references/coolify
1
0
Fork 0
mirror of https://github.com/coollabsio/coolify.git synced 2026-06-13 19:09:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next' into fix/deploy-key-dedicated-path-race

Browse Source
This commit is contained in:
Andras Bacsai
2026-06-03 14:00:34 +02:00
parent 903f7a7177 f8960f44fa
commit 3eb5463e3e
108 changed files with 3323 additions and 891 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Actions/Application/StopApplication.php
+12 -7
View File
@@ -13,7 +13,7 @@ class StopApplication
public string $jobQueue = 'high';
public function handle(Application $application, bool $previewDeployments = false, bool $dockerCleanup = true)
public function handle(Application $application, bool $previewDeployments = false, bool $dockerCleanup = true, bool $resetRestartCount = true)
{
$servers = collect([$application->destination->server]);
if ($application?->additional_servers?->count() > 0) {
@@ -57,12 +57,17 @@ class StopApplication
}
}
// Reset restart tracking when application is manually stopped
$application->update([
'restart_count' => 0,
'last_restart_at' => null,
'last_restart_type' => null,
]);
if ($resetRestartCount) {
$application->update([
'restart_count' => 0,
'last_restart_at' => null,
'last_restart_type' => null,
]);
} else {
$application->update([
'status' => 'exited',
]);
}
ServiceStatusChanged::dispatch($application->environment->project->team->id);
}
app/Actions/Docker/GetContainersStatus.php
+15 -11
View File
@@ -2,6 +2,7 @@
namespace App\Actions\Docker;
use App\Actions\Application\StopApplication;
use App\Actions\Database\StartDatabaseProxy;
use App\Actions\Database\StopDatabaseProxy;
use App\Actions\Shared\ComplexStatusCheck;
@@ -9,6 +10,7 @@ use App\Events\ServiceChecked;
use App\Models\ApplicationPreview;
use App\Models\Server;
use App\Models\ServiceDatabase;
use App\Notifications\Application\RestartLimitReached as ApplicationRestartLimitReached;
use App\Services\ContainerStatusAggregator;
use App\Traits\CalculatesExcludedStatus;
use Illuminate\Support\Arr;
@@ -464,7 +466,9 @@ class GetContainersStatus
}
// Wrap all database updates in a transaction to ensure consistency
DB::transaction(function () use ($application, $maxRestartCount, $containerStatuses) {
$restartLimitReached = false;
DB::transaction(function () use ($application, $maxRestartCount, $containerStatuses, &$restartLimitReached) {
$previousRestartCount = $application->restart_count ?? 0;
if ($maxRestartCount > $previousRestartCount) {
@@ -475,16 +479,10 @@ class GetContainersStatus
'last_restart_type' => 'crash',
]);
// Send notification
$containerName = $application->name;
$projectUuid = data_get($application, 'environment.project.uuid');
$environmentName = data_get($application, 'environment.name');
$applicationUuid = data_get($application, 'uuid');
if ($projectUuid && $applicationUuid && $environmentName) {
$url = base_url().'/project/'.$projectUuid.'/'.$environmentName.'/application/'.$applicationUuid;
} else {
$url = null;
// Check if restart limit has been reached
$maxAllowedRestarts = $application->max_restart_count ?? 0;
if ($maxAllowedRestarts > 0 && $maxRestartCount >= $maxAllowedRestarts && $previousRestartCount < $maxAllowedRestarts) {
$restartLimitReached = true;
}
}
@@ -499,6 +497,12 @@ class GetContainersStatus
}
}
});
if ($restartLimitReached) {
$application->refresh();
StopApplication::dispatch($application, false, true, false);
$application->environment->project->team?->notify(new ApplicationRestartLimitReached($application));
}
}
}
app/Casts/EncryptedArrayCast.php
+51
View File
@@ -0,0 +1,51 @@
<?php
namespace App\Casts;
use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
use Illuminate\Contracts\Encryption\DecryptException;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\Crypt;
/**
* Stores an array as an encrypted JSON string at rest. Tolerates legacy
* plaintext JSON rows written before the column was encrypted, so existing
* snapshots keep decoding instead of throwing.
*
* @implements CastsAttributes<array<mixed>|null, array<mixed>|null>
*/
class EncryptedArrayCast implements CastsAttributes
{
/**
* @param array<string, mixed> $attributes
* @return array<mixed>|null
*/
public function get(Model $model, string $key, mixed $value, array $attributes): ?array
{
if ($value === null || $value === '') {
return null;
}
try {
$value = Crypt::decryptString($value);
} catch (DecryptException) {
// Legacy plaintext JSON written before this column was encrypted.
}
$decoded = json_decode((string) $value, true);
return is_array($decoded) ? $decoded : null;
}
/**
* @param array<string, mixed> $attributes
*/
public function set(Model $model, string $key, mixed $value, array $attributes): ?string
{
if ($value === null) {
return null;
}
return Crypt::encryptString(json_encode($value, JSON_THROW_ON_ERROR));
}
}
app/Console/Commands/Init.php
+1 -1
View File
@@ -253,7 +253,7 @@ class Init extends Command
'save_s3' => false,
'frequency' => '0 0 * * *',
'database_id' => $database->id,
'database_type' => \App\Models\StandalonePostgresql::class,
'database_type' => StandalonePostgresql::class,
'team_id' => 0,
]);
}
app/Http/Controllers/Api/ApplicationsController.php
+8 -8
View File
@@ -146,7 +146,7 @@ class ApplicationsController extends Controller
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'git_repository', 'git_branch', 'build_pack', 'ports_exposes'],
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'git_repository', 'git_branch', 'build_pack'],
properties: [
'project_uuid' => ['type' => 'string', 'description' => 'The project UUID.'],
'server_uuid' => ['type' => 'string', 'description' => 'The server UUID.'],
@@ -312,7 +312,7 @@ class ApplicationsController extends Controller
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'github_app_uuid', 'git_repository', 'git_branch', 'build_pack', 'ports_exposes'],
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'github_app_uuid', 'git_repository', 'git_branch', 'build_pack'],
properties: [
'project_uuid' => ['type' => 'string', 'description' => 'The project UUID.'],
'server_uuid' => ['type' => 'string', 'description' => 'The server UUID.'],
@@ -478,7 +478,7 @@ class ApplicationsController extends Controller
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'private_key_uuid', 'git_repository', 'git_branch', 'build_pack', 'ports_exposes'],
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'private_key_uuid', 'git_repository', 'git_branch', 'build_pack'],
properties: [
'project_uuid' => ['type' => 'string', 'description' => 'The project UUID.'],
'server_uuid' => ['type' => 'string', 'description' => 'The server UUID.'],
@@ -781,7 +781,7 @@ class ApplicationsController extends Controller
mediaType: 'application/json',
schema: new OA\Schema(
type: 'object',
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'docker_registry_image_name', 'ports_exposes'],
required: ['project_uuid', 'server_uuid', 'environment_name', 'environment_uuid', 'docker_registry_image_name'],
properties: [
'project_uuid' => ['type' => 'string', 'description' => 'The project UUID.'],
'server_uuid' => ['type' => 'string', 'description' => 'The server UUID.'],
@@ -1024,7 +1024,7 @@ class ApplicationsController extends Controller
'git_repository' => ['string', 'required', new ValidGitRepositoryUrl],
'git_branch' => ['string', 'required', new ValidGitBranch],
'build_pack' => ['required', Rule::enum(BuildPackTypes::class)],
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|required',
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|nullable',
'docker_compose_domains' => 'array|nullable',
'docker_compose_domains.*' => 'array:name,domain',
'docker_compose_domains.*.name' => 'string|required',
@@ -1230,7 +1230,7 @@ class ApplicationsController extends Controller
'git_repository' => 'string|required',
'git_branch' => ['string', 'required', new ValidGitBranch],
'build_pack' => ['required', Rule::enum(BuildPackTypes::class)],
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|required',
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|nullable',
'github_app_uuid' => 'string|required',
'watch_paths' => 'string|nullable',
'docker_compose_domains' => 'array|nullable',
@@ -1470,7 +1470,7 @@ class ApplicationsController extends Controller
'git_repository' => ['string', 'required', new ValidGitRepositoryUrl],
'git_branch' => ['string', 'required', new ValidGitBranch],
'build_pack' => ['required', Rule::enum(BuildPackTypes::class)],
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|required',
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|nullable',
'private_key_uuid' => 'string|required',
'watch_paths' => 'string|nullable',
'docker_compose_domains' => 'array|nullable',
@@ -1793,7 +1793,7 @@ class ApplicationsController extends Controller
$validationRules = [
'docker_registry_image_name' => ['required', 'string', 'max:255', new DockerImageFormat],
'docker_registry_image_tag' => ValidationPatterns::dockerImageTagRules(),
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|required',
'ports_exposes' => 'string|regex:/^(\d+)(,\d+)*$/|nullable',
];
$validationRules = array_merge(sharedDataApplications(), $validationRules);
$validator = customApiValidator($request->all(), $validationRules);
app/Http/Controllers/Api/ServersController.php
+26 -10
View File
@@ -13,6 +13,7 @@ use App\Models\PrivateKey;
use App\Models\Project;
use App\Models\Server as ModelsServer;
use App\Rules\ValidServerIp;
use App\Support\ValidationPatterns;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use OpenApi\Attributes as OA;
@@ -487,10 +488,12 @@ class ServersController extends Controller
'ip' => ['string', 'required', new ValidServerIp],
'port' => 'integer|nullable|between:1,65535',
'private_key_uuid' => 'string|required',
'user' => ['string', 'nullable', 'regex:/^[a-zA-Z0-9_-]+$/'],
'user' => ValidationPatterns::serverUsernameRules(required: false),
'is_build_server' => 'boolean|nullable',
'instant_validate' => 'boolean|nullable',
'proxy_type' => 'string|nullable',
], [
...ValidationPatterns::serverUsernameMessages(),
]);
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
@@ -666,7 +669,7 @@ class ServersController extends Controller
'ip' => ['string', 'nullable', new ValidServerIp],
'port' => 'integer|nullable|between:1,65535',
'private_key_uuid' => 'string|nullable',
'user' => ['string', 'nullable', 'regex:/^[a-zA-Z0-9_-]+$/'],
'user' => ValidationPatterns::serverUsernameRules(required: false),
'is_build_server' => 'boolean|nullable',
'instant_validate' => 'boolean|nullable',
'proxy_type' => 'string|nullable',
@@ -676,6 +679,8 @@ class ServersController extends Controller
'server_disk_usage_notification_threshold' => 'integer|min:1|max:100',
'server_disk_usage_check_frequency' => 'string',
'connection_timeout' => 'integer|min:1|max:300',
], [
...ValidationPatterns::serverUsernameMessages(),
]);
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
@@ -700,17 +705,17 @@ class ServersController extends Controller
$validProxyTypes = collect(ProxyTypes::cases())->map(function ($proxyType) {
return str($proxyType->value)->lower();
});
if ($validProxyTypes->contains(str($request->proxy_type)->lower())) {
$server->changeProxy($request->proxy_type, async: true);
} else {
if (! $validProxyTypes->contains(str($request->proxy_type)->lower())) {
return response()->json(['message' => 'Invalid proxy type.'], 422);
}
}
$server->update($request->only(['name', 'description', 'ip', 'port', 'user']));
if ($request->is_build_server) {
$server->settings()->update([
'is_build_server' => $request->is_build_server,
]);
$updateFields = $request->only(['name', 'description', 'ip', 'port', 'user']);
if ($request->filled('private_key_uuid')) {
$privateKey = PrivateKey::whereTeamId($teamId)->whereUuid($request->private_key_uuid)->first();
if (! $privateKey) {
return response()->json(['message' => 'Private key not found.'], 404);
}
$updateFields['private_key_id'] = $privateKey->id;
}
if ($request->has('server_disk_usage_check_frequency') && ! validate_cron_expression($request->server_disk_usage_check_frequency)) {
@@ -720,11 +725,22 @@ class ServersController extends Controller
], 422);
}
$server->update($updateFields);
if ($request->has('is_build_server')) {
$server->settings()->update([
'is_build_server' => $request->boolean('is_build_server'),
]);
}
$advancedSettings = $request->only(['concurrent_builds', 'dynamic_timeout', 'deployment_queue_limit', 'server_disk_usage_notification_threshold', 'server_disk_usage_check_frequency', 'connection_timeout']);
if (! empty($advancedSettings)) {
$server->settings()->update(array_filter($advancedSettings, fn ($value) => ! is_null($value)));
}
if ($request->proxy_type) {
$server->changeProxy($request->proxy_type, async: true);
}
if ($request->instant_validate) {
ValidateServer::dispatch($server);
}
app/Http/Controllers/Webhook/Github.php
+44 -11
View File
@@ -11,6 +11,8 @@ use App\Models\Application;
use App\Models\GithubApp;
use App\Models\PrivateKey;
use Exception;
use Illuminate\Http\Exceptions\HttpResponseException;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Http;
@@ -539,19 +541,22 @@ class Github extends Controller
public function install(Request $request)
{
$source = (string) $request->query('source', '');
abort_if(blank($source), 404);
$github_app = GithubApp::ownedByCurrentTeam()->where('uuid', $source)->firstOrFail();
$setup_action = (string) $request->query('setup_action', '');
if ($setup_action !== 'install') {
return redirect()->route('source.github.show', ['github_app_uuid' => $github_app->uuid]);
}
abort_unless(in_array($setup_action, ['install', 'update'], true), 422, 'Invalid GitHub App setup action.');
$installation_id = (string) $request->query('installation_id', '');
abort_unless(ctype_digit($installation_id), 422, 'Missing GitHub App installation id.');
if ($setup_action === 'update') {
return $this->redirectAfterGithubAppInstallationUpdate($installation_id);
}
$github_app = $this->consumeGithubAppSetupState(
request: $request,
state: (string) $request->query('state', ''),
action: 'install',
);
abort_unless(
$this->githubInstallationBelongsToApp($github_app, $installation_id),
403,
@@ -564,6 +569,19 @@ class Github extends Controller
return redirect()->route('source.github.show', ['github_app_uuid' => $github_app->uuid]);
}
private function redirectAfterGithubAppInstallationUpdate(string $installation_id): RedirectResponse
{
$github_app = GithubApp::ownedByCurrentTeam()
->where('installation_id', $installation_id)
->first();
if ($github_app) {
return redirect()->route('source.github.show', ['github_app_uuid' => $github_app->uuid]);
}
return redirect()->route('source.all');
}
/**
* Verify that the given installation id actually belongs to this GitHub App.
*
@@ -596,11 +614,14 @@ class Github extends Controller
private function consumeGithubAppSetupState(Request $request, string $state, string $action): GithubApp
{
abort_if(blank($state), 404);
if (blank($state)) {
$this->rejectInvalidGithubAppSetupState($request);
}
$payload = Cache::pull($this->githubAppSetupStateCacheKey($state));
abort_unless(is_array($payload), 404);
abort_unless(data_get($payload, 'action') === $action, 404);
if (! is_array($payload) || data_get($payload, 'action') !== $action) {
$this->rejectInvalidGithubAppSetupState($request);
}
$team_id = $request->user()?->currentTeam()?->id;
abort_unless(! is_null($team_id) && (int) data_get($payload, 'team_id') === $team_id, 403);
@@ -610,6 +631,18 @@ class Github extends Controller
->firstOrFail();
}
private function rejectInvalidGithubAppSetupState(Request $request): never
{
if ($request->expectsJson()) {
abort(404);
}
throw new HttpResponseException(
redirect()
->route('source.all')
);
}
private function githubAppSetupStateCacheKey(string $state): string
{
return 'github-app-setup-state:'.hash('sha256', $state);
app/Jobs/ApplicationDeploymentJob.php
+20 -13
View File
@@ -1388,7 +1388,7 @@ class ApplicationDeploymentJob implements ShouldBeEncrypted, ShouldQueue
// Add PORT if not exists, use the first port as default
if ($this->build_pack !== 'dockercompose') {
if ($this->application->environment_variables->where('key', 'PORT')->isEmpty()) {
if ($this->application->environment_variables->where('key', 'PORT')->isEmpty() && ! empty($ports)) {
$envs->push("PORT={$ports[0]}");
}
}
@@ -3139,7 +3139,7 @@ COPY ./nginx.conf /etc/nginx/conf.d/default.conf");
'image' => $this->production_image_name,
'container_name' => $this->container_name,
'restart' => RESTART_MODE,
'expose' => $ports,
...(! empty($ports) ? ['expose' => $ports] : []),
'networks' => [
$this->destination->network => [
'aliases' => array_merge(
@@ -3171,16 +3171,19 @@ COPY ./nginx.conf /etc/nginx/conf.d/default.conf");
// If custom_healthcheck_found is true, the Dockerfile's HEALTHCHECK will be used
// If healthcheck is disabled, no healthcheck will be added
if (! $this->application->custom_healthcheck_found && ! $this->application->isHealthcheckDisabled()) {
$docker_compose['services'][$this->container_name]['healthcheck'] = [
'test' => [
'CMD-SHELL',
$this->generate_healthcheck_commands(),
],
'interval' => $this->application->health_check_interval.'s',
'timeout' => $this->application->health_check_timeout.'s',
'retries' => $this->application->health_check_retries,
'start_period' => $this->application->health_check_start_period.'s',
];
$healthcheck_command = $this->generate_healthcheck_commands();
if ($healthcheck_command !== null) {
$docker_compose['services'][$this->container_name]['healthcheck'] = [
'test' => [
'CMD-SHELL',
$healthcheck_command,
],
'interval' => $this->application->health_check_interval.'s',
'timeout' => $this->application->health_check_timeout.'s',
'retries' => $this->application->health_check_retries,
'start_period' => $this->application->health_check_start_period.'s',
];
}
}
if (! is_null($this->application->limits_cpuset)) {
@@ -3390,7 +3393,11 @@ COPY ./nginx.conf /etc/nginx/conf.d/default.conf");
// HTTP type healthcheck (default)
if (! $this->application->health_check_port) {
$health_check_port = (int) $this->application->ports_exposes_array[0];
if (! empty($this->application->ports_exposes_array)) {
$health_check_port = (int) $this->application->ports_exposes_array[0];
} else {
return null;
}
} else {
$health_check_port = (int) $this->application->health_check_port;
}
app/Jobs/SendWebhookJob.php
+2 -1
View File
@@ -2,6 +2,7 @@
namespace App\Jobs;
use App\Rules\SafeWebhookUrl;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldBeEncrypted;
use Illuminate\Contracts\Queue\ShouldQueue;
@@ -44,7 +45,7 @@ class SendWebhookJob implements ShouldBeEncrypted, ShouldQueue
{
$validator = Validator::make(
['webhook_url' => $this->webhookUrl],
['webhook_url' => ['required', 'url', new \App\Rules\SafeWebhookUrl]]
['webhook_url' => ['required', 'url', new SafeWebhookUrl]]
);
if ($validator->fails()) {
app/Livewire/Boarding/Index.php
+23 -10
View File
@@ -8,6 +8,7 @@ use App\Models\Project;
use App\Models\Server;
use App\Models\Team;
use App\Services\ConfigurationRepository;
use App\Support\ValidationPatterns;
use Illuminate\Support\Collection;
use Livewire\Attributes\Url;
use Livewire\Component;
@@ -212,6 +213,23 @@ class Index extends Component
}
}
protected function rules(): array
{
return [
'remoteServerName' => 'required|string',
'remoteServerHost' => 'required|string',
'remoteServerPort' => 'required|integer|min:1|max:65535',
'remoteServerUser' => ValidationPatterns::serverUsernameRules(),
];
}
protected function messages(): array
{
return [
...ValidationPatterns::serverUsernameMessages('remoteServerUser', 'SSH User'),
];
}
public function getProxyType()
{
$this->selectProxy(ProxyTypes::TRAEFIK->value);
@@ -274,12 +292,7 @@ class Index extends Component
public function saveServer()
{
$this->validate([
'remoteServerName' => 'required|string',
'remoteServerHost' => 'required|string',
'remoteServerPort' => 'required|integer',
'remoteServerUser' => 'required|string',
]);
$this->validate();
$this->privateKey = formatPrivateKey($this->privateKey);
$foundServer = Server::whereIp($this->remoteServerHost)->first();
@@ -465,10 +478,10 @@ class Index extends Component
public function saveAndValidateServer()
{
$this->validate([
'remoteServerPort' => 'required|integer|min:1|max:65535',
'remoteServerUser' => 'required|string',
]);
$this->validate(array_intersect_key($this->rules(), array_flip([
'remoteServerPort',
'remoteServerUser',
])));
$this->createdServer->update([
'port' => $this->remoteServerPort,
app/Livewire/Destination/Resources.php
+125
View File
@@ -0,0 +1,125 @@
<?php
namespace App\Livewire\Destination;
use App\Models\Application;
use App\Models\BaseModel;
use App\Models\Service;
use App\Models\StandaloneClickhouse;
use App\Models\StandaloneDocker;
use App\Models\StandaloneDragonfly;
use App\Models\StandaloneKeydb;
use App\Models\StandaloneMariadb;
use App\Models\StandaloneMongodb;
use App\Models\StandaloneMysql;
use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis;
use Illuminate\Contracts\View\View;
use Livewire\Attributes\Locked;
use Livewire\Component;
class Resources extends Component
{
#[Locked]
public $destination;
public array $resources = [];
public function mount(string $destination_uuid)
{
try {
$destination = find_destination_for_current_team($destination_uuid);
if (! $destination) {
return redirect()->route('destination.index');
}
if (! $destination instanceof StandaloneDocker) {
return redirect()->route('destination.show', ['destination_uuid' => $destination->uuid]);
}
$this->destination = $destination;
$this->loadResources();
} catch (\Throwable $e) {
return handleError($e, $this);
}
}
/**
* Load applications, services, and database resources deployed to the standalone Docker destination.
*
* @return void Populates the resources property for display.
*/
public function loadResources(): void
{
$this->resources = $this->collectResources([
$this->destination->applications,
$this->destination->services,
$this->destination->postgresqls,
$this->destination->redis,
$this->destination->mongodbs,
$this->destination->mysqls,
$this->destination->mariadbs,
$this->destination->keydbs,
$this->destination->dragonflies,
$this->destination->clickhouses,
]);
}
/**
* @param array<int, iterable<Application|Service|StandalonePostgresql|StandaloneRedis|StandaloneMongodb|StandaloneMysql|StandaloneMariadb|StandaloneKeydb|StandaloneDragonfly|StandaloneClickhouse>> $groups
* @return array<int, array{uuid:string,type:string,name:string,project:string|null,environment:string|null,url:string|null,search:string}>
*/
protected function collectResources(array $groups): array
{
$rows = [];
foreach ($groups as $group) {
foreach ($group as $resource) {
$rows[] = $this->resourceRow($resource);
}
}
return $rows;
}
/**
* @param Application|Service|StandalonePostgresql|StandaloneRedis|StandaloneMongodb|StandaloneMysql|StandaloneMariadb|StandaloneKeydb|StandaloneDragonfly|StandaloneClickhouse $resource
* @return array{uuid:string,type:string,name:string,project:string|null,environment:string|null,url:string|null,search:string}
*/
protected function resourceRow(BaseModel $resource): array
{
$type = match (true) {
$resource instanceof Application => 'application',
$resource instanceof Service => 'service',
default => 'database',
};
$environment = $resource->environment;
$project = $environment?->project;
$routeName = "project.{$type}.configuration";
$url = ($project && $environment)
? route($routeName, [
'project_uuid' => $project->uuid,
'environment_uuid' => $environment->uuid,
"{$type}_uuid" => $resource->uuid,
])
: null;
return [
'uuid' => $resource->uuid,
'type' => $type,
'name' => $resource->name,
'project' => $project?->name,
'environment' => $environment?->name,
'url' => $url,
'search' => strtolower(implode(' ', array_filter([
$type,
$resource->name,
$project?->name,
$environment?->name,
]))),
];
}
public function render(): View
{
return view('livewire.destination.resources');
}
}
app/Livewire/Project/Application/Advanced.php
+19
View File
@@ -87,6 +87,9 @@ class Advanced extends Component
#[Validate(['boolean'])]
public bool $isConnectToDockerNetworkEnabled = false;
#[Validate(['integer', 'min:0'])]
public int $maxRestartCount = 10;
public function mount()
{
try {
@@ -149,6 +152,7 @@ class Advanced extends Component
$this->disableBuildCache = $this->application->settings->disable_build_cache;
$this->injectBuildArgsToDockerfile = $this->application->settings->inject_build_args_to_dockerfile ?? true;
$this->includeSourceCommitInBuild = $this->application->settings->include_source_commit_in_build ?? false;
$this->maxRestartCount = $this->application->max_restart_count ?? 10;
}
// Load stop_grace_period separately since it has its own save handler
@@ -289,6 +293,21 @@ class Advanced extends Component
}
}
public function saveMaxRestartCount()
{
try {
$this->authorize('update', $this->application);
$this->validate([
'maxRestartCount' => 'integer|min:0',
]);
$this->application->max_restart_count = $this->maxRestartCount;
$this->application->save();
$this->dispatch('success', 'Max restart count saved.');
} catch (\Throwable $e) {
return handleError($e, $this);
}
}
public function render()
{
return view('livewire.project.application.advanced');
app/Livewire/Project/Application/Configuration.php
+1 -1
View File
@@ -28,7 +28,7 @@ class Configuration extends Component
$project = currentTeam()
->projects()
->select('id', 'uuid', 'team_id')
->select('id', 'uuid', 'name', 'team_id')
->where('uuid', request()->route('project_uuid'))
->firstOrFail();
$environment = $project->environments()
app/Livewire/Project/Application/General.php
+2 -3
View File
@@ -154,7 +154,7 @@ class General extends Component
'staticImage' => 'required',
'baseDirectory' => array_merge(['required'], array_slice(ValidationPatterns::directoryPathRules(), 1)),
'publishDirectory' => ValidationPatterns::directoryPathRules(),
'portsExposes' => ['required', 'string', 'regex:/^(\d+)(,\d+)*$/'],
'portsExposes' => ['nullable', 'string', 'regex:/^(\d+)(,\d+)*$/'],
'portsMappings' => ValidationPatterns::portMappingRules(),
'customNetworkAliases' => 'nullable',
'dockerfile' => 'nullable',
@@ -212,7 +212,6 @@ class General extends Component
'buildPack.required' => 'The Build Pack field is required.',
'staticImage.required' => 'The Static Image field is required.',
'baseDirectory.required' => 'The Base Directory field is required.',
'portsExposes.required' => 'The Exposed Ports field is required.',
'portsExposes.regex' => 'Ports exposes must be a comma-separated list of port numbers (e.g. 3000,3001).',
...ValidationPatterns::portMappingMessages(),
'isStatic.required' => 'The Static setting is required.',
@@ -760,7 +759,7 @@ class General extends Component
$this->resetErrorBag();
$this->portsExposes = str($this->portsExposes)->replace(' ', '')->trim()->toString();
$this->portsExposes = str($this->portsExposes)->replace(' ', '')->trim()->toString() ?: null;
if ($this->portsMappings) {
$this->portsMappings = str($this->portsMappings)->replace(' ', '')->trim()->toString();
}
app/Livewire/Project/Database/Configuration.php
+1 -1
View File
@@ -26,7 +26,7 @@ class Configuration extends Component
$project = currentTeam()
->projects()
->select('id', 'uuid', 'team_id')
->select('id', 'uuid', 'name', 'team_id')
->where('uuid', request()->route('project_uuid'))
->firstOrFail();
$environment = $project->environments()
app/Livewire/Project/Service/Configuration.php
+1 -1
View File
@@ -44,7 +44,7 @@ class Configuration extends Component
$this->query = request()->query();
$project = currentTeam()
->projects()
->select('id', 'uuid', 'team_id')
->select('id', 'uuid', 'name', 'team_id')
->where('uuid', request()->route('project_uuid'))
->firstOrFail();
$environment = $project->environments()
app/Livewire/Project/Shared/ConfigurationChecker.php
+38 -5
View File
@@ -21,8 +21,6 @@ class ConfigurationChecker extends Component
public array $configurationDiff = [];
public array $groupedConfigurationChanges = [];
public Application|Service|StandaloneRedis|StandalonePostgresql|StandaloneMongodb|StandaloneMysql|StandaloneMariadb|StandaloneKeydb|StandaloneDragonfly|StandaloneClickhouse $resource;
public function getListeners(): array
@@ -50,21 +48,56 @@ class ConfigurationChecker extends Component
$this->configurationChanged();
}
/**
* Members must never see environment variable values, so redact every
* environment-section change before it is serialized to the browser.
