trev/trevstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 9 Activity

Compare commits

base: trev:main
Branches Tags
trev:main
trev:update
trev:create-pull-request/patch
trev:v0.0.47
trev:v0.0.46
trev:v0.0.45
trev:v0.0.44
trev:v0.0.43
trev:v0.0.42
trev:v0.0.41
trev:v0.0.40
trev:v0.0.39
trev:v0.0.38
trev:v0.0.37
trev:v0.0.36
trev:v0.0.35
trev:v0.0.34
trev:v0.0.33
trev:v0.0.32
trev:v0.0.31
trev:v0.0.30
trev:v0.0.29
trev:v0.0.28
trev:v0.0.27
trev:v0.0.26
trev:v0.0.25
trev:v0.0.24
trev:v0.0.23
trev:v0.0.22
trev:v0.0.21
trev:v0.0.20
trev:v0.0.19
trev:v0.0.18
trev:v0.0.17
trev:v0.0.16
trev:v0.0.15
trev:v0.0.14
trev:v0.0.13
trev:v0.0.12
trev:v0.0.11
trev:v0.0.10
trev:v0.0.9
trev:v0.0.8
trev:v0.0.7
trev:v0.0.6
trev:v0.0.5
trev:v0.0.4
trev:v0.0.3
trev:v0.0.2
trev:v0.0.1
..
compare: trev:v0.0.29
Branches Tags
trev:update
trev:main
trev:create-pull-request/patch
trev:v0.0.47
trev:v0.0.46
trev:v0.0.45
trev:v0.0.44
trev:v0.0.43
trev:v0.0.42
trev:v0.0.41
trev:v0.0.40
trev:v0.0.39
trev:v0.0.38
trev:v0.0.37
trev:v0.0.36
trev:v0.0.35
trev:v0.0.34
trev:v0.0.33
trev:v0.0.32
trev:v0.0.31
trev:v0.0.30
trev:v0.0.29
trev:v0.0.28
trev:v0.0.27
trev:v0.0.26
trev:v0.0.25
trev:v0.0.24
trev:v0.0.23
trev:v0.0.22
trev:v0.0.21
trev:v0.0.20
trev:v0.0.19
trev:v0.0.18
trev:v0.0.17
trev:v0.0.16
trev:v0.0.15
trev:v0.0.14
trev:v0.0.13
trev:v0.0.12
trev:v0.0.11
trev:v0.0.10
trev:v0.0.9
trev:v0.0.8
trev:v0.0.7
trev:v0.0.6
trev:v0.0.5
trev:v0.0.4
trev:v0.0.3
trev:v0.0.2
trev:v0.0.1

No commits in common. "main" and "v0.0.29" have entirely different histories.
main ... v0.0.29

26 changed files with 1615 additions and 699 deletions
Show Stats Expand all files Collapse all files

21
.actions/init/action.yaml
View File

@ -1,21 +0,0 @@
name: "Initialize"
description: "Install nix & use cachix"
inputs:
token:
description: "cachix auth token"
required: true
runs:
using: "composite"
steps:
- name: Install nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ inputs.token }}"

63
.actions/push/action.yaml
View File

@ -1,63 +0,0 @@
name: "Docker Push"
description: "Push to docker registry"
inputs:
server_url:
required: true
repository:
required: true
tag:
required: true
runs:
using: "composite"
steps:
- name: Set env
shell: bash
run: |
REGISTRY=$(basename ${{ inputs.server_url }})
NR=${{ inputs.repository }}
NAMESPACE="${NR%%/*}"
REPOSITORY="${NR##*/}"
TAG=${{ inputs.tag }}
VERSION=${TAG#v}
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
echo "NAMESPACE=${NAMESPACE}" >> $GITHUB_ENV
echo "REPOSITORY=${REPOSITORY}" >> $GITHUB_ENV
echo "VERSION=${VERSION}" >> $GITHUB_ENV
- name: Push images
shell: bash
run: |
docker image tag $REPOSITORY:$VERSION-amd64 $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64
docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64
docker image tag $REPOSITORY:$VERSION-arm64 $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64
docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64
docker image tag $REPOSITORY:$VERSION-arm $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
- name: Push manifest
shell: bash
run: |
docker manifest create $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 --arch amd64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 --arch arm64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm --arch arm
docker manifest push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION
docker manifest create $REGISTRY/$NAMESPACE/$REPOSITORY:latest \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 \
$REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 --arch amd64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 --arch arm64
docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm --arch arm
docker manifest push $REGISTRY/$NAMESPACE/$REPOSITORY:latest

