trev/trevstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 9 Activity

Compare commits

base: trev:main
Branches Tags
trev:main
trev:update
trev:create-pull-request/patch
trev:v0.0.47
trev:v0.0.46
trev:v0.0.45
trev:v0.0.44
trev:v0.0.43
trev:v0.0.42
trev:v0.0.41
trev:v0.0.40
trev:v0.0.39
trev:v0.0.38
trev:v0.0.37
trev:v0.0.36
trev:v0.0.35
trev:v0.0.34
trev:v0.0.33
trev:v0.0.32
trev:v0.0.31
trev:v0.0.30
trev:v0.0.29
trev:v0.0.28
trev:v0.0.27
trev:v0.0.26
trev:v0.0.25
trev:v0.0.24
trev:v0.0.23
trev:v0.0.22
trev:v0.0.21
trev:v0.0.20
trev:v0.0.19
trev:v0.0.18
trev:v0.0.17
trev:v0.0.16
trev:v0.0.15
trev:v0.0.14
trev:v0.0.13
trev:v0.0.12
trev:v0.0.11
trev:v0.0.10
trev:v0.0.9
trev:v0.0.8
trev:v0.0.7
trev:v0.0.6
trev:v0.0.5
trev:v0.0.4
trev:v0.0.3
trev:v0.0.2
trev:v0.0.1
..
compare: trev:create-pull-request/patch
Branches Tags
trev:update
trev:main
trev:create-pull-request/patch
trev:v0.0.47
trev:v0.0.46
trev:v0.0.45
trev:v0.0.44
trev:v0.0.43
trev:v0.0.42
trev:v0.0.41
trev:v0.0.40
trev:v0.0.39
trev:v0.0.38
trev:v0.0.37
trev:v0.0.36
trev:v0.0.35
trev:v0.0.34
trev:v0.0.33
trev:v0.0.32
trev:v0.0.31
trev:v0.0.30
trev:v0.0.29
trev:v0.0.28
trev:v0.0.27
trev:v0.0.26
trev:v0.0.25
trev:v0.0.24
trev:v0.0.23
trev:v0.0.22
trev:v0.0.21
trev:v0.0.20
trev:v0.0.19
trev:v0.0.18
trev:v0.0.17
trev:v0.0.16
trev:v0.0.15
trev:v0.0.14
trev:v0.0.13
trev:v0.0.12
trev:v0.0.11
trev:v0.0.10
trev:v0.0.9
trev:v0.0.8
trev:v0.0.7
trev:v0.0.6
trev:v0.0.5
trev:v0.0.4
trev:v0.0.3
trev:v0.0.2
trev:v0.0.1

2 Commits
main ... create-pul

Author SHA1 Message Date
github-actions[bot]
f46ee0cab7 build(nix): updated nix hashes
All checks were successful
Check / check (pull_request) Successful in 53s
Details
2025-05-14 14:05:35 +00:00
github-actions[bot]
f8679e9cb4 build(client): updated npm dependencies 2025-05-14 14:04:26 +00:00
26 changed files with 1617 additions and 680 deletions
Show Stats Expand all files Collapse all files

21
.actions/init/action.yaml
View File

@ -1,21 +0,0 @@
name: "Initialize"
description: "Install nix & use cachix"
inputs:
token:
description: "cachix auth token"
required: true
runs:
using: "composite"
steps:
- name: Install nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ inputs.token }}"

