Skip to content

Commit cb023c6

Browse files
elderingeldering
committed
Set a more grep-able mysql root password in CI jobs, drop domjudge user
The domjudge mysql user should be created by our setup scripts, so that we test these and need to set the password only in one place. Also don't explicitly pass root user/password to dj_setup_database script. It will infer it from `~/.my.cnf`. Rename mysql_root to mysql_log helper to clarify behaviour.
1 parent b9d107b commit cb023c6

File tree

5 files changed

+30
-44
lines changed

5 files changed

+30
-44
lines changed

.github/jobs/baseinstall.sh

+22-25
Original file line numberDiff line numberDiff line change
@@ -50,32 +50,30 @@ cat > ~/.my.cnf <<EOF
5050
[client]
5151
host=sqlserver
5252
user=root
53-
password=root
53+
password=mysql_root_password
5454
EOF
5555
cat ~/.my.cnf
5656

57-
mysql_root "CREATE DATABASE IF NOT EXISTS \`domjudge\` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
58-
mysql_root "CREATE USER IF NOT EXISTS \`domjudge\`@'%' IDENTIFIED BY 'domjudge';"
59-
mysql_root "GRANT SELECT, INSERT, UPDATE, DELETE ON \`domjudge\`.* TO 'domjudge'@'%';"
60-
mysql_root "FLUSH PRIVILEGES;"
57+
mysql_log "CREATE DATABASE IF NOT EXISTS \`domjudge\` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
58+
mysql_log "CREATE USER IF NOT EXISTS \`domjudge\`@'%' IDENTIFIED BY 'domjudge';"
59+
mysql_log "GRANT SELECT, INSERT, UPDATE, DELETE ON \`domjudge\`.* TO 'domjudge'@'%';"
60+
mysql_log "FLUSH PRIVILEGES;"
61+
echo "unused:sqlserver:domjudge:domjudge:domjudge:3306" > /opt/domjudge/domserver/etc/dbpasswords.secret
6162

6263
# Show some MySQL debugging
63-
mysql_root "show databases"
64-
mysql_root "SELECT CURRENT_USER();"
65-
mysql_root "SELECT USER();"
66-
mysql_root "SELECT user,host FROM mysql.user"
67-
echo "unused:sqlserver:domjudge:domjudge:domjudge:3306" > /opt/domjudge/domserver/etc/dbpasswords.secret
68-
mysql_user "SELECT CURRENT_USER();"
69-
mysql_user "SELECT USER();"
64+
mysql_log "show databases"
65+
mysql_log "SELECT CURRENT_USER();"
66+
mysql_log "SELECT USER();"
67+
mysql_log "SELECT user,host FROM mysql.user"
7068
section_end
7169

7270
if [ "${db}" = "install" ]; then
7371
section_start "Install DOMjudge database"
74-
/opt/domjudge/domserver/bin/dj_setup_database -uroot -proot bare-install
72+
/opt/domjudge/domserver/bin/dj_setup_database bare-install
7573
section_end
7674
elif [ "${db}" = "upgrade" ]; then
7775
section_start "Upgrade DOMjudge database"
78-
/opt/domjudge/domserver/bin/dj_setup_database -uroot -proot upgrade
76+
/opt/domjudge/domserver/bin/dj_setup_database upgrade
7977
section_end
8078
fi
8179

@@ -113,30 +111,29 @@ section_end
113111

114112
if [ "${db}" = "install" ]; then
115113
section_start "Install the example data"
116-
/opt/domjudge/domserver/bin/dj_setup_database -uroot -proot install-examples | tee -a "$ARTIFACTS/mysql.txt"
114+
/opt/domjudge/domserver/bin/dj_setup_database install-examples | tee -a "$ARTIFACTS/mysql.txt"
117115
section_end
118116
fi
119117

