bump: v0.0.31 -> v0.0.32

.gitea/workflows/check.yaml

@@ -12,8 +12,8 @@ jobs:
     name: check
     runs-on: ubuntu-latest
     if: |
-      contains(github.event.head_commit.message, 'bump:') == false &&
+      contains(gitea.event.head_commit.message, 'bump:') == false &&
-      contains(github.event.head_commit.message, 'Merge pull request') == false
+      contains(gitea.event.head_commit.message, 'Merge pull request') == false
     steps:
       - name: Checkout
         uses: actions/checkout@v4

.gitea/workflows/release.yaml

@@ -47,12 +47,12 @@ jobs:
       - name: Build
         run: >
           nix build
-          .#trevstack-linux-amd64
+           .#trevstack-linux-amd64
-          .#trevstack-linux-arm64
+           .#trevstack-linux-arm64
-          .#trevstack-linux-arm
+           .#trevstack-linux-arm
-          .#trevstack-windows-amd64
+           .#trevstack-windows-amd64
-          .#trevstack-darwin-amd64
+           .#trevstack-darwin-amd64
-          .#trevstack-darwin-arm64
+           .#trevstack-darwin-arm64
 
       - name: Release
         uses: akkuman/gitea-release-action@v1
@@ -71,7 +71,7 @@ jobs:
         with:
           # list of Docker images to use as base name for tags
           images: |
-            ${{ vars.URL }}/${{ github.repository }}
+            ${{ gitea.server_url }}/${{ gitea.repository }}
           # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=branch
@@ -80,9 +80,9 @@ jobs:
       - name: Login to Gitea Container Registry
         uses: docker/login-action@v3
         with:
-          registry: ${{ vars.URL }}
+          registry: ${{ gitea.server_url }}
-          username: ${{ vars.USERNAME }}
+          username: ${{ gitea.actor }}
-          password: ${{ secrets.PASSWORD }}
+          password: ${{ secrets.PAT }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3

.gitea/workflows/update.yaml

@@ -11,6 +11,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Install Nix
         uses: cachix/install-nix-action@v31
@@ -28,12 +30,33 @@ jobs:
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git checkout -B update
 
       - name: Update
         run: nix run .#update
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        env:
-        with:
+          PAT: ${{ secrets.PAT }}
-          title: update
+        run: |
-          body: automatic update
+          URL="${{ gitea.server_url }}"
+          REPO_OWNER_SLASH_NAME="${{ gitea.repository }}"
+
+          if ! git ls-remote --exit-code origin update; then
+            git push origin update --force
+
+            PR_RESPONSE=$(curl -s -X POST -H "Authorization: token $PAT" \
+              -H "Content-Type: application/json" \
+              -d '{"title":"update","body":"automatic update","head":"update","base":"main"}' \
+              "https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls")
+            
+            PR_NUMBER=$(echo "$PR_RESPONSE" | jq -r '.number')
+
+            curl -s -X POST -H "Authorization: token $PAT" \
+              -H "Content-Type: application/json" \
+              -d '{"Do":"merge","merge_when_checks_succeed":true,"delete_branch_after_merge":true}' \
+              "https://$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/$PR_NUMBER/merge"
+
+          else
+            git push origin update --force
+          fi

.github/workflows/release.yaml

@@ -51,12 +51,12 @@ jobs:
       - name: Build
         run: >
           nix build
-          .#trevstack-linux-amd64
+           .#trevstack-linux-amd64
-          .#trevstack-linux-arm64
+           .#trevstack-linux-arm64
-          .#trevstack-linux-arm
+           .#trevstack-linux-arm
-          .#trevstack-windows-amd64
+           .#trevstack-windows-amd64
-          .#trevstack-darwin-amd64
+           .#trevstack-darwin-amd64
-          .#trevstack-darwin-arm64
+           .#trevstack-darwin-arm64
 
       - name: Release
         uses: softprops/action-gh-release@v2
@@ -76,19 +76,12 @@ jobs:
         with:
           # list of Docker images to use as base name for tags
           images: |
-            ${{ github.repository }}
             ghcr.io/${{ github.repository }}
           # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=branch
             type=semver,pattern={{version}}
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:

.github/workflows/update.yaml

@@ -37,12 +37,14 @@ jobs:
         run: nix run .#update
 
       - name: Create Pull Request
+        id: cpr
         uses: peter-evans/create-pull-request@v7
         with:
+          branch: update
           title: update
           body: automatic update
 
