fix: github issues url required login (#5077)

Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>

.github/actions/cache-build-web/action.yml

@@ -56,6 +56,7 @@ runs:
     - name: Fill ENCRYPTION_KEY, ENTERPRISE_LICENSE_KEY and E2E_TESTING in .env
       run: |
         RANDOM_KEY=$(openssl rand -hex 32)
+        sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
         echo "E2E_TESTING=${{ inputs.e2e_testing_mode }}" >> .env
       shell: bash
 

.github/workflows/release-docker-github-experimental.yml

@@ -15,7 +15,6 @@ env:
   IMAGE_NAME: ${{ github.repository }}-experimental
   TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-  DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
 permissions:
   contents: read
@@ -80,6 +79,9 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          secrets: |
+            database_url=${{ secrets.DUMMY_DATABASE_URL }}
+            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 

.github/workflows/release-docker-github.yml

@@ -19,7 +19,6 @@ env:
   IMAGE_NAME: ${{ github.repository }}
   TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-  DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
 permissions:
   contents: read
@@ -100,6 +99,9 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          secrets: |
+            database_url=${{ secrets.DUMMY_DATABASE_URL }}
+            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 

.github/workflows/terrafrom-plan-and-apply.yml

@@ -3,16 +3,17 @@ name: 'Terraform'
 on:
   workflow_dispatch:
 # TODO: enable it back when migration is completed.
-#  push:
-#    branches:
-#      - main
-#  pull_request:
-#    branches:
-#      - main
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
 
 permissions:
   id-token: write
   contents: write
+  pull-requests: write
 
 jobs:
   terraform:
@@ -58,18 +59,17 @@ jobs:
         run: terraform plan -out .planfile
         working-directory: infra/terraform
 
-#      - name: Post PR comment
-#        uses: borchero/terraform-plan-comment@3399d8dbae8b05185e815e02361ede2949cd99c4 # v2.4.0
-#        if: always() && github.ref != 'refs/heads/main' && (steps.validate.outcome == 'success' || steps.validate.outcome == 'failure')
-#        with:
-#          token: ${{ github.token }}
-#          planfile: .planfile
-#          working-directory: "infra/terraform"
-#          skip-comment: true
+      - name: Post PR comment
+        uses: borchero/terraform-plan-comment@3399d8dbae8b05185e815e02361ede2949cd99c4 # v2.4.0
+        if: always() && github.ref != 'refs/heads/main' && (steps.plan.outcome == 'success' || steps.plan.outcome == 'failure')
+        with:
+          token: ${{ github.token }}
+          planfile: .planfile
+          working-directory: "infra/terraform"
 
       - name: Terraform Apply
         id: apply
-#        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
         run: terraform apply .planfile
         working-directory: "infra/terraform"
 

apps/web/Dockerfile

@@ -24,11 +24,28 @@ RUN corepack enable
 # Install necessary build tools and compilers
 RUN apk update && apk add --no-cache g++ cmake make gcc python3 openssl-dev jq
 
+# BuildKit secret handling without hardcoded fallback values
+# This approach relies entirely on secrets passed from GitHub Actions
+RUN echo '#!/bin/sh' > /tmp/read-secrets.sh && \
+    echo 'if [ -f "/run/secrets/database_url" ]; then' >> /tmp/read-secrets.sh && \
+    echo '  export DATABASE_URL=$(cat /run/secrets/database_url)' >> /tmp/read-secrets.sh && \
+    echo 'else' >> /tmp/read-secrets.sh && \
+    echo '  echo "DATABASE_URL secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
+    echo 'fi' >> /tmp/read-secrets.sh && \
+    echo 'if [ -f "/run/secrets/encryption_key" ]; then' >> /tmp/read-secrets.sh && \
+    echo '  export ENCRYPTION_KEY=$(cat /run/secrets/encryption_key)' >> /tmp/read-secrets.sh && \
+    echo 'else' >> /tmp/read-secrets.sh && \
+    echo '  echo "ENCRYPTION_KEY secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
+    echo 'fi' >> /tmp/read-secrets.sh && \
+    echo 'exec "$@"' >> /tmp/read-secrets.sh && \
+    chmod +x /tmp/read-secrets.sh
+
 ARG NEXT_PUBLIC_SENTRY_DSN
 ARG SENTRY_AUTH_TOKEN
 
-# Increase Node.js memory limit
-# ENV NODE_OPTIONS="--max_old_space_size=4096"
+# Increase Node.js memory limit as a regular build argument
+ARG NODE_OPTIONS="--max_old_space_size=4096"
+ENV NODE_OPTIONS=${NODE_OPTIONS}
 
 # Set the working directory
 WORKDIR /app
@@ -47,8 +64,11 @@ RUN touch apps/web/.env
 # Install the dependencies
 RUN pnpm install
 
-# Build the project
-RUN NODE_OPTIONS="--max_old_space_size=4096" pnpm build --filter=@formbricks/web...
+# Build the project using our secret reader script
+# This mounts the secrets only during this build step without storing them in layers
+RUN --mount=type=secret,id=database_url \
+    --mount=type=secret,id=encryption_key \
+    /tmp/read-secrets.sh pnpm build --filter=@formbricks/web...
 
