Update project dependencies and E2E coverage

.env.example

@@ -1,19 +1,51 @@
-PG__DBNAME=db
-PG__HOST=127.0.0.1
-PG__PORT=5432
 RUST_LOG="INFO"
 BUILD_MODE=debug
-ENABLE_REGISTRATION=true
-SMTP_HOST=smtp.example.com
-SMTP_USER=user
-SMTP_PASS=password
-SMTP_FROM=noreply@example.com
-COOKIE_SECRET=supersecretkeymustbeatleast64byteslongforsecurityreasons1234567890
-FRONTEND_URL=http://localhost:3000
-MINIO_ACCESS_KEY=minioadmin
-MINIO_SECRET_KEY=minioadmin
-MINIO_URL=http://localhost:9000/
-S3_BUCKET_NAME=memory-map
-SERVER_HOST=127.0.0.1
-SERVER_PORT=8000
-CORS_ALLOWED_ORIGINS=http://127.0.0.1:3000
+
+MEMORY_MAP__PG__DBNAME=db
+MEMORY_MAP__PG__HOST=127.0.0.1
+MEMORY_MAP__PG__PORT=5432
+
+MEMORY_MAP__SERVER__HOST=127.0.0.1
+MEMORY_MAP__SERVER__PORT=8000
+
+MEMORY_MAP__SMTP__HOST=smtp.example.com
+MEMORY_MAP__SMTP__USER=user
+MEMORY_MAP__SMTP__PASS=password
+MEMORY_MAP__SMTP__FROM=noreply@example.com
+
+MEMORY_MAP__AUTH__COOKIE_SECRET=supersecretkeymustbeatleast64byteslongforsecurityreasons1234567890
+MEMORY_MAP__AUTH__ENABLE_REGISTRATION=true
+
+MEMORY_MAP__FRONTEND__URL=http://localhost:3000
+
+MEMORY_MAP__CORS__ALLOWED_ORIGINS=http://127.0.0.1:3000
+
+MEMORY_MAP__STORAGE__ENDPOINT_URL=http://127.0.0.1:9000/
+MEMORY_MAP__STORAGE__PUBLIC_ENDPOINT_URL=http://127.0.0.1:9000/
+MEMORY_MAP__STORAGE__ACCESS_KEY=memorymapdev
+MEMORY_MAP__STORAGE__SECRET_KEY=memorymapdevsecret
+MEMORY_MAP__STORAGE__BUCKET_NAME=memory-map
+MEMORY_MAP__STORAGE__REGION=us-east-1
+MEMORY_MAP__STORAGE__FORCE_PATH_STYLE=true
+MEMORY_MAP__STORAGE__PRESIGNED_URL_TTL_SECONDS=604800
+
+MEMORY_MAP__OBJECT_LIFECYCLE__PENDING_UPLOAD_TIMEOUT_SECONDS=3600
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_MAX_FILE_SIZE_BYTES=1073741824
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_PART_SIZE_BYTES=8388608
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_MAX_PART_COUNT=10000
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_SESSION_TTL_SECONDS=3600
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_SESSION_CLEANUP_RETRY_SECONDS=60
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_SESSION_CLEANUP_LEASE_SECONDS=300
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_SESSION_CLEANUP_MAX_ATTEMPTS=10
+MEMORY_MAP__OBJECT_LIFECYCLE__UPLOAD_SESSION_CLEANUP_BATCH_SIZE=1000
+MEMORY_MAP__OBJECT_LIFECYCLE__STORAGE_DELETION_RETRY_SECONDS=60
+MEMORY_MAP__OBJECT_LIFECYCLE__STORAGE_DELETION_LEASE_SECONDS=300
+MEMORY_MAP__OBJECT_LIFECYCLE__MAINTENANCE_INTERVAL_SECONDS=30
+MEMORY_MAP__OBJECT_LIFECYCLE__STORAGE_DELETION_BATCH_SIZE=1000
+MEMORY_MAP__OBJECT_LIFECYCLE__STORAGE_DELETION_MAX_ATTEMPTS=10
+
+MEMORY_MAP__EMAIL_OUTBOX__RETRY_SECONDS=60
+MEMORY_MAP__EMAIL_OUTBOX__LEASE_SECONDS=300
+MEMORY_MAP__EMAIL_OUTBOX__WORKER_INTERVAL_SECONDS=30
+MEMORY_MAP__EMAIL_OUTBOX__BATCH_SIZE=100
+MEMORY_MAP__EMAIL_OUTBOX__MAX_ATTEMPTS=10

.github/actions/free-runner-space/action.yml

@@ -0,0 +1,12 @@
+name: Free runner disk space
+description: Remove unused hosted-runner tool caches before disk-heavy CI jobs.
+runs:
+  using: composite
+  steps:
+    - name: Free runner disk space
+      shell: bash
+      run: |
+        df -h
+        sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
+        docker system prune --all --force || true
+        df -h

