v4.0.0-beta.392

[andrasbacsai]

Changes

• feat(slack): Show message title in notification previews for slack push notifications
• feat(lang): Added some missing translations
• fix(deployment): ensure private key is stored in filesystem before deployment
• fix(deployment): pull latest image from registry when using build server
• fix(ui): system-wide GitHub Apps are not shown in the create a new Application dialog
• fix(query): query logic error that shows all system-wide apps, regardless of whether they are public or private.
• fix(ui): clicking on a system-wide GitHub app from a team other than the one that created it resulted in a 404 error.
• fix(deployment): Add fallback for build server and deployment server selection
• fix(deployment): Use ownedByCurrentTeam() scope when finding servers
• fix(deployment): Handle cases where server IDs might be null
• fix(slack): Notification settings URL in HighDiskUsage message
• fix(s3-storage): optimize s3-storage admin notification query
• fix(deployment): improve log line rendering and formatting
• fix(service): cal.com documentation link throws a 404 error
• fix(service): Added missing envs to duplicati.yaml and fix TZ var
• fix(service): links in homepage service comments
• fix(service): Added SMTP credentials to getoutline
• fix(service): added KEY Variable to Beszel Template
• fix(ui): Some UI and typo fixes
• fix(links): fix some outdated docs links

Issues

• fix: [Bug]: Duplicati template missing variable SETTINGS_ENCRYPTION_KEY #4666
• fix: [Bug]: Unable to activate SMTP for magic link login on Outline #4070
• fix: [Bug]: Build server + Git, latest image not pulled #3537

[andrasbacsai]

@coderabbitai review

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Documentation
  • Updated sponsor description and revised help links for more targeted guidance.
• New Features
  • Slack notifications now include message titles.
  • Added new localization entries for alternative authentication and clearer warning messages in several languages.
• Chores
  • Enhanced deployment flow, GitHub app filtering, S3 connection stability, and service configuration settings.
• Style
  • Refined on-screen text and UI spacing for a more consistent interface.

Walkthrough

This change set spans multiple areas of the application. The README and several view files have updated text and documentation links. Job classes now include an extra step to store the server’s private key and add a new Slack payload field. Query logic in the GithubApp, Team, and S3Storage models was refined to incorporate fallback and team-based filters. Configuration templates and environment variables were updated, including version increments. Localization files in Arabic, French, and Italian received new entries for authentication and warning messages, and an obsolete S3 helper file was removed.

Changes

Files	Change Summary
README.md	Updated sponsor description for LiquidWeb in the “Special Sponsors” section.
app/Jobs/ApplicationDeploymentJob.php; app/Jobs/SendMessageToSlackJob.php	In ApplicationDeploymentJob, added a call to store the server’s private key before deployment; in SendMessageToSlackJob, added a new payload key ('text') with the message title.
app/Livewire/Project/Application/DeploymentNavbar.php; app/Models/GithubApp.php; app/Models/Team.php	Refined server selection logic with fallbacks and team filtering; updated query conditions in GithubApp (owned, public, private) and Team (sources) methods.
app/Models/S3Storage.php; app/Notifications/Server/HighDiskUsage.php	Revised the S3 connection test to build a custom storage disk with detailed config; updated the Slack notification link in high disk usage alerts.
bootstrap/helpers/s3.php	Removed the helper file containing the set_s3_target function.
config/constants.php; versions.json	Updated version numbers (e.g., from 4.0.0-beta.391 to 4.0.0-beta.392 and similar increments).
lang/ar.json; lang/fr.json; lang/it.json	Added new localization entries for auth.login.authentik and warning.sslipdomain; Italian file received additional resource management entries.
resources/views/**/*.blade.php	Updated documentation hyperlinks, corrected text (e.g., grammar and button labels), adjusted CSS classes, and refined conditional logic in various Blade templates.
templates/compose/*.yaml; templates/service-templates.json	Modified environment variable configurations, updated compose strings, and revised documentation URLs in service templates.

Sequence Diagram(s)

sequenceDiagram
  participant Job as ApplicationDeploymentJob
  participant Server as Server (PrivateKey)
  participant Deploy as Deployment Process
  Job->>Server: privateKey->storeInFileSystem()
  Server-->>Job: Key stored confirmation
  Job->>Deploy: Proceed with deployment

Loading

sequenceDiagram
  participant Job as SendMessageToSlackJob
  participant Slack as Slack Webhook
  Job->>Slack: POST payload with 'text' = message title
  Slack-->>Job: Acknowledge receipt

Loading

Suggested labels

🏔️ Peaklabs

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (10)

app/Models/S3Storage.php (1)

66-73: Handle potential null team edge case.

