What are we solving here?
1. Installing Java in the `Dockerfile` by using Adoptium's package
repositories is fragile since they've started blocking some IP addresses
used by GitHub Actions runners. We see a message like this:
```
Failed to fetch
https://packages.adoptium.net/artifactory/deb/pool/main/t/temurin-17/temurin-17-jdk_17.0.8.1.0+1_amd64.deb
403 Forbidden [IP: 146.75.107.42 443]
```
We're seeing more and more cases of these and PRs are getting blocked.
2. Installing Java via `apt` also installs other packages like X11
libraries, that aren't really relevant to our usage of Java. Yet, these
packages are present in our Docker image, and are the source of several
CVEs to be reported by scanners on our Docker image.
3. This will give us control over trusted CA certificates, which we can
now perform under `$TMP`, which aligns with our move towards supporting
readonly root filesystem. Which is essentially not write to anything in
the Docker image at runtime, except for under `/tmp` and
`/appsmith-stacks`. This will help us move in that direction.
This removes ~70 medium/low severity CVEs reported on our Docker image,
by removing `build-essential` from being installed by default in the
Docker image.
We only need it when compiling Redis, which is needed on _some_ ARM
systems, that re configured with a page-size of greater than 4096. For
example, CentOS 8.
This fixes RTS build to use `esbuild`.
1. This means the whole `node_modules` won't need to be copied over to
the Docker image. There's unused insignifant _test_ files in there, that
don't add any value, but are causing irrelevant CVEs to be reported on
our Docker image. See example at
https://github.com/appsmithorg/appsmith-ee/pull/2349.
2. Much faster. Not that RTS build is our slow point, but still. Perhaps
we can move client to `esbuild` too. 🙂
## Why are we doing this?
The current method of loading RTS into the Docker image means that _all_
contents of _all_ dependencies are copied over. The whole
`node_modules`. But several of these packages include _test_ files too,
that aren't needed at runtime at all. One of such test files is creating
a false alert for a CVE on our Docker image. Has absolutely no relevance
and impact, but it's there.
To fix that, I [had to `rm -rf /opt/appsmith/rts/node_modules/*/test` in
the Docker
image](https://github.com/appsmithorg/appsmith-ee/pull/2349/files). This
felt very hacky, and very dirty. It felt like we're introducing more
debt and more duct tape around the current build process.
So, `esbuild`.
## Where is `esbuild` coming from?
We're using `esbuild` v0.18.20 only, while the latest is v0.19.3. We
need to update `design-system`'s storybook dependency, I think, to get a
more recent version of `esbuild`. I'm yet to figure this out and can use
some help. 🙂
This is another step towards supporting running with readonly root FS,
and only making runtime changes in the container in `/tmp` or in
`/appsmith-stacks`, and nowhere else.
Move the files that are copied into the Docker image, into an `fs`
folder, that reflects the folder structure of that in the image. This
means two things right away:
1. A single `COPY` instruction in `Dockerfile` is enough to copy all the
files to their places.
2. The structure of files in the repo reflects that in the Docker image.
This makes working with the files/folders and troubleshooting with them
much easier.
❗ Note: **There's actually only 3 files changed, rest are just moved.**
There's a few CVEs reported on the version of python-requests that's
being used in the image, which we don't need that badly anyway. This PR
removes `python-requests` altogather so we shouldn't see CVEs on it show
up on our image anymore.
Removes this `Server` header in all responses from Appsmith.
```
curl -sSI http://localhost | grep 'server:'
```
It currently shows this:
```
server: nginx
```
Update:
- Mobed jest to` devDependenies` of package manifest.
- Updated Dockerfile to install utils with `--only=prod` arg for npm
install cmds.
Tested manually
We're pinning MongoDB to 5.0.14, but can just as well run 5.0.19. This
PR makes sure we install the latest v5 of MongoDB, every time we build
the image.
We're currently running NodeJS v16, which is [end-of-support on
11-Sep-2023](https://endoflife.date/nodejs). This PR updates the NodeJS
used as runtime, for RTS and `appsmithctl`, in the Appsmith Docker
image.
We do not update the build-time NodeJS version, needed to build the
client code, and RTS. Depending on test results, we'll do it as part of
the same PR, or a separate one.
This adds a `/opt/appsmith/info.json` file to Docker images, with the
following sample content:
```json
{
"commitSha": "0521ba2c0d7a62cef3d4def66fc15b59cc34ceef",
"commitUrl": "0521ba2c0d",
"branch": "release",
"date": "2023-08-02T12:52:53+00:00",
"isCI": false
}
```
We're enabling this only for images built for DPs currently, and will
then extend to other workflows as well.
