diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml deleted file mode 100644 index 1058323d97..0000000000 --- a/.github/workflows/create-release.yaml +++ /dev/null @@ -1,60 +0,0 @@ -name: "Create Release" - -on: # yamllint disable-line rule:truthy - workflow_dispatch: - inputs: - RELEASE_TAG: - description: 'v{Major}.{Minor}.{Patch}' - -jobs: - release: - name: "Release" - permissions: - contents: write - runs-on: "ubuntu-latest" - - steps: - - - name: Checkout source - uses: actions/checkout@v3 - with: - token: ${{ secrets.ACTIONS_ACCESS_TOKEN }} - submodules: true - - - name: Create branch and tag submodule - run: | - git config user.email "actions@github.com" - git config user.name "actions-user" - git submodule update --init --remote - git checkout -b 'release-${{ inputs.RELEASE_TAG }}' - (cd calcom && git fetch --tags origin && git checkout 'refs/tags/${{ inputs.RELEASE_TAG }}') - git add calcom - git commit -m "tag version Cal.com version ${{ inputs.RELEASE_TAG }}" - git push origin 'release-${{ inputs.RELEASE_TAG }}' - - # note: instead of secrets.GITHUB_TOKEN here, we need to use a PAT - # so that the release creation triggers the image build workflow - - name: "Create release" - uses: "actions/github-script@v6" - with: - github-token: "${{ secrets.ACTIONS_ACCESS_TOKEN }}" - script: | - const isPreRelease = '${{ inputs.RELEASE_TAG }}'.includes('-rc'); - try { - const response = await github.rest.repos.createRelease({ - draft: false, - generate_release_notes: true, - body: 'For Cal.com release details, see: https://github.com/calcom/cal.com/releases/tag/${{ inputs.RELEASE_TAG }}', - name: '${{ inputs.RELEASE_TAG }}', - target_commitish: 'release-${{ inputs.RELEASE_TAG }}', - owner: context.repo.owner, - prerelease: isPreRelease, - repo: context.repo.repo, - tag_name: '${{ inputs.RELEASE_TAG }}', - }); - - core.exportVariable('RELEASE_ID', response.data.id); - core.exportVariable('RELEASE_UPLOAD_URL', response.data.upload_url); - } catch (error) { - core.setFailed(error.message); - } diff --git a/.github/workflows/docker-build-push-dockerhub.yml b/.github/workflows/docker-build-push-dockerhub.yml deleted file mode 100644 index c467e690cb..0000000000 --- a/.github/workflows/docker-build-push-dockerhub.yml +++ /dev/null @@ -1,199 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: Build and push image to DockerHub - -# Controls when the workflow will run -on: - push: - branches: - - 'main' - tags: - - 'v*' - # update on run of Update Calendso nightly submodule update - workflow_run: - workflows: ["Update Calendso"] - branches: [main] - types: - - completed - # Allow running workflow manually from the Actions tab - workflow_dispatch: - # Uncomment below to allow specific version workflow run - # inputs: - # version: - # description: 'Version to build' - # required: true - -# Leaving in example for releases. Initially we simply push to 'latest' -# on: - # release: - # types: [ created ] - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - # Free about 4.5 GB, elminating our disk space issues - tool-cache: true - - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it, uncomment below - # - name: Checkout code at specified version - # uses: actions/checkout@v2 - # with: - # ref: ${{ github.event.inputs.version }} - - - name: checkout - uses: actions/checkout@v4 - - - name: Git submodule update - run: | - git submodule update --init - - - name: Log in to the Docker Hub registry - uses: docker/login-action@v3 - with: - # Username used to log against the Docker registry - username: ${{ secrets.DOCKER_HUB_USERNAME }} - # Password or personal access token used to log against the Docker registry - password: ${{ secrets.DOCKER_HUB_TOKEN }} - # Log out from the Docker registry at the end of a job - logout: true # optional, default is true - - - name: Log in to the Github Container registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - docker.io/calendso/calendso - docker.io/calcom/cal.com - ghcr.io/calcom/cal.com - # Add flavor latest only on full releases, not on pre-releases - flavor: | - latest=${{ !github.event.release.prerelease }} - - - name: Copy env - run: | - grep -o '^[^#]*' .env.example > .env - cat .env >> $GITHUB_ENV - echo "DATABASE_HOST=localhost:5432" >> $GITHUB_ENV - eval $(sed -e '/^#/d' -e 's/^/export /' -e 's/$/;/' .env) ; - - # Temporarily disable ARM build due to runner performance issues - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v2 - - - name: Start database - run: | - docker compose up -d database - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - driver-opts: | - network=container:database - buildkitd-flags: | - --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host -# config-inline: | -# [worker.oci] -# max-parallelism = 1 - - - name: Build image - id: docker_build - uses: docker/build-push-action@v5 - with: - context: ./ - file: ./Dockerfile - load: true # Load the image into the Docker daemon - push: false # Do not push the image at this stage - platforms: linux/amd64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - NEXT_PUBLIC_WEBAPP_URL=${{ env.NEXT_PUBLIC_WEBAPP_URL }} - NEXT_PUBLIC_API_V2_URL=${{ env.NEXT_PUBLIC_API_V2_URL }} - NEXT_PUBLIC_LICENSE_CONSENT=${{ env.NEXT_PUBLIC_LICENSE_CONSENT }} - NEXT_PUBLIC_TELEMETRY_KEY=${{ env.NEXT_PUBLIC_TELEMETRY_KEY }} - DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }} - DATABASE_DIRECT_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }} - - - name: Test runtime - run: | - tags="${{ steps.meta.outputs.tags }}" - IFS=',' read -ra ADDR <<< "$tags" # Convert string to array using ',' as delimiter - tag=${ADDR[0]} # Get the first tag - - docker run --rm --network stack \ - -p 3000:3000 \ - -e DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \ - -e DATABASE_DIRECT_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \ - -e NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }} \ - -e CALENDSO_ENCRYPTION_KEY=${{ env.CALENDSO_ENCRYPTION_KEY }} \ - $tag & - - server_pid=$! - - - echo "Waiting for the server to start..." - sleep 120 - - echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login - - for i in {1..60}; do - echo "Checking server health ($i/60)..." - response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login) - echo "HTTP Status Code: $response" - if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then - echo "Server is healthy" - # Now, shutdown the server - kill $server_pid - exit 0 - fi - sleep 1 - done - - echo "Server health check failed" - kill $server_pid - exit 1 - env: - NEXTAUTH_SECRET: 'EI4qqDpcfdvf4A+0aQEEx8JjHxHSy4uWiZw/F32K+pA=' - CALENDSO_ENCRYPTION_KEY: '0zfLtY99wjeLnsM7qsa8xsT+Q0oSgnOL' - - - name: Push image - id: docker_push - uses: docker/build-push-action@v5 - with: - context: ./ - file: ./Dockerfile - push: true - platforms: linux/amd64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - NEXT_PUBLIC_WEBAPP_URL=${{ env.NEXT_PUBLIC_WEBAPP_URL }} - NEXT_PUBLIC_API_V2_URL=${{ env.NEXT_PUBLIC_API_V2_URL }} - NEXT_PUBLIC_LICENSE_CONSENT=${{ env.NEXT_PUBLIC_LICENSE_CONSENT }} - NEXT_PUBLIC_TELEMETRY_KEY=${{ env.NEXT_PUBLIC_TELEMETRY_KEY }} - DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }} - DATABASE_DIRECT_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }} - if: ${{ !github.event.release.prerelease }} - - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} - - - name: Cleanup - run: | - docker compose down diff --git a/.github/workflows/docker-build-push-ghcr.yaml b/.github/workflows/docker-build-push-ghcr.yaml new file mode 100644 index 0000000000..74e9299989 --- /dev/null +++ b/.github/workflows/docker-build-push-ghcr.yaml @@ -0,0 +1,132 @@ +name: Build and push image to GitHub Container Registry + +on: pull_request + +# on: +# push: +# branches: +# - "main" + +jobs: + build: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + ports: + # Maps tcp port 5432 on service container to the host + - 5432:5432 + + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + # Free about 4.5 GB, elminating our disk space issues + tool-cache: true + + - name: checkout + uses: actions/checkout@v4 + + - name: Git submodule update + run: | + git submodule update --init + + - name: Log in to the Github Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository_owner }}/cal.com + tags: | + type=sha,prefix=,format=short + + - name: Build image + id: docker_build + uses: docker/build-push-action@v5 + with: + context: ./ + file: ./Dockerfile + load: true # Load the image into the Docker daemon + push: false # Do not push the image at this stage + platforms: linux/amd64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + NEXT_PUBLIC_WEBAPP_URL=${{ secrets.NEXT_PUBLIC_WEBAPP_URL }} + NEXT_PUBLIC_API_V2_URL=${{ secrets.NEXT_PUBLIC_API_V2_URL }} + NEXT_PUBLIC_LICENSE_CONSENT=${{ secrets.NEXT_PUBLIC_LICENSE_CONSENT }} + + - name: Test runtime + run: | + tags="${{ steps.meta.outputs.tags }}" + IFS=',' read -ra ADDR <<< "$tags" # Convert string to array using ',' as delimiter + tag=${ADDR[0]} # Get the first tag + + NETWORK=$(docker network ls --format {{.Name}} --filter name=github_network) + + docker run --rm \ + --network $NETWORK \ + -p 3000:3000 \ + -e NEXT_PUBLIC_WEBAPP_URL=localhost:3000 \ + -e NEXT_PUBLIC_API_V2_URL=${{ secrets.NEXT_PUBLIC_API_V2_URL }} \ + -e DATABASE_URL=postgresql://postgres:postgres@postgres:5432/calendso \ + -e DATABASE_DIRECT_URL=postgresql://postgres:postgres@postgres:5432/calendso \ + -e NEXTAUTH_SECRET="${{ secrets.NEXTAUTH_SECRET }}" \ + -e CALENDSO_ENCRYPTION_KEY="${{ secrets.CALENDSO_ENCRYPTION_KEY }}" \ + $tag & + + server_pid=$! + + echo "Waiting for the server to start..." + sleep 120 + + echo localhost:3000/auth/login + + for i in {1..60}; do + echo "Checking server health ($i/60)..." + response=$(curl -o /dev/null -s -w "%{http_code}" localhost:3000/auth/login) + echo "HTTP Status Code: $response" + if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then + echo "Server is healthy" + # Now, shutdown the server + kill $server_pid + exit 0 + fi + sleep 1 + done + + echo "Server health check failed" + kill $server_pid + exit 1 + + - name: Push image + id: docker_push + uses: docker/build-push-action@v5 + with: + context: ./ + file: ./Dockerfile + push: true + platforms: linux/amd64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + NEXT_PUBLIC_WEBAPP_URL=${{ secrets.NEXT_PUBLIC_WEBAPP_URL }} + NEXT_PUBLIC_API_V2_URL=${{ secrets.NEXT_PUBLIC_API_V2_URL }} + NEXT_PUBLIC_LICENSE_CONSENT=${{ secrets.NEXT_PUBLIC_LICENSE_CONSENT }} + if: ${{ !github.event.release.prerelease }} diff --git a/.github/workflows/scarf-data-export.yml b/.github/workflows/scarf-data-export.yml deleted file mode 100644 index 64a76e3eeb..0000000000 --- a/.github/workflows/scarf-data-export.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Export Scarf data -on: - schedule: - - cron: '0 0 * * *' - -jobs: - export-scarf-data: - runs-on: ubuntu-latest - steps: - - uses: docker://scarf.docker.scarf.sh/scarf-sh/scarf-postgres-exporter:latest - env: - SCARF_API_TOKEN: ${{ secrets.SCARF_API_TOKEN }} - SCARF_ENTITY_NAME: Calcom - PSQL_CONN_STRING: ${{ secrets.PSQL_CONN_STRING }} diff --git a/.github/workflows/update-submodules.yml b/.github/workflows/update-submodules.yml deleted file mode 100644 index 87a8b75307..0000000000 --- a/.github/workflows/update-submodules.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Update Calendso -on: - schedule: - - cron: "0 4 * * *" - workflow_dispatch: ~ - -jobs: - sync: - name: 'Submodules Sync' - runs-on: ubuntu-latest - defaults: - run: - shell: bash - steps: - - name: checkout - uses: actions/checkout@v3 - - - name: Git submodule update - run: | - git submodule update --remote --init - - - name: Commit - run: | - git config user.email "actions@github.com" - git config user.name "actions-user" - git commit -am "Auto updated submodule references" && git push || echo "No changes to commit" diff --git a/Dockerfile b/Dockerfile index 2370be8c7e..56ddb352a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,18 +4,16 @@ WORKDIR /calcom ARG NEXT_PUBLIC_LICENSE_CONSENT ARG CALCOM_TELEMETRY_DISABLED -ARG DATABASE_URL ARG NEXTAUTH_SECRET=secret ARG CALENDSO_ENCRYPTION_KEY=secret ARG MAX_OLD_SPACE_SIZE=4096 +ARG NEXT_PUBLIC_WEBAPP_URL ARG NEXT_PUBLIC_API_V2_URL ENV NEXT_PUBLIC_WEBAPP_URL=http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER \ NEXT_PUBLIC_API_V2_URL=$NEXT_PUBLIC_API_V2_URL \ NEXT_PUBLIC_LICENSE_CONSENT=$NEXT_PUBLIC_LICENSE_CONSENT \ CALCOM_TELEMETRY_DISABLED=$CALCOM_TELEMETRY_DISABLED \ - DATABASE_URL=$DATABASE_URL \ - DATABASE_DIRECT_URL=$DATABASE_URL \ NEXTAUTH_SECRET=${NEXTAUTH_SECRET} \ CALENDSO_ENCRYPTION_KEY=${CALENDSO_ENCRYPTION_KEY} \ NODE_OPTIONS=--max-old-space-size=${MAX_OLD_SPACE_SIZE} \ @@ -31,14 +29,11 @@ COPY calcom/tests ./tests RUN yarn config set httpTimeout 1200000 RUN npx turbo prune --scope=@calcom/web --docker RUN yarn install -RUN yarn db-deploy -RUN yarn --cwd packages/prisma seed-app-store +RUN yarn prisma generate # Build and make embed servable from web/public/embed folder RUN yarn --cwd packages/embeds/embed-core workspace @calcom/embed-core run build RUN yarn --cwd apps/web workspace @calcom/web run build -# RUN yarn plugin import workspace-tools && \ -# yarn workspaces focus --all --production RUN rm -rf node_modules/.cache .yarn/cache apps/web/.next/cache FROM node:18 as builder-two @@ -77,6 +72,6 @@ ENV NODE_ENV production EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=30s --retries=5 \ - CMD wget --spider http://localhost:3000 || exit 1 + CMD wget --spider $NEXT_PUBLIC_WEBAPP_URL || exit 1 CMD ["/calcom/scripts/start.sh"] diff --git a/README.md b/README.md index 7cc9a5f8c8..6452620e4a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,14 @@ +# Lonestone Calcom + +This repository is a fork from [@calcom/docker](https://github.com/calcom/docker). + +## Contents + +### 1. [Setup project](SETUP.md) (Our documentation) +### 2. [Docker](#Docker) (official documentation from the original repo) +### 3. [Security note](SECURITY.md) (from the original repo) + +

diff --git a/SETUP.md b/SETUP.md new file mode 100644 index 0000000000..39afc24954 --- /dev/null +++ b/SETUP.md @@ -0,0 +1,62 @@ +# Setup of the project + +> :bulb: Here is the configuration of the repository and how to build and push the image. For more information about the entire configuration of the project, please see the Notion page [here](https://www.notion.so/lonestone/Projet-serveur-d-di-bde6f27f67724ec89e57999b42f8dec4). + +## Steps + +1. *Set required environment variables* + + List of required **Build-time variables** (⚠️ useful to build Docker image). **Set these variables in Actions secrets in the repository**. + + ```bash + # Optional but maybe important for the production + NEXT_PUBLIC_LICENSE_CONSENT= + + NEXT_PUBLIC_WEBAPP_URL= + + # Set this to the default value (normally optional but recommended) + NEXT_PUBLIC_API_V2_URL= + + # It is highly recommended that the NEXTAUTH_SECRET must be overridden and very unique + # Use `openssl rand -base64 32` to generate a key + NEXTAUTH_SECRET= + + # Encryption key that will be used to encrypt CalDAV credentials, choose a random string, for example with `dd if=/dev/urandom bs=1K count=1 | md5sum` + CALENDSO_ENCRYPTION_KEY= + # [...] + + # Set this to '1' if you don't want Cal to collect anonymous usage + CALCOM_TELEMETRY_DISABLED=1 + ``` + + + > 💡 On peut utiliser les valeurs par défaut de `.env.example` pour tester en local + +2. Modification of the Dockerfile + + ```diff + + ARG NEXTAUTH_SECRET=secret + ARG CALENDSO_ENCRYPTION_KEY=secret + ARG MAX_OLD_SPACE_SIZE=4096 + + ARG NEXT_PUBLIC_WEBAPP_URL + ARG NEXT_PUBLIC_API_V2_URL + + [...] + + RUN yarn install + + RUN yarn prisma generate + - RUN yarn db-deploy + - RUN yarn --cwd packages/prisma seed-app-store + + HEALTHCHECK --interval=30s --timeout=30s --retries=5 \ + - CMD wget --spider http://localhost:3000 || exit 1 + + CMD wget --spider $NEXT_PUBLIC_WEBAPP_URL || exit 1 + ``` + + Explanation : + - Added `NEXT_PUBLIC_WEBAPP_URL` to be able to use the value given in our secrets. + - Added `RUN yarn prisma generate`: We need this command to avoid *module not found* errors when building `@calcom/web`. This will generate a prisma client based on the `schema.prisma` + - Removed `RUN yarn db-deploy`: We want to avoid performing migrations when building the Docker image, this allows us to avoid having to give access to the database. The migrations will be carried out when the containers are launched (using the script [`start.sh`](http://start.sh) which is the entry point of the container. + - Removed `RUN yarn --cwd packages/prisma seed-app-store`: Basically it was to avoid a *module not found* error (but the problem was surely resolved with the addition of the generation ), but ultimately we don't even need it anymore because we don't use the database during the build. + - Modification of the Healthcheck with the use of our url instead of `localhost:3000`