Possible updates.

.env.example

@@ -8,6 +8,8 @@
 NEXT_PUBLIC_LICENSE_CONSENT=
 LICENSE=
 
+NODE_OPTIONS=--max-old-space-size=4092
+
 # BASE_URL and NEXT_PUBLIC_APP_URL are both deprecated. Both are replaced with one variable, NEXT_PUBLIC_WEBAPP_URL
 # BASE_URL=http://localhost:3000
 # NEXT_PUBLIC_APP_URL=http://localhost:3000
@@ -20,6 +22,11 @@ NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000
 # It is highly recommended that the NEXTAUTH_SECRET must be overridden and very unique
 # Use `openssl rand -base64 32` to generate a key
 NEXTAUTH_SECRET=secret
+NEXT_PUBLIC_APP_NAME='Example Calendar Agent'
+NEXT_PUBLIC_COMPANY_NAME='Example Company'
+NEXT_PUBLIC_SENDER_ID='Example Calendar Agent'
+NEXT_PUBLIC_SENDGRID_SENDER_NAME='Example Calendar Agent'
+NEXT_PUBLIC_SUPPORT_MAIL_ADDRESS='calendar@example.com'
 
 # Encryption key that will be used to encrypt CalDAV credentials, choose a random string, for example with `dd if=/dev/urandom bs=1K count=1 | md5sum`
 CALENDSO_ENCRYPTION_KEY=secret
@@ -28,15 +35,13 @@ CALENDSO_ENCRYPTION_KEY=secret
 # JWT_SECRET=secret
 
 POSTGRES_USER=unicorn_user
+# Use `openssl rand -base64 32` to generate a key
 POSTGRES_PASSWORD=magical_password
 POSTGRES_DB=calendso
 DATABASE_HOST=database:5432
 DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE_HOST}/${POSTGRES_DB}
 GOOGLE_API_CREDENTIALS={}
 
-# Set this to '1' if you don't want Cal to collect anonymous usage
-CALCOM_TELEMETRY_DISABLED=
-
 # Used for the Office 365 / Outlook.com Calendar integration
 MS_GRAPH_CLIENT_ID=
 MS_GRAPH_CLIENT_SECRET=
@@ -54,5 +59,3 @@ EMAIL_SERVER_HOST=smtp.example.com
 EMAIL_SERVER_PORT=587
 EMAIL_SERVER_USER=email_user
 EMAIL_SERVER_PASSWORD=email_password
-
-NODE_ENV=production

.github/workflows/create-release.yaml

@@ -14,7 +14,7 @@ jobs:
     runs-on: "ubuntu-latest"
 
     steps:
-      
+
       - name: Checkout source
         uses: actions/checkout@v3
         with:

.github/workflows/docker-build-push-dockerhub.yml

@@ -20,7 +20,7 @@ on:
     # Uncomment below to allow specific version workflow run
     # inputs:
     #   version:
-    #     description: 'Version to build'     
+    #     description: 'Version to build'
     #     required: true
 
 # Leaving in example for releases. Initially we simply push to 'latest'
@@ -46,10 +46,6 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
 
-      - name: Git submodule update
-        run: |
-          git submodule update --init
-
       - name: Log in to the Docker Hub registry
         uses: docker/login-action@v2
         with:
@@ -66,7 +62,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
@@ -76,6 +72,14 @@ jobs:
             docker.io/calcom/cal.com
             ghcr.io/calcom/cal.com
 
+      - name: Extract tag
+        id: extract_tag
+        run: |
+          tags="${{ steps.meta.outputs.tags }}"
+          IFS=',' read -ra ADDR <<< "$tags"  # Convert string to array using ',' as delimiter
+          # Get the first tag
+          echo "tag=${ADDR[0]}" >> $GITHUB_OUTPUT
+
       - name: Copy env
         run: |
           grep -o '^[^#]*' .env.example > .env
@@ -87,21 +91,6 @@ jobs:
       # - name: Set up QEMU
       #   uses: docker/setup-qemu-action@v2
 