14
.dockerignore Normal file
View File

@ -0,0 +1,14 @@
.env
/docker-compose.*
/result*
/.direnv/
/build/
# Client
/client/node_modules/
/client/.svelte-kit/
# Server
/server/client/
/server/tmp/
/server/build/

20
.gitea/workflows/check.yaml
View File

@ -15,9 +15,19 @@ jobs:
contains(github.event.head_commit.message, 'bump:') == false && contains(github.event.head_commit.message, 'bump:') == false &&
contains(github.event.head_commit.message, 'Merge pull request') == false contains(github.event.head_commit.message, 'Merge pull request') == false
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- run: nix flake check - name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check

88
.gitea/workflows/release.yaml
View File

@ -9,23 +9,43 @@ jobs:
check: check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- run: nix flake check - name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: check needs: check
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- run: > - name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Build
run: >
nix build nix build
.#trevstack-linux-amd64 .#trevstack-linux-amd64
.#trevstack-linux-arm64 .#trevstack-linux-arm64
@ -34,35 +54,45 @@ jobs:
.#trevstack-darwin-amd64 .#trevstack-darwin-amd64
.#trevstack-darwin-arm64 .#trevstack-darwin-arm64
- uses: akkuman/gitea-release-action@v1 - name: Release
uses: akkuman/gitea-release-action@v1
with: with:
files: |- files: |-
result*/bin/* result*/bin/*
# https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
package: package:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: release needs: release # Wait for binary cache to propagate
steps: steps:
- uses: actions/checkout@v4 - name: Docker meta
- uses: ./.actions/init id: meta
uses: docker/metadata-action@v5
with: with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}" # list of Docker images to use as base name for tags
images: |
${{ github.repository }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
- uses: docker/login-action@v3 - name: Login to Gitea Container Registry
uses: docker/login-action@v3
with: with:
registry: ${{ github.server_url }} registry: ${{ vars.URL }}
username: ${{ github.actor }} username: ${{ vars.USERNAME }}
password: ${{ secrets.PAT }} password: ${{ secrets.PASSWORD }}
- name: Build & load images - name: Set up QEMU
run: | uses: docker/setup-qemu-action@v3
nix build .#trevstack-linux-amd64-image && ./result | docker load
nix build .#trevstack-linux-arm64-image && ./result | docker load
nix build .#trevstack-linux-arm-image && ./result | docker load
- name: Push images - name: Set up Docker Buildx
uses: ./.actions/push uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with: with:
server_url: ${{ github.server_url }} push: true
repository: ${{ github.repository }} tags: ${{ steps.meta.outputs.tags }}
tag: ${{ github.ref_name }} labels: ${{ steps.meta.outputs.labels }}

51
.gitea/workflows/update.yaml
View File

@ -9,42 +9,31 @@ jobs:
update: update:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v31
with: with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}" nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
# https://github.com/actions/checkout/issues/13 # https://github.com/actions/checkout/issues/13
- name: Set git config - name: Set Git Config
run: | run: |
git config user.name "github-actions[bot]" git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -B update
- run: nix run .#update - name: Update
run: nix run .#update
- name: Create pull request - name: Create Pull Request
env: uses: peter-evans/create-pull-request@v7
PAT: ${{ secrets.PAT }} with:
run: | title: update
URL="${{ gitea.server_url }}" body: automatic update
REPO_OWNER_SLASH_NAME="${{ gitea.repository }}"
if ! git ls-remote --exit-code origin update; then
git push origin update --force
PR_RESPONSE=$(curl -s -X POST -H "Authorization: token $PAT" \
-H "Content-Type: application/json" \
-d '{"title":"update","body":"automatic update","head":"update","base":"main"}' \
"$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls")
PR_NUMBER=$(echo "$PR_RESPONSE" | jq -r '.number')
curl -s -X POST -H "Authorization: token $PAT" \
-H "Content-Type: application/json" \
-d '{"Do":"merge","merge_when_checks_succeed":true,"delete_branch_after_merge":true}' \
"$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/$PR_NUMBER/merge"
else
git push origin update --force
fi

