phundrak/bakit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: phundrak:72bbb8b648ebd73f06fe6cff64ca8236aeea955b
Branches Tags
phundrak:develop phundrak:main
..
compare: phundrak:c369f166be1ac690d4f9c806220f1e54ca12804f
Branches Tags
phundrak:develop phundrak:main

2 Commits
72bbb8b648 ... c369f166be

Author SHA1 Message Date
Lucien Cartier-Tilet
c369f166be fix(contact): ignore empty honeypot values even if String exists
Some checks failed
Publish Docker Images / build-and-publish (push) Failing after 7m19s
Details
2026-02-04 12:23:58 +01:00
Lucien Cartier-Tilet
03bd411c18 fix(nix): remove unused self value 2026-02-04 12:23:51 +01:00
5 changed files with 73 additions and 129 deletions
Expand all files Collapse all files

178
.github/workflows/publish-docker.yml vendored
View File

@@ -16,17 +16,16 @@ env:
IMAGE_NAME: phundrak/phundrak-dot-com-backend IMAGE_NAME: phundrak/phundrak-dot-com-backend
jobs: jobs:
coverage-and-sonar: build-and-publish:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
content: read contents: read
packages: write # Required for pushing to Phundrak Labs registry
pull-requests: read pull-requests: read
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@v27 uses: cachix/install-nix-action@v27
@@ -42,7 +41,7 @@ jobs:
- name: Coverage - name: Coverage
run: | run: |
nix develop --no-pure-eval --accept-flake-config --command just coverage nix develop --no-pure-eval --command just coverage
- name: Sonar analysis - name: Sonar analysis
uses: SonarSource/sonarqube-scan-action@v6 uses: SonarSource/sonarqube-scan-action@v6
@@ -50,146 +49,83 @@ jobs:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
build-docker:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # Required for pushing to Phundrak Labs registry
pull-requests: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Setup Cachix
uses: cachix/cachix-action@v15
with:
name: '${{ env.CACHIX_NAME }}'
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
skipPush: ${{ github.event_name == 'pull_request' }}
- name: Build Docker image with Nix - name: Build Docker image with Nix
run: | run: |
echo "Building Docker image..." echo "Building Docker image..."
nix build .#backendDockerLatest --accept-flake-config nix build .#backendDockerLatest --accept-flake-config
cp -L result docker-image.tar.gz
- name: Upload Docker image artifact
uses: actions/upload-artifact@v3
with:
name: docker-image
path: docker-image.tar.gz
retention-days: 1
push-docker:
needs: [coverage-and-sonar, build-docker]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # Required for pushing to Phundrak Labs registry
steps:
- name: Download Docker image artifact
uses: actions/download-artifact@v3
with:
name: docker-image
- name: Load Docker image - name: Load Docker image
run: | run: |
echo "Loading Docker image into Docker daemon..." echo "Loading Docker image into Docker daemon..."
docker load < docker-image.tar.gz docker load < result
- name: Push Docker tags - name: Log in to Docker Registry
id: push run: |
uses: https://labs.phundrak.com/phundrak/docker-push-action@v1 echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
with:
registry: ${{ env.DOCKER_REGISTRY }}
registry-username: ${{ secrets.DOCKER_USERNAME }}
registry-password: ${{ secrets.DOCKER_PASSWORD }}
image-name: ${{ env.IMAGE_NAME }}
local-image-name: phundrak/phundrak-dot-com-backend:latest
event-name: ${{ github.event_name }}
ref: ${{ github.ref }}
ref-type: ${{ github.ref_type }}
ref-name: ${{ github.ref_name }}
pr-number: ${{ github.event.pull_request.number }}
# - name: Log in to Docker Registry
# run: |
# echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
# - name: Determine tags and push images - name: Determine tags and push images
# run: | run: |
# set -euo pipefail set -euo pipefail
# REGISTRY="${{ env.DOCKER_REGISTRY }}" REGISTRY="${{ env.DOCKER_REGISTRY }}"
# IMAGE_NAME="${{ env.IMAGE_NAME }}" IMAGE_NAME="${{ env.IMAGE_NAME }}"
# # The locally built image from Nix (name comes from Cargo.toml package.name) # The locally built image from Nix (name comes from Cargo.toml package.name)
# LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest" LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest"
# echo "Event: ${{ github.event_name }}" echo "Event: ${{ github.event_name }}"
# echo "Ref: ${{ github.ref }}" echo "Ref: ${{ github.ref }}"
# echo "Ref type: ${{ github.ref_type }}" echo "Ref type: ${{ github.ref_type }}"
# # Determine which tags to push based on the event # Determine which tags to push based on the event
# if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
# # Tag push on main branch → publish 'latest' and versioned tag # Tag push on main branch → publish 'latest' and versioned tag
# echo "Tag push detected" echo "Tag push detected"
# TAG_VERSION="${{ github.ref_name }}" TAG_VERSION="${{ github.ref_name }}"
# # Remove 'v' prefix if present (v1.0.0 → 1.0.0) # Remove 'v' prefix if present (v1.0.0 → 1.0.0)
# TAG_VERSION="${TAG_VERSION#v}" TAG_VERSION="${TAG_VERSION#v}"
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
# docker push "${REGISTRY}/${IMAGE_NAME}:latest" docker push "${REGISTRY}/${IMAGE_NAME}:latest"
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
# docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}" docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
# elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then
# # Push on develop branch → publish 'develop' tag # Push on develop branch → publish 'develop' tag
# echo "Push to develop branch detected" echo "Push to develop branch detected"
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop"
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop"
# docker push "${REGISTRY}/${IMAGE_NAME}:develop" docker push "${REGISTRY}/${IMAGE_NAME}:develop"
# elif [[ "${{ github.event_name }}" == "pull_request" ]]; then elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
# # Pull request → publish 'pr<number>' tag # Pull request → publish 'pr<number>' tag
# echo "Pull request detected" echo "Pull request detected"
# PR_NUMBER="${{ github.event.pull_request.number }}" PR_NUMBER="${{ github.event.pull_request.number }}"
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
# docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}" docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
# elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
# # Push to main branch (not a tag) → publish 'latest' # Push to main branch (not a tag) → publish 'latest'
# echo "Push to main branch detected" echo "Push to main branch detected"
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest" echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest" docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
# docker push "${REGISTRY}/${IMAGE_NAME}:latest" docker push "${REGISTRY}/${IMAGE_NAME}:latest"
# else else
# echo "Unknown event or ref, skipping push" echo "Unknown event or ref, skipping push"
# exit 1 exit 1
# fi fi
# - name: Log out from Docker Registry - name: Log out from Docker Registry
# if: always() if: always()
# run: docker logout ${{ env.DOCKER_REGISTRY }} run: docker logout ${{ env.DOCKER_REGISTRY }}
- name: Delete Docker image artifact
uses: geekyeggo/delete-artifact@v2
with:
name: docker-image
- name: Image published successfully - name: Image published successfully
run: | run: |

3
flake.nix
View File

@@ -32,7 +32,6 @@
}; };
outputs = { outputs = {
self,
nixpkgs, nixpkgs,
flake-utils, flake-utils,
rust-overlay, rust-overlay,
@@ -52,7 +51,7 @@
formatter = alejandra.defaultPackage.${system}; formatter = alejandra.defaultPackage.${system};
packages = import ./nix/package.nix {inherit pkgs rustPlatform;}; packages = import ./nix/package.nix {inherit pkgs rustPlatform;};
devShell = import ./nix/shell.nix { devShell = import ./nix/shell.nix {
inherit inputs pkgs self rustVersion; inherit inputs pkgs rustVersion;
}; };
} }
); );

1
nix/shell.nix
View File

@@ -1,7 +1,6 @@
{ {
inputs, inputs,
pkgs, pkgs,
self,
rustVersion, rustVersion,
... ...
}: }:

16
src/route/contact/errors.rs
View File

@@ -93,10 +93,14 @@ impl From<ValidationErrors> for ContactError {
return Self::ValidationNameError("backend.contact.errors.validation.name".to_owned()); return Self::ValidationNameError("backend.contact.errors.validation.name".to_owned());
} }
if validator::ValidationErrors::has_error(&Err(value.clone()), "email") { if validator::ValidationErrors::has_error(&Err(value.clone()), "email") {
return Self::ValidationEmailError("backend.contact.errors.validation.email".to_owned()); return Self::ValidationEmailError(
"backend.contact.errors.validation.email".to_owned(),
);
} }
if validator::ValidationErrors::has_error(&Err(value), "message") { if validator::ValidationErrors::has_error(&Err(value), "message") {
return Self::ValidationMessageError("backend.contact.errors.validation.message".to_owned()); return Self::ValidationMessageError(
"backend.contact.errors.validation.message".to_owned(),
);
} }
Self::ValidationError("backend.contact.errors.validation.other".to_owned()) Self::ValidationError("backend.contact.errors.validation.other".to_owned())
} }
@@ -113,9 +117,13 @@ impl From<ContactError> for ContactResponse {
success: false, success: false,
message: match value { message: match value {
ContactError::CouldNotParseRequestEmailAddress(_) ContactError::CouldNotParseRequestEmailAddress(_)
| ContactError::ValidationEmailError(_) => "backend.contact.errors.validation.email", | ContactError::ValidationEmailError(_) => {
"backend.contact.errors.validation.email"
}
ContactError::ValidationNameError(_) => "backend.contact.errors.validation.name", ContactError::ValidationNameError(_) => "backend.contact.errors.validation.name",
ContactError::ValidationMessageError(_) => "backend.contact.errors.validation.message", ContactError::ValidationMessageError(_) => {
"backend.contact.errors.validation.message"
}
ContactError::CouldNotParseSettingsEmail(_) ContactError::CouldNotParseSettingsEmail(_)
| ContactError::FailedToBuildMessage(_) | ContactError::FailedToBuildMessage(_)
| ContactError::CouldNotSendEmail(_) | ContactError::CouldNotSendEmail(_)

4
src/route/contact/mod.rs
View File

@@ -161,7 +161,9 @@ impl ContactApi {
remote_addr: Option<poem::web::Data<&poem::web::RemoteAddr>>, remote_addr: Option<poem::web::Data<&poem::web::RemoteAddr>>,
) -> ContactApiResponse { ) -> ContactApiResponse {
let body = body.0; let body = body.0;
if body.honeypot.is_some() { if let Some(ref honeypot) = body.honeypot
&& honeypot.trim().is_empty()
{
tracing::event!( tracing::event!(
target: "backend::contact", target: "backend::contact",
tracing::Level::INFO, tracing::Level::INFO,