 # Extract Prisma version
 RUN jq -r '.devDependencies.prisma' packages/database/package.json > /prisma_version.txt

apps/web/app/(app)/environments/[environmentId]/components/TopControlButtons.tsx

@@ -39,7 +39,7 @@ export const TopControlButtons = ({
 
       <TooltipRenderer tooltipContent={t("common.share_feedback")}>
         <Button variant="ghost" size="icon" className="h-fit w-fit bg-slate-50 p-1" asChild>
-          <Link href="https://github.com/formbricks/formbricks/issues/new/choose" target="_blank">
+          <Link href="https://github.com/formbricks/formbricks/issues" target="_blank">
             <BugIcon />
           </Link>
         </Button>

docker/formbricks.sh

@@ -0,0 +1,416 @@
+#!/bin/env bash
+
+set -e
+ubuntu_version=$(lsb_release -a 2>/dev/null | grep -v "No LSB modules are available." | grep "Description:" | awk -F "Description:\t" '{print $2}')
+
+install_formbricks() {
+  # Friendly welcome
+  echo "🧱 Welcome to the Formbricks Setup Script"
+  echo ""
+  echo "🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your $ubuntu_version server."
+  echo ""
+
+  # Remove any old Docker installations, without stopping the script if they're not found
+  echo "🧹 Time to sweep away any old Docker installations."
+  sudo apt-get remove docker docker-engine docker.io containerd runc >/dev/null 2>&1 || true
+
+  # Update package list
+  echo "🔄 Updating your package list."
+  sudo apt-get update >/dev/null 2>&1
+
+  # Install dependencies
+  echo "📦 Installing the necessary dependencies."
+  sudo apt-get install -y \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release >/dev/null 2>&1
+
+  # Set up Docker's official GPG key & stable repository
+  echo "🔑 Adding Docker's official GPG key and setting up the stable repository."
+  sudo mkdir -m 0755 -p /etc/apt/keyrings >/dev/null 2>&1
+  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg >/dev/null 2>&1
+  echo \
+    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null 2>&1
+
+  # Update package list again
+  echo "🔄 Updating your package list again."
+  sudo apt-get update >/dev/null 2>&1
+
+  # Install Docker
+  echo "🐳 Installing Docker."
+  sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin >/dev/null 2>&1
+
+  # Test Docker installation
+  echo "🚀 Testing your Docker installation."
+  if docker --version >/dev/null 2>&1; then
+    echo "🎉 Docker is installed!"
+  else
+    echo "❌ Docker is not installed. Please install Docker before proceeding."
+    exit 1
+  fi
+
+  # Adding your user to the Docker group
+  echo "🐳 Adding your user to the Docker group to avoid using sudo with docker commands."
+  sudo groupadd docker >/dev/null 2>&1 || true
+  sudo usermod -aG docker $USER >/dev/null 2>&1
+
+  echo "🎉 Hooray! Docker is all set and ready to go. You're now ready to run your Formbricks instance!"
+
+  mkdir -p formbricks && cd formbricks
+  echo "📁 Created Formbricks Quickstart directory at ./formbricks."
+
+  # Ask the user for their domain name
+  echo "🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):"
+  read domain_name
+
+  echo "🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]"
+  read https_setup
+  https_setup=$(echo "$https_setup" | tr '[:upper:]' '[:lower:]')
+
+  # Set default value for HTTPS setup
+  if [[ -z $https_setup ]]; then
+    https_setup="y"
+  fi
+
+  if [[ $https_setup == "y" ]]; then
+    echo "🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]"
+    read dns_setup
+    dns_setup=$(echo "$dns_setup" | tr '[:upper:]' '[:lower:]')
+
+    # Set default value for DNS setup
+    if [[ -z $dns_setup ]]; then
+      dns_setup="y"
+    fi
+
+    if [[ $dns_setup == "y" ]]; then
+      echo "💡 Please enter your email address for the SSL certificate:"
+      read email_address
+
+      echo "🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]"
+      read hsts_enabled
+      hsts_enabled=$(echo "$hsts_enabled" | tr '[:upper:]' '[:lower:]')
+
+      #  Set default value for HSTS
+      if [[ -z $hsts_enabled ]]; then
+        hsts_enabled="y"
+      fi
+      
+    else
+      echo "❌ Ports 80 & 443 are not open. We can't help you in providing the SSL certificate."
+      https_setup="n"
+      hsts_enabled="n"
+    fi
+  else
+    https_setup="n"
+    hsts_enabled="n"
+  fi
+
+  # Ask for HSTS configuration for HTTPS redirection if custom certificate is used
+  if [[ $https_setup == "n" ]]; then
+    echo "You have chosen not to set up HTTPS certificate for your domain. Please make sure to set up HTTPS on your own. You can refer to the Formbricks documentation(https://formbricks.com/docs/self-hosting/custom-ssl) for more information."
+
+    echo "🔗 Do you want to enforce HTTPS (HSTS)? [Y/n]"
+    read hsts_enabled
+    hsts_enabled=$(echo "$hsts_enabled" | tr '[:upper:]' '[:lower:]')
+
+    #  Set default value for HSTS
+    if [[ -z $hsts_enabled ]]; then
+      hsts_enabled="y"
+    fi
+  fi
+
+  # Installing Traefik
+  echo "🚗 Configuring Traefik..."
+
+  if [[ $hsts_enabled == "y" ]]; then
+    hsts_middlewares="middlewares:
+        - hstsHeader"
+    http_redirection="http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true"
+  else
+    hsts_middlewares=""
+    http_redirection=""
+  fi
+
+  if [[ $https_setup == "y" ]]; then
+    certResolver="certResolver: default"
+    certificates_resolvers="certificatesResolvers:
+  default:
+    acme:
+      email: $email_address
+      storage: acme.json
+      caServer: "https://acme-v01.api.letsencrypt.org/directory"
+      tlsChallenge: {}"
+  else
+    certResolver=""
+    certificates_resolvers=""
+  fi
+
+  cat <<EOT >traefik.yaml
+entryPoints:
+  web:
+    address: ":80"
+    $http_redirection
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        $certResolver
+        options: default
+      $hsts_middlewares
+providers:
+  docker:
+    watch: true
+    exposedByDefault: false
+  file:
+    directory: /
+$certificates_resolvers
+EOT
+
+  cat <<EOT >traefik-dynamic.yaml
+# configuring min TLS version
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+        # TLS 1.2 Ciphers
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+        - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+        # TLS 1.3 Ciphers (These are automatically used for TLS 1.3 connections)
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+
+        # Fallback
+        - TLS_FALLBACK_SCSV
+EOT
+
+  echo "💡 Created traefik.yaml and traefik-dynamic.yaml file."
+
+  if [[ $https_setup == "y" ]]; then
+    touch acme.json
+    chmod 600 acme.json
+    echo "💡 Created acme.json file with correct permissions."
+  fi
+
+  # Prompt for email service setup
+  read -p "📧 Do you want to set up the email service? You will need SMTP credentials for the same! [y/N]" email_service
+  email_service=$(echo "$email_service" | tr '[:upper:]' '[:lower:]')
+
+  # Set default value for email service setup
+  if [[ -z $email_service ]]; then
+    email_service="n"
+  fi
+
+  if [[ $email_service == "y" ]]; then
+    echo "Please provide the following email service details: "
+
+    echo -n "Enter your SMTP configured Email ID: "
+    read mail_from
+
+    echo -n "Enter your SMTP configured Email Name: "
+    read mail_from_name
+