       - name: Enable Automerge
-        run: gh pr merge --merge --auto "1"
+        run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}"
         env:
           GH_TOKEN: ${{ secrets.PAT }}

.vscode/extensions.json

@@ -2,7 +2,7 @@
   "recommendations": [
     "golang.go",
     "dorzey.vscode-sqlfluff",
-    "zxh404.vscode-proto3",
+    "bufbuild.vscode-buf",
     "dbaeumer.vscode-eslint",
     "svelte.svelte-vscode",
     "esbenp.prettier-vscode"

.vscode/settings.json

@@ -18,8 +18,8 @@
   },
 
   // Proto
-  "[proto3]": {
+  "[proto]": {
-    "editor.defaultFormatter": "zxh404.vscode-proto3"
+    "editor.defaultFormatter": "bufbuild.vscode-buf"
   },
 
   // ESLint

Dockerfile

@@ -26,4 +26,5 @@ WORKDIR /app
 # Copy /nix/store
 COPY --from=builder /tmp/nix-store-closure /nix/store
 COPY --from=builder /tmp/build/result /app
+
 CMD ["/app/bin/trevstack"]

README.md

@@ -7,6 +7,7 @@ This is a CRUD app to use as a template for starting projects
 - **Communicate anywhere**. Define a [protocol buffer](https://protobuf.dev/), and [Connect](https://connectrpc.com/) generates type-safe code to facilitate communication between the server and any client (web, mobile, embedded, etc). The protocol buffers can contain annotations to validate fields on the client and server. For clients that cannot use Connect, an OpenAPI spec is also generated
 - **Build anywhere**. The dev environment, testing and building is all declared in a single [Nix](https://nixos.org/) flake. Every developer and server can use the same environment
 - **Deploy anywhere**. CI/CD is already set up using github actions. New versions are automatically released for every major platform, along with a docker image. The binaries created require zero run-time dependencies and are relatively small (this app is 26 MiB)
+- Can be entirely self-hosted
 - Authentication is rolled in, including API key, fingerprint & passkey
 - Automatic database migration on startup
 - Light & dark modes with the [catppuccin](https://catppuccin.com/palette/) color palette
@@ -27,7 +28,7 @@ URL=http://localhost:5173
 DATABASE_URL=sqlite:/home/trev/.config/trevstack/sqlite.db
 ```
 
-4. Run `treli`
+4. Run `treli` to start the server & client
 
 It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/) and the dev environment will load automatically.
 
@@ -37,11 +38,52 @@ It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/)
 
 - `nix run #bump [major | minor]`: bumps the current version up one. Defaults to "patch" (0.0.1 -> 0.0.2)
 
-- `buf lint` & `buf generate`: Lints and generates code from protocol buffers
+- `nix build [#trevstack-(GOOS)-(GOARCH)]`: builds the application. Defaults to building for your current platform, but can be built to many by specifying the GOOS and GOARCH values
 
-- `sqlc vet` & `sqlc generate`: Verifies and generates code from SQL files
+- `nix flake check`: runs all validations
 
-- `dbmate new` & `dbmate up`: Creates a new migration file and runs pending migrations
+- `buf lint` & `buf generate`: lints and generates code from protocol buffers
+
+- `sqlc vet` & `sqlc generate`: verifies and generates code from SQL files
+
+- `dbmate new` & `dbmate up`: creates a new migration file and runs pending migrations
+
+### Github Actions
+
+To use github actions for CI/CD, you'll need to create a fine-grained personal access token for the repository with the permissions:
+
+- Contents (read and write)
+- Pull requests (read and write)
+
+And change some settings for the repository:
+
+- General -> Allow auto-merge: true
+- Rules -> Rulesets -> New ruleset
+  - Branch targeting criteria: Default
+  - Branch rules
+    - Require status checks to pass -> Add checks -> "check"
+- Actions -> General -> Workflow permissions
+  - Read and write permissions: true
+  - Allow GitHub Actions to create and approve pull requests: true
+- Secrets and variables -> Actions -> Repository secrets
