Compare commits

..

1 Commits

Author SHA1 Message Date
dependabot[bot] 464e62fdd6 chore(deps): bump docker/login-action from 4.2.0 to 4.3.0
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/650006c6eb7dba73a995cc03b0b2d7f5ca915bee...c99871dec2022cc055c062a10cc1a1310835ceb4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 08:13:22 +00:00
21 changed files with 1470 additions and 1380 deletions
+17 -17
View File
@@ -220,23 +220,6 @@ TINYAUTH_LDAP_AUTHCERT=
TINYAUTH_LDAP_AUTHKEY=
# Cache duration for LDAP group membership in seconds.
TINYAUTH_LDAP_GROUPCACHETTL=900
# experimental config
# Enable Tailscale integration.
TINYAUTH_EXPERIMENTAL_TAILSCALE_ENABLED=false
# Tailscale state directory.
TINYAUTH_EXPERIMENTAL_TAILSCALE_DIR="./tailscale_state"
# Tailscale hostname.
TINYAUTH_EXPERIMENTAL_TAILSCALE_HOSTNAME=
# Tailscale auth key.
TINYAUTH_EXPERIMENTAL_TAILSCALE_AUTHKEY=
# Use ephemeral Tailscale node.
TINYAUTH_EXPERIMENTAL_TAILSCALE_EPHEMERAL=false
# Enable Tailscale Funnel.
TINYAUTH_EXPERIMENTAL_TAILSCALE_FUNNEL=false
# Listen on the Tailscale address instead of standard address.
TINYAUTH_EXPERIMENTAL_TAILSCALE_LISTEN=false
# Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment.
TINYAUTH_LABELPROVIDER="auto"
@@ -258,3 +241,20 @@ TINYAUTH_LOG_STREAMS_APP_LEVEL=
TINYAUTH_LOG_STREAMS_AUDIT_ENABLED=false
# Log level for this stream. Use global if empty.
TINYAUTH_LOG_STREAMS_AUDIT_LEVEL=
# tailscale config
# Enable Tailscale integration.
TINYAUTH_TAILSCALE_ENABLED=false
# Tailscale state directory.
TINYAUTH_TAILSCALE_DIR="./tailscale_state"
# Tailscale hostname.
TINYAUTH_TAILSCALE_HOSTNAME=
# Tailscale auth key.
TINYAUTH_TAILSCALE_AUTHKEY=
# Use ephemeral Tailscale node.
TINYAUTH_TAILSCALE_EPHEMERAL=false
# Enable Tailscale Funnel.
TINYAUTH_TAILSCALE_FUNNEL=false
# Listen on the Tailscale address instead of standard address.
TINYAUTH_TAILSCALE_LISTEN=false
+3 -3
View File
@@ -36,9 +36,9 @@ jobs:
- name: Check codegen is up to date
run: |
sqlc generate
go generate ./...
git diff --exit-code
git status --porcelain | grep -q . && echo "untracked files code gen files" && exit 1 || true
go generate ./internal/repository/...
git diff --exit-code -- internal/repository/
git status --porcelain -- internal/repository/ | grep -q . && echo "untracked files in internal/repository/" && exit 1 || true
- name: Install frontend dependencies
working-directory: ./frontend
+6 -6
View File
@@ -156,7 +156,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -214,7 +214,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -272,7 +272,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -330,7 +330,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -384,7 +384,7 @@ jobs:
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -423,7 +423,7 @@ jobs:
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
+6 -6
View File
@@ -126,7 +126,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -182,7 +182,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -238,7 +238,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -294,7 +294,7 @@ jobs:
images: ghcr.io/${{ github.repository_owner }}/tinyauth
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -349,7 +349,7 @@ jobs:
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
@@ -390,7 +390,7 @@ jobs:
merge-multiple: true
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
-3
View File
@@ -51,6 +51,3 @@ config.certify.yml
# deepsec
/.deepsec
# jetbrains
/.idea/
+2 -1
View File
@@ -93,7 +93,8 @@ sql:
# Go gen
generate:
go generate ./...
go run ./gen
go generate ./internal/repository/...
