-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Seprated env variables for specific app containers and added SSL feature using caddy #5429
base: preview
Are you sure you want to change the base?
Conversation
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the WalkthroughThe updates implement a configuration for a Caddy web server, modifying the GitHub Actions workflow for building Docker images and enhancing the Docker Compose setup. New environment variables for SSL management and reverse proxy settings are established. A structured Caddyfile template is created for routing, and reusable YAML anchors streamline environment variable declarations. Additionally, a new job for asset publishing during releases is added to the workflow, alongside the introduction of a "live" service in the deployment configuration. The installation script is also improved to handle errors and manage release versions. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Caddy
participant App
User->>Caddy: Request
Caddy->>App: Reverse Proxy to appropriate service
App-->>Caddy: Response
Caddy-->>User: Return response
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
Outside diff range, codebase verification and nitpick comments (2)
deploy/selfhost/docker-compose.yml (2)
205-205
: Add a new line character at the end of the file.The file is missing a new line character at the end.
Apply this diff to fix the issue:
+
Tools
yamllint
[error] 205-205: no new line character at the end of file
(new-line-at-end-of-file)
[error] 205-205: trailing spaces
(trailing-spaces)
205-205
: Remove trailing spaces at the end of the file.The file has trailing spaces at the end.
Apply this diff to fix the issue:
-
Tools
yamllint
[error] 205-205: no new line character at the end of file
(new-line-at-end-of-file)
[error] 205-205: trailing spaces
(trailing-spaces)
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (6)
- .github/workflows/build-branch.yml (1 hunks)
- caddy/Caddyfile.template (1 hunks)
- caddy/Dockerfile (1 hunks)
- caddy/caddy.sh (1 hunks)
- deploy/selfhost/docker-compose.yml (6 hunks)
- deploy/selfhost/variables.env (2 hunks)
Additional context used
Shellcheck
caddy/caddy.sh
[warning] 3-3: Declare and assign separately to avoid masking return values.
(SC2155)
[warning] 3-3: Quote this to prevent word splitting.
(SC2046)
GitHub Check: Codacy Static Code Analysis
caddy/Dockerfile
[warning] 1-1: caddy/Dockerfile#L1
Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag
yamllint
deploy/selfhost/docker-compose.yml
[error] 205-205: no new line character at the end of file
(new-line-at-end-of-file)
[error] 205-205: trailing spaces
(trailing-spaces)
Additional comments not posted (25)
caddy/caddy.sh (1)
4-4
: LGTM!The line is correctly implemented.
The code changes are approved.
caddy/Dockerfile (1)
3-9
: LGTM!The lines are correctly implemented.
The code changes are approved.
caddy/Caddyfile.template (3)
1-17
: LGTM!The section is correctly implemented.
The code changes are approved.
19-28
: LGTM!The section is correctly implemented.
The code changes are approved.
30-32
: LGTM!The section is correctly implemented.
The code changes are approved.
deploy/selfhost/variables.env (4)
3-3
: LGTM!The
SSL
variable is correctly added with a default value offalse
.The code changes are approved.
33-33
: LGTM!The
CERT_EMAIL
variable is correctly added with a default value of[email protected]
.The code changes are approved.
34-34
: LGTM!The
CERT_ACME_CA
variable is correctly added with a default value ofhttps://acme-v02.api.letsencrypt.org/directory
.The code changes are approved.
35-35
: LGTM!The
TRUSTED_PROXIES
variable is correctly added with a default value of0.0.0.0/0
.The code changes are approved.
deploy/selfhost/docker-compose.yml (15)
1-9
: LGTM!The
x-db-env
anchor is correctly added to encapsulate PostgreSQL environment variables, improving modularity and reducing redundancy.The code changes are approved.
10-14
: LGTM!The
x-redis-env
anchor is correctly added to encapsulate Redis environment variables, improving modularity and reducing redundancy.The code changes are approved.
15-25
: LGTM!The
x-data-store-env
anchor is correctly added to encapsulate MinIO environment variables, improving modularity and reducing redundancy.The code changes are approved.
26-34
: LGTM!The
x-proxy-env
anchor is correctly added to encapsulate proxy environment variables, improving modularity and reducing redundancy.The code changes are approved.
97-98
: LGTM!The
environment
in serviceapi
is correctly updated to include<<: [ *app-env, *db-env, *redis-env, *data-store-env, *proxy-env ]
, improving maintainability and clarity.The code changes are approved.
111-112
: LGTM!The
environment
in serviceworker
is correctly updated to include<<: [ *app-env, *db-env, *redis-env, *data-store-env, *proxy-env ]
, improving maintainability and clarity.The code changes are approved.
126-127
: LGTM!The
environment
in servicebeat-worker
is correctly updated to include<<: [ *app-env, *db-env, *redis-env, *data-store-env, *proxy-env ]
, improving maintainability and clarity.The code changes are approved.
141-142
: LGTM!The
environment
in servicemigrator
is correctly updated to include<<: [ *app-env, *db-env, *redis-env, *data-store-env, *proxy-env ]
, improving maintainability and clarity.The code changes are approved.
152-153
: LGTM!The
environment
in serviceplane-db
is correctly updated to include<<: *db-env
, improving maintainability and clarity.The code changes are approved.
161-162
: LGTM!The
environment
in serviceplane-redis
is correctly updated to include<<: *redis-env
, improving maintainability and clarity.The code changes are approved.
171-172
: LGTM!The
environment
in serviceplane-minio
is correctly updated to include<<: *data-store-env
, improving maintainability and clarity.The code changes are approved.
