refactor: use tinyauthapp/paerser instead of traefik/paerser

[steveiliop56]

Summary by CodeRabbit

• Chores
  • Streamlined continuous integration and build workflows by removing redundant initialization and patch application steps.
  • Updated Go module dependencies and related framework libraries for improved stability and maintainability.
  • Simplified project setup instructions in contribution documentation.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR removes the local paerser git submodule and replaces it with an external Go module dependency from the tinyauthapp GitHub organization. All import paths are updated from github.com/traefik/paerser to github.com/tinyauthapp/paerser, CI workflows are simplified, and Dockerfiles no longer reference the local directory.

Changes

Cohort / File(s)	Summary
CI Workflow Configuration .github/workflows/ci.yml, .github/workflows/nightly.yml, .github/workflows/release.yml	Removed git submodule init/update and git apply patch steps across all workflow jobs. Dependencies now resolved through go mod download.
Git Configuration .gitmodules	Removed paerser submodule entry including local path, remote URL, and ignore directive.
Documentation CONTRIBUTING.md	Removed submodule initialization and patch application instructions; setup now uses go mod tidy directly.
Docker Build Configuration Dockerfile, Dockerfile.dev, Dockerfile.distroless	Removed COPY ./paerser steps from builder stages; paerser now sourced via Go module dependency.
Go Module Management go.mod	Removed local replace directive for paerser; updated dependency from github.com/traefik/paerser v0.2.2 to github.com/tinyauthapp/paerser v0.0.0-20260410140347-85c3740d6298. Updated transitive dependencies; added dario.cat/mergo.
CLI Command Import Updates cmd/tinyauth/create_oidc_client.go, cmd/tinyauth/create_user.go, cmd/tinyauth/generate_totp.go, cmd/tinyauth/healthcheck.go, cmd/tinyauth/tinyauth.go, cmd/tinyauth/verify_user.go, cmd/tinyauth/version.go	Updated import path from github.com/traefik/paerser/cli to github.com/tinyauthapp/paerser/cli.
Internal Decoder/Loader Import Updates internal/utils/decoders/label_decoder.go, internal/utils/loaders/loader_env.go, internal/utils/loaders/loader_file.go, internal/utils/loaders/loader_flag.go	Updated import paths from github.com/traefik/paerser/... to github.com/tinyauthapp/paerser/... for cli, env, file, flag, and parser packages.
Submodule & Patch Removal paerser, patches/nested_maps.diff	Removed git submodule pointer; deleted 95-line nested maps patch file that contained workaround logic for string nodes with children (removed test case and special-case handling in parser/nodes_metadata.go).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: non-docker acls #549: Inverse operation—adds paerser submodule initialization and patch application steps along with modifications to same CI workflows, .gitmodules, and Dockerfile COPY directives.
• feat: header based acls #337: Modifies decoder code paths (particularly internal/utils/decoders/label_decoder.go) and paerser/parser import usage.
• revert: "feat: header based acls" #340: Touches internal/utils/decoders/label_decoder.go and paerser-related decoding infrastructure.

Suggested reviewers

• Rycochet

---

🐰✨ A submodule went away today,
Paerser now in a cleaner way,
Imports all aligned with glee,
From traefik to tinyauthapp we flee!
Go mod download saves the day. 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: migrating from traefik/paerser to tinyauthapp/paerser, which is evident across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch refactor/tinyauthapp-paerser

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dosubot]

Documentation Updates

1 document(s) were updated by changes in this PR:

contributing

View Changes

@@ -20,23 +20,6 @@
 ```sh
 git clone https://github.com/steveiliop56/tinyauth
 cd tinyauth
-```
-
-## Initialize Submodules
-
-The project uses Git submodules for some dependencies, so you need to initialize them with:
-
-```sh
-git submodule init
-git submodule update
-```
-
-## Apply patches
-
-Some of the dependencies must be patched in order to work correctly with the project, you can apply the patches by running:
-
-```sh
-git apply --directory paerser/ patches/nested_maps.diff
 ```
 
 ## Installing Requirements

^{How did I do? Any feedback?}  

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 19.82%. Comparing base (8b91ce0) to head (a874ef5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #781   +/-   ##
=======================================
  Coverage   19.82%   19.82%           
=======================================
  Files          50       50           
  Lines        3960     3960           
=======================================
  Hits          785      785           
  Misses       3104     3104           
  Partials       71       71           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/ci.yml (1)

23-24: Add go mod verify to verify module cache integrity.

Line 24 downloads modules but does not verify module cache integrity. Adding go mod verify is a cheap hardening step for supply-chain safety in CI.

Proposed workflow tweak

-      - name: Go dependencies
-        run: go mod download
+      - name: Go dependencies
+        run: |
+          go mod download
+          go mod verify

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 23 - 24, Add a verification step after
the "Go dependencies" step to run `go mod verify` so the CI checks module cache
integrity; modify the "Go dependencies" job step (the step named "Go
dependencies" that currently runs `go mod download`) to also execute `go mod
verify` (either by chaining commands in the same run or adding a follow-up step)
so module checks occur after download.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 19: The repo is missing regression tests that ensure EnvLoader.Load and
FlagLoader.Load handle nested-map configurations after switching to the
tinyauthapp/paerser fork; add tests analogous to TestDecodeLabels that exercise
env and flag decoding with nested maps to loader_env_test.go and
loader_flag_test.go, respectively. Create table-driven tests that set
environment variables and command-line flags representing nested keys, call
EnvLoader.Load(...) and FlagLoader.Load(...), then assert the resulting
map/struct contains the expected nested entries (use the same sample nested
structure used in TestDecodeLabels for parity) and include failure messages;
reference EnvLoader.Load, FlagLoader.Load, and TestDecodeLabels when
implementing these tests so they mirror the existing decoding expectations and
will catch regressions in the forked parser.

---

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 23-24: Add a verification step after the "Go dependencies" step to
run `go mod verify` so the CI checks module cache integrity; modify the "Go
dependencies" job step (the step named "Go dependencies" that currently runs `go
mod download`) to also execute `go mod verify` (either by chaining commands in
the same run or adding a follow-up step) so module checks occur after download.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 380f5f88-4fa2-4b0d-b78d-2a474e4d4255

📥 Commits

Reviewing files that changed from the base of the PR and between 8b91ce0 and a874ef5.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (22)

• .github/workflows/ci.yml
• .github/workflows/nightly.yml
• .github/workflows/release.yml
• .gitmodules
• CONTRIBUTING.md
• Dockerfile
• Dockerfile.dev
• Dockerfile.distroless
• cmd/tinyauth/create_oidc_client.go
• cmd/tinyauth/create_user.go
• cmd/tinyauth/generate_totp.go
• cmd/tinyauth/healthcheck.go
• cmd/tinyauth/tinyauth.go
• cmd/tinyauth/verify_user.go
• cmd/tinyauth/version.go
• go.mod
• internal/utils/decoders/label_decoder.go
• internal/utils/loaders/loader_env.go
• internal/utils/loaders/loader_file.go
• internal/utils/loaders/loader_flag.go
• paerser
• patches/nested_maps.diff

💤 Files with no reviewable changes (8)

• .gitmodules
• Dockerfile
• Dockerfile.distroless
• .github/workflows/release.yml
• Dockerfile.dev
• paerser
• .github/workflows/nightly.yml
• patches/nested_maps.diff