Add organization exports

.github/workflows/ci.yml

@@ -4,60 +4,192 @@ permissions:
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [main]
   pull_request:
-    branches: [ "main" ]
+    branches: [main]
 
 env:
   IMAGE_NAME: ${{ github.repository }}
+  DOCKER_HUB_IMAGE_NAME: mvflc/backvault
 
 jobs:
-  build:
+  lint:
+    name: Lint
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Install system dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y gcc libsqlite3-dev libsqlcipher-dev libssl-dev
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.13'
-    - name: Install uv
-      run: pip install uv
-    - name: Install dependencies
-      run: uv sync --dev
-    - name: Lint with ruff
-      run: |
-        uv run ruff check
-        uv run ruff format
-    - name: Test with pytest
-      run: |
-        uv run pytest
-
-  docker-image-test:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install system dependencies
+        run: sudo apt-get update && sudo apt-get install -y libsqlite3-dev libsqlcipher-dev libssl-dev
+
+      - name: Install uv
+        run: pip install uv
+
+      - name: Install dependencies
+        run: uv sync --dev
+
+      - name: Run ruff check
+        run: uv run ruff check
+
+      - name: Run ruff format check
+        run: uv run ruff format --check
+
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gcc libsqlite3-dev libsqlcipher-dev libssl-dev
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Install uv
+        run: pip install uv
+
+      - name: Install dependencies
+        run: uv sync --dev
+
+      - name: Run pytest
+        run: uv run pytest -v --cov=src --cov-report=xml --cov-report=term
+
+      - name: Upload coverage
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: coverage
+          path: coverage.xml
+          retention-days: 7
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          files: ./coverage.xml
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+
+  docker-build:
+    name: Docker Build (${{ matrix.platform }})
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         platform:
           - linux/amd64
           - linux/arm64
           - linux/arm/v7
     steps:
       - uses: actions/checkout@v4
-      - name: Sanitize ref name for docker tag
-        id: sanitize_ref
-        run: echo "ref_name=$(echo ${{ github.ref_name }} | sed 's/\//-/g')" >> $GITHUB_OUTPUT
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+
+      - name: Set platform slug
+        id: platform-slug
+        run: |
+          PLATFORM="${{ matrix.platform }}"
+          echo "slug=${PLATFORM//\//-}" >> "$GITHUB_OUTPUT"
+
       - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          platforms: ${{ matrix.platform }}
+          load: true
+          tags: |
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Verify Bitwarden CLI
+        run: |
+          docker run --rm --platform ${{ matrix.platform }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test \
+            bw --version
+
+      - name: Verify supercronic
+        run: |
+          docker run --rm --platform ${{ matrix.platform }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test \
+            supercronic --version
+
+      - name: Verify Python
+        run: |
+          docker run --rm --platform ${{ matrix.platform }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test \
+            python3 --version
+
+      - name: Verify entrypoint is executable
+        run: |
+          docker run --rm --platform ${{ matrix.platform }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test \
+            test -x /app/entrypoint.sh
+
+      - name: Verify run script is executable
         run: |
-          docker buildx build --platform=${{ matrix.platform }} --load \
-            -t ${{ env.IMAGE_NAME }}:${{ steps.sanitize_ref.outputs.ref_name }}-test \
-            .
-      - name: Run test
+          docker run --rm --platform ${{ matrix.platform }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test \
+            test -x /app/run.sh
+
+      - name: Verify required directories exist
         run: |
-          docker run --rm --platform ${{ matrix.platform }} ${{ env.IMAGE_NAME }}:${{ steps.sanitize_ref.outputs.ref_name }}-test bw --version
+          docker run --rm --platform ${{ matrix.platform }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.platform-slug.outputs.slug }}-test \
+            sh -c 'test -d /app/backups && test -d /app/db && test -d /app/logs'
+
+  docker-push:
+    name: Docker Push
+    needs: [docker-build, lint, unit-tests]
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Build and push multi-arch image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: |
+            ghcr.io/${{ env.IMAGE_NAME }}:latest
+            ghcr.io/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}
+            ${{ env.DOCKER_HUB_IMAGE_NAME }}:latest
+            ${{ env.DOCKER_HUB_IMAGE_NAME }}:sha-${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/e2e.yml

