diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index c65517afd..b9b90bd54 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -50,20 +50,6 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max platforms: linux/amd64 - mirror_image: - permissions: - contents: read - packages: write - id-token: write - needs: - - publish - # Mirror image only if new version is published - if: ${{ github.ref == 'refs/heads/master' }} - # Call workflow explicitly because events from actions cannot trigger more actions - uses: ./.github/workflows/mirror.yml - with: - version: ${{ needs.publish.outputs.logflare_version }} - secrets: inherit trigger_cloudbuild: name: Trigger Cloud Build in Production if: github.ref == 'refs/heads/master' diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml deleted file mode 100644 index 42ea91607..000000000 --- a/.github/workflows/mirror.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Mirror Image - -on: - workflow_call: - inputs: - version: - required: true - type: string - workflow_dispatch: - inputs: - version: - description: "Image tag" - required: true - type: string -permissions: - packages: write - id-token: write -jobs: - mirror: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - id-token: write - steps: - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.PROD_AWS_ROLE }} - aws-region: us-east-1 - - uses: docker/login-action@v2 - with: - registry: public.ecr.aws - - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: akhilerm/tag-push-action@v2.1.0 - with: - src: docker.io/supabase/logflare:${{ inputs.version }} - dst: | - public.ecr.aws/supabase/logflare:${{ inputs.version }} - ghcr.io/supabase/logflare:${{ inputs.version }} diff --git a/VERSION b/VERSION index 7f207341d..e6d5cb833 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.1 \ No newline at end of file +1.0.2 \ No newline at end of file diff --git a/cloudbuild/prod/cloudbuild.yaml b/cloudbuild/prod/cloudbuild.yaml index 1d53d5366..a72c18139 100644 --- a/cloudbuild/prod/cloudbuild.yaml +++ b/cloudbuild/prod/cloudbuild.yaml @@ -3,34 +3,44 @@ steps: args: - kms - decrypt - - --ciphertext-file=gcloud_prod.json.enc - - --plaintext-file=gcloud.json - - --location=us-central1 - - --keyring=logflare-prod-keyring-us-central1 - - --key=logflare-prod-secrets-key + - '--ciphertext-file=gcloud_prod.json.enc' + - '--plaintext-file=gcloud.json' + - '--location=us-central1' + - '--keyring=logflare-prod-keyring-us-central1' + - '--key=logflare-prod-secrets-key' - name: gcr.io/cloud-builders/gcloud args: - kms - decrypt - - --ciphertext-file=./.prod.env.enc - - --plaintext-file=./.secrets.env - - --location=us-central1 - - --keyring=logflare-prod-keyring-us-central1 - - --key=logflare-prod-secrets-key - - name: "gcr.io/cloud-builders/docker" - entrypoint: 'sh' + - '--ciphertext-file=./.prod.env.enc' + - '--plaintext-file=./.secrets.env' + - '--location=us-central1' + - '--keyring=logflare-prod-keyring-us-central1' + - '--key=logflare-prod-secrets-key' + - name: gcr.io/cloud-builders/docker args: - [ - "-c", "docker build --build-arg TAG_VERSION=$(cat ./VERSION) -t gcr.io/$PROJECT_ID/logflare_app:$COMMIT_SHA -t gcr.io/$PROJECT_ID/logflare_app:latest -f docker/secret_setup.Dockerfile .", - ] - - name: "gcr.io/cloud-builders/docker" - args: ["push", "gcr.io/$PROJECT_ID/logflare_app:$COMMIT_SHA"] - - name: "gcr.io/cloud-builders/docker" - args: ["push", "gcr.io/$PROJECT_ID/logflare_app:latest"] -secrets: - - kmsKeyName: projects/logflare-232118/locations/us-central1/keyRings/logflare-prod-secrets-key/cryptoKeys/logflare-prod-secrets-key + - '-c' + - >- + docker build --build-arg $$MAGIC_COOKIE --build-arg TAG_VERSION=$(cat ./VERSION) -t gcr.io/$PROJECT_ID/logflare_app:$COMMIT_SHA -t + gcr.io/$PROJECT_ID/logflare_app:latest -f docker/secret_setup.Dockerfile + . + entrypoint: sh secretEnv: - MAGIC_COOKIE: "CiQAaKkB6bwW6k2L9NxnoxLiSerCpIeLBGlN54tyvdAtGmTqBeISSQA/IRNwMsuZjfo6o1os4UkkFYG3eJzzxp6hDWbI+6El6HxSZLWLDy3ousxpSU8hip3hLypJ9aSjOLlj4zrnXFxS6qzwLA3/pEE=" -options: - machineType: "N1_HIGHCPU_32" + - MAGIC_COOKIE + - name: gcr.io/cloud-builders/docker + args: + - push + - 'gcr.io/$PROJECT_ID/logflare_app:$COMMIT_SHA' + - name: gcr.io/cloud-builders/docker + args: + - push + - 'gcr.io/$PROJECT_ID/logflare_app:latest' timeout: 1800s +options: + machineType: N1_HIGHCPU_32 +secrets: + - kmsKeyName: >- + projects/logflare-232118/locations/us-central1/keyRings/logflare-prod-secrets-key/cryptoKeys/logflare-prod-secrets-key + secretEnv: + MAGIC_COOKIE: >- + CiQAaKkB6bwW6k2L9NxnoxLiSerCpIeLBGlN54tyvdAtGmTqBeISSQA/IRNwMsuZjfo6o1os4UkkFYG3eJzzxp6hDWbI+6El6HxSZLWLDy3ousxpSU8hip3hLypJ9aSjOLlj4zrnXFxS6qzwLA3/pEE= diff --git a/docker/secret_setup.Dockerfile b/docker/secret_setup.Dockerfile index f1a3fc583..aa26f882d 100644 --- a/docker/secret_setup.Dockerfile +++ b/docker/secret_setup.Dockerfile @@ -1,3 +1,4 @@ +ARG TAG_VERSION FROM supabase/logflare:${TAG_VERSION} RUN apk add tini diff --git a/lib/logflare_web/api_spec.ex b/lib/logflare_web/api_spec.ex index 3313bfbfb..2bab3bac8 100644 --- a/lib/logflare_web/api_spec.ex +++ b/lib/logflare_web/api_spec.ex @@ -1,12 +1,14 @@ defmodule LogflareWeb.ApiSpec do + alias LogflareWeb.Endpoint + alias LogflareWeb.Router + + alias OpenApiSpex.Components alias OpenApiSpex.Info alias OpenApiSpex.OpenApi alias OpenApiSpex.Paths + alias OpenApiSpex.SecurityScheme alias OpenApiSpex.Server - alias LogflareWeb.Endpoint - alias LogflareWeb.Router - @behaviour OpenApi @impl OpenApi @@ -17,7 +19,12 @@ defmodule LogflareWeb.ApiSpec do title: to_string(Application.spec(:logflare, :description)), version: to_string(Application.spec(:logflare, :vsn)) }, - paths: Paths.from_router(Router) + paths: Paths.from_router(Router), + components: %Components{ + securitySchemes: %{ + "authorization" => %SecurityScheme{type: "http", scheme: "bearer", bearerFormat: "JWT"} + } + } }) end end