diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 7abfe537e9..adfbc29008 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -79,6 +79,8 @@ Component libraries are collections of components as well as the definition of t ### Getting Started For Contributors #### 1. Prerequisites +NodeJS Version `14.x.x` + *yarn -* `npm install -g yarn` *jest* - `npm install -g jest` diff --git a/.github/README.md b/.github/README.md new file mode 100644 index 0000000000..d2fcd16bb0 --- /dev/null +++ b/.github/README.md @@ -0,0 +1,93 @@ + +# Budibase CI Pipelines + +Welcome to the budibase CI pipelines directory. This document details what each of the CI pipelines are for, and come common combinations. + +## All CI Pipelines + +### Note +- When running workflow dispatch jobs, ensure you always run them off the `master` branch. It defaults to `develop`, so double check before running any jobs. + +### Standard CI Build Job (budibase_ci.yml) +Triggers: +- PR or push to develop +- PR or push to master + +The standard CI Build job is what runs when you raise a PR to develop or master. +- Installs all dependencies, +- builds the project +- run the unit tests +- Generate test coverage metrics with codecov +- Run the cypress tests + +### Release Develop Job (release-develop.yml) +Triggers: +- Push to develop + +The job responsible for building, tagging and pushing docker images out to the test and staging environments. +- Installs all dependencies +- builds the project +- run the unit tests +- publish the budibase JS packages under a prerelease tag to NPM +- build, tag and push docker images under the `develop` tag to docker hub + +These images will then be pulled by the test and staging environments, updating the latest automatically. Discord notifications are sent to the #infra channel when this occurs. + +### Release Job (release.yml) +Triggers: +- Push to master + +This job is responsible for building and pushing the latest code to NPM and docker hub, so that it can be deployed. +- Installs all dependencies +- builds the project +- run the unit tests +- publish the budibase JS packages under a release tag to NPM (always incremented by patch versions) +- build, tag and push docker images under the `v.x.x.x` (the tag of the NPM release) tag to docker hub + +### Release Selfhost Job (release-selfhost.yml) +Triggers: +- Manual Workflow Dispatch Trigger + +This job is responsible for delivering the latest version of budibase to those that are self-hosting. + +This job relies on the release job to have run first, so the latest image is pushed to dockerhub. This job then will pull the latest version from `lerna.json` and try to find an image in dockerhub corresponding to that version. For example, if the version in `lerna.json` is `1.0.0`: +- Pull the images for all budibase services tagged `v1.0.0` from dockerhub +- Tag these images as `latest` +- Push them back to dockerhub. This now means anyone who pulls `latest` (self hosters using docker-compose) will get the latest version. +- Build and release the budibase helm chart for kubernetes users +- Perform a github release with the latest version. You can see previous releases here (https://github.com/Budibase/budibase/releases) + + +### Cloud Deploy (deploy-cloud.yml) +Triggers: +- Manual Workflow Dispatch Trigger + +This job is responsible for deploying to our production, cloud kubernetes environment. You must run the release job first, to ensure that the latest images have been built and pushed to docker hub. You can also manually enter a version number for this job, so you can perform rollbacks or upgrade to a specific version. After kicking off this job, the following will occur: + +- Checks out the master branch +- Pulls the latest `values.yaml` from budibase infra, a private repo containing budibases infrastructure configuration +- Gets the latest budibase version from `lerna.json`, if it hasn't been specified in the workflow when you kicked it off +- Configures AWS Credentials +- Deploys the helm chart in the budibase repo to our production EKS cluster, injecting the `values.yaml` we pulled from budibase-infra +- Fires off a discord webhook in the #infra channel to show that the deployment completely successfully. + +## Common Workflows + +### Deploy Changes to Production (Release) +- Merge `develop` into `master` +- Wait for budibase CI job and release job to run +- Run cloud deploy job +- Run release selfhost job + +### Deploy Changes to Production (Hotfix) +- Branch off `master` +- Perform your hotfix +- Merge back into `master` +- Wait for budibase CI job and release job to run +- Run cloud deploy job +- Run release selfhost job + +### Rollback A Bad Cloud Deployment +- Kick off cloud deploy job +- Ensure you are running off master +- Enter the version number of the last known good version of budibase. For example `1.0.0` \ No newline at end of file diff --git a/.github/workflows/budibase_ci.yml b/.github/workflows/budibase_ci.yml index 5c4a111e23..7e95115415 100644 --- a/.github/workflows/budibase_ci.yml +++ b/.github/workflows/budibase_ci.yml @@ -41,4 +41,6 @@ jobs: files: ./packages/server/coverage/clover.xml name: codecov-umbrella verbose: true + + # TODO: parallelise this - run: yarn test:e2e:ci diff --git a/.github/workflows/deploy-cloud.yaml b/.github/workflows/deploy-cloud.yaml new file mode 100644 index 0000000000..26422a2e7b --- /dev/null +++ b/.github/workflows/deploy-cloud.yaml @@ -0,0 +1,61 @@ +name: Budibase Cloud Deploy + +on: + workflow_dispatch: + inputs: + version: + description: Budibase release version. For example - 1.0.0 + required: false + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Pull values.yaml from budibase-infra + run: | + curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \ + -H 'Accept: application/vnd.github.v3.raw' \ + -o values.production.yaml \ + -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/values.yaml + wc -l values.production.yaml + + - name: Get the latest budibase release version + id: version + run: | + if [ -z "${{ github.event.inputs.version }}" ]; then + release_version=$(cat lerna.json | jq -r '.version') + else + release_version=${{ github.event.inputs.version }} + fi + echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-1 + + - name: Deploy to EKS + uses: craftech-io/eks-helm-deploy-action@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS__KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-1 + cluster-name: budibase-eks-production + config-files: values.production.yaml + chart-path: charts/budibase + namespace: budibase + values: globals.appVersion=v${{ env.RELEASE_VERSION }} + name: budibase-prod + + - name: Discord Webhook Action + uses: tsickert/discord-webhook@v4.0.0 + with: + webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }} + content: "Production Deployment Complete: ${{ env.RELEASE_VERSION }} deployed to Budibase Cloud." + embed-title: ${{ env.RELEASE_VERSION }} + diff --git a/.github/workflows/deploy-preprod.yml b/.github/workflows/deploy-preprod.yml new file mode 100644 index 0000000000..5b3282313c --- /dev/null +++ b/.github/workflows/deploy-preprod.yml @@ -0,0 +1,66 @@ +name: Budibase Release Preprod + +on: + workflow_dispatch: + +env: + POSTHOG_TOKEN: ${{ secrets.POSTHOG_TOKEN }} + INTERCOM_TOKEN: ${{ secrets.INTERCOM_TOKEN }} + POSTHOG_URL: ${{ secrets.POSTHOG_URL }} + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-1 + + - name: Get the latest budibase release version + id: version + run: | + release_version=$(cat lerna.json | jq -r '.version') + echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV + + - name: Pull values.yaml from budibase-infra + run: | + curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \ + -H 'Accept: application/vnd.github.v3.raw' \ + -o values.preprod.yaml \ + -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/budibase-preprod/values.yaml + wc -l values.preprod.yaml + + - name: Deploy to Preprod Environment + uses: deliverybot/helm@v1 + with: + release: budibase-preprod + namespace: budibase + chart: charts/budibase + token: ${{ github.token }} + helm: helm3 + values: | + globals: + appVersion: v${{ env.RELEASE_VERSION }} + ingress: + enabled: true + nginx: true + value-files: >- + [ + "values.preprod.yaml" + ] + env: + KUBECONFIG_FILE: '${{ secrets.PREPROD_KUBECONFIG }}' + + - name: Discord Webhook Action + uses: tsickert/discord-webhook@v4.0.0 + with: + webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }} + content: "Preprod Deployment Complete: ${{ env.RELEASE_VERSION }} deployed to Budibase Pre-prod." + embed-title: ${{ env.RELEASE_VERSION }} diff --git a/.github/workflows/release-selfhost.yml b/.github/workflows/release-selfhost.yml index 42c7027b24..5223fc6864 100644 --- a/.github/workflows/release-selfhost.yml +++ b/.github/workflows/release-selfhost.yml @@ -3,53 +3,62 @@ name: Budibase Release Selfhost on: workflow_dispatch: -env: - POSTHOG_TOKEN: ${{ secrets.POSTHOG_TOKEN }} - INTERCOM_TOKEN: ${{ secrets.INTERCOM_TOKEN }} - POSTHOG_URL: ${{ secrets.POSTHOG_URL }} - jobs: release: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 - with: - node-version: 14.x - - run: yarn - - run: yarn bootstrap + with: + fetch_depth: 0 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-1 - - - name: 'Get Previous tag' - id: previoustag - uses: "WyriHaximus/github-action-get-previous-tag@v1" - - - name: Build/release Docker images (Self Host) + - name: Tag and release Docker images (Self Host) run: | docker login -u $DOCKER_USER -p $DOCKER_PASSWORD - yarn build - yarn build:docker:selfhost + + # Get latest release version + release_version=$(cat lerna.json | jq -r '.version') + echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV + release_tag=v$release_version + + # Pull apps and worker images + docker pull budibase/apps:$release_tag + docker pull budibase/worker:$release_tag + + # Tag apps and worker images + docker tag budibase/apps:$release_tag budibase/apps:$SELFHOST_TAG + docker tag budibase/worker:$release_tag budibase/worker:$SELFHOST_TAG + + # Push images + docker push budibase/apps:$SELFHOST_TAG + docker push budibase/worker:$SELFHOST_TAG env: DOCKER_USER: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }} - BUDIBASE_RELEASE_VERSION: ${{ steps.previoustag.outputs.tag }} + SELFHOST_TAG: latest - - uses: azure/setup-helm@v1 - id: install + - name: Setup Helm + uses: azure/setup-helm@v1 + id: helm-install - # So, we need to inject the values into this - - run: yarn release:helm - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.1.0 - with: - charts_dir: docs + - name: Build and release helm chart + run: | + git config user.name "Budibase Helm Bot" + git config user.email "<>" + git pull + helm package charts/budibase + git checkout gh-pages + mv *.tgz docs + helm repo index docs + git add -A + git commit -m "Helm Release: ${{ env.RELEASE_VERSION }}" + git push env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Perform Github Release + uses: softprops/action-gh-release@v1 + with: + name: v${{ env.RELEASE_VERSION }} + tag_name: v${{ env.RELEASE_VERSION }} + generate_release_notes: true \ No newline at end of file diff --git a/hosting/kubernetes/budibase/.helmignore b/charts/budibase/.helmignore similarity index 100% rename from hosting/kubernetes/budibase/.helmignore rename to charts/budibase/.helmignore diff --git a/charts/budibase/Chart.lock b/charts/budibase/Chart.lock new file mode 100644 index 0000000000..75b9de07b5 --- /dev/null +++ b/charts/budibase/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: couchdb + repository: https://apache.github.io/couchdb-helm + version: 3.3.4 +- name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.0.13 +digest: sha256:20892705c2d8e64c98257d181063a514ac55013e2b43399a6e54868a97f97845 +generated: "2021-12-30T18:55:30.878411Z" diff --git a/charts/budibase/Chart.yaml b/charts/budibase/Chart.yaml new file mode 100644 index 0000000000..8c9d44f201 --- /dev/null +++ b/charts/budibase/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: budibase +description: >- + Budibase is an open source low-code platform, helping thousands of teams build + apps for their workplace in minutes. +keywords: + - low-code + - database + - cluster +sources: + - https://github.com/Budibase/budibase + - https://budibase.com +type: application +version: 0.2.5 +appVersion: 1.0.25 +dependencies: + - name: couchdb + version: 3.3.4 + repository: https://apache.github.io/couchdb-helm + condition: services.couchdb.enabled + - name: ingress-nginx + version: 4.0.13 + repository: https://kubernetes.github.io/ingress-nginx + condition: ingress.nginx diff --git a/hosting/kubernetes/budibase/README.md b/charts/budibase/README.md similarity index 100% rename from hosting/kubernetes/budibase/README.md rename to charts/budibase/README.md diff --git a/charts/budibase/charts/couchdb-3.3.4.tgz b/charts/budibase/charts/couchdb-3.3.4.tgz new file mode 100644 index 0000000000..f7ebfd3e96 Binary files /dev/null and b/charts/budibase/charts/couchdb-3.3.4.tgz differ diff --git a/charts/budibase/charts/ingress-nginx-4.0.13.tgz b/charts/budibase/charts/ingress-nginx-4.0.13.tgz new file mode 100644 index 0000000000..1e34215c5f Binary files /dev/null and b/charts/budibase/charts/ingress-nginx-4.0.13.tgz differ diff --git a/hosting/kubernetes/budibase/templates/NOTES.txt b/charts/budibase/templates/NOTES.txt similarity index 100% rename from hosting/kubernetes/budibase/templates/NOTES.txt rename to charts/budibase/templates/NOTES.txt diff --git a/hosting/kubernetes/budibase/templates/_helpers.tpl b/charts/budibase/templates/_helpers.tpl similarity index 100% rename from hosting/kubernetes/budibase/templates/_helpers.tpl rename to charts/budibase/templates/_helpers.tpl diff --git a/hosting/kubernetes/budibase/templates/alb-ingress.yaml b/charts/budibase/templates/alb-ingress.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/alb-ingress.yaml rename to charts/budibase/templates/alb-ingress.yaml diff --git a/hosting/kubernetes/budibase/templates/app-service-deployment.yaml b/charts/budibase/templates/app-service-deployment.yaml similarity index 93% rename from hosting/kubernetes/budibase/templates/app-service-deployment.yaml rename to charts/budibase/templates/app-service-deployment.yaml index 7c62ada63f..8086c0ab20 100644 --- a/hosting/kubernetes/budibase/templates/app-service-deployment.yaml +++ b/charts/budibase/templates/app-service-deployment.yaml @@ -73,17 +73,13 @@ spec: name: {{ template "budibase.fullname" . }} key: objectStoreSecret - name: MINIO_URL - {{ if .Values.services.objectStore.url }} value: {{ .Values.services.objectStore.url }} - {{ else }} - value: http://minio-service:{{ .Values.services.objectStore.port }} - {{ end }} - name: PORT value: {{ .Values.services.apps.port | quote }} - name: MULTI_TENANCY value: {{ .Values.globals.multiTenancy | quote }} - name: LOG_LEVEL - value: {{ .Values.services.apps.logLevel | quote }} + value: {{ default "info" .Values.services.apps.logLevel | quote }} - name: REDIS_PASSWORD value: {{ .Values.services.redis.password }} - name: REDIS_URL @@ -110,7 +106,7 @@ spec: value: {{ .Values.globals.accountPortalApiKey | quote }} - name: COOKIE_DOMAIN value: {{ .Values.globals.cookieDomain | quote }} - image: budibase/apps + image: budibase/apps:{{ .Values.globals.appVersion }} imagePullPolicy: Always name: bbapps ports: diff --git a/hosting/kubernetes/budibase/templates/app-service-service.yaml b/charts/budibase/templates/app-service-service.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/app-service-service.yaml rename to charts/budibase/templates/app-service-service.yaml diff --git a/charts/budibase/templates/couchdb-backup.yaml b/charts/budibase/templates/couchdb-backup.yaml new file mode 100644 index 0000000000..1072046c8c --- /dev/null +++ b/charts/budibase/templates/couchdb-backup.yaml @@ -0,0 +1,43 @@ +{{- if .Values.services.couchdb.backup.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + app.kubernetes.io/name: couchdb-backup + name: couchdb-backup +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: couchdb-backup + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: kompose convert + kompose.version: 1.21.0 (992df58d8) + creationTimestamp: null + labels: + app.kubernetes.io/name: couchdb-backup + spec: + containers: + - env: + - name: SOURCE + value: {{ .Values.services.couchdb.url }} + - name: TARGET + value: {{ .Values.services.couchdb.backup.target | quote }} + - name: RUN_EVERY_SECS + value: {{ .Values.services.couchdb.backup.interval | quote }} + - name: VERBOSE + value: "true" + image: redgeoff/replicate-couchdb-cluster + imagePullPolicy: Always + name: couchdb-backup + resources: {} +status: {} +{{- end }} diff --git a/hosting/kubernetes/budibase/templates/hpa.yaml b/charts/budibase/templates/hpa.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/hpa.yaml rename to charts/budibase/templates/hpa.yaml diff --git a/hosting/kubernetes/budibase/templates/ingress.yaml b/charts/budibase/templates/ingress.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/ingress.yaml rename to charts/budibase/templates/ingress.yaml diff --git a/hosting/kubernetes/budibase/templates/minio-data-persistentvolumeclaim.yaml b/charts/budibase/templates/minio-data-persistentvolumeclaim.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/minio-data-persistentvolumeclaim.yaml rename to charts/budibase/templates/minio-data-persistentvolumeclaim.yaml diff --git a/hosting/kubernetes/budibase/templates/minio-service-deployment.yaml b/charts/budibase/templates/minio-service-deployment.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/minio-service-deployment.yaml rename to charts/budibase/templates/minio-service-deployment.yaml diff --git a/hosting/kubernetes/budibase/templates/minio-service-service.yaml b/charts/budibase/templates/minio-service-service.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/minio-service-service.yaml rename to charts/budibase/templates/minio-service-service.yaml diff --git a/hosting/kubernetes/budibase/templates/proxy-service-deployment.yaml b/charts/budibase/templates/proxy-service-deployment.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/proxy-service-deployment.yaml rename to charts/budibase/templates/proxy-service-deployment.yaml diff --git a/hosting/kubernetes/budibase/templates/proxy-service-service.yaml b/charts/budibase/templates/proxy-service-service.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/proxy-service-service.yaml rename to charts/budibase/templates/proxy-service-service.yaml diff --git a/hosting/kubernetes/budibase/templates/redis-data-persistentvolumeclaim.yaml b/charts/budibase/templates/redis-data-persistentvolumeclaim.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/redis-data-persistentvolumeclaim.yaml rename to charts/budibase/templates/redis-data-persistentvolumeclaim.yaml diff --git a/hosting/kubernetes/budibase/templates/redis-service-deployment.yaml b/charts/budibase/templates/redis-service-deployment.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/redis-service-deployment.yaml rename to charts/budibase/templates/redis-service-deployment.yaml diff --git a/hosting/kubernetes/budibase/templates/redis-service-service.yaml b/charts/budibase/templates/redis-service-service.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/redis-service-service.yaml rename to charts/budibase/templates/redis-service-service.yaml diff --git a/hosting/kubernetes/budibase/templates/secrets.yaml b/charts/budibase/templates/secrets.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/secrets.yaml rename to charts/budibase/templates/secrets.yaml diff --git a/hosting/kubernetes/budibase/templates/service.yaml b/charts/budibase/templates/service.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/service.yaml rename to charts/budibase/templates/service.yaml diff --git a/hosting/kubernetes/budibase/templates/serviceaccount.yaml b/charts/budibase/templates/serviceaccount.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/serviceaccount.yaml rename to charts/budibase/templates/serviceaccount.yaml diff --git a/hosting/kubernetes/budibase/templates/tests/test-connection.yaml b/charts/budibase/templates/tests/test-connection.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/tests/test-connection.yaml rename to charts/budibase/templates/tests/test-connection.yaml diff --git a/hosting/kubernetes/budibase/templates/worker-service-deployment.yaml b/charts/budibase/templates/worker-service-deployment.yaml similarity index 93% rename from hosting/kubernetes/budibase/templates/worker-service-deployment.yaml rename to charts/budibase/templates/worker-service-deployment.yaml index 6cded8545f..8b6f5564ad 100644 --- a/hosting/kubernetes/budibase/templates/worker-service-deployment.yaml +++ b/charts/budibase/templates/worker-service-deployment.yaml @@ -70,17 +70,13 @@ spec: name: {{ template "budibase.fullname" . }} key: objectStoreSecret - name: MINIO_URL - {{ if .Values.services.objectStore.url }} value: {{ .Values.services.objectStore.url }} - {{ else }} - value: http://minio-service:{{ .Values.services.objectStore.port }} - {{ end }} - name: PORT value: {{ .Values.services.worker.port | quote }} - name: MULTI_TENANCY value: {{ .Values.globals.multiTenancy | quote }} - name: LOG_LEVEL - value: {{ .Values.services.worker.logLevel | quote }} + value: {{ default "info" .Values.services.worker.logLevel | quote }} - name: REDIS_PASSWORD value: {{ .Values.services.redis.password | quote }} - name: REDIS_URL @@ -115,7 +111,7 @@ spec: value: {{ .Values.globals.smtp.from | quote }} - name: APPS_URL value: http://app-service:{{ .Values.services.apps.port }} - image: budibase/worker + image: budibase/worker:{{ .Values.globals.appVersion }} imagePullPolicy: Always name: bbworker ports: diff --git a/hosting/kubernetes/budibase/templates/worker-service-service.yaml b/charts/budibase/templates/worker-service-service.yaml similarity index 100% rename from hosting/kubernetes/budibase/templates/worker-service-service.yaml rename to charts/budibase/templates/worker-service-service.yaml diff --git a/charts/budibase/values.yaml b/charts/budibase/values.yaml new file mode 100644 index 0000000000..4666d01c70 --- /dev/null +++ b/charts/budibase/values.yaml @@ -0,0 +1,305 @@ +# Default values for budibase. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +# fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 10000 + +ingress: + enabled: true + aws: false + nginx: true + certificateArn: "" + className: "" + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: # change if using custom domain + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-service + port: + number: 10000 + +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +globals: + appVersion: "latest" + budibaseEnv: PRODUCTION + enableAnalytics: true + sentryDSN: "" + posthogToken: "" + logLevel: info + selfHosted: "1" # set to 0 for budibase cloud environment, set to 1 for self-hosted setup + multiTenancy: "0" # set to 0 to disable multiple orgs, set to 1 to enable multiple orgs + accountPortalUrl: "" + accountPortalApiKey: "" + cookieDomain: "" + platformUrl: "" + + createSecrets: true # creates an internal API key, JWT secrets and redis password for you + + # if createSecrets is set to false, you can hard-code your secrets here + internalApiKey: "" + jwtSecret: "" + + smtp: + enabled: false + +services: + budibaseVersion: latest + dns: cluster.local + + proxy: + port: 10000 + replicaCount: 1 + + apps: + port: 4002 + replicaCount: 1 + logLevel: info + + worker: + port: 4001 + replicaCount: 1 + + couchdb: + enabled: true + # url: "" # only change if pointing to existing couch server + # user: "" # only change if pointing to existing couch server + # password: "" # only change if pointing to existing couch server + port: 5984 + backup: + enabled: false + # target couchDB instance to back up to + target: "" + # backup interval in seconds + interval: "" + + redis: + enabled: true # disable if using external redis + port: 6379 + replicaCount: 1 + url: "" # only change if pointing to existing redis cluster and enabled: false + password: "budibase" # recommended to override if using built-in redis + storage: 100Mi + + objectStore: + minio: true + browser: true + port: 9000 + replicaCount: 1 + accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key + secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret + region: "" # AWS_REGION if using S3 or existing minio secret + url: "http://minio-service:9000" # only change if pointing to existing minio cluster or S3 and minio: false + storage: 100Mi + +# Override values in couchDB subchart +couchdb: + ## clusterSize is the initial size of the CouchDB cluster. + clusterSize: 3 + allowAdminParty: false + + # Secret Management + createAdminSecret: true + + # adminUsername: budibase + # adminPassword: budibase + # adminHash: -pbkdf2-this_is_not_necessarily_secure_either + # cookieAuthSecret: admin + + ## When enabled, will deploy a networkpolicy that allows CouchDB pods to + ## communicate with each other for clustering and ingress on port 5984 + networkPolicy: + enabled: true + + # Use a service account + serviceAccount: + enabled: true + create: true + # name: + # imagePullSecrets: + # - name: myimagepullsecret + + ## The storage volume used by each Pod in the StatefulSet. If a + ## persistentVolume is not enabled, the Pods will use `emptyDir` ephemeral + ## local storage. Setting the storageClass attribute to "-" disables dynamic + ## provisioning of Persistent Volumes; leaving it unset will invoke the default + ## provisioner. + persistentVolume: + enabled: false + accessModes: + - ReadWriteOnce + size: 10Gi + storageClass: "" + + ## The CouchDB image + image: + repository: couchdb + tag: 3.1.0 + pullPolicy: IfNotPresent + + ## Experimental integration with Lucene-powered fulltext search + enableSearch: true + searchImage: + repository: kocolosk/couchdb-search + tag: 0.2.0 + pullPolicy: IfNotPresent + + initImage: + repository: busybox + tag: latest + pullPolicy: Always + + ## CouchDB is happy to spin up cluster nodes in parallel, but if you encounter + ## problems you can try setting podManagementPolicy to the StatefulSet default + ## `OrderedReady` + podManagementPolicy: Parallel + + ## Optional pod annotations + annotations: {} + + ## Optional tolerations + tolerations: [] + + service: + # annotations: + enabled: true + type: ClusterIP + externalPort: 5984 + + ## An Ingress resource can provide name-based virtual hosting and TLS + ## termination among other things for CouchDB deployments which are accessed + ## from outside the Kubernetes cluster. + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ingress: + enabled: false + hosts: + - chart-example.local + path: / + annotations: [] + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + tls: + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + ## Optional resource requests and limits for the CouchDB container + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + resources: + {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 56 + # memory: 256Gi + + ## erlangFlags is a map that is passed to the Erlang VM as flags using the + ## ERL_FLAGS env. `name` and `setcookie` flags are minimally required to + ## establish connectivity between cluster nodes. + ## ref: http://erlang.org/doc/man/erl.html#init_flags + erlangFlags: + name: couchdb + setcookie: monster + + ## couchdbConfig will override default CouchDB configuration settings. + ## The contents of this map are reformatted into a .ini file laid down + ## by a ConfigMap object. + ## ref: http://docs.couchdb.org/en/latest/config/index.html + couchdbConfig: + couchdb: + uuid: budibase-couchdb # REQUIRED: Unique identifier for this CouchDB server instance + # cluster: + # q: 8 # Create 8 shards for each database + chttpd: + bind_address: any + # chttpd.require_valid_user disables all the anonymous requests to the port + # 5984 when is set to true. + require_valid_user: false + + # Kubernetes local cluster domain. + # This is used to generate FQDNs for peers when joining the CouchDB cluster. + dns: + clusterDomainSuffix: cluster.local + + ## Configure liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 diff --git a/docs/budibase-0.1.0.tgz b/docs/budibase-0.1.0.tgz deleted file mode 100644 index 7873874ab0..0000000000 Binary files a/docs/budibase-0.1.0.tgz and /dev/null differ diff --git a/docs/budibase-0.1.1.tgz b/docs/budibase-0.1.1.tgz deleted file mode 100644 index b38527c4a4..0000000000 Binary files a/docs/budibase-0.1.1.tgz and /dev/null differ diff --git a/docs/budibase-0.2.0.tgz b/docs/budibase-0.2.0.tgz deleted file mode 100644 index 379b92cbb7..0000000000 Binary files a/docs/budibase-0.2.0.tgz and /dev/null differ diff --git a/docs/budibase-0.2.1.tgz b/docs/budibase-0.2.1.tgz deleted file mode 100644 index f3423763a5..0000000000 Binary files a/docs/budibase-0.2.1.tgz and /dev/null differ diff --git a/docs/budibase-0.2.2.tgz b/docs/budibase-0.2.2.tgz deleted file mode 100644 index c70754eb99..0000000000 Binary files a/docs/budibase-0.2.2.tgz and /dev/null differ diff --git a/docs/index.html b/docs/index.html deleted file mode 100644 index 0fa6060f8f..0000000000 --- a/docs/index.html +++ /dev/null @@ -1,9 +0,0 @@ - - - Budibase Helm Chart Repo - - -

Budibase Charts Repo

-

Point Helm at this repo to see charts.

- - \ No newline at end of file diff --git a/docs/index.yaml b/docs/index.yaml deleted file mode 100644 index 04543c147e..0000000000 --- a/docs/index.yaml +++ /dev/null @@ -1,132 +0,0 @@ -apiVersion: v1 -entries: - budibase: - - apiVersion: v2 - appVersion: 0.9.169 - created: "2021-10-20T14:27:23.521358+01:00" - dependencies: - - condition: services.couchdb.enabled - name: couchdb - repository: https://apache.github.io/couchdb-helm - version: 3.3.4 - - condition: ingress.nginx - name: ingress-nginx - repository: https://github.com/kubernetes/ingress-nginx - version: 3.35.0 - description: Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes. - digest: 57f365d799fcaace4658883cb8ec961a7905383a68acf065af4f6e57f9878ff8 - keywords: - - low-code - - database - - cluster - name: budibase - sources: - - https://github.com/Budibase/budibase - - https://budibase.com - type: application - urls: - - https://budibase.github.io/budibase/budibase-0.2.2.tgz - version: 0.2.2 - - apiVersion: v2 - appVersion: 0.9.163 - created: "2021-10-20T14:27:23.5153+01:00" - dependencies: - - condition: services.couchdb.enabled - name: couchdb - repository: https://apache.github.io/couchdb-helm - version: 3.3.4 - - condition: ingress.nginx - name: ingress-nginx - repository: https://github.com/kubernetes/ingress-nginx - version: 3.35.0 - description: Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes. - digest: ebac6d8631cc38b266c3689508b5123f5afc395f23bdb02738be26c7cae0b0b5 - keywords: - - low-code - - database - - cluster - name: budibase - sources: - - https://github.com/Budibase/budibase - - https://budibase.com - type: application - urls: - - https://budibase.github.io/budibase/budibase-0.2.1.tgz - version: 0.2.1 - - apiVersion: v2 - appVersion: 0.9.163 - created: "2021-10-20T14:27:23.510041+01:00" - dependencies: - - condition: services.couchdb.enabled - name: couchdb - repository: https://apache.github.io/couchdb-helm - version: 3.3.4 - - condition: ingress.nginx - name: ingress-nginx - repository: https://github.com/kubernetes/ingress-nginx - version: 3.35.0 - description: Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes. - digest: f369536c0eac1f6959d51e8ce6d74a87a7a9df29ae84fb9cbed0a273ab77429b - keywords: - - low-code - - database - - cluster - name: budibase - sources: - - https://github.com/Budibase/budibase - - https://budibase.com - type: application - urls: - - https://budibase.github.io/budibase/budibase-0.2.0.tgz - version: 0.2.0 - - apiVersion: v2 - appVersion: 0.9.56 - created: "2021-10-20T14:27:23.504543+01:00" - dependencies: - - condition: services.couchdb.enabled - name: couchdb - repository: https://apache.github.io/couchdb-helm - version: 3.3.4 - - name: ingress-nginx - repository: https://github.com/kubernetes/ingress-nginx - version: 3.35.0 - description: Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes. - digest: 8dc4f2ed4d98cad5adf25936aefea680042d3e4e17832f846b961fd8708ad192 - keywords: - - low-code - - database - - cluster - name: budibase - sources: - - https://github.com/Budibase/budibase - - https://budibase.com - type: application - urls: - - https://budibase.github.io/budibase/budibase-0.1.1.tgz - version: 0.1.1 - - apiVersion: v2 - appVersion: 0.9.56 - created: "2021-10-20T14:27:23.496847+01:00" - dependencies: - - condition: services.couchdb.enabled - name: couchdb - repository: https://apache.github.io/couchdb-helm - version: 3.3.4 - - name: ingress-nginx - repository: https://github.com/kubernetes/ingress-nginx - version: 3.35.0 - description: Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes. - digest: 08031b0803cce0eff64472e569d454d9176119c8207aa9873a9c95ee66cc7d3f - keywords: - - low-code - - database - - cluster - name: budibase - sources: - - https://github.com/Budibase/budibase - - https://budibase.com - type: application - urls: - - https://budibase.github.io/budibase/budibase-0.1.0.tgz - version: 0.1.0 -generated: "2021-10-20T14:27:23.491132+01:00" diff --git a/hosting/digitalocean/README.md b/hosting/digitalocean/README.md new file mode 100644 index 0000000000..72c1950d17 --- /dev/null +++ b/hosting/digitalocean/README.md @@ -0,0 +1,19 @@ +# Budibase DigitalOcean One Click +You will find in this directory configuration for packaging and creating a snapshot for the Budibase 1 click Digitalocean build. We use this configuration to have an immutable and reproducible build package for Digitalocean, that rarely needs updated. + +## Prerequisites +You must install Hashicorps `packer` to build the snapshot for digitalocean. Follow the instructions to install packer [here](https://learn.hashicorp.com/tutorials/packer/get-started-install-cli) + +You must have the `DIGITALOCEAN_TOKEN` environment variable set, so that packer can reach out to the digitalocean API for build information. + +## Building +Just run the following command: +``` +yarn build:digitalocean +``` + +## Uploading to Marketplace +You can upload the snapshot to the Digitalocean vendor portal at the following link (Requires vendor account): + +https://marketplace.digitalocean.com/vendorportal + diff --git a/hosting/digitalocean/build.sh b/hosting/digitalocean/build.sh new file mode 100755 index 0000000000..743629ca12 --- /dev/null +++ b/hosting/digitalocean/build.sh @@ -0,0 +1,2 @@ +#!/bin/bash +packer build template.json diff --git a/hosting/digitalocean/files/etc/update-motd.d/99-one-click b/hosting/digitalocean/files/etc/update-motd.d/99-one-click new file mode 100644 index 0000000000..0f087a26ee --- /dev/null +++ b/hosting/digitalocean/files/etc/update-motd.d/99-one-click @@ -0,0 +1,19 @@ +#!/bin/sh +# +# Configured as part of the DigitalOcean 1-Click Image build process + +myip=$(hostname -I | awk '{print$1}') +cat <> .env +done /root/.bash_history +unset HISTFILE +find /var/log -mtime -1 -type f -exec truncate -s 0 {} \; +rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-???????? +rm -rf /var/lib/cloud/instances/* +rm -f /root/.ssh/authorized_keys /etc/ssh/*key* +touch /etc/ssh/revoked_keys +chmod 600 /etc/ssh/revoked_keys + +# Securely erase the unused portion of the filesystem +GREEN='\033[0;32m' +NC='\033[0m' +printf "\n${GREEN}Writing zeros to the remaining disk space to securely +erase the unused portion of the file system. +Depending on your disk size this may take several minutes. +The secure erase will complete successfully when you see:${NC} + dd: writing to '/zerofile': No space left on device\n +Beginning secure erase now\n" + +dd if=/dev/zero of=/zerofile bs=4096 || rm /zerofile diff --git a/hosting/digitalocean/scripts/99-img_check.sh b/hosting/digitalocean/scripts/99-img_check.sh new file mode 100644 index 0000000000..32a9e77eac --- /dev/null +++ b/hosting/digitalocean/scripts/99-img_check.sh @@ -0,0 +1,617 @@ +#!/bin/bash + +# DigitalOcean Marketplace Image Validation Tool +# © 2021 DigitalOcean LLC. +# This code is licensed under Apache 2.0 license (see LICENSE.md for details) + +VERSION="v. 1.6" +RUNDATE=$( date ) + +# Script should be run with SUDO +if [ "$EUID" -ne 0 ] + then echo "[Error] - This script must be run with sudo or as the root user." + exit 1 +fi + +STATUS=0 +PASS=0 +WARN=0 +FAIL=0 + +# $1 == command to check for +# returns: 0 == true, 1 == false +cmdExists() { + if command -v "$1" > /dev/null 2>&1; then + return 0 + else + return 1 + fi +} + +function getDistro { + if [ -f /etc/os-release ]; then + # freedesktop.org and systemd + . /etc/os-release + OS=$NAME + VER=$VERSION_ID +elif type lsb_release >/dev/null 2>&1; then + # linuxbase.org + OS=$(lsb_release -si) + VER=$(lsb_release -sr) +elif [ -f /etc/lsb-release ]; then + # For some versions of Debian/Ubuntu without lsb_release command + . /etc/lsb-release + OS=$DISTRIB_ID + VER=$DISTRIB_RELEASE +elif [ -f /etc/debian_version ]; then + # Older Debian/Ubuntu/etc. + OS=Debian + VER=$(cat /etc/debian_version) +elif [ -f /etc/SuSe-release ]; then + # Older SuSE/etc. + : +elif [ -f /etc/redhat-release ]; then + # Older Red Hat, CentOS, etc. + VER=$( cat /etc/redhat-release | cut -d" " -f3 | cut -d "." -f1) + d=$( cat /etc/redhat-release | cut -d" " -f1 | cut -d "." -f1) + if [[ $d == "CentOS" ]]; then + OS="CentOS Linux" + fi +else + # Fall back to uname, e.g. "Linux ", also works for BSD, etc. + OS=$(uname -s) + VER=$(uname -r) +fi +} +function loadPasswords { +SHADOW=$(cat /etc/shadow) +} + +function checkAgent { + # Check for the presence of the do-agent in the filesystem + if [ -d /var/opt/digitalocean/do-agent ];then + echo -en "\e[41m[FAIL]\e[0m DigitalOcean Monitoring Agent detected.\n" + ((FAIL++)) + STATUS=2 + if [[ $OS == "CentOS Linux" ]] || [[ $OS == "CentOS Stream" ]] || [[ $OS == "Rocky Linux" ]]; then + echo "The agent can be removed with 'sudo yum remove do-agent' " + elif [[ $OS == "Ubuntu" ]]; then + echo "The agent can be removed with 'sudo apt-get purge do-agent' " + fi + else + echo -en "\e[32m[PASS]\e[0m DigitalOcean Monitoring agent was not found\n" + ((PASS++)) + fi +} + +function checkLogs { + cp_ignore="/var/log/cpanel-install.log" + echo -en "\nChecking for log files in /var/log\n\n" + # Check if there are log archives or log files that have not been recently cleared. + for f in /var/log/*-????????; do + [[ -e $f ]] || break + if [ $f != $cp_ignore ]; then + echo -en "\e[93m[WARN]\e[0m Log archive ${f} found\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + done + for f in /var/log/*.[0-9];do + [[ -e $f ]] || break + echo -en "\e[93m[WARN]\e[0m Log archive ${f} found\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + done + for f in /var/log/*.log; do + [[ -e $f ]] || break + if [[ "${f}" = '/var/log/lfd.log' && "$( cat "${f}" | egrep -v '/var/log/messages has been reset| Watching /var/log/messages' | wc -c)" -gt 50 ]]; then + if [ $f != $cp_ignore ]; then + echo -en "\e[93m[WARN]\e[0m un-cleared log file, ${f} found\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + elif [[ "${f}" != '/var/log/lfd.log' && "$( cat "${f}" | wc -c)" -gt 50 ]]; then + if [ $f != $cp_ignore ]; then + echo -en "\e[93m[WARN]\e[0m un-cleared log file, ${f} found\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + fi + done +} +function checkTMP { + # Check the /tmp directory to ensure it is empty. Warn on any files found. + return 1 +} +function checkRoot { + user="root" + uhome="/root" + for usr in $SHADOW + do + IFS=':' read -r -a u <<< "$usr" + if [[ "${u[0]}" == "${user}" ]]; then + if [[ ${u[1]} == "!" ]] || [[ ${u[1]} == "!!" ]] || [[ ${u[1]} == "*" ]]; then + echo -en "\e[32m[PASS]\e[0m User ${user} has no password set.\n" + ((PASS++)) + else + echo -en "\e[41m[FAIL]\e[0m User ${user} has a password set on their account.\n" + ((FAIL++)) + STATUS=2 + fi + fi + done + if [ -d ${uhome}/ ]; then + if [ -d ${uhome}/.ssh/ ]; then + if ls ${uhome}/.ssh/*> /dev/null 2>&1; then + for key in ${uhome}/.ssh/* + do + if [ "${key}" == "${uhome}/.ssh/authorized_keys" ]; then + + if [ "$( cat "${key}" | wc -c)" -gt 50 ]; then + echo -en "\e[41m[FAIL]\e[0m User \e[1m${user}\e[0m has a populated authorized_keys file in \e[93m${key}\e[0m\n" + akey=$(cat ${key}) + echo "File Contents:" + echo $akey + echo "--------------" + ((FAIL++)) + STATUS=2 + fi + elif [ "${key}" == "${uhome}/.ssh/id_rsa" ]; then + if [ "$( cat "${key}" | wc -c)" -gt 0 ]; then + echo -en "\e[41m[FAIL]\e[0m User \e[1m${user}\e[0m has a private key file in \e[93m${key}\e[0m\n" + akey=$(cat ${key}) + echo "File Contents:" + echo $akey + echo "--------------" + ((FAIL++)) + STATUS=2 + else + echo -en "\e[93m[WARN]\e[0m User \e[1m${user}\e[0m has empty private key file in \e[93m${key}\e[0m\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + elif [ "${key}" != "${uhome}/.ssh/known_hosts" ]; then + echo -en "\e[93m[WARN]\e[0m User \e[1m${user}\e[0m has a file in their .ssh directory at \e[93m${key}\e[0m\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + else + if [ "$( cat "${key}" | wc -c)" -gt 50 ]; then + echo -en "\e[93m[WARN]\e[0m User \e[1m${user}\e[0m has a populated known_hosts file in \e[93m${key}\e[0m\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + fi + done + else + echo -en "\e[32m[ OK ]\e[0m User \e[1m${user}\e[0m has no SSH keys present\n" + fi + else + echo -en "\e[32m[ OK ]\e[0m User \e[1m${user}\e[0m does not have an .ssh directory\n" + fi + if [ -f /root/.bash_history ];then + + BH_S=$( cat /root/.bash_history | wc -c) + + if [[ $BH_S -lt 200 ]]; then + echo -en "\e[32m[PASS]\e[0m ${user}'s Bash History appears to have been cleared\n" + ((PASS++)) + else + echo -en "\e[41m[FAIL]\e[0m ${user}'s Bash History should be cleared to prevent sensitive information from leaking\n" + ((FAIL++)) + STATUS=2 + fi + + return 1; + else + echo -en "\e[32m[PASS]\e[0m The Root User's Bash History is not present\n" + ((PASS++)) + fi + else + echo -en "\e[32m[ OK ]\e[0m User \e[1m${user}\e[0m does not have a directory in /home\n" + fi + echo -en "\n\n" + return 1 +} + +function checkUsers { + # Check each user-created account + for user in $(awk -F: '$3 >= 1000 && $1 != "nobody" {print $1}' /etc/passwd;) + do + # Skip some other non-user system accounts + if [[ $user == "centos" ]]; then + : + elif [[ $user == "nfsnobody" ]]; then + : + else + echo -en "\nChecking user: ${user}...\n" + for usr in $SHADOW + do + IFS=':' read -r -a u <<< "$usr" + if [[ "${u[0]}" == "${user}" ]]; then + if [[ ${u[1]} == "!" ]] || [[ ${u[1]} == "!!" ]] || [[ ${u[1]} == "*" ]]; then + echo -en "\e[32m[PASS]\e[0m User ${user} has no password set.\n" + ((PASS++)) + else + echo -en "\e[41m[FAIL]\e[0m User ${user} has a password set on their account. Only system users are allowed on the image.\n" + ((FAIL++)) + STATUS=2 + fi + fi + done + #echo "User Found: ${user}" + uhome="/home/${user}" + if [ -d "${uhome}/" ]; then + if [ -d "${uhome}/.ssh/" ]; then + if ls "${uhome}/.ssh/*"> /dev/null 2>&1; then + for key in ${uhome}/.ssh/* + do + if [ "${key}" == "${uhome}/.ssh/authorized_keys" ]; then + if [ "$( cat "${key}" | wc -c)" -gt 50 ]; then + echo -en "\e[41m[FAIL]\e[0m User \e[1m${user}\e[0m has a populated authorized_keys file in \e[93m${key}\e[0m\n" + akey=$(cat ${key}) + echo "File Contents:" + echo $akey + echo "--------------" + ((FAIL++)) + STATUS=2 + fi + elif [ "${key}" == "${uhome}/.ssh/id_rsa" ]; then + if [ "$( cat "${key}" | wc -c)" -gt 0 ]; then + echo -en "\e[41m[FAIL]\e[0m User \e[1m${user}\e[0m has a private key file in \e[93m${key}\e[0m\n" + akey=$(cat ${key}) + echo "File Contents:" + echo $akey + echo "--------------" + ((FAIL++)) + STATUS=2 + else + echo -en "\e[93m[WARN]\e[0m User \e[1m${user}\e[0m has empty private key file in \e[93m${key}\e[0m\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + elif [ "${key}" != "${uhome}/.ssh/known_hosts" ]; then + + echo -en "\e[93m[WARN]\e[0m User \e[1m${user}\e[0m has a file in their .ssh directory named \e[93m${key}\e[0m\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + + else + if [ "$( cat "${key}" | wc -c)" -gt 50 ]; then + echo -en "\e[93m[WARN]\e[0m User \e[1m${user}\e[0m has a known_hosts file in \e[93m${key}\e[0m\n" + ((WARN++)) + if [[ $STATUS != 2 ]]; then + STATUS=1 + fi + fi + fi + + + done + else + echo -en "\e[32m[ OK ]\e[0m User \e[1m${user}\e[0m has no SSH keys present\n" + fi + else + echo -en "\e[32m[ OK ]\e[0m User \e[1m${user}\e[0m does not have an .ssh directory\n" + fi + else + echo -en "\e[32m[ OK ]\e[0m User \e[1m${user}\e[0m does not have a directory in /home\n" + fi + + # Check for an uncleared .bash_history for this user + if [ -f "${uhome}/.bash_history" ]; then + BH_S=$( cat "${uhome}/.bash_history" | wc -c ) + + if [[ $BH_S -lt 200 ]]; then + echo -en "\e[32m[PASS]\e[0m ${user}'s Bash History appears to have been cleared\n" + ((PASS++)) + else + echo -en "\e[41m[FAIL]\e[0m ${user}'s Bash History should be cleared to prevent sensitive information from leaking\n" + ((FAIL++)) + STATUS=2 + + fi + echo -en "\n\n" + fi + fi + done +} +function checkFirewall { + + if [[ $OS == "Ubuntu" ]]; then + fw="ufw" + ufwa=$(ufw status |head -1| sed -e "s/^Status:\ //") + if [[ $ufwa == "active" ]]; then + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + elif [[ $OS == "CentOS Linux" ]] || [[ $OS == "CentOS Stream" ]] || [[ $OS == "Rocky Linux" ]]; then + if [ -f /usr/lib/systemd/system/csf.service ]; then + fw="csf" + if [[ $(systemctl status $fw >/dev/null 2>&1) ]]; then + + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + elif cmdExists "firewall-cmd"; then + if [[ $(systemctl is-active firewalld >/dev/null 2>&1 && echo 1 || echo 0) ]]; then + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + else + fw="firewalld" + if [[ $(systemctl is-active firewalld >/dev/null 2>&1 && echo 1 || echo 0) ]]; then + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + fi + elif [[ "$OS" =~ Debian.* ]]; then + # user could be using a number of different services for managing their firewall + # we will check some of the most common + if cmdExists 'ufw'; then + fw="ufw" + ufwa=$(ufw status |head -1| sed -e "s/^Status:\ //") + if [[ $ufwa == "active" ]]; then + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + elif cmdExists "firewall-cmd"; then + fw="firewalld" + if [[ $(systemctl is-active --quiet $fw) ]]; then + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + else + # user could be using vanilla iptables, check if kernel module is loaded + fw="iptables" + if [[ $(lsmod | grep -q '^ip_tables' 2>/dev/null) ]]; then + FW_VER="\e[32m[PASS]\e[0m Firewall service (${fw}) is active\n" + ((PASS++)) + else + FW_VER="\e[93m[WARN]\e[0m No firewall is configured. Ensure ${fw} is installed and configured\n" + ((WARN++)) + fi + fi + fi + +} +function checkUpdates { + if [[ $OS == "Ubuntu" ]] || [[ "$OS" =~ Debian.* ]]; then + # Ensure /tmp exists and has the proper permissions before + # checking for security updates + # https://github.com/digitalocean/marketplace-partners/issues/94 + if [[ ! -d /tmp ]]; then + mkdir /tmp + fi + chmod 1777 /tmp + + echo -en "\nUpdating apt package database to check for security updates, this may take a minute...\n\n" + apt-get -y update > /dev/null + + uc=$(apt-get --just-print upgrade | grep -i "security" | wc -l) + if [[ $uc -gt 0 ]]; then + update_count=$(( ${uc} / 2 )) + else + update_count=0 + fi + + if [[ $update_count -gt 0 ]]; then + echo -en "\e[41m[FAIL]\e[0m There are ${update_count} security updates available for this image that have not been installed.\n" + echo -en + echo -en "Here is a list of the security updates that are not installed:\n" + sleep 2 + apt-get --just-print upgrade | grep -i security | awk '{print $2}' | awk '!seen[$0]++' + echo -en + ((FAIL++)) + STATUS=2 + else + echo -en "\e[32m[PASS]\e[0m There are no pending security updates for this image.\n\n" + fi + elif [[ $OS == "CentOS Linux" ]] || [[ $OS == "CentOS Stream" ]] || [[ $OS == "Rocky Linux" ]]; then + echo -en "\nChecking for available security updates, this may take a minute...\n\n" + + update_count=$(yum check-update --security --quiet | wc -l) + if [[ $update_count -gt 0 ]]; then + echo -en "\e[41m[FAIL]\e[0m There are ${update_count} security updates available for this image that have not been installed.\n" + ((FAIL++)) + STATUS=2 + else + echo -en "\e[32m[PASS]\e[0m There are no pending security updates for this image.\n" + ((PASS++)) + fi + else + echo "Error encountered" + exit 1 + fi + + return 1; +} +function checkCloudInit { + + if hash cloud-init 2>/dev/null; then + CI="\e[32m[PASS]\e[0m Cloud-init is installed.\n" + ((PASS++)) + else + CI="\e[41m[FAIL]\e[0m No valid verison of cloud-init was found.\n" + ((FAIL++)) + STATUS=2 + fi + return 1 +} + +function version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } + + +clear +echo "DigitalOcean Marketplace Image Validation Tool ${VERSION}" +echo "Executed on: ${RUNDATE}" +echo "Checking local system for Marketplace compatibility..." + +getDistro + +echo -en "\n\e[1mDistribution:\e[0m ${OS}\n" +echo -en "\e[1mVersion:\e[0m ${VER}\n\n" + +ost=0 +osv=0 + +if [[ $OS == "Ubuntu" ]]; then + ost=1 + if [[ $VER == "20.04" ]]; then + osv=1 + elif [[ $VER == "18.04" ]]; then + osv=1 + elif [[ $VER == "16.04" ]]; then + osv=1 + else + osv=0 + fi + +elif [[ "$OS" =~ Debian.* ]]; then + ost=1 + case "$VER" in + 9) + osv=1 + ;; + 10) + osv=1 + ;; + *) + osv=2 + ;; + esac + +elif [[ $OS == "CentOS Linux" ]]; then + ost=1 + if [[ $VER == "8" ]]; then + osv=1 + elif [[ $VER == "7" ]]; then + osv=1 + elif [[ $VER == "6" ]]; then + osv=1 + else + osv=2 + fi +elif [[ $OS == "CentOS Stream" ]]; then + ost=1 + if [[ $VER == "8" ]]; then + osv=1 + else + osv=2 + fi +elif [[ $OS == "Rocky Linux" ]]; then + ost=1 + if [[ $VER =~ "8." ]]; then + osv=1 + else + osv=2 + fi +else + ost=0 +fi + +if [[ $ost == 1 ]]; then + echo -en "\e[32m[PASS]\e[0m Supported Operating System Detected: ${OS}\n" + ((PASS++)) +else + echo -en "\e[41m[FAIL]\e[0m ${OS} is not a supported Operating System\n" + ((FAIL++)) + STATUS=2 +fi + +if [[ $osv == 1 ]]; then + echo -en "\e[32m[PASS]\e[0m Supported Release Detected: ${VER}\n" + ((PASS++)) +elif [[ $ost == 1 ]]; then + echo -en "\e[41m[FAIL]\e[0m ${OS} ${VER} is not a supported Operating System Version\n" + ((FAIL++)) + STATUS=2 +else + echo "Exiting..." + exit 1 +fi + +checkCloudInit + +echo -en "${CI}" + +checkFirewall + +echo -en "${FW_VER}" + +checkUpdates + +loadPasswords + +checkLogs + +echo -en "\n\nChecking all user-created accounts...\n" +checkUsers + +echo -en "\n\nChecking the root account...\n" +checkRoot + +checkAgent + + +# Summary +echo -en "\n\n---------------------------------------------------------------------------------------------------\n" + +if [[ $STATUS == 0 ]]; then + echo -en "Scan Complete.\n\e[32mAll Tests Passed!\e[0m\n" +elif [[ $STATUS == 1 ]]; then + echo -en "Scan Complete. \n\e[93mSome non-critical tests failed. Please review these items.\e[0m\e[0m\n" +else + echo -en "Scan Complete. \n\e[41mOne or more tests failed. Please review these items and re-test.\e[0m\n" +fi +echo "---------------------------------------------------------------------------------------------------" +echo -en "\e[1m${PASS} Tests PASSED\e[0m\n" +echo -en "\e[1m${WARN} WARNINGS\e[0m\n" +echo -en "\e[1m${FAIL} Tests FAILED\e[0m\n" +echo -en "---------------------------------------------------------------------------------------------------\n" + +if [[ $STATUS == 0 ]]; then + echo -en "We did not detect any issues with this image. Please be sure to manually ensure that all software installed on the base system is functional, secure and properly configured (or facilities for configuration on first-boot have been created).\n\n" + exit 0 +elif [[ $STATUS == 1 ]]; then + echo -en "Please review all [WARN] items above and ensure they are intended or resolved. If you do not have a specific requirement, we recommend resolving these items before image submission\n\n" + exit 0 +else + echo -en "Some critical tests failed. These items must be resolved and this scan re-run before you submit your image to the DigitalOcean Marketplace.\n\n" + exit 1 +fi diff --git a/hosting/digitalocean/template.json b/hosting/digitalocean/template.json new file mode 100644 index 0000000000..bc3679abdc --- /dev/null +++ b/hosting/digitalocean/template.json @@ -0,0 +1,65 @@ +{ + "variables": { + "token": "{{env `DIGITALOCEAN_TOKEN`}}", + "image_name": "budibase-marketplace-snapshot-{{timestamp}}", + "apt_packages": "jq" + }, + "builders": [ + { + "type": "digitalocean", + "api_token": "{{user `token`}}", + "image": "docker-20-04", + "region": "lon1", + "size": "s-1vcpu-1gb", + "ssh_username": "root", + "snapshot_name": "{{user `image_name`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "cloud-init status --wait" + ] + }, + { + "type": "file", + "source": "files/etc/", + "destination": "/etc/" + }, + { + "type": "file", + "source": "files/var/", + "destination": "/var/" + }, + { + "type": "shell", + "environment_vars": [ + "DEBIAN_FRONTEND=noninteractive", + "LC_ALL=C", + "LANG=en_US.UTF-8", + "LC_CTYPE=en_US.UTF-8" + ], + "inline": [ + "apt -qqy update", + "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade", + "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install {{user `apt_packages`}}" + ] + }, + { + "type": "shell", + "environment_vars": [ + "application_name={{user `application_name`}}", + "application_version={{user `application_version`}}", + "DEBIAN_FRONTEND=noninteractive", + "LC_ALL=C", + "LANG=en_US.UTF-8", + "LC_CTYPE=en_US.UTF-8" + ], + "scripts": [ + "scripts/90-cleanup.sh", + "scripts/99-img_check.sh" + ] + } + ] +} diff --git a/hosting/kubernetes/budibase/Chart.yaml b/hosting/kubernetes/budibase/Chart.yaml deleted file mode 100644 index c5233842ad..0000000000 --- a/hosting/kubernetes/budibase/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v2 -name: budibase -description: Budibase is an open source low-code platform, helping thousands of teams build apps for their workplace in minutes. -keywords: -- low-code -- database -- cluster -sources: -- https://github.com/Budibase/budibase -- https://budibase.com - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.2 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "0.9.169" - -dependencies: - - name: couchdb - version: 3.3.4 - repository: https://apache.github.io/couchdb-helm - condition: services.couchdb.enabled - - name: ingress-nginx - version: 3.35.0 - repository: https://github.com/kubernetes/ingress-nginx - condition: ingress.nginx diff --git a/hosting/kubernetes/budibase/charts/couchdb/Chart.yaml b/hosting/kubernetes/budibase/charts/couchdb/Chart.yaml deleted file mode 100755 index 74ae734a17..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -appVersion: 3.1.0 -description: A database featuring seamless multi-master sync, that scales from big - data to mobile, with an intuitive HTTP/JSON API and designed for reliability. -home: https://couchdb.apache.org/ -icon: http://couchdb.apache.org/CouchDB-visual-identity/logo/CouchDB-couch-symbol.svg -keywords: -- couchdb -- database -- nosql -maintainers: -- email: kocolosk@apache.org - name: kocolosk -- email: willholley@apache.org - name: willholley -name: couchdb -sources: -- https://github.com/apache/couchdb-docker -version: 3.3.4 diff --git a/hosting/kubernetes/budibase/charts/couchdb/README.md b/hosting/kubernetes/budibase/charts/couchdb/README.md deleted file mode 100755 index 3227123d06..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/README.md +++ /dev/null @@ -1,244 +0,0 @@ -# CouchDB - -Apache CouchDB is a database featuring seamless multi-master sync, that scales -from big data to mobile, with an intuitive HTTP/JSON API and designed for -reliability. - -This chart deploys a CouchDB cluster as a StatefulSet. It creates a ClusterIP -Service in front of the Deployment for load balancing by default, but can also -be configured to deploy other Service types or an Ingress Controller. The -default persistence mechanism is simply the ephemeral local filesystem, but -production deployments should set `persistentVolume.enabled` to `true` to attach -storage volumes to each Pod in the Deployment. - -## TL;DR - -```bash -$ helm repo add couchdb https://apache.github.io/couchdb-helm -$ helm install couchdb/couchdb \ - --set allowAdminParty=true \ - --set couchdbConfig.couchdb.uuid=$(curl https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -) -``` - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled -- Ingress requires Kubernetes 1.14+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -Add the CouchDB Helm repository: - -```bash -$ helm repo add couchdb https://apache.github.io/couchdb-helm -``` - -Afterwards install the chart replacing the UUID -`decafbaddecafbaddecafbaddecafbad` with a custom one: - -```bash -$ helm install \ - --name my-release \ - --set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \ - couchdb/couchdb -``` - -This will create a Secret containing the admin credentials for the cluster. -Those credentials can be retrieved as follows: - -```bash -$ kubectl get secret my-release-couchdb -o go-template='{{ .data.adminPassword }}' | base64 --decode -``` - -If you prefer to configure the admin credentials directly you can create a -Secret containing `adminUsername`, `adminPassword` and `cookieAuthSecret` keys: - -```bash -$ kubectl create secret generic my-release-couchdb --from-literal=adminUsername=foo --from-literal=adminPassword=bar --from-literal=cookieAuthSecret=baz -``` - -If you want to set the `adminHash` directly to achieve consistent salts between -different nodes you need to addionally add the key `password.ini` to the secret: - -```bash -$ kubectl create secret generic my-release-couchdb \ - --from-literal=adminUsername=foo \ - --from-literal=cookieAuthSecret=baz \ - --from-file=./my-password.ini -``` - -With the following contents in `my-password.ini`: - -``` -[admins] -foo = -``` - -and then install the chart while overriding the `createAdminSecret` setting: - -```bash -$ helm install \ - --name my-release \ - --set createAdminSecret=false \ - --set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \ - couchdb/couchdb -``` - -This Helm chart deploys CouchDB on the Kubernetes cluster in a default -configuration. The [configuration](#configuration) section lists -the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` Deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and -deletes the release. - -## Upgrading an existing Release to a new major version - -A major chart version change (like v0.2.3 -> v1.0.0) indicates that there is an -incompatible breaking change needing manual actions. - -### Upgrade to 3.0.0 - -Since version 3.0.0 setting the CouchDB server instance UUID is mandatory. -Therefore you need to generate a UUID and supply it as a value during the -upgrade as follows: - -```bash -$ helm upgrade \ - --reuse-values \ - --set couchdbConfig.couchdb.uuid= \ - couchdb/couchdb -``` - -## Migrating from stable/couchdb - -This chart replaces the `stable/couchdb` chart previously hosted by Helm and continues the -version semantics. You can upgrade directly from `stable/couchdb` to this chart using: - -```bash -$ helm repo add couchdb https://apache.github.io/couchdb-helm -$ helm upgrade my-release couchdb/couchdb -``` - -## Configuration - -The following table lists the most commonly configured parameters of the -CouchDB chart and their default values: - -| Parameter | Description | Default | -|---------------------------------|-------------------------------------------------------|----------------------------------------| -| `clusterSize` | The initial number of nodes in the CouchDB cluster | 3 | -| `couchdbConfig` | Map allowing override elements of server .ini config | *See below* | -| `allowAdminParty` | If enabled, start cluster without admin account | false (requires creating a Secret) | -| `createAdminSecret` | If enabled, create an admin account and cookie secret | true | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `erlangFlags` | Map of flags supplied to the underlying Erlang VM | name: couchdb, setcookie: monster -| `persistentVolume.enabled` | Boolean determining whether to attach a PV to each node | false -| `persistentVolume.size` | If enabled, the size of the persistent volume to attach | 10Gi -| `enableSearch` | Adds a sidecar for Lucene-powered text search | false | - -You can set the values of the `couchdbConfig` map according to the -[official configuration][4]. The following shows the map's default values and -required options to set: - -| Parameter | Description | Default | -|---------------------------------|--------------------------------------------------------------------|----------------------------------------| -| `couchdb.uuid` | UUID for this CouchDB server instance ([Required in a cluster][5]) | | -| `chttpd.bind_address` | listens on all interfaces when set to any | any | -| `chttpd.require_valid_user` | disables all the anonymous requests to the port 5984 when true | false | - -A variety of other parameters are also configurable. See the comments in the -`values.yaml` file for further details: - -| Parameter | Default | -|--------------------------------------|----------------------------------------| -| `adminUsername` | admin | -| `adminPassword` | auto-generated | -| `adminHash` | | -| `cookieAuthSecret` | auto-generated | -| `image.repository` | couchdb | -| `image.tag` | 3.1.0 | -| `image.pullPolicy` | IfNotPresent | -| `searchImage.repository` | kocolosk/couchdb-search | -| `searchImage.tag` | 0.1.0 | -| `searchImage.pullPolicy` | IfNotPresent | -| `initImage.repository` | busybox | -| `initImage.tag` | latest | -| `initImage.pullPolicy` | Always | -| `ingress.enabled` | false | -| `ingress.hosts` | chart-example.local | -| `ingress.annotations` | | -| `ingress.path` | / | -| `ingress.tls` | | -| `persistentVolume.accessModes` | ReadWriteOnce | -| `persistentVolume.storageClass` | Default for the Kube cluster | -| `podManagementPolicy` | Parallel | -| `affinity` | | -| `annotations` | | -| `tolerations` | | -| `resources` | | -| `service.annotations` | | -| `service.enabled` | true | -| `service.type` | ClusterIP | -| `service.externalPort` | 5984 | -| `dns.clusterDomainSuffix` | cluster.local | -| `networkPolicy.enabled` | true | -| `serviceAccount.enabled` | true | -| `serviceAccount.create` | true | -| `serviceAccount.imagePullSecrets` | | -| `sidecars` | {} | -| `livenessProbe.enabled` | true | -| `livenessProbe.failureThreshold` | 3 | -| `livenessProbe.initialDelaySeconds` | 0 | -| `livenessProbe.periodSeconds` | 10 | -| `livenessProbe.successThreshold` | 1 | -| `livenessProbe.timeoutSeconds` | 1 | -| `readinessProbe.enabled` | true | -| `readinessProbe.failureThreshold` | 3 | -| `readinessProbe.initialDelaySeconds` | 0 | -| `readinessProbe.periodSeconds` | 10 | -| `readinessProbe.successThreshold` | 1 | -| `readinessProbe.timeoutSeconds` | 1 | - -## Feedback, Issues, Contributing - -General feedback is welcome at our [user][1] or [developer][2] mailing lists. - -Apache CouchDB has a [CONTRIBUTING][3] file with details on how to get started -with issue reporting or contributing to the upkeep of this project. In short, -use GitHub Issues, do not report anything on Docker's website. - -## Non-Apache CouchDB Development Team Contributors - -- [@natarajaya](https://github.com/natarajaya) -- [@satchpx](https://github.com/satchpx) -- [@spanato](https://github.com/spanato) -- [@jpds](https://github.com/jpds) -- [@sebastien-prudhomme](https://github.com/sebastien-prudhomme) -- [@stepanstipl](https://github.com/sebastien-stepanstipl) -- [@amatas](https://github.com/amatas) -- [@Chimney42](https://github.com/Chimney42) -- [@mattjmcnaughton](https://github.com/mattjmcnaughton) -- [@mainephd](https://github.com/mainephd) -- [@AdamDang](https://github.com/AdamDang) -- [@mrtyler](https://github.com/mrtyler) -- [@kevinwlau](https://github.com/kevinwlau) -- [@jeyenzo](https://github.com/jeyenzo) -- [@Pinpin31.](https://github.com/Pinpin31) - -[1]: http://mail-archives.apache.org/mod_mbox/couchdb-user/ -[2]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/ -[3]: https://github.com/apache/couchdb/blob/master/CONTRIBUTING.md -[4]: https://docs.couchdb.org/en/stable/config/index.html -[5]: https://docs.couchdb.org/en/latest/setup/cluster.html#preparing-couchdb-nodes-to-be-joined-into-a-cluster diff --git a/hosting/kubernetes/budibase/charts/couchdb/ci/required-values.yaml b/hosting/kubernetes/budibase/charts/couchdb/ci/required-values.yaml deleted file mode 100755 index 79589d2e04..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/ci/required-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -couchdbConfig: - couchdb: - uuid: "decafbaddecafbaddecafbaddecafbad" diff --git a/hosting/kubernetes/budibase/charts/couchdb/ci/sidecar.yaml b/hosting/kubernetes/budibase/charts/couchdb/ci/sidecar.yaml deleted file mode 100755 index aa570bdf74..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/ci/sidecar.yaml +++ /dev/null @@ -1,9 +0,0 @@ -sidecars: - - name: foo - image: "busybox" - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: "0.1" - memory: 10Mi - command: ['while true; do echo "foo"; sleep 5; done;'] diff --git a/hosting/kubernetes/budibase/charts/couchdb/password.ini b/hosting/kubernetes/budibase/charts/couchdb/password.ini deleted file mode 100755 index 4ce8445aae..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/password.ini +++ /dev/null @@ -1,2 +0,0 @@ -[admins] -{{ .Values.adminUsername }} = {{ .Values.adminHash }} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/NOTES.txt b/hosting/kubernetes/budibase/charts/couchdb/templates/NOTES.txt deleted file mode 100755 index a3658bd37f..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/NOTES.txt +++ /dev/null @@ -1,20 +0,0 @@ -Apache CouchDB is starting. Check the status of the Pods using: - - kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "couchdb.name" . }},release={{ .Release.Name }}" - -Once all of the Pods are fully Ready, execute the following command to create -some required system databases: - - kubectl exec --namespace {{ .Release.Namespace }} {{ if not .Values.allowAdminParty }}-it {{ end }}{{ template "couchdb.fullname" . }}-0 -c couchdb -- \ - curl -s \ - http://127.0.0.1:5984/_cluster_setup \ - -X POST \ - -H "Content-Type: application/json" \ -{{- if .Values.allowAdminParty }} - -d '{"action": "finish_cluster"}' -{{- else }} - -d '{"action": "finish_cluster"}' \ - -u -{{- end }} - -Then it's time to relax. diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/_helpers.tpl b/hosting/kubernetes/budibase/charts/couchdb/templates/_helpers.tpl deleted file mode 100755 index f9d013e487..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/_helpers.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "couchdb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "couchdb.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-%s" .Values.fullnameOverride .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -In the event that we create both a headless service and a traditional one, -ensure that the latter gets a unique name. -*/}} -{{- define "couchdb.svcname" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-svc-%s" .Values.fullnameOverride .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-svc-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a random string if the supplied key does not exist -*/}} -{{- define "couchdb.defaultsecret" -}} -{{- if . -}} -{{- . | b64enc | quote -}} -{{- else -}} -{{- randAlphaNum 20 | b64enc | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used to define Pods in the CouchDB statefulset -*/}} -{{- define "couchdb.ss.selector" -}} -app: {{ template "couchdb.name" . }} -release: {{ .Release.Name }} -{{- end -}} - -{{/* -Generates a comma delimited list of nodes in the cluster -*/}} -{{- define "couchdb.seedlist" -}} -{{- $nodeCount := min 5 .Values.clusterSize | int }} - {{- range $index0 := until $nodeCount -}} - {{- $index1 := $index0 | add1 -}} - {{ $.Values.erlangFlags.name }}@{{ template "couchdb.fullname" $ }}-{{ $index0 }}.{{ template "couchdb.fullname" $ }}.{{ $.Release.Namespace }}.svc.{{ $.Values.dns.clusterDomainSuffix }}{{ if ne $index1 $nodeCount }},{{ end }} - {{- end -}} -{{- end -}} - -{{/* -If serviceAccount.name is specified, use that, else use the couchdb instance name -*/}} -{{- define "couchdb.serviceAccount" -}} -{{- if .Values.serviceAccount.name -}} -{{- .Values.serviceAccount.name }} -{{- else -}} -{{- template "couchdb.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Fail if couchdbConfig.couchdb.uuid is undefined -*/}} -{{- define "couchdb.uuid" -}} -{{- required "A value for couchdbConfig.couchdb.uuid must be set" (.Values.couchdbConfig.couchdb | default dict).uuid -}} -{{- end -}} \ No newline at end of file diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/configmap.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/configmap.yaml deleted file mode 100755 index a6a20e0574..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "couchdb.fullname" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} -data: - inifile: | - {{ $couchdbConfig := dict "couchdb" (dict "uuid" (include "couchdb.uuid" .)) -}} - {{- $couchdbConfig := merge $couchdbConfig .Values.couchdbConfig -}} - {{- range $section, $settings := $couchdbConfig -}} - {{ printf "[%s]" $section }} - {{ range $key, $value := $settings -}} - {{ printf "%s = %s" $key ($value | toString) }} - {{ end }} - {{ end }} - - seedlistinifile: | - [cluster] - seedlist = {{ template "couchdb.seedlist" . }} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/headless.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/headless.yaml deleted file mode 100755 index 0ce3ef0f35..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/headless.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "couchdb.fullname" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: couchdb - port: 5984 - selector: -{{ include "couchdb.ss.selector" . | indent 4 }} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/ingress.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/ingress.yaml deleted file mode 100755 index c547847ce5..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "couchdb.fullname" . -}} -{{- $servicePort := .Values.service.externalPort -}} -{{- $path := .Values.ingress.path | quote -}} -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: {{ template "couchdb.fullname" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: {{ $path }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end -}} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/networkpolicy.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/networkpolicy.yaml deleted file mode 100755 index 2830708bef..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/networkpolicy.yaml +++ /dev/null @@ -1,31 +0,0 @@ - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ template "couchdb.fullname" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - podSelector: - matchLabels: -{{ include "couchdb.ss.selector" . | indent 6 }} - ingress: - - ports: - - protocol: TCP - port: 5984 - - ports: - - protocol: TCP - port: 9100 - - protocol: TCP - port: 4369 - from: - - podSelector: - matchLabels: -{{ include "couchdb.ss.selector" . | indent 14 }} - policyTypes: - - Ingress -{{- end }} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/secrets.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/secrets.yaml deleted file mode 100755 index 92f55c6d6b..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.createAdminSecret -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "couchdb.fullname" . }} - labels: - app: {{ template "couchdb.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - adminUsername: {{ template "couchdb.defaultsecret" .Values.adminUsername }} - adminPassword: {{ template "couchdb.defaultsecret" .Values.adminPassword }} - cookieAuthSecret: {{ template "couchdb.defaultsecret" .Values.cookieAuthSecret }} -{{- if .Values.adminHash }} - password.ini: {{ tpl (.Files.Get "password.ini") . | b64enc }} -{{- end -}} -{{- end -}} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/service.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/service.yaml deleted file mode 100755 index 6d0382477d..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.service.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "couchdb.svcname" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - ports: - - port: {{ .Values.service.externalPort }} - protocol: TCP - targetPort: 5984 - type: {{ .Values.service.type }} - selector: -{{ include "couchdb.ss.selector" . | indent 4 }} -{{- end -}} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/serviceaccount.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/serviceaccount.yaml deleted file mode 100755 index bb82799a49..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "couchdb.serviceAccount" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.serviceAccount.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets }} -{{- end }} -{{- end }} diff --git a/hosting/kubernetes/budibase/charts/couchdb/templates/statefulset.yaml b/hosting/kubernetes/budibase/charts/couchdb/templates/statefulset.yaml deleted file mode 100755 index 6225fbe98c..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/templates/statefulset.yaml +++ /dev/null @@ -1,202 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "couchdb.fullname" . }} - labels: - app: {{ template "couchdb.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.clusterSize }} - serviceName: {{ template "couchdb.fullname" . }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - selector: - matchLabels: -{{ include "couchdb.ss.selector" . | indent 6 }} - template: - metadata: - labels: -{{ include "couchdb.ss.selector" . | indent 8 }} -{{- with .Values.annotations }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.serviceAccount.enabled }} - serviceAccountName: {{ template "couchdb.serviceAccount" . }} - {{- end }} - initContainers: - - name: init-copy - image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}" - imagePullPolicy: {{ .Values.initImage.pullPolicy }} - command: ['sh','-c','cp /tmp/chart.ini /default.d; cp /tmp/seedlist.ini /default.d; ls -lrt /default.d;'] - volumeMounts: - - name: config - mountPath: /tmp/ - - name: config-storage - mountPath: /default.d -{{- if .Values.adminHash }} - - name: admin-hash-copy - image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}" - imagePullPolicy: {{ .Values.initImage.pullPolicy }} - command: ['sh','-c','cp /tmp/password.ini /local.d/ ;'] - volumeMounts: - - name: admin-password - mountPath: /tmp/password.ini - subPath: "password.ini" - - name: local-config-storage - mountPath: /local.d -{{- end }} - containers: - - name: couchdb - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: couchdb - containerPort: 5984 - - name: epmd - containerPort: 4369 - - containerPort: 9100 - env: -{{- if not .Values.allowAdminParty }} - - name: COUCHDB_USER - valueFrom: - secretKeyRef: - name: {{ template "couchdb.fullname" . }} - key: adminUsername - - name: COUCHDB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "couchdb.fullname" . }} - key: adminPassword - - name: COUCHDB_SECRET - valueFrom: - secretKeyRef: - name: {{ template "couchdb.fullname" . }} - key: cookieAuthSecret -{{- end }} - - name: ERL_FLAGS - value: "{{ range $k, $v := .Values.erlangFlags }} -{{ $k }} {{ $v }} {{ end }}" -{{- if .Values.livenessProbe.enabled }} - livenessProbe: -{{- if .Values.couchdbConfig.chttpd.require_valid_user }} - exec: - command: - - sh - - -c - - curl -G --silent --fail -u ${COUCHDB_USER}:${COUCHDB_PASSWORD} http://localhost:5984/_up -{{- else }} - httpGet: - path: /_up - port: 5984 -{{- end }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} -{{- end }} -{{- if .Values.readinessProbe.enabled }} - readinessProbe: -{{- if .Values.couchdbConfig.chttpd.require_valid_user }} - exec: - command: - - sh - - -c - - curl -G --silent --fail -u ${COUCHDB_USER}:${COUCHDB_PASSWORD} http://localhost:5984/_up -{{- else }} - httpGet: - path: /_up - port: 5984 -{{- end }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} -{{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} - volumeMounts: - - name: config-storage - mountPath: /opt/couchdb/etc/default.d -{{- if .Values.adminHash }} - - name: local-config-storage - mountPath: /opt/couchdb/etc/local.d -{{- end }} - - name: database-storage - mountPath: /opt/couchdb/data -{{- if .Values.enableSearch }} - - name: clouseau - image: "{{ .Values.searchImage.repository }}:{{ .Values.searchImage.tag }}" - imagePullPolicy: {{ .Values.searchImage.pullPolicy }} - volumeMounts: - - name: database-storage - mountPath: /opt/couchdb-search/data -{{- end }} -{{- if .Values.sidecars }} -{{ toYaml .Values.sidecars | indent 8}} -{{- end }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - volumes: - - name: config-storage - emptyDir: {} - - name: config - configMap: - name: {{ template "couchdb.fullname" . }} - items: - - key: inifile - path: chart.ini - - key: seedlistinifile - path: seedlist.ini - -{{- if .Values.adminHash }} - - name: local-config-storage - emptyDir: {} - - name: admin-password - secret: - secretName: {{ template "couchdb.fullname" . }} -{{- end -}} - -{{- if not .Values.persistentVolume.enabled }} - - name: database-storage - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: database-storage - labels: - app: {{ template "couchdb.name" . }} - release: {{ .Release.Name }} - spec: - accessModes: - {{- range .Values.persistentVolume.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistentVolume.size | quote }} - {{- if .Values.persistentVolume.storageClass }} - {{- if (eq "-" .Values.persistentVolume.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistentVolume.storageClass }}" - {{- end }} - {{- end }} -{{- end }} diff --git a/hosting/kubernetes/budibase/charts/couchdb/values.yaml b/hosting/kubernetes/budibase/charts/couchdb/values.yaml deleted file mode 100755 index 5a5025f816..0000000000 --- a/hosting/kubernetes/budibase/charts/couchdb/values.yaml +++ /dev/null @@ -1,201 +0,0 @@ -## clusterSize is the initial size of the CouchDB cluster. -clusterSize: 3 - -## If allowAdminParty is enabled the cluster will start up without any database -## administrator account; i.e., all users will be granted administrative -## access. Otherwise, the system will look for a Secret called -## -couchdb containing `adminUsername`, `adminPassword` and -## `cookieAuthSecret` keys. See the `createAdminSecret` flag. -## ref: https://kubernetes.io/docs/concepts/configuration/secret/ -allowAdminParty: false - -## If createAdminSecret is enabled a Secret called -couchdb will -## be created containing auto-generated credentials. Users who prefer to set -## these values themselves have a couple of options: -## -## 1) The `adminUsername`, `adminPassword`, `adminHash`, and `cookieAuthSecret` -## can be defined directly in the chart's values. Note that all of a chart's -## values are currently stored in plaintext in a ConfigMap in the tiller -## namespace. -## -## 2) This flag can be disabled and a Secret with the required keys can be -## created ahead of time. -createAdminSecret: true - -# adminUsername: budibase -# adminPassword: budibase -# adminHash: -pbkdf2-this_is_not_necessarily_secure_either -# cookieAuthSecret: admin - -## When enabled, will deploy a networkpolicy that allows CouchDB pods to -## communicate with each other for clustering and ingress on port 5984 -networkPolicy: - enabled: true - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -# Use a service account -serviceAccount: - enabled: true - create: true -# name: -# imagePullSecrets: -# - name: myimagepullsecret - -## The storage volume used by each Pod in the StatefulSet. If a -## persistentVolume is not enabled, the Pods will use `emptyDir` ephemeral -## local storage. Setting the storageClass attribute to "-" disables dynamic -## provisioning of Persistent Volumes; leaving it unset will invoke the default -## provisioner. -persistentVolume: - enabled: false - accessModes: - - ReadWriteOnce - size: 10Gi - storageClass: "" - -## The CouchDB image -image: - repository: couchdb - tag: 3.1.0 - pullPolicy: IfNotPresent - -## Experimental integration with Lucene-powered fulltext search -searchImage: - repository: kocolosk/couchdb-search - tag: 0.2.0 - pullPolicy: IfNotPresent - -## Flip this to flag to include the Search container in each Pod -enableSearch: true - -initImage: - repository: busybox - tag: latest - pullPolicy: Always - -## CouchDB is happy to spin up cluster nodes in parallel, but if you encounter -## problems you can try setting podManagementPolicy to the StatefulSet default -## `OrderedReady` -podManagementPolicy: Parallel - -## To better tolerate Node failures, we can prevent Kubernetes scheduler from -## assigning more than one Pod of CouchDB StatefulSet per Node using podAntiAffinity. -affinity: {} - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - labelSelector: - # matchExpressions: - # - key: "app" - # operator: In - # values: - # - couchdb - # topologyKey: "kubernetes.io/hostname" - -## Optional pod annotations -annotations: {} - -## Optional tolerations -tolerations: [] - -## A StatefulSet requires a headless Service to establish the stable network -## identities of the Pods, and that Service is created automatically by this -## chart without any additional configuration. The Service block below refers -## to a second Service that governs how clients connect to the CouchDB cluster. -service: - # annotations: - enabled: true - type: ClusterIP - externalPort: 5984 - -## An Ingress resource can provide name-based virtual hosting and TLS -## termination among other things for CouchDB deployments which are accessed -## from outside the Kubernetes cluster. -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -ingress: - enabled: false - hosts: - - chart-example.local - path: / - annotations: [] - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - tls: - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -## Optional resource requests and limits for the CouchDB container -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -resources: - {} - # requests: - # cpu: 100m - # memory: 128Mi - # limits: - # cpu: 56 - # memory: 256Gi - -## erlangFlags is a map that is passed to the Erlang VM as flags using the -## ERL_FLAGS env. `name` and `setcookie` flags are minimally required to -## establish connectivity between cluster nodes. -## ref: http://erlang.org/doc/man/erl.html#init_flags -erlangFlags: - name: couchdb - setcookie: monster - -## couchdbConfig will override default CouchDB configuration settings. -## The contents of this map are reformatted into a .ini file laid down -## by a ConfigMap object. -## ref: http://docs.couchdb.org/en/latest/config/index.html -couchdbConfig: - couchdb: - uuid: budibase-couchdb # REQUIRED: Unique identifier for this CouchDB server instance - # cluster: - # q: 8 # Create 8 shards for each database - chttpd: - bind_address: any - # chttpd.require_valid_user disables all the anonymous requests to the port - # 5984 when is set to true. - require_valid_user: false - -# Kubernetes local cluster domain. -# This is used to generate FQDNs for peers when joining the CouchDB cluster. -dns: - clusterDomainSuffix: cluster.local - -## Configure liveness and readiness probe values -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 -readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -# Configure arbitrary sidecar containers for CouchDB pods created by the -# StatefulSet -sidecars: {} - # - name: foo - # image: "busybox" - # imagePullPolicy: IfNotPresent - # resources: - # requests: - # cpu: "0.1" - # memory: 10Mi - # command: ['echo "foo";'] - # volumeMounts: - # - name: database-storage - # mountPath: /opt/couchdb/data/ diff --git a/hosting/kubernetes/budibase/charts/ingress-nginx-3.35.0.tgz b/hosting/kubernetes/budibase/charts/ingress-nginx-3.35.0.tgz deleted file mode 100644 index ee5214c497..0000000000 Binary files a/hosting/kubernetes/budibase/charts/ingress-nginx-3.35.0.tgz and /dev/null differ diff --git a/hosting/kubernetes/budibase/values.yaml b/hosting/kubernetes/budibase/values.yaml deleted file mode 100644 index bd9f6543b3..0000000000 --- a/hosting/kubernetes/budibase/values.yaml +++ /dev/null @@ -1,153 +0,0 @@ -# Default values for budibase. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -# fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: - {} - # fsGroup: 2000 - -securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 10000 - -ingress: - enabled: false - aws: false - nginx: true - certificateArn: "" - className: "" - annotations: - kubernetes.io/ingress.class: nginx - hosts: - - host: # change if using custom domain - paths: - - path: / - pathType: Prefix - backend: - service: - name: proxy-service - port: - number: 10000 - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -globals: - budibaseEnv: PRODUCTION - enableAnalytics: true - sentryDSN: "" - posthogToken: "" - logLevel: info - selfHosted: "1" # set to 0 for budibase cloud environment, set to 1 for self-hosted setup - multiTenancy: "0" # set to 0 to disable multiple orgs, set to 1 to enable multiple orgs - accountPortalUrl: "" - accountPortalApiKey: "" - cookieDomain: "" - platformUrl: "" - - createSecrets: true # creates an internal API key, JWT secrets and redis password for you - - # if createSecrets is set to false, you can hard-code your secrets here - internalApiKey: "" - jwtSecret: "" - - smtp: - enabled: false - -services: - dns: cluster.local - - proxy: - port: 10000 - replicaCount: 1 - - apps: - port: 4002 - replicaCount: 1 - logLevel: info - - worker: - port: 4001 - replicaCount: 1 - - couchdb: - enabled: true - replicaCount: 3 - # url: "" # only change if pointing to existing couch server - # user: "" # only change if pointing to existing couch server - # password: "" # only change if pointing to existing couch server - port: 5984 - storage: 100Mi - - redis: - enabled: true # disable if using external redis - port: 6379 - replicaCount: 1 - url: "" # only change if pointing to existing redis cluster and enabled: false - password: "budibase" # recommended to override if using built-in redis - storage: 100Mi - - objectStore: - minio: true - browser: true - port: 9000 - replicaCount: 1 - accessKey: "" # AWS_ACCESS_KEY if using S3 or existing minio access key - secretKey: "" # AWS_SECRET_ACCESS_KEY if using S3 or existing minio secret - region: "" # AWS_REGION if using S3 or existing minio secret - url: "" # only change if pointing to existing minio cluster and minio: false - storage: 100Mi diff --git a/hosting/kubernetes/envoy/envoy.yaml b/hosting/kubernetes/envoy/envoy.yaml index 25a774dc7e..bab1f25c02 100644 --- a/hosting/kubernetes/envoy/envoy.yaml +++ b/hosting/kubernetes/envoy/envoy.yaml @@ -50,6 +50,14 @@ static_resources: route: cluster: app-service + - match: + safe_regex: + google_re2: {} + regex: "/api/.*/export" + route: + timeout: 0s + cluster: app-service + - match: { path: "/api/deploy" } route: timeout: 60s diff --git a/index.yaml b/index.yaml new file mode 100644 index 0000000000..4b00ff2f03 --- /dev/null +++ b/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: "2021-12-13T12:46:40.291206+01:00" diff --git a/lerna.json b/lerna.json index 1a1cf12e12..c937239de0 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "0.9.190-alpha.1", + "version": "1.0.30", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/package.json b/package.json index f863f3f440..929576a691 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "eslint-plugin-cypress": "^2.11.3", "eslint-plugin-svelte3": "^3.2.0", "husky": "^7.0.1", + "js-yaml": "^4.1.0", "kill-port": "^1.6.1", "lerna": "3.14.1", "prettier": "^2.3.1", @@ -22,8 +23,8 @@ "build": "lerna run build", "publishdev": "lerna run publishdev", "publishnpm": "yarn build && lerna publish --force-publish", - "release": "yarn build && lerna publish patch --yes --force-publish", - "release:develop": "yarn build && lerna publish prerelease --yes --force-publish --dist-tag develop", + "release": "lerna publish patch --yes --force-publish", + "release:develop": "lerna publish prerelease --yes --force-publish --dist-tag develop", "restore": "yarn run clean && yarn run bootstrap && yarn run build", "nuke": "yarn run nuke:packages && yarn run nuke:docker", "nuke:packages": "yarn run restore", @@ -47,7 +48,9 @@ "build:docker:selfhost": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh latest && cd -", "build:docker:develop": "node scripts/pinVersions && lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -", "build:docker:airgap": "node hosting/scripts/airgapped/airgappedDockerBuild", - "release:helm": "./scripts/release_helm_chart.sh", + "build:digitalocean": "cd hosting/digitalocean && ./build.sh && cd -", + "build:docs": "lerna run build:docs", + "release:helm": "node scripts/releaseHelmChart", "env:multi:enable": "lerna run env:multi:enable", "env:multi:disable": "lerna run env:multi:disable", "env:selfhost:enable": "lerna run env:selfhost:enable", diff --git a/packages/auth/package.json b/packages/auth/package.json index cd4e9785d1..688a839555 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/auth", - "version": "0.9.190-alpha.1", + "version": "1.0.30", "description": "Authentication middlewares for budibase builder and apps", "main": "src/index.js", "author": "Budibase", diff --git a/packages/auth/src/constants.js b/packages/auth/src/constants.js index 9892275bec..363274eda5 100644 --- a/packages/auth/src/constants.js +++ b/packages/auth/src/constants.js @@ -34,4 +34,5 @@ exports.Configs = { OIDC_LOGOS: "logos_oidc", } +exports.MAX_VALID_DATE = new Date(2147483647000) exports.DEFAULT_TENANT_ID = "default" diff --git a/packages/auth/src/db/utils.js b/packages/auth/src/db/utils.js index d23d407dab..2bad09c306 100644 --- a/packages/auth/src/db/utils.js +++ b/packages/auth/src/db/utils.js @@ -3,10 +3,15 @@ const Replication = require("./Replication") const { DEFAULT_TENANT_ID, Configs } = require("../constants") const env = require("../environment") const { StaticDatabases, SEPARATOR, DocumentTypes } = require("./constants") -const { getTenantId, getTenantIDFromAppID } = require("../tenancy") +const { + getTenantId, + getTenantIDFromAppID, + getGlobalDBName, +} = require("../tenancy") const fetch = require("node-fetch") const { getCouch } = require("./index") const { getAppMetadata } = require("../cache/appMetadata") +const { checkSlashesInUrl } = require("../helpers") const NO_APP_ERROR = "No app provided" @@ -194,6 +199,11 @@ exports.getCouchUrl = () => { return `${protocol}://${env.COUCH_DB_USERNAME}:${env.COUCH_DB_PASSWORD}@${rest}` } +exports.getStartEndKeyURL = (base, baseKey, tenantId = null) => { + const tenancy = tenantId ? `${SEPARATOR}${tenantId}` : "" + return `${base}?startkey="${baseKey}${tenancy}"&endkey="${baseKey}${tenancy}${UNICODE_MAX}"` +} + /** * if in production this will use the CouchDB _all_dbs call to retrieve a list of databases. If testing * when using Pouch it will use the pouchdb-all-dbs package. @@ -203,12 +213,34 @@ exports.getAllDbs = async () => { if (env.isTest()) { return getCouch().allDbs() } - const response = await fetch(`${exports.getCouchUrl()}/_all_dbs`) - if (response.status === 200) { - return response.json() - } else { - throw "Cannot connect to CouchDB instance" + let dbs = [] + async function addDbs(url) { + const response = await fetch(checkSlashesInUrl(encodeURI(url))) + if (response.status === 200) { + let json = await response.json() + dbs = dbs.concat(json) + } else { + throw "Cannot connect to CouchDB instance" + } } + let couchUrl = `${exports.getCouchUrl()}/_all_dbs` + if (env.MULTI_TENANCY) { + let tenantId = getTenantId() + // get prod apps + await addDbs( + exports.getStartEndKeyURL(couchUrl, DocumentTypes.APP, tenantId) + ) + // get dev apps + await addDbs( + exports.getStartEndKeyURL(couchUrl, DocumentTypes.APP_DEV, tenantId) + ) + // add global db name + dbs.push(getGlobalDBName(tenantId)) + } else { + // just get all DBs in self host + await addDbs(couchUrl) + } + return dbs } /** @@ -389,7 +421,7 @@ const getScopedFullConfig = async function (db, { type, user, workspace }) { } const getPlatformUrl = async settings => { - let platformUrl = env.PLATFORM_URL + let platformUrl = env.PLATFORM_URL || "http://localhost:10000" if (!env.SELF_HOSTED && env.MULTI_TENANCY) { // cloud and multi tenant - add the tenant to the default platform url @@ -404,7 +436,7 @@ const getPlatformUrl = async settings => { } } - return platformUrl ? platformUrl : "http://localhost:10000" + return platformUrl } async function getScopedConfig(db, params) { diff --git a/packages/auth/src/helpers.js b/packages/auth/src/helpers.js new file mode 100644 index 0000000000..b402a82cf3 --- /dev/null +++ b/packages/auth/src/helpers.js @@ -0,0 +1,9 @@ +/** + * Makes sure that a URL has the correct number of slashes, while maintaining the + * http(s):// double slashes. + * @param {string} url The URL to test and remove any extra double slashes. + * @return {string} The updated url. + */ +exports.checkSlashesInUrl = url => { + return url.replace(/(https?:\/\/)|(\/)+/g, "$1$2") +} diff --git a/packages/auth/src/security/sessions.js b/packages/auth/src/security/sessions.js index 93c2d0a9ca..ad21627bd9 100644 --- a/packages/auth/src/security/sessions.js +++ b/packages/auth/src/security/sessions.js @@ -1,6 +1,7 @@ const redis = require("../redis/authRedis") -const EXPIRY_SECONDS = 86400 +// a week in seconds +const EXPIRY_SECONDS = 86400 * 7 async function getSessionsForUser(userId) { const client = await redis.getSessionClient() diff --git a/packages/auth/src/utils.js b/packages/auth/src/utils.js index f7ab5d6990..b8fa7b9588 100644 --- a/packages/auth/src/utils.js +++ b/packages/auth/src/utils.js @@ -7,7 +7,7 @@ const { const jwt = require("jsonwebtoken") const { options } = require("./middleware/passport/jwt") const { createUserEmailView } = require("./db/views") -const { Headers, UserStatus, Cookies } = require("./constants") +const { Headers, UserStatus, Cookies, MAX_VALID_DATE } = require("./constants") const { getGlobalDB, updateTenantId, @@ -83,14 +83,15 @@ exports.getCookie = (ctx, name) => { * @param {object} ctx The request which is to be manipulated. * @param {string} name The name of the cookie to set. * @param {string|object} value The value of cookie which will be set. + * @param {object} opts options like whether to sign. */ -exports.setCookie = (ctx, value, name = "builder") => { - if (value) { +exports.setCookie = (ctx, value, name = "builder", opts = { sign: true }) => { + if (value && opts && opts.sign) { value = jwt.sign(value, options.secretOrKey) } const config = { - maxAge: Number.MAX_SAFE_INTEGER, + expires: MAX_VALID_DATE, path: "/", httpOnly: false, overwrite: true, diff --git a/packages/bbui/package.json b/packages/bbui/package.json index ba19b4645c..cad4db6aac 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "0.9.190-alpha.1", + "version": "1.0.30", "license": "MPL-2.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", diff --git a/packages/bbui/src/Form/Core/Picker.svelte b/packages/bbui/src/Form/Core/Picker.svelte index 5f4da1cad9..143536a60a 100644 --- a/packages/bbui/src/Form/Core/Picker.svelte +++ b/packages/bbui/src/Form/Core/Picker.svelte @@ -63,9 +63,9 @@ const getFilteredOptions = (options, term, getLabel) => { if (autocomplete && term) { const lowerCaseTerm = term.toLowerCase() - return options.filter(option => - getLabel(option)?.toLowerCase().includes(lowerCaseTerm) - ) + return options.filter(option => { + return `${getLabel(option)}`.toLowerCase().includes(lowerCaseTerm) + }) } return options } diff --git a/packages/builder/cypress/integration/createAutomation.spec.js b/packages/builder/cypress/integration/createAutomation.spec.js index afd405d5ab..6ff013cd7a 100644 --- a/packages/builder/cypress/integration/createAutomation.spec.js +++ b/packages/builder/cypress/integration/createAutomation.spec.js @@ -12,7 +12,7 @@ context("Create a automation", () => { cy.get("[data-cy='new-screen'] > .spectrum-Icon").click() cy.get(".modal-inner-wrapper").within(() => { cy.get("input").type("Add Row") - cy.contains("Row Created").click() + cy.contains("Row Created").click({ force: true }) cy.wait(500) cy.get(".spectrum-Button--cta").click() }) diff --git a/packages/builder/cypress/support/commands.js b/packages/builder/cypress/support/commands.js index 1b1cc0c2b0..0870ceac7a 100644 --- a/packages/builder/cypress/support/commands.js +++ b/packages/builder/cypress/support/commands.js @@ -182,7 +182,9 @@ Cypress.Commands.add("navigateToFrontend", () => { cy.wait(1000) cy.contains("Design").click() cy.get(".spectrum-Search").type("/") - cy.get(".nav-item").contains("Home").click() + cy.createScreen("home", "home") + cy.addComponent("Elements", "Headline") + cy.get(".nav-item").contains("home").click() }) Cypress.Commands.add("createScreen", (screenName, route) => { diff --git a/packages/builder/package.json b/packages/builder/package.json index d9bf0e3e3f..6938c724f0 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "0.9.190-alpha.1", + "version": "1.0.30", "license": "GPL-3.0", "private": true, "scripts": { @@ -14,7 +14,7 @@ "cy:setup": "node ./cypress/setup.js", "cy:run": "cypress run", "cy:open": "cypress open", - "cy:run:ci": "cypress run --record --key f308590b-6070-41af-b970-794a3823d451", + "cy:run:ci": "cypress run --record", "cy:test": "start-server-and-test cy:setup http://localhost:10001/builder cy:run", "cy:ci": "start-server-and-test cy:setup http://localhost:10001/builder cy:run", "cy:debug": "start-server-and-test cy:setup http://localhost:10001/builder cy:open" @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^0.9.190-alpha.1", - "@budibase/client": "^0.9.190-alpha.1", + "@budibase/bbui": "^1.0.30", + "@budibase/client": "^1.0.30", "@budibase/colorpicker": "1.1.2", - "@budibase/string-templates": "^0.9.190-alpha.1", + "@budibase/string-templates": "^1.0.30", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/builder/src/builderStore/dataBinding.js b/packages/builder/src/builderStore/dataBinding.js index 9a41ad2afc..b36613fbc5 100644 --- a/packages/builder/src/builderStore/dataBinding.js +++ b/packages/builder/src/builderStore/dataBinding.js @@ -61,7 +61,7 @@ export const getComponentBindableProperties = (asset, componentId) => { /** * Gets all data provider components above a component. */ -export const getDataProviderComponents = (asset, componentId) => { +export const getContextProviderComponents = (asset, componentId, type) => { if (!asset || !componentId) { return [] } @@ -74,7 +74,18 @@ export const getDataProviderComponents = (asset, componentId) => { // Filter by only data provider components return path.filter(component => { const def = store.actions.components.getDefinition(component._component) - return def?.context != null + if (!def?.context) { + return false + } + + // If no type specified, return anything that exposes context + if (!type) { + return true + } + + // Otherwise only match components with the specific context type + const contexts = Array.isArray(def.context) ? def.context : [def.context] + return contexts.find(context => context.type === type) != null }) } @@ -143,7 +154,7 @@ export const getDatasourceForProvider = (asset, component) => { */ const getContextBindings = (asset, componentId) => { // Extract any components which provide data contexts - const dataProviders = getDataProviderComponents(asset, componentId) + const dataProviders = getContextProviderComponents(asset, componentId) // Generate bindings for all matching components return getProviderContextBindings(asset, dataProviders) diff --git a/packages/builder/src/builderStore/store/frontend.js b/packages/builder/src/builderStore/store/frontend.js index 1f1fb035a4..9f1a20605f 100644 --- a/packages/builder/src/builderStore/store/frontend.js +++ b/packages/builder/src/builderStore/store/frontend.js @@ -82,7 +82,7 @@ export const getFrontendStore = () => { libraries: application.componentLibraries, components, clientFeatures: { - ...state.clientFeatures, + ...INITIAL_FRONTEND_STATE.clientFeatures, ...components.features, }, name: application.name, @@ -524,7 +524,7 @@ export const getFrontendStore = () => { } } }, - paste: async (targetComponent, mode) => { + paste: async (targetComponent, mode, preserveBindings = false) => { let promises = [] store.update(state => { // Stop if we have nothing to paste @@ -536,7 +536,7 @@ export const getFrontendStore = () => { const cut = state.componentToPaste.isCut // immediately need to remove bindings, currently these aren't valid when pasted - if (!cut) { + if (!cut && !preserveBindings) { state.componentToPaste = removeBindings(state.componentToPaste) } diff --git a/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte b/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte index cf3dc8f314..36723d7726 100644 --- a/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte +++ b/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte @@ -3,7 +3,14 @@ import { database } from "stores/backend" import { automationStore } from "builderStore" import { notifications } from "@budibase/bbui" - import { Input, ModalContent, Layout, Body, Icon } from "@budibase/bbui" + import { + Input, + InlineAlert, + ModalContent, + Layout, + Body, + Icon, + } from "@budibase/bbui" import analytics, { Events } from "analytics" let name @@ -56,6 +63,10 @@ onConfirm={createAutomation} disabled={!selectedTrigger || !name} > + Please name your automation, then select a trigger. Every automation must start with a trigger. diff --git a/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte b/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte index e7208518d5..acda9b89e0 100644 --- a/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte +++ b/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte @@ -96,13 +96,16 @@ allSteps[idx].schema?.outputs?.properties ?? {} ) bindings = bindings.concat( - outputs.map(([name, value]) => ({ - label: name, - type: value.type, - description: value.description, - category: idx === 0 ? "Trigger outputs" : `Step ${idx} outputs`, - path: idx === 0 ? `trigger.${name}` : `steps.${idx}.${name}`, - })) + outputs.map(([name, value]) => { + const runtime = idx === 0 ? `trigger.${name}` : `steps.${idx}.${name}` + return { + label: runtime, + type: value.type, + description: value.description, + category: idx === 0 ? "Trigger outputs" : `Step ${idx} outputs`, + path: runtime, + } + }) ) } return bindings @@ -261,7 +264,6 @@ value={inputData[key]} on:change={e => onChange(e, key)} {bindings} - allowJS={false} /> {/if} diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte index c47bf1a538..b88a66d222 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte @@ -102,6 +102,9 @@ if (field.type === AUTO_TYPE) { field = buildAutoColumn($tables.draft.name, field.name, field.subtype) } + if (field.type !== LINK_TYPE) { + delete field.fieldName + } try { await tables.saveField({ originalName, diff --git a/packages/builder/src/components/backend/TableNavigator/TableDataImport.svelte b/packages/builder/src/components/backend/TableNavigator/TableDataImport.svelte index 46c3d32708..44cb374092 100644 --- a/packages/builder/src/components/backend/TableNavigator/TableDataImport.svelte +++ b/packages/builder/src/components/backend/TableNavigator/TableDataImport.svelte @@ -19,7 +19,10 @@ let fields = [] let hasValidated = false - $: valid = !schema || fields.every(column => schema[column].success) + $: valid = + !schema || + (fields.every(column => schema[column].success) && + (!hasValidated || Object.keys(schema).length > 0)) $: dataImport = { valid, schema: buildTableSchema(schema), diff --git a/packages/builder/src/components/design/NavigationPanel/ComponentDropdownMenu.svelte b/packages/builder/src/components/design/NavigationPanel/ComponentDropdownMenu.svelte index 06293e4168..56c5eef2ad 100644 --- a/packages/builder/src/components/design/NavigationPanel/ComponentDropdownMenu.svelte +++ b/packages/builder/src/components/design/NavigationPanel/ComponentDropdownMenu.svelte @@ -53,7 +53,7 @@ const duplicateComponent = () => { storeComponentForCopy(false) - pasteComponent("below") + pasteComponent("below", true) } const deleteComponent = async () => { @@ -69,9 +69,9 @@ store.actions.components.copy(component, cut) } - const pasteComponent = mode => { + const pasteComponent = (mode, preserveBindings = false) => { // lives in store - also used by drag drop - store.actions.components.paste(component, mode) + store.actions.components.paste(component, mode, preserveBindings) } diff --git a/packages/builder/src/components/design/NavigationPanel/FrontendNavigatePane.svelte b/packages/builder/src/components/design/NavigationPanel/FrontendNavigatePane.svelte index 51dd44026e..ea9ebbf2c5 100644 --- a/packages/builder/src/components/design/NavigationPanel/FrontendNavigatePane.svelte +++ b/packages/builder/src/components/design/NavigationPanel/FrontendNavigatePane.svelte @@ -25,8 +25,7 @@ key: "layout", }, ] - - let modal + let newLayoutModal $: selected = tabs.find(t => t.key === $params.assetType)?.title || "Screens" const navigate = ({ detail }) => { @@ -93,14 +92,18 @@ {#each $store.layouts as layout, idx (layout._id)} 0} /> {/each} - +
- +
diff --git a/packages/builder/src/components/design/NavigationPanel/NewScreenModal.svelte b/packages/builder/src/components/design/NavigationPanel/NewScreenModal.svelte index 57a40b9081..67dbf581f2 100644 --- a/packages/builder/src/components/design/NavigationPanel/NewScreenModal.svelte +++ b/packages/builder/src/components/design/NavigationPanel/NewScreenModal.svelte @@ -10,16 +10,39 @@ ProgressCircle, } from "@budibase/bbui" import getTemplates from "builderStore/store/screenTemplates" + import { onDestroy } from "svelte" + + import { createEventDispatcher } from "svelte" - export let selectedScreens = [] export let chooseModal export let save export let showProgressCircle = false + + let selectedScreens = [] + const blankScreen = "createFromScratch" + const dispatch = createEventDispatcher() + + function setScreens() { + dispatch("save", { + screens: selectedScreens, + }) + } $: blankSelected = selectedScreens?.length === 1 $: autoSelected = selectedScreens?.length > 0 && !blankSelected + let templates = getTemplates($store, $tables.list) + + const confirm = async () => { + if (autoSelected) { + setScreens() + await save() + } else { + setScreens() + chooseModal(1) + } + } const toggleScreenSelection = table => { if (selectedScreens.find(s => s.table === table.name)) { selectedScreens = selectedScreens.filter( @@ -32,14 +55,18 @@ selectedScreens = [...partialTemplates, ...selectedScreens] } } + + onDestroy(() => { + selectedScreens = [] + }) -
+
(autoSelected ? save() : chooseModal(1))} + onConfirm={() => confirm()} disabled={!selectedScreens.length} size="L" > @@ -70,29 +97,31 @@ {/if}
- Autogenerated Screens + {#if $tables.list.filter(table => table._id !== "ta_users").length > 0} + Autogenerated Screens - {#each $tables.list.filter(table => table._id !== "ta_users") as table} -
x.table === table.name)} - on:click={() => toggleScreenSelection(table)} - class="item" - > -
-
{table.name}
-
+ {#each $tables.list.filter(table => table._id !== "ta_users") as table}
x.table === table.name)} + on:click={() => toggleScreenSelection(table)} + class="item" > - {#if selectedScreens.find(x => x.table === table.name)} -
- -
- {/if} +
+
{table.name}
+
+
+ {#if selectedScreens.find(x => x.table === table.name)} +
+ +
+ {/if} +
-
- {/each} + {/each} + {/if}
{#if showProgressCircle} @@ -132,7 +161,7 @@ padding: var(--spectrum-alias-item-padding-s); background: var(--spectrum-alias-background-color-primary); transition: 0.3s all; - border: 1px solid #e7e7e7; + border: 1px solid var(--spectrum-global-color-gray-300); border-radius: 4px; box-sizing: border-box; border-width: 1px; diff --git a/packages/builder/src/components/design/NavigationPanel/ScreenDetailsModal.svelte b/packages/builder/src/components/design/NavigationPanel/ScreenDetailsModal.svelte index e5cc839045..6d906da742 100644 --- a/packages/builder/src/components/design/NavigationPanel/ScreenDetailsModal.svelte +++ b/packages/builder/src/components/design/NavigationPanel/ScreenDetailsModal.svelte @@ -2,6 +2,7 @@ import { ModalContent, Input, ProgressCircle } from "@budibase/bbui" import sanitizeUrl from "builderStore/store/screenTemplates/utils/sanitizeUrl" import { selectedAccessRole, allScreens } from "builderStore" + import { onDestroy } from "svelte" export let screenName export let url @@ -32,6 +33,11 @@ screen.routing.roleId === roleId ) } + + onDestroy(() => { + screenName = "" + url = "" + }) { let existingScreenCount = $store.screens.filter( s => s.props._instanceName == draftScreen.props._instanceName @@ -90,17 +89,14 @@ ) } - onDestroy(() => { - selectedScreens = [] - screenName = "" - url = "" - createdScreens = [] - }) - export const showModal = () => { newScreenModal.show() } + const setScreens = evt => { + selectedScreens = evt.detail.screens + } + const chooseModal = index => { /* 0 = newScreenModal @@ -119,7 +115,7 @@ - import { getDataProviderComponents } from "builderStore/dataBinding" + import { getContextProviderComponents } from "builderStore/dataBinding" import { Button, Popover, @@ -17,7 +17,6 @@ queries as queriesStore, } from "stores/backend" import { datasources, integrations } from "stores/backend" - import { notifications } from "@budibase/bbui" import ParameterBuilder from "components/integration/QueryParameterBuilder.svelte" import IntegrationQueryEditor from "components/integration/index.svelte" import { makePropSafe as safe } from "@budibase/string-templates" @@ -31,6 +30,7 @@ const arrayTypes = ["attachment", "array"] let anchorRight, dropdownRight let drawer + let tmpQueryParams $: text = value?.label ?? "Choose an option" $: tables = $tablesStore.list.map(m => ({ @@ -58,16 +58,19 @@ ...query, type: "query", })) - $: dataProviders = getDataProviderComponents( + $: contextProviders = getContextProviderComponents( $currentAsset, $store.selectedComponentId - ).map(provider => ({ - label: provider._instanceName, - name: provider._instanceName, - providerId: provider._id, - value: `{{ literal ${safe(provider._id)} }}`, - type: "provider", - })) + ) + $: dataProviders = contextProviders + .filter(component => component._component?.endsWith("/dataprovider")) + .map(provider => ({ + label: provider._instanceName, + name: provider._instanceName, + providerId: provider._id, + value: `{{ literal ${safe(provider._id)} }}`, + type: "provider", + })) $: links = bindings .filter(x => x.fieldSchema?.type === "link") .map(binding => { @@ -102,12 +105,12 @@ } }) - function handleSelected(selected) { + const handleSelected = selected => { dispatch("change", selected) dropdownRight.hide() } - function fetchQueryDefinition(query) { + const fetchQueryDefinition = query => { const source = $datasources.list.find( ds => ds._id === query.datasourceId ).source @@ -121,6 +124,19 @@ const getQueryDatasource = query => { return $datasources.list.find(ds => ds._id === query?.datasourceId) } + + const openQueryParamsDrawer = () => { + tmpQueryParams = value.queryParams + drawer.show() + } + + const saveQueryParams = () => { + handleSelected({ + ...value, + queryParams: tmpQueryParams, + }) + drawer.hide() + }
@@ -131,24 +147,14 @@ on:click={dropdownRight.show} /> {#if value?.type === "query"} - + - + - {#if getQueryParams(value._id).length > 0} + {#if getQueryParams(value).length > 0} diff --git a/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/EventPropertyControl.svelte b/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/EventPropertyControl.svelte index 09a8b491c7..582a7126e7 100644 --- a/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/EventPropertyControl.svelte +++ b/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/EventPropertyControl.svelte @@ -4,6 +4,7 @@ import { notifications } from "@budibase/bbui" import EventEditor from "./EventEditor.svelte" import { automationStore } from "builderStore" + import { cloneDeep } from "lodash/fp" const dispatch = createEventDispatcher() @@ -12,17 +13,23 @@ export let bindings let drawer + let tmpValue + + const openDrawer = () => { + tmpValue = cloneDeep(value) + drawer.show() + } const saveEventData = async () => { // any automations that need created from event triggers - const automationsToCreate = value.filter( + const automationsToCreate = tmpValue.filter( action => action["##eventHandlerType"] === "Trigger Automation" ) for (let action of automationsToCreate) { await createAutomation(action.parameters) } - dispatch("change", value) + dispatch("change", tmpValue) notifications.success("Component actions saved.") drawer.hide() } @@ -54,11 +61,16 @@ } -Define actions +Define actions Define what actions to run. - + diff --git a/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/actions/SaveRow.svelte b/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/actions/SaveRow.svelte index 791380643f..55aac87cfd 100644 --- a/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/actions/SaveRow.svelte +++ b/packages/builder/src/components/design/PropertiesPanel/PropertyControls/EventsEditor/actions/SaveRow.svelte @@ -3,7 +3,7 @@ import { store, currentAsset } from "builderStore" import { tables } from "stores/backend" import { - getDataProviderComponents, + getContextProviderComponents, getSchemaForDatasource, } from "builderStore/dataBinding" import SaveFields from "./SaveFields.svelte" @@ -11,13 +11,54 @@ export let parameters export let bindings = [] - $: dataProviderComponents = getDataProviderComponents( + $: formComponents = getContextProviderComponents( $currentAsset, - $store.selectedComponentId + $store.selectedComponentId, + "form" ) + $: schemaComponents = getContextProviderComponents( + $currentAsset, + $store.selectedComponentId, + "schema" + ) + $: providerOptions = getProviderOptions(formComponents, schemaComponents) $: schemaFields = getSchemaFields($currentAsset, parameters?.tableId) $: tableOptions = $tables.list || [] + // Gets a context definition of a certain type from a component definition + const extractComponentContext = (component, contextType) => { + const def = store.actions.components.getDefinition(component?._component) + if (!def) { + return null + } + const contexts = Array.isArray(def.context) ? def.context : [def.context] + return contexts.find(context => context?.type === contextType) + } + + // Gets options for valid context keys which provide valid data to submit + const getProviderOptions = (formComponents, schemaComponents) => { + const formContexts = formComponents.map(component => ({ + component, + context: extractComponentContext(component, "form"), + })) + const schemaContexts = schemaComponents.map(component => ({ + component, + context: extractComponentContext(component, "schema"), + })) + const allContexts = formContexts.concat(schemaContexts) + + return allContexts.map(({ component, context }) => { + let runtimeBinding = component._id + if (context.suffix) { + runtimeBinding += `-${context.suffix}` + } + return { + label: component._instanceName, + value: runtimeBinding, + } + }) + } + const getSchemaFields = (asset, tableId) => { const { schema } = getSchemaForDatasource(asset, { type: "table", tableId }) return Object.values(schema || {}) @@ -39,10 +80,8 @@