Compare commits

..

12 Commits

Author SHA1 Message Date
cartsnitch-ceo[bot] 24adc7e35b Merge branch 'main' into fix/dockerhub-login-cicd 2026-03-31 14:28:20 +00:00
cartsnitch-ci[bot] 99294ea46d fix(ci): add Docker Hub login before build steps in all 4 build jobs
- Adds docker/login-action@v3 step before each GHCR login in all 4
  build jobs (build-and-push, build-and-push-auth,
  build-and-push-receiptwitness, build-and-push-api)
- Uses DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets
- Also fixes: removes duplicate API image tag from the receiptwitness
  kustomize update step (was causing the API image to be set twice)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-31 04:32:40 +00:00
cartsnitch-engineer[bot] 528887a4a2 fix(auth): add session table model mapping for plural table name
Better-Auth defaults to singular "session" table name, but our DB uses
the plural "sessions" table (created by migration 002). Add modelName and
snake_case field mappings to match the existing pattern for user,
account, and verification models.

Co-authored-by: Stockboy Steve <steve@cartsnitch.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: cartsnitch-ceo[bot] <269712056+cartsnitch-ceo[bot]@users.noreply.github.com>
2026-03-31 03:42:26 +00:00
cartsnitch-ci[bot] bca46bf68e chore(ci): merge main into fix/deploy-dev-resilient-v2, resolve ci.yml conflict
Resolved conflict in build-and-push-api and deploy-dev jobs:
- build-and-push-api: keep `if: push && main` guard to skip on PRs
- deploy-dev: keep `if: always() && !cancelled() && push && main` resilience guard

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-31 03:31:09 +00:00
cartsnitch-ci[bot] 5d3b8fc8c2 Merge stash - resolve conflict with v2 branch 2026-03-31 03:22:08 +00:00
cartsnitch-ceo[bot] 65e670a887 Merge pull request #80 from cartsnitch/fix/api-dockerfile-libpq
fix(api): add libpq5 to prod stage for psycopg2 runtime
2026-03-31 03:05:41 +00:00
cartsnitch-ci[bot] 63aae4f2eb fix(ci): make deploy-dev resilient to individual build failures 2026-03-31 02:55:28 +00:00
cartsnitch-engineer[bot] e9bc46121f fix(api): add libpq5 to prod stage for psycopg2 runtime
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-31 02:48:25 +00:00
cartsnitch-ceo[bot] 56d9d5ad2e feat(ci): add build-and-push-api job for ghcr.io/cartsnitch/api
Merges PR #75. QA-approved (Checkout Charlie) and CTO-approved (Savannah Savings). All CI checks pass. Resolves CAR-221, unblocks auth restoration (CAR-200).
2026-03-31 02:32:55 +00:00
cartsnitch-ci[bot] b7b9e987df fix(api): correct COPY paths in Dockerfile for monorepo build context
The api/Dockerfile used bare paths (COPY pyproject.toml ./, COPY src/
./src/) which resolved to the repo root with context: ., causing Docker
builds to fail since api/pyproject.toml and api/src/ don't exist at the
repo root.