183-184
: LGTM!The
ports
in serviceproxy
are correctly updated to useLISTEN_HTTP_PORT
andLISTEN_HTTPS_PORT
variables, providing greater flexibility in configuring the service's network settings.The code changes are approved.
186-187
: LGTM!The
volumes
in serviceproxy
are correctly updated to includecaddy_config
andcaddy_data
, indicating an expansion in the functionality of the proxy service.The code changes are approved.
188-189
: LGTM!The
environment
in serviceproxy
is correctly updated to include<<: *proxy-env
, improving maintainability and clarity.The code changes are approved.
203-204
: LGTM!The
volumes
section is correctly updated to includecaddy_config
andcaddy_data
, indicating an expansion in the functionality of the proxy service.The code changes are approved.
.github/workflows/build-branch.yml (1)
333-334
: LGTM!The
context
andfile
paths in thebranch_build_push_proxy
job are correctly updated to use thecaddy
directory, indicating a shift in the technology or configuration being utilized for the proxy service.The code changes are approved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (3)
- caddy/caddy.sh (1 hunks)
- deploy/selfhost/docker-compose.yml (6 hunks)
- deploy/selfhost/variables.env (2 hunks)
Files skipped from review as they are similar to previous changes (1)
- deploy/selfhost/variables.env
Additional context used
Shellcheck
caddy/caddy.sh
[warning] 3-3: In POSIX sh, == in place of = is undefined.
(SC3014)
[warning] 5-5: In POSIX sh, == in place of = is undefined.
(SC3014)
yamllint
deploy/selfhost/docker-compose.yml
[error] 204-204: no new line character at the end of file
(new-line-at-end-of-file)
[error] 204-204: trailing spaces
(trailing-spaces)
Additional comments not posted (3)
deploy/selfhost/docker-compose.yml (3)
1-8
: Excellent use of YAML anchors for environment variables.The introduction of
x-db-env
,x-redis-env
,x-data-store-env
, andx-proxy-env
enhances modularity and reduces redundancy. This approach allows for cleaner and more maintainable Docker Compose configurations.The changes are approved.
Also applies to: 10-14, 15-25, 26-34
96-97
: Proper usage of YAML anchors in service configurations.The environment variable declarations for services like
api
,worker
,beat-worker
,migrator
,plane-db
,plane-redis
,plane-minio
, andproxy
correctly utilize the defined YAML anchors. This ensures that each service inherits the necessary environment variables without cluttering the main service definitions.The changes are approved.
Also applies to: 110-111, 125-126, 140-141, 151-152, 160-161, 170-171, 187-188
Line range hint
182-203
: Dynamic port mapping and volume additions for the proxy service.The changes to port mapping and the addition of
caddy_config
andcaddy_data
volumes for the proxy service are well-implemented, providing flexibility and supporting the management of SSL certificates and configuration files.The changes are approved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/variables.env (2 hunks)
Additional comments not posted (2)
deploy/selfhost/variables.env (2)
3-3
: Review SSL default setting.The
SSL=false
setting is appropriate for default configurations, ensuring that SSL is opt-in rather than enforced by default. This approach supports backward compatibility and flexibility for environments where SSL might not be necessary.The default setting is approved as it provides flexibility in deployment.
35-35
: Review ACME CA URL setting.The
CERT_ACME_CA=https://acme-v02.api.letsencrypt.org/directory
is correctly set to point to the Let's Encrypt ACME directory. This setting is crucial for the automatic issuance and renewal of SSL certificates.The ACME CA URL is correctly configured for SSL certificate management.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
deploy/selfhost/docker-compose.yml
Outdated
SSL: ${SSL:-false} | ||
APP_DOMAIN: ${APP_DOMAIN:-localhost} | ||
FILE_SIZE_LIMIT: ${FILE_SIZE_LIMIT:-5242880} | ||
CERT_EMAIL: ${CERT_EMAIL:[email protected]} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change it to CERT_EMAIL: ${CERT_EMAIL}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done changes
deploy/selfhost/docker-compose.yml
Outdated
CERT_EMAIL: ${CERT_EMAIL:[email protected]} | ||
CERT_ACME_CA: ${CERT_ACME_CA:-} | ||
LISTEN_HTTP_PORT: ${LISTEN_PORT:-80} | ||
LISTEN_HTTPS_PORT: ${LISTEN_SSL_PORT} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change this to LISTEN_HTTPS_PORT: ${LISTEN_SSL_PORT:-443}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done changes
deploy/selfhost/variables.env
Outdated
@@ -28,6 +30,11 @@ REDIS_HOST=plane-redis | |||
REDIS_PORT=6379 | |||
REDIS_URL= | |||
|
|||
# If SSL Cert to be generated, set CERT_EMAIL and APP_PROTOCOL to https | |||
[email protected] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
leave it empty without value CERT_EMAIL=
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed it to empty
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/variables.env (2 hunks)
Additional comments not posted (4)
deploy/selfhost/variables.env (4)
3-3
: SSL Default SettingThe
SSL=false
setting is clear and indicates that SSL is not enabled by default. This is a safe default but ensure that documentation or deployment scripts clearly guide users on how to enable SSL if needed.
10-11
: Review Server Port ConfigurationThe configuration includes both standard HTTP (
LISTEN_PORT=80
) and HTTPS (LISTEN_SSL_PORT=443
) ports. This setup is typical and appropriate for applications that may switch between SSL and non-SSL modes. Ensure firewall and security group settings are configured to appropriately expose these ports based on the environment.
35-35
: Specify ACME CA for SSL CertificatesThe
CERT_ACME_CA=https://acme-v02.api.letsencrypt.org/directory
setting specifies the ACME directory URL for Let's Encrypt, which is standard for obtaining SSL certificates. This setting is correctly configured for environments that will use Let's Encrypt as the CA.
36-36
: Review Trusted Proxies SettingSetting
TRUSTED_PROXIES=0.0.0.0/0
allows all IP addresses to be trusted as proxies. This setting can introduce security risks if not properly managed, especially in a production environment. Consider restricting this setting to specific IP ranges or addresses that are known to be secure to mitigate potential security risks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/docker-compose.yml (6 hunks)
Additional context used
yamllint
deploy/selfhost/docker-compose.yml
[error] 204-204: no new line character at the end of file
(new-line-at-end-of-file)
[error] 204-204: trailing spaces
(trailing-spaces)
Additional comments not posted (14)
deploy/selfhost/docker-compose.yml (14)
1-8
: Well-defined PostgreSQL environment configuration.The anchor
x-db-env
is well-structured and uses environment variables with sensible defaults, which enhances the configurability and isolation of PostgreSQL settings.
10-13
: Well-defined Redis environment configuration.The anchor
x-redis-env
is correctly set up with default values, facilitating better management of Redis settings.
15-24
: Comprehensive MinIO environment configuration.The anchor
x-data-store-env
includes comprehensive settings for MinIO, including AWS compatibility, which enhances the flexibility and configurability of data storage settings.
26-33
: Robust proxy environment configuration with SSL support.The anchor
x-proxy-env
is crucial for the SSL feature added by this PR. It includes settings for SSL, domain, and port configurations, enhancing the security and flexibility of the proxy service.
34-46
: Comprehensive application environment configuration.The anchor
x-app-env
is set up with a variety of settings that are crucial for the application's operation, ensuring a robust configuration management.
96-97
: Well-configured API service with comprehensive environment settings.The service
api
uses combined environment variables from all anchors, ensuring that it has all necessary configurations for robust operation.
110-111
: Consistent environment configuration across backend services.The service
worker
mirrors theapi
service in using combined environment variables from all anchors, ensuring consistency and comprehensive settings.
125-126
: Uniform environment configuration for scheduled tasks.The service
beat-worker
uses combined environment variables from all anchors, ensuring uniformity and comprehensive settings for scheduled tasks.
140-141
: Consistent environment configuration for migration tasks.The service
migrator
uses combined environment variables from all anchors, ensuring consistency and comprehensive settings for migration tasks.
151-152
: Properly configured database service.The service
plane-db
uses thedb-env
anchor for environment variables, ensuring that it has all necessary PostgreSQL configurations for robust operation.
160-161
: Well-configured Redis service.The service
plane-redis
uses theredis-env
anchor for environment variables, ensuring that it is properly configured for robust operation.
170-171
: Properly configured MinIO service.The service
plane-minio
uses thedata-store-env
anchor for environment variables, ensuring that it has all necessary configurations for robust data storage operation.
182-188
: Enhanced proxy service configuration with SSL support.The service
proxy
uses theproxy-env
anchor for environment variables, including SSL settings. The dynamic port mapping enhances the flexibility and security of the proxy service.
202-203
: Appropriate addition of SSL-related volumes.The new volumes
caddy_config
andcaddy_data
are appropriately added, likely for managing SSL certificates and configuration files for the proxy service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (2)
- .github/workflows/build-branch.yml (1 hunks)
- deploy/selfhost/install.sh (4 hunks)
Additional context used
Shellcheck
deploy/selfhost/install.sh
[warning] 238-238: Quote this to prevent word splitting.
(SC2046)
[warning] 241-241: Quote this to prevent word splitting.
(SC2046)
[warning] 248-248: Quote this to prevent word splitting.
(SC2046)
[warning] 251-251: Quote this to prevent word splitting.
(SC2046)
GitHub Check: Codacy Static Code Analysis
deploy/selfhost/install.sh
[warning] 238-238: deploy/selfhost/install.sh#L238
Double quote to prevent globbing and word splitting.
[warning] 248-248: deploy/selfhost/install.sh#L248
Double quote to prevent globbing and word splitting.
Additional comments not posted (6)
.github/workflows/build-branch.yml (2)
333-334
: LGTM! But verify the Dockerfile path.The change to use Caddy instead of Nginx for the proxy service looks good. Ensure that the new Dockerfile path is correct and properly configured.
The code changes are approved.
Run the following script to verify the Dockerfile path:
Verification successful
Dockerfile Path and Configuration Verified
The Caddy Dockerfile exists at the specified path and appears to be correctly configured for running a Caddy server. The
FROM
statement and setup commands are present and appropriate. No further issues are identified.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the existence of the Caddy Dockerfile. # Test: Check if the Caddy Dockerfile exists. if [ -f "./caddy/Dockerfile" ]; then echo "Caddy Dockerfile exists." else echo "Caddy Dockerfile does not exist." exit 1 fiLength of output: 90
Script:
#!/bin/bash # Description: Check the contents of the Caddy Dockerfile for basic configuration. # Display the first few lines of the Dockerfile to check for a FROM statement. head -n 10 ./caddy/DockerfileLength of output: 213
343-390
: LGTM! But verify the new job configuration.The addition of the
publish_assets
job looks good. Ensure that the steps are correctly configured and that the assets are properly uploaded.The code changes are approved.