-      - name: Start database
-        run: |
-          docker compose up -d database
-          
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          driver-opts: |
-            network=container:database
-          buildkitd-flags: |
-            --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
-#           config-inline: |
-#             [worker.oci]
-#               max-parallelism = 1
-
       - name: Build image
         id: docker_build
         uses: docker/build-push-action@v4
@@ -114,52 +103,44 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
-            NEXT_PUBLIC_WEBAPP_URL=${{ env.NEXT_PUBLIC_WEBAPP_URL }}
-            NEXT_PUBLIC_LICENSE_CONSENT=${{ env.NEXT_PUBLIC_LICENSE_CONSENT }}
-            NEXT_PUBLIC_TELEMETRY_KEY=${{ env.NEXT_PUBLIC_TELEMETRY_KEY }}
-            DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }}
+            CALCOM_BRANCH=${{ steps.extract_tag.outputs.tag }}
+
+      - name: Start database
+        run: |
+          docker compose up --detach --wait database
 
       - name: Test runtime
         run: |
           tags="${{ steps.meta.outputs.tags }}"
           IFS=',' read -ra ADDR <<< "$tags"  # Convert string to array using ',' as delimiter
           tag=${ADDR[0]}  # Get the first tag
-      
-          docker run --rm --network stack \
-            -p 3000:3000 \
-            -e DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \
-            -e NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }} \
-            -e CALENDSO_ENCRYPTION_KEY=${{ env.CALENDSO_ENCRYPTION_KEY }} \
-            $tag &
-
-            server_pid=$!
-
-
-            echo "Waiting for the server to start..."
-            sleep 120
-
-            echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login
-
-            for i in {1..60}; do
-              echo "Checking server health ($i/60)..."
-              response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login)
-              echo "HTTP Status Code: $response"
-              if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then
-                echo "Server is healthy"
-                # Now, shutdown the server
-                kill $server_pid
-                exit 0
-              fi
-              sleep 1
-            done
-
-            echo "Server health check failed"
-            kill $server_pid
-            exit 1
+
+          echo "Waiting for the server to start..."
+
+          docker compose up --detach --wait calcom
+
+          echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login
+
+          for i in {1..60}; do
+            echo "Checking server health ($i/60)..."
+            response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login)
+            echo "HTTP Status Code: $response"
+            if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then
+              echo "Server is healthy"
+              # Now, shutdown the server
+              docker compose down
+              exit 0
+            fi
+            sleep 1
+          done
+
+          echo "Server health check failed"
+          docker compose down
+          exit 1
         env:
           NEXTAUTH_SECRET: 'EI4qqDpcfdvf4A+0aQEEx8JjHxHSy4uWiZw/F32K+pA='
           CALENDSO_ENCRYPTION_KEY: '0zfLtY99wjeLnsM7qsa8xsT+Q0oSgnOL'
-          
+
 
       # - name: Push image
       #   run: |
@@ -175,19 +156,16 @@ jobs:
         with:
           context: ./
           file: ./Dockerfile
-          push: true 
+          push: true
           platforms: linux/amd64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
-            NEXT_PUBLIC_WEBAPP_URL=${{ env.NEXT_PUBLIC_WEBAPP_URL }}
-            NEXT_PUBLIC_LICENSE_CONSENT=${{ env.NEXT_PUBLIC_LICENSE_CONSENT }}
-            NEXT_PUBLIC_TELEMETRY_KEY=${{ env.NEXT_PUBLIC_TELEMETRY_KEY }}
-            DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }}
+            CALCOM_BRANCH=${{ steps.extract_tag.outputs.tag }}
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
-        
+
       - name: Cleanup
         run: |
           docker compose down

