mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-14 02:15:23 +02:00
Merge branch 'canary' into feat-lark-webhook
This commit is contained in:
@@ -108,6 +108,12 @@ export const member = pgTable("member", {
|
||||
canAccessToTraefikFiles: boolean("canAccessToTraefikFiles")
|
||||
.notNull()
|
||||
.default(false),
|
||||
canDeleteEnvironments: boolean("canDeleteEnvironments")
|
||||
.notNull()
|
||||
.default(false),
|
||||
canCreateEnvironments: boolean("canCreateEnvironments")
|
||||
.notNull()
|
||||
.default(false),
|
||||
accessedProjects: text("accesedProjects")
|
||||
.array()
|
||||
.notNull()
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import { relations } from "drizzle-orm";
|
||||
import {
|
||||
bigint,
|
||||
boolean,
|
||||
integer,
|
||||
json,
|
||||
@@ -20,7 +21,6 @@ import { gitlab } from "./gitlab";
|
||||
import { mounts } from "./mount";
|
||||
import { ports } from "./port";
|
||||
import { previewDeployments } from "./preview-deployments";
|
||||
import { projects } from "./project";
|
||||
import { redirects } from "./redirects";
|
||||
import { registry } from "./registry";
|
||||
import { security } from "./security";
|
||||
@@ -80,6 +80,7 @@ export const applications = pgTable("application", {
|
||||
previewEnv: text("previewEnv"),
|
||||
watchPaths: text("watchPaths").array(),
|
||||
previewBuildArgs: text("previewBuildArgs"),
|
||||
previewBuildSecrets: text("previewBuildSecrets"),
|
||||
previewLabels: text("previewLabels").array(),
|
||||
previewWildcard: text("previewWildcard"),
|
||||
previewPort: integer("previewPort").default(3000),
|
||||
@@ -99,6 +100,7 @@ export const applications = pgTable("application", {
|
||||
).default(true),
|
||||
rollbackActive: boolean("rollbackActive").default(false),
|
||||
buildArgs: text("buildArgs"),
|
||||
buildSecrets: text("buildSecrets"),
|
||||
memoryReservation: text("memoryReservation"),
|
||||
memoryLimit: text("memoryLimit"),
|
||||
cpuReservation: text("cpuReservation"),
|
||||
@@ -164,6 +166,7 @@ export const applications = pgTable("application", {
|
||||
modeSwarm: json("modeSwarm").$type<ServiceModeSwarm>(),
|
||||
labelsSwarm: json("labelsSwarm").$type<LabelsSwarm>(),
|
||||
networkSwarm: json("networkSwarm").$type<NetworkSwarm[]>(),
|
||||
stopGracePeriodSwarm: bigint("stopGracePeriodSwarm", { mode: "bigint" }),
|
||||
//
|
||||
replicas: integer("replicas").default(1).notNull(),
|
||||
applicationStatus: applicationStatus("applicationStatus")
|
||||
@@ -252,6 +255,7 @@ const createSchema = createInsertSchema(applications, {
|
||||
autoDeploy: z.boolean(),
|
||||
env: z.string().optional(),
|
||||
buildArgs: z.string().optional(),
|
||||
buildSecrets: z.string().optional(),
|
||||
name: z.string().min(1),
|
||||
description: z.string().optional(),
|
||||
memoryReservation: z.string().optional(),
|
||||
@@ -303,6 +307,7 @@ const createSchema = createInsertSchema(applications, {
|
||||
previewPort: z.number().optional(),
|
||||
previewEnv: z.string().optional(),
|
||||
previewBuildArgs: z.string().optional(),
|
||||
previewBuildSecrets: z.string().optional(),
|
||||
previewWildcard: z.string().optional(),
|
||||
previewLimit: z.number().optional(),
|
||||
previewHttps: z.boolean().optional(),
|
||||
@@ -312,6 +317,7 @@ const createSchema = createInsertSchema(applications, {
|
||||
watchPaths: z.array(z.string()).optional(),
|
||||
previewLabels: z.array(z.string()).optional(),
|
||||
cleanCache: z.boolean().optional(),
|
||||
stopGracePeriodSwarm: z.bigint().nullable(),
|
||||
});
|
||||
|
||||
export const apiCreateApplication = createSchema.pick({
|
||||
@@ -456,6 +462,7 @@ export const apiSaveEnvironmentVariables = createSchema
|
||||
applicationId: true,
|
||||
env: true,
|
||||
buildArgs: true,
|
||||
buildSecrets: true,
|
||||
})
|
||||
.required();
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ export const deploymentStatus = pgEnum("deploymentStatus", [
|
||||
"running",
|
||||
"done",
|
||||
"error",
|
||||
"cancelled",
|
||||
]);
|
||||
|
||||
export const deployments = pgTable("deployment", {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { relations } from "drizzle-orm";
|
||||
import { integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { bigint, integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { createInsertSchema } from "drizzle-zod";
|
||||
import { nanoid } from "nanoid";
|
||||
import { z } from "zod";
|
||||
@@ -62,6 +62,7 @@ export const mariadb = pgTable("mariadb", {
|
||||
modeSwarm: json("modeSwarm").$type<ServiceModeSwarm>(),
|
||||
labelsSwarm: json("labelsSwarm").$type<LabelsSwarm>(),
|
||||
networkSwarm: json("networkSwarm").$type<NetworkSwarm[]>(),
|
||||
stopGracePeriodSwarm: bigint("stopGracePeriodSwarm", { mode: "bigint" }),
|
||||
replicas: integer("replicas").default(1).notNull(),
