dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

a ton 👷‍♂️

Browse Source
This commit is contained in:
Andras Bacsai
2023-05-24 14:26:50 +02:00
parent 8677b1d85d
commit 6e7ee0ca48
67 changed files with 754 additions and 992 deletions
Download Patch File Download Diff File Expand all files Collapse all files

328
bootstrap/helpers.php
View File

@@ -1,328 +0,0 @@
<?php
use App\Actions\CoolifyTask\PrepareCoolifyTask;
use App\Data\CoolifyTaskArgs;
use App\Models\GithubApp;
use App\Models\Server;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\QueryException;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Process;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Storage;
use Spatie\Activitylog\Contracts\Activity;
use Illuminate\Support\Str;
use Visus\Cuid2\Cuid2;
if (!function_exists('generalErrorHandler')) {
function generalErrorHandler(\Throwable $e, $that = null, $isJson = false)
{
try {
if ($e instanceof QueryException) {
if ($e->errorInfo[0] === '23505') {
throw new \Exception('Duplicate entry found.', '23505');
} else if (count($e->errorInfo) === 4) {
throw new \Exception($e->errorInfo[3]);
} else {
throw new \Exception($e->errorInfo[2]);
}
} else {
throw new \Exception($e->getMessage());
}
} catch (\Throwable $error) {
if ($that) {
return $that->emit('error', $error->getMessage());
} elseif ($isJson) {
return response()->json([
'code' => $error->getCode(),
'error' => $error->getMessage(),
]);
} else {
// dump($error);
}
}
}
}
if (!function_exists('remoteProcess')) {
/**
* Run a Remote Process, which SSH's asynchronously into a machine to run the command(s).
* @TODO Change 'root' to 'coolify' when it's able to run Docker commands without sudo
*
*/
function remoteProcess(
array $command,
Server $server,
string $type,
?string $type_uuid = null,
?Model $model = null,
): Activity {
$command_string = implode("\n", $command);
// @TODO: Check if the user has access to this server
// checkTeam($server->team_id);
$private_key_location = savePrivateKeyForServer($server);
return resolve(PrepareCoolifyTask::class, [
'remoteProcessArgs' => new CoolifyTaskArgs(
server_ip: $server->ip,
private_key_location: $private_key_location,
command: <<<EOT
{$command_string}
EOT,
port: $server->port,
user: $server->user,
type: $type,
type_uuid: $type_uuid,
model: $model,
),
])();
}
}
// function checkTeam(string $team_id)
// {
// $found_team = auth()->user()->teams->pluck('id')->contains($team_id);
// if (!$found_team) {
// throw new \RuntimeException('You do not have access to this server.');
// }
// }
if (!function_exists('savePrivateKeyForServer')) {
function savePrivateKeyForServer(Server $server)
{
$temp_file = "id.root@{$server->ip}";
Storage::disk('ssh-keys')->put($temp_file, $server->privateKey->private_key);
return '/var/www/html/storage/app/ssh-keys/' . $temp_file;
}
}
if (!function_exists('generateSshCommand')) {
function generateSshCommand(string $private_key_location, string $server_ip, string $user, string $port, string $command, bool $isMux = true)
{
Storage::disk('local')->makeDirectory('.ssh');
$delimiter = 'EOF-COOLIFY-SSH';
$ssh_command = "ssh ";
if ($isMux && config('coolify.mux_enabled')) {
$ssh_command .= '-o ControlMaster=auto -o ControlPersist=1m -o ControlPath=/var/www/html/storage/app/.ssh/ssh_mux_%h_%p_%r ';
}
$ssh_command .= "-i {$private_key_location} "
. '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
. '-o PasswordAuthentication=no '
. '-o ConnectTimeout=3600 '
. '-o ServerAliveInterval=20 '
. '-o RequestTTY=no '
. '-o LogLevel=ERROR '
. "-p {$port} "
. "{$user}@{$server_ip} "
. " 'bash -se' << \\$delimiter" . PHP_EOL
. $command . PHP_EOL
. $delimiter;
return $ssh_command;
}
}
if (!function_exists('formatDockerCmdOutputToJson')) {
function formatDockerCmdOutputToJson($rawOutput): Collection
{
$outputLines = explode(PHP_EOL, $rawOutput);
return collect($outputLines)
->reject(fn ($line) => empty($line))
->map(fn ($outputLine) => json_decode($outputLine, true, flags: JSON_THROW_ON_ERROR));
}
}
if (!function_exists('formatDockerLabelsToJson')) {
function formatDockerLabelsToJson($rawOutput): Collection
{
$outputLines = explode(PHP_EOL, $rawOutput);
return collect($outputLines)
->reject(fn ($line) => empty($line))
->map(function ($outputLine) {
$outputArray = explode(',', $outputLine);
return collect($outputArray)
->map(function ($outputLine) {
return explode('=', $outputLine);
})
->mapWithKeys(function ($outputLine) {
return [$outputLine[0] => $outputLine[1]];
});
})[0];
}
}
if (!function_exists('instantRemoteProcess')) {
function instantRemoteProcess(array $command, Server $server, $throwError = true)
{
$command_string = implode("\n", $command);
$private_key_location = savePrivateKeyForServer($server);
$ssh_command = generateSshCommand($private_key_location, $server->ip, $server->user, $server->port, $command_string);
$process = Process::run($ssh_command);