20
.github/workflows/check.yaml vendored
View File

@ -15,9 +15,19 @@ jobs:
contains(github.event.head_commit.message, 'bump:') == false && contains(github.event.head_commit.message, 'bump:') == false &&
contains(github.event.head_commit.message, 'Merge pull request') == false contains(github.event.head_commit.message, 'Merge pull request') == false
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- run: nix flake check - name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check

89
.github/workflows/release.yaml vendored
View File

@ -13,23 +13,43 @@ jobs:
check: check:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- run: nix flake check - name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Check
run: nix flake check
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: check needs: check
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- run: > - name: Install Nix
uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Build
run: >
nix build nix build
.#trevstack-linux-amd64 .#trevstack-linux-amd64
.#trevstack-linux-arm64 .#trevstack-linux-arm64
@ -38,36 +58,53 @@ jobs:
.#trevstack-darwin-amd64 .#trevstack-darwin-amd64
.#trevstack-darwin-arm64 .#trevstack-darwin-arm64
- uses: softprops/action-gh-release@v2 - name: Release
uses: softprops/action-gh-release@v2
with: with:
generate_release_notes: true generate_release_notes: true
files: |- files: |-
result*/bin/* result*/bin/*
# https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
package: package:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: release needs: release # Wait for binary cache to propagate
steps: steps:
- uses: actions/checkout@v4 - name: Docker meta
- uses: ./.actions/init id: meta
uses: docker/metadata-action@v5
with: with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}" # list of Docker images to use as base name for tags
images: |
${{ github.repository }}
ghcr.io/${{ github.repository }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
- uses: docker/login-action@v3 - name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & load images - name: Set up QEMU
run: | uses: docker/setup-qemu-action@v3
nix build .#trevstack-linux-amd64-image && ./result | docker load
nix build .#trevstack-linux-arm64-image && ./result | docker load
nix build .#trevstack-linux-arm-image && ./result | docker load
- name: Push images - name: Set up Docker Buildx
uses: ./.actions/push uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v6
with: with:
server_url: ghcr.io push: true
repository: ${{ github.repository }} tags: ${{ steps.meta.outputs.tags }}
tag: ${{ github.ref_name }} labels: ${{ steps.meta.outputs.labels }}

28
.github/workflows/update.yaml vendored
View File

@ -13,28 +13,36 @@ jobs:
update: update:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
- uses: ./.actions/init uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v31
with: with:
token: "${{ secrets.CACHIX_AUTH_TOKEN }}" nix_path: nixpkgs=channel:nixos-unstable
- name: Use Cachix
uses: cachix/cachix-action@v16
with:
name: trevstack
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
# https://github.com/actions/checkout/issues/13 # https://github.com/actions/checkout/issues/13
- name: Set git config - name: Set Git Config
run: | run: |
git config user.name "github-actions[bot]" git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- run: nix run .#update - name: Update
run: nix run .#update
- name: Create pull request - name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v7 uses: peter-evans/create-pull-request@v7
with: with:
branch: update
title: update title: update
body: automatic update body: automatic update
- name: Enable automerge - name: Enable Automerge
run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}" run: gh pr merge --merge --auto "1"
env: env:
GH_TOKEN: ${{ secrets.PAT }} GH_TOKEN: ${{ secrets.PAT }}

2
.scripts/bump.sh
View File

@ -19,9 +19,7 @@ echo "${version} -> ${next_version}"
echo "bumping openapi" echo "bumping openapi"
cd "${git_root}" cd "${git_root}"
sed -i -e "s/${version}/${next_version}/g" openapi.yaml sed -i -e "s/${version}/${next_version}/g" openapi.yaml
sed -i -e "s/${version}/${next_version}/g" client/static/openapi/openapi.yaml
git add openapi.yaml git add openapi.yaml
git add client/static/openapi/openapi.yaml
echo "bumping client" echo "bumping client"
cd "${git_root}/client" cd "${git_root}/client"

1
.scripts/update.sh
View File

@ -12,7 +12,6 @@ if ! git diff --exit-code flake.lock; then
fi fi
echo "updating protobuf deps" echo "updating protobuf deps"
cd "${git_root}/proto"
buf dep update buf dep update
if ! git diff --exit-code buf.lock; then if ! git diff --exit-code buf.lock; then
git add buf.lock git add buf.lock

2
.vscode/extensions.json vendored
View File

@ -2,7 +2,7 @@
"recommendations": [ "recommendations": [
"golang.go", "golang.go",
"dorzey.vscode-sqlfluff", "dorzey.vscode-sqlfluff",
"bufbuild.vscode-buf", "zxh404.vscode-proto3",
"dbaeumer.vscode-eslint", "dbaeumer.vscode-eslint",
"svelte.svelte-vscode", "svelte.svelte-vscode",
"esbenp.prettier-vscode" "esbenp.prettier-vscode"

4
.vscode/settings.json vendored
View File

@ -18,8 +18,8 @@
}, },
// Proto // Proto
"[proto]": { "[proto3]": {
"editor.defaultFormatter": "bufbuild.vscode-buf" "editor.defaultFormatter": "zxh404.vscode-proto3"
}, },
// ESLint // ESLint

29
Dockerfile Normal file
View File

@ -0,0 +1,29 @@
# Nix builder
FROM nixos/nix:latest AS builder
# Copy our source and setup our working dir.
COPY . /tmp/build
WORKDIR /tmp/build
# Build our Nix environment
RUN nix \
--extra-experimental-features "nix-command flakes" \
--option filter-syscalls false \
--accept-flake-config \
build
# Copy the Nix store closure into a directory. The Nix store closure is the
# entire set of Nix store values that we need for our build.
RUN mkdir /tmp/nix-store-closure
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
# Final image is based on scratch. We copy a bunch of Nix dependencies
# but they're fully self-contained so we don't need Nix anymore.
FROM scratch
WORKDIR /app
# Copy /nix/store
COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/build/result /app
CMD ["/app/bin/trevstack"]

