PromucFlow_constructor/Dockerfile

ARG BASE
FROM ${BASE}

ENV IN_DOCKER=1

# Add backend server - Application Layer
ARG JAR_FILE=./app/server/dist/server-*.jar
ARG PLUGIN_JARS=./app/server/dist/plugins/*.jar

ARG APPSMITH_CLOUD_SERVICES_BASE_URL
ENV APPSMITH_CLOUD_SERVICES_BASE_URL=${APPSMITH_CLOUD_SERVICES_BASE_URL}

ARG APPSMITH_SEGMENT_CE_KEY
ENV APPSMITH_SEGMENT_CE_KEY=${APPSMITH_SEGMENT_CE_KEY}

COPY deploy/docker/fs /

RUN <<END
  mkdir -p ./editor ./rts ./backend/plugins

  # Ensure all *.sh scripts are executable.
  find . -name node_modules -prune -or -type f -name '*.sh' -print -exec chmod +x '{}' ';'

  # Ensure all custom command-scripts have executable permission
  chmod +x /opt/bin/*
END

#Add the jar to the container
COPY ${JAR_FILE} backend/server.jar
COPY ${PLUGIN_JARS} backend/plugins/

# Add client UI - Application Layer
COPY ./app/client/build editor/

# Add RTS - Application Layer
COPY ./app/client/packages/rts/dist rts/

ENV PATH /opt/bin:/opt/appsmith/utils/node_modules/.bin:/opt/java/bin:/opt/node/bin:$PATH

RUN cd ./utils && npm install --only=prod && npm install --only=prod -g . && cd - \
  && chmod +x /opt/bin/* *.sh /watchtower-hooks/*.sh \
  # Disable setuid/setgid bits for the files inside container.
  && find / \( -path /proc -prune \) -o \( \( -perm -2000 -o -perm -4000 \) -print -exec chmod -s '{}' + \) || true \
  && mkdir -p /.mongodb/mongosh /appsmith-stacks \
  && chmod ugo+w /etc /appsmith-stacks \
  && chmod -R ugo+w /var/run /.mongodb /etc/ssl /usr/local/share

LABEL com.centurylinklabs.watchtower.lifecycle.pre-check=/watchtower-hooks/pre-check.sh
LABEL com.centurylinklabs.watchtower.lifecycle.pre-update=/watchtower-hooks/pre-update.sh

EXPOSE 80
EXPOSE 443
ENTRYPOINT [ "/opt/appsmith/entrypoint.sh" ]
HEALTHCHECK --interval=15s --timeout=15s --start-period=45s CMD "/opt/appsmith/healthcheck.sh"
CMD ["/usr/bin/supervisord", "-n"]
chore: Use Docker base images to build (#28198) This will use the Appsmith base image which contains all the downloads needed, so the image build in daily CI should be much more reliable, and quite likely much faster. All workflows have already been updated to use the BASE build argument to set the base image. Once this is merged, building the Docker image will fail if `BASE` build argument is not passed. This is that the base is set explicitly everywhere to not cause any confusion. The deleted content has been moved to https://github.com/appsmithorg/appsmith/blob/8d34a2ac280e2263851fd24e720d26811545b625/deploy/docker/base.dockerfile, which builds the `base-:` images. 2023-10-19 01:28:16 +00:00			`ARG BASE`
			`FROM ${BASE}`
chore: Place local MongoDB cluster key in `/tmp` instead of `/` (#26963) This is another step towards supporting running with readonly root FS, and only making runtime changes in the container in `/tmp` or in `/appsmith-stacks`, and nowhere else. 2023-09-11 07:24:50 +00:00
chore: Disallow plugin requests to localhost (#34250) The microservices that run inside the Appsmith container, trust each other, and may expose sensitive API endpoints to other internal microservices. These sensitive APIs aren't accessible by outside the Appsmith container, protected by Caddy's routing. This means that the backend server's ability to make user-configured HTTP requests, can lead to SSRFs to such sensitive API calls, if it's allowed to call APIs on localhost. In other words, Caddy establishes a trust boundary that protects these internal APIs from outside the container. But we lack such a trust boundary for the backend's plugins (API plugin, Elasticsearch plugin, etc.). This PR solves that. In this PR, we block both IPv4 and IPv6 loopback addresses. No additional changes needed on EE, no conflicts, and all unit and Cypress tests pass. /test all <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9590358198> > Commit: 5445c70aa873942c3edae9fbfcc57a6d2554b815 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9590358198&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `` <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Improved handling of disallowed hosts by dynamically computing based on environment variables, offering more flexibility and control. - Refactor - Enhanced the `makeWebClient()` method to use a more efficient approach for creating WebClient objects with custom configurations. - Chores - Added an `ENV` declaration for `IN_DOCKER` in the Dockerfile to better manage Docker-specific configurations. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2024-06-20 05:30:22 +00:00			`ENV IN_DOCKER=1`

feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within. 2021-09-01 05:32:08 +00:00			`# Add backend server - Application Layer`
ci: Fix server jar paths in fat container image (#7771) 2021-09-23 14:28:53 +00:00			`ARG JAR_FILE=./app/server/dist/server-*.jar`
			`ARG PLUGIN_JARS=./app/server/dist/plugins/*.jar`
chore: Add APPSMITH_CLOUD_SERVICES_BASE_URL as build arg (#25721) This will allow us to set a separate cloud-services URL during build time. 2023-07-31 04:47:46 +00:00
			`ARG APPSMITH_CLOUD_SERVICES_BASE_URL`
chore: Graceful handling for empty CS URL (#25843) This will allow us to 1. Bake different CS URLs for release and master builds. 2. Be resilient to the CS URL being set to empty string, as opposed to not being set at all. 2023-07-31 11:25:46 +00:00			`ENV APPSMITH_CLOUD_SERVICES_BASE_URL=${APPSMITH_CLOUD_SERVICES_BASE_URL}`
chore: Add APPSMITH_CLOUD_SERVICES_BASE_URL as build arg (#25721) This will allow us to set a separate cloud-services URL during build time. 2023-07-31 04:47:46 +00:00
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within. 2021-09-01 05:32:08 +00:00			`ARG APPSMITH_SEGMENT_CE_KEY`
			`ENV APPSMITH_SEGMENT_CE_KEY=${APPSMITH_SEGMENT_CE_KEY}`
chore: Use single COPY command in Dockerfile for constant/static files (#27127) Move the files that are copied into the Docker image, into an `fs` folder, that reflects the folder structure of that in the image. This means two things right away: 1. A single `COPY` instruction in `Dockerfile` is enough to copy all the files to their places. 2. The structure of files in the repo reflects that in the Docker image. This makes working with the files/folders and troubleshooting with them much easier. ❗ Note: There's actually only 3 files changed, rest are just moved. 2023-09-11 03:13:09 +00:00
			`COPY deploy/docker/fs /`
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within. 2021-09-01 05:32:08 +00:00
chore: Fix executable permissions on scripts in Docker image 2024-05-28 08:57:02 +00:00			`RUN <<END`
			`mkdir -p ./editor ./rts ./backend/plugins`

			`# Ensure all *.sh scripts are executable.`
			`find . -name node_modules -prune -or -type f -name '*.sh' -print -exec chmod +x '{}' ';'`
chore: Logs and potential fix for CI startup flakiness (#34461) The `tlog` command isn't predictably getting the executable permission, so we're explicitly setting that up in `Dockerfile` here. As well as in the setup script for Cypress, if we get a 502 even after 90 seconds, we print the logs of the `appsmith` container, so we're not guessing the causes. This should provide us more information next time we see such flakiness. /test sanity <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/9658565348> > Commit: 96c777dd9a1bd8c28477bf1dcd1d4748ced0022e > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9658565348&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` <!-- end of auto-generated comment: Cypress test results --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated Dockerfile to ensure custom command-scripts in `/opt/bin/` have executable permissions. - Enhanced `setup-test-ci.sh` script to output `appsmith` logs when the server connection fails. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2024-06-25 08:33:56 +00:00
			`# Ensure all custom command-scripts have executable permission`
			`chmod +x /opt/bin/*`
chore: Fix executable permissions on scripts in Docker image 2024-05-28 08:57:02 +00:00			`END`

feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within. 2021-09-01 05:32:08 +00:00			`#Add the jar to the container`
			`COPY ${JAR_FILE} backend/server.jar`
			`COPY ${PLUGIN_JARS} backend/plugins/`

