tenseleyflow/shithub / 1bfb40f

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+-- name: GetRepoVariable :one

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+FROM actions_variables

+WHERE repo_id = $1 AND name = $2;

+

+-- name: GetOrgVariable :one

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+FROM actions_variables

+WHERE org_id = $1 AND name = $2;

+

+const getOrgVariable = `-- name: GetOrgVariable :one

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+FROM actions_variables

+WHERE org_id = $1 AND name = $2

+`

+

+type GetOrgVariableParams struct {

+	OrgID pgtype.Int8

+	Name  string

+}

+

+type GetOrgVariableRow struct {

+	ID              int64

+	Name            string

+	Value           string

+	CreatedByUserID pgtype.Int8

+	CreatedAt       pgtype.Timestamptz

+	UpdatedAt       pgtype.Timestamptz

+}

+

+func (q *Queries) GetOrgVariable(ctx context.Context, db DBTX, arg GetOrgVariableParams) (GetOrgVariableRow, error) {

+	row := db.QueryRow(ctx, getOrgVariable, arg.OrgID, arg.Name)

+	var i GetOrgVariableRow

+	err := row.Scan(

+		&i.ID,

+		&i.Name,

+		&i.Value,

+		&i.CreatedByUserID,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+const getRepoVariable = `-- name: GetRepoVariable :one

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+FROM actions_variables

+WHERE repo_id = $1 AND name = $2

+`

+

+type GetRepoVariableParams struct {

+	RepoID pgtype.Int8

+	Name   string

+}

+

+type GetRepoVariableRow struct {

+	ID              int64

+	Name            string

+	Value           string

+	CreatedByUserID pgtype.Int8

+	CreatedAt       pgtype.Timestamptz

+	UpdatedAt       pgtype.Timestamptz

+}

+

+func (q *Queries) GetRepoVariable(ctx context.Context, db DBTX, arg GetRepoVariableParams) (GetRepoVariableRow, error) {

+	row := db.QueryRow(ctx, getRepoVariable, arg.RepoID, arg.Name)

+	var i GetRepoVariableRow

+	err := row.Scan(

+		&i.ID,

+		&i.Name,

+		&i.Value,

+		&i.CreatedByUserID,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+	ID              int64

+	Name            string

+	Value           string

+	CreatedByUserID pgtype.Int8

+	CreatedAt       pgtype.Timestamptz

+	UpdatedAt       pgtype.Timestamptz

+			&i.CreatedByUserID,

+SELECT id, name, value, created_by_user_id, created_at, updated_at

+	ID              int64

+	Name            string

+	Value           string

+	CreatedByUserID pgtype.Int8

+	CreatedAt       pgtype.Timestamptz

+	UpdatedAt       pgtype.Timestamptz

+			&i.CreatedByUserID,

+	GetOrgVariable(ctx context.Context, db DBTX, arg GetOrgVariableParams) (GetOrgVariableRow, error)

+	GetRepoVariable(ctx context.Context, db DBTX, arg GetRepoVariableParams) (GetRepoVariableRow, error)

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package variables owns the orchestrator over `actions_variables`.

+// Variables are non-secret, plaintext configuration surfaced to workflows

+// through the `${{ vars.NAME }}` namespace. They share the same repo/org

+// scoping rules as actions secrets, but List/Get intentionally return values

+// because these rows are not sensitive and are operator-visible in settings UI.

+package variables

+

+import (

+	"context"

+	"errors"

+	"fmt"

+	"regexp"

+	"unicode/utf8"

+

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgtype"

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	actionsdb "github.com/tenseleyFlow/shithub/internal/actions/sqlc"

+)

+

+// MaxValueChars mirrors the actions_variables_value_length CHECK constraint.

+const MaxValueChars = 4096

+

+// Deps wires the store against runtime infra.

+type Deps struct {

+	Pool *pgxpool.Pool

+}

+

+// Scope identifies which `actions_variables` row family a call targets.

+// Construct via RepoScope or OrgScope; RepoID and OrgID are mutually

+// exclusive (the table CHECK constraint enforces this server-side).

+type Scope struct {

+	RepoID int64

+	OrgID  int64

+}

+

+// RepoScope returns a repo-scoped Scope. Repo variables are visible only

+// to workflows running in that repo.

+func RepoScope(id int64) Scope { return Scope{RepoID: id} }

+

+// OrgScope returns an org-scoped Scope. Org variables are visible to

+// workflows running in any repo owned by the org.

