MokoConsulting/MokoCLI
Public Access
1
0
Fork 0
Code Issues 1 Pull Requests Releases 8 Wiki Activity

feat: MySQL export reads from config files, hardcode jmiller permissions

Browse Source 
export-mysql.yml.template:
- Reads MySQL credentials from remote config files automatically:
  - Joomla: configuration.php ($user, $password, $db)
  - Dolibarr: conf/conf.php ($dolibarr_main_db_*)
- No MySQL secrets needed — credentials come from the app config
- Auto-detects platform (Joomla vs Dolibarr)
- Removed DEV_MYSQL_PASSWORD/DEMO_MYSQL_PASSWORD secret requirements

Permission hardcoding:
- Added ALLOWED_USERS="jmiller gitea-actions[bot]" to:
  deploy-demo, deploy-dev, deploy-rs, branch-freeze templates

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jonathan Miller
2026-04-19 17:18:48 -05:00
parent 3834781899
commit 005ae12598
5 changed files with 79 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/workflows/shared/branch-freeze.yml.template
+1
View File
@@ -44,6 +44,7 @@ jobs:
GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
run: |
ACTOR="${{ github.actor }}"
ALLOWED_USERS="jmiller gitea-actions[bot]"
REPO="${{ github.repository }}"
PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \
2>/dev/null | jq -r '.permission' || echo "read")
templates/workflows/shared/deploy-demo.yml.template
+2
View File
@@ -79,6 +79,7 @@ jobs:
GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
run: |
ACTOR="${{ github.actor }}"
ALLOWED_USERS="jmiller gitea-actions[bot]"
REPO="${{ github.repository }}"
ORG="${{ github.repository_owner }}"
@@ -637,6 +638,7 @@ jobs:
REPO="${{ github.repository }}"
RUN_URL="${{ github.server_url }}/${REPO}/actions/runs/${{ github.run_id }}"
ACTOR="${{ github.actor }}"
ALLOWED_USERS="jmiller gitea-actions[bot]"
BRANCH="${{ github.ref_name }}"
EVENT="${{ github.event_name }}"
NOW=$(date -u '+%Y-%m-%d %H:%M:%S UTC')
templates/workflows/shared/deploy-dev.yml.template
+1
View File
@@ -83,6 +83,7 @@ jobs:
GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
run: |
ACTOR="${{ github.actor }}"
ALLOWED_USERS="jmiller gitea-actions[bot]"
REPO="${{ github.repository }}"
ORG="${{ github.repository_owner }}"
templates/workflows/shared/deploy-rs.yml.template
+2
View File
@@ -87,6 +87,7 @@ jobs:
GA_TOKEN: ${{ secrets.GA_TOKEN || secrets.GA_TOKEN || github.token }}
run: |
ACTOR="${{ github.actor }}"
ALLOWED_USERS="jmiller gitea-actions[bot]"
REPO="${{ github.repository }}"
ORG="${{ github.repository_owner }}"
@@ -579,6 +580,7 @@ jobs:
REPO="${{ github.repository }}"
RUN_URL="${{ github.server_url }}/${REPO}/actions/runs/${{ github.run_id }}"
ACTOR="${{ github.actor }}"
ALLOWED_USERS="jmiller gitea-actions[bot]"
BRANCH="${{ github.ref_name }}"
EVENT="${{ github.event_name }}"
NOW=$(date -u '+%Y-%m-%d %H:%M:%S UTC')
templates/workflows/shared/export-mysql.yml.template
+73 -16
View File
@@ -45,18 +45,19 @@ on:
# DEV_SSH_PORT — SSH port (default: 22)
# DEV_SSH_USERNAME — SSH user
# DEV_SSH_KEY — SSH private key
# DEV_MYSQL_DATABASE — Database name (e.g., joomla_dev)
# DEV_MYSQL_USER — MySQL user (default: root)
# DEV_MYSQL_PASSWORD — MySQL password (secret)
# DEV_PULL_PATH — Remote install path (repo variable)
#
# DEMO ENVIRONMENT — secrets/variables:
# DEMO_FTP_HOST — Demo server hostname (reused from deploy)
# DEMO_FTP_PORT — SSH port (reused, default: 22)
# DEMO_FTP_USERNAME — SSH user (reused from deploy)
# DEMO_FTP_KEY — SSH key (reused from deploy)
# DEMO_MYSQL_DATABASEDatabase name
# DEMO_MYSQL_USER — MySQL user
# DEMO_MYSQL_PASSWORD — MySQL password (secret)
# DEMO_FTP_PATH Remote install path (repo variable)
#
# MySQL credentials are read automatically from:
# Joomla: configuration.php ($user, $password, $db)
# Dolibarr: conf/conf.php ($dolibarr_main_db_user, etc.)
# No MySQL secrets needed — credentials come from the remote config file.
# ──────────────────────────────────────────────────────────────
permissions:
@@ -142,25 +143,81 @@ jobs:
PORT="${{ steps.env.outputs.port }}"
USER="${{ steps.env.outputs.user }}"
DB="${{ steps.env.outputs.database }}"
MYSQL_USER="${{ steps.env.outputs.mysql_user }}"
ENV="${{ inputs.environment }}"
CONFIG_PATH="${{ vars.DEV_PULL_PATH || vars.DEMO_FTP_PATH }}"
# Get MySQL password
if [ "$ENV" = "dev" ]; then
MYSQL_PASS="${{ secrets.DEV_MYSQL_PASSWORD }}"
else
MYSQL_PASS="${{ secrets.DEMO_MYSQL_PASSWORD }}"
# Read MySQL credentials from the remote config file
# Joomla: configuration.php → $user, $password, $db
# Dolibarr: conf/conf.php → $dolibarr_main_db_user, $dolibarr_main_db_pass, $dolibarr_main_db_name
echo "Reading MySQL credentials from remote config file..."
CREDS=$(ssh -p "${PORT}" -i ~/.ssh/export_key "${USER}@${HOST}" bash << 'SSHEOF'
# Try Joomla configuration.php first
for cfg in "{{CONFIG_PATH}}/configuration.php" "/var/www/html/configuration.php" "$(find /var/www -name 'configuration.php' -maxdepth 3 2>/dev/null | head -1)"; do
if [ -f "$cfg" ]; then
DB_USER=$(php -r "include '$cfg'; echo \$user ?? '';")
DB_PASS=$(php -r "include '$cfg'; echo \$password ?? '';")
DB_NAME=$(php -r "include '$cfg'; echo \$db ?? '';")
DB_HOST=$(php -r "include '$cfg'; echo \$host ?? 'localhost';")
if [ -n "$DB_USER" ] && [ -n "$DB_NAME" ]; then
echo "TYPE=joomla"
echo "DB_USER=$DB_USER"
echo "DB_PASS=$DB_PASS"
echo "DB_NAME=$DB_NAME"
echo "DB_HOST=$DB_HOST"
exit 0
fi
fi
done
# Try Dolibarr conf/conf.php
for cfg in "{{CONFIG_PATH}}/conf/conf.php" "/var/www/html/conf/conf.php" "$(find /var/www -name 'conf.php' -path '*/conf/*' -maxdepth 4 2>/dev/null | head -1)"; do
if [ -f "$cfg" ]; then
DB_USER=$(php -r "include '$cfg'; echo \$dolibarr_main_db_user ?? '';")
DB_PASS=$(php -r "include '$cfg'; echo \$dolibarr_main_db_pass ?? '';")
DB_NAME=$(php -r "include '$cfg'; echo \$dolibarr_main_db_name ?? '';")
DB_HOST=$(php -r "include '$cfg'; echo \$dolibarr_main_db_host ?? 'localhost';")
if [ -n "$DB_USER" ] && [ -n "$DB_NAME" ]; then
echo "TYPE=dolibarr"
echo "DB_USER=$DB_USER"
echo "DB_PASS=$DB_PASS"
echo "DB_NAME=$DB_NAME"
echo "DB_HOST=$DB_HOST"
exit 0
fi
fi
done
echo "TYPE=not_found"
SSHEOF
)
PLATFORM=$(echo "$CREDS" | grep "^TYPE=" | cut -d= -f2)
MYSQL_USER=$(echo "$CREDS" | grep "^DB_USER=" | cut -d= -f2-)
MYSQL_PASS=$(echo "$CREDS" | grep "^DB_PASS=" | cut -d= -f2-)
DB_NAME=$(echo "$CREDS" | grep "^DB_NAME=" | cut -d= -f2-)
DB_HOST_REMOTE=$(echo "$CREDS" | grep "^DB_HOST=" | cut -d= -f2-)
if [ "$PLATFORM" = "not_found" ]; then
echo "ERROR: Could not find Joomla configuration.php or Dolibarr conf/conf.php on remote server"
exit 1
fi
# Override DB name if explicitly provided
[ -n "$DB" ] && DB_NAME="$DB"
echo "Platform: ${PLATFORM}"
echo "Database: ${DB_NAME} (user: ${MYSQL_USER}, host: ${DB_HOST_REMOTE})"
TIMESTAMP=$(date -u +%Y%m%d_%H%M%S)
FILENAME="${DB}_${ENV}_${TIMESTAMP}.sql"
FILENAME="${DB_NAME}_${ENV}_${TIMESTAMP}.sql"
echo "Exporting ${DB} from ${HOST}..."
echo "Exporting ${DB_NAME} from ${HOST}..."
# Run mysqldump over SSH
# Run mysqldump over SSH using credentials from config file
ssh -p "${PORT}" -i ~/.ssh/export_key "${USER}@${HOST}" \
"mysqldump --single-transaction --no-tablespaces --routines --triggers \
-u ${MYSQL_USER} -p'${MYSQL_PASS}' ${DB}" \
-h ${DB_HOST_REMOTE} -u ${MYSQL_USER} -p'${MYSQL_PASS}' ${DB_NAME}" \
> "/tmp/${FILENAME}" 2>/tmp/mysqldump.err
if [ $? -ne 0 ]; then