			`# Add client UI - Application Layer`
			`COPY ./app/client/build editor/`

			`# Add RTS - Application Layer`
ci: Use esbuild to build RTS (#27310) This fixes RTS build to use `esbuild`. 1. This means the whole `node_modules` won't need to be copied over to the Docker image. There's unused insignifant _test_ files in there, that don't add any value, but are causing irrelevant CVEs to be reported on our Docker image. See example at https://github.com/appsmithorg/appsmith-ee/pull/2349. 2. Much faster. Not that RTS build is our slow point, but still. Perhaps we can move client to `esbuild` too. 🙂 ## Why are we doing this? The current method of loading RTS into the Docker image means that _all_ contents of _all_ dependencies are copied over. The whole `node_modules`. But several of these packages include _test_ files too, that aren't needed at runtime at all. One of such test files is creating a false alert for a CVE on our Docker image. Has absolutely no relevance and impact, but it's there. To fix that, I [had to `rm -rf /opt/appsmith/rts/node_modules/*/test` in the Docker image](https://github.com/appsmithorg/appsmith-ee/pull/2349/files). This felt very hacky, and very dirty. It felt like we're introducing more debt and more duct tape around the current build process. So, `esbuild`. ## Where is `esbuild` coming from? We're using `esbuild` v0.18.20 only, while the latest is v0.19.3. We need to update `design-system`'s storybook dependency, I think, to get a more recent version of `esbuild`. I'm yet to figure this out and can use some help. 🙂 2023-10-03 01:30:40 +00:00			`COPY ./app/client/packages/rts/dist rts/`
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within. 2021-09-01 05:32:08 +00:00
chore: Add time to logs from entrypoint.sh (#34116) Logs messages from `entrypoint.sh` and the other `run-.sh` scripts don't show timestamp today, and its getting hard to see the order of things in the logs, especially between different processes. This PR adds a command `tlog` to print logs with UTC timestamp prefixed. We're only using it in `entrypoint.sh` now, but follow-up PR(s) will add it to the other `run-` scripts as well. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated Dockerfile to include `/opt/bin` in the `PATH` and modified permissions settings for executable files. - Refactor - Enhanced logging in the entrypoint script by replacing `echo` statements with `tlog` for better clarity and debugging. - New Features - Introduced `tlog`, a new shell script for consistent and timestamped logging. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2024-06-10 03:53:43 +00:00			`ENV PATH /opt/bin:/opt/appsmith/utils/node_modules/.bin:/opt/java/bin:/opt/node/bin:$PATH`
chore: Install NodeJS manually instead of with the deprecated script (#27929) Fixes #26891. 2023-10-11 09:42:32 +00:00
chore: Use single COPY command in Dockerfile for constant/static files (#27127) Move the files that are copied into the Docker image, into an `fs` folder, that reflects the folder structure of that in the image. This means two things right away: 1. A single `COPY` instruction in `Dockerfile` is enough to copy all the files to their places. 2. The structure of files in the repo reflects that in the Docker image. This makes working with the files/folders and troubleshooting with them much easier. ❗ Note: There's actually only 3 files changed, rest are just moved. 2023-09-11 03:13:09 +00:00			`RUN cd ./utils && npm install --only=prod && npm install --only=prod -g . && cd - \`
