Conversation
* fix(settings): align sidebar with content and improve UX - Align Team sidebar with main content (remove Task Statuses, Priorities, Sizes, Labels) - Add Data Synchronization to Personal sidebar - Sync Personal section highlight (bold) via InteractionObserver and activeSettingPersonalTab - Use pathname.endsWith for locale-aware Personal/Team open state - Scroll main content on sidebar link click via scrollIntoView - Only one accordion open at a time (Personal vs Team) with onHeaderClick * coderabbitai suggestion * AI suggestion * - Fix common.MEMBERS / common.NO_PROJECT casing in en.json and use single source (no duplicate keys) - Remove unused pages.settings.working_hours from all locale files - Add controlled open prop to SidebarAccordian to avoid remount/flicker; drop key in settings menu - Add TODO for filtering PersonalAccordianData by managerOnly when role-based sidebar is implemented
Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.19.9 to 1.19.10. - [Release notes](https://github.com/honojs/node-server/releases) - [Commits](honojs/node-server@v1.19.9...v1.19.10) --- updated-dependencies: - dependency-name: "@hono/node-server" dependency-version: 1.19.10 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [hono](https://github.com/honojs/hono) from 4.12.2 to 4.12.5. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.2...v4.12.5) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…bile/hono-4.12.5 build(deps): bump hono from 4.12.2 to 4.12.5 in /apps/mobile
…bile/hono/node-server-1.19.10 build(deps): bump @hono/node-server from 1.19.9 to 1.19.10 in /apps/mobile
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 5.1.4 to 5.1.5. - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v5.1.4...v5.1.5) --- updated-dependencies: - dependency-name: immutable dependency-version: 5.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: svgo dependency-version: 3.3.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [svgo](https://github.com/svg/svgo) from 2.8.0 to 2.8.2. - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v2.8.0...v2.8.2) --- updated-dependencies: - dependency-name: svgo dependency-version: 2.8.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…tensions/svgo-2.8.2 build(deps): bump svgo from 2.8.0 to 2.8.2 in /apps/extensions
…bile/svgo-3.3.3 build(deps): bump svgo from 3.3.2 to 3.3.3 in /apps/mobile
…tensions/immutable-5.1.5 build(deps): bump immutable from 5.1.4 to 5.1.5 in /apps/extensions
* fix: server web ui * fix: enhance scrollbar styling for better visibility * fix: server web ui * fix: server web ui * fix: auto start at app startup * fix: code file structure * feat: implement SSL proxy server and update configurations * fix: ai suggestion * fix: ssl config * fix: ssl config * fix: ai suggestion
* fix: server config * fix: server config * fix: server config hostname
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.4 to 3.4.2. - [Commits](WebReflection/flatted@v3.3.4...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2. - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [next](https://github.com/vercel/next.js) from 16.1.6 to 16.1.7. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.1.6...v16.1.7) --- updated-dependencies: - dependency-name: next dependency-version: 16.1.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [hono](https://github.com/honojs/hono) from 4.12.5 to 4.12.7. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.5...v4.12.7) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.9 to 7.5.11. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.9...v7.5.11) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.1. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.23.0...v6.24.1) --- updated-dependencies: - dependency-name: undici dependency-version: 6.24.