63
.actions/push/action.yaml
View File

@ -1,63 +0,0 @@
name: "Docker Push"
description: "Push to docker registry"
inputs:
server_url:
required: true
repository:
required: true
tag:
required: true
runs:
using: "composite"
steps:
- name: Set env
shell: bash
run: |
REGISTRY=$(basename ${{ inputs.server_url }})
NR=${{ inputs.repository }}
NAMESPACE="${NR%%/*}"
REPOSITORY="${NR##*/}"
TAG=${{ inputs.tag }}
VERSION=${TAG#v}
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
echo "NAMESPACE=${NAMESPACE}" >> $GITHUB_ENV
echo "REPOSITORY=${REPOSITORY}" >> $GITHUB_ENV
echo "VERSION=${VERSION}" >> $GITHUB_ENV
- name: Push images
shell: bash
run: |
docker image tag $REPOSITORY:$VERSION-amd64 $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64
docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64
docker image tag $REPOSITORY:$VERSION-arm64 $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64
docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64
docker image tag $REPOSITORY:$VERSION-arm $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
- name: Push manifest
shell: bash
run: |
docker manifest create $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 --arch amd64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 --arch arm64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm --arch arm
docker manifest push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION
docker manifest create $REGISTRY/$NAMESPACE/$REPOSITORY:latest \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 --arch amd64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 --arch arm64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm --arch arm
docker manifest push $REGISTRY/$NAMESPACE/$REPOSITORY:latest

14
.dockerignore Normal file
View File

@ -0,0 +1,14 @@
.env
/docker-compose.*
/result*
/.direnv/
/build/
# Client
/client/node_modules/
/client/.svelte-kit/
# Server
/server/client/
/server/tmp/
/server/build/

20
.gitea/workflows/check.yaml
View File

@ -15,9 +15,19 @@ jobs:
contains(github.event.head_commit.message, 'bump:') == false &&
contains(github.event.head_commit.message, 'Merge pull request') == false
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Checkout
uses: actions/checkout@v4
- run: nix flake check
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check

88
.gitea/workflows/release.yaml
View File

@ -9,23 +9,43 @@ jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Checkout
uses: actions/checkout@v4
- run: nix flake check
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check
release:
runs-on: ubuntu-latest
needs: check
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Checkout
uses: actions/checkout@v4
- run: >
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Build
run: >
nix build
.#trevstack-linux-amd64
.#trevstack-linux-arm64
@ -34,35 +54,45 @@ jobs:
.#trevstack-darwin-amd64
.#trevstack-darwin-arm64
- uses: akkuman/gitea-release-action@v1
- name: Release
uses: akkuman/gitea-release-action@v1
with:
files: |-
result*/bin/*
# https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
package:
runs-on: ubuntu-latest
needs: release
needs: release # Wait for binary cache to propagate
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
# list of Docker images to use as base name for tags
images: |
${{ vars.URL }}/${{ github.repository }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
- uses: docker/login-action@v3
- name: Login to Gitea Container Registry
uses: docker/login-action@v3
with:
registry: ${{ github.server_url }}
username: ${{ github.actor }}
password: ${{ secrets.PAT }}
registry: ${{ vars.URL }}
username: ${{ vars.USERNAME }}
password: ${{ secrets.PASSWORD }}
- name: Build & load images
run: |
nix build .#trevstack-linux-amd64-image && ./result | docker load
nix build .#trevstack-linux-arm64-image && ./result | docker load
nix build .#trevstack-linux-arm-image && ./result | docker load
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Push images
uses: ./.actions/push
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
server_url: ${{ github.server_url }}
repository: ${{ github.repository }}
tag: ${{ github.ref_name }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

