Skip to content
CI

Fix PostgreSQL commands to use managed Postgres properly #34

Sign in to view logs

Fix PostgreSQL commands to use managed Postgres properly

Fix PostgreSQL commands to use managed Postgres properly #34

Workflow file for this run

.github/workflows/ci.yml at 13eebe3
# ABOUTME: GitHub Actions workflow for running tests on PRs and main branch
# ABOUTME: Comprehensive test suite validation for Docker builds and Tailscale integration
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
jobs:
test:
name: Run Test Suite
runs-on: ubuntu-latest
container: perl:stable-slim
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup flyctl
uses: superfly/flyctl-actions/setup-flyctl@master
- name: Run Test Suite
run: prove -v t/
lint:
name: Lint and Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Validate Dockerfile syntax
run: |
# Check basic Dockerfile syntax
for dockerfile in solanum/Dockerfile atheme/Dockerfile; do
if [ -f "$dockerfile" ]; then
echo "Validating $dockerfile..."
# Basic syntax check - look for required instructions
if ! grep -q "^FROM" "$dockerfile"; then
echo "ERROR: $dockerfile missing FROM instruction"
exit 1
fi
if ! grep -q "^RUN" "$dockerfile"; then
echo "ERROR: $dockerfile missing RUN instruction"
exit 1
fi
if ! grep -q "^COPY" "$dockerfile"; then
echo "ERROR: $dockerfile missing COPY instruction"
exit 1
fi
echo "$dockerfile syntax OK"
fi
done
- name: Validate fly.toml files
run: |
# Check for required fly.toml files and basic structure
for config in servers/magnet-*/fly.toml; do
if [ -f "$config" ]; then
echo "Validating $config..."
if ! grep -q "^app = " "$config"; then
echo "ERROR: $config missing app name"
exit 1
fi
if ! grep -q "primary_region" "$config"; then
echo "ERROR: $config missing primary_region"
exit 1
fi
echo "$config structure OK"
fi
done
- name: Validate configuration templates
run: |
# Check that templates use environment variable substitution
for template in solanum/ircd.conf.template atheme/atheme.conf.template; do
if [ -f "$template" ]; then
echo "Validating $template..."
if ! grep -q '\${' "$template"; then
echo "ERROR: $template missing environment variable substitution"
exit 1
fi
echo "$template template syntax OK"
fi
done
- name: Validate startup scripts
run: |
# Check startup scripts are executable and have proper shebang
for script in solanum/entrypoint.sh atheme/entrypoint.sh; do
if [ -f "$script" ]; then
echo "Validating $script..."
if ! head -n 1 "$script" | grep -q "^#!/"; then
echo "ERROR: $script missing shebang"
exit 1
fi
if [ ! -x "$script" ]; then
echo "ERROR: $script not executable"
exit 1
fi
if ! grep -q "tailscale up" "$script"; then
echo "ERROR: $script missing Tailscale initialization"
exit 1
fi
echo "$script validation OK"
fi
done
security:
name: Security Checks
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check for hardcoded secrets
run: |
echo "Checking for hardcoded secrets..."
# Check for hardcoded Tailscale auth keys (actual keys, not placeholders)
if grep -r "tskey-auth-[a-zA-Z0-9]\{20,\}" . --exclude-dir=.git --exclude="*.md" --exclude="t/*.t"; then
echo "ERROR: Found hardcoded Tailscale auth key"
exit 1
fi
# Check for hardcoded passwords
if grep -ri "password.*=" . --exclude-dir=.git --exclude="*.md" | grep -v '\${' | grep -v 'PASSWORD'; then
echo "WARNING: Found potential hardcoded password"
fi
# Check that sensitive files aren't tracked
if [ -f "passwords.conf" ] || [ -f "*.key" ]; then
echo "ERROR: Sensitive files found in repository"
exit 1
fi
echo "Security checks passed"
- name: Validate USER directives in Dockerfiles
run: |
echo "Checking for non-root users in Dockerfiles..."
for dockerfile in solanum/Dockerfile atheme/Dockerfile; do
if [ -f "$dockerfile" ]; then
if ! grep -q "^USER " "$dockerfile"; then
echo "ERROR: $dockerfile missing USER directive for security"
exit 1
fi
echo "$dockerfile has proper USER directive"
fi
done