Skip to content

Commit

Permalink
Set a more grep-able mysql root password in CI jobs, drop domjudge user
Browse files Browse the repository at this point in the history 
The domjudge mysql user should be created by our setup
scripts, so that we test these and need to set the password
only in one place.

Also don't explicitly pass root user/password to dj_setup_database
script. It will infer it from `~/.my.cnf`.

Rename mysql_root to mysql_log helper to clarify behaviour.
  • Loading branch information
@eldering
eldering committed Nov 26, 2024
1 parent 5cc5c0e commit 1d535b9
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 44 deletions.
47 changes: 22 additions & 25 deletions .github/jobs/baseinstall.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,32 +50,30 @@ cat > ~/.my.cnf <<EOF
[client]
host=sqlserver
user=root
password=root
password=mysql_root_password
EOF
cat ~/.my.cnf

mysql_root "CREATE DATABASE IF NOT EXISTS \`domjudge\` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql_root "CREATE USER IF NOT EXISTS \`domjudge\`@'%' IDENTIFIED BY 'domjudge';"
mysql_root "GRANT SELECT, INSERT, UPDATE, DELETE ON \`domjudge\`.* TO 'domjudge'@'%';"
mysql_root "FLUSH PRIVILEGES;"
mysql_log "CREATE DATABASE IF NOT EXISTS \`domjudge\` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql_log "CREATE USER IF NOT EXISTS \`domjudge\`@'%' IDENTIFIED BY 'domjudge';"
mysql_log "GRANT SELECT, INSERT, UPDATE, DELETE ON \`domjudge\`.* TO 'domjudge'@'%';"
mysql_log "FLUSH PRIVILEGES;"
echo "unused:sqlserver:domjudge:domjudge:domjudge:3306" > /opt/domjudge/domserver/etc/dbpasswords.secret

# Show some MySQL debugging
mysql_root "show databases"
mysql_root "SELECT CURRENT_USER();"
mysql_root "SELECT USER();"
mysql_root "SELECT user,host FROM mysql.user"
echo "unused:sqlserver:domjudge:domjudge:domjudge:3306" > /opt/domjudge/domserver/etc/dbpasswords.secret
mysql_user "SELECT CURRENT_USER();"
mysql_user "SELECT USER();"
mysql_log "show databases"
mysql_log "SELECT CURRENT_USER();"
mysql_log "SELECT USER();"
mysql_log "SELECT user,host FROM mysql.user"
section_end

if [ "${db}" = "install" ]; then
section_start "Install DOMjudge database"
/opt/domjudge/domserver/bin/dj_setup_database -uroot -proot bare-install
/opt/domjudge/domserver/bin/dj_setup_database bare-install
section_end
elif [ "${db}" = "upgrade" ]; then
section_start "Upgrade DOMjudge database"
/opt/domjudge/domserver/bin/dj_setup_database -uroot -proot upgrade
/opt/domjudge/domserver/bin/dj_setup_database upgrade
section_end
fi

Expand Down Expand Up @@ -113,30 +111,29 @@ section_end

if [ "${db}" = "install" ]; then
section_start "Install the example data"
/opt/domjudge/domserver/bin/dj_setup_database -uroot -proot install-examples | tee -a "$ARTIFACTS/mysql.txt"
/opt/domjudge/domserver/bin/dj_setup_database install-examples | tee -a "$ARTIFACTS/mysql.txt"
section_end
fi

section_start "Setup user"
# We're using the admin user in all possible roles
mysql_root "DELETE FROM userrole WHERE userid=1;" domjudge
mysql_log "DELETE FROM userrole WHERE userid=1;" domjudge
if [ "$version" = "team" ]; then
# Add team to admin user
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
mysql_root "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
mysql_log "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
elif [ "$version" = "jury" ]; then
# Add jury to admin user
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 2);" domjudge
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 2);" domjudge
elif [ "$version" = "balloon" ]; then
# Add balloon to admin user
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 4);" domjudge
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 4);" domjudge
elif [ "$version" = "admin" ]; then
# Add admin to admin user
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
elif [ "$version" = "all" ]; then
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
mysql_root "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
mysql_log "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
fi
section_end

9 changes: 2 additions & 7 deletions .github/jobs/ci_settings.sh
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,9 @@ section_end_internal () {
trace_on
}

mysql_root () {
mysql_log () {
# shellcheck disable=SC2086
echo "$1" | mysql -uroot -proot ${2:-} | tee -a "$ARTIFACTS"/mysql.txt
}

mysql_user () {
# shellcheck disable=SC2086
echo "$1" | mysql -udomjudge -pdomjudge ${2:-} | tee -a "$ARTIFACTS"/mysql.txt
echo "$1" | mysql ${2:-} | tee -a "$ARTIFACTS"/mysql.txt
}

section_start () {
Expand Down
8 changes: 3 additions & 5 deletions .github/workflows/database-upgrade.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,17 @@ jobs:
ports:
- 3306:3306
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: domjudge
MYSQL_PASSWORD: domjudge
MYSQL_ROOT_PASSWORD: mysql_root_password
options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- uses: actions/checkout@v4
- name: Import Database
run: mysql -hsqlserver -uroot -proot < .github/jobs/data/dj733.sql
run: mysql -hsqlserver -uroot -pmysql_root_password < .github/jobs/data/dj733.sql
- name: Upgrade DOMjudge
run: .github/jobs/baseinstall.sh default upgrade
- name: Setting initial Admin Password
run: echo "pass" > /opt/domjudge/domserver/etc/initial_admin_password.secret
- name: Check for Errors in the Upgrade
run: mysql -hsqlserver -uroot -proot -e "SHOW TABLES FROM domjudge;"
run: mysql -hsqlserver -uroot -pmysql_root_password -e "SHOW TABLES FROM domjudge;"
- name: Check for Errors in Domjudge Web
run: .github/jobs/webstandard.sh none admin
6 changes: 2 additions & 4 deletions .github/workflows/integration.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,7 @@ jobs:
ports:
- 3306:3306
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: domjudge
MYSQL_PASSWORD: domjudge
MYSQL_ROOT_PASSWORD: mysql_root_password
options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- uses: actions/checkout@v4
Expand Down Expand Up @@ -75,7 +73,7 @@ jobs:
done
- name: dump the db
if: ${{ !cancelled() }}
run: mysqldump -uroot -proot domjudge > /tmp/db.sql
run: mysqldump -uroot -pmysql_root_password domjudge > /tmp/db.sql
- name: Upload database dump for debugging
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v3
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/webstandard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,7 @@ jobs:
ports:
- 3306:3306
env:
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: domjudge
MYSQL_PASSWORD: domjudge
MYSQL_ROOT_PASSWORD: mysql_root_password
options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3
strategy:
matrix:
Expand Down

0 comments on commit 1d535b9

Please sign in to comment.