$output = trim($process->output());
$exitCode = $process->exitCode();
if ($exitCode !== 0) {
if (!$throwError) {
return null;
}
throw new \RuntimeException($process->errorOutput());
}
return $output;
}
}
if (!function_exists('getLatestVersionOfCoolify')) {
function getLatestVersionOfCoolify()
{
$response = Http::get('https://coolify-cdn.b-cdn.net/versions.json');
$versions = $response->json();
return data_get($versions, 'coolify.v4.version');
}
}
if (!function_exists('generateRandomName')) {
function generateRandomName()
{
$generator = \Nubs\RandomNameGenerator\All::create();
$cuid = new Cuid2(7);
return Str::kebab("{$generator->getName()}-{$cuid}");
}
}
use Lcobucci\JWT\Encoding\ChainedFormatter;
use Lcobucci\JWT\Encoding\JoseEncoder;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token\Builder;
use Symfony\Component\Yaml\Yaml;
if (!function_exists('generate_github_installation_token')) {
function generate_github_installation_token(GithubApp $source)
{
$signingKey = InMemory::plainText($source->privateKey->private_key);
$algorithm = new Sha256();
$tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
$now = new DateTimeImmutable();
$now = $now->setTime($now->format('H'), $now->format('i'));
$issuedToken = $tokenBuilder
->issuedBy($source->app_id)
->issuedAt($now)
->expiresAt($now->modify('+10 minutes'))
->getToken($algorithm, $signingKey)
->toString();
$token = Http::withHeaders([
'Authorization' => "Bearer $issuedToken",
'Accept' => 'application/vnd.github.machine-man-preview+json'
])->post("{$source->api_url}/app/installations/{$source->installation_id}/access_tokens");
if ($token->failed()) {
throw new \Exception("Failed to get access token for " . $source->name . " with error: " . $token->json()['message']);
}
return $token->json()['token'];
}
}
if (!function_exists('generate_github_jwt_token')) {
function generate_github_jwt_token(GithubApp $source)
{
$signingKey = InMemory::plainText($source->privateKey->private_key);
$algorithm = new Sha256();
$tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
$now = new DateTimeImmutable();
$now = $now->setTime($now->format('H'), $now->format('i'));
$issuedToken = $tokenBuilder
->issuedBy($source->app_id)
->issuedAt($now->modify('-1 minute'))
->expiresAt($now->modify('+10 minutes'))
->getToken($algorithm, $signingKey)
->toString();
return $issuedToken;
}
}
if (!function_exists('getParameters')) {
function getParameters()
{
return Route::current()->parameters();
}
}
if (!function_exists('checkContainerStatus')) {
function checkContainerStatus(Server $server, string $container_id, bool $throwError = false)
{
$container = instantRemoteProcess(["docker inspect --format '{{json .State}}' {$container_id}"], $server, $throwError);
if (!$container) {
return 'exited';
}
$container = formatDockerCmdOutputToJson($container);
return $container[0]['Status'];
}
}
if (!function_exists('getProxyConfiguration')) {
function getProxyConfiguration(Server $server)
{
$proxy_path = config('coolify.proxy_config_path');
$networks = collect($server->standaloneDockers)->map(function ($docker) {
return $docker['network'];
})->unique();
if ($networks->count() === 0) {
$networks = collect(['coolify']);
}
$array_of_networks = collect([]);
$networks->map(function ($network) use ($array_of_networks) {
$array_of_networks[$network] = [
"external" => true,
];
});
$config = [
"version" => "3.8",
"networks" => $array_of_networks->toArray(),
"services" => [
"traefik" => [
"container_name" => "coolify-proxy",
"image" => "traefik:v2.10",
"restart" => "always",
"extra_hosts" => [
"host.docker.internal:host-gateway",
],
"networks" => $networks->toArray(),
"ports" => [
"80:80",
"443:443",
"8080:8080",
],
"volumes" => [
"/var/run/docker.sock:/var/run/docker.sock:ro",
"{$proxy_path}:/traefik",
],
"command" => [
"--api.dashboard=true",
"--api.insecure=true",
"--entrypoints.http.address=:80",
"--entrypoints.https.address=:443",
"--providers.docker=true",
"--providers.docker.exposedbydefault=false",
"--providers.file.directory=/traefik/dynamic-conf/",
"--providers.file.watch=true",
"--certificatesresolvers.letsencrypt.acme.httpchallenge=true",
"--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json",
"--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http",
],
"labels" => [
"traefik.enable=true",
"traefik.http.routers.traefik.entrypoints=http",
'traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)',
"traefik.http.routers.traefik.middlewares=traefik-basic-auth@file",
"traefik.http.routers.traefik.service=api@internal",
"traefik.http.services.traefik.loadbalancer.server.port=8080",
"traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https",
"traefik.http.middlewares.gzip.compress=true",
],
],
],
];
if (config('app.env') === 'local') {
$config['services']['traefik']['command'][] = "--log.level=debug";
}
return Yaml::dump($config, 4, 2);
}
}

