fix/dockerbuild 1 9 (#2272)

* fix build

* add missing files

* chore: bump version

Author: motatoes

.github/workflows/taco_statesman_docker_build_verify.yml

@@ -0,0 +1,28 @@
+---
+name: Statesman dockerfile verify
+
+"on":
+  push:
+    branches: ['develop']
+  pull_request:
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.24.0
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+
+      - name: Test that the docker image still builds successfully
+        run: |
+          export COMMIT_SHA=$(git rev-parse --short HEAD)
+          docker build -t testingbuild:latest --build-arg COMMIT_SHA=${COMMIT_SHA} . -f Dockerfile_statesman
+        working-directory: taco

taco/cmd/statesman/main.go

@@ -17,6 +17,7 @@ import (
 	"github.com/labstack/echo/v4/middleware"
 )
 
+// change this random number to bump version of statesman: 429
 func main() {
 	var (
 		port        = flag.String("port", "8080", "Server port")
@@ -54,11 +55,11 @@ func main() {
 
 	// Initialize analytics with system ID management (always create system ID)
 	analytics.InitGlobalWithSystemID("production", store)
-	
+
 	// Initialize system ID synchronously during startup
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
-	
+
 	// Try to preload existing system ID and user email first
 	if err := analytics.PreloadSystemID(ctx); err == nil {
 		log.Printf("System ID and user email loaded from storage")
@@ -70,7 +71,7 @@ func main() {
 			log.Printf("System ID not available: %v", err)
 		}
 	}
-	analytics.SendEssential("service_startup") 
+	analytics.SendEssential("service_startup")
 
 	// Create Echo instance
 	e := echo.New()

taco/internal/domain/tfe/entitlements.go

@@ -0,0 +1,39 @@
+package tfe
+
+type FeatureEntitlements struct {
+	ID string `jsonapi:"primary,entitlement-sets"`
+
+	// Access and Security
+	SSO          bool `jsonapi:"attr,sso" json:"sso"`
+	Teams        bool `jsonapi:"attr,teams" json:"teams"`
+	AuditLogging bool `jsonapi:"attr,audit-logging" json:"audit_logging"`
+
+	// Infrastructure & Operations
+	Agents       bool `jsonapi:"attr,agents" json:"agents"`
+	Operations   bool `jsonapi:"attr,operations" json:"operations"`
+	StateStorage bool `jsonapi:"attr,state-storage" json:"state_storage"`
+
+	// Policy & Governance
+	Sentinel bool `jsonapi:"attr,sentinel" json:"sentinel"`
+
+	// Modules, Integrations & Cost
+	PrivateModuleRegistry bool `jsonapi:"attr,private-module-registry" json:"private_module_registry"`
+	VCSIntegrations       bool `jsonapi:"attr,vcs-integrations" json:"vcs_integrations"`
+	CostEstimation        bool `jsonapi:"attr,cost-estimation" json:"cost_estimation"`
+}
+
+func DefaultFeatureEntitlements(orgId string) *FeatureEntitlements {
+	return &FeatureEntitlements{
+		ID:                    orgId,
+		SSO:                   true,
+		Teams:                 true,
+		AuditLogging:          true,
+		Agents:                true,
+		Operations:            true,
+		StateStorage:          true,
+		Sentinel:              true,
+		PrivateModuleRegistry: true,
+		VCSIntegrations:       true,
+		CostEstimation:        true,
+	}
+}

taco/internal/domain/tfe/identifier.go

@@ -0,0 +1,31 @@
+package tfe
+
+import "fmt"
+
+type ResourceType string
+
+func (e ResourceType) String() string {
+	return string(e)
+}
+
+const (
+	OrganizationType ResourceType = "org"
+	WorkspaceType    ResourceType = "ws"
+	AgentPoolType    ResourceType = "apool"
+)
+
+type TfeResourceIdentifier struct {
+	resourceType ResourceType
+	id           string
+}
+
+func (id TfeResourceIdentifier) String() string {
+	return fmt.Sprintf("%v-%v", id.resourceType, id.id)
+}
+
+func NewTfeResourceIdentifier(resourceType ResourceType, id string) TfeResourceIdentifier {
+	return TfeResourceIdentifier{
+		resourceType: resourceType,
+		id:           id,
+	}
+}