Run the following script to verify the new job configuration:
Verification successful
Verification Successful:
publish_assets
Job Configuration is CorrectThe
publish_assets
job is correctly configured with the necessary steps and conditions for release events. The job includes checking out files, updating shell scripts, and uploading assets as expected.
- The job runs on
ubuntu-latest
and depends on other build jobs.- It includes steps to update shell scripts and upload assets like
docker-compose.yaml
,variables.env
, andinstall.sh
.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the configuration of the `publish_assets` job. # Test: Check if the steps in the `publish_assets` job are correctly configured. rg --type yaml -A 10 $'publish_assets:\n if : ${{ github.event_name == \'release\' }}\n runs-on: ubuntu-latest\n needs: [branch_build_push_web, branch_build_push_admin, branch_build_push_space, branch_build_push_apiserver, branch_build_push_proxy]\n steps:\n - id: checkout_files\n name: Checkout Files\n uses: actions/checkout@v4\n - name: Update shell script branch\n run: |\n sed -i "s/^RELEASE_TAG=.*/RELEASE_TAG=${{ github.event.release.tag_name }}/" ./deploy/selfhost/install.sh\n sed -i "s/^export APP_RELEASE=.*/export APP_RELEASE=${{ github.event.release.tag_name }}/g" ./deploy/selfhost/install.sh\n sed -i "s/APP_RELEASE=stable/APP_RELEASE=${{ github.event.release.tag_name }}/g" ./deploy/selfhost/install.sh\n - name: Upload docker-compose.yaml\n uses: actions/[email protected]\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n with:\n upload_url: ${{ github.event.release.upload_url }}\n asset_path: ./deploy/selfhost/docker-compose.yml\n asset_name: docker-compose.yaml\n asset_content_type: application/octet-stream\n - name: Upload variables.env\n uses: actions/[email protected]\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n with:\n upload_url: ${{ github.event.release.upload_url }}\n asset_path: ./deploy/selfhost/variables.env\n asset_name: variables.env\n asset_content_type: application/octet-stream\n - name: Upload setup.sh\n uses: actions/[email protected]\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n with:\n upload_url: ${{ github.event.release.upload_url }}\n asset_path: ./deploy/selfhost/install.sh\n asset_name: setup.sh\n asset_content_type: application/octet-stream'Length of output: 4015
Script:
#!/bin/bash # Description: Verify the configuration of the `publish_assets` job using a simpler pattern. # Test: Check if the `publish_assets` job is defined and includes essential steps. rg --type yaml -A 20 'publish_assets:' .github/workflows/build-branch.ymlLength of output: 1132
deploy/selfhost/install.sh (4)
4-4
: LGTM!The introduction of the
RELEASE_TAG
variable improves the script's functionality by making it more adaptable to versioning.The code changes are approved.
170-171
: LGTM!The modification to replace
APP_RELEASE
with the latest value ensures that the variable is always up-to-date.The code changes are approved.
238-256
: LGTM!The modification to include the
RELEASE_TAG
variable in the download URLs enhances the robustness of the file retrieval process.The code changes are approved.
Tools
Shellcheck
[warning] 238-238: Quote this to prevent word splitting.
(SC2046)
[warning] 241-241: Quote this to prevent word splitting.
(SC2046)
[warning] 248-248: Quote this to prevent word splitting.
(SC2046)
[warning] 251-251: Quote this to prevent word splitting.
(SC2046)
GitHub Check: Codacy Static Code Analysis
[warning] 238-238: deploy/selfhost/install.sh#L238
Double quote to prevent globbing and word splitting.
[warning] 248-248: deploy/selfhost/install.sh#L248
Double quote to prevent globbing and word splitting.
362-362
: LGTM!The modification to include the
APP_RELEASE
variable in the download message improves clarity for the user regarding which version is being processed.The code changes are approved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/build.yml (1 hunks)
Additional comments not posted (1)
deploy/selfhost/build.yml (1)
29-29
: LGTM! But verify the new build context and Dockerfile.The change in build context from
./nginx
to./caddy
indicates a transition to using Caddy as the web server. Ensure that the new build context and Dockerfile are correctly set up for Caddy.The code changes are approved.
Run the following script to verify the existence and correctness of the new build context and Dockerfile:
Verification successful
Verification Successful: Caddy Build Context and Dockerfile Exist
The
caddy
directory and itsDockerfile
are present, confirming that the build context change is correctly set up for Caddy. No further issues are found with the transition from Nginx to Caddy.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the existence of the new build context and Dockerfile for Caddy. # Test: Check if the `caddy` directory exists. Expect: Directory exists. if [ -d "./caddy" ]; then echo "Caddy directory exists." else echo "Caddy directory does not exist." exit 1 fi # Test: Check if the `Dockerfile` exists in the `caddy` directory. Expect: File exists. if [ -f "./caddy/Dockerfile" ]; then echo "Dockerfile exists in the caddy directory." else echo "Dockerfile does not exist in the caddy directory." exit 1 fiLength of output: 202
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/install.sh (4 hunks)
Additional context used
Shellcheck
deploy/selfhost/install.sh
[warning] 238-238: Quote this to prevent word splitting.
(SC2046)
[warning] 241-241: Quote this to prevent word splitting.
(SC2046)
[warning] 248-248: Quote this to prevent word splitting.
(SC2046)
[warning] 251-251: Quote this to prevent word splitting.
(SC2046)
Additional comments not posted (4)
deploy/selfhost/install.sh (4)
4-4
: LGTM!The introduction of the
RELEASE_TAG
variable with a default value ofv0.22-dev
is a good enhancement for version management.
