Fix(auth): Resolve permission inconsistencies and test failures #105
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Anvil CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| build-and-test: | |
| runs-on: worka-l1 | |
| services: | |
| postgres: | |
| image: postgres:17-alpine | |
| env: | |
| POSTGRES_USER: worka | |
| POSTGRES_PASSWORD: worka | |
| POSTGRES_DB: worka | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| MAINTENANCE_DATABASE_URL: postgres://worka:worka@localhost:5432/worka | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| # - name: Set up QEMU | |
| # uses: docker/setup-qemu-action@v3 | |
| - name: Install Protoc | |
| uses: arduino/setup-protoc@v2 | |
| with: | |
| version: "25.x" | |
| - name: Cache Cargo dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build Release Binaries (Native Linux) | |
| run: cargo build --release --workspace | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Compute test image tag | |
| id: img | |
| run: echo "tag=anvil:test-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" >> $GITHUB_OUTPUT | |
| - name: Build Docker Image for Testing | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: anvil/Dockerfile | |
| # Triggers Error: buildx failed with: ERROR: failed to build: docker exporter does not currently support exporting manifest lists | |
| # https://github.com/docker/buildx/issues/59 | |
| load: true #When ARM support is re-enabled, this needs to be disabled | |
| push: false | |
| tags: anvil:test | |
| # # platforms: linux/amd64,linux/arm64 | |
| platforms: linux/amd64 | |
| - name: Wait for PostgreSQL to be ready | |
| run: | | |
| until pg_isready -h localhost -p 5432 -U postgres; do | |
| echo "Waiting for PostgreSQL..." | |
| sleep 2 | |
| done | |
| echo "PostgreSQL is ready." | |
| - name: Run All Tests | |
| env: | |
| ANVIL_IMAGE: anvil:test | |
| run: cargo test -- --nocapture | |
| # --- Release Steps --- | |
| # These steps will only run on a successful push to the main branch. | |
| - name: Log in to GitHub Container Registry | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate release tag | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| id: tag | |
| run: echo "tag_name=v$(date +'%Y.%m.%d-%H%M%S')" >> $GITHUB_OUTPUT | |
| - name: Extract metadata for Docker | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,value=${{ steps.tag.outputs.tag_name }} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build and Push Final Docker Image | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: anvil/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # platforms: linux/amd64,linux/arm64 | |
| platforms: linux/amd64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Prepare Release Assets | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| run: | | |
| mkdir -p release | |
| docker cp $(docker create ${{ steps.meta.outputs.tags }}):/usr/local/bin/anvil-cli release/anvil | |
| docker cp $(docker create ${{ steps.meta.outputs.tags }}):/usr/local/bin/admin release/anvil-admin | |
| - name: Create GitHub Release | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.tag.outputs.tag_name }} | |
| generate_release_notes: true | |
| body: | | |
| ## Docker Image | |
| You can pull the latest image using the following command: | |
| ```sh | |
| docker pull ghcr.io/${{ github.repository }}:${{ steps.tag.outputs.tag_name }} | |
| ``` | |
| files: | | |
| release/anvil | |
| release/anvil-admin |