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: update localization files to include new terms and translations Added translations for "AND", "FORGOT_PASSWORD", "TERMS_OF_SERVICE", and "PRIVACY_POLICY" across multiple language files, enhancing the user interface for better accessibility and understanding. * style: update color variables and improve theme consistency Refactored color variables in Tailwind and global CSS files to use a more consistent color palette. Updated primary, secondary, and background colors to enhance visual coherence across the application. Adjusted radius and other related styles for better UI consistency. * refactor: enhance social login buttons with improved layout and accessibility Updated the SocialLogins component to use a more structured layout with a grid for social login buttons. Introduced a new Button component for better styling and accessibility. Simplified provider icon handling and ensured proper filtering of available providers based on environment variables. * refactor: improve UI components and add input component Updated the LanguageDropDownWithFlags component for better flag display and name retrieval. Enhanced SidebarAccordian and LeftSideSettingMenu components for improved styling consistency. Introduced a new Input component for standardized input handling across the application. * feat: enhance AuthLayout with header link and improved layout Updated the AuthLayout component to include a customizable header link for better navigation. Refactored the layout structure for improved responsiveness and visual appeal, including enhancements to the left and right panels, and added support for dark mode images. This update aims to provide a more cohesive user experience on authentication pages. * refactor: enhance authentication pages with improved layout and accessibility Updated the AuthPasscode, AuthPassword, and AuthSignup components to improve layout consistency and accessibility. Added header links for better navigation, refactored input fields for a more cohesive design, and ensured proper error handling. This update aims to enhance the user experience across authentication workflows. * refactor: improve layout and accessibility of authentication forms Updated the ForgotPasswordForm and ResetPasswordForm components to enhance layout consistency and accessibility. Refactored input fields for better usability, improved error handling, and adjusted styling for a more cohesive user experience across authentication workflows. * fix: deepscan issues * fix: spelling errors * fix: wrong alias * fix: correct variable aliasing in WorkSpaceComponent Updated variable names in the WorkSpaceComponent to ensure consistent usage of the 'workspace' alias, improving code clarity and reducing potential confusion in the component's logic. * feat: add internationalization support for social login buttons Enhanced the SocialLogins component by integrating translation support for the "or continue with" text. Updated localization files for multiple languages to include the new translation key, improving accessibility and user experience for non-English speakers. * refactor: improve code readability in WorkSpaceComponent Refactored the WorkSpaceComponent by adjusting the formatting of the map function for better clarity and changing the maximum width of the team name display to enhance UI consistency. These changes aim to improve code maintainability and user experience.
* feat(layout): introduce LayoutShell and PageLayout components for improved navigation and layout management - Added LayoutShell component to provide a persistent layout wrapper across page navigations. - Introduced LayoutShellContext to manage rendering behavior within the layout. - Created PageLayout component for page-specific content, designed to work within LayoutShell. - Updated MainLayout to conditionally render content based on LayoutShell context, optimizing sidebar usage. - Enhanced modularity and maintainability of layout components. * fix(sidebar): update sidebar background color and refactor links to use Next.js