diff --git a/.env.example b/.env.example index 0d0a44b41f0..97dc499d644 100644 --- a/.env.example +++ b/.env.example @@ -74,9 +74,9 @@ POSTGRES_USE_PGVECTOR=true # POSTGRES_SSL_DIR='/var/lib/postgresql' REDIS_PASSWORD='' REDIS_URL='redis://localhost:6379' -# REDIS_TLS_CERT_FILE=./certs/redis.crt -# REDIS_TLS_KEY_FILE=./certs/redis.key -# REDIS_TLS_CA_FILE=./certs/redisCA.crt +# REDIS_TLS_CERT_FILE=./docker/stacks/development/redis/certs/redis.crt +# REDIS_TLS_KEY_FILE=./docker/stacks/development/redis/certs/redis.key +# REDIS_TLS_CA_FILE=./docker/stacks/development/redis/certs/redisCA.crt # REDIS_TLS_REJECT_UNAUTHORIZED='false' RETHINKDB_URL='rethinkdb://localhost:28015/actionDevelopment' RETHINKDB_SSL='false' @@ -119,9 +119,9 @@ RETHINKDB_SSL='false' # RECALL_AI_KEY='' # SLACK_CLIENT_ID='key_SLACK_CLIENT_ID' # SLACK_CLIENT_SECRET='key_SLACK_CLIENT_SECRET' -# STRIPE_SECRET_KEY='sk_test_4eC39HqLyjWDarjtT1zdp7dc' -# STRIPE_PUBLISHABLE_KEY='pk_test_TYooMQauvdEDq54NiTphI7jx' -# STRIPE_WEBHOOK_SECRET='sk_test_4eC39HqLyjWDarjtT1zdp7dc' +# STRIPE_SECRET_KEY='' +# STRIPE_PUBLISHABLE_KEY='' +# STRIPE_WEBHOOK_SECRET='' # MAIL # MAIL GLOBALS. PROVIDER: mailgun | google | debug | smtp diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 244f4efb0da..0076af84bab 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -2,7 +2,7 @@ ## Runners -To run `docker-build.yml`, GitHub requires using a larger runner. +To run `build.yml`, GitHub requires using a larger runner. This is because we're webpackifying all the code in node_modules into a single `.js.`. Doing all that transpiling can take a LOT of memory. 8GB+. At this time, large GitHub-hosted runners are in beta. diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a19c552ac06..32dab47c748 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,8 +12,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true env: - PARABOL_DOCKERFILE: ./docker/parabol-ubi/docker-build/dockerfiles/basic.dockerfile - PARABOL_BUILD_ENV_PATH: docker/parabol-ubi/docker-build/environments/pipeline + PARABOL_DOCKERFILE: ./docker/images/parabol-ubi/dockerfiles/basic.dockerfile + PARABOL_BUILD_ENV_PATH: docker/images/parabol-ubi/environments/pipeline jobs: build: runs-on: ubuntu-8cores @@ -22,8 +22,7 @@ jobs: id-token: "write" services: postgres: - # Image is pinned to v15, OK since it's just for testing - image: ankane/pgvector + image: pgvector/pgvector:pg15 # This env variables must be the same in the file PARABOL_BUILD_ENV_PATH env: POSTGRES_PASSWORD: "temppassword" @@ -106,7 +105,7 @@ jobs: username: "oauth2accesstoken" password: "${{ steps.auth.outputs.access_token }}" - name: Push build to dev - uses: docker/build-push-action@v4 + uses: docker/images-push-action@v4 with: network: host allow: network.host diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index cb6c94bd9a4..8378696b622 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,7 +8,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: - PARABOL_BUILD_ENV_PATH: docker/parabol-ubi/docker-build/environments/pipeline + PARABOL_BUILD_ENV_PATH: docker/images/parabol-ubi/environments/pipeline jobs: test: runs-on: ubuntu-8cores diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 941a0178a80..00000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: "3.7" - -services: - db: - image: rethinkdb:2.4.2 - ports: - - "8080:8080" - - "29015:29015" - - "28015:28015" - volumes: - - rethink-data:/data - networks: - - parabol-network - postgres: - image: postgres:15.4 - restart: always - env_file: .env - ports: - - "5432:5432" - volumes: - - "./packages/server/postgres/postgres.conf:/usr/local/etc/postgres/postgres.conf" - - "postgres-data:/data" - command: "postgres -c config_file=/usr/local/etc/postgres/postgres.conf" - networks: - - parabol-network - redis: - image: redis:7.0-alpine - ports: - - "6379:6379" - volumes: - - redis-data:/data - networks: - - parabol-network - app: - build: - context: . - dockerfile: ./docker/Dockerfile.prod - target: prod - env_file: .env - ports: - - "3000:3000" - depends_on: - - db - - redis - - postgres - networks: - - parabol-network -networks: - parabol-network: -volumes: - redis-data: {} - rethink-data: {} - postgres-data: {} diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod deleted file mode 100644 index c070ef1e02d..00000000000 --- a/docker/Dockerfile.prod +++ /dev/null @@ -1,41 +0,0 @@ -# First, install all dependencies, including devDependencies, to run the build process -FROM node:20.11.0 as build - -WORKDIR /parabol - -# Only copy dependency-related files here (vs. COPY . .) to avoid breaking the cache and running -# the slow `yarn install` more than necessary -COPY package.json yarn.lock ./ -COPY packages/client/package.json ./packages/client/package.json -COPY packages/gql-executor/package.json packages/gql-executor/package.json -COPY packages/integration-tests/package.json packages/integration-tests/package.json -COPY packages/server/package.json packages/server/package.json -RUN yarn install --frozen-lockfile && \ - yarn cache clean - -COPY . . -RUN yarn build - -# Now, start over with a new stage so we don't pull over devDependencies -FROM node:20.11.0 as prod - -WORKDIR /parabol - -COPY package.json yarn.lock ./ -COPY packages/client/package.json ./packages/client/package.json -COPY packages/gql-executor/package.json packages/gql-executor/package.json -COPY packages/integration-tests/package.json packages/integration-tests/package.json -COPY packages/server/package.json packages/server/package.json -# Only install production dependencies -RUN yarn install --prod --frozen-lockfile && \ - yarn cache clean - -COPY . . -COPY --from=build /parabol/build ./build -COPY --from=build /parabol/dist ./dist - -RUN cp docker/entrypoint.prod.sh /bin/entrypoint && \ - chmod +x /bin/entrypoint -EXPOSE 80 -ENTRYPOINT [ "entrypoint" ] -CMD ["yarn", "start"] diff --git a/docker/README.md b/docker/README.md deleted file mode 100644 index b2ab1cefb56..00000000000 --- a/docker/README.md +++ /dev/null @@ -1,19 +0,0 @@ -## Usage of Docker in Different Envs - -### Development - -In development, docker handles all db services for us. This is done by calling `docker-compose` on the Compose file `./docker/dev.yml`. The web app itself is not containerized; it simply runs on the host machine by calling `yarn && yarn dev` - -### Production - -In production, dokku creates a Docker container using the [default Node.js heroku buildpack](https://dokku.com/docs~v0.5.1/deployment/buildpacks/). While it's possible to do so, we don't yet provide any [custom Dockerfile to dokku](https://dokku.com/docs~v0.5.1/deployment/dockerfiles/). - -### Self-Hosted - -Self-hosted instances may use the `docker-compose.yml` file in the root of the project directory. All services, including databases and the web app, will be containerized. - -If the owner of the self-hosted instance wants to use local file storage (instead of cloud storage such as AWS or GCP) for user uploaded images, make sure `FILE_STORE_PROVIDER='local'` in the root `.env` file. Additionally, the app must be deployed using the following command: - -`docker-compose -f docker-compose.yml -f ./docker/docker-compose.selfHosted.yml up -d` - -This ensures that the images will be persisted in a Docker volume. diff --git a/docker/docker-compose.selfHosted.yml b/docker/docker-compose.selfHosted.yml deleted file mode 100644 index 1c6598e42a3..00000000000 --- a/docker/docker-compose.selfHosted.yml +++ /dev/null @@ -1,6 +0,0 @@ -services: - app: - volumes: - - app-data:/parabol/self-hosted -volumes: - app-data: {} diff --git a/docker/entrypoint.prod.sh b/docker/entrypoint.prod.sh deleted file mode 100644 index 4ce89f9bce8..00000000000 --- a/docker/entrypoint.prod.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -yarn predeploy -exec "$@" diff --git a/docker/parabol-ubi/docker-build/.gitignore b/docker/images/parabol-ubi/.gitignore similarity index 100% rename from docker/parabol-ubi/docker-build/.gitignore rename to docker/images/parabol-ubi/.gitignore diff --git a/docker/parabol-ubi/docker-build/README.md b/docker/images/parabol-ubi/README.md similarity index 95% rename from docker/parabol-ubi/docker-build/README.md rename to docker/images/parabol-ubi/README.md index 85c1a2d42b3..920c6d48fd8 100644 --- a/docker/parabol-ubi/docker-build/README.md +++ b/docker/images/parabol-ubi/README.md @@ -21,9 +21,9 @@ Recommended: | `postgresql_tag` | PostgreSQL version from the [Docker image](https://hub.docker.com/_/postgres) | `Any tag` | `15.4` | | `rethinkdb_tag` | RethinkDB version from the [Docker image](https://hub.docker.com/_/rethinkdb) | `Any tag` | `2.4.2` | | `redis_tag` | Redis version from the [Docker image](https://hub.docker.com/_/redis) | `Any tag` | `7.0-alpine` | -| `_BUILD_ENV_PATH` | File `.env` used by the application during the build process | `Relative path from the root level of the repository` | `docker/parabol-ubi/docker-build/environments/basic-env` | +| `_BUILD_ENV_PATH` | File `.env` used by the application during the build process | `Relative path from the root level of the repository` | `docker/parabol-ubi/environments/basic-env` | | `_NODE_VERSION` | Node version, used by Docker to use the Docker image node:\_NODE_VERSION as base image to build | `Same as in root package.json` | | -| `_DOCKERFILE` | Dockerfile used to build the image | `Relative path from the root level of the repository` | `./docker/parabol-ubi/docker-build/dockerfiles/basic.dockerfile` | +| `_DOCKERFILE` | Dockerfile used to build the image | `Relative path from the root level of the repository` | `./docker/parabol-ubi/dockerfiles/basic.dockerfile` | | `_DOCKER_REPOSITORY` | The destination repository | `String` | `parabol` | | `_DOCKER_TAG` | Tag for the produced image | `String` | | @@ -33,9 +33,9 @@ Example of variables: export postgresql_tag=15.4; \ export rethinkdb_tag=2.4.2; \ export redis_tag=7.0-alpine; \ -export _BUILD_ENV_PATH=docker/parabol-ubi/docker-build/environments/basic-env; \ +export _BUILD_ENV_PATH=docker/parabol-ubi/environments/basic-env; \ export _NODE_VERSION=$(jq -r -j '.engines.node|ltrimstr("^")' package.json); \ -export _DOCKERFILE=./docker/parabol-ubi/docker-build/dockerfiles/basic.dockerfile; \ +export _DOCKERFILE=./docker/parabol-ubi/dockerfiles/basic.dockerfile; \ export _DOCKER_REPOSITORY=parabol; \ export _DOCKER_TAG=test-image ``` diff --git a/docker/parabol-ubi/docker-build/cloudbuild.yaml b/docker/images/parabol-ubi/cloudbuild.yaml similarity index 100% rename from docker/parabol-ubi/docker-build/cloudbuild.yaml rename to docker/images/parabol-ubi/cloudbuild.yaml diff --git a/docker/parabol-ubi/docker-build/docker-compose.yml b/docker/images/parabol-ubi/docker-compose.yml similarity index 100% rename from docker/parabol-ubi/docker-build/docker-compose.yml rename to docker/images/parabol-ubi/docker-compose.yml diff --git a/docker/parabol-ubi/docker-build/dockerfiles/basic.dockerfile b/docker/images/parabol-ubi/dockerfiles/basic.dockerfile similarity index 75% rename from docker/parabol-ubi/docker-build/dockerfiles/basic.dockerfile rename to docker/images/parabol-ubi/dockerfiles/basic.dockerfile index 077d95a8fb6..a2bbbe8c1bb 100644 --- a/docker/parabol-ubi/docker-build/dockerfiles/basic.dockerfile +++ b/docker/images/parabol-ubi/dockerfiles/basic.dockerfile @@ -7,8 +7,8 @@ ENV HOME=/home/node \ ENV NPM_CONFIG_PREFIX=/home/node/.npm-global ENV PORT=3000 -COPY --chown=node --chmod=755 docker/parabol-ubi/docker-build/entrypoints/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh -COPY --chown=node docker/parabol-ubi/docker-build/tools/ip-to-server_id ${HOME}/tools/ip-to-server_id +COPY --chown=node --chmod=755 docker/parabol-ubi/entrypoints/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh +COPY --chown=node docker/parabol-ubi/tools/ip-to-server_id ${HOME}/tools/ip-to-server_id # Required for pushToCDN to work with FILE_STORE_PROVIDER set to 'local' RUN mkdir -p ${HOME}/parabol/self-hosted && \ diff --git a/docker/parabol-ubi/docker-build/dockerfiles/parabol.dockerfile b/docker/images/parabol-ubi/dockerfiles/parabol.dockerfile similarity index 100% rename from docker/parabol-ubi/docker-build/dockerfiles/parabol.dockerfile rename to docker/images/parabol-ubi/dockerfiles/parabol.dockerfile diff --git a/docker/parabol-ubi/docker-build/entrypoints/docker-entrypoint.sh b/docker/images/parabol-ubi/entrypoints/docker-entrypoint.sh similarity index 100% rename from docker/parabol-ubi/docker-build/entrypoints/docker-entrypoint.sh rename to docker/images/parabol-ubi/entrypoints/docker-entrypoint.sh diff --git a/docker/parabol-ubi/docker-build/environments/basic-env b/docker/images/parabol-ubi/environments/basic-env similarity index 81% rename from docker/parabol-ubi/docker-build/environments/basic-env rename to docker/images/parabol-ubi/environments/basic-env index 86bbad9252d..7141dd3f371 100644 --- a/docker/parabol-ubi/docker-build/environments/basic-env +++ b/docker/images/parabol-ubi/environments/basic-env @@ -4,7 +4,7 @@ NODE_ENV='production' NODE_EXTRA_CA_CERTS='' PROTO='https' PORT='3000' -# Database configurations must be the same used in the docker-build.yml Github workflow +# Database configurations must be the same used in the build.yml Github workflow POSTGRES_PASSWORD='temppassword' POSTGRES_USER='tempuser' POSTGRES_DB='tempdb' diff --git a/docker/parabol-ubi/docker-build/environments/legacy-build b/docker/images/parabol-ubi/environments/legacy-build similarity index 100% rename from docker/parabol-ubi/docker-build/environments/legacy-build rename to docker/images/parabol-ubi/environments/legacy-build diff --git a/docker/parabol-ubi/docker-build/environments/pipeline b/docker/images/parabol-ubi/environments/pipeline similarity index 93% rename from docker/parabol-ubi/docker-build/environments/pipeline rename to docker/images/parabol-ubi/environments/pipeline index 5641d43725f..cfc707c746b 100644 --- a/docker/parabol-ubi/docker-build/environments/pipeline +++ b/docker/images/parabol-ubi/environments/pipeline @@ -36,7 +36,7 @@ PGADMIN_DEFAULT_EMAIL='' PGADMIN_DEFAULT_PASSWORD='' PGSSLMODE='' PORT='3000' -# Database configurations must be the same used in the docker-build.yml Github workflow +# Database configurations must be the same used in the build.yml Github workflow POSTGRES_PASSWORD='temppassword' POSTGRES_USER='tempuser' POSTGRES_DB='tempdb' diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed_sha512.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dictcheck.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dictcheck.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dictcheck.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_dictcheck.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_difok.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_difok.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_difok.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_difok.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_password_auth.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_password_auth.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_password_auth.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_password_auth.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_system_auth.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_system_auth.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_system_auth.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_pwhistory_remember_system_auth.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_csh_cshrc.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_csh_cshrc.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_csh_cshrc.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_csh_cshrc.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_banner_etc_issue.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_banner_etc_issue.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_banner_etc_issue.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_banner_etc_issue.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_crypto_policy.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_crypto_policy.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_crypto_policy.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_crypto_policy.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_coredump_disable_backtraces.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_coredump_disable_backtraces.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_coredump_disable_backtraces.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_coredump_disable_backtraces.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_coredump_disable_storage.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_coredump_disable_storage.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_coredump_disable_storage.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_coredump_disable_storage.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_disable_users_coredumps.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_disable_users_coredumps.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_disable_users_coredumps.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_disable_users_coredumps.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_display_login_attempts.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_display_login_attempts.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_display_login_attempts.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_display_login_attempts.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_file_groupowner_var_log_messages.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_file_groupownership_system_commands_dirs.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_file_owner_var_log_messages.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_file_owner_var_log_messages.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_file_owner_var_log_messages.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_file_owner_var_log_messages.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_atm_disabled.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_atm_disabled.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_atm_disabled.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_atm_disabled.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_can_disabled.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_can_disabled.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_can_disabled.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_can_disabled.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_cramfs_disabled.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_cramfs_disabled.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_cramfs_disabled.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_cramfs_disabled.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_firewire-core_disabled.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_firewire-core_disabled.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_firewire-core_disabled.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_firewire-core_disabled.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_tipc_disabled.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_tipc_disabled.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_kernel_module_tipc_disabled.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_kernel_module_tipc_disabled.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_no_empty_passwords.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_no_empty_passwords.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_no_empty_passwords.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_no_empty_passwords.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_openssl_use_strong_entropy.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_openssl_use_strong_entropy.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_openssl_use_strong_entropy.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_openssl_use_strong_entropy.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_crypto-policies_installed.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_crypto-policies_installed.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_crypto-policies_installed.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_crypto-policies_installed.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_iptables_installed.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_iptables_installed.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_iptables_installed.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_iptables_installed.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_rng-tools_installed.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_rng-tools_installed.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_rng-tools_installed.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_rng-tools_installed.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_sudo_installed.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_sudo_installed.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_sudo_installed.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_sudo_installed.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_usbguard_installed.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_usbguard_installed.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_package_usbguard_installed.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_package_usbguard_installed.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_sudo_require_reauthentication.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_sudo_require_reauthentication.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_sudo_require_reauthentication.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_sudo_require_reauthentication.sh diff --git a/docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_sudoers_validate_passwd.sh b/docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_sudoers_validate_passwd.sh similarity index 100% rename from docker/parabol-ubi/docker-build/security/xccdf_org.ssgproject.content_rule_sudoers_validate_passwd.sh rename to docker/images/parabol-ubi/security/xccdf_org.ssgproject.content_rule_sudoers_validate_passwd.sh diff --git a/docker/parabol-ubi/docker-build/tools/ip-to-server_id/index.js b/docker/images/parabol-ubi/tools/ip-to-server_id/index.js similarity index 100% rename from docker/parabol-ubi/docker-build/tools/ip-to-server_id/index.js rename to docker/images/parabol-ubi/tools/ip-to-server_id/index.js diff --git a/docker/parabol-ubi/docker-build/tools/ip-to-server_id/package.json b/docker/images/parabol-ubi/tools/ip-to-server_id/package.json similarity index 100% rename from docker/parabol-ubi/docker-build/tools/ip-to-server_id/package.json rename to docker/images/parabol-ubi/tools/ip-to-server_id/package.json diff --git a/packages/server/postgres/Dockerfile b/docker/images/postgres/Dockerfile similarity index 72% rename from packages/server/postgres/Dockerfile rename to docker/images/postgres/Dockerfile index e37b75a097e..3ce8d5d5185 100644 --- a/packages/server/postgres/Dockerfile +++ b/docker/images/postgres/Dockerfile @@ -1,15 +1,17 @@ FROM postgres:15.4 +ARG PGVECTOR_VERSION=v0.6.1 +ARG PSQL_MAJOR_VERSION=15 ADD extensions /extensions RUN apt-get update && apt-get install -y \ build-essential \ locales \ - postgresql-server-dev-15 \ + postgresql-server-dev-${PSQL_MAJOR_VERSION} \ git -RUN cd /extensions/postgres-json-schema && make install && make installcheck -RUN git clone --branch v0.5.0 \ +# PGVector +RUN git clone --branch ${PGVECTOR_VERSION} \ https://github.com/pgvector/pgvector.git /extensions/pgvector && \ cd extensions/pgvector && make clean && make && make install diff --git a/docker/images/postgres/extensions/install.sql b/docker/images/postgres/extensions/install.sql new file mode 100644 index 00000000000..5e2d0c13454 --- /dev/null +++ b/docker/images/postgres/extensions/install.sql @@ -0,0 +1 @@ +CREATE EXTENSION IF NOT EXISTS "vector"; diff --git a/docker/stacks/development/README.md b/docker/stacks/development/README.md new file mode 100644 index 00000000000..a14d00d59cb --- /dev/null +++ b/docker/stacks/development/README.md @@ -0,0 +1,43 @@ +# Development stack + +> ⚠️ **Parabol does not provide any support on this stack**. Use it under your own resposibility. + +## General notes + +- **This stack is not meant for production use.** It is our development stack and can change at any moment, have errors and incorporate and remove components we are testing without any notice. +- This stack is designed to be managed using `yarn db:start` and `yarn db:stop` to start the databases. The application can use it, starting with either `yarn dev` or building the application and using `yarn start`. + +## Components + +- **Datadog agent:** additional configuration can be added in the folder `datadog/dd-conf.d`. +- **RethinkDB:** ports 28015 and 8080 (console) exposed to communicate with the cluster. Data mounted in a volume rethinkdb-data. +- **Postgres:** container built from a Dockerfile in [docker/images/postgres](docker/images/postgres), that incorporates some extra extensions used by the application. Exposed through port 5432 and with the data mounted in a volume postgres-data. +- **PGAdmin:** available on 5050 with credentials on the `.env` file. Connect using the values of `PGADMIN_DEFAULT_EMAIL` and `PGADMIN_DEFAULT_PASSWORD` from the `.env`. Data mounted