CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-04 21:04:37 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
37e70ca1ae
stack/.github/workflows/docker-server-build-run.yaml
Konsti Wohlwend 7a35751f8e
Sign up rules (#1138) 
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> **High Risk**
> Touches core sign-up/auth flows and user restriction semantics
(including new DB constraints) and introduces dynamic rule
evaluation/logging; misconfiguration or CEL/parser bugs could block
sign-ups or incorrectly restrict users.
> 
> **Overview**
> Introduces **CEL-based sign-up rules** (config-driven) that are
evaluated during password/OTP/OAuth sign-ups and anonymous upgrades;
matching rules can reject sign-ups or mark users as admin-restricted,
and triggers are logged for analytics.
> 
> Extends `ProjectUser` with `restrictedByAdmin` plus public/private
restriction details, updates restriction computation/filtering, and
exposes these fields via user CRUD (including validation + DB constraint
enforcing consistency when unrestricted).
> 
> Adds a new dashboard **Sign-up Rules** page with a visual condition
builder (CEL <-> visual tree), drag-reorder by priority, per-rule 48h
sparkline analytics via a new hidden internal endpoint, and adds
user-page UI to view/edit manual restrictions. Also refactors ClickHouse
client initialization to require env vars (removing
`isClickhouseConfigured` checks) and adjusts CI container startup wait
time.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
2141e689e8c1b72303b805e9234f996010d0880. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Sign-up Rules: visual rule builder, in-project CRUD with drag-reorder,
per-rule analytics, backend evaluation, and admin UI.
* Admin user restrictions: dashboard controls, banners/status,
public/private admin details surfaced in user views.

* **APIs & Schema**
* Config and user schemas extended; new SignUpRejected error and sign-up
rule types added.

* **Tests**
* Extensive unit and E2E coverage for rules, parser, evaluator,
analytics, and restricted-user flows.

* **Docs**
  * Editorial guidance added to AGENTS.md.

* **Chores**
* DB statement timeout, updated clean script, minor dependency
additions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-03 11:08:24 -08:00

84 lines
2.8 KiB
YAML
Raw Blame History

name: Docker Server Build and Run
on:
push:
branches:
- main
- dev
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/dev' }}
jobs:
docker:
runs-on: ubicloud-standard-8
steps:
- uses: actions/checkout@v6
- name: Setup postgres
run: |
docker run -d --name db -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=password -e POSTGRES_DB=stackframe -p 8128:5432 postgres:latest
sleep 5
docker logs db
- name: Setup clickhouse
run: |
docker run -d --name clickhouse -e CLICKHOUSE_DB=analytics -e CLICKHOUSE_USER=stackframe -e CLICKHOUSE_PASSWORD=password -e CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1 -p 8133:8123 clickhouse/clickhouse-server:25.10
sleep 5
docker logs clickhouse
- name: Build Docker image
run: docker build -f docker/server/Dockerfile -t server .
- name: Run Docker container and check logs
run: |
docker run --add-host=host.docker.internal:host-gateway --env-file docker/server/.env.example -p 8101:8101 -p 8102:8102 -d --name stackframe-server server
sleep 120
docker logs -t stackframe-server
- name: Check server health
run: |
check_health() {
local name="$1"
local url="$2"
echo "Attempting to connect to $name at $url..."
# Verbose request for debugging (ignore exit code)
curl -v "$url" || true
# Capture response code, allowing curl to fail without exiting the script
set +e
response_code=$(curl -s -o /dev/null -w "%{http_code}" "$url" 2>/dev/null)
curl_exit=$?
set -e
echo "Response code: '$response_code' (curl exit: $curl_exit)"
# Check if curl failed completely
if [ "$curl_exit" -ne 0 ]; then
echo "$name health check failed: curl exited with code $curl_exit"
return 1
fi
# Check if response code is empty
if [ -z "$response_code" ]; then
echo "$name health check failed: curl returned empty response code"
return 1
fi
# Check if response code is 200
if [ "$response_code" -ne 200 ]; then
echo "$name health check failed with status code: $response_code"
return 1
fi
echo "$name health check passed!"
return 0
}
check_health "dashboard" "http://localhost:8101" || exit 1
check_health "backend" "http://localhost:8102/health" || exit 1
Reference in New Issue View Git Blame Copy Permalink