+    echo -n "Enter your SMTP Host URL: "
+    read smtp_host
+
+    echo -n "Enter your SMTP Host Port: "
+    read smtp_port
+
+    echo -n "Enter your SMTP username: "
+    read smtp_user
+
+    echo -n "Enter your SMTP password: "
+    read smtp_password
+    
+    echo -n "Enable Authenticated SMTP? Enter 1 for yes and 0 for no(default is 1): "
+    read smtp_authenticated
+
+    echo -n "Enable Secure SMTP (use SSL)? Enter 1 for yes and 0 for no: "
+    read smtp_secure_enabled
+
+  else
+    mail_from=""
+    mail_from_name=""
+    smtp_host=""
+    smtp_port=""
+    smtp_user=""
+    smtp_password=""
+    smtp_authenticated=1
+    smtp_secure_enabled=0
+  fi
+
+  echo "📥 Downloading docker-compose.yml from Formbricks GitHub repository..."
+  curl -o docker-compose.yml https://raw.githubusercontent.com/formbricks/formbricks/main/docker/docker-compose.yml
+
+  echo "🚙 Updating docker-compose.yml with your custom inputs..."
+  sed -i "/WEBAPP_URL:/s|WEBAPP_URL:.*|WEBAPP_URL: \"https://$domain_name\"|" docker-compose.yml
+  sed -i "/NEXTAUTH_URL:/s|NEXTAUTH_URL:.*|NEXTAUTH_URL: \"https://$domain_name\"|" docker-compose.yml
+
+  nextauth_secret=$(openssl rand -hex 32) && sed -i "/NEXTAUTH_SECRET:$/s/NEXTAUTH_SECRET:.*/NEXTAUTH_SECRET: $nextauth_secret/" docker-compose.yml
+  echo "🚗 NEXTAUTH_SECRET updated successfully!"
+
+  encryption_key=$(openssl rand -hex 32) && sed -i "/ENCRYPTION_KEY:$/s/ENCRYPTION_KEY:.*/ENCRYPTION_KEY: $encryption_key/" docker-compose.yml
+  echo "🚗 ENCRYPTION_KEY updated successfully!"
+
+  cron_secret=$(openssl rand -hex 32) && sed -i "/CRON_SECRET:$/s/CRON_SECRET:.*/CRON_SECRET: $cron_secret/" docker-compose.yml
+  echo "🚗 CRON_SECRET updated successfully!"
+
+  if [[ -n $mail_from ]]; then
+    sed -i "s|# MAIL_FROM:|MAIL_FROM: \"$mail_from\"|" docker-compose.yml
+    sed -i "s|# MAIL_FROM_NAME:|MAIL_FROM_NAME: \"$mail_from_name\"|" docker-compose.yml
+    sed -i "s|# SMTP_HOST:|SMTP_HOST: \"$smtp_host\"|" docker-compose.yml
+    sed -i "s|# SMTP_PORT:|SMTP_PORT: \"$smtp_port\"|" docker-compose.yml
+    sed -i "s|# SMTP_SECURE_ENABLED:|SMTP_SECURE_ENABLED: $smtp_secure_enabled|" docker-compose.yml
+    sed -i "s|# SMTP_USER:|SMTP_USER: \"$smtp_user\"|" docker-compose.yml
+    sed -i "s|# SMTP_PASSWORD:|SMTP_PASSWORD: \"$smtp_password\"|" docker-compose.yml
+    sed -i "s|# SMTP_AUTHENTICATED:|SMTP_AUTHENTICATED: $smtp_authenticated|" docker-compose.yml
+  fi
+
+  awk -v domain_name="$domain_name" -v hsts_enabled="$hsts_enabled" '
+/formbricks:/,/^ *$/ {
+    if ($0 ~ /depends_on:/) {
+        inserting_labels=1
+    }
+    if (inserting_labels && ($0 ~ /ports:/)) {
+        print "    labels:"
+        print "      - \"traefik.enable=true\"  # Enable Traefik for this service"
+        print "      - \"traefik.http.routers.formbricks.rule=Host(`" domain_name "`)\"  # Use your actual domain or IP"
+        print "      - \"traefik.http.routers.formbricks.entrypoints=websecure\"  # Use the websecure entrypoint (port 443 with TLS)"
+        print "      - \"traefik.http.routers.formbricks.tls=true\"  # Enable TLS"
+        print "      - \"traefik.http.routers.formbricks.tls.certresolver=default\"  # Specify the certResolver"
+        print "      - \"traefik.http.services.formbricks.loadbalancer.server.port=3000\"  # Forward traffic to Formbricks on port 3000"
+        if (hsts_enabled == "y") {
+            print "      - \"traefik.http.middlewares.hstsHeader.headers.stsSeconds=31536000\"  # Set HSTS (HTTP Strict Transport Security) max-age to 1 year (31536000 seconds)"
+            print "      - \"traefik.http.middlewares.hstsHeader.headers.forceSTSHeader=true\"  # Ensure the HSTS header is always included in responses"
+            print "      - \"traefik.http.middlewares.hstsHeader.headers.stsPreload=true\"  # Allow the domain to be preloaded in browser HSTS preload list"
+            print "      - \"traefik.http.middlewares.hstsHeader.headers.stsIncludeSubdomains=true\"  # Apply HSTS policy to all subdomains as well"
+        } else {
+            print "      - \"traefik.http.routers.formbricks_http.entrypoints=web\"  # Use the web entrypoint (port 80)"
+            print "      - \"traefik.http.routers.formbricks_http.rule=Host(`" domain_name "`)\"  # Use your actual domain or IP"
+        }
+        inserting_labels=0
+    }
+    print
+    next
+}
+/^volumes:/ {
+    print "  traefik:"
+    print "    image: \"traefik:v2.7\""
+    print "    restart: always"
+    print "    container_name: \"traefik\""
+    print "    depends_on:"
+    print "      - formbricks"
+    print "    ports:"
+    print "      - \"80:80\""
+    print "      - \"443:443\""
+    print "      - \"8080:8080\""
+    print "    volumes:"
+    print "      - ./traefik.yaml:/traefik.yaml"
+    print "      - ./traefik-dynamic.yaml:/traefik-dynamic.yaml"
+    print "      - ./acme.json:/acme.json"
+    print "      - /var/run/docker.sock:/var/run/docker.sock:ro"
+    print ""
+}
+1
+' docker-compose.yml >tmp.yml && mv tmp.yml docker-compose.yml
+
+  newgrp docker <<END
+
+docker compose up -d
+
+echo "🔗 To edit more variables and deeper config, go to the formbricks/docker-compose.yml, edit the file, and restart the container!"
+
+echo "🚨 Make sure you have set up the DNS records as well as inbound rules for the domain name and IP address of this instance."
+echo ""
+echo "🎉 All done! Please setup your Formbricks instance by visiting your domain at https://$domain_name. You can check the status of Formbricks & Traefik with 'cd formbricks && sudo docker compose ps.'"
+
+END
+
+}
+
+uninstall_formbricks() {
+  echo "🗑️ Preparing to Uninstalling Formbricks..."
+  read -p "Are you sure you want to uninstall Formbricks? This will delete all the data associated with it! (yes/no): " uninstall_confirmation
+  uninstall_confirmation=$(echo "$uninstall_confirmation" | tr '[:upper:]' '[:lower:]')
+  if [[ $uninstall_confirmation == "yes" ]]; then
+    cd formbricks
+    sudo docker compose down
+    cd ..
+    sudo rm -rf formbricks
+    echo "🛑 Formbricks uninstalled successfully!"
+  else
+    echo "❌ Uninstalling Formbricks has been cancelled."
+  fi
+}
+
+stop_formbricks() {
+  echo "🛑 Stopping Formbricks..."
+  cd formbricks
+  sudo docker compose down
+  echo "🎉 Formbricks instance stopped successfully!"
+}
+
+update_formbricks() {
+  echo "🔄 Updating Formbricks..."
+  cd formbricks
+  sudo docker compose pull
+  sudo docker compose down
+  sudo docker compose up -d
+  echo "🎉 Formbricks updated successfully!"
+  echo "🎉 Check the status of Formbricks & Traefik with 'cd formbricks && sudo docker compose logs.'"
+}
+
+restart_formbricks() {
+  echo "🔄 Restarting Formbricks..."
+  cd formbricks
+  sudo docker compose restart
+  echo "🎉 Formbricks restarted successfully!"
+}
+
+get_logs() {
+  echo "📃 Getting Formbricks logs..."
+  cd formbricks
+  sudo docker compose logs
+}
+
+case "$1" in
+install)
+  install_formbricks
+  ;;
+update)
+  update_formbricks
+  ;;
+stop)
+  stop_formbricks
+  ;;
+restart)
+  restart_formbricks
+  ;;
+logs)
+  get_logs
+  ;;
+uninstall)
+  uninstall_formbricks
+  ;;
+*)
+  echo "🚀 Executing default step of installing Formbricks"
+  install_formbricks
+  ;;
+esac