|
||||
createdAt: text("createdAt")
|
||||
.notNull()
|
||||
@@ -128,6 +129,7 @@ const createSchema = createInsertSchema(mariadb, {
|
||||
modeSwarm: ServiceModeSwarmSchema.nullable(),
|
||||
labelsSwarm: LabelsSwarmSchema.nullable(),
|
||||
networkSwarm: NetworkSwarmSchema.nullable(),
|
||||
stopGracePeriodSwarm: z.bigint().nullable(),
|
||||
});
|
||||
|
||||
export const apiCreateMariaDB = createSchema
|
||||
|
||||
@@ -1,5 +1,12 @@
|
||||
import { relations } from "drizzle-orm";
|
||||
import { boolean, integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import {
|
||||
bigint,
|
||||
boolean,
|
||||
integer,
|
||||
json,
|
||||
pgTable,
|
||||
text,
|
||||
} from "drizzle-orm/pg-core";
|
||||
import { createInsertSchema } from "drizzle-zod";
|
||||
import { nanoid } from "nanoid";
|
||||
import { z } from "zod";
|
||||
@@ -58,6 +65,7 @@ export const mongo = pgTable("mongo", {
|
||||
modeSwarm: json("modeSwarm").$type<ServiceModeSwarm>(),
|
||||
labelsSwarm: json("labelsSwarm").$type<LabelsSwarm>(),
|
||||
networkSwarm: json("networkSwarm").$type<NetworkSwarm[]>(),
|
||||
stopGracePeriodSwarm: bigint("stopGracePeriodSwarm", { mode: "bigint" }),
|
||||
replicas: integer("replicas").default(1).notNull(),
|
||||
createdAt: text("createdAt")
|
||||
.notNull()
|
||||
@@ -118,6 +126,7 @@ const createSchema = createInsertSchema(mongo, {
|
||||
modeSwarm: ServiceModeSwarmSchema.nullable(),
|
||||
labelsSwarm: LabelsSwarmSchema.nullable(),
|
||||
networkSwarm: NetworkSwarmSchema.nullable(),
|
||||
stopGracePeriodSwarm: z.bigint().nullable(),
|
||||
});
|
||||
|
||||
export const apiCreateMongo = createSchema
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { relations } from "drizzle-orm";
|
||||
import { integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { bigint, integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { createInsertSchema } from "drizzle-zod";
|
||||
import { nanoid } from "nanoid";
|
||||
import { z } from "zod";
|
||||
@@ -60,6 +60,7 @@ export const mysql = pgTable("mysql", {
|
||||
modeSwarm: json("modeSwarm").$type<ServiceModeSwarm>(),
|
||||
labelsSwarm: json("labelsSwarm").$type<LabelsSwarm>(),
|
||||
networkSwarm: json("networkSwarm").$type<NetworkSwarm[]>(),
|
||||
stopGracePeriodSwarm: bigint("stopGracePeriodSwarm", { mode: "bigint" }),
|
||||
replicas: integer("replicas").default(1).notNull(),
|
||||
createdAt: text("createdAt")
|
||||
.notNull()
|
||||
@@ -125,6 +126,7 @@ const createSchema = createInsertSchema(mysql, {
|
||||
modeSwarm: ServiceModeSwarmSchema.nullable(),
|
||||
labelsSwarm: LabelsSwarmSchema.nullable(),
|
||||
networkSwarm: NetworkSwarmSchema.nullable(),
|
||||
stopGracePeriodSwarm: z.bigint().nullable(),
|
||||
});
|
||||
|
||||
export const apiCreateMySql = createSchema
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { relations } from "drizzle-orm";
|
||||
import { integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { bigint, integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { createInsertSchema } from "drizzle-zod";
|
||||
import { nanoid } from "nanoid";
|
||||
import { z } from "zod";
|
||||
@@ -60,6 +60,7 @@ export const postgres = pgTable("postgres", {
|
||||
modeSwarm: json("modeSwarm").$type<ServiceModeSwarm>(),
|
||||
labelsSwarm: json("labelsSwarm").$type<LabelsSwarm>(),
|
||||
networkSwarm: json("networkSwarm").$type<NetworkSwarm[]>(),
|
||||
stopGracePeriodSwarm: bigint("stopGracePeriodSwarm", { mode: "bigint" }),
|
||||
replicas: integer("replicas").default(1).notNull(),
|
||||
createdAt: text("createdAt")
|
||||
.notNull()
|
||||
@@ -118,6 +119,7 @@ const createSchema = createInsertSchema(postgres, {
|
||||
modeSwarm: ServiceModeSwarmSchema.nullable(),
|
||||
labelsSwarm: LabelsSwarmSchema.nullable(),
|
||||
networkSwarm: NetworkSwarmSchema.nullable(),
|
||||
stopGracePeriodSwarm: z.bigint().nullable(),
|
||||
});
|
||||
|
||||
export const apiCreatePostgres = createSchema
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { relations } from "drizzle-orm";
|
||||
import { integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { bigint, integer, json, pgTable, text } from "drizzle-orm/pg-core";
|
||||
import { createInsertSchema } from "drizzle-zod";
|
||||
import { nanoid } from "nanoid";
|
||||
import { z } from "zod";
|
||||
@@ -60,6 +60,7 @@ export const redis = pgTable("redis", {
|
||||
modeSwarm: json("modeSwarm").$type<ServiceModeSwarm>(),
|
||||
labelsSwarm: json("labelsSwarm").$type<LabelsSwarm>(),
|
||||
networkSwarm: json("networkSwarm").$type<NetworkSwarm[]>(),
|
||||
stopGracePeriodSwarm: bigint("stopGracePeriodSwarm", { mode: "bigint" }),
|
||||
replicas: integer("replicas").default(1).notNull(),
|
||||
|
||||
environmentId: text("environmentId")
|
||||
@@ -108,6 +109,7 @@ const createSchema = createInsertSchema(redis, {
|
||||
modeSwarm: ServiceModeSwarmSchema.nullable(),
|
||||
labelsSwarm: LabelsSwarmSchema.nullable(),
|
||||
networkSwarm: NetworkSwarmSchema.nullable(),
|
||||
stopGracePeriodSwarm: z.bigint().nullable(),
|
||||
});
|
||||
|
||||
export const apiCreateRedis = createSchema
|
||||
|
||||
@@ -186,6 +186,8 @@ export const apiAssignPermissions = createSchema
|
||||
canAccessToAPI: z.boolean().optional(),
|
||||
canAccessToSSHKeys: z.boolean().optional(),
|
||||
canAccessToGitProviders: z.boolean().optional(),
|
||||
canDeleteEnvironments: z.boolean().optional(),
|
||||
canCreateEnvironments: z.boolean().optional(),
|
||||
})
|
||||
.required();
|
||||
|
||||
|
||||
@@ -68,6 +68,7 @@ export * from "./utils/backups/postgres";
|
||||
export * from "./utils/backups/utils";
|
||||
export * from "./utils/backups/web-server";
|
||||
export * from "./utils/builders/compose";
|
||||
export * from "./utils/startup/cancell-deployments";
|
||||
export * from "./utils/builders/docker-file";
|
||||
export * from "./utils/builders/drop";
|
||||
export * from "./utils/builders/heroku";
|
||||
|
||||
@@ -473,6 +473,7 @@ export const deployPreviewApplication = async ({
|
||||
application.appName = previewDeployment.appName;
|
||||
application.env = `${application.previewEnv}\nDOKPLOY_DEPLOY_URL=${previewDeployment?.domain?.host}`;
|
||||
application.buildArgs = application.previewBuildArgs;
|
||||
application.buildSecrets = application.previewBuildSecrets;
|
||||
|
||||
if (application.sourceType === "github") {
|
||||
await cloneGithubRepository({
|
||||
@@ -580,6 +581,7 @@ export const deployRemotePreviewApplication = async ({
|
||||
application.appName = previewDeployment.appName;
|
||||
application.env = `${application.previewEnv}\nDOKPLOY_DEPLOY_URL=${previewDeployment?.domain?.host}`;
|
||||
application.buildArgs = application.previewBuildArgs;
|
||||
application.buildSecrets = application.previewBuildSecrets;
|
||||
|
||||
if (application.serverId) {
|
||||
let command = "set -e;";
|
||||
|
||||
@@ -603,6 +603,21 @@ const BUNNY_CDN_IPS = new Set([
|
||||
"89.187.184.176",
|
||||
]);
|
||||
|
||||
// Arvancloud IP ranges
|
||||
// https://www.arvancloud.ir/fa/ips.txt
|
||||
const ARVANCLOUD_IP_RANGES = [
|
||||
"185.143.232.0/22",
|
||||
"188.229.116.16/29",
|
||||
"94.101.182.0/27",
|
||||
"2.144.3.128/28",
|
||||
"89.45.48.64/28",
|
||||
"37.32.16.0/27",
|
||||
"37.32.17.0/27",
|
||||
"37.32.18.0/27",
|
||||
"37.32.19.0/27",
|
||||
"185.215.232.0/22",
|
||||
];
|
||||
|
||||
const CDN_PROVIDERS: CDNProvider[] = [
|
||||
{
|
||||
name: "cloudflare",
|
||||
@@ -627,6 +642,14 @@ const CDN_PROVIDERS: CDNProvider[] = [
|
||||
warningMessage:
|
||||
"Domain is behind Fastly - actual IP is masked by CDN proxy",
|
||||
},
|
||||
{
|
||||
name: "arvancloud",
|
||||
displayName: "Arvancloud",
|
||||
checkIp: (ip: string) =>
|
||||
ARVANCLOUD_IP_RANGES.some((range) => isIPInCIDR(ip, range)),
|
||||
warningMessage:
|
||||
"Domain is behind Arvancloud - actual IP is masked by CDN proxy",
|
||||
},
|
||||
];
|
||||
|
||||
export const detectCDNProvider = (ip: string): CDNProvider | null => {
|
||||
|
||||
@@ -227,7 +227,7 @@ export const deployCompose = async ({
|
||||
|
||||
const buildLink = `${await getDokployUrl()}/dashboard/project/${
|
||||
compose.environment.projectId
|
||||
}/services/compose/${compose.composeId}?tab=deployments`;
|
||||
}/environment/${compose.environmentId}/services/compose/${compose.composeId}?tab=deployments`;
|
||||
const deployment = await createDeploymentCompose({
|
||||
composeId: composeId,
|
||||
title: titleLog,
|
||||
@@ -335,7 +335,7 @@ export const deployRemoteCompose = async ({
|
||||
|
||||
const buildLink = `${await getDokployUrl()}/dashboard/project/${
|
||||
compose.environment.projectId
|
||||
}/services/compose/${compose.composeId}?tab=deployments`;
|
||||
}/environment/${compose.environmentId}/services/compose/${compose.composeId}?tab=deployments`;
|
||||
const deployment = await createDeploymentCompose({
|
||||
composeId: composeId,
|
||||
title: titleLog,
|
||||
|
||||
@@ -163,6 +163,24 @@ export const canPerformAccessEnvironment = async (
|
||||
return false;
|
||||
};
|
||||
|
||||
export const canPerformDeleteEnvironment = async (
|
||||
userId: string,
|
||||
projectId: string,
|
||||
organizationId: string,
|
||||
) => {
|
||||
const { accessedProjects, canDeleteEnvironments } = await findMemberById(
|
||||
userId,
|
||||
organizationId,
|
||||
);
|
||||
const haveAccessToProject = accessedProjects.includes(projectId);
|
||||
|
||||
if (canDeleteEnvironments && haveAccessToProject) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
};
|
||||
|
||||
export const canAccessToTraefikFiles = async (
|
||||
userId: string,
|
||||
organizationId: string,
|
||||
@@ -240,6 +258,42 @@ export const checkEnvironmentAccess = async (