50
README.md
View File

@ -7,7 +7,6 @@ This is a CRUD app to use as a template for starting projects
- **Communicate anywhere**. Define a [protocol buffer](https://protobuf.dev/), and [Connect](https://connectrpc.com/) generates type-safe code to facilitate communication between the server and any client (web, mobile, embedded, etc). The protocol buffers can contain annotations to validate fields on the client and server. For clients that cannot use Connect, an OpenAPI spec is also generated - **Communicate anywhere**. Define a [protocol buffer](https://protobuf.dev/), and [Connect](https://connectrpc.com/) generates type-safe code to facilitate communication between the server and any client (web, mobile, embedded, etc). The protocol buffers can contain annotations to validate fields on the client and server. For clients that cannot use Connect, an OpenAPI spec is also generated
- **Build anywhere**. The dev environment, testing and building is all declared in a single [Nix](https://nixos.org/) flake. Every developer and server can use the same environment - **Build anywhere**. The dev environment, testing and building is all declared in a single [Nix](https://nixos.org/) flake. Every developer and server can use the same environment
- **Deploy anywhere**. CI/CD is already set up using github actions. New versions are automatically released for every major platform, along with a docker image. The binaries created require zero run-time dependencies and are relatively small (this app is 26 MiB) - **Deploy anywhere**. CI/CD is already set up using github actions. New versions are automatically released for every major platform, along with a docker image. The binaries created require zero run-time dependencies and are relatively small (this app is 26 MiB)
- Can be entirely self-hosted
- Authentication is rolled in, including API key, fingerprint & passkey - Authentication is rolled in, including API key, fingerprint & passkey
- Automatic database migration on startup - Automatic database migration on startup
- Light & dark modes with the [catppuccin](https://catppuccin.com/palette/) color palette - Light & dark modes with the [catppuccin](https://catppuccin.com/palette/) color palette
@ -28,7 +27,7 @@ URL=http://localhost:5173
DATABASE_URL=sqlite:/home/trev/.config/trevstack/sqlite.db DATABASE_URL=sqlite:/home/trev/.config/trevstack/sqlite.db
``` ```
4. Run `treli` to start the server & client 4. Run `treli`
It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/) and the dev environment will load automatically. It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/) and the dev environment will load automatically.
@ -38,52 +37,11 @@ It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/)
- `nix run #bump [major | minor]`: bumps the current version up one. Defaults to "patch" (0.0.1 -> 0.0.2) - `nix run #bump [major | minor]`: bumps the current version up one. Defaults to "patch" (0.0.1 -> 0.0.2)
- `nix build [#trevstack-(GOOS)-(GOARCH)]`: builds the application. Defaults to building for your current platform, but can be built to many by specifying the GOOS and GOARCH values - `buf lint` & `buf generate`: Lints and generates code from protocol buffers
- `nix flake check`: runs all validations - `sqlc vet` & `sqlc generate`: Verifies and generates code from SQL files
- `buf lint proto` & `buf generate`: lints and generates code from protocol buffers - `dbmate new` & `dbmate up`: Creates a new migration file and runs pending migrations
- `sqlc vet` & `sqlc generate`: verifies and generates code from SQL files
- `dbmate new` & `dbmate up`: creates a new migration file and runs pending migrations
### Github Actions
To use github actions for CI/CD, you'll need to create a fine-grained personal access token for the repository with the permissions:
- Contents (read and write)
- Pull requests (read and write)
And change some settings for the repository:
- General -> Allow auto-merge: true
- Rules -> Rulesets -> New ruleset
- Branch targeting criteria: Default
- Branch rules
- Require status checks to pass -> Add checks -> "check"
- Actions -> General -> Workflow permissions
- Read and write permissions: true
- Allow GitHub Actions to create and approve pull requests: true
- Secrets and variables -> Actions -> Repository secrets