*
* @param array<int, array<string, mixed>> $changes
* @return array<int, array<string, mixed>>
*/
private function redactEnvironmentChanges(array $changes, bool $redact): array
{
if (! $redact) {
return $changes;
}
return collect($changes)
->map(function (array $change): array {
if (data_get($change, 'section') !== 'environment') {
return $change;
}
$change['old_display_value'] = data_get($change, 'old_display_value') === '-' ? '-' : '••••••••';
$change['new_display_value'] = data_get($change, 'new_display_value') === '-' ? '-' : '••••••••';
$change['old_full_value'] = null;
$change['new_full_value'] = null;
$change['expandable'] = false;
$change['display_summary'] = data_get($change, 'type') === 'changed' ? 'Changed' : null;
return $change;
})
->all();
}
public function configurationChanged(): void
{
$this->resource->refresh();
if ($this->resource instanceof Application) {
$diff = $this->resource->pendingDeploymentConfigurationDiff();
// Fail closed: only owners/admins may see unlocked env values.
$redactEnvironment = ! (bool) auth()->user()?->isAdmin();
$array = $diff->toArray();
$array['changes'] = $this->redactEnvironmentChanges($array['changes'] ?? [], $redactEnvironment);
$this->isConfigurationChanged = $diff->isChanged();
$this->configurationDiff = $diff->toArray();
$this->groupedConfigurationChanges = $diff->groupedChanges();
$this->configurationDiff = $array;
return;
}
$this->isConfigurationChanged = $this->resource->isConfigurationChanged();
$this->configurationDiff = [];
$this->groupedConfigurationChanges = [];
}
}
app/Livewire/Project/Shared/EnvironmentVariable/All.php
+62 -19
View File
@@ -7,6 +7,8 @@ use App\Models\EnvironmentVariable;
use App\Support\ValidationPatterns;
use App\Traits\EnvironmentVariableProtection;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Support\Collection;
use Illuminate\Support\Str;
use Livewire\Component;
class All extends Component
@@ -25,6 +27,8 @@ class All extends Component
public string $view = 'normal';
public string $search = '';
public bool $is_env_sorting_enabled = false;
public bool $use_build_secrets = false;
@@ -35,6 +39,20 @@ class All extends Component
'environmentVariableDeleted' => 'refreshEnvs',
];
public function updatedSearch(): void
{
$this->clearEnvironmentVariableCaches();
}
private function clearEnvironmentVariableCaches(): void
{
unset($this->environmentVariables);
unset($this->environmentVariablesPreview);
unset($this->hardcodedEnvironmentVariables);
unset($this->hardcodedEnvironmentVariablesPreview);
unset($this->hasEnvironmentVariables);
}
public function mount()
{
$this->is_env_sorting_enabled = data_get($this->resource, 'settings.is_env_sorting_enabled', false);
@@ -65,8 +83,27 @@ class All extends Component
public function getEnvironmentVariablesProperty()
{
$query = $this->resource->environment_variables()
->orderByRaw("CASE WHEN is_required = true AND (value IS NULL OR value = '') THEN 0 ELSE 1 END");
return $this->getEnvironmentVariables(false);
}
public function getEnvironmentVariablesPreviewProperty()
{
return $this->getEnvironmentVariables(true);
}
private function getEnvironmentVariables(bool $isPreview, bool $withSearch = true): Collection
{
$query = $isPreview
? $this->resource->environment_variables_preview()
: $this->resource->environment_variables();
$query->orderByRaw("CASE WHEN is_required = true AND (value IS NULL OR value = '') THEN 0 ELSE 1 END");
if ($withSearch && $this->searchTerm() !== '') {
$escapedSearch = addcslashes(Str::lower($this->searchTerm()), '%_\\');
$query->whereRaw("LOWER(key) LIKE ? ESCAPE '\\'", ['%'.$escapedSearch.'%']);
}
if ($this->is_env_sorting_enabled) {
$query->orderBy('key');
@@ -77,18 +114,22 @@ class All extends Component
return $query->get();
}
public function getEnvironmentVariablesPreviewProperty()
private function searchTerm(): string
{
$query = $this->resource->environment_variables_preview()
->orderByRaw("CASE WHEN is_required = true AND (value IS NULL OR value = '') THEN 0 ELSE 1 END");
return trim($this->search);
}
if ($this->is_env_sorting_enabled) {
$query->orderBy('key');
} else {
$query->orderBy('order');
}
public function getHasEnvironmentVariablesProperty(): bool
{
return $this->environmentVariables->isNotEmpty() ||
$this->environmentVariablesPreview->isNotEmpty() ||
$this->hardcodedEnvironmentVariables->isNotEmpty() ||
$this->hardcodedEnvironmentVariablesPreview->isNotEmpty();
}
return $query->get();
public function getIsSearchActiveProperty(): bool
{
return $this->searchTerm() !== '';
}
public function getHardcodedEnvironmentVariablesProperty()
@@ -138,6 +179,12 @@ class All extends Component
return ! in_array($var['key'], $managedKeys);
});
if ($this->searchTerm() !== '') {
$hardcodedVars = $hardcodedVars->filter(function ($var) {
return str($var['key'])->contains($this->searchTerm(), true);
});
}
// Apply sorting based on is_env_sorting_enabled
if ($this->is_env_sorting_enabled) {
$hardcodedVars = $hardcodedVars->sortBy('key')->values();
@@ -149,9 +196,9 @@ class All extends Component
public function getDevView()
{
$this->variables = $this->formatEnvironmentVariables($this->environmentVariables);
$this->variables = $this->formatEnvironmentVariables($this->getEnvironmentVariables(false, false));
if ($this->showPreview) {
$this->variablesPreview = $this->formatEnvironmentVariables($this->environmentVariablesPreview);
$this->variablesPreview = $this->formatEnvironmentVariables($this->getEnvironmentVariables(true, false));
}
}
@@ -282,9 +329,7 @@ class All extends Component
$environment->order = $maxOrder + 1;
$environment->save();
// Clear computed property cache to force refresh
unset($this->environmentVariables);
unset($this->environmentVariablesPreview);
$this->clearEnvironmentVariableCaches();
$this->dispatch('success', 'Environment variable added.');
}
@@ -413,9 +458,7 @@ class All extends Component
public function refreshEnvs()
{
$this->resource->refresh();
// Clear computed property cache to force refresh
unset($this->environmentVariables);
unset($this->environmentVariablesPreview);
$this->clearEnvironmentVariableCaches();
$this->getDevView();
}
}
app/Livewire/Project/Shared/ResourceDetails.php
+91
View File
@@ -0,0 +1,91 @@
<?php
namespace App\Livewire\Project\Shared;
use App\Models\Service;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class ResourceDetails extends Component
{
use AuthorizesRequests;
public $resource;
public ?string $project_uuid = null;
public ?string $project_name = null;
public ?string $environment_uuid = null;
public ?string $environment_name = null;
public ?string $server_uuid = null;
public ?string $server_name = null;
public array $stack_applications = [];
public array $stack_databases = [];
public function mount()
{
$this->authorize('view', $this->resource);
$environment = $this->resource->environment ?? null;
if ($environment) {
$this->environment_uuid = $environment->uuid;
$this->environment_name = $environment->name;
$project = $environment->project ?? null;
if ($project) {
$this->project_uuid = $project->uuid;
$this->project_name = $project->name;
}
}
$server = $this->resolveServer();
if ($server) {
$this->server_uuid = $server->uuid;
$this->server_name = $server->name;
}
if ($this->resource instanceof Service) {
$this->stack_applications = $this->resource->applications
->map(fn ($app) => [
'name' => $app->human_name ?: $app->name,
'uuid' => $app->uuid,
])
->values()
->all();
$this->stack_databases = $this->resource->databases
->map(fn ($db) => [
'name' => $db->human_name ?: $db->name,
'uuid' => $db->uuid,
])
->values()
->all();
}
}
private function resolveServer()
{
try {
if (isset($this->resource->destination) && $this->resource->destination && isset($this->resource->destination->server)) {
return $this->resource->destination->server;
}
if (method_exists($this->resource, 'server') && $this->resource->server) {
return $this->resource->server;
}
} catch (\Throwable $e) {
return null;
}
return null;
}
public function render()
{
return view('livewire.project.shared.resource-details');
}
}
app/Livewire/Server/Charts.php
+27
View File
@@ -2,11 +2,15 @@
namespace App\Livewire\Server;
use App\Actions\Server\StartSentinel;
use App\Models\Server;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class Charts extends Component
{
use AuthorizesRequests;
public Server $server;
public $chartId = 'server';
@@ -28,6 +32,29 @@ class Charts extends Component
}
}
public function toggleMetrics(): void
{
try {
$this->authorize('update', $this->server);
$this->server->settings->is_metrics_enabled = ! $this->server->settings->is_metrics_enabled;
$this->server->settings->save();
$this->server->refresh();
if ($this->server->isMetricsEnabled()) {
StartSentinel::run($this->server, true);
$this->dispatch('success', 'Metrics enabled. Starting Sentinel.');
$this->dispatch('refreshServerShow');
$this->redirect(route('server.metrics', ['server_uuid' => $this->server->uuid]), navigate: true);
} else {
$this->server->restartSentinel();
$this->dispatch('success', 'Metrics disabled. Restarting Sentinel.');
$this->dispatch('refreshServerShow');
}
} catch (\Throwable $e) {
handleError($e, $this);
}
}
public function pollData()
{
if ($this->poll || $this->interval <= 10) {
app/Livewire/Server/New/ByIp.php
+2 -1
View File
@@ -57,7 +57,7 @@ class ByIp extends Component
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
'ip' => ['required', 'string', new ValidServerIp],
'user' => ['required', 'string', 'regex:/^[a-zA-Z0-9_-]+$/'],
'user' => ValidationPatterns::serverUsernameRules(),
'port' => 'required|integer|between:1,65535',
'is_build_server' => 'required|boolean',
];
@@ -75,6 +75,7 @@ class ByIp extends Component
'ip.string' => 'The IP Address/Domain must be a string.',
'user.required' => 'The User field is required.',
'user.string' => 'The User field must be a string.',
...ValidationPatterns::serverUsernameMessages(),
'port.required' => 'The Port field is required.',
'port.integer' => 'The Port field must be an integer.',
'port.between' => 'The Port field must be between 1 and 65535.',
app/Livewire/Server/Sentinel.php
+8 -14
View File
@@ -15,8 +15,6 @@ class Sentinel extends Component
public Server $server;
public array $parameters = [];
public bool $isMetricsEnabled;
#[Validate(['required', 'string', 'max:500', 'regex:/\A[a-zA-Z0-9._\-+=\/]+\z/'])]
@@ -51,15 +49,9 @@ class Sentinel extends Component
];
}
public function mount(string $server_uuid)
public function mount()
{
try {
$this->server = Server::ownedByCurrentTeam()->whereUuid($server_uuid)->firstOrFail();
$this->parameters = get_route_parameters();
$this->syncData();
} catch (\Throwable) {
return redirect()->route('server.index');
}
$this->syncData();
}
public function syncData(bool $toModel = false)
@@ -112,27 +104,29 @@ class Sentinel extends Component
}
}
public function updatedIsSentinelEnabled($value)
public function toggleSentinel(): void
{
try {
$this->authorize('manageSentinel', $this->server);
if ($value === true) {
if (! $this->isSentinelEnabled) {
if ($this->server->isBuildServer()) {
$this->isSentinelEnabled = false;
$this->dispatch('error', 'Sentinel cannot be enabled on build servers.');
return;
}
$this->isSentinelEnabled = true;
$customImage = isDev() ? $this->sentinelCustomDockerImage : null;
StartSentinel::run($this->server, true, null, $customImage);
} else {
$this->isSentinelEnabled = false;
$this->isMetricsEnabled = false;
$this->isSentinelDebugEnabled = false;
StopSentinel::dispatch($this->server);
}
$this->submit();
$this->dispatch('refreshServerShow');
} catch (\Throwable $e) {
return handleError($e, $this);
handleError($e, $this);
}
}
app/Livewire/Server/Sentinel/Logs.php
+29
View File
@@ -0,0 +1,29 @@
<?php
namespace App\Livewire\Server\Sentinel;
use App\Models\Server;
use Illuminate\View\View;
use Livewire\Component;
class Logs extends Component
{
public ?Server $server = null;
public array $parameters = [];
public function mount(): void
{
$this->parameters = get_route_parameters();
try {
$this->server = Server::ownedByCurrentTeam()->whereUuid(request()->server_uuid)->firstOrFail();
} catch (\Throwable $e) {
handleError($e, $this);
}
}
public function render(): View
{
return view('livewire.server.sentinel.logs');
}
}
app/Livewire/Server/Sentinel/Show.php
+29
View File
@@ -0,0 +1,29 @@
<?php
namespace App\Livewire\Server\Sentinel;
use App\Models\Server;
use Illuminate\View\View;
use Livewire\Component;
class Show extends Component
{
public ?Server $server = null;
public array $parameters = [];
public function mount(): void
{
$this->parameters = get_route_parameters();
try {
$this->server = Server::ownedByCurrentTeam()->whereUuid(request()->server_uuid)->firstOrFail();
} catch (\Throwable $e) {
handleError($e, $this);
}
}
public function render(): View
{
return view('livewire.server.sentinel.show');
}
}
app/Livewire/Server/Show.php
+2 -1
View File
@@ -110,7 +110,7 @@ class Show extends Component
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
'ip' => ['required', new ValidServerIp],
'user' => ['required', 'regex:/^[a-zA-Z0-9_-]+$/'],
'user' => ValidationPatterns::serverUsernameRules(),
'port' => 'required|integer|between:1,65535',
'connectionTimeout' => 'required|integer|min:1|max:300',
'validationLogs' => 'nullable',
@@ -140,6 +140,7 @@ class Show extends Component
[
'ip.required' => 'The IP Address field is required.',
'user.required' => 'The User field is required.',
...ValidationPatterns::serverUsernameMessages(),
'port.required' => 'The Port field is required.',
'connectionTimeout.required' => 'The SSH Connection Timeout field is required.',
'connectionTimeout.integer' => 'The SSH Connection Timeout must be an integer.',
app/Livewire/Settings/ScheduledJobs.php
+47 -9
View File
@@ -8,6 +8,15 @@ use App\Models\ScheduledDatabaseBackupExecution;
use App\Models\ScheduledTask;
use App\Models\ScheduledTaskExecution;
use App\Models\Server;
use App\Models\ServiceDatabase;
use App\Models\StandaloneClickhouse;
use App\Models\StandaloneDragonfly;
use App\Models\StandaloneKeydb;
use App\Models\StandaloneMariadb;
use App\Models\StandaloneMongodb;
use App\Models\StandaloneMysql;
use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis;
use App\Services\SchedulerLogParser;
use Illuminate\Support\Carbon;
use Illuminate\Support\Collection;
@@ -125,7 +134,21 @@ class ScheduledJobs extends Component
: collect();
$backups = $backupIds->isNotEmpty()
? ScheduledDatabaseBackup::with(['database.environment.project'])->whereIn('id', $backupIds)->get()->keyBy('id')
? ScheduledDatabaseBackup::with('database')
->whereIn('id', $backupIds)
->get()
->loadMorph('database', [
ServiceDatabase::class => ['service.environment.project'],
StandaloneClickhouse::class => ['environment.project'],
StandaloneDragonfly::class => ['environment.project'],
StandaloneKeydb::class => ['environment.project'],
StandaloneMariadb::class => ['environment.project'],
StandaloneMongodb::class => ['environment.project'],
StandaloneMysql::class => ['environment.project'],
StandalonePostgresql::class => ['environment.project'],
StandaloneRedis::class => ['environment.project'],
])
->keyBy('id')
: collect();
$servers = $serverIds->isNotEmpty()
@@ -161,14 +184,29 @@ class ScheduledJobs extends Component
if ($backup) {
$database = $backup->database;
$skip['resource_name'] = $database?->name ?? 'Database backup';
$environment = $database?->environment;
$project = $environment?->project;
if ($project && $environment && $database) {
$skip['link'] = route('project.database.backup.index', [
'project_uuid' => $project->uuid,
'environment_uuid' => $environment->uuid,
'database_uuid' => $database->uuid,
]);
if ($database instanceof ServiceDatabase) {
$service = $database->service;
$environment = $service?->environment;
$project = $environment?->project;
if ($project && $environment && $service) {
$skip['link'] = route('project.service.database.backups', [
'project_uuid' => $project->uuid,
'environment_uuid' => $environment->uuid,
'service_uuid' => $service->uuid,
'stack_service_uuid' => $database->uuid,
]);
}
} else {
$environment = $database?->environment;
$project = $environment?->project;
if ($project && $environment && $database) {
$skip['link'] = route('project.database.backup.index', [
'project_uuid' => $project->uuid,
'environment_uuid' => $environment->uuid,
'database_uuid' => $database->uuid,
]);
}
}
}
} elseif ($skip['type'] === 'docker_cleanup') {
app/Livewire/Source/Github/Change.php
+3
View File
@@ -210,6 +210,9 @@ class Change extends Component
GithubAppPermissionJob::dispatchSync($this->github_app);
$this->github_app->refresh()->makeVisible('client_secret')->makeVisible('webhook_secret');
$this->syncData(false);
$this->name = str($this->github_app->name)->kebab();
$this->dispatch('success', 'Github App permissions updated.');
} catch (\Throwable $e) {
// Provide better error message for unsupported key formats
app/Models/Application.php
+62 -13
View File
@@ -204,6 +204,7 @@ class Application extends BaseModel
'config_hash',
'last_online_at',
'restart_count',
'max_restart_count',
'last_restart_at',
'last_restart_type',
'uuid',
@@ -227,6 +228,7 @@ class Application extends BaseModel
'manual_webhook_secret_bitbucket' => 'encrypted',
'manual_webhook_secret_gitea' => 'encrypted',
'restart_count' => 'integer',
'max_restart_count' => 'integer',
'last_restart_at' => 'datetime',
];
}
@@ -570,6 +572,15 @@ class Application extends BaseModel
return null;
}
public function stoppedAfterRestartLimit(): bool
{
return str($this->status)->startsWith('exited')
&& ($this->restart_count ?? 0) > 0
&& ($this->max_restart_count ?? 0) > 0
&& $this->restart_count >= $this->max_restart_count
&& $this->last_restart_type === 'crash';
}
public function taskLink($task_uuid)
{
if (data_get($this, 'environment.project.uuid')) {
@@ -1509,6 +1520,28 @@ class Application extends BaseModel
}
}
private function withGitHttpTransportConfig(?string $gitConfigOptions = null): string
{
return trim(($gitConfigOptions ? "{$gitConfigOptions} " : '').'-c http.version=HTTP/1.1');
}
private function isHttpGitRepository(string $repository): bool
{
return str_starts_with($repository, 'https://') || str_starts_with($repository, 'http://');
}
private function applyGitConfigOptionsToCloneCommand(string $gitCloneCommand, string $gitConfigOptions): string
{
$configuredCommand = preg_replace(
"/^git(?:\s+-c\s+(?:'[^']*'|\S+))*\s+clone\b/",
"git {$gitConfigOptions} clone",
$gitCloneCommand,
1
);
return $configuredCommand ?: $gitCloneCommand;
}
public function generateGitImportCommands(string $deployment_uuid, int $pull_request_id = 0, ?string $git_type = null, bool $exec_in_docker = true, bool $only_checkout = false, ?string $custom_base_dir = null, ?string $commit = null)
{
$branch = $this->git_branch;
@@ -1552,8 +1585,10 @@ class Application extends BaseModel
$fullRepoUrl = "{$this->source->html_url}/{$customRepository}";
$escapedRepoUrl = escapeshellarg("{$this->source->html_url}/{$customRepository}");
$git_clone_command = "{$git_clone_command} {$escapedRepoUrl} {$escapedBaseDir}";
$gitConfigOptions = $this->withGitHttpTransportConfig();
$git_clone_command = $this->applyGitConfigOptionsToCloneCommand($git_clone_command, $gitConfigOptions);
if (! $only_checkout) {
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: true, commit: $commit);
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: true, commit: $commit, gitConfigOptions: $gitConfigOptions);
}
if ($exec_in_docker) {
$commands->push(executeInDocker($deployment_uuid, $git_clone_command));
@@ -1566,6 +1601,7 @@ class Application extends BaseModel
// Rewrite same-host HTTPS URLs only for these git commands so submodules can authenticate without persisting credentials.
$gitConfigOption = '-c '.escapeshellarg("url.{$source_html_url_scheme}://x-access-token:{$encodedToken}@{$source_html_url_host}/.insteadOf={$source_html_url_scheme}://{$source_html_url_host}/");
$gitConfigOptions = $this->withGitHttpTransportConfig($gitConfigOption);
$git_clone_command = str_replace('git clone', "git {$gitConfigOption} clone", $git_clone_command);
if ($exec_in_docker) {
@@ -1579,8 +1615,9 @@ class Application extends BaseModel
$git_clone_command = "{$git_clone_command} {$escapedRepoUrl} {$escapedBaseDir}";
$fullRepoUrl = $repoUrl;
}
$git_clone_command = $this->applyGitConfigOptionsToCloneCommand($git_clone_command, $gitConfigOptions);
if (! $only_checkout) {
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: false, commit: $commit, gitConfigOptions: $gitConfigOption);
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: false, commit: $commit, gitConfigOptions: $gitConfigOptions);
}
if ($exec_in_docker) {
$commands->push(executeInDocker($deployment_uuid, $git_clone_command));
@@ -1591,12 +1628,13 @@ class Application extends BaseModel
if ($pull_request_id !== 0) {
$branch = "pull/{$pull_request_id}/head:$pr_branch_name";
$git_checkout_command = $this->buildGitCheckoutCommand($pr_branch_name, gitConfigOptions: $gitConfigOption ?? null);
$git_checkout_command = $this->buildGitCheckoutCommand($pr_branch_name, gitConfigOptions: $gitConfigOptions ?? null);
$gitCommand = isset($gitConfigOptions) ? "git {$gitConfigOptions}" : 'git';
$escapedPrBranch = escapeshellarg($branch);
if ($exec_in_docker) {
$commands->push(executeInDocker($deployment_uuid, "cd {$escapedBaseDir} && git fetch origin {$escapedPrBranch} && $git_checkout_command"));
$commands->push(executeInDocker($deployment_uuid, "cd {$escapedBaseDir} && {$gitCommand} fetch origin {$escapedPrBranch} && $git_checkout_command"));
} else {
$commands->push("cd {$escapedBaseDir} && git fetch origin {$escapedPrBranch} && $git_checkout_command");
$commands->push("cd {$escapedBaseDir} && {$gitCommand} fetch origin {$escapedPrBranch} && $git_checkout_command");
}
}
@@ -1666,7 +1704,11 @@ class Application extends BaseModel
$fullRepoUrl = $customRepository;
$escapedCustomRepository = escapeshellarg($customRepository);
$git_clone_command = "{$git_clone_command} {$escapedCustomRepository} {$escapedBaseDir}";
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: true, commit: $commit);
$gitConfigOptions = $this->isHttpGitRepository($customRepository) ? $this->withGitHttpTransportConfig() : null;
if ($gitConfigOptions) {
$git_clone_command = $this->applyGitConfigOptionsToCloneCommand($git_clone_command, $gitConfigOptions);
}
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: true, commit: $commit, gitConfigOptions: $gitConfigOptions);
if ($exec_in_docker) {
$commands->push(executeInDocker($deployment_uuid, $git_clone_command));
@@ -1754,11 +1796,15 @@ class Application extends BaseModel
$fullRepoUrl = $customRepository;
$escapedCustomRepository = escapeshellarg($customRepository);
$git_clone_command = "{$git_clone_command} {$escapedCustomRepository} {$escapedBaseDir}";
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: true, commit: $commit);
$gitConfigOptions = $this->isHttpGitRepository($customRepository) ? $this->withGitHttpTransportConfig() : null;
if ($gitConfigOptions) {
$git_clone_command = $this->applyGitConfigOptionsToCloneCommand($git_clone_command, $gitConfigOptions);
}
$git_clone_command = $this->setGitImportSettings($deployment_uuid, $git_clone_command, public: true, commit: $commit, gitConfigOptions: $gitConfigOptions);
$otherSshCommand = "ssh -o ConnectTimeout=30 -p {$customPort} -o Port={$customPort} -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {$customSshKeyLocation} -o IdentitiesOnly=yes";
if ($pull_request_id !== 0) {
$gitCommand = isset($gitConfigOptions) ? "git {$gitConfigOptions}" : 'git';
if ($git_type === 'gitlab') {
$branch = "merge-requests/{$pull_request_id}/head:$pr_branch_name";
if ($exec_in_docker) {
@@ -1766,7 +1812,7 @@ class Application extends BaseModel
} else {
$commands->push("echo 'Checking out $branch'");
}
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$otherSshCommand}\" git fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $otherSshCommand);
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$otherSshCommand}\" {$gitCommand} fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $otherSshCommand, $gitConfigOptions);
} elseif ($git_type === 'github' || $git_type === 'gitea') {
$branch = "pull/{$pull_request_id}/head:$pr_branch_name";
if ($exec_in_docker) {
@@ -1774,14 +1820,14 @@ class Application extends BaseModel
} else {
$commands->push("echo 'Checking out $branch'");
}
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$otherSshCommand}\" git fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $otherSshCommand);
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$otherSshCommand}\" {$gitCommand} fetch origin $branch && ".$this->buildGitCheckoutCommand($pr_branch_name, $otherSshCommand, $gitConfigOptions);
} elseif ($git_type === 'bitbucket') {
if ($exec_in_docker) {
$commands->push(executeInDocker($deployment_uuid, "echo 'Checking out $branch'"));
} else {
$commands->push("echo 'Checking out $branch'");
}
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$otherSshCommand}\" ".$this->buildGitCheckoutCommand($commit, $otherSshCommand);
$git_clone_command = "{$git_clone_command} && cd {$escapedBaseDir} && GIT_SSH_COMMAND=\"{$otherSshCommand}\" ".$this->buildGitCheckoutCommand($commit, $otherSshCommand, $gitConfigOptions);
}
}
@@ -1880,7 +1926,8 @@ class Application extends BaseModel
return;
}
$uuid = new Cuid2;
['commands' => $cloneCommand] = $this->generateGitImportCommands(deployment_uuid: $uuid, only_checkout: true, exec_in_docker: false, custom_base_dir: '.');
['commands' => $cloneCommand] = $this->generateGitImportCommands(deployment_uuid: $uuid, only_checkout: true, exec_in_docker: false, custom_base_dir: 'checkout');
$cloneCommand = str_replace(' clone ', ' clone --quiet ', $cloneCommand);
$workdir = rtrim($this->base_directory, '/');
$composeFile = $this->docker_compose_location;
$fileList = collect([".$workdir$composeFile"]);
@@ -1910,6 +1957,7 @@ class Application extends BaseModel
"mkdir -p /tmp/{$uuid}",
"cd /tmp/{$uuid}",
$cloneCommand,
'cd checkout',
'git sparse-checkout init',
"git sparse-checkout set {$fileList->implode(' ')}",
'git read-tree -mu HEAD',
@@ -1921,6 +1969,7 @@ class Application extends BaseModel
"mkdir -p /tmp/{$uuid}",
"cd /tmp/{$uuid}",
$cloneCommand,
'cd checkout',
'git sparse-checkout init --cone',
"git sparse-checkout set {$fileList->implode(' ')}",
'git read-tree -mu HEAD',
@@ -2353,7 +2402,7 @@ class Application extends BaseModel
'config.build_pack' => 'required|string',
'config.base_directory' => 'required|string',
'config.publish_directory' => 'required|string',
'config.ports_exposes' => 'required|string',
'config.ports_exposes' => 'nullable|string',
'config.settings.is_static' => 'required|boolean',
]);
if ($deepValidator->fails()) {
app/Models/ApplicationDeploymentQueue.php
+16 -2
View File
@@ -2,6 +2,7 @@
namespace App\Models;
use App\Casts\EncryptedArrayCast;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Carbon;
@@ -74,11 +75,24 @@ class ApplicationDeploymentQueue extends Model
'finished_at',
];
/**
* The configuration snapshot/diff hold full (decrypted on read) configuration,
* including unlocked environment variable values. They are only meant for the
* in-app diff modal (which redacts per role) and must never be serialized by the
* API, so hide them globally as defense in depth.
*
* @var array<int, string>
*/
protected $hidden = [
'configuration_snapshot',
'configuration_diff',
];
protected $casts = [
'pull_request_id' => 'integer',
'finished_at' => 'datetime',
'configuration_snapshot' => 'array',
'configuration_diff' => 'array',
'configuration_snapshot' => EncryptedArrayCast::class,
'configuration_diff' => EncryptedArrayCast::class,
];
public function application()
app/Models/Server.php
+3 -2
View File
@@ -17,6 +17,7 @@ use App\Livewire\Server\Proxy;
use App\Notifications\Server\Reachable;
use App\Notifications\Server\Unreachable;
use App\Services\ConfigurationRepository;
use App\Support\ValidationPatterns;
use App\Traits\ClearsGlobalSearchCache;
use App\Traits\HasMetrics;
use App\Traits\HasSafeStringAttribute;
@@ -945,10 +946,10 @@ $schema://$host {
{
return Attribute::make(
get: function ($value) {
return preg_replace('/[^A-Za-z0-9\-_]/', '', $value);
return preg_replace(ValidationPatterns::INVALID_SERVER_USERNAME_CHARACTERS_PATTERN, '', $value);
},
set: function ($value) {
return preg_replace('/[^A-Za-z0-9\-_]/', '', $value);
return preg_replace(ValidationPatterns::INVALID_SERVER_USERNAME_CHARACTERS_PATTERN, '', $value);
}
);
}
app/Models/StandaloneDocker.php
+2 -1
View File
@@ -5,6 +5,7 @@ namespace App\Models;
use App\Jobs\ConnectProxyToNetworksJob;
use App\Support\ValidationPatterns;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Database\Eloquent\Factories\HasFactory;
class StandaloneDocker extends BaseModel
@@ -127,7 +128,7 @@ class StandaloneDocker extends BaseModel
return $this->morphMany(Service::class, 'destination');
}
public function databases()
public function databases(): Collection
{
$postgresqls = $this->postgresqls;
$redis = $this->redis;
app/Notifications/Application/RestartLimitReached.php
+141
View File
@@ -0,0 +1,141 @@
<?php
namespace App\Notifications\Application;
use App\Models\Application;
use App\Notifications\CustomEmailNotification;
use App\Notifications\Dto\DiscordMessage;
use App\Notifications\Dto\PushoverMessage;
use App\Notifications\Dto\SlackMessage;
use Illuminate\Notifications\Messages\MailMessage;
class RestartLimitReached extends CustomEmailNotification
{
public string $resource_name;
public string $project_uuid;
public string $environment_uuid;
public string $environment_name;
public ?string $resource_url = null;
public ?string $fqdn;
public int $restart_count;
public int $max_restart_count;
public function __construct(public Application $resource)
{
$this->onQueue('high');
$this->afterCommit();
$this->resource_name = data_get($resource, 'name');
$this->project_uuid = data_get($resource, 'environment.project.uuid');
$this->environment_uuid = data_get($resource, 'environment.uuid');
$this->environment_name = data_get($resource, 'environment.name');
$this->fqdn = data_get($resource, 'fqdn', null);
$this->restart_count = $resource->restart_count;
$this->max_restart_count = $resource->max_restart_count;
if (str($this->fqdn)->explode(',')->count() > 1) {
$this->fqdn = str($this->fqdn)->explode(',')->first();
}
$this->resource_url = $this->resource->link() ?? base_url()."/project/{$this->project_uuid}/environment/{$this->environment_uuid}/application/{$this->resource->uuid}";
}
public function via(object $notifiable): array
{
return $notifiable->getEnabledChannels('status_change');
}
public function toMail(): MailMessage
{
$mail = new MailMessage;
$mail->subject("Coolify: {$this->resource_name} stopped - restart limit reached ({$this->restart_count}/{$this->max_restart_count})");
$mail->view('emails.application-restart-limit-reached', [
'name' => $this->resource_name,
'fqdn' => $this->fqdn,
'resource_url' => $this->resource_url,
'restart_count' => $this->restart_count,
'max_restart_count' => $this->max_restart_count,
]);
return $mail;
}
public function toDiscord(): DiscordMessage
{
return new DiscordMessage(
title: ':warning: Restart limit reached',
description: "{$this->resource_name} has been stopped after {$this->restart_count} restarts (limit: {$this->max_restart_count}).\n\n[Open Application in Coolify]({$this->resource_url})",
color: DiscordMessage::errorColor(),
isCritical: true,
);
}
public function toTelegram(): array
{
$message = "Coolify: {$this->resource_name} has been stopped after {$this->restart_count} restarts (limit: {$this->max_restart_count}).";
return [
'message' => $message,
'buttons' => [
[
'text' => 'Open Application in Coolify',
'url' => $this->resource_url,
],
],
];
}
public function toPushover(): PushoverMessage
{
$message = "{$this->resource_name} has been stopped after {$this->restart_count} restarts (limit: {$this->max_restart_count}).";
return new PushoverMessage(
title: 'Restart limit reached',
level: 'error',
message: $message,
buttons: [
[
'text' => 'Open Application in Coolify',
'url' => $this->resource_url,
],
],
);
}
public function toSlack(): SlackMessage
{
$title = 'Restart limit reached';
$description = "{$this->resource_name} has been stopped after {$this->restart_count} restarts (limit: {$this->max_restart_count})";
$description .= "\n\n*Project:* ".data_get($this->resource, 'environment.project.name');
$description .= "\n*Environment:* {$this->environment_name}";
$description .= "\n*Application URL:* {$this->resource_url}";
return new SlackMessage(
title: $title,
description: $description,
color: SlackMessage::errorColor()
);
}
public function toWebhook(): array
{
return [
'success' => false,
'message' => 'Restart limit reached',
'event' => 'restart_limit_reached',
'application_name' => $this->resource_name,
'application_uuid' => $this->resource->uuid,
'restart_count' => $this->restart_count,
'max_restart_count' => $this->max_restart_count,
'url' => $this->resource_url,
'project' => data_get($this->resource, 'environment.project.name'),
'environment' => $this->environment_name,
'fqdn' => $this->fqdn,
];
}
}
app/Services/DeploymentConfiguration/ApplicationConfigurationSnapshot.php
+121 -13
View File
@@ -4,10 +4,13 @@ namespace App\Services\DeploymentConfiguration;
use App\Models\Application;
use App\Models\EnvironmentVariable;
use App\Services\DeploymentConfiguration\Concerns\SummarizesDiffText;
use Illuminate\Support\Arr;
class ApplicationConfigurationSnapshot
{
use SummarizesDiffText;
public const SCHEMA_VERSION = 1;
public function __construct(protected Application $application) {}
@@ -115,12 +118,14 @@ class ApplicationConfigurationSnapshot
$this->item('publish_directory', 'Publish directory', $this->application->publish_directory, 'build'),
$this->item('install_command', 'Install command', $this->application->install_command, 'build'),
$this->item('build_command', 'Build command', $this->application->build_command, 'build'),
$this->item('dockerfile', 'Dockerfile', $this->application->dockerfile, 'build', displayValue: $this->summarizeText($this->application->dockerfile)),
$this->item('dockerfile', 'Dockerfile', $this->application->dockerfile, 'build', displayValue: $this->summarizeText($this->application->dockerfile), displayFull: $this->application->dockerfile),
$this->item('dockerfile_location', 'Dockerfile location', $this->application->dockerfile_location, 'build'),
$this->item('dockerfile_target_build', 'Dockerfile target', $this->application->dockerfile_target_build, 'build'),
$this->item('docker_compose_location', 'Docker Compose location', $this->application->docker_compose_location, 'build'),
$this->item('docker_compose', 'Docker Compose', $this->application->docker_compose, 'build', displayValue: $this->summarizeText($this->application->docker_compose)),
$this->item('docker_compose_raw', 'Raw Docker Compose', $this->application->docker_compose_raw, 'build', displayValue: $this->summarizeText($this->application->docker_compose_raw)),
// The generated docker_compose is intentionally excluded: it is re-rendered
// from git on every parse (resolved env, generated labels, deployment context),
// so comparing it would flag a permanent change for git-based compose apps.
$this->item('docker_compose_raw', 'Docker Compose', $this->application->docker_compose_raw, 'build', displayValue: $this->summarizeText($this->application->docker_compose_raw), displayFull: $this->application->docker_compose_raw, diffMode: 'lines'),
$this->item('docker_compose_custom_build_command', 'Docker Compose custom build command', $this->application->docker_compose_custom_build_command, 'build'),
$this->item('custom_docker_run_options', 'Custom Docker run options', $this->application->custom_docker_run_options, 'build'),
$this->item('use_build_secrets', 'Use build secrets', data_get($this->application, 'settings.use_build_secrets'), 'build'),
@@ -162,9 +167,10 @@ class ApplicationConfigurationSnapshot
{
return [
$this->item('fqdn', 'Domains', $this->application->fqdn, 'redeploy'),
$this->item('docker_compose_domains', 'Service domains', $this->decodedComposeDomains(), 'redeploy', displayValue: $this->summarizeText($this->composeDomainsText()), displayFull: $this->composeDomainsText(), diffMode: 'lines'),
$this->item('redirect', 'Redirect', $this->application->redirect, 'redeploy'),
$this->item('custom_labels', 'Container labels', $this->application->custom_labels, 'redeploy', displayValue: $this->summarizeText($this->application->custom_labels)),
$this->item('custom_nginx_configuration', 'Custom Nginx configuration', $this->application->custom_nginx_configuration, 'redeploy', displayValue: $this->summarizeText($this->application->custom_nginx_configuration)),
$this->item('custom_labels', 'Container labels', $this->application->custom_labels, 'redeploy', displayValue: $this->summarizeText($this->decodeCustomLabels($this->application->custom_labels)), displayFull: $this->decodeCustomLabels($this->application->custom_labels), diffMode: 'lines'),
$this->item('custom_nginx_configuration', 'Custom Nginx configuration', $this->application->custom_nginx_configuration, 'redeploy', displayValue: $this->summarizeText($this->application->custom_nginx_configuration), displayFull: $this->application->custom_nginx_configuration),
$this->item('is_force_https_enabled', 'Force HTTPS', data_get($this->application, 'settings.is_force_https_enabled'), 'redeploy'),
$this->item('is_gzip_enabled', 'Gzip', data_get($this->application, 'settings.is_gzip_enabled'), 'redeploy'),
$this->item('is_stripprefix_enabled', 'Strip prefix', data_get($this->application, 'settings.is_stripprefix_enabled'), 'redeploy'),
@@ -234,6 +240,7 @@ class ApplicationConfigurationSnapshot
private function environmentItem(EnvironmentVariable $environmentVariable): array
{
$impact = $environmentVariable->is_buildtime ? 'build' : 'redeploy';
$locked = (bool) $environmentVariable->is_shown_once;
$compareValue = [
'value_hash' => $this->sensitiveHash($environmentVariable->value),
'is_multiline' => $environmentVariable->is_multiline,
@@ -242,20 +249,62 @@ class ApplicationConfigurationSnapshot
'is_runtime' => $environmentVariable->is_runtime,
];
// Locked (is_shown_once) variables are always redacted and never store a value.
if ($locked) {
return $this->item(
key: (string) $environmentVariable->key,
label: (string) $environmentVariable->key,
value: $compareValue,
impact: $impact,
sensitive: true,
displayValue: $this->environmentDisplayValue($environmentVariable),
);
}
// Unlocked variables expose their value so owners/admins can see the change.
// The compare value is pre-hashed (identical formula to the locked branch) so
// change detection stays stable and never carries the raw value; members are
// redacted at render time in ConfigurationChecker; the column is encrypted at rest.
// The value and each scope flag are rendered as their own line and diffed by line,
// so a change to one or more attributes shows exactly what changed (one line each).
$value = (string) $environmentVariable->value;
return $this->item(
key: (string) $environmentVariable->key,
label: (string) $environmentVariable->key,
value: $compareValue,
value: $this->sensitiveHash($this->normalizeValue($compareValue)),
impact: $impact,
sensitive: true,
displayValue: $this->environmentDisplayValue($environmentVariable),
sensitive: false,
displayValue: $this->summarizeText($value),
displayFull: $this->environmentLines($environmentVariable),
diffMode: 'lines',
);
}
/**
* One line per attribute so the line diff surfaces exactly which value/flags changed.
*/
private function environmentLines(EnvironmentVariable $environmentVariable): string
{
$lines = collect();
$value = (string) $environmentVariable->value;
if (filled($value)) {
$lines->push($value);
}
$lines->push('Available at build: '.($environmentVariable->is_buildtime ? 'enabled' : 'disabled'));
$lines->push('Available at runtime: '.($environmentVariable->is_runtime ? 'enabled' : 'disabled'));
$lines->push('Multiline: '.($environmentVariable->is_multiline ? 'enabled' : 'disabled'));
$lines->push('Literal: '.($environmentVariable->is_literal ? 'enabled' : 'disabled'));
return $lines->implode("\n");
}
/**
* @return array<string, mixed>
*/
private function item(string $key, string $label, mixed $value, string $impact, bool $sensitive = false, mixed $displayValue = null): array
private function item(string $key, string $label, mixed $value, string $impact, bool $sensitive = false, mixed $displayValue = null, ?string $displayFull = null, string $diffMode = 'default'): array
{
$normalizedValue = $this->normalizeValue($value);
@@ -264,21 +313,28 @@ class ApplicationConfigurationSnapshot
'label' => $label,
'impact' => $impact,
'sensitive' => $sensitive,
'diff_mode' => $diffMode,
'compare_value' => $sensitive ? $this->sensitiveHash($normalizedValue) : $normalizedValue,
'display_value' => $displayValue ?? $this->displayValue($normalizedValue),
'display_full' => $sensitive ? null : $this->expandableText($displayFull ?? $this->stringifyValue($normalizedValue)),
];
}
private function environmentDisplayValue(EnvironmentVariable $environmentVariable): string
{
$flags = collect([
$flags = $this->environmentFlags($environmentVariable);
return $flags ? "Hidden ({$flags})" : 'Hidden';
}
private function environmentFlags(EnvironmentVariable $environmentVariable): string
{
return collect([
$environmentVariable->is_buildtime ? 'build-time' : null,
$environmentVariable->is_runtime ? 'runtime' : null,
$environmentVariable->is_multiline ? 'multiline' : null,
$environmentVariable->is_literal ? 'literal' : null,
])->filter()->implode(', ');
return $flags ? "Hidden ({$flags})" : 'Hidden';
}
private function sensitiveHash(mixed $value): string
@@ -320,6 +376,58 @@ class ApplicationConfigurationSnapshot
return $this->summarizeText((string) $value);
}
private function stringifyValue(mixed $value): ?string
{
if ($value === null || is_bool($value)) {
return null;
}
if (is_array($value)) {
return json_encode($value, JSON_THROW_ON_ERROR);
}
return (string) $value;
}
/**
* @return array<string, mixed>|null
*/
private function decodedComposeDomains(): ?array
{
if (blank($this->application->docker_compose_domains)) {
return null;
}
$decoded = json_decode((string) $this->application->docker_compose_domains, true);
return is_array($decoded) ? $decoded : null;
}
private function composeDomainsText(): ?string
{
$decoded = $this->decodedComposeDomains();
if (blank($decoded)) {
return null;
}
return collect($decoded)
->map(fn ($value, $service): string => $service.': '.(filled(data_get($value, 'domain')) ? data_get($value, 'domain') : '-'))
->sort()
->implode("\n");
}
private function decodeCustomLabels(?string $value): ?string
{
if (blank($value)) {
return null;
}
$decoded = base64_decode($value, true);
return $decoded === false ? $value : $decoded;
}
private function summarizeText(?string $value): string
{
if (blank($value)) {
@@ -333,6 +441,6 @@ class ApplicationConfigurationSnapshot
return str($value)->limit(80)." ({$lines} lines)";
}
return str($value)->limit(120)->value();
return str($value)->limit(self::SINGLE_LINE_LIMIT)->value();
}
}
app/Services/DeploymentConfiguration/Concerns/SummarizesDiffText.php
+32
View File
@@ -0,0 +1,32 @@
<?php
namespace App\Services\DeploymentConfiguration\Concerns;
trait SummarizesDiffText
{
/**
* Maximum length of a single-line value before it is truncated/considered
* worth expanding. Kept as one constant so the snapshot summary and the
* differ's expand decision never drift apart.
*/
private const SINGLE_LINE_LIMIT = 120;
/**
* Returns the value only when it is worth expanding (multi-line or longer
* than the single-line truncation limit). Otherwise null.
*/
private function expandableText(?string $value): ?string
{
if (blank($value)) {
return null;
}
$value = trim((string) $value);
if (str_contains($value, "\n") || mb_strlen($value) > self::SINGLE_LINE_LIMIT) {
return $value;
}
return null;
}
}
app/Services/DeploymentConfiguration/ConfigurationDiff.php
-16
View File
@@ -2,8 +2,6 @@
namespace App\Services\DeploymentConfiguration;
use Illuminate\Support\Collection;
class ConfigurationDiff
{
/**
@@ -81,20 +79,6 @@ class ConfigurationDiff
return $this->changes;
}
/**
* @return array<string, array{label: string, changes: array<int, array<string, mixed>>}>
*/
public function groupedChanges(): array
{
return collect($this->changes)
->groupBy('section')
->map(fn (Collection $changes): array => [
'label' => (string) data_get($changes->first(), 'section_label', str((string) $changes->keys()->first())->headline()),
'changes' => $changes->values()->all(),
])
->all();
}
/**
* @return array{changed: bool, count: int, requires_build: bool, requires_redeploy: bool, legacy_fallback: bool, changes: array<int, array<string, mixed>>}
*/
app/Services/DeploymentConfiguration/ConfigurationDiffer.php
+90 -2
View File
@@ -2,8 +2,21 @@
namespace App\Services\DeploymentConfiguration;
use App\Services\DeploymentConfiguration\Concerns\SummarizesDiffText;
class ConfigurationDiffer
{
use SummarizesDiffText;
/**
* Keys that must never be reported as changes. The generated docker_compose
* is re-rendered from git on every parse, so legacy snapshots that still
* contain it would otherwise flag a permanent change after it was dropped.
*
* @var array<int, string>
*/
private const IGNORED_KEYS = ['build.docker_compose'];
/**
* @param array<string, mixed> $previousSnapshot
* @param array<string, mixed> $currentSnapshot
@@ -16,6 +29,10 @@ class ConfigurationDiffer
$changes = [];
foreach ($keys as $key) {
if (in_array($key, self::IGNORED_KEYS, true)) {
continue;
}
$previous = $previousItems[$key] ?? null;
$current = $currentItems[$key] ?? null;
@@ -27,6 +44,37 @@ class ConfigurationDiffer
$sensitive = (bool) data_get($item, 'sensitive', false);
$type = $previous === null ? 'added' : ($current === null ? 'removed' : 'changed');
$displaySummary = $sensitive && $type === 'changed' ? 'Changed' : null;
$diffMode = data_get($item, 'diff_mode', 'default');
$oldFull = null;
$newFull = null;
if ($sensitive) {
$oldDisplay = $previous === null ? '-' : '••••••••';
$newDisplay = $current === null ? '-' : '••••••••';
} elseif ($diffMode === 'lines' && $type === 'changed') {
[$oldDisplay, $newDisplay] = $this->changedLines(
data_get($previous, 'display_full'),
data_get($current, 'display_full'),
);
// No line-level difference (e.g. only reordering) — fall back to the summary.
if ($oldDisplay === '-' && $newDisplay === '-') {
$oldDisplay = data_get($previous, 'display_value', '-');
$newDisplay = data_get($current, 'display_value', '-');
}
// Expansion reveals the full changed lines, not the entire value.