|
||||
}
|
||||
};
|
||||
|
||||
export const checkEnvironmentDeletionPermission = async (
|
||||
userId: string,
|
||||
projectId: string,
|
||||
organizationId: string,
|
||||
) => {
|
||||
const member = await findMemberById(userId, organizationId);
|
||||
|
||||
if (!member) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "User not found in organization",
|
||||
});
|
||||
}
|
||||
|
||||
if (member.role === "owner" || member.role === "admin") {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!member.canDeleteEnvironments) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You don't have permission to delete environments",
|
||||
});
|
||||
}
|
||||
|
||||
const hasProjectAccess = member.accessedProjects.includes(projectId);
|
||||
if (!hasProjectAccess) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You don't have access to this project",
|
||||
});
|
||||
}
|
||||
|
||||
return true;
|
||||
};
|
||||
|
||||
export const checkProjectAccess = async (
|
||||
authId: string,
|
||||
action: "create" | "delete" | "access",
|
||||
@@ -272,6 +326,46 @@ export const checkProjectAccess = async (
|
||||
}
|
||||
};
|
||||
|
||||
export const checkEnvironmentCreationPermission = async (
|
||||
userId: string,
|
||||
projectId: string,
|
||||
organizationId: string,
|
||||
) => {
|
||||
// Get user's member record
|
||||
const member = await findMemberById(userId, organizationId);
|
||||
|
||||
if (!member) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "User not found in organization",
|
||||
});
|
||||
}
|
||||
|
||||
// Owners and admins can always create environments
|
||||
if (member.role === "owner" || member.role === "admin") {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check if user has canCreateEnvironments permission
|
||||
if (!member.canCreateEnvironments) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You don't have permission to create environments",
|
||||
});
|
||||
}
|
||||
|
||||
// Check if user has access to the project
|
||||
const hasProjectAccess = member.accessedProjects.includes(projectId);
|
||||
if (!hasProjectAccess) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You don't have access to this project",
|
||||
});
|
||||
}
|
||||
|
||||
return true;
|
||||
};
|
||||
|
||||
export const findMemberById = async (
|
||||
userId: string,
|
||||
organizationId: string,
|
||||
|
||||
@@ -141,8 +141,8 @@ export function processValue(
|
||||
}
|
||||
if (
|
||||
typeof payload === "string" &&
|
||||
payload.startsWith("{") &&
|
||||
payload.endsWith("}")
|
||||
payload.trimStart().startsWith("{") &&
|
||||
payload.trimEnd().endsWith("}")
|
||||
) {
|
||||
try {
|
||||
payload = JSON.parse(payload);
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
import type { WriteStream } from "node:fs";
|
||||
import { prepareEnvironmentVariables } from "@dokploy/server/utils/docker/utils";
|
||||
import {
|
||||
getEnviromentVariablesObject,
|
||||
prepareEnvironmentVariables,
|
||||
} from "@dokploy/server/utils/docker/utils";
|
||||
import {
|
||||
getBuildAppDirectory,
|
||||
getDockerContextPath,
|
||||
@@ -17,6 +20,7 @@ export const buildCustomDocker = async (
|
||||
env,
|
||||
publishDirectory,
|
||||
buildArgs,
|
||||
buildSecrets,
|
||||
dockerBuildStage,
|
||||
cleanCache,
|
||||
} = application;
|
||||
@@ -26,11 +30,6 @@ export const buildCustomDocker = async (
|
||||
|
||||
const defaultContextPath =
|
||||
dockerFilePath.substring(0, dockerFilePath.lastIndexOf("/") + 1) || ".";
|
||||
const args = prepareEnvironmentVariables(
|
||||
buildArgs,
|
||||
application.environment.project.env,
|
||||
application.environment.env,
|
||||
);
|
||||
|
||||
const dockerContextPath = getDockerContextPath(application);
|
||||
|
||||
@@ -44,9 +43,29 @@ export const buildCustomDocker = async (
|
||||
commandArgs.push("--target", dockerBuildStage);
|
||||
}
|
||||
|
||||
const args = prepareEnvironmentVariables(
|
||||
buildArgs,
|
||||
application.environment.project.env,
|
||||
application.environment.env,
|
||||
);
|
||||
|
||||
for (const arg of args) {
|
||||
commandArgs.push("--build-arg", arg);
|
||||
}
|
||||
|
||||
const secrets = getEnviromentVariablesObject(
|
||||
buildSecrets,
|
||||
application.environment.project.env,
|
||||
application.environment.env,
|
||||
);
|
||||
|
||||
for (const key in secrets) {
|
||||
// Although buildx is smart enough to know we may be referring to an environment variable name,
|
||||
// we still make sure it doesn't fall back to type=file.
|
||||
// See: https://docs.docker.com/reference/cli/docker/buildx/build/#secret
|
||||
commandArgs.push("--secret", `type=env,id=${key}`);
|
||||
}
|
||||
|
||||
/*
|
||||
Do not generate an environment file when publishDirectory is specified,
|
||||
as it could be publicly exposed.
