+
+
+
+
...and many more at [GitHub Sponsors](https://github.com/sponsors/coollabsio)
diff --git a/app/Actions/Application/StopApplication.php b/app/Actions/Application/StopApplication.php
index e86e30f04..b79709c5a 100644
--- a/app/Actions/Application/StopApplication.php
+++ b/app/Actions/Application/StopApplication.php
@@ -36,10 +36,11 @@ public function handle(Application $application, bool $previewDeployments = fals
: getCurrentApplicationContainerStatus($server, $application->id, 0);
$containersToStop = $containers->pluck('Names')->toArray();
+ $timeout = $application->settings->stopGracePeriodSeconds();
foreach ($containersToStop as $containerName) {
instant_remote_process(command: [
- "docker stop -t 30 $containerName",
+ "docker stop --time=$timeout $containerName",
"docker rm -f $containerName",
], server: $server, throwError: false);
}
diff --git a/app/Actions/Application/StopApplicationOneServer.php b/app/Actions/Application/StopApplicationOneServer.php
index bf9fdee72..09de9b628 100644
--- a/app/Actions/Application/StopApplicationOneServer.php
+++ b/app/Actions/Application/StopApplicationOneServer.php
@@ -20,13 +20,15 @@ public function handle(Application $application, Server $server)
}
try {
$containers = getCurrentApplicationContainerStatus($server, $application->id, 0);
+ $timeout = $application->settings->stopGracePeriodSeconds();
+
if ($containers->count() > 0) {
foreach ($containers as $container) {
$containerName = data_get($container, 'Names');
if ($containerName) {
instant_remote_process(
[
- "docker stop -t 30 $containerName",
+ "docker stop --time=$timeout $containerName",
"docker rm -f $containerName",
],
$server
diff --git a/app/Actions/Database/StartClickhouse.php b/app/Actions/Database/StartClickhouse.php
index 393906b9b..525e736c3 100644
--- a/app/Actions/Database/StartClickhouse.php
+++ b/app/Actions/Database/StartClickhouse.php
@@ -50,13 +50,9 @@ public function handle(StandaloneClickhouse $database)
],
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => "clickhouse-client --user {$this->database->clickhouse_admin_user} --password {$this->database->clickhouse_admin_password} --query 'SELECT 1'",
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD', 'clickhouse-client', '--user', (string) $this->database->clickhouse_admin_user, '--password', (string) $this->database->clickhouse_admin_password, '--query', 'SELECT 1',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -98,6 +94,9 @@ public function handle(StandaloneClickhouse $database)
$docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
$docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
diff --git a/app/Actions/Database/StartDatabase.php b/app/Actions/Database/StartDatabase.php
index e2fa6fc87..4b55b0c1d 100644
--- a/app/Actions/Database/StartDatabase.php
+++ b/app/Actions/Database/StartDatabase.php
@@ -11,12 +11,16 @@
use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis;
use Lorisleiva\Actions\Concerns\AsAction;
+use Lorisleiva\Actions\Decorators\JobDecorator;
class StartDatabase
{
use AsAction;
- public string $jobQueue = 'high';
+ public function configureJob(JobDecorator $job): void
+ {
+ $job->onQueue(deployment_queue());
+ }
public function handle(StandaloneRedis|StandalonePostgresql|StandaloneMongodb|StandaloneMysql|StandaloneMariadb|StandaloneKeydb|StandaloneDragonfly|StandaloneClickhouse $database)
{
@@ -25,28 +29,28 @@ public function handle(StandaloneRedis|StandalonePostgresql|StandaloneMongodb|St
return 'Server is not functional';
}
switch ($database->getMorphClass()) {
- case \App\Models\StandalonePostgresql::class:
+ case StandalonePostgresql::class:
$activity = StartPostgresql::run($database);
break;
- case \App\Models\StandaloneRedis::class:
+ case StandaloneRedis::class:
$activity = StartRedis::run($database);
break;
- case \App\Models\StandaloneMongodb::class:
+ case StandaloneMongodb::class:
$activity = StartMongodb::run($database);
break;
- case \App\Models\StandaloneMysql::class:
+ case StandaloneMysql::class:
$activity = StartMysql::run($database);
break;
- case \App\Models\StandaloneMariadb::class:
+ case StandaloneMariadb::class:
$activity = StartMariadb::run($database);
break;
- case \App\Models\StandaloneKeydb::class:
+ case StandaloneKeydb::class:
$activity = StartKeydb::run($database);
break;
- case \App\Models\StandaloneDragonfly::class:
+ case StandaloneDragonfly::class:
$activity = StartDragonfly::run($database);
break;
- case \App\Models\StandaloneClickhouse::class:
+ case StandaloneClickhouse::class:
$activity = StartClickhouse::run($database);
break;
}
diff --git a/app/Actions/Database/StartDatabaseProxy.php b/app/Actions/Database/StartDatabaseProxy.php
index fa39f7909..1057d1e4d 100644
--- a/app/Actions/Database/StartDatabaseProxy.php
+++ b/app/Actions/Database/StartDatabaseProxy.php
@@ -11,14 +11,19 @@
use App\Models\StandaloneMysql;
use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis;
+use App\Notifications\Container\ContainerRestarted;
use Lorisleiva\Actions\Concerns\AsAction;
+use Lorisleiva\Actions\Decorators\JobDecorator;
use Symfony\Component\Yaml\Yaml;
class StartDatabaseProxy
{
use AsAction;
- public string $jobQueue = 'high';
+ public function configureJob(JobDecorator $job): void
+ {
+ $job->onQueue(deployment_queue());
+ }
public function handle(StandaloneRedis|StandalonePostgresql|StandaloneMongodb|StandaloneMysql|StandaloneMariadb|StandaloneKeydb|StandaloneDragonfly|StandaloneClickhouse|ServiceDatabase $database)
{
@@ -29,7 +34,7 @@ public function handle(StandaloneRedis|StandalonePostgresql|StandaloneMongodb|St
$proxyContainerName = "{$database->uuid}-proxy";
$isSSLEnabled = $database->enable_ssl ?? false;
- if ($database->getMorphClass() === \App\Models\ServiceDatabase::class) {
+ if ($database->getMorphClass() === ServiceDatabase::class) {
$databaseType = $database->databaseType();
$network = $database->service->uuid;
$server = data_get($database, 'service.destination.server');
@@ -132,7 +137,7 @@ public function handle(StandaloneRedis|StandalonePostgresql|StandaloneMongodb|St
?? data_get($database, 'service.environment.project.team');
$team?->notify(
- new \App\Notifications\Container\ContainerRestarted(
+ new ContainerRestarted(
"TCP Proxy for {$database->name} database has been disabled due to error: {$e->getMessage()}",
$server,
)
diff --git a/app/Actions/Database/StartDragonfly.php b/app/Actions/Database/StartDragonfly.php
index cd820523d..b78a0987d 100644
--- a/app/Actions/Database/StartDragonfly.php
+++ b/app/Actions/Database/StartDragonfly.php
@@ -106,13 +106,9 @@ public function handle(StandaloneDragonfly $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => "redis-cli -a {$this->database->dragonfly_password} ping",
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD', 'redis-cli', '-a', (string) $this->database->dragonfly_password, 'ping',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -182,6 +178,9 @@ public function handle(StandaloneDragonfly $database)
$docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
$docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
diff --git a/app/Actions/Database/StartKeydb.php b/app/Actions/Database/StartKeydb.php
index fe80a7d54..89258fe24 100644
--- a/app/Actions/Database/StartKeydb.php
+++ b/app/Actions/Database/StartKeydb.php
@@ -108,13 +108,9 @@ public function handle(StandaloneKeydb $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => "keydb-cli --pass {$this->database->keydb_password} ping",