32
bootstrap/helpers/applications.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use App\Jobs\ApplicationDeploymentJob;
use App\Models\Application;
use App\Models\ApplicationDeploymentQueue;
function queue_application_deployment(Application $application, $metadata)
{
$deployment = ApplicationDeploymentQueue::create([
'application_id' => $application->id,
'metadata' => $metadata,
]);
$queued_deployments = ApplicationDeploymentQueue::where('application_id', $application->id)->where('status', 'queued')->get()->sortByDesc('created_at');
$running_deployments = ApplicationDeploymentQueue::where('application_id', $application->id)->where('status', 'in_progress')->get()->sortByDesc('created_at');
if ($queued_deployments->count() > 1) {
$queued_deployments = $queued_deployments->skip(1);
$queued_deployments->each(function ($queued_deployment, $key) {
$queued_deployment->status = 'cancelled by system';
$queued_deployment->save();
});
}
if ($running_deployments->count() > 0) {
return;
}
dispatch(new ApplicationDeploymentJob(
application_deployment_queue_id: $deployment->id,
deployment_uuid: $metadata['deployment_uuid'],
application_uuid: $metadata['application_uuid'],
force_rebuild: $metadata['force_rebuild'],
commit: $metadata['commit'] ?? null,
));
}

40
bootstrap/helpers/docker.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
use App\Models\Server;
use Illuminate\Support\Collection;
function format_docker_command_output_to_json($rawOutput): Collection
{
$outputLines = explode(PHP_EOL, $rawOutput);
return collect($outputLines)
->reject(fn ($line) => empty($line))
->map(fn ($outputLine) => json_decode($outputLine, true, flags: JSON_THROW_ON_ERROR));
}
function format_docker_labels_to_json($rawOutput): Collection
{
$outputLines = explode(PHP_EOL, $rawOutput);
return collect($outputLines)
->reject(fn ($line) => empty($line))
->map(function ($outputLine) {
$outputArray = explode(',', $outputLine);
return collect($outputArray)
->map(function ($outputLine) {
return explode('=', $outputLine);
})
->mapWithKeys(function ($outputLine) {
return [$outputLine[0] => $outputLine[1]];
});
})[0];
}
function get_container_status(Server $server, string $container_id, bool $throwError = false)
{
$container = instantRemoteProcess(["docker inspect --format '{{json .State}}' {$container_id}"], $server, $throwError);
if (!$container) {
return 'exited';
}
$container = format_docker_command_output_to_json($container);
return $container[0]['Status'];
}