Link component - Changed sidebar background color from transparent to bg-sidebar for improved visibility. - Refactored navigation links in NavProjects and NavSecondary components to use Next.js Link for better routing performance and accessibility. * refactor(layout): replace MainLayout with PageLayout in skeleton components - Updated various skeleton components to utilize PageLayout instead of MainLayout for improved consistency and modularity. - Ensured that all page-level skeletons integrate seamlessly with the new PageLayout structure, enhancing maintainability and performance. * refactor(layout): replace MainLayout with PageLayout across various components - Updated multiple components to utilize PageLayout instead of MainLayout, enhancing consistency and modularity throughout the application. - Ensured seamless integration of PageLayout in settings, permissions, projects, and teams pages for improved maintainability. * refactor(layout): continue replacing MainLayout with PageLayout in profile and timesheet components - Updated ProfileErrorBoundary and TimeSheetPageContent components to utilize PageLayout instead of MainLayout, further enhancing consistency and modularity across the application. - Ensured that the transition to PageLayout maintains the intended layout and functionality. * refactor(web): replace MainLayout with PageLayout in various components - Updated multiple components to utilize PageLayout instead of MainLayout, enhancing consistency and modularity across the application. - Ensured that the transition to PageLayout maintains the intended layout and functionality in team, calendar, dashboard, and task pages. * feat(chat-panel): add resizable chat panel with toggle support (#4293) Add ChatPanelLayout to orchestrate chat/content split - Add ChatPanelContext to expose size, isOpen and controls - Fix z-index to ensure handle renders above sidebar * fix chat-panel scrolling * feat: add chat ai feature * update display text language * fix panel size for first page loading * clean unused chat-pane-context * apply suggestion from IA review * fix public page state on unMount * fix: invalid tailwind classes * add next-intl in chat panel * add next-intl in chat view component * correct chatConfig.API_KEY_HINT translation in next-intl asset --------- Co-authored-by: Alexandre Chambu <amanichambu48@gmail.com>
Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9. - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9) --- updated-dependencies: - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.4.0. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.3.3. - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.1.6...3.3.3) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.3.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.10 to 0.8.12. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.10...0.8.12) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-version: 0.8.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.11 to 0.8.12. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.11...0.8.12) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-version: 0.8.12 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Ruslan Konviser <evereq@gmail.com>
Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9. - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9) --- updated-dependencies: - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fix(timesheet): stabilize manual time log actions and enforce permission check ETP-26
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.4.0. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…fy-3.3.3 build(deps): bump dompurify from 3.1.6 to 3.3.3
…bile/xmldom/xmldom-0.8.12 build(deps): bump @xmldom/xmldom from 0.8.10 to 0.8.12 in /apps/mobile
…xmldom-0.8.12 build(deps): bump @xmldom/xmldom from 0.8.11 to 0.8.12
…bile/lodash-4.18.1 build(deps): bump lodash from 4.17.23 to 4.18.1 in /apps/mobile
