preflight

package

v0.2.26 Latest Latest Go to latest Published: Apr 18, 2026 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pacnpal/gitea2forgejo

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package preflight runs read-only checks before a migration: versions, SSH reachability, DB connectivity, disk space, and the SECRET_KEY warning.

Output is a go/no-go `preflight-report.md` written into work_dir, plus a non-zero exit if any hard-fail check fails.

Index ¶

func OfferRemediations(cfg *config.Config, r *Result, configPath string, srcSSH *remote.Client) bool
func OfferRemediationsFromResult(cfg *config.Config, r *Result, configPath string, log interface{ ... }) bool
type Check
type Result
- func Run(cfg *config.Config, log *slog.Logger) *Result
- func (r *Result) WriteReport(workDir string) (string, error)
type SecretKeyImpact
- func (i *SecretKeyImpact) Lossless() bool
- func (i *SecretKeyImpact) Summary() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func OfferRemediations ¶

func OfferRemediations(cfg *config.Config, r *Result, configPath string, srcSSH *remote.Client) bool

OfferRemediations walks the preflight Result looking for WARN/FAIL findings that have a well-defined auto-fix. If stdin is a TTY, it prompts the operator with the real impact data and applies the chosen fix to configPath, returning true if any fix was applied.

No-op on non-TTY stdin so CI / scripted runs aren't blocked.

func OfferRemediationsFromResult ¶

func OfferRemediationsFromResult(cfg *config.Config, r *Result, configPath string, log interface{ Warn(string, ...any) }) bool

OfferRemediationsFromResult is the entrypoint callers should use from a cobra command — it re-opens the source SSH connection if needed (the one used during checks has been closed by the time we get here).

Types ¶

type Check ¶

type Check struct {
	Name   string
	Status string // PASS | WARN | FAIL
	Detail string
}

type Result ¶

type Result struct {
	Checks    []Check
	SourceVer string
	TargetVer string
	HardFails int
	Warns     int
}

func Run ¶

func Run(cfg *config.Config, log *slog.Logger) *Result

Run performs all checks and returns the result. It does not write files; that's the caller's job (typically the cobra command).

func (*Result) WriteReport ¶

func (r *Result) WriteReport(workDir string) (string, error)

WriteReport writes a markdown go/no-go report to workDir/preflight-report.md.

type SecretKeyImpact ¶

type SecretKeyImpact struct {
	TOTP           int // two_factor rows — TOTP codes
	OAuth2Active   int // user-owned app with a non-empty client_secret (will not decrypt)
	OAuth2DeadUser int // user-owned app with empty client_secret (already broken on source)
	OAuth2BuiltIn  int // uid=0 system apps (tea/GCM/git-credential-oauth; PKCE, safe)
	PushMirrors    int // push_mirror rows with stored credentials
	ActionsSecrets int // org/repo Actions secrets (value encrypted with SECRET_KEY)
	LDAPSources    int // login_source rows whose cfg blob includes a bind password
	Webauthn       int // webauthn_credential rows (always SAFE; counted for context)
}

SecretKeyImpact counts the DB rows that actually depend on SECRET_KEY. Built from real source data at preflight time, so the operator sees "0 TOTP users, 3 DEAD OAuth2 apps" instead of vague "secrets will be lost" warnings.

func (*SecretKeyImpact) Lossless ¶

func (i *SecretKeyImpact) Lossless() bool

Lossless returns true if migrating without SECRET_KEY actually loses nothing.

func (*SecretKeyImpact) Summary ¶

func (i *SecretKeyImpact) Summary() string

Summary returns a human-friendly one-line summary.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL