Compare commits
6 Commits
9dfd012dea
...
develop
| Author | SHA1 | Date | |
|---|---|---|---|
72bbb8b648
|
|||
|
ce28426075
|
|||
|
c46ab8397c
|
|||
|
daa92328c5
|
|||
|
2f0ebc8144
|
|||
|
797ab461ab
|
2
.github/workflows/README.md
vendored
2
.github/workflows/README.md
vendored
@@ -84,7 +84,7 @@ Cachix is a Nix binary cache that dramatically speeds up builds by caching build
|
||||
Configure these in the workflow's `env` section or as repository variables:
|
||||
|
||||
| Variable | Description | Default Value | Example |
|
||||
|--------------------+------------------------------------------------+---------------+--------------------|
|
||||
|--------------------|------------------------------------------------|---------------|--------------------|
|
||||
| `CACHIX_NAME` | Name of the Cachix cache to use | `devenv` | `phundrak-dot-com` |
|
||||
| `CACHIX_SKIP_PUSH` | Whether to skip pushing artifacts to the cache | `true` | `false` |
|
||||
|
||||
|
||||
192
.github/workflows/publish-docker.yml
vendored
192
.github/workflows/publish-docker.yml
vendored
@@ -16,7 +16,41 @@ env:
|
||||
IMAGE_NAME: phundrak/phundrak-dot-com-backend
|
||||
|
||||
jobs:
|
||||
build-and-publish:
|
||||
coverage-and-sonar:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
content: read
|
||||
pull-requests: read
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v27
|
||||
with:
|
||||
nix_path: nixpkgs=channel:nixos-unstable
|
||||
|
||||
- name: Setup Cachix
|
||||
uses: cachix/cachix-action@v15
|
||||
with:
|
||||
name: '${{ env.CACHIX_NAME }}'
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
skipPush: ${{ github.event_name == 'pull_request' }}
|
||||
|
||||
- name: Coverage
|
||||
run: |
|
||||
nix develop --no-pure-eval --accept-flake-config --command just coverage
|
||||
|
||||
- name: Sonar analysis
|
||||
uses: SonarSource/sonarqube-scan-action@v6
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
||||
|
||||
build-docker:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
@@ -39,93 +73,123 @@ jobs:
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
skipPush: ${{ github.event_name == 'pull_request' }}
|
||||
|
||||
- name: Coverage
|
||||
run: |
|
||||
nix develop --no-pure-eval --command just coverage
|
||||
|
||||
- name: Sonar analysis
|
||||
uses: SonarSource/sonarqube-scan-action@v6
|
||||
env:
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
||||
|
||||
- name: Build Docker image with Nix
|
||||
run: |
|
||||
echo "Building Docker image..."
|
||||
nix build .#backendDockerLatest --accept-flake-config
|
||||
cp -L result docker-image.tar.gz
|
||||
|
||||
- name: Upload Docker image artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: docker-image
|
||||
path: docker-image.tar.gz
|
||||
retention-days: 1
|
||||
|
||||
push-docker:
|
||||
needs: [coverage-and-sonar, build-docker]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write # Required for pushing to Phundrak Labs registry
|
||||
|
||||
steps:
|
||||
- name: Download Docker image artifact
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: docker-image
|
||||
|
||||
- name: Load Docker image
|
||||
run: |
|
||||
echo "Loading Docker image into Docker daemon..."
