Refactor database access in passkey and session handlers #189
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'crates/beacon-worker/**' | |
| - 'wrangler.jsonc' | |
| - 'wrangler.workers.jsonc' | |
| - 'rslib.config.ts' | |
| - 'vite.config.ts' | |
| - 'tsconfig.json' | |
| - '.github/workflows/deploy-cloudflare-pages.yml' | |
| - '.github/workflows/deploy-cloudflare-worker.yml' | |
| - 'modSrc/**' | |
| - 'src/**' | |
| - 'content/**' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'modSrc/**' | |
| workflow_dispatch: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| REGISTRY: ghcr.io | |
| jobs: | |
| # Build Rust auth server binaries | |
| build-binaries: | |
| name: Build Auth Server Binaries | |
| uses: ./.github/workflows/_build-binaries.yml | |
| with: | |
| artifact-prefix: '' | |
| include-docs: false | |
| normalize-image-name: | |
| name: Normalize Docker image name | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image-name: ${{ steps.normalize.outputs.image-name }} | |
| steps: | |
| - name: Normalize repository name | |
| id: normalize | |
| run: | | |
| set -euo pipefail | |
| repo="${GITHUB_REPOSITORY}" | |
| image_name=$(echo "$repo" | tr '[:upper:]' '[:lower:]') | |
| echo "image-name=$image_name" >> "$GITHUB_OUTPUT" | |
| # Test Rust workspace | |
| test-rust: | |
| name: Test on ${{ matrix.os }} (${{ matrix.target }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| arch: amd64 | |
| - os: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| arch: amd64 | |
| vcpkg_triplet: 'x64-windows-static-md' | |
| - os: macos-latest | |
| target: x86_64-apple-darwin | |
| arch: amd64 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| name: Install pnpm | |
| with: | |
| version: 10 | |
| - name: Setup node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install && pnpm build | |
| - name: Use Wild linker (Linux) | |
| if: runner.os == 'Linux' | |
| uses: davidlattimore/wild-action@0.7.0 | |
| - name: Use rust-lld (Windows) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: | | |
| "RUSTFLAGS=-C linker=rust-lld" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8 | |
| - name: Install OpenSSL | |
| if: always() && !matrix.vcpkg_triplet == '' | |
| uses: johnwason/vcpkg-action@v7 | |
| with: | |
| pkgs: openssl | |
| triplet: ${{ matrix.vcpkg_triplet }} | |
| cache-key: ${{ matrix.os }}-${{ matrix.vcpkg_triplet }} | |
| token: ${{ github.token }} | |
| - name: Setup sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| with: | |
| disable_annotations: true | |
| - name: Setup Rust cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-${{ matrix.target }}-cargo-test-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ matrix.target }}-cargo-test- | |
| - name: Run tests | |
| env: | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_GHA_ENABLED: "true" | |
| VCPKG_ROOT: ${{ github.workspace }}/vcpkg | |
| run: | | |
| cargo test --workspace --all-features | |
| sccache --show-stats | |
| build-docker-amd64: | |
| name: Build Docker Image (linux/amd64) | |
| runs-on: ubuntu-latest | |
| needs: [build-binaries, normalize-image-name] | |
| env: | |
| IMAGE_NAME: ${{ needs.normalize-image-name.outputs.image-name }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download amd64 musl binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: beaconauth-linux-amd64-musl | |
| path: ./binaries | |
| - name: Extract binaries | |
| run: | | |
| cd binaries | |
| tar -xzf beaconauth-linux-amd64-musl.tar.gz | |
| ls -la | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch,suffix=-debug-amd64 | |
| type=ref,event=pr,suffix=-debug-amd64 | |
| type=sha,prefix={{branch}}-,suffix=-debug-amd64 | |
| type=raw,value=latest-debug-amd64,enable={{is_default_branch}} | |
| - name: Build and push Docker image (linux/amd64) | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64 | |
| build-args: | | |
| TARGETARCH=amd64 | |
| build-docker-arm64: | |
| name: Build Docker Image (linux/arm64) | |
| runs-on: ubuntu-latest | |
| needs: [build-binaries, normalize-image-name] | |
| env: | |
| IMAGE_NAME: ${{ needs.normalize-image-name.outputs.image-name }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download arm64 musl binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: beaconauth-linux-arm64-musl | |
| path: ./binaries | |
| - name: Extract binaries | |
| run: | | |
| cd binaries | |
| tar -xzf beaconauth-linux-arm64-musl.tar.gz | |
| ls -la | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch,suffix=-debug-arm64 | |
| type=ref,event=pr,suffix=-debug-arm64 | |
| type=sha,prefix={{branch}}-,suffix=-debug-arm64 | |
| type=raw,value=latest-debug-arm64,enable={{is_default_branch}} | |
| - name: Build and push Docker image (linux/arm64) | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/arm64 | |
| build-args: | | |
| TARGETARCH=arm64 | |
| build-docker-manifest: | |
| name: Create Docker Multi-arch Manifest (debug) | |
| runs-on: ubuntu-latest | |
| needs: [build-docker-amd64, build-docker-arm64, normalize-image-name] | |
| env: | |
| IMAGE_NAME: ${{ needs.normalize-image-name.outputs.image-name }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create and push multi-arch manifests | |
| env: | |
| REF_NAME: ${{ github.ref_name }} | |
| DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
| run: | | |
| set -euo pipefail | |
| IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" | |
| # Branch-scoped multi-arch debug tag (e.g., main-debug, develop-debug) | |
| docker buildx imagetools create -t "${IMAGE}:${REF_NAME}-debug" \ | |
| "${IMAGE}:${REF_NAME}-debug-amd64" \ | |
| "${IMAGE}:${REF_NAME}-debug-arm64" | |
| # Default-branch convenience tags | |
| if [ "${REF_NAME}" = "${DEFAULT_BRANCH}" ]; then | |
| docker buildx imagetools create -t "${IMAGE}:latest-debug" \ | |
| "${IMAGE}:latest-debug-amd64" \ | |
| "${IMAGE}:latest-debug-arm64" | |
| # Ensure a plain `latest` tag exists even without a semver release. | |
| # Release workflow will later overwrite `latest` to point at the newest release. | |
| docker buildx imagetools create -t "${IMAGE}:latest" \ | |
| "${IMAGE}:latest-debug-amd64" \ | |
| "${IMAGE}:latest-debug-arm64" | |
| fi |