Initial scaffold: API service, K8s operator, and CRDs

Forgebot is a K8s operator + API service for dispatching AI agent
jobs from git forge commands. Includes:

- CRDs: AgentPool, AgentTask, ProviderQueue, RepositoryBinding
- API server with webhook handler, task queue, and comment proxy
- Operator controllers for task scheduling and job management
- Gitea provider with webhook parsing and signature verification
- PostgreSQL database with auto-migration
- Woodpecker CI pipelines and multi-stage Dockerfiles
This commit is contained in:
2026-06-08 22:49:18 +10:00
parent fd1a4956ed
commit 49d514c050
46 changed files with 3139 additions and 0 deletions
+51
View File
@@ -0,0 +1,51 @@
package apiserver
import (
"fmt"
"os"
"strconv"
)
type Config struct {
ListenAddr string
DBHost string
DBPort int
DBUser string
DBPass string
DBName string
DBSSL string
WebhookSecret string
GiteaURL string
GiteaToken string
}
func (c *Config) DatabaseDSN() string {
return fmt.Sprintf("postgres://%s:%s@%s:%d/%s?sslmode=%s",
c.DBUser, c.DBPass, c.DBHost, c.DBPort, c.DBName, c.DBSSL)
}
func LoadConfig() (*Config, error) {
dbPort, err := strconv.Atoi(getenv("DBPORT", "5432"))
if err != nil {
return nil, fmt.Errorf("invalid DBPORT: %w", err)
}
return &Config{
ListenAddr: getenv("LISTEN_ADDR", ":8000"),
DBHost: getenv("DBHOST", "localhost"),
DBPort: dbPort,
DBUser: getenv("DBUSER", "forgebot"),
DBPass: getenv("DBPASS", ""),
DBName: getenv("DBNAME", "forgebot"),
DBSSL: getenv("DBSSL", "disable"),
WebhookSecret: getenv("WEBHOOK_SECRET", ""),
GiteaURL: getenv("GITEA_URL", "https://git.unkin.net"),
GiteaToken: getenv("GITEA_TOKEN", ""),
}, nil
}
func getenv(key, fallback string) string {
if v := os.Getenv(key); v != "" {
return v
}
return fallback
}
+30
View File
@@ -0,0 +1,30 @@
package handlers
import (
"encoding/json"
"net/http"
"git.unkin.net/unkin/forgebot/internal/database"
)
type HealthHandler struct {
db *database.DB
}
func NewHealthHandler(db *database.DB) *HealthHandler {
return &HealthHandler{db: db}
}
func (h *HealthHandler) Health(w http.ResponseWriter, r *http.Request) {
status := "ok"
code := http.StatusOK
if !h.db.Healthy(r.Context()) {
status = "degraded"
code = http.StatusServiceUnavailable
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(code)
json.NewEncoder(w).Encode(map[string]string{"status": status})
}
+136
View File
@@ -0,0 +1,136 @@
package handlers
import (
"encoding/json"
"log/slog"
"net/http"
"strings"
"github.com/go-chi/chi/v5"
"git.unkin.net/unkin/forgebot/internal/database"
"git.unkin.net/unkin/forgebot/internal/provider/gitea"
"git.unkin.net/unkin/forgebot/pkg/models"
)
type TasksHandler struct {
db *database.DB
provider *gitea.Client
}
func NewTasksHandler(db *database.DB, provider *gitea.Client) *TasksHandler {
return &TasksHandler{db: db, provider: provider}
}
func (h *TasksHandler) List(w http.ResponseWriter, r *http.Request) {
status := r.URL.Query().Get("status")
repository := r.URL.Query().Get("repository")
tasks, err := h.db.ListTasks(r.Context(), status, repository)
if err != nil {
slog.Error("failed to list tasks", "error", err)
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
if tasks == nil {
tasks = []models.Task{}
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(tasks)
}
func (h *TasksHandler) Create(w http.ResponseWriter, r *http.Request) {
var req models.CreateTaskRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, "invalid request body", http.StatusBadRequest)
return
}
if req.Command == "" || req.Repository == "" {
http.Error(w, "command and repository are required", http.StatusBadRequest)
return
}
if !models.ValidCommands[req.Command] {
http.Error(w, "invalid command", http.StatusBadRequest)
return
}
task, err := h.db.CreateTask(r.Context(), req)
if err != nil {
slog.Error("failed to create task", "error", err)
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusCreated)
json.NewEncoder(w).Encode(task)
}
func (h *TasksHandler) Get(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
task, err := h.db.GetTask(r.Context(), id)
if err != nil {
http.Error(w, "task not found", http.StatusNotFound)
return
}
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(task)
}
func (h *TasksHandler) UpdateStatus(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
var req models.UpdateTaskRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, "invalid request body", http.StatusBadRequest)
return
}
if err := h.db.UpdateTaskStatus(r.Context(), id, req); err != nil {
slog.Error("failed to update task", "error", err, "id", id)
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusNoContent)
}
func (h *TasksHandler) PostComment(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
