chore: better action workflow

.github/workflows/action.yml

@@ -0,0 +1,124 @@
+name: Publish Docker Images
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - 'v*.*.*'
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+env:
+  CACHIX_NAME: devenv
+  DOCKER_REGISTRY: labs.phundrak.com  # Override in repository settings if needed
+  IMAGE_NAME: phundrak/bakit
+
+jobs:
+  coverage-and-sonar:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
+      - name: Setup Cachix
+        uses: cachix/cachix-action@v15
+        with:
+          name: '${{ env.CACHIX_NAME }}'
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          skipPush: ${{ github.event_name == 'pull_request' }}
+
+      - name: Coverage
+        run: |
+            nix develop --no-pure-eval --accept-flake-config --command just coverage
+
+      - name: Sonar analysis
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+  build-docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write  # Required for pushing to Phundrak Labs registry
+      pull-requests: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
+      - name: Setup Cachix
+        uses: cachix/cachix-action@v15
+        with:
+          name: '${{ env.CACHIX_NAME }}'
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+          skipPush: ${{ github.event_name == 'pull_request' }}
+
+      - name: Build Docker image with Nix
+        run: |
+          echo "Building Docker image..."
+          nix build .#backendDockerLatest --accept-flake-config
+          cp -L result docker-image.tar.gz
+
+      - name: Upload Docker image artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: docker-image
+          path: docker-image.tar.gz
+          retention-days: 1
+
+  push-docker:
+    needs: [coverage-and-sonar, build-docker]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write  # Required for pushing to Phundrak Labs registry
+
+    steps:
+      - name: Download Docker image artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: docker-image
+
+      - name: Load Docker image
+        run: |
+          echo "Loading Docker image into Docker daemon..."
+          docker load < docker-image.tar.gz
+
+      - name: Push Docker tags
+        id: push
+        uses: https://labs.phundrak.com/phundrak/docker-push-action@v1
+        with:
+          registry: ${{ env.DOCKER_REGISTRY }}
+          registry-username: ${{ secrets.DOCKER_USERNAME }}
+          registry-password: ${{ secrets.DOCKER_PASSWORD }}
+          image-name: ${{ env.IMAGE_NAME }}
+          local-image: phundrak/bakit:latest
+          event-name: ${{ github.event_name }}
+          ref: ${{ github.ref }}
+          ref-type: ${{ github.ref_type }}
+          ref-name: ${{ github.ref_name }}
+          pr-number: ${{ github.event.pull_request.number }}
+
+      - name: Image published successfully
+        run: |
+          echo "✅ Docker image(s) published successfully to ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}"

.github/workflows/publish-docker.yml

@@ -1,132 +0,0 @@
-name: Publish Docker Images
-
-on:
-  push:
-    branches:
-      - main
-      - develop
-    tags:
-      - 'v*.*.*'
-  pull_request:
-    types: [opened, synchronize, reopened]
-
-env:
-  CACHIX_NAME: devenv
-  DOCKER_REGISTRY: labs.phundrak.com  # Override in repository settings if needed
-  IMAGE_NAME: phundrak/phundrak-dot-com-backend
-
-jobs:
-  build-and-publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write  # Required for pushing to Phundrak Labs registry
-      pull-requests: read
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v27
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
-
-      - name: Setup Cachix
-        uses: cachix/cachix-action@v15
-        with:
-          name: '${{ env.CACHIX_NAME }}'
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-          skipPush: ${{ github.event_name == 'pull_request' }}
-
-      - name: Coverage
-        run: |
-            nix develop --no-pure-eval --command just coverage
-
-      - name: Sonar analysis
-        uses: SonarSource/sonarqube-scan-action@v6
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-
-      - name: Build Docker image with Nix
-        run: |
-          echo "Building Docker image..."
-          nix build .#backendDockerLatest --accept-flake-config
-
-      - name: Load Docker image
-        run: |
-          echo "Loading Docker image into Docker daemon..."
-          docker load < result
-
-      - name: Log in to Docker Registry
-        run: |
-          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-
-      - name: Determine tags and push images
-        run: |
-          set -euo pipefail
-
-          REGISTRY="${{ env.DOCKER_REGISTRY }}"
-          IMAGE_NAME="${{ env.IMAGE_NAME }}"
-
-          # The locally built image from Nix (name comes from Cargo.toml package.name)
-          LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest"
-
-          echo "Event: ${{ github.event_name }}"
-          echo "Ref: ${{ github.ref }}"
-          echo "Ref type: ${{ github.ref_type }}"
-
-          # Determine which tags to push based on the event
-          if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
-            # Tag push on main branch → publish 'latest' and versioned tag
-            echo "Tag push detected"
-            TAG_VERSION="${{ github.ref_name }}"
-            # Remove 'v' prefix if present (v1.0.0 → 1.0.0)
-            TAG_VERSION="${TAG_VERSION#v}"
-
-            echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
-            docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
-            docker push "${REGISTRY}/${IMAGE_NAME}:latest"
-
-            echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
-            docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
-            docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
-
-          elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then
-            # Push on develop branch → publish 'develop' tag
-            echo "Push to develop branch detected"
-
-            echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop"
-            docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop"
-            docker push "${REGISTRY}/${IMAGE_NAME}:develop"
-
-          elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
-            # Pull request → publish 'pr<number>' tag
-            echo "Pull request detected"
-            PR_NUMBER="${{ github.event.pull_request.number }}"
-
-            echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
-            docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
-            docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
-
-          elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
-            # Push to main branch (not a tag) → publish 'latest'
-            echo "Push to main branch detected"
-
-            echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
-            docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
-            docker push "${REGISTRY}/${IMAGE_NAME}:latest"
-
-          else
-            echo "Unknown event or ref, skipping push"
-            exit 1
-          fi
-
-      - name: Log out from Docker Registry
-        if: always()
-        run: docker logout ${{ env.DOCKER_REGISTRY }}
-
-      - name: Image published successfully
-        run: |
-          echo "✅ Docker image(s) published successfully to ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}"

README.md

@@ -13,10 +13,10 @@ gitea: none
 
 <div align="center">
   <a href="https://sonar.phundrak.com/dashboard?id=bakit" target="_blank">
-    <img src="https://sonar.phundrak.com/api/project_badges/measure?project=bakit&metric=coverage&token=sqb_bda24bf36825576d6c6b76048044e103339c3c5f" alt="Sonar Coverage" />
+    <img src="https://sonar.phundrak.com/api/project_badges/measure?project=bakit&metric=coverage&token=sqb_614da1a838e933f937488ee4bb82d7711e4f0c5c" alt="Sonar Coverage" />
   </a>
   <a href="https://sonar.phundrak.com/dashboard?id=bakit" target="_blank">
-    <img src="https://sonar.phundrak.com/api/project_badges/measure?project=bakit&metric=alert_status&token=sqb_bda24bf36825576d6c6b76048044e103339c3c5f" alt="Sonar Quality Gate Status" />
+    <img src="https://sonar.phundrak.com/api/project_badges/measure?project=bakit&metric=alert_status&token=sqb_614da1a838e933f937488ee4bb82d7711e4f0c5c" alt="Sonar Quality Gate Status" />
   </a>
   <a href="#license">
     <img src="https://img.shields.io/badge/License-AGPL--3.0--only-blue" alt="License" />

flake.nix

@@ -32,7 +32,6 @@
   };
 
   outputs = {
-    self,
     nixpkgs,
     flake-utils,
     rust-overlay,
@@ -52,7 +51,7 @@
         formatter = alejandra.defaultPackage.${system};
         packages = import ./nix/package.nix {inherit pkgs rustPlatform;};
         devShell = import ./nix/shell.nix {
-          inherit inputs pkgs self rustVersion;
+          inherit inputs pkgs rustVersion;
         };
       }
     );

nix/package.nix

@@ -3,7 +3,7 @@
   rustPlatform,
   ...
 }: let
-  cargoToml = builtins.fromTOML (builtins.readFile ../Cargo.toml);
+  cargoToml = fromTOML (builtins.readFile ../Cargo.toml);
   name = cargoToml.package.name;
   version = cargoToml.package.version;
   rustBuild = rustPlatform.buildRustPackage {

nix/shell.nix

@@ -1,7 +1,6 @@
 {
   inputs,
   pkgs,
-  self,
   rustVersion,
   ...
 }:

src/route/contact/errors.rs

@@ -93,10 +93,14 @@ impl From<ValidationErrors> for ContactError {
             return Self::ValidationNameError("backend.contact.errors.validation.name".to_owned());
         }
         if validator::ValidationErrors::has_error(&Err(value.clone()), "email") {
-            return Self::ValidationEmailError("backend.contact.errors.validation.email".to_owned());
+            return Self::ValidationEmailError(
+                "backend.contact.errors.validation.email".to_owned(),
+            );
         }
         if validator::ValidationErrors::has_error(&Err(value), "message") {
-            return Self::ValidationMessageError("backend.contact.errors.validation.message".to_owned());
+            return Self::ValidationMessageError(
+                "backend.contact.errors.validation.message".to_owned(),
+            );
         }
         Self::ValidationError("backend.contact.errors.validation.other".to_owned())
     }
@@ -113,9 +117,13 @@ impl From<ContactError> for ContactResponse {
             success: false,
             message: match value {
                 ContactError::CouldNotParseRequestEmailAddress(_)
-                | ContactError::ValidationEmailError(_) => "backend.contact.errors.validation.email",
+                | ContactError::ValidationEmailError(_) => {
+                    "backend.contact.errors.validation.email"
+                }
                 ContactError::ValidationNameError(_) => "backend.contact.errors.validation.name",
-                ContactError::ValidationMessageError(_) => "backend.contact.errors.validation.message",
+                ContactError::ValidationMessageError(_) => {
+                    "backend.contact.errors.validation.message"
+                }
                 ContactError::CouldNotParseSettingsEmail(_)
                 | ContactError::FailedToBuildMessage(_)
                 | ContactError::CouldNotSendEmail(_)

src/route/contact/mod.rs

@@ -161,7 +161,9 @@ impl ContactApi {
         remote_addr: Option<poem::web::Data<&poem::web::RemoteAddr>>,
     ) -> ContactApiResponse {
         let body = body.0;
-        if body.honeypot.is_some() {
+        if let Some(ref honeypot) = body.honeypot
+            && !honeypot.trim().is_empty()
+        {
             tracing::event!(
                 target: "backend::contact",
                 tracing::Level::INFO,