170-171
: LGTM!The update to replace
APP_RELEASE
with the latest value in thesyncEnvFile
function ensures that the environment variable is synchronized correctly.
176-176
: LGTM!The introduction of the
buildYourOwnImage
function to build Docker images locally is a useful addition for custom builds.
362-362
: LGTM!The update to download the specified
APP_RELEASE
version in theupgrade
function ensures that the correct version is downloaded during the upgrade process.
deploy/selfhost/install.sh
Outdated
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/docker-compose.yaml?$(date +%s) | ||
if [ $? -ne 0 ]; then | ||
# 2nd attempt to download the file for backward compatibility | ||
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s) | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to download the docker-compose.yaml file. Exiting..." | ||
exit 1 | ||
fi | ||
fi | ||
|
||
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/variables.env?$(date +%s) | ||
if [ $? -ne 0 ]; then | ||
# 2nd attempt to download the file for backward compatibility | ||
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/variables.env?$(date +%s) | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to download the variables.env file. Exiting..." | ||
exit 1 | ||
fi | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! But fix potential word splitting issues.
The update to use the RELEASE_TAG
variable for downloading files improves the download logic. However, there are potential issues with word splitting that need to be addressed.
Apply this diff to fix the word splitting issues:
- curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/docker-compose.yaml?$(date +%s)
+ curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/docker-compose.yaml" "https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/docker-compose.yaml?$(date +%s)"
- curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s)
+ curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/docker-compose.yaml" "https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s)"
- curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/variables.env?$(date +%s)
+ curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/variables-upgrade.env" "https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/variables.env?$(date +%s)"
- curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/variables.env?$(date +%s)
+ curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/variables-upgrade.env" "https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/variables.env?$(date +%s)"
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/docker-compose.yaml?$(date +%s) | |
if [ $? -ne 0 ]; then | |
# 2nd attempt to download the file for backward compatibility | |
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s) | |
if [ $? -ne 0 ]; then | |
echo "Failed to download the docker-compose.yaml file. Exiting..." | |
exit 1 | |
fi | |
fi | |
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/variables.env?$(date +%s) | |
if [ $? -ne 0 ]; then | |
# 2nd attempt to download the file for backward compatibility | |
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/variables.env?$(date +%s) | |
if [ $? -ne 0 ]; then | |
echo "Failed to download the variables.env file. Exiting..." | |
exit 1 | |
fi | |
fi | |
curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/docker-compose.yaml" "https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/docker-compose.yaml?$(date +%s)" | |
if [ $? -ne 0 ]; then | |
# 2nd attempt to download the file for backward compatibility | |
curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/docker-compose.yaml" "https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s)" | |
if [ $? -ne 0 ]; then | |
echo "Failed to download the docker-compose.yaml file. Exiting..." | |
exit 1 | |
fi | |
fi | |
curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/variables-upgrade.env" "https://github.com/makeplane/plane/releases/download/$RELEASE_TAG/variables.env?$(date +%s)" | |
if [ $? -ne 0 ]; then | |
# 2nd attempt to download the file for backward compatibility | |
curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/variables-upgrade.env" "https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/variables.env?$(date +%s)" | |
if [ $? -ne 0 ]; then | |
echo "Failed to download the variables.env file. Exiting..." | |
exit 1 | |
fi | |
fi |
Tools
Shellcheck
[warning] 238-238: Quote this to prevent word splitting.
(SC2046)
[warning] 241-241: Quote this to prevent word splitting.
(SC2046)
[warning] 248-248: Quote this to prevent word splitting.
(SC2046)
[warning] 251-251: Quote this to prevent word splitting.
(SC2046)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Outside diff range, codebase verification and nitpick comments (1)
deploy/selfhost/README.md (1)
109-117
: Configuration options updated for clarity.The updates to the configuration options, including
APP_DOMAIN
,LISTEN_PORT
,LISTEN_SSL_PORT
,WEB_URL
, andCORS_ALLOWED_ORIGINS
, improve the clarity of the instructions and provide users with more detailed guidance on setting up their environment.Please update the abbreviation "e.g." to use two periods, as suggested by the LanguageTool hints:
- (eg. `plane.example.com`) + (e.g., `plane.example.com`) - (eg. `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`) + (e.g., `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`) - (eg. `http://plane.example.com:8080,https://plane.example.com:8443`) + (e.g., `http://plane.example.com:8080,https://plane.example.com:8443`)The Markdownlint hints regarding blank lines inside blockquotes can be ignored as they are false positives in this context.
Tools
LanguageTool
[uncategorized] ~109-~109: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... the Fully Qualified Domain Name here. (eg.plane.example.com
) >LISTEN_PORT
-...(E_G)
[uncategorized] ~115-~115: The abbreviation “e.g.” (= for example) requires two periods.
Context: ...along with LISTEN_PORT/LISTEN_SSL_PORT (eg.https://plane.example.com:8443
or `ht...(E_G)
[uncategorized] ~117-~117: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... with LISTEN_PORT and LISTEN_SSL_PORT (eg. `http://plane.example.com:8080,https://...(E_G)
Markdownlint
110-110: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
112-112: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
114-114: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
116-116: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (3)
- .github/workflows/build-branch.yml (1 hunks)
- deploy/selfhost/README.md (9 hunks)
- deploy/selfhost/variables.env (2 hunks)
Additional context used
Markdownlint
deploy/selfhost/README.md
60-60: null
Fenced code blocks should have a language specified(MD040, fenced-code-language)
110-110: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
112-112: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
114-114: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
116-116: null
Blank line inside blockquote(MD028, no-blanks-blockquote)
LanguageTool
deploy/selfhost/README.md
[uncategorized] ~109-~109: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... the Fully Qualified Domain Name here. (eg.plane.example.com
) >LISTEN_PORT
-...(E_G)
[uncategorized] ~115-~115: The abbreviation “e.g.” (= for example) requires two periods.
Context: ...along with LISTEN_PORT/LISTEN_SSL_PORT (eg.https://plane.example.com:8443
or `ht...(E_G)
[uncategorized] ~117-~117: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... with LISTEN_PORT and LISTEN_SSL_PORT (eg. `http://plane.example.com:8080,https://...(E_G)
Additional comments not posted (10)
deploy/selfhost/variables.env (4)
3-3
: LGTM!The code changes are approved.
10-10
: LGTM!The code changes are approved.
11-11
: LGTM!The code changes are approved.
16-16
: LGTM!The code changes are approved.
.github/workflows/build-branch.yml (2)
333-334
: LGTM!The change from Nginx to Caddy aligns with the PR objective of adding SSL support. Caddy's automatic HTTPS capabilities will enhance the security of the deployed services.
343-400
: LGTM!The new
publish_assets
job is a great addition to the workflow. It automates the asset publishing process during releases, which will improve deployment efficiency and ensure that the correct versioned assets are available.deploy/selfhost/README.md (4)
58-58
: LGTM!The change in the section header from "Latest Stable Release" to "Latest Release" is approved as it reflects the shift in focus to the latest version available.
61-61
: LGTM!The addition of the
-p
flag to themkdir
command is approved as it ensures that the directory is created only if it does not already exist, enhancing robustness.
63-63
: LGTM!The introduction of the
RELEASE_VERSION
variable is approved as it allows for a more flexible approach to version specification, replacing the hardcoded URL.
65-65
: LGTM!The update to the curl command to use the
RELEASE_VERSION
variable is approved as it ensures that the correct version of the setup script is downloaded based on the specified version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/README.md (9 hunks)
Additional context used
Markdownlint
deploy/selfhost/README.md
60-60: null
Fenced code blocks should have a language specified(MD040, fenced-code-language)
LanguageTool
deploy/selfhost/README.md
[uncategorized] ~109-~109: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... the Fully Qualified Domain Name here. (eg.plane.example.com
) > >LISTEN_PORT
...(E_G)
[uncategorized] ~115-~115: The abbreviation “e.g.” (= for example) requires two periods.
Context: ...along with LISTEN_PORT/LISTEN_SSL_PORT (eg.https://plane.example.com:8443
or `ht...(E_G)
[uncategorized] ~117-~117: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... with LISTEN_PORT and LISTEN_SSL_PORT (eg. `http://plane.example.com:8080,https://...(E_G)
Additional comments not posted (9)
deploy/selfhost/README.md (9)
58-58
: LGTM!The header text change is approved.
61-61
: LGTM!The addition of the
-p
flag to themkdir
command is approved.
63-63
: LGTM!The introduction of the
RELEASE_VERSION
variable is approved.
65-65
: LGTM!The update to the URL for downloading
setup.sh
is approved.
141-141
: LGTM!The addition of the comment is approved.
176-176
: LGTM!The addition of the comment is approved.
204-204
: LGTM!The addition of the comment is approved.
232-232
: LGTM!The addition of the comment is approved.
Line range hint
359-382
: LGTM!The changes to the data restoration section are approved.
> `APP_DOMAIN` - Set the Fully Qualified Domain Name here. (eg. `plane.example.com`) | ||
> | ||
> `LISTEN_PORT` - This is default set to `80`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_PORT=8080`) | ||
> | ||
> `LISTEN_SSL_PORT` - This is default set to `443`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_SSL_PORT=8443`) | ||
> | ||
> `WEB_URL` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with LISTEN_PORT/LISTEN_SSL_PORT (eg. `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`) | ||
> | ||
> `CORS_ALLOWED_ORIGINS` - This is default set to `http://${APP_DOMAIN},https://${APP_DOMAIN}`. Change this to the FQDN you plan to use along with LISTEN_PORT and LISTEN_SSL_PORT (eg. `http://plane.example.com:8080,https://plane.example.com:8443`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
The changes to the configuration options are approved.
Fix the abbreviation for "for example".
The explanations use "eg." instead of "e.g." for the abbreviation "for example". Please update the occurrences of "eg." to "e.g.".
