## Description
Allows the Appsmith container to run as a non-root user, specified at
runtime through either docker-compose or Kubernetes pod security
context. I didn't specify the user in the `Dockerfile` because
environments like OpenShift choose a user at runtime, so it can't be
known at build time.
This needs to be followed by an update to docs and changes in the Helm
chart to finish it off, but that has a separate release cycle and this
needs to go ahead of that.
Ideally we would run as non-root by default, but since there's data
persisted on the filesystem automatically transitioning the default is
impossible without a lot of pain. This moves us in that direction and
enables it in the future if we go down that path.
Required to fix https://github.com/appsmithorg/appsmith/issues/38787
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!WARNING]
> Tests have not run on the HEAD
50ba745c5bb7709c60ce5194437f921f1a95c980 yet
> <hr>Thu, 15 May 2025 15:56:31 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for user identity emulation when running as a non-root
user, improving compatibility in certain deployment environments.
- Prevented embedded database initialization when running as a non-root
user to ensure proper operation.
- **Chores**
- Installed additional system packages to the base image for enhanced
functionality.
- Optimized image size by consolidating and improving cleanup steps
during the build process.
- Updated base image and refined installation commands for improved
build consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated system base image to Ubuntu 24.04.
- Upgraded MongoDB to version 6.0 and PostgreSQL to version 14 for
improved compatibility and security.
- Improved package installation process for reliability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: Cypress test results -->
> [!WARNING]
> Tests have not run on the HEAD
cc483c3707a04347e76f5a58d5e09282a436fc10 yet
> <hr>Sun, 27 Apr 2025 11:34:21 UTC
<!-- end of auto-generated comment: Cypress test results -->
We don't use `wget`, just `curl` in all places.
Tested with full suite on EE.
## Automation
/test sanity
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated PostgreSQL version from 13 to 14 in the installation process.
- Removed `wget` from the package installation command, streamlining the
setup.
- Retained language settings and environment variables for
compatibility.
- Maintained existing installation steps for Java and NodeJS, ensuring
consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
These packages were installed in
daf60fab72
for use with the `appsmithctl migrate` command, which has never been
documented, been deprecated and then deleted from code for some time
now.
Removing these packages now as we don't need them any longer.
Tested on EE and verified `/test all` to have passed.
## Automation
/test sanity
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!CAUTION]
> If you modify the content in this section, you are likely to disrupt
the CI result for your PR.
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Updated the base image to `ubuntu:20.04` for improved compatibility.
- Introduced a new builder stage for Caddy with the `caddy-ratelimit`
module.
- Enhanced support for internationalization by setting environment
variables for language and locale.
- **Improvements**
- Streamlined package installation process by removing unnecessary
packages.
- Optimized the final image size with cleanup commands and maintained
essential database services.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
NodeJS have slightly changed the way they publish their artifacts and
the way we download isn't working anymore. This PR fixes that.
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated environment variable formatting for clarity and conciseness.
- Enhanced the NodeJS installation process for improved integrity
verification.
- Maintained existing structure and dependencies within the Dockerfile.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
/test sanity
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/11833162543>
> Commit: 4aa1ca2b40a520d696450b249428d52f94258be7
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11833162543&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Thu, 14 Nov 2024 08:42:02 UTC
<!-- end of auto-generated comment: Cypress test results -->
1. This was kept for a short grace period, to be removed once we're
confident of upgrading to v14.
2. The `pg-upgrade.sh` script is capable of handling this. It will
install v13 when upgrading to v14, if it's not already available. See:
2adb12d57b/deploy/docker/fs/opt/appsmith/pg-upgrade.sh (L53-L54)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated PostgreSQL version in Docker setup from 13 to 14 for improved
performance and security.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reason for this previously documented at
https://github.com/appsmithorg/appsmith/pull/34265#issue-2356259090.
Cypress tests don' make sense since the only diff is on
`base.dockerfile`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated Dockerfile to streamline PostgreSQL setup. Removed creation of
a symlink to the current version of PostgreSQL.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
We're upgrading embedded Postgres from 13 to 14, and this PR includes a
script to perform the upgrade of the data folder from v13 schema to v14
schema. This script temporarily installs Postgres 13, if not available,
for the upgrade process, so will continue to work when and if we choose
to remove `postgresql-13` from the base image.
Tested this manually as well, running an Appsmith with Postgres 13,
executing some workflows via webhook, getting some run data generated,
then upgrading Postgres with the script in this PR, and ensuring that
the workflow run history is still there and visible on the UI exactly
the same. It is.
No conflicts or additional changes needed on EE. [All server and Cypress
tests pass on EE](https://github.com/appsmithorg/appsmith-ee/pull/4493).
**/test sanity**
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/9590240540>
> Commit: 9c75da53f871ffb912015c18a7504327cba88f2c
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9590240540&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
<!-- end of auto-generated comment: Cypress test results -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added automation script for upgrading PostgreSQL to the latest
version.
- Introduced testing script for PostgreSQL upgrades in Docker
environments.
- **Improvements**
- Upgraded PostgreSQL from version 13 to 14 in Docker setup, ensuring
compatibility and performance enhancements.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Instead of using absolute paths to Postgres binaries, and in doing so,
hard-coding the Postgres version number, we add the bin folder to `PATH`
so they're available directly.
This also won't need the `current` symlink we created. That symlink is
causing problems in some post-installations scripts in `apt`/`dpkg`,
since they're expecting a _number_ in that folder, and sees `current`,
it's confused and produces this error:
```
dpkg: warning: version 'current' has bad syntax: version number does not start with digit
```
After this is merged, we should be able to get rid of the `current`
symlink as well.
**/test sanity**
<!-- This is an auto-generated comment: Cypress test results -->
> [!TIP]
> 🟢🟢🟢 All cypress tests have passed! 🎉🎉🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/9541787920>
> Commit: 1012266e0924248b0f13a91bee464303e86b87a6
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=9541787920&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
<!-- end of auto-generated comment: Cypress test results -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated Docker configurations to streamline PostgreSQL 13 integration.
- Simplified PostgreSQL commands in scripts by removing explicit
versioning paths.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The newer NodeJS version `20.13` requires a more recent version of
glibc, one which isn't available on Ubuntu 20.04 yet. We need to stick
to NodeJS v20.11 until we can update Ubuntu itself to 22.04, or the
updated glibc shows up in Ubuntu 20.04.
Pinning NodeJS version for now to unblock.
## Description
- update node version and appropriate git workflow
- added the path to webpack cache folder, this should speed up bundle
creation about a minute
[Test, build and push Docker
Image](https://github.com/appsmithorg/appsmith/actions/runs/8421752151)
[Build Client, Server & Run only
Cypress](https://github.com/appsmithorg/appsmith/actions/runs/8421752151)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Chores**
- Updated actions/cache and actions/setup-node to v4 across various
workflows for improved caching and Node.js setup.
- Modified the `yarn install` command to use `--immutable` flag,
enhancing dependency management.
- **Documentation**
- Updated comments within workflows to include cautionary and important
notes, ensuring better clarity.
- **Refactor**
- Adjusted caching paths and keys for more efficient caching behavior.
- Changed Node.js installation to version 20.11.1 in Dockerfile,
aligning with the latest version for better performance and security.
- **Tests**
- Modified assertion in `getCurrentLocationSaga` test to check for the
presence of a property, improving test accuracy.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Aman Agarwal <aman@appsmith.com>
Fixes: [31031](https://github.com/appsmithorg/appsmith/issues/31031)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added rate-limiting functionality to enhance security and prevent
abuse.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
The current latest release at
https://github.com/adoptium/temurin17-binaries/releases/tag/jdk-17.0.9%2B9.1,
doesn't include binaries for Linux, and so the Java download step fails
in our base Docker image build. This PR fixes that.
Sidenote, had we not had this base image and application image
separation, this bug would've blocked all our CI pipelines and the whole
team. 🙂
The layers in the Dockerfile that depend on downloading large files from
external sources, doesn't have to run every day, or at every PR. We
tried using Docker's caching configuration, but it's not as reliable as
we'd have liked.
A separate base image lends us much more control over the how long we
cache the downloaded files and how often we redo this.
This PR only _adds_ the base image. It doesn't change anything in the
build of the existing Docker image. That'll happen once we have the base
images for `release` and `master` already present on DockerHub.
