From 19c972da425c52e3e62fa5187b693ddc4e839aab Mon Sep 17 00:00:00 2001 From: patrick-codetogether Date: Thu, 20 Feb 2025 09:43:43 -0700 Subject: [PATCH 1/2] Intel - 1.2.3 release (#92) * Change collab helm chart to use private registry image * Changes for docker compose. (#85) * Rename hq to intel * Allow user to provide their own hqproperties secret (#86) * allow users to provide their own hqproperties secret for improved security over sensitive information * PR feedback. cleaner value structure and using an explicit hqpropertiessecret.enabled value to toggle whether the secret is read * fix intel secret provisioning (#91) --------- Co-authored-by: Ignacio Moreno Co-authored-by: Ignacio Moreno --- charts/intel/Chart.yaml | 12 ++++++------ charts/intel/templates/deployment.yaml | 8 +------- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml index f009c0b..a63a302 100644 --- a/charts/intel/Chart.yaml +++ b/charts/intel/Chart.yaml @@ -3,17 +3,17 @@ name: codetogether-intel description: CodeTogether Intel provides advanced project insights for developers type: application -version: 1.2.2 +version: 1.2.3 appVersion: "2025.1.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png home: https://www.codetogether.com maintainers: -- email: info@codetogether.com - name: CodeTogether Inc. + - email: info@codetogether.com + name: CodeTogether Inc. keywords: -- codetogether -- intel -- insights \ No newline at end of file + - codetogether + - intel + - insights diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index 573af19..dc46de4 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -107,13 +107,7 @@ spec: volumes: - name: properties-volume secret: - secretName: {{- if .Values.hqpropertiessecret.enabled }} - {{- .Values.hqpropertiessecret.ref }} - {{- else if .Values.fullnameOverride }} - {{- printf "%s-hqproperties" .Values.fullnameOverride }} - {{- else }} - {{- "hqproperties" }} - {{- end }} + secretName: {{ if .Values.hqpropertiessecret.enabled }}{{ .Values.hqpropertiessecret.ref }}{{ else if .Values.fullnameOverride }}{{ printf "%s-hqproperties" .Values.fullnameOverride }}{{ else }}hqproperties{{ end }} {{- if .Values.java.customCacerts.enabled }} - name: java-cacerts secret: From bedebe66004715b2a2940f6b9a2fff19138e1b40 Mon Sep 17 00:00:00 2001 From: Ignacio Moreno Date: Mon, 10 Mar 2025 16:29:38 -0600 Subject: [PATCH 2/2] Fix comose main (#95) * Changes to have a running example with github sso. * Change env variables order. * Missing changes --- compose/codetogether.nginx | 85 ---------------------------- compose/compose.yaml | 7 ++- compose/cthq.properties | 36 ++++++------ compose/nginx/log/placholder.txt | 0 compose/nginx/nginx.conf | 94 +++++++++++++++++++++++++++++++ compose/nginx/ssl/placeholder.txt | 1 + 6 files changed, 118 insertions(+), 105 deletions(-) delete mode 100644 compose/codetogether.nginx create mode 100644 compose/nginx/log/placholder.txt create mode 100644 compose/nginx/nginx.conf create mode 100644 compose/nginx/ssl/placeholder.txt diff --git a/compose/codetogether.nginx b/compose/codetogether.nginx deleted file mode 100644 index 2152f44..0000000 --- a/compose/codetogether.nginx +++ /dev/null @@ -1,85 +0,0 @@ -server { - listen 443 ssl http2; - server_name ; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - ssl_certificate ; - ssl_certificate_key ; - ssl_dhparam ; - ssl_prefer_server_ciphers on; - ssl_protocols TLSv1.2; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - location / { - # Similar proxy logic for headers - set $realIP $remote_addr; - set $forwardTo $proxy_add_x_forwarded_for; - set $reqHost $http_host; - client_max_body_size 32M; - if ($http_x_real_ip != '') { - set $realIP $http_x_real_ip; - } - if ($http_x_forwarded_for != '') { - set $forwardTo $http_x_forwarded_for; - } - add_header C-Real-IP $realIP; - add_header C-Forwarded-For $forwardTo; - add_header C-Request-Host $reqHost; - proxy_set_header X-Real-IP $realIP; - proxy_set_header X-Forwarded-For $forwardTo; - proxy_set_header Host $reqHost; - proxy_set_header X-NginX-Proxy true; - proxy_http_version 1.1; - proxy_redirect off; - proxy_pass http://codetogether-collab:1080; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 360; - proxy_connect_timeout 360; - proxy_send_timeout 360; - } -} -server { - server_name ; - listen 443 ssl http2; - - # configure proxy buffer sizes - proxy_buffer_size 128k; - proxy_buffers 4 256k; - - # setup the SSL certificate - ssl_certificate ; - ssl_certificate_key ; - ssl_dhparam ; - ssl_prefer_server_ciphers on; - ssl_protocols TLSv1.2; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - # create the passthrough to the CodeTogether Intel container - location / { - - # set passthru parameters for the CodeTogether Intel container - set $realIP $remote_addr; - set $forwardTo $proxy_add_x_forwarded_for; - set $reqHost $http_host; - if ($http_x_real_ip != '') { - set $realIP $http_x_real_ip; - } - if ($http_x_forwarded_for != '') { - set $forwardTo $http_x_forwarded_for; - } - proxy_set_header X-Real-IP $realIP; - proxy_set_header X-Forwarded-For $forwardTo; - proxy_set_header Host $reqHost; - - # setup the backend to service the HQ requests - proxy_pass http://codetogether-intel:1080; - proxy_set_header X-NginX-Proxy true; - proxy_http_version 1.1; - proxy_redirect off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 360; - proxy_connect_timeout 360; - proxy_send_timeout 360; - } -} diff --git a/compose/compose.yaml b/compose/compose.yaml index 6d0ef95..28beb08 100644 --- a/compose/compose.yaml +++ b/compose/compose.yaml @@ -1,10 +1,11 @@ services: codetogether-collab: - image: registry.digitalocean.com/codetogether-registry/codetogether-collab:latest + image: hub.edge.codetogether.com/releases/codetogether-collab:latest container_name: codetogether-collab environment: - - CT_LICENSE_URL=http://codetogether-intel:1080 + # your collab/pair programming server URL - CT_SERVER_URL=https://your-collab-server-fqdn + - CT_INTEL_URL=http://codetogether-intel:1080 - CT_INTEL_SECRET=your-collab-intel-secret - CT_AV_ENABLED=false - CT_AV_LAN_IP=auto @@ -28,7 +29,7 @@ services: codetogether-intel: condition: service_healthy codetogether-intel: - image: registry.digitalocean.com/codetogether-registry/codetogether-intel:latest + image: hub.edge.codetogether.com/releases/codetogether-intel:latest container_name: codetogether-intel environment: - CT_HQ_BASE_URL=https://your-intel-server-fqdn diff --git a/compose/cthq.properties b/compose/cthq.properties index b27661b..1afe6b6 100644 --- a/compose/cthq.properties +++ b/compose/cthq.properties @@ -1,26 +1,28 @@ # Fill in values specific to your deployment hq.base.url=https:// -hq.sso.redirect.uri=https:///api/v1/auth/sso/success/insights -hq.sso.client.id= -hq.sso.client.secret= hq.collab.url=https://your-collab-server-fqdn hq.collab.secret= -# Generic single sign-on configuration -hq.sso.client.issuer.url=https:////.well-known/openid-configuration -# hq.sso.name.attr=[preferred_username|name] +# THE LINE BELOW IS NOT NEEDED WITH SINGLE TENANT +#hq.sso.tenants=github,gitlab +# GitHub SSO +hq.sso.github.provider=github +hq.sso.github.label=GitHub +hq.sso.github.client.id= +hq.sso.github.client.secret= +hq.sso.github.redirect.uri=https:///api/v1/auth/sso/success/insights +hq.sso.github.auth.uri=https://github.com/login/oauth/authorize +hq.sso.github.token.uri=https://github.com/login/oauth/access_token +hq.sso.github.info.uri=https://api.github.com/user +hq.sso.github.