Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
096fc8aa69
PromucFlow_constructor/Dockerfile

70 lines
2.1 KiB
Docker
Raw Normal View History

chore: Use Docker base images to build (#28198) This will use the Appsmith base image which contains all the downloads needed, so the image build in daily CI should be much more reliable, and quite likely much faster. All workflows have already been updated to use the BASE build argument to set the base image. Once this is merged, building the Docker image will fail if `BASE` build argument is not passed. This is that the base is set explicitly everywhere to not cause any confusion. The deleted content has been moved to https://github.com/appsmithorg/appsmith/blob/8d34a2ac280e2263851fd24e720d26811545b625/deploy/docker/base.dockerfile, which builds the `base-*:*` images.
2023-10-19 01:28:16 +00:00
ARG BASE
FROM ${BASE}
chore: Place local MongoDB cluster key in `/tmp` instead of `/` (#26963) This is another step towards supporting running with readonly root FS, and only making runtime changes in the container in `/tmp` or in `/appsmith-stacks`, and nowhere else.
2023-09-11 07:24:50 +00:00
chore: Disallow plugin requests to localhost (#34250) The microservices that run inside the Appsmith container, trust each other, and may expose sensitive API endpoints to other internal microservices. These sensitive APIs aren't accessible by outside the Appsmith container, protected by Caddy's routing. This means that the backend server's ability to make user-configured HTTP requests, can lead to SSRFs to such sensitive API calls, if it's allowed to call APIs on localhost. In other words, Caddy establishes a trust boundary that protects these internal APIs from outside the container. But we lack such a trust boundary for the backend's plugins (API plugin, Elasticsearch plugin, etc.). This PR solves that. In this PR, we block both IPv4 and IPv6 loopback addresses. No additional changes needed on EE, no conflicts, and all unit and Cypress tests pass. **/test all** <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9590358198> > Commit: 5445c70aa873942c3edae9fbfcc57a6d2554b815 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9590358198&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `` <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Improved handling of disallowed hosts by dynamically computing based on environment variables, offering more flexibility and control. - **Refactor** - Enhanced the `makeWebClient()` method to use a more efficient approach for creating WebClient objects with custom configurations. - **Chores** - Added an `ENV` declaration for `IN_DOCKER` in the Dockerfile to better manage Docker-specific configurations. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-06-20 05:30:22 +00:00
ENV IN_DOCKER=1
chore: Add APPSMITH_CLOUD_SERVICES_BASE_URL as build arg (#25721) This will allow us to set a separate cloud-services URL during build time.
2023-07-31 04:47:46 +00:00
ARG APPSMITH_CLOUD_SERVICES_BASE_URL
chore: Graceful handling for empty CS URL (#25843) This will allow us to 1. Bake different CS URLs for release and master builds. 2. Be resilient to the CS URL being set to empty string, as opposed to not being set at all.
2023-07-31 11:25:46 +00:00
ENV APPSMITH_CLOUD_SERVICES_BASE_URL=${APPSMITH_CLOUD_SERVICES_BASE_URL}
chore: Add APPSMITH_CLOUD_SERVICES_BASE_URL as build arg (#25721) This will allow us to set a separate cloud-services URL during build time.
2023-07-31 04:47:46 +00:00
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within.
2021-09-01 05:32:08 +00:00
ARG APPSMITH_SEGMENT_CE_KEY
ENV APPSMITH_SEGMENT_CE_KEY=${APPSMITH_SEGMENT_CE_KEY}
chore: Use single COPY command in Dockerfile for constant/static files (#27127) Move the files that are copied into the Docker image, into an `fs` folder, that reflects the folder structure of that in the image. This means two things right away: 1. A single `COPY` instruction in `Dockerfile` is enough to copy all the files to their places. 2. The structure of files in the repo reflects that in the Docker image. This makes working with the files/folders and troubleshooting with them much easier. ❗ Note: **There's actually only 3 files changed, rest are just moved.**
2023-09-11 03:13:09 +00:00
COPY deploy/docker/fs /
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within.