$team = $this->team()->with([...])->first(); could theoretically return null. Accessing $team->members() on a null object will throw an error. Consider a defensive check for $team === null before calling $team->members().

try {
    ...
} catch (\Throwable $e) {
    $this->is_usable = false;
    if ($this->unusable_email_sent === false && is_transactional_emails_enabled()) {
        ...
+       if (!$team) {
+           // Optionally log or handle the missing team scenario.
+       } else {
            $users = $team->members()->wherePivotIn('role', ['admin', 'owner'])->get(['users.id', 'users.email']);
            foreach ($users as $user) {
                send_user_an_email($mail, $user->email);
            }
        }
        $this->unusable_email_sent = true;
    }
    ...
}

app/Jobs/SendMessageToSlackJob.php (1)

27-27: Ensure Slack fallback text is necessary.

Including 'text' => $this->message->title is useful as a fallback for older Slack clients or message previews, but note that this replicates the same text in 'blocks'. If duplication is intentional, it’s fine. Otherwise, consider customizing the 'text' field to provide additional or alternative details.

app/Models/GithubApp.php (2)

36-39: Consolidate repeated query logic.

You're filtering by ('team_id', currentTeam()->id) or 'is_system_wide', true in multiple places. Consider extracting a reusable local scope or method to reduce duplication and improve maintainability.

-public static function ownedByCurrentTeam()
-{
-    return GithubApp::where(function ($query) {
-        $query->where('team_id', currentTeam()->id)
-            ->orWhere('is_system_wide', true);
-    });
+public static function scopeTeamOrSystemWide($query)
+{
+    return $query->where(function ($q) {
+        $q->where('team_id', currentTeam()->id)
+            ->orWhere('is_system_wide', true);
+    });
}

public static function ownedByCurrentTeam()
{
-    return GithubApp::where(function ($query) {
-        $query->where('team_id', currentTeam()->id)
-            ->orWhere('is_system_wide', true);
-    });
+    return GithubApp::teamOrSystemWide();
}

---

54-59: Double-check is_public usage.

This query pattern for selecting private GitHub apps parallels the public logic, but make sure your concept of “private” is strictly is_public == false. If there's a scenario like “internal” you’d like to capture differently, consider elaborating or renaming the scope for clarity.

Do you want me to open a new issue to extend the logic for additional GitHub app states?

app/Jobs/ApplicationDeploymentJob.php (1)

256-258: LGTM! Consider adding error handling for missing private key.

The addition ensures that the server's private key is stored in the filesystem before proceeding with deployment, which is a good practice. However, consider adding explicit error handling for cases where the private key might not be set.

 // Make sure the private key is stored in the filesystem
-$this->server->privateKey->storeInFileSystem();
+if (!$this->server->privateKey) {
+    throw new RuntimeException('Server private key is not set.');
+}
+$this->server->privateKey->storeInFileSystem();

templates/compose/beszel.yaml (1)

23-23: LGTM! Consider improving documentation.

The change correctly enables dynamic key configuration. However, the comment on line 8 could be more specific about the required format and source of the public key.

Consider updating the comment to be more descriptive:

-# Add the public Key in "Key" env variable below
+# Add the beszel public key in the KEY environment variable. Generate this key using `beszel generate-key` command.

templates/compose/getoutline.yaml (1)

66-74: Consider adding default values and validation for SMTP configuration.

The SMTP configuration lacks default values and validation, which could lead to runtime issues if variables are not set.

Consider adding default values and validation:

-      - SMTP_HOST=${SMTP_HOST}
-      - SMTP_PORT=${SMTP_PORT}
-      - SMTP_USERNAME=${SMTP_USERNAME}
-      - SMTP_PASSWORD=${SMTP_PASSWORD}
-      - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL}
-      - SMTP_REPLY_EMAIL=${SMTP_REPLY_EMAIL}
-      - SMTP_TLS_CIPHERS=${SMTP_TLS_CIPHERS}
-      - SMTP_SECURE=${SMTP_SECURE}
-      - SMTP_NAME=${SMTP_NAME}
+      - SMTP_HOST=${SMTP_HOST:-smtp.example.com}
+      - SMTP_PORT=${SMTP_PORT:-587}
+      - SMTP_USERNAME=${SMTP_USERNAME:-}
+      - SMTP_PASSWORD=${SMTP_PASSWORD:-}
+      - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL:[email protected]}
+      - SMTP_REPLY_EMAIL=${SMTP_REPLY_EMAIL:-${SMTP_FROM_EMAIL}}
+      - SMTP_TLS_CIPHERS=${SMTP_TLS_CIPHERS:-}
+      - SMTP_SECURE=${SMTP_SECURE:-true}
+      - SMTP_NAME=${SMTP_NAME:-Outline}

templates/service-templates.json (3)

713-719: Improve health check configuration and document volume persistence.