$oldFull = $this->expandableText($oldDisplay);
$newFull = $this->expandableText($newDisplay);
} else {
$oldDisplay = data_get($previous, 'display_value', '-');
$newDisplay = data_get($current, 'display_value', '-');
$oldFull = data_get($previous, 'display_full');
$newFull = data_get($current, 'display_full');
}
$expandable = ! $sensitive && (filled($oldFull) || filled($newFull));
$changes[] = [
'key' => $key,
@@ -37,14 +85,54 @@ class ConfigurationDiffer
'impact' => data_get($item, 'impact', 'redeploy'),
'sensitive' => $sensitive,
'display_summary' => $displaySummary,
'old_display_value' => $sensitive ? ($previous === null ? '-' : '••••••••') : data_get($previous, 'display_value', '-'),
'new_display_value' => $sensitive ? ($current === null ? '-' : '••••••••') : data_get($current, 'display_value', '-'),
'old_display_value' => $oldDisplay,
'new_display_value' => $newDisplay,
'old_full_value' => $oldFull,
'new_full_value' => $newFull,
'expandable' => $expandable,
];
}
return ConfigurationDiff::fromChanges($changes);
}
/**
* Reduce two multi-line values to only the lines that differ, so the modal
* shows just the changed container labels instead of the whole block.
*
* @return array{0: string, 1: string}
*/
private function changedLines(?string $old, ?string $new): array
{
$oldLines = $this->textLines($old);
$newLines = $this->textLines($new);
$removed = array_values(array_diff($oldLines, $newLines));
$added = array_values(array_diff($newLines, $oldLines));
return [
$removed === [] ? '-' : implode("\n", $removed),
$added === [] ? '-' : implode("\n", $added),
];
}
/**
* @return array<int, string>
*/
private function textLines(?string $value): array
{
if (blank($value)) {
return [];
}
// Keep leading indentation (meaningful for YAML/compose), drop trailing whitespace.
return collect(preg_split('/\r\n|\r|\n/', (string) $value))
->map(fn (string $line): string => rtrim($line))
->filter(fn (string $line): bool => trim($line) !== '')
->values()
->all();
}
/**
* @param array<string, mixed> $snapshot
* @return array<string, array<string, mixed>>
app/Support/ValidationPatterns.php
+33
View File
@@ -35,6 +35,17 @@ class ValidationPatterns
*/
public const DOCKER_TARGET_PATTERN = '/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/';
/**
* Pattern for SSH usernames.
* Allows alphanumeric characters, dots, hyphens, and underscores.
*/
public const SERVER_USERNAME_PATTERN = '/^[a-zA-Z0-9._-]+$/';
/**
* Pattern for removing characters not allowed in SSH usernames.
*/
public const INVALID_SERVER_USERNAME_CHARACTERS_PATTERN = '/[^A-Za-z0-9.\-_]/';
/**
* Token-aware pattern for shell-safe command strings (docker compose commands, docker run options).
*
@@ -283,6 +294,28 @@ class ValidationPatterns
return $rules;
}
/**
* Get validation rules for SSH username fields.
*/
public static function serverUsernameRules(bool $required = true): array
{
return [
$required ? 'required' : 'nullable',
'string',
'regex:'.self::SERVER_USERNAME_PATTERN,
];
}
/**
* Get validation messages for SSH username fields.
*/
public static function serverUsernameMessages(string $field = 'user', string $label = 'User'): array
{
return [
"{$field}.regex" => "The {$label} may only contain letters, numbers, dots, hyphens, and underscores.",
];
}
/**
* Get validation messages for database identifier fields.
*/
bootstrap/helpers/docker.php
+13 -11
View File
@@ -86,7 +86,7 @@ function format_docker_command_output_to_json($rawOutput): Collection
return $outputLines
->reject(fn ($line) => empty($line))
->map(fn ($outputLine) => json_decode($outputLine, true, flags: JSON_THROW_ON_ERROR));
} catch (\Throwable) {
} catch (Throwable) {
return collect([]);
}
}
@@ -123,7 +123,7 @@ function format_docker_envs_to_json($rawOutput)
return [$env[0] => $env[1]];
});
} catch (\Throwable) {
} catch (Throwable) {
return collect([]);
}
}
@@ -255,12 +255,12 @@ function defaultLabels($id, $name, string $projectName, string $resourceName, st
function generateServiceSpecificFqdns(ServiceApplication|Application $resource)
{
if ($resource->getMorphClass() === \App\Models\ServiceApplication::class) {
if ($resource->getMorphClass() === ServiceApplication::class) {
$uuid = data_get($resource, 'uuid');
$server = data_get($resource, 'service.server');
$environment_variables = data_get($resource, 'service.environment_variables');
$type = $resource->serviceType();
} elseif ($resource->getMorphClass() === \App\Models\Application::class) {
} elseif ($resource->getMorphClass() === Application::class) {
$uuid = data_get($resource, 'uuid');
$server = data_get($resource, 'destination.server');
$environment_variables = data_get($resource, 'environment_variables');
@@ -641,7 +641,7 @@ function fqdnLabelsForTraefik(string $uuid, Collection $domains, bool $is_force_
}
}
}
} catch (\Throwable) {
} catch (Throwable) {
continue;
}
}
@@ -1000,6 +1000,7 @@ function convertDockerRunToCompose(?string $custom_docker_run_options = null)
'--ulimit',
'--device',
'--shm-size',
'--dns',
]);
$mapping = collect([
'--cap-add' => 'cap_add',
@@ -1013,6 +1014,7 @@ function convertDockerRunToCompose(?string $custom_docker_run_options = null)
'--ip' => 'ip',
'--ip6' => 'ip6',
'--shm-size' => 'shm_size',
'--dns' => 'dns',
'--gpus' => 'gpus',
'--hostname' => 'hostname',
'--entrypoint' => 'entrypoint',
@@ -1219,7 +1221,7 @@ function validateComposeFile(string $compose, int $server_id): string|Throwable
$server = Server::ownedByCurrentTeam()->find($server_id);
try {
if (! $server) {
throw new \Exception('Server not found');
throw new Exception('Server not found');
}
$yaml_compose = Yaml::parse($compose);
@@ -1235,7 +1237,7 @@ function validateComposeFile(string $compose, int $server_id): string|Throwable
], $server);
return 'OK';
} catch (\Throwable $e) {
} catch (Throwable $e) {
return $e->getMessage();
} finally {
if (filled($server)) {
@@ -1351,10 +1353,10 @@ function escapeBashDoubleQuoted(?string $value): string
* Generate Docker build arguments from environment variables collection
* Returns only keys (no values) since values are sourced from environment via export
*
* @param \Illuminate\Support\Collection|array $variables Collection of variables with 'key', 'value', and optionally 'is_multiline'
* @return \Illuminate\Support\Collection Collection of formatted --build-arg strings (keys only)
* @param Collection|array $variables Collection of variables with 'key', 'value', and optionally 'is_multiline'
* @return Collection Collection of formatted --build-arg strings (keys only)
*/
function generateDockerBuildArgs($variables): \Illuminate\Support\Collection
function generateDockerBuildArgs($variables): Collection
{
$variables = collect($variables);
@@ -1369,7 +1371,7 @@ function generateDockerBuildArgs($variables): \Illuminate\Support\Collection
/**
* Generate Docker environment flags from environment variables collection
*
* @param \Illuminate\Support\Collection|array $variables Collection of variables with 'key', 'value', and optionally 'is_multiline'
* @param Collection|array $variables Collection of variables with 'key', 'value', and optionally 'is_multiline'
* @return string Space-separated environment flags
*/
function generateDockerEnvFlags($variables): string
bootstrap/helpers/github.php
+17 -10
View File
@@ -4,6 +4,7 @@ use App\Models\GithubApp;
use App\Models\GitlabApp;
use Carbon\Carbon;
use Carbon\CarbonImmutable;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Str;
use Lcobucci\JWT\Encoding\ChainedFormatter;
@@ -20,7 +21,7 @@ function generateGithubToken(GithubApp $source, string $type)
$timeDiff = abs($serverTime->diffInSeconds($githubTime));
if ($timeDiff > 50) {
throw new \Exception(
throw new Exception(
'System time is out of sync with GitHub API time:<br>'.
'- System time: '.$serverTime->format('Y-m-d H:i:s').' UTC<br>'.
'- GitHub time: '.$githubTime->format('Y-m-d H:i:s').' UTC<br>'.
@@ -60,7 +61,7 @@ function generateGithubToken(GithubApp $source, string $type)
return $response->json()['token'];
})(),
default => throw new \InvalidArgumentException("Unsupported token type: {$type}")
default => throw new InvalidArgumentException("Unsupported token type: {$type}")
};
}
@@ -77,11 +78,11 @@ function generateGithubJwt(GithubApp $source)
function githubApi(GithubApp|GitlabApp|null $source, string $endpoint, string $method = 'get', ?array $data = null, bool $throwError = true)
{
if (is_null($source)) {
throw new \Exception('Source is required for API calls');
throw new Exception('Source is required for API calls');
}
if ($source->getMorphClass() !== GithubApp::class) {
throw new \InvalidArgumentException("Unsupported source type: {$source->getMorphClass()}");
throw new InvalidArgumentException("Unsupported source type: {$source->getMorphClass()}");
}
if ($source->is_public) {
@@ -100,7 +101,7 @@ function githubApi(GithubApp|GitlabApp|null $source, string $endpoint, string $m
$errorMessage = data_get($response->json(), 'message', 'no error message found');
$remainingCalls = $response->header('X-RateLimit-Remaining', '0');
throw new \Exception(
throw new Exception(
'GitHub API call failed:<br>'.
"Error: {$errorMessage}<br>".
'Rate Limit Status:<br>'.
@@ -116,13 +117,19 @@ function githubApi(GithubApp|GitlabApp|null $source, string $endpoint, string $m
];
}
function getInstallationPath(GithubApp $source)
function getInstallationPath(GithubApp $source): string
{
$github = GithubApp::where('uuid', $source->uuid)->first();
$name = str(Str::kebab($github->name));
$installation_path = $github->html_url === 'https://github.com' ? 'apps' : 'github-apps';
$name = str(Str::kebab($source->name));
$installation_path = $source->html_url === 'https://github.com' ? 'apps' : 'github-apps';
$state = Str::random(64);
return "$github->html_url/$installation_path/$name/installations/new";
Cache::put('github-app-setup-state:'.hash('sha256', $state), [
'action' => 'install',
'github_app_id' => $source->id,
'team_id' => $source->team_id,
], now()->addMinutes(60));
return "$source->html_url/$installation_path/$name/installations/new?".http_build_query(['state' => $state]);
}
function getPermissionsPath(GithubApp $source)
bootstrap/helpers/proxy.php
+5 -4
View File
@@ -4,6 +4,7 @@ use App\Actions\Proxy\SaveProxyConfiguration;
use App\Enums\ProxyTypes;
use App\Models\Application;
use App\Models\Server;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Log;
use Symfony\Component\Yaml\Yaml;
@@ -137,7 +138,7 @@ function connectProxyToNetworks(Server $server)
* This must be called BEFORE docker compose up since the compose file declares networks as external.
*
* @param Server $server The server to ensure networks on
* @return \Illuminate\Support\Collection Commands to create networks if they don't exist
* @return Collection Commands to create networks if they don't exist
*/
function ensureProxyNetworksExist(Server $server)
{
@@ -215,7 +216,7 @@ function extractCustomProxyCommands(Server $server, string $existing_config): ar
$custom_commands[] = $command;
}
}
} catch (\Exception $e) {
} catch (Exception $e) {
// If we can't parse the config, return empty array
// Silently fail to avoid breaking the proxy regeneration
}
@@ -436,7 +437,7 @@ function getExactTraefikVersionFromContainer(Server $server): ?string
Log::debug("getExactTraefikVersionFromContainer: Server '{$server->name}' (ID: {$server->id}) - Could not detect exact version");
return null;
} catch (\Exception $e) {
} catch (Exception $e) {
Log::error("getExactTraefikVersionFromContainer: Server '{$server->name}' (ID: {$server->id}) - Error: ".$e->getMessage());
return null;
@@ -483,7 +484,7 @@ function getTraefikVersionFromDockerCompose(Server $server): ?string
Log::debug("getTraefikVersionFromDockerCompose: Server '{$server->name}' (ID: {$server->id}) - Image format doesn't match expected pattern: {$image}");
return null;
} catch (\Exception $e) {
} catch (Exception $e) {
Log::error("getTraefikVersionFromDockerCompose: Server '{$server->name}' (ID: {$server->id}) - Error: ".$e->getMessage());
return null;
bootstrap/helpers/remoteProcess.php
+9 -2
View File
@@ -200,6 +200,7 @@ function decode_remote_command_output(?ApplicationDeploymentQueue $application_d
}
$application = Application::find(data_get($application_deployment_queue, 'application_id'));
$is_debug_enabled = data_get($application, 'settings.is_debug_enabled');
$serverTimezone = getServerTimezone(data_get($application, 'destination.server'));
$logs = data_get($application_deployment_queue, 'logs');
if (empty($logs)) {
@@ -240,8 +241,14 @@ function decode_remote_command_output(?ApplicationDeploymentQueue $application_d
return $formatted
->sortBy(fn ($i) => data_get($i, 'order'))
->map(function ($i) {
data_set($i, 'timestamp', Carbon::parse(data_get($i, 'timestamp'))->format('Y-M-d H:i:s.u'));
->map(function ($i) use ($serverTimezone) {
$timestamp = Carbon::parse(data_get($i, 'timestamp'));
try {
$timestamp->setTimezone($serverTimezone);
} catch (Exception) {
$timestamp->setTimezone('UTC');
}
data_set($i, 'timestamp', $timestamp->format('Y-M-d H:i:s.u'));
return $i;
})
bootstrap/helpers/shared.php
+3 -3
View File
@@ -1865,15 +1865,15 @@ function isBase64Encoded($strValue)
{
return base64_encode(base64_decode($strValue, true)) === $strValue;
}
function customApiValidator(Collection|array $item, array $rules)
function customApiValidator(Collection|array $item, array $rules, array $messages = [])
{
if (is_array($item)) {
$item = collect($item);
}
return Validator::make($item->toArray(), $rules, [
return Validator::make($item->toArray(), $rules, array_merge([
'required' => 'This field is required.',
]);
], $messages));
}
function parseDockerComposeFile(Service|Application $resource, bool $isNew = false, int $pull_request_id = 0, ?int $preview_id = null)
{
config/purify.php
+2 -1
View File
@@ -1,5 +1,6 @@
<?php
use Stevebauman\Purify\Cache\CacheDefinitionCache;
use Stevebauman\Purify\Definitions\Html5Definition;
return [
@@ -114,7 +115,7 @@ return [
'serializer' => [
'driver' => env('CACHE_STORE', env('CACHE_DRIVER', 'file')),
'cache' => \Stevebauman\Purify\Cache\CacheDefinitionCache::class,
'cache' => CacheDefinitionCache::class,
],
// 'serializer' => [
database/migrations/2026_03_26_000000_make_ports_exposes_nullable_in_applications_table.php
+22
View File
@@ -0,0 +1,22 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up(): void
{
Schema::table('applications', function (Blueprint $table) {
$table->string('ports_exposes')->nullable()->change();
});
}
public function down(): void
{
Schema::table('applications', function (Blueprint $table) {
$table->string('ports_exposes')->nullable(false)->default('')->change();
});
}
};
database/migrations/2026_03_27_000000_add_max_restart_count_to_applications.php
+22
View File
@@ -0,0 +1,22 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
public function up(): void
{
Schema::table('applications', function (Blueprint $blueprint) {
$blueprint->integer('max_restart_count')->default(10)->after('restart_count');
});
}
public function down(): void
{
Schema::table('applications', function (Blueprint $blueprint) {
$blueprint->dropColumn('max_restart_count');
});
}
};
database/migrations/2026_05_29_000000_encrypt_application_deployment_configuration_columns.php
+23
View File
@@ -0,0 +1,23 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Support\Facades\DB;
return new class extends Migration
{
/**
* The configuration snapshot/diff now store an encrypted blob (not valid
* JSON), so the columns must hold arbitrary text instead of json.
*/
public function up(): void
{
DB::statement('ALTER TABLE application_deployment_queues ALTER COLUMN configuration_snapshot TYPE text USING configuration_snapshot::text');
DB::statement('ALTER TABLE application_deployment_queues ALTER COLUMN configuration_diff TYPE text USING configuration_diff::text');
}
public function down(): void
{
DB::statement('ALTER TABLE application_deployment_queues ALTER COLUMN configuration_snapshot TYPE json USING configuration_snapshot::json');
DB::statement('ALTER TABLE application_deployment_queues ALTER COLUMN configuration_diff TYPE json USING configuration_diff::json');
}
};
database/seeders/SharedEnvironmentVariableSeeder.php
+1 -1
View File
@@ -35,7 +35,7 @@ class SharedEnvironmentVariableSeeder extends Seeder
]);
// Add predefined server variables to all existing servers
$servers = \App\Models\Server::all();
$servers = Server::all();
foreach ($servers as $server) {
SharedEnvironmentVariable::firstOrCreate([
'key' => 'COOLIFY_SERVER_UUID',
docker/testing-host/Dockerfile
+16 -3
View File
@@ -20,9 +20,22 @@ ENV PATH="/host/usr/local/sbin:/host/usr/local/bin:/host/usr/sbin:/host/usr/bin:
RUN apt update && apt -y install openssh-client openssh-server curl wget git jq jc
RUN mkdir -p ~/.docker/cli-plugins
RUN curl -sSL https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx
RUN curl -sSL https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
RUN (curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz | tar -C /usr/bin/ --no-same-owner -xzv --strip-components=1 docker/docker)
