mirror of
https://github.com/twentyhq/twenty.git
synced 2026-04-20 06:51:49 -04:00
191a277ddf
## Summary ### Cache invalidation fix - After migrating object/field permissions to syncable entities (#18609, #18751, #18567), changes to `flatObjectPermissionMaps`, `flatFieldPermissionMaps`, or `flatPermissionFlagMaps` no longer triggered `rolesPermissions` cache invalidation - This caused stale permission data to be served, leading to flaky `permissions-on-relations` integration tests and potentially incorrect permission enforcement in production after object permission upserts - Adds the three permission-related flat map keys to the condition that triggers `rolesPermissions` cache recomputation in `WorkspaceMigrationRunnerService.getLegacyCacheInvalidationPromises` - Clears memoizer after recomputation to prevent concurrent `getOrRecompute` calls from caching stale data ### Docker Hub rate limit fix - CI service containers (postgres, redis, clickhouse) and `docker run`/`docker build` steps were pulling from Docker Hub **unauthenticated**, hitting the 100-pull-per-6-hour rate limit on shared GitHub-hosted runner IPs - Adds `credentials` blocks to all service container definitions and `docker/login-action` steps before `docker run`/`docker compose` commands - Uses `vars.DOCKERHUB_USERNAME` + `secrets.DOCKERHUB_PASSWORD` (matching the existing twenty-infra convention) - Affected workflows: ci-server, ci-merge-queue, ci-breaking-changes, ci-zapier, ci-sdk, ci-create-app-e2e, ci-website, ci-test-docker-compose, preview-env-keepalive, spawn-twenty-docker-image action
164 lines
5.7 KiB
YAML
164 lines
5.7 KiB
YAML
name: CI Docker
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
on:
|
|
pull_request:
|
|
merge_group:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
|
|
|
|
jobs:
|
|
changed-files-check:
|
|
if: github.event_name != 'merge_group'
|
|
uses: ./.github/workflows/changed-files.yaml
|
|
with:
|
|
files: |
|
|
packages/twenty-docker/**
|
|
docker-compose.yml
|
|
test-compose:
|
|
needs: changed-files-check
|
|
if: needs.changed-files-check.outputs.any_changed == 'true'
|
|
timeout-minutes: 30
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
- name: Run compose
|
|
run: |
|
|
echo "Patching docker-compose.yml..."
|
|
yq eval 'del(.services.server.image)' -i docker-compose.yml
|
|
yq eval '.services.server.build.context = "../../"' -i docker-compose.yml
|
|
yq eval '.services.server.build.dockerfile = "./packages/twenty-docker/twenty/Dockerfile"' -i docker-compose.yml
|
|
yq eval '.services.server.build.target = "twenty"' -i docker-compose.yml
|
|
yq eval '.services.server.restart = "no"' -i docker-compose.yml
|
|
|
|
echo "Setting up .env file..."
|
|
cp .env.example .env
|
|
echo "Generating secrets..."
|
|
echo "" >> .env
|
|
echo "# === Randomly generated secrets ===" >>.env
|
|
echo "APP_SECRET=$(openssl rand -base64 32)" >>.env
|
|
echo "PGPASSWORD_SUPERUSER=$(openssl rand -hex 16)" >>.env
|
|
|
|
echo "Docker compose up..."
|
|
docker compose up -d || {
|
|
echo "Docker compose failed to start"
|
|
docker compose logs
|
|
exit 1
|
|
}
|
|
docker compose logs db server -f &
|
|
pid=$!
|
|
|
|
echo "Waiting for database to start..."
|
|
count=0
|
|
while [ ! $(docker inspect --format='{{.State.Health.Status}}' twenty-db-1) = "healthy" ]; do
|
|
sleep 1;
|
|
count=$((count+1));
|
|
if [ $(docker inspect --format='{{.State.Status}}' twenty-db-1) = "exited" ]; then
|
|
echo "Database exited"
|
|
docker compose logs db
|
|
exit 1
|
|
fi
|
|
if [ $count -gt 300 ]; then
|
|
echo "Failed to start database after 5 minutes"
|
|
docker compose logs db
|
|
exit 1
|
|
fi
|
|
echo "Still waiting for database... (${count}/60)"
|
|
done
|
|
|
|
echo "Waiting for server to start..."
|
|
count=0
|
|
while [ ! $(docker inspect --format='{{.State.Health.Status}}' twenty-server-1) = "healthy" ]; do
|
|
sleep 1;
|
|
count=$((count+1));
|
|
if [ $(docker inspect --format='{{.State.Status}}' twenty-server-1) = "exited" ]; then
|
|
echo "Server exited"
|
|
docker compose logs server
|
|
exit 1
|
|
fi
|
|
if [ $count -gt 300 ]; then
|
|
echo "Failed to start server after 5 minutes"
|
|
docker compose logs server
|
|
exit 1
|
|
fi
|
|
echo "Still waiting for server... (${count}/300s)"
|
|
done
|
|
working-directory: ./packages/twenty-docker/
|
|
test-app-dev:
|
|
needs: changed-files-check
|
|
if: needs.changed-files-check.outputs.any_changed == 'true'
|
|
timeout-minutes: 30
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
|
- name: Create frontend placeholder
|
|
run: |
|
|
mkdir -p packages/twenty-front/build
|
|
echo '<html><body>CI placeholder</body></html>' > packages/twenty-front/build/index.html
|
|
- name: Build app-dev image
|
|
run: |
|
|
docker build \
|
|
--target twenty-app-dev \
|
|
-f packages/twenty-docker/twenty/Dockerfile \
|
|
-t twenty-app-dev-ci \
|
|
.
|
|
- name: Start container
|
|
run: |
|
|
docker run -d --name twenty-app-dev \
|
|
-p 3000:3000 \
|
|
twenty-app-dev-ci
|
|
docker logs twenty-app-dev -f &
|
|
- name: Wait for server health
|
|
run: |
|
|
echo "Waiting for twenty-app-dev to become healthy..."
|
|
count=0
|
|
while true; do
|
|
status=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:3000/healthz 2>/dev/null || echo "000")
|
|
if [ "$status" = "200" ]; then
|
|
echo "Server is healthy!"
|
|
curl -s http://localhost:3000/healthz
|
|
break
|
|
fi
|
|
|
|
container_status=$(docker inspect --format='{{.State.Status}}' twenty-app-dev 2>/dev/null || echo "unknown")
|
|
if [ "$container_status" = "exited" ]; then
|
|
echo "Container exited unexpectedly"
|
|
docker logs twenty-app-dev
|
|
exit 1
|
|
fi
|
|
|
|
count=$((count+1))
|
|
if [ $count -gt 300 ]; then
|
|
echo "Server did not become healthy within 5 minutes"
|
|
docker logs twenty-app-dev
|
|
exit 1
|
|
fi
|
|
echo "Still waiting... (${count}/300s) [HTTP ${status}]"
|
|
sleep 1
|
|
done
|
|
ci-test-docker-status-check:
|
|
if: always() && !cancelled()
|
|
timeout-minutes: 5
|
|
runs-on: ubuntu-latest
|
|
needs: [changed-files-check, test-compose, test-app-dev]
|
|
steps:
|
|
- name: Fail job if any needs failed
|
|
if: contains(needs.*.result, 'failure')
|
|
run: exit 1
|