Conservative scheduler reservations across all 6 ever-teams k8s manifests. Hierarchy: prod always larger than stage; stage == dev. All CPU requests <=100m; all MEM requests cover live `kubectl top pod` steady-state with a small headroom margin. | Container | CPU req | MEM req | Live max (DO gauzy) | |-----------------------|--------:|--------:|--------------------:| | ever-teams-prod-api | 100m | 768Mi | 481Mi @ 8m (x2 repl)| | ever-teams-stage-api | 50m | 512Mi | 436Mi | | ever-teams-dev-api | 50m | 512Mi | 663Mi (stale pod*) | | ever-teams-prod-webapp| 100m | 256Mi | 185Mi @ 1m (x2) | | ever-teams-stage-webapp| 50m | 192Mi | 181Mi | | ever-teams-dev-webapp | 50m | 192Mi | 188Mi | * dev-api's 663Mi reading came from a long-running pod likely carrying accumulated cache/leak. Fresh redeploy expected to land well under 512Mi; if not, this rollout will produce the data we need to size up. Existing limits preserved everywhere; this PR only adjusts scheduler-visible requests. Net cluster-wide drop on k8s-gauzy: ~5.4 CPU cores and ~5 GiB MEM freed across ever-teams workloads (prod-api dropped 900m + 768Mi, stage-api 950m + 1024Mi, dev-api 950m + 1024Mi, etc.). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…8695538781 chore(k8s): right-size CPU + MEM requests across all ever-teams deployments
Signed-off-by: Ruslan Konviser <evereq@gmail.com>
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+12
to
+117
| runs-on: ubicloud-standard-2 | ||
|
|
||
| environment: dev | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install doctl | ||
| uses: digitalocean/action-doctl@v2 | ||
| with: | ||
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | ||
|
|
||
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | ||
| run: doctl registry login --expiry-seconds 600 | ||
|
|
||
| - name: Save DigitalOcean kubeconfig with short-lived credentials | ||
| run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 k8s-gauzy | ||
|
|
||
| - name: Generate TLS Secrets for ChatGPT App Ingress | ||
| run: | | ||
| rm -f ${HOME}/ingress.chatgpt.crt ${HOME}/ingress.chatgpt.key | ||
| echo '${{ secrets.INGRESS_CERT }}' | base64 --decode > ${HOME}/ingress.chatgpt.crt | ||
| echo '${{ secrets.INGRESS_CERT_KEY }}' | base64 --decode > ${HOME}/ingress.chatgpt.key | ||
| kubectl create secret tls api.ever.co-tls --save-config --dry-run=client --cert=${HOME}/ingress.chatgpt.crt --key=${HOME}/ingress.chatgpt.key -o yaml | kubectl --context do-sfo2-k8s-gauzy apply -f - | ||
|
|
||
| - name: Validate required secrets | ||
| run: | | ||
| echo "==> Validating secrets for ChatGPT App DEV environment..." | ||
| missing_critical=() | ||
| missing_optional=() | ||
|
|
||
| # Critical secrets (deployment will fail without these) | ||
| critical_secrets=( | ||
| "MCP_SERVER_URL" | ||
| "OAUTH_SERVER_URL" | ||
| ) | ||
|
|
||
| # Optional secrets (deployment will work with defaults/disabled features) | ||
| optional_secrets=( | ||
| "CHATGPT_APP_ID" | ||
| "CHATGPT_APP_SECRET" | ||
| "SENTRY_DSN" | ||
| "SESSION_SECRET" | ||
| ) | ||
|
|
||
| # Check critical secrets | ||
| for secret in "${critical_secrets[@]}"; do | ||
| if [ -z "${!secret}" ]; then | ||
| missing_critical+=("$secret") | ||
| fi | ||
| done | ||
|
|
||
| # Check optional secrets | ||
| for secret in "${optional_secrets[@]}"; do | ||
| if [ -z "${!secret}" ]; then | ||
| missing_optional+=("$secret") | ||
| fi | ||
| done | ||
|
|
||
| # Show warnings for missing optional secrets | ||
| if [ ${#missing_optional[@]} -gt 0 ]; then | ||
| echo "⚠️ Missing optional secrets (using defaults):" | ||
| printf ' - %s\n' "${missing_optional[@]}" | ||
| echo "" | ||
| fi | ||
|
|
||
| # Fail only if critical secrets are missing | ||
| if [ ${#missing_critical[@]} -gt 0 ]; then | ||
| echo "❌ Missing critical secrets for ChatGPT App DEV deployment:" | ||
| printf ' - %s\n' "${missing_critical[@]}" | ||
| echo "" | ||
