Shiloh/lasthourcloud
Shiloh/lasthourcloud
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

fix: secrets

Browse Source
This commit is contained in:
Andras Bacsai 2022-12-21 10:11:03 +01:00
parent 93430e5607
commit 1282fd0b76
13 changed files with 1758 additions and 1848 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
apps/api/src/jobs/deployApplication.ts
View File

@ -20,7 +20,8 @@ import {
decryptApplication, decryptApplication,
isDev, isDev,
pushToRegistry, pushToRegistry,
executeCommand executeCommand,
generateSecrets
} from '../lib/common'; } from '../lib/common';
import * as importers from '../lib/importers'; import * as importers from '../lib/importers';
import * as buildpacks from '../lib/buildPacks'; import * as buildpacks from '../lib/buildPacks';
@ -140,45 +141,10 @@ import * as buildpacks from '../lib/buildPacks';
} catch (error) { } catch (error) {
// //
} }
const envs = [`PORT='${port}'`, 'NODE_ENV=production']; let envs = ['NODE_ENV=production', `PORT=${port}`];
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { envs = [...envs, ...generateSecrets(secrets, pullmergeRequestId)];
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(
(s) => s.name === secret.name && s.isPRMRSecret
);
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
envs.push(`${secret.name}=${isSecretFound[0].value}`);
} else {
envs.push(`${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
envs.push(`${secret.name}=${secret.value}`);
} else {
envs.push(`${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
envs.push(`${secret.name}=${secret.value}`);
} else {
envs.push(`${secret.name}='${secret.value}'`);
}
}
}
});
} }
await fs.writeFile(`${workdir}/.env`, envs.join('\n'));
let envFound = false;
try {
envFound = !!(await fs.stat(`${workdir}/.env`));
} catch (error) {
//
}
await fs.writeFile(`${workdir}/Dockerfile`, simpleDockerfile); await fs.writeFile(`${workdir}/Dockerfile`, simpleDockerfile);
if (dockerRegistry) { if (dockerRegistry) {
const { url, username, password } = dockerRegistry; const { url, username, password } = dockerRegistry;
@ -209,7 +175,7 @@ import * as buildpacks from '../lib/buildPacks';
container_name: applicationId, container_name: applicationId,
volumes, volumes,
labels, labels,
env_file: envFound ? [`${workdir}/.env`] : [], environment: envs,
depends_on: [], depends_on: [],
expose: [port], expose: [port],
...(exposePort ? { ports: [`${exposePort}:${port}`] } : {}), ...(exposePort ? { ports: [`${exposePort}:${port}`] } : {}),
@ -710,49 +676,14 @@ import * as buildpacks from '../lib/buildPacks';
} catch (error) { } catch (error) {
// //
} }
const envs = [`PORT='${port}'`, 'NODE_ENV=production']; let envs = ['NODE_ENV=production', `PORT=${port}`];
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { envs = [...envs, ...generateSecrets(secrets, pullmergeRequestId)];
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(
(s) => s.name === secret.name && s.isPRMRSecret
);
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n') || isSecretFound[0].value.includes("'")) {
envs.push(`${secret.name}=${isSecretFound[0].value}`);
} else {
envs.push(`${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
envs.push(`${secret.name}=${secret.value}`);
} else {
envs.push(`${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
envs.push(`${secret.name}=${secret.value}`);
} else {
envs.push(`${secret.name}='${secret.value}'`);
}
}
}
});
} }
await fs.writeFile(`${workdir}/.env`, envs.join('\n'));
if (dockerRegistry) { if (dockerRegistry) {
const { url, username, password } = dockerRegistry; const { url, username, password } = dockerRegistry;
await saveDockerRegistryCredentials({ url, username, password, workdir }); await saveDockerRegistryCredentials({ url, username, password, workdir });
} }
let envFound = false;
try {
envFound = !!(await fs.stat(`${workdir}/.env`));
} catch (error) {
//
}
try { try {
const composeVolumes = volumes.map((volume) => { const composeVolumes = volumes.map((volume) => {
return { return {
@ -768,7 +699,7 @@ import * as buildpacks from '../lib/buildPacks';
image: imageFound, image: imageFound,
container_name: imageId, container_name: imageId,
volumes, volumes,
env_file: envFound ? [`${workdir}/.env`] : [], environment: envs,
labels, labels,
depends_on: [], depends_on: [],
expose: [port], expose: [port],