2021-09-01 05:32:08 +00:00
chore: ab test simple git reset in git status api (#39959) ## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Git" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/14197451933> > Commit: a3833fe0e894bcb155455947856e7de93bbb0640 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=14197451933&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Git` > Spec: > <hr>Tue, 01 Apr 2025 14:54:53 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced an enhanced Git operation that enables reliable repository reset through a dedicated API endpoint. - Enabled advanced reset options controllable via a new feature flag, improving repository state management. - **Chores** - Upgraded Git-related dependencies and updated the container setup to include Git, ensuring a consistent and robust environment. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-04-01 16:06:08 +00:00
RUN apt-get update && \
feat: add git route aspect for branch handling (#41097) ## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/16343398654> > Commit: f8257de8135f4243309143396eca2a81bdb6f2a3 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16343398654&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Thu, 17 Jul 2025 12:14:40 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced a new annotation to streamline and secure Git-related operations in application APIs. * Added a robust workflow for handling Git operations with enhanced concurrency control and error handling. * Enabled in-memory Git storage mode for improved performance in certain environments. * Added support for executing Git operations via shell scripts, including branch merging and repository management. * **Improvements** * Enhanced configuration flexibility for Git storage and Redis integration. * Improved error reporting with new, descriptive Git-related error messages. * Broadened environment file ignore patterns for better environment management. * **Bug Fixes** * Improved handling of private key formats for Git authentication. * **Documentation** * Added detailed documentation and flow diagrams for new Git operation workflows. * **Chores** * Updated build and test configurations to align with new Git storage paths. * Deprecated and bypassed certain Redis operations when using in-memory Git storage. * **Tests** * Removed several outdated or redundant test cases related to auto-commit and Git serialization. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-21 08:41:34 +00:00
apt-get install -y software-properties-common && \
add-apt-repository -y ppa:git-core/ppa && \
apt-get update && \
apt-get install -y git tar zstd openssh-client && \
chore: ab test simple git reset in git status api (#39959) ## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Git" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/14197451933> > Commit: a3833fe0e894bcb155455947856e7de93bbb0640 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=14197451933&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Git` > Spec: > <hr>Tue, 01 Apr 2025 14:54:53 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced an enhanced Git operation that enables reliable repository reset through a dedicated API endpoint. - Enabled advanced reset options controllable via a new feature flag, improving repository state management. - **Chores** - Upgraded Git-related dependencies and updated the container setup to include Git, ensuring a consistent and robust environment. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-04-01 16:06:08 +00:00
apt-get clean && \
rm -rf /var/lib/apt/lists/*
chore: Fix executable permissions on scripts in Docker image
2024-05-28 08:57:02 +00:00
RUN <<END
feat: Make images adaptable to support both Postgres and MongoDB uris (#36424) ## Description PR to make the release tag adaptable to work with both MongoDB and PostgreSQL uris. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced a new script to automate the preparation of server artifacts, improving the build process. - Added SQL files to the indentation configuration for consistent code formatting. - **Improvements** - Enhanced error handling in the Docker build process to ensure essential files are present before execution. - Updated service configuration logic to prevent misconfiguration based on the environment. - Added a new job step in the build workflow to prepare server artifacts after the build process. - Implemented conditional logic in the run script to dynamically adapt to different database configurations. - **Bug Fixes** - Adjusted the initialization process to focus on MongoDB, improving reliability in various environments. <!-- end of auto-generated comment: release notes by coderabbit.ai --> /test Sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/10940528231> > Commit: 32731e8a93a25e5c9456eb89daca2d8bf327c012 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=10940528231&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 19 Sep 2024 12:21:54 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No
2024-09-19 16:15:46 +00:00
if ! [ -f info.json ]; then
echo "Missing info.json" >&2
exit 1
fi