on a volume pgadmin-data. +- **Redis:** available on 6379 with the data mounted on a volume redis-data. +- **Redis Commander:** available on 8081. +- **Text Embedding Inference:** toolkit to deploy and serve open source text embeddings and sequence classification models. Exposed on 3040. More information in [their Github](https://github.com/huggingface/text-embeddings-inference). + +### Configue PGAdmin + +- pgadmin is at [http://localhost:5050](http://localhost:5050) +- Connect using the values of `PGADMIN_DEFAULT_EMAIL` and `PGADMIN_DEFAULT_PASSWORD` from your `.env` +- Click **Add New Server** and fill out the forms with your `.env` values + + - General.name = POSTGRES_DB + - Connection.host = 'postgres' (hardcoded from docker-compose dev.yml, not from .env!) + - Connection.username = POSTGRES_USER + - Connection.password = POSTGRES_PASSWORD + - Connection.maintenanceDatabase = POSTGRES_DB + - Connection.port = POSTGRES_PORT + +### Postgres + +#### Too many connections + +Sometimes pg pool will hit its connection limit. This should never happen in prod, but happens on occassion in dev. +You'll know it's happening because PG will say there are too many connections. +To fix, you can run the following SQL to remove all the connections except the one that is running the script + +```sql +select pg_terminate_backend(pid) from pg_stat_activity where datname='parabol-saas' AND pid <> pg_backend_pid(); +``` diff --git a/docker/dd-conf.d/gqlExecutor.yml b/docker/stacks/development/datadog/dd-conf.d/gqlExecutor.yml similarity index 100% rename from docker/dd-conf.d/gqlExecutor.yml rename to docker/stacks/development/datadog/dd-conf.d/gqlExecutor.yml diff --git a/docker/dd-conf.d/web.yml b/docker/stacks/development/datadog/dd-conf.d/web.yml similarity index 100% rename from docker/dd-conf.d/web.yml rename to docker/stacks/development/datadog/dd-conf.d/web.yml diff --git a/docker/dev.yml b/docker/stacks/development/docker-compose.yml similarity index 76% rename from docker/dev.yml rename to docker/stacks/development/docker-compose.yml index c45ba6b6f6b..91adbbb6578 100644 --- a/docker/dev.yml +++ b/docker/stacks/development/docker-compose.yml @@ -1,10 +1,11 @@ -version: "3.7" +version: "3.9" +name: parabol-dev services: datadog: image: gcr.io/datadoghq/agent:7 restart: unless-stopped - env_file: ../.env + env_file: ../../../.env ports: - "8126:8126" networks: @@ -13,7 +14,9 @@ services: - /var/run/docker.sock:/var/run/docker.sock - /proc/:/host/proc/:ro - /sys/fs/cgroup:/host/sys/fs/cgroup:ro - db: + - ".datadog/dd-conf.d:/etc/datadog-agent/conf.d/local.d/" + - "../../../dev/logs:/var/log/datadog/logs" + rethinkdb: image: rethinkdb:2.4.2 restart: unless-stopped ports: @@ -26,23 +29,20 @@ services: - parabol-network postgres: build: - context: "../packages/server/postgres" + context: "../../images/postgres" restart: unless-stopped - env_file: ../.env + env_file: ../../../.env ports: - "5432:5432" volumes: - - "../packages/server/postgres/postgres.conf:/usr/local/etc/postgres/postgres.conf" - "postgres-data:/var/lib/postgresql/data" - command: "postgres -c config_file=/usr/local/etc/postgres/postgres.conf" networks: - parabol-network pgadmin: - container_name: pgadmin_container - image: dpage/pgadmin4:latest + image: dpage/pgadmin4:8.3 depends_on: - postgres - env_file: ../.env + env_file: ../../../.env volumes: - "pgadmin-data:/var/lib/pgadmin" ports: @@ -60,18 +60,16 @@ services: networks: - parabol-network redis-commander: - container_name: redis_commander - image: ghcr.io/joeferner/redis-commander:latest + image: ghcr.io/joeferner/redis-commander:0.8.1 hostname: redis-commander restart: unless-stopped environment: - REDIS_HOSTS=local:redis:6379 ports: - - "8082:8081" + - "8081:8081" networks: parabol-network: text-embeddings-inference: - container_name: text-embeddings-inference image: ghcr.io/huggingface/text-embeddings-inference:cpu-0.6 command: - "--model-id=llmrails/ember-v1" diff --git a/certs/README.md b/docker/stacks/development/redis/certs/README.md similarity index 74% rename from certs/README.md rename to docker/stacks/development/redis/certs/README.md index 3059e90eead..0a2e2972912 100644 --- a/certs/README.md +++ b/docker/stacks/development/redis/certs/README.md @@ -8,8 +8,10 @@ The certs that are checked into version control are self-signed and safe to shar All env vars should correspond with the vars in the redis instance. In development, that means: -- In the `docker/dev.yml`, add a volume: `bitnami-redis-data: {}` -- In the `docker/dev.yml`, replace the Redis container sections with the following: + +- In the `docker/stacks/development/docker-compose.yml`, add a volume: `bitnami-redis-data: {}` +- In the `docker/stacks/development/docker-compose.yml`, replace the Redis container sections with the following: + ```yaml image: bitnami/redis:7.0-debian-11 environment: @@ -25,9 +27,9 @@ In development, that means: - ../certs:/opt/bitnami/redis/certs ``` -- Vars in .env should match the vars in dev.yml +- Vars in .env should match the vars in `docker/stacks/development/docker-compose.yml` -Any changes to dev.yml require running `yarn db:start` +Any changes to `docker/stacks/development/docker-compose.yml` require running `yarn db:start` REDIS_PASSWORD: Use this if you'd like our app to connect to redis using a password REDIS_TLS_CERT_FILE: The cert file used to authorize clients. Not available in GCP diff --git a/certs/gen-redis-certs.sh b/docker/stacks/development/redis/certs/gen-redis-certs.sh similarity index 100% rename from certs/gen-redis-certs.sh rename to docker/stacks/development/redis/certs/gen-redis-certs.sh diff --git a/certs/redis.crt b/docker/stacks/development/redis/certs/redis.crt similarity index 100% rename from certs/redis.crt rename to docker/stacks/development/redis/certs/redis.crt diff --git a/certs/redis.key b/docker/stacks/development/redis/certs/redis.key similarity index 100% rename from certs/redis.key rename to docker/stacks/development/redis/certs/redis.key diff --git a/certs/redisCA.crt b/docker/stacks/development/redis/certs/redisCA.crt similarity index 100% rename from certs/redisCA.crt rename to docker/stacks/development/redis/certs/redisCA.crt diff --git a/docker/parabol-ubi/docker-host-st/.env.example b/docker/stacks/single-tenant-host/.env.example similarity index 100% rename from docker/parabol-ubi/docker-host-st/.env.example rename to docker/stacks/single-tenant-host/.env.example diff --git a/docker/parabol-ubi/docker-host-st/README.md b/docker/stacks/single-tenant-host/README.md similarity index 88% rename from docker/parabol-ubi/docker-host-st/README.md rename to docker/stacks/single-tenant-host/README.md index af3a0b244ec..59a6a4a8a3e 100644 --- a/docker/parabol-ubi/docker-host-st/README.md +++ b/docker/stacks/single-tenant-host/README.md @@ -1,8 +1,8 @@ # Docker Host Single Tenant (ST) -To run Parabol in single tenant mode (e.g. simple docker-compose on a docker host). +To run Parabol in single tenant mode (e.g. simple docker-compose on a docker host): -1. Build your Parabol UBI using instructions in `docker/ubi/docker-build/README.md` +1. Build your Parabol UBI using instructions in `docker/images/parabol-ubi/README.md` 2. Create a working `.env` from `.env.example` 3. Update docker-compose.yaml `image: #image:tag` with your built image tag from `step (1.)