64
apps/api/src/lib/buildPacks/common.ts
View File

@ -3,6 +3,7 @@ import {
decrypt, decrypt,
encrypt, encrypt,
executeCommand, executeCommand,
generateSecrets,
generateTimestamp, generateTimestamp,
getDomain, getDomain,
isARM, isARM,
@ -653,7 +654,7 @@ export async function saveDockerRegistryCredentials({ url, username, password, w
try { try {
await fs.mkdir(`${workdir}/.docker`); await fs.mkdir(`${workdir}/.docker`);
} catch (error) { } catch (error) {
console.log(error); // console.log(error);
} }
const payload = JSON.stringify({ const payload = JSON.stringify({
auths: { auths: {
@ -787,33 +788,8 @@ export async function buildCacheImageWithNode(data, imageForBuild) {
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter((s) => s.name === secret.name && s.isPRMRSecret);
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (isPnpm) { if (isPnpm) {
@ -823,7 +799,6 @@ export async function buildCacheImageWithNode(data, imageForBuild) {
if (installCommand) { if (installCommand) {
Dockerfile.push(`RUN ${installCommand}`); Dockerfile.push(`RUN ${installCommand}`);
} }
// Dockerfile.push(`ARG CACHEBUST=1`);
Dockerfile.push(`RUN ${buildCommand}`); Dockerfile.push(`RUN ${buildCommand}`);
await fs.writeFile(`${workdir}/Dockerfile-cache`, Dockerfile.join('\n')); await fs.writeFile(`${workdir}/Dockerfile-cache`, Dockerfile.join('\n'));
await buildImage({ ...data, isCache: true }); await buildImage({ ...data, isCache: true });
@ -831,40 +806,13 @@ export async function buildCacheImageWithNode(data, imageForBuild) {
export async function buildCacheImageForLaravel(data, imageForBuild) { export async function buildCacheImageForLaravel(data, imageForBuild) {
const { workdir, buildId, secrets, pullmergeRequestId } = data; const { workdir, buildId, secrets, pullmergeRequestId } = data;
const Dockerfile: Array<string> = []; const Dockerfile: Array<string> = [];
Dockerfile.push(`FROM ${imageForBuild}`); Dockerfile.push(`FROM ${imageForBuild}`);
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
Dockerfile.push(`COPY *.json *.mix.js /app/`); Dockerfile.push(`COPY *.json *.mix.js /app/`);

42
apps/api/src/lib/buildPacks/compose.ts
View File

@ -1,5 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { defaultComposeConfiguration, executeCommand } from '../common'; import { defaultComposeConfiguration, executeCommand, generateSecrets } from '../common';
import { saveBuildLog } from './common'; import { saveBuildLog } from './common';
import yaml from 'js-yaml'; import yaml from 'js-yaml';
@ -25,42 +25,11 @@ export default async function (data) {
if (!dockerComposeYaml.services) { if (!dockerComposeYaml.services) {
throw 'No Services found in docker-compose file.'; throw 'No Services found in docker-compose file.';
} }
const envs = ['NODE_ENV=production']; let envs = ['NODE_ENV=production'];
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { envs = [...envs, ...generateSecrets(secrets, pullmergeRequestId)];
if (pullmergeRequestId) {
const isSecretFound = secrets.filter((s) => s.name === secret.name && s.isPRMRSecret);
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
envs.push(`${secret.name}='${isSecretFound[0].value}'`);
} else {
envs.push(`${secret.name}=${isSecretFound[0].value}`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
envs.push(`${secret.name}=${secret.value}`);
} else {
envs.push(`${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
envs.push(`${secret.name}=${secret.value}`);
} else {
envs.push(`${secret.name}='${secret.value}'`);
}
}
}
});
}
await fs.writeFile(`${workdir}/.env`, envs.join('\n'));
let envFound = false;
try {
envFound = !!(await fs.stat(`${workdir}/.env`));
} catch (error) {
//
} }
const composeVolumes = []; const composeVolumes = [];
if (volumes.length > 0) { if (volumes.length > 0) {
for (const volume of volumes) { for (const volume of volumes) {
@ -74,7 +43,7 @@ export default async function (data) {
let networks = {}; let networks = {};
for (let [key, value] of Object.entries(dockerComposeYaml.services)) { for (let [key, value] of Object.entries(dockerComposeYaml.services)) {
value['container_name'] = `${applicationId}-${key}`; value['container_name'] = `${applicationId}-${key}`;
value['env_file'] = envFound ? [`${workdir}/.env`] : []; value['environment'] = [...value['environment'], ...envs];
value['labels'] = labels; value['labels'] = labels;
// TODO: If we support separated volume for each service, we need to add it here // TODO: If we support separated volume for each service, we need to add it here
if (value['volumes']?.length > 0) { if (value['volumes']?.length > 0) {
@ -118,6 +87,7 @@ export default async function (data) {
dockerComposeYaml['volumes'] = { ...composeVolumes }; dockerComposeYaml['volumes'] = { ...composeVolumes };
} }
dockerComposeYaml['networks'] = Object.assign({ ...networks }, { [network]: { external: true } }); dockerComposeYaml['networks'] = Object.assign({ ...networks }, { [network]: { external: true } });
await fs.writeFile(fileYaml, yaml.dump(dockerComposeYaml)); await fs.writeFile(fileYaml, yaml.dump(dockerComposeYaml));
await executeCommand({ await executeCommand({
debug, debug,

