diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml index d077b8f6e7..775f6e9a11 100644 --- a/.github/workflows/build-docker-image.yml +++ b/.github/workflows/build-docker-image.yml @@ -56,13 +56,14 @@ jobs: with: build-args: | ${{ inputs.build_args }} - SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} - SENTRY_ORG=${{ vars.SENTRY_ORG }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true + secrets: | + "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" tags: ${{ inputs.tags }} target: ${{ inputs.target }} diff --git a/.github/workflows/charterafrica-deploy-dev.yml b/.github/workflows/charterafrica-deploy-dev.yml index 7ddba33c54..a37e309c33 100644 --- a/.github/workflows/charterafrica-deploy-dev.yml +++ b/.github/workflows/charterafrica-deploy-dev.yml @@ -58,20 +58,20 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }} - PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "mongo_url=${{ secrets.CHARTERAFRICA_MONGO_URL }}" + "payload_secret_key=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: charterafrica-runner diff --git a/.github/workflows/charterafrica-deploy-prod.yml b/.github/workflows/charterafrica-deploy-prod.yml index 2b2e7b534f..03913cb1b5 100644 --- a/.github/workflows/charterafrica-deploy-prod.yml +++ b/.github/workflows/charterafrica-deploy-prod.yml @@ -81,14 +81,10 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }} NEXT_PUBLIC_SEO_DISABLED=${{ env.NEXT_PUBLIC_SEO_DISABLED }} - PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . @@ -96,7 +92,11 @@ jobs: platforms: linux/amd64 push: true secrets: | + "mongo_url=${{ secrets.CHARTERAFRICA_MONGO_URL }}" + "payload_secret_key=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}" target: charterafrica-runner diff --git a/.github/workflows/civicsignalblog-deploy-prod.yml b/.github/workflows/civicsignalblog-deploy-prod.yml index 4dacf33c1e..1be8c8440a 100644 --- a/.github/workflows/civicsignalblog-deploy-prod.yml +++ b/.github/workflows/civicsignalblog-deploy-prod.yml @@ -80,19 +80,18 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGO_URL=${{ secrets.CIVICSIGNALBLOG_MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} - PAYLOAD_SECRET=${{ secrets.CIVICSIGNALBLOG_PAYLOAD_SECRET }} - SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CIVICSIGNALBLOG_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "mongo_url=${{ secrets.CIVICSIGNALBLOG_MONGO_URL }}" + "payload_secret=${{ secrets.CIVICSIGNALBLOG_PAYLOAD_SECRET }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CIVICSIGNALBLOG_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}" target: civicsignalblog-runner diff --git a/.github/workflows/climatemappedafrica-deploy-dev.yml b/.github/workflows/climatemappedafrica-deploy-dev.yml index 9a27c3f219..d10ebc31d5 100644 --- a/.github/workflows/climatemappedafrica-deploy-dev.yml +++ b/.github/workflows/climatemappedafrica-deploy-dev.yml @@ -59,13 +59,17 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGO_URL=${{ secrets.CLIMATEMAPPEDAFRICA_MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} - PAYLOAD_SECRET=${{ secrets.CLIMATEMAPPEDAFRICA_PAYLOAD_SECRET }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 + secrets: | + "mongo_url=${{ secrets.CLIMATEMAPPEDAFRICA_MONGO_URL }}" + "payload_secret=${{ secrets.CLIMATEMAPPEDAFRICA_PAYLOAD_SECRET }}" + "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CLIMATEMAPPEDAFRICA_SENTRY_PROJECT }}" target: climatemappedafrica-runner push: true tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" diff --git a/.github/workflows/codeforafrica-deploy-dev.yml b/.github/workflows/codeforafrica-deploy-dev.yml index ba7006bb26..8d71a623c9 100644 --- a/.github/workflows/codeforafrica-deploy-dev.yml +++ b/.github/workflows/codeforafrica-deploy-dev.yml @@ -60,21 +60,21 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} - PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "mongodb_url=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }}" + "payload_secret=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: codeforafrica-runner diff --git a/.github/workflows/codeforafrica-deploy-prod.yml b/.github/workflows/codeforafrica-deploy-prod.yml index 1051ba6769..2cd505d91c 100644 --- a/.github/workflows/codeforafrica-deploy-prod.yml +++ b/.github/workflows/codeforafrica-deploy-prod.yml @@ -81,21 +81,21 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }} NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} - PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "mongodb_url=${{ secrets.CODEFORAFRICA_MONGODB_URL }}" + "payload_secret=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}" target: codeforafrica-runner diff --git a/.github/workflows/codeforafrica-deploy-review-app.yml b/.github/workflows/codeforafrica-deploy-review-app.yml index 8b1c5a09bd..69af7a03a6 100644 --- a/.github/workflows/codeforafrica-deploy-review-app.yml +++ b/.github/workflows/codeforafrica-deploy-review-app.yml @@ -22,6 +22,7 @@ env: NEXT_PUBLIC_APP_URL: "https://codeforafrica-ui-pr-${{github.event.pull_request.number}}.dev.codeforafrica.org" GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} APP_NAME: codeforafrica-ui-pr-${{ github.event.pull_request.number }} + SENTRY_ENVIRONMENT: "development" jobs: deploy_review_app: @@ -58,15 +59,20 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }} NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} - PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} + SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 + secrets: | + "mongodb_url=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }}" + "payload_secret=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" + "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" target: codeforafrica-runner push: true tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" diff --git a/.github/workflows/pesayetu-deploy-dev.yml b/.github/workflows/pesayetu-deploy-dev.yml index a694488d07..c9cc1df213 100644 --- a/.github/workflows/pesayetu-deploy-dev.yml +++ b/.github/workflows/pesayetu-deploy-dev.yml @@ -61,19 +61,21 @@ jobs: build-args: | WORDPRESS_URL=${{ secrets.PESAYETU_WORDPRESS_URL }} WORDPRESS_MULTISITE_PREFIX=${{ secrets.PESAYETU_WORDPRESS_MULTISITE_PREFIX }} - WORDPRESS_PREVIEW_SECRET=${{ secrets.PESAYETU_WORDPRESS_PREVIEW_SECRET }} - WORDPRESS_APPLICATION_USERNAME=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_USERNAME }} - WORDPRESS_APPLICATION_PASSWORD=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_PASSWORD }} - JWT_SECRET_KEY=${{ secrets.PESAYETU_JWT_SECRET_KEY }} HURUMAP_API_URL=${{ secrets.PESAYETU_HURUMAP_API_URL }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.PESAYETU_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true + secrets: | + "jwt_secret_key=${{ secrets.PESAYETU_JWT_SECRET_KEY }}" + "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.PESAYETU_SENTRY_PROJECT }}" + "wordpress_preview_secret=${{ secrets.PESAYETU_WORDPRESS_PREVIEW_SECRET }}" + "wordpress_application_username=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_USERNAME }}" + "wordpress_application_password=${{ secrets.PESAYETU_WORDPRESS_APPLICATION_PASSWORD }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: pesayetu-runner diff --git a/.github/workflows/roboshield-deploy-dev.yml b/.github/workflows/roboshield-deploy-dev.yml index 1390e80ab5..dc79f5b72e 100644 --- a/.github/workflows/roboshield-deploy-dev.yml +++ b/.github/workflows/roboshield-deploy-dev.yml @@ -61,20 +61,20 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - MONGO_URL=${{ secrets.ROBOSHIELD_MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} NEXT_PUBLIC_SENTRY_DSN=${{ secrets.ROBOSHIELD_SENTRY_DSN }} - PAYLOAD_SECRET=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "mongo_url=${{ secrets.ROBOSHIELD_MONGO_URL }}" + "payload_secret=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: roboshield-runner diff --git a/.github/workflows/roboshield-deploy-prod.yml b/.github/workflows/roboshield-deploy-prod.yml index 277e049fa3..f9151952db 100644 --- a/.github/workflows/roboshield-deploy-prod.yml +++ b/.github/workflows/roboshield-deploy-prod.yml @@ -76,17 +76,18 @@ jobs: MONGO_URL=${{ secrets.ROBOSHIELD_MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} NEXT_PUBLIC_SENTRY_DSN=${{ secrets.ROBOSHIELD_SENTRY_DSN }} - PAYLOAD_SECRET=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "mongo_url=${{ secrets.ROBOSHIELD_MONGO_URL }}" + "payload_secret=${{ secrets.ROBOSHIELD_PAYLOAD_SECRET }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.ROBOSHIELD_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}" target: roboshield-runner diff --git a/.github/workflows/techlabblog-deploy-dev.yml b/.github/workflows/techlabblog-deploy-dev.yml index d5361bf4a8..6ab9de7cdd 100644 --- a/.github/workflows/techlabblog-deploy-dev.yml +++ b/.github/workflows/techlabblog-deploy-dev.yml @@ -1,8 +1,10 @@ -name: Techlab Blog | Deploy | DEV +name: TechLab Blog | Deploy | DEV on: push: - branches: [main] + branches: + - main + paths: - "apps/techlabblog/**" - "Dockerfile" @@ -13,23 +15,79 @@ concurrency: group: "${{ github.workflow }} @ ${{ github.ref }}" cancel-in-progress: true +env: + APP_NAME: techlabblog-ui + DOKKU_REMOTE_BRANCH: "master" + DOKKU_REMOTE_URL: "ssh://azureuser@ui-1.dev.codeforafrica.org" + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + IMAGE_NAME: "codeforafrica/techlabblog" + NEXT_PUBLIC_APP_URL: "https://techlabblog-ui.dev.codeforafrica.org" + SENTRY_ENVIRONMENT: "development" + jobs: - build-docker-image: - name: Build Docker Image - uses: ./.github/workflows/build-docker-image.yml - secrets: inherit - with: - tags: "codeforafrica/techlabblog:${{ github.sha }}" - target: "techlabblog-runner" - build_args: | - SENTRY_ENVIRONMENT=development - NEXT_PUBLIC_SENTRY_DSN: ${{ vars.TECHLABBLOG_SENTRY_DSN }} - - push-to-dokku: - name: Push to Dokku - needs: [build-docker-image] - uses: ./.github/workflows/push-to-dokku.yml - secrets: inherit - with: - git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/techlabblog-ui" - deploy_docker_image: "codeforafrica/techlabblog:${{ github.sha }}" + deploy: + runs-on: ${{ matrix.os }} + strategy: + matrix: + node-version: [20.16] + os: [ubuntu-latest] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # Add support for more platforms with QEMU (optional) + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + key: ${{ runner.os }}-buildx-${{ github.sha }} + path: /tmp/.buildx-cache + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + username: ${{ secrets.DOCKER_HUB_USERNAME }} + + - name: Build Docker image + uses: docker/build-push-action@v6 + with: + build-args: | + NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} + NEXT_PUBLIC_SENTRY_DSN=${{ secrets.TECHLABBLOG_SENTRY_DSN }} + SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + context: . + platforms: linux/arm64 + push: true + secrets: | + "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.TECHLABBLOG_SENTRY_PROJECT }}" + tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" + target: techlabblog-runner + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Push to Dokku + uses: dokku/github-action@v1.7.0 + with: + git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/${{ env.APP_NAME }} + ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} + deploy_docker_image: ${{ env.IMAGE_NAME }}:${{ github.sha }} diff --git a/.github/workflows/trustlab-deploy-dev.yml b/.github/workflows/trustlab-deploy-dev.yml index f61f5d1991..8a1c28ed44 100644 --- a/.github/workflows/trustlab-deploy-dev.yml +++ b/.github/workflows/trustlab-deploy-dev.yml @@ -64,8 +64,6 @@ jobs: NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} NEXT_PUBLIC_SENTRY_DSN=${{ secrets.TRUSTLAB_SENTRY_DSN }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ vars.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.TRUSTLAB_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . @@ -75,6 +73,8 @@ jobs: "mongo_url=${{ secrets.TRUSTLAB_MONGO_URL }}" "payload_secret=${{ secrets.TRUSTLAB_PAYLOAD_SECRET }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.TRUSTLAB_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: trustlab-runner diff --git a/.github/workflows/twoopstracker-deploy-dev.yml b/.github/workflows/twoopstracker-deploy-dev.yml index adb1a60aee..3236e72d14 100644 --- a/.github/workflows/twoopstracker-deploy-dev.yml +++ b/.github/workflows/twoopstracker-deploy-dev.yml @@ -70,6 +70,8 @@ jobs: push: true secrets: | "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.TWOOPSTRACKER_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: twoopstracker-runner diff --git a/.github/workflows/vpnmanager-deploy-dev.yml b/.github/workflows/vpnmanager-deploy-dev.yml index f43ad833cd..9c1af44dd9 100644 --- a/.github/workflows/vpnmanager-deploy-dev.yml +++ b/.github/workflows/vpnmanager-deploy-dev.yml @@ -58,18 +58,18 @@ jobs: uses: docker/build-push-action@v6 with: build-args: | - API_SECRET_KEY=${{ secrets.VPNMANAGER_API_SECRET_KEY }} NEXT_PUBLIC_SENTRY_DSN=${{ secrets.VPNMANAGER_SENTRY_DSN }} SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.VPNMANAGER_SENTRY_PROJECT }} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new context: . platforms: linux/arm64 push: true secrets: | + "api_secret_key=${{ secrets.VPNMANAGER_API_SECRET_KEY }}" "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}" + "sentry_org=${{ secrets.SENTRY_ORG }}" + "sentry_project=${{ secrets.VPNMANAGER_SENTRY_PROJECT }}" tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" target: vpnmanager-runner diff --git a/Dockerfile b/Dockerfile index 5f22265950..552324b226 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,25 @@ # syntax=docker/dockerfile:1.10.0 + +# ============================================================================ +# Security +# ============================================================================ +# +# All sensitive variables must be passed via mount secrets at build time. These +# include: +# * SENTRY_AUTH_TOKEN (Sentry) +# * SENTRY_ORG (Sentry) +# * SENTRY_PROJECT (Sentry) +# * MONGODB_URL / MONGO_URL (Payload) +# * PAYLOAD_SECRET / PAYLOAD_SECRET_KEY (Payload) +# * SMTP_PASS (Payload / Email) +# * WORDPRESS_APPLICATION_USERNAME (WordPress) +# * WORDPRESS_APPLICATION_PASSWORD (WordPress) +# * WORDPRESS_PREVIEW_SECRET (WordPress) +# * +# See https://docs.docker.com/build/building/secrets/ for more info. + + # ============================================================================ # Node # ============================================================================ @@ -15,9 +35,7 @@ ARG \ NEXT_PUBLIC_APP_URL=http://localhost:3000 \ NEXT_PUBLIC_SENTRY_DSN="" \ NEXT_PUBLIC_SEO_DISABLED="true" \ - SENTRY_ENVIRONMENT="local" \ - SENTRY_ORG="code-for-africa" \ - SENTRY_PROJECT="" + SENTRY_ENVIRONMENT="local" FROM node:20.19-alpine AS node @@ -153,17 +171,8 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_APP_URL \ NEXT_PUBLIC_SENTRY_DSN \ NEXT_PUBLIC_SEO_DISABLED \ - # Payload (runtime) - MONGO_URL \ - # TODO(koech): Standadise naming of Payload Secret. Our options: - # - PAYLOAD_SECRET (codeforafrica) - # - PAYLOAD_SECRET_KEY (charterafrica) - PAYLOAD_SECRET_KEY \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=charterafrica-deps /workspace/node_modules ./node_modules @@ -175,7 +184,11 @@ COPY apps/charterafrica ./apps/charterafrica/ # When building Next.js app, Next.js needs to connect to local Payload ENV PAYLOAD_PUBLIC_APP_URL=http://localhost:3000 ENV NEXT_PUBLIC_SEO_DISABLED=${NEXT_PUBLIC_SEO_DISABLED} -RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ +RUN --mount=type=secret,id=mongo_url,env=MONGO_URL \ + --mount=type=secret,id=payload_secret_key,env=PAYLOAD_SECRET_KEY \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/charterafrica/" build-next # When building Payload app, Payload needs to have final app URL @@ -201,7 +214,7 @@ ENV PAYLOAD_PUBLIC_APP_URL=${PAYLOAD_PUBLIC_APP_URL} \ RUN set -ex \ # Create nextjs cache dir w/ correct permissions - && mkdir -p ./apps/charterafrica//.next \ + && mkdir -p ./apps/charterafrica/.next \ && chown nextjs:nodejs ./apps/charterafrica/.next # PNPM @@ -263,17 +276,8 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_APP_NAME="Code for Africa" \ NEXT_PUBLIC_APP_URL \ NEXT_PUBLIC_SENTRY_DSN \ - # Payload (runtime) - # TODO(koech): Standadise naming of Mongo DB URL. Our options: - # - MONGODB_URL (codeforafrica) - # - MONGO_URL (charterafrica, civicsignalblog, roboshield) - MONGO_URL \ - PAYLOAD_SECRET \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=civicsignalblog-deps /workspace/node_modules ./node_modules @@ -284,7 +288,11 @@ COPY apps/civicsignalblog ./apps/civicsignalblog/ # When building Next.js app, Next.js needs to connect to local Payload ENV PAYLOAD_PUBLIC_APP_URL=http://localhost:3000 -RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ +RUN --mount=type=secret,id=mongo_url,env=MONGO_URL \ + --mount=type=secret,id=payload_secret,env=PAYLOAD_SECRET \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/civicsignalblog/" build-next # When building Payload app, Payload needs to have final app URL @@ -375,11 +383,7 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_SEO_DISABLED \ NEXT_PUBLIC_IMAGE_DOMAINS="cms.dev.codeforafrica.org,hurumap-v2.s3.amazonaws.com" \ NEXT_PUBLIC_IMAGE_SCALE_FACTOR=2 \ - # Payload (runtime) - MONGO_URL \ - PAYLOAD_SECRET \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ SENTRY_ENVIRONMENT \ SENTRY_ORG \ SENTRY_PROJECT @@ -394,7 +398,9 @@ COPY apps/climatemappedafrica ./apps/climatemappedafrica # When building Next.js app, Next.js needs to connect to local Payload ENV PAYLOAD_PUBLIC_APP_URL=http://localhost:3000 ENV NEXT_PUBLIC_SEO_DISABLED=${NEXT_PUBLIC_SEO_DISABLED} -RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ +RUN --mount=type=secret,id=mongo_url,env=MONGO_URL \ + --mount=type=secret,id=payload_secret,env=PAYLOAD_SECRET \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ pnpm --filter "./apps/climatemappedafrica" build-next # When building Payload app, Payload needs to have final app URL @@ -484,17 +490,8 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_APP_NAME="Code for Africa" \ NEXT_PUBLIC_APP_URL \ NEXT_PUBLIC_SENTRY_DSN \ - # Payload (runtime) - # TODO(koech): Standadise naming of Mongo DB URL. Our options: - # - MONGODB_URL (codeforafrica) - # - MONGO_URL (charterafrica, roboshield) - MONGODB_URL \ - PAYLOAD_SECRET \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=codeforafrica-deps /workspace/node_modules ./node_modules @@ -505,7 +502,15 @@ COPY apps/codeforafrica ./apps/codeforafrica/ # When building Next.js app, Next.js needs to connect to local Payload ENV PAYLOAD_PUBLIC_APP_URL=http://localhost:3000 -RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + +# TODO(koech): Standadise naming of Mongo DB URL. Our options: +# - MONGODB_URL (codeforafrica) +# - MONGO_URL (charterafrica, roboshield) +RUN --mount=type=secret,id=mongodb_url,env=MONGODB_URL \ + --mount=type=secret,id=payload_secret,env=PAYLOAD_SECRET \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/codeforafrica/" build-next # When building Payload app, Payload needs to have final app URL @@ -528,7 +533,7 @@ ENV NEXT_PUBLIC_APP_LOGO_URL=${NEXT_PUBLIC_APP_LOGO_URL} \ RUN set -ex \ # Create nextjs cache dir w/ correct permissions - && mkdir -p ./apps/codeforafrica//.next \ + && mkdir -p ./apps/codeforafrica/.next \ && chown nextjs:nodejs ./apps/codeforafrica/.next # PNPM @@ -595,16 +600,10 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_OPENAFRICA_DOMAINS="open.africa,openafrica.net,africaopendata.org" \ NEXT_PUBLIC_SOURCEAFRICA_DOMAINS="dc.sourceafrica.net" \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT \ # Wordpress WORDPRESS_URL \ WORDPRESS_MULTISITE_PREFIX="/pesayetu" \ - WORDPRESS_PREVIEW_SECRET \ - WORDPRESS_APPLICATION_USERNAME \ - WORDPRESS_APPLICATION_PASSWORD \ JWT_SECRET_KEY \ # Custom (runtime) HURUMAP_API_URL @@ -616,7 +615,14 @@ COPY --from=pesayetu-deps /workspace/apps/pesayetu/node_modules ./apps/pesayetu/ COPY apps/pesayetu ./apps/pesayetu -RUN pnpm --filter "./apps/pesayetu" build +RUN --mount=type=secret,id=jwt_secret_key,env=JWT_SECRET_KEY \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ + --mount=type=secret,id=wordpress_application_username,env=WORDPRESS_APPLICATION_USERNAME \ + --mount=type=secret,id=wordpress_application_password,env=WORDPRESS_APPLICATION_PASSWORD \ + --mount=type=secret,id=wordpress_preview_secret,env=WORDPRESS_PREVIEW_SECRET \ + pnpm --filter "./apps/pesayetu" build # # pesayetu-runner: final deployable image @@ -690,10 +696,7 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_SEO_DISABLED \ NEXT_PUBLIC_GOOGLE_ANALYTICS_ID \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=promisetracker-deps /workspace/node_modules ./node_modules @@ -703,6 +706,8 @@ COPY --from=promisetracker-deps /workspace/apps/promisetracker/node_modules ./ap COPY apps/promisetracker ./apps/promisetracker RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/promisetracker" build # @@ -711,7 +716,6 @@ RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ FROM base-runner AS promisetracker-runner -ARG API_SECRET_KEY RUN set -ex \ # Create nextjs cache dir w/ correct permissions && mkdir -p ./apps/promisetracker/.next \ @@ -763,14 +767,8 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_APP_NAME="RoboShield" \ NEXT_PUBLIC_APP_URL \ NEXT_PUBLIC_SENTRY_DSN \ - # Payload (runtime) - MONGO_URL \ - PAYLOAD_SECRET \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=roboshield-deps /workspace/node_modules ./node_modules @@ -781,12 +779,13 @@ COPY apps/roboshield ./apps/roboshield/ # When building Next.js app, Next.js needs to connect to local Payload ENV PAYLOAD_PUBLIC_APP_URL=http://localhost:3000 -RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ +RUN --mount=type=secret,id=mongo_url,env=MONGO_URL \ + --mount=type=secret,id=payload_secret,env=PAYLOAD_SECRET \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/roboshield/" build -# When building Payload app, Payload needs to have final app URL -ENV PAYLOAD_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL} -# RUN pnpm --filter "./apps/roboshield/" build-payload # # roboshield-runner: final deployable image @@ -801,7 +800,7 @@ ARG PAYLOAD_CONFIG_PATH=${PAYLOAD_CONFIG_PATH} \ RUN set -ex \ # Create nextjs cache dir w/ correct permissions - && mkdir -p ./apps/roboshield//.next \ + && mkdir -p ./apps/roboshield/.next \ && chown nextjs:nodejs ./apps/roboshield/.next # PNPM @@ -813,8 +812,10 @@ COPY --from=roboshield-builder --chown=nextjs:nodejs /workspace/apps/roboshield/ # Next.js # Public assets COPY --from=roboshield-builder --chown=nextjs:nodejs /workspace/apps/roboshield/public ./apps/roboshield/public -# Copy standalone output -COPY --from=roboshield-builder --chown=nextjs:nodejs /workspace/apps/roboshield/.next/standalone ./apps/roboshield +# Automatically leverage output traces to reduce image size +# https://nextjs.org/docs/advanced-features/output-file-tracing +# NOTE: standalone output contains full app paths i.e. apps/roboshield +COPY --from=roboshield-builder --chown=nextjs:nodejs /workspace/apps/roboshield/.next/standalone ./ COPY --from=roboshield-builder --chown=nextjs:nodejs /workspace/apps/roboshield/.next/static ./apps/roboshield/.next/static USER nextjs @@ -853,10 +854,7 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_SENTRY_DSN \ NEXT_PUBLIC_SEO_DISABLED \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=techlabblog-deps /workspace/node_modules ./node_modules @@ -865,7 +863,10 @@ COPY --from=techlabblog-deps /workspace/apps/techlabblog/node_modules ./apps/tec COPY apps/techlabblog ./apps/techlabblog -RUN pnpm --filter "./apps/techlabblog" build +RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ + pnpm --filter "./apps/techlabblog" build # # techlabblog-runner: final deployable image @@ -887,8 +888,8 @@ COPY --from=techlabblog-builder --chown=nextjs:nodejs /workspace/node_modules ./ COPY --from=techlabblog-builder --chown=nextjs:nodejs /workspace/apps/techlabblog/public ./apps/techlabblog/public # Automatically leverage output traces to reduce image size -# https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --from=techlabblog-builder --chown=nextjs:nodejs /workspace/apps/techlabblog/.next/standalone ./apps/techlabblog +# NOTE: standalone output contains full app paths i.e. apps/techlabblog +COPY --from=techlabblog-builder --chown=nextjs:nodejs /workspace/apps/techlabblog/.next/standalone ./ COPY --from=techlabblog-builder --chown=nextjs:nodejs /workspace/apps/techlabblog/.next/static ./apps/techlabblog/.next/static USER nextjs @@ -927,9 +928,7 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_SENTRY_DSN \ NEXT_PUBLIC_SEO_DISABLED \ # Sentry (build time) - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=trustlab-deps /workspace/node_modules ./node_modules @@ -944,6 +943,8 @@ COPY apps/trustlab ./apps/trustlab RUN --mount=type=secret,id=mongo_url,env=MONGO_URL \ --mount=type=secret,id=payload_secret,env=PAYLOAD_SECRET \ --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ --mount=type=secret,id=smtp_pass,env=SMTP_PASS \ pnpm --filter trustlab build @@ -962,9 +963,7 @@ COPY --from=trustlab-builder --chown=nextjs:nodejs /workspace/node_modules ./nod COPY --from=trustlab-builder --chown=nextjs:nodejs /workspace/apps/trustlab/publi[c] ./apps/trustlab/public # Automatically leverage output traces to reduce image size -# https://nextjs.org/docs/advanced-features/output-file-tracing -# NOTE(kilemensi) since we're in a monorepo .next/standalone will contain apps/trustlab folder hence -# no need to copy to ./apps/trustlab. Verify this is "always" the case +# NOTE: standalone output contains full app paths i.e. apps/techlabblog COPY --from=trustlab-builder --chown=nextjs:nodejs /workspace/apps/trustlab/.next/standalone ./ COPY --from=trustlab-builder --chown=nextjs:nodejs /workspace/apps/trustlab/.next/static ./apps/trustlab/.next/static USER nextjs @@ -1000,16 +999,16 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_APP_URL \ NEXT_PUBLIC_SENTRY_DSN \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT \ TWOOPSTRACKER_API_URL + # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=twoopstracker-deps /workspace/node_modules ./node_modules COPY --from=twoopstracker-deps /workspace/apps/twoopstracker/node_modules ./apps/twoopstracker/node_modules COPY apps/twoopstracker ./apps/twoopstracker RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/twoopstracker" build # @@ -1032,8 +1031,8 @@ COPY --from=twoopstracker-builder --chown=nextjs:nodejs /workspace/node_modules # Public assets COPY --from=twoopstracker-builder --chown=nextjs:nodejs /workspace/apps/twoopstracker/public ./apps/twoopstracker/public # Automatically leverage output traces to reduce image size -# https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --from=twoopstracker-builder --chown=nextjs:nodejs /workspace/apps/twoopstracker/.next/standalone ./apps/twoopstracker +# NOTE: standalone output contains full app paths i.e. apps/twoopstracker +COPY --from=twoopstracker-builder --chown=nextjs:nodejs /workspace/apps/twoopstracker/.next/standalone ./ COPY --from=twoopstracker-builder --chown=nextjs:nodejs /workspace/apps/twoopstracker/.next/static ./apps/twoopstracker/.next/static USER nextjs # server.js is created by next build from the standalone output @@ -1071,10 +1070,7 @@ ARG NEXT_TELEMETRY_DISABLED \ NEXT_PUBLIC_SENTRY_DSN \ NEXT_PUBLIC_SEO_DISABLED \ # Sentry (build time) - SENTRY_AUTH_TOKEN \ - SENTRY_ENVIRONMENT \ - SENTRY_ORG \ - SENTRY_PROJECT + SENTRY_ENVIRONMENT # This is in app-builder instead of base-builder just incase app-deps adds deps COPY --from=vpnmanager-deps /workspace/node_modules ./node_modules @@ -1083,7 +1079,10 @@ COPY --from=vpnmanager-deps /workspace/apps/vpnmanager/node_modules ./apps/vpnma COPY apps/vpnmanager ./apps/vpnmanager -RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ +RUN --mount=type=secret,id=api_secret_key,env=API_SECRET_KEY \ + --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ + --mount=type=secret,id=sentry_org,env=SENTRY_ORG \ + --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \ pnpm --filter "./apps/vpnmanager" build # @@ -1093,6 +1092,7 @@ RUN --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \ FROM base-runner AS vpnmanager-runner ARG API_SECRET_KEY + RUN set -ex \ # Create nextjs cache dir w/ correct permissions && mkdir -p ./apps/vpnmanager/.next \ @@ -1107,8 +1107,8 @@ COPY --from=vpnmanager-builder --chown=nextjs:nodejs /workspace/node_modules ./n COPY --from=vpnmanager-builder --chown=nextjs:nodejs /workspace/apps/vpnmanager/public ./apps/vpnmanager/public # Automatically leverage output traces to reduce image size -# https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --from=vpnmanager-builder --chown=nextjs:nodejs /workspace/apps/vpnmanager/.next/standalone ./apps/vpnmanager +# NOTE: standalone output contains full app paths i.e. apps/twoopstracker +COPY --from=vpnmanager-builder --chown=nextjs:nodejs /workspace/apps/vpnmanager/.next/standalone ./ COPY --from=vpnmanager-builder --chown=nextjs:nodejs /workspace/apps/vpnmanager/.next/static ./apps/vpnmanager/.next/static COPY --from=vpnmanager-builder --chown=nextjs:nodejs /workspace/apps/vpnmanager/contrib/dokku ./contrib/dokku USER nextjs diff --git a/Makefile b/Makefile index d26380d9ab..d30ae78390 100644 --- a/Makefile +++ b/Makefile @@ -3,48 +3,47 @@ COMPOSE=docker compose COMPOSE_BUILD_ENV=BUILDKIT_PROGRESS=plain -.PHONY: charterafrica codeforafrica down mongodb mongodb-keyfile pesayetu roboshield vpnmanager +.PHONY: charterafrica civicsignalblog climatemappedafrica codeforafrica down mongodb mongodb-keyfile pesayetu promisetracker roboshield techlabblog trustlab twoopstracker vpnmanager charterafrica: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/charterafrica/.env.local up charterafrica --build + ./scripts/dc.sh charterafrica civicsignalblog: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/civicsignalblog/.env.local up civicsignalblog --build - -codeforafrica: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/codeforafrica/.env.local up codeforafrica --build + ./scripts/dc.sh civicsignalblog climatemappedafrica: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/climatemappedafrica/.env.local up climatemappedafrica --build + ./scripts/dc.sh climatemappedafrica + +codeforafrica: + ./scripts/dc.sh codeforafrica down: $(COMPOSE_BUILD_ENV) $(COMPOSE) down --volumes mongodb: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/charterafrica/.env.local up --wait mongodb + $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/charterafrica/.env --env-file apps/charterafrica/.env.local up --wait mongodb mongodb-keyfile: openssl rand -base64 741 > ./mongo-keyfile chmod 600 ./mongo-keyfile pesayetu: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/pesayetu/.env.local up pesayetu --build + ./scripts/dc.sh pesayetu promisetracker: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/promisetracker/.env.local up promisetracker --build + ./scripts/dc.sh promisetracker roboshield: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/roboshield/.env.local up roboshield --build + ./scripts/dc.sh roboshield techlabblog: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/techlabblog/.env.local up techlabblog --build + ./scripts/dc.sh techlabblog trustlab: ./scripts/dc.sh trustlab twoopstracker: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/twoopstracker/.env.local up twoopstracker --build + ./scripts/dc.sh twoopstracker vpnmanager: - $(COMPOSE_BUILD_ENV) $(COMPOSE) --env-file apps/vpnmanager/.env.local up vpnmanager --build - + ./scripts/dc.sh vpnmanager diff --git a/apps/charterafrica/.env b/apps/charterafrica/.env index af886893b3..ff2f4ff7bd 100644 --- a/apps/charterafrica/.env +++ b/apps/charterafrica/.env @@ -4,5 +4,3 @@ NEXT_PUBLIC_SEO_DISABLED=true PAYLOAD_PUBLIC_DEFAULT_LOCALE=en PAYLOAD_PUBLIC_LOCALES="en, fr, pt" SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=charterafrica diff --git a/apps/charterafrica/src/pages/404.page.js b/apps/charterafrica/src/pages/404.page.js index 79f149d3cf..196d0647ed 100644 --- a/apps/charterafrica/src/pages/404.page.js +++ b/apps/charterafrica/src/pages/404.page.js @@ -7,6 +7,21 @@ export async function getStaticProps(context) { params: { slugs: ["404"] }, }); + // Unlikely to get 404 from within a 404 page, but just in case + // e.g. When the CMS is configured but no pages exist yet + if (data?.notFound) { + return { + props: { + blocks: [ + { + slug: "error", + title: "Page Not Found", + statusCode: 404, + }, + ], + }, + }; + } return data; } diff --git a/apps/civicsignalblog/.env b/apps/civicsignalblog/.env index 28ff3a1a5f..d5c819e934 100644 --- a/apps/civicsignalblog/.env +++ b/apps/civicsignalblog/.env @@ -7,5 +7,3 @@ NEXT_PUBLIC_IMAGE_UNOPTIMIZED="true" NEXT_PUBLIC_VERCEL_URL=$VERCEL_URL PAYLOAD_PUBLIC_APP_URL=$NEXT_PUBLIC_APP_URL SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=civicsignal diff --git a/apps/climatemappedafrica/.env b/apps/climatemappedafrica/.env index f52a0287f4..4c3ca62ccb 100644 --- a/apps/climatemappedafrica/.env +++ b/apps/climatemappedafrica/.env @@ -1,3 +1 @@ SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=climatemapafrica diff --git a/apps/climatemappedafrica/src/pages/500.js b/apps/climatemappedafrica/src/pages/500.js index e579524da1..b85ac2e2fb 100644 --- a/apps/climatemappedafrica/src/pages/500.js +++ b/apps/climatemappedafrica/src/pages/500.js @@ -13,10 +13,26 @@ function ServerErrorPage({ blocks = [] }) { } export async function getStaticProps(context) { - return getPageStaticProps({ + const data = getPageStaticProps({ ...context, params: { slugs: ["500"] }, }); + // Unlikely to get 404 from within a 500 page, but just in case + // e.g. When the CMS is configured but no pages exist yet + if (data?.notFound) { + return { + props: { + blocks: [ + { + slug: "error", + title: "Server Error", + statusCode: 500, + }, + ], + }, + }; + } + return data; } export default ServerErrorPage; diff --git a/apps/codeforafrica/.env b/apps/codeforafrica/.env index 1dfac37b56..981c396faf 100644 --- a/apps/codeforafrica/.env +++ b/apps/codeforafrica/.env @@ -7,5 +7,3 @@ NEXT_PUBLIC_IMAGE_DOMAINS="longform.codeforafrica.org,res.cloudinary.com" NEXT_PUBLIC_IMAGE_UNOPTIMIZED="true" NEXT_PUBLIC_VERCEL_URL=${VERCEL_URL} SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=codeforafrica diff --git a/apps/pesayetu/.env b/apps/pesayetu/.env index 5713f4bb60..4c3ca62ccb 100644 --- a/apps/pesayetu/.env +++ b/apps/pesayetu/.env @@ -1,3 +1 @@ SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=pesayetu diff --git a/apps/promisetracker/.env b/apps/promisetracker/.env index 8962ca3406..f483835ebc 100644 --- a/apps/promisetracker/.env +++ b/apps/promisetracker/.env @@ -4,7 +4,5 @@ NEXT_PUBLIC_IMAGE_DOMAINS="dashboard.hurumap.org,res.cloudinary.com" NEXT_PUBLIC_IMAGE_UNOPTIMIZED="true" SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=promisetracker NEXTAUTH_URL=https://promisetracker.dev.codeforafrica.org/ diff --git a/apps/roboshield/.env b/apps/roboshield/.env index 30e993da3c..3a6c72b68e 100644 --- a/apps/roboshield/.env +++ b/apps/roboshield/.env @@ -1,8 +1,6 @@ MIGRATIONS_DIR=./migrations SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=roboshield NEXT_PUBLIC_APP_URL=http://localhost:3000 NEXT_PUBLIC_IMAGE_DOMAINS="*.codeforafrica.org" diff --git a/apps/roboshield/package.json b/apps/roboshield/package.json index 35d0ca050a..bb22a172f0 100644 --- a/apps/roboshield/package.json +++ b/apps/roboshield/package.json @@ -8,7 +8,7 @@ "payload-migrate:status": "payload migrate:status", "payload-migrate:up": "payload migrate", "payload-migrate:down": "payload migrate:down", - "start": "next start", + "start": "node --env-file=.env --env-file=.env.local .next/standalone/apps/roboshield/server.js", "dev": "NODE_OPTIONS='--inspect' next dev", "clean": "rm -rf .next .turbo build dist node_modules", "jest": "jest --passWithNoTests", @@ -54,6 +54,7 @@ "react-ace": "catalog:", "react-dom": "catalog:", "react-rotating-text": "catalog:", + "require-in-the-middle": "catalog:payload-v3", "robots-txt-parse": "catalog:", "slate": "catalog:", "sqlite": "catalog:", diff --git a/apps/techlabblog/.env b/apps/techlabblog/.env index 8d4f139ef6..4c3ca62ccb 100644 --- a/apps/techlabblog/.env +++ b/apps/techlabblog/.env @@ -1,3 +1 @@ SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=techblog diff --git a/apps/trustlab/.env b/apps/trustlab/.env index 4fdfb304c5..6a1ac47af0 100644 --- a/apps/trustlab/.env +++ b/apps/trustlab/.env @@ -1,8 +1,6 @@ MIGRATIONS_DIR=./migrations SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=trustlab NEXT_PUBLIC_APP_URL=http://localhost:3000 NEXT_PUBLIC_IMAGE_UNOPTIMIZED="true" diff --git a/apps/trustlab/package.json b/apps/trustlab/package.json index 3e1b57b54a..dbfd61f8c7 100644 --- a/apps/trustlab/package.json +++ b/apps/trustlab/package.json @@ -48,7 +48,7 @@ "payload": "catalog:payload-v3", "react": "catalog:", "react-dom": "catalog:", - "require-in-the-middle": "^7.5.2", + "require-in-the-middle": "catalog:payload-v3", "sharp": "catalog:", "swr": "catalog:", "validate-color": "catalog:" diff --git a/apps/twoopstracker/.env b/apps/twoopstracker/.env index 8da24acc41..4c3ca62ccb 100644 --- a/apps/twoopstracker/.env +++ b/apps/twoopstracker/.env @@ -1,3 +1 @@ SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=twoopstracker-ui diff --git a/apps/twoopstracker/package.json b/apps/twoopstracker/package.json index d638be484a..67b3146674 100644 --- a/apps/twoopstracker/package.json +++ b/apps/twoopstracker/package.json @@ -9,7 +9,7 @@ "lint-check": "TIMING=1 eslint './'", "lint": "TIMING=1 eslint --flag unstable_config_lookup_from_file --fix './'", "build": "next build", - "start": "next start", + "start": "node --env-file=.env --env-file=.env.local .next/standalone/apps/twoopstracker/server.js", "storybook": "storybook dev -p 6006" }, "dependencies": { diff --git a/apps/vpnmanager/.env b/apps/vpnmanager/.env index 0bb4be0ec0..4c3ca62ccb 100644 --- a/apps/vpnmanager/.env +++ b/apps/vpnmanager/.env @@ -1,3 +1 @@ SENTRY_ENVIRONMENT=local -SENTRY_ORG=code-for-africa -SENTRY_PROJECT=vpnmanager diff --git a/apps/vpnmanager/package.json b/apps/vpnmanager/package.json index fc6cf75a1b..c09c7c693d 100644 --- a/apps/vpnmanager/package.json +++ b/apps/vpnmanager/package.json @@ -5,7 +5,7 @@ "scripts": { "dev": "next dev", "build": "next build", - "start": "next start", + "start": "node --env-file=.env --env-file=.env.local .next/standalone/apps/vpnmanager/server.js", "lint-check": "TIMING=1 next lint './'", "lint": "TIMING=1 next lint --fix './'", "clean": "rm -rf .next .turbo node_modules", diff --git a/docker-compose.yml b/docker-compose.yml index 29370bcd8e..b396686886 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,101 +2,77 @@ services: charterafrica: build: secrets: + - mongo_url + - payload_secret - sentry_auth_token + - sentry_org + - sentry_project + - payload_secret_key context: . target: charterafrica-runner args: - - MONGO_URL=mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/charterafrica?authSource=admin&directConnection=true - - PAYLOAD_SECRET_KEY - - SENTRY_ENVIRONMENT - - SENTRY_ORG - - SENTRY_PROJECT - environment: - S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID} - S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY} - S3_BUCKET: ${S3_BUCKET} - S3_REGION: ${S3_REGION} - MONGO_URL: mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/charterafrica?authSource=admin&directConnection=true - PAYLOAD_SECRET_KEY: ${PAYLOAD_SECRET_KEY} - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/charterafrica/.env + - path: ./apps/charterafrica/.env.local + required: false ports: - 3000:3000 civicsignalblog: build: secrets: + - mongo_url + - payload_secret - sentry_auth_token + - sentry_org + - sentry_project context: . target: civicsignalblog-runner args: - - MONGO_URL=${MONGO_URL} - - PAYLOAD_SECRET - - SENTRY_ENVIRONMENT - - SENTRY_ORG - - SENTRY_PROJECT - environment: - S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID} - S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY} - S3_BUCKET: ${S3_BUCKET} - S3_REGION: ${S3_REGION} - MONGO_URL: mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/civicsignalblog?authSource=admin&directConnection=true - PAYLOAD_SECRET: ${PAYLOAD_SECRET} - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/civicsignalblog/.env + - path: ./apps/civicsignalblog/.env.local + required: false ports: - 3000:3000 - codeforafrica: - depends_on: - mongodb: - condition: service_healthy + climatemappedafrica: build: secrets: + - mongo_url + - payload_secret - sentry_auth_token + - sentry_org + - sentry_project context: . - target: codeforafrica-runner + target: climatemappedafrica-runner args: - - MONGODB_URL=mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/codeforafrica?authSource=admin&directConnection=true - - PAYLOAD_SECRET - - SENTRY_ENVIRONMENT - - SENTRY_ORG - - SENTRY_PROJECT - environment: - S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID} - S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY} - S3_BUCKET: ${S3_BUCKET} - S3_REGION: ${S3_REGION} - MONGODB_URL: mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/codeforafrica?authSource=admin&directConnection=true - PAYLOAD_SECRET: ${PAYLOAD_SECRET} - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/climatemappedafrica/.env + - path: ./apps/climatemappedafrica/.env.local + required: false ports: - 3000:3000 - climatemappedafrica: + codeforafrica: build: + secrets: + - mongodb_url + - payload_secret + - sentry_auth_token + - sentry_org + - sentry_project context: . - target: climatemappedafrica-runner + target: codeforafrica-runner args: - - MONGO_URL=mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/climatemappedafrica?authSource=admin&directConnection=true - - PAYLOAD_SECRET - - SENTRY_ENVIRONMENT - - SENTRY_ORG - - SENTRY_PROJECT - environment: - MONGO_URL: mongodb://${MONGO_INITDB_ROOT_USERNAME:-root}:${MONGO_INITDB_ROOT_PASSWORD:-rootpassword}@host.docker.internal:${MONGODB_PORT:-27017}/climatemappedafrica?authSource=admin&directConnection=true - PAYLOAD_SECRET: ${PAYLOAD_SECRET} - S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID} - S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY} - S3_BUCKET: ${S3_BUCKET} - S3_REGION: ${S3_REGION} - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/codeforafrica/.env + - path: ./apps/codeforafrica/.env.local + required: false ports: - 3000:3000 @@ -124,66 +100,60 @@ services: pesayetu: build: + secrets: + - jwt_secret_key + - sentry_auth_token + - sentry_org + - sentry_project + - wordpress_application_password + - wordpress_application_username + - wordpress_preview_secret context: . target: pesayetu-runner args: - - WORDPRESS_URL - - WORDPRESS_PREVIEW_SECRET - - WORDPRESS_APPLICATION_USERNAME - - WORDPRESS_APPLICATION_PASSWORD - - JWT_SECRET_KEY - - HURUMAP_API_URL - environment: - WORDPRESS_URL: ${WORDPRESS_URL} - WORDPRESS_PREVIEW_SECRET: ${WORDPRESS_PREVIEW_SECRET} - WORDPRESS_APPLICATION_USERNAME: ${WORDPRESS_APPLICATION_USERNAME} - WORDPRESS_APPLICATION_PASSWORD: ${WORDPRESS_APPLICATION_PASSWORD} - JWT_SECRET_KEY: ${JWT_SECRET_KEY} - HURUMAP_API_URL: ${HURUMAP_API_URL} - S3_UPLOAD_KEY: ${S3_UPLOAD_KEY} - S3_UPLOAD_SECRET: ${S3_UPLOAD_SECRET} - S3_UPLOAD_BUCKET: ${S3_UPLOAD_BUCKET} - S3_UPLOAD_REGION: ${S3_UPLOAD_REGION} + - HURUMAP_API_URL=${HURUMAP_API_URL} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + - WORDPRESS_URL=${WORDPRESS_URL} + env_file: + - path: ./apps/pesayetu/.env + - path: ./apps/pesayetu/.env.local + required: false ports: - 3000:3000 roboshield: build: secrets: + - mongo_url + - payload_secret - sentry_auth_token + - sentry_org + - sentry_project context: . target: roboshield-runner args: - - MONGO_URL - - PAYLOAD_SECRET - - SENTRY_ORG - - SENTRY_ENV - - SENTRY_PROJECT - environment: - S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID} - S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY} - S3_BUCKET: ${S3_BUCKET} - S3_REGION: ${S3_REGION} - MONGO_URL: ${MONGO_URL} - PAYLOAD_SECRET: ${PAYLOAD_SECRET} - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/roboshield/.env + - path: ./apps/roboshield/.env.local + required: false ports: - 3000:3000 techlabblog: build: + secrets: + - sentry_auth_token + - sentry_org + - sentry_project context: . target: techlabblog-runner args: - - SENTRY_ORG - - SENTRY_ENV - - SENTRY_PROJECT - environment: - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/techlabblog/.env + - path: ./apps/techlabblog/.env.local + required: false ports: - 3000:3000 @@ -194,7 +164,7 @@ services: # specify them here; they come from --env-file command-line argument(s) args: - NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL} - - SENTRY_ENVIRONMENT="local" + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} - SMTP_HOST=${SMTP_HOST} - SMTP_USER=${SMTP_USER} context: . @@ -202,6 +172,8 @@ services: - mongo_url - payload_secret - sentry_auth_token + - sentry_org + - sentry_project - smtp_pass target: trustlab-runner env_file: @@ -216,36 +188,36 @@ services: twoopstracker: build: + secrets: + - sentry_auth_token + - sentry_org + - sentry_project context: . target: twoopstracker-runner args: - - SENTRY_ORG - - SENTRY_ENV - - SENTRY_PROJECT - - TWOOPSTRACKER_API_URL - environment: - SENTRY_ORG: ${SENTRY_ORG} - SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT} - SENTRY_PROJECT: ${SENTRY_PROJECT} - TWOOPSTRACKER_API_URL: ${TWOOPSTRACKER_API_URL} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + - TWOOPSTRACKER_API_URL=${TWOOPSTRACKER_API_URL} + env_file: + - path: ./apps/twoopstracker/.env + - path: ./apps/twoopstracker/.env.local ports: - 3000:3000 vpnmanager: build: secrets: + - api_secret_key - sentry_auth_token + - sentry_org + - sentry_project context: . target: vpnmanager-runner args: - - SENTRY_ORG - - SENTRY_PROJECT - - SENTRY_DSN - - API_SECRET_KEY - environment: - NODE_ENV: ${NODE_ENV:-production} - NODE_TLS_REJECT_UNAUTHORIZED: 0 - NEXT_APP_VPN_API_URL: ${NEXT_APP_VPN_API_URL} + - SENTRY_DSN=${SENTRY_DSN} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + env_file: + - path: ./apps/vpnmanager/.env + - path: ./apps/vpnmanager/.env.local ports: - ${VPN_MANAGER_PORT:-3000}:3000 volumes: @@ -255,25 +227,46 @@ services: build: secrets: - sentry_auth_token + - sentry_org + - sentry_project context: . target: promisetracker-runner args: - - SENTRY_ORG - - SENTRY_PROJECT - - SENTRY_DSN - - API_SECRET_KEY - environment: - NODE_ENV: ${NODE_ENV:-production} + - SENTRY_DSN=${SENTRY_DSN} + env_file: + - path: ./apps/promisetracker/.env + - path: ./apps/promisetracker/.env.local + required: false ports: - ${PROMISE_TRACKER_PORT:-3000}:3000 + secrets: + api_secret_key: + environment: API_SECRET_KEY + jwt_secret_key: + environment: JWT_SECRET_KEY mongo_url: environment: MONGO_URL + mongodb_url: + environment: MONGODB_URL payload_secret: environment: PAYLOAD_SECRET + payload_secret_key: + environment: PAYLOAD_SECRET_KEY sentry_auth_token: environment: SENTRY_AUTH_TOKEN + sentry_org: + environment: SENTRY_ORG + sentry_project: + environment: SENTRY_PROJECT smtp_pass: environment: SMTP_PASS + wordpress_application_password: + environment: WORDPRESS_APPLICATION_PASSWORD + wordpress_application_username: + environment: WORDPRESS_APPLICATION_USERNAME + wordpress_preview_secret: + environment: WORDPRESS_PREVIEW_SECRET + volumes: db_data: diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 643fa6873c..050c804ef5 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -680,6 +680,9 @@ catalogs: payload: specifier: ^3.39.0 version: 3.39.1 + require-in-the-middle: + specifier: ^7.5.2 + version: 7.5.2 overrides: sharp: ^0.33.5 @@ -2158,6 +2161,9 @@ importers: react-rotating-text: specifier: 'catalog:' version: 1.4.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + require-in-the-middle: + specifier: catalog:payload-v3 + version: 7.5.2 robots-txt-parse: specifier: 'catalog:' version: 2.0.1 @@ -2443,7 +2449,7 @@ importers: specifier: 'catalog:' version: 18.3.1(react@18.3.1) require-in-the-middle: - specifier: ^7.5.2 + specifier: catalog:payload-v3 version: 7.5.2 sharp: specifier: ^0.33.5 @@ -26356,7 +26362,7 @@ snapshots: eslint: 9.27.0(jiti@1.21.7) eslint-import-resolver-node: 0.3.9 eslint-import-resolver-typescript: 3.10.1(eslint-plugin-import@2.31.0(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)) - eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-typescript@3.10.1)(eslint@9.27.0(jiti@1.21.7)) + eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.31.0(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)) eslint-plugin-jsx-a11y: 6.10.2(eslint@9.27.0(jiti@1.21.7)) eslint-plugin-react: 7.37.5(eslint@9.27.0(jiti@1.21.7)) eslint-plugin-react-hooks: 5.2.0(eslint@9.27.0(jiti@1.21.7)) @@ -26534,7 +26540,7 @@ snapshots: transitivePeerDependencies: - supports-color - eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-typescript@3.10.1)(eslint-import-resolver-webpack@0.13.10)(eslint@9.27.0(jiti@1.21.7)): + eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.31.0(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)): dependencies: '@rtsao/scc': 1.1.0 array-includes: 3.1.8 @@ -26545,7 +26551,7 @@ snapshots: doctrine: 2.1.0 eslint: 9.27.0(jiti@1.21.7) eslint-import-resolver-node: 0.3.9 - eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.10.1)(eslint-import-resolver-webpack@0.13.10)(eslint@9.27.0(jiti@1.21.7)) + eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.31.0(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)) hasown: 2.0.2 is-core-module: 2.16.1 is-glob: 4.0.3 @@ -26563,7 +26569,7 @@ snapshots: - eslint-import-resolver-webpack - supports-color - eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-typescript@3.10.1)(eslint@9.27.0(jiti@1.21.7)): + eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-typescript@3.10.1)(eslint-import-resolver-webpack@0.13.10)(eslint@9.27.0(jiti@1.21.7)): dependencies: '@rtsao/scc': 1.1.0 array-includes: 3.1.8 @@ -26574,7 +26580,7 @@ snapshots: doctrine: 2.1.0 eslint: 9.27.0(jiti@1.21.7) eslint-import-resolver-node: 0.3.9 - eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.10.1(eslint-plugin-import@2.31.0(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)))(eslint@9.27.0(jiti@1.21.7)) + eslint-module-utils: 2.12.0(@typescript-eslint/parser@8.32.1(eslint@9.27.0(jiti@1.21.7))(typescript@5.8.3))(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.10.1)(eslint-import-resolver-webpack@0.13.10)(eslint@9.27.0(jiti@1.21.7)) hasown: 2.0.2 is-core-module: 2.16.1 is-glob: 4.0.3 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index dcf6f064a0..5b6984035b 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -245,6 +245,7 @@ catalogs: "@payloadcms/ui": ^3.39.0 graphql: ^16.11.0 payload: ^3.39.0 + require-in-the-middle: ^7.5.2 react-19: "react": ^19.1.0 "react-dom": ^19.1.0 diff --git a/scripts/dc.sh b/scripts/dc.sh index 531bfa2080..3e882897dd 100755 --- a/scripts/dc.sh +++ b/scripts/dc.sh @@ -14,4 +14,4 @@ IMAGE_TAG=${IMAGE_TAG:-${REPO_SHA}} \ docker compose \ --env-file "./apps/${APP}/.env" \ --env-file "./apps/${APP}/.env.local" \ - up "${APP}" + up "${APP}" --build