema(&pool).await; let snapshot_file = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join(SNAPSHOT_PATH); diff --git a/crates/shared/src/version.rs b/crates/shared/src/version.rs index 42c82d7..d86bd1c 100644 --- a/crates/shared/src/version.rs +++ b/crates/shared/src/version.rs @@ -39,7 +39,17 @@ pub const PRODUCT_VERSION: &str = env!("CARGO_PKG_VERSION"); /// SSRF deny-list on the resolved IP); `ctx.event.cron` for cron-trigger /// handlers (carries `schedule`, `timezone`, `scheduled_at`, `fired_at`). /// The `Services` bundle gains `http: Arc`. -pub const SDK_VERSION: &str = "1.5"; +/// +/// 1.6 additions (v1.1.5): +/// `files::collection(name).{create,head,get,update,delete,list}` — +/// filesystem-backed blob storage (blobs in/out; metadata maps; +/// checksum-verified reads) with `ctx.event.files` for files-trigger +/// handlers (metadata only, never the bytes); and +/// `pubsub::publish_durable(topic, message)` — durable pub/sub with +/// publish-time fan-out and `ctx.event.pubsub` for pubsub-trigger +/// handlers. The `Services` bundle gains `files: Arc` +/// and `pubsub: Arc`. +pub const SDK_VERSION: &str = "1.6"; /// HTTP API major version. Appears in URL paths as `/api/v{N}/...`. /// Bump (new integer + new URL prefix) when the request/response diff --git a/dashboard/package.json b/dashboard/package.json index 85bb210..ef89a4d 100644 --- a/dashboard/package.json +++ b/dashboard/package.json @@ -1,6 +1,6 @@ { "name": "picloud-dashboard", - "version": "0.10.0", + "version": "0.11.0", "private": true, "type": "module", "scripts": {