+func OrgScope(id int64) Scope { return Scope{OrgID: id} }

+

+// IsRepo reports whether the scope addresses a repo. Mutex with IsOrg.

+func (s Scope) IsRepo() bool { return s.RepoID != 0 && s.OrgID == 0 }

+

+// IsOrg reports whether the scope addresses an org. Mutex with IsRepo.

+func (s Scope) IsOrg() bool { return s.OrgID != 0 && s.RepoID == 0 }

+

+// Variable is the public listing/lookup shape. Values are intentionally

+// present because variables are not secrets; use the secrets package for

+// sensitive data that must never render in the web UI.

+type Variable struct {

+	ID              int64

+	Name            string

+	Value           string

+	CreatedByUserID int64 // 0 when null

+	CreatedAt       pgtype.Timestamptz

+	UpdatedAt       pgtype.Timestamptz

+}

+

+// Errors surfaced by the store. Callers (web handlers, runner API)

+// map these to HTTP status codes.

+var (

+	// ErrInvalidScope: zero-or-both Scope fields. Programmer error.

+	ErrInvalidScope = errors.New("variables: scope must address exactly one of RepoID or OrgID")

+	// ErrInvalidName: name doesn't match the regex. User-recoverable.

+	ErrInvalidName = errors.New("variables: name must match ^[A-Za-z_][A-Za-z0-9_]*$ and be 1..100 chars")

+	// ErrValueTooLong: values are plaintext config, capped to keep UI and

+	// expression-eval memory bounded.

+	ErrValueTooLong = errors.New("variables: value must be 4096 chars or fewer")

+	// ErrNotFound: no row with the given name in this scope.

+	ErrNotFound = errors.New("variables: not found")

+)

+

+// nameRe mirrors the actions_variables_name_format CHECK in migration 0049.

+var nameRe = regexp.MustCompile(`^[A-Za-z_][A-Za-z0-9_]*$`)

+

+func validateName(name string) error {

+	if len(name) < 1 || len(name) > 100 {

+		return ErrInvalidName

+	}

+	if !nameRe.MatchString(name) {

+		return ErrInvalidName

+	}

+	return nil

+}

+

+func validateValue(value string) error {

+	if utf8.RuneCountInString(value) > MaxValueChars {

+		return ErrValueTooLong

+	}

+	return nil

+}

+

+// Set creates or updates a variable in scope. Empty string is valid:

+// `${{ vars.MISSING }}` already resolves to empty string, and operators may

+// intentionally pin the same value explicitly.

+func (d Deps) Set(ctx context.Context, scope Scope, name, value string, createdBy int64) error {

+	if !scope.IsRepo() && !scope.IsOrg() {

+		return ErrInvalidScope

+	}

+	if err := validateName(name); err != nil {

+		return err

+	}

+	if err := validateValue(value); err != nil {

+		return err

+	}

+	q := actionsdb.New()

+	creator := pgtype.Int8{Int64: createdBy, Valid: createdBy != 0}

+	switch {

+	case scope.IsRepo():

+		_, err := q.UpsertRepoVariable(ctx, d.Pool, actionsdb.UpsertRepoVariableParams{

+			RepoID:          pgtype.Int8{Int64: scope.RepoID, Valid: true},

+			Name:            name,

+			Value:           value,

+			CreatedByUserID: creator,

+		})

+		if err != nil {

+			return fmt.Errorf("variables: upsert repo: %w", err)

+		}

+	case scope.IsOrg():

+		_, err := q.UpsertOrgVariable(ctx, d.Pool, actionsdb.UpsertOrgVariableParams{

+			OrgID:           pgtype.Int8{Int64: scope.OrgID, Valid: true},

+			Name:            name,

+			Value:           value,

+			CreatedByUserID: creator,

+		})

+		if err != nil {

+			return fmt.Errorf("variables: upsert org: %w", err)

+		}

+	}

+	return nil

+}

+

+// Get returns one plaintext variable by name.