|
||||
@@ -70,6 +89,10 @@ export const buildCustomDocker = async (
|
||||
},
|
||||
{
|
||||
cwd: dockerContextPath || defaultContextPath,
|
||||
env: {
|
||||
...process.env,
|
||||
...secrets,
|
||||
},
|
||||
},
|
||||
);
|
||||
} catch (error) {
|
||||
@@ -86,6 +109,7 @@ export const getDockerCommand = (
|
||||
env,
|
||||
publishDirectory,
|
||||
buildArgs,
|
||||
buildSecrets,
|
||||
dockerBuildStage,
|
||||
cleanCache,
|
||||
} = application;
|
||||
@@ -96,11 +120,6 @@ export const getDockerCommand = (
|
||||
|
||||
const defaultContextPath =
|
||||
dockerFilePath.substring(0, dockerFilePath.lastIndexOf("/") + 1) || ".";
|
||||
const args = prepareEnvironmentVariables(
|
||||
buildArgs,
|
||||
application.environment.project.env,
|
||||
application.environment.env,
|
||||
);
|
||||
|
||||
const dockerContextPath =
|
||||
getDockerContextPath(application) || defaultContextPath;
|
||||
@@ -115,10 +134,33 @@ export const getDockerCommand = (
|
||||
commandArgs.push("--no-cache");
|
||||
}
|
||||
|
||||
const args = prepareEnvironmentVariables(
|
||||
buildArgs,
|
||||
application.environment.project.env,
|
||||
application.environment.env,
|
||||
);
|
||||
|
||||
for (const arg of args) {
|
||||
commandArgs.push("--build-arg", `'${arg}'`);
|
||||
}
|
||||
|
||||
const secrets = getEnviromentVariablesObject(
|
||||
buildSecrets,
|
||||
application.environment.project.env,
|
||||
application.environment.env,
|
||||
);
|
||||
|
||||
const joinedSecrets = Object.entries(secrets)
|
||||
.map(([key, value]) => `${key}='${value.replace(/'/g, "'\"'\"'")}'`)
|
||||
.join(" ");
|
||||
|
||||
for (const key in secrets) {
|
||||
// Although buildx is smart enough to know we may be referring to an environment variable name,
|
||||
// we still make sure it doesn't fall back to `type=file`.
|
||||
// See: https://docs.docker.com/reference/cli/docker/buildx/build/#secret
|
||||
commandArgs.push("--secret", `type=env,id=${key}`);
|
||||
}
|
||||
|
||||
/*
|
||||
Do not generate an environment file when publishDirectory is specified,
|
||||
as it could be publicly exposed.
|
||||
@@ -140,7 +182,7 @@ cd ${dockerContextPath} >> ${logPath} 2>> ${logPath} || {
|
||||
exit 1;
|
||||
}
|
||||
|
||||
docker ${commandArgs.join(" ")} >> ${logPath} 2>> ${logPath} || {
|
||||
${joinedSecrets} docker ${commandArgs.join(" ")} >> ${logPath} 2>> ${logPath} || {
|
||||
echo "❌ Docker build failed" >> ${logPath};
|
||||
exit 1;
|
||||
}
|
||||
|
||||
@@ -142,6 +142,7 @@ export const mechanizeDockerContainer = async (
|
||||
RollbackConfig,
|
||||
UpdateConfig,
|
||||
Networks,
|
||||
StopGracePeriod,
|
||||
} = generateConfigContainer(application);
|
||||
|
||||
const bindsMount = generateBindMounts(mounts);
|
||||
@@ -191,6 +192,8 @@ export const mechanizeDockerContainer = async (
|
||||
})),
|
||||
},
|
||||
UpdateConfig,
|
||||
...(StopGracePeriod !== undefined &&
|
||||
StopGracePeriod !== null && { StopGracePeriod }),
|
||||
};
|
||||
|
||||
try {
|
||||
|
||||
@@ -45,6 +45,7 @@ export const buildMariadb = async (mariadb: MariadbNested) => {
|
||||
RollbackConfig,
|
||||
UpdateConfig,
|
||||
Networks,
|
||||
StopGracePeriod,
|
||||
} = generateConfigContainer(mariadb);
|
||||
const resources = calculateResources({
|
||||
memoryLimit,
|
||||
@@ -102,6 +103,8 @@ export const buildMariadb = async (mariadb: MariadbNested) => {
|
||||
: [],
|
||||
},
|
||||
UpdateConfig,
|
||||
...(StopGracePeriod !== undefined &&
|
||||
StopGracePeriod !== null && { StopGracePeriod }),
|
||||
};
|
||||
try {
|
||||
const service = docker.getService(appName);
|
||||
|
||||
@@ -91,6 +91,7 @@ ${command ?? "wait $MONGOD_PID"}`;
|
||||
RollbackConfig,
|
||||
UpdateConfig,
|
||||
Networks,
|
||||
StopGracePeriod,
|
||||
} = generateConfigContainer(mongo);
|
||||
|
||||
const resources = calculateResources({
|
||||
@@ -155,6 +156,8 @@ ${command ?? "wait $MONGOD_PID"}`;
|
||||
: [],
|
||||
},
|
||||
UpdateConfig,
|
||||
...(StopGracePeriod !== undefined &&
|
||||
StopGracePeriod !== null && { StopGracePeriod }),
|
||||
};
|
||||
|
||||
try {
|
||||
|
||||
@@ -51,6 +51,7 @@ export const buildMysql = async (mysql: MysqlNested) => {
|
||||
RollbackConfig,
|
||||
UpdateConfig,
|
||||
Networks,
|
||||
StopGracePeriod,
|
||||
} = generateConfigContainer(mysql);
|
||||
const resources = calculateResources({
|
||||
memoryLimit,
|
||||
@@ -108,6 +109,8 @@ export const buildMysql = async (mysql: MysqlNested) => {
|
||||
: [],
|
||||
},
|
||||
UpdateConfig,
|
||||
...(StopGracePeriod !== undefined &&
|
||||