chore: Fix condition syntax in Dockerfile (#37270) ## Description The `&&` syntax for `and`-ing conditions doesn't work with `[` **command**, it only works with `[[` **expressions**. But we can't use `[[` expressions, since this isn't bash, it's `/bin/sh`. We can't use bash, since doing so is throwing up a whole lot of other errors that I've parked for another day, several months ago. Instead of `&&`, we have to use `-a` when using the `[` command. Currently, when building the Docker image, we see the following error: ``` #8 [3/6] RUN <<END (if ! [ -f info.json ]; then...) #8 0.142 /bin/sh: 6: [: missing ] #8 0.142 /bin/sh: 6: -f: not found ``` It doesn't seem to have an impact, but it _is_ an error nonetheless. We're also refactoring to not add the executable permission twice, which is redundant. We're only doing it once now. ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11718707642> > Commit: 6c739439fa181f41245294a46321544edf61e878 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11718707642&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 07 Nov 2024 09:18:50 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No /test sanity <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit - **Chores** - Updated the Dockerfile to enhance file existence checks and manage executable permissions for shell scripts. - Removed unnecessary directory creation commands for `./editor` and `./rts`. - Maintained existing structure, including exposed ports and health check commands. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Arpit Mohan <mohanarpit@users.noreply.github.com>
2024-11-07 10:06:30 +00:00
if ! [ -f server/mongo/server.jar -a -f server/pg/server.jar ]; then
feat: Make images adaptable to support both Postgres and MongoDB uris (#36424) ## Description PR to make the release tag adaptable to work with both MongoDB and PostgreSQL uris. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced a new script to automate the preparation of server artifacts, improving the build process. - Added SQL files to the indentation configuration for consistent code formatting. - **Improvements** - Enhanced error handling in the Docker build process to ensure essential files are present before execution. - Updated service configuration logic to prevent misconfiguration based on the environment. - Added a new job step in the build workflow to prepare server artifacts after the build process. - Implemented conditional logic in the run script to dynamically adapt to different database configurations. - **Bug Fixes** - Adjusted the initialization process to focus on MongoDB, improving reliability in various environments. <!-- end of auto-generated comment: release notes by coderabbit.ai --> /test Sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/10940528231> > Commit: 32731e8a93a25e5c9456eb89daca2d8bf327c012 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=10940528231&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 19 Sep 2024 12:21:54 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No
2024-09-19 16:15:46 +00:00
echo "Missing one or both server.jar files in the right place. Are you using the build script?" >&2
exit 1
fi
chore: Fix executable permissions on scripts in Docker image
2024-05-28 08:57:02 +00:00
END
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within.
2021-09-01 05:32:08 +00:00
# Add client UI - Application Layer
COPY ./app/client/build editor/
# Add RTS - Application Layer
ci: Use esbuild to build RTS (#27310) This fixes RTS build to use `esbuild`. 1. This means the whole `node_modules` won't need to be copied over to the Docker image. There's unused insignifant _test_ files in there, that don't add any value, but are causing irrelevant CVEs to be reported on our Docker image. See example at https://github.com/appsmithorg/appsmith-ee/pull/2349. 2. Much faster. Not that RTS build is our slow point, but still. Perhaps we can move client to `esbuild` too. 🙂 ## Why are we doing this? The current method of loading RTS into the Docker image means that _all_ contents of _all_ dependencies are copied over. The whole `node_modules`. But several of these packages include _test_ files too, that aren't needed at runtime at all. One of such test files is creating a false alert for a CVE on our Docker image. Has absolutely no relevance and impact, but it's there. To fix that, I [had to `rm -rf /opt/appsmith/rts/node_modules/*/test` in the Docker image](https://github.com/appsmithorg/appsmith-ee/pull/2349/files). This felt very hacky, and very dirty. It felt like we're introducing more debt and more duct tape around the current build process. So, `esbuild`. ## Where is `esbuild` coming from? We're using `esbuild` v0.18.20 only, while the latest is v0.19.3. We need to update `design-system`'s storybook dependency, I think, to get a more recent version of `esbuild`. I'm yet to figure this out and can use some help. 🙂
2023-10-03 01:30:40 +00:00
COPY ./app/client/packages/rts/dist rts/
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within.
2021-09-01 05:32:08 +00:00
feat: add git route aspect for branch handling (#41097) ## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/16343398654> > Commit: f8257de8135f4243309143396eca2a81bdb6f2a3 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=16343398654&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Thu, 17 Jul 2025 12:14:40 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced a new annotation to streamline and secure Git-related operations in application APIs. * Added a robust workflow for handling Git operations with enhanced concurrency control and error handling. * Enabled in-memory Git storage mode for improved performance in certain environments. * Added support for executing Git operations via shell scripts, including branch merging and repository management. * **Improvements** * Enhanced configuration flexibility for Git storage and Redis integration. * Improved error reporting with new, descriptive Git-related error messages. * Broadened environment file ignore patterns for better environment management. * **Bug Fixes** * Improved handling of private key formats for Git authentication. * **Documentation** * Added detailed documentation and flow diagrams for new Git operation workflows. * **Chores** * Updated build and test configurations to align with new Git storage paths. * Deprecated and bypassed certain Redis operations when using in-memory Git storage. * **Tests** * Removed several outdated or redundant test cases related to auto-commit and Git serialization. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-21 08:41:34 +00:00