Apply this diff to fix the issue:
- (eg. `plane.example.com`)
+ (e.g., `plane.example.com`)
- (eg. `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`)
+ (e.g., `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`)
- (eg. `http://plane.example.com:8080,https://plane.example.com:8443`)
+ (e.g., `http://plane.example.com:8080,https://plane.example.com:8443`)
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
> `APP_DOMAIN` - Set the Fully Qualified Domain Name here. (eg. `plane.example.com`) | |
> | |
> `LISTEN_PORT` - This is default set to `80`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_PORT=8080`) | |
> | |
> `LISTEN_SSL_PORT` - This is default set to `443`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_SSL_PORT=8443`) | |
> | |
> `WEB_URL` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with LISTEN_PORT/LISTEN_SSL_PORT (eg. `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`) | |
> | |
> `CORS_ALLOWED_ORIGINS` - This is default set to `http://${APP_DOMAIN},https://${APP_DOMAIN}`. Change this to the FQDN you plan to use along with LISTEN_PORT and LISTEN_SSL_PORT (eg. `http://plane.example.com:8080,https://plane.example.com:8443`) | |
> `APP_DOMAIN` - Set the Fully Qualified Domain Name here. (e.g., `plane.example.com`) | |
> | |
> `LISTEN_PORT` - This is default set to `80`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_PORT=8080`) | |
> | |
> `LISTEN_SSL_PORT` - This is default set to `443`. Make sure the port you choose to use is not preoccupied. (e.g `LISTEN_SSL_PORT=8443`) | |
> | |
> `WEB_URL` - This is default set to `http://localhost`. Change this to the FQDN you plan to use along with LISTEN_PORT/LISTEN_SSL_PORT (e.g., `https://plane.example.com:8443` or `http://[IP-ADDRESS]:8080`) | |
> | |
> `CORS_ALLOWED_ORIGINS` - This is default set to `http://${APP_DOMAIN},https://${APP_DOMAIN}`. Change this to the FQDN you plan to use along with LISTEN_PORT and LISTEN_SSL_PORT (e.g., `http://plane.example.com:8080,https://plane.example.com:8443`) |
Tools
LanguageTool
[uncategorized] ~109-~109: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... the Fully Qualified Domain Name here. (eg.plane.example.com
) > >LISTEN_PORT
...(E_G)
[uncategorized] ~115-~115: The abbreviation “e.g.” (= for example) requires two periods.
Context: ...along with LISTEN_PORT/LISTEN_SSL_PORT (eg.https://plane.example.com:8443
or `ht...(E_G)
[uncategorized] ~117-~117: The abbreviation “e.g.” (= for example) requires two periods.
Context: ... with LISTEN_PORT and LISTEN_SSL_PORT (eg. `http://plane.example.com:8080,https://...(E_G)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (8)
- .github/workflows/build-branch.yml (1 hunks)
- aio/Dockerfile-app (3 hunks)
- aio/nginx.conf (1 hunks)
- aio/supervisord-app (1 hunks)
- caddy/Caddyfile.template (1 hunks)
- deploy/selfhost/build.yml (2 hunks)
- deploy/selfhost/docker-compose.yml (6 hunks)
- deploy/selfhost/variables.env (2 hunks)
Files skipped from review as they are similar to previous changes (2)
- .github/workflows/build-branch.yml
- caddy/Caddyfile.template
Additional context used
yamllint
deploy/selfhost/docker-compose.yml
[error] 19-19: trailing spaces
(trailing-spaces)
Additional comments not posted (17)
deploy/selfhost/build.yml (2)
20-24
: LGTM!The new
live
service configuration looks good. Using a dedicated Dockerfile for the live environment is a nice way to customize the build for that specific environment.
35-35
: Verify the Caddy configuration.The change in the build context for the
proxy
service looks good. Using Caddy instead of Nginx aligns with the PR objective of adding SSL support.Please ensure that:
- The Caddy configuration file (Caddyfile) is properly set up with the required directives for SSL and reverse proxy.
- The SSL certificates are correctly provisioned and renewed.
- The Caddy configuration is thoroughly tested to ensure that SSL is working as expected and the application is accessible via HTTPS.
deploy/selfhost/variables.env (3)
3-3
: LGTM!The code changes are approved.
35-35
: LGTM!The code changes are approved.
16-16
: LGTM!The code changes are approved.
aio/supervisord-app (1)
32-40
: LGTM!The new program configuration
[program:live]
looks good:
- It follows the same structure as the existing configurations, which is good for consistency.
- The logging configuration is set to log to
/dev/stdout
with no size limits, which is consistent with the existing configurations and is a good practice for containerized applications.- The environment variables are defined correctly, including a new port (3004) and an API base URL pointing to a local server, allowing the live server to run on a different port and communicate with the API server.
aio/nginx.conf (1)
48-54
: LGTM!The new location block for
/live/
is correctly configured for handling WebSocket connections.
- The
proxy_http_version
directive is set to 1.1, which is required for WebSocket connections.- The
Upgrade
,Connection
, andHost
headers are correctly set for WebSocket connections.- The
proxy_pass
directive is correctly set to forward requests to the new backend service running onhttp://localhost:3004/
.The code changes are approved.
aio/Dockerfile-app (3)
14-14
: LGTM!The addition of
--scope=live
to theturbo prune
command ensures that the "live" component is considered during the pruning phase of the build process.
56-56
: LGTM!The addition of
--filter=live
to theyarn turbo run build
command ensures that the "live" component is built alongside the existing components.
108-110
: LGTM!The added
COPY
commands ensure that the necessary files and directories for the "live" component are included in the final Docker image.deploy/selfhost/docker-compose.yml (7)
1-8
: LGTM!The
x-db-env
anchor is a good addition for organizing the PostgreSQL environment variables.
10-13
: LGTM!The
x-redis-env
anchor is a good addition for organizing the Redis environment variables.
20-30
: LGTM!The
x-data-store-env
anchor is a good addition for organizing the MinIO environment variables.
31-39
: LGTM!The
x-proxy-env
anchor is a good addition for organizing the proxy environment variables.
106-107
: LGTM!The environment variable declarations for the services have been improved by using the newly introduced anchors. This enhances the organization and maintainability of the configuration.
Also applies to: 124-125, 139-140, 155-156, 171-172, 182-183, 191-192, 209-210, 226-227
221-222
: LGTM!The port mapping for the proxy service has been improved by using environment variables. This provides flexibility in configuring the ports.