31
apps/api/src/lib/buildPacks/deno.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildImage } from './common'; import { buildImage } from './common';
const createDockerfile = async (data, image): Promise<void> => { const createDockerfile = async (data, image): Promise<void> => {
@ -24,34 +25,8 @@ const createDockerfile = async (data, image): Promise<void> => {
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (depsFound) { if (depsFound) {

22
apps/api/src/lib/buildPacks/docker.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildImage } from './common'; import { buildImage } from './common';
export default async function (data) { export default async function (data) {
@ -13,23 +14,12 @@ export default async function (data) {
} }
}); });
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.forEach((line, index) => {
if ( if (line.startsWith('FROM')) {
(pullmergeRequestId && secret.isPRMRSecret) || Dockerfile.splice(index + 1, 0, env);
(!pullmergeRequestId && !secret.isPRMRSecret)
) {
Dockerfile.forEach((line, index) => {
if (line.startsWith('FROM')) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.splice(index + 1, 0, `ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.splice(index + 1, 0, `ARG ${secret.name}='${secret.value}'`);
}
}
});
} }
} });
}); });
} }
await fs.writeFile(`${data.workdir}${dockerFileLocation}`, Dockerfile.join('\n')); await fs.writeFile(`${data.workdir}${dockerFileLocation}`, Dockerfile.join('\n'));

30
apps/api/src/lib/buildPacks/nextjs.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildCacheImageWithNode, buildImage, checkPnpm } from './common'; import { buildCacheImageWithNode, buildImage, checkPnpm } from './common';
const createDockerfile = async (data, image): Promise<void> => { const createDockerfile = async (data, image): Promise<void> => {
@ -24,33 +25,8 @@ const createDockerfile = async (data, image): Promise<void> => {
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secrets.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secrets.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (isPnpm) { if (isPnpm) {

31
apps/api/src/lib/buildPacks/node.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildImage, checkPnpm } from './common'; import { buildImage, checkPnpm } from './common';
const createDockerfile = async (data, image): Promise<void> => { const createDockerfile = async (data, image): Promise<void> => {
@ -20,34 +21,8 @@ const createDockerfile = async (data, image): Promise<void> => {
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (isPnpm) { if (isPnpm) {

31
apps/api/src/lib/buildPacks/nuxtjs.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildCacheImageWithNode, buildImage, checkPnpm } from './common'; import { buildCacheImageWithNode, buildImage, checkPnpm } from './common';
const createDockerfile = async (data, image): Promise<void> => { const createDockerfile = async (data, image): Promise<void> => {
@ -24,34 +25,8 @@ const createDockerfile = async (data, image): Promise<void> => {
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (isPnpm) { if (isPnpm) {

