From 1d535b9dba64002bb54f7ce12eeb69f71cdbd306 Mon Sep 17 00:00:00 2001 From: Jaap Eldering Date: Mon, 25 Nov 2024 11:22:44 +0100 Subject: [PATCH] Set a more grep-able mysql root password in CI jobs, drop domjudge user The domjudge mysql user should be created by our setup scripts, so that we test these and need to set the password only in one place. Also don't explicitly pass root user/password to dj_setup_database script. It will infer it from `~/.my.cnf`. Rename mysql_root to mysql_log helper to clarify behaviour. --- .github/jobs/baseinstall.sh | 47 ++++++++++++-------------- .github/jobs/ci_settings.sh | 9 ++--- .github/workflows/database-upgrade.yml | 8 ++--- .github/workflows/integration.yml | 6 ++-- .github/workflows/webstandard.yml | 4 +-- 5 files changed, 30 insertions(+), 44 deletions(-) mode change 100644 => 100755 .github/jobs/ci_settings.sh diff --git a/.github/jobs/baseinstall.sh b/.github/jobs/baseinstall.sh index 2c61bc2a7b..29dfc0a074 100755 --- a/.github/jobs/baseinstall.sh +++ b/.github/jobs/baseinstall.sh @@ -50,32 +50,30 @@ cat > ~/.my.cnf < /opt/domjudge/domserver/etc/dbpasswords.secret # Show some MySQL debugging -mysql_root "show databases" -mysql_root "SELECT CURRENT_USER();" -mysql_root "SELECT USER();" -mysql_root "SELECT user,host FROM mysql.user" -echo "unused:sqlserver:domjudge:domjudge:domjudge:3306" > /opt/domjudge/domserver/etc/dbpasswords.secret -mysql_user "SELECT CURRENT_USER();" -mysql_user "SELECT USER();" +mysql_log "show databases" +mysql_log "SELECT CURRENT_USER();" +mysql_log "SELECT USER();" +mysql_log "SELECT user,host FROM mysql.user" section_end if [ "${db}" = "install" ]; then section_start "Install DOMjudge database" - /opt/domjudge/domserver/bin/dj_setup_database -uroot -proot bare-install + /opt/domjudge/domserver/bin/dj_setup_database bare-install section_end elif [ "${db}" = "upgrade" ]; then section_start "Upgrade DOMjudge database" - /opt/domjudge/domserver/bin/dj_setup_database -uroot -proot upgrade + /opt/domjudge/domserver/bin/dj_setup_database upgrade section_end fi @@ -113,30 +111,29 @@ section_end if [ "${db}" = "install" ]; then section_start "Install the example data" - /opt/domjudge/domserver/bin/dj_setup_database -uroot -proot install-examples | tee -a "$ARTIFACTS/mysql.txt" + /opt/domjudge/domserver/bin/dj_setup_database install-examples | tee -a "$ARTIFACTS/mysql.txt" section_end fi section_start "Setup user" # We're using the admin user in all possible roles -mysql_root "DELETE FROM userrole WHERE userid=1;" domjudge +mysql_log "DELETE FROM userrole WHERE userid=1;" domjudge if [ "$version" = "team" ]; then # Add team to admin user - mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge - mysql_root "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge + mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge + mysql_log "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge elif [ "$version" = "jury" ]; then # Add jury to admin user - mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 2);" domjudge + mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 2);" domjudge elif [ "$version" = "balloon" ]; then # Add balloon to admin user - mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 4);" domjudge + mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 4);" domjudge elif [ "$version" = "admin" ]; then # Add admin to admin user - mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge + mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge elif [ "$version" = "all" ]; then - mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge - mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge - mysql_root "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge + mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge + mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge + mysql_log "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge fi section_end - diff --git a/.github/jobs/ci_settings.sh b/.github/jobs/ci_settings.sh old mode 100644 new mode 100755 index 350b07cf09..5dd02c1cbd --- a/.github/jobs/ci_settings.sh +++ b/.github/jobs/ci_settings.sh @@ -24,14 +24,9 @@ section_end_internal () { trace_on } -mysql_root () { +mysql_log () { # shellcheck disable=SC2086 - echo "$1" | mysql -uroot -proot ${2:-} | tee -a "$ARTIFACTS"/mysql.txt -} - -mysql_user () { - # shellcheck disable=SC2086 - echo "$1" | mysql -udomjudge -pdomjudge ${2:-} | tee -a "$ARTIFACTS"/mysql.txt + echo "$1" | mysql ${2:-} | tee -a "$ARTIFACTS"/mysql.txt } section_start () { diff --git a/.github/workflows/database-upgrade.yml b/.github/workflows/database-upgrade.yml index dd3fe7a351..889a574599 100644 --- a/.github/workflows/database-upgrade.yml +++ b/.github/workflows/database-upgrade.yml @@ -18,19 +18,17 @@ jobs: ports: - 3306:3306 env: - MYSQL_ROOT_PASSWORD: root - MYSQL_USER: domjudge - MYSQL_PASSWORD: domjudge + MYSQL_ROOT_PASSWORD: mysql_root_password options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3 steps: - uses: actions/checkout@v4 - name: Import Database - run: mysql -hsqlserver -uroot -proot < .github/jobs/data/dj733.sql + run: mysql -hsqlserver -uroot -pmysql_root_password < .github/jobs/data/dj733.sql - name: Upgrade DOMjudge run: .github/jobs/baseinstall.sh default upgrade - name: Setting initial Admin Password run: echo "pass" > /opt/domjudge/domserver/etc/initial_admin_password.secret - name: Check for Errors in the Upgrade - run: mysql -hsqlserver -uroot -proot -e "SHOW TABLES FROM domjudge;" + run: mysql -hsqlserver -uroot -pmysql_root_password -e "SHOW TABLES FROM domjudge;" - name: Check for Errors in Domjudge Web run: .github/jobs/webstandard.sh none admin diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 56ee842a2c..59e7adfae7 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -19,9 +19,7 @@ jobs: ports: - 3306:3306 env: - MYSQL_ROOT_PASSWORD: root - MYSQL_USER: domjudge - MYSQL_PASSWORD: domjudge + MYSQL_ROOT_PASSWORD: mysql_root_password options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3 steps: - uses: actions/checkout@v4 @@ -75,7 +73,7 @@ jobs: done - name: dump the db if: ${{ !cancelled() }} - run: mysqldump -uroot -proot domjudge > /tmp/db.sql + run: mysqldump -uroot -pmysql_root_password domjudge > /tmp/db.sql - name: Upload database dump for debugging if: ${{ !cancelled() }} uses: actions/upload-artifact@v3 diff --git a/.github/workflows/webstandard.yml b/.github/workflows/webstandard.yml index 23e0760cab..ca46ac7658 100644 --- a/.github/workflows/webstandard.yml +++ b/.github/workflows/webstandard.yml @@ -17,9 +17,7 @@ jobs: ports: - 3306:3306 env: - MYSQL_ROOT_PASSWORD: root - MYSQL_USER: domjudge - MYSQL_PASSWORD: domjudge + MYSQL_ROOT_PASSWORD: mysql_root_password options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3 strategy: matrix: