From 8ad507ee617a2be2eb7503fe1f396d0b68e51481 Mon Sep 17 00:00:00 2001 From: William Riley-Land Date: Sat, 4 Nov 2023 22:31:05 -0500 Subject: [PATCH] Possible updates. --- .dockerignore | 3 - .env.example | 13 +- .github/workflows/create-release.yaml | 2 +- .../workflows/docker-build-push-dockerhub.yml | 106 +++++------- Dockerfile | 154 ++++++++++-------- README.md | 60 ++----- docker-compose.yaml | 91 ++++++----- scripts/replace-placeholder.sh | 16 -- scripts/start.sh | 26 ++- 9 files changed, 221 insertions(+), 250 deletions(-) delete mode 100644 .dockerignore delete mode 100755 scripts/replace-placeholder.sh diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index c9b9f80cd..000000000 --- a/.dockerignore +++ /dev/null @@ -1,3 +0,0 @@ -.git -.github -.env.example \ No newline at end of file diff --git a/.env.example b/.env.example index e086427dc..7adaf4df6 100644 --- a/.env.example +++ b/.env.example @@ -8,6 +8,8 @@ NEXT_PUBLIC_LICENSE_CONSENT= LICENSE= +NODE_OPTIONS=--max-old-space-size=4092 + # BASE_URL and NEXT_PUBLIC_APP_URL are both deprecated. Both are replaced with one variable, NEXT_PUBLIC_WEBAPP_URL # BASE_URL=http://localhost:3000 # NEXT_PUBLIC_APP_URL=http://localhost:3000 @@ -20,6 +22,11 @@ NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000 # It is highly recommended that the NEXTAUTH_SECRET must be overridden and very unique # Use `openssl rand -base64 32` to generate a key NEXTAUTH_SECRET=secret +NEXT_PUBLIC_APP_NAME='Example Calendar Agent' +NEXT_PUBLIC_COMPANY_NAME='Example Company' +NEXT_PUBLIC_SENDER_ID='Example Calendar Agent' +NEXT_PUBLIC_SENDGRID_SENDER_NAME='Example Calendar Agent' +NEXT_PUBLIC_SUPPORT_MAIL_ADDRESS='calendar@example.com' # Encryption key that will be used to encrypt CalDAV credentials, choose a random string, for example with `dd if=/dev/urandom bs=1K count=1 | md5sum` CALENDSO_ENCRYPTION_KEY=secret @@ -28,15 +35,13 @@ CALENDSO_ENCRYPTION_KEY=secret # JWT_SECRET=secret POSTGRES_USER=unicorn_user +# Use `openssl rand -base64 32` to generate a key POSTGRES_PASSWORD=magical_password POSTGRES_DB=calendso DATABASE_HOST=database:5432 DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE_HOST}/${POSTGRES_DB} GOOGLE_API_CREDENTIALS={} -# Set this to '1' if you don't want Cal to collect anonymous usage -CALCOM_TELEMETRY_DISABLED= - # Used for the Office 365 / Outlook.com Calendar integration MS_GRAPH_CLIENT_ID= MS_GRAPH_CLIENT_SECRET= @@ -54,5 +59,3 @@ EMAIL_SERVER_HOST=smtp.example.com EMAIL_SERVER_PORT=587 EMAIL_SERVER_USER=email_user EMAIL_SERVER_PASSWORD=email_password - -NODE_ENV=production diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml index c3b26eb65..63512f9a0 100644 --- a/.github/workflows/create-release.yaml +++ b/.github/workflows/create-release.yaml @@ -14,7 +14,7 @@ jobs: runs-on: "ubuntu-latest" steps: - + - name: Checkout source uses: actions/checkout@v3 with: diff --git a/.github/workflows/docker-build-push-dockerhub.yml b/.github/workflows/docker-build-push-dockerhub.yml index 81f14fbe1..f86dfb264 100644 --- a/.github/workflows/docker-build-push-dockerhub.yml +++ b/.github/workflows/docker-build-push-dockerhub.yml @@ -20,7 +20,7 @@ on: # Uncomment below to allow specific version workflow run # inputs: # version: - # description: 'Version to build' + # description: 'Version to build' # required: true # Leaving in example for releases. Initially we simply push to 'latest' @@ -46,10 +46,6 @@ jobs: - name: checkout uses: actions/checkout@v3 - - name: Git submodule update - run: | - git submodule update --init - - name: Log in to the Docker Hub registry uses: docker/login-action@v2 with: @@ -66,7 +62,7 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - + - name: Docker meta id: meta uses: docker/metadata-action@v4 @@ -76,6 +72,14 @@ jobs: docker.io/calcom/cal.com ghcr.io/calcom/cal.com + - name: Extract tag + id: extract_tag + run: | + tags="${{ steps.meta.outputs.tags }}" + IFS=',' read -ra ADDR <<< "$tags" # Convert string to array using ',' as delimiter + # Get the first tag + echo "tag=${ADDR[0]}" >> $GITHUB_OUTPUT + - name: Copy env run: | grep -o '^[^#]*' .env.example > .env @@ -87,21 +91,6 @@ jobs: # - name: Set up QEMU # uses: docker/setup-qemu-action@v2 - - name: Start database - run: | - docker compose up -d database - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - driver-opts: | - network=container:database - buildkitd-flags: | - --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host -# config-inline: | -# [worker.oci] -# max-parallelism = 1 - - name: Build image id: docker_build uses: docker/build-push-action@v4 @@ -114,52 +103,44 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - NEXT_PUBLIC_WEBAPP_URL=${{ env.NEXT_PUBLIC_WEBAPP_URL }} - NEXT_PUBLIC_LICENSE_CONSENT=${{ env.NEXT_PUBLIC_LICENSE_CONSENT }} - NEXT_PUBLIC_TELEMETRY_KEY=${{ env.NEXT_PUBLIC_TELEMETRY_KEY }} - DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }} + CALCOM_BRANCH=${{ steps.extract_tag.outputs.tag }} + + - name: Start database + run: | + docker compose up --detach --wait database - name: Test runtime run: | tags="${{ steps.meta.outputs.tags }}" IFS=',' read -ra ADDR <<< "$tags" # Convert string to array using ',' as delimiter tag=${ADDR[0]} # Get the first tag - - docker run --rm --network stack \ - -p 3000:3000 \ - -e DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \ - -e NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }} \ - -e CALENDSO_ENCRYPTION_KEY=${{ env.CALENDSO_ENCRYPTION_KEY }} \ - $tag & - - server_pid=$! - - - echo "Waiting for the server to start..." - sleep 120 - - echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login - - for i in {1..60}; do - echo "Checking server health ($i/60)..." - response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login) - echo "HTTP Status Code: $response" - if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then - echo "Server is healthy" - # Now, shutdown the server - kill $server_pid - exit 0 - fi - sleep 1 - done - - echo "Server health check failed" - kill $server_pid - exit 1 + + echo "Waiting for the server to start..." + + docker compose up --detach --wait calcom + + echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login + + for i in {1..60}; do + echo "Checking server health ($i/60)..." + response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login) + echo "HTTP Status Code: $response" + if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then + echo "Server is healthy" + # Now, shutdown the server + docker compose down + exit 0 + fi + sleep 1 + done + + echo "Server health check failed" + docker compose down + exit 1 env: NEXTAUTH_SECRET: 'EI4qqDpcfdvf4A+0aQEEx8JjHxHSy4uWiZw/F32K+pA=' CALENDSO_ENCRYPTION_KEY: '0zfLtY99wjeLnsM7qsa8xsT+Q0oSgnOL' - + # - name: Push image # run: | @@ -175,19 +156,16 @@ jobs: with: context: ./ file: ./Dockerfile - push: true + push: true platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - NEXT_PUBLIC_WEBAPP_URL=${{ env.NEXT_PUBLIC_WEBAPP_URL }} - NEXT_PUBLIC_LICENSE_CONSENT=${{ env.NEXT_PUBLIC_LICENSE_CONSENT }} - NEXT_PUBLIC_TELEMETRY_KEY=${{ env.NEXT_PUBLIC_TELEMETRY_KEY }} - DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }} + CALCOM_BRANCH=${{ steps.extract_tag.outputs.tag }} - name: Image digest run: echo ${{ steps.docker_build.outputs.digest }} - + - name: Cleanup run: | docker compose down diff --git a/Dockerfile b/Dockerfile index d56ebdbe9..445b43594 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,75 +1,91 @@ -FROM node:18 as builder +# syntax=docker/dockerfile:1 +# ^ Syntax version >= 1.5 is needed for `ADD`ing a git repository. + +# Reference: +# - https://github.com/calcom/docker/blob/main/Dockerfile +# - https://cal.com/docs/introduction/quick-start/self-hosting/installation#development-setup-&-production-build +# - https://cal.com/docs/introduction/quick-start/self-hosting/upgrading +# - https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md +# - https://github.com/docker/docker-bench-security/tree/master +# - https://yarnpkg.com/cli/workspaces/focus#details + +# --------------------------------- +FROM node:18-alpine as builder + +ARG CALCOM_BRANCH=v3.4.3 + +# Set this to '1' if you don't want Cal to collect anonymous usage +ENV CALCOM_TELEMETRY_DISABLED=0 +# CHECKPOINT_DISABLE disables Prisma's telemetry +ENV CHECKPOINT_DISABLE=0 +ENV NEXT_TELEMETRY_DISABLED=0 +ENV NODE_ENV=production +ENV STORYBOOK_DISABLE_TELEMETRY=0 + +WORKDIR /cal.com + +ADD --keep-git-dir=false https://github.com/calcom/cal.com.git#${CALCOM_BRANCH} /cal.com + +# Notice yarn telemetry can be set here. +RUN \ + --mount=type=cache,target=/caches \ + yarn config set enableTelemetry 1 && \ + yarn config set cacheFolder /caches/yarn && \ + yarn config set httpTimeout 1200000 && \ + yarn install + +# Set CI so that linting and type checking are skipped during the build. This is to lower the build time. Seems to have no other effects in Cal.com during build (currently). Defaults `yarn install` to use `--immutable`, which isn't desirable here because `yarn.lock` needs to be rebuilt, so it is set here after `yarn install` has already run. +ENV CI=1 + +# Use a secret mount for the environment variables, to avoid passing in build args. The secrets are only stored in memory, not in the container layer. Tooling caches are preserved to speed future builds. +RUN \ + --mount=type=cache,target=/cal.com/apps/web/.next/cache \ + --mount=type=cache,target=/cal.com/node_modules/.cache \ + --mount=type=secret,id=calcom-environment,target=/cal.com/.env \ + set -a && . .env && set +a && \ + npx turbo run build --filter=@calcom/web... + +# The Next.js and Turbo caches are stored for future builds in the previous layer. Since neither tool allows moving its cache directory outside of the default location inside `/cal.com`, the directories are removed here so they don't get copied to the runner later. +RUN rm -rf /cal.com/apps/web/.next/cache /cal.com/node_modules/.cache + +# --------------------------------- +FROM node:18-alpine as runner +WORKDIR /cal.com + +# Copy appropriate directories. +COPY --from=builder --chown=node:node /cal.com/.yarn/ .yarn/ +COPY --from=builder --chown=node:node /cal.com/apps/web/ apps/web/ +COPY --from=builder --chown=node:node /cal.com/packages/ packages/ +COPY --from=builder --chown=node:node /cal.com/node_modules/ node_modules/ + +# Copy individual files. +COPY --from=builder --chown=node:node \ + /cal.com/.yarnrc.yml \ + /cal.com/package.json \ + /cal.com/turbo.json \ + /cal.com/yarn.lock \ + /cal.com/ +COPY --from=builder --chown=node:node /cal.com/packages/prisma/schema.prisma prisma/schema.prisma + +# Copy the scripts used to start the container, and make them executable. +COPY --chmod=555 --chown=node:node \ + scripts/start.sh \ + scripts/wait-for-it.sh \ + /cal.com/scripts/ + +# This symlink is not needed to build this way. Harmless to leave it in, but unlinking it cleans up a large warning in the logs. +RUN unlink /cal.com/packages/prisma/.env + +# Set this to '1' if you don't want Cal to collect anonymous usage +ENV CALCOM_TELEMETRY_DISABLED=0 +ENV NEXT_TELEMETRY_DISABLED=0 +ENV NODE_ENV=production +ENV STORYBOOK_DISABLE_TELEMETRY=0 -WORKDIR /calcom - -ARG NEXT_PUBLIC_LICENSE_CONSENT -ARG CALCOM_TELEMETRY_DISABLED -ARG DATABASE_URL -ARG NEXTAUTH_SECRET=secret -ARG CALENDSO_ENCRYPTION_KEY=secret -ARG MAX_OLD_SPACE_SIZE=4096 - -ENV NEXT_PUBLIC_WEBAPP_URL=http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER \ - NEXT_PUBLIC_LICENSE_CONSENT=$NEXT_PUBLIC_LICENSE_CONSENT \ - CALCOM_TELEMETRY_DISABLED=$CALCOM_TELEMETRY_DISABLED \ - DATABASE_URL=$DATABASE_URL \ - NEXTAUTH_SECRET=${NEXTAUTH_SECRET} \ - CALENDSO_ENCRYPTION_KEY=${CALENDSO_ENCRYPTION_KEY} \ - NODE_OPTIONS=--max-old-space-size=${MAX_OLD_SPACE_SIZE} - -COPY calcom/package.json calcom/yarn.lock calcom/.yarnrc.yml calcom/playwright.config.ts calcom/turbo.json calcom/git-init.sh calcom/git-setup.sh ./ -COPY calcom/.yarn ./.yarn -COPY calcom/apps/web ./apps/web -COPY calcom/packages ./packages -COPY calcom/tests ./tests - -RUN yarn config set httpTimeout 1200000 && \ - npx turbo prune --scope=@calcom/web --docker && \ - yarn install && \ - yarn db-deploy && \ - yarn --cwd packages/prisma seed-app-store - -RUN yarn turbo run build --filter=@calcom/web - -# RUN yarn plugin