46
.gitea/workflows/update.yaml
View File

@ -9,42 +9,52 @@ jobs:
update:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
- name: Checkout
uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
# https://github.com/actions/checkout/issues/13
- name: Set git config
- name: Set Git Config
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -B update
git checkout -B create-pull-request/patch
- run: nix run .#update
- name: Update
run: nix run .#update
- name: Create pull request
- name: Create Gitea PR
env:
URL: ${{ vars.URL }}
PAT: ${{ secrets.PAT }}
run: |
URL="${{ gitea.server_url }}"
REPO_OWNER_SLASH_NAME="${{ gitea.repository }}"
if ! git ls-remote --exit-code origin update; then
git push origin update --force
git push origin create-pull-request/patch --force
CURRENT_PR=$(curl -s -X GET -H "Authorization: token $PAT" "https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/main/create-pull-request/patch")
if [ "$( jq 'has("errors")' <<< $CURRENT_PR )" == "true" ]; then
PR_RESPONSE=$(curl -s -X POST -H "Authorization: token $PAT" \
-H "Content-Type: application/json" \
-d '{"title":"update","body":"automatic update","head":"update","base":"main"}' \
"$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls")
-d '{"title":"update","body":"automatic update pr","head":"create-pull-request/patch","base":"main"}' \
"https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls")
PR_NUMBER=$(echo "$PR_RESPONSE" | jq -r '.number')
curl -s -X POST -H "Authorization: token $PAT" \
-H "Content-Type: application/json" \
-d '{"Do":"merge","merge_when_checks_succeed":true,"delete_branch_after_merge":true}' \
"$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/$PR_NUMBER/merge"
else
git push origin update --force
-d '{"Do":"merge","merge_when_checks_succeed":true}' \
"https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/$PR_NUMBER/merge"
fi

20
.github/workflows/check.yaml vendored
View File

@ -15,9 +15,19 @@ jobs:
contains(github.event.head_commit.message, 'bump:') == false &&
contains(github.event.head_commit.message, 'Merge pull request') == false
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Checkout
uses: actions/checkout@v4
- run: nix flake check
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check

89
.github/workflows/release.yaml vendored
View File

@ -13,23 +13,43 @@ jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Checkout
uses: actions/checkout@v4
- run: nix flake check
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check
release:
runs-on: ubuntu-latest
needs: check
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Checkout
uses: actions/checkout@v4
- run: >
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Build
run: >
nix build
.#trevstack-linux-amd64
.#trevstack-linux-arm64
@ -38,36 +58,53 @@ jobs:
.#trevstack-darwin-amd64
.#trevstack-darwin-arm64
- uses: softprops/action-gh-release@v2
- name: Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
files: |-
result*/bin/*
# https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
package:
runs-on: ubuntu-latest
needs: release
needs: release # Wait for binary cache to propagate
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
# list of Docker images to use as base name for tags
images: |
${{ github.repository }}
ghcr.io/${{ github.repository }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
- uses: docker/login-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & load images
run: |
nix build .#trevstack-linux-amd64-image && ./result | docker load
nix build .#trevstack-linux-arm64-image && ./result | docker load
nix build .#trevstack-linux-arm-image && ./result | docker load
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Push images
uses: ./.actions/push
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
server_url: ghcr.io
repository: ${{ github.repository }}
tag: ${{ github.ref_name }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

28
.github/workflows/update.yaml vendored
View File

@ -13,28 +13,36 @@ jobs:
update:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.actions/init
- name: Checkout
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
# https://github.com/actions/checkout/issues/13
- name: Set git config
- name: Set Git Config
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- run: nix run .#update
- name: Update
run: nix run .#update
- name: Create pull request
id: cpr
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
with:
branch: update
title: update
body: automatic update
- name: Enable automerge
run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}"
- name: Enable Automerge
run: gh pr merge --merge --auto "1"
env:
GH_TOKEN: ${{ secrets.PAT }}

2
.scripts/bump.sh
View File

@ -19,9 +19,7 @@ echo "${version} -> ${next_version}"
echo "bumping openapi"
cd "${git_root}"
sed -i -e "s/${version}/${next_version}/g" openapi.yaml
sed -i -e "s/${version}/${next_version}/g" client/static/openapi/openapi.yaml
git add openapi.yaml
git add client/static/openapi/openapi.yaml
echo "bumping client"
cd "${git_root}/client"

1
.scripts/update.sh
View File

@ -12,7 +12,6 @@ if ! git diff --exit-code flake.lock; then
fi
echo "updating protobuf deps"
cd "${git_root}/proto"
buf dep update
if ! git diff --exit-code buf.lock; then
git add buf.lock

2
.vscode/extensions.json vendored
View File

@ -2,7 +2,7 @@
"recommendations": [
"golang.go",
"dorzey.vscode-sqlfluff",
"bufbuild.vscode-buf",
"zxh404.vscode-proto3",
"dbaeumer.vscode-eslint",
"svelte.svelte-vscode",
"esbenp.prettier-vscode"