StopGracePeriod !== null && { StopGracePeriod }),
|
||||
};
|
||||
try {
|
||||
const service = docker.getService(appName);
|
||||
|
||||
@@ -44,6 +44,7 @@ export const buildPostgres = async (postgres: PostgresNested) => {
|
||||
RollbackConfig,
|
||||
UpdateConfig,
|
||||
Networks,
|
||||
StopGracePeriod,
|
||||
} = generateConfigContainer(postgres);
|
||||
const resources = calculateResources({
|
||||
memoryLimit,
|
||||
@@ -101,6 +102,8 @@ export const buildPostgres = async (postgres: PostgresNested) => {
|
||||
: [],
|
||||
},
|
||||
UpdateConfig,
|
||||
...(StopGracePeriod !== undefined &&
|
||||
StopGracePeriod !== null && { StopGracePeriod }),
|
||||
};
|
||||
try {
|
||||
const service = docker.getService(appName);
|
||||
|
||||
@@ -42,6 +42,7 @@ export const buildRedis = async (redis: RedisNested) => {
|
||||
RollbackConfig,
|
||||
UpdateConfig,
|
||||
Networks,
|
||||
StopGracePeriod,
|
||||
} = generateConfigContainer(redis);
|
||||
const resources = calculateResources({
|
||||
memoryLimit,
|
||||
@@ -98,6 +99,8 @@ export const buildRedis = async (redis: RedisNested) => {
|
||||
: [],
|
||||
},
|
||||
UpdateConfig,
|
||||
...(StopGracePeriod !== undefined &&
|
||||
StopGracePeriod !== null && { StopGracePeriod }),
|
||||
};
|
||||
|
||||
try {
|
||||
|
||||
@@ -394,8 +394,14 @@ export const generateConfigContainer = (
|
||||
replicas,
|
||||
mounts,
|
||||
networkSwarm,
|
||||
stopGracePeriodSwarm,
|
||||
} = application;
|
||||
|
||||
const sanitizedStopGracePeriodSwarm =
|
||||
typeof stopGracePeriodSwarm === "bigint"
|
||||
? Number(stopGracePeriodSwarm)
|
||||
: stopGracePeriodSwarm;
|
||||
|
||||
const haveMounts = mounts && mounts.length > 0;
|
||||
|
||||
return {
|
||||
@@ -444,6 +450,10 @@ export const generateConfigContainer = (
|
||||
Order: "start-first",
|
||||
},
|
||||
}),
|
||||
...(sanitizedStopGracePeriodSwarm !== null &&
|
||||
sanitizedStopGracePeriodSwarm !== undefined && {
|
||||
StopGracePeriod: sanitizedStopGracePeriodSwarm,
|
||||
}),
|
||||
...(networkSwarm
|
||||
? {
|
||||
Networks: networkSwarm,
|
||||
|
||||
@@ -34,6 +34,7 @@ export const sendEmailNotification = async (
|
||||
to: toAddresses.join(", "),
|
||||
subject,
|
||||
html: htmlContent,
|
||||
textEncoding: "base64",
|
||||
});
|
||||
} catch (err) {
|
||||
console.log(err);
|
||||
|
||||
@@ -31,29 +31,51 @@ export const getBitbucketCloneUrl = (
|
||||
apiToken?: string | null;
|
||||
bitbucketUsername?: string | null;
|
||||
appPassword?: string | null;
|
||||
bitbucketEmail?: string | null;
|
||||
bitbucketWorkspaceName?: string | null;
|
||||
} | null,
|
||||
repoClone: string,
|
||||
) => {
|
||||
if (!bitbucketProvider) {
|
||||
throw new Error("Bitbucket provider is required");
|
||||
}
|
||||
return bitbucketProvider.apiToken
|
||||
? `https://x-token-auth:${bitbucketProvider.apiToken}@${repoClone}`
|
||||
: `https://${bitbucketProvider.bitbucketUsername}:${bitbucketProvider.appPassword}@${repoClone}`;
|
||||
|
||||
if (bitbucketProvider.apiToken) {
|
||||
return `https://x-bitbucket-api-token-auth:${bitbucketProvider.apiToken}@${repoClone}`;
|
||||
}
|
||||
|
||||
// For app passwords, use username:app_password format
|
||||
if (!bitbucketProvider.bitbucketUsername || !bitbucketProvider.appPassword) {
|
||||
throw new Error(
|
||||
"Username and app password are required when not using API token",
|
||||
);
|
||||
}
|
||||
return `https://${bitbucketProvider.bitbucketUsername}:${bitbucketProvider.appPassword}@${repoClone}`;
|
||||
};
|
||||
|
||||
export const getBitbucketHeaders = (bitbucketProvider: Bitbucket) => {
|
||||
if (bitbucketProvider.apiToken) {
|
||||
// For API tokens, use HTTP Basic auth with email and token
|
||||
// According to Bitbucket docs: email:token for API calls
|
||||
const email =
|
||||
bitbucketProvider.bitbucketEmail || bitbucketProvider.bitbucketUsername;
|
||||
// According to Bitbucket official docs, for API calls with API tokens:
|
||||
// "You will need both your Atlassian account email and an API token"
|
||||
// Use: {atlassian_account_email}:{api_token}
|
||||
|
||||
if (!bitbucketProvider.bitbucketEmail) {
|
||||
throw new Error(
|
||||
"Atlassian account email is required when using API token for API calls",
|
||||
);
|
||||
}
|
||||
|
||||
return {
|
||||
Authorization: `Basic ${Buffer.from(`${email}:${bitbucketProvider.apiToken}`).toString("base64")}`,
|
||||
Authorization: `Basic ${Buffer.from(`${bitbucketProvider.bitbucketEmail}:${bitbucketProvider.apiToken}`).toString("base64")}`,
|
||||
};
|
||||
}
|
||||
|
||||
