Merge remote-tracking branch 'upstream/main' into feat/39

.env.example

@@ -1,21 +1,19 @@
 # Keys
-# Required keys for platform encryption/decryption ops
-PRIVATE_KEY=replace_with_nacl_sk
-PUBLIC_KEY=replace_with_nacl_pk
-ENCRYPTION_KEY=replace_with_lengthy_secure_hex
+# Required key for platform encryption/decryption ops
+ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218
 
 # JWT
 # Required secrets to sign JWT tokens
-JWT_SIGNUP_SECRET=replace_with_lengthy_secure_hex
-JWT_REFRESH_SECRET=replace_with_lengthy_secure_hex
-JWT_AUTH_SECRET=replace_with_lengthy_secure_hex
+JWT_SIGNUP_SECRET=3679e04ca949f914c03332aaaeba805a
+JWT_REFRESH_SECRET=5f2f3c8f0159068dc2bbb3a652a716ff
+JWT_AUTH_SECRET=4be6ba5602e0fa0ac6ac05c3cd4d247f
+JWT_SERVICE_SECRET=f32f716d70a42c5703f4656015e76200
 
 # JWT lifetime
 # Optional lifetimes for JWT tokens expressed in seconds or a string 
 # describing a time span (e.g. 60, "2 days", "10h", "7d")
 JWT_AUTH_LIFETIME=
 JWT_REFRESH_LIFETIME=
-JWT_SERVICE_SECRET=
 JWT_SIGNUP_LIFETIME=
 
 # Optional lifetimes for OTP expressed in seconds
@@ -33,21 +31,28 @@ MONGO_PASSWORD=example
 
 # Website URL
 # Required
-
 SITE_URL=http://localhost:8080
 
 # Mail/SMTP
-# Required to send emails
-# By default, SMTP_HOST is set to smtp.gmail.com
-SMTP_HOST=smtp.gmail.com
-SMTP_NAME=Team
-SMTP_USERNAME=[email protected]
-SMTP_PASSWORD=
+SMTP_HOST= # required
+SMTP_USERNAME= # required
+SMTP_PASSWORD= # required
+SMTP_PORT=587
+SMTP_SECURE=false
+SMTP_FROM_ADDRESS= # required
+SMTP_FROM_NAME=Infisical
 
 # Integration
 # Optional only if integration is used
-OAUTH_CLIENT_SECRET_HEROKU=
-OAUTH_TOKEN_URL_HEROKU=
+CLIENT_ID_HEROKU=
+CLIENT_ID_VERCEL=
+CLIENT_ID_NETLIFY=
+CLIENT_ID_GITHUB=
+CLIENT_SECRET_HEROKU=
+CLIENT_SECRET_VERCEL=
+CLIENT_SECRET_NETLIFY=
+CLIENT_SECRET_GITHUB=
+CLIENT_SLUG_VERCEL=
 
 # Sentry (optional) for monitoring errors
 SENTRY_DSN=

.eslintignore

@@ -0,0 +1,3 @@
+node_modules
+built
+healthcheck.js

.github/resources/docker-compose.be-test.yml

@@ -0,0 +1,30 @@
+version: '3'
+
+services:
+  backend:
+    container_name: infisical-backend-test
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    image: infisical/backend:test
+    command: npm run start
+    environment:
+      - NODE_ENV=production
+      - MONGO_URL=mongodb://test:example@mongo:27017/?authSource=admin
+      - MONGO_USERNAME=test
+      - MONGO_PASSWORD=example
+    networks:
+      - infisical-test
+
+  mongo:
+    container_name: infisical-mongo-test
+    image: mongo
+    restart: always
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=test
+      - MONGO_INITDB_ROOT_PASSWORD=example
+    networks:
+      - infisical-test
+
+networks:
+  infisical-test:

.github/resources/healthcheck.sh

@@ -0,0 +1,26 @@
+# Name of the target container to check
+container_name="$1"
+# Timeout in seconds. Default: 60
+timeout=$((${2:-60}));
+
+if [ -z $container_name ]; then
+  echo "No container name specified";
+  exit 1;
+fi
+
+echo "Container: $container_name";
+echo "Timeout: $timeout sec";
+
+try=0;
+is_healthy="false";
+while [ $is_healthy != "true" ];
+do
+  try=$(($try + 1));
+  printf "■";
+  is_healthy=$(docker inspect --format='{{json .State.Health}}' $container_name | jq '.Status == "healthy"');
+  sleep 1;
+  if [[ $try -eq $timeout ]]; then
+    echo " Container was not ready within timeout";
+    exit 1;
+  fi
+done

