Migrate from role-based to permission-based auth (#336) #273
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: ['main', 'staging', 'prod'] | |
paths: | |
- 'backend/**' | |
pull_request: | |
branches: ['main', 'staging', 'prod'] | |
paths: | |
- 'backend/**' | |
jobs: | |
test-backend: | |
name: Test Backend | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:16 | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_PORT: 5432 | |
POSTGRES_DB: postgres | |
options: >- | |
--health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
ports: | |
- 5433:5432 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.23' | |
cache: true | |
- name: Install dependencies | |
run: cd backend && go mod download | |
- name: Install Goose | |
run: cd backend && go install github.com/pressly/goose/v3/cmd/[email protected] | |
- name: Run migrations | |
run: cd backend && goose -dir .sqlc/migrations postgres "postgres://postgres:postgres@localhost:5433/postgres?sslmode=disable" up | |
- name: Run tests | |
run: | | |
# run tests and capture output | |
cd backend | |
go test -v -coverprofile=coverage.out ./... | |
- name: Generate coverage report | |
if: ${{ !env.ACT && github.event_name == 'pull_request' && always() }} | |
run: cd backend && go tool cover -html=coverage.out -o coverage.html | |
- name: Upload coverage report | |
if: ${{ !env.ACT && github.event_name == 'pull_request' && always() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-report-backend | |
path: backend/coverage.html | |
# - name: Comment PR | |
# if: ${{ !env.ACT && github.event_name == 'pull_request' && always() }} | |
# uses: actions/github-script@v7 | |
# with: | |
# github-token: ${{ secrets.GITHUB_TOKEN }} | |
# script: "const fs = require('fs');\n\n// Read test output\nconst testOutput = fs.readFileSync('backend/test_output.txt', 'utf8');\n\n// Get coverage - look for the last coverage number in the output\nlet coverage = 'N/A';\nconst coverageMatches = testOutput.match(/coverage: (\\d+\\.\\d+)% of statements/g) || [];\nif (coverageMatches.length > 0) {\n const lastMatch = coverageMatches[coverageMatches.length - 1];\n coverage = lastMatch.match(/(\\d+\\.\\d+)%/)[1] + '%';\n}\n\n// Check if any tests failed\nconst hasFailed = testOutput.includes('FAIL') && !testOutput.includes('FAIL\\t[build failed]');\nconst testStatus = hasFailed ? 'failure' : 'success';\nconst color = testStatus === 'success' ? '✅' : '❌';\n\n// Parse test failures\nlet failureDetails = '';\nif (hasFailed) {\n const errorTraces = testOutput.match(/\\s+.*?_test\\.go:\\d+:[\\s\\S]*?Test:\\s+.*$/gm) || [];\n const failures = testOutput.match(/--- FAIL: .*?(?=(?:---|\\z))/gs) || [];\n \n failureDetails = `\n <details>\n <summary>❌ Test Failures</summary>\n \n \\`\\`\\`\n ${failures.join('\\n')}\n \n Error Details:\n ${errorTraces.map(trace => trace.trim()).join('\\n')}\n \\`\\`\\`\n </details>\n `;\n}\n\nconst output = `### Test Results ${color}\n\n**Status**: ${testStatus}\n**Coverage**: ${coverage}\n**OS**: \\`${{ runner.os }}\\`\n\n${failureDetails}\n\n<details>\n<summary>Test Details</summary>\n\n* Triggered by: @${{ github.actor }}\n* Commit: ${{ github.sha }}\n* Branch: ${{ github.ref }}\n* Workflow: ${{ github.workflow }}\n</details>`;\n\n// Find existing comment\nconst { data: comments } = await github.rest.issues.listComments({\n owner: context.repo.owner,\n repo: context.repo.repo,\n issue_number: context.issue.number,\n});\n\nconst botComment = comments.find(comment => \n comment.user.type === 'Bot' && \n comment.body.includes('### Test Results')\n);\n\nif (botComment) {\n // Update existing comment\n await github.rest.issues.updateComment({\n owner: context.repo.owner,\n repo: context.repo.repo,\n comment_id: botComment.id,\n body: output\n });\n} else {\n // Create new comment\n await github.rest.issues.createComment({\n owner: context.repo.owner,\n repo: context.repo.repo,\n issue_number: context.issue.number,\n body: output\n });\n}\n" |