// For app passwords, use HTTP Basic auth with username and app password
|
||||
if (!bitbucketProvider.bitbucketUsername || !bitbucketProvider.appPassword) {
|
||||
throw new Error(
|
||||
"Username and app password are required when not using API token",
|
||||
);
|
||||
}
|
||||
return {
|
||||
Authorization: `Basic ${Buffer.from(`${bitbucketProvider.bitbucketUsername}:${bitbucketProvider.appPassword}`).toString("base64")}`,
|
||||
};
|
||||
|
||||
@@ -99,6 +99,19 @@ export const refreshGiteaToken = async (giteaProviderId: string) => {
|
||||
}
|
||||
};
|
||||
|
||||
const buildGiteaCloneUrl = (
|
||||
giteaUrl: string,
|
||||
accessToken: string,
|
||||
owner: string,
|
||||
repository: string,
|
||||
) => {
|
||||
const protocol = giteaUrl.startsWith("http://") ? "http" : "https";
|
||||
const baseUrl = giteaUrl.replace(/^https?:\/\//, "");
|
||||
const repoClone = `${owner}/${repository}.git`;
|
||||
const cloneUrl = `${protocol}://oauth2:${accessToken}@${baseUrl}/${repoClone}`;
|
||||
return cloneUrl;
|
||||
};
|
||||
|
||||
export type ApplicationWithGitea = InferResultType<
|
||||
"applications",
|
||||
{ gitea: true }
|
||||
@@ -148,9 +161,13 @@ export const getGiteaCloneCommand = async (
|
||||
const basePath = isCompose ? COMPOSE_PATH : APPLICATIONS_PATH;
|
||||
const outputPath = join(basePath, appName, "code");
|
||||
|
||||
const baseUrl = gitea?.giteaUrl.replace(/^https?:\/\//, "");
|
||||
const repoClone = `${giteaOwner}/${giteaRepository}.git`;
|
||||
const cloneUrl = `https://oauth2:${gitea?.accessToken}@${baseUrl}/${repoClone}`;
|
||||
const cloneUrl = buildGiteaCloneUrl(
|
||||
gitea?.giteaUrl!,
|
||||
gitea?.accessToken!,
|
||||
giteaOwner!,
|
||||
giteaRepository!,
|
||||
);
|
||||
|
||||
const cloneCommand = `
|
||||
rm -rf ${outputPath};
|
||||
@@ -205,8 +222,12 @@ export const cloneGiteaRepository = async (
|
||||
await recreateDirectory(outputPath);
|
||||
|
||||
const repoClone = `${giteaOwner}/${giteaRepository}.git`;
|
||||
const baseUrl = giteaProvider.giteaUrl.replace(/^https?:\/\//, "");
|
||||
const cloneUrl = `https://oauth2:${giteaProvider.accessToken}@${baseUrl}/${repoClone}`;
|
||||
const cloneUrl = buildGiteaCloneUrl(
|
||||
giteaProvider.giteaUrl,
|
||||
giteaProvider.accessToken!,
|
||||
giteaOwner!,
|
||||
giteaRepository!,
|
||||
);
|
||||
|
||||
writeStream.write(`\nCloning Repo ${repoClone} to ${outputPath}...\n`);
|
||||
|
||||
@@ -269,9 +290,12 @@ export const cloneRawGiteaRepository = async (entity: Compose) => {
|
||||
const outputPath = join(basePath, appName, "code");
|
||||
await recreateDirectory(outputPath);
|
||||
|
||||
const repoClone = `${giteaOwner}/${giteaRepository}.git`;
|
||||
const baseUrl = giteaProvider.giteaUrl.replace(/^https?:\/\//, "");
|
||||
const cloneUrl = `https://oauth2:${giteaProvider.accessToken}@${baseUrl}/${repoClone}`;
|
||||
const cloneUrl = buildGiteaCloneUrl(
|
||||
giteaProvider.giteaUrl,
|
||||
giteaProvider.accessToken!,
|
||||
giteaOwner!,
|
||||
giteaRepository!,
|
||||
);
|
||||
|
||||
try {
|
||||
await spawnAsync("git", [
|
||||
@@ -317,9 +341,13 @@ export const cloneRawGiteaRepositoryRemote = async (compose: Compose) => {
|
||||
const giteaProvider = await findGiteaById(giteaId);
|
||||
const basePath = COMPOSE_PATH;
|
||||
const outputPath = join(basePath, appName, "code");
|
||||
const repoClone = `${giteaOwner}/${giteaRepository}.git`;
|
||||
const baseUrl = giteaProvider.giteaUrl.replace(/^https?:\/\//, "");
|
||||
const cloneUrl = `https://oauth2:${giteaProvider.accessToken}@${baseUrl}/${repoClone}`;
|
||||
const cloneUrl = buildGiteaCloneUrl(
|
||||
giteaProvider.giteaUrl,
|
||||
giteaProvider.accessToken!,
|
||||
giteaOwner!,
|
||||
giteaRepository!,
|
||||
);
|
||||
|
||||
try {
|
||||
const command = `
|
||||
rm -rf ${outputPath};
|
||||
|
||||
21
packages/server/src/utils/startup/cancell-deployments.ts
Normal file
21
packages/server/src/utils/startup/cancell-deployments.ts
Normal file
@@ -0,0 +1,21 @@
|
||||
import { deployments } from "@dokploy/server/db/schema";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { db } from "../../db/index";
|
||||
|
||||
export const initCancelDeployments = async () => {
|
||||
try {
|
||||
console.log("Setting up cancel deployments....");
|
||||
|
||||
const result = await db
|
||||
.update(deployments)
|
||||
.set({
|
||||
status: "cancelled",
|
||||
})
|
||||
.where(eq(deployments.status, "running"))
|
||||
.returning();
|
||||
|
||||
console.log(`Cancelled ${result.length} deployments`);
|
||||
} catch (error) {
|
||||
console.error(error);
|
||||
