feat: Implement provisioning pipelines for subscription management

- Add ReactivatePipeline to handle subscription reactivation, including scaling Docker services, health verification, status updates, audit logging, and broadcasting status changes. - Introduce RotateCredentialsPipeline for OAuth2 credential rotation, managing the deletion of old apps, creation of new ones, credential storage, access verification, and audit logging. - Create StepRunner to manage job step execution, including lifecycle management and progress broadcasting via SignalR. - Implement SuspendPipeline for subscription suspension, scaling down services, updating statuses, logging audits, and broadcasting changes. - Add UpdateScreenLimitPipeline to update Xibo CMS screen limits and record snapshots. - Introduce XiboFeatureManifests for hardcoded feature ACLs per role. - Add docker-compose.dev.yml for local development with PostgreSQL setup.
2026-03-18 10:27:26 -04:00
parent c2e03de8bb
commit c6d46098dd
77 changed files with 9412 additions and 29 deletions
--- a/OTSSignsOrchestrator.Server/Health/Checks/XiboVersionHealthCheck.cs
+++ b/OTSSignsOrchestrator.Server/Health/Checks/XiboVersionHealthCheck.cs
@@ -0,0 +1,87 @@
+using OTSSignsOrchestrator.Server.Clients;
+using OTSSignsOrchestrator.Server.Data.Entities;
+using Microsoft.Extensions.Configuration;
+
+namespace OTSSignsOrchestrator.Server.Health.Checks;
+
+/// <summary>
+/// Compares the installed Xibo CMS version (from GET /about) against the latest known
+/// release configured in <c>HealthChecks:LatestXiboVersion</c>. Reports Degraded if behind.
+/// </summary>
+public sealed class XiboVersionHealthCheck : IHealthCheck
+{
+    private readonly XiboClientFactory _clientFactory;
+    private readonly IServiceProvider _services;
+    private readonly IConfiguration _configuration;
+    private readonly ILogger<XiboVersionHealthCheck> _logger;
+
+    public string CheckName => "XiboVersion";
+    public bool AutoRemediate => false;
+
+    public XiboVersionHealthCheck(
+        XiboClientFactory clientFactory,
+        IServiceProvider services,
+        IConfiguration configuration,
+        ILogger<XiboVersionHealthCheck> logger)
+    {
+        _clientFactory = clientFactory;
+        _services = services;
+        _configuration = configuration;
+        _logger = logger;
+    }
+
+    public async Task<HealthCheckResult> RunAsync(Instance instance, CancellationToken ct)
+    {
+        var latestVersion = _configuration["HealthChecks:LatestXiboVersion"];
+        if (string.IsNullOrEmpty(latestVersion))
+            return new HealthCheckResult(HealthStatus.Healthy, "LatestXiboVersion not configured — skipping");
+
+        var (client, _) = await ResolveAsync(instance);
+        if (client is null)
+            return new HealthCheckResult(HealthStatus.Critical, "No OAuth app — cannot check version");
+
+        try
+        {
+            var response = await client.GetAboutAsync();
+            if (!response.IsSuccessStatusCode || response.Content is null)
+                return new HealthCheckResult(HealthStatus.Critical, "GET /about failed");
+
+            string? installedVersion = null;
+            if (response.Content is System.Text.Json.JsonElement je &&
+                je.TryGetProperty("version", out var verProp))
+            {
+                installedVersion = verProp.GetString();
+            }
+
+            if (string.IsNullOrEmpty(installedVersion))
+                return new HealthCheckResult(HealthStatus.Degraded, "Could not determine installed version");
+
+            if (string.Equals(installedVersion, latestVersion, StringComparison.OrdinalIgnoreCase))
+                return new HealthCheckResult(HealthStatus.Healthy,
+                    $"Xibo version {installedVersion} is current");
+
+            return new HealthCheckResult(HealthStatus.Degraded,
+                $"Xibo version {installedVersion}, latest is {latestVersion}",
+                "Consider scheduling an upgrade");
+        }
+        catch (Exception ex)
+        {
+            return new HealthCheckResult(HealthStatus.Critical,
+                $"Version check failed: {ex.Message}");
+        }
+    }
+
+    private async Task<(IXiboApiClient? Client, string Abbrev)> ResolveAsync(Instance instance)
+    {
+        var abbrev = instance.Customer.Abbreviation;
+        var oauthApp = instance.OauthAppRegistries.FirstOrDefault();
+        if (oauthApp is null) return (null, abbrev);
+
+        var settings = _services.GetRequiredService<Core.Services.SettingsService>();
+        var secret = await settings.GetAsync(Core.Services.SettingsService.InstanceOAuthSecretId(abbrev));
+        if (string.IsNullOrEmpty(secret)) return (null, abbrev);
+
+        var client = await _clientFactory.CreateAsync(instance.XiboUrl, oauthApp.ClientId, secret);
+        return (client, abbrev);
+    }
+}