1. The health check could be more robust by adding the -f flag to curl to handle HTTP errors and redirects.
2. The backup volume persistence should be documented.

Apply this diff to improve the health check:

       test:
         - CMD
         - curl
-        - '-f'
+        - '-f'
+        - '-L'
+        - '--retry'
+        - '3'
         - 'http://127.0.0.1:8200'

---

1329-1335: Consider removing '/latest/' from documentation URL.

The documentation URL contains '/latest/' which might break when the documentation structure changes. Consider using a stable URL.

Additionally, the example service URLs in services.yaml use 'localhost' which might be confusing in a containerized environment.

1. Update the documentation URL:

-        "documentation": "https://gethomepage.dev/latest/?utm_source=coolify.io",
+        "documentation": "https://gethomepage.dev/?utm_source=coolify.io",

2. Consider updating the example service URLs in the configuration to use container names or environment variables instead of 'localhost'.

---

178-184:

❓ Verification inconclusive

Review Docker socket access and document environment variables.

The beszel-agent service mounts the Docker socket with read-only access (docker.sock:ro). While this is a common pattern for monitoring containers, it still poses security risks as it allows the container to inspect all other containers.

Additionally, the KEY environment variable should be documented in the service's documentation.

Consider:

1. Using Docker's built-in metrics endpoint instead of socket access
2. Adding documentation about required environment variables

Run this script to check if the documentation mentions the KEY variable:

---

🏁 Script executed:

#!/bin/bash
# Description: Check if KEY environment variable is documented
curl -s "https://raw.githubusercontent.com/henrygd/beszel/master/README.md" | grep -i "key.*environment.*variable"

Length of output: 114

---

Action Required: Verify Docker Socket Security and KEY Environment Variable Documentation

• The beszel-agent service mounts the Docker socket with read-only access, which—while common for monitoring purposes—can expose container internals and thus poses a potential security risk. Consider evaluating alternatives such as Docker's built-in metrics endpoint.
• The KEY environment variable does not appear to be documented in the upstream README (as evidenced by the executed curl command returning no output). Please manually verify if this variable should be documented or if additional clarification is required.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 592dd76 and 1c0159c.

📒 Files selected for processing (29)

• README.md (1 hunks)
• app/Jobs/ApplicationDeploymentJob.php (2 hunks)
• app/Jobs/SendMessageToSlackJob.php (1 hunks)
• app/Livewire/Project/Application/DeploymentNavbar.php (1 hunks)
• app/Models/GithubApp.php (1 hunks)
• app/Models/S3Storage.php (2 hunks)
• app/Models/Team.php (1 hunks)
• app/Notifications/Server/HighDiskUsage.php (1 hunks)
• bootstrap/helpers/s3.php (0 hunks)
• config/constants.php (1 hunks)
• lang/ar.json (2 hunks)
• lang/fr.json (2 hunks)
• lang/it.json (2 hunks)
• resources/views/components/status/running.blade.php (1 hunks)
• resources/views/livewire/layout-popups.blade.php (1 hunks)
• resources/views/livewire/project/application/deployment/show.blade.php (1 hunks)
• resources/views/livewire/server/cloudflare-tunnels.blade.php (1 hunks)
• resources/views/livewire/server/configure-cloudflare-tunnels.blade.php (1 hunks)
• resources/views/livewire/storage/create.blade.php (1 hunks)
• resources/views/livewire/storage/form.blade.php (1 hunks)
• resources/views/livewire/subscription/pricing-plans.blade.php (1 hunks)
• resources/views/livewire/team/index.blade.php (1 hunks)
• templates/compose/beszel.yaml (1 hunks)
• templates/compose/calcom.yaml (1 hunks)
• templates/compose/duplicati.yaml (1 hunks)
• templates/compose/getoutline.yaml (1 hunks)
• templates/compose/homepage.yaml (5 hunks)
• templates/service-templates.json (5 hunks)
• versions.json (1 hunks)

💤 Files with no reviewable changes (1)

• bootstrap/helpers/s3.php

✅ Files skipped from review due to trivial changes (13)

• resources/views/livewire/storage/form.blade.php
• resources/views/livewire/team/index.blade.php
• resources/views/livewire/storage/create.blade.php
• resources/views/livewire/server/configure-cloudflare-tunnels.blade.php
• resources/views/livewire/subscription/pricing-plans.blade.php
• config/constants.php
• templates/compose/homepage.yaml
• resources/views/components/status/running.blade.php
• resources/views/livewire/layout-popups.blade.php
• templates/compose/calcom.yaml
• resources/views/livewire/server/cloudflare-tunnels.blade.php
• versions.json
• README.md

🔇 Additional comments (18)

lang/ar.json (2)

3-3: LGTM! Authentik login translation follows existing patterns.