# Docker image
docker:
+26 -25
View File
@@ -12,49 +12,50 @@
},
"packageManager": "pnpm@11.1.2",
"dependencies": {
"@hookform/resolvers": "^5.4.0",
"@radix-ui/react-dropdown-menu": "^2.1.19",
"@radix-ui/react-label": "^2.1.11",
"@radix-ui/react-select": "^2.3.2",
"@radix-ui/react-separator": "^1.1.11",
"@radix-ui/react-slot": "^1.3.0",
"@tailwindcss/vite": "^4.3.2",
"@tanstack/react-query": "^5.101.2",
"axios": "^1.18.1",
"@hookform/resolvers": "^5.2.2",
"@radix-ui/react-dropdown-menu": "^2.1.16",
"@radix-ui/react-label": "^2.1.8",
"@radix-ui/react-select": "^2.2.6",
"@radix-ui/react-separator": "^1.1.8",
"@radix-ui/react-slot": "^1.2.4",
"@tailwindcss/vite": "^4.2.2",
"@tanstack/react-query": "^5.99.0",
"axios": "^1.15.0",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"i18next": "^26.3.4",
"i18next": "^26.0.4",
"i18next-browser-languagedetector": "^8.2.1",
"i18next-resources-to-backend": "^1.2.1",
"lucide-react": "^1.23.0",
"lucide-react": "^1.8.0",
"next-themes": "^0.4.6",
"radix-ui": "^1.6.1",
"react": "^19.2.7",
"react-dom": "^19.2.7",
"react-hook-form": "^7.80.0",
"react-i18next": "^17.0.8",
"radix-ui": "^1.4.3",
"react": "^19.2.5",
"react-dom": "^19.2.5",
"react-hook-form": "^7.72.1",
"react-i18next": "^17.0.2",
"react-markdown": "^10.1.0",
"react-router": "^7.14.0",
"sonner": "^2.0.7",
"tailwind-merge": "^3.5.0",
"tailwindcss": "^4.3.2",
"tailwindcss": "^4.2.2",
"zod": "^4.3.6"
},
"devDependencies": {
"@eslint/js": "^10.0.1",
"@tanstack/eslint-plugin-query": "^5.101.2",
"@tanstack/eslint-plugin-query": "^5.99.0",
"@types/node": "^25.6.0",
"@types/react": "^19.2.17",
"@types/react": "^19.2.14",
"@types/react-dom": "^19.2.3",
"@vitejs/plugin-react": "^6.0.3",
"eslint": "^10.6.0",
"@vitejs/plugin-react": "^6.0.1",
"eslint": "^10.2.0",
"eslint-plugin-react-hooks": "^7.0.1",
"eslint-plugin-react-refresh": "^0.5.3",
"globals": "^17.7.0",
"eslint-plugin-react-refresh": "^0.5.2",
"globals": "^17.5.0",
"prettier": "3.8.2",
"rollup-plugin-visualizer": "^7.0.1",
"tw-animate-css": "^1.4.0",
"typescript": "~6.0.2",
"typescript-eslint": "^8.62.1",
"vite": "^8.1.3"
"typescript-eslint": "^8.58.1",
"vite": "^8.0.8"
}
}
+1372 -1278
View File
File diff suppressed because it is too large Load Diff
+2 -1
View File
@@ -1,3 +1,4 @@
dangerouslyAllowAllBuilds: false
blockExoticSubdeps: true
minimumReleaseAge: 1440 # 1 day
minimumReleaseAge: 1440 # 1 day
trustPolicy: no-downgrade
View File
@@ -1,4 +1,4 @@
// gen/sqlc_wrapper generates store.go wrapper files for each sqlc driver package under
// gen/sqlc-wrapper generates store.go wrapper files for each sqlc driver package under
// internal/repository/<driver>/. Run via:
//
// go generate ./internal/repository/...
