From 42e0eb812c0579fe51df22545fa4fd2ab74ba424 Mon Sep 17 00:00:00 2001 From: Evan Jarrett Date: Tue, 4 Nov 2025 21:10:08 -0600 Subject: [PATCH] test buildah spindle engine --- .../workflows/release-credential-helper.yml | 2 +- .tangled/workflows/release.yml | 41 ++++++++++--------- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/.tangled/workflows/release-credential-helper.yml b/.tangled/workflows/release-credential-helper.yml index 80df78c..14d1ca6 100644 --- a/.tangled/workflows/release-credential-helper.yml +++ b/.tangled/workflows/release-credential-helper.yml @@ -7,7 +7,7 @@ # Triggers on version tags (v*) pushed to the repository. when: - - event: ["push"] + - event: ["manual"] tag: ["v*"] engine: "nixery" diff --git a/.tangled/workflows/release.yml b/.tangled/workflows/release.yml index c900255..017ca2d 100644 --- a/.tangled/workflows/release.yml +++ b/.tangled/workflows/release.yml @@ -2,15 +2,10 @@ # Triggers on version tags and builds cross-platform binaries using buildah when: - - event: ["manual"] + - event: ["push"] tag: ["v*"] -engine: "nixery" - -dependencies: - nixpkgs: - - buildah - - gnugrep # Required for tag detection +engine: "buildah" environment: IMAGE_REGISTRY: atcr.io @@ -37,19 +32,19 @@ steps: echo "Building version: $TAG" echo "$TAG" > .version - - name: Setup build environment - command: | - if ! grep -q "^root:" /etc/passwd 2>/dev/null; then - echo "root:x:0:0:root:/root:/bin/sh" >> /etc/passwd - fi - - - name: Login to registry + - name: Setup registry credentials command: | - echo "${APP_PASSWORD}" | buildah login \ - --storage-driver vfs \ - -u "${IMAGE_USER}" \ - --password-stdin \ - ${IMAGE_REGISTRY} + mkdir -p ~/.docker + cat > ~/.docker/config.json < Date: Tue, 4 Nov 2025 23:02:10 -0600 Subject: [PATCH] fix --- .tangled/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.tangled/workflows/release.yml b/.tangled/workflows/release.yml index 017ca2d..bb4accc 100644 --- a/.tangled/workflows/release.yml +++ b/.tangled/workflows/release.yml @@ -14,6 +14,7 @@ environment: steps: - name: Get tag for current commit command: | + #test # Fetch tags (shallow clone doesn't include them by default) git fetch --tags -- 2.43.0 From d5df98bb4046b8747486379d91d249442d56aa78 Mon Sep 17 00:00:00 2001 From: Evan Jarrett Date: Tue, 4 Nov 2025 23:26:57 -0600 Subject: [PATCH] try and invalidate sessions --- pkg/appview/db/oauth_store.go | 19 +++++++++++++++++++ pkg/auth/oauth/server.go | 18 ++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/pkg/appview/db/oauth_store.go b/pkg/appview/db/oauth_store.go index fcfc262..3997f6a 100644 --- a/pkg/appview/db/oauth_store.go +++ b/pkg/appview/db/oauth_store.go @@ -112,6 +112,25 @@ func (s *OAuthStore) DeleteSessionsForDID(ctx context.Context, did string) error return nil } +// DeleteOldSessionsForDID removes all sessions for a DID except the specified session to keep +// This is used during OAuth callback to clean up stale sessions with expired refresh tokens +func (s *OAuthStore) DeleteOldSessionsForDID(ctx context.Context, did string, keepSessionID string) error { + result, err := s.db.ExecContext(ctx, ` + DELETE FROM oauth_sessions WHERE account_did = ? AND session_id != ? + `, did, keepSessionID) + + if err != nil { + return fmt.Errorf("failed to delete old sessions for DID: %w", err) + } + + deleted, _ := result.RowsAffected() + if deleted > 0 { + slog.Info("Deleted