The Arabic translation for Authentik login is consistent with other login method translations in the file.

---

39-39: LGTM! SSL warning translation with proper HTML formatting.

The Arabic translation for the SSL domain warning maintains proper HTML tag usage for text highlighting, consistent with other entries in the file.

lang/it.json (3)

3-3: LGTM! Authentik login translation follows existing patterns.

The Italian translation for Authentik login is consistent with other login method translations in the file.

---

32-37: LGTM! Resource management translations are well-structured.

The Italian translations for resource management operations are clear and maintain consistency in terminology.

---

39-39: LGTM! SSL warning translation with proper HTML formatting.

The Italian translation for the SSL domain warning maintains proper HTML tag usage for text highlighting, consistent with other entries in the file.

lang/fr.json (2)

3-3: LGTM! Authentik login translation follows existing patterns.

The French translation for Authentik login is consistent with other login method translations in the file.

---

39-39: LGTM! SSL warning translation with proper HTML formatting.

The French translation for the SSL domain warning maintains proper HTML tag usage for text highlighting, consistent with other entries in the file.

app/Models/S3Storage.php (1)

46-57: Use caution with static endpoint configuration.

You have hardcoded 'use_path_style_endpoint' => true, which works for certain S3-compatible backends (e.g., MinIO) but may cause unexpected issues with AWS if the endpoint is not configured accordingly. Consider making this configurable or documenting the requirement for path-style endpoints.

app/Models/GithubApp.php (1)

44-49: Validate existence of GitHub App ID.

->whereNotNull('app_id')->get() ensures that only apps with a valid app_id are retrieved. If non-GitHub items or partial data records exist, they’ll be excluded. Confirm this is intentional.

app/Livewire/Project/Application/DeploymentNavbar.php (1)

56-63: LGTM! Security improvements in server retrieval.

The changes enhance security by:

1. Adding proper fallback to application's destination server ID
2. Ensuring server retrieval is filtered by current team ownership using ownedByCurrentTeam()

app/Notifications/Server/HighDiskUsage.php (1)

83-83: LGTM! Correct notification link update.

The notification link has been correctly updated to point to Slack settings instead of Discord settings.

resources/views/livewire/project/application/deployment/show.blade.php (1)

111-120: LGTM! Improved command display logic.

The changes enhance the command display logic by:

1. Using isset() for more accurate command key checks
2. Ensuring consistent command prefix display

app/Models/Team.php (1)

251-262: LGTM! Enhanced query logic structure.

The changes improve the query logic by:

1. Properly grouping conditions using nested closures
2. Ensuring correct evaluation order of conditions
3. Making the logic consistent between github_apps and gitlab_apps queries

app/Jobs/ApplicationDeploymentJob.php (1)

2287-2287:

❓ Verification inconclusive

LGTM! Note the potential impact on deployment time.

Adding --pull always ensures the latest image is used, which is good for consistency. However, be aware that this will increase deployment time as it forces a pull operation on every deployment, even if the image hasn't changed.

Consider verifying the impact on deployment time with:

---

🏁 Script executed:

#!/bin/bash
# Description: Compare deployment times with and without --pull always

# Test 1: Without --pull always
time docker compose --project-name test --project-directory . up --build -d

# Test 2: With --pull always
time docker compose --project-name test --project-directory . up --pull always --build -d

Length of output: 437

---

LGTM! The change ensuring that --pull always is included in the Docker compose command makes sense—it guarantees that the latest image version is used, which enhances consistency. However, be mindful that this will likely slow down deployments due to the additional image pull on every deployment. Since our automated test ran in an environment without Docker (resulting in "docker: command not found"), please manually verify the actual impact on deployment times in an environment where Docker is properly installed.

templates/compose/duplicati.yaml (1)

14-16: LGTM! Environment variables look good.

The changes improve configuration flexibility by:

1. Using a dynamic timezone with a fallback to 'Europe/London'
2. Adding encryption key and web service password configuration

Please ensure that SERVICE_PASSWORD_ENCRYPT and SERVICE_PASSWORD_WEB are properly secured and not exposed in logs or error messages.

templates/compose/getoutline.yaml (1)

73-73: Fix syntax error in SMTP_SECURE default value.

There's a syntax error in the SMTP_SECURE environment variable. The variable should have a default value.

templates/service-templates.json (2)

285-289: Documentation URL improvement.

The updated documentation URL now points to a more specific introduction page, which will help users get started more efficiently.

---

1056-1062: Well-structured service configuration with comprehensive SMTP support.

The configuration is thorough and includes:

• Proper health checks for all services
• Complete SMTP configuration options
• Well-organized environment variables