Skip to content

Dev #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vsilent wants to merge 78 commits into
base: main
Choose a base branch
from
Open

Dev #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
185de0c
limit docker image search with ?name parameter. Find exact tag by name
Jun 27, 2024
c8e701a
Add ability to connect on-premise own server
Jul 10, 2024
dda0930
Server cloud setting columns like region should allow null for the ow…
Jul 11, 2024
02385bf
set provider to 'own' when deal with on-premise or own server conenction
Jul 11, 2024
97f5f84
agreement accept, and management for admin api
Jul 18, 2024
c91de51
github actions untilities versioning update, agreement funcs added
Nov 14, 2024
f1ad3c4
cargo update
Nov 14, 2024
5e9ca01
.sqlx added to the repo for offline build
Nov 14, 2024
095b7ba
test offline build
Nov 14, 2024
0229021
test offline build
Nov 14, 2024
96b0f95
Update docker.yml
vsilent Nov 14, 2024
970f876
workflow SQLX_OFFLINE
Nov 14, 2024
4225c62
Merge branch 'dev' of https://github.com/trydirect/stacker into dev
Nov 14, 2024
715a2cb
workflow SQLX_OFFLINE
Nov 14, 2024
c93f16a
workflow SQLX_OFFLINE
Nov 14, 2024
bb0c645
workflow SQLX_OFFLINE
Nov 14, 2024
70a743d
workflow SQLX_OFFLINE
Nov 14, 2024
1c8ea9a
workflow SQLX_OFFLINE
Nov 15, 2024
ab16922
workflow SQLX_OFFLINE
Nov 15, 2024
2e698bd
workflow SQLX_OFFLINE
Nov 15, 2024
a631162
.sqlx files
Nov 15, 2024
cbe46b6
.sqlx files
Nov 15, 2024
d8dfcaa
Add renovate.json
renovate[bot] Jan 22, 2025
59e1ba5
Merge pull request #63 from trydirect/renovate/configure
vsilent Jan 22, 2025
9079a2f
Update Rust crate sqlx to 0.8.0 [SECURITY]
renovate[bot] Jan 22, 2025
df11337
Update Rust crate base64 to v0.22.1
renovate[bot] Jan 22, 2025
2e003f4
Merge pull request #64 from trydirect/renovate/crate-sqlx-vulnerability
vsilent Jan 22, 2025
fa66a47
Merge pull request #65 from trydirect/renovate/base64-0.x-lockfile
vsilent Jan 22, 2025
3b3a6c2
Update Rust crate sqlx to 0.8.1 [SECURITY]
renovate[bot] Jan 22, 2025
c2ac319
Merge pull request #67 from trydirect/renovate/crate-sqlx-vulnerability
vsilent Jan 22, 2025
3e731e5
initial commands
Dec 22, 2025
129bd71
All hardcoded IDs removed, Casbin rules use SERIAL
Dec 23, 2025
6c52f29
fixed warnings
Dec 23, 2025
1e1e7ca
project.body->metadata, agent registration/commands tests, middleware…
Dec 23, 2025
9267f9f
TODO updates
Dec 23, 2025
a56c531
take vault creds from .env instead
Dec 24, 2025
e7bb6be
agent commander
Dec 25, 2025
71e448e
casbin rules for agent, vault for token rotation
Dec 25, 2025
8d1b8d5
sqlx step problem in ci/cd
Dec 25, 2025
19ee730
sqlx step problem in ci/cd
Dec 25, 2025
49a8a75
fmt fail fix
Dec 25, 2025
44b4217
clippy fail fix
Dec 25, 2025
7cebd2f
Merge branch 'dev'
Dec 25, 2025
1e1a51c
cargo.lock re-gen
Dec 25, 2025
df6b65d
create linux/macos binaries
Dec 25, 2025
0091721
downgrade sqlx
Dec 25, 2025
7200fc1
sqlx cache
Dec 25, 2025
f64a978
Disable SQLX_OFFLINE for prepare
Dec 25, 2025
4e06a2f
sqlx-date.json generate
Dec 25, 2025
4e8326b
sqlx-date.json check
Dec 25, 2025
7c57cd7
sqlx-date.json check
Dec 25, 2025
6b00be7
sqlx-date.json check
Dec 25, 2025
32dde92
sqlx-date.json check
Dec 25, 2025
66a2d9a
sqlx 0.6 → 0.8 migration
Dec 26, 2025
a5e1a57
no console for prod build for now
Dec 26, 2025
c7d757b
tests config
Dec 26, 2025
81dcd46
config sources for tests
Dec 26, 2025
6f457b7
access_control.conf in Dockerfile
Dec 26, 2025
c449efd
Added Default implementations for all configuration structs in config…
Dec 26, 2025
dfb44a1
test required db running
Dec 26, 2025
3a4e071
migration fix, check if table casbin_rule table is created
Dec 27, 2025
421b69c
admin access project endpoint
Dec 27, 2025
0b09bfe
feat: Implement MCP server foundation
Dec 27, 2025
40ad075
root/admin_group user, MCP registry, tools implementation
Dec 28, 2025
aedb8b6
MCP server updates, websocker + cookie based auth, server connected
Dec 28, 2025
3b06fd3
Marketplace API init
Dec 29, 2025
77d8516
new migrations Marketplace added at Stacker
Dec 30, 2025
4f4698f
marketplace + product + tests
Jan 1, 2026
e1e0809
marketplace + product + tests
Jan 1, 2026
3817b21
root inherits user rights
Jan 1, 2026
6ac2d5c
category sync/category_code instead of category_id
Jan 2, 2026
010c3a5
access categories
Jan 2, 2026
922e814
categories endpoint
Jan 2, 2026
86d0ec6
categories endpoint
Jan 2, 2026
8786027
marketplace, categories import from connectors
Jan 2, 2026
7bfbacf
add connector example based on 3-d party auth service
Jan 2, 2026
3aba964
build on self-hosted, ssl problem
Jan 2, 2026
fb58d39
Casbin rules allow CRUD templates operations to groupd_admin
Jan 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
12 changes: 8 additions & 4 deletions .env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
#BUILDKIT_PROGRESS=plain
#DOCKER_BUILDKIT=1
DATABASE_URL=postgres://postgres:postgres@127.0.0.1:5432/stacker
DATABASE_URL=postgres://postgres:postgres@stackerdb:5432/stacker
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_DB=stacker
POSTGRES_PORT=5432
SECURITY_KEY=SECURITY_KEY_SHOULD_BE_OF_LEN_32

