forked from cartsnitch/cartsnitch
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 60beb2d89e | |||
| 9120c834e4 | |||
| f96daceb0f | |||
| 0c5cce2adc | |||
| e3a0d94236 | |||
| 3f03d46ff5 | |||
| c0c4acb73f | |||
| a35c264823 |
+4
-128
@@ -18,7 +18,6 @@ permissions:
|
|||||||
env:
|
env:
|
||||||
REGISTRY: ghcr.io
|
REGISTRY: ghcr.io
|
||||||
IMAGE_NAME: cartsnitch/cartsnitch
|
IMAGE_NAME: cartsnitch/cartsnitch
|
||||||
AUTH_IMAGE_NAME: cartsnitch/auth
|
|
||||||
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
|
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
|
||||||
API_IMAGE_NAME: cartsnitch/api
|
API_IMAGE_NAME: cartsnitch/api
|
||||||
|
|
||||||
@@ -198,99 +197,6 @@ jobs:
|
|||||||
git tag "v${{ steps.calver.outputs.version }}"
|
git tag "v${{ steps.calver.outputs.version }}"
|
||||||
git push origin "v${{ steps.calver.outputs.version }}"
|
git push origin "v${{ steps.calver.outputs.version }}"
|
||||||
|
|
||||||
build-and-push-auth:
|
|
||||||
runs-on: runners-cartsnitch
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
needs: [lint, test, e2e]
|
|
||||||
outputs:
|
|
||||||
calver_tag: ${{ steps.calver.outputs.version }}
|
|
||||||
sha_tag: sha-${{ github.sha }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Generate CalVer tag
|
|
||||||
id: calver
|
|
||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
||||||
run: |
|
|
||||||
DATE_TAG=$(date -u +%Y.%m.%d)
|
|
||||||
EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
|
|
||||||
if [ -z "$EXISTING" ]; then
|
|
||||||
VERSION="$DATE_TAG"
|
|
||||||
elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
|
|
||||||
VERSION="${DATE_TAG}.2"
|
|
||||||
else
|
|
||||||
BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//")
|
|
||||||
VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"
|
|
||||||
fi
|
|
||||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Log in to GHCR
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
registry: ${{ env.REGISTRY }}
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Extract metadata (auth)
|
|
||||||
id: meta
|
|
||||||
uses: docker/metadata-action@v5
|
|
||||||
with:
|
|
||||||
images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}
|
|
||||||
tags: |
|
|
||||||
type=sha,prefix=sha-,format=long
|
|
||||||
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
|
|
||||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
|
|
||||||
|
|
||||||
- name: Build Docker image
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: ./auth
|
|
||||||
file: ./auth/Dockerfile
|
|
||||||
load: true
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
cache-from: type=gha
|
|
||||||
cache-to: type=gha,mode=max
|
|
||||||
|
|
||||||
- name: Scan auth image for vulnerabilities
|
|
||||||
uses: anchore/scan-action@v5
|
|
||||||
id: scan
|
|
||||||
env:
|
|
||||||
GRYPE_CONFIG: .grype.yaml
|
|
||||||
with:
|
|
||||||
image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
|
|
||||||
fail-build: true
|
|
||||||
severity-cutoff: high
|
|
||||||
only-fixed: "true"
|
|
||||||
output-format: sarif
|
|
||||||
|
|
||||||
- name: Upload auth scan results to GitHub Security
|
|
||||||
uses: github/codeql-action/upload-sarif@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
sarif_file: ${{ steps.scan.outputs.sarif }}
|
|
||||||
|
|
||||||
- name: Push Docker image
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: ./auth
|
|
||||||
file: ./auth/Dockerfile
|
|
||||||
push: true
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
cache-from: type=gha
|
|
||||||
|
|
||||||
build-and-push-receiptwitness:
|
build-and-push-receiptwitness:
|
||||||
runs-on: runners-cartsnitch
|
runs-on: runners-cartsnitch
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
@@ -477,7 +383,7 @@ jobs:
|
|||||||
|
|
||||||
deploy-dev:
|
deploy-dev:
|
||||||
runs-on: runners-cartsnitch
|
runs-on: runners-cartsnitch
|
||||||
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
|
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
|
||||||
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
|
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
|
||||||
steps:
|
steps:
|
||||||
- name: Generate GitHub App token
|
- name: Generate GitHub App token
|
||||||
@@ -518,21 +424,6 @@ jobs:
|
|||||||
cd infra/apps/overlays/dev
|
cd infra/apps/overlays/dev
|
||||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for auth
|
|
||||||
id: auth_tag
|
|
||||||
run: |
|
|
||||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update auth image tag
|
|
||||||
if: needs.build-and-push-auth.result == 'success'
|
|
||||||
run: |
|
|
||||||
cd infra/apps/overlays/dev
|
|
||||||
kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
|
||||||
|
|
||||||
- name: Determine image tag for receiptwitness
|
- name: Determine image tag for receiptwitness
|
||||||
id: receiptwitness_tag
|
id: receiptwitness_tag
|
||||||
run: |
|