.github/workflows/be-test-report.yml

@@ -0,0 +1,41 @@
+name: "Backend Test Report"
+
+on:
+  workflow_run:
+    workflows: ["Check Backend Pull Request"]
+    types:
+      - completed
+
+jobs:
+  be-report:
+    name: Backend test report
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: 📁 Download test results
+        id: download-artifact
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          name: be-test-results
+          path: backend
+          workflow: check-be-pull-request.yml
+          workflow_conclusion: success
+      - name: 📋 Publish test results
+        uses: dorny/test-reporter@v1
+        with:
+          name: Test Results
+          path: reports/jest-*.xml
+          reporter: jest-junit
+          working-directory: backend
+      - name: 📋 Publish coverage
+        uses: ArtiomTr/jest-coverage-report-action@v2
+        id: coverage
+        with:
+          output: comment, report-markdown
+          coverage-file: coverage/report.json
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          working-directory: backend
+      - uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          message: ${{ steps.coverage.outputs.report }}

.github/workflows/check-be-pull-request.yml

@@ -0,0 +1,42 @@
+name: "Check Backend Pull Request"
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - "backend/**"
+      - "!backend/README.md"
+      - "!backend/.*"
+      - "backend/.eslintrc.js"
+
+jobs:
+  check-be-pr:
+    name: Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      - name: 🔧 Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+          cache: "npm"
+          cache-dependency-path: backend/package-lock.json
+      - name: 📦 Install dependencies
+        run: npm ci --only-production --ignore-scripts
+        working-directory: backend
+      - name: 🧪 Run tests
+        run: npm run test:ci
+        working-directory: backend
+      - name: 📁 Upload test results
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: be-test-results
+          path: |
+            ./backend/reports
+            ./backend/coverage
+      - name: 🏗️ Run build
+        run: npm run build
+        working-directory: backend

.github/workflows/check-fe-pull-request.yml

@@ -0,0 +1,41 @@
+name: Check Frontend Pull Request
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    paths:
+      - 'frontend/**'
+      - '!frontend/README.md'
+      - '!frontend/.*'
+      - 'frontend/.eslintrc.js'
+
+
+jobs:
+
+  check-fe-pr:
+    name: Check
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      -
+        name: 📦 Install dependencies
+        run: npm ci --only-production --ignore-scripts
+        working-directory: frontend
+      # -
+      #   name: 🧪 Run tests
+      #   run: npm run test:ci
+      #   working-directory: frontend
+      -
+        name: 🏗️ Run build
+        run: npm run build
+        working-directory: frontend

.github/workflows/docker-image.yml

@@ -3,35 +3,84 @@ name: Push to Docker Hub
 on: [workflow_dispatch]
 
 jobs:
-  docker:
+  backend-image:
+    name: Build backend image
     runs-on: ubuntu-latest
+
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      - name: 🔧 Set up QEMU
         uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
+      - name: 🔧 Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      -
-        name: Login to Docker Hub
+      - name: 🐋 Login to Docker Hub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      -
-        name: Build and push backend
+      - name: 📦 Build backend and export to Docker
         uses: docker/build-push-action@v3
         with:
-          push: true
+          load: true
           context: backend
           tags: infisical/backend:test
-      -
-        name: Build and push frontend
+      - name: ⏻ Spawn backend container and dependencies
+        run: |
+          docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
+      - name: 🧪 Test backend image
+        run: |
+          ./.github/resources/healthcheck.sh infisical-backend-test
+      - name: ⏻ Shut down backend container and dependencies
+        run: |
+          docker compose -f .github/resources/docker-compose.be-test.yml down
+      - name: 🏗️ Build backend and push
         uses: docker/build-push-action@v3
         with:
           push: true
-          file: frontend/Dockerfile.dev
+          context: backend
+          tags: infisical/backend:latest
+          platforms: linux/amd64,linux/arm64
+
+  frontend-image:
+    name: Build frontend image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      - name: 🔧 Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: 📦 Build frontend and export to Docker
+        uses: docker/build-push-action@v3
+        with:
+          load: true
           context: frontend
           tags: infisical/frontend:test
+          build-args: |
+            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
+      - name: ⏻ Spawn frontend container
+        run: |
+          docker run -d --rm --name infisical-frontend-test infisical/frontend:test
+      - name: 🧪 Test frontend image
+        run: |
+          ./.github/resources/healthcheck.sh infisical-frontend-test
+      - name: ⏻ Shut down frontend container
+        run: |
+          docker stop infisical-frontend-test
+      - name: 🏗️ Build frontend and push
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: frontend
+          tags: infisical/frontend:latest
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}