import workspace-tools && \ -# yarn workspaces focus --all --production -RUN rm -rf node_modules/.cache .yarn/cache apps/web/.next/cache - -FROM node:18 as builder-two - -WORKDIR /calcom -ARG NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000 - -ENV NODE_ENV production - -COPY calcom/package.json calcom/.yarnrc.yml calcom/yarn.lock calcom/turbo.json ./ -COPY calcom/.yarn ./.yarn -COPY --from=builder /calcom/node_modules ./node_modules -COPY --from=builder /calcom/packages ./packages -COPY --from=builder /calcom/apps/web ./apps/web -COPY --from=builder /calcom/packages/prisma/schema.prisma ./prisma/schema.prisma -COPY scripts scripts - -# Save value used during this build stage. If NEXT_PUBLIC_WEBAPP_URL and BUILT_NEXT_PUBLIC_WEBAPP_URL differ at -# run-time, then start.sh will find/replace static values again. -ENV NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL \ - BUILT_NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL - -RUN scripts/replace-placeholder.sh http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER ${NEXT_PUBLIC_WEBAPP_URL} - -FROM node:18 as runner - - -WORKDIR /calcom -COPY --from=builder-two /calcom ./ -ARG NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000 -ENV NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL \ - BUILT_NEXT_PUBLIC_WEBAPP_URL=$NEXT_PUBLIC_WEBAPP_URL - -ENV NODE_ENV production EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=30s --retries=5 \ CMD wget --spider http://localhost:3000 || exit 1 -CMD ["/calcom/scripts/start.sh"] \ No newline at end of file +USER node +CMD ["/cal.com/scripts/start.sh"] diff --git a/README.md b/README.md index f68a1be8a..e343dc42f 100644 --- a/README.md +++ b/README.md @@ -67,24 +67,24 @@ If you are evaluating Cal.com or running with minimal to no modifications, this cp .env.example .env ``` - Most configurations can be left as-is, but for configuration options see [Important Run-time variables](#important-run-time-variables) below. - + Most configurations can be left as-is, but for configuration options see [Important Run-time variables](#important-run-time-variables) below. + Update the appropriate values in your .env file, then proceed. - + 4. (optional) Pre-Pull the images by running the following command: - + ```bash docker compose pull ``` - + This will use the default image locations as specified by `image:` in the docker-compose.yaml file. - + Note: To aid with support, by default Scarf.sh is used as registry proxy for download metrics. - + 5. Start Cal.com via docker compose (Most basic users, and for First Run) To run the complete stack, which includes a local Postgres database, Cal.com web app, and Prisma Studio: - + ```bash docker compose up -d ``` @@ -139,34 +139,14 @@ If you are evaluating Cal.com or running with minimal to no modifications, this cd calcom-docker ``` -3. Update the calcom submodule. - - ```bash - git submodule update --remote --init - ``` - - Note: DO NOT use recursive submodule update, otherwise you will receive a git authentication error. - 4. Rename `.env.example` to `.env` and then update `.env` For configuration options see [Build-time variables](#build-time-variables) below. Update the appropriate values in your .env file, then proceed. -5. Build the Cal.com docker image: - - Note: Due to application configuration requirements, an available database is currently required during the build process. - - a) If hosting elsewhere, configure the `DATABASE_URL` in the .env file, and skip the next step - - b) If a local or temporary database is required, start a local database via docker compose. - - ```bash - docker compose up -d database - ``` - -6. Build Cal.com via docker compose (DOCKER_BUILDKIT=0 must be provided to allow a network bridge to be used at build time. This requirement will be removed in the future) +6. Build Cal.com via docker compose ```bash - DOCKER_BUILDKIT=0 docker compose build calcom + docker compose build calcom ``` 7. Start Cal.com via docker compose @@ -210,9 +190,9 @@ These variables must also be provided at runtime ### Build-time variables -If building the