31
apps/api/src/lib/buildPacks/php.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildImage } from './common'; import { buildImage } from './common';
const createDockerfile = async (data, image, htaccessFound): Promise<void> => { const createDockerfile = async (data, image, htaccessFound): Promise<void> => {
@ -13,34 +14,8 @@ const createDockerfile = async (data, image, htaccessFound): Promise<void> => {
Dockerfile.push(`FROM ${image}`); Dockerfile.push(`FROM ${image}`);
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');

31
apps/api/src/lib/buildPacks/python.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildImage } from './common'; import { buildImage } from './common';
const createDockerfile = async (data, image): Promise<void> => { const createDockerfile = async (data, image): Promise<void> => {
@ -18,34 +19,8 @@ const createDockerfile = async (data, image): Promise<void> => {
Dockerfile.push('WORKDIR /app'); Dockerfile.push('WORKDIR /app');
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (pythonWSGI?.toLowerCase() === 'gunicorn') { if (pythonWSGI?.toLowerCase() === 'gunicorn') {

31
apps/api/src/lib/buildPacks/static.ts
View File

@ -1,4 +1,5 @@
import { promises as fs } from 'fs'; import { promises as fs } from 'fs';
import { generateSecrets } from '../common';
import { buildCacheImageWithNode, buildImage } from './common'; import { buildCacheImageWithNode, buildImage } from './common';
const createDockerfile = async (data, image): Promise<void> => { const createDockerfile = async (data, image): Promise<void> => {
@ -25,34 +26,8 @@ const createDockerfile = async (data, image): Promise<void> => {
} }
Dockerfile.push(`LABEL coolify.buildId=${buildId}`); Dockerfile.push(`LABEL coolify.buildId=${buildId}`);
if (secrets.length > 0) { if (secrets.length > 0) {
secrets.forEach((secret) => { generateSecrets(secrets, pullmergeRequestId, true).forEach((env) => {
if (secret.isBuildSecret) { Dockerfile.push(env);
if (pullmergeRequestId) {
const isSecretFound = secrets.filter(s => s.name === secret.name && s.isPRMRSecret)
if (isSecretFound.length > 0) {
if (isSecretFound[0].value.includes('\\n')|| isSecretFound[0].value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${isSecretFound[0].value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${isSecretFound[0].value}'`);
}
} else {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
} else {
if (!secret.isPRMRSecret) {
if (secret.value.includes('\\n')|| secret.value.includes("'")) {
Dockerfile.push(`ARG ${secret.name}=${secret.value}`);
} else {
Dockerfile.push(`ARG ${secret.name}='${secret.value}'`);
}
}
}
}
}); });
} }
if (buildCommand) { if (buildCommand) {

37
apps/api/src/lib/common.ts
View File

@ -1875,3 +1875,40 @@ export async function pushToRegistry(
command: pushCommand command: pushCommand
}); });
} }
export function generateSecrets(
secrets: Array<any>,
pullmergeRequestId: string,
isBuild = false
): Array<string> {
const envs = [];
const isPRMRSecret = secrets.filter((s) => s.isPRMRSecret);
const normalSecrets = secrets.filter((s) => !s.isPRMRSecret);
if (pullmergeRequestId && isPRMRSecret.length > 0) {
isPRMRSecret.forEach((secret) => {
if (isBuild && !secret.isBuildSecret) {
return;
}
const build = isBuild && secret.isBuildSecret;
if (secret.value.includes('\n') || secret.value.includes(' ')) {
envs.push(`${build ? 'ARG ' : ''}${secret.name}='${secret.value}'`);
} else {
envs.push(`${build ? 'ARG ' : ''}${secret.name}=${secret.value}`);
}
});
}
if (!pullmergeRequestId && normalSecrets.length > 0) {
normalSecrets.forEach((secret) => {
if (isBuild && !secret.isBuildSecret) {
return;
}
const build = isBuild && secret.isBuildSecret;
if (secret.value.includes('\n') || secret.value.includes(' ')) {
envs.push(`${build ? 'ARG ' : ''}${secret.name}='${secret.value}'`);
} else {
envs.push(`${build ? 'ARG ' : ''}${secret.name}=${secret.value}`);
}
});
}
return envs;
}

3140
apps/api/src/routes/api/v1/applications/handlers.ts
View File

File diff suppressed because it is too large Load Diff