RBAC with JWT validation is implemented, ensuring only users with the… #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Feature CI | ||
on: | ||
pull_request: | ||
branches: | ||
- feature/* | ||
jobs: | ||
test: | ||
runs-on: ubuntu-latest | ||
services: | ||
redis: | ||
image: redis | ||
ports: | ||
- 6379:6379 | ||
postgres: | ||
image: postgres:13 | ||
ports: | ||
- 5432:5432 | ||
env: | ||
POSTGRES_USER: rustify_auth | ||
POSTGRES_PASSWORD: password | ||
POSTGRES_DB: rustify_auth_db | ||
POSTGRES_HOST_AUTH_METHOD: trust | ||
options: >- | ||
--health-cmd "pg_isready -U rustify_auth" | ||
--health-interval 10s | ||
--health-timeout 5s | ||
--health-retries 5 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
- name: Cache cargo registry | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cargo/registry | ||
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo-registry- | ||
- name: Cache cargo build | ||
uses: actions/cache@v3 | ||
with: | ||
path: target | ||
key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo-build- | ||
- name: Set up Rust | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
profile: minimal | ||
toolchain: stable | ||
override: true | ||
- name: Wait for PostgreSQL to be ready | ||
run: | | ||
until pg_isready -h localhost -p 5432 -U rustify_auth; do | ||
echo "Waiting for PostgreSQL to be ready..." | ||
sleep 2 | ||
done | ||
sleep 5 | ||
- name: Verify PostgreSQL Connection | ||
run: | | ||
echo "PostgreSQL Connection Info:" | ||
psql -h localhost -p 5432 -U rustify_auth -c '\conninfo' | ||
- name: Run migrations with schema setup | ||
env: | ||
DATABASE_URL: postgres://rustify_auth:password@localhost:5432/rustify_auth_db | ||
run: | | ||
echo "Running migrations with schema setup..." | ||
psql $DATABASE_URL <<-EOF | ||
DROP TABLE IF EXISTS tokens CASCADE; | ||
DROP TABLE IF EXISTS clients CASCADE; | ||
CREATE TABLE IF NOT EXISTS clients ( | ||
client_id VARCHAR PRIMARY KEY, | ||
secret VARCHAR NOT NULL, | ||
redirect_uris JSONB NOT NULL, | ||
grant_types JSONB, | ||
response_types JSONB, | ||
software_statement TEXT | ||
); | ||
CREATE TABLE IF NOT EXISTS tokens ( | ||
access_token VARCHAR PRIMARY KEY, | ||
refresh_token VARCHAR, | ||
expires_at TIMESTAMP, | ||
scope VARCHAR, | ||
client_id VARCHAR REFERENCES clients(client_id) ON DELETE CASCADE, | ||
token_type VARCHAR DEFAULT 'Bearer' | ||
); | ||
EOF | ||
echo "Migrations completed" | ||
- name: Verify tables and sample data | ||
env: | ||
DATABASE_URL: postgres://rustify_auth:password@localhost:5432/rustify_auth_db | ||
run: | | ||
echo "Verifying tables and displaying sample data..." | ||
psql $DATABASE_URL -c "\dt" # Check if tables exist | ||
psql $DATABASE_URL -c "SELECT * FROM clients LIMIT 1;" || echo "No data in clients table" | ||
psql $DATABASE_URL -c "SELECT * FROM tokens LIMIT 1;" || echo "No data in tokens table" | ||
- name: Grant all privileges to ensure permissions | ||
env: | ||
DATABASE_URL: postgres://rustify_auth:password@localhost:5432/rustify_auth_db | ||
run: | | ||
echo "Granting all privileges to ensure permissions..." | ||
psql $DATABASE_URL -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO rustify_auth;" | ||
- name: Run cargo test with backtrace enabled | ||
env: | ||
DATABASE_URL: postgres://rustify_auth:password@localhost:5432/rustify_auth_db | ||
REDIS_URL: redis://localhost:6379 | ||
JWT_SECRET: test_secret | ||
RUST_BACKTRACE: full | ||
RUST_LOG: debug | ||
run: cargo test -- --test-threads=1 | ||
format: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
- name: Cache cargo registry | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cargo/registry | ||
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo-registry- | ||
- name: Cache cargo build | ||
uses: actions/cache@v3 | ||
with: | ||
path: target | ||
key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo-build- | ||
- name: Set up Rust | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
profile: minimal | ||
toolchain: stable | ||
- name: Check code formatting | ||
run: cargo fmt --check | ||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
- name: Cache cargo registry | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cargo/registry | ||
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo-registry- | ||
- name: Cache cargo build | ||
uses: actions/cache@v3 | ||
with: | ||
path: target | ||
key: ${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-cargo-build- | ||
- name: Set up Rust | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
profile: minimal | ||
toolchain: stable | ||
- name: Run linter | ||
run: cargo clippy -- -D warnings |