# Create the git-storage directory with group writeable permissions so non-root users can write to it.
RUN mkdir --mode 775 "/dev/shm/git-storage"
chore: Move appsmithctl to RTS (#37531) Move the `appsmithctl` code to RTS. RTS' own build system will build `appsmithctl` as well. We're adding two command scripts, `ctl` and `appsmithctl` to `/opt/bin`, which will be the entrypoints for this. The `appsmithctl` is now just an alias to the much shorter and non-redundancy-inducing `ctl`. We aren't migrating to TypeScript in this PR so we're ignoring the new `ctl` folder in both `tsconfig.json` and `.eslintrc`. That's temporary, the next PR will fix that. ## Automation /test sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11930931528> > Commit: 90b5f97b801ac8d4b4b0126d85edff3dccc050bd > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11930931528&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Wed, 20 Nov 2024 10:36:02 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes - **New Features** - Introduced the `appsmithctl` command for easier command execution. - Updated build process to include additional entry points. - **Bug Fixes** - Streamlined Docker build process, enhancing efficiency and reducing complexity. - **Documentation** - Added a new section in the README for `appsmithctl` command description. - **Chores** - Updated dependencies in `package.json`. - Removed obsolete files and workflows to simplify project structure. - **Style** - Added a new ESLint configuration for specific project needs. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-20 15:28:38 +00:00
ENV PATH /opt/bin:/opt/java/bin:/opt/node/bin:$PATH
chore: Install NodeJS manually instead of with the deprecated script (#27929) Fixes #26891.
2023-10-11 09:42:32 +00:00
fix: False positive report GHSA-2jcg-qqmg-46q6 (#37269) ## Description Some scanner tools like Syft and Grype are reporting a **scary** false positive at GHSA-2jcg-qqmg-46q6, on the following file in the Docker image: ``` /opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json ``` The advisory itself isn't applicable to Appsmith, and this above package is not used in the product at all. This PR deletes this `test` folder so this false positive is immediately taken out. Nevertheless, we shouldn't even have the `node_modules` folder in the Docker image, and we should be "building" `appsmithctl` instead. That's part of a larger effort to improve/fix `appsmithctl` and will be coming up in future PRs. <details><summary><b>The SBOM entry for the package in Syft’s proprietary format</b></summary> <pre> { "id": "8686a02f6819d5a1", "name": "monorepo-symlink-test", "version": "0.0.0", "type": "npm", "foundBy": "javascript-package-cataloger", "locations": [ { "path": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "layerID": "sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557", "accessPath": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "annotations": { "evidence": "primary" } } ], "licenses": [ { "value": "MIT", "spdxExpression": "MIT", "type": "declared", "urls": [], "locations": [ { "path": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "layerID": "sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557", "accessPath": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "annotations": { "evidence": "primary" } } ] } ], "language": "javascript", "cpes": [ { "cpe": "cpe:2.3:a:monorepo-symlink-test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink-test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink_test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink_test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" } ], "purl": "pkg:npm/monorepo-symlink-test@0.0.0", "metadataType": "javascript-npm-package", "metadata": { "name": "monorepo-symlink-test", "version": "0.0.0", "author": "", "homepage": "", "description": "", "url": "", "private": true } } </pre> </details> Reported by a user. ⚠️ There will be conflicts on sync. Please do not merge unless the author of PR is available. /test sanity ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11715737322> > Commit: 42aa69c3de26d105a4184164f2ac9d18adce9b88 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11715737322&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 07 Nov 2024 03:26:39 UTC <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **Chores** - Enhanced the Dockerfile for improved build process and error handling. - Streamlined npm package installation and organized script execution for better readability. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-07 04:49:15 +00:00
RUN <<END
set -o errexit