}
|
||||
};
|
||||
@@ -46,8 +46,14 @@ export const deleteMiddleware = (
|
||||
};
|
||||
|
||||
export const deleteAllMiddlewares = async (application: ApplicationNested) => {
|
||||
const config = loadMiddlewares<FileConfig>();
|
||||
const { security, appName, redirects } = application;
|
||||
const { security, appName, redirects, serverId } = application;
|
||||
let config: FileConfig;
|
||||
|
||||
if (serverId) {
|
||||
config = await loadRemoteMiddlewares(serverId);
|
||||
} else {
|
||||
config = loadMiddlewares<FileConfig>();
|
||||
}
|
||||
|
||||
if (config.http?.middlewares) {
|
||||
if (security.length > 0) {
|
||||
@@ -62,8 +68,8 @@ export const deleteAllMiddlewares = async (application: ApplicationNested) => {
|
||||
}
|
||||
}
|
||||
|
||||
if (application.serverId) {
|
||||
await writeTraefikConfigRemote(config, "middlewares", application.serverId);
|
||||
if (serverId) {
|
||||
await writeTraefikConfigRemote(config, "middlewares", serverId);
|
||||
} else {
|
||||
writeMiddleware(config);
|
||||
}
|
||||
@@ -100,7 +106,7 @@ export const loadRemoteMiddlewares = async (serverId: string) => {
|
||||
throw new Error(`File not found: ${configPath}`);
|
||||
}
|
||||
};
|
||||
export const writeMiddleware = <T>(config: T) => {
|
||||
export const writeMiddleware = (config: FileConfig) => {
|
||||
const { DYNAMIC_TRAEFIK_PATH } = paths();
|
||||
const configPath = join(DYNAMIC_TRAEFIK_PATH, "middlewares.yml");
|
||||
const newYamlContent = stringify(config);
|
||||
@@ -111,6 +117,18 @@ export const createPathMiddlewares = async (
|
||||
app: ApplicationNested,
|
||||
domain: Domain,
|
||||
) => {
|
||||
const { appName } = app;
|
||||
const { uniqueConfigKey, internalPath, stripPath, path } = domain;
|
||||
|
||||
// Early return if there's no path middleware to create
|
||||
const needsInternalPathMiddleware =
|
||||
internalPath && internalPath !== "/" && internalPath !== path;
|
||||
const needsStripPathMiddleware = stripPath && path && path !== "/";
|
||||
|
||||
if (!needsInternalPathMiddleware && !needsStripPathMiddleware) {
|
||||
return;
|
||||
}
|
||||
|
||||
let config: FileConfig;
|
||||
|
||||
if (app.serverId) {
|
||||
@@ -127,20 +145,19 @@ export const createPathMiddlewares = async (
|
||||
}
|
||||
}
|
||||
|
||||
const { appName } = app;
|
||||
const { uniqueConfigKey, internalPath, stripPath, path } = domain;
|
||||
|
||||
if (!config.http) {
|
||||
if (!config) {
|
||||
config = { http: { middlewares: {} } };
|
||||
} else if (!config.http) {
|
||||
config.http = { middlewares: {} };
|
||||
}
|
||||
if (!config.http.middlewares) {
|
||||
config.http.middlewares = {};
|
||||
if (!config.http?.middlewares) {
|
||||
config.http!.middlewares = {};
|
||||
}
|
||||
|
||||
// Add internal path prefix middleware
|
||||
if (internalPath && internalPath !== "/" && internalPath !== path) {
|
||||
const middlewareName = `addprefix-${appName}-${uniqueConfigKey}`;
|
||||
config.http.middlewares[middlewareName] = {
|
||||
config.http!.middlewares[middlewareName] = {
|
||||
addPrefix: {
|
||||
prefix: internalPath,
|
||||
},
|
||||
@@ -150,7 +167,7 @@ export const createPathMiddlewares = async (
|
||||
// Strip external path middleware if needed
|
||||
if (stripPath && path && path !== "/") {
|
||||
const middlewareName = `stripprefix-${appName}-${uniqueConfigKey}`;
|
||||
config.http.middlewares[middlewareName] = {
|
||||
config.http!.middlewares[middlewareName] = {
|
||||
stripPrefix: {
|
||||
prefixes: [path],
|
||||
},
|
||||
@@ -184,6 +201,10 @@ export const removePathMiddlewares = async (
|
||||
}
|
||||
}
|
||||
|
||||
if (!config) {
|
||||
return;
|
||||
}
|
||||
|
||||
const { appName } = app;
|
||||
|
||||
if (config.http?.middlewares) {
|
||||
@@ -194,6 +215,23 @@ export const removePathMiddlewares = async (
|
||||
delete config.http.middlewares[stripPrefixMiddleware];
|
||||
}
|
||||
|
||||
if (
|
||||
config?.http?.middlewares &&
|
||||
Object.keys(config.http.middlewares).length === 0
|
||||
) {
|
||||
// if there aren't any middlewares, remove the whole section
|
||||
delete config.http.middlewares;
|
||||
}
|
||||
|
||||
// // If http section is empty, remove it completely
|
||||
if (config?.http && Object.keys(config?.http).length === 0) {
|
||||
delete config.http;
|
||||
}
|
||||
|
||||
if (config && Object.keys(config || {}).length === 0) {
|
||||
config = {};
|
||||
}
|
||||
|
||||
if (app.serverId) {
|
||||
await writeTraefikConfigRemote(config, "middlewares", app.serverId);
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user