| echo "Please configure these critical secrets in GitHub repository settings." | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "✅ All critical secrets validated successfully for ChatGPT App DEV" | ||
| env: | ||
| # Pass secrets for validation | ||
| MCP_SERVER_URL: '${{ vars.MCP_SERVER_URL }}' | ||
| OAUTH_SERVER_URL: '${{ vars.OAUTH_SERVER_URL }}' | ||
| CHATGPT_APP_ID: '${{ secrets.CHATGPT_APP_ID }}' | ||
| CHATGPT_APP_SECRET: '${{ secrets.CHATGPT_APP_SECRET }}' | ||
| SENTRY_DSN: '${{ secrets.SENTRY_DSN }}' | ||
| SESSION_SECRET: '${{ secrets.SESSION_SECRET }}' | ||
|
|
||
| - name: Apply k8s manifests changes in DigitalOcean k8s cluster (if any) | ||
| run: | | ||
| envsubst < $GITHUB_WORKSPACE/.deploy/k8s/k8s-manifest-chatgpt.dev.yaml | kubectl --context do-sfo2-k8s-gauzy apply -f - | ||
| env: | ||
| # Environment configuration | ||
| CLOUD_PROVIDER: 'DO' | ||
| # ChatGPT App Configuration | ||
| MCP_SERVER_URL: '${{ vars.MCP_SERVER_URL }}' | ||
| OAUTH_SERVER_URL: '${{ vars.OAUTH_SERVER_URL }}' | ||
| CHATGPT_APP_ID: '${{ secrets.CHATGPT_APP_ID }}' | ||
| CHATGPT_APP_SECRET: '${{ secrets.CHATGPT_APP_SECRET }}' | ||
| ALLOWED_ORIGINS: '${{ secrets.ALLOWED_ORIGINS }}' | ||
| LOG_LEVEL: '${{ secrets.LOG_LEVEL }}' | ||
| SESSION_SECRET: '${{ secrets.SESSION_SECRET }}' | ||
| # Monitoring | ||
| SENTRY_DSN: '${{ secrets.SENTRY_DSN }}' | ||
|
|
||
| - name: Restart Pods to pick up :latest tag version | ||
| run: | | ||
| kubectl --context do-sfo2-k8s-gauzy rollout restart deployment/ever-teams-dev-chatgpt |
Comment on lines
+12
to
+114
| runs-on: ubicloud-standard-2 | ||
|
|
||
| environment: prod | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install doctl | ||
| uses: digitalocean/action-doctl@v2 | ||
| with: | ||
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | ||
|
|
||
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | ||
| run: doctl registry login --expiry-seconds 600 | ||
|
|
||
| - name: Save DigitalOcean kubeconfig with short-lived credentials | ||
| run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 k8s-gauzy | ||
|
|
||
| - name: Generate TLS Secrets for ChatGPT App Ingress | ||
| run: | | ||
| rm -f ${HOME}/ingress.chatgpt.crt ${HOME}/ingress.chatgpt.key | ||
| echo '${{ secrets.INGRESS_CERT }}' | base64 --decode > ${HOME}/ingress.chatgpt.crt | ||
| echo '${{ secrets.INGRESS_CERT_KEY }}' | base64 --decode > ${HOME}/ingress.chatgpt.key | ||
| kubectl create secret tls api.ever.co-tls --save-config --dry-run=client --cert=${HOME}/ingress.chatgpt.crt --key=${HOME}/ingress.chatgpt.key -o yaml | kubectl --context do-sfo2-k8s-gauzy apply -f - | ||
|
|
||
| - name: Validate required secrets | ||
| run: | | ||
| echo "==> Validating secrets for ChatGPT App PRODUCTION environment..." | ||
| missing_critical=() | ||
|
|
||
| # Critical secrets (deployment will fail without these) | ||
| critical_secrets=( | ||
| "MCP_SERVER_URL" | ||
| "OAUTH_SERVER_URL" | ||
| "CHATGPT_APP_ID" | ||
| "CHATGPT_APP_SECRET" | ||
| "SESSION_SECRET" | ||
| ) | ||
|
|
||
| # Check critical secrets | ||
| for secret in "${critical_secrets[@]}"; do | ||
| if [ -z "${!secret}" ]; then | ||
| missing_critical+=("$secret") | ||
| fi | ||
| done | ||
|
|
||
| # Fail if critical secrets are missing | ||
| if [ ${#missing_critical[@]} -gt 0 ]; then | ||
| echo "❌ Missing critical secrets for ChatGPT App PRODUCTION deployment:" | ||
| printf ' - %s\n' "${missing_critical[@]}" | ||
| echo "" | ||
| echo "Please configure these critical secrets in GitHub repository settings." | ||
| exit 1 | ||
| fi | ||
|
|
||
| # Validate SESSION_SECRET is not default | ||
| if [ "$SESSION_SECRET" = "your-secure-session-secret-change-in-production" ]; then | ||
| echo "❌ SESSION_SECRET must not use the default value in production" | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "✅ All critical secrets validated successfully for ChatGPT App PRODUCTION" | ||
| env: | ||
| # Pass secrets for validation | ||
| MCP_SERVER_URL: '${{ vars.MCP_SERVER_URL }}' | ||