Notice that we copy `info.*json` instead of `info.json`. The reason is
so that the Docker build doesn't fail, even if the `info.json` file
doesn't exist. This lets us publish this to each workflow in turn,
slowly and carefully.
[Relevant Slack
conversation](https://theappsmith.slack.com/archives/C02MUD8DNUR/p1686197957141419).
This will allow us to
1. Bake different CS URLs for release and master builds.
2. Be resilient to the CS URL being set to empty string, as opposed to
not being set at all.
- Removed event listener python script, removed supervisor conf for the
same.
- Added new python script to handle the starting page init.
- Python script will be called via a shell script with a failsafe
removal of the loading page.
- The above shell script will be run as a child of the run java script
Tests:
The child script exits after execution, and does not create zombie
process even when the run java script is called multiple times with
restarts.
Verified exceptions and failsafe manually by introducing syntax errors
and uninstalling requests module.
---------
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
## Description
1. Move everything related to client from app folder to client folder
(`.yarn`, `yarn.lock`, package.json, .gitignore)
2. Move `ast` and `rst` to client packages
3. Fix running scripts in packages
4. Add running unit tests in packages in CI
TODO: It is necessary to consider enabling the `nmHoistingLimits:
workspaces` option, since now all packages are hoisted to the root,
there may be issues with dependencies in workspaces. Also, there is a
possibility of implicit use of packages.
https://yarnpkg.com/configuration/yarnrc#nmHoistingLimits
#### PR fixes following issue(s)
Fixes#23333
#### Type of change
- Chore (housekeeping or task changes that don't impact user perception)
## Testing
#### How Has This Been Tested?
- [x] Manual
- [x] Jest
- [x] Cypress
## Checklist:
#### Dev activity
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] PR is being merged under a feature flag
Co-authored-by: Valera Melnikov <melnikov.vv@greendatasoft.ru>
## Description
This PR includes changes for self-hosted instances to utilize an
embedded postgres database for the Template's mockdb.
After this change, by default Appsmith will always run the embedded
Postgres, and connect to it instead of the mockdb cloud instance.
**Solves:**
Issue[#20107](https://github.com/appsmithorg/appsmith/issues/20107)
**Changes:**
- [x] Install Postgresql in the Docker container using Dockerfile :-
_Updated Docker file to install PostgreSQL v13_
- [x] Add provision to stop/disable Postgresql from booting based on an
environment variable :- _To disable embedded postgres, set the **ENV**
var `APPSMITH_ENABLE_EMBEDDED_DB` to `0`; Configured supervisord to
control the lifecycle of the postgres server ( Supervisor uses user
postgres to start the server since root is not allowed)_
- [x] Seed data into the Postgresql DB during first container startup.
This ensures that we don't have to ship the Docker
container with data & bloat it unnecessarily. :- _Curretly, the SQL dump
is baked into the image._
- [x] Persist the Postgresql data in /appsmith-stacks. This ensures that
the data is persisted across version upgrades. :- _The postgres uses the
file system at` /stacks/data/postgres/main` ; note: The file system
owner is user/group postgres_
- [x] Update the mock db endpoint in the product to use the local DB by
default instead of the hosted DB for self-hosted instances. The cloud
instance should still use the hosted DB :- _The embedded postgres
authentication is set to the type `trust`, allowing the existing
template mockdb meta data to be used without any update to the existing
templates mockdb endpoint and credentials_
**Note: There is an additional table `mydb` added to the mockdb for
quickly verifying the db source is the embedded postgres, since the
cloud mockdb does not have that table.**
---------
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
Fixes#19969.
The previous PR that fixed this was failing with the way we were
creating the initial user on MongoDB. This PR addresses that.
Co-authored-by: Aishwarya UR <aishwarya@appsmith.com>
This upgrade takes care of our move to JDK 17, Spring Boot 3.0.1 and a
few other security upgrades along the way.
Fixes#18993
TODO:
- [x] Check CI changes for Java 17
- [x] Check vulnerability report
- [x] Mongock needs an upgrade
- [x] Add JVM args at all possible places for exposing java.time module
- [x] Add type adapters everywhere / use the same config for type
adapters everywhere
Fixes: [19207](https://github.com/appsmithorg/appsmith/issues/19207)
**By default on start-up**
```
root@ab348246fff8:/appsmith-stacks/logs# head backend/backend-ab348246fff8.log
Waiting for RTS to start ...
RTS started.
Starting Backend server...