# Download architecture-matched Docker CLI, buildx, and compose binaries.
# This image is published as a multi-arch manifest (amd64 + arm64), so the
# downloaded binaries must match TARGETPLATFORM or they fail with "exec format error"
# when the container runs on the other architecture.
RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then \
curl -sSL https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx && \
curl -sSL https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose && \
(curl -sSL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz | tar -C /usr/bin/ --no-same-owner -xzv --strip-components=1 docker/docker); \
elif [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \
curl -sSL https://github.com/docker/buildx/releases/download/v${DOCKER_BUILDX_VERSION}/buildx-v${DOCKER_BUILDX_VERSION}.linux-arm64 -o ~/.docker/cli-plugins/docker-buildx && \
curl -sSL https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-aarch64 -o ~/.docker/cli-plugins/docker-compose && \
(curl -sSL https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz | tar -C /usr/bin/ --no-same-owner -xzv --strip-components=1 docker/docker); \
else \
echo "Unsupported TARGETPLATFORM: ${TARGETPLATFORM}" && exit 1; \
fi
RUN chmod +x ~/.docker/cli-plugins/docker-compose /usr/bin/docker /root/.docker/cli-plugins/docker-buildx
openapi.json
+4 -8
View File
@@ -79,8 +79,7 @@
"environment_uuid",
"git_repository",
"git_branch",
"build_pack",
"ports_exposes"
"build_pack"
],
"properties": {
"project_uuid": {
@@ -526,8 +525,7 @@
"github_app_uuid",
"git_repository",
"git_branch",
"build_pack",
"ports_exposes"
"build_pack"
],
"properties": {
"project_uuid": {
@@ -977,8 +975,7 @@
"private_key_uuid",
"git_repository",
"git_branch",
"build_pack",
"ports_exposes"
"build_pack"
],
"properties": {
"project_uuid": {
@@ -1775,8 +1772,7 @@
"server_uuid",
"environment_name",
"environment_uuid",
"docker_registry_image_name",
"ports_exposes"
"docker_registry_image_name"
],
"properties": {
"project_uuid": {
openapi.yaml
-4
View File
@@ -59,7 +59,6 @@ paths:
- git_repository
- git_branch
- build_pack
- ports_exposes
properties:
project_uuid:
type: string
@@ -344,7 +343,6 @@ paths:
- git_repository
- git_branch
- build_pack
- ports_exposes
properties:
project_uuid:
type: string
@@ -632,7 +630,6 @@ paths:
- git_repository
- git_branch
- build_pack
- ports_exposes
properties:
project_uuid:
type: string
@@ -1141,7 +1138,6 @@ paths:
- environment_name
- environment_uuid
- docker_registry_image_name
- ports_exposes
properties:
project_uuid:
type: string
resources/views/components/deployment/configuration-diff.blade.php
+54 -7
View File
@@ -4,7 +4,7 @@
])
@php
$changes = collect(data_get($diff, 'changes', []))->filter(fn ($change) => data_get($change, 'key') !== 'domains.custom_labels')->values()->all();
$changes = collect(data_get($diff, 'changes', []))->values()->all();
$count = count($changes);
$requiresBuild = collect($changes)->contains(fn ($change) => data_get($change, 'impact') === 'build');
@endphp
@@ -41,16 +41,63 @@
</div>
<div class="divide-y divide-neutral-300 dark:divide-coolgray-200">
@foreach ($sectionChanges as $change)
@php
$changeKey = (string) data_get($change, 'key');
$expandable = data_get($change, 'expandable', false);
$oldDisplay = (string) data_get($change, 'old_display_value');
$newDisplay = (string) data_get($change, 'new_display_value');
$oldFull = data_get($change, 'old_full_value') ?? $oldDisplay;
$newFull = data_get($change, 'new_full_value') ?? $newDisplay;
$label = (string) data_get($change, 'label');
$labelTruncated = mb_strlen($label) > 20;
$rowExpandable = $expandable || $labelTruncated;
@endphp
<div class="grid grid-cols-[12rem_1fr_1.5rem_1fr] items-start gap-2 px-3 py-1.5 text-neutral-700 dark:text-neutral-300">
<div class="shrink-0 font-medium text-black dark:text-white">
{{ data_get($change, 'label') }}
<div class="min-w-0 shrink-0 font-medium text-black dark:text-white">
@if ($rowExpandable)
<div class="break-words"
:class="expandedRows['{{ $changeKey }}'] ? '' : 'truncate'"
x-text="expandedRows['{{ $changeKey }}'] ? @js($label) : @js((string) str($label)->limit(20))"></div>
@else
{{ $label }}
@endif
</div>
<div class="truncate text-red-700 dark:text-red-400/80" title="{{ data_get($change, 'old_display_value') }}">
{{ data_get($change, 'old_display_value') }}
<div class="min-w-0 text-red-700 dark:text-red-400/80">
@if ($expandable)
<div class="break-words"
:class="expandedRows['{{ $changeKey }}'] ? 'whitespace-pre-wrap' : 'truncate'"
x-text="expandedRows['{{ $changeKey }}'] ? @js($oldFull) : @js($oldDisplay)"></div>
@else
<div class="truncate">{{ $oldDisplay }}</div>
@endif
</div>
<div class="text-center text-neutral-500 dark:text-neutral-400"></div>
<div class="truncate text-green-700 dark:text-green-500" title="{{ data_get($change, 'new_display_value') }}">
{{ data_get($change, 'new_display_value') }}
<div class="flex min-w-0 items-start gap-1 text-green-700 dark:text-green-500">
<div class="min-w-0 flex-1">
@if ($expandable)
<div class="break-words"
:class="expandedRows['{{ $changeKey }}'] ? 'whitespace-pre-wrap' : 'truncate'"
x-text="expandedRows['{{ $changeKey }}'] ? @js($newFull) : @js($newDisplay)"></div>
@else
<div class="truncate">{{ $newDisplay }}</div>
@endif
</div>
@if ($rowExpandable)
<button type="button"
x-on:click="expandedRows['{{ $changeKey }}'] = ! expandedRows['{{ $changeKey }}']"
:aria-expanded="!! expandedRows['{{ $changeKey }}']"
title="Toggle full value"
class="mt-0.5 flex h-5 w-5 shrink-0 items-center justify-center text-neutral-400 transition hover:text-black dark:hover:text-white">
<svg x-show="! expandedRows['{{ $changeKey }}']" class="h-3.5 w-3.5"
viewBox="0 0 20 20" fill="currentColor">
<path fill-rule="evenodd" d="M13.28 7.78l3.22-3.22v2.69a.75.75 0 0 0 1.5 0v-4.5a.75.75 0 0 0-.75-.75h-4.5a.75.75 0 0 0 0 1.5h2.69l-3.22 3.22a.75.75 0 0 0 1.06 1.06ZM2 17.25v-4.5a.75.75 0 0 1 1.5 0v2.69l3.22-3.22a.75.75 0 0 1 1.06 1.06L4.56 16.5h2.69a.75.75 0 0 1 0 1.5h-4.5a.75.75 0 0 1-.75-.75Z" clip-rule="evenodd" />
</svg>
<svg x-show="expandedRows['{{ $changeKey }}']" x-cloak class="h-3.5 w-3.5"
viewBox="0 0 20 20" fill="currentColor">
<path fill-rule="evenodd" d="M3.28 2.22a.75.75 0 0 0-1.06 1.06L5.44 6.5H2.75a.75.75 0 0 0 0 1.5h4.5A.75.75 0 0 0 8 7.25v-4.5a.75.75 0 0 0-1.5 0v2.69L3.28 2.22ZM13.5 2.75a.75.75 0 0 0-1.5 0v4.5c0 .414.336.75.75.75h4.5a.75.75 0 0 0 0-1.5h-2.69l3.22-3.22a.75.75 0 0 0-1.06-1.06L13.5 5.44V2.75ZM3.28 17.78l3.22-3.22v2.69a.75.75 0 0 0 1.5 0v-4.5a.75.75 0 0 0-.75-.75h-4.5a.75.75 0 0 0 0 1.5h2.69l-3.22 3.22a.75.75 0 1 0 1.06 1.06ZM12 12.75c0-.414.336-.75.75-.75h4.5a.75.75 0 0 1 0 1.5h-2.69l3.22 3.22a.75.75 0 1 1-1.06 1.06l-3.22-3.22v2.69a.75.75 0 0 1-1.5 0v-4.5Z" clip-rule="evenodd" />
</svg>
</button>
@endif
</div>
</div>
@endforeach
resources/views/components/forms/copy-button.blade.php
+10 -3
View File
@@ -1,7 +1,13 @@
@props(['text'])
@props(['text', 'label' => null])
<div class="relative" x-data="{ copied: false, isSecure: window.isSecureContext }">
<input type="text" value="{{ $text }}" readonly class="input">
<div class="w-full" x-data="{ copied: false, isSecure: window.isSecureContext }">
@if ($label)
<label class="flex gap-1 items-center mb-1 text-sm font-medium">{{ $label }}</label>
@endif
<div class="relative">
<input type="text" value="{{ $text }}" class="input pr-10"
@keydown.prevent @paste.prevent @cut.prevent @drop.prevent
@focus="$event.target.select()">
<button
x-show="isSecure"
@click.prevent="copied = true; navigator.clipboard.writeText({{ Js::from($text) }}); setTimeout(() => copied = false, 1000)"
@@ -15,4 +21,5 @@
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7" />
</svg>
</button>
</div>
</div>
resources/views/components/modal-input.blade.php
+24 -22
View File
@@ -36,32 +36,34 @@
<template x-teleport="body">
<div x-show="modalOpen"
x-init="$watch('modalOpen', value => { if(value) { $nextTick(() => { const firstInput = $el.querySelector('input, textarea, select'); firstInput?.focus(); }) } })"
class="fixed top-0 left-0 z-99 flex items-center justify-center w-screen h-screen p-4">
class="fixed inset-0 z-99 overflow-y-auto">
<div x-show="modalOpen" x-transition:enter="ease-out duration-100" x-transition:enter-start="opacity-0"
x-transition:enter-end="opacity-100" x-transition:leave="ease-in duration-100"
x-transition:leave-start="opacity-100" x-transition:leave-end="opacity-0"
@if ($closeOutside) @click="modalOpen=false" @endif
class="absolute inset-0 w-full h-full bg-black/20 backdrop-blur-xs"></div>
<div id="{{ $modalId }}" x-show="modalOpen" x-trap.inert.noscroll="modalOpen"
x-transition:enter="ease-out duration-100"
x-transition:enter-start="opacity-0 -translate-y-2 sm:scale-95"
x-transition:enter-end="opacity-100 translate-y-0 sm:scale-100"
x-transition:leave="ease-in duration-100"
x-transition:leave-start="opacity-100 translate-y-0 sm:scale-100"
x-transition:leave-end="opacity-0 -translate-y-2 sm:scale-95"
class="relative w-full lg:w-auto lg:min-w-2xl lg:max-w-4xl border rounded-sm drop-shadow-sm bg-white border-neutral-200 dark:bg-base dark:border-coolgray-300 flex flex-col">
<div class="flex items-center justify-between py-6 px-6 shrink-0">
<h3 class="text-2xl font-bold">{{ $title }}</h3>
<button @click="modalOpen=false"
class="absolute top-0 right-0 flex items-center justify-center w-8 h-8 mt-5 mr-5 rounded-full dark:text-white hover:bg-neutral-100 dark:hover:bg-coolgray-300 outline-0 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-coollabs dark:focus-visible:ring-warning focus-visible:ring-offset-2 dark:focus-visible:ring-offset-base">
<svg class="w-5 h-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
stroke-width="1.5" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" d="M6 18L18 6M6 6l12 12" />
</svg>
</button>
</div>
<div class="relative flex items-center justify-center w-auto px-6 pb-6">
{{ $slot }}
<div @if ($closeOutside) @click.self="modalOpen=false" @endif class="relative flex min-h-full items-start justify-center p-4 sm:items-center">
<div id="{{ $modalId }}" x-show="modalOpen" x-trap.inert.noscroll="modalOpen"
x-transition:enter="ease-out duration-100"
x-transition:enter-start="opacity-0 -translate-y-2 sm:scale-95"
x-transition:enter-end="opacity-100 translate-y-0 sm:scale-100"
x-transition:leave="ease-in duration-100"
x-transition:leave-start="opacity-100 translate-y-0 sm:scale-100"
x-transition:leave-end="opacity-0 -translate-y-2 sm:scale-95"
class="relative flex max-h-[calc(100dvh-2rem)] w-full flex-col overflow-hidden rounded-sm border border-neutral-200 bg-white drop-shadow-sm dark:border-coolgray-300 dark:bg-base lg:w-auto lg:min-w-2xl lg:max-w-4xl">
<div class="flex items-center justify-between py-6 px-6 shrink-0">
<h3 class="text-2xl font-bold">{{ $title }}</h3>
<button @click="modalOpen=false"
class="absolute cursor-pointer top-0 right-0 flex items-center justify-center w-8 h-8 mt-5 mr-5 rounded-full dark:text-white hover:bg-neutral-100 dark:hover:bg-coolgray-300 outline-0 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-coollabs dark:focus-visible:ring-warning focus-visible:ring-offset-2 dark:focus-visible:ring-offset-base">
<svg class="w-5 h-5" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24"
stroke-width="1.5" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" d="M6 18L18 6M6 6l12 12" />
</svg>
</button>
</div>
<div class="relative min-h-0 flex-1 overflow-y-auto px-6 pb-6 pt-1"
style="-webkit-overflow-scrolling: touch;">
{{ $slot }}
</div>
</div>
</div>
</div>
resources/views/components/server/sidebar-sentinel.blade.php
+10
View File
@@ -0,0 +1,10 @@
<div class="sub-menu-wrapper">
<a class="{{ request()->routeIs('server.sentinel') ? 'sub-menu-item menu-item-active' : 'sub-menu-item' }}" {{ wireNavigate() }}
href="{{ route('server.sentinel', $parameters) }}">
<span class="menu-item-label">Configuration</span>
</a>
<a class="{{ request()->routeIs('server.sentinel.logs') ? 'sub-menu-item menu-item-active' : 'sub-menu-item' }}" {{ wireNavigate() }}
href="{{ route('server.sentinel.logs', $parameters) }}">
<span class="menu-item-label">Logs</span>
</a>
</div>
resources/views/components/server/sidebar.blade.php
+1 -6
View File
@@ -6,11 +6,6 @@
href="{{ route('server.advanced', ['server_uuid' => $server->uuid]) }}"><span class="menu-item-label">Advanced</span>
</a>
@endif
@if ($server->isFunctional() && !$server->isSwarm() && !$server->isBuildServer())
<a class="sub-menu-item {{ $activeMenu === 'sentinel' ? 'menu-item-active' : '' }}" {{ wireNavigate() }}
href="{{ route('server.sentinel', ['server_uuid' => $server->uuid]) }}"><span class="menu-item-label">Sentinel</span>
</a>
@endif
<a class="sub-menu-item {{ $activeMenu === 'private-key' ? 'menu-item-active' : '' }}" {{ wireNavigate() }}
href="{{ route('server.private-key', ['server_uuid' => $server->uuid]) }}"><span class="menu-item-label">Private Key</span>
</a>
@@ -37,7 +32,7 @@
<a class="sub-menu-item {{ $activeMenu === 'log-drains' ? 'menu-item-active' : '' }}" {{ wireNavigate() }}
href="{{ route('server.log-drains', ['server_uuid' => $server->uuid]) }}"><span class="menu-item-label">Log Drains</span></a>
<a class="sub-menu-item {{ $activeMenu === 'metrics' ? 'menu-item-active' : '' }}" {{ wireNavigate() }}
href="{{ route('server.charts', ['server_uuid' => $server->uuid]) }}"><span class="menu-item-label">Metrics</span></a>
href="{{ route('server.metrics', ['server_uuid' => $server->uuid]) }}"><span class="menu-item-label">Metrics</span></a>
@endif
@if (!$server->isBuildServer() && !$server->settings->is_cloudflare_tunnel)
<a class="sub-menu-item {{ $activeMenu === 'swarm' ? 'menu-item-active' : '' }}" {{ wireNavigate() }}
resources/views/components/slide-over.blade.php
+4 -3
View File
@@ -32,11 +32,12 @@ x-init="$watch('slideOverOpen', value => {
<div class="px-4 pb-4 sm:px-5">
<div class="flex items-start justify-between pb-1">
<h2 class="text-2xl leading-6" id="slide-over-title">
{{ $title }}</h2>
{{ $title }}
</h2>
<div class="flex items-center h-auto ml-3">
<button @click="slideOverOpen=false"
class="absolute top-0 right-0 z-30 flex items-center justify-center px-3 py-2 mt-4 mr-2 space-x-1 text-xs font-normal border-none rounded-sm">
<svg xmlns="http://www.w3.org/2000/svg" class="w-6 h-6" fill="none"
class="absolute cursor-pointer top-0 right-0 z-30 flex items-center justify-center w-8 h-8 mt-5 mr-5 rounded-full dark:text-white hover:bg-neutral-100 dark:hover:bg-coolgray-300 outline-0 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-coollabs dark:focus-visible:ring-warning focus-visible:ring-offset-2 dark:focus-visible:ring-offset-base">
<svg xmlns="http://www.w3.org/2000/svg" class="w-5 h-5" fill="none"
viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round"
d="M6 18L18 6M6 6l12 12"></path>
resources/views/components/status/index.blade.php
+12 -1
View File
@@ -2,7 +2,11 @@
'title' => null,
'lastDeploymentLink' => null,
'resource' => null,
'showRefreshButton' => true,
])
@php
$stoppedAfterRestartLimit = $resource && method_exists($resource, 'stoppedAfterRestartLimit') && $resource->stoppedAfterRestartLimit();
@endphp
<div class="flex flex-wrap items-center gap-1">
@if (str($resource->status)->startsWith('running'))
<x-status.running :status="$resource->status" :title="$title" :lastDeploymentLink="$lastDeploymentLink" />
@@ -13,13 +17,20 @@
@else
<x-status.stopped :status="$resource->status" />
@endif
@if (isset($resource->restart_count) && $resource->restart_count > 0 && !str($resource->status)->startsWith('exited'))
@if (isset($resource->restart_count) && $resource->restart_count > 0 && (!str($resource->status)->startsWith('exited') || $stoppedAfterRestartLimit))
<div class="flex items-center">
<span class="text-xs dark:text-warning" title="Container has restarted {{ $resource->restart_count }} time{{ $resource->restart_count > 1 ? 's' : '' }}. Last restart: {{ $resource->last_restart_at?->diffForHumans() }}">
({{ $resource->restart_count }}x restarts)
</span>
</div>
@endif
@if ($stoppedAfterRestartLimit)
<div class="flex items-center">
<span class="text-xs dark:text-warning" title="Container has crashed and Coolify stopped it after {{ $resource->restart_count }} restart attempts.">
Stopped after reaching restart limit ({{ $resource->restart_count }}/{{ $resource->max_restart_count }}).
</span>
</div>
@endif
@if (!str($resource->status)->contains('exited') && $showRefreshButton)
<button wire:loading.remove.delay.shortest wire:target="manualCheckStatus" title="Refresh Status" wire:click='manualCheckStatus'
class="dark:hover:fill-white fill-black dark:fill-warning">
resources/views/emails/application-restart-limit-reached.blade.php
+7
View File
@@ -0,0 +1,7 @@
<x-emails.layout>
{{ $name }} has been automatically stopped after {{ $restart_count }} crash restarts (limit: {{ $max_restart_count }}).
The application appears to be in a crash loop. Please investigate the issue and redeploy when ready.
[Check what is going on]({{ $resource_url }}).
</x-emails.layout>
resources/views/livewire/destination/navbar.blade.php
+14
View File
@@ -0,0 +1,14 @@
@if ($destination->getMorphClass() === 'App\\Models\\StandaloneDocker')
<div class="navbar-main">
<nav class="flex shrink-0 gap-6 items-center whitespace-nowrap scrollbar min-h-10">
<a class="{{ request()->routeIs('destination.show') ? 'dark:text-white' : '' }}" {{ wireNavigate() }}
href="{{ route('destination.show', ['destination_uuid' => $destination->uuid]) }}">
General
</a>
<a class="{{ request()->routeIs('destination.resources') ? 'dark:text-white' : '' }}" {{ wireNavigate() }}
href="{{ route('destination.resources', ['destination_uuid' => $destination->uuid]) }}">
Resources
</a>
</nav>
</div>
@endif
resources/views/livewire/destination/resources.blade.php
+53
View File
@@ -0,0 +1,53 @@
<div>
<div class="flex items-center gap-2">
<h1>Destination</h1>
</div>
<div class="subtitle">Resources deployed to this Docker network.</div>
@include('livewire.destination.navbar', ['destination' => $destination])
<div class="pt-4" x-data="{ search: '' }">
@if (count($resources) === 0)
<div class="py-4 text-sm opacity-70">No resources are using this destination.</div>
@else
<x-forms.input placeholder="Search resources..." x-model="search" id="null" />
<div class="overflow-x-auto pt-4">
<div class="inline-block min-w-full">
<div class="overflow-hidden">
<table class="min-w-full">
<thead>
<tr>
<th class="px-5 py-3 text-xs font-medium text-left uppercase">Project</th>
<th class="px-5 py-3 text-xs font-medium text-left uppercase">Environment</th>
<th class="px-5 py-3 text-xs font-medium text-left uppercase">Name</th>
<th class="px-5 py-3 text-xs font-medium text-left uppercase">Type</th>
</tr>
</thead>
<tbody class="divide-y">
@foreach ($resources as $row)
<tr class="dark:hover:bg-coolgray-300 hover:bg-neutral-100"
wire:key="destination-resource-{{ $row['type'] }}-{{ $row['uuid'] }}"
x-show="search === '' || '{{ addslashes($row['search']) }}'.includes(search.toLowerCase())">
<td class="px-5 py-4 text-sm whitespace-nowrap">{{ $row['project'] }}</td>
<td class="px-5 py-4 text-sm whitespace-nowrap">{{ $row['environment'] }}</td>
<td class="px-5 py-4 text-sm whitespace-nowrap">
@if ($row['url'])
<a {{ wireNavigate() }} href="{{ $row['url'] }}">
{{ $row['name'] }}
<x-internal-link />
</a>
@else
<span>{{ $row['name'] }}</span>
@endif
</td>
<td class="px-5 py-4 text-sm whitespace-nowrap">{{ ucfirst($row['type']) }}</td>
</tr>
@endforeach
</tbody>
</table>
</div>
</div>
</div>
@endif
</div>
</div>
resources/views/livewire/destination/show.blade.php
+3 -1
View File
@@ -20,7 +20,9 @@
<x-deprecated-badge />
</div>
@endif
<div class="flex gap-2">
@include('livewire.destination.navbar', ['destination' => $destination])
<div class="flex gap-2 pt-4">
<x-forms.input canGate="update" :canResource="$destination" id="name" label="Name" />
<x-forms.input id="serverIp" label="Server IP" readonly />
@if ($destination->getMorphClass() === 'App\Models\StandaloneDocker')
resources/views/livewire/project/application/advanced.blade.php
+12
View File
@@ -101,6 +101,18 @@
/>
<x-forms.button canGate="update" :canResource="$application" type="submit">Save</x-forms.button>
</form>
<form class="flex items-end gap-2" wire:submit.prevent='saveMaxRestartCount'>
<x-forms.input
type="number"
min="0"
helper="Maximum number of crash restarts before Coolify automatically stops the application and sends a notification. Set to 0 to disable the limit."
id="maxRestartCount"
label="Max Restart Count"
canGate="update"
:canResource="$application"
/>
<x-forms.button canGate="update" :canResource="$application" type="submit">Save</x-forms.button>
</form>
<h3 class="pt-4">Logs</h3>
<x-forms.checkbox helper="Drain logs to your configured log drain endpoint in your Server settings."
instantSave id="isLogDrainEnabled" label="Drain Logs" canGate="update" :canResource="$application" />
resources/views/livewire/project/application/deployment/show.blade.php
+12 -9
View File
@@ -115,10 +115,6 @@
const range = selection.getRangeAt(0);
return logsContainer.contains(range.commonAncestorContainer);
},
decodeHtml(text) {
const doc = new DOMParser().parseFromString(text, 'text/html');
return doc.documentElement.textContent;
},
highlightText(el, text, query) {
if (this.hasActiveLogSelection()) return;
@@ -159,7 +155,7 @@
if (matches && query) count++;
if (textSpan) {
const originalText = this.decodeHtml(textSpan.dataset.lineText || '');
const originalText = textSpan.dataset.lineText || '';
if (!query) {
textSpan.textContent = originalText;
} else if (matches) {
@@ -186,8 +182,15 @@
copyLogs() {
const content = this.collectVisibleLogs();
if (!content) return;
navigator.clipboard.writeText(content);
Livewire.dispatch('success', ['Logs copied to clipboard.']);
if (!navigator.clipboard?.writeText) {
Livewire.dispatch('error', ['Clipboard is not available. Please use HTTPS or localhost.']);
return;
}
navigator.clipboard?.writeText(content).then(() => {
Livewire.dispatch('success', ['Logs copied to clipboard.']);
}).catch(() => {
Livewire.dispatch('error', ['Failed to copy logs to clipboard.']);
});
},
downloadLogs() {
const content = this.collectVisibleLogs();
@@ -429,14 +432,14 @@
$lineContent = (isset($line['command']) && $line['command'] ? '[CMD]: ' : '') . trim($line['line']);
$searchableContent = $line['timestamp'] . ' ' . $lineContent;
@endphp
<div data-log-line data-log-content="{{ htmlspecialchars($searchableContent) }}"
<div data-log-line data-log-content="{{ $searchableContent }}"
@class([
'mt-2' => isset($line['command']) && $line['command'],
'flex gap-2 log-line',
])>
<span x-show="showTimestamps"
class="shrink-0 text-gray-500">{{ $line['timestamp'] }}</span>
<span data-line-text="{{ htmlspecialchars($lineContent) }}"
<span data-line-text="{{ $lineContent }}"
@class([
'text-success dark:text-warning' => $line['hidden'],
'text-red-500' => $line['stderr'],
resources/views/livewire/project/application/general.blade.php
+11 -1
View File
@@ -12,6 +12,9 @@
<div>{{ $application->compose_parsing_version }}</div>
@endif
<x-forms.button canGate="update" :canResource="$application" type="submit">Save</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$application" />
</x-modal-input>
@if ($buildPack === 'dockercompose')
<x-forms.button canGate="update" :canResource="$application" wire:target='initLoadingCompose'
x-on:click="$wire.dispatch('loadCompose', false)">
@@ -497,6 +500,13 @@
</div>
@endif
@endif
@if ((empty($portsExposes) || $portsExposes === '0') && !empty($fqdn))
<x-callout type="info" title="No ports exposed" class="mb-4">
This application does not expose any ports and will not be reachable through the proxy or your domains.
This behavior is normal for background workers, bots, or scheduled tasks.
If your application needs to handle HTTP traffic, please specify the port(s) it listens on.
</x-callout>
@endif
<div class="flex flex-col gap-2 xl:flex-row">
@if ($isStatic || $buildPack === 'static')
<x-forms.input id="portsExposes" label="Ports Exposes" readonly
@@ -507,7 +517,7 @@
helper="Readonly labels are disabled. You can set the ports manually in the labels section."
x-bind:disabled="!canUpdate" />
@else
<x-forms.input placeholder="3000,3001" id="portsExposes" label="Ports Exposes" required
<x-forms.input placeholder="3000,3001" id="portsExposes" label="Ports Exposes"
helper="A comma separated list of ports your application uses. The first port will be used as default healthcheck port if nothing defined in the Healthcheck menu. Be sure to set this correctly."