+  - PAT: (personal access token)
+
+### Gitea Actions
+
+To use gitea actions for CI/CD, you'll need to create an [API token](https://docs.gitea.com/development/api-usage) with the scopes:
+
+- write:repository
+- write:package
+
+And change some settings for the repository:
+
+- Repository -> Delete pull request branch after merge by default: true
+- Branches -> Add New Rule
+  - Protected Branch Name Pattern: main
+  - Enable Status Check: true
+  - Status check patterns: Check / check\*
+- Actions -> Secrets
+  - PAT: (API token)
 
 ## Components
 

client/package-lock.json

@@ -1,12 +1,12 @@
 {
 	"name": "trevstack",
-	"version": "0.0.30",
+	"version": "0.0.32",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "trevstack",
-			"version": "0.0.30",
+			"version": "0.0.32",
 			"devDependencies": {
 				"@bufbuild/protovalidate": "^0.1.1",
 				"@connectrpc/connect": "^2.0.2",

client/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "trevstack",
 	"private": true,
-	"version": "0.0.30",
+	"version": "0.0.32",
 	"type": "module",
 	"scripts": {
 		"dev": "vite dev",

flake.nix

@@ -21,7 +21,7 @@
     ...
   }: let
     pname = "trevstack";
-    version = "0.0.30";
+    version = "0.0.32";
 
     build-systems = [
       "x86_64-linux"
@@ -127,7 +127,7 @@
           pname = "check-client";
           inherit version;
           src = ./client;
-          npmDepsHash = "sha256-oSwCfpI1epHLqPy44c+RKmo08LhRQqnVwLuYVMeuu7U=";
+          npmDepsHash = "sha256-iY1tZjYYUETULfyDdq9sjAStzSKe3NZYpZ6F8Y1E00k=";
           dontNpmInstall = true;
 
           buildPhase = ''
@@ -190,7 +190,7 @@
         client = pkgs.buildNpmPackage {
           inherit pname version;
           src = ./client;
-          npmDepsHash = "sha256-oSwCfpI1epHLqPy44c+RKmo08LhRQqnVwLuYVMeuu7U=";
+          npmDepsHash = "sha256-iY1tZjYYUETULfyDdq9sjAStzSKe3NZYpZ6F8Y1E00k=";
 
           installPhase = ''
             cp -r build "$out"

openapi.yaml

@@ -3,7 +3,7 @@ servers:
   - url: /grpc
 info:
   title: Trevstack API
-  version: 0.0.30
+  version: 0.0.32
   description: API for Trevstack
   contact:
     name: Trev

server/cmd/trevstack/main.go

@@ -68,7 +68,7 @@ func main() {
 	// Serve gRPC Handlers
 	api := http.NewServeMux()
 	api.Handle(interceptors.WithCORS(user.NewAuthHandler(vi, sqlc, webAuthn, name, env.Key)))
-	api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, env.Key)))
+	api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, name, env.Key)))
 	api.Handle(interceptors.WithCORS(item.NewHandler(vi, sqlc, env.Key)))
 
 	// Serve web interface

server/internal/handlers/user/v1/user.go

@@ -36,6 +36,7 @@ type Handler struct {
 	db       *sqlc.Queries
 	webAuthn *webauthn.WebAuthn
 	key      []byte
+	name     string
 
 	sessions *map[int64]*webauthn.SessionData
 	mu       sync.Mutex
@@ -132,7 +133,7 @@ func (h *Handler) GetAPIKey(ctx context.Context, req *connect.Request[userv1.Get
 
 	// Generate JWT
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
-		Issuer:  "trevstack",
+		Issuer:  h.name,
 		Subject: strconv.FormatInt(user.ID, 10),
 		IssuedAt: &jwt.NumericDate{
 			Time: time.Now(),
@@ -341,8 +342,8 @@ func transportsToString(transports []protocol.AuthenticatorTransport) string {
 	return s
 }
 
-func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, key string) (string, http.Handler) {
+func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, name string, key string) (string, http.Handler) {
-	interceptors := connect.WithInterceptors(interceptors.NewAuthInterceptor(key), vi)
+	interceptors := connect.WithInterceptors(vi, interceptors.NewAuthInterceptor(key))
 
 	sd := map[int64]*webauthn.SessionData{}
 	return userv1connect.NewUserServiceHandler(
@@ -350,6 +351,7 @@ func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.We
 			db:       db,
 			webAuthn: webauth,
 			key:      []byte(key),
+			name:     name,
 
 			sessions: &sd,
 			mu:       sync.Mutex{},