Compare commits

..

3 Commits

Author SHA1 Message Date
Chris Farhood 539ef21d89 fix(ci): use REGISTRY_TOKEN for Docker push auth
CI / Lint & Typecheck (pull_request) Successful in 18s
CI / Test (pull_request) Successful in 24s
CI / Build & Push Docker Image (pull_request) Failing after 21s
Use the org-level REGISTRY_TOKEN secret instead of gitea.token for
authenticating to the Gitea Container Registry. The gitea.token
does not have packages:write scope.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-20 03:41:52 +00:00
Scrubs McBarkley 4f981bbebd chore: remove legacy .github/workflows
CI / Lint & Typecheck (pull_request) Successful in 15s
CI / Test (pull_request) Successful in 20s
CI / Build & Push Docker Image (pull_request) Failing after 1m51s
2026-05-20 01:25:33 +00:00
Scrubs McBarkley d8f2135506 chore: migrate CI workflow to .gitea/workflows 2026-05-20 01:25:26 +00:00
2 changed files with 9 additions and 37 deletions
@@ -62,10 +62,6 @@ jobs:
name: Build & Push Docker Image
runs-on: ubuntu-latest
needs: [lint-typecheck, test]
permissions:
contents: read
packages: write
id-token: write
steps:
- uses: actions/checkout@v4
@@ -83,12 +79,12 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
- name: Log in to Gitea Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: git.farh.net
username: ${{ gitea.actor }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Build and push API image
uses: docker/build-push-action@v6
@@ -97,7 +93,7 @@ jobs:
file: Dockerfile
push: true
tags: |
ghcr.io/groombook/api:${{ steps.version.outputs.tag }}
${{ github.ref == 'refs/heads/main' && 'ghcr.io/groombook/api:latest' || '' }}
cache-from: type=gha
cache-to: type=gha,mode=max
git.farh.net/groombook/api:${{ steps.version.outputs.tag }}
${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/api:latest' || '' }}
cache-from: type=registry,ref=git.farh.net/groombook/cache:api
cache-to: type=registry,ref=git.farh.net/groombook/cache:api,mode=max
+1 -25
View File
@@ -1,5 +1,5 @@
import type { MiddlewareHandler } from "hono";
import { and, eq, getDb, sql, staff, user } from "@groombook/db";
import { and, eq, getDb, sql, staff } from "@groombook/db";
export type StaffRole = "groomer" | "receptionist" | "manager";
export type StaffRow = typeof staff.$inferSelect;
@@ -110,30 +110,6 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
return;
}
}
// Auto-provision: no staff record exists for this user at all, but a valid
// Better-Auth user session exists (jwt.sub = user.id from user table).
// Create a minimal groomer staff record on first login.
const [userRow] = await db
.select({ id: user.id, name: user.name, email: user.email })
.from(user)
.where(eq(user.id, jwt.sub))
.limit(1);
if (userRow) {
const [newStaff] = await db
.insert(staff)
.values({
name: userRow.name ?? jwt.email?.split("@")[0] ?? "Unknown",
email: userRow.email ?? jwt.email ?? "",
userId: jwt.sub,
role: "groomer",
isSuperUser: false,
active: true,
})
.returning();
c.set("staff", newStaff);
await next();
return;
}
return c.json(
{ error: "Forbidden: no staff record found for authenticated user" },
403