x-bind:disabled="!canUpdate" />
@endif
resources/views/livewire/project/application/heading.blade.php
+1 -1
View File
@@ -15,7 +15,7 @@
href="{{ route('project.application.logs', $parameters) }}">
<div class="flex items-center gap-1">
Logs
@if ($application->restart_count > 0 && !str($application->status)->startsWith('exited'))
@if ($application->restart_count > 0 && (!str($application->status)->startsWith('exited') || $application->stoppedAfterRestartLimit()))
<svg class="w-4 h-4 dark:text-warning" viewBox="0 0 24 24" fill="currentColor" xmlns="http://www.w3.org/2000/svg" title="Container has restarted {{ $application->restart_count }} time{{ $application->restart_count > 1 ? 's' : '' }}">
<path d="M12 2L1 21h22L12 2zm0 4l7.53 13H4.47L12 6zm-1 5v4h2v-4h-2zm0 5v2h2v-2h-2z"/>
</svg>
resources/views/livewire/project/database/clickhouse/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/dragonfly/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/keydb/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/mariadb/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/mongodb/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/mysql/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/postgresql/general.blade.php
+3
View File
@@ -19,6 +19,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex flex-wrap gap-2 sm:flex-nowrap">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/database/redis/general.blade.php
+3
View File
@@ -5,6 +5,9 @@
<x-forms.button type="submit" canGate="update" :canResource="$database">
Save
</x-forms.button>
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$database" />
</x-modal-input>
</div>
<div class="flex gap-2">
<x-forms.input label="Name" id="name" canGate="update" :canResource="$database" />
resources/views/livewire/project/service/stack-form.blade.php
+3
View File
@@ -12,6 +12,9 @@
<livewire:project.service.edit-compose serviceId="{{ $service->id }}" />
</x-modal-input>
@endcan
<x-modal-input title="Resource Details" buttonTitle="Details">
<livewire:project.shared.resource-details :resource="$service" />
</x-modal-input>
</div>
<div>Configuration</div>
</div>
resources/views/livewire/project/shared/configuration-checker.blade.php
+1 -1
View File
@@ -1,6 +1,6 @@
<div>
@if ($isConfigurationChanged && !is_null($resource->config_hash) && !$resource->isExited())
<div x-data="{ configurationDiffModalOpen: false }">
<div x-data="{ configurationDiffModalOpen: false, expandedRows: {} }">
<x-popup-small>
<x-slot:title>
The latest configuration has not been applied
resources/views/livewire/project/shared/environment-variable/all.blade.php
+67 -34
View File
@@ -43,38 +43,69 @@
@endif
</div>
@if ($view === 'normal')
<div>
<h3>Production Environment Variables</h3>
<div>Environment (secrets) variables for Production.</div>
</div>
@forelse ($this->environmentVariables as $env)
<livewire:project.shared.environment-variable.show wire:key="environment-{{ $env->id }}" :env="$env"
:type="$resource->type()" />
@empty
<div>No environment variables found.</div>
@endforelse
@if (($resource->type() === 'service' || $resource?->build_pack === 'dockercompose') && $this->hardcodedEnvironmentVariables->isNotEmpty())
@foreach ($this->hardcodedEnvironmentVariables as $index => $env)
<livewire:project.shared.environment-variable.show-hardcoded
wire:key="hardcoded-prod-{{ $env['key'] }}-{{ $env['service_name'] ?? 'default' }}-{{ $index }}"
:env="$env" />
@endforeach
@endif
@if ($resource->type() === 'application' && $resource->environment_variables_preview->count() > 0 && $showPreview)
<div>
<h3>Preview Deployments Environment Variables</h3>
<div>Environment (secrets) variables for Preview Deployments.</div>
<div class="w-full md:w-96">
<div class="relative">
<input type="search" placeholder="Search" aria-label="Search environment variables"
wire:model.live.debounce.300ms="search" class="w-full input pl-10" />
<div class="absolute inset-y-0 left-0 flex items-center pl-3 pointer-events-none">
<div class="relative w-4 h-4">
<svg wire:loading.remove wire:target="search" aria-hidden="true"
class="absolute inset-0 w-4 h-4 dark:text-neutral-400" fill="none" stroke="currentColor"
viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z" />
</svg>
<svg wire:loading wire:target="search" aria-hidden="true"
class="absolute inset-0 w-4 h-4 text-coollabs dark:text-warning animate-spin" fill="none"
viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
<circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor"
stroke-width="4" />
<path class="opacity-75" fill="currentColor"
d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z" />
</svg>
</div>
</div>
</div>
@foreach ($this->environmentVariablesPreview as $env)
<livewire:project.shared.environment-variable.show wire:key="environment-{{ $env->id }}" :env="$env"
:type="$resource->type()" />
@endforeach
@if (($resource->type() === 'service' || $resource?->build_pack === 'dockercompose') && $this->hardcodedEnvironmentVariablesPreview->isNotEmpty())
@foreach ($this->hardcodedEnvironmentVariablesPreview as $index => $env)
<livewire:project.shared.environment-variable.show-hardcoded
wire:key="hardcoded-preview-{{ $env['key'] }}-{{ $env['service_name'] ?? 'default' }}-{{ $index }}"
:env="$env" />
</div>
@if ($this->isSearchActive && ! $this->hasEnvironmentVariables)
<div>No environment variables found.</div>
@else
@if ($this->environmentVariables->isNotEmpty() || $this->hardcodedEnvironmentVariables->isNotEmpty())
<div>
<h3>Production Environment Variables</h3>
<div>Environment (secrets) variables for Production.</div>
</div>
@foreach ($this->environmentVariables as $env)
<livewire:project.shared.environment-variable.show wire:key="environment-{{ $env->id }}" :env="$env"
:type="$resource->type()" />
@endforeach
@if (($resource->type() === 'service' || $resource?->build_pack === 'dockercompose') && $this->hardcodedEnvironmentVariables->isNotEmpty())
@foreach ($this->hardcodedEnvironmentVariables as $index => $env)
<livewire:project.shared.environment-variable.show-hardcoded
wire:key="hardcoded-prod-{{ $env['key'] }}-{{ $env['service_name'] ?? 'default' }}-{{ $index }}" :env="$env" />
@endforeach
@endif
@endif
@if (
$resource->type() === 'application' &&
$showPreview &&
($this->environmentVariablesPreview->isNotEmpty() || $this->hardcodedEnvironmentVariablesPreview->isNotEmpty())
)
<div>
<h3>Preview Deployments Environment Variables</h3>
<div>Environment (secrets) variables for Preview Deployments.</div>
</div>
@foreach ($this->environmentVariablesPreview as $env)
<livewire:project.shared.environment-variable.show wire:key="environment-{{ $env->id }}" :env="$env"
:type="$resource->type()" />
@endforeach
@if (($resource->type() === 'service' || $resource?->build_pack === 'dockercompose') && $this->hardcodedEnvironmentVariablesPreview->isNotEmpty())
@foreach ($this->hardcodedEnvironmentVariablesPreview as $index => $env)
<livewire:project.shared.environment-variable.show-hardcoded
wire:key="hardcoded-preview-{{ $env['key'] }}-{{ $env['service_name'] ?? 'default' }}-{{ $index }}"
:env="$env" />
@endforeach
@endif
@endif
@endif
@else
@@ -88,8 +119,9 @@
label="Production Environment Variables"></x-forms.textarea>
@if ($showPreview)
<x-forms.textarea rows="10" class="whitespace-pre-wrap font-sans" label="Preview Deployments Environment Variables"
id="variablesPreview" wire:model="variablesPreview"></x-forms.textarea>
<x-forms.textarea rows="10" class="whitespace-pre-wrap font-sans"
label="Preview Deployments Environment Variables" id="variablesPreview"
wire:model="variablesPreview"></x-forms.textarea>
@endif
<x-forms.button type="submit" class="btn btn-primary">Save All Environment Variables</x-forms.button>
@@ -98,8 +130,9 @@
label="Production Environment Variables" disabled></x-forms.textarea>
@if ($showPreview)
<x-forms.textarea rows="10" class="whitespace-pre-wrap font-sans" label="Preview Deployments Environment Variables"
id="variablesPreview" wire:model="variablesPreview" disabled></x-forms.textarea>
<x-forms.textarea rows="10" class="whitespace-pre-wrap font-sans"
label="Preview Deployments Environment Variables" id="variablesPreview" wire:model="variablesPreview"
disabled></x-forms.textarea>
@endif
@endcan
</form>
resources/views/livewire/project/shared/get-logs.blade.php
+24 -20
View File
@@ -139,10 +139,6 @@
const range = selection.getRangeAt(0);
return logsContainer.contains(range.commonAncestorContainer);
},
decodeHtml(text) {
const doc = new DOMParser().parseFromString(text, 'text/html');
return doc.documentElement.textContent;
},
applySearch() {
const logs = document.getElementById('logs');
if (!logs) return;
@@ -163,7 +159,7 @@
// Update highlighting
if (textSpan) {
const originalText = this.decodeHtml(textSpan.dataset.lineText || '');
const originalText = textSpan.dataset.lineText || '';
if (!query) {
textSpan.textContent = originalText;
} else if (matches) {
@@ -346,8 +342,17 @@
<button
x-on:click="
$wire.copyLogs().then(logs => {
navigator.clipboard.writeText(logs);
Livewire.dispatch('success', ['Logs copied to clipboard.']);
if (!navigator.clipboard?.writeText) {
Livewire.dispatch('error', ['Clipboard is not available. Please use HTTPS or localhost.']);
return;
}
navigator.clipboard.writeText(logs).then(() => {
Livewire.dispatch('success', ['Logs copied to clipboard.']);
}).catch(() => {
Livewire.dispatch('error', ['Failed to copy logs to clipboard.']);
});
}).catch(() => {
Livewire.dispatch('error', ['Failed to prepare logs for clipboard.']);
});
"
title="Copy Logs"
@@ -523,20 +528,19 @@
// Parse timestamp from log line (ISO 8601 format: 2025-12-04T11:48:39.136764033Z)
$timestamp = '';
$logContent = $line;
if (preg_match('/^(\d{4})-(\d{2})-(\d{2})T(\d{2}:\d{2}:\d{2})(?:\.(\d+))?Z?\s(.*)$/', $line, $matches)) {
$year = $matches[1];
$month = $matches[2];
$day = $matches[3];
$time = $matches[4];
$microseconds = isset($matches[5]) ? substr($matches[5], 0, 6) : '000000';
$logContent = $matches[6];
if (preg_match('/^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})(?:\.(\d+))?Z?\s(.*)$/', $line, $matches)) {
$microseconds = isset($matches[2]) ? substr($matches[2], 0, 6) : '000000';
$logContent = $matches[3];
// Convert month number to abbreviated name
$monthNames = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
$monthName = $monthNames[(int)$month - 1] ?? $month;
// Format for display: 2025-Dec-04 09:44:58
$timestamp = "{$year}-{$monthName}-{$day} {$time}";
// Convert UTC Docker timestamp to server timezone for display
$carbonTs = \Carbon\Carbon::parse($matches[1], 'UTC');
$serverTz = getServerTimezone($server);
try {
$carbonTs->setTimezone($serverTz);
} catch (\Exception) {
// keep UTC
}
$timestamp = $carbonTs->format('Y-M-d H:i:s');
// Include microseconds in key for uniqueness
$lineKey = "{$timestamp}.{$microseconds}";
}
resources/views/livewire/project/shared/metrics.blade.php
+10 -4
View File
@@ -5,13 +5,19 @@
<div class="pb-4">Basic metrics for your application container.</div>
<div>
@if ($resource->getMorphClass() === 'App\Models\Application' && $resource->build_pack === 'dockercompose')
<div class="alert alert-warning">Metrics are not available for Docker Compose applications yet!</div>
<x-callout type="warning" title="Not Available">
Metrics are not available for Docker Compose applications yet!
</x-callout>
@elseif(!$resource->destination->server->isMetricsEnabled())
<div class="alert alert-warning pb-1">Metrics are only available for servers with Sentinel & Metrics enabled!</div>
<div>Go to <a class="underline dark:text-white" href="{{ route('server.show', $resource->destination->server->uuid) }}/sentinel" {{ wireNavigate() }}>Server settings</a> to enable it.</div>
<x-callout type="info" title="Metrics Not Enabled">
Metrics are only available for servers with Sentinel & Metrics enabled.
Go to <a class="underline font-semibold" href="{{ route('server.metrics', ['server_uuid' => $resource->destination->server->uuid]) }}" {{ wireNavigate() }}>Server Metrics</a> to enable it.
</x-callout>
@else
@if (!str($resource->status)->contains('running'))
<div class="alert alert-warning">Metrics are only available when the application container is running!</div>
<x-callout type="warning" title="Container Not Running">
Metrics are only available when the application container is running!
</x-callout>
@else
<div>
<x-forms.select label="Interval" wire:change="setInterval" id="interval">
resources/views/livewire/project/shared/resource-details.blade.php
+57
View File
@@ -0,0 +1,57 @@
<div class="w-full max-h-[70vh] overflow-y-auto pr-1 -mt-4">
<div class="pb-4 text-sm dark:text-neutral-400">Identifiers for this resource. Read-only</div>
<div class="flex flex-col gap-6">
<div>
<h3>Resource</h3>
<div class="pt-2 grid grid-cols-1 gap-3 md:grid-cols-2">
<x-forms.copy-button label="Name" :text="$resource->name ?? ''" />
<x-forms.copy-button label="UUID" :text="$resource->uuid ?? ''" />
</div>
</div>
@if ($environment_uuid)
<div>
<h3>Environment</h3>
<div class="pt-2 grid grid-cols-1 gap-3 md:grid-cols-2">
<x-forms.copy-button label="Name" :text="$environment_name ?? ''" />
<x-forms.copy-button label="UUID" :text="$environment_uuid" />
</div>
</div>
@endif
@if ($project_uuid)
<div>
<h3>Project</h3>
<div class="pt-2 grid grid-cols-1 gap-3 md:grid-cols-2">
<x-forms.copy-button label="Name" :text="$project_name ?? ''" />
<x-forms.copy-button label="UUID" :text="$project_uuid" />
</div>
</div>
@endif
@if ($server_uuid)
<div>
<h3>Server</h3>
<div class="pt-2 grid grid-cols-1 gap-3 md:grid-cols-2">
<x-forms.copy-button label="Name" :text="$server_name ?? ''" />
<x-forms.copy-button label="UUID" :text="$server_uuid" />
</div>
</div>
@endif
@if (! empty($stack_applications) || ! empty($stack_databases))
<div>
<h3>Stack Sub-Resources</h3>
<div class="pt-2 grid grid-cols-1 gap-3 md:grid-cols-2">
@foreach ($stack_applications as $item)
<x-forms.copy-button :label="'Application — ' . $item['name']" :text="$item['uuid']" />
@endforeach
@foreach ($stack_databases as $item)
<x-forms.copy-button :label="'Database — ' . $item['name']" :text="$item['uuid']" />
@endforeach
</div>
</div>
@endif
</div>
</div>
resources/views/livewire/server/charts.blade.php
+22 -3
View File
@@ -6,7 +6,18 @@
<div class="flex flex-col h-full gap-8 sm:flex-row">
<x-server.sidebar :server="$server" activeMenu="metrics" />
<div class="w-full">
<h2>Metrics</h2>
<div class="flex items-center gap-2">
<h2>Metrics</h2>
@if ($server->isMetricsEnabled())
<x-forms.button canGate="update" :canResource="$server" wire:click='toggleMetrics'>
Disable Metrics
</x-forms.button>
@elseif ($server->isSentinelEnabled())
<x-forms.button canGate="update" :canResource="$server" isHighlighted wire:click='toggleMetrics'>
Enable Metrics
</x-forms.button>
@endif
</div>
<div class="pb-4">Basic metrics for your server.</div>
@if ($server->isMetricsEnabled())
<div @if ($poll) wire:poll.5000ms='pollData' @endif x-init="$wire.loadData()">
@@ -288,8 +299,16 @@
</div>
</div>
@else
<div>Metrics are disabled for this server. Enable them in <a class="underline dark:text-white"
href="{{ route('server.show', ['server_uuid' => $server->uuid]) }}/sentinel" {{ wireNavigate() }}>Sentinel</a> settings.</div>
@if ($server->isSentinelEnabled())
<x-callout type="info" title="Metrics Disabled">
Metrics are disabled for this server. Click "Enable Metrics" above to start collecting metrics.
</x-callout>
@else
<x-callout type="info" title="Sentinel Required">
Metrics require Sentinel to be enabled.
Please <a class="underline font-semibold" href="{{ route('server.sentinel', ['server_uuid' => $server->uuid]) }}" {{ wireNavigate() }}>enable Sentinel</a> first.
</x-callout>
@endif
@endif
</div>
</div>
resources/views/livewire/server/navbar.blade.php
+25 -1
View File
@@ -58,6 +58,17 @@
</div>
</div>
@endif
@if ($server->isSentinelEnabled())
<div class="flex">
<div class="flex items-center">
@if ($server->isSentinelLive())
<x-status.running status="Sentinel In Sync" noLoading />
@else
<x-status.stopped status="Sentinel Out of Sync" noLoading />
@endif
</div>
</div>
@endif
</div>
<div class="subtitle">{{ data_get($server, 'name') }}</div>
<div class="navbar-main">
@@ -70,7 +81,7 @@
</a>
@if (!$server->isSwarmWorker() && !$server->settings->is_build_server)
<a class="{{ request()->routeIs('server.proxy') ? 'dark:text-white' : '' }} flex items-center gap-1" href="{{ route('server.proxy', [
<a class="{{ request()->routeIs('server.proxy') || request()->routeIs('server.proxy.*') ? 'dark:text-white' : '' }} flex items-center gap-1" href="{{ route('server.proxy', [
'server_uuid' => data_get($server, 'uuid'),
]) }}" {{ wireNavigate() }}>
Proxy
@@ -82,6 +93,19 @@
@endif
</a>
@endif
@if ($server->isFunctional() && !$server->isSwarm() && !$server->settings->is_build_server)
<a class="{{ request()->routeIs('server.sentinel') || request()->routeIs('server.sentinel.*') ? 'dark:text-white' : '' }} flex items-center gap-1" href="{{ route('server.sentinel', [
'server_uuid' => data_get($server, 'uuid'),
]) }}" {{ wireNavigate() }}>
Sentinel
@if ($server->isSentinelEnabled() && !$server->isSentinelLive())
<svg class="w-4 h-4 text-warning" viewBox="0 0 256 256" xmlns="http://www.w3.org/2000/svg">
<path fill="currentColor"
d="M236.8 188.09L149.35 36.22a24.76 24.76 0 0 0-42.7 0L19.2 188.09a23.51 23.51 0 0 0 0 23.72A24.35 24.35 0 0 0 40.55 224h174.9a24.35 24.35 0 0 0 21.33-12.19a23.51 23.51 0 0 0 .02-23.72m-13.87 15.71a8.5 8.5 0 0 1-7.48 4.2H40.55a8.5 8.5 0 0 1-7.48-4.2a7.59 7.59 0 0 1 0-7.72l87.45-151.87a8.75 8.75 0 0 1 15 0l87.45 151.87a7.59 7.59 0 0 1-.04 7.72M120 144v-40a8 8 0 0 1 16 0v40a8 8 0 0 1-16 0m20 36a12 12 0 1 1-12-12a12 12 0 0 1 12 12" />
</svg>
@endif
</a>
@endif
<a class="{{ request()->routeIs('server.resources') ? 'dark:text-white' : '' }}" href="{{ route('server.resources', [
'server_uuid' => data_get($server, 'uuid'),
]) }}" {{ wireNavigate() }}>
resources/views/livewire/server/sentinel.blade.php
+69 -107
View File
@@ -1,111 +1,73 @@
<div>
<x-slot:title>
{{ data_get_str($server, 'name')->limit(10) }} > Sentinel | Coolify
</x-slot>
<livewire:server.navbar :server="$server" />
<div class="flex flex-col h-full gap-8 sm:flex-row">
<x-server.sidebar :server="$server" activeMenu="sentinel" />
<div class="w-full">
<form wire:submit.prevent='submit'>
<div class="flex gap-2 items-center pb-2">
<h2>Sentinel</h2>
<x-helper helper="Sentinel reports your server's & container's health and collects metrics." />
@if ($server->isSentinelEnabled())
<div class="flex gap-2 items-center">
@if ($server->isSentinelLive())
<x-status.running status="In sync" noLoading title="{{ $sentinelUpdatedAt }}" />
<x-forms.button type="submit" canGate="update" :canResource="$server">Save</x-forms.button>
<x-forms.button wire:click='restartSentinel' canGate="update" :canResource="$server">Restart</x-forms.button>
<x-slide-over fullScreen>
<x-slot:title>Sentinel Logs</x-slot:title>
<x-slot:content>
<livewire:project.shared.get-logs :server="$server"
container="coolify-sentinel" displayName="Sentinel" :collapsible="false"
lazy />
</x-slot:content>
<x-forms.button @click="slideOverOpen=true">Logs</x-forms.button>
</x-slide-over>
@else
<x-status.stopped status="Out of sync" noLoading
title="{{ $sentinelUpdatedAt }}" />
<x-forms.button type="submit" canGate="update" :canResource="$server">Save</x-forms.button>
<x-forms.button wire:click='restartSentinel' canGate="update" :canResource="$server">Sync</x-forms.button>
<x-slide-over fullScreen>
<x-slot:title>Sentinel Logs</x-slot:title>
<x-slot:content>
<livewire:project.shared.get-logs :server="$server"
container="coolify-sentinel" displayName="Sentinel" :collapsible="false"
lazy />
</x-slot:content>
<x-forms.button @click="slideOverOpen=true">Logs</x-forms.button>
</x-slide-over>
@endif
</div>
@endif
<form wire:submit.prevent='submit'>
<div class="flex gap-2 items-center pb-2">
<h2>Sentinel</h2>
<x-helper helper="Sentinel reports your server's & container's health and collects metrics." />
@if (!$isSentinelEnabled)
<x-forms.button canGate="update" :canResource="$server" isHighlighted wire:click="toggleSentinel">Enable Sentinel</x-forms.button>
@else
<div class="flex gap-2 items-center">
<x-forms.button type="submit" canGate="update" :canResource="$server">Save</x-forms.button>
<x-forms.button wire:click='restartSentinel' canGate="update" :canResource="$server">
{{ $server->isSentinelLive() ? 'Restart' : 'Sync' }}
</x-forms.button>
<x-forms.button canGate="update" :canResource="$server" wire:click="toggleSentinel">Disable Sentinel</x-forms.button>
</div>
<div class="flex flex-col gap-2">
<div class="w-full sm:w-96">
<x-forms.checkbox canGate="update" :canResource="$server" wire:model.live="isSentinelEnabled"
label="Enable Sentinel" />
@if ($server->isSentinelEnabled())
@if (isDev())
<x-forms.checkbox canGate="update" :canResource="$server" id="isSentinelDebugEnabled"
label="Enable Sentinel (with debug)" instantSave />
@endif
<x-forms.checkbox canGate="update" :canResource="$server" instantSave
id="isMetricsEnabled" label="Enable Metrics" />
@else
@if (isDev())
<x-forms.checkbox id="isSentinelDebugEnabled" label="Enable Sentinel (with debug)"
disabled instantSave />
@endif
<x-forms.checkbox instantSave disabled id="isMetricsEnabled"
label="Enable Metrics (enable Sentinel first)" />
@endif
</div>
@if (isDev() && $server->isSentinelEnabled())
<div class="pt-4" x-data="{
customImage: localStorage.getItem('sentinel_custom_docker_image_{{ $server->uuid }}') || '',
saveCustomImage() {
localStorage.setItem('sentinel_custom_docker_image_{{ $server->uuid }}', this.customImage);
$wire.set('sentinelCustomDockerImage', this.customImage);
}
}" x-init="$wire.set('sentinelCustomDockerImage', customImage)">
<x-forms.input x-model="customImage" @input.debounce.500ms="saveCustomImage()"
placeholder="e.g., sentinel:latest or myregistry/sentinel:dev"
label="Custom Sentinel Docker Image (Dev Only)"
helper="Override the default Sentinel Docker image for testing. Leave empty to use the default." />
</div>
@endif
@if ($server->isSentinelEnabled())
<div class="flex flex-wrap gap-2 sm:flex-nowrap items-end">
<x-forms.input canGate="update" :canResource="$server" type="password" id="sentinelToken"
label="Sentinel token" required helper="Token for Sentinel." />
<x-forms.button canGate="update" :canResource="$server"
wire:click="regenerateSentinelToken">Regenerate</x-forms.button>
</div>
<x-forms.input canGate="update" :canResource="$server" id="sentinelCustomUrl" required
label="Coolify URL"
helper="URL to your Coolify instance. If it is empty that means you do not have a FQDN set for your Coolify instance." />
<div class="flex flex-col gap-2">
<div class="flex flex-wrap gap-2 sm:flex-nowrap">
<x-forms.input canGate="update" :canResource="$server" type="number" min="1"
id="sentinelMetricsRefreshRateSeconds" label="Metrics rate (seconds)" required
helper="Interval used for gathering metrics. Lower values result in more disk space usage." />
<x-forms.input canGate="update" :canResource="$server" type="number" min="1"
id="sentinelMetricsHistoryDays"
label="Metrics history (days)" required
helper="Number of days to retain metrics data for." />
<x-forms.input canGate="update" :canResource="$server" type="number" min="10"
id="sentinelPushIntervalSeconds" label="Push interval (seconds)" required
helper="Interval at which metrics data is sent to the collector." />
</div>
</div>
@endif
</div>
</form>
@endif
</div>
</div>
@if ($isSentinelEnabled && !$server->isSentinelLive())
<x-callout type="warning" title="Out of Sync" class="mt-2">
Sentinel is not in sync with your server. Click "Sync" to re-sync.
