Compare commits

..

1 Commits

Author SHA1 Message Date
Barcode Betty 4b865064d4 ci: migrate from ghcr.io to Gitea registry
CI / typecheck (pull_request) Has been cancelled
CI / lint (pull_request) Has been cancelled
CI / test (pull_request) Has been cancelled
CI / build-and-push (pull_request) Has been cancelled
CI / deploy-dev (pull_request) Has been cancelled
CI / deploy-uat (pull_request) Has been cancelled
- Update REGISTRY env var from ghcr.io to git.farh.net
- Remove credentials blocks from postgres/redis service containers
- Update login step condition from main-only to all push events
- Use GITEA_TOKEN instead of GITHUB_TOKEN for registry auth
- Update deploy-dev and deploy-uat kustomize image references
- Rename login step to Gitea Container Registry

Fixes CAR-995

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-23 21:49:43 +00:00
4 changed files with 14 additions and 17 deletions
+9 -14
View File
@@ -15,7 +15,7 @@ permissions:
packages: write packages: write
env: env:
REGISTRY: ghcr.io REGISTRY: git.farh.net
IMAGE_NAME: cartsnitch/api IMAGE_NAME: cartsnitch/api
jobs: jobs:
@@ -26,6 +26,7 @@ jobs:
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: "3.12" python-version: "3.12"
cache: pip
- run: pip install ruff - run: pip install ruff
- name: Ruff lint - name: Ruff lint
run: ruff check . run: ruff check .
@@ -40,6 +41,7 @@ jobs:
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: "3.12" python-version: "3.12"
cache: pip
- name: Install system dependencies - name: Install system dependencies
run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential
- run: pip install -e ".[dev]" mypy - run: pip install -e ".[dev]" mypy
@@ -51,9 +53,6 @@ jobs:
services: services:
postgres: postgres:
image: postgres:15-alpine image: postgres:15-alpine
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
env: env:
POSTGRES_USER: cartsnitch POSTGRES_USER: cartsnitch
POSTGRES_PASSWORD: cartsnitch_test POSTGRES_PASSWORD: cartsnitch_test
@@ -67,9 +66,6 @@ jobs:
--health-retries 5 --health-retries 5
redis: redis:
image: redis:7-alpine image: redis:7-alpine
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
ports: ports:
- 6379:6379 - 6379:6379
options: >- options: >-
@@ -81,13 +77,12 @@ jobs:
CARTSNITCH_DATABASE_URL: postgresql+asyncpg://cartsnitch:cartsnitch_test@localhost:5432/cartsnitch_test CARTSNITCH_DATABASE_URL: postgresql+asyncpg://cartsnitch:cartsnitch_test@localhost:5432/cartsnitch_test
CARTSNITCH_REDIS_URL: redis://localhost:6379/0 CARTSNITCH_REDIS_URL: redis://localhost:6379/0
CARTSNITCH_JWT_SECRET_KEY: test-secret-do-not-use-in-prod CARTSNITCH_JWT_SECRET_KEY: test-secret-do-not-use-in-prod
CARTSNITCH_SERVICE_KEY: test-service-key-do-not-use-in-prod
CARTSNITCH_FERNET_KEY: wXWQsC0FZlhSz2t_tfVQjNUSP8vgAGG3o3pkjrX8Bw0=
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: "3.12" python-version: "3.12"
cache: pip
- name: Install system dependencies - name: Install system dependencies
run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential
- run: pip install -e ".[dev]" - run: pip install -e ".[dev]"
@@ -128,13 +123,13 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }} password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR - name: Log in to Gitea Container Registry
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push'
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITEA_TOKEN }}
- name: Extract metadata - name: Extract metadata
id: meta id: meta
@@ -224,7 +219,7 @@ jobs:
if: needs.build-and-push.result == 'success' if: needs.build-and-push.result == 'success'
run: | run: |
cd infra/apps/overlays/dev cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }} kustomize edit set image git.farh.net/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
- name: Commit and push to infra - name: Commit and push to infra
run: | run: |
@@ -268,7 +263,7 @@ jobs:
if: needs.build-and-push.result == 'success' if: needs.build-and-push.result == 'success'
run: | run: |
cd infra/apps/overlays/uat cd infra/apps/overlays/uat
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }} kustomize edit set image git.farh.net/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
- name: Commit and push to infra - name: Commit and push to infra
run: | run: |
+1 -2
View File
@@ -5,8 +5,7 @@ Sessions are verified by querying the shared sessions table directly.
""" """
from datetime import UTC, datetime from datetime import UTC, datetime
from fastapi import Cookie, Depends, Header, HTTPException, Request, status
from fastapi import Depends, Header, HTTPException, Request, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from sqlalchemy import text from sqlalchemy import text
from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.ext.asyncio import AsyncSession
+3
View File
@@ -6,10 +6,13 @@ endpoints that query our own user data from the shared database.
""" """
from fastapi import APIRouter, Depends, HTTPException, status from fastapi import APIRouter, Depends, HTTPException, status
from pydantic import BaseModel
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.ext.asyncio import AsyncSession
from cartsnitch_api.auth.dependencies import get_current_user from cartsnitch_api.auth.dependencies import get_current_user
from cartsnitch_api.database import get_db from cartsnitch_api.database import get_db
from cartsnitch_api.models import User
from cartsnitch_api.schemas import ( from cartsnitch_api.schemas import (
UpdateUserRequest, UpdateUserRequest,
UserResponse, UserResponse,
+1 -1
View File
@@ -7,10 +7,10 @@ from fastapi import APIRouter, FastAPI
from cartsnitch_api.auth.routes import router as auth_router from cartsnitch_api.auth.routes import router as auth_router
from cartsnitch_api.cache import cache_client from cartsnitch_api.cache import cache_client
from cartsnitch_api.database import dispose_engine from cartsnitch_api.database import dispose_engine
from cartsnitch_api.middleware.audit import add_audit_middleware
from cartsnitch_api.middleware.cors import add_cors_middleware from cartsnitch_api.middleware.cors import add_cors_middleware
from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
from cartsnitch_api.middleware.audit import add_audit_middleware
from cartsnitch_api.routes.alerts import router as alerts_router from cartsnitch_api.routes.alerts import router as alerts_router
from cartsnitch_api.routes.coupons import router as coupons_router from cartsnitch_api.routes.coupons import router as coupons_router
from cartsnitch_api.routes.health import router as health_router from cartsnitch_api.routes.health import router as health_router