mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2025-12-31 00:50:34 -06:00
Code Issues Packages Projects Releases 115 Wiki Activity

chore(infra-updates): updates and fixes (#4976)

Browse Source
This commit is contained in:
Piyush Jain
2025-03-17 23:15:32 +05:30
committed by GitHub
parent 625a4dcfae
commit 39aa9f0941
6 changed files with 213 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.github/workflows/terrafrom-plan-and-apply.yml vendored
View File

@@ -2,12 +2,12 @@ name: 'Terraform'
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
paths:
- 'infra/terraform/**'
pull_request:
branches:
- main
permissions:
id-token: write
@@ -37,40 +37,16 @@ jobs:
continue-on-error: true
working-directory: infra/terraform
# - name: Post Format
# if: always() && github.ref != 'refs/heads/main' && (steps.fmt.outcome == 'success' || steps.fmt.outcome == 'failure')
# uses: robburger/terraform-pr-commenter@v1
# with:
# commenter_type: fmt
# commenter_input: ${{ format('{0}{1}', steps.fmt.outputs.stdout, steps.fmt.outputs.stderr) }}
# commenter_exitcode: ${{ steps.fmt.outputs.exitcode }}
- name: Terraform Init
id: init
run: terraform init
working-directory: infra/terraform
# - name: Post Init
# if: always() && github.ref != 'refs/heads/main' && (steps.init.outcome == 'success' || steps.init.outcome == 'failure')
# uses: robburger/terraform-pr-commenter@v1
# with:
# commenter_type: init
# commenter_input: ${{ format('{0}{1}', steps.init.outputs.stdout, steps.init.outputs.stderr) }}
# commenter_exitcode: ${{ steps.init.outputs.exitcode }}
- name: Terraform Validate
id: validate
run: terraform validate
working-directory: infra/terraform
# - name: Post Validate
# if: always() && github.ref != 'refs/heads/main' && (steps.validate.outcome == 'success' || steps.validate.outcome == 'failure')
# uses: robburger/terraform-pr-commenter@v1
# with:
# commenter_type: validate
# commenter_input: ${{ format('{0}{1}', steps.validate.outputs.stdout, steps.validate.outputs.stderr) }}
# commenter_exitcode: ${{ steps.validate.outputs.exitcode }}
- name: Terraform Plan
id: plan
run: terraform plan -out .planfile

