Two improvements to Git deployment handling:
1. **ApplicationDeploymentJob.php**:
- Fixed log message to show actual resolved commit SHA (`$this->commit`)
- Previously showed `$this->application->git_commit_sha` which could be "HEAD"
- Now displays the actual 40-character commit SHA that will be deployed
2. **Application.php (generateGitLsRemoteCommands)**:
- Added `escapeshellarg()` for repository URL in 'other' deployment type
- Prevents shell injection in git ls-remote commands
- Complements existing shell escaping in `generateGitImportCommands`
- Ensures consistent security across all Git operations
**Security Impact:**
- All Git commands now use properly escaped repository URLs
- Prevents command injection through malicious repository URLs
- Consistent escaping in both ls-remote and clone operations
**User Experience:**
- Deployment logs now show exact commit SHA being deployed
- More accurate debugging information for deployment issues
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes pure Dockerfile deployment failing with 'env file not found' error.
The deploy_simple_dockerfile() method was missing the call to
save_runtime_environment_variables() which creates the .env file
needed during the rolling update phase. This call is present in
all other deployment methods (dockerfile, dockercompose, nixpacks,
static) but was missing here.
This ensures the .env file exists when docker compose tries to
use --env-file during the rolling update.
- Strip leading slashes from publish_directory to prevent /app// paths
- Only add slash prefix if directory is not empty
- Ensures clean Docker COPY paths in build output
Fixes deployment failures when Git repositories redirect (e.g., tangled.sh → tangled.org)
and improves security by adding proper shell escaping for repository URLs.
**Root Cause:**
Git redirect warnings can appear on the same line as ls-remote output with no newline:
`warning: redirecting to https://tangled.org/...196d3df... refs/heads/master`
The previous parsing logic split by newlines and extracted text before tabs, which
included the entire warning message instead of just the 40-character commit SHA.
**Changes:**
1. **Fixed commit SHA extraction** (ApplicationDeploymentJob.php):
- Changed from line-based parsing to regex pattern matching
- Uses `/([0-9a-f]{40})\s*\t/` to find valid 40-char hex commit SHA before tab
- Handles warnings on same line, separate lines, multiple warnings, and whitespace
- Added comprehensive Ray debug logs for troubleshooting
2. **Added security fix** (Application.php):
- Added `escapeshellarg()` for repository URLs in 'other' deployment type
- Prevents shell injection and fixes parsing issues with special characters like `@`
- Added Ray debug logs for deployment type tracking
3. **Comprehensive test coverage** (GitLsRemoteParsingTest.php):
- Tests normal output without warnings
- Tests redirect warning on separate line
- Tests redirect warning on same line (actual tangled.sh format)
- Tests multiple warning lines
- Tests extra whitespace handling
**Resolves:**
- Linear issue COOLGH-53: Valid git URLs are rejected as being invalid
- GitHub issue #6568: tangled.sh deployments failing
- Handles Git redirects universally for all Git hosting services
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated the should_skip_build method to save runtime environment variables even when the build step is skipped, ensuring that the latest environment settings are preserved.
- Enhanced logging in prepare_builder_image to differentiate between the first attempt and subsequent attempts, improving clarity in deployment logs.
- Implemented a check for the NIXPACKS_NODE_VERSION variable in the ApplicationDeploymentJob.
- Added log entries to notify users when NIXPACKS_NODE_VERSION is not set, indicating that Node.js 18 will be used by default, which is EOL.
- Provided guidance on how to override the default version by setting NIXPACKS_NODE_VERSION in environment variables.
- Changed the .env file reference to use a build-time .env file located in /artifacts, preventing it from being included in Docker images.
- Introduced a new method to wrap Docker build commands with environment variable exports, enhancing the handling of build-time variables.
- Updated logging messages for clarity regarding the creation and usage of the build-time .env file.
- Replaced the use of a dynamic env_filename with a consistent .env file reference across deployment methods.
- Simplified the generation and saving of build-time and runtime environment variables, ensuring they are always written to the .env file.
- Enhanced clarity in the deployment process by removing redundant logic and ensuring environment variables are handled uniformly.
- Removed redundant logic for merging COOLIFY_* variables into env_args.
- Simplified the process of adding environment variables by directly incorporating generated COOLIFY environment variables.
- Enhanced clarity and maintainability of the generate_env_variables method.
- Added a new method to restart the builder container with the actual commit value, ensuring accurate deployment.
- Improved the generation of environment variables by consolidating user-defined and Coolify-specific variables.
- Updated Dockerfile modification logic to handle environment variables more effectively, including support for multiline variables.
- Enhanced logging for better visibility during deployment processes.
- Introduced new helper functions to generate Docker build arguments and environment flags, accommodating multiline variables with proper escaping.
- Updated the ApplicationDeploymentJob to utilize these new functions, improving the handling of environment variables during deployment.
- Added comprehensive tests to ensure correct behavior for multiline variables and special characters.
- Introduced functionality to add Coolify variables as ARGs in the Dockerfile during the build process.
- Enhanced the existing method to handle both standard environment variables and Coolify-specific variables, improving deployment flexibility.
- Introduced logic to filter user-defined build time variables from the database based on the pull request context.
- Improved handling of build time variables to ensure only relevant variables are analyzed, enhancing the deployment process.
- Added logic to escape single quotes in build arguments to ensure proper execution in bash -c context used by executeInDocker, preventing potential command errors.
- Added EnvironmentVariableAnalyzer trait to analyze and warn about problematic environment variables during the build process.
- Integrated analysis into ApplicationDeploymentJob and Livewire components to provide feedback on potential build issues.
- Introduced a new Blade component for displaying warnings related to environment variables in the UI.
This change introduces automatically generated `SERVICE_NAME_<SERVICE>`
environment variables for each service within a Docker Compose deployment.
This allows services to reliably reference each other by name, which is particularly
useful in pull request environments where container names are dynamically suffixed.
- The application parser now generates and injects these `SERVICE_NAME` variables
into the environment of all services in the compose file.
- `ApplicationDeploymentJob` is updated to correctly handle and filter these
new variables during deployment.
- UI components and the `EnvironmentVariableProtection` trait have been updated
to make these generated variables read-only, preventing accidental modification.
This commit introduces two new helper functions to standardize resource naming
for pull request deployments:
- `addPreviewDeploymentSuffix()`: Generates a consistent suffix format (-pr-{id})
for resource names in preview deployments
- `generateDockerComposeServiceName()`: Creates SERVICE_NAME environment variables
for Docker Compose services
* feat(README): add InterviewPal sponsorship link and corresponding SVG icon
* chore(versions): update coolify version to 4.0.0-beta.413 and nightly version to 4.0.0-beta.414 in configuration files
* fix(terminal): enhance WebSocket client verification with authorized IPs in terminal server
* chore(versions): update realtime version to 1.0.8 in versions.json
* chore(versions): update realtime version to 1.0.8 in versions.json
* chore(docker): update soketi image version to 1.0.8 in production configuration files
* chore(versions): update coolify version to 4.0.0-beta.414 and nightly version to 4.0.0-beta.415 in configuration files
* fix(ApplicationDeploymentJob): ensure source is an object before checking GitHub app properties
* fix(ui): Disable livewire navigate feature (causing spam of setInterval())
* fix(ui): Remove required attribute from image input in service application view
* fix(ui): Change application image validation to be nullable in service application view
* fix(Server): Correct proxy path formatting for Traefik proxy type
* chore(versions): update coolify version to 4.0.0-beta.416 and nightly version to 4.0.0-beta.417 in configuration files; fix links in deployment view
* feat(Service): Add functionality to convert between applications and databases in docker-compose based applications
fix(ui): Fix service layout refresh on compose change
* fix(service): graceful shutdown of old container (#5731)
* refactor(Database): streamline container shutdown process and reduce timeout duration
* fix(ServerCheck): enhance proxy container check to ensure it is running before proceeding
* chore(seeder): update git branch from 'main' to 'v4.x' for multiple examples in ApplicationSeeder
* fix(applications): include pull_request_id in deployment queue check to prevent duplicate deployments
* refactor(core): streamline container stopping process and reduce timeout duration; update related methods for consistency
* fix(database): update label for image input field to improve clarity
* feat(migration): add 'is_migrated' and 'custom_type' columns to service_applications and service_databases tables
* feat(backup): implement custom database type selection and enhance scheduled backups management
* fix(ServerCheck): set default proxy status to 'exited' to handle missing container state
* fix(database): reduce container stop timeout from 300 to 30 seconds for improved responsiveness
* refactor(database): update DB facade usage for consistency across service files
* Update app/Livewire/Project/Service/Database.php
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* refactor(database): enhance application conversion logic and add existence checks for databases and applications
* refactor(actions): standardize method naming for network and configuration deletion across application and service classes
* refactor(logdrain): consolidate log drain stopping logic to reduce redundancy
* refactor(StandaloneMariadb): add type hint for destination method to improve code clarity
* refactor(DeleteResourceJob): streamline resource deletion logic and improve conditional checks for database types
* refactor(jobs): update middleware to prevent job release after expiration for CleanupInstanceStuffsJob, RestartProxyJob, and ServerCheckJob
* fix(ui): system theming for charts (#5740)
* chore(deps-dev): bump vite from 6.2.6 to 6.3.4 (#5743)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.6 to 6.3.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 6.3.4
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(dev): mount points?!
* fix(dev): proxy mount point
* fix(ui): allow adding scheduled backups for non-migrated databases
* fix(DatabaseBackupJob): escape PostgreSQL password in backup command (#5759)
* fix(ui): correct closing div tag in service index view
* Revert "fix(dev): mount points?!"
This reverts commit 365bf3cbf0.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jérémy <jeremy.derdaele@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Best Codes <106822363+The-Best-Codes@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: busybox <29630035+busybox11@users.noreply.github.com>
* feat(README): add InterviewPal sponsorship link and corresponding SVG icon
* chore(versions): update coolify version to 4.0.0-beta.413 and nightly version to 4.0.0-beta.414 in configuration files
* fix(terminal): enhance WebSocket client verification with authorized IPs in terminal server
* chore(versions): update realtime version to 1.0.8 in versions.json
* chore(versions): update realtime version to 1.0.8 in versions.json
* chore(docker): update soketi image version to 1.0.8 in production configuration files
* chore(versions): update coolify version to 4.0.0-beta.414 and nightly version to 4.0.0-beta.415 in configuration files
* fix(ApplicationDeploymentJob): ensure source is an object before checking GitHub app properties
