refactor: config restructure, ProviderRegistry, hot-reload completion, #127#147
Merged
Conversation
coopernetes
force-pushed
the
config-restructure-and-hot-reload
branch
3 times, most recently
from
634c4e5 to
abb3513
Compare
Restructures the YAML configuration layout, adds hot-reload support for all config sections, and enables externalized config from git or file sources with optional auth. Also fixes several bugs uncovered during e2e testing of the new hot-reload path. Config restructure: - Lift diff-scan and secret-scanning to top-level config sections - Consolidate to ProviderRegistry; resolve provider names in config - Rename secret-scanning → secret-scan for consistency with diff-scan - Validate provider cross-references at startup and before hot-reload - Update config files to use friendly provider names Hot-reload: - Complete hot-reload support across all per-section config sources - Fresh clone on each git config reload to handle force-push Externalized config: - Add loadWithOverride integration tests and document externalized config pattern - Add git auth for reload source via GITPROXY_RELOAD_GIT_AUTH_* env vars - Note Gestalt list-replace caveat in multi-profile section docs UI fixes: - PushDetail: match providers by id (not name) so attestation questions resolve - Repos page: show hostname only (e.g. github.com) via provider.id lookup Bug fixes: - EnrichPushCommitsFilter.constructRemoteUrl: use full provider URI (scheme + host + port) instead of hardcoding https:// — fixes clone failures against non-GitHub providers in e2e tests - LocalRepositoryCache: always call refreshIfStale on cache hits, not only when credentials are supplied - CheckHiddenCommitsFilter: mark commitFrom as uninteresting boundary in RevWalk so stale local clone refs don't cause false positives E2e test isolation: - Each test in ProxyModeE2ETest and ConfigHotReloadE2ETest now creates its own Gitea repo in @beforeeach, eliminating all shared state and ordering dependencies between tests - ConfigHotReloadE2ETest also gets a fresh HotReloadJettyFixture per test so config state never leaks between methods - Remove @Order/@TestMethodOrder from both classes
coopernetes
force-pushed
the
config-restructure-and-hot-reload
branch
from
626465e to
31e1653
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
diff-scan:andsecret-scan:out ofcommit:to top-level stanzas — they operate on the aggregate push, not individual commits, so nesting them undercommit:was semantically wrongcommit,diff-scan,secret-scan,rules,permissions,attestations); admin panel gains a section dropdown;LiveConfigLoadervalidates provider references before applying any reload so a bad override file can't partially mutate live configproviders.<name>.attestation-questionsto a top-levelattestations:list. Matches upstream finos/git-proxy'sattestationConfig.questionsshape (feature parity). Per-provider variants were an inadvertent scope expansion — they can come back as a future enhancement if users ask. Also fixes a latent bug where attestation changes in an externalized config were silently ignored because controllers read from the startupGitProxyConfigbean rather thanConfigHolder; reads now go through the live holder and reload cleanlyProviderConfigurationSource+ProviderRepositoryinto a singleProviderRegistryinterface; friendly provider names (github,gitlab) now accepted everywhere config references a provider —permissions:,rules:,users.scm-identities:— with backwards compat for the oldtype/hostformJettyConfigurationBuilder.validateProviderReferences()called before any DB or port setup; unknown provider references crash early with a clear message listing configured providers/app/conf/classpath prepend pattern,GITPROXY_CONFIG_PROFILES, multi-profile layering, and the Gestalt list-replace caveatGITPROXY_RELOAD_GIT_AUTH_USERNAME/GITPROXY_RELOAD_GIT_AUTH_PASSWORD— no config fields, just set the env vars for private repos. Clone is now shallow (depth=1) and uses a fresh temp dir per reload — no pull-on-force-push failures, no stale local statesecret-scanrename: aligns YAML key withdiff-scanand internal class names (SecretScanConfig)Breaking config changes
All changes are backwards-compatible for the
type/hostprovider ID form. The only hard breaks:commit.diffdiff-scan:(top-level)commit.secret-scanningsecret-scan:(top-level)providers.<name>.attestation-questionsattestations:(top-level, global)Existing
git-proxy-local.ymland docker configs in this repo are updated.Test plan
./gradlew buildpasses (unit tests + jacoco threshold)GitProxyConfigLoaderTest—loadWithOverridecases verify all renamed keys parse correctly, including top-levelattestations:partial overridesJettyConfigurationBuilderTest— provider name resolution,validateProviderReferencesConfigHotReloadE2ETest(Gitea,@Tag("e2e")) — one test per reloadable section