Dockerfile

@@ -1,75 +1,91 @@
-FROM node:18 as builder
+# syntax=docker/dockerfile:1
+#     ^ Syntax version >= 1.5 is needed for `ADD`ing a git repository.
+
+# Reference:
+#  - https://github.com/calcom/docker/blob/main/Dockerfile
+#  - https://cal.com/docs/introduction/quick-start/self-hosting/installation#development-setup-&-production-build
+#  - https://cal.com/docs/introduction/quick-start/self-hosting/upgrading
+#  - https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md
+#  - https://github.com/docker/docker-bench-security/tree/master
+#  - https://yarnpkg.com/cli/workspaces/focus#details
+
+# ---------------------------------
+FROM node:18-alpine as builder
+
+ARG CALCOM_BRANCH=v3.4.3
+
+# Set this to '1' if you don't want Cal to collect anonymous usage
+ENV CALCOM_TELEMETRY_DISABLED=0
+# CHECKPOINT_DISABLE disables Prisma's telemetry
+ENV CHECKPOINT_DISABLE=0
+ENV NEXT_TELEMETRY_DISABLED=0
+ENV NODE_ENV=production
+ENV STORYBOOK_DISABLE_TELEMETRY=0
+
+WORKDIR /cal.com
+
+ADD --keep-git-dir=false https://github.com/calcom/cal.com.git#${CALCOM_BRANCH} /cal.com
+
+# Notice yarn telemetry can be set here.
+RUN \
+    --mount=type=cache,target=/caches \
+    yarn config set enableTelemetry 1 && \
+    yarn config set cacheFolder /caches/yarn && \
+    yarn config set httpTimeout 1200000 && \
+    yarn install
+
+# Set CI so that linting and type checking are skipped during the build.  This is to lower the build time.  Seems to have no other effects in Cal.com during build (currently).  Defaults `yarn install` to use `--immutable`, which isn't desirable here because `yarn.lock` needs to be rebuilt, so it is set here after `yarn install` has already run.
+ENV CI=1
+
+# Use a secret mount for the environment variables, to avoid passing in build args.  The secrets are only stored in memory, not in the container layer.  Tooling caches are preserved to speed future builds.
+RUN \
+    --mount=type=cache,target=/cal.com/apps/web/.next/cache \
+    --mount=type=cache,target=/cal.com/node_modules/.cache \
+    --mount=type=secret,id=calcom-environment,target=/cal.com/.env \
+    set -a && . .env && set +a && \
+    npx turbo run build --filter=@calcom/web...
+
+# The Next.js and Turbo caches are stored for future builds in the previous layer.  Since neither tool allows moving its cache directory outside of the default location inside `/cal.com`, the directories are removed here so they don't get copied to the runner later.
+RUN rm -rf /cal.com/apps/web/.next/cache /cal.com/node_modules/.cache
+
+# ---------------------------------
+FROM node:18-alpine as runner
+WORKDIR /cal.com
+
+# Copy appropriate directories.
+COPY --from=builder --chown=node:node /cal.com/.yarn/ .yarn/
+COPY --from=builder --chown=node:node /cal.com/apps/web/ apps/web/
+COPY --from=builder --chown=node:node /cal.com/packages/ packages/
+COPY --from=builder --chown=node:node /cal.com/node_modules/ node_modules/
+
+# Copy individual files.
+COPY --from=builder --chown=node:node \
+    /cal.com/.yarnrc.yml \
+    /cal.com/package.json \
+    /cal.com/turbo.json \
+    /cal.com/yarn.lock \
+    /cal.com/
+COPY --from=builder --chown=node:node /cal.com/packages/prisma/schema.prisma prisma/schema.prisma
+
+# Copy the scripts used to start the container, and make them executable.
+COPY --chmod=555 --chown=node:node \
+    scripts/start.sh \
+    scripts/wait-for-it.sh \
+    /cal.com/scripts/
+
+# This symlink is not needed to build this way.  Harmless to leave it in, but unlinking it cleans up a large warning in the logs.
+RUN unlink /cal.com/packages/prisma/.env
+
+# Set this to '1' if you don't want Cal to collect anonymous usage
+ENV CALCOM_TELEMETRY_DISABLED=0
+ENV NEXT_TELEMETRY_DISABLED=0
+ENV NODE_ENV=production
+ENV STORYBOOK_DISABLE_TELEMETRY=0
 