` 4. Run `docker compose --profile databases --profile parabol up -d` to deploy the local stack. You can run `docker compose --profile databases --profile parabol down` to terminate the local stack @@ -31,12 +31,12 @@ This will run `pre-deploy` and thus it will recreate the `web-server` and the `g Some tools are available to debug the databases is needed: -- pgadmin -- redis-commander +- [pgadmin](https://www.pgadmin.org/) +- [redis-commander](https://github.com/joeferner/redis-commander) To operate them use `docker compose up --profile databases --profile database-debug`. ## Running the whole stack - Start the whole stack: `docker compose --profile databases --profile parabol --profile database-debug --profile chronos up -d`. -- Stop the stack: `docker compose --profile databases --profile parabol --profile database-debug --profile chronos down` +- Stop the stack: `docker compose --profile databases --profile parabol --profile database-debug --profile chronos down`. diff --git a/docker/parabol-ubi/docker-host-st/docker-compose.yaml b/docker/stacks/single-tenant-host/docker-compose.yaml similarity index 83% rename from docker/parabol-ubi/docker-host-st/docker-compose.yaml rename to docker/stacks/single-tenant-host/docker-compose.yaml index 52bb8c76a7d..e5f662ed74a 100644 --- a/docker/parabol-ubi/docker-host-st/docker-compose.yaml +++ b/docker/stacks/single-tenant-host/docker-compose.yaml @@ -1,6 +1,19 @@ -version: '3.9' +version: "3.9" services: + rethinkdb: + container_name: rethinkdb + profiles: ["databases"] + image: rethinkdb:2.4.2 + restart: always + ports: + - "8080:8080" + - "29015:29015" + - "28015:28015" + volumes: + - ./data/rethink:/data + networks: + - parabol-network postgres: container_name: postgres profiles: ["databases"] @@ -10,9 +23,9 @@ services: environment: - PGUSER=$POSTGRES_USER ports: - - '5432:5432' + - "5432:5432" volumes: - - './data/postgres/pgdata:/var/lib/postgresql/data' + - "./data/postgres/pgdata:/var/lib/postgresql/data" healthcheck: test: ["CMD-SHELL", "pg_isready", "-d", "$POSTGRES_DB", "-U", "$POSTGRES_USER"] interval: 10s @@ -32,19 +45,6 @@ services: - "5050:80" networks: - parabol-network - rethinkdb: - container_name: rethinkdb - profiles: ["databases"] - image: rethinkdb:2.4.2 - restart: always - ports: - - '8080:8080' - - '29015:29015' - - '28015:28015' - volumes: - - ./data/rethink:/data - networks: - - parabol-network redis: container_name: redis profiles: ["databases"] @@ -56,7 +56,7 @@ services: retries: 5 restart: always ports: - - '6379:6379' + - "6379:6379" volumes: - ./data/redis:/data networks: @@ -78,13 +78,13 @@ services: pre-deploy: container_name: pre-deploy profiles: ["parabol"] - image: us-central1-docker.pkg.dev/prbl-tooling/parabol-production/parabol:v7.15.2 + image: #image:tag command: bash -c "node dist/preDeploy.js" env_file: .env environment: - SERVER_ID=0 volumes: - - './.env:/parabol/.env' + - "./.env:/parabol/.env" depends_on: rethinkdb: condition: service_started @@ -97,14 +97,14 @@ services: chronos: container_name: chronos profiles: ["chronos"] - image: us-central1-docker.pkg.dev/prbl-tooling/parabol-production/parabol:v7.15.2 + image: #image:tag restart: always command: bash -c "node dist/chronos.js" env_file: .env environment: - SERVER_ID=1 volumes: - - './.env:/parabol/.env' + - "./.env:/parabol/.env" depends_on: pre-deploy: condition: service_completed_successfully @@ -119,16 +119,16 @@ services: web-server: container_name: web-server profiles: ["parabol"] - image: us-central1-docker.pkg.dev/prbl-tooling/parabol-production/parabol:v7.15.2 + image: #image:tag restart: always command: bash -c "node dist/web.js" env_file: .env environment: - SERVER_ID=5 ports: - - '3000:3000' + - "3000:3000" volumes: - - './.env:/parabol/.env' + - "./.env:/parabol/.env" depends_on: pre-deploy: condition: service_completed_successfully @@ -143,14 +143,14 @@ services: gql-executor: container_name: gql-executor profiles: ["parabol"] - image: us-central1-docker.pkg.dev/prbl-tooling/parabol-production/parabol:v7.15.2 + image: #image:tag restart: always command: bash -c "node dist/gqlExecutor.js" env_file: .env environment: - SERVER_ID=10 volumes: - - './.env:/parabol/.env' + - "./.env:/parabol/.env" depends_on: pre-deploy: condition: service_completed_successfully diff --git a/docs/alternative-licenses/us-department-of-defense/README.md b/docs/alternative-licenses/us-department-of-defense/README.md index efbdc1d9f1d..330f56931d5 100644 --- a/docs/alternative-licenses/us-department-of-defense/README.md +++ b/docs/alternative-licenses/us-department-of-defense/README.md @@ -82,7 +82,7 @@ $ yarn && yarn build && yarn start - Click "Add New Server" and fill out the forms with your `.env` values - General.name = POSTGRES_DB - - Connection.host = 'postgres' (hardcoded from docker-compose dev.yml, not from .env!) + - Connection.host = 'postgres' (hardcoded from docker-compose `docker/stacks/development/docker-compose.yml`, not from .env!) - Connection.username = POSTGRES_USER - Connection.password = POSTGRES_PASSWORD - Connection.maintenanceDatabase = POSTGRES_DB diff --git a/package.json b/package.json index dc0564d2e8c..16236abfc53 100644 --- a/package.json +++ b/package.json @@ -30,8 +30,8 @@ "pg:migrate": "node-pg-migrate -f ./packages/server/postgres/pgmConfig.js", "pg:generate": "export $(grep ^POSTGRES_ .env | tr -d \"'\"); yarn kysely-codegen --exclude-pattern \"(PgMigrations|StripeQuantityMismatchLogging)\" --out-file ./packages/server/postgres/pg.d.ts --dialect postgres --url postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB && prettier --write ./packages/server/postgres/pg.d.ts", "pg:restore": "node ./scripts/toolbox/pgRestore.js", - "db:start": "docker compose -f docker/dev.yml up -d", - "db:stop": "docker compose -f docker/dev.yml down", + "db:start": "docker compose -f docker/stacks/development/docker-compose.yml up -d", + "db:stop": "docker compose -f docker/stacks/development/docker-compose.yml down", "db:migrate": "node scripts/migrate.js", "deduplicate": "yarn yarn-deduplicate yarn.lock", "predeploy": "node dist/preDeploy.js", diff --git a/packages/server/database/README.md b/packages/server/database/README.md index 43981c7b19b..13d527b63d7 100644 --- a/packages/server/database/README.md +++ b/packages/server/database/README.md @@ -10,4 +10,3 @@ Since that time, RethinkDB has occassionally been unstable for us under high loa Since our data is very relational, it made sense to move PostgresQL, which we are actively doing. - Migrations are stored in [`packages/server/database/migrations`](./migrations/) -- RethinkDB Dashboard is at [http://localhost:8080](http://localhost:8080) diff --git a/packages/server/postgres/README.md b/packages/server/postgres/README.md index 07047ec37c6..303ec662993 100644 --- a/packages/server/postgres/README.md +++ b/packages/server/postgres/README.md @@ -1,18 +1,5 @@ # PostgreSQL -## Setup - -- pgadmin is at [http://localhost:5050](http://localhost:5050) -- Connect using the values of `PGADMIN_DEFAULT_EMAIL` and `PGADMIN_DEFAULT_PASSWORD` from your `.env` -- Click "Add New Server" and fill out the forms with your `.env` values - - - General.name = POSTGRES_DB - - Connection.host = 'postgres' (hardcoded from docker-compose dev.yml, not from .env!) - - Connection.username = POSTGRES_USER - - Connection.password = POSTGRES_PASSWORD - - Connection.maintenanceDatabase = POSTGRES_DB - - Connection.port = POSTGRES_PORT - ## Migrations This folder contains all the postgres migrations that have been run on the database. @@ -56,13 +43,3 @@ Parameters are capped at 16-bit, so if you're doing a bulk insert, you'll need t In other words, if `# rows * columns per row > 65,535` you need to do it in batches. `pg-protocol` shows this here: Issue here: - -#### Too many connections - -Sometimes pg pool will hit its connection limit. This should never happen in prod, but happens on occassion in dev. -You'll know it's happening because PG will say there are too many connections. -To fix, you can run the following SQL to remove all the connections except the one that is running the script - -```sql -select pg_terminate_backend(pid) from pg_stat_activity where datname='parabol-saas' AND pid <> pg_backend_pid(); -``` diff --git a/packages/server/postgres/extensions/install.sql b/packages/server/postgres/extensions/install.sql deleted file mode 100644 index b2670548069..00000000000 --- a/packages/server/postgres/extensions/install.sql +++ /dev/null @@ -1,2 +0,0 @@ -CREATE EXTENSION IF NOT EXISTS "postgres-json-schema"; -CREATE EXTENSION IF NOT EXISTS "vector"; diff --git a/packages/server/postgres/extensions/postgres-json-schema/Makefile b/packages/server/postgres/extensions/postgres-json-schema/Makefile deleted file mode 100644 index 52ea8ab56d5..00000000000 --- a/packages/server/postgres/extensions/postgres-json-schema/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -EXTENSION = postgres-json-schema -DATA = postgres-json-schema--0.1.1.sql - -# postgres build stuff -PG_CONFIG = pg_config -PGXS := $(shell $(PG_CONFIG) --pgxs) -include $(PGXS) diff --git a/packages/server/postgres/extensions/postgres-json-schema/postgres-json-schema--0.1.1.sql b/packages/server/postgres/extensions/postgres-json-schema/postgres-json-schema--0.1.1.sql deleted file mode 100644 index 5c2ba846fff..00000000000 --- a/packages/server/postgres/extensions/postgres-json-schema/postgres-json-schema--0.1.1.sql +++ /dev/null @@ -1,259 +0,0 @@ -CREATE OR REPLACE FUNCTION _validate_json_schema_type(type text, data jsonb) RETURNS boolean AS $f$ -BEGIN - IF type = 'integer' THEN - IF jsonb_typeof(data) != 'number' THEN - RETURN false; - END IF; - IF trunc(data::text::numeric) != data::text::numeric THEN - RETURN false; - END IF; - ELSE - IF type != jsonb_typeof(data) THEN - RETURN false; - END IF; - END IF; - RETURN true; -END; -$f$ LANGUAGE 'plpgsql' IMMUTABLE; - - -CREATE OR REPLACE FUNCTION validate_json_schema(schema jsonb, data jsonb, root_schema jsonb DEFAULT NULL) RETURNS boolean AS $f$ -DECLARE - prop text; - item jsonb; - path text[]; - types text[]; - pattern text; - props text[]; -BEGIN - IF root_schema IS NULL THEN - root_schema = schema; - END IF; - - IF schema ? 'type' THEN - IF jsonb_typeof(schema->'type') = 'array' THEN - types = ARRAY(SELECT jsonb_array_elements_text(schema->'type')); - ELSE - types = ARRAY[schema->>'type']; - END IF; - IF (SELECT NOT bool_or(@extschema@._validate_json_schema_type(type, data)) FROM unnest(types) type) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'properties' THEN - FOR prop IN SELECT jsonb_object_keys(schema->'properties') LOOP - IF data ? prop AND NOT @extschema@.validate_json_schema(schema->'properties'->prop, data->prop, root_schema) THEN - RETURN false; - END IF; - END LOOP; - END IF; - - IF schema ? 'required' AND jsonb_typeof(data) = 'object' THEN - IF NOT ARRAY(SELECT jsonb_object_keys(data)) @> - ARRAY(SELECT jsonb_array_elements_text(schema->'required')) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'items' AND jsonb_typeof(data) = 'array' THEN - IF jsonb_typeof(schema->'items') = 'object' THEN - FOR item IN SELECT jsonb_array_elements(data) LOOP - IF NOT @extschema@.validate_json_schema(schema->'items', item, root_schema) THEN - RETURN false; - END IF; - END LOOP; - ELSE - IF NOT ( - SELECT bool_and(i > jsonb_array_length(schema->'items') OR @extschema@.validate_json_schema(schema->'items'->(i::int - 1), elem, root_schema)) - FROM jsonb_array_elements(data) WITH ORDINALITY AS t(elem, i) - ) THEN - RETURN false; - END IF; - END IF; - END IF; - - IF jsonb_typeof(schema->'additionalItems') = 'boolean' and NOT (schema->'additionalItems')::text::boolean AND jsonb_typeof(schema->'items') = 'array' THEN - IF jsonb_array_length(data) > jsonb_array_length(schema->'items') THEN - RETURN false; - END IF; - END IF; - - IF