var req models.CommentRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, "invalid request body", http.StatusBadRequest)
return
}
task, err := h.db.GetTask(r.Context(), id)
if err != nil {
http.Error(w, "task not found", http.StatusNotFound)
return
}
parts := strings.SplitN(task.Repository, "/", 2)
if len(parts) != 2 {
http.Error(w, "invalid repository format", http.StatusInternalServerError)
return
}
issueNum := task.IssueNumber
if task.PRNumber > 0 {
issueNum = task.PRNumber
}
if err := h.provider.PostComment(parts[0], parts[1], issueNum, req.Body); err != nil {
slog.Error("failed to post comment", "error", err, "task", id)
http.Error(w, "failed to post comment", http.StatusBadGateway)
return
}
w.WriteHeader(http.StatusNoContent)
}
+91
View File
@@ -0,0 +1,91 @@
package handlers
import (
"io"
"log/slog"
"net/http"
"strings"
"git.unkin.net/unkin/forgebot/internal/database"
"git.unkin.net/unkin/forgebot/internal/provider/gitea"
"git.unkin.net/unkin/forgebot/pkg/models"
)
type WebhookHandler struct {
db *database.DB
provider *gitea.Client
webhookSecret string
}
func NewWebhookHandler(db *database.DB, provider *gitea.Client, secret string) *WebhookHandler {
return &WebhookHandler{
db: db,
provider: provider,
webhookSecret: secret,
}
}
func (h *WebhookHandler) HandleGitea(w http.ResponseWriter, r *http.Request) {
body, err := io.ReadAll(r.Body)
if err != nil {
http.Error(w, "failed to read body", http.StatusBadRequest)
return
}
signature := r.Header.Get("X-Gitea-Signature")
if !gitea.VerifySignature(body, h.webhookSecret, signature) {
http.Error(w, "invalid signature", http.StatusUnauthorized)
return
}
event, err := h.provider.ParseWebhook(body, h.webhookSecret)
if err != nil {
slog.Error("failed to parse webhook", "error", err)
http.Error(w, "failed to parse webhook", http.StatusBadRequest)
return
}
if event == nil {
w.WriteHeader(http.StatusOK)
return
}
commands := models.ParseCommands(event.Body)
if len(commands) == 0 {
w.WriteHeader(http.StatusOK)
return
}
parts := strings.SplitN(event.Repository, "/", 2)
if len(parts) != 2 {
http.Error(w, "invalid repository format", http.StatusBadRequest)
return
}
for _, cmd := range commands {
task, err := h.db.CreateTask(r.Context(), models.CreateTaskRequest{
Command: cmd.Name,
Repository: event.Repository,
Ref: event.Ref,
IssueNumber: event.IssueNum,
PRNumber: event.PRNum,
CommentID: event.CommentID,
Body: cmd.Args,
Author: event.Author,
})
if err != nil {
slog.Error("failed to create task", "error", err, "command", cmd.Name)
continue
}
slog.Info("task created from webhook",
"id", task.ID,
"command", cmd.Name,
"repository", event.Repository,
"author", event.Author,
)
h.provider.AddReaction(parts[0], parts[1], event.CommentID, "eyes")
}
w.WriteHeader(http.StatusAccepted)
}
+90
View File
@@ -0,0 +1,90 @@
package apiserver
import (
"context"
"errors"
"log/slog"
"net/http"
"time"
"github.com/go-chi/chi/v5"
"github.com/go-chi/chi/v5/middleware"
"git.unkin.net/unkin/forgebot/internal/apiserver/handlers"
"git.unkin.net/unkin/forgebot/internal/database"
"git.unkin.net/unkin/forgebot/internal/provider/gitea"
)
type Server struct {
cfg *Config
router chi.Router
db *database.DB
provider *gitea.Client
}
func New(cfg *Config) (*Server, error) {
db, err := database.New(cfg.DatabaseDSN())
if err != nil {
return nil, err
}
provider := gitea.NewClient(cfg.GiteaURL, cfg.GiteaToken)
s := &Server{
cfg: cfg,
db: db,
provider: provider,
}
s.router = s.routes()
return s, nil
}
func (s *Server) routes() chi.Router {
r := chi.NewRouter()
r.Use(middleware.RequestID)
r.Use(middleware.RealIP)
r.Use(middleware.Recoverer)
r.Use(middleware.Timeout(60 * time.Second))
healthH := handlers.NewHealthHandler(s.db)
webhookH := handlers.NewWebhookHandler(s.db, s.provider, s.cfg.WebhookSecret)
tasksH := handlers.NewTasksHandler(s.db, s.provider)
r.Get("/health", healthH.Health)
r.Route("/api/v1", func(r chi.Router) {
r.Post("/webhook/gitea", webhookH.HandleGitea)
r.Get("/tasks", tasksH.List)
r.Post("/tasks", tasksH.Create)
r.Get("/tasks/{id}", tasksH.Get)
r.Patch("/tasks/{id}", tasksH.UpdateStatus)
r.Post("/tasks/{id}/comment", tasksH.PostComment)
})
return r
}
func (s *Server) Run(ctx context.Context) error {
httpServer := &http.Server{
Addr: s.cfg.ListenAddr,
Handler: s.router,
ReadTimeout: 30 * time.Second,
WriteTimeout: 300 * time.Second,
IdleTimeout: 120 * time.Second,
}
go func() {
<-ctx.Done()
slog.Info("shutting down server")
shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
_ = httpServer.Shutdown(shutdownCtx)
}()
slog.Info("starting server", "addr", s.cfg.ListenAddr)
if err := httpServer.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
return err
}
return nil
}