## Description
Fixed GraphQL version
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/10177151252>
> Commit: 52a3f4ebc0ad3cd169bf1fe8cabd0156ed7a22e4
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=10177151252&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Wed, 31 Jul 2024 09:17:29 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [X] No
## Summary by CodeRabbit
- **New Features**
- Updated the GraphQL plugin and server to utilize the latest version
(21.5) of the `graphql-java` library, enhancing functionality and
performance.
- **Bug Fixes**
- Improvements and bug fixes may be included with the update to the
`graphql-java` dependency, potentially improving GraphQL query handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reverts appsmithorg/appsmith#34485 because this may be causing some delays in running the JUnit tests on CI.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Removed unnecessary dependencies related to debug stack trace printing
for cleaner and more efficient code.
- Downgraded `reactor-test` version to improve compatibility and
stability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
This is a chore PR to improve the stack traces printed by Webflux.
After:
<img width="1423" alt="Screenshot 2024-06-26 at 1 59 12 PM"
src="https://github.com/appsmithorg/appsmith/assets/458946/a89f2cf5-db7d-4430-b248-bee5fc26a218">
Before:
<img width="1449" alt="Screenshot 2024-06-26 at 1 59 43 PM"
src="https://github.com/appsmithorg/appsmith/assets/458946/0f794db2-d40d-4d4f-b79f-c40b126222f0">
> [!WARNING]
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._
## Automation
/ok-to-test tags="@tag.Sanity"
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/9676222187>
> Commit: 6769b2360448c4bbc61280f5629f7a93ea55dfa0
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9676222187&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Refactor**
- Upgraded internal dependencies for improved debugging and testing.
- **Chores**
- Enhanced stack trace debugging by initializing the Reactor Debug
Agent.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Another attempt at removing QueryDSL. This time, it seems to be working
without very many shenanigans, which throws question on what the hell I
was doing in the previous attempt. 😭
All tests and Sanity Cypress passes on EE at
https://github.com/appsmithorg/appsmith-ee/pull/3805.
Two things happening in this PR.
1. We're removing QueryDSL.
2. We're adding [Errorprone](http://errorprone.info/).
Why both together? Because I can't get the build to work, if I remove
QueryDSL, and not add any other annotation processor. Lombok is refusing
to do its thing, unless there is at least one other annotation
processor, which QueryDSL was filling in for. I wanted to add Errorprone
anyway in a separate task, so didn't investigate further and just added
it here.
But adding Errorprone is not the idea for now. So all lint rules are
disable, and it has no affect on build time either. We'll slowly roll
out some of the checks and lint rules in the coming weeks.
This reverts commit 5647916478.
This seems to have broken our ability to re-run failed tests on server
workflow. We'll bring the changes back after we figure out how to not
lose that capability.
Fixes#29114
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Enhanced logging capabilities for better performance insights.
- **Improvements**
- Increased the number of log file backups to ensure more historical
data is preserved.
- **Documentation**
- Updated internal documentation to reflect new logging and performance
monitoring features.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
1. Added frontend and backend custom OTLP telemetry to track execute
flow
2. Updated end vars in client side code to match with server sdk
intialisation code.
#### PR fixes following issue(s)
Fixes#28800 and #28805
#### Type of change
- Chore (housekeeping or task changes that don't impact user perception)
#### How Has This Been Tested?
- [x] Manual
- [ ] JUnit
- [ ] Jest
- [ ] Cypress
>
>
#### Test Plan
> Add Testsmith test cases links that relate to this PR
>
>
#### Issues raised during DP testing
> Link issues raised during DP testing for better visiblity and tracking
(copy link from comments dropped on this PR)
>
>
>
## Checklist:
#### Dev activity
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] PR is being merged under a feature flag
#### QA activity:
- [ ] [Speedbreak
features](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#speedbreakers-)
have been covered
- [ ] Test plan covers all impacted features and [areas of
interest](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#areas-of-interest-)
- [ ] Test plan has been peer reviewed by project stakeholders and other
QA members
- [ ] Manually tested functionality on DP
- [ ] We had an implementation alignment call with stakeholders post QA
Round 2
- [ ] Cypress test cases have been added and approved by SDET/manual QA
- [ ] Added `Test Plan Approved` label after Cypress tests were reviewed
- [ ] Added `Test Plan Approved` label after JUnit tests were reviewed
Changes
add rate limit on login and signup APIs
add annotations to support rate limit on controllers which can be
configured per API.
refactor SecurityConfig
implementation details
uses bucket4j for rate limiting
uses redis as a backend for distributed rate limiting
fixes: https://github.com/appsmithorg/appsmith-ee/issues/234
**Changes**
* add rate limit on login and signup APIs
* add annotations to support rate limit on controllers which can be
configured per API.