chore: Fix condition syntax in Dockerfile (#37270) ## Description The `&&` syntax for `and`-ing conditions doesn't work with `[` **command**, it only works with `[[` **expressions**. But we can't use `[[` expressions, since this isn't bash, it's `/bin/sh`. We can't use bash, since doing so is throwing up a whole lot of other errors that I've parked for another day, several months ago. Instead of `&&`, we have to use `-a` when using the `[` command. Currently, when building the Docker image, we see the following error: ``` #8 [3/6] RUN <<END (if ! [ -f info.json ]; then...) #8 0.142 /bin/sh: 6: [: missing ] #8 0.142 /bin/sh: 6: -f: not found ``` It doesn't seem to have an impact, but it _is_ an error nonetheless. We're also refactoring to not add the executable permission twice, which is redundant. We're only doing it once now. ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11718707642> > Commit: 6c739439fa181f41245294a46321544edf61e878 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11718707642&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 07 Nov 2024 09:18:50 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No /test sanity <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit - **Chores** - Updated the Dockerfile to enhance file existence checks and manage executable permissions for shell scripts. - Removed unnecessary directory creation commands for `./editor` and `./rts`. - Maintained existing structure, including exposed ports and health check commands. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Arpit Mohan <mohanarpit@users.noreply.github.com>
2024-11-07 10:06:30 +00:00
# Make all `*.sh` files executable, excluding `node_modules`.
find . \( -name node_modules -prune \) -o \( -type f -name '*.sh' \) -exec chmod +x '{}' +
# Ensure all custom command-scripts have executable permission
chmod +x /opt/bin/* /watchtower-hooks/*.sh
fix: False positive report GHSA-2jcg-qqmg-46q6 (#37269) ## Description Some scanner tools like Syft and Grype are reporting a **scary** false positive at GHSA-2jcg-qqmg-46q6, on the following file in the Docker image: ``` /opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json ``` The advisory itself isn't applicable to Appsmith, and this above package is not used in the product at all. This PR deletes this `test` folder so this false positive is immediately taken out. Nevertheless, we shouldn't even have the `node_modules` folder in the Docker image, and we should be "building" `appsmithctl` instead. That's part of a larger effort to improve/fix `appsmithctl` and will be coming up in future PRs. <details><summary><b>The SBOM entry for the package in Syft’s proprietary format</b></summary> <pre> { "id": "8686a02f6819d5a1", "name": "monorepo-symlink-test", "version": "0.0.0", "type": "npm", "foundBy": "javascript-package-cataloger", "locations": [ { "path": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "layerID": "sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557", "accessPath": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "annotations": { "evidence": "primary" } } ], "licenses": [ { "value": "MIT", "spdxExpression": "MIT", "type": "declared", "urls": [], "locations": [ { "path": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "layerID": "sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557", "accessPath": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "annotations": { "evidence": "primary" } } ] } ], "language": "javascript", "cpes": [ { "cpe": "cpe:2.3:a:monorepo-symlink-test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink-test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink_test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink_test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" } ], "purl": "pkg:npm/monorepo-symlink-test@0.0.0", "metadataType": "javascript-npm-package", "metadata": { "name": "monorepo-symlink-test", "version": "0.0.0", "author": "", "homepage": "", "description": "", "url": "", "private": true } } </pre> </details> Reported by a user. ⚠️ There will be conflicts on sync. Please do not merge unless the author of PR is available. /test sanity ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11715737322> > Commit: 42aa69c3de26d105a4184164f2ac9d18adce9b88 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11715737322&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 07 Nov 2024 03:26:39 UTC <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **Chores** - Enhanced the Dockerfile for improved build process and error handling. - Streamlined npm package installation and organized script execution for better readability. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-07 04:49:15 +00:00
chore: Use single COPY command in Dockerfile for constant/static files (#27127) Move the files that are copied into the Docker image, into an `fs` folder, that reflects the folder structure of that in the image. This means two things right away: 1. A single `COPY` instruction in `Dockerfile` is enough to copy all the files to their places. 2. The structure of files in the repo reflects that in the Docker image. This makes working with the files/folders and troubleshooting with them much easier. ❗ Note: **There's actually only 3 files changed, rest are just moved.**