47
bootstrap/helpers/github.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
use App\Models\GithubApp;
use Illuminate\Support\Facades\Http;
use Lcobucci\JWT\Encoding\ChainedFormatter;
use Lcobucci\JWT\Encoding\JoseEncoder;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token\Builder;
function generate_github_installation_token(GithubApp $source)
{
$signingKey = InMemory::plainText($source->privateKey->private_key);
$algorithm = new Sha256();
$tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
$now = new DateTimeImmutable();
$now = $now->setTime($now->format('H'), $now->format('i'));
$issuedToken = $tokenBuilder
->issuedBy($source->app_id)
->issuedAt($now)
->expiresAt($now->modify('+10 minutes'))
->getToken($algorithm, $signingKey)
->toString();
$token = Http::withHeaders([
'Authorization' => "Bearer $issuedToken",
'Accept' => 'application/vnd.github.machine-man-preview+json'
])->post("{$source->api_url}/app/installations/{$source->installation_id}/access_tokens");
if ($token->failed()) {
throw new \Exception("Failed to get access token for " . $source->name . " with error: " . $token->json()['message']);
}
return $token->json()['token'];
}
function generate_github_jwt_token(GithubApp $source)
{
$signingKey = InMemory::plainText($source->privateKey->private_key);
$algorithm = new Sha256();
$tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
$now = new DateTimeImmutable();
$now = $now->setTime($now->format('H'), $now->format('i'));
$issuedToken = $tokenBuilder
->issuedBy($source->app_id)
->issuedAt($now->modify('-1 minute'))
->expiresAt($now->modify('+10 minutes'))
->getToken($algorithm, $signingKey)
->toString();
return $issuedToken;
}

74
bootstrap/helpers/proxy.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
use App\Models\Server;
use Symfony\Component\Yaml\Yaml;
if (!function_exists('getProxyConfiguration')) {
function getProxyConfiguration(Server $server)
{
$proxy_path = config('coolify.proxy_config_path');
$networks = collect($server->standaloneDockers)->map(function ($docker) {
return $docker['network'];
})->unique();
if ($networks->count() === 0) {
$networks = collect(['coolify']);
}
$array_of_networks = collect([]);
$networks->map(function ($network) use ($array_of_networks) {
$array_of_networks[$network] = [
"external" => true,
];
});
$config = [
"version" => "3.8",
"networks" => $array_of_networks->toArray(),
"services" => [
"traefik" => [
"container_name" => "coolify-proxy",
"image" => "traefik:v2.10",
"restart" => "always",
"extra_hosts" => [
"host.docker.internal:host-gateway",
],
"networks" => $networks->toArray(),
"ports" => [
"80:80",
"443:443",
"8080:8080",
],
"volumes" => [
"/var/run/docker.sock:/var/run/docker.sock:ro",
"{$proxy_path}:/traefik",
],
"command" => [
"--api.dashboard=true",
"--api.insecure=true",
"--entrypoints.http.address=:80",
"--entrypoints.https.address=:443",
"--providers.docker=true",
"--providers.docker.exposedbydefault=false",
"--providers.file.directory=/traefik/dynamic-conf/",
"--providers.file.watch=true",
"--certificatesresolvers.letsencrypt.acme.httpchallenge=true",
"--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json",
"--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http",
],
"labels" => [
"traefik.enable=true",
"traefik.http.routers.traefik.entrypoints=http",
'traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST}`)',
"traefik.http.routers.traefik.middlewares=traefik-basic-auth@file",
"traefik.http.routers.traefik.service=api@internal",
"traefik.http.services.traefik.loadbalancer.server.port=8080",
"traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https",
"traefik.http.middlewares.gzip.compress=true",
],
],
],
];
if (config('app.env') === 'local') {
$config['services']['traefik']['command'][] = "--log.level=debug";
}
return Yaml::dump($config, 4, 2);
}
}

