Update Rust crate casbin to v2.19.1 - abandoned

.env

@@ -1,5 +1,20 @@
-DATABASE_URL=postgres://postgres:postgres@127.0.0.1:5432/stacker
+DATABASE_URL=postgres://postgres:postgres@stackerdb:5432/stacker
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
 POSTGRES_DB=stacker
-POSTGRES_PORT=5432
+POSTGRES_PORT=5432
+SECURITY_KEY=SECURITY_KEY_SHOULD_BE_OF_LEN_32
+
+REDIS_URL=redis://127.0.0.1/
+# SQLX_OFFLINE=true
+
+# Vault Configuration
+VAULT_ADDRESS=http://127.0.0.1:8200
+VAULT_TOKEN=your_vault_token_here
+VAULT_AGENT_PATH_PREFIX=agent
+
+STACKER_CASBIN_RELOAD_ENABLED=true
+STACKER_CASBIN_RELOAD_INTERVAL_SECS=60
+
+STACKER_AGENT_POLL_TIMEOUT_SECS=30
+STACKER_AGENT_POLL_INTERVAL_SECS=2

.github/workflows/docker.yml

@@ -3,19 +3,36 @@ name: Docker CICD
 on:
   push:
     branches:
-      - master
+      - main
       - testing
+      - dev
   pull_request:
     branches:
-      - master
+      - main
+      - dev
 
 jobs:
-  cicd-linux-docker:
+
+  cicd-docker:
     name: Cargo and npm build
     runs-on: ubuntu-latest
+    #runs-on: self-hosted
+    env:
+      SQLX_OFFLINE: true
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Install OpenSSL build deps
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y pkg-config libssl-dev
+
+      - name: Verify .sqlx cache exists
+        run: |
+          ls -lh .sqlx/ || echo ".sqlx directory not found"
+          find .sqlx -type f 2>/dev/null | wc -l
 
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
@@ -26,7 +43,7 @@ jobs:
           components: rustfmt, clippy
 
       - name: Cache cargo registry
-        uses: actions/cache@v3.0.7
+        uses: actions/cache@v4
         with:
           path: ~/.cargo/registry
           key: docker-registry-${{ hashFiles('**/Cargo.lock') }}
@@ -35,7 +52,7 @@ jobs:
             docker-
 
       - name: Cache cargo index
-        uses: actions/cache@v3.0.7
+        uses: actions/cache@v4
         with:
           path: ~/.cargo/git
           key: docker-index-${{ hashFiles('**/Cargo.lock') }}
@@ -48,7 +65,7 @@ jobs:
           head -c16 /dev/urandom > src/secret.key
 
       - name: Cache cargo build
-        uses: actions/cache@v3.0.7
+        uses: actions/cache@v4
         with:
           path: target
           key: docker-build-${{ hashFiles('**/Cargo.lock') }}
@@ -87,54 +104,57 @@ jobs:
           command: clippy
           args: -- -D warnings
 
-      - name: Run cargo build
+      - name: Build server (release)
         uses: actions-rs/cargo@v1
         with:
           command: build
-          args: --release
+          args: --release --bin server
 
       - name: npm install, build, and test
+        if: ${{ hashFiles('web/package.json') != '' }}
         working-directory: ./web
         run: |
           npm install
           npm run build
       #   npm test
 
       - name: Archive production artifacts
-        uses: actions/upload-artifact@v2
+        if: ${{ hashFiles('web/package.json') != '' }}
+        uses: actions/upload-artifact@v4
         with:
           name: dist-without-markdown
           path: |
             web/dist
             !web/dist/**/*.md
 
       - name: Display structure of downloaded files
+        if: ${{ hashFiles('web/package.json') != '' }}
         run: ls -R web/dist
 
       - name: Copy app files and zip
         run: |
           mkdir -p app/stacker/dist
-          cp target/release/stacker app/stacker
-          cp -a web/dist/. app/stacker
-          cp docker/prod/Dockerfile app/Dockerfile
+          cp target/release/server app/stacker/server
+          if [ -d web/dist ]; then cp -a web/dist/. app/stacker; fi
+          cp Dockerfile app/Dockerfile
           cd app
           touch .env
           tar -czvf ../app.tar.gz .
           cd ..
 
