From 7ef35fa8ee01bdf3d5080b1c09c6ffbb6f7cd246 Mon Sep 17 00:00:00 2001 From: jeffusion Date: Thu, 5 Mar 2026 11:35:58 +0800 Subject: [PATCH] chore(deploy): remove obsolete env vars from deployment configs - docker-compose.e2e.yml: remove WEBHOOK_SECRET, REVIEW_* env vars (now configured via assistant API in seed.sh) - e2e/seed.sh: add step to configure assistant via Admin API after boot (login with default password, set webhook secret + review settings) - k8s/gitea-assistant.yaml: Secret now only contains GITEA_ACCESS_TOKEN; ConfigMap reduced to GITEA_API_URL, PORT, QDRANT_URL - cursor rules updated to document DB-first config architecture --- .../rules/03-tech-stack-and-dependencies.mdc | 12 ++++-- .../rules/05-deployment-and-configuration.mdc | 38 ++++++++-------- docker-compose.e2e.yml | 16 +++---- e2e/seed.sh | 43 +++++++++++++++++-- k8s/gitea-assistant.yaml | 20 +++------ 5 files changed, 81 insertions(+), 48 deletions(-) diff --git a/.cursor/rules/03-tech-stack-and-dependencies.mdc b/.cursor/rules/03-tech-stack-and-dependencies.mdc index fc4e760..86536ab 100644 --- a/.cursor/rules/03-tech-stack-and-dependencies.mdc +++ b/.cursor/rules/03-tech-stack-and-dependencies.mdc @@ -38,8 +38,12 @@ From [package.json](mdc:package.json): ## Environment Configuration -The application uses a hybrid configuration approach: +The application uses a **DB-first** configuration approach (Portainer model): -- **Environment variables** ([src/config/index.ts](mdc:src/config/index.ts)): Gitea settings, server config, webhook security, review engine params -- **Web UI + SQLite DB** ([src/db/](mdc:src/db)): LLM provider settings (API keys, models, endpoints) — managed via Admin Dashboard -- **bun:sqlite**: Embedded database for LLM configuration persistence +- **Environment variables** (minimal, infrastructure-level only): + - `PORT`: Server port + - `DATABASE_PATH`: SQLite file path (optional, default: `./data/assistant.db`) + - `MASTER_KEY_PATH`: Encryption key path (optional, default: `./data/master.key`) +- **Web UI + SQLite DB** ([src/db/](mdc:src/db)): All runtime config — Gitea, Feishu, webhook secret, admin password, review engine, memory settings — managed via Admin Dashboard +- **First-boot seed**: `configManager.seedDefaults()` auto-generates secrets and seeds defaults on first run +- **bun:sqlite**: Embedded database for all configuration persistence (encrypted for sensitive values) diff --git a/.cursor/rules/05-deployment-and-configuration.mdc b/.cursor/rules/05-deployment-and-configuration.mdc index b185706..5f7f952 100644 --- a/.cursor/rules/05-deployment-and-configuration.mdc +++ b/.cursor/rules/05-deployment-and-configuration.mdc @@ -5,27 +5,29 @@ alwaysApply: false --- # Deployment and Configuration -## Environment Variables +## Environment Variables (Minimal) -The application is configured through environment variables, defined in [src/config/index.ts](mdc:src/config/index.ts): +Only three infrastructure-level settings are read from environment variables. Everything else is managed through the Admin Dashboard Web UI: -- **Gitea Configuration**: - - `GITEA_API_URL`: Gitea API endpoint URL - - `GITEA_ACCESS_TOKEN`: Access token for Gitea API +- `PORT`: Server port (default: `5174`) +- `DATABASE_PATH`: SQLite database file path (optional, default: `./data/assistant.db`) +- `MASTER_KEY_PATH`: Encryption master key file path (optional, default: `./data/master.key`) -- **LLM Provider Configuration**: - - Configured exclusively through the Admin Dashboard Web UI - - Supports OpenAI Compatible, OpenAI Responses API, Anthropic, Google Gemini - - API keys stored encrypted (AES-256-GCM) in SQLite database +## First-Boot Seeding -- **Server Configuration**: - - `PORT`: Server port (default: 3000) - - `WEBHOOK_SECRET`: Secret for webhook verification +On first startup with an empty `system_settings` table, `configManager.seedDefaults()` automatically: +- Generates `JWT_SECRET` and `WEBHOOK_SECRET` (64-char hex via `crypto.randomBytes(32)`) +- Seeds all config fields with their default values +- Sets `ADMIN_PASSWORD` to `password` (must be changed via Web UI) -- **Custom Prompts**: - - `CUSTOM_SUMMARY_PROMPT`: Custom prompt for summary reviews - - `CUSTOM_LINE_COMMENT_PROMPT`: Custom prompt for line comments +## Web UI Configuration +All runtime settings are managed through the Admin Dashboard at `http://your-server:PORT`: +- Gitea connection (API URL, access token, admin token) +- Security settings (webhook secret, admin password, JWT secret) +- Review engine settings (engine mode, parallelism, file limits, confidence) +- Feishu integration (webhook URL and secret) +- Memory/learning features (Qdrant URL, enable flags) ## Deployment Options ### Local Development @@ -48,7 +50,7 @@ The [Dockerfile](mdc:Dockerfile) provides containerization support: docker build -t gitea-assistant:latest . # Run the container -docker run -p 3000:3000 --env-file .env gitea-assistant:latest +docker run -p 3000:3000 -v ./data:/app/data -e PORT=3000 gitea-assistant:latest ``` ### Kubernetes Deployment @@ -58,12 +60,12 @@ The [kubernetes.yaml](mdc:k8s/gitea-assistant.yaml) file provides Kubernetes dep Deployment can be managed using: ```bash # Apply configuration -kubectl apply -f kubernetes.yaml +kubectl apply -k k8s/ ``` ### Webhook Setup Configure Gitea webhooks to point to the `/webhook/gitea` endpoint with: - Content type: application/json -- Secret: matching WEBHOOK_SECRET environment variable +- Secret: matching the Webhook Secret configured in the Admin Dashboard - Events: Pull Request and Status events diff --git a/docker-compose.e2e.yml b/docker-compose.e2e.yml index b33b398..ec7f41b 100644 --- a/docker-compose.e2e.yml +++ b/docker-compose.e2e.yml @@ -46,15 +46,15 @@ services: - NODE_ENV=production - GITEA_API_URL=http://gitea:3000/api/v1 - GITEA_ACCESS_TOKEN=${E2E_GITEA_TOKEN:-placeholder} - - FEISHU_WEBHOOK_URL=http://localhost:9999/noop - PORT=3000 - - WEBHOOK_SECRET=e2e-test-secret - - REVIEW_ENGINE=agent - - REVIEW_WORKDIR=/tmp/e2e-review - - REVIEW_AUTO_PUBLISH_MIN_CONFIDENCE=0.5 - - REVIEW_ENABLE_HUMAN_GATE=false - - REVIEW_ALLOWED_COMMANDS=git,rg,cat,sed,wc - - REVIEW_COMMAND_TIMEOUT_MS=30000 + ports: + - "3334:3000" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/"] + interval: 5s + timeout: 3s + retries: 10 + start_period: 5s ports: - "3334:3000" healthcheck: diff --git a/e2e/seed.sh b/e2e/seed.sh index 22bcd26..ae7c377 100755 --- a/e2e/seed.sh +++ b/e2e/seed.sh @@ -115,7 +115,45 @@ git commit -m "feat: add user handler" git push origin feature/add-user-handler 2>/dev/null popd > /dev/null -echo "=== [5/6] 配置 Webhook ===" +echo "=== [5/7] 配置 Assistant 设置 ===" +ADMIN_DEFAULT_PASS="password" + +# Wait for assistant to be healthy +for i in $(seq 1 20); do + if curl -sf "${ASSISTANT_URL}/" > /dev/null 2>&1; then + echo " Assistant 已就绪" + break + fi + echo " 等待 Assistant... ($i/20)" + sleep 3 +done + +# Login to get JWT +LOGIN_RESP=$(curl -sf -X POST "${ASSISTANT_URL}/admin/login" \ + -H "Content-Type: application/json" \ + -d "{\"password\": \"${ADMIN_DEFAULT_PASS}\"}" 2>/dev/null || true) +ADMIN_JWT=$(echo "${LOGIN_RESP}" | python3 -c "import sys,json; print(json.load(sys.stdin).get('token',''))" 2>/dev/null || true) + +if [ -z "${ADMIN_JWT}" ]; then + echo " WARNING: 无法获取管理员 JWT,跳过 assistant 配置" +else + echo " JWT 获取成功,配置 assistant 设置..." + curl -sf -X PUT "${ASSISTANT_URL}/admin/config" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${ADMIN_JWT}" \ + -d "{ + \"WEBHOOK_SECRET\": \"${WEBHOOK_SECRET}\", + \"GITEA_API_URL\": \"http://gitea:3000/api/v1\", + \"REVIEW_ENGINE\": \"agent\", + \"REVIEW_WORKDIR\": \"/tmp/e2e-review\", + \"REVIEW_AUTO_PUBLISH_MIN_CONFIDENCE\": \"0.5\", + \"REVIEW_ENABLE_HUMAN_GATE\": \"false\", + \"REVIEW_ALLOWED_COMMANDS\": \"git,rg,cat,sed,wc\", + \"REVIEW_COMMAND_TIMEOUT_MS\": \"30000\" + }" > /dev/null 2>&1 && echo " Assistant 配置完成" || echo " WARNING: assistant 配置失败" +fi + +echo "=== [6/7] 配置 Webhook ===" curl -sf -X POST "${GITEA_URL}/api/v1/repos/${ADMIN_USER}/${REPO_NAME}/hooks" \ -H "Authorization: token ${GITEA_TOKEN}" \ -H "Content-Type: application/json" \ @@ -129,8 +167,7 @@ curl -sf -X POST "${GITEA_URL}/api/v1/repos/${ADMIN_USER}/${REPO_NAME}/hooks" \ \"secret\": \"${WEBHOOK_SECRET}\" } }" > /dev/null 2>&1 || echo " Webhook 配置失败(可能已存在)" - -echo "=== [6/6] 创建 Pull Request ===" +echo "=== [7/7] 创建 Pull Request ===" PR_RESPONSE=$(curl -sf -X POST "${GITEA_URL}/api/v1/repos/${ADMIN_USER}/${REPO_NAME}/pulls" \ -H "Authorization: token ${GITEA_TOKEN}" \ -H "Content-Type: application/json" \ diff --git a/k8s/gitea-assistant.yaml b/k8s/gitea-assistant.yaml index cf7f879..1f84863 100644 --- a/k8s/gitea-assistant.yaml +++ b/k8s/gitea-assistant.yaml @@ -12,13 +12,8 @@ metadata: app.kubernetes.io/part-of: gitea-assistant type: Opaque data: - # REQUIRED: replace with your own base64-encoded values + # REQUIRED: replace with your own base64-encoded Gitea access token GITEA_ACCESS_TOKEN: eW91cl9naXRlYV90b2tlbg== - WEBHOOK_SECRET: eW91cl93ZWJob29rX3NlY3JldA== - ADMIN_PASSWORD: cGFzc3dvcmQ= - # Optional - # FEISHU_WEBHOOK_URL: "" - # FEISHU_WEBHOOK_SECRET: "" --- apiVersion: v1 @@ -30,18 +25,13 @@ metadata: app.kubernetes.io/name: gitea-assistant app.kubernetes.io/part-of: gitea-assistant data: + # Required: set to your Gitea instance API endpoint GITEA_API_URL: "http://localhost:3000/api/v1" PORT: "3000" + # Optional: Qdrant vector DB for memory features (configure memory settings via Web UI) QDRANT_URL: "http://qdrant.gitea-assistant.svc.cluster.local:6333" - REVIEW_ENGINE: "legacy" - REVIEW_WORKDIR: "/tmp/gitea-assistant" - REVIEW_MAX_PARALLEL_RUNS: "2" - REVIEW_MAX_FILES_PER_RUN: "200" - REVIEW_AUTO_PUBLISH_MIN_CONFIDENCE: "0.8" - REVIEW_ENABLE_HUMAN_GATE: "true" - ENABLE_MEMORY: "false" - ENABLE_REFLECTION: "false" - ENABLE_DEBATE: "false" + # All other settings (review engine, Feishu, admin password, etc.) are managed + # through the Admin Dashboard Web UI. They are auto-seeded on first boot. --- apiVersion: apps/v1