taco/internal/domain/tfe/login.go

@@ -0,0 +1,19 @@
+package tfe
+
+type LoginSpec struct {
+	Client     string   `json:"client"`
+	GrantTypes []string `json:"grant_types"`
+	Authz      string   `json:"authz"`
+	Token      string   `json:"token"`
+	Ports      []int    `json:"ports"`
+}
+
+type WellKnownSpec struct {
+	Login           LoginSpec `json:"login.v1"`
+	Modules         string    `json:"modules.v1"`
+	MessageOfTheDay string    `json:"motd.v1"`
+	State           string    `json:"state.v2"`
+	TfeApiV2        string    `json:"tfe.v2"`
+	TfeApiV21       string    `json:"tfe.v2.1"`
+	TfeApiV22       string    `json:"tfe.v2.2"`
+}

taco/internal/domain/tfe/motd.go

@@ -0,0 +1,33 @@
+package tfe
+
+type MotdResponse struct {
+	Msg string `json:"msg"`
+}
+
+func MotdMessage() string {
+	// Use the bracketed tags like Terraform’s MOTD uses.
+	// Terminals/clients that understand them can render colors/bold.
+	// Keep \n (not newlines in a raw string) to match the JSON you showed.
+	return "" +
+		"                                          [cyan]-                                [reset]\n" +
+		"                                          [cyan]-----                           -[reset]\n" +
+		"                                          [cyan]---------                      --[reset]\n" +
+		"                                          [cyan]---------  -                -----[reset]\n" +
+		"                                           [cyan]---------  ------        -------[reset]\n" +
+		"                                             [cyan]-------  ---------  ----------[reset]\n" +
+		"                                                [cyan]----  ---------- ----------[reset]\n" +
+		"                                                  [cyan]--  ---------- ----------[reset]\n" +
+		"   [bold]Welcome to OpenTaco![reset]                 [cyan]-  ---------- -------[reset]\n" +
+		"                                                      [cyan]---  ----- ---[reset]\n" +
+		"   [bold]Documentation:[reset] opentaco.dev/docs                [cyan]--------   -[reset]\n" +
+		"                                                      [cyan]----------[reset]\n" +
+		"                                                      [cyan]----------[reset]\n" +
+		"                                                       [cyan]---------[reset]\n" +
+		"                                                           [cyan]-----[reset]\n" +
+		"                                                               [cyan]-[reset]\n" +
+		"\n\n" +
+		"   [bold]New to OpenTaco?[reset] Try these steps to spin up quickly:\n" +
+		"\n" +
+		"   $ Visit digger.dev/opentaco\n" +
+		"   [bold]Need help?[reset] Join: https://bit.ly/diggercommunity\n"
+}

taco/internal/domain/tfe/organization.go

@@ -0,0 +1,46 @@
+package tfe
+
+import "time"
+
+// OrgAccessMatrix enumerates organization-scoped capability flags.
+type OrgAccessMatrix struct {
+	CanCreateTeam               bool `json:"can-create-team"`
+	CanCreateWorkspace          bool `json:"can-create-workspace"`
+	CanCreateWorkspaceMigration bool `json:"can-create-workspace-migration"`
+	CanDestroy                  bool `json:"can-destroy"`
+	CanTraverse                 bool `json:"can-traverse"`
+	CanUpdate                   bool `json:"can-update"`
+	CanUpdateAPIToken           bool `json:"can-update-api-token"`
+	CanUpdateOAuth              bool `json:"can-update-oauth"`
+	CanUpdateSentinel           bool `json:"can-update-sentinel"`
+}
+
+type TFEOrganizationPermissions = OrgAccessMatrix
+
+// OrgResource models an organization entity for a JSON:API client.
+type OrgResource struct {
+	// Resource identifier (JSON:API primary)
+	Name string `jsonapi:"primary,organizations"`
+
+	// Organization attributes
+	AssessmentsEnforced                               bool                        `jsonapi:"attr,assessments-enforced" json:"assessments-enforced"`
+	CollaboratorAuthPolicy                            string                      `jsonapi:"attr,collaborator-auth-policy" json:"collaborator-auth-policy"`
+	CostEstimationEnabled                             bool                        `jsonapi:"attr,cost-estimation-enabled" json:"cost-estimation-enabled"`
+	CreatedAt                                         time.Time                   `jsonapi:"attr,created-at" json:"created-at"`
+	Email                                             string                      `jsonapi:"attr,email" json:"email"`
+	ExternalID                                        string                      `jsonapi:"attr,external-id" json:"external-id"`
+	OwnersTeamSAMLRoleID                              string                      `jsonapi:"attr,owners-team-saml-role-id" json:"owners-team-saml-role-id"`
+	Permissions                                       *TFEOrganizationPermissions `jsonapi:"attr,permissions" json:"permissions"`
+	SAMLEnabled                                       bool                        `jsonapi:"attr,saml-enabled" json:"saml-enabled"`
+	SessionRemember                                   *int                        `jsonapi:"attr,session-remember" json:"session-remember"`
+	SessionTimeout                                    *int                        `jsonapi:"attr,session-timeout" json:"session-timeout"`
+	TrialExpiresAt                                    time.Time                   `jsonapi:"attr,trial-expires-at" json:"trial-expires-at"`
+	TwoFactorConformant                               bool                        `jsonapi:"attr,two-factor-conformant" json:"two-factor-conformant"`
+	SendPassingStatusesForUntriggeredSpeculativePlans bool                        `jsonapi:"attr,send-passing-statuses-for-untriggered-speculative-plans" json:"send-passing-statuses-for-untriggered-speculative-plans"`
+	RemainingTestableCount                            int                         `jsonapi:"attr,remaining-testable-count" json:"remaining-testable-count"`
+
+	// For older TFE builds (prior to 202211), this flag may be absent; deletions default to forced.
+	AllowForceDeleteWorkspaces bool `jsonapi:"attr,allow-force-delete-workspaces" json:"allow-force-delete-workspaces"`
+}
+
+type TFEOrganization = OrgResource