- PAT: (personal access token)
### Gitea Actions
To use gitea actions for CI/CD, you'll need to create an [API token](https://docs.gitea.com/development/api-usage) with the scopes:
- write:repository
- write:package
And change some settings for the repository:
- Repository -> Delete pull request branch after merge by default: true
- Branches -> Add New Rule
- Protected Branch Name Pattern: main
- Enable Status Check: true
- Status check patterns: Check / check\*
- Actions -> Secrets
- PAT: (API token)
## Components ## Components

3
buf.gen.yaml
View File

@ -1,8 +1,5 @@
version: v2 version: v2
clean: true clean: true
inputs:
- directory: proto
managed: managed:
enabled: true enabled: true
override: override:

0
proto/buf.lock → buf.lock
View File

2
proto/buf.yaml → buf.yaml
View File

@ -1,6 +1,6 @@
# For details on buf.yaml configuration, visit https://buf.build/docs/configuration/v2/buf-yaml # For details on buf.yaml configuration, visit https://buf.build/docs/configuration/v2/buf-yaml
version: v2 version: v2
modules: modules:
- path: . - path: proto
deps: deps:
- buf.build/bufbuild/protovalidate - buf.build/bufbuild/protovalidate

1744
client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

22
client/package.json
View File

@ -1,7 +1,7 @@
{ {
"name": "trevstack", "name": "trevstack",
"private": true, "private": true,
"version": "0.0.47", "version": "0.0.29",
"type": "module", "type": "module",
"scripts": { "scripts": {
"dev": "vite dev", "dev": "vite dev",
@ -21,29 +21,29 @@
"@eslint/js": "^9.18.0", "@eslint/js": "^9.18.0",
"@ianvs/prettier-plugin-sort-imports": "^4.4.1", "@ianvs/prettier-plugin-sort-imports": "^4.4.1",
"@lucide/svelte": "^0.479.0", "@lucide/svelte": "^0.479.0",
"@scalar/api-reference": "^1.28.34", "@scalar/api-reference": "^1.28.33",
"@simplewebauthn/browser": "^13.1.0", "@simplewebauthn/browser": "^13.1.0",
"@sveltejs/adapter-static": "^3.0.8", "@sveltejs/adapter-static": "^3.0.8",
"@sveltejs/kit": "^2.21.1", "@sveltejs/kit": "^2.21.0",
"@sveltejs/vite-plugin-svelte": "^5.0.3", "@sveltejs/vite-plugin-svelte": "^5.0.3",
"@tailwindcss/vite": "^4.1.7", "@tailwindcss/vite": "^4.1.6",
"bits-ui": "^1.5.3", "bits-ui": "^1.4.8",
"clsx": "^2.1.1", "clsx": "^2.1.1",
"eslint": "^9.27.0", "eslint": "^9.26.0",
"eslint-config-prettier": "^10.1.5", "eslint-config-prettier": "^10.1.5",
"eslint-plugin-svelte": "^3.8.1", "eslint-plugin-svelte": "^3.6.0",
"globals": "^16.1.0", "globals": "^16.1.0",
"mode-watcher": "^1.0.7", "mode-watcher": "^1.0.7",
"prettier": "^3.5.3", "prettier": "^3.5.3",
"prettier-plugin-svelte": "^3.4.0", "prettier-plugin-svelte": "^3.3.3",
"prettier-plugin-tailwindcss": "^0.6.11", "prettier-plugin-tailwindcss": "^0.6.11",
"svelte": "^5.31.1", "svelte": "^5.28.6",
"svelte-check": "^4.2.1", "svelte-check": "^4.1.7",
"svelte-sonner": "^0.3.28", "svelte-sonner": "^0.3.28",
"tailwind-merge": "^3.3.0", "tailwind-merge": "^3.3.0",
"tailwind-variants": "^1.0.0", "tailwind-variants": "^1.0.0",
"tailwindcss": "^4.0.13", "tailwindcss": "^4.0.13",
"tw-animate-css": "^1.3.0", "tw-animate-css": "^1.2.9",
"typescript": "^5.8.3", "typescript": "^5.8.3",
"typescript-eslint": "^8.32.1", "typescript-eslint": "^8.32.1",
"vite": "^6.3.5" "vite": "^6.3.5"

4
client/static/openapi/openapi.yaml
View File

@ -3,8 +3,8 @@ servers:
- url: /grpc - url: /grpc
info: info:
title: Trevstack API title: Trevstack API
version: 0.0.33 version: 1.0.0
description: API for Trevstack description: API for trevstack
contact: contact:
name: Trev name: Trev
email: spam@trev.xyz email: spam@trev.xyz

6
flake.lock generated
View File

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1747542820, "lastModified": 1746904237,
"narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github" "type": "github"
}, },
"original": { "original": {

39
flake.nix
View File

@ -21,7 +21,7 @@
... ...
}: let }: let
pname = "trevstack"; pname = "trevstack";
version = "0.0.47"; version = "0.0.29";
build-systems = [ build-systems = [
"x86_64-linux" "x86_64-linux"
@ -83,10 +83,7 @@
packages = with pkgs; [ packages = with pkgs; [
treli.packages."${system}".default treli.packages."${system}".default
git git
# Nix
nix-update nix-update
alejandra
# Server # Server
go go
@ -130,7 +127,7 @@
pname = "check-client"; pname = "check-client";