.github/workflows/ci.yml

@@ -10,6 +10,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 env:
   CARGO_TERM_COLOR: always
   SKIP_DIRENV: "1"
@@ -22,6 +25,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
       - run: cd devenv && nix fmt -- --ci
 
   check:
@@ -31,6 +37,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
       - run: nix develop ./devenv/ --command just check
 
   clippy:
@@ -40,6 +49,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
       - run: nix develop ./devenv/ --command just clippy
 
   test:
@@ -49,6 +61,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
       - run: nix develop ./devenv/ --command just test
 
   doc:
@@ -58,6 +73,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
       - run: nix develop ./devenv/ --command just doc
 
   deny:
@@ -67,6 +85,9 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
       - run: nix develop ./devenv/ --command just deny
 
   frontend:
@@ -76,4 +97,75 @@ jobs:
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
+      - run: nix develop ./devenv/ --command just frontend-config
       - run: nix develop ./devenv/ --command just frontend-build
+
+  storage-integration:
+    name: Storage Integration
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/free-runner-space
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
+      - run: nix develop ./devenv/ --command just storage-ci
+      - name: Upload process-compose log
+        if: failure()
+        uses: actions/upload-artifact@v7
+        with:
+          name: process-compose-log
+          path: process-compose.log
+          if-no-files-found: ignore
+
+  backend-integration:
+    name: Backend Integration
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/free-runner-space
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
+      - run: nix develop ./devenv/ --command just backend-integration
+      - name: Upload backend integration logs
+        if: failure()
+        uses: actions/upload-artifact@v7
+        with:
+          name: backend-integration-logs
+          path: backend-integration-logs/
+          if-no-files-found: ignore
+
+  e2e:
+    name: E2E
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/free-runner-space
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+        with:
+          use-flakehub: false
+          use-gha-cache: true
+      - run: nix develop ./devenv/ --command just e2e
+      - name: Upload E2E logs and artifacts
+        if: failure()
+        uses: actions/upload-artifact@v7
+        with:
+          name: e2e-artifacts
+          path: |
+            e2e-logs/
+            frontend/playwright-report/
+            frontend/test-results/
+            frontend/blob-report/
+          if-no-files-found: ignore

.github/workflows/update-cargo-deps.yml

@@ -15,17 +15,38 @@ jobs:
       contents: write
       pull-requests: write
     steps:
+      - name: Generate app token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
 
       - name: Update Cargo dependencies
         run: nix develop ./devenv/ --command cargo update
 
+      - name: Check for changes
+        id: diff
+        run: |
+          if git diff --quiet Cargo.lock; then
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Disable git hooks
+        if: steps.diff.outputs.changed == 'true'
+        run: git config --unset core.hooksPath || true
+
       - name: Create pull request
+        if: steps.diff.outputs.changed == 'true'
         uses: peter-evans/create-pull-request@v7
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           commit-message: "chore: update Cargo dependencies"
           branch: update-cargo-deps
           title: "chore: update Cargo dependencies"

.github/workflows/update-nixpkgs.yml

@@ -1,4 +1,4 @@
-name: Update nixpkgs
+name: Update Nix flake inputs
 
 on:
   schedule:
@@ -12,19 +12,40 @@ jobs:
       contents: write
       pull-requests: write
     steps:
+      - name: Generate app token
+        id: app-token
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: actions/checkout@v6
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
 
-      - name: Update nixpkgs input
-        run: nix flake update nixpkgs --flake ./devenv/
+      - name: Update Nix flake inputs
+        run: nix flake update --flake ./devenv/
+
+      - name: Check for changes
+        id: diff
+        run: |
+          if git diff --quiet devenv/flake.lock; then
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Disable git hooks
+        if: steps.diff.outputs.changed == 'true'
+        run: git config --unset core.hooksPath || true
 
       - name: Create pull request
+        if: steps.diff.outputs.changed == 'true'
         uses: peter-evans/create-pull-request@v7
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: "chore: update nixpkgs input"
-          branch: update-nixpkgs
-          title: "chore: update nixpkgs input"
+          token: ${{ steps.app-token.outputs.token }}
+          commit-message: "chore: update Nix flake inputs"
+          branch: update-nix-flake-inputs
+          title: "chore: update Nix flake inputs"
           body: |
-            Automated weekly update of the `nixpkgs` flake input.
+            Automated weekly update of moving Nix flake inputs.

.gitignore

@@ -1,9 +1,24 @@
 target/
-data/
+data/minio1/
+data/pg1/
+data/postgres/
+data/rustfs/
 .env
+config.toml
+config.local.toml
+frontend/public/config.json
 .direnv/
-.cache/test-output/
+/result
+/result-*
+process-compose.log
+backend-integration-logs/
+e2e-logs/
+frontend/playwright-report/
+frontend/test-results/
+frontend/blob-report/
 .claude/worktrees/
 .codex/worktrees/
 .pre-commit-config.yaml
 .playwright-mcp/
+.cargo-deny/
+*.code-workspace