Merge pull request #3 from jueti/main

backup
6 days ago · f38ff95934
4 changed files with 61 additions and 25 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -102,8 +102,10 @@ jobs:
                  # 如果有旧 Tag，生成 "Tag-CommitHash" 格式
                  echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
              else
-              echo "SOURCE_VERSION=${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
-              echo "⚠️ No tags found in repository. Using version: dev-${SOURCE_COMMIT:0:8}"
+                  # echo "SOURCE_VERSION=${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
+                  # echo "⚠️ No tags found in repository. Using version: dev-${SOURCE_COMMIT:0:8}"
+                  echo "SOURCE_VERSION=1.35.4-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
+              fi
          fi

      # Login to Docker Hub
@ -161,13 +163,13 @@ jobs:
        run: |
          #
          # Check if there is a GitHub Container Registry Login and use it for caching
-          if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then
-            echo "BAKE_CACHE_FROM=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH}" | tee -a "${GITHUB_ENV}"
-            echo "BAKE_CACHE_TO=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH},compression=zstd,mode=max" | tee -a "${GITHUB_ENV}"
-          else
+          #if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then
+          #  echo "BAKE_CACHE_FROM=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH}" | tee -a "${GITHUB_ENV}"
+          #  echo "BAKE_CACHE_TO=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH},compression=zstd,mode=max" | tee -a "${GITHUB_ENV}"
+          #else
          echo "BAKE_CACHE_FROM="
          echo "BAKE_CACHE_TO="
-          fi
+          #fi
          #

      - name: Generate tags
@ -198,13 +200,11 @@ jobs:
          source: .
          files: docker/docker-bake.hcl
          targets: "${{ matrix.base_image }}-multi"
+          no-cache: true
          set: |
-            *.cache-from=${{ env.BAKE_CACHE_FROM }}
-            *.cache-to=${{ env.BAKE_CACHE_TO }}
            *.platform=linux/${{ matrix.arch }}
            ${{ env.TAGS }}
            *.output=type=local,dest=./output
-            *.output=type=image,push-by-digest=true,name-canonical=true,push=true

      - name: Extract digest SHA
        env:
@ -238,16 +238,52 @@ jobs:
          mv ./output/vaultwarden vaultwarden-"${NORMALIZED_ARCH}"

      # Upload artifacts to Github Actions and Attest the binaries
-      - name: Attest binaries
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
-        with:
-          subject-path: vaultwarden-${{ env.NORMALIZED_ARCH }}
-
-      - name: Upload binaries as artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      #- name: Attest binaries
+      #  uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
+      #  with:
+      #    subject-path: vaultwarden-${{ env.NORMALIZED_ARCH }}
+
+      #- name: Upload binaries as artifacts
+      #  uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      #  with:
+      #    name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-${{ env.NORMALIZED_ARCH }}-${{ matrix.base_image }}
+      #    path: vaultwarden-${{ env.NORMALIZED_ARCH }}
+
+            # --- 修改开始：整理文件并打包成 TAR ---
+      - name: Prepare and Tar Minimal Files
+        env:
+          NORMALIZED_ARCH: ${{ env.NORMALIZED_ARCH }}
+          BASE_IMAGE: ${{ matrix.base_image }}
+          SOURCE_VERSION: ${{ env.SOURCE_VERSION }}
+        run: |
+          # 定义临时文件夹名称
+          TEMP_DIR="vaultwarden-${SOURCE_VERSION}-linux-${NORMALIZED_ARCH}-${BASE_IMAGE}"
+          mkdir -p "${TEMP_DIR}"
+          du -ah
+          echo "Copying essential files to ${TEMP_DIR}..."
+          
+          # 4. 打包成 .tar.gz
+          TARBALL_NAME="${TEMP_DIR}.tar.gz"
+          echo "Creating tarball: ${TARBALL_NAME}"
+          tar -czvf "${TARBALL_NAME}" vaultwarden-${{ env.NORMALIZED_ARCH }} ./output/web-vault/ ./output/healthcheck.sh ./output/start.sh
+
+          # 显示包大小
+          ls -lh "${TARBALL_NAME}"
+          du -sh "${TEMP_DIR}"
+
+          # 导出变量供上传步骤使用
+          echo "TARBALL_NAME=${TARBALL_NAME}" >> "${GITHUB_ENV}"
+          echo "ARTIFACT_NAME=${TEMP_DIR}-tar" >> "${GITHUB_ENV}"
+
+      # --- 修改结束：上传 TAR 包 ---
+      - name: Upload Vaultwarden Tarball
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
        with:
-          name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-${{ env.NORMALIZED_ARCH }}-${{ matrix.base_image }}
-          path: vaultwarden-${{ env.NORMALIZED_ARCH }}
+          name: ${{ env.ARTIFACT_NAME }}
+          path: ${{ env.TARBALL_NAME }}
+          retention-days: 5
+          # 如果包很大，可以开启分片压缩 (可选)
+          # compression-level: 6 

  merge-manifests:
    name: Merge manifests
--- a/docker/DockerSettings.yaml
+++ b/docker/DockerSettings.yaml
@ -6,7 +6,7 @@ vault_image_digest: "sha256:062fcf0d5dc37247dae61b0ee1ba5d20f9296e290d7ad1f6114e
 # https://github.com/tonistiigi/xx | https://hub.docker.com/r/tonistiigi/xx/tags
 xx_image_digest: "sha256:c64defb9ed5a91eacb37f96ccc3d4cd72521c4bd18d5442905b95e2226b0e707"
 rust_version: 1.93.1 # Rust version to be used
-debian_version: trixie # Debian release name to be used
+debian_version: bookworm # Debian release name to be used
 alpine_version: "3.23" # Alpine version to be used
 # For which platforms/architectures will we try to build images
 platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -36,7 +36,7 @@ FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c64defb9ed5a91eacb37f

 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
-FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.93.1-slim-trixie AS build
+FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.93.1-slim-bookworm AS build
 COPY --from=xx / /
 ARG TARGETARCH
 ARG TARGETVARIANT
@ -161,7 +161,7 @@ RUN source /env-cargo && \
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
 #
 # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
-FROM --platform=$TARGETPLATFORM docker.io/library/debian:trixie-slim
+FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim

 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
--- a/src/db/models/org_policy.rs
+++ b/src/db/models/org_policy.rs
@ -269,7 +269,7 @@ impl OrgPolicy {
                continue;
            }

-            if let Some(user) = Membership::find_by_user_and_org(user_uuid, &policy.org_uuid, conn).await {
+            if let Some(user) = Membership::find_confirmed_by_user_and_org(user_uuid, &policy.org_uuid, conn).await {
                if user.atype < MembershipType::Admin {
                    return true;
                }