* refactor SecurityConfig
**implementation details**
* uses bucket4j for rate limiting
* uses redis as a backend for distributed rate limiting
Bumps
[org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) from
1.72 to 1.74.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html">org.bouncycastle:bcprov-jdk18on's
changelog</a>.</em></p>
<blockquote>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.1.1 Version<!--
raw HTML omitted --><!-- raw HTML omitted -->
Release: 1.76<!-- raw HTML omitted -->
Date: 2023, July 29th</p>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted -->2.2.1 Version<!--
raw HTML omitted --><!-- raw HTML omitted -->
Release: 1.75<!-- raw HTML omitted -->
Date: 2023, June 21st</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/bcgit/bc-java/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/appsmithorg/appsmith/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description
As of now the CS API does not have signature verification which can lead
to data tampering for CS API response. This PR adds the method to add
signature verification for CS API responses.
Corresponding PRs:
CS: https://github.com/appsmithorg/cloud-services/pull/1023
#### PR fixes following issue(s)
Fixes https://github.com/appsmithorg/cloud-services/issues/1037
#### Type of change
- New feature (non-breaking change which adds functionality)
## Testing
#### How Has This Been Tested?
- [ ] Manual
## Checklist:
#### Dev activity
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] PR is being merged under a feature flag
#### QA activity:
- [ ] [Speedbreak
features](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#speedbreakers-)
have been covered
- [ ] Test plan covers all impacted features and [areas of
interest](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#areas-of-interest-)
- [ ] Test plan has been peer reviewed by project stakeholders and other
QA members
- [ ] Manually tested functionality on DP
- [ ] We had an implementation alignment call with stakeholders post QA
Round 2
- [ ] Cypress test cases have been added and approved by SDET/manual QA
- [ ] Added `Test Plan Approved` label after Cypress tests were reviewed
- [ ] Added `Test Plan Approved` label after JUnit tests were reviewed
This PR adds support to Appsmith server to be able to connect to
ElastiCache Redis with cluster mode turned on. When the
`APPSMITH_REDIS_URL` is set to `redis://...`, the current default
behaviour is preserved. But if it is set to `redis-cluster://...`, then
we setup a pooled connection with cluster mod enabled.
## Description
This PR enables the Sentry error logging for Appsmith cloud server.
Related slack thread:
https://theappsmith.slack.com/archives/CPQNLFHTN/p1685513675580309?thread_ts=1684307194.980669&cid=CPQNLFHTN
#### PR fixes following issue(s)
Fixes https://github.com/appsmithorg/cloud-services/issues/920
#### Type of change
- Bug fix (non-breaking change which fixes an issue)
#### How Has This Been Tested?
- [x] Manual
<img width="1721" alt="Screenshot 2023-06-28 at 11 19 27 AM"
src="https://github.com/appsmithorg/appsmith/assets/41686026/66d1d677-4bf8-4e30-9120-6cca6c834d42">
## Checklist:
#### Dev activity
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] PR is being merged under a feature flag
#### QA activity:
- [ ] [Speedbreak
features](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#speedbreakers-)
have been covered
- [ ] Test plan covers all impacted features and [areas of
interest](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#areas-of-interest-)
- [ ] Test plan has been peer reviewed by project stakeholders and other
QA members
- [ ] Manually tested functionality on DP
- [ ] We had an implementation alignment call with stakeholders post QA
Round 2
- [ ] Cypress test cases have been added and approved by SDET/manual QA
- [ ] Added `Test Plan Approved` label after Cypress tests were reviewed
- [ ] Added `Test Plan Approved` label after JUnit tests were reviewed
## Description
> Add file locking using redis with retry. Helpful when multiple users
are trying to perform git actions in the Appsmith UI.
Fixes#10856Fixes#14366
## Type of change
- Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
- Test A
- Test B
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
---------
Co-authored-by: Aishwarya UR <aishwarya@appsmith.com>
Co-authored-by: Sidhant Goel <sidhant@appsmith.com>
Co-authored-by: Parthvi Goswami <parthvigoswami@Parthvis-MacBook-Pro.local>
Co-authored-by: System Administrator <root@Parthvis-MacBook-Pro.local>
## Description
Import application flow is a multi-stage process where we touch all the
mongo DB collections required to store the application in DB, which
today includes pages, actions, JSObjects, etc. When the flow is complete
then only we can say the application is successfully imported and DB
won't have any stale objects stored. But in a negative scenario where
the flow might break because of some unknown exceptions, objects stored
earlier become stale and reside in DB forever. With this PR we are
establishing the infra for transactions to avoid saving stale DB
objects. This is achieved by a rollback mechanism in case an exception
is thrown in the middle of execution.
