fix: Resolve all compilation errors and consolidate workflows

bulpara · bulpara · commit c6d8e70ed860 · 2025-09-27T17:56:00.000+03:00
- Fix ApiClient usage in auth modules (use reqwest directly)
- Fix Config parameter passing (not String)
- Fix borrow checker issues with refresh tokens
- Consolidate Docker publishing into release workflow only
- Remove redundant docker.yml workflow
- Docker images now only published for stable releases
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -205,6 +205,53 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         continue-on-error: true # Don't fail if npm publish fails
 
+  publish-docker:
+    name: Publish Docker Image
+    needs: [create-release]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: vlawyer/kanuni
+          tags: |
+            type=semver,pattern={{version}},value=${{ needs.create-release.outputs.version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.create-release.outputs.version }}
+            type=semver,pattern={{major}},value=${{ needs.create-release.outputs.version }}
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
   update-homebrew:
     name: Update Homebrew Formula
     needs: [create-release, build-release]
diff --git a/src/auth/api_key.rs b/src/auth/api_key.rs
@@ -9,7 +9,8 @@ use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
 use super::token_store::{AuthType, StoredCredentials, TokenStore};
-use crate::api::ApiClient;
+use crate::config::Config;
+use reqwest::{Client, StatusCode};
 
 #[derive(Debug, Serialize)]
 pub struct CreateApiKeyRequest {
@@ -43,14 +44,20 @@ pub struct ApiKeyInfo {
 }
 
 pub struct ApiKeyManager {
-    client: ApiClient,
+    client: Client,
+    base_url: String,
     store: TokenStore,
 }
 
 impl ApiKeyManager {
-    pub fn new(api_endpoint: String) -> Result<Self> {
+    pub fn new(config: Config) -> Result<Self> {
+        let client = Client::builder()
+            .timeout(std::time::Duration::from_secs(30))
+            .build()?;
+
         Ok(Self {
-            client: ApiClient::new(api_endpoint),
+            client,
+            base_url: config.api_endpoint.clone(),
             store: TokenStore::new()?,
         })
     }
@@ -87,9 +94,11 @@ impl ApiKeyManager {
             expires_in_days,
         };
 
+        let url = format!("{}/api/v1/account/api-keys", self.base_url);
         let response = self
             .client
-            .post_with_auth("/api/v1/account/api-keys", access_token)
+            .post(&url)
+            .header("Authorization", format!("Bearer {}", access_token))
             .json(&request)
             .send()
             .await?
@@ -157,9 +166,11 @@ impl ApiKeyManager {
         last_4: String,
     ) -> Result<()> {
         // Test the API key by making a request
+        let url = format!("{}/api/v1/auth/profile", self.base_url);
         let response = self
             .client
-            .get_with_api_key("/api/v1/auth/profile", &api_key)
+            .get(&url)
+            .header("X-API-Key", &api_key)
             .send()
             .await?;
 
@@ -197,9 +208,11 @@ impl ApiKeyManager {
     }
 
     pub async fn list_keys(&self, access_token: &str) -> Result<()> {
+        let url = format!("{}/api/v1/account/api-keys", self.base_url);
         let keys = self
             .client
-            .get_with_auth("/api/v1/account/api-keys", access_token)
+            .get(&url)
+            .header("Authorization", format!("Bearer {}", access_token))
             .send()
             .await?
             .error_for_status()?
@@ -255,11 +268,10 @@ impl ApiKeyManager {
             return Ok(());
         }
 
+        let url = format!("{}/api/v1/account/api-keys/{}", self.base_url, key_id);
         self.client
-            .delete_with_auth(
-                &format!("/api/v1/account/api-keys/{}", key_id),
-                access_token,
-            )
+            .delete(&url)
+            .header("Authorization", format!("Bearer {}", access_token))
             .send()
             .await?
             .error_for_status()?;
diff --git a/src/auth/device_flow.rs b/src/auth/device_flow.rs
@@ -6,7 +6,8 @@ use std::time;
 use tokio::time::sleep;
 
 use super::token_store::{AuthType, StoredCredentials, TokenStore};
-use crate::api::ApiClient;
+use crate::config::Config;
+use reqwest::Client;
 