jsonb_typeof(schema->'additionalItems') = 'object' THEN - IF NOT ( - SELECT bool_and(@extschema@.validate_json_schema(schema->'additionalItems', elem, root_schema)) - FROM jsonb_array_elements(data) WITH ORDINALITY AS t(elem, i) - WHERE i > jsonb_array_length(schema->'items') - ) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'minimum' AND jsonb_typeof(data) = 'number' THEN - IF data::text::numeric < (schema->>'minimum')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'maximum' AND jsonb_typeof(data) = 'number' THEN - IF data::text::numeric > (schema->>'maximum')::numeric THEN - RETURN false; - END IF; - END IF; - - IF COALESCE((schema->'exclusiveMinimum')::text::bool, FALSE) THEN - IF data::text::numeric = (schema->>'minimum')::numeric THEN - RETURN false; - END IF; - END IF; - - IF COALESCE((schema->'exclusiveMaximum')::text::bool, FALSE) THEN - IF data::text::numeric = (schema->>'maximum')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'anyOf' THEN - IF NOT (SELECT bool_or(@extschema@.validate_json_schema(sub_schema, data, root_schema)) FROM jsonb_array_elements(schema->'anyOf') sub_schema) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'allOf' THEN - IF NOT (SELECT bool_and(@extschema@.validate_json_schema(sub_schema, data, root_schema)) FROM jsonb_array_elements(schema->'allOf') sub_schema) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'oneOf' THEN - IF 1 != (SELECT COUNT(*) FROM jsonb_array_elements(schema->'oneOf') sub_schema WHERE @extschema@.validate_json_schema(sub_schema, data, root_schema)) THEN - RETURN false; - END IF; - END IF; - - IF COALESCE((schema->'uniqueItems')::text::boolean, false) THEN - IF (SELECT COUNT(*) FROM jsonb_array_elements(data)) != (SELECT count(DISTINCT val) FROM jsonb_array_elements(data) val) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'additionalProperties' AND jsonb_typeof(data) = 'object' THEN - props := ARRAY( - SELECT key - FROM jsonb_object_keys(data) key - WHERE key NOT IN (SELECT jsonb_object_keys(schema->'properties')) - AND NOT EXISTS (SELECT * FROM jsonb_object_keys(schema->'patternProperties') pat WHERE key ~ pat) - ); - IF jsonb_typeof(schema->'additionalProperties') = 'boolean' THEN - IF NOT (schema->'additionalProperties')::text::boolean AND jsonb_typeof(data) = 'object' AND NOT props <@ ARRAY(SELECT jsonb_object_keys(schema->'properties')) THEN - RETURN false; - END IF; - ELSEIF NOT ( - SELECT bool_and(@extschema@.validate_json_schema(schema->'additionalProperties', data->key, root_schema)) - FROM unnest(props) key - ) THEN - RETURN false; - END IF; - END IF; - - IF schema ? '$ref' THEN - path := ARRAY( - SELECT regexp_replace(regexp_replace(path_part, '~1', '/'), '~0', '~') - FROM UNNEST(regexp_split_to_array(schema->>'$ref', '/')) path_part - ); - -- ASSERT path[1] = '#', 'only refs anchored at the root are supported'; - IF NOT @extschema@.validate_json_schema(root_schema #> path[2:array_length(path, 1)], data, root_schema) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'enum' THEN - IF NOT EXISTS (SELECT * FROM jsonb_array_elements(schema->'enum') val WHERE val = data) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'minLength' AND jsonb_typeof(data) = 'string' THEN - IF char_length(data #>> '{}') < (schema->>'minLength')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'maxLength' AND jsonb_typeof(data) = 'string' THEN - IF char_length(data #>> '{}') > (schema->>'maxLength')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'not' THEN - IF @extschema@.validate_json_schema(schema->'not', data, root_schema) THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'maxProperties' AND jsonb_typeof(data) = 'object' THEN - IF (SELECT count(*) FROM jsonb_object_keys(data)) > (schema->>'maxProperties')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'minProperties' AND jsonb_typeof(data) = 'object' THEN - IF (SELECT count(*) FROM jsonb_object_keys(data)) < (schema->>'minProperties')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'maxItems' AND jsonb_typeof(data) = 'array' THEN - IF (SELECT count(*) FROM jsonb_array_elements(data)) > (schema->>'maxItems')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'minItems' AND jsonb_typeof(data) = 'array' THEN - IF (SELECT count(*) FROM jsonb_array_elements(data)) < (schema->>'minItems')::numeric THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'dependencies' THEN - FOR prop IN SELECT jsonb_object_keys(schema->'dependencies') LOOP - IF data ? prop THEN - IF jsonb_typeof(schema->'dependencies'->prop) = 'array' THEN - IF NOT (SELECT bool_and(data ? dep) FROM jsonb_array_elements_text(schema->'dependencies'->prop) dep) THEN - RETURN false; - END IF; - ELSE - IF NOT @extschema@.validate_json_schema(schema->'dependencies'->prop, data, root_schema) THEN - RETURN false; - END IF; - END IF; - END IF; - END LOOP; - END IF; - - IF schema ? 'pattern' AND jsonb_typeof(data) = 'string' THEN - IF (data #>> '{}') !~ (schema->>'pattern') THEN - RETURN false; - END IF; - END IF; - - IF schema ? 'patternProperties' AND jsonb_typeof(data) = 'object' THEN - FOR prop IN SELECT jsonb_object_keys(data) LOOP - FOR pattern IN SELECT jsonb_object_keys(schema->'patternProperties') LOOP - RAISE NOTICE 'prop %s, pattern %, schema %', prop, pattern, schema->'patternProperties'->pattern; - IF prop ~ pattern AND NOT @extschema@.validate_json_schema(schema->'patternProperties'->pattern, data->prop, root_schema) THEN - RETURN false; - END IF; - END LOOP; - END LOOP; - END IF; - - IF schema ? 'multipleOf' AND jsonb_typeof(data) = 'number' THEN - IF data::text::numeric % (schema->>'multipleOf')::numeric != 0 THEN - RETURN false; - END IF; - END IF; - - RETURN true; -END; -$f$ LANGUAGE 'plpgsql' IMMUTABLE; diff --git a/packages/server/postgres/extensions/postgres-json-schema/postgres-json-schema.control b/packages/server/postgres/extensions/postgres-json-schema/postgres-json-schema.control deleted file mode 100644 index eaaf496b08a..00000000000 --- a/packages/server/postgres/extensions/postgres-json-schema/postgres-json-schema.control +++ /dev/null @@ -1,3 +0,0 @@ -comment = 'Validate JSON schemas' -relocatable = false -default_version = '0.1.1' diff --git a/packages/server/postgres/postgres.conf b/packages/server/postgres/postgres.conf deleted file mode 100644 index 81a24496bf9..00000000000 --- a/packages/server/postgres/postgres.conf +++ /dev/null @@ -1 +0,0 @@ -listen_addresses='*'