</x-callout>
@endif
<div class="flex flex-col gap-2 pt-2">
@if ($isSentinelEnabled && isDev())
<div class="w-full sm:w-96">
<x-forms.checkbox canGate="update" :canResource="$server" id="isSentinelDebugEnabled"
label="Enable Sentinel (with debug)" instantSave />
</div>
@endif
@if (isDev() && $server->isSentinelEnabled())
<div class="pt-4" x-data="{
customImage: localStorage.getItem('sentinel_custom_docker_image_{{ $server->uuid }}') || '',
saveCustomImage() {
localStorage.setItem('sentinel_custom_docker_image_{{ $server->uuid }}', this.customImage);
$wire.set('sentinelCustomDockerImage', this.customImage);
}
}" x-init="$wire.set('sentinelCustomDockerImage', customImage)">
<x-forms.input canGate="update" :canResource="$server" x-model="customImage"
@input.debounce.500ms="saveCustomImage()"
placeholder="e.g., sentinel:latest or myregistry/sentinel:dev"
label="Custom Sentinel Docker Image (Dev Only)"
helper="Override the default Sentinel Docker image for testing. Leave empty to use the default." />
</div>
@endif
@if ($server->isSentinelEnabled())
<div class="flex flex-wrap gap-2 sm:flex-nowrap items-end">
<x-forms.input canGate="update" :canResource="$server" id="sentinelCustomUrl" required
label="Coolify URL"
helper="URL to your Coolify instance. If it is empty that means you do not have a FQDN set for your Coolify instance." />
<x-forms.input canGate="update" :canResource="$server" type="password" id="sentinelToken"
label="Sentinel token" required helper="Token for Sentinel." />
<x-forms.button canGate="update" :canResource="$server"
wire:click="regenerateSentinelToken">Regenerate</x-forms.button>
</div>
<div class="flex flex-col gap-2">
<div class="flex flex-wrap gap-2 sm:flex-nowrap">
<x-forms.input canGate="update" :canResource="$server" type="number" min="1"
id="sentinelMetricsRefreshRateSeconds" label="Metrics rate (seconds)" required
helper="Interval used for gathering metrics. Lower values result in more disk space usage." />
<x-forms.input canGate="update" :canResource="$server" type="number" min="1"
id="sentinelMetricsHistoryDays"
label="Metrics history (days)" required
helper="Number of days to retain metrics data for." />
<x-forms.input canGate="update" :canResource="$server" type="number" min="10"
id="sentinelPushIntervalSeconds" label="Push interval (seconds)" required
helper="Interval at which metrics data is sent to the collector." />
</div>
</div>
@endif
</div>
</form>
</div>
resources/views/livewire/server/sentinel/logs.blade.php
+13
View File
@@ -0,0 +1,13 @@
<div>
<x-slot:title>
Sentinel Logs | Coolify
</x-slot>
<livewire:server.navbar :server="$server" />
<div class="flex flex-col h-full gap-8 sm:flex-row">
<x-server.sidebar-sentinel :server="$server" :parameters="$parameters" />
<div class="w-full">
<h2 class="pb-4">Logs</h2>
<livewire:project.shared.get-logs :server="$server" container="coolify-sentinel" displayName="Sentinel" :collapsible="false" />
</div>
</div>
</div>
resources/views/livewire/server/sentinel/show.blade.php
+16
View File
@@ -0,0 +1,16 @@
<div>
<x-slot:title>
Sentinel Configuration | Coolify
</x-slot>
<livewire:server.navbar :server="$server" />
@if ($server->isFunctional())
<div class="flex flex-col h-full gap-8 sm:flex-row">
<x-server.sidebar-sentinel :server="$server" :parameters="$parameters" />
<div class="w-full">
<livewire:server.sentinel :server="$server" />
</div>
</div>
@else
<div>Server is not validated. Validate first.</div>
@endif
</div>
resources/views/livewire/source/github/change.blade.php
+3 -4
View File
@@ -351,9 +351,8 @@
function createGithubApp(webhook_endpoint, use_custom_webhook_endpoint, custom_webhook_endpoint, preview_deployment_permissions, administration) {
const {
organization,
html_url,
uuid
} = @js($github_app->only(['organization', 'html_url', 'uuid']));
html_url
} = @js($github_app->only(['organization', 'html_url']));
const selectedEndpoint = webhook_endpoint ? webhook_endpoint.trim() : '';
const customEndpoint = custom_webhook_endpoint ? custom_webhook_endpoint.trim() : '';
if (use_custom_webhook_endpoint && !customEndpoint) {
@@ -401,7 +400,7 @@
callback_urls: [`${baseUrl}/login/github/app`],
public: false,
request_oauth_on_install: false,
setup_url: `${webhookBaseUrl}/source/github/install?source=${uuid}`,
setup_url: `${webhookBaseUrl}/source/github/install`,
setup_on_update: true,
default_permissions,
default_events
routes/web.php
+7 -3
View File
@@ -7,6 +7,7 @@ use App\Livewire\Admin\Index as AdminIndex;
use App\Livewire\Boarding\Index as BoardingIndex;
use App\Livewire\Dashboard;
use App\Livewire\Destination\Index as DestinationIndex;
use App\Livewire\Destination\Resources as DestinationResources;
use App\Livewire\Destination\Show as DestinationShow;
use App\Livewire\ForcePasswordReset;
use App\Livewire\Notifications\Discord as NotificationDiscord;
@@ -57,7 +58,8 @@ use App\Livewire\Server\Proxy\Show as ProxyShow;
use App\Livewire\Server\Resources as ResourcesShow;
use App\Livewire\Server\Security\Patches;
use App\Livewire\Server\Security\TerminalAccess;
use App\Livewire\Server\Sentinel as ServerSentinel;
use App\Livewire\Server\Sentinel\Logs as SentinelLogs;
use App\Livewire\Server\Sentinel\Show as SentinelShow;
use App\Livewire\Server\Show as ServerShow;
use App\Livewire\Server\Swarm as ServerSwarm;
use App\Livewire\Settings\Advanced as SettingsAdvanced;
@@ -281,7 +283,8 @@ Route::middleware(['auth', 'verified'])->group(function () {
Route::get('/', ServerShow::class)->name('server.show');
Route::get('/advanced', ServerAdvanced::class)->name('server.advanced');
Route::get('/swarm', ServerSwarm::class)->name('server.swarm');
Route::get('/sentinel', ServerSentinel::class)->name('server.sentinel');
Route::get('/sentinel', SentinelShow::class)->name('server.sentinel');
Route::get('/sentinel/logs', SentinelLogs::class)->name('server.sentinel.logs');
Route::get('/private-key', PrivateKeyShow::class)->name('server.private-key');
Route::get('/cloud-provider-token', CloudProviderTokenShow::class)->name('server.cloud-provider-token');
Route::get('/ca-certificate', CaCertificateShow::class)->name('server.ca-certificate');
@@ -289,7 +292,7 @@ Route::middleware(['auth', 'verified'])->group(function () {
Route::get('/cloudflare-tunnel', CloudflareTunnel::class)->name('server.cloudflare-tunnel');
Route::get('/destinations', ServerDestinations::class)->name('server.destinations');
Route::get('/log-drains', LogDrains::class)->name('server.log-drains');
Route::get('/metrics', ServerCharts::class)->name('server.charts');
Route::get('/metrics', ServerCharts::class)->name('server.metrics');
Route::get('/danger', DeleteServer::class)->name('server.delete');
Route::get('/proxy', ProxyShow::class)->name('server.proxy');
Route::get('/proxy/dynamic', ProxyDynamicConfigurations::class)->name('server.proxy.dynamic-confs');
@@ -302,6 +305,7 @@ Route::middleware(['auth', 'verified'])->group(function () {
});
Route::get('/destinations', DestinationIndex::class)->name('destination.index');
Route::get('/destination/{destination_uuid}', DestinationShow::class)->name('destination.show');
Route::get('/destination/{destination_uuid}/resources', DestinationResources::class)->name('destination.resources');
// Route::get('/security', fn () => view('security.index'))->name('security.index');
Route::get('/security/private-key', SecurityPrivateKeyIndex::class)->name('security.private-key.index');
templates/compose/owncloud.yaml
+2 -2
View File
@@ -15,8 +15,8 @@ services:
condition: service_healthy
environment:
- SERVICE_URL_OWNCLOUD_8080
- OWNCLOUD_DOMAIN=${SERVICE_URL_OWNCLOUD}
- OWNCLOUD_TRUSTED_DOMAINS=${SERVICE_URL_OWNCLOUD}
- OWNCLOUD_DOMAIN=${SERVICE_FQDN_OWNCLOUD}
- OWNCLOUD_TRUSTED_DOMAINS=${SERVICE_FQDN_OWNCLOUD}
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_DB_HOST=mariadb
- OWNCLOUD_DB_NAME=${DB_NAME:-owncloud}
templates/service-templates-latest.json
+1 -1
View File
@@ -3640,7 +3640,7 @@
"owncloud": {
"documentation": "https://owncloud.com/docs-guides/?utm_source=coolify.io",
"slogan": "OwnCloud with Open Web UI integrates file management with a powerful, user-friendly interface.",
"compose": "c2VydmljZXM6CiAgb3duY2xvdWQ6CiAgICBpbWFnZTogJ293bmNsb3VkL3NlcnZlcjpsYXRlc3QnCiAgICBkZXBlbmRzX29uOgogICAgICBtYXJpYWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHJlZGlzOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBTRVJWSUNFX1VSTF9PV05DTE9VRF84MDgwCiAgICAgIC0gJ09XTkNMT1VEX0RPTUFJTj0ke1NFUlZJQ0VfVVJMX09XTkNMT1VEfScKICAgICAgLSAnT1dOQ0xPVURfVFJVU1RFRF9ET01BSU5TPSR7U0VSVklDRV9VUkxfT1dOQ0xPVUR9JwogICAgICAtIE9XTkNMT1VEX0RCX1RZUEU9bXlzcWwKICAgICAgLSBPV05DTE9VRF9EQl9IT1NUPW1hcmlhZGIKICAgICAgLSAnT1dOQ0xPVURfREJfTkFNRT0ke0RCX05BTUU6LW93bmNsb3VkfScKICAgICAgLSAnT1dOQ0xPVURfREJfVVNFUk5BTUU9JHtTRVJWSUNFX1VTRVJfTUFSSUFEQn0nCiAgICAgIC0gJ09XTkNMT1VEX0RCX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NQVJJQURCfScKICAgICAgLSAnT1dOQ0xPVURfQURNSU5fVVNFUk5BTUU9JHtTRVJWSUNFX1VTRVJfT1dOQ0xPVUR9JwogICAgICAtICdPV05DTE9VRF9BRE1JTl9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfT1dOQ0xPVUR9JwogICAgICAtICdPV05DTE9VRF9NWVNRTF9VVEY4TUI0PSR7TVlTUUxfVVRGOE1CNDotdHJ1ZX0nCiAgICAgIC0gJ09XTkNMT1VEX1JFRElTX0VOQUJMRUQ9JHtSRURJU19FTkFCTEVEOi10cnVlfScKICAgICAgLSBPV05DTE9VRF9SRURJU19IT1NUPXJlZGlzCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gL3Vzci9iaW4vaGVhbHRoY2hlY2sKICAgICAgaW50ZXJ2YWw6IDMwcwogICAgICB0aW1lb3V0OiAxMHMKICAgICAgcmV0cmllczogNQogICAgdm9sdW1lczoKICAgICAgLSAnb3duY2xvdWQtZGF0YTovbW50L2RhdGEnCiAgbWFyaWFkYjoKICAgIGltYWdlOiAnbWFyaWFkYjpsYXRlc3QnCiAgICBlbnZpcm9ubWVudDoKICAgICAgLSAnTVlTUUxfUk9PVF9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfTUFSSUFEQlJPT1R9JwogICAgICAtICdNWVNRTF9VU0VSPSR7U0VSVklDRV9VU0VSX01BUklBREJ9JwogICAgICAtICdNWVNRTF9QQVNTV09SRD0ke1NFUlZJQ0VfUEFTU1dPUkRfTUFSSUFEQn0nCiAgICAgIC0gJ01ZU1FMX0RBVEFCQVNFPSR7REJfTkFNRTotb3duY2xvdWR9JwogICAgICAtIFRaPWF1dG8KICAgIGNvbW1hbmQ6CiAgICAgIC0gJy0tY2hhcmFjdGVyLXNldC1zZXJ2ZXI9dXRmOG1iNCcKICAgICAgLSAnLS1jb2xsYXRpb24tc2VydmVyPXV0ZjhtYjRfYmluJwogICAgICAtICctLW1heC1hbGxvd2VkLXBhY2tldD0xMjhNJwogICAgICAtICctLWlubm9kYi1sb2ctZmlsZS1zaXplPTY0TScKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSBoZWFsdGhjaGVjay5zaAogICAgICAgIC0gJy0tY29ubmVjdCcKICAgICAgICAtICctLWlubm9kYl9pbml0aWFsaXplZCcKICAgICAgaW50ZXJ2YWw6IDVzCiAgICAgIHRpbWVvdXQ6IDIwcwogICAgICByZXRyaWVzOiAxMAogICAgdm9sdW1lczoKICAgICAgLSAnb3duY2xvdWQtbXlzcWwtZGF0YTovdmFyL2xpYi9teXNxbCcKICByZWRpczoKICAgIGltYWdlOiAncmVkaXM6NicKICAgIGNvbW1hbmQ6CiAgICAgIC0gJy0tZGF0YWJhc2VzJwogICAgICAtICcxJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIHJlZGlzLWNsaQogICAgICAgIC0gcGluZwogICAgICBpbnRlcnZhbDogMTBzCiAgICAgIHRpbWVvdXQ6IDVzCiAgICAgIHJldHJpZXM6IDUK",
"compose": "c2VydmljZXM6CiAgb3duY2xvdWQ6CiAgICBpbWFnZTogJ293bmNsb3VkL3NlcnZlcjpsYXRlc3QnCiAgICBkZXBlbmRzX29uOgogICAgICBtYXJpYWRiOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICAgIHJlZGlzOgogICAgICAgIGNvbmRpdGlvbjogc2VydmljZV9oZWFsdGh5CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBTRVJWSUNFX1VSTF9PV05DTE9VRF84MDgwCiAgICAgIC0gJ09XTkNMT1VEX0RPTUFJTj0ke1NFUlZJQ0VfRlFETl9PV05DTE9VRH0nCiAgICAgIC0gJ09XTkNMT1VEX1RSVVNURURfRE9NQUlOUz0ke1NFUlZJQ0VfRlFETl9PV05DTE9VRH0nCiAgICAgIC0gT1dOQ0xPVURfREJfVFlQRT1teXNxbAogICAgICAtIE9XTkNMT1VEX0RCX0hPU1Q9bWFyaWFkYgogICAgICAtICdPV05DTE9VRF9EQl9OQU1FPSR7REJfTkFNRTotb3duY2xvdWR9JwogICAgICAtICdPV05DTE9VRF9EQl9VU0VSTkFNRT0ke1NFUlZJQ0VfVVNFUl9NQVJJQURCfScKICAgICAgLSAnT1dOQ0xPVURfREJfUEFTU1dPUkQ9JHtTRVJWSUNFX1BBU1NXT1JEX01BUklBREJ9JwogICAgICAtICdPV05DTE9VRF9BRE1JTl9VU0VSTkFNRT0ke1NFUlZJQ0VfVVNFUl9PV05DTE9VRH0nCiAgICAgIC0gJ09XTkNMT1VEX0FETUlOX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9PV05DTE9VRH0nCiAgICAgIC0gJ09XTkNMT1VEX01ZU1FMX1VURjhNQjQ9JHtNWVNRTF9VVEY4TUI0Oi10cnVlfScKICAgICAgLSAnT1dOQ0xPVURfUkVESVNfRU5BQkxFRD0ke1JFRElTX0VOQUJMRUQ6LXRydWV9JwogICAgICAtIE9XTkNMT1VEX1JFRElTX0hPU1Q9cmVkaXMKICAgIGhlYWx0aGNoZWNrOgogICAgICB0ZXN0OgogICAgICAgIC0gQ01ECiAgICAgICAgLSAvdXNyL2Jpbi9oZWFsdGhjaGVjawogICAgICBpbnRlcnZhbDogMzBzCiAgICAgIHRpbWVvdXQ6IDEwcwogICAgICByZXRyaWVzOiA1CiAgICB2b2x1bWVzOgogICAgICAtICdvd25jbG91ZC1kYXRhOi9tbnQvZGF0YScKICBtYXJpYWRiOgogICAgaW1hZ2U6ICdtYXJpYWRiOmxhdGVzdCcKICAgIGVudmlyb25tZW50OgogICAgICAtICdNWVNRTF9ST09UX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NQVJJQURCUk9PVH0nCiAgICAgIC0gJ01ZU1FMX1VTRVI9JHtTRVJWSUNFX1VTRVJfTUFSSUFEQn0nCiAgICAgIC0gJ01ZU1FMX1BBU1NXT1JEPSR7U0VSVklDRV9QQVNTV09SRF9NQVJJQURCfScKICAgICAgLSAnTVlTUUxfREFUQUJBU0U9JHtEQl9OQU1FOi1vd25jbG91ZH0nCiAgICAgIC0gVFo9YXV0bwogICAgY29tbWFuZDoKICAgICAgLSAnLS1jaGFyYWN0ZXItc2V0LXNlcnZlcj11dGY4bWI0JwogICAgICAtICctLWNvbGxhdGlvbi1zZXJ2ZXI9dXRmOG1iNF9iaW4nCiAgICAgIC0gJy0tbWF4LWFsbG93ZWQtcGFja2V0PTEyOE0nCiAgICAgIC0gJy0taW5ub2RiLWxvZy1maWxlLXNpemU9NjRNJwogICAgaGVhbHRoY2hlY2s6CiAgICAgIHRlc3Q6CiAgICAgICAgLSBDTUQKICAgICAgICAtIGhlYWx0aGNoZWNrLnNoCiAgICAgICAgLSAnLS1jb25uZWN0JwogICAgICAgIC0gJy0taW5ub2RiX2luaXRpYWxpemVkJwogICAgICBpbnRlcnZhbDogNXMKICAgICAgdGltZW91dDogMjBzCiAgICAgIHJldHJpZXM6IDEwCiAgICB2b2x1bWVzOgogICAgICAtICdvd25jbG91ZC1teXNxbC1kYXRhOi92YXIvbGliL215c3FsJwogIHJlZGlzOgogICAgaW1hZ2U6ICdyZWRpczo2JwogICAgY29tbWFuZDoKICAgICAgLSAnLS1kYXRhYmFzZXMnCiAgICAgIC0gJzEnCiAgICBoZWFsdGhjaGVjazoKICAgICAgdGVzdDoKICAgICAgICAtIENNRAogICAgICAgIC0gcmVkaXMtY2xpCiAgICAgICAgLSBwaW5nCiAgICAgIGludGVydmFsOiAxMHMKICAgICAgdGltZW91dDogNXMKICAgICAgcmV0cmllczogNQo=",
"tags": [
"owncloud",
"file-management",
tests/Feature/ApplicationStoppedAfterRestartLimitTest.php
+82
View File
@@ -0,0 +1,82 @@
<?php
use App\Actions\Application\StopApplication;
use App\Models\Application;
use App\Notifications\Application\RestartLimitReached;
function applicationWithRestartState(array $attributes = []): Application
{
$application = new Application;
$application->forceFill(array_merge([
'status' => 'exited:unhealthy',
'restart_count' => 2,
'max_restart_count' => 2,
'last_restart_type' => 'crash',
'last_restart_at' => now(),
], $attributes));
return $application;
}
it('detects applications stopped after reaching the crash restart limit', function () {
expect(applicationWithRestartState()->stoppedAfterRestartLimit())->toBeTrue()
->and(applicationWithRestartState(['status' => 'running:unhealthy'])->stoppedAfterRestartLimit())->toBeFalse()
->and(applicationWithRestartState(['restart_count' => 1])->stoppedAfterRestartLimit())->toBeFalse()
->and(applicationWithRestartState(['max_restart_count' => 0])->stoppedAfterRestartLimit())->toBeFalse()
->and(applicationWithRestartState(['last_restart_type' => null])->stoppedAfterRestartLimit())->toBeFalse();
});
it('shows a stopped after restart limit warning in the status badge', function () {
$html = view('components.status.index', [
'resource' => applicationWithRestartState(),
'showRefreshButton' => false,
])->render();
expect($html)->toContain('Stopped after reaching restart limit (2/2).')
->and($html)->toContain('Container has crashed and Coolify stopped it after 2 restart attempts.');
});
it('does not show the restart limit warning for a normal manual stop', function () {
$html = view('components.status.index', [
'resource' => applicationWithRestartState([
'restart_count' => 0,
'last_restart_type' => null,
]),
'showRefreshButton' => false,
])->render();
expect($html)->not->toContain('Stopped after reaching restart limit');
});
it('keeps restart tracking configurable when stopping an application', function () {
$method = new ReflectionMethod(StopApplication::class, 'handle');
$resetRestartCount = collect($method->getParameters())->firstWhere('name', 'resetRestartCount');
expect($resetRestartCount)->not->toBeNull()
->and($resetRestartCount->getDefaultValue())->toBeTrue();
});
it('uses the application link for restart limit notifications', function () {
$application = new class extends Application
{
public function link()
{
return 'https://coolify.test/project/link-from-model';
}
};
$application->forceFill([
'name' => 'crashy-app',
'uuid' => 'application-uuid',
'restart_count' => 2,
'max_restart_count' => 2,
]);
$application->setRelation('environment', (object) [
'uuid' => 'environment-uuid',
'name' => 'production',
'project' => (object) ['uuid' => 'project-uuid'],
]);
$notification = new RestartLimitReached($application);
expect($notification->resource_url)->toBe('https://coolify.test/project/link-from-model');
});
tests/Feature/CommandInjectionSecurityTest.php
+1
View File
@@ -733,6 +733,7 @@ describe('custom_docker_run_options validation', function () {
'--entrypoint "sh -c \'npm start\'"',
'--entrypoint "sh -c \'php artisan schedule:work\'"',
'--hostname "my-host"',
'--dns 10.0.0.10 --dns=1.1.1.1',
]);
});
tests/Feature/DockerCustomCommandsTest.php
+18
View File
@@ -46,6 +46,24 @@ test('ConvertIp', function () {
]);
});
test('ConvertDns', function () {
$input = '--dns 10.0.0.10 --dns=1.1.1.1';
$output = convertDockerRunToCompose($input);
expect($output)->toBe([
'dns' => ['10.0.0.10', '1.1.1.1'],
]);
});
test('ConvertDnsWithOtherOptions', function () {
$input = '--cap-add=NET_ADMIN --dns 10.0.0.10 --init';
$output = convertDockerRunToCompose($input);
expect($output)->toBe([
'cap_add' => ['NET_ADMIN'],
'dns' => ['10.0.0.10'],
'init' => true,
]);
});
test('ConvertPrivilegedAndInit', function () {
$input = '---privileged --init';
$output = convertDockerRunToCompose($input);
tests/Feature/EnvironmentVariableMultilineToggleViewTest.php
+25
View File
@@ -29,3 +29,28 @@ it('uses sans font for the developer bulk environment variable editor', function
->not->toContain('wire:model="variables" monospace')
->not->toContain('wire:model="variablesPreview" monospace');
});
it('renders the environment variable search field above the production title', function () {
$view = file_get_contents(resource_path('views/livewire/project/shared/environment-variable/all.blade.php'));
expect(strpos($view, 'aria-label="Search environment variables"'))
->toBeLessThan(strpos($view, '<h3>Production Environment Variables</h3>'));
});
it('renders a single no results message for empty environment variable searches', function () {
$view = file_get_contents(resource_path('views/livewire/project/shared/environment-variable/all.blade.php'));
expect($view)
->toContain('@if ($this->isSearchActive && ! $this->hasEnvironmentVariables)')
->toContain('<div>No environment variables found.</div>')
->toContain('@else');
});
it('only renders the production section when production variables are visible', function () {
$view = file_get_contents(resource_path('views/livewire/project/shared/environment-variable/all.blade.php'));
expect($view)
->toContain('@if ($this->environmentVariables->isNotEmpty() || $this->hardcodedEnvironmentVariables->isNotEmpty())')
->not->toContain('@forelse ($this->environmentVariables as $env)')
->not->toContain('@empty');
});
tests/Feature/EnvironmentVariableSearchTest.php
+251
View File
@@ -0,0 +1,251 @@
<?php
use App\Livewire\Project\Shared\EnvironmentVariable\All;
use App\Models\Application;
use App\Models\Environment;
use App\Models\EnvironmentVariable;
use App\Models\InstanceSettings;
use App\Models\Project;
use App\Models\Service;
use App\Models\Team;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function () {
InstanceSettings::forceCreate(['id' => 0]);
$this->user = User::factory()->create();
$this->team = Team::factory()->create();
$this->team->members()->attach($this->user, ['role' => 'owner']);
$this->project = Project::factory()->create([
'team_id' => $this->team->id,
]);
$this->environment = Environment::factory()->create([
'project_id' => $this->project->id,
]);
$this->actingAs($this->user);
});
it('filters production environment variables by key case-insensitively', function () {
$application = Application::factory()->create([
'environment_id' => $this->environment->id,
]);
EnvironmentVariable::create([
'key' => 'API_KEY',
'value' => 'secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
EnvironmentVariable::create([
'key' => 'DATABASE_URL',
'value' => 'postgres://example',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
$component = Livewire::test(All::class, ['resource' => $application])
->set('search', 'api');
expect($component->instance()->environmentVariables->pluck('key')->all())
->toBe(['API_KEY']);
});
it('treats production environment variable search wildcards literally', function () {
$application = Application::factory()->create([
'environment_id' => $this->environment->id,
]);
EnvironmentVariable::create([
'key' => 'API_KEY',
'value' => 'secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
EnvironmentVariable::create([
'key' => 'APIXKEY',
'value' => 'other-secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
EnvironmentVariable::create([
'key' => 'PERCENT%KEY',
'value' => 'percent-secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
$component = Livewire::test(All::class, ['resource' => $application])
->set('search', 'api_key');
expect($component->instance()->environmentVariables->pluck('key')->all())
->toBe(['API_KEY']);
$component->set('search', '%KEY');
expect($component->instance()->environmentVariables->pluck('key')->all())
->toBe(['PERCENT%KEY']);
});
it('filters preview environment variables by key case-insensitively', function () {
$application = Application::factory()->create([
'environment_id' => $this->environment->id,
]);
EnvironmentVariable::create([
'key' => 'PREVIEW_TOKEN',
'value' => 'preview-secret',
'is_preview' => true,
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
EnvironmentVariable::create([
'key' => 'OTHER_PREVIEW_VALUE',
'value' => 'preview-other',
'is_preview' => true,
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
$component = Livewire::test(All::class, ['resource' => $application])
->set('search', 'token');
expect($component->instance()->environmentVariablesPreview->pluck('key')->all())
->toBe(['PREVIEW_TOKEN']);
});
it('filters hardcoded Docker Compose environment variables by key case-insensitively', function () {
$service = Service::factory()->create([
'environment_id' => $this->environment->id,
'docker_compose_raw' => <<<'YAML'
services:
app:
image: nginx
environment:
API_TOKEN: hardcoded-secret
DATABASE_URL: postgres://example
YAML,
]);
$component = Livewire::test(All::class, ['resource' => $service])
->set('search', 'api');
expect($component->instance()->hardcodedEnvironmentVariables->pluck('key')->all())
->toBe(['API_TOKEN']);
});
it('does not show the empty production message when search only matches hardcoded variables', function () {
$service = Service::factory()->create([
'environment_id' => $this->environment->id,
'docker_compose_raw' => <<<'YAML'
services:
app:
image: nginx
environment:
API_TOKEN: hardcoded-secret
DATABASE_URL: postgres://example
YAML,
]);
Livewire::test(All::class, ['resource' => $service])
->set('search', 'api')
->assertSee('Production Environment Variables')
->assertSee('API_TOKEN')
->assertDontSee('No environment variables found.');
});
it('keeps developer view unfiltered after searching', function () {
$application = Application::factory()->create([
'environment_id' => $this->environment->id,
]);
EnvironmentVariable::create([
'key' => 'API_KEY',
'value' => 'secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
EnvironmentVariable::create([
'key' => 'DATABASE_URL',
'value' => 'postgres://example',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
$component = Livewire::test(All::class, ['resource' => $application])
->set('search', 'api')
->call('switch')
->assertSet('view', 'dev');
expect($component->get('variables'))
->toContain('API_KEY=secret')
->toContain('DATABASE_URL=postgres://example');
});
it('does not delete non-matching variables when saving developer view after searching', function () {
$application = Application::factory()->create([
'environment_id' => $this->environment->id,
]);
EnvironmentVariable::create([
'key' => 'API_KEY',
'value' => 'secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
EnvironmentVariable::create([
'key' => 'DATABASE_URL',
'value' => 'postgres://example',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
Livewire::test(All::class, ['resource' => $application])
->set('search', 'api')
->call('switch')
->call('submit');
expect($application->environment_variables()->pluck('key')->all())
->toContain('API_KEY')
->toContain('DATABASE_URL');
});
it('hides the preview section when search filters out all preview variables', function () {
$application = Application::factory()->create([
'environment_id' => $this->environment->id,
]);
EnvironmentVariable::create([
'key' => 'API_KEY',
'value' => 'secret',
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
$application->environment_variables_preview()->where('key', 'API_KEY')->delete();
EnvironmentVariable::create([
'key' => 'PREVIEW_TOKEN',
'value' => 'preview-secret',
'is_preview' => true,
'resourceable_type' => Application::class,
'resourceable_id' => $application->id,
]);
Livewire::test(All::class, ['resource' => $application])
->set('search', 'api')
->assertSee('Production Environment Variables')
->assertSee('API_KEY')
->assertDontSee('Preview Deployments Environment Variables')
->assertDontSee('PREVIEW_TOKEN');
});
tests/Feature/GitHttpTransportCommandsTest.php
+136
View File
@@ -0,0 +1,136 @@
<?php
use App\Models\Application;
use App\Models\ApplicationSetting;
use App\Models\GithubApp;
use App\Models\PrivateKey;
function applicationWithGitSettings(bool $shallow = true): Application
{
$application = new Application;
$application->forceFill([
'uuid' => 'test-app-uuid',
'git_repository' => 'coollabsio/private-app',
'git_branch' => 'main',
'git_commit_sha' => 'HEAD',
]);
$settings = new ApplicationSetting;
$settings->is_git_shallow_clone_enabled = $shallow;
$settings->is_git_submodules_enabled = false;
$settings->is_git_lfs_enabled = false;
$application->setRelation('settings', $settings);
return $application;
}
it('uses http 1 transport for public https source clones', function () {
$application = applicationWithGitSettings();
$source = new GithubApp;
$source->forceFill([
'html_url' => 'https://github.com',
'api_url' => 'https://api.github.com',
'is_public' => true,
]);
$application->setRelation('source', $source);
$result = $application->generateGitImportCommands(
deployment_uuid: 'test-deployment',
exec_in_docker: false,
);
expect($result['commands'])
->toContain("git -c http.version=HTTP/1.1 clone --depth=1 -b 'main' 'https://github.com/coollabsio/private-app' '/artifacts/test-deployment'")
->not->toContain('Primary repository import failed, retrying with HTTP/1.1')
->not->toContain('mktemp')
->not->toContain('git_retry_dir');
});
it('applies http 1 transport to https fetches after clone', function () {
$application = applicationWithGitSettings();
$application->git_commit_sha = 'abc123def456abc123def456abc123def456abc1';
$source = new GithubApp;
$source->forceFill([
'html_url' => 'https://github.com',
'api_url' => 'https://api.github.com',
'is_public' => true,
]);
$application->setRelation('source', $source);
$result = $application->generateGitImportCommands(
deployment_uuid: 'test-deployment',
exec_in_docker: false,
);
expect($result['commands'])
->toContain("git -c http.version=HTTP/1.1 fetch --depth=1 origin 'abc123def456abc123def456abc123def456abc1'")
->toContain("git -c http.version=HTTP/1.1 -c advice.detachedHead=false checkout 'abc123def456abc123def456abc123def456abc1'");
});
it('does not add http transport config to ssh deploy key clones', function () {
$application = applicationWithGitSettings();
$application->private_key_id = 1;
$application->setRelation('private_key', new class extends PrivateKey
{
public function getAttribute($key)
{
if ($key === 'private_key') {
return 'fake-private-key';
}
return parent::getAttribute($key);
}
});
$application->git_repository = 'git@github.com:coollabsio/private-app.git';
$result = $application->generateGitImportCommands(
deployment_uuid: 'test-deployment',
exec_in_docker: false,
);
expect($result['commands'])
->not->toContain('http.version=HTTP/1.1')
->not->toContain('Primary repository import failed, retrying with HTTP/1.1');
});
it('supports dedicated checkout directories for compose file loading', function () {
$application = applicationWithGitSettings();
$source = new GithubApp;
$source->forceFill([
'html_url' => 'https://github.com',
'api_url' => 'https://api.github.com',
'is_public' => true,
]);
$application->setRelation('source', $source);
$result = $application->generateGitImportCommands(
deployment_uuid: 'test-deployment',
only_checkout: true,
exec_in_docker: false,
custom_base_dir: 'checkout',
);
expect($result['commands'])
->toContain("git -c http.version=HTTP/1.1 clone --depth=1 --no-checkout -b 'main' 'https://github.com/coollabsio/private-app' 'checkout'")
->not->toContain('mktemp')
->not->toContain('git_retry_dir');
});
it('applies http 1 transport to custom bitbucket pull request checkout', function () {
$application = applicationWithGitSettings();
$application->git_repository = 'https://bitbucket.org/coollabsio/private-app.git';
$result = $application->generateGitImportCommands(
deployment_uuid: 'test-deployment',
pull_request_id: 123,
git_type: 'bitbucket',
exec_in_docker: false,
commit: 'abc123def456abc123def456abc123def456abc1',
);
expect($result['commands'])
->toContain("git -c http.version=HTTP/1.1 checkout 'abc123def456abc123def456abc123def456abc1'");
});
tests/Feature/GithubSourceChangeTest.php
+124
View File
@@ -7,6 +7,8 @@ use App\Models\PrivateKey;
use App\Models\Team;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Http;
use Livewire\Livewire;
uses(RefreshDatabase::class);
@@ -84,6 +86,67 @@ describe('GitHub Source Change Component', function () {
->assertSet('privateKeyId', null);
});
test('creates one-time states for manifest conversion and installation callbacks', function () {
$githubApp = GithubApp::create([
'name' => 'Test GitHub App',
'api_url' => 'https://api.github.com',
'html_url' => 'https://github.com',
'custom_user' => 'git',
'custom_port' => 22,
'team_id' => $this->team->id,
'is_system_wide' => false,
]);
$component = Livewire::withQueryParams(['github_app_uuid' => $githubApp->uuid])
->test(Change::class)
->assertSuccessful();
$manifestState = $component->get('manifestState');
$installationUrl = getInstallationPath($githubApp);
parse_str(parse_url($installationUrl, PHP_URL_QUERY), $query);
$installState = $query['state'] ?? null;
expect($manifestState)->not->toBeEmpty()
->and($installState)->not->toBeEmpty()
->and($installState)->not->toBe($manifestState)
->and($installationUrl)->not->toContain($githubApp->uuid)
->and(Cache::get('github-app-setup-state:'.hash('sha256', $manifestState)))
->toMatchArray([
'action' => 'manifest',
'github_app_id' => $githubApp->id,
'team_id' => $githubApp->team_id,
])
->and(Cache::get('github-app-setup-state:'.hash('sha256', $installState)))
->toMatchArray([
'action' => 'install',
'github_app_id' => $githubApp->id,
'team_id' => $githubApp->team_id,
]);
});
test('installation path is generated from the provided github app instance', function () {
$githubApp = new GithubApp;
$githubApp->forceFill([
'id' => 123,
'name' => 'Provided GitHub App',
'html_url' => 'https://github.example.com',
'team_id' => 456,
]);
$installationUrl = getInstallationPath($githubApp);
parse_str(parse_url($installationUrl, PHP_URL_QUERY), $query);
$installState = $query['state'] ?? null;
expect($installationUrl)->toStartWith('https://github.example.com/github-apps/provided-git-hub-app/installations/new?')