old OAuth sessions for DID", "count", deleted, "did", did, "kept", keepSessionID) + } + + return nil +} + // GetAuthRequestInfo retrieves authentication request data by state func (s *OAuthStore) GetAuthRequestInfo(ctx context.Context, state string) (*oauth.AuthRequestData, error) { var requestDataJSON string diff --git a/pkg/auth/oauth/server.go b/pkg/auth/oauth/server.go index 5c4f8c1..df97c42 100644 --- a/pkg/auth/oauth/server.go +++ b/pkg/auth/oauth/server.go @@ -122,7 +122,25 @@ func (s *Server) ServeCallback(w http.ResponseWriter, r *http.Request) { slog.Debug("OAuth callback successful", "did", did, "sessionID", sessionID) + // Clean up old OAuth sessions for this DID BEFORE invalidating cache + // This prevents accumulation of stale sessions with expired refresh tokens + // Order matters: delete from DB first, then invalidate cache, so when cache reloads + // it will only find the new session + type sessionCleaner interface { + DeleteOldSessionsForDID(ctx context.Context, did string, keepSessionID string) error + } + if cleaner, ok := s.app.clientApp.Store.(sessionCleaner); ok { + if err := cleaner.DeleteOldSessionsForDID(r.Context(), did, sessionID); err != nil { + slog.Warn("Failed to clean up old OAuth sessions", "did", did, "error", err) + // Non-fatal - log and continue + } else { + slog.Debug("Cleaned up old OAuth sessions", "did", did, "kept", sessionID) + } + } + // Invalidate cached session (if any) since we have a new session with new tokens + // This happens AFTER deleting old sessions from database, ensuring the cache + // will load the correct session when it's next accessed if s.refresher != nil { s.refresher.InvalidateSession(did) slog.Debug("Invalidated cached session after creating new session", "did", did) -- 2.43.0 From d93b6bbc8fd4a4e1909eb81f9409d1960b1593c7 Mon Sep 17 00:00:00 2001 From: Evan Jarrett Date: Fri, 7 Nov 2025 12:27:05 -0600 Subject: [PATCH] loom test --- .tangled/workflows/loom-amd64.yml | 23 +++++++++++++++++++++++ .tangled/workflows/loom-arm64.yml | 23 +++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .tangled/workflows/loom-amd64.yml create mode 100644 .tangled/workflows/loom-arm64.yml diff --git a/.tangled/workflows/loom-amd64.yml b/.tangled/workflows/loom-amd64.yml new file mode 100644 index 0000000..a8e008e --- /dev/null +++ b/.tangled/workflows/loom-amd64.yml @@ -0,0 +1,23 @@ +when: + - event: ["push"] + branch: ["*"] + - event: ["pull_request"] + branch: ["main"] + +engine: kubernetes +image: golang:1.24-bookworm +architecture: amd64 + +steps: + - name: Download and Generate + environment: + CGO_ENABLED: 1 + command: | + go mod download + go generate ./... + + - name: Run Tests + environment: + CGO_ENABLED: 1 + command: | + go test -cover ./... \ No newline at end of file diff --git a/.tangled/workflows/loom-arm64.yml b/.tangled/workflows/loom-arm64.yml new file mode 100644 index 0000000..77bc30a --- /dev/null +++ b/.tangled/workflows/loom-arm64.yml @@ -0,0 +1,23 @@ +when: + - event: ["push"] + branch: ["*"] + - event: ["pull_request"] + branch: ["main"] + +engine: kubernetes +image: golang:1.24-bookworm +architecture: arm64 + +steps: + - name: Download and Generate + environment: + CGO_ENABLED: 1 + command: | + go mod download + go generate ./... + + - name: Run Tests + environment: + CGO_ENABLED: 1 + command: | + go test -cover ./... \ No newline at end of file -- 2.43.0