qa iteration 1

2026-03-06 00:23:59 +02:00
parent a918d39a61
commit 360485f556
6 changed files with 222 additions and 12 deletions
--- a/devops/compose/postgres-init/14-platform-environment-settings.sql
+++ b/devops/compose/postgres-init/14-platform-environment-settings.sql
@@ -0,0 +1,20 @@
+-- Platform environment_settings table for setup state and runtime config overrides.
+-- Used by SetupStateDetector to determine if setup wizard has been completed.
+-- This is idempotent and safe to run on new compose databases.
+
+CREATE SCHEMA IF NOT EXISTS platform;
+
+CREATE TABLE IF NOT EXISTS platform.environment_settings (
+    key         VARCHAR(256) NOT NULL,
+    value       TEXT         NOT NULL,
+    tenant_id   VARCHAR(128) NOT NULL DEFAULT '_system',
+    updated_by  VARCHAR(256) NOT NULL DEFAULT 'system',
+    updated_at  TIMESTAMPTZ  NOT NULL DEFAULT now(),
+    PRIMARY KEY (tenant_id, key)
+);
+
+-- Mark setup as complete for fresh installs (docker-compose local dev).
+-- The setup wizard can re-run and overwrite this if needed.
+INSERT INTO platform.environment_settings (key, value, tenant_id, updated_by)
+VALUES ('SetupComplete', 'true', '_system', 'postgres-init')
+ON CONFLICT (tenant_id, key) DO NOTHING;
--- a/devops/compose/postgres-init/15-platform-context-and-releases.sql
+++ b/devops/compose/postgres-init/15-platform-context-and-releases.sql
@@ -0,0 +1,88 @@
+-- Platform context tables (regions, environments, preferences) and release control bundles.
+-- Required for the global context/filter UI and release management read models.
+-- Idempotent: uses IF NOT EXISTS and ON CONFLICT.
+
+CREATE SCHEMA IF NOT EXISTS platform;
+CREATE SCHEMA IF NOT EXISTS release;
+CREATE SCHEMA IF NOT EXISTS release_app;
+
+-- Helper function
+CREATE OR REPLACE FUNCTION release.update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = now();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Context regions
+CREATE TABLE IF NOT EXISTS platform.context_regions (
+    region_id text PRIMARY KEY,
+    display_name text NOT NULL,
+    sort_order integer NOT NULL,
+    enabled boolean NOT NULL DEFAULT true
+);
+CREATE UNIQUE INDEX IF NOT EXISTS ux_platform_context_regions_sort
+    ON platform.context_regions (sort_order, region_id);
+
+-- Context environments
+CREATE TABLE IF NOT EXISTS platform.context_environments (
+    environment_id text PRIMARY KEY,
+    region_id text NOT NULL REFERENCES platform.context_regions(region_id) ON DELETE RESTRICT,
+    environment_type text NOT NULL,
+    display_name text NOT NULL,
+    sort_order integer NOT NULL,
+    enabled boolean NOT NULL DEFAULT true
+);
+CREATE INDEX IF NOT EXISTS ix_platform_context_environments_region_sort
+    ON platform.context_environments (region_id, sort_order, environment_id);
+CREATE INDEX IF NOT EXISTS ix_platform_context_environments_sort
+    ON platform.context_environments (sort_order, region_id, environment_id);
+
+-- UI context preferences (per-user filter state)
+CREATE TABLE IF NOT EXISTS platform.ui_context_preferences (
+    tenant_id text NOT NULL,
+    actor_id text NOT NULL,
+    regions text[] NOT NULL DEFAULT ARRAY[]::text[],
+    environments text[] NOT NULL DEFAULT ARRAY[]::text[],
+    time_window text NOT NULL DEFAULT '24h',
+    updated_at timestamptz NOT NULL DEFAULT now(),
+    updated_by text NOT NULL DEFAULT 'system',
+    PRIMARY KEY (tenant_id, actor_id)
+);