       - name: Upload app archive for Docker job
-        uses: actions/upload-artifact@v2.2.2
+        uses: actions/upload-artifact@v4
         with:
           name: artifact-linux-docker
           path: app.tar.gz
 
-  cicd-docker:
+  cicd-linux-docker:
     name: CICD Docker
     runs-on: ubuntu-latest
-    needs: cicd-linux-docker
+    needs: cicd-docker
     steps:
       - name: Download app archive
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: artifact-linux-docker
 
@@ -144,12 +164,21 @@ jobs:
       - name: Display structure of downloaded files
         run: ls -R
 
-      - name: Docker build and publish
-        uses: docker/build-push-action@v1
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: trydirect/stacker
-          add_git_labels: true
-          tag_with_ref: true
-          #no-cache: true
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: trydirect/stacker:latest

.github/workflows/notifier.yml

@@ -9,11 +9,12 @@ jobs:
 
   notifyTelegram:
     runs-on: ubuntu-latest
+    concurrency: build
     steps:
       - name: send custom message
         uses: appleboy/telegram-action@master
         with:
           to: ${{ secrets.TELEGRAM_TO }}
           token: ${{ secrets.TELEGRAM_TOKEN }}
           message: |
-            "Issue ${{ github.event.action }}: \n${{ github.event.issue.html_url }}"
+            "Github actions on push: build in progress .. ${{ github.event.action }} "

.github/workflows/rust.yml

@@ -1,22 +1,81 @@
 name: Rust
+permissions:
+  contents: read
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ dev, main ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ dev, main ]
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   build:
-
-    runs-on: ubuntu-latest
-
+    name: Build binaries (Linux/macOS)
+    env:
+      SQLX_OFFLINE: true
+    strategy:
+      matrix:
+        include:
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            artifact_name: stacker-linux-x86_64
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            artifact_name: stacker-macos-x86_64
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            artifact_name: stacker-macos-aarch64
+    runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
-    - name: Build
-      run: cargo build --verbose
-    - name: Run tests
-      run: cargo test --verbose
+      - uses: actions/checkout@v4
+      - name: Verify .sqlx cache exists
+        run: |
+          ls -lh .sqlx/ || echo ".sqlx directory not found"
+          find .sqlx -type f 2>/dev/null | wc -l
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          target: ${{ matrix.target }}
+          override: true
+      - name: Cache cargo registry
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo/registry
+          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-registry-
+      - name: Cache cargo index
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo/git
+          key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-index-
+      - name: Cache target directory
+        uses: actions/cache@v4
+        with:
+          path: target
+          key: ${{ runner.os }}-target-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-target-${{ matrix.target }}-
+      - name: Build server (release)
+        run: cargo build --release --target ${{ matrix.target }} --bin server --verbose
+
+      - name: Build console (release with features)
+        run: cargo build --release --target ${{ matrix.target }} --bin console --features explain --verbose
+      - name: Prepare binaries
+        run: |
+          mkdir -p artifacts
+          cp target/${{ matrix.target }}/release/server artifacts/server
+          cp target/${{ matrix.target }}/release/console artifacts/console
+          tar -czf ${{ matrix.artifact_name }}.tar.gz -C artifacts .
+      - name: Upload binaries
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.artifact_name }}
+          path: ${{ matrix.artifact_name }}.tar.gz
+          retention-days: 7

.gitignore

@@ -1,2 +1,10 @@
 target
-.idea
+.idea/
+files
+access_control.conf
+configuration.yaml
+configuration.yaml.backup
+configuration.yaml.orig
+.vscode/
+.env
+docs/*.sql

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+repos:
+  - repo: https://github.com/gitguardian/ggshield
+    rev: v1.28.0
+    hooks:
+      - id: ggshield
+        language_version: python3
+        stages: [commit]