Eric / documentation

documentation
diagrams
flux-requetes.mmd
flux-requetes.mmd 68 lignes · 2672 octets
%%{init: {"theme": "default"}}%%
sequenceDiagram
    %% -------------------------------------------------------------------------
    %% Flux : Push SSH authentifié
    %% Source : gitrust/docs/SEQUENCES.md §3 (Push SSH)
    %% -------------------------------------------------------------------------

    actor Dev as Développeur
    participant Client as Git CLI
    participant SSH as gitrust-ssh
    participant Auth as SshKeyService
    participant Access as AccessService
    participant Git as gitrust-git
    participant DB as PostgreSQL
    participant FS as Bare repo (.git)

    %% --- Phase 1 : connexion et authentification par clé publique ---
    Dev->>Client: git push ssh://git@host:2222/alice/my-repo.git
    Client->>SSH: Connexion TCP :2222
    SSH-->>Client: Banner SSH + échange de clés

    Client->>SSH: Auth publickey (signature Ed25519/RSA)
    SSH->>Auth: find_by_fingerprint(db, fingerprint)
    Auth->>DB: SELECT FROM ssh_keys WHERE fingerprint = ?
    DB-->>Auth: ssh_key::Model {user_id, key_id}
    Auth-->>SSH: user_id

    SSH->>Auth: update_last_used(db, key_id)
    Auth->>DB: UPDATE ssh_keys SET last_used_at = now()
    DB-->>Auth: Ok

    SSH-->>Client: Auth OK

    %% --- Phase 2 : commande git-receive-pack ---
    Client->>SSH: exec "git-receive-pack 'alice/my-repo.git'"
    SSH->>SSH: CommandHandler::parse(...)
    Note over SSH: owner=alice · repo=my-repo

    %% --- Phase 3 : vérification des droits ---
    SSH->>Access: effective_role(db, user_id, repo_id)
    Access->>DB: ownership + resource_shares + team_repository_access
    DB-->>Access: Role::Developer
    Access-->>SSH: can_push = true (Developer ≥ Developer)

    %% --- Phase 4 : négociation git pack protocol ---
    SSH->>Git: pack_protocol::advertise_refs(repo_path)
    Git->>FS: Lecture refs (heads, tags)
    FS-->>Git: refs/heads/main · ...
    Git-->>SSH: refs advertisement

    SSH-->>Client: refs advertisement
    Client->>SSH: pack data + update commands

    %% --- Phase 5 : écriture des objets ---
    SSH->>Git: pack_protocol::serve_pack(repo_path, receive-pack)
    Git->>FS: Écriture objets packfile + update refs
    FS-->>Git: Ok
    Git-->>SSH: Ok

    %% --- Phase 6 : mise à jour metadata ---
    SSH->>DB: UPDATE repositories SET is_empty=false, updated_at=now()
    DB-->>SSH: Ok

    SSH-->>Client: Push OK (unpack ok · refs mis à jour)
    Client-->>Dev: Push réussi

    %% --- Phase 7 : déclenchement CI (si CI_ENABLED=true) ---
    Note over SSH,DB: Si CI_ENABLED=true et .gitrust-ci.yml ou .dagger/ détecté :<br/>CiDetectionService::detect() → CiService::create_pipeline() → mpsc::Sender → CiWorker