Note: Since transactions are built on concepts of logical sessions they
require mecahnics (like oplog) which are only available in replica set
environment.
You can always convert a standalone to a single noded replica set and
transactions will work with this one node.
[https://docs.mongodb.com/manual/tutorial/convert-standalone-to-replica-set/](https://docs.mongodb.com/manual/tutorial/convert-standalone-to-replica-set/?_ga=2.53712296.1453502529.1669195955-2065030687.1664009965)
```
For local dev earlier we used to run the single node without replica set. Henceforth if we want to take the advantage of transactions please follow the steps to run mongod single node in local with replica set:
- Upgrade the MongoDB version to 4.4 or higher if it’s 4.2 or lower (https://www.mongodb.com/docs/manual/release-notes/4.4/#std-label-4.4-upgrade)
- Close the mongoDB instance running in your local
- Start the mongoDB in replica set mode and initiate the replica set
- mongod --port 27017 --dbpath <path/to/db> --replSet <replica-set-name> && mongo --eval “rs.initiate()”
- One can use following commands to check replica set status:
- mongo appsmith
- rs.status()
- By this time you should have the mongo running with replica set
```
<img width="1788" alt="Screenshot 2022-07-01 at 10 31 27 PM"
src="https://user-images.githubusercontent.com/41686026/176944386-f9d94715-c0cf-4900-93b7-f73647132d60.png">
This also means mongodb connection string used in env file will now
include the replica-set name if one wants to leverage transactions:
`mongodb://localhost:27017/appsmith?replicaSet={replica-set-name}`
Fixes https://github.com/appsmithorg/appsmith/issues/14543
## Type of change
- Bug fix (non-breaking change which fixes an issue)
- This change requires a documentation update
## How Has This Been Tested?
> JUnit
> Manual test
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
---------
Co-authored-by: Anagh Hegde <anagh@appsmith.com>
Co-authored-by: Aishwarya UR <aishwarya@appsmith.com>
## Description
TL;DR: This PR introduces metrics logging using native Spring support
for Micrometer. It includes a docker-compose to set up all the required
parts of this observability stack in the local environment as well.
In order to make use of this stack, please navigate to
`utils/observability` and execute the following command:
```
docker-compose up -d
```
The set up comes bundled with a default Grafana dashboard that can be
accessed at localhost:3001. Please feel free to switch the mapping ports
around in the docker-compose file.
This dashboard currently shows all http requests (sampled at 0.1 by
default), and the server side implementation has introduced some minimal
tracing for the `/api/v1/action/execute` endpoint. This means that you
can use the trace id from http server requests for this endpoint to
delve deeper into the spans exposed in this flow.
In case you would like to send trace information to another service,
please make use of the `APPSMITH_TRACING_ENDPOINT` variable. To override
the default sampling rate in your local (to say, 1), you can set that as
the value for the variable `APPSMITH_SAMPLING_PROBABILITY`.
Fixes#19153
## Type of change
- Chore (housekeeping or task changes that don't impact user perception)
## How Has This Been Tested?
- Manual
### Test Plan
No testing required, only needs regression after merge.
## Checklist:
### Dev activity
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] PR is being merged under a feature flag
---------
Co-authored-by: Sumesh Pradhan <sumesh@appsmith.com>
- Add connection pool to MySQL
- Fix JUnit TC failures due to Spring upgrade
- Fix Cypress TC failures due to change in the MySQL plugin code
- Remove `Preferred` SSL option
This upgrade takes care of our move to JDK 17, Spring Boot 3.0.1 and a
few other security upgrades along the way.
Fixes#18993
TODO:
- [x] Check CI changes for Java 17
- [x] Check vulnerability report
- [x] Mongock needs an upgrade
- [x] Add JVM args at all possible places for exposing java.time module
- [x] Add type adapters everywhere / use the same config for type
adapters everywhere
On macOS, when running a MySQL query, we see the following error:
```
java.lang.ClassCastException: class io.netty.channel.kqueue.KQueueEventLoopGroup cannot be cast to class io.netty.channel.EventLoopGroup
```
This is because of a `LinkageError`, caused because these classes exist both in the parent `server` module classpath, as well as in this plugin's classpath separately. To fix this, we removed this dependency from the server module.
But then, this caused a problem with how the `DNSResolver` class was being, well, resolved by the application class loader, vs the plugin class loader. This is a macOS specific problem, and doesn't affect other operating systems.
For this, we add just this package as a dependency to the MySQL plugin.