+func (d Deps) Get(ctx context.Context, scope Scope, name string) (Variable, error) {

+	if !scope.IsRepo() && !scope.IsOrg() {

+		return Variable{}, ErrInvalidScope

+	}

+	if err := validateName(name); err != nil {

+		return Variable{}, err

+	}

+	q := actionsdb.New()

+	switch {

+	case scope.IsRepo():

+		row, err := q.GetRepoVariable(ctx, d.Pool, actionsdb.GetRepoVariableParams{

+			RepoID: pgtype.Int8{Int64: scope.RepoID, Valid: true},

+			Name:   name,

+		})

+		if err != nil {

+			return Variable{}, mapGetErr(err)

+		}

+		return Variable{

+			ID:              row.ID,

+			Name:            row.Name,

+			Value:           row.Value,

+			CreatedByUserID: int64ValueOrZero(row.CreatedByUserID),

+			CreatedAt:       row.CreatedAt,

+			UpdatedAt:       row.UpdatedAt,

+		}, nil

+	case scope.IsOrg():

+		row, err := q.GetOrgVariable(ctx, d.Pool, actionsdb.GetOrgVariableParams{

+			OrgID: pgtype.Int8{Int64: scope.OrgID, Valid: true},

+			Name:  name,

+		})

+		if err != nil {

+			return Variable{}, mapGetErr(err)

+		}

+		return Variable{

+			ID:              row.ID,

+			Name:            row.Name,

+			Value:           row.Value,

+			CreatedByUserID: int64ValueOrZero(row.CreatedByUserID),

+			CreatedAt:       row.CreatedAt,

+			UpdatedAt:       row.UpdatedAt,

+		}, nil

+	}

+	return Variable{}, ErrInvalidScope

+}

+

+// List returns every variable in scope, sorted ascending for stable UI

+// rendering.

+func (d Deps) List(ctx context.Context, scope Scope) ([]Variable, error) {

+	if !scope.IsRepo() && !scope.IsOrg() {

+		return nil, ErrInvalidScope

+	}

+	q := actionsdb.New()

+	switch {

+	case scope.IsRepo():

+		rows, err := q.ListRepoVariables(ctx, d.Pool, pgtype.Int8{Int64: scope.RepoID, Valid: true})

+		if err != nil {

+			return nil, fmt.Errorf("variables: list repo: %w", err)

+		}

+		out := make([]Variable, len(rows))

+		for i, r := range rows {

+			out[i] = Variable{

+				ID:              r.ID,

+				Name:            r.Name,

+				Value:           r.Value,

+				CreatedByUserID: int64ValueOrZero(r.CreatedByUserID),

+				CreatedAt:       r.CreatedAt,

+				UpdatedAt:       r.UpdatedAt,

+			}

+		}

+		return out, nil

+	case scope.IsOrg():

+		rows, err := q.ListOrgVariables(ctx, d.Pool, pgtype.Int8{Int64: scope.OrgID, Valid: true})

+		if err != nil {

+			return nil, fmt.Errorf("variables: list org: %w", err)

+		}

+		out := make([]Variable, len(rows))

+		for i, r := range rows {

+			out[i] = Variable{

+				ID:              r.ID,

+				Name:            r.Name,

+				Value:           r.Value,

+				CreatedByUserID: int64ValueOrZero(r.CreatedByUserID),

+				CreatedAt:       r.CreatedAt,

+				UpdatedAt:       r.UpdatedAt,

+			}

+		}

+		return out, nil

+	}

+	return nil, ErrInvalidScope

+}

+

+// Delete removes a variable. Missing rows are treated as success so callers

+// can use Delete for cleanup without a read-before-write race.

+func (d Deps) Delete(ctx context.Context, scope Scope, name string) error {

+	if !scope.IsRepo() && !scope.IsOrg() {

+		return ErrInvalidScope

+	}

+	if err := validateName(name); err != nil {

+		return err

+	}

+	q := actionsdb.New()

+	switch {

+	case scope.IsRepo():

+		return q.DeleteRepoVariable(ctx, d.Pool, actionsdb.DeleteRepoVariableParams{

+			RepoID: pgtype.Int8{Int64: scope.RepoID, Valid: true},

+			Name:   name,

+		})

+	case scope.IsOrg():

+		return q.DeleteOrgVariable(ctx, d.Pool, actionsdb.DeleteOrgVariableParams{

+			OrgID: pgtype.Int8{Int64: scope.OrgID, Valid: true},

+			Name:  name,

+		})

+	}

+	return ErrInvalidScope

+}

+

+func mapGetErr(err error) error {

+	if errors.Is(err, pgx.ErrNoRows) {

+		return ErrNotFound

+	}

+	return fmt.Errorf("variables: get: %w", err)

+}

+

+func int64ValueOrZero(p pgtype.Int8) int64 {

+	if p.Valid {

+		return p.Int64

+	}

+	return 0

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package variables_test

+

+import (

+	"context"

+	"errors"

+	"strings"

