futureporn
/
fp
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix schema roles and rename

This commit is contained in:
CJ_Clippy 2024-08-01 11:33:36 -08:00
parent f1371970ac
commit 0a1108b4a7
3 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.gitea/workflows/builder.yaml
View File

@ -13,6 +13,16 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
name: Check out code name: Check out code
- uses: mr-smithers-excellent/docker-build-push@v6
name: Build futureporn/migrations
with:
image: futureporn/migrations
tags: latest
registry: gitea.futureporn.net
dockerfile: d.migrations.dockerfile
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: mr-smithers-excellent/docker-build-push@v6 - uses: mr-smithers-excellent/docker-build-push@v6
name: Build futureporn/bot name: Build futureporn/bot
with: with:
@ -23,15 +33,6 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- uses: mr-smithers-excellent/docker-build-push@v6
name: Build futureporn/migrations
with:
image: futureporn/migrations
tags: latest
registry: gitea.futureporn.net
dockerfile: d.migrations.dockerfile
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: mr-smithers-excellent/docker-build-push@v6 - uses: mr-smithers-excellent/docker-build-push@v6
name: Build futureporn/capture name: Build futureporn/capture

20
services/migrations/migrations/00001_create.sql
View File

@ -4,8 +4,8 @@ CREATE schema api;
-- authenticator is the role which can "impersonate" other users. -- authenticator is the role which can "impersonate" other users.
CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER; CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER;
-- anonymous is the role assigned to anonymous web requests -- anon is the role assigned to anon web requests
CREATE ROLE anonymous NOLOGIN; CREATE ROLE anon NOLOGIN;
-- schema for @futureporn/capture and @futureporn/bot -- schema for @futureporn/capture and @futureporn/bot
CREATE TABLE api.discord_interactions ( CREATE TABLE api.discord_interactions (
@ -16,12 +16,12 @@ CREATE TABLE api.discord_interactions (
-- roles & permissions for our backend automation user -- roles & permissions for our backend automation user
CREATE ROLE automation_user NOLOGIN; CREATE ROLE automation NOLOGIN;
GRANT automation_user TO authenticator; GRANT automation TO authenticator;
GRANT usage ON SCHEMA api TO automation_user; GRANT usage ON SCHEMA api TO automation;
GRANT all ON api.discord_interactions TO automation_user; GRANT all ON api.discord_interactions TO automation;
-- role & permissions for anonymous web user -- role & permissions for anon web user
CREATE ROLE anonymous_user NOLOGIN; CREATE ROLE anon NOLOGIN;
GRANT usage on schema api TO anonymous_user; GRANT usage on schema api TO anon;
GRANT SELECT ON api.discord_interactions TO anonymous_user; GRANT SELECT ON api.discord_interactions TO anon;

2
services/migrations/migrations/00002_add-records-table.sql
View File

@ -7,4 +7,4 @@ CREATE TABLE api.records (
); );
-- roles & permissions for our backend automation user -- roles & permissions for our backend automation user
GRANT all ON api.records TO automation_user; GRANT all ON api.records TO automation;