164
helm-chart/templates/cronjob.yaml
View File

@@ -1,49 +1,40 @@
{{- if (.Values.cronJob).enabled }}
{{- range $name, $job := .Values.cronJob.jobs }}
---
apiVersion: {{ if $.Capabilities.APIVersions.Has "batch/v1/CronJob" }}batch/v1{{ else }}batch/v1beta1{{ end }}
{{ if $.Capabilities.APIVersions.Has "batch/v1/CronJob" -}}
apiVersion: batch/v1
{{- else -}}
apiVersion: batch/v1beta1
{{- end }}
kind: CronJob
metadata:
name: {{ $name }}
labels:
# Standard labels for tracking CronJobs
{{- include "formbricks.labels" $ | nindent 4 }}
# Additional labels if specified
{{- if $job.additionalLabels }}
{{- toYaml $job.additionalLabels | indent 4 }}
{{- end }}
# Additional annotations if specified
{{- if $job.annotations }}
{{- include "formbricks.labels" $ | nindent 4 }}
{{- if $job.additionalLabels }}
{{ $job.additionalLabels | indent 4 }}
{{- end }}
{{- if $job.annotations }}
annotations:
{{- toYaml $job.annotations | indent 4 }}
{{- end }}
{{ $job.annotations | indent 4 }}
{{- end }}
name: {{ $name }}
namespace: {{ template "formbricks.namespace" $ }}
spec:
# Define the execution schedule for the job
schedule: {{ $job.schedule | quote }}
# Kubernetes 1.27+ supports time zones for CronJobs
{{- if ge (int $.Capabilities.KubeVersion.Minor) 27 }}
{{- if $job.timeZone }}
{{- if ge (int $.Capabilities.KubeVersion.Minor) 27 }}
{{- if $job.timeZone }}
timeZone: {{ $job.timeZone }}
{{- end }}
{{- end }}
# Define job retention policies
{{- if $job.successfulJobsHistoryLimit }}
{{ end }}
{{- end }}
{{- if $job.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ $job.successfulJobsHistoryLimit }}
{{- end }}
{{- if $job.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ $job.failedJobsHistoryLimit }}
{{- end }}
# Define concurrency policy
{{- if $job.concurrencyPolicy }}
{{ end }}
{{- if $job.concurrencyPolicy }}
concurrencyPolicy: {{ $job.concurrencyPolicy }}
{{- end }}
{{ end }}
{{- if $job.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ $job.failedJobsHistoryLimit }}
{{ end }}
jobTemplate:
spec:
{{- with $job.activeDeadlineSeconds }}
@@ -55,48 +46,101 @@ spec:
template:
metadata:
labels:
{{- include "formbricks.labels" $ | nindent 12 }}
# Additional pod-level labels
{{- include "formbricks.labels" $ | nindent 12 }}
{{- with $job.additionalPodLabels }}
{{- toYaml . | nindent 12 }}
{{- end }}
# Additional annotations
{{- with $job.additionalPodAnnotations }}
annotations: {{- toYaml . | nindent 12 }}
annotations: {{ toYaml . | nindent 12 }}
{{- end }}
spec:
# Define the service account if RBAC is enabled
{{- if $.Values.rbac.enabled }}
{{- if $.Values.rbac.serviceAccount.name }}
serviceAccountName: {{ $.Values.rbac.serviceAccount.name }}
{{- else }}
serviceAccountName: {{ template "formbricks.name" $ }}
{{- end }}
# Define the job container
{{- end }}
containers:
- name: {{ $name }}
image: "{{ required "Image repository is undefined" $job.image.repository }}:{{ $job.image.tag | default "latest" }}"
imagePullPolicy: {{ $job.image.imagePullPolicy | default "IfNotPresent" }}
# Environment variables from values
- name: {{ $name }}
{{- $image := required (print "Undefined image repo for container '" $name "'") $job.image.repository }}
{{- with $job.image.tag }} {{- $image = print $image ":" . }} {{- end }}
{{- with $job.image.digest }} {{- $image = print $image "@" . }} {{- end }}
image: {{ $image }}
{{- if $job.image.imagePullPolicy }}
imagePullPolicy: {{ $job.image.imagePullPolicy }}
{{ end }}
{{- with $job.env }}
env:
env:
{{- range $key, $value := $job.env }}
- name: {{ $key }}
value: {{ $value | quote }}
- name: {{ include "formbricks.tplvalues.render" ( dict "value" $key "context" $ ) }}
{{- if kindIs "string" $value }}
value: {{ include "formbricks.tplvalues.render" ( dict "value" $value "context" $ ) | quote }}
{{- else }}
{{- toYaml $value | nindent 16 }}
{{- end }}
{{- end }}
{{- end }}
# Define command and arguments if specified
{{- with $job.command }}
command: {{- toYaml . | indent 14 }}
{{- with $job.envFrom }}
envFrom:
{{ toYaml . | indent 12 }}
{{- end }}
{{- if $job.command }}
command: {{ $job.command }}
{{- end }}
{{- with $job.args }}
args: {{- toYaml . | indent 14 }}
args:
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- with $job.resources }}
resources:
{{ toYaml . | indent 14 }}
{{- end }}
restartPolicy: {{ $job.restartPolicy | default "OnFailure" }}
{{- with $job.volumeMounts }}
volumeMounts:
{{ toYaml . | indent 12 }}
{{- end }}
{{- with $job.securityContext }}
securityContext: {{ toYaml . | nindent 14 }}
{{- end }}
{{- with $job.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 12 }}
{{- end }}
{{- with $job.affinity }}
affinity:
{{ toYaml . | indent 12 }}
{{- end }}
{{- with $job.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with $job.tolerations }}
tolerations: {{ toYaml . | nindent 12 }}
{{- end }}
{{- with $job.topologySpreadConstraints }}
topologySpreadConstraints: {{ toYaml . | nindent 12 }}
{{- end }}
{{- if $job.restartPolicy }}
restartPolicy: {{ $job.restartPolicy }}
{{ else }}
restartPolicy: OnFailure
{{ end }}
{{- with $job.imagePullSecrets }}
imagePullSecrets:
{{ toYaml . | indent 12 }}
{{ end }}
{{- if $job.dnsConfig }}
dnsConfig:
{{ toYaml $job.dnsConfig | indent 12 }}
{{- end }}
{{- if $job.dnsPolicy }}
dnsPolicy: {{ $job.dnsPolicy }}
{{- end }}
{{- with $job.volumes }}
volumes:
{{ toYaml . | indent 12 }}
{{- end }}
{{- end }}
{{- end }}

13
helm-chart/templates/deployment.yaml
View File

@@ -13,6 +13,9 @@ metadata:
{{- if .Values.deployment.annotations }}
{{- toYaml .Values.deployment.annotations | nindent 4 }}
{{- end }}
{{- if .Values.deployment.reloadOnChange }}
reloader.stakater.com/auto: "true"
{{- end }}
{{- end }}
spec:
{{- if .Values.deployment.replicas }}
@@ -124,13 +127,13 @@ spec:
{{- end }}
{{- end }}
env:
{{- if and (.Values.enterprise.enabled) (ne .Values.enterprise.licenseKey "") }}
- name: ENTERPRISE_LICENSE_KEY
value: {{ .Values.enterprise.licenseKey | quote }}
{{- end }}
{{- range $key, $value := .Values.deployment.env }}
- name: {{ include "formbricks.tplvalues.render" ( dict "value" $key "context" $ ) }}
{{ include "formbricks.tplvalues.render" ( dict "value" $value "context" $ ) | indent 10 }}
{{- if kindIs "string" $value }}
value: {{ include "formbricks.tplvalues.render" ( dict "value" $value "context" $ ) | quote }}
{{- else }}
{{- toYaml $value | nindent 14 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.resources }}
resources:

6
helm-chart/values.yaml
View File

@@ -60,10 +60,8 @@ deployment:
# Environment variables passed to the app container
env:
EMAIL_VERIFICATION_DISABLED:
value: "1"
PASSWORD_RESET_DISABLED:
value: "1"
DOCKER_CRON_ENABLED:
value: "0"
# Tolerations for scheduling pods on tainted nodes
tolerations: []

27
infra/terraform/clouwatch.tf Normal file
View File

@@ -0,0 +1,27 @@
data "aws_ssm_parameter" "slack_notification_channel" {
name = "/prod/formbricks/slack-webhook-url"
with_decryption = true
}
resource "aws_cloudwatch_log_group" "cloudwatch_cis_benchmark" {
name = "/aws/cis-benchmark-group"
retention_in_days = 365
}
module "notify-slack" {
source = "terraform-aws-modules/notify-slack/aws"
version = "6.6.0"
slack_channel = "kubernetes"
slack_username = "formbricks-cloudwatch"
slack_webhook_url = data.aws_ssm_parameter.slack_notification_channel.value
sns_topic_name = "cloudwatch-alarms"
create_sns_topic = true
}
module "cloudwatch_cis-alarms" {
source = "terraform-aws-modules/cloudwatch/aws//modules/cis-alarms"
version = "5.7.1"
log_group_name = aws_cloudwatch_log_group.cloudwatch_cis_benchmark.name
alarm_actions = [module.notify-slack.slack_topic_arn]
}

76
infra/terraform/main.tf
View File

@@ -32,11 +32,6 @@ module "route53_zones" {
}
}
output "route53_ns_records" {
value = module.route53_zones.route53_zone_name_servers
}
module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "5.1.1"
@@ -641,6 +636,7 @@ resource "helm_release" "formbricks" {
eks.amazonaws.com/role-arn: ${module.formkey-aws-access.iam_role_arn}
serviceMonitor:
enabled: true
reloadOnChange: true
deployment:
image:
repository: "ghcr.io/formbricks/formbricks-experimental"
@@ -656,13 +652,13 @@ resource "helm_release" "formbricks" {
type: secret
nameSuffix: app-env
annotations:
deployed_at: ${timestamp()}
last_updated_at: ${timestamp()}
externalSecret:
enabled: true # Enable/disable ExternalSecrets
secretStore:
name: aws-secrets-manager
kind: ClusterSecretStore
refreshInterval: "1h"
refreshInterval: "1m"
files:
app-env:
dataFrom:
@@ -670,6 +666,72 @@ resource "helm_release" "formbricks" {
app-secrets:
dataFrom:
key: "prod/formbricks/secrets"
cronJob:
enabled: true
jobs:
survey-status:
schedule: "0 0 * * *"
env:
CRON_SECRET:
valueFrom:
secretKeyRef:
name: "formbricks-app-env"
key: "CRON_SECRET"
WEBAPP_URL:
valueFrom:
secretKeyRef:
name: "formbricks-app-env"
key: "WEBAPP_URL"
image:
repository: curlimages/curl
tag: latest
imagePullPolicy: IfNotPresent
args:
- "/bin/sh"
- "-c"
- 'curl -X POST -H "content-type: application/json" -H "x-api-key: $CRON_SECRET" "$WEBAPP_URL/api/cron/survey-status"'
weekely-summary:
schedule: "0 8 * * 1"
env:
CRON_SECRET:
valueFrom:
secretKeyRef:
name: "formbricks-app-env"
key: "CRON_SECRET"
WEBAPP_URL:
valueFrom:
secretKeyRef:
name: "formbricks-app-env"
key: "WEBAPP_URL"
image:
repository: curlimages/curl
tag: latest
imagePullPolicy: IfNotPresent
args:
- "/bin/sh"
- "-c"
- 'curl -X POST -H "content-type: application/json" -H "x-api-key: $CRON_SECRET" "$WEBAPP_URL/api/cron/weekly-summary"'
ping:
schedule: "0 9 * * *"
env:
CRON_SECRET:
valueFrom:
secretKeyRef:
name: "formbricks-app-env"
key: "CRON_SECRET"
WEBAPP_URL:
valueFrom:
secretKeyRef:
name: "formbricks-app-env"
key: "WEBAPP_URL"
image:
repository: curlimages/curl
tag: latest
imagePullPolicy: IfNotPresent
args:
- "/bin/sh"
- "-c"
- 'curl -X POST -H "content-type: application/json" -H "x-api-key: $CRON_SECRET" "$WEBAPP_URL/api/cron/ping"'
EOT
]
}