@@ -32,7 +32,7 @@ import (
var storeSrc string
func main() {
fmt.Println("sqlc_wrapper: generating store.go files for sqlc driver packages...")
fmt.Println("sqlc-wrapper: generating store.go files for sqlc driver packages...")
if err := run(); err != nil {
log.Fatal(err)
}
-3
View File
@@ -1,3 +0,0 @@
package tinyauth
//go:generate go run github.com/tinyauthapp/tinyauth/gen/docs
+1 -1
View File
@@ -279,7 +279,7 @@ func (app *BootstrapApp) Setup() error {
app.runtime.ConfiguredProviders = configuredProviders
// if tailscale is enabled and listening, replace the app url with the tailscale hostname
if app.services.tailscaleService != nil && app.config.Experimental.Tailscale.Listen {
if app.services.tailscaleService != nil && app.config.Tailscale.Listen {
tailscaleUrl := "https://" + app.services.tailscaleService.GetHostname()
// if the tailscale url is different from the app url, replace it
+3 -2
View File
@@ -130,9 +130,9 @@ func (app *BootstrapApp) setupRouter() error {
// 2. Unix socket (if server.socketPath)
// 3. HTTP - default
func (app *BootstrapApp) getListenerFunc() (func(ctx context.Context) error, error) {
if app.config.Experimental.Tailscale.Listen {
if app.config.Tailscale.Listen {
if app.services.tailscaleService == nil {
return nil, fmt.Errorf("experimental.tailscale.listen is enabled but tailscale service is not initialized")
return nil, fmt.Errorf("tailscale.listen is enabled but tailscale service is not initialized")
}
return app.serveTailscale, nil
}
@@ -227,6 +227,7 @@ func (app *BootstrapApp) serve(listener net.Listener, server *http.Server, ctx c
err := server.Serve(listener)
if err != nil && !errors.Is(err, http.ErrServerClosed) {
shutdown()
return fmt.Errorf("failed to start %s listener: %w", name, err)
}
+21 -23
View File
@@ -81,10 +81,8 @@ func NewDefaultConfiguration(runtimeEnv RuntimeEnv) *Config {
PrivateKeyPath: "./tinyauth_oidc_key",
PublicKeyPath: "./tinyauth_oidc_key.pub",
},
Experimental: ExperimentalConfig{
Tailscale: TailscaleConfig{
Dir: "./tailscale_state",
},
Tailscale: TailscaleConfig{
Dir: "./tailscale_state",
},
LabelProvider: "auto",
}
@@ -95,28 +93,29 @@ func NewDefaultConfiguration(runtimeEnv RuntimeEnv) *Config {
cfg.Resources.Path = "/data/resources"
cfg.OIDC.PrivateKeyPath = "/data/oidc/key.pem"
cfg.OIDC.PublicKeyPath = "/data/oidc/key.pub"
cfg.Experimental.Tailscale.Dir = "/data/tailscale"
cfg.Tailscale.Dir = "/data/tailscale"
}
return cfg
}
type Config struct {
AppURL string `description:"The base URL where the app is hosted." yaml:"appUrl"`
Database DatabaseConfig `description:"Database configuration." yaml:"database"`
Analytics AnalyticsConfig `description:"Analytics configuration." yaml:"analytics"`
Resources ResourcesConfig `description:"Resources configuration." yaml:"resources"`
Server ServerConfig `description:"Server configuration." yaml:"server"`
Auth AuthConfig `description:"Authentication configuration." yaml:"auth"`
Apps map[string]App `description:"Application ACLs configuration." yaml:"apps"`
OAuth OAuthConfig `description:"OAuth configuration." yaml:"oauth"`
OIDC OIDCConfig `description:"OIDC configuration." yaml:"oidc"`
UI UIConfig `description:"UI customization." yaml:"ui"`
LDAP LDAPConfig `description:"LDAP configuration." yaml:"ldap"`
Experimental ExperimentalConfig `description:"Experimental features, use with caution." yaml:"experimental"`
LabelProvider string `description:"Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment." yaml:"labelProvider"`
Log LogConfig `description:"Logging configuration." yaml:"log"`
ConfigFile string `description:"Path to config file." yaml:"-"`
AppURL string `description:"The base URL where the app is hosted." yaml:"appUrl"`