241-242
: Verify the purpose of the new volumes.The new volumes
caddy_config
andcaddy_data
have been added for the proxy service. Can you please provide more context on the purpose of these volumes and how they are being used by the Caddy web server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- aio/Dockerfile-app (4 hunks)
Files skipped from review as they are similar to previous changes (1)
- aio/Dockerfile-app
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Outside diff range, codebase verification and nitpick comments (1)
deploy/selfhost/variables.env (1)
3-3
: LGTM, but ensure SSL is enabled in production.The new
SSL
variable, set tofalse
by default, is suitable for local development environments.However, for production deployments, it is crucial to set
SSL=true
and configure a valid SSL certificate to ensure secure connections.
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (3)
- .github/workflows/build-branch.yml (1 hunks)
- deploy/selfhost/docker-compose.yml (6 hunks)
- deploy/selfhost/variables.env (2 hunks)
Files skipped from review as they are similar to previous changes (1)
- .github/workflows/build-branch.yml
Additional context used
yamllint
deploy/selfhost/docker-compose.yml
[error] 19-19: trailing spaces
(trailing-spaces)
Additional comments not posted (16)
deploy/selfhost/variables.env (2)
36-36
: LGTM!The
CERT_ACME_CA
variable is set to the correct URL for obtaining SSL certificates from Let's Encrypt.
16-16
: LGTM!The update to the
CORS_ALLOWED_ORIGINS
variable to include both HTTP and HTTPS origins is a good change to support environments with SSL enabled or disabled.deploy/selfhost/docker-compose.yml (14)
1-9
: LGTM!The introduction of the
x-db-env
anchor for PostgreSQL environment variables is a good practice for modular configuration management.
10-13
: LGTM!The introduction of the
x-redis-env
anchor for Redis environment variables is a good practice for modular configuration management.
15-18
: LGTM!The introduction of the
x-mq-env
anchor for RabbitMQ environment variables is a good practice for modular configuration management.
20-29
: LGTM!The introduction of the
x-data-store-env
anchor for MinIO environment variables is a good practice for modular configuration management.
31-38
: LGTM!The introduction of the
x-proxy-env
anchor for proxy environment variables is a good practice for modular configuration management.
40-41
: LGTM!The introduction of the
x-live-env
anchor for live service environment variables is a good practice for modular configuration management.
106-107
: LGTM!The update to the
environment
section of thelive
service to include thex-live-env
andx-redis-env
anchors is a good change for consolidating environment variable management.
124-125
: LGTM!The update to the
environment
section of theapi
service to include multiple environment variable anchors is a good change for consolidating environment variable management.
139-140
: LGTM!The update to the
environment
section of theworker
service to include multiple environment variable anchors is a good change for consolidating environment variable management.
155-156
: LGTM!The update to the
environment
section of thebeat-worker
service to include multiple environment variable anchors is a good change for consolidating environment variable management.
171-172
: LGTM!The update to the
environment
section of themigrator
service to include multiple environment variable anchors is a good change for consolidating environment variable management.
221-222
: LGTM!The update to the port mapping for the
proxy
service to use dynamic port definitions provides greater flexibility in configuring the service's network settings.
223-225
: LGTM!The addition of the
caddy_config
andcaddy_data
volumes for theproxy
service is a good change to support the management of SSL certificates and configuration files.
19-19
: Remove trailing spaces.The static analysis tool yamllint has flagged a trailing spaces issue at line 19.
Trailing spaces can cause issues with some tools and should be removed for consistency and cleanliness of the code.
Tools
yamllint
[error] 19-19: trailing spaces
(trailing-spaces)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- deploy/selfhost/install.sh (4 hunks)
Additional context used
Shellcheck
deploy/selfhost/install.sh
[warning] 244-244: Quote this to prevent word splitting.
(SC2046)
Additional comments not posted (4)
deploy/selfhost/install.sh (4)
4-4
: LGTM!The
RELEASE_TAG
variable declaration with a default value provides flexibility to manage different release versions.
170-171
: LGTM!The update to replace
APP_RELEASE
with the latest value ensures that the deployment reflects the correct application release version and improves the synchronization of environment variables.
239-242
: LGTM!The error handling after
curl
commands prevents the script from proceeding with potentially incomplete or missing configurations, thereby increasing the reliability of the installation process.Also applies to: 245-248
354-354
: LGTM!Dynamically displaying the current
APP_RELEASE
version provides clearer feedback to the user regarding the version being downloaded during the upgrade process.
echo "Failed to download the docker-compose.yaml file. Exiting..." | ||
exit 1 | ||
fi | ||
|
||
curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/variables-upgrade.env https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/variables.env?$(date +%s) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix the potential word splitting issue.
The variable expansion at line 244 should be quoted to prevent potential word splitting issues.
Apply this diff to fix the issue:
- curl -H 'Cache-Control: no-cache, no-store' -s -o $PLANE_INSTALL_DIR/docker-compose.yaml https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s)
+ curl -H 'Cache-Control: no-cache, no-store' -s -o "$PLANE_INSTALL_DIR/docker-compose.yaml" "https://raw.githubusercontent.com/makeplane/plane/$BRANCH/deploy/selfhost/docker-compose.yml?$(date +%s)"
Committable suggestion was skipped due to low confidence.
Tools
Shellcheck
[warning] 244-244: Quote this to prevent word splitting.
(SC2046)
Changes:
This PR includes seprated env variables for specific app containers and added SSL feature using caddy
Summary by CodeRabbit
New Features
Improvements
Chores