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD', 'keydb-cli', '--pass', (string) $this->database->keydb_password, 'ping',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -166,7 +162,7 @@ public function handle(StandaloneKeydb $database)
$docker_compose['volumes'] = $volume_names;
}
- if (! is_null($this->database->keydb_conf) || ! empty($this->database->keydb_conf)) {
+ if (! is_null($this->database->keydb_conf) && ! empty($this->database->keydb_conf)) {
$docker_compose['services'][$container_name]['volumes'] = array_merge(
$docker_compose['services'][$container_name]['volumes'] ?? [],
[
@@ -197,6 +193,9 @@ public function handle(StandaloneKeydb $database)
// Add custom docker run options
$docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
$docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php
index 498ba0b0b..2e8faea9a 100644
--- a/app/Actions/Database/StartMariadb.php
+++ b/app/Actions/Database/StartMariadb.php
@@ -103,13 +103,9 @@ public function handle(StandaloneMariadb $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized'],
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD', 'healthcheck.sh', '--connect', '--innodb_initialized',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -175,7 +171,7 @@ public function handle(StandaloneMariadb $database)
);
}
- if (! is_null($this->database->mariadb_conf) || ! empty($this->database->mariadb_conf)) {
+ if (! is_null($this->database->mariadb_conf) && ! empty($this->database->mariadb_conf)) {
$docker_compose['services'][$container_name]['volumes'] = array_merge(
$docker_compose['services'][$container_name]['volumes'],
[
@@ -202,6 +198,9 @@ public function handle(StandaloneMariadb $database)
];
}
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
diff --git a/app/Actions/Database/StartMongodb.php b/app/Actions/Database/StartMongodb.php
index 9565990c1..80ec812a1 100644
--- a/app/Actions/Database/StartMongodb.php
+++ b/app/Actions/Database/StartMongodb.php
@@ -109,17 +109,11 @@ public function handle(StandaloneMongodb $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => [
- 'CMD',
- 'echo',
- 'ok',
- ],
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD',
+ 'echo',
+ 'ok',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -253,6 +247,9 @@ public function handle(StandaloneMongodb $database)
$docker_compose['services'][$container_name]['command'] = $commandParts;
}
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
@@ -340,7 +337,10 @@ private function add_custom_mongo_conf()
private function add_default_database()
{
- $content = "db = db.getSiblingDB(\"{$this->database->mongo_initdb_database}\");db.createCollection('init_collection');db.createUser({user: \"{$this->database->mongo_initdb_root_username}\", pwd: \"{$this->database->mongo_initdb_root_password}\",roles: [{role:\"readWrite\",db:\"{$this->database->mongo_initdb_database}\"}]});";
+ $dbJson = json_encode($this->database->mongo_initdb_database, JSON_UNESCAPED_SLASHES);
+ $userJson = json_encode($this->database->mongo_initdb_root_username, JSON_UNESCAPED_SLASHES);
+ $pwdJson = json_encode($this->database->mongo_initdb_root_password, JSON_UNESCAPED_SLASHES);
+ $content = "db = db.getSiblingDB({$dbJson});db.createCollection('init_collection');db.createUser({user: {$userJson}, pwd: {$pwdJson}, roles: [{role:\"readWrite\",db:{$dbJson}}]});";
$content_base64 = base64_encode($content);
$this->commands[] = "mkdir -p $this->configuration_dir/docker-entrypoint-initdb.d";
$this->commands[] = "echo '{$content_base64}' | base64 -d | tee $this->configuration_dir/docker-entrypoint-initdb.d/01-default-database.js > /dev/null";
diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php
index 337516405..0445bddcd 100644
--- a/app/Actions/Database/StartMysql.php
+++ b/app/Actions/Database/StartMysql.php
@@ -103,13 +103,9 @@ public function handle(StandaloneMysql $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => ['CMD', 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', "-p{$this->database->mysql_root_password}"],
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD', 'mysqladmin', 'ping', '-h', 'localhost', '-u', 'root', "-p{$this->database->mysql_root_password}",
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -175,7 +171,7 @@ public function handle(StandaloneMysql $database)
);
}
- if (! is_null($this->database->mysql_conf) || ! empty($this->database->mysql_conf)) {
+ if (! is_null($this->database->mysql_conf) && ! empty($this->database->mysql_conf)) {
$docker_compose['services'][$container_name]['volumes'] = array_merge(
$docker_compose['services'][$container_name]['volumes'] ?? [],
[
@@ -203,6 +199,9 @@ public function handle(StandaloneMysql $database)
];
}
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
@@ -215,7 +214,8 @@ public function handle(StandaloneMysql $database)
$this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
if ($this->database->enable_ssl) {
- $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->mysql_user}:{$this->database->mysql_user} /etc/mysql/certs/server.crt /etc/mysql/certs/server.key");
+ $mysqlUser = escapeshellarg($this->database->mysql_user);
+ $this->commands[] = executeInDocker($this->database->uuid, "chown {$mysqlUser}:{$mysqlUser} /etc/mysql/certs/server.crt /etc/mysql/certs/server.key");
}
$this->commands[] = "echo 'Database started.'";
diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php
index 41e39c811..ae7ae9860 100644
--- a/app/Actions/Database/StartPostgresql.php
+++ b/app/Actions/Database/StartPostgresql.php
@@ -110,16 +110,9 @@ public function handle(StandalonePostgresql $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => [
- 'CMD-SHELL',
- "psql -U {$this->database->postgres_user} -d {$this->database->postgres_db} -c 'SELECT 1' || exit 1",
- ],
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD', 'psql', '-U', (string) $this->database->postgres_user, '-d', (string) $this->database->postgres_db, '-c', 'SELECT 1',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -216,6 +209,9 @@ public function handle(StandalonePostgresql $database)
$docker_compose['services'][$container_name]['command'] = $command;
}
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
@@ -227,7 +223,8 @@ public function handle(StandalonePostgresql $database)
$this->commands[] = "docker rm -f $container_name 2>/dev/null || true";
$this->commands[] = "docker compose -f $this->configuration_dir/docker-compose.yml up -d";
if ($this->database->enable_ssl) {
- $this->commands[] = executeInDocker($this->database->uuid, "chown {$this->database->postgres_user}:{$this->database->postgres_user} /var/lib/postgresql/certs/server.key /var/lib/postgresql/certs/server.crt");
+ $postgresUser = escapeshellarg($this->database->postgres_user);
+ $this->commands[] = executeInDocker($this->database->uuid, "chown {$postgresUser}:{$postgresUser} /var/lib/postgresql/certs/server.key /var/lib/postgresql/certs/server.crt");
}
$this->commands[] = "echo 'Database started.'";
@@ -304,9 +301,18 @@ private function generate_init_scripts()
foreach ($this->database->init_scripts as $init_script) {
$filename = data_get($init_script, 'filename');
$content = data_get($init_script, 'content');
+
+ // Normalise filename without rejecting legacy values so previously created
+ // init scripts keep deploying. basename() strips any directory components
+ // (path traversal) and escapeshellarg() contains every shell metacharacter
+ // in the tee target. Livewire / API validate new filenames up front.
+ $filename = basename((string) $filename);
+
+ $target_path = "$this->configuration_dir/docker-entrypoint-initdb.d/{$filename}";
+ $escaped_target = escapeshellarg($target_path);
$content_base64 = base64_encode($content);
- $this->commands[] = "echo '{$content_base64}' | base64 -d | tee $this->configuration_dir/docker-entrypoint-initdb.d/{$filename} > /dev/null";
- $this->init_scripts[] = "$this->configuration_dir/docker-entrypoint-initdb.d/{$filename}";
+ $this->commands[] = "echo '{$content_base64}' | base64 -d | tee {$escaped_target} > /dev/null";
+ $this->init_scripts[] = $target_path;
}
}
diff --git a/app/Actions/Database/StartRedis.php b/app/Actions/Database/StartRedis.php
index 70df91054..64b434821 100644
--- a/app/Actions/Database/StartRedis.php
+++ b/app/Actions/Database/StartRedis.php
@@ -105,17 +105,11 @@ public function handle(StandaloneRedis $database)
$this->database->destination->network,
],
'labels' => defaultDatabaseLabels($this->database)->toArray(),
- 'healthcheck' => [
- 'test' => [
- 'CMD-SHELL',
- 'redis-cli',
- 'ping',
- ],
- 'interval' => '5s',
- 'timeout' => '5s',
- 'retries' => 10,
- 'start_period' => '5s',
- ],
+ 'healthcheck' => $this->database->healthCheckConfiguration([
+ 'CMD-SHELL',
+ 'redis-cli',
+ 'ping',
+ ]),
'mem_limit' => $this->database->limits_memory,
'memswap_limit' => $this->database->limits_memory_swap,
'mem_swappiness' => $this->database->limits_memory_swappiness,
@@ -181,7 +175,7 @@ public function handle(StandaloneRedis $database)
);
}
- if (! is_null($this->database->redis_conf) || ! empty($this->database->redis_conf)) {
+ if (! is_null($this->database->redis_conf) && ! empty($this->database->redis_conf)) {
$docker_compose['services'][$container_name]['volumes'][] = [
'type' => 'bind',
'source' => $this->configuration_dir.'/redis.conf',
@@ -194,6 +188,9 @@ public function handle(StandaloneRedis $database)
$docker_run_options = convertDockerRunToCompose($this->database->custom_docker_run_options);
$docker_compose = generateCustomDockerRunOptionsForDatabases($docker_run_options, $docker_compose, $container_name, $this->database->destination->network);
+ if (! $this->database->isHealthcheckEnabled()) {
+ unset($docker_compose['services'][$container_name]['healthcheck']);
+ }
$docker_compose = Yaml::dump($docker_compose, 10);
$docker_compose_base64 = base64_encode($docker_compose);
$this->commands[] = "echo '{$docker_compose_base64}' | base64 -d | tee $this->configuration_dir/docker-compose.yml > /dev/null";
diff --git a/app/Actions/Fortify/CreateNewUser.php b/app/Actions/Fortify/CreateNewUser.php
index 7ea6a871e..cddf66389 100644
--- a/app/Actions/Fortify/CreateNewUser.php
+++ b/app/Actions/Fortify/CreateNewUser.php
@@ -2,6 +2,7 @@
namespace App\Actions\Fortify;
+use App\Models\Team;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
@@ -44,7 +45,10 @@ public function create(array $input): User
'password' => Hash::make($input['password']),
]);
$user->save();
- $team = $user->teams()->first();
+ $team = $user->teams()->first() ?? Team::find(0);
+ if ($team !== null && ! $user->teams()->where('team_id', $team->id)->exists()) {
+ $user->teams()->attach($team, ['role' => 'owner']);
+ }
// Disable registration after first user is created
$settings = instanceSettings();
diff --git a/app/Actions/Server/CleanupDocker.php b/app/Actions/Server/CleanupDocker.php
index 0d9ca0153..33558c746 100644
--- a/app/Actions/Server/CleanupDocker.php
+++ b/app/Actions/Server/CleanupDocker.php
@@ -48,9 +48,10 @@ public function handle(Server $server, bool $deleteUnusedVolumes = false, bool $
);
$commands = [
- 'docker container prune -f --filter "label=coolify.managed=true" --filter "label!=coolify.proxy=true"',
+ 'docker container prune -f --filter "label=coolify.managed=true" --filter "label!=coolify.proxy=true" --filter "label!=coolify.type=database" --filter "label!=coolify.type=application" --filter "label!=coolify.type=service"',
$imagePruneCmd,
'docker builder prune -af',
+ 'docker buildx prune --builder coolify-railpack -af 2>/dev/null || true',
"docker images --filter before=$helperImageWithVersion --filter reference=$helperImage | grep $helperImage | awk '{print $3}' | xargs -r docker rmi -f",
"docker images --filter before=$realtimeImageWithVersion --filter reference=$realtimeImage | grep $realtimeImage | awk '{print $3}' | xargs -r docker rmi -f",
"docker images --filter before=$helperImageWithoutPrefixVersion --filter reference=$helperImageWithoutPrefix | grep $helperImageWithoutPrefix | awk '{print $3}' | xargs -r docker rmi -f",
diff --git a/app/Actions/Server/ResourcesCheck.php b/app/Actions/Server/ResourcesCheck.php
deleted file mode 100644
index e6b90ba38..000000000
--- a/app/Actions/Server/ResourcesCheck.php
+++ /dev/null
@@ -1,41 +0,0 @@
-subSeconds($seconds))->update(['status' => 'exited']);
- ServiceApplication::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- ServiceDatabase::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandalonePostgresql::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneRedis::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneMongodb::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneMysql::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneMariadb::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneKeydb::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneDragonfly::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- StandaloneClickhouse::where('last_online_at', '<', now()->subSeconds($seconds))->update(['status' => 'exited']);
- } catch (\Throwable $e) {
- return handleError($e);
- }
- }
-}
diff --git a/app/Actions/Server/StartSentinel.php b/app/Actions/Server/StartSentinel.php
index 071f3ec46..289ab9ebe 100644
--- a/app/Actions/Server/StartSentinel.php
+++ b/app/Actions/Server/StartSentinel.php
@@ -4,7 +4,6 @@
use App\Events\SentinelRestarted;
use App\Models\Server;
-use App\Models\ServerSetting;
use Lorisleiva\Actions\Concerns\AsAction;
class StartSentinel
@@ -23,10 +22,7 @@ public function handle(Server $server, bool $restart = false, ?string $latestVer
$metricsHistory = data_get($server, 'settings.sentinel_metrics_history_days');
$refreshRate = data_get($server, 'settings.sentinel_metrics_refresh_rate_seconds');
$pushInterval = data_get($server, 'settings.sentinel_push_interval_seconds');
- $token = data_get($server, 'settings.sentinel_token');
- if (! ServerSetting::isValidSentinelToken($token)) {
- throw new \RuntimeException('Invalid sentinel token format. Token must contain only alphanumeric characters, dots, hyphens, and underscores.');
- }
+ $token = $server->settings->ensureValidSentinelToken();
$endpoint = data_get($server, 'settings.sentinel_custom_url');
$debug = data_get($server, 'settings.is_sentinel_debug_enabled');
$mountDir = '/data/coolify/sentinel';
diff --git a/app/Actions/Service/RestartService.php b/app/Actions/Service/RestartService.php
index d38ef54d6..6acd3b0a4 100644
--- a/app/Actions/Service/RestartService.php
+++ b/app/Actions/Service/RestartService.php
@@ -13,8 +13,10 @@ class RestartService
public function handle(Service $service, bool $pullLatestImages)
{
- StopService::run($service);
-
- return StartService::run($service, $pullLatestImages);
+ return StartService::run(
+ service: $service,
+ pullLatestImages: $pullLatestImages,
+ stopBeforeStart: true,
+ );
}
}
diff --git a/app/Actions/Service/StartService.php b/app/Actions/Service/StartService.php
index 17948d93b..89817506d 100644
--- a/app/Actions/Service/StartService.php
+++ b/app/Actions/Service/StartService.php
@@ -4,18 +4,22 @@
use App\Models\Service;
use Lorisleiva\Actions\Concerns\AsAction;
+use Lorisleiva\Actions\Decorators\JobDecorator;
use Symfony\Component\Yaml\Yaml;
class StartService
{
use AsAction;
- public string $jobQueue = 'high';
+ public function configureJob(JobDecorator $job): void
+ {
+ $job->onQueue(deployment_queue());
+ }
public function handle(Service $service, bool $pullLatestImages = false, bool $stopBeforeStart = false)
{
$service->parse();
- if ($stopBeforeStart) {
+ if ($this->shouldStopBeforeStarting($pullLatestImages, $stopBeforeStart)) {
StopService::run(service: $service, dockerCleanup: false);
}
$service->saveComposeConfigs();
@@ -49,4 +53,9 @@ public function handle(Service $service, bool $pullLatestImages = false, bool $s
return remote_process($commands, $service->server, type_uuid: $service->uuid, callEventOnFinish: 'ServiceStatusChanged');
}
+
+ private function shouldStopBeforeStarting(bool $pullLatestImages, bool $stopBeforeStart): bool
+ {
+ return $stopBeforeStart && ! $pullLatestImages;
+ }
}
diff --git a/app/Console/Commands/CleanupUnreachableServers.php b/app/Console/Commands/CleanupUnreachableServers.php
index 09563a2c3..666e98a18 100644
--- a/app/Console/Commands/CleanupUnreachableServers.php
+++ b/app/Console/Commands/CleanupUnreachableServers.php
@@ -18,9 +18,13 @@ public function handle()
if ($servers->count() > 0) {
foreach ($servers as $server) {
echo "Cleanup unreachable server ($server->id) with name $server->name";
- $server->update([
- 'ip' => '1.2.3.4',
- ]);
+ if (isCloud()) {
+ $server->update([
+ 'ip' => '1.2.3.4',
+ ]);
+ } else {
+ $server->forceDisableServer();
+ }
}
}
}
diff --git a/app/Console/Commands/Generate/Services.php b/app/Console/Commands/Generate/Services.php
index 42f9360bb..e316fc391 100644
--- a/app/Console/Commands/Generate/Services.php
+++ b/app/Console/Commands/Generate/Services.php
@@ -88,6 +88,14 @@ private function processFile(string $file): false|array
$payload['envs'] = base64_encode($envFileContent);
}
+ if (str($data->get('amd_only'))->toBoolean()) {
+ $payload['amd_only'] = true;
+ }
+
+ if (str($data->get('arm_only'))->toBoolean()) {
+ $payload['arm_only'] = true;
+ }
+
return $payload;
}
@@ -160,6 +168,14 @@ private function processFileWithFqdn(string $file): false|array
$payload['envs'] = base64_encode($modifiedEnvContent);
}
+ if (str($data->get('amd_only'))->toBoolean()) {
+ $payload['amd_only'] = true;
+ }
+
+ if (str($data->get('arm_only'))->toBoolean()) {
+ $payload['arm_only'] = true;
+ }
+
return $payload;
}
@@ -229,6 +245,14 @@ private function processFileWithFqdnRaw(string $file): false|array
$payload['envs'] = $modifiedEnvContent;
}
+ if (str($data->get('amd_only'))->toBoolean()) {
+ $payload['amd_only'] = true;
+ }
+
+ if (str($data->get('arm_only'))->toBoolean()) {
+ $payload['arm_only'] = true;
+ }
+
return $payload;
}
}
diff --git a/app/Console/Commands/SyncBunny.php b/app/Console/Commands/SyncBunny.php
index 9ac3371e0..d6d77f22e 100644
--- a/app/Console/Commands/SyncBunny.php
+++ b/app/Console/Commands/SyncBunny.php
@@ -16,7 +16,7 @@ class SyncBunny extends Command
*
* @var string
*/
- protected $signature = 'sync:bunny {--templates} {--release} {--github-releases} {--github-versions} {--nightly}';
+ protected $signature = 'sync:bunny {--templates} {--release} {--nightly}';
/**
* The console command description.
