Set a more grep-able admin password

eldering · eldering · commit b9d107b0bfb1 · 2024-11-27T00:28:40.000+01:00
Also don't set this explicitly in `workflows/database-upgrade.yml`
as it is already set in `jobs/baseinstall.sh` called before.
Don't pass admin:password to the API check as it already uses
curl with `-n` option to read from `~/.netrc`.
diff --git a/.github/jobs/baseinstall.sh b/.github/jobs/baseinstall.sh
@@ -17,9 +17,9 @@ composer install --no-scripts |tee "$ARTIFACTS"/composer_out.txt
 cd ..
 section_end
 
-section_start "Set simple admin password"
-echo "password" > ./etc/initial_admin_password.secret
-echo "default login admin password password" > ~/.netrc
+section_start "Set admin password"
+echo "admin_password" > ./etc/initial_admin_password.secret
+echo "default login admin password admin_password" > ~/.netrc
 section_end
 
 section_start "Install domserver"
diff --git a/.github/workflows/database-upgrade.yml b/.github/workflows/database-upgrade.yml
@@ -28,8 +28,6 @@ jobs:
         run: mysql -hsqlserver -uroot -proot < .github/jobs/data/dj733.sql
       - name: Upgrade DOMjudge
         run: .github/jobs/baseinstall.sh default upgrade
-      - name: Setting initial Admin Password
-        run: echo "pass" > /opt/domjudge/domserver/etc/initial_admin_password.secret
       - name: Check for Errors in the Upgrade
         run: mysql -hsqlserver -uroot -proot -e "SHOW TABLES FROM domjudge;"
       - name: Check for Errors in Domjudge Web
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -45,9 +45,9 @@ jobs:
       - name: Configure print command
         working-directory: submit
         run: |
-          curl --fail -u 'admin:password' -X 'GET' 'http://localhost/domjudge/api/v4/config?strict=false' \
+          curl --fail -X GET -n 'http://localhost/domjudge/api/v4/config?strict=false' \
             | jq '.print_command |= "cp [file] /tmp/dj-printfile"' \
-            | curl --fail -u 'admin:password' -X 'PUT' -T - 'http://localhost/domjudge/api/v4/config?strict=false' \
+            | curl --fail -X PUT -n -T - 'http://localhost/domjudge/api/v4/config?strict=false' \
       - name: Testing submit client
         working-directory: submit
         run: make check-full
@@ -103,8 +103,9 @@ jobs:
           export CURLOPTS="--fail -sq -m 30 -b /tmp/cookiejar"
           # Make an initial request which will get us a session id, and grab the csrf token from it
           CSRFTOKEN=$(curl $CURLOPTS -c /tmp/cookiejar "http://localhost/domjudge/login" | sed -n 's/.*_csrf_token.*value="\(.*\)".*/\1/p')
+          ADMINPASS=$(cat etc/initial_admin_password.secret)
           # Make a second request with our session + csrf token to actually log in
-          curl $CURLOPTS -c /tmp/cookiejar -F "_csrf_token=$CSRFTOKEN" -F "_username=admin" -F "_password=password" "http://localhost/domjudge/login"
+          curl $CURLOPTS -c /tmp/cookiejar -F "_csrf_token=$CSRFTOKEN" -F "_username=admin" -F "_password=$ADMINPASS" "http://localhost/domjudge/login"
           # Send a general clarification to later test if we see the event.
           curl $CURLOPTS -F "sendto=" -F "problem=1-" -F "bodytext=Testing" -F "submit=Send" \
                "http://localhost/domjudge/jury/clarifications/send" -o /dev/null
@@ -149,4 +150,4 @@ jobs:
           export CCS_SPECS_PINNED_SHA1='a68aff54c4e60fc2bff2fc5c36c119bffa4d30f1'
           ( cd ccs-specs && git reset --hard $CCS_SPECS_PINNED_SHA1 )
           export CHECK_API="${HOME}/ccs-specs/check-api.sh -j ${HOME}/yajsv"
-          $CHECK_API -n -C -e -a 'strict=1' http://admin:password@localhost/domjudge/api
+          $CHECK_API -n -C -e -a 'strict=1' http://localhost/domjudge/api