|
||||
docker load < result
|
||||
docker load < docker-image.tar.gz
|
||||
|
||||
- name: Log in to Docker Registry
|
||||
run: |
|
||||
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
|
||||
- name: Push Docker tags
|
||||
id: push
|
||||
uses: https://labs.phundrak.com/phundrak/docker-push-action@v1
|
||||
with:
|
||||
registry: ${{ env.DOCKER_REGISTRY }}
|
||||
registry-username: ${{ secrets.DOCKER_USERNAME }}
|
||||
registry-password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
image-name: ${{ env.IMAGE_NAME }}
|
||||
local-image-name: phundrak/phundrak-dot-com-backend:latest
|
||||
event-name: ${{ github.event_name }}
|
||||
ref: ${{ github.ref }}
|
||||
ref-type: ${{ github.ref_type }}
|
||||
ref-name: ${{ github.ref_name }}
|
||||
pr-number: ${{ github.event.pull_request.number }}
|
||||
# - name: Log in to Docker Registry
|
||||
# run: |
|
||||
# echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
|
||||
|
||||
- name: Determine tags and push images
|
||||
run: |
|
||||
set -euo pipefail
|
||||
# - name: Determine tags and push images
|
||||
# run: |
|
||||
# set -euo pipefail
|
||||
|
||||
REGISTRY="${{ env.DOCKER_REGISTRY }}"
|
||||
IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
||||
# REGISTRY="${{ env.DOCKER_REGISTRY }}"
|
||||
# IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
||||
|
||||
# The locally built image from Nix (name comes from Cargo.toml package.name)
|
||||
LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest"
|
||||
# # The locally built image from Nix (name comes from Cargo.toml package.name)
|
||||
# LOCAL_IMAGE="phundrak/phundrak-dot-com-backend:latest"
|
||||
|
||||
echo "Event: ${{ github.event_name }}"
|
||||
echo "Ref: ${{ github.ref }}"
|
||||
echo "Ref type: ${{ github.ref_type }}"
|
||||
# echo "Event: ${{ github.event_name }}"
|
||||
# echo "Ref: ${{ github.ref }}"
|
||||
# echo "Ref type: ${{ github.ref_type }}"
|
||||
|
||||
# Determine which tags to push based on the event
|
||||
if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
|
||||
# Tag push on main branch → publish 'latest' and versioned tag
|
||||
echo "Tag push detected"
|
||||
TAG_VERSION="${{ github.ref_name }}"
|
||||
# Remove 'v' prefix if present (v1.0.0 → 1.0.0)
|
||||
TAG_VERSION="${TAG_VERSION#v}"
|
||||
# # Determine which tags to push based on the event
|
||||
# if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then
|
||||
# # Tag push on main branch → publish 'latest' and versioned tag
|
||||
# echo "Tag push detected"
|
||||
# TAG_VERSION="${{ github.ref_name }}"
|
||||
# # Remove 'v' prefix if present (v1.0.0 → 1.0.0)
|
||||
# TAG_VERSION="${TAG_VERSION#v}"
|
||||
|
||||
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
docker push "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
# docker push "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
|
||||
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
|
||||
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
|
||||
docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
|
||||
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
|
||||
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
|
||||
# docker push "${REGISTRY}/${IMAGE_NAME}:${TAG_VERSION}"
|
||||
|
||||
elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then
|
||||
# Push on develop branch → publish 'develop' tag
|
||||
echo "Push to develop branch detected"
|
||||
# elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/develop" ]]; then
|
||||
# # Push on develop branch → publish 'develop' tag
|
||||
# echo "Push to develop branch detected"
|
||||
|
||||
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop"
|
||||
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop"
|
||||
docker push "${REGISTRY}/${IMAGE_NAME}:develop"
|
||||
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:develop"
|
||||
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:develop"
|
||||
# docker push "${REGISTRY}/${IMAGE_NAME}:develop"
|
||||
|
||||
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
|
||||
# Pull request → publish 'pr<number>' tag
|
||||
echo "Pull request detected"
|
||||
PR_NUMBER="${{ github.event.pull_request.number }}"
|
||||
# elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
|
||||
# # Pull request → publish 'pr<number>' tag
|
||||
# echo "Pull request detected"
|
||||
# PR_NUMBER="${{ github.event.pull_request.number }}"
|
||||
|
||||
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
|
||||
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
|
||||
docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
|
||||
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
|
||||
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
|
||||
# docker push "${REGISTRY}/${IMAGE_NAME}:pr${PR_NUMBER}"
|
||||
|
||||
elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
|
||||
# Push to main branch (not a tag) → publish 'latest'
|
||||
echo "Push to main branch detected"
|
||||
# elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
|
||||
# # Push to main branch (not a tag) → publish 'latest'
|
||||
# echo "Push to main branch detected"
|
||||
|
||||
echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
docker push "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
# echo "Tagging and pushing: ${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
# docker tag "${LOCAL_IMAGE}" "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
# docker push "${REGISTRY}/${IMAGE_NAME}:latest"
|
||||
|
||||
else
|
||||
echo "Unknown event or ref, skipping push"
|
||||
exit 1
|
||||
fi
|
||||
# else
|
||||
# echo "Unknown event or ref, skipping push"
|
||||
# exit 1
|
||||
# fi
|
||||
|
||||
- name: Log out from Docker Registry
|
||||
if: always()
|
||||
run: docker logout ${{ env.DOCKER_REGISTRY }}
|
||||
# - name: Log out from Docker Registry
|
||||
# if: always()
|
||||
# run: docker logout ${{ env.DOCKER_REGISTRY }}
|
||||
|
||||
- name: Delete Docker image artifact
|
||||
uses: geekyeggo/delete-artifact@v2
|
||||
with:
|
||||
name: docker-image
|
||||
|
||||
- name: Image published successfully
|
||||
run: |
|
||||
|
||||
40
Cargo.lock
generated
40
Cargo.lock
generated
@@ -134,6 +134,26 @@ dependencies = [
|
||||
"fs_extra",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "bakit"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"config",
|
||||
"dotenvy",
|
||||
"governor",
|
||||
"lettre",
|
||||
"poem",
|
||||
"poem-openapi",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
"tracing",
|
||||
"tracing-subscriber",
|
||||
"validator",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.21.7"
|
||||
@@ -1573,26 +1593,6 @@ dependencies = [
|
||||
"sha2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "phundrak-dot-com-backend"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"config",
|
||||
"dotenvy",
|
||||
"governor",
|
||||
"lettre",
|
||||
"poem",
|
||||
"poem-openapi",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
"tracing",
|
||||
"tracing-subscriber",
|
||||
"validator",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pin-project"
|
||||
version = "0.4.30"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
[package]
|
||||
name = "phundrak-dot-com-backend"
|
||||
name = "bakit"
|
||||
version = "0.1.0"
|
||||
edition = "2024"
|
||||
publish = false
|
||||
@@ -11,7 +11,7 @@ path = "src/lib.rs"
|
||||
|
||||
[[bin]]
|
||||
path = "src/main.rs"
|
||||
name = "phundrak-dot-com-backend"
|
||||
name = "bakit"
|
||||
|
||||
[dependencies]
|
||||
chrono = { version = "0.4.42", features = ["serde"] }
|
||||
|
||||
34
README.md
34
README.md
@@ -3,14 +3,20 @@ include_toc: true
|
||||
gitea: none
|
||||
---
|
||||
|
||||
# phundrak.com Backend
|
||||
<h1 align="center">Bakit</h1>
|
||||
<div align="center">
|
||||
<strong>
|
||||
A backend for my personal website
|
||||
</strong>
|
||||
</div>
|
||||
<br/>
|
||||
|
||||
<div align="center">
|
||||
<a href="https://sonar.phundrak.com/dashboard?id=phundrak-backend" target="_blank">
|
||||
<img src="https://sonar.phundrak.com/api/project_badges/measure?project=phundrak-backend&metric=coverage&token=sqb_bda24bf36825576d6c6b76048044e103339c3c5f" alt="Sonar Coverage" />
|
||||
<a href="https://sonar.phundrak.com/dashboard?id=bakit" target="_blank">
|
||||
<img src="https://sonar.phundrak.com/api/project_badges/measure?project=bakit&metric=coverage&token=sqb_bda24bf36825576d6c6b76048044e103339c3c5f" alt="Sonar Coverage" />
|
||||
</a>
|
||||
<a href="https://sonar.phundrak.com/dashboard?id=phundrak-backend" target="_blank">
|
||||
<img src="https://sonar.phundrak.com/api/project_badges/measure?project=phundrak-backend&metric=alert_status&token=sqb_bda24bf36825576d6c6b76048044e103339c3c5f" alt="Sonar Quality Gate Status" />
|
||||
<a href="https://sonar.phundrak.com/dashboard?id=bakit" target="_blank">
|
||||
<img src="https://sonar.phundrak.com/api/project_badges/measure?project=bakit&metric=alert_status&token=sqb_bda24bf36825576d6c6b76048044e103339c3c5f" alt="Sonar Quality Gate Status" />
|
||||
</a>
|
||||
<a href="#license">
|
||||
<img src="https://img.shields.io/badge/License-AGPL--3.0--only-blue" alt="License" />
|
||||
@@ -20,8 +26,6 @@ gitea: none
|
||||
</a>
|
||||
</div>
|
||||
|
||||
The backend for [phundrak.com](https://phundrak.com), built with Rust and the [Poem](https://github.com/poem-web/poem) web framework.
|
||||
|
||||
## Features
|
||||
|
||||
- **RESTful API** with automatic OpenAPI/Swagger documentation
|
||||
@@ -137,14 +141,14 @@ For optimized production builds:
|
||||
cargo build --release
|
||||
```
|
||||
|
||||
The compiled binary will be at `target/release/backend`.
|
||||
The compiled binary will be at `target/release/bakit`.
|
||||
|
||||
**With Nix:**
|
||||
|
||||
Build the backend binary:
|
||||
```bash
|
||||
nix build .#backend
|
||||
# Binary available at: ./result/bin/backend
|
||||
# Binary available at: ./result/bin/bakit
|
||||
```
|
||||
|
||||
Build Docker images:
|
||||
@@ -157,7 +161,7 @@ nix build .#backendDockerLatest
|
||||
|
||||
# Load into Docker
|
||||
docker load < result
|
||||
# Image will be available as: localhost/phundrak/backend-rust:latest
|
||||
# Image will be available as: localhost/phundrak/bakit:latest
|
||||
```
|
||||
|
||||
The Nix build ensures reproducible builds with all dependencies pinned.