120118
section_start "Setup user"
121119
# We're using the admin user in all possible roles
122-
mysql_root "DELETE FROM userrole WHERE userid=1;" domjudge
120+
mysql_log "DELETE FROM userrole WHERE userid=1;" domjudge
123121
if [ "$version" = "team" ]; then
124122
# Add team to admin user
125-
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
126-
mysql_root "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
123+
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
124+
mysql_log "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
127125
elif [ "$version" = "jury" ]; then
128126
# Add jury to admin user
129-
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 2);" domjudge
127+
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 2);" domjudge
130128
elif [ "$version" = "balloon" ]; then
131129
# Add balloon to admin user
132-
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 4);" domjudge
130+
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 4);" domjudge
133131
elif [ "$version" = "admin" ]; then
134132
# Add admin to admin user
135-
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
133+
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
136134
elif [ "$version" = "all" ]; then
137-
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
138-
mysql_root "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
139-
mysql_root "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
135+
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 1);" domjudge
136+
mysql_log "INSERT INTO userrole (userid, roleid) VALUES (1, 3);" domjudge
137+
mysql_log "UPDATE user SET teamid = 1 WHERE userid = 1;" domjudge
140138
fi
141139
section_end
142-

.github/jobs/ci_settings.sh

100644100755
+2-7
Original file line numberDiff line numberDiff line change
@@ -24,14 +24,9 @@ section_end_internal () {
2424
trace_on
2525
}
2626

27-
mysql_root () {
27+
mysql_log () {
2828
# shellcheck disable=SC2086
29-
echo "$1" | mysql -uroot -proot ${2:-} | tee -a "$ARTIFACTS"/mysql.txt
30-
}
31-
32-
mysql_user () {
33-
# shellcheck disable=SC2086
34-
echo "$1" | mysql -udomjudge -pdomjudge ${2:-} | tee -a "$ARTIFACTS"/mysql.txt
29+
echo "$1" | mysql ${2:-} | tee -a "$ARTIFACTS"/mysql.txt
3530
}
3631

3732
section_start () {

.github/workflows/database-upgrade.yml

+3-5
Original file line numberDiff line numberDiff line change
@@ -18,17 +18,15 @@ jobs:
1818
ports:
1919
- 3306:3306
2020
env:
21-
MYSQL_ROOT_PASSWORD: root
22-
MYSQL_USER: domjudge
23-
MYSQL_PASSWORD: domjudge
21+
MYSQL_ROOT_PASSWORD: mysql_root_password
2422
options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3
2523
steps:
2624
- uses: actions/checkout@v4
2725
- name: Import Database
28-
run: mysql -hsqlserver -uroot -proot < .github/jobs/data/dj733.sql
26+
run: mysql -hsqlserver -uroot -pmysql_root_password < .github/jobs/data/dj733.sql
2927
- name: Upgrade DOMjudge
3028
run: .github/jobs/baseinstall.sh default upgrade
3129
- name: Check for Errors in the Upgrade
32-
run: mysql -hsqlserver -uroot -proot -e "SHOW TABLES FROM domjudge;"
30+
run: mysql -hsqlserver -uroot -pmysql_root_password -e "SHOW TABLES FROM domjudge;"
3331
- name: Check for Errors in Domjudge Web
3432
run: .github/jobs/webstandard.sh none admin

.github/workflows/integration.yml

+2-4
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,7 @@ jobs:
1919
ports:
2020
- 3306:3306
2121
env:
22-
MYSQL_ROOT_PASSWORD: root
23-
MYSQL_USER: domjudge
24-
MYSQL_PASSWORD: domjudge
22+
MYSQL_ROOT_PASSWORD: mysql_root_password
2523
options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3
2624
steps:
2725
- uses: actions/checkout@v4
@@ -81,7 +79,7 @@ jobs:
8179
done
8280
- name: dump the db
8381
if: ${{ !cancelled() }}
84-
run: mysqldump -uroot -proot domjudge > /tmp/db.sql
82+
run: mysqldump -uroot -pmysql_root_password domjudge > /tmp/db.sql
8583
- name: Upload database dump for debugging
8684
if: ${{ !cancelled() }}
8785
uses: actions/upload-artifact@v3

.github/workflows/webstandard.yml

+1-3
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,7 @@ jobs:
1717
ports:
1818
- 3306:3306
1919
env:
20-
MYSQL_ROOT_PASSWORD: root
21-
MYSQL_USER: domjudge
22-
MYSQL_PASSWORD: domjudge
20+
MYSQL_ROOT_PASSWORD: mysql_root_password
2321
options: --health-cmd="healthcheck.sh --connect --innodb_initialized" --health-interval=10s --health-timeout=5s --health-retries=3
2422
strategy:
2523
matrix:

0 commit comments

Comments
 (0)