4
.vscode/settings.json vendored
View File

@ -18,8 +18,8 @@
},
// Proto
"[proto]": {
"editor.defaultFormatter": "bufbuild.vscode-buf"
"[proto3]": {
"editor.defaultFormatter": "zxh404.vscode-proto3"
},
// ESLint

29
Dockerfile Normal file
View File

@ -0,0 +1,29 @@
# Nix builder
FROM nixos/nix:latest AS builder
# Copy our source and setup our working dir.
COPY . /tmp/build
WORKDIR /tmp/build
# Build our Nix environment
RUN nix \
--extra-experimental-features "nix-command flakes" \
--option filter-syscalls false \
--accept-flake-config \
build
# Copy the Nix store closure into a directory. The Nix store closure is the
# entire set of Nix store values that we need for our build.
RUN mkdir /tmp/nix-store-closure
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
# Final image is based on scratch. We copy a bunch of Nix dependencies
# but they're fully self-contained so we don't need Nix anymore.
FROM scratch
WORKDIR /app
# Copy /nix/store
COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/build/result /app
CMD ["/app/bin/trevstack"]

50
README.md
View File

@ -7,7 +7,6 @@ This is a CRUD app to use as a template for starting projects
- **Communicate anywhere**. Define a [protocol buffer](https://protobuf.dev/), and [Connect](https://connectrpc.com/) generates type-safe code to facilitate communication between the server and any client (web, mobile, embedded, etc). The protocol buffers can contain annotations to validate fields on the client and server. For clients that cannot use Connect, an OpenAPI spec is also generated
- **Build anywhere**. The dev environment, testing and building is all declared in a single [Nix](https://nixos.org/) flake. Every developer and server can use the same environment
- **Deploy anywhere**. CI/CD is already set up using github actions. New versions are automatically released for every major platform, along with a docker image. The binaries created require zero run-time dependencies and are relatively small (this app is 26 MiB)
- Can be entirely self-hosted
- Authentication is rolled in, including API key, fingerprint & passkey
- Automatic database migration on startup
- Light & dark modes with the [catppuccin](https://catppuccin.com/palette/) color palette
@ -28,7 +27,7 @@ URL=http://localhost:5173
DATABASE_URL=sqlite:/home/trev/.config/trevstack/sqlite.db
```
4. Run `treli` to start the server & client
4. Run `treli`
It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/) and the dev environment will load automatically.
@ -38,52 +37,11 @@ It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/)
- `nix run #bump [major | minor]`: bumps the current version up one. Defaults to "patch" (0.0.1 -> 0.0.2)
- `nix build [#trevstack-(GOOS)-(GOARCH)]`: builds the application. Defaults to building for your current platform, but can be built to many by specifying the GOOS and GOARCH values
- `buf lint` & `buf generate`: Lints and generates code from protocol buffers
- `nix flake check`: runs all validations
- `sqlc vet` & `sqlc generate`: Verifies and generates code from SQL files
- `buf lint proto` & `buf generate`: lints and generates code from protocol buffers
- `sqlc vet` & `sqlc generate`: verifies and generates code from SQL files
- `dbmate new` & `dbmate up`: creates a new migration file and runs pending migrations
### Github Actions
To use github actions for CI/CD, you'll need to create a fine-grained personal access token for the repository with the permissions:
- Contents (read and write)
- Pull requests (read and write)
And change some settings for the repository:
- General -> Allow auto-merge: true
- Rules -> Rulesets -> New ruleset
- Branch targeting criteria: Default
- Branch rules
- Require status checks to pass -> Add checks -> "check"
- Actions -> General -> Workflow permissions
- Read and write permissions: true
- Allow GitHub Actions to create and approve pull requests: true
- Secrets and variables -> Actions -> Repository secrets
- PAT: (personal access token)
### Gitea Actions
To use gitea actions for CI/CD, you'll need to create an [API token](https://docs.gitea.com/development/api-usage) with the scopes:
- write:repository
- write:package
And change some settings for the repository:
- Repository -> Delete pull request branch after merge by default: true
- Branches -> Add New Rule
- Protected Branch Name Pattern: main
- Enable Status Check: true
- Status check patterns: Check / check\*
- Actions -> Secrets
- PAT: (API token)
- `dbmate new` & `dbmate up`: Creates a new migration file and runs pending migrations
## Components

3
buf.gen.yaml
View File

@ -1,8 +1,5 @@
version: v2
clean: true
inputs:
- directory: proto
managed:
enabled: true
override:

0
proto/buf.lock → buf.lock
View File

2
proto/buf.yaml → buf.yaml
View File

@ -1,6 +1,6 @@
# For details on buf.yaml configuration, visit https://buf.build/docs/configuration/v2/buf-yaml
version: v2
modules:
- path: .
- path: proto
deps:
- buf.build/bufbuild/protovalidate

1732
client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

22
client/package.json
View File

@ -1,7 +1,7 @@
{
"name": "trevstack",
"private": true,
"version": "0.0.47",
"version": "0.0.30",
"type": "module",
"scripts": {
"dev": "vite dev",
@ -21,29 +21,29 @@
"@eslint/js": "^9.18.0",
"@ianvs/prettier-plugin-sort-imports": "^4.4.1",
"@lucide/svelte": "^0.479.0",
"@scalar/api-reference": "^1.28.34",
"@scalar/api-reference": "^1.28.33",
"@simplewebauthn/browser": "^13.1.0",
"@sveltejs/adapter-static": "^3.0.8",
"@sveltejs/kit": "^2.21.1",
"@sveltejs/kit": "^2.21.0",
"@sveltejs/vite-plugin-svelte": "^5.0.3",
"@tailwindcss/vite": "^4.1.7",
"bits-ui": "^1.5.3",
"@tailwindcss/vite": "^4.1.6",
"bits-ui": "^1.4.8",
"clsx": "^2.1.1",
"eslint": "^9.27.0",
"eslint": "^9.26.0",
"eslint-config-prettier": "^10.1.5",
"eslint-plugin-svelte": "^3.8.1",
"eslint-plugin-svelte": "^3.6.0",
"globals": "^16.1.0",
"mode-watcher": "^1.0.7",
"prettier": "^3.5.3",
"prettier-plugin-svelte": "^3.4.0",
"prettier-plugin-svelte": "^3.3.3",
"prettier-plugin-tailwindcss": "^0.6.11",
"svelte": "^5.31.1",
"svelte-check": "^4.2.1",
"svelte": "^5.28.6",
"svelte-check": "^4.1.7",
"svelte-sonner": "^0.3.28",
"tailwind-merge": "^3.3.0",
"tailwind-variants": "^1.0.0",
"tailwindcss": "^4.0.13",
"tw-animate-css": "^1.3.0",
"tw-animate-css": "^1.2.9",
"typescript": "^5.8.3",
"typescript-eslint": "^8.32.1",
"vite": "^6.3.5"

4
client/static/openapi/openapi.yaml
View File

@ -3,8 +3,8 @@ servers:
- url: /grpc
info:
title: Trevstack API
version: 0.0.33
description: API for Trevstack
version: 1.0.0
description: API for trevstack
contact:
name: Trev
email: spam@trev.xyz

6
flake.lock generated
View File

@ -2,11 +2,11 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1747542820,
"narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"lastModified": 1746904237,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github"
},
"original": {

39
flake.nix
View File