-WORKDIR /calcom
-
-ARG NEXT_PUBLIC_LICENSE_CONSENT
-ARG CALCOM_TELEMETRY_DISABLED
-ARG DATABASE_URL
-ARG NEXTAUTH_SECRET=secret
-ARG CALENDSO_ENCRYPTION_KEY=secret
-ARG MAX_OLD_SPACE_SIZE=4096
-
-ENV NEXT_PUBLIC_WEBAPP_URL=http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER \
-    NEXT_PUBLIC_LICENSE_CONSENT=$NEXT_PUBLIC_LICENSE_CONSENT \
-    CALCOM_TELEMETRY_DISABLED=$CALCOM_TELEMETRY_DISABLED \
-    DATABASE_URL=$DATABASE_URL \
-    NEXTAUTH_SECRET=${NEXTAUTH_SECRET} \
-    CALENDSO_ENCRYPTION_KEY=${CALENDSO_ENCRYPTION_KEY} \
-    NODE_OPTIONS=--max-old-space-size=${MAX_OLD_SPACE_SIZE}
-
-COPY calcom/package.json calcom/yarn.lock calcom/.yarnrc.yml calcom/playwright.config.ts calcom/turbo.json calcom/git-init.sh calcom/git-setup.sh ./
-COPY calcom/.yarn ./.yarn
-COPY calcom/apps/web ./apps/web
-COPY calcom/packages ./packages
-COPY calcom/tests ./tests
-
-RUN yarn config set httpTimeout 1200000 && \ 
-    npx turbo prune --scope=@calcom/web --docker && \
-    yarn install && \
-    yarn db-deploy && \
-    yarn --cwd packages/prisma seed-app-store
-
-RUN yarn turbo run build --filter=@calcom/web
-
-# RUN yarn plugin import workspace-tools && \
-#     yarn workspaces focus --all --production
-RUN rm -rf node_modules/.cache .yarn/cache apps/web/.next/cache
-
-FROM node:18 as builder-two
-
-WORKDIR /calcom
-ARG NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000
-
-ENV NODE_ENV production
-
-COPY calcom/package.json calcom/.yarnrc.yml calcom/yarn.lock calcom/turbo.json ./
-COPY calcom/.yarn ./.yarn
-COPY --from=builder /calcom/node_modules ./node_modules
-COPY --from=builder /calcom/packages ./packages
-COPY --from=builder /calcom/apps/web ./apps/web
-COPY --from=builder /calcom/packages/prisma/schema.prisma ./prisma/schema.prisma
-COPY scripts scripts
-
-# Save value used during this build stage. If NEXT_PUBLIC_WEBAPP_URL and BUILT_NEXT_PUBLIC_WEBAPP_URL differ at
-# run-time, then start.sh will find/replace static values again.
-ENV NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL \
-    BUILT_NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL
-
-RUN scripts/replace-placeholder.sh http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER ${NEXT_PUBLIC_WEBAPP_URL}
-
-FROM node:18 as runner
-
-
-WORKDIR /calcom
-COPY --from=builder-two /calcom ./
-ARG NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000
-ENV NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL \
-    BUILT_NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL
-
-ENV NODE_ENV production
 EXPOSE 3000
 
 HEALTHCHECK --interval=30s --timeout=30s --retries=5 \
     CMD wget --spider http://localhost:3000 || exit 1
 
-CMD ["/calcom/scripts/start.sh"]
+USER node
+CMD ["/cal.com/scripts/start.sh"]