inherit version; inherit version;
src = ./client; src = ./client;
npmDepsHash = "sha256-dl32ehKir0dZ4uiJ4s59xPIIbMkkZtH9dlTm4W0PZag="; npmDepsHash = "sha256-1Af4eOcvYIL6Y/gGn8PYaYAwPds/NOtSvyU13ByUH4A=";
dontNpmInstall = true; dontNpmInstall = true;
buildPhase = '' buildPhase = ''
@ -193,7 +190,7 @@
client = pkgs.buildNpmPackage { client = pkgs.buildNpmPackage {
inherit pname version; inherit pname version;
src = ./client; src = ./client;
npmDepsHash = "sha256-dl32ehKir0dZ4uiJ4s59xPIIbMkkZtH9dlTm4W0PZag="; npmDepsHash = "sha256-1Af4eOcvYIL6Y/gGn8PYaYAwPds/NOtSvyU13ByUH4A=";
installPhase = '' installPhase = ''
cp -r build "$out" cp -r build "$out"
@ -211,8 +208,11 @@
HOME=$PWD HOME=$PWD
''; '';
}; };
in
binaries = builtins.listToAttrs (builtins.map (x: { {
default = server;
}
// builtins.listToAttrs (builtins.map (x: {
name = "${pname}-${x.GOOS}-${x.GOARCH}"; name = "${pname}-${x.GOOS}-${x.GOARCH}";
value = server.overrideAttrs { value = server.overrideAttrs {
nativeBuildInputs = nativeBuildInputs =
@ -235,28 +235,7 @@
''; '';
}; };
}) })
host-systems); host-systems)
images = builtins.listToAttrs (builtins.map (x: {
name = "${pname}-${x.GOOS}-${x.GOARCH}-image";
value = pkgs.dockerTools.streamLayeredImage {
name = "${pname}";
tag = "${version}-${x.GOARCH}";
created = "now";
architecture = "${x.GOARCH}";
contents = [binaries."${pname}-${x.GOOS}-${x.GOARCH}"];
config = {
Cmd = ["${binaries."${pname}-${x.GOOS}-${x.GOARCH}"}/bin/${pname}-${x.GOOS}-${x.GOARCH}-${version}"];
};
};
})
(builtins.filter (x: x.GOOS == "linux") host-systems));
in
{
default = server;
}
// binaries
// images
); );
}; };
} }

2
openapi.yaml
View File

@ -3,7 +3,7 @@ servers:
- url: /grpc - url: /grpc
info: info:
title: Trevstack API title: Trevstack API
version: 0.0.47 version: 0.0.29
description: API for Trevstack description: API for Trevstack
contact: contact:
name: Trev name: Trev

2
server/cmd/trevstack/main.go
View File

@ -68,7 +68,7 @@ func main() {
// Serve gRPC Handlers // Serve gRPC Handlers
api := http.NewServeMux() api := http.NewServeMux()
api.Handle(interceptors.WithCORS(user.NewAuthHandler(vi, sqlc, webAuthn, name, env.Key))) api.Handle(interceptors.WithCORS(user.NewAuthHandler(vi, sqlc, webAuthn, name, env.Key)))
api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, name, env.Key))) api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, env.Key)))
api.Handle(interceptors.WithCORS(item.NewHandler(vi, sqlc, env.Key))) api.Handle(interceptors.WithCORS(item.NewHandler(vi, sqlc, env.Key)))
// Serve web interface // Serve web interface

8
server/internal/handlers/user/v1/user.go
View File

@ -36,7 +36,6 @@ type Handler struct {
db *sqlc.Queries db *sqlc.Queries
webAuthn *webauthn.WebAuthn webAuthn *webauthn.WebAuthn
key []byte key []byte
name string
sessions *map[int64]*webauthn.SessionData sessions *map[int64]*webauthn.SessionData
mu sync.Mutex mu sync.Mutex
@ -133,7 +132,7 @@ func (h *Handler) GetAPIKey(ctx context.Context, req *connect.Request[userv1.Get
// Generate JWT // Generate JWT
t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{ t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
Issuer: h.name, Issuer: "trevstack",
Subject: strconv.FormatInt(user.ID, 10), Subject: strconv.FormatInt(user.ID, 10),
IssuedAt: &jwt.NumericDate{ IssuedAt: &jwt.NumericDate{
Time: time.Now(), Time: time.Now(),
@ -342,8 +341,8 @@ func transportsToString(transports []protocol.AuthenticatorTransport) string {
return s return s
} }
func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, name string, key string) (string, http.Handler) { func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, key string) (string, http.Handler) {
interceptors := connect.WithInterceptors(vi, interceptors.NewAuthInterceptor(key)) interceptors := connect.WithInterceptors(interceptors.NewAuthInterceptor(key), vi)
sd := map[int64]*webauthn.SessionData{} sd := map[int64]*webauthn.SessionData{}
return userv1connect.NewUserServiceHandler( return userv1connect.NewUserServiceHandler(
@ -351,7 +350,6 @@ func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.We
db: db, db: db,
webAuthn: webauth, webAuthn: webauth,
key: []byte(key), key: []byte(key),
name: name,
sessions: &sd, sessions: &sd,
mu: sync.Mutex{}, mu: sync.Mutex{},