@@ -0,0 +1,125 @@
+name: E2E Tests
+permissions:
+  contents: read
+  actions: read
+
+on:
+  workflow_run:
+    workflows: [CI]
+    types: [completed]
+    branches: [main]
+  pull_request:
+    paths:
+      - 'tests/**'
+      - '.github/workflows/e2e.yml'
+      - 'src/**'
+  workflow_dispatch:
+
+env:
+  IMAGE_NAME: docker.io/mvflc/backvault
+  VAULTWARDEN_PORT: '8888'
+  VAULTWARDEN_URL: http://localhost:8888
+
+jobs:
+  e2e:
+    name: E2E Tests
+    if: >
+      (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') ||
+      (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) ||
+      github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    services:
+      vaultwarden:
+        image: vaultwarden/server:latest
+        env:
+          SIGNUPS_ALLOWED: "true"
+          ADMIN_TOKEN: ${{ secrets.ADMIN_TOKEN }}
+          I_REALLY_WANT_VOLATILE_STORAGE: "true"
+        ports:
+          - 8888:80
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Cleanup appgroup
+        run: |
+          sudo delgroup appgroup 2>/dev/null || true
+          sudo deluser appuser 2>/dev/null || true
+
+      - name: Validate ADMIN_TOKEN
+        env:
+          ADMIN_TOKEN: ${{ secrets.ADMIN_TOKEN }}
+        run: |
+          if [ -z "$ADMIN_TOKEN" ]; then
+            echo "Error: ADMIN_TOKEN secret is required"
+            exit 1
+          fi
+
+      - name: Pull test image
+        run: |
+          docker pull docker.io/mvflc/backvault:test
+          docker tag docker.io/mvflc/backvault:test ${{ env.IMAGE_NAME }}:test
+
+      - name: Wait for Vaultwarden
+        run: |
+          for i in $(seq 1 30); do
+            HTTP_CODE=$(curl -so /dev/null -w '%{http_code}' -L "http://localhost:8888/api/config" 2>/dev/null)
+            if [ "$HTTP_CODE" = "200" ]; then
+              echo "Vaultwarden is ready (HTTP $HTTP_CODE)"
+              exit 0
+            fi
+            echo "Attempt $i/30: Waiting... (HTTP $HTTP_CODE)"
+            sleep 2
+          done
+          echo "Error: Vaultwarden failed to start"
+          exit 1
+
+      - name: Verify Vaultwarden is running
+        run: |
+          HTTP_CODE=$(curl -so /dev/null -w '%{http_code}' -L "http://localhost:8888/api/config" 2>/dev/null)
+          if [ "$HTTP_CODE" != "200" ]; then
+            echo "Error: Vaultwarden health check failed (HTTP $HTTP_CODE)"
+            exit 1
+          fi
+          echo "Vaultwarden health check passed"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install system dependencies
+        run: sudo apt-get update && sudo apt-get install -y libsqlite3-dev libsqlcipher-dev libssl-dev
+
+      - name: Install Bitwarden CLI
+        run: |
+          npm install -g @bitwarden/cli
+
+      - name: Install dependencies
+        run: |
+          pip install uv
+          uv sync --dev
+
+      - name: Run E2E tests
+        env:
+          VAULTWARDEN_URL: ${{ env.VAULTWARDEN_URL }}
+          BW_TEST_EMAIL: ${{ secrets.BW_TEST_EMAIL }}
+          BW_TEST_PASSWORD: ${{ secrets.BW_TEST_PASSWORD }}
+          BW_TEST_MASTER_PASSWORD: ${{ secrets.BW_TEST_MASTER_PASSWORD }}
+          IMAGE_NAME: ${{ env.IMAGE_NAME }}:test
+        run: uv run pytest tests/test_e2e.py -v -m e2e -o "addopts="
+
+      - name: Cleanup Docker buildx
+        if: always()
+        run: |
+          docker buildx prune --all -f 2>/dev/null || true