->and($installState)->not->toBeEmpty()
->and(Cache::get('github-app-setup-state:'.hash('sha256', $installState)))
->toMatchArray([
'action' => 'install',
'github_app_id' => 123,
'team_id' => 456,
]);
});
test('defaults webhook endpoint to app url when it is the first available endpoint', function () {
config(['app.url' => 'http://localhost:8000']);
@@ -305,4 +368,65 @@ describe('GitHub Source Change Component', function () {
return str_contains($message, 'Private Key not found');
});
});
test('checkPermissions syncs refetched permissions into input fields', function () {
$privateKey = PrivateKey::create([
'name' => 'Test Key',
'private_key' => validPrivateKey(),
'team_id' => $this->team->id,
]);
$githubApp = GithubApp::create([
'name' => 'Test GitHub App',
'api_url' => 'https://api.github.com',
'html_url' => 'https://github.com',
'custom_user' => 'git',
'custom_port' => 22,
'app_id' => 12345,
'installation_id' => 67890,
'client_id' => 'test-client-id',
'client_secret' => 'test-client-secret',
'webhook_secret' => 'test-webhook-secret',
'private_key_id' => $privateKey->id,
'team_id' => $this->team->id,
'is_system_wide' => false,
'contents' => null,
'metadata' => null,
'pull_requests' => null,
]);
Http::preventStrayRequests();
Http::fake([
'https://api.github.com/zen' => Http::response('Keep it logically awesome.', 200, [
'date' => now()->toRfc7231String(),
]),
'https://api.github.com/app' => Http::response([
'permissions' => [
'contents' => 'read',
'metadata' => 'read',
'pull_requests' => 'write',
],
]),
]);
Livewire::withQueryParams(['github_app_uuid' => $githubApp->uuid])
->test(Change::class)
->assertSuccessful()
->assertSet('name', 'test-git-hub-app')
->assertSet('contents', null)
->assertSet('metadata', null)
->assertSet('pullRequests', null)
->call('checkPermissions')
->assertDispatched('success')
->assertSet('name', 'test-git-hub-app')
->assertSet('contents', 'read')
->assertSet('metadata', 'read')
->assertSet('pullRequests', 'write');
$githubApp->refresh();
expect($githubApp->contents)->toBe('read')
->and($githubApp->metadata)->toBe('read')
->and($githubApp->pull_requests)->toBe('write');
});
});
tests/Feature/Livewire/SentinelComponentTest.php
+21
View File
@@ -0,0 +1,21 @@
<?php
it('keeps sentinel restarted events from re-syncing editable form fields', function () {
$componentSource = file_get_contents(app_path('Livewire/Server/Sentinel.php'));
preg_match('/public function handleSentinelRestarted\([^)]*\)\s*\{(?<body>.*?)\n \}/s', $componentSource, $matches);
expect($matches['body'] ?? '')
->toContain('$this->sentinelUpdatedAt = $this->server->sentinel_updated_at;')
->not->toContain('$this->syncData();');
});
it('dispatches a server navbar refresh after toggling sentinel', function () {
$componentSource = file_get_contents(app_path('Livewire/Server/Sentinel.php'));
preg_match('/public function toggleSentinel\([^)]*\).*?\{(?<body>.*?)
\}/s', $componentSource, $matches);
expect($matches['body'] ?? '')
->toContain("\$this->dispatch('refreshServerShow');");
});
tests/Feature/LogClipboardHandlerTest.php
+39
View File
@@ -0,0 +1,39 @@
<?php
use Illuminate\Support\Str;
function bladeView(string $path): string
{
return file_get_contents(base_path($path));
}
it('guards deployment log clipboard writes and reports promise failures', function () {
$view = bladeView('resources/views/livewire/project/application/deployment/show.blade.php');
expect($view)
->toContain('copyLogs()')
->toContain('navigator.clipboard?.writeText')
->toContain("Livewire.dispatch('error', ['Clipboard is not available. Please use HTTPS or localhost.']);")
->toContain("Livewire.dispatch('error', ['Failed to copy logs to clipboard.']);")
->toContain("Livewire.dispatch('success', ['Logs copied to clipboard.']);");
expect(Str::between($view, 'copyLogs() {', 'downloadLogs()'))
->toContain('navigator.clipboard?.writeText(content).then(() =>')
->not->toContain("navigator.clipboard.writeText(content);\n Livewire.dispatch('success'");
});
it('guards shared log clipboard writes and handles Livewire preparation failures', function () {
$view = bladeView('resources/views/livewire/project/shared/get-logs.blade.php');
expect($view)
->toContain('navigator.clipboard?.writeText')
->toContain("Livewire.dispatch('error', ['Clipboard is not available. Please use HTTPS or localhost.']);")
->toContain("Livewire.dispatch('error', ['Failed to copy logs to clipboard.']);")
->toContain("Livewire.dispatch('error', ['Failed to prepare logs for clipboard.']);")
->toContain("Livewire.dispatch('success', ['Logs copied to clipboard.']);");
expect($view)
->toContain('$wire.copyLogs().then(logs =>')
->toContain('}).catch(() => {')
->not->toContain('navigator.clipboard.writeText(logs);');
});
tests/Feature/OauthControllerTest.php
+2 -2
View File
@@ -30,7 +30,7 @@ it('logs in an existing user when the oauth provider returns a mixed-case email'
'email' => 'username@example.edu',
]);
$provider = \Mockery::mock();
$provider = Mockery::mock();
$provider->shouldReceive('setConfig')->once()->andReturnSelf();
$provider->shouldReceive('with')->once()->with(['hd' => 'example.com'])->andReturnSelf();
$provider->shouldReceive('user')->once()->andReturn((object) [
@@ -58,7 +58,7 @@ it('rejects oauth logins when the provider does not return an email address', fu
'is_registration_enabled' => true,
]);
$provider = \Mockery::mock();
$provider = Mockery::mock();
$provider->shouldReceive('setConfig')->once()->andReturnSelf();
$provider->shouldReceive('with')->once()->with(['hd' => 'example.com'])->andReturnSelf();
$provider->shouldReceive('user')->once()->andReturn((object) [
tests/Feature/ScheduledJobMonitoringTest.php
+128
View File
@@ -2,9 +2,15 @@
use App\Livewire\Settings\ScheduledJobs;
use App\Models\DockerCleanupExecution;
use App\Models\Environment;
use App\Models\Project;
use App\Models\ScheduledDatabaseBackup;
use App\Models\ScheduledDatabaseBackupExecution;
use App\Models\Server;
use App\Models\Service;
use App\Models\ServiceDatabase;
use App\Models\StandaloneDocker;
use App\Models\StandalonePostgresql;
use App\Models\Team;
use App\Models\User;
use App\Services\SchedulerLogParser;
@@ -13,6 +19,35 @@ use Livewire\Livewire;
uses(RefreshDatabase::class);
function withIsolatedScheduledLogsForMonitoringTest(callable $callback): mixed
{
$logDir = storage_path('logs');
if (! is_dir($logDir)) {
mkdir($logDir, 0755, true);
}
$renamed = [];
foreach (glob($logDir.'/scheduled-*.log') as $log) {
$tmp = $log.'.scheduled-jobs-test-bak';
rename($log, $tmp);
$renamed[$tmp] = $log;
}
try {
return $callback($logDir.'/scheduled-'.now()->format('Y-m-d').'.log');
} finally {
foreach (glob($logDir.'/scheduled-*.log') as $log) {
@unlink($log);
}
foreach ($renamed as $tmp => $original) {
if (file_exists($tmp)) {
rename($tmp, $original);
}
}
}
}
beforeEach(function () {
// Create root team (id 0) and root user
$this->rootTeam = Team::factory()->create(['id' => 0, 'name' => 'Root Team']);
@@ -270,3 +305,96 @@ test('skipped jobs show fallback when resource is deleted', function () {
rename($tmp, $original);
}
});
test('skipped service database backups render with service backup link', function () {
$this->actingAs($this->rootUser);
session(['currentTeam' => $this->rootTeam]);
$server = Server::factory()->create(['team_id' => $this->rootTeam->id]);
$destination = StandaloneDocker::where('server_id', $server->id)->firstOrFail();
$project = Project::factory()->create(['team_id' => $this->rootTeam->id]);
$environment = Environment::factory()->create(['project_id' => $project->id]);
$service = Service::factory()->create([
'server_id' => $server->id,
'destination_id' => $destination->id,
'destination_type' => $destination->getMorphClass(),
'environment_id' => $environment->id,
]);
$serviceDatabase = ServiceDatabase::create([
'service_id' => $service->id,
'name' => 'service-postgres',
'image' => 'postgres:16-alpine',
'custom_type' => 'postgresql',
]);
$backup = ScheduledDatabaseBackup::create([
'team_id' => $this->rootTeam->id,
'frequency' => '0 * * * *',
'database_id' => $serviceDatabase->id,
'database_type' => $serviceDatabase->getMorphClass(),
'enabled' => true,
]);
withIsolatedScheduledLogsForMonitoringTest(function (string $logPath) use ($backup, $project, $environment, $service, $serviceDatabase) {
file_put_contents(
$logPath,
'['.now()->format('Y-m-d H:i:s').'] production.INFO: Backup skipped {"type":"backup","skip_reason":"server_not_functional","backup_id":'.$backup->id.',"team_id":'.$this->rootTeam->id.'}'."\n"
);
$expectedUrl = route('project.service.database.backups', [
'project_uuid' => $project->uuid,
'environment_uuid' => $environment->uuid,
'service_uuid' => $service->uuid,
'stack_service_uuid' => $serviceDatabase->uuid,
]);
Livewire::test(ScheduledJobs::class)
->assertOk()
->assertSee('service-postgres')
->assertSeeHtml('href="'.$expectedUrl.'"');
});
});
test('skipped standalone database backups keep standalone backup link', function () {
$this->actingAs($this->rootUser);
session(['currentTeam' => $this->rootTeam]);
$server = Server::factory()->create(['team_id' => $this->rootTeam->id]);
$destination = StandaloneDocker::where('server_id', $server->id)->firstOrFail();
$project = Project::factory()->create(['team_id' => $this->rootTeam->id]);
$environment = Environment::factory()->create(['project_id' => $project->id]);
$database = StandalonePostgresql::create([
'name' => 'standalone-postgres',
'image' => 'postgres:16-alpine',
'postgres_user' => 'postgres',
'postgres_password' => 'password',
'postgres_db' => 'postgres',
'environment_id' => $environment->id,
'destination_id' => $destination->id,
'destination_type' => $destination->getMorphClass(),
]);
$backup = ScheduledDatabaseBackup::create([
'team_id' => $this->rootTeam->id,
'frequency' => '0 * * * *',
'database_id' => $database->id,
'database_type' => $database->getMorphClass(),
'enabled' => true,
]);
withIsolatedScheduledLogsForMonitoringTest(function (string $logPath) use ($backup, $project, $environment, $database) {
file_put_contents(
$logPath,
'['.now()->format('Y-m-d H:i:s').'] production.INFO: Backup skipped {"type":"backup","skip_reason":"server_not_functional","backup_id":'.$backup->id.',"team_id":'.$this->rootTeam->id.'}'."\n"
);
$expectedUrl = route('project.database.backup.index', [
'project_uuid' => $project->uuid,
'environment_uuid' => $environment->uuid,
'database_uuid' => $database->uuid,
]);
Livewire::test(ScheduledJobs::class)
->assertOk()
->assertSee('standalone-postgres')
->assertSeeHtml('href="'.$expectedUrl.'"');
});
});
tests/Feature/Security/GithubAppSetupCallbackTest.php
+113 -6
View File
@@ -199,8 +199,9 @@ it('rejects replayed github app manifest states', function () {
it('requires authentication before processing github app install callbacks', function () {
Http::preventStrayRequests();
cacheGithubAppSetupState('valid-install-state', 'install', $this->githubApp);
$this->get('/webhooks/source/github/install?source='.$this->githubApp->uuid.'&setup_action=install&installation_id=123456')
$this->get('/webhooks/source/github/install?state=valid-install-state&setup_action=install&installation_id=123456')
->assertRedirect();
Http::assertNothingSent();
@@ -209,22 +210,110 @@ it('requires authentication before processing github app install callbacks', fun
expect($this->githubApp->installation_id)->toBeNull();
});
it('rejects github app install callbacks for an unknown github app', function () {
it('rejects github app install callbacks with an app uuid as state', function () {
authenticateGithubSetupCallbackTest($this);
Http::preventStrayRequests();
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?source=does-not-exist&setup_action=install&installation_id=123456')
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?state='.$this->githubApp->uuid.'&setup_action=install&installation_id=123456')
->assertNotFound();
Http::assertNothingSent();
});
it('redirects browser github app install callbacks with missing or expired state to sources', function () {
authenticateGithubSetupCallbackTest($this);
Http::preventStrayRequests();
$this->get('/webhooks/source/github/install?setup_action=install&installation_id=123456')
->assertRedirect(route('source.all'));
$this->get('/webhooks/source/github/install?state=expired-state&setup_action=install&installation_id=123456')
->assertRedirect(route('source.all'));
Http::assertNothingSent();
});
it('rejects github app setup states for the wrong callback action', function () {
authenticateGithubSetupCallbackTest($this);
Http::preventStrayRequests();
cacheGithubAppSetupState('manifest-state', 'manifest', $this->githubApp);
cacheGithubAppSetupState('install-state', 'install', $this->githubApp);
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?state=manifest-state&setup_action=install&installation_id=123456')
->assertNotFound();
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/redirect?state=install-state&code=real-code')
->assertNotFound();
Http::assertNothingSent();
});
it('allows github app install callbacks for repository update setup actions', function () {
authenticateGithubSetupCallbackTest($this);
configureGithubAppCredentials($this->githubApp);
$this->githubApp->forceFill(['installation_id' => 111111])->save();
Http::preventStrayRequests();
$this->get('/webhooks/source/github/install?setup_action=update&installation_id=111111')
->assertRedirect(route('source.github.show', ['github_app_uuid' => $this->githubApp->uuid]));
Http::assertNothingSent();
$this->githubApp->refresh();
expect($this->githubApp->installation_id)->toBe(111111);
});
it('redirects github app repository update callbacks without a matching source to the sources page', function () {
authenticateGithubSetupCallbackTest($this);
Http::preventStrayRequests();
$this->get('/webhooks/source/github/install?setup_action=update&installation_id=123456')
->assertRedirect(route('source.all'));
Http::assertNothingSent();
});
it('rejects github app install callbacks for unknown setup actions', function () {
authenticateGithubSetupCallbackTest($this);
Http::preventStrayRequests();
cacheGithubAppSetupState('valid-install-state', 'install', $this->githubApp);
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?state=valid-install-state&setup_action=remove&installation_id=123456')
->assertUnprocessable();
Http::assertNothingSent();
});
it('rejects github app setup states from another team', function () {
authenticateGithubSetupCallbackTest($this);
Http::preventStrayRequests();
$otherTeam = Team::factory()->create();
$otherGithubApp = GithubApp::create([
'name' => 'Other GitHub App',
'api_url' => 'https://api.github.com',
'html_url' => 'https://github.com',
'custom_user' => 'git',
'custom_port' => 22,
'team_id' => $otherTeam->id,
'is_system_wide' => false,
]);
cacheGithubAppSetupState('other-team-state', 'manifest', $otherGithubApp);
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/redirect?state=other-team-state&code=real-code')
->assertForbidden();
Http::assertNothingSent();
});
it('rejects an installation id that github does not confirm belongs to the app', function () {
authenticateGithubSetupCallbackTest($this);
configureGithubAppCredentials($this->githubApp);
fakeGithubInstallationVerificationFailure();
cacheGithubAppSetupState('valid-install-state', 'install', $this->githubApp);
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?source='.$this->githubApp->uuid.'&setup_action=install&installation_id=999999')
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?state=valid-install-state&setup_action=install&installation_id=999999')
->assertForbidden();
$this->githubApp->refresh();
@@ -235,21 +324,39 @@ it('sets installation id when github confirms it belongs to the app', function (
authenticateGithubSetupCallbackTest($this);
configureGithubAppCredentials($this->githubApp);
fakeGithubInstallationVerification($this->githubApp->app_id);
cacheGithubAppSetupState('valid-install-state', 'install', $this->githubApp);
$this->get('/webhooks/source/github/install?source='.$this->githubApp->uuid.'&setup_action=install&installation_id=123456')
$this->get('/webhooks/source/github/install?state=valid-install-state&setup_action=install&installation_id=123456')
->assertRedirect(route('source.github.show', ['github_app_uuid' => $this->githubApp->uuid]));
$this->githubApp->refresh();
expect($this->githubApp->installation_id)->toBe(123456);
});
it('rejects replayed github app install states', function () {
authenticateGithubSetupCallbackTest($this);
configureGithubAppCredentials($this->githubApp);
fakeGithubInstallationVerification($this->githubApp->app_id);
cacheGithubAppSetupState('valid-install-state', 'install', $this->githubApp);
$this->get('/webhooks/source/github/install?state=valid-install-state&setup_action=install&installation_id=123456')
->assertRedirect();
$this->withHeader('Accept', 'application/json')->get('/webhooks/source/github/install?state=valid-install-state&setup_action=install&installation_id=123456')
->assertNotFound();
$this->githubApp->refresh();
expect($this->githubApp->installation_id)->toBe(123456);
});
it('allows reinstalling an already configured github app installation id', function () {
authenticateGithubSetupCallbackTest($this);
configureGithubAppCredentials($this->githubApp);
$this->githubApp->forceFill(['installation_id' => 111111])->save();
fakeGithubInstallationVerification($this->githubApp->app_id);
cacheGithubAppSetupState('valid-install-state', 'install', $this->githubApp);
$this->get('/webhooks/source/github/install?source='.$this->githubApp->uuid.'&setup_action=install&installation_id=222222')
$this->get('/webhooks/source/github/install?state=valid-install-state&setup_action=install&installation_id=222222')
->assertRedirect(route('source.github.show', ['github_app_uuid' => $this->githubApp->uuid]));
$this->githubApp->refresh();

Some files were not shown because too many files have changed in this diff Show More