@ -21,7 +21,7 @@
...
}: let
pname = "trevstack";
version = "0.0.47";
version = "0.0.30";
build-systems = [
"x86_64-linux"
@ -83,10 +83,7 @@
packages = with pkgs; [
treli.packages."${system}".default
git
# Nix
nix-update
alejandra
# Server
go
@ -130,7 +127,7 @@
pname = "check-client";
inherit version;
src = ./client;
npmDepsHash = "sha256-dl32ehKir0dZ4uiJ4s59xPIIbMkkZtH9dlTm4W0PZag=";
npmDepsHash = "sha256-Fv2vT4Lot3ZfeqyruecthO9YexH3Sy+SiJczyo+xloU=";
dontNpmInstall = true;
buildPhase = ''
@ -193,7 +190,7 @@
client = pkgs.buildNpmPackage {
inherit pname version;
src = ./client;
npmDepsHash = "sha256-dl32ehKir0dZ4uiJ4s59xPIIbMkkZtH9dlTm4W0PZag=";
npmDepsHash = "sha256-Fv2vT4Lot3ZfeqyruecthO9YexH3Sy+SiJczyo+xloU=";
installPhase = ''
cp -r build "$out"
@ -211,8 +208,11 @@
HOME=$PWD
'';
};
binaries = builtins.listToAttrs (builtins.map (x: {
in
{
default = server;
}
// builtins.listToAttrs (builtins.map (x: {
name = "${pname}-${x.GOOS}-${x.GOARCH}";
value = server.overrideAttrs {
nativeBuildInputs =
@ -235,28 +235,7 @@
'';
};
})
host-systems);
images = builtins.listToAttrs (builtins.map (x: {
name = "${pname}-${x.GOOS}-${x.GOARCH}-image";
value = pkgs.dockerTools.streamLayeredImage {
name = "${pname}";
tag = "${version}-${x.GOARCH}";
created = "now";
architecture = "${x.GOARCH}";
contents = [binaries."${pname}-${x.GOOS}-${x.GOARCH}"];
config = {
Cmd = ["${binaries."${pname}-${x.GOOS}-${x.GOARCH}"}/bin/${pname}-${x.GOOS}-${x.GOARCH}-${version}"];
};
};
})
(builtins.filter (x: x.GOOS == "linux") host-systems));
in
{
default = server;
}
// binaries
// images
host-systems)
);
};
}

2
openapi.yaml
View File

@ -3,7 +3,7 @@ servers:
- url: /grpc
info:
title: Trevstack API
version: 0.0.47
version: 0.0.30
description: API for Trevstack
contact:
name: Trev

2
server/cmd/trevstack/main.go
View File

@ -68,7 +68,7 @@ func main() {
// Serve gRPC Handlers
api := http.NewServeMux()
api.Handle(interceptors.WithCORS(user.NewAuthHandler(vi, sqlc, webAuthn, name, env.Key)))
api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, name, env.Key)))
api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, env.Key)))
api.Handle(interceptors.WithCORS(item.NewHandler(vi, sqlc, env.Key)))
// Serve web interface

8
server/internal/handlers/user/v1/user.go
View File

@ -36,7 +36,6 @@ type Handler struct {
db *sqlc.Queries
webAuthn *webauthn.WebAuthn
key []byte
name string
sessions *map[int64]*webauthn.SessionData
mu sync.Mutex
@ -133,7 +132,7 @@ func (h *Handler) GetAPIKey(ctx context.Context, req *connect.Request[userv1.Get
// Generate JWT
t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
Issuer: h.name,
Issuer: "trevstack",
Subject: strconv.FormatInt(user.ID, 10),
IssuedAt: &jwt.NumericDate{
Time: time.Now(),
@ -342,8 +341,8 @@ func transportsToString(transports []protocol.AuthenticatorTransport) string {
return s
}
func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, name string, key string) (string, http.Handler) {
interceptors := connect.WithInterceptors(vi, interceptors.NewAuthInterceptor(key))
func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, key string) (string, http.Handler) {
interceptors := connect.WithInterceptors(interceptors.NewAuthInterceptor(key), vi)
sd := map[int64]*webauthn.SessionData{}
return userv1connect.NewUserServiceHandler(
@ -351,7 +350,6 @@ func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.We
db: db,
webAuthn: webauth,
key: []byte(key),
name: name,
sessions: &sd,
mu: sync.Mutex{},