helm-chart/Chart.lock

@@ -5,8 +5,5 @@ dependencies:
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 20.11.2
-- name: minio
-  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 15.0.7
-digest: sha256:ce42b49e555fb89d365b44de289a2020c6cc8696eaa2aab6f5317b9ee8558ec2
-generated: "2025-03-27T14:35:28.229585+05:30"
+digest: sha256:6233567e6d133fd87585de7cb11f835125ab649fc7979eac7b17d4b2881f54dc
+generated: "2025-03-06T15:48:20.190945+05:30"

helm-chart/Chart.yaml

@@ -26,7 +26,3 @@ dependencies:
     version: 20.11.2
     repository: "oci://registry-1.docker.io/bitnamicharts"
     condition: redis.enabled
-  - name: minio
-    repository: "oci://registry-1.docker.io/bitnamicharts"
-    version: 15.0.7
-    condition: minio.enabled

helm-chart/templates/deployment.yaml

@@ -127,20 +127,6 @@ spec:
           {{- end }}
           {{- end }}
           env:
-            {{- if .Values.minio.enabled }}
-            - name: S3_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: formbricks-minio
-                  key: root-user
-            - name: S3_SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: formbricks-minio
-                  key: root-password
-            - name: S3_BUCKET_NAME
-              value: formbricks
-            {{- end }}
             {{- range $key, $value := .Values.deployment.env }}
             - name: {{ include "formbricks.tplvalues.render" ( dict "value" $key "context" $ ) }}
               {{- if kindIs "string" $value }}

helm-chart/templates/prometheusrules.yaml

@@ -1,16 +0,0 @@
-{{- if and (.Values.prometheusRule).enabled (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") -}}
----
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ template "formbricks.name" . }}
-  namespace: {{ include "formbricks.namespace" . }}
-  labels:
-  {{- include "formbricks.labels" $ | nindent 4 }}
-{{- if .Values.prometheusRule.additionalLabels }}
-{{ toYaml .Values.prometheusRule.additionalLabels | indent 4 }}
-{{- end }}
-spec:
-  groups:
-{{ toYaml .Values.prometheusRule.groups | indent 4 }}
-{{- end -}}

helm-chart/templates/secrets.yaml

@@ -12,7 +12,7 @@ metadata:
     {{- include "formbricks.labels" . | nindent 4 }}
 data:
   {{- if .Values.redis.enabled }}
-  REDIS_URL: {{ printf "redis://default:%s@formbricks-redis-master:6379" $redisPassword | b64enc }}
+  REDIS_URL: {{ printf "redis://:%s@formbricks-redis-master:6379" $redisPassword | b64enc }}
   {{- else }}
   REDIS_URL: {{ .Values.redis.externalRedisUrl | b64enc }}
   {{- end }}
@@ -28,13 +28,10 @@ data:
   ENTERPRISE_LICENSE_KEY: {{ .Values.enterprise.licenseKey | b64enc }}
   {{- end }}
   {{- if .Values.redis.enabled }}
-  redis-password: {{ $redisPassword | b64enc }}
+  REDIS_PASSWORD: {{ $redisPassword | b64enc }}
   {{- end }}
   {{- if .Values.postgresql.enabled }}
   POSTGRES_ADMIN_PASSWORD: {{ $postgresAdminPassword | b64enc }}
   POSTGRES_USER_PASSWORD: {{ $postgresUserPassword | b64enc }}
   {{- end }}
-  {{- if .Values.minio.enabled }}
-
-  {{- end }}
 {{- end }}

helm-chart/templates/servicemonitor.yaml

@@ -19,7 +19,7 @@ metadata:
 spec:
   selector:
     matchLabels:
-{{ include "formbricks.selectorLabels" $ | indent 6 }}
+{{ include "formbricks.labels" $ | indent 6 }}
   namespaceSelector:
     matchNames:
       - {{ include "formbricks.namespace" . }}

helm-chart/values.yaml

@@ -62,8 +62,6 @@ deployment:
   env:
     DOCKER_CRON_ENABLED:
       value: "0"
-    PROMETHEUS_ENABLED:
-      value: "1"
 