chore: Add time to logs from entrypoint.sh (#34116) Logs messages from `entrypoint.sh` and the other `run-.sh` scripts don't show timestamp today, and its getting hard to see the order of things in the logs, especially between different processes. This PR adds a command `tlog` to print logs with UTC timestamp prefixed. We're only using it in `entrypoint.sh` now, but follow-up PR(s) will add it to the other `run-` scripts as well. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Chores - Updated Dockerfile to include `/opt/bin` in the `PATH` and modified permissions settings for executable files. - Refactor - Enhanced logging in the entrypoint script by replacing `echo` statements with `tlog` for better clarity and debugging. - New Features - Introduced `tlog`, a new shell script for consistent and timestamped logging. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2024-06-10 03:53:43 +00:00			`&& chmod +x /opt/bin/* .sh /watchtower-hooks/.sh \`
chore: Use single COPY command in Dockerfile for constant/static files (#27127) Move the files that are copied into the Docker image, into an `fs` folder, that reflects the folder structure of that in the image. This means two things right away: 1. A single `COPY` instruction in `Dockerfile` is enough to copy all the files to their places. 2. The structure of files in the repo reflects that in the Docker image. This makes working with the files/folders and troubleshooting with them much easier. ❗ Note: There's actually only 3 files changed, rest are just moved. 2023-09-11 03:13:09 +00:00			`# Disable setuid/setgid bits for the files inside container.`
chore: Run NGINX with readonly root FS support (#27453) Part of supporting readonly root filesystem, gets NGINX to start without doing any writes to the filesystem, except for in `/tmp`. 2023-09-27 08:08:47 +00:00			`&& find / \( -path /proc -prune \) -o \( \( -perm -2000 -o -perm -4000 \) -print -exec chmod -s '{}' + \) \|\| true \`
feat: Support running as a non-root user (#28290) Running an Appsmith as a non-root user: ```sh docker run --name appsmith --user 70:70 ``` The `70:70` figures are the UID and GID respectively. It can mostly be any number, safe to user figures are 70 to 79, or anything above 200 and below 65000. The important bit, is that it shouldn't change on restart or manual updates etc. No product functionality should be affected when running as a non-root user. 2023-11-15 05:58:25 +00:00			`&& mkdir -p /.mongodb/mongosh /appsmith-stacks \`
			`&& chmod ugo+w /etc /appsmith-stacks \`
chore: Remove cron, unused (#29937) 2023-12-29 05:03:23 +00:00			`&& chmod -R ugo+w /var/run /.mongodb /etc/ssl /usr/local/share`
Disable uid/gid bits for fat container (#13277) 2022-04-27 07:27:57 +00:00
Auto-backup and cleanup with appsmithctl (#15203) - Auto-cleanup of backup files using env variable APPSMITH_BACKUP_ARCHIVE_LIMIT (default value is 4) after every backup. - Updated docker file to include watchtower hook scripts. - Error mail interval to 6hrs. 2022-07-28 12:15:28 +00:00			`LABEL com.centurylinklabs.watchtower.lifecycle.pre-check=/watchtower-hooks/pre-check.sh`
			`LABEL com.centurylinklabs.watchtower.lifecycle.pre-update=/watchtower-hooks/pre-update.sh`
feat: Implement fat container for appsmith application (#6678) Adds a Dockerfile along with accompanying scripts and definitions for building a fat Docker image. This image, when run as a container, will include the server, client, RTS, and necessary vendor services running all within. 2021-09-01 05:32:08 +00:00
			`EXPOSE 80`
			`EXPOSE 443`
			`ENTRYPOINT [ "/opt/appsmith/entrypoint.sh" ]`
Add healthcheck to docker (#13154) 2022-05-06 06:15:56 +00:00			`HEALTHCHECK --interval=15s --timeout=15s --start-period=45s CMD "/opt/appsmith/healthcheck.sh"`
docs: Fat container documentation fixes (#7207) Added additional details about how to use the fat container, and how to manage / maintain it. Also includes some refactorings that shouldn't affect the functionality significantly. 2021-09-14 13:31:06 +00:00			`CMD ["/usr/bin/supervisord", "-n"]`