+	"testing"

+

+	"github.com/jackc/pgx/v5/pgtype"

+

+	"github.com/tenseleyFlow/shithub/internal/actions/variables"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	reposdb "github.com/tenseleyFlow/shithub/internal/repos/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"

+	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"

+)

+

+const fixtureHash = "$argon2id$v=19$m=16384,t=1,p=1$" +

+	"AAAAAAAAAAAAAAAA$" +

+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

+

+type fx struct {

+	deps   variables.Deps

+	repoID int64

+	orgID  int64

+	userID int64

+}

+

+func setup(t *testing.T) fx {

+	t.Helper()

+	pool := dbtest.NewTestDB(t)

+	ctx := context.Background()

+

+	user, err := usersdb.New().CreateUser(ctx, pool, usersdb.CreateUserParams{

+		Username: "alice", DisplayName: "Alice", PasswordHash: fixtureHash,

+	})

+	if err != nil {

+		t.Fatalf("CreateUser: %v", err)

+	}

+	repo, err := reposdb.New().CreateRepo(ctx, pool, reposdb.CreateRepoParams{

+		OwnerUserID:   pgtype.Int8{Int64: user.ID, Valid: true},

+		Name:          "demo",

+		DefaultBranch: "trunk",

+		Visibility:    reposdb.RepoVisibilityPublic,

+	})

+	if err != nil {

+		t.Fatalf("CreateRepo: %v", err)

+	}

+	org, err := orgsdb.New().CreateOrg(ctx, pool, orgsdb.CreateOrgParams{

+		Slug:            "acme",

+		DisplayName:     "Acme",

+		Description:     "",

+		BillingEmail:    "ops@example.com",

+		CreatedByUserID: pgtype.Int8{Int64: user.ID, Valid: true},

+	})

+	if err != nil {

+		t.Fatalf("CreateOrg: %v", err)

+	}

+

+	return fx{

+		deps:   variables.Deps{Pool: pool},

+		repoID: repo.ID,

+		orgID:  org.ID,

+		userID: user.ID,

+	}

+}

+

+func TestSetGet_RoundTripRepoScope(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	if err := f.deps.Set(ctx, scope, "IMAGE_TAG", "2026.05", f.userID); err != nil {

+		t.Fatalf("Set: %v", err)

+	}

+	got, err := f.deps.Get(ctx, scope, "IMAGE_TAG")

+	if err != nil {

+		t.Fatalf("Get: %v", err)

+	}

+	if got.Value != "2026.05" {

+		t.Errorf("got %q want 2026.05", got.Value)

+	}

+	if got.CreatedByUserID != f.userID {

+		t.Errorf("CreatedByUserID = %d, want %d", got.CreatedByUserID, f.userID)

+	}

+}

+

+func TestSet_AllowsEmptyValue(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	if err := f.deps.Set(ctx, scope, "EMPTY", "", f.userID); err != nil {

+		t.Fatalf("Set empty value: %v", err)

+	}

+	got, err := f.deps.Get(ctx, scope, "EMPTY")

+	if err != nil {

+		t.Fatalf("Get: %v", err)

+	}

+	if got.Value != "" {

+		t.Errorf("got %q want empty string", got.Value)

+	}

+}

+

+func TestSet_OverwriteOnSameName(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	if err := f.deps.Set(ctx, scope, "TARGET_ENV", "staging", f.userID); err != nil {

+		t.Fatalf("Set staging: %v", err)

+	}

+	if err := f.deps.Set(ctx, scope, "TARGET_ENV", "production", f.userID); err != nil {

+		t.Fatalf("Set production: %v", err)

+	}

+	got, err := f.deps.Get(ctx, scope, "TARGET_ENV")

+	if err != nil {

+		t.Fatalf("Get: %v", err)

+	}

+	if got.Value != "production" {

+		t.Errorf("got %q want production", got.Value)

+	}

+}

+

+func TestSet_InvalidNameRejected(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	for _, name := range []string{"", "1leading-digit", "has space", "has-dash", "cafe!"} {

+		if err := f.deps.Set(ctx, scope, name, "v", f.userID); !errors.Is(err, variables.ErrInvalidName) {

+			t.Errorf("Set name=%q: expected ErrInvalidName, got %v", name, err)

+		}

+	}

+}

+

+func TestSet_ValueTooLongRejected(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	value := strings.Repeat("x", variables.MaxValueChars+1)