   # Tolerations for scheduling pods on tainted nodes
   tolerations: []
@@ -238,7 +236,7 @@ redis:
   auth:
     enabled: true
     existingSecret: "formbricks-app-secrets"
-    existingSecretPasswordKey: "redis-password"
+    existingSecretPasswordKey: "REDIS_PASSWORD"
   networkPolicy:
     enabled: false
   master:
@@ -299,42 +297,3 @@ postgresql:
       enabled: true
       runAsUser: 1001
       readOnlyRootFilesystem: false
-
-##########################################################
-# Prometheus Rule Configuration
-##########################################################
-prometheusRule:
-  # -- (bool) Deploy a PrometheusRule (Prometheus Operator) resource.
-  # @section -- PrometheusRule Parameters
-  enabled: false
-  # -- (object) Additional labels for PrometheusRule.
-  # @section -- PrometheusRule Parameters
-  additionalLabels:
-  # prometheus: stakater-workload-monitoring
-  # role: alert-rules
-  # -- (list) Groups with alerting rules.
-  # Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.html](OpenShift's PrometheusRule documentation).
-  # @section -- PrometheusRule Parameters
-  groups:
-   - name: formbricks
-     rules:
-     - alert: AppDown
-       annotations:
-         message: >-
-           Not able to scrape formbricks, maybe app is Down (or not reachable)
-       expr: up{job="formbricks"} == 0
-       for: 1m
-       labels:
-         severity: critical
-
-##########################################################
-# Minio
-##########################################################
-minio:
-  enabled: true
-  fullnameOverride: formbricks-minio
-  mode: standalone
-  persistence:
-    enabled: true
-    size: 50Gi
-  defaultBuckets: "formbricks"

infra/formbricks-cloud-helm/values.yaml.gotmpl

@@ -166,5 +166,3 @@ postgresql:
   enabled: false
 redis:
   enabled: false
-minio:
-  enabled: false