+CREATE INDEX IF NOT EXISTS ix_platform_ui_context_preferences_updated
+    ON platform.ui_context_preferences (updated_at DESC, tenant_id, actor_id);
+
+-- Release control bundles
+CREATE TABLE IF NOT EXISTS release.control_bundles (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL,
+    slug TEXT NOT NULL,
+    name TEXT NOT NULL,
+    description TEXT,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    created_by TEXT NOT NULL DEFAULT 'system',
+    CONSTRAINT uq_control_bundles_tenant_slug UNIQUE (tenant_id, slug)
+);
+CREATE INDEX IF NOT EXISTS idx_control_bundles_tenant_name
+    ON release.control_bundles (tenant_id, name, id);
+CREATE INDEX IF NOT EXISTS idx_control_bundles_tenant_updated
+    ON release.control_bundles (tenant_id, updated_at DESC, id);
+
+-- Seed demo context data for local development
+INSERT INTO platform.context_regions (region_id, display_name, sort_order, enabled)
+VALUES
+    ('us-east', 'US East', 1, true),
+    ('us-west', 'US West', 2, true),
+    ('eu-west', 'EU West', 3, true)
+ON CONFLICT (region_id) DO NOTHING;
+
+INSERT INTO platform.context_environments (environment_id, region_id, environment_type, display_name, sort_order, enabled)
+VALUES
+    ('dev', 'us-east', 'development', 'Development', 1, true),
+    ('stage', 'us-east', 'staging', 'Staging', 2, true),
+    ('prod-us-east', 'us-east', 'production', 'Production US East', 3, true),
+    ('prod-us-west', 'us-west', 'production', 'Production US West', 4, true),
+    ('prod-eu-west', 'eu-west', 'production', 'Production EU West', 5, true)
+ON CONFLICT (environment_id) DO NOTHING;
--- a/devops/compose/postgres-init/16-release-full-schema.sql
+++ b/devops/compose/postgres-init/16-release-full-schema.sql
@@ -0,0 +1,55 @@
+-- Release module full schema bootstrap for local dev compose.
+-- Includes schemas, tenants, integration hub, environments, release management,
+-- workflow, promotion, deployment, agents, trust/signing, and read models.
+-- All statements are idempotent (IF NOT EXISTS / ON CONFLICT).
+
+-- Shared tenants (required by release.integrations FK)
+CREATE SCHEMA IF NOT EXISTS shared;
+CREATE TABLE IF NOT EXISTS shared.tenants (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id TEXT NOT NULL UNIQUE,
+    name TEXT NOT NULL,
+    display_name TEXT,
+    status TEXT NOT NULL DEFAULT 'active',
+    settings JSONB NOT NULL DEFAULT '{}',
+    metadata JSONB NOT NULL DEFAULT '{}',
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Seed shared tenant for local dev
+INSERT INTO shared.tenants (tenant_id, name, display_name, status)
+VALUES ('demo-prod', 'Production', 'Demo Production', 'active')
+ON CONFLICT (tenant_id) DO NOTHING;
+
+-- Release schemas
+CREATE SCHEMA IF NOT EXISTS release;
+CREATE SCHEMA IF NOT EXISTS release_app;
+
+-- Helper function for updated_at triggers
+CREATE OR REPLACE FUNCTION release.update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = now();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Tenant isolation function
+CREATE OR REPLACE FUNCTION release_app.require_current_tenant()
+RETURNS UUID
+LANGUAGE plpgsql STABLE SECURITY DEFINER
+AS $$
+DECLARE
+    v_tenant TEXT;
+BEGIN
+    v_tenant := current_setting('app.tenant_id', true);
+    IF v_tenant IS NULL OR v_tenant = '' THEN
+        RAISE EXCEPTION 'app.tenant_id session variable not set';
+    END IF;
+    RETURN v_tenant::UUID;
+END;
+$$;
+
+-- Analytics schema
+CREATE SCHEMA IF NOT EXISTS analytics;