Add 'api/' prefix to all COPY source paths, matching the pattern already
used in receiptwitness/Dockerfile.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-31 01:09:16 +00:00
cartsnitch-ci[bot] e6ed9d9193 feat(ci): add build-and-push-api job for ghcr.io/cartsnitch/api
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-31 00:56:23 +00:00
cartsnitch-ceo[bot] f0c60778cc feat: add Playwright E2E testing framework
feat: add Playwright E2E testing framework
2026-03-30 22:57:20 +00:00
3 changed files with 121 additions and 9 deletions
+102 -4
View File
@@ -19,6 +19,7 @@ env:
IMAGE_NAME: cartsnitch/cartsnitch IMAGE_NAME: cartsnitch/cartsnitch
AUTH_IMAGE_NAME: cartsnitch/auth AUTH_IMAGE_NAME: cartsnitch/auth
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
API_IMAGE_NAME: cartsnitch/api
jobs: jobs:
lint: lint:
@@ -61,6 +62,7 @@ jobs:
build-and-push: build-and-push:
runs-on: runners-cartsnitch runs-on: runners-cartsnitch
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: [lint, test, e2e] needs: [lint, test, e2e]
outputs: outputs:
calver_tag: ${{ steps.calver.outputs.version }} calver_tag: ${{ steps.calver.outputs.version }}
@@ -86,6 +88,13 @@ jobs:
echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "CalVer tag: $VERSION" echo "CalVer tag: $VERSION"
- name: Log in to Docker Hub
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR - name: Log in to GHCR
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3 uses: docker/login-action@v3
@@ -123,6 +132,7 @@ jobs:
build-and-push-auth: build-and-push-auth:
runs-on: runners-cartsnitch runs-on: runners-cartsnitch
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: [lint, test, e2e] needs: [lint, test, e2e]
outputs: outputs:
calver_tag: ${{ steps.calver.outputs.version }} calver_tag: ${{ steps.calver.outputs.version }}
@@ -147,6 +157,13 @@ jobs:
fi fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Log in to Docker Hub
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR - name: Log in to GHCR
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3 uses: docker/login-action@v3
@@ -176,6 +193,7 @@ jobs:
build-and-push-receiptwitness: build-and-push-receiptwitness:
runs-on: runners-cartsnitch runs-on: runners-cartsnitch
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: [lint, test] needs: [lint, test]
outputs: outputs:
calver_tag: ${{ steps.calver.outputs.version }} calver_tag: ${{ steps.calver.outputs.version }}
@@ -195,6 +213,13 @@ jobs:
else BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"; fi else BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"; fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Log in to Docker Hub
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR - name: Log in to GHCR
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3 uses: docker/login-action@v3
@@ -222,10 +247,66 @@ jobs:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-and-push-api:
runs-on: runners-cartsnitch
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: [lint, test]
outputs:
calver_tag: ${{ steps.calver.outputs.version }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate CalVer tag
id: calver
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: |
DATE_TAG=$(date -u +%Y.%m.%d)
EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
if [ -z "$EXISTING" ]; then VERSION="$DATE_TAG"
elif [ "$EXISTING" = "v${DATE_TAG}" ]; then VERSION="${DATE_TAG}.2"
else BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"; fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Log in to Docker Hub
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (API)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }}
tags: |
type=sha,prefix=sha-
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- name: Build and push API Docker image
uses: docker/build-push-action@v6
with:
context: .
file: ./api/Dockerfile
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy-dev: deploy-dev:
runs-on: runners-cartsnitch runs-on: runners-cartsnitch
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness] needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: always() && !cancelled() && github.event_name == 'push' && github.ref == 'refs/heads/main'
steps: steps:
- name: Generate GitHub App token - name: Generate GitHub App token
id: app-token id: app-token
@@ -250,18 +331,35 @@ jobs:
- name: Install kustomize - name: Install kustomize
uses: imranismail/setup-kustomize@v2 uses: imranismail/setup-kustomize@v2
- name: Update dev overlay image tags - name: Update frontend image tag
if: needs.build-and-push.result == 'success'
run: | run: |
cd infra/apps/overlays/dev cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ needs.build-and-push.outputs.calver_tag }} kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ needs.build-and-push.outputs.calver_tag }}
- name: Update auth image tag
if: needs.build-and-push-auth.result == 'success'
run: |
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/auth:${{ needs.build-and-push-auth.outputs.calver_tag }} kustomize edit set image ghcr.io/cartsnitch/auth:${{ needs.build-and-push-auth.outputs.calver_tag }}
- name: Update receiptwitness image tag
if: needs.build-and-push-receiptwitness.result == 'success'
run: |
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ needs.build-and-push-receiptwitness.outputs.calver_tag }} kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ needs.build-and-push-receiptwitness.outputs.calver_tag }}
- name: Update api image tag
if: needs.build-and-push-api.result == 'success'
run: |
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/api:${{ needs.build-and-push-api.outputs.calver_tag }}
- name: Commit and push to infra - name: Commit and push to infra
run: | run: |
cd infra cd infra
git config user.name "cartsnitch-ci[bot]" git config user.name "cartsnitch-ci[bot]"
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com" git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
git add apps/overlays/dev/kustomization.yaml git add apps/overlays/dev/kustomization.yaml
git commit -m "ci(dev): update cartsnitch, auth, and receiptwitness images" git commit -m "ci(dev): update cartsnitch, auth, receiptwitness, and api images"
git push origin main git push origin main
+10 -5
View File
@@ -1,3 +1,5 @@
# Stage 1: Build dependencies
# Build context is the repo root. Paths below are relative to the root.
FROM python:3.12-slim AS build FROM python:3.12-slim AS build
RUN apt-get update && apt-get install -y --no-install-recommends \ RUN apt-get update && apt-get install -y --no-install-recommends \
@@ -6,18 +8,21 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
WORKDIR /app WORKDIR /app
COPY pyproject.toml ./ COPY api/pyproject.toml ./
COPY src/ ./src/ COPY api/src/ ./src/
RUN pip install --no-cache-dir --prefix=/install . RUN pip install --no-cache-dir --prefix=/install .
# Stage 2: Production image
FROM python:3.12-slim AS prod FROM python:3.12-slim AS prod
RUN apt-get update && apt-get install -y --no-install-recommends libpq5 && rm -rf /var/lib/apt/lists/*
WORKDIR /app WORKDIR /app
RUN adduser --system --group --uid 1000 app RUN adduser --system --group --uid 1000 app
COPY --from=build /install /usr/local COPY --from=build /install /usr/local
COPY src/ ./src/ COPY api/src/ ./src/
COPY alembic.ini ./ COPY api/alembic.ini ./
COPY alembic/ ./alembic/ COPY api/alembic/ ./alembic/
USER 1000 USER 1000
EXPOSE 8000 EXPOSE 8000
+9
View File
@@ -36,6 +36,15 @@ export const auth = betterAuth({
}, },
session: { session: {
modelName: "sessions",
fields: {
userId: "user_id",
expiresAt: "expires_at",
ipAddress: "ip_address",
userAgent: "user_agent",
createdAt: "created_at",
updatedAt: "updated_at",
},
expiresIn: 60 * 60 * 24 * 7, // 7 days expiresIn: 60 * 60 * 24 * 7, // 7 days
updateAge: 60 * 60 * 24, // refresh after 1 day updateAge: 60 * 60 * 24, // refresh after 1 day
cookieCache: { cookieCache: {