|
||||
@@ -332,7 +336,7 @@ Docker images are automatically built and published via GitHub Actions to the co
|
||||
Pull and run the latest image:
|
||||
```bash
|
||||
# Pull from Phundrak Labs (labs.phundrak.com)
|
||||
docker pull labs.phundrak.com/phundrak/phundrak-dot-com-backend:latest
|
||||
docker pull labs.phundrak.com/phundrak/bakit:latest
|
||||
|
||||
# Run the container
|
||||
docker run -d \
|
||||
@@ -345,7 +349,7 @@ docker run -d \
|
||||
-e APP__EMAIL__PASSWORD=your_password \
|
||||
-e APP__EMAIL__FROM="Contact Form <noreply@example.com>" \
|
||||
-e APP__EMAIL__RECIPIENT="Admin <admin@example.com>" \
|
||||
labs.phundrak.com/phundrak/phundrak-dot-com-backend:latest
|
||||
labs.phundrak.com/phundrak/bakit:latest
|
||||
```
|
||||
|
||||
### Available Image Tags
|
||||
@@ -363,7 +367,7 @@ Build with Nix (recommended for reproducibility):
|
||||
```bash
|
||||
nix build .#backendDockerLatest
|
||||
docker load < result
|
||||
docker run -p 3100:3100 localhost/phundrak/backend-rust:latest
|
||||
docker run -p 3100:3100 localhost/phundrak/bakit:latest
|
||||
```
|
||||
|
||||
Build with Docker directly:
|
||||
@@ -379,7 +383,7 @@ version: '3.8'
|
||||
|
||||
services:
|
||||
backend:
|
||||
image: labs.phundrak.com/phundrak/phundrak-dot-com-backend:latest
|
||||
image: labs.phundrak.com/phundrak/bakit:latest
|
||||
ports:
|
||||
- "3100:3100"
|
||||
environment:
|
||||
@@ -431,7 +435,7 @@ To use the published images, authenticate with the registry:
|
||||
echo $GITHUB_TOKEN | docker login labs.phundrak.com -u USERNAME --password-stdin
|
||||
|
||||
# Pull the image
|
||||
docker pull labs.phundrak.com/phundrak/phundrak-dot-com-backend:latest
|
||||
docker pull labs.phundrak.com/phundrak/bakit:latest
|
||||
```
|
||||
|
||||
### Required Secrets
|
||||
|
||||
@@ -5,7 +5,7 @@ application:
|
||||
protocol: http
|
||||
host: 127.0.0.1
|
||||
base_url: http://127.0.0.1:3100
|
||||
name: "com.phundrak.backend.dev"
|
||||
name: "bakit-dev"
|
||||
|
||||
email:
|
||||
host: localhost
|
||||
|
||||
@@ -2,7 +2,7 @@ debug: false
|
||||
frontend_url: ""
|
||||
|
||||
application:
|
||||
name: "com.phundrak.backend.prod"
|
||||
name: "bakit-prod"
|
||||
protocol: https
|
||||
host: 0.0.0.0
|
||||
base_url: ""
|
||||
|
||||
@@ -1 +1 @@
|
||||
sonar.projectKey=phundrak-backend
|
||||
sonar.projectKey=bakit
|
||||
|
||||
@@ -3,5 +3,5 @@
|
||||
#[cfg(not(tarpaulin_include))]
|
||||
#[tokio::main]
|
||||
async fn main() -> Result<(), std::io::Error> {
|
||||
phundrak_dot_com_backend::run(None).await
|
||||
bakit::run(None).await
|
||||
}
|
||||
|
||||
@@ -268,7 +268,7 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn from_validation_errors_with_name_error() {
|
||||
use validator::{Validate, ValidationError};
|
||||
use validator::Validate;
|
||||
|
||||
#[derive(Validate)]
|
||||
struct TestStruct {
|
||||
|
||||
@@ -933,7 +933,7 @@ mod tests {
|
||||
assert!(result.is_err());
|
||||
match result.unwrap_err() {
|
||||
ContactError::CouldNotParseSettingsEmail(_) => (),
|
||||
e => panic!("Expected CouldNotParseSettingsEmail, got {:?}", e),
|
||||
e => panic!("Expected CouldNotParseSettingsEmail, got {e:?}"),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -964,7 +964,7 @@ mod tests {
|
||||
assert!(result.is_err());
|
||||
match result.unwrap_err() {
|
||||
ContactError::CouldNotParseRequestEmailAddress(_) => (),
|
||||
e => panic!("Expected CouldNotParseRequestEmailAddress, got {:?}", e),
|
||||
e => panic!("Expected CouldNotParseRequestEmailAddress, got {e:?}"),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -996,7 +996,7 @@ mod tests {
|
||||
assert!(result.is_err());
|
||||
match result.unwrap_err() {
|
||||
ContactError::CouldNotSendEmail(_) => (),
|
||||
e => panic!("Expected CouldNotSendEmail, got {:?}", e),
|
||||
e => panic!("Expected CouldNotSendEmail, got {e:?}"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user