| OAUTH_SERVER_URL: '${{ vars.OAUTH_SERVER_URL }}' | ||
| CHATGPT_APP_ID: '${{ secrets.CHATGPT_APP_ID }}' | ||
| CHATGPT_APP_SECRET: '${{ secrets.CHATGPT_APP_SECRET }}' | ||
| SESSION_SECRET: '${{ secrets.SESSION_SECRET }}' | ||
| SENTRY_DSN: '${{ secrets.SENTRY_DSN }}' | ||
|
|
||
| - name: Apply k8s manifests changes in DigitalOcean k8s cluster (if any) | ||
| run: | | ||
| envsubst < $GITHUB_WORKSPACE/.deploy/k8s/k8s-manifest-chatgpt.prod.yaml | kubectl --context do-sfo2-k8s-gauzy apply -f - | ||
| env: | ||
| # Environment configuration | ||
| CLOUD_PROVIDER: 'DO' | ||
| # ChatGPT App Configuration | ||
| MCP_SERVER_URL: '${{ vars.MCP_SERVER_URL }}' | ||
| OAUTH_SERVER_URL: '${{ vars.OAUTH_SERVER_URL }}' | ||
| CHATGPT_APP_ID: '${{ secrets.CHATGPT_APP_ID }}' | ||
| CHATGPT_APP_SECRET: '${{ secrets.CHATGPT_APP_SECRET }}' | ||
| ALLOWED_ORIGINS: '${{ secrets.ALLOWED_ORIGINS }}' | ||
| LOG_LEVEL: '${{ secrets.LOG_LEVEL }}' | ||
| SESSION_SECRET: '${{ secrets.SESSION_SECRET }}' | ||
| # Monitoring | ||
| SENTRY_DSN: '${{ secrets.SENTRY_DSN }}' | ||
|
|
||
| - name: Restart Pods to pick up :latest tag version | ||
| run: | | ||
| kubectl --context do-sfo2-k8s-gauzy rollout restart deployment/ever-teams-prod-chatgpt | ||
|
|
||
| - name: Wait for rollout to complete | ||
| run: | | ||
| kubectl --context do-sfo2-k8s-gauzy rollout status deployment/ever-teams-prod-chatgpt --timeout=5m | ||
|
|
||
| - name: Verify deployment | ||
| run: | | ||
| echo "==> Verifying deployment health..." | ||
| kubectl --context do-sfo2-k8s-gauzy get pods -l app=ever-teams-prod-chatgpt | ||
| kubectl --context do-sfo2-k8s-gauzy get svc ever-teams-prod-chatgpt-lb | ||
| kubectl --context do-sfo2-k8s-gauzy get ingress ever-teams-prod-chatgpt-ingress |
Comment on lines
+12
to
+117
| runs-on: ubicloud-standard-2 | ||
|
|
||
| environment: stage | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install doctl | ||
| uses: digitalocean/action-doctl@v2 | ||
| with: | ||
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | ||
|
|
||
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | ||
| run: doctl registry login --expiry-seconds 600 | ||
|
|
||
| - name: Save DigitalOcean kubeconfig with short-lived credentials | ||
| run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 k8s-gauzy | ||
|
|
||
| - name: Generate TLS Secrets for ChatGPT App Ingress | ||
| run: | | ||
| rm -f ${HOME}/ingress.chatgpt.crt ${HOME}/ingress.chatgpt.key | ||
| echo '${{ secrets.INGRESS_CERT }}' | base64 --decode > ${HOME}/ingress.chatgpt.crt | ||
| echo '${{ secrets.INGRESS_CERT_KEY }}' | base64 --decode > ${HOME}/ingress.chatgpt.key | ||
| kubectl create secret tls api.ever.co-tls --save-config --dry-run=client --cert=${HOME}/ingress.chatgpt.crt --key=${HOME}/ingress.chatgpt.key -o yaml | kubectl --context do-sfo2-k8s-gauzy apply -f - | ||
|
|
||
| - name: Validate required secrets | ||
| run: | | ||
| echo "==> Validating secrets for ChatGPT App STAGE environment..." | ||
| missing_critical=() | ||
| missing_optional=() | ||
|
|
||
| # Critical secrets (deployment will fail without these) | ||
| critical_secrets=( | ||
| "MCP_SERVER_URL" | ||
| "OAUTH_SERVER_URL" | ||
| "SESSION_SECRET" | ||
| ) | ||
|
|
||
| # Optional secrets (deployment will work with defaults/disabled features) | ||
| optional_secrets=( | ||
| "CHATGPT_APP_ID" | ||
| "CHATGPT_APP_SECRET" | ||
| "SENTRY_DSN" | ||
| ) | ||
|
|
||
| # Check critical secrets | ||
| for secret in "${critical_secrets[@]}"; do | ||
| if [ -z "${!secret}" ]; then | ||
| missing_critical+=("$secret") | ||
| fi | ||
| done | ||
|
|
||
| # Check optional secrets | ||
| for secret in "${optional_secrets[@]}"; do | ||
| if [ -z "${!secret}" ]; then | ||
| missing_optional+=("$secret") | ||
| fi | ||
| done | ||
|
|
||
| # Show warnings for missing optional secrets | ||
| if [ ${#missing_optional[@]} -gt 0 ]; then | ||
| echo "⚠️ Missing optional secrets (using defaults):" | ||
