Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Savannah Savings
|
2089395699 | ||
|
Savannah Savings
|
a197ab0530 | ||
 Barcode Betty
|
da9e1e9af1 | ||
|
Barcode Betty
|
1cf7f92b6b | ||
|
Savannah Savings
|
0bd6b87ffd | ||
 Flea Flicker
|
703a279f97 | ||
 Coupon Carl
|
ef5102aad9 | ||
|
Savannah Savings
|
f63f6c613d | ||
|
Savannah Savings
|
377f8428c5 | ||
|
Flea Flicker
|
340b974532 | ||
|
cartsnitch-engineer[bot]
|
2fd2cdca71 | ||
|
savannah-savings-cto[bot]
|
8128b3a76f | ||
|
cartsnitch-ceo[bot]
|
f159d50f7c | ||
|
cartsnitch-ceo[bot]
|
c4880d3553 |
@@ -15,12 +15,12 @@ permissions:
|
||||
packages: write
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
REGISTRY: git.farh.net
|
||||
IMAGE_NAME: cartsnitch/receiptwitness
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python
|
||||
@@ -33,7 +33,7 @@ jobs:
|
||||
run: ruff check src/ tests/
|
||||
|
||||
test:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python
|
||||
@@ -46,7 +46,7 @@ jobs:
|
||||
run: pytest tests/ -v
|
||||
|
||||
build-and-push:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'push'
|
||||
needs: [lint, test]
|
||||
outputs:
|
||||
@@ -69,12 +69,12 @@ jobs:
|
||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
||||
echo "CalVer tag: $VERSION"
|
||||
|
||||
- name: Log in to GHCR
|
||||
- name: Log in to Gitea Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -102,7 +102,7 @@ jobs:
|
||||
git push origin "v${{ steps.calver.outputs.version }}"
|
||||
|
||||
grype:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build-and-push]
|
||||
if: github.event_name == 'push'
|
||||
steps:
|
||||
@@ -126,24 +126,15 @@ jobs:
|
||||
ignore-file: .grype.yaml
|
||||
|
||||
deploy-dev:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
needs: [grype]
|
||||
if: always() && !cancelled() && github.event_name == 'push' && github.ref == 'refs/heads/dev'
|
||||
steps:
|
||||
- name: Generate GitHub App token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v1
|
||||
with:
|
||||
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
|
||||
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
repositories: infra
|
||||
|
||||
- name: Checkout infra repo
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: cartsnitch/infra
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
ref: main
|
||||
path: infra
|
||||
|
||||
@@ -156,7 +147,7 @@ jobs:
|
||||
- name: Update receiptwitness image tag
|
||||
run: |
|
||||
cd infra/apps/overlays/dev
|
||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:sha-${{ github.sha }}
|
||||
kustomize edit set image git.farh.net/cartsnitch/receiptwitness:sha-${{ github.sha }}
|
||||
|
||||
- name: Commit and push to infra
|
||||
run: |
|
||||
@@ -169,24 +160,15 @@ jobs:
|
||||
git push origin main
|
||||
|
||||
deploy-uat:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
needs: [grype]
|
||||
if: always() && !cancelled() && github.event_name == 'push' && github.ref == 'refs/heads/uat'
|
||||
steps:
|
||||
- name: Generate GitHub App token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v1
|
||||
with:
|
||||
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
|
||||
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
repositories: infra
|
||||
|
||||
- name: Checkout infra repo
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: cartsnitch/infra
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
ref: main
|
||||
path: infra
|
||||
|
||||
@@ -199,7 +181,7 @@ jobs:
|
||||
- name: Update receiptwitness image tag
|
||||
run: |
|
||||
cd infra/apps/overlays/uat
|
||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ needs.build-and-push.outputs.calver_tag }}
|
||||
kustomize edit set image git.farh.net/cartsnitch/receiptwitness:${{ needs.build-and-push.outputs.calver_tag }}
|
||||
|
||||
- name: Commit and push to infra
|
||||
run: |
|
||||
@@ -34,4 +34,4 @@ def upgrade() -> None:
|
||||
|
||||
def downgrade() -> None:
|
||||
op.drop_constraint("uq_users_email_inbound_token", "users", type_="unique")