Database DatabaseConfig `description:"Database configuration." yaml:"database"`
Analytics AnalyticsConfig `description:"Analytics configuration." yaml:"analytics"`
Resources ResourcesConfig `description:"Resources configuration." yaml:"resources"`
Server ServerConfig `description:"Server configuration." yaml:"server"`
Auth AuthConfig `description:"Authentication configuration." yaml:"auth"`
Apps map[string]App `description:"Application ACLs configuration." yaml:"apps"`
OAuth OAuthConfig `description:"OAuth configuration." yaml:"oauth"`
OIDC OIDCConfig `description:"OIDC configuration." yaml:"oidc"`
UI UIConfig `description:"UI customization." yaml:"ui"`
LDAP LDAPConfig `description:"LDAP configuration." yaml:"ldap"`
// Experimental ExperimentalConfig `description:"Experimental features, use with caution." yaml:"experimental"`
LabelProvider string `description:"Label provider to use for ACLs (auto, docker, kubernetes or none to disable). auto detects the environment." yaml:"labelProvider"`
Log LogConfig `description:"Logging configuration." yaml:"log"`
Tailscale TailscaleConfig `description:"Tailscale configuration." yaml:"tailscale"`
ConfigFile string `description:"Path to config file." yaml:"-"`
}
type DatabaseConfig struct {
@@ -238,9 +237,8 @@ type LogStreamConfig struct {
Level string `description:"Log level for this stream. Use global if empty." yaml:"level"`
}
type ExperimentalConfig struct {
Tailscale TailscaleConfig `description:"Tailscale configuration." yaml:"tailscale"`
}
// no experimental features
type ExperimentalConfig struct{}
type TailscaleConfig struct {
Enabled bool `description:"Enable Tailscale integration." yaml:"enabled"`
+1 -1
View File
@@ -1,3 +1,3 @@
package postgres
//go:generate go run github.com/tinyauthapp/tinyauth/gen/sqlc_wrapper -pkg github.com/tinyauthapp/tinyauth/internal/repository/postgres
//go:generate go run github.com/tinyauthapp/tinyauth/gen/sqlc-wrapper -pkg github.com/tinyauthapp/tinyauth/internal/repository/postgres
+1 -1
View File
@@ -1,3 +1,3 @@
package sqlite
//go:generate go run github.com/tinyauthapp/tinyauth/gen/sqlc_wrapper -pkg github.com/tinyauthapp/tinyauth/internal/repository/sqlite
//go:generate go run github.com/tinyauthapp/tinyauth/gen/sqlc-wrapper -pkg github.com/tinyauthapp/tinyauth/internal/repository/sqlite
+7 -7
View File
@@ -45,17 +45,17 @@ type TailscaleServiceInput struct {
}
func NewTailscaleService(i TailscaleServiceInput) (*TailscaleService, error) {
if !i.Config.Experimental.Tailscale.Enabled {
if !i.Config.Tailscale.Enabled {
return nil, nil
}
srv := new(tsnet.Server)
// node options
srv.Dir = i.Config.Experimental.Tailscale.Dir
srv.Hostname = i.Config.Experimental.Tailscale.Hostname
srv.AuthKey = i.Config.Experimental.Tailscale.AuthKey
srv.Ephemeral = i.Config.Experimental.Tailscale.Ephemeral
srv.Dir = i.Config.Tailscale.Dir
srv.Hostname = i.Config.Tailscale.Hostname
srv.AuthKey = i.Config.Tailscale.AuthKey
srv.Ephemeral = i.Config.Tailscale.Ephemeral
// redirect logs to zerolog
srv.Logf = i.Log.App.Printf
@@ -94,7 +94,7 @@ func NewTailscaleService(i TailscaleServiceInput) (*TailscaleService, error) {
i.Ding.Go(service.watchAndClose, ding.RingMajor)
if i.Config.Experimental.Tailscale.Funnel && !i.Config.Experimental.Tailscale.Listen {
if i.Config.Tailscale.Funnel && !i.Config.Tailscale.Listen {
service.log.App.Warn().Msg("Tailscale Funnel is enabled but listen is disabled. Funnel will not work without listen enabled.")
}
@@ -153,7 +153,7 @@ func (ts *TailscaleService) CreateListener() (net.Listener, error) {
return *ts.ln, nil
}
if ts.config.Experimental.Tailscale.Funnel {
if ts.config.Tailscale.Funnel {
ln, err := ts.srv.ListenFunnel("tcp", ":443")
if err != nil {
return nil, err