infra/quickstart/formbricks.sh

@@ -1,363 +0,0 @@
-#!/bin/env bash
-
-set -e
-ubuntu_version=$(lsb_release -a 2>/dev/null | grep -v "No LSB modules are available." | grep "Description:" | awk -F "Description:\t" '{print $2}')
-
-install_formbricks() {
-  # Friendly welcome
-  echo "🧱 Welcome to the Formbricks Setup Script"
-  echo ""
-  echo "🛸 Fasten your seatbelts! We're setting up your Formbricks environment on your $ubuntu_version server with microK8s."
-  echo ""
-
-  # Update package list
-  echo "🔄 Updating your package list."
-  sudo apt-get update >/dev/null 2>&1
-
-  # Install dependencies
-  echo "📦 Installing the necessary dependencies."
-  sudo apt-get install -y \
-    ca-certificates \
-    curl \
-    gnupg \
-    lsb-release \
-    snapd >/dev/null 2>&1
-
-  # Install microK8s
-  echo "☸️  Installing microK8s Kubernetes..."
-  sudo snap install microk8s --classic >/dev/null 2>&1
-
-  # Add user to microk8s group
-  echo "👥 Adding your user to the microk8s group..."
-  sudo usermod -a -G microk8s $USER >/dev/null 2>&1
-  sudo mkdir -p ~/.kube >/dev/null 2>&1
-  sudo chown -R $USER ~/.kube >/dev/null 2>&1
-
-  # Create alias for kubectl
-  echo "🔧 Creating kubectl alias..."
-  sudo snap alias microk8s.kubectl kubectl >/dev/null 2>&1
-
-  # Wait for microk8s to be ready
-  echo "⏳ Waiting for microK8s to be ready..."
-  sudo microk8s status --wait-ready >/dev/null 2>&1
-
-  # Setting up microK8s configuration
-  mkdir -p ~/.kube
-  sudo microk8s config > ~/.kube/config
-  sudo chown -R $USER ~/.kube
-
-  # Enable required add-ons
-  echo "🔌 Enabling required microK8s add-ons (DNS, storage, ingress, helm3, cert-manager)..."
-  sudo microk8s enable dns storage ingress helm3 cert-manager >/dev/null 2>&1
-
-  echo "⏳ Waiting for add-ons to be ready..."
-  sleep 10
-
-  # Create formbricks directory
-  mkdir -p formbricks && cd formbricks
-  echo "📁 Created Formbricks directory at ./formbricks."
-
-  # Prompt for enabling Minio
-  echo "🪣 Do you want to enable Minio? [Y/n] (default is Y):"
-  read enable_minio
-  enable_minio=$(echo "$enable_minio" | tr '[:upper:]' '[:lower:]')
-  if [[ -z $enable_minio ]]; then
-    enable_minio="y"
-  fi
-
-  # Ask the user for their domain name
-  echo "🔗 Please enter your domain name for the SSL certificate (🚨 do NOT enter the protocol (http/https/etc)):"
-  read domain_name
-
-  echo "🔗 Please enter your Minio Console domain (Press Enter to use default: minio.${domain_name}):"
-  read minio_domain
-  minio_domain=${minio_domain:-minio.${domain_name}}
-
-  echo "🔗 Please enter your Minio API domain (Press Enter to use default: minio-api.${domain_name}):"
-  read minio_api_domain
-  minio_api_domain=${minio_api_domain:-minio-api.${domain_name}}
-
-  echo "🔗 Do you want us to set up an HTTPS certificate for you? [Y/n]"
-  read https_setup
-  https_setup=$(echo "$https_setup" | tr '[:upper:]' '[:lower:]')
-
-  # Set default value for HTTPS setup
-  if [[ -z $https_setup ]]; then
-    https_setup="y"
-  fi
-
-  if [[ $https_setup == "y" ]]; then
-    echo "🔗 Please make sure that the domain points to the server's IP address and that ports 80 & 443 are open in your server's firewall. Is everything set up? [Y/n]"
-    read dns_setup
-    dns_setup=$(echo "$dns_setup" | tr '[:upper:]' '[:lower:]')
-
-    # Set default value for DNS setup
-    if [[ -z $dns_setup ]]; then
-      dns_setup="y"
-    fi
-
-    if [[ $dns_setup == "y" ]]; then
-      echo "💡 Please enter your email address for the SSL certificate:"
-      read email_address
-
-      # Create ClusterIssuer for Let's Encrypt
-      echo "🔒 Creating Let's Encrypt certificate issuer..."
-      cat <<EOT > cluster-issuer.yaml
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    email: ${email_address}
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-prod-account-key
-    solvers:
-    - http01:
-        ingress:
-          ingressClassName: public
-EOT
-
-      kubectl apply -f cluster-issuer.yaml
-    else
-      echo "❌ Ports 80 & 443 are not open. We can't help you in providing the SSL certificate."
-      https_setup="n"
-    fi
-  else
-    https_setup="n"
-  fi
-
-  # Prompt for email service setup
-  read -p "📧 Do you want to set up the email service? You will need SMTP credentials for the same! [y/N]" email_service
-  email_service=$(echo "$email_service" | tr '[:upper:]' '[:lower:]')
-
-  # Set default value for email service setup
-  if [[ -z $email_service ]]; then
-    email_service="n"
-  fi
-
-  # Create values file for Helm chart
-  echo "📝 Creating values file for Helm chart..."
-  cat <<EOT > values.yaml
-# Formbricks helm chart values
-deployment:
-  env:
-    NEXTAUTH_URL:
-      value: "https://${domain_name}"
-    WEBAPP_URL:
-      value: "https://${domain_name}"
-    DOCKER_CRON_ENABLED:
-      value: "0"
-EOT
-
-  # Add email configuration if selected
-  if [[ $email_service == "y" ]]; then
-    echo -n "Enter your SMTP configured Email ID: "
-    read mail_from
-
-    echo -n "Enter your SMTP configured Email Name: "
-    read mail_from_name
-
-    echo -n "Enter your SMTP Host URL: "
-    read smtp_host
-
-    echo -n "Enter your SMTP Host Port: "
-    read smtp_port
-
-    echo -n "Enter your SMTP username: "
-    read smtp_user
-
-    echo -n "Enter your SMTP password: "
-    read smtp_password
-
-    echo -n "Enable Authenticated SMTP? Enter 1 for yes and 0 for no(default is 1): "
-    read smtp_authenticated
-
-    echo -n "Enable Secure SMTP (use SSL)? Enter 1 for yes and 0 for no: "
-    read smtp_secure_enabled
-
-    # Add SMTP configuration to values.yaml
-    cat <<EOT >> values.yaml
-    MAIL_FROM:
-      value: "${mail_from}"
-    MAIL_FROM_NAME:
-      value: "${mail_from_name}"
-    SMTP_HOST:
-      value: "${smtp_host}"
-    SMTP_PORT:
-      value: "${smtp_port}"
-    SMTP_USER:
-      value: "${smtp_user}"
-    SMTP_PASSWORD:
-      value: "${smtp_password}"
-    SMTP_AUTHENTICATED:
-      value: ${smtp_authenticated:-1}
-    SMTP_SECURE_ENABLED:
-      value: ${smtp_secure_enabled:-0}
-EOT
-  else
-    cat <<EOT >> values.yaml
-    EMAIL_VERIFICATION_DISABLED:
-      value: "1"
-    PASSWORD_RESET_DISABLED:
-      value: "1"
-EOT
-  fi
-
-
-  if [[ $enable_minio == "y" ]]; then
-    cat <<EOT >> values.yaml
-    S3_ENDPOINT_URL:
-      value: "https://${minio_api_domain}"
-EOT
-  fi
-
-  # Configure ingress with SSL
-  if [[ $https_setup == "y" ]]; then
-    cat <<EOT >> values.yaml
-ingress:
-  enabled: true
-  ingressClassName: public
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: ${domain_name}
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-    - secretName: formbricks-tls
-      hosts:
-        - ${domain_name}
-EOT
-  else
-    cat <<EOT >> values.yaml
-ingress:
-  enabled: true
-  ingressClassName: public
-  hosts:
-    - host: ${domain_name}
-      paths:
-        - path: /
-          pathType: Prefix
-EOT
-  fi
-# Configure ingress for Minio
-
-  if [[ $enable_minio == "y" ]]; then
-    cat <<EOT >> values.yaml
-minio:
-  ingress:
-    enabled: true
-    ingressClassName: public
-    annotations:
-      cert-manager.io/cluster-issuer: letsencrypt-prod
-      kubernetes.io/tls-acme: "true"
-    hostname: ${minio_domain}
-    tls: true
-  apiIngress:
-    enabled: true
-    ingressClassName: public
-    annotations:
-      cert-manager.io/cluster-issuer: letsencrypt-prod
-      kubernetes.io/tls-acme: "true"
-    hostname: ${minio_api_domain}
-    extraHosts:
-    - name: formbricks.${minio_api_domain}
-      path: /
-    tls: true
-EOT
-  fi
-
-  # Create a namespace for Formbricks
-    echo "🚀 Ensuring namespace 'formbricks' exists..."
-    if ! kubectl get namespace formbricks >/dev/null 2>&1; then
-      kubectl create namespace formbricks
-      echo "✅ Namespace 'formbricks' created."
-    else
-      echo "ℹ️  Namespace 'formbricks' already exists."
-    fi
-
-  # Add helm repo and update
-#  echo "⚓ Adding Formbricks Helm repository..."
-#  microk8s helm3 repo add formbricks-repo oci://ghcr.io/formbricks/helm-charts
-#  microk8s helm3 repo update
-
-  # Install Formbricks with Helm
-  echo "🚀 Installing Formbricks via Helm chart..."
-  microk8s helm3 upgrade -i formbricks oci://ghcr.io/formbricks/helm-charts/formbricks -n formbricks --create-namespace -f values.yaml
-
-  echo "⏳ Waiting for Formbricks to be ready..."
-  kubectl -n formbricks rollout status deployment formbricks
-
-  echo "🚨 Make sure you have set up the DNS records for ${domain_name} pointing to this server's IP address."
-  echo ""
-  echo "🎉 All done! Please setup your Formbricks instance by visiting your domain at https://${domain_name}."
-  echo "You can check the status of your deployment with 'kubectl get all -n formbricks'"
-}
-
-uninstall_formbricks() {
-  echo "🗑️ Preparing to Uninstall Formbricks..."
-  read -p "Are you sure you want to uninstall Formbricks? This will delete all the data associated with it! (yes/no): " uninstall_confirmation
-  uninstall_confirmation=$(echo "$uninstall_confirmation" | tr '[:upper:]' '[:lower:]')
-  if [[ $uninstall_confirmation == "yes" ]]; then
-    cd formbricks
-    microk8s helm3 uninstall formbricks -n formbricks
-    kubectl delete namespace formbricks
-    echo "🛑 Formbricks uninstalled successfully!"
-  else
-    echo "❌ Uninstalling Formbricks has been cancelled."
-  fi
-}
-
-stop_formbricks() {
-  echo "🛑 Stopping Formbricks..."
-  kubectl scale deployment formbricks --replicas=0 -n formbricks
-  echo "🎉 Formbricks instance scaled down to zero successfully!"
-}
-
-update_formbricks() {
-  echo "🔄 Updating Formbricks..."
-  cd formbricks
-  microk8s helm3 upgrade formbricks oci://ghcr.io/formbricks/helm-charts/formbricks -n formbricks -f values.yaml
-  echo "🎉 Formbricks updated successfully!"
-  echo "🎉 Check the status of Formbricks with 'kubectl get pods -n formbricks'"
-}
-
-restart_formbricks() {
-  echo "🔄 Restarting Formbricks..."
-  kubectl rollout restart deployment formbricks -n formbricks
-  echo "🎉 Formbricks restarted successfully!"
-}
-
-get_logs() {
-  echo "📃 Getting Formbricks logs..."
-  kubectl logs -l app.kubernetes.io/name=formbricks -n formbricks --tail=100
-}
-
-case "$1" in
-install)
-  install_formbricks
-  ;;
-update)
-  update_formbricks
-  ;;
-stop)
-  stop_formbricks
-  ;;
-restart)
-  restart_formbricks
-  ;;
-logs)
-  get_logs
-  ;;
-uninstall)
-  uninstall_formbricks
-  ;;
-*)
-  echo "🚀 Executing default step of installing Formbricks"
-  install_formbricks
-  ;;
-esac

infra/terraform/main.tf

@@ -469,6 +469,14 @@ module "formbricks_s3_bucket" {
     enabled = true
   }
   policy = data.aws_iam_policy_document.replication_bucket_policy.json
+  cors_rule = [
+    {
+      allowed_methods = ["POST"]
+      allowed_origins = ["https://*"]
+      allowed_headers = ["*"]
+      expose_headers  = []
+    }
+  ]
 }
 
 module "formbricks_app_iam_policy" {

infra/terraform/rds.tf

@@ -40,8 +40,7 @@ module "rds-aurora" {
       cidr_blocks = module.vpc.private_subnets_cidr_blocks
     }
   }
-  performance_insights_enabled         = true
-  cluster_performance_insights_enabled = true
+  performance_insights_enabled = true
 
   apply_immediately   = true
   skip_final_snapshot = true

packages/lib/env.ts

@@ -20,7 +20,7 @@ export const env = createEnv({
     CRON_SECRET: z.string().optional(),
     BREVO_API_KEY: z.string().optional(),
     BREVO_LIST_ID: z.string().optional(),
-    DATABASE_URL: z.string().url().optional(),
+    DATABASE_URL: z.string().url(),
     DEBUG: z.enum(["1", "0"]).optional(),
     DOCKER_CRON_ENABLED: z.enum(["1", "0"]).optional(),
     DEFAULT_ORGANIZATION_ID: z.string().optional(),
@@ -28,7 +28,7 @@ export const env = createEnv({
     E2E_TESTING: z.enum(["1", "0"]).optional(),
     EMAIL_AUTH_DISABLED: z.enum(["1", "0"]).optional(),
     EMAIL_VERIFICATION_DISABLED: z.enum(["1", "0"]).optional(),
-    ENCRYPTION_KEY: z.string().optional(),
+    ENCRYPTION_KEY: z.string(),
     ENTERPRISE_LICENSE_KEY: z.string().optional(),
     FORMBRICKS_ENCRYPTION_KEY: z.string().optional(),
     GITHUB_ID: z.string().optional(),