|
||||
op.drop_column("users", "email_inbound_token")
|
||||
op.drop_column("users", "email_inbound_token")
|
||||
@@ -39,8 +39,8 @@ class ReceiptWitnessSettings(BaseSettings):
|
||||
if not self.session_encryption_key or self.session_encryption_key in _PLACEHOLDER_VALUES:
|
||||
errors.append(
|
||||
"RW_SESSION_ENCRYPTION_KEY must be set to a secure value. "
|
||||
"Generate one with: python -c \"from cryptography.fernet import Fernet; "
|
||||
'print(Fernet.generate_key().decode())"'
|
||||
"Generate one with: python -c "
|
||||
'"from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"'
|
||||
)
|
||||
if self.notifications_enabled and not self.resend_api_key:
|
||||
errors.append(
|
||||
|
||||
@@ -51,14 +51,13 @@ class Purchase(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
nullable=False,
|
||||
)
|
||||
|
||||
# Relationships (stubs — canonical definitions in cartsnitch/common)
|
||||
user: Mapped["User"] = relationship(back_populates="purchases")
|
||||
|
||||
__table_args__ = (
|
||||
Index("ix_purchases_user_store", "user_id", "store_id"),
|
||||
UniqueConstraint("user_id", "store_id", "receipt_id", name="uq_purchase_receipt"),
|
||||
)
|
||||
|
||||
user: Mapped["User"] = relationship(back_populates="purchases")
|
||||
|
||||
|
||||
class PurchaseItem(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
"""Stub: a line item on a receipt. Full definition in cartsnitch/common."""
|
||||
|
||||
@@ -28,7 +28,6 @@ class Store(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
logo_url: Mapped[str | None] = mapped_column(String(500))
|
||||
website_url: Mapped[str | None] = mapped_column(String(500))
|
||||
|
||||
# Relationships (stubs — canonical definitions in cartsnitch/common)
|
||||
user_accounts: Mapped[list["UserStoreAccount"]] = relationship(back_populates="store")
|
||||
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ import uuid
|
||||
from datetime import datetime
|
||||
from typing import TYPE_CHECKING
|
||||
|
||||
from sqlalchemy import JSON, Boolean, DateTime, ForeignKey, String, Text, UniqueConstraint
|
||||
from sqlalchemy import JSON, Boolean, DateTime, ForeignKey, String, Text, UniqueConstraint, text
|
||||
from sqlalchemy.orm import Mapped, mapped_column, relationship
|
||||
|
||||
from receiptwitness.shared.constants import AccountStatus
|
||||
@@ -27,6 +27,9 @@ class User(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
nullable=False,
|
||||
unique=True,
|
||||
default=lambda: secrets.token_urlsafe(16),
|
||||
server_default=text(
|
||||
"replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')" # noqa: E501
|
||||
),
|
||||
)
|
||||
hashed_password: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
||||
display_name: Mapped[str | None] = mapped_column(String(100))
|
||||
|
||||
@@ -1,16 +1,31 @@
|
||||
"""Shared test fixtures for pipeline tests."""
|
||||
|
||||
import secrets
|
||||
|
||||
import pytest
|
||||
from sqlalchemy import create_engine
|
||||
from sqlalchemy import create_engine, event
|
||||
from sqlalchemy.orm import sessionmaker
|
||||
|
||||
from receiptwitness.shared.models import Base
|
||||
from receiptwitness.shared.models.user import User
|
||||
|
||||
|
||||
@event.listens_for(User, "before_insert")
|
||||
def _populate_email_inbound_token(mapper, connection, target):
|
||||
"""Populate email_inbound_token with a secure random value when unset.
|
||||
|
||||
SQLite has no gen_random_bytes() function, so we generate it in Python
|
||||
instead of relying on the PostgreSQL server_default.
|
||||
"""
|
||||
if target.email_inbound_token is None:
|
||||
target.email_inbound_token = secrets.token_urlsafe(16)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def engine():
|
||||
"""In-memory SQLite engine for unit tests."""
|
||||
eng = create_engine("sqlite:///:memory:")
|
||||
User.__table__.c.email_inbound_token.server_default = None
|
||||
Base.metadata.create_all(eng)
|
||||
yield eng
|
||||
eng.dispose()
|
||||
|
||||
Reference in New Issue
Block a user