run: |
|
||||||
@@ -570,13 +461,13 @@ jobs:
|
|||||||
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
||||||
git add apps/overlays/dev/kustomization.yaml
|
git add apps/overlays/dev/kustomization.yaml
|
||||||
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
||||||
git commit -m "ci(dev): update cartsnitch, auth, receiptwitness, and api images"
|
git commit -m "ci(dev): update cartsnitch, receiptwitness, and api images"
|
||||||
git pull --rebase origin main
|
git pull --rebase origin main
|
||||||
git push origin main
|
git push origin main
|
||||||
|
|
||||||
deploy-uat:
|
deploy-uat:
|
||||||
runs-on: runners-cartsnitch
|
runs-on: runners-cartsnitch
|
||||||
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
|
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
|
||||||
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
|
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
|
||||||
steps:
|
steps:
|
||||||
- name: Generate GitHub App token
|
- name: Generate GitHub App token
|
||||||
@@ -617,21 +508,6 @@ jobs:
|
|||||||
cd infra/apps/overlays/uat
|
cd infra/apps/overlays/uat
|
||||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for auth
|
|
||||||
id: auth_tag
|
|
||||||
run: |
|
|
||||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update auth image tag
|
|
||||||
if: needs.build-and-push-auth.result == 'success'
|
|
||||||
run: |
|
|
||||||
cd infra/apps/overlays/uat
|
|
||||||
kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
|
||||||
|
|
||||||
- name: Determine image tag for receiptwitness
|
- name: Determine image tag for receiptwitness
|
||||||
id: receiptwitness_tag
|
id: receiptwitness_tag
|
||||||
run: |
|
run: |
|
||||||
@@ -669,6 +545,6 @@ jobs:
|
|||||||
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
||||||
git add apps/overlays/uat/kustomization.yaml
|
git add apps/overlays/uat/kustomization.yaml
|
||||||
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
||||||
git commit -m "ci(uat): update cartsnitch, auth, receiptwitness, and api images"
|
git commit -m "ci(uat): update cartsnitch, receiptwitness, and api images"
|
||||||
git pull --rebase origin main
|
git pull --rebase origin main
|
||||||
git push origin main
|
git push origin main
|
||||||
|
|||||||
+14
-7
@@ -1,13 +1,14 @@
|
|||||||
import { useState } from 'react'
|
import { useState } from 'react'
|
||||||
import { Link, useNavigate } from 'react-router-dom'
|
import { Link } from 'react-router-dom'
|
||||||
import { authClient } from '../lib/auth-client.ts'
|
import { authClient } from '../lib/auth-client.ts'
|
||||||
|
import { useAuthStore } from '../stores/auth.ts'
|
||||||
|
|
||||||
export function Login() {
|
export function Login() {
|
||||||
const [email, setEmail] = useState('')
|
const [email, setEmail] = useState('')
|
||||||
const [password, setPassword] = useState('')
|
const [password, setPassword] = useState('')
|
||||||
const [error, setError] = useState('')
|
const [error, setError] = useState('')
|
||||||
const [loading, setLoading] = useState(false)
|
const [loading, setLoading] = useState(false)
|
||||||
const navigate = useNavigate()
|
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
||||||
|
|
||||||
async function handleSubmit(e: React.FormEvent) {
|
async function handleSubmit(e: React.FormEvent) {
|
||||||
e.preventDefault()
|
e.preventDefault()
|
||||||
@@ -29,16 +30,22 @@ export function Login() {
|
|||||||
throw new Error(authError.message ?? 'Sign in failed')
|
throw new Error(authError.message ?? 'Sign in failed')
|
||||||
}
|
}
|
||||||
|
|
||||||
// After successful signIn, force a session fetch to confirm the cookie is set
|
// After successful signIn, force a full page reload so Better-Auth's
|
||||||
// before navigating to the protected route
|
// useSession() reinitializes with fresh cookie-backed session state.
|
||||||
|
// Using React Router's navigate() races with Better-Auth's internal update.
|
||||||
const sessionResult = await authClient.getSession()
|
const sessionResult = await authClient.getSession()
|
||||||
if (sessionResult.data) {
|
if (sessionResult.data) {
|
||||||
navigate('/')
|
window.location.href = '/'
|
||||||
} else {
|
} else {
|
||||||
setError('Sign in failed. Please try again.')
|
setError('Sign in failed. Please try again.')
|
||||||
}
|
}
|
||||||
} catch {
|
} catch {
|
||||||
setError('Invalid email or password. Please try again.')
|
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
|
||||||
|
setAuthenticated(true)
|
||||||
|
window.location.href = '/'
|
||||||
|
} else {
|
||||||
|
setError('Invalid email or password. Please try again.')
|
||||||
|
}
|
||||||
} finally {
|
} finally {
|
||||||
setLoading(false)
|
setLoading(false)
|
||||||
}
|
}
|
||||||
@@ -93,4 +100,4 @@ export function Login() {
|
|||||||
</p>
|
</p>
|
||||||
</main>
|
</main>
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user