| printf ' - %s\n' "${missing_optional[@]}" | ||
| echo "" | ||
| fi | ||
|
|
||
| # Fail only if critical secrets are missing | ||
| if [ ${#missing_critical[@]} -gt 0 ]; then | ||
| echo "❌ Missing critical secrets for ChatGPT App STAGE deployment:" | ||
| printf ' - %s\n' "${missing_critical[@]}" | ||
| echo "" | ||
| echo "Please configure these critical secrets in GitHub repository settings." | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "✅ All critical secrets validated successfully for ChatGPT App STAGE" | ||
| env: | ||
| # Pass secrets for validation | ||
| MCP_SERVER_URL: '${{ vars.MCP_SERVER_URL }}' | ||
| OAUTH_SERVER_URL: '${{ vars.OAUTH_SERVER_URL }}' | ||
| CHATGPT_APP_ID: '${{ secrets.CHATGPT_APP_ID }}' | ||
| CHATGPT_APP_SECRET: '${{ secrets.CHATGPT_APP_SECRET }}' | ||
| SESSION_SECRET: '${{ secrets.SESSION_SECRET }}' | ||
| SENTRY_DSN: '${{ secrets.SENTRY_DSN }}' | ||
|
|
||
| - name: Apply k8s manifests changes in DigitalOcean k8s cluster (if any) | ||
| run: | | ||
| envsubst < $GITHUB_WORKSPACE/.deploy/k8s/k8s-manifest-chatgpt.stage.yaml | kubectl --context do-sfo2-k8s-gauzy apply -f - | ||
| env: | ||
| # Environment configuration | ||
| CLOUD_PROVIDER: 'DO' | ||
| # ChatGPT App Configuration | ||
| MCP_SERVER_URL: '${{ vars.MCP_SERVER_URL }}' | ||
| OAUTH_SERVER_URL: '${{ vars.OAUTH_SERVER_URL }}' | ||
| CHATGPT_APP_ID: '${{ secrets.CHATGPT_APP_ID }}' | ||
| CHATGPT_APP_SECRET: '${{ secrets.CHATGPT_APP_SECRET }}' | ||
| ALLOWED_ORIGINS: '${{ secrets.ALLOWED_ORIGINS }}' | ||
| LOG_LEVEL: '${{ secrets.LOG_LEVEL }}' | ||
| SESSION_SECRET: '${{ secrets.SESSION_SECRET }}' | ||
| # Monitoring | ||
| SENTRY_DSN: '${{ secrets.SENTRY_DSN }}' | ||
|
|
||
| - name: Restart Pods to pick up :latest tag version | ||
| run: | | ||
| kubectl --context do-sfo2-k8s-gauzy rollout restart deployment/ever-teams-stage-chatgpt |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review completed
Note: This PR contains a large number of files. cubic only reviews up to 100 files per PR, so some files may not have been reviewed. cubic prioritizes the most important files to review.
On a pro plan you can use ultrareview for larger PRs.
Re-trigger cubic
|
Not up to standards ⛔
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 Pull Request Title
A short and clear title that describes what this PR does.
Example:
Description
Please describe what you did, and why.
Example:
What Was Changed
Major Changes
Example:
Minor Changes
Example:
How to Test This PR
Please explain clearly how to test the changes locally:
Example:
Screenshots (if needed)
Previous screenshots
Please add here videos or images of the previous status
Current screenshots
Please add here videos or images of the current (new) status
Related Issues
Please list related issues, tasks or discussions:
Example:
Type of Change
✅ Checklist
Please confirm you did the following before asking for review:
Notes for the Reviewer (Optional)
Add here any context, help, or known issues for the person reviewing:
setTimeoutfor now – may need refinement.”.envto test logs.”@evereqfor architecture validation@ndekocodefor integration review@Innocent-Akimfor auth and cookie handling and assistance@AnicetFantomasand@Sergemuhundufor mobile app and some web issues@Cedric921and@GloireMutaliko21for complex issuesSummary by cubic
Adds the ChatGPT middleware app and rolls out end‑to‑end CI/CD with Kubernetes manifests for dev/stage/prod. Also introduces an Nx Cloud CI monitor with self‑healing flows and right‑sizes Kubernetes resource requests across deployments.
New Features
apps/chatgptmiddleware that proxies MCP to Ever Teams, with HTML components, Dockerfile, and env config.monitor-ciskills/prompts.DevOps
release.sdk.prod.ymlto publish the SDK to npm (Changesets workflow).SHARP_IGNORE_GLOBAL_LIBVIPSflags for Vercel builds to stabilize image processing.apps/chatgpt/.env.example).Written for commit 0d059c1. Summary will update on new commits.