feat: git repo sync for compose projects

[kmendell]

Closes: #24

Bugs:

• Redeploy When new file is synced

Enhancements:

• I would like to see an option to sync the project in the project view. (3 dots menu + button on the top once you are in the specific project)
• I would also like a "link" to go to the git ops sync job from the project (and from the sync job to linked project).
• I would like to see in both syncs view and projects view the commit hash that is fetched / the project is based on.
• Sync name can prefill the target project field, or just keep 1 field. I cant think of a reason to have both. If there is a use case. I'm fine!
• Would be nice to have a dropdown of branches instead of having to manually type. (maybe also allow freeform, in case someone sets up something for "future" branches) (portainer does this)
  ie, my default branch is master, but arcane defaults to main. Took me a minute to find out why the sync was failing.
  maybe at least arcane can populate the default branch instead of hardcoded main
• Would like to see autocomplete of compose file path based on the files in the git repo, (portainer does this)

---

Disclaimer Greptiles Reviews use AI, make sure to check over its work

Greptile Summary

This PR implements GitOps synchronization for Docker Compose projects, allowing users to automatically sync and deploy projects from Git repositories.

Key changes:

• Added GitRepository and GitOpsSync models with proper database migrations for both PostgreSQL and SQLite
• Implemented Git operations (clone, branch listing, file browsing) using go-git/go-git library with secure path validation
• Created services for managing Git repositories with encrypted credential storage (tokens, SSH keys)
• Added background job for periodic sync execution with configurable intervals
• Built comprehensive frontend UI including repository management, sync configuration dialogs, and file browser
• Enhanced project view with read-only mode for GitOps-managed projects and manual sync trigger capability
• Projects synced via GitOps automatically redeploy when compose file content changes

Architecture notes:

• The implementation follows existing patterns in the codebase with proper service layer separation
• Uses systemUser for automated sync operations to maintain audit trail
• Properly handles foreign key relationships with ON DELETE CASCADE/SET NULL
• Frontend uses Svelte 5 patterns with proper state management

Confidence Score: 4/5

• This PR is safe to merge with minor considerations around error logging practices in frontend code.
• The implementation is comprehensive and follows established codebase patterns. Path validation uses proper filepath.Rel for security. Credential encryption is properly handled. The only concerns are style-related (console.error usage already noted in previous threads) rather than functional issues.
• No files require special attention - the implementation is well-structured and follows project conventions.

Important Files Changed

Filename	Overview
backend/internal/utils/git/git.go	New git client implementation with path validation using filepath.Rel for security. Well-structured with proper authentication handling.
backend/internal/services/gitops_sync_service.go	GitOps sync service handling repository cloning, project creation/updates, and auto-sync scheduling. Uses systemUser for automated operations.
backend/internal/services/git_repository_service.go	Git repository management with proper encryption for credentials and well-handled CRUD operations with sync capabilities.
backend/internal/huma/handlers/gitops_syncs.go	API handlers for GitOps sync management with proper error handling and pagination support.
frontend/src/lib/components/dialogs/gitops-sync-dialog.svelte	GitOps sync configuration dialog with repository selection, branch dropdown, and file browser integration.
frontend/src/routes/(app)/environments/[id]/gitops/+page.svelte	GitOps page with sync management, import functionality, and stat cards. Uses console.error for error logging.
frontend/src/routes/(app)/projects/[projectId]/+page.svelte	Enhanced project page with GitOps read-only mode, sync button, and commit hash display for managed projects.

Context used (3)

• Rule from dashboard - GoLang Best Practices

Follow idiomatic Go patterns and conventions
Handle errors explicitly, don’t ... (source)

• Rule from dashboard - JavaScript/TypeScript Best Practices

Use const/let instead of var for variable declarations
Prefer ... (source)

• Context from dashboard - .github/copilot-instructions.md (source)

[github-actions]

🔍 Deadcode Analysis

Found 6 unreachable functions in the backend.

View details

internal/common/errors.go:681:34: unreachable func: ProjectDeploymentError.Error
internal/huma/middleware/auth.go:242:6: unreachable func: RequireAdmin
internal/utils/http/request.go:66:6: unreachable func: GetQueryParam
internal/utils/http/request.go:79:6: unreachable func: GetIntQueryParam
internal/utils/pagination/params.go:15:6: unreachable func: ExtractListModifiersQueryParams
internal/utils/pathmapper/path_mapper.go:120:23: unreachable func: PathMapper.IsNonMatchingMount

Only remove deadcode that you know is 100% no longer used.

Analysis from commit 088146d

[github-actions]

This pull request has merge conflicts. Please resolve the conflicts so the PR can stay up-to-date and reviewed.

[kmendell]

@greptileai

[greptile-apps]

_{37 files reviewed, 24 comments}

_{Edit Code Review Agent Settings | Greptile}

[kmendell]

@greptileai

[greptile-apps]

_{41 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[getarcaneappbot]

Docker images for this PR have been built successfully!

• Manager: ghcr.io/getarcaneapp/arcane:pr-1089
• Agent: ghcr.io/getarcaneapp/arcane-headless:pr-1089

Built from commit 48dc98a

[kmendell]

@greptileai

[greptile-apps]

_{65 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[kmendell]

@greptileai