Initial: Gitea heatmap sidecar with private contributions
This commit is contained in:
didericis
@@ -0,0 +1,20 @@
|
||||
-- Set up a read-only Postgres user that can SELECT only what the sidecar needs.
|
||||
-- Run as a superuser against the Gitea database.
|
||||
--
|
||||
-- psql -U postgres -d gitea -f setup.sql
|
||||
--
|
||||
-- Replace 'CHANGE_ME' with a real password and update DATABASE_URL accordingly.
|
||||
|
||||
CREATE USER heatmap_ro WITH PASSWORD 'CHANGE_ME';
|
||||
|
||||
GRANT CONNECT ON DATABASE gitea TO heatmap_ro;
|
||||
GRANT USAGE ON SCHEMA public TO heatmap_ro;
|
||||
|
||||
-- Only two tables. If Gitea ever renames them, the service breaks loudly,
|
||||
-- which is what we want.
|
||||
GRANT SELECT ON "action" TO heatmap_ro;
|
||||
GRANT SELECT ON "user" TO heatmap_ro;
|
||||
|
||||
-- Sanity check: confirm the user can read what we expect.
|
||||
-- \c gitea heatmap_ro
|
||||
-- SELECT count(*) FROM "action";
|
||||
Reference in New Issue
Block a user