2023-09-11 03:13:09 +00:00
# Disable setuid/setgid bits for the files inside container.
fix: False positive report GHSA-2jcg-qqmg-46q6 (#37269) ## Description Some scanner tools like Syft and Grype are reporting a **scary** false positive at GHSA-2jcg-qqmg-46q6, on the following file in the Docker image: ``` /opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json ``` The advisory itself isn't applicable to Appsmith, and this above package is not used in the product at all. This PR deletes this `test` folder so this false positive is immediately taken out. Nevertheless, we shouldn't even have the `node_modules` folder in the Docker image, and we should be "building" `appsmithctl` instead. That's part of a larger effort to improve/fix `appsmithctl` and will be coming up in future PRs. <details><summary><b>The SBOM entry for the package in Syft’s proprietary format</b></summary> <pre> { "id": "8686a02f6819d5a1", "name": "monorepo-symlink-test", "version": "0.0.0", "type": "npm", "foundBy": "javascript-package-cataloger", "locations": [ { "path": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "layerID": "sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557", "accessPath": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "annotations": { "evidence": "primary" } } ], "licenses": [ { "value": "MIT", "spdxExpression": "MIT", "type": "declared", "urls": [], "locations": [ { "path": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "layerID": "sha256:02e68fb671fe8bc43f75862b43445160e17e3ec2f13f09bf346a65c66cd93557", "accessPath": "/opt/appsmith/utils/node_modules/resolve/test/resolver/multirepo/package.json", "annotations": { "evidence": "primary" } } ] } ], "language": "javascript", "cpes": [ { "cpe": "cpe:2.3:a:monorepo-symlink-test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink-test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink_test:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink_test:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo-symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo_symlink:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo:monorepo-symlink-test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" }, { "cpe": "cpe:2.3:a:monorepo:monorepo_symlink_test:0.0.0:*:*:*:*:*:*:*", "source": "syft-generated" } ], "purl": "pkg:npm/monorepo-symlink-test@0.0.0", "metadataType": "javascript-npm-package", "metadata": { "name": "monorepo-symlink-test", "version": "0.0.0", "author": "", "homepage": "", "description": "", "url": "", "private": true } } </pre> </details> Reported by a user. ⚠️ There will be conflicts on sync. Please do not merge unless the author of PR is available. /test sanity ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11715737322> > Commit: 42aa69c3de26d105a4184164f2ac9d18adce9b88 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11715737322&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Thu, 07 Nov 2024 03:26:39 UTC <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **Chores** - Enhanced the Dockerfile for improved build process and error handling. - Streamlined npm package installation and organized script execution for better readability. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-07 04:49:15 +00:00
find / \( -path /proc -prune \) -o \( \( -perm -2000 -o -perm -4000 \) -exec chmod -s '{}' + \) || true
mkdir -p /.mongodb/mongosh /appsmith-stacks
chmod ugo+w /etc /appsmith-stacks
chmod -R ugo+w /var/run /.mongodb /etc/ssl /usr/local/share
END
Disable uid/gid bits for fat container (#13277)
2022-04-27 07:27:57 +00:00
Auto-backup and cleanup with appsmithctl (#15203) - Auto-cleanup of backup files using env variable APPSMITH_BACKUP_ARCHIVE_LIMIT (default value is 4) after every backup. - Updated docker file to include watchtower hook scripts. - Error mail interval to 6hrs.
2022-07-28 12:15:28 +00:00
LABEL com.centurylinklabs.watchtower.lifecycle.pre-check=/watchtower-hooks/pre-check.sh
LABEL com.centurylinklabs.watchtower.lifecycle.pre-update=/watchtower-hooks/pre-update.sh
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within.
2021-09-01 05:32:08 +00:00
EXPOSE 80
EXPOSE 443
ENTRYPOINT [ "/opt/appsmith/entrypoint.sh" ]
Add healthcheck to docker (#13154)
2022-05-06 06:15:56 +00:00
HEALTHCHECK --interval=15s --timeout=15s --start-period=45s CMD "/opt/appsmith/healthcheck.sh"
docs: Fat container documentation fixes (#7207) Added additional details about how to use the fat container, and how to manage / maintain it. Also includes some refactorings that shouldn't affect the functionality significantly.
2021-09-14 13:31:06 +00:00
CMD ["/usr/bin/supervisord", "-n"]
Reference in New Issue Copy Permalink