image yourself, these variables must be provided at the time of the docker build, and can be provided by updating the .env file. Currently, if you require changes to these variables, you must follow the instructions to build and publish your own image. +If building the image yourself, these variables must be provided at the time of the docker build, and can be provided by updating the .env file. Currently, if you require changes to these variables, you must follow the instructions to build and publish your own image. -Updating these variables is not required for evaluation, but is required for running in production. Instructions for generating variables can be found in the [cal.com instructions](https://github.com/calcom/cal.com) +Updating these variables is not required for evaluation, but is required for running in production. Instructions for generating variables can be found in the [cal.com instructions](https://github.com/calcom/cal.com) | Variable | Description | Required | Default | | --- | --- | --- | --- | @@ -223,18 +203,6 @@ Updating these variables is not required for evaluation, but is required for run | NEXTAUTH_SECRET | Cookie encryption key | required | `secret` | | CALENDSO_ENCRYPTION_KEY | Authentication encryption key | required | `secret` | -## Git Submodules - -This repository uses a git submodule. - -For users building their own images, to update the calcom submodule, use the following command: - -```bash -git submodule update --remote --init -``` - -For more advanced usage, please refer to the git documentation: [https://git-scm.com/book/en/v2/Git-Tools-Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) - ## Troubleshooting ### SSL edge termination @@ -243,13 +211,13 @@ If running behind a load balancer which handles SSL certificates, you will need ### Failed to commit changes: Invalid 'prisma.user.create()' -Certain versions may have trouble creating a user if the field `metadata` is empty. Using an empty json object `{}` as the field value should resolve this issue. Also, the `id` field will autoincrement, so you may also try leaving the value of `id` as empty. +Certain versions may have trouble creating a user if the field `metadata` is empty. Using an empty json object `{}` as the field value should resolve this issue. Also, the `id` field will auto-increment, so you may also try leaving the value of `id` as empty. ### CLIENT_FETCH_ERROR If you experience this error, it may be the way the default Auth callback in the server is using the WEBAPP_URL as a base url. The container does not necessarily have access to the same DNS as your local machine, and therefor needs to be configured to resolve to itself. You may be able to correct this by configuring `NEXTAUTH_URL=http://localhost:3000/api/auth`, to help the backend loop back to itself. ``` -docker-calcom-1 | @calcom/web:start: [next-auth][error][CLIENT_FETCH_ERROR] +docker-calcom-1 | @calcom/web:start: [next-auth][error][CLIENT_FETCH_ERROR] docker-calcom-1 | @calcom/web:start: https://next-auth.js.org/errors#client_fetch_error request to http://testing.localhost:3000/api/auth/session failed, reason: getaddrinfo ENOTFOUND testing.localhost { docker-calcom-1 | @calcom/web:start: error: { docker-calcom-1 | @calcom/web:start: message: 'request to http://testing.localhost:3000/api/auth/session failed, reason: getaddrinfo ENOTFOUND testing.localhost', diff --git a/docker-compose.yaml b/docker-compose.yaml index f2b90efbd..ab30a29ca 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,9 +1,14 @@ -# Use postgres/example user/password credentials version: '3.8' volumes: database-data: +secrets: + calcom-environment: + file: .env + postgres-password: + environment: "POSTGRES_PASSWORD" + networks: stack: name: stack @@ -12,53 +17,61 @@ networks: services: database: container_name: database - image: postgres - restart: always - volumes: - - database-data:/var/lib/postgresql/data/ - env_file: .env + environment: + POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password + POSTGRES_USER: ${POSTGRES_USER} + image: postgres:16-alpine networks: - stack + restart: on-failure:5 + secrets: + - postgres-password + volumes: + - database-data:/var/lib/postgresql/data/ calcom: - image: calcom.docker.scarf.sh/calcom/cal.com build: - context: . - dockerfile: Dockerfile - args: - NEXT_PUBLIC_WEBAPP_URL: ${NEXT_PUBLIC_WEBAPP_URL} - NEXT_PUBLIC_LICENSE_CONSENT: ${NEXT_PUBLIC_LICENSE_CONSENT} - CALCOM_TELEMETRY_DISABLED: ${CALCOM_TELEMETRY_DISABLED} - NEXTAUTH_SECRET: ${NEXTAUTH_SECRET} - CALENDSO_ENCRYPTION_KEY: ${CALENDSO_ENCRYPTION_KEY} - DATABASE_URL: ${DATABASE_URL} - network: stack - restart: always - networks: - - stack - ports: - - 3000:3000 - env_file: .env - environment: - - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE_HOST}/${POSTGRES_DB} + secrets: + - calcom-environment + cap_drop: + - ALL + container_name: calcom + cpu_shares: 128 depends_on: - database - -# Optional use of Prisma Studio. In production, comment out or remove the section below to prevent unwanted access to your database. - studio: image: calcom.docker.scarf.sh/calcom/cal.com - restart: always + mem_limit: 1G networks: - stack ports: - - 5555:5555 - env_file: .env - environment: - - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE_HOST}/${POSTGRES_DB} - depends_on: - - database - command: - - npx - - prisma - - studio + - "3000:3000" + pids_limit: 100 + read_only: true + restart: on-failure:5 + secrets: + - source: calcom-environment + target: /cal.com/.env + security_opt: + - no-new-privileges=true + tmpfs: + - /cal.com/node_modules/.cache + - /tmp/ + +# Optional use of Prisma Studio. In production, comment out or remove the section below to prevent unwanted access to your database. + # studio: + # image: calcom.docker.scarf.sh/calcom/cal.com + # restart: always + # networks: + # - stack + # ports: + # - 5555:5555 + # env_file: .env + # environment: + # - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE_HOST}/${POSTGRES_DB} + # depends_on: + # - database + # command: + # - npx + # - prisma + # - studio # END SECTION: Optional use of Prisma Studio. diff --git a/scripts/replace-placeholder.sh b/scripts/replace-placeholder.sh deleted file mode 100755 index 57dbabbbc..000000000 --- a/scripts/replace-placeholder.sh +++ /dev/null @@ -1,16 +0,0 @@ -FROM=$1 -TO=$2 - -if [ "${FROM}" = "${TO}" ]; then - echo "Nothing to replace, the value is already set to ${TO}." - - exit 0 -fi - -# Only peform action if $FROM and $TO are different. -echo "Replacing all statically built instances of $FROM with $TO." - -find apps/web/.next/ apps/web/public -type f | -while read file; do - sed -i "s|$FROM|$TO|g" "$file" -done diff --git a/scripts/start.sh b/scripts/start.sh index d92bf2e09..87920c507 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -1,11 +1,23 @@ #!/bin/sh -set -x -# Replace the statically built BUILT_NEXT_PUBLIC_WEBAPP_URL with run-time NEXT_PUBLIC_WEBAPP_URL -# NOTE: if these values are the same, this will be skipped. -scripts/replace-placeholder.sh "$BUILT_NEXT_PUBLIC_WEBAPP_URL" "$NEXT_PUBLIC_WEBAPP_URL" +set -xeuo pipefail + +# Export all the variables from the `.env` file to the current shell instance. The secrets are stored in memory, only while the container is running. +set -a +. .env +set +a scripts/wait-for-it.sh ${DATABASE_HOST} -- echo "database is up" -npx prisma migrate deploy --schema /calcom/packages/prisma/schema.prisma -npx ts-node --transpile-only /calcom/packages/prisma/seed-app-store.ts -yarn start + +# Run commands directly, instead of through e.g. `yarn db-deploy; yarn start`. This is generally preferred for reasons like SIGINT handling, error reporting, running fewer processes, etc. This could get out of sync with the various `package.json` and `turbo.json` files, and in that case these commands would need to be updated. +PATH=$PATH:$PWD/node_modules/.bin/ + +# `yarn db-deploy` => `turbo run db-deploy` => +prisma migrate deploy packages/prisma/migrations/**/*.sql + +# yarn --cwd packages/prisma seed-app-store => +ts-node --transpile-only packages/prisma/seed-app-store.ts + +# `yarn start` => `turbo run start --scope="@calcom/web"` => +cd apps/web +next start