REDIS_URL=redis://127.0.0.1/
REDIS_URL=redis://127.0.0.1/
# SQLX_OFFLINE=true

# Vault Configuration
VAULT_ADDRESS=http://127.0.0.1:8200
VAULT_TOKEN=your_vault_token_here
VAULT_AGENT_PATH_PREFIX=agent
74 changes: 50 additions & 24 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,36 @@ name: Docker CICD
on:
push:
branches:
- master
- main
- testing
- dev
pull_request:
branches:
- master
- main
- dev

jobs:
cicd-linux-docker:

cicd-docker:
name: Cargo and npm build
runs-on: ubuntu-latest
#runs-on: ubuntu-latest
runs-on: self-hosted
env:
SQLX_OFFLINE: true
steps:
- name: Checkout sources
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Install OpenSSL build deps
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y pkg-config libssl-dev

- name: Verify .sqlx cache exists
run: |
ls -lh .sqlx/ || echo ".sqlx directory not found"
find .sqlx -type f 2>/dev/null | wc -l

- name: Install stable toolchain
uses: actions-rs/toolchain@v1
Expand All @@ -26,7 +43,7 @@ jobs:
components: rustfmt, clippy

- name: Cache cargo registry
uses: actions/cache@v3.0.7
uses: actions/cache@v4
with:
path: ~/.cargo/registry
key: docker-registry-${{ hashFiles('**/Cargo.lock') }}
Expand All @@ -35,7 +52,7 @@ jobs:
docker-

- name: Cache cargo index
uses: actions/cache@v3.0.7
uses: actions/cache@v4
with:
path: ~/.cargo/git
key: docker-index-${{ hashFiles('**/Cargo.lock') }}
Expand All @@ -48,7 +65,7 @@ jobs:
head -c16 /dev/urandom > src/secret.key

- name: Cache cargo build
uses: actions/cache@v3.0.7
uses: actions/cache@v4
with:
path: target
key: docker-build-${{ hashFiles('**/Cargo.lock') }}
Expand Down Expand Up @@ -87,11 +104,11 @@ jobs:
command: clippy
args: -- -D warnings

- name: Run cargo build
- name: Build server (release)
uses: actions-rs/cargo@v1
with:
command: build
args: --release
args: --release --bin server

- name: npm install, build, and test
working-directory: ./web
Expand All @@ -101,7 +118,7 @@ jobs:
# npm test

- name: Archive production artifacts
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: dist-without-markdown
path: |
Expand All @@ -114,27 +131,27 @@ jobs:
- name: Copy app files and zip
run: |
mkdir -p app/stacker/dist
cp target/release/stacker app/stacker
cp -a web/dist/. app/stacker
cp docker/prod/Dockerfile app/Dockerfile
cp target/release/server app/stacker/server
cp -a web/dist/. app/stacker || true
cp Dockerfile app/Dockerfile
cd app
touch .env
tar -czvf ../app.tar.gz .
cd ..