Load environment configuration
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/opt/appsmith/backend/server.jar!/BOOT-INF/lib/logback-classic-1.2.11.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/appsmith/backend/server.jar!/BOOT-INF/lib/slf4j-reload4j-1.7.36.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder]
[2022-12-26 11:39:34,962] - Starting ServerApplication vv1.8.14.1 using Java 11.0.17 on ab348246fff8 with PID 1543 (/opt/appsmith/backend/server.jar started by root in /opt/appsmith/backend)
```
**Upon stopping RTS manually**
```
root@ab348246fff8:/appsmith-stacks/logs# supervisorctl stop rts
rts: stopped
root@ab348246fff8:/appsmith-stacks/logs# supervisorctl status
backend RUNNING pid 1497, uptime 0:01:21
cron RUNNING pid 1505, uptime 0:01:21
editor RUNNING pid 1502, uptime 0:01:21
mongodb RUNNING pid 1491, uptime 0:01:21
redis RUNNING pid 1490, uptime 0:01:21
rts STOPPED Dec 26 11:40 AM
stdout RUNNING pid 1489, uptime 0:01:21
```
**Restart Backend service to check if backend service starts**
```
root@ab348246fff8:/appsmith-stacks/logs# supervisorctl restart backend
backend: stopped
backend: started
root@ab348246fff8:/appsmith-stacks/logs# supervisorctl status
backend RUNNING pid 1802, uptime 0:00:12
cron RUNNING pid 1505, uptime 0:01:43
editor RUNNING pid 1502, uptime 0:01:43
mongodb RUNNING pid 1491, uptime 0:01:43
redis RUNNING pid 1490, uptime 0:01:43
rts STOPPED Dec 26 11:40 AM
stdout RUNNING pid 1489, uptime 0:01:43
root@ab348246fff8:/appsmith-stacks/logs# supervisorctl ^C
root@ab348246fff8:/appsmith-stacks/logs# tail -f backend/backend-ab348246fff8.log
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
Waiting for RTS to start ...
^C
```
**Upon starting RTS the behaviour of backend immediately**
```
root@ab348246fff8:/appsmith-stacks/logs# supervisorctl start rts
rts: started
root@ab348246fff8:/appsmith-stacks/logs# tail -f backend/backend-ab348246fff8.log
Starting Backend server...
Load environment configuration
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/opt/appsmith/backend/server.jar!/BOOT-INF/lib/logback-classic-1.2.11.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/opt/appsmith/backend/server.jar!/BOOT-INF/lib/slf4j-reload4j-1.7.36.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder]
[2022-12-26 11:41:33,796] - Starting ServerApplication vv1.8.14.1 using Java 11.0.17 on ab348246fff8 with PID 1968 (/opt/appsmith/backend/server.jar started by root in /opt/appsmith/backend)
[2022-12-26 11:41:33,799] - Running with Spring Boot v2.6.5, Spring v5.3.17
[2022-12-26 11:41:33,803] - No active profile set, falling back to 1 default profile: "default"
[2022-12-26 11:41:34,615] - Multiple Spring Data modules found, entering strict repository configuration mode!
[2022-12-26 11:41:34,616] - Bootstrapping Spring Data Reactive MongoDB repositories in DEFAULT mode.
[2022-12-26 11:41:34,859] - Finished Spring Data repository scanning in 239 ms. Found 55 Reactive MongoDB repository interfaces.
[2022-12-26 11:41:35,220] - Multiple Spring Data modules found, entering strict repository configuration mode!
[2022-12-26 11:41:35,221] - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
```
* rts configurations for ast
* update shared dependencies.json for shared ast module
* feat: api for script to identifiers
* fix: typo for identifiers
* feat: api for multiple scripts to get identifiers
* fix: rts config, apis for ast
* fix: removed unnecessary changes for ast modules
* fix: docker image for rts including ast shared module, rts file alias ref
* fix: added comments in build.sh file
Co-authored-by: Aman Agarwal <aman@appsmith.com>
## Description
- Added the removal of rts previous build before building new image
- Fixed Fat container copying of dist folder to rts image directory path in docker container
Fixes#16091
## Type of change
- Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
> Please describe the tests that you ran to verify your changes. Provide instructions, so we can reproduce.
> Please also list any relevant details for your test configuration.
- Test A
- Test B
## Checklist:
- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] New and existing unit tests pass locally with my changes
- Auto-cleanup of backup files using env variable APPSMITH_BACKUP_ARCHIVE_LIMIT (default value is 4) after every backup.
- Updated docker file to include watchtower hook scripts.
- Error mail interval to 6hrs.
Refactor flow to generate nginx configuration file corresponding Custom domain set up
Add 2 template for Nginx template for HTTP and HTTPS. HTTPS contains new block for auto-redirect for HTTPS