taco/internal/domain/tfe/run.go

@@ -0,0 +1,5 @@
+package tfe
+
+type TFERun struct {
+	ID string `jsonapi:"primary,runs"`
+}

taco/internal/domain/tfe/vcs.go

@@ -0,0 +1,21 @@
+package tfe
+
+type VCSRepo struct {
+	owner string `json:"owner"`
+	name  string `json:"name"`
+}
+
+// RepoBinding models a workspace's linkage to a VCS repository.
+// JSON tags are preserved for wire compatibility; symbol names are fresh.
+type RepoBinding struct {
+	Branch            string  `json:"branch"`
+	DisplayIdentifier string  `json:"display-identifier"`
+	Identifier        VCSRepo `json:"identifier"`
+	IngressSubmodules bool    `json:"ingress-submodules"`
+	OAuthTokenID      string  `json:"oauth-token-id"`
+	RepositoryHTTPURL string  `json:"repository-http-url"`
+	TagsRegex         string  `json:"tags-regex"`
+	ServiceProvider   string  `json:"service-provider"`
+}
+
+type TFEVCSRepository = RepoBinding

taco/internal/domain/tfe/workspace.go

@@ -0,0 +1,86 @@
+package tfe
+
+import "time"
+
+type WorkspaceVersion struct {
+	Latest bool   `json:"latest"`
+	semver string `json:"semver"`
+}
+
+type TFEWorkspaceActions struct {
+	IsDestroyable bool `json:"is-destroyable"`
+}
+
+type WorkspaceAccessMatrix struct {
+	CanDestroy        bool `json:"can-destroy"`
+	CanForceUnlock    bool `json:"can-force-unlock"`
+	CanLock           bool `json:"can-lock"`
+	CanQueueApply     bool `json:"can-queue-apply"`
+	CanQueueDestroy   bool `json:"can-queue-destroy"`
+	CanQueueRun       bool `json:"can-queue-run"`
+	CanReadSettings   bool `json:"can-read-settings"`
+	CanUnlock         bool `json:"can-unlock"`
+	CanUpdate         bool `json:"can-update"`
+	CanUpdateVariable bool `json:"can-update-variable"`
+}
+
+type TFEWorkspacePermissions = WorkspaceAccessMatrix
+
+// WorkspaceOutputRecord models an output resource attached to a workspace.
+// Field names and tags are preserved to avoid any external breaking changes.
+type WorkspaceOutputRecord struct {
+	ID        string `jsonapi:"primary,workspace-outputs"`
+	Name      string `jsonapi:"attr,Name" json:"Name"`
+	Sensitive bool   `jsonapi:"attr,sensitive" json:"sensitive"`
+	Type      string `jsonapi:"attr,output-type" json:"output-type"`
+	Value     any    `jsonapi:"attr,value" json:"value"`
+}
+
+// Back-compat alias so existing references to TFEWorkspaceOutput continue to compile.
+type TFEWorkspaceOutput = WorkspaceOutputRecord
+
+// WorkspaceRecord models a workspace entity for a JSON:API client.
+type WorkspaceRecord struct {
+	ID                         string                   `jsonapi:"primary,workspaces"`
+	Actions                    *TFEWorkspaceActions     `jsonapi:"attr,actions" json:"actions"`
+	AgentPoolID                string                   `jsonapi:"attr,agent-pool-id" json:"agent-pool-id"`
+	AllowDestroyPlan           bool                     `jsonapi:"attr,allow-destroy-plan" json:"allow-destroy-plan"`
+	AutoApply                  bool                     `jsonapi:"attr,auto-apply" json:"auto-apply"`
+	CanQueueDestroyPlan        bool                     `jsonapi:"attr,can-queue-destroy-plan" json:"can-queue-destroy-plan"`
+	CreatedAt                  time.Time                `jsonapi:"attr,created-at" json:"created-at"`
+	Description                string                   `jsonapi:"attr,description" json:"description"`