 #[derive(Debug, Serialize)]
 pub struct DeviceFlowRequest {
@@ -46,14 +47,20 @@ pub struct DeviceTokenError {
 }
 
 pub struct DeviceAuth {
-    client: ApiClient,
+    client: Client,
+    base_url: String,
     store: TokenStore,
 }
 
 impl DeviceAuth {
-    pub fn new(api_endpoint: String) -> Result<Self> {
+    pub fn new(config: Config) -> Result<Self> {
+        let client = Client::builder()
+            .timeout(time::Duration::from_secs(30))
+            .build()?;
+
         Ok(Self {
-            client: ApiClient::new(api_endpoint),
+            client,
+            base_url: config.api_endpoint.clone(),
             store: TokenStore::new()?,
         })
     }
@@ -117,9 +124,10 @@ impl DeviceAuth {
             scope: "full_access".to_string(),
         };
 
+        let url = format!("{}/api/v1/auth/device/code", self.base_url);
         let response = self
             .client
-            .post("/api/v1/auth/device/code")
+            .post(&url)
             .json(&request)
             .send()
             .await?
@@ -146,9 +154,10 @@ impl DeviceAuth {
                 client_id: "kanuni-cli".to_string(),
             };
 
+            let url = format!("{}/api/v1/auth/device/token", self.base_url);
             let response = self
                 .client
-                .post("/api/v1/auth/device/token")
+                .post(&url)
                 .json(&request)
                 .send()
                 .await?;
diff --git a/src/auth/mod.rs b/src/auth/mod.rs
@@ -44,7 +44,7 @@ impl AuthManager {
     /// Authenticate using device flow (OAuth)
     pub async fn login_device_flow(&self) -> Result<()> {
         let config = self.config.read().await;
-        let device_auth = DeviceAuth::new(config.api_endpoint.clone())?;
+        let device_auth = DeviceAuth::new(config.clone())?;
         device_auth.authenticate().await?;
 
         // Reload credentials
@@ -72,11 +72,11 @@ impl AuthManager {
         };
 
         let config = self.config.read().await;
-        let manager = ApiKeyManager::new(config.api_endpoint.clone())?;
+        let manager = ApiKeyManager::new(config.clone())?;
 
         manager
             .authenticate_with_key(
-                api_key,
+                api_key.clone(),
                 "CLI Key".to_string(),
                 prefix.to_string(),
                 last_4.to_string(),
@@ -93,7 +93,7 @@ impl AuthManager {
     pub async fn create_api_key(&self) -> Result<()> {
         let access_token = self.get_access_token().await?;
         let config = self.config.read().await;
-        let manager = ApiKeyManager::new(config.api_endpoint.clone())?;
+        let manager = ApiKeyManager::new(config.clone())?;
         manager.create_key(&access_token).await?;
 
         // Reload credentials if user chose to use the new key
@@ -106,7 +106,7 @@ impl AuthManager {
     pub async fn list_api_keys(&self) -> Result<()> {
         let access_token = self.get_access_token().await?;
         let config = self.config.read().await;
-        let manager = ApiKeyManager::new(config.api_endpoint.clone())?;
+        let manager = ApiKeyManager::new(config.clone())?;
         manager.list_keys(&access_token).await
     }
 
@@ -146,13 +146,14 @@ impl AuthManager {
                     return Ok(access_token.clone());
                 }
 
-                // Need to refresh the token
+                // Need to refresh the token - clone what we need before dropping guard
+                let refresh_token_clone = refresh_token.clone();
                 drop(credentials_guard); // Release read lock
 
                 let response = self
                     .client
                     .refresh_token(RefreshRequest {
-                        refresh_token: refresh_token.clone(),
+                        refresh_token: refresh_token_clone.clone(),
                     })
                     .await
                     .context("Failed to refresh token. Please login again.")?;
@@ -162,7 +163,7 @@ impl AuthManager {
                 // Update stored tokens
                 self.store.update_oauth_tokens(
                     response.access_token.clone(),
-                    refresh_token.clone(), // Keep same refresh token
+                    refresh_token_clone, // Use cloned refresh token
                     new_expires_at,
                 )?;
 