- name: Upload app archive for Docker job
uses: actions/upload-artifact@v2.2.2
uses: actions/upload-artifact@v4
with:
name: artifact-linux-docker
path: app.tar.gz

cicd-docker:
cicd-linux-docker:
name: CICD Docker
runs-on: ubuntu-latest
needs: cicd-linux-docker
needs: cicd-docker
steps:
- name: Download app archive
uses: actions/download-artifact@v2
uses: actions/download-artifact@v4
with:
name: artifact-linux-docker

Expand All @@ -144,12 +161,21 @@ jobs:
- name: Display structure of downloaded files
run: ls -R

- name: Docker build and publish
uses: docker/build-push-action@v1
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: trydirect/stacker
add_git_labels: true
tag_with_ref: true
#no-cache: true
-
name: Build and push
uses: docker/build-push-action@v6
with:
push: true
tags: trydirect/stacker:latest
3 changes: 2 additions & 1 deletion .github/workflows/notifier.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,12 @@ jobs:

notifyTelegram:
runs-on: ubuntu-latest
concurrency: build
steps:
- name: send custom message
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_TO }}
token: ${{ secrets.TELEGRAM_TOKEN }}
message: |
"Issue ${{ github.event.action }}: \n${{ github.event.issue.html_url }}"
"Github actions on push: build in progress .. ${{ github.event.action }} "
77 changes: 67 additions & 10 deletions .github/workflows/rust.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,78 @@

on:
push:
branches: [ "main" ]
branches: [ dev, main ]
pull_request:
branches: [ "main" ]
branches: [ dev, main ]

env:
CARGO_TERM_COLOR: always

jobs:
build:

runs-on: ubuntu-latest

name: Build binaries (Linux/macOS)
env:
SQLX_OFFLINE: true
strategy:
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
artifact_name: stacker-linux-x86_64
- os: macos-latest
target: x86_64-apple-darwin
artifact_name: stacker-macos-x86_64
- os: macos-latest
target: aarch64-apple-darwin
artifact_name: stacker-macos-aarch64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Build
run: cargo build --verbose
- name: Run tests
run: cargo test --verbose
- uses: actions/checkout@v4
- name: Verify .sqlx cache exists
run: |
ls -lh .sqlx/ || echo ".sqlx directory not found"
find .sqlx -type f 2>/dev/null | wc -l
- name: Install Rust toolchain
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: ${{ matrix.target }}
override: true
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-registry-
- name: Cache cargo index
uses: actions/cache@v4
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-index-
- name: Cache target directory
uses: actions/cache@v4
with:
path: target
key: ${{ runner.os }}-target-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-target-${{ matrix.target }}-
- name: Build server (release)
run: cargo build --release --target ${{ matrix.target }} --bin server --verbose

- name: Build console (release with features)
run: cargo build --release --target ${{ matrix.target }} --bin console --features explain --verbose
- name: Prepare binaries
run: |
mkdir -p artifacts
cp target/${{ matrix.target }}/release/server artifacts/server
cp target/${{ matrix.target }}/release/console artifacts/console
tar -czf ${{ matrix.artifact_name }}.tar.gz -C artifacts .
- name: Upload binaries
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact_name }}
path: ${{ matrix.artifact_name }}.tar.gz
retention-days: 7
Comment on lines +14 to +79

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 9 days ago

To fix the issue, we should explicitly declare the permissions for the GITHUB_TOKEN used by this workflow and restrict them to the minimum required. This workflow only needs to read repository contents to build and upload artifacts, so contents: read is sufficient. We can set permissions at the workflow root so it applies to all jobs (currently only build), or directly under the build job. Root-level is cleaner and recommended.

Concretely, in .github/workflows/rust.yml, add a permissions: block near the top, after name: Rust and before on:. Set it to:

permissions:
  contents: read

No additional imports or dependencies are required, and this does not alter any existing build behavior. It only constrains what the automatically provided GITHUB_TOKEN can do.

Suggested changeset 1
.github/workflows/rust.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -1,5 +1,8 @@
 name: Rust
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: [ dev, main ]
EOF
@@ -1,5 +1,8 @@
name: Rust

permissions:
contents: read

on:
push:
branches: [ dev, main ]
Copilot is powered by AI and may make mistakes. Always verify output.
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,6 @@ access_control.conf
configuration.yaml
configuration.yaml.backup
configuration.yaml.orig
.vscode/
.env
docs/*.sql
3 changes: 0 additions & 3 deletions .idea/.gitignore
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions .idea/inspectionProfiles/profiles_settings.xml
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions .idea/misc.xml
View file
Open in desktop

This file was deleted.

8 changes: 0 additions & 8 deletions .idea/modules.xml
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions .idea/sqldialects.xml
View file
Open in desktop

This file was deleted.

14 changes: 0 additions & 14 deletions .idea/stacker.iml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions .idea/vcs.xml
View file
Open in desktop

This file was deleted.

Loading
Loading