102
bootstrap/helpers/remoteProcess.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
use App\Data\CoolifyTaskArgs;
use App\Models\Server;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\Process;
use Illuminate\Support\Facades\Storage;
use Spatie\Activitylog\Models\Activity;
if (!function_exists('remoteProcess')) {
/**
* Run a Remote Process, which SSH's asynchronously into a machine to run the command(s).
* @TODO Change 'root' to 'coolify' when it's able to run Docker commands without sudo
*
*/
function remoteProcess(
array $command,
Server $server,
string $type,
?string $type_uuid = null,
?Model $model = null,
): Activity {
$command_string = implode("\n", $command);
// @TODO: Check if the user has access to this server
// checkTeam($server->team_id);
$private_key_location = savePrivateKeyForServer($server);
return resolve(PrepareCoolifyTask::class, [
'remoteProcessArgs' => new CoolifyTaskArgs(
server_ip: $server->ip,
private_key_location: $private_key_location,
command: <<<EOT
{$command_string}
EOT,
port: $server->port,
user: $server->user,
type: $type,
type_uuid: $type_uuid,
model: $model,
),
])();
}
}
if (!function_exists('savePrivateKeyForServer')) {
function savePrivateKeyForServer(Server $server)
{
$temp_file = "id.root@{$server->ip}";
Storage::disk('ssh-keys')->put($temp_file, $server->privateKey->private_key);
return '/var/www/html/storage/app/ssh-keys/' . $temp_file;
}
}
if (!function_exists('generateSshCommand')) {
function generateSshCommand(string $private_key_location, string $server_ip, string $user, string $port, string $command, bool $isMux = true)
{
Storage::disk('local')->makeDirectory('.ssh');
$delimiter = 'EOF-COOLIFY-SSH';
$ssh_command = "ssh ";
if ($isMux && config('coolify.mux_enabled')) {
$ssh_command .= '-o ControlMaster=auto -o ControlPersist=1m -o ControlPath=/var/www/html/storage/app/.ssh/ssh_mux_%h_%p_%r ';
}
$ssh_command .= "-i {$private_key_location} "
. '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '
. '-o PasswordAuthentication=no '
. '-o ConnectTimeout=3600 '
. '-o ServerAliveInterval=20 '
. '-o RequestTTY=no '
. '-o LogLevel=ERROR '
. "-p {$port} "
. "{$user}@{$server_ip} "
. " 'bash -se' << \\$delimiter" . PHP_EOL
. $command . PHP_EOL
. $delimiter;
return $ssh_command;
}
}
if (!function_exists('instantRemoteProcess')) {
function instantRemoteProcess(array $command, Server $server, $throwError = true)
{
$command_string = implode("\n", $command);
$private_key_location = savePrivateKeyForServer($server);
$ssh_command = generateSshCommand($private_key_location, $server->ip, $server->user, $server->port, $command_string);
$process = Process::run($ssh_command);
$output = trim($process->output());
$exitCode = $process->exitCode();
if ($exitCode !== 0) {
if (!$throwError) {
return null;
}
throw new \RuntimeException($process->errorOutput());
}
return $output;
}
}

54
bootstrap/helpers/shared.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
use Illuminate\Database\QueryException;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Route;
use Visus\Cuid2\Cuid2;
use Illuminate\Support\Str;
function general_error_handler(\Throwable $e, $that = null, $isJson = false)
{
try {
if ($e instanceof QueryException) {
if ($e->errorInfo[0] === '23505') {
throw new \Exception('Duplicate entry found.', '23505');
} else if (count($e->errorInfo) === 4) {
throw new \Exception($e->errorInfo[3]);
} else {
throw new \Exception($e->errorInfo[2]);
}
} else {
throw new \Exception($e->getMessage());
}
} catch (\Throwable $error) {
if ($that) {
return $that->emit('error', $error->getMessage());
} elseif ($isJson) {
return response()->json([
'code' => $error->getCode(),
'error' => $error->getMessage(),
]);
} else {
// dump($error);
}
}
}
function get_parameters()
{
return Route::current()->parameters();
}
function get_latest_version_of_coolify()
{
$response = Http::get('https://coolify-cdn.b-cdn.net/versions.json');
$versions = $response->json();
return data_get($versions, 'coolify.v4.version');
}
function generate_random_name()
{
$generator = \Nubs\RandomNameGenerator\All::create();
$cuid = new Cuid2(7);
return Str::kebab("{$generator->getName()}-{$cuid}");
}

5
bootstrap/includeHelpers.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
$files = glob(__DIR__ . '/helpers/*.php');
foreach ($files as $file) {
require($file);
}