+	Environment                string                   `jsonapi:"attr,environment" json:"environment"`
+	ExecutionMode              string                   `jsonapi:"attr,execution-mode" json:"execution-mode"`
+	FileTriggersEnabled        bool                     `jsonapi:"attr,file-triggers-enabled" json:"file-triggers-enabled"`
+	GlobalRemoteState          bool                     `jsonapi:"attr,global-remote-state" json:"global-remote-state"`
+	Locked                     bool                     `jsonapi:"attr,locked" json:"locked"`
+	MigrationEnvironment       string                   `jsonapi:"attr,migration-environment" json:"migration-environment"`
+	Name                       string                   `jsonapi:"attr,Name" json:"Name"`
+	Operations                 bool                     `jsonapi:"attr,operations" json:"operations"`
+	Permissions                *TFEWorkspacePermissions `jsonapi:"attr,permissions" json:"permissions"`
+	QueueAllRuns               bool                     `jsonapi:"attr,queue-all-runs" json:"queue-all-runs"`
+	SpeculativeEnabled         bool                     `jsonapi:"attr,speculative-enabled" json:"speculative-enabled"`
+	SourceName                 string                   `jsonapi:"attr,source-Name" json:"source-Name"`
+	SourceURL                  string                   `jsonapi:"attr,source-url" json:"source-url"`
+	StructuredRunOutputEnabled bool                     `jsonapi:"attr,structured-run-output-enabled" json:"structured-run-output-enabled"`
+	TerraformVersion           *WorkspaceVersion        `jsonapi:"attr,terraform-version" json:"terraform-version"`
+	TriggerPrefixes            []string                 `jsonapi:"attr,trigger-prefixes" json:"trigger-prefixes"`
+	TriggerPatterns            []string                 `jsonapi:"attr,trigger-patterns" json:"trigger-patterns"`
+	VCSRepo                    *TFEVCSRepository        `jsonapi:"attr,vcs-repo" json:"vcs-repo"`
+	WorkingDirectory           string                   `jsonapi:"attr,working-directory" json:"working-directory"`
+	UpdatedAt                  time.Time                `jsonapi:"attr,updated-at" json:"updated-at"`
+	ResourceCount              int                      `jsonapi:"attr,resource-count" json:"resource-count"`
+	ApplyDurationAverage       time.Duration            `jsonapi:"attr,apply-duration-average" json:"apply-duration-average"`
+	PlanDurationAverage        time.Duration            `jsonapi:"attr,plan-duration-average" json:"plan-duration-average"`
+	PolicyCheckFailures        int                      `jsonapi:"attr,policy-check-failures" json:"policy-check-failures"`
+	RunFailures                int                      `jsonapi:"attr,run-failures" json:"run-failures"`
+	RunsCount                  int                      `jsonapi:"attr,workspace-kpis-runs-count" json:"workspace-kpis-runs-count"`
+	TagNames                   []string                 `jsonapi:"attr,tag-names" json:"tag-names"`
+
+	// Relationships
+	CurrentRun   *TFERun               `jsonapi:"relation,current-run" json:"current-run"`
+	Organization *TFEOrganization      `jsonapi:"relation,organization" json:"organization"`
+	Outputs      []*TFEWorkspaceOutput `jsonapi:"relation,outputs" json:"outputs"`
+}
+
+type TFEWorkspace = WorkspaceRecord