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks +hq.sso.github.logout.uri=https://github.com/logout -# Example for connecting with Keycloak -# hq.sso.client.issuer.url=https:///realms/ - -# Example for connecting to GitHub -# hq.sso.provider=github -# hq.sso.auth.uri=https://github.com/login/oauth/authorize -# hq.sso.token.uri=https://github.com/login/oauth/access_token -# hq.sso.info.uri=https://api.github.com/user -# hq.sso.jwt.set.uri=https://token.actions.githubusercontent.com/.well-known/jwks -# hq.sso.logout.uri=https://github.com/logout -# hq.sso.name.attr=name +# hq.sso.gitlab.provider=gitlab +# hq.sso.gitlab.label=Gitlab test +# hq.sso.gitlab.client.id= +# hq.sso.gitlab.client.secret= +# hq.sso.gitlab.client.issuer.url=https://gitlab.com +# hq.sso.gitlab.azure.redirect.uri=https:///api/v1/auth/sso/success/insights # These values do not need to be changed, though secrets can be updated hq.db.type=CASSANDRA diff --git a/compose/nginx/log/placholder.txt b/compose/nginx/log/placholder.txt new file mode 100644 index 0000000..e69de29 diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf new file mode 100644 index 0000000..c2f1f24 --- /dev/null +++ b/compose/nginx/nginx.conf @@ -0,0 +1,94 @@ +events { + worker_connections 1024; +} +http { + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + server { + listen 443 ssl http2; + server_name ; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + ssl_certificate ; + ssl_certificate_key ; + ssl_dhparam ; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + location / { + # Similar proxy logic for headers + set $realIP $remote_addr; + set $forwardTo $proxy_add_x_forwarded_for; + set $reqHost $http_host; + client_max_body_size 32M; + if ($http_x_real_ip != '') { + set $realIP $http_x_real_ip; + } + if ($http_x_forwarded_for != '') { + set $forwardTo $http_x_forwarded_for; + } + add_header C-Real-IP $realIP; + add_header C-Forwarded-For $forwardTo; + add_header C-Request-Host $reqHost; + proxy_set_header X-Real-IP $realIP; + proxy_set_header X-Forwarded-For $forwardTo; + proxy_set_header Host $reqHost; + proxy_set_header X-NginX-Proxy true; + proxy_http_version 1.1; + proxy_redirect off; + proxy_pass http://codetogether-collab:1080; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 360; + proxy_connect_timeout 360; + proxy_send_timeout 360; + } + } + server { + server_name ; + listen 443 ssl http2; + + # configure proxy buffer sizes + proxy_buffer_size 128k; + proxy_buffers 4 256k; + + # setup the SSL certificate + ssl_certificate ; + ssl_certificate_key ; + ssl_dhparam ; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + # create the passthrough to the CodeTogether Intel container + location / { + + # set passthru parameters for the CodeTogether Intel container + set $realIP $remote_addr; + set $forwardTo $proxy_add_x_forwarded_for; + set $reqHost $http_host; + if ($http_x_real_ip != '') { + set $realIP $http_x_real_ip; + } + if ($http_x_forwarded_for != '') { + set $forwardTo $http_x_forwarded_for; + } + proxy_set_header X-Real-IP $realIP; + proxy_set_header X-Forwarded-For $forwardTo; + proxy_set_header Host $reqHost; + + # setup the backend to service the HQ requests + proxy_pass http://codetogether-intel:1080; + proxy_set_header X-NginX-Proxy true; + proxy_http_version 1.1; + proxy_redirect off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 360; + proxy_connect_timeout 360; + proxy_send_timeout 360; + } + } +} diff --git a/compose/nginx/ssl/placeholder.txt b/compose/nginx/ssl/placeholder.txt new file mode 100644 index 0000000..0367985 --- /dev/null +++ b/compose/nginx/ssl/placeholder.txt @@ -0,0 +1 @@ +Certificate files should be sibling to this file. \ No newline at end of file