+	if err := f.deps.Set(ctx, scope, "TOO_BIG", value, f.userID); !errors.Is(err, variables.ErrValueTooLong) {

+		t.Errorf("Set long value: expected ErrValueTooLong, got %v", err)

+	}

+}

+

+func TestSet_InvalidScopeRejected(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	for _, sc := range []variables.Scope{

+		{},

+		{RepoID: 1, OrgID: 2},

+	} {

+		if err := f.deps.Set(ctx, sc, "K", "v", 0); !errors.Is(err, variables.ErrInvalidScope) {

+			t.Errorf("Set scope=%+v: expected ErrInvalidScope, got %v", sc, err)

+		}

+	}

+}

+

+func TestList_ReturnsValuesSortedAndMetadata(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	for _, item := range []struct {

+		name  string

+		value string

+	}{

+		{"BBB", "two"},

+		{"AAA", "one"},

+		{"ccc", "three"},

+	} {

+		if err := f.deps.Set(ctx, scope, item.name, item.value, f.userID); err != nil {

+			t.Fatalf("Set %s: %v", item.name, err)

+		}

+	}

+	got, err := f.deps.List(ctx, scope)

+	if err != nil {

+		t.Fatalf("List: %v", err)

+	}

+	if len(got) != 3 {

+		t.Fatalf("got %d variables, want 3", len(got))

+	}

+	wantNames := []string{"AAA", "BBB", "ccc"}

+	wantValues := []string{"one", "two", "three"}

+	for i := range wantNames {

+		if got[i].Name != wantNames[i] || got[i].Value != wantValues[i] {

+			t.Errorf("got[%d] = %s/%q, want %s/%q", i, got[i].Name, got[i].Value, wantNames[i], wantValues[i])

+		}

+		if got[i].CreatedByUserID != f.userID {

+			t.Errorf("got[%d].CreatedByUserID = %d, want %d", i, got[i].CreatedByUserID, f.userID)

+		}

+	}

+}

+

+func TestDelete_RemovesRow(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	if err := f.deps.Set(ctx, scope, "TOKEN", "v", f.userID); err != nil {

+		t.Fatalf("Set: %v", err)

+	}

+	if err := f.deps.Delete(ctx, scope, "TOKEN"); err != nil {

+		t.Fatalf("Delete: %v", err)

+	}

+	if _, err := f.deps.Get(ctx, scope, "TOKEN"); !errors.Is(err, variables.ErrNotFound) {

+		t.Errorf("Get after Delete: expected ErrNotFound, got %v", err)

+	}

+}

+

+func TestDelete_MissingIsIdempotent(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	if err := f.deps.Delete(ctx, scope, "NEVER_EXISTED"); err != nil {

+		t.Errorf("Delete missing: expected nil, got %v", err)

+	}

+}

+

+func TestGet_CitextNameIsCaseInsensitive(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	scope := variables.RepoScope(f.repoID)

+	if err := f.deps.Set(ctx, scope, "IMAGE_TAG", "v1", f.userID); err != nil {

+		t.Fatalf("Set: %v", err)

+	}

+	got, err := f.deps.Get(ctx, scope, "image_tag")

+	if err != nil {

+		t.Fatalf("Get lowercased: %v", err)

+	}

+	if got.Value != "v1" {

+		t.Errorf("got %q want v1", got.Value)

+	}

+}

+

+func TestOrgAndRepoScopesAreIsolated(t *testing.T) {

+	f := setup(t)

+	ctx := context.Background()

+	repoScope := variables.RepoScope(f.repoID)

+	orgScope := variables.OrgScope(f.orgID)

+	if err := f.deps.Set(ctx, repoScope, "IMAGE_TAG", "repo", f.userID); err != nil {

+		t.Fatalf("Set repo: %v", err)

+	}

+	if err := f.deps.Set(ctx, orgScope, "IMAGE_TAG", "org", f.userID); err != nil {

+		t.Fatalf("Set org: %v", err)

+	}

+	repoVar, err := f.deps.Get(ctx, repoScope, "IMAGE_TAG")

+	if err != nil {

+		t.Fatalf("Get repo: %v", err)

+	}

+	orgVar, err := f.deps.Get(ctx, orgScope, "IMAGE_TAG")

+	if err != nil {

+		t.Fatalf("Get org: %v", err)

+	}

+	if repoVar.Value != "repo" || orgVar.Value != "org" {

+		t.Fatalf("scope bleed: repo=%q org=%q", repoVar.Value, orgVar.Value)

+	}

+}