@@ -25,650 +25,6 @@ class SyncBunny extends Command
*/
protected $description = 'Sync files to BunnyCDN';
- /**
- * Fetch GitHub releases and sync to GitHub repository
- */
- private function syncReleasesToGitHubRepo(): bool
- {
- $this->info('Fetching releases from GitHub...');
- try {
- $response = Http::timeout(30)
- ->get('https://api.github.com/repos/coollabsio/coolify/releases', [
- 'per_page' => 30, // Fetch more releases for better changelog
- ]);
-
- if (! $response->successful()) {
- $this->error('Failed to fetch releases from GitHub: '.$response->status());
-
- return false;
- }
-
- $releases = $response->json();
- $timestamp = time();
- $tmpDir = sys_get_temp_dir().'/coolify-cdn-'.$timestamp;
- $branchName = 'update-releases-'.$timestamp;
-
- // Clone the repository
- $this->info('Cloning coolify-cdn repository...');
- $output = [];
- exec('gh repo clone coollabsio/coolify-cdn '.escapeshellarg($tmpDir).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to clone repository: '.implode("\n", $output));
-
- return false;
- }
-
- // Create feature branch
- $this->info('Creating feature branch...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git checkout -b '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to create branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Write releases.json
- $this->info('Writing releases.json...');
- $releasesPath = "$tmpDir/json/releases.json";
- $releasesDir = dirname($releasesPath);
-
- // Ensure directory exists
- if (! is_dir($releasesDir)) {
- $this->info("Creating directory: $releasesDir");
- if (! mkdir($releasesDir, 0755, true)) {
- $this->error("Failed to create directory: $releasesDir");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
- }
-
- $jsonContent = json_encode($releases, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
- $bytesWritten = file_put_contents($releasesPath, $jsonContent);
-
- if ($bytesWritten === false) {
- $this->error("Failed to write releases.json to: $releasesPath");
- $this->error('Possible reasons: permission denied or disk full.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Stage and commit
- $this->info('Committing changes...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git add json/releases.json 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to stage changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- $this->info('Checking for changes...');
- $statusOutput = [];
- exec('cd '.escapeshellarg($tmpDir).' && git status --porcelain json/releases.json 2>&1', $statusOutput, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to check repository status: '.implode("\n", $statusOutput));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- if (empty(array_filter($statusOutput))) {
- $this->info('Releases are already up to date. No changes to commit.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return true;
- }
-
- $commitMessage = 'Update releases.json with latest releases - '.date('Y-m-d H:i:s');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git commit -m '.escapeshellarg($commitMessage).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to commit changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Push to remote
- $this->info('Pushing branch to remote...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git push origin '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to push branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Create pull request
- $this->info('Creating pull request...');
- $prTitle = 'Update releases.json - '.date('Y-m-d H:i:s');
- $prBody = 'Automated update of releases.json with latest '.count($releases).' releases from GitHub API';
- $prCommand = 'gh pr create --repo coollabsio/coolify-cdn --title '.escapeshellarg($prTitle).' --body '.escapeshellarg($prBody).' --base main --head '.escapeshellarg($branchName).' 2>&1';
- $output = [];
- exec($prCommand, $output, $returnCode);
-
- // Clean up
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- if ($returnCode !== 0) {
- $this->error('Failed to create PR: '.implode("\n", $output));
-
- return false;
- }
-
- $this->info('Pull request created successfully!');
- if (! empty($output)) {
- $this->info('PR Output: '.implode("\n", $output));
- }
- $this->info('Total releases synced: '.count($releases));
-
- return true;
- } catch (\Throwable $e) {
- $this->error('Error syncing releases: '.$e->getMessage());
-
- return false;
- }
- }
-
- /**
- * Sync both releases.json and versions.json to GitHub repository in one PR
- */
- private function syncReleasesAndVersionsToGitHubRepo(string $versionsLocation, bool $nightly = false): bool
- {
- $this->info('Syncing releases.json and versions.json to GitHub repository...');
- try {
- // 1. Fetch releases from GitHub API
- $this->info('Fetching releases from GitHub API...');
- $response = Http::timeout(30)
- ->get('https://api.github.com/repos/coollabsio/coolify/releases', [
- 'per_page' => 30,
- ]);
-
- if (! $response->successful()) {
- $this->error('Failed to fetch releases from GitHub: '.$response->status());
-
- return false;
- }
-
- $releases = $response->json();
-
- // 2. Read versions.json
- if (! file_exists($versionsLocation)) {
- $this->error("versions.json not found at: $versionsLocation");
-
- return false;
- }
-
- $file = file_get_contents($versionsLocation);
- $versionsJson = json_decode($file, true);
- $actualVersion = data_get($versionsJson, 'coolify.v4.version');
-
- $timestamp = time();
- $tmpDir = sys_get_temp_dir().'/coolify-cdn-combined-'.$timestamp;
- $branchName = 'update-releases-and-versions-'.$timestamp;
- $versionsTargetPath = $nightly ? 'json/versions-nightly.json' : 'json/versions.json';
-
- // 3. Clone the repository
- $this->info('Cloning coolify-cdn repository...');
- $output = [];
- exec('gh repo clone coollabsio/coolify-cdn '.escapeshellarg($tmpDir).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to clone repository: '.implode("\n", $output));
-
- return false;
- }
-
- // 4. Create feature branch
- $this->info('Creating feature branch...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git checkout -b '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to create branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // 5. Write releases.json
- $this->info('Writing releases.json...');
- $releasesPath = "$tmpDir/json/releases.json";
- $releasesDir = dirname($releasesPath);
-
- if (! is_dir($releasesDir)) {
- if (! mkdir($releasesDir, 0755, true)) {
- $this->error("Failed to create directory: $releasesDir");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
- }
-
- $releasesJsonContent = json_encode($releases, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
- if (file_put_contents($releasesPath, $releasesJsonContent) === false) {
- $this->error("Failed to write releases.json to: $releasesPath");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // 6. Write versions.json
- $this->info('Writing versions.json...');
- $versionsPath = "$tmpDir/$versionsTargetPath";
- $versionsDir = dirname($versionsPath);
-
- if (! is_dir($versionsDir)) {
- if (! mkdir($versionsDir, 0755, true)) {
- $this->error("Failed to create directory: $versionsDir");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
- }
-
- $versionsJsonContent = json_encode($versionsJson, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
- if (file_put_contents($versionsPath, $versionsJsonContent) === false) {
- $this->error("Failed to write versions.json to: $versionsPath");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // 7. Stage both files
- $this->info('Staging changes...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git add json/releases.json '.escapeshellarg($versionsTargetPath).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to stage changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // 8. Check for changes
- $this->info('Checking for changes...');
- $statusOutput = [];
- exec('cd '.escapeshellarg($tmpDir).' && git status --porcelain 2>&1', $statusOutput, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to check repository status: '.implode("\n", $statusOutput));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- if (empty(array_filter($statusOutput))) {
- $this->info('Both files are already up to date. No changes to commit.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return true;
- }
-
- // 9. Commit changes
- $envLabel = $nightly ? 'NIGHTLY' : 'PRODUCTION';
- $commitMessage = "Update releases.json and $envLabel versions.json to $actualVersion - ".date('Y-m-d H:i:s');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git commit -m '.escapeshellarg($commitMessage).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to commit changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // 10. Push to remote
- $this->info('Pushing branch to remote...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git push origin '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to push branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // 11. Create pull request
- $this->info('Creating pull request...');
- $prTitle = "Update releases.json and $envLabel versions.json to $actualVersion - ".date('Y-m-d H:i:s');
- $prBody = "Automated update:\n- releases.json with latest ".count($releases)." releases from GitHub API\n- $envLabel versions.json to version $actualVersion";
- $prCommand = 'gh pr create --repo coollabsio/coolify-cdn --title '.escapeshellarg($prTitle).' --body '.escapeshellarg($prBody).' --base main --head '.escapeshellarg($branchName).' 2>&1';
- $output = [];
- exec($prCommand, $output, $returnCode);
-
- // 12. Clean up
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- if ($returnCode !== 0) {
- $this->error('Failed to create PR: '.implode("\n", $output));
-
- return false;
- }
-
- $this->info('Pull request created successfully!');
- if (! empty($output)) {
- $this->info('PR URL: '.implode("\n", $output));
- }
- $this->info("Version synced: $actualVersion");
- $this->info('Total releases synced: '.count($releases));
-
- return true;
- } catch (\Throwable $e) {
- $this->error('Error syncing to GitHub: '.$e->getMessage());
-
- return false;
- }
- }
-
- /**
- * Sync install.sh, docker-compose, and env files to GitHub repository via PR
- */
- private function syncFilesToGitHubRepo(array $files, bool $nightly = false): bool
- {
- $envLabel = $nightly ? 'NIGHTLY' : 'PRODUCTION';
- $this->info("Syncing $envLabel files to GitHub repository...");
- try {
- $timestamp = time();
- $tmpDir = sys_get_temp_dir().'/coolify-cdn-files-'.$timestamp;
- $branchName = 'update-files-'.$timestamp;
-
- // Clone the repository
- $this->info('Cloning coolify-cdn repository...');
- $output = [];
- exec('gh repo clone coollabsio/coolify-cdn '.escapeshellarg($tmpDir).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to clone repository: '.implode("\n", $output));
-
- return false;
- }
-
- // Create feature branch
- $this->info('Creating feature branch...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git checkout -b '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to create branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Copy each file to its target path in the CDN repo
- $copiedFiles = [];
- foreach ($files as $sourceFile => $targetPath) {
- if (! file_exists($sourceFile)) {
- $this->warn("Source file not found, skipping: $sourceFile");
-
- continue;
- }
-
- $destPath = "$tmpDir/$targetPath";
- $destDir = dirname($destPath);
-
- if (! is_dir($destDir)) {
- if (! mkdir($destDir, 0755, true)) {
- $this->error("Failed to create directory: $destDir");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
- }
-
- if (copy($sourceFile, $destPath) === false) {
- $this->error("Failed to copy $sourceFile to $destPath");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- $copiedFiles[] = $targetPath;
- $this->info("Copied: $targetPath");
- }
-
- if (empty($copiedFiles)) {
- $this->warn('No files were copied. Nothing to commit.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return true;
- }
-
- // Stage all copied files
- $this->info('Staging changes...');
- $output = [];
- $stageCmd = 'cd '.escapeshellarg($tmpDir).' && git add '.implode(' ', array_map('escapeshellarg', $copiedFiles)).' 2>&1';
- exec($stageCmd, $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to stage changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Check for changes
- $this->info('Checking for changes...');
- $statusOutput = [];
- exec('cd '.escapeshellarg($tmpDir).' && git status --porcelain 2>&1', $statusOutput, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to check repository status: '.implode("\n", $statusOutput));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- if (empty(array_filter($statusOutput))) {
- $this->info('All files are already up to date. No changes to commit.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return true;
- }
-
- // Commit changes
- $commitMessage = "Update $envLabel files (install.sh, docker-compose, env) - ".date('Y-m-d H:i:s');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git commit -m '.escapeshellarg($commitMessage).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to commit changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Push to remote
- $this->info('Pushing branch to remote...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git push origin '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to push branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Create pull request
- $this->info('Creating pull request...');
- $prTitle = "Update $envLabel files - ".date('Y-m-d H:i:s');
- $fileList = implode("\n- ", $copiedFiles);
- $prBody = "Automated update of $envLabel files:\n- $fileList";
- $prCommand = 'gh pr create --repo coollabsio/coolify-cdn --title '.escapeshellarg($prTitle).' --body '.escapeshellarg($prBody).' --base main --head '.escapeshellarg($branchName).' 2>&1';
- $output = [];
- exec($prCommand, $output, $returnCode);
-
- // Clean up
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- if ($returnCode !== 0) {
- $this->error('Failed to create PR: '.implode("\n", $output));
-
- return false;
- }
-
- $this->info('Pull request created successfully!');
- if (! empty($output)) {
- $this->info('PR URL: '.implode("\n", $output));
- }
- $this->info('Files synced: '.count($copiedFiles));
-
- return true;
- } catch (\Throwable $e) {
- $this->error('Error syncing files to GitHub: '.$e->getMessage());
-
- return false;
- }
- }
-
- /**
- * Sync versions.json to GitHub repository via PR
- */
- private function syncVersionsToGitHubRepo(string $versionsLocation, bool $nightly = false): bool
- {
- $this->info('Syncing versions.json to GitHub repository...');
- try {
- if (! file_exists($versionsLocation)) {
- $this->error("versions.json not found at: $versionsLocation");
-
- return false;
- }
-
- $file = file_get_contents($versionsLocation);
- $json = json_decode($file, true);
- $actualVersion = data_get($json, 'coolify.v4.version');
-
- $timestamp = time();
- $tmpDir = sys_get_temp_dir().'/coolify-cdn-versions-'.$timestamp;
- $branchName = 'update-versions-'.$timestamp;
- $targetPath = $nightly ? 'json/versions-nightly.json' : 'json/versions.json';
-
- // Clone the repository
- $this->info('Cloning coolify-cdn repository...');
- exec('gh repo clone coollabsio/coolify-cdn '.escapeshellarg($tmpDir).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to clone repository: '.implode("\n", $output));
-
- return false;
- }
-
- // Create feature branch
- $this->info('Creating feature branch...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git checkout -b '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to create branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Write versions.json
- $this->info('Writing versions.json...');
- $versionsPath = "$tmpDir/$targetPath";
- $versionsDir = dirname($versionsPath);
-
- // Ensure directory exists
- if (! is_dir($versionsDir)) {
- $this->info("Creating directory: $versionsDir");
- if (! mkdir($versionsDir, 0755, true)) {
- $this->error("Failed to create directory: $versionsDir");
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
- }
-
- $jsonContent = json_encode($json, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
- $bytesWritten = file_put_contents($versionsPath, $jsonContent);
-
- if ($bytesWritten === false) {
- $this->error("Failed to write versions.json to: $versionsPath");
- $this->error('Possible reasons: permission denied or disk full.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Stage and commit
- $this->info('Committing changes...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git add '.escapeshellarg($targetPath).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to stage changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- $this->info('Checking for changes...');
- $statusOutput = [];
- exec('cd '.escapeshellarg($tmpDir).' && git status --porcelain '.escapeshellarg($targetPath).' 2>&1', $statusOutput, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to check repository status: '.implode("\n", $statusOutput));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- if (empty(array_filter($statusOutput))) {
- $this->info('versions.json is already up to date. No changes to commit.');
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return true;
- }
-
- $envLabel = $nightly ? 'NIGHTLY' : 'PRODUCTION';
- $commitMessage = "Update $envLabel versions.json to $actualVersion - ".date('Y-m-d H:i:s');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git commit -m '.escapeshellarg($commitMessage).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to commit changes: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Push to remote
- $this->info('Pushing branch to remote...');
- $output = [];
- exec('cd '.escapeshellarg($tmpDir).' && git push origin '.escapeshellarg($branchName).' 2>&1', $output, $returnCode);
- if ($returnCode !== 0) {
- $this->error('Failed to push branch: '.implode("\n", $output));
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- return false;
- }
-
- // Create pull request
- $this->info('Creating pull request...');
- $prTitle = "Update $envLabel versions.json to $actualVersion - ".date('Y-m-d H:i:s');
- $prBody = "Automated update of $envLabel versions.json to version $actualVersion";
- $output = [];
- $prCommand = 'gh pr create --repo coollabsio/coolify-cdn --title '.escapeshellarg($prTitle).' --body '.escapeshellarg($prBody).' --base main --head '.escapeshellarg($branchName).' 2>&1';
- exec($prCommand, $output, $returnCode);
-
- // Clean up
- exec('rm -rf '.escapeshellarg($tmpDir));
-
- if ($returnCode !== 0) {
- $this->error('Failed to create PR: '.implode("\n", $output));
-
- return false;
- }
-
- $this->info('Pull request created successfully!');
- if (! empty($output)) {
- $this->info('PR URL: '.implode("\n", $output));
- }
- $this->info("Version synced: $actualVersion");
-
- return true;
- } catch (\Throwable $e) {
- $this->error('Error syncing versions.json: '.$e->getMessage());
-
- return false;
- }
- }
-
/**
* Execute the console command.
*/
@@ -677,8 +33,6 @@ public function handle()
$that = $this;
$only_template = $this->option('templates');
$only_version = $this->option('release');
- $only_github_releases = $this->option('github-releases');
- $only_github_versions = $this->option('github-versions');
$nightly = $this->option('nightly');
$bunny_cdn = 'https://cdn.coollabs.io';
$bunny_cdn_path = 'coolify';
@@ -736,30 +90,11 @@ public function handle()
$install_script_location = "$parent_dir/other/nightly/$install_script";
$versions_location = "$parent_dir/other/nightly/$versions";
}
- if (! $only_template && ! $only_version && ! $only_github_releases && ! $only_github_versions) {
+ if (! $only_template && ! $only_version) {
$envLabel = $nightly ? 'NIGHTLY' : 'PRODUCTION';
- $this->info("About to sync $envLabel files to BunnyCDN and create a GitHub PR for coolify-cdn.");
+ $this->info("About to sync $envLabel files to BunnyCDN.");
$this->newLine();
- // Build file mapping for diff
- if ($nightly) {
- $fileMapping = [
- $compose_file_location => 'docker/nightly/docker-compose.yml',
- $compose_file_prod_location => 'docker/nightly/docker-compose.prod.yml',
- $production_env_location => 'environment/nightly/.env.production',
- $upgrade_script_location => 'scripts/nightly/upgrade.sh',
- $install_script_location => 'scripts/nightly/install.sh',
- ];
- } else {
- $fileMapping = [
- $compose_file_location => 'docker/docker-compose.yml',
- $compose_file_prod_location => 'docker/docker-compose.prod.yml',
- $production_env_location => 'environment/.env.production',
- $upgrade_script_location => 'scripts/upgrade.sh',
- $install_script_location => 'scripts/install.sh',
- ];
- }
-
// BunnyCDN file mapping (local file => CDN URL path)
$bunnyFileMapping = [
$compose_file_location => "$bunny_cdn/$bunny_cdn_path/$compose_file",
@@ -812,44 +147,6 @@ public function handle()
}
}
- // Diff against GitHub coolify-cdn repo
- $this->newLine();
- $this->info('Fetching coolify-cdn repo to compare...');
- $output = [];
- exec('gh repo clone coollabsio/coolify-cdn '.escapeshellarg("$diffTmpDir/repo").' -- --depth 1 2>&1', $output, $returnCode);
-
- if ($returnCode === 0) {
- foreach ($fileMapping as $localFile => $cdnPath) {
- $remotePath = "$diffTmpDir/repo/$cdnPath";
- if (! file_exists($localFile)) {
- continue;
- }
- if (! file_exists($remotePath)) {
- $this->info("NEW on GitHub: $cdnPath (does not exist in coolify-cdn yet)");
- $hasChanges = true;
-
- continue;
- }
-
- $diffOutput = [];
- exec('diff -u '.escapeshellarg($remotePath).' '.escapeshellarg($localFile).' 2>&1', $diffOutput, $diffCode);
- if ($diffCode !== 0) {
- $hasChanges = true;
- $this->newLine();
- $this->info("--- GitHub: $cdnPath");
- $this->info("+++ Local: $cdnPath");
- foreach ($diffOutput as $line) {
- if (str_starts_with($line, '---') || str_starts_with($line, '+++')) {
- continue;
- }
- $this->line($line);
- }
- }
- }
- } else {
- $this->warn('Could not fetch coolify-cdn repo for diff.');
- }
-
exec('rm -rf '.escapeshellarg($diffTmpDir));
if (! $hasChanges) {
@@ -881,9 +178,9 @@ public function handle()
return;
} elseif ($only_version) {
if ($nightly) {
- $this->info('About to sync NIGHTLY versions.json to BunnyCDN and create GitHub PR.');
+ $this->info('About to sync NIGHTLY versions.json to BunnyCDN.');
} else {
- $this->info('About to sync PRODUCTION versions.json to BunnyCDN and create GitHub PR.');
+ $this->info('About to sync PRODUCTION versions.json to BunnyCDN.');
}
$file = file_get_contents($versions_location);
$json = json_decode($file, true);
@@ -891,8 +188,7 @@ public function handle()
$this->info("Version: {$actual_version}");
$this->info('This will:');
- $this->info(' 1. Sync versions.json to BunnyCDN (deprecated but still supported)');
- $this->info(' 2. Create ONE GitHub PR with both releases.json and versions.json');
+ $this->info(' 1. Sync versions.json to BunnyCDN');
$this->newLine();
$confirmed = confirm('Are you sure you want to proceed?');
@@ -900,8 +196,7 @@ public function handle()
return;
}
- // 1. Sync versions.json to BunnyCDN (deprecated but still needed)
- $this->info('Step 1/2: Syncing versions.json to BunnyCDN...');
+ $this->info('Syncing versions.json to BunnyCDN...');
Http::pool(fn (Pool $pool) => [
$pool->storage(fileName: $versions_location)->put("/$bunny_cdn_storage_name/$bunny_cdn_path/$versions"),
$pool->purge("$bunny_cdn/$bunny_cdn_path/$versions"),
@@ -909,46 +204,8 @@ public function handle()
$this->info('✓ versions.json uploaded & purged to BunnyCDN');
$this->newLine();
- // 2. Create GitHub PR with both releases.json and versions.json
- $this->info('Step 2/2: Creating GitHub PR with releases.json and versions.json...');
- $githubSuccess = $this->syncReleasesAndVersionsToGitHubRepo($versions_location, $nightly);
- if ($githubSuccess) {
- $this->info('✓ GitHub PR created successfully with both files');
- } else {
- $this->error('✗ Failed to create GitHub PR');
- }
- $this->newLine();
-
$this->info('=== Summary ===');
$this->info('BunnyCDN sync: ✓ Complete');
- $this->info('GitHub PR: '.($githubSuccess ? '✓ Created (releases.json + versions.json)' : '✗ Failed'));
-
- return;
- } elseif ($only_github_releases) {
- $this->info('About to sync GitHub releases to GitHub repository.');
- $confirmed = confirm('Are you sure you want to sync GitHub releases?');
- if (! $confirmed) {
- return;
- }
-
- // Sync releases to GitHub repository
- $this->syncReleasesToGitHubRepo();
-
- return;
- } elseif ($only_github_versions) {
- $envLabel = $nightly ? 'NIGHTLY' : 'PRODUCTION';
- $file = file_get_contents($versions_location);
- $json = json_decode($file, true);
- $actual_version = data_get($json, 'coolify.v4.version');
-
- $this->info("About to sync $envLabel versions.json ($actual_version) to GitHub repository.");
- $confirmed = confirm('Are you sure you want to sync versions.json via GitHub PR?');
- if (! $confirmed) {
- return;
- }
-
- // Sync versions.json to GitHub repository
- $this->syncVersionsToGitHubRepo($versions_location, $nightly);
return;
}
@@ -970,31 +227,8 @@ public function handle()
$this->info('All files uploaded & purged to BunnyCDN.');
$this->newLine();
- // Sync files to GitHub CDN repository via PR
- $this->info('Creating GitHub PR for coolify-cdn repository...');
- if ($nightly) {
- $files = [
- $compose_file_location => 'docker/nightly/docker-compose.yml',
- $compose_file_prod_location => 'docker/nightly/docker-compose.prod.yml',
- $production_env_location => 'environment/nightly/.env.production',
- $upgrade_script_location => 'scripts/nightly/upgrade.sh',
- $install_script_location => 'scripts/nightly/install.sh',
- ];
- } else {
- $files = [
- $compose_file_location => 'docker/docker-compose.yml',
- $compose_file_prod_location => 'docker/docker-compose.prod.yml',
- $production_env_location => 'environment/.env.production',
- $upgrade_script_location => 'scripts/upgrade.sh',
- $install_script_location => 'scripts/install.sh',
- ];
- }
-
- $githubSuccess = $this->syncFilesToGitHubRepo($files, $nightly);
- $this->newLine();
$this->info('=== Summary ===');
$this->info('BunnyCDN sync: Complete');
- $this->info('GitHub PR: '.($githubSuccess ? 'Created' : 'Failed'));
} catch (\Throwable $e) {
$this->error('Error: '.$e->getMessage());
}
diff --git a/app/Console/Commands/ViewScheduledLogs.php b/app/Console/Commands/ViewScheduledLogs.php
index 9ecf90716..b6e9a6121 100644
--- a/app/Console/Commands/ViewScheduledLogs.php
+++ b/app/Console/Commands/ViewScheduledLogs.php
@@ -28,6 +28,11 @@ class ViewScheduledLogs extends Command
public function handle()
{
$date = $this->option('date') ?: now()->format('Y-m-d');
+ if (! preg_match('/^\d{4}-\d{2}-\d{2}$/', $date)) {
+ $this->error('Invalid date format. Use Y-m-d (e.g. 2025-01-31).');
+
+ return self::INVALID;
+ }
$logPaths = $this->getLogPaths($date);
if (empty($logPaths)) {
@@ -49,17 +54,19 @@ public function handle()
$this->line('');
if (count($logPaths) === 1) {
- $logPath = $logPaths[0];
+ $logPath = escapeshellarg($logPaths[0]);
if ($filters) {
- passthru("tail -f {$logPath} | grep -E '{$filters}'");
+ $escapedFilters = escapeshellarg($filters);
+ passthru("tail -f {$logPath} | grep -E {$escapedFilters}");
} else {
passthru("tail -f {$logPath}");
}
} else {
// Multiple files - use multitail or tail with process substitution
- $logPathsStr = implode(' ', $logPaths);
+ $logPathsStr = implode(' ', array_map('escapeshellarg', $logPaths));
if ($filters) {
- passthru("tail -f {$logPathsStr} | grep -E '{$filters}'");
+ $escapedFilters = escapeshellarg($filters);
+ passthru("tail -f {$logPathsStr} | grep -E {$escapedFilters}");
} else {
passthru("tail -f {$logPathsStr}");
}
@@ -68,20 +75,23 @@ public function handle()
$this->info("Showing last {$lines} lines of {$logTypeDescription} logs for {$date}{$filterDescription}:");
$this->line('');
+ $escapedLines = escapeshellarg((string) $lines);
if (count($logPaths) === 1) {
- $logPath = $logPaths[0];
+ $logPath = escapeshellarg($logPaths[0]);
if ($filters) {
- passthru("tail -n {$lines} {$logPath} | grep -E '{$filters}'");
+ $escapedFilters = escapeshellarg($filters);
+ passthru("tail -n {$escapedLines} {$logPath} | grep -E {$escapedFilters}");
} else {
- passthru("tail -n {$lines} {$logPath}");
+ passthru("tail -n {$escapedLines} {$logPath}");
}
} else {
// Multiple files - concatenate and sort by timestamp
- $logPathsStr = implode(' ', $logPaths);
+ $logPathsStr = implode(' ', array_map('escapeshellarg', $logPaths));
if ($filters) {
- passthru("tail -n {$lines} {$logPathsStr} | sort | grep -E '{$filters}'");
+ $escapedFilters = escapeshellarg($filters);
+ passthru("tail -n {$escapedLines} {$logPathsStr} | sort | grep -E {$escapedFilters}");
} else {
- passthru("tail -n {$lines} {$logPathsStr} | sort");
+ passthru("tail -n {$escapedLines} {$logPathsStr} | sort");
}
}
}
diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
index c5e12b7ee..e97105836 100644
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@@ -2,6 +2,7 @@
namespace App\Console;
+use App\Jobs\ApiTokenExpirationWarningJob;
use App\Jobs\CheckForUpdatesJob;
use App\Jobs\CheckHelperImageJob;
use App\Jobs\CheckTraefikVersionJob;
@@ -39,8 +40,9 @@ protected function schedule(Schedule $schedule): void
$this->instanceTimezone = config('app.timezone');
}
- // $this->scheduleInstance->job(new CleanupStaleMultiplexedConnections)->hourly();
$this->scheduleInstance->command('cleanup:redis --clear-locks')->daily();
+ $this->scheduleInstance->command('sanctum:prune-expired --hours=1')->hourly()->onOneServer();
+ $this->scheduleInstance->job(new ApiTokenExpirationWarningJob)->hourly()->onOneServer();
if (isDev()) {
// Instance Jobs
@@ -75,7 +77,7 @@ protected function schedule(Schedule $schedule): void
// Scheduled Jobs (Backups & Tasks)
$this->scheduleInstance->job(new ScheduledJobManager)->everyMinute()->onOneServer();
- $this->scheduleInstance->job(new RegenerateSslCertJob)->twiceDaily();
+ $this->scheduleInstance->job(new RegenerateSslCertJob)->twiceDaily()->onOneServer();
$this->scheduleInstance->job(new CheckTraefikVersionJob)->weekly()->sundays()->at('00:00')->timezone($this->instanceTimezone)->onOneServer();
diff --git a/app/Enums/BuildPackTypes.php b/app/Enums/BuildPackTypes.php
index cb51db6d6..eee898823 100644
--- a/app/Enums/BuildPackTypes.php
+++ b/app/Enums/BuildPackTypes.php
@@ -8,4 +8,5 @@ enum BuildPackTypes: string
case STATIC = 'static';
case DOCKERFILE = 'dockerfile';
case DOCKERCOMPOSE = 'dockercompose';
+ case RAILPACK = 'railpack';
}
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 71de48bcd..58f21c793 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -4,8 +4,10 @@
use App\Models\InstanceSettings;
use App\Models\User;
+use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Psr\Log\LogLevel;
use RuntimeException;
use Sentry\Laravel\Integration;
use Sentry\State\Scope;
@@ -16,7 +18,7 @@ class Handler extends ExceptionHandler
/**
* A list of exception types with their corresponding custom log levels.
*
- * @var array"; + $message .= 'Action Required: Rotate this token before it expires to avoid API outages.'; + + return new PushoverMessage( + title: 'API token expiring soon', + level: 'warning', + message: $message, + buttons: [ + [ + 'text' => 'Manage API tokens', + 'url' => $this->manageUrl, + ], + ], + ); + } + + public function toSlack(): SlackMessage + { + $description = "API token *{$this->tokenName}* expires on {$this->expiresAt}.\n\n"; + $description .= "*Action Required:* Rotate this token before it expires to avoid API outages.\n\n"; + $description .= "Manage tokens: {$this->manageUrl}"; + + return new SlackMessage( + title: '🔑 API token expiring soon', + description: $description, + color: SlackMessage::warningColor(), + ); + } +} diff --git a/app/Providers/HorizonServiceProvider.php b/app/Providers/HorizonServiceProvider.php index 0caa3a3a9..c29f7fc41 100644 --- a/app/Providers/HorizonServiceProvider.php +++ b/app/Providers/HorizonServiceProvider.php @@ -3,9 +3,12 @@ namespace App\Providers; use App\Contracts\CustomJobRepositoryInterface; +use App\Exceptions\DeploymentException; use App\Models\ApplicationDeploymentQueue; use App\Models\User; use App\Repositories\CustomJobRepository; +use Illuminate\Queue\Events\JobFailed; +use Illuminate\Queue\TimeoutExceededException; use Illuminate\Support\Facades\Event; use Illuminate\Support\Facades\Gate; use Laravel\Horizon\Contracts\JobRepository; @@ -48,6 +51,26 @@ public function boot(): void ]); } }); + + Event::listen(function (JobFailed $event) { + if (! isCloud()) { + return; + } + + $exception = $event->exception; + if (! ($exception instanceof DeploymentException) && ! ($exception instanceof TimeoutExceededException)) { + return; + } + + try { + $uuid = $event->job->uuid(); + if ($uuid) { + app(JobRepository::class)->deleteFailed($uuid); + } + } catch (\Throwable $e) { + // Best-effort scrub; never mask the original failure. + } + }); } protected function gate(): void diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 2150126cd..4068572c8 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -54,5 +54,9 @@ protected function configureRateLimiting(): void RateLimiter::for('5', function (Request $request) { return Limit::perMinute(5)->by($request->user()?->id ?: $request->ip()); }); + + RateLimiter::for('feedback', function (Request $request) { + return Limit::perMinute(3)->by($request->user()?->id ?: $request->ip()); + }); } } diff --git a/app/Rules/SafeWebhookUrl.php b/app/Rules/SafeWebhookUrl.php index fbeb406af..3723e1db5 100644 --- a/app/Rules/SafeWebhookUrl.php +++ b/app/Rules/SafeWebhookUrl.php @@ -40,9 +40,15 @@ public function validate(string $attribute, mixed $value, Closure $fail): void $host = strtolower($host); + // Strip IPv6 brackets (e.g. "[::1]" -> "::1") before IP checks so bracketed + // literals can't sneak past filter_var FILTER_VALIDATE_IP. + $hostForIpCheck = (str_starts_with($host, '[') && str_ends_with($host, ']')) + ? substr($host, 1, -1) + : $host; + // Block well-known dangerous hostnames $blockedHosts = ['localhost', '0.0.0.0', '::1']; - if (in_array($host, $blockedHosts) || str_ends_with($host, '.internal')) { + if (in_array($hostForIpCheck, $blockedHosts) || str_ends_with($host, '.internal')) { Log::warning('Webhook URL points to blocked host', [ 'attribute' => $attribute, 'host' => $host, @@ -55,7 +61,7 @@ public function validate(string $attribute, mixed $value, Closure $fail): void } // Block loopback (127.0.0.0/8) and link-local/metadata (169.254.0.0/16) when IP is provided directly - if (filter_var($host, FILTER_VALIDATE_IP) && ($this->isLoopback($host) || $this->isLinkLocal($host))) { + if (filter_var($hostForIpCheck, FILTER_VALIDATE_IP) && ($this->isLoopback($hostForIpCheck) || $this->isLinkLocal($hostForIpCheck))) { Log::warning('Webhook URL points to blocked IP range', [ 'attribute' => $attribute, 'host' => $host, diff --git a/app/Services/DeploymentConfiguration/ApplicationConfigurationSnapshot.php b/app/Services/DeploymentConfiguration/ApplicationConfigurationSnapshot.php new file mode 100644 index 000000000..8369f9a90 --- /dev/null +++ b/app/Services/DeploymentConfiguration/ApplicationConfigurationSnapshot.php @@ -0,0 +1,338 @@ + + */ + public function toArray(): array + { + $this->application->load('settings'); + + return [ + 'schema_version' => self::SCHEMA_VERSION, + 'resource_type' => Application::class, + 'resource_id' => $this->application->id, + 'sections' => [ + 'source' => [ + 'label' => 'Source', + 'items' => $this->sourceItems(), + ], + 'build' => [ + 'label' => 'Build', + 'items' => $this->buildItems(), + ], + 'runtime' => [ + 'label' => 'Runtime', + 'items' => $this->runtimeItems(), + ], + 'domains' => [ + 'label' => 'Domains & Proxy', + 'items' => $this->domainItems(), + ], + 'environment' => [ + 'label' => 'Environment Variables', + 'items' => $this->environmentItems(), + ], + ], + ]; + } + + public function hash(): string + { + return self::hashSnapshot($this->toArray()); + } + + /** + * @param array
+
diff --git a/resources/views/components/deployment/configuration-diff.blade.php b/resources/views/components/deployment/configuration-diff.blade.php
new file mode 100644
index 000000000..f01481057
--- /dev/null
+++ b/resources/views/components/deployment/configuration-diff.blade.php
@@ -0,0 +1,64 @@
+@props([
+ 'diff' => null,
+ 'compact' => false,
+])
+
+@php
+ $changes = collect(data_get($diff, 'changes', []))->filter(fn ($change) => data_get($change, 'key') !== 'domains.custom_labels')->values()->all();
+ $count = count($changes);
+ $requiresBuild = collect($changes)->contains(fn ($change) => data_get($change, 'impact') === 'build');
+@endphp
+
+@if ($count > 0)
+
+
+ @endif
+
+
+ @if ($enableSsl && $certificateValidUntil)
+ Valid until:
+ @if (now()->gt($certificateValidUntil))
+ {{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expired
+ @elseif(now()->addDays(30)->gt($certificateValidUntil))
+ {{ $certificateValidUntil->format('d.m.Y H:i:s') }} - Expiring
+ soon
+ @else
+ {{ $certificateValidUntil->format('d.m.Y H:i:s') }}
+ @endif
+
+ @endif
+
+
+ SSL Configuration
+ @if ($enableSsl && $certificateValidUntil) +
+
+
+ @if ($isExited)
+
+ @if ($sslModeOptions && $enableSsl)
+
+ @if ($isExited)
+
+ @foreach ($sslModeOptions as $value => $option)
+
+ @endforeach
+
+ @else
+
+ @foreach ($sslModeOptions as $value => $option)
+
+ @endforeach
+
+ @endif
+
+ @endif
+ $compact,
+ 'text-sm' => ! $compact,
+ ])>
+
+@endif
diff --git a/resources/views/components/deprecated-badge.blade.php b/resources/views/components/deprecated-badge.blade.php
new file mode 100644
index 000000000..9a797048d
--- /dev/null
+++ b/resources/views/components/deprecated-badge.blade.php
@@ -0,0 +1,6 @@
+merge(['class' => 'inline-flex items-center']) }}>
+
+ Deprecated
+
+
diff --git a/resources/views/components/dropdown.blade.php b/resources/views/components/dropdown.blade.php
index 666b93dbc..2bb917f79 100644
--- a/resources/views/components/dropdown.blade.php
+++ b/resources/views/components/dropdown.blade.php
@@ -1,7 +1,44 @@
+ {{ $count }} configuration {{ $count === 1 ? 'change' : 'changes' }}
+ $requiresBuild,
+ 'bg-blue-100 text-blue-700 dark:bg-blue-500/20 dark:text-blue-300' => ! $requiresBuild,
+ ])>
+ {{ $requiresBuild ? 'Rebuild required' : 'Redeploy required' }}
+
+
+
+ @unless ($compact)
+
+ @foreach (collect($changes)->groupBy('section_label') as $sectionLabel => $sectionChanges)
+
+ @endunless
+
+
+ @endforeach
+
+ {{ $sectionLabel }}
+
+
+
+
+
+ Field
+ From
+
+ To
+
+ @foreach ($sectionChanges as $change)
+
+
+
+ @endforeach
+
+ {{ data_get($change, 'label') }}
+
+
+ {{ data_get($change, 'old_display_value') }}
+
+ →
+
+ {{ data_get($change, 'new_display_value') }}
+
+
-