chore: prepare ee release for backend service (#1487)

* temp commit

* completion of docker release

Author: motatoes

.github/workflows/ee_backend_docker_release.yml

@@ -39,7 +39,7 @@ jobs:
         uses: docker/build-push-action@v5.3.0
         with:
           context: .
-          file: "Dockerfile_backend"
+          file: "Dockerfile_backend_ee"
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
           labels: ${{ steps.meta.outputs.labels }}

Dockerfile_backend_ee

@@ -0,0 +1,50 @@
+FROM golang:1.22 as builder
+ARG COMMIT_SHA
+RUN echo "commit sha: ${COMMIT_SHA}"
+
+# Set the working directory
+WORKDIR $GOPATH/src/github.com/diggerhq/digger
+
+# Copy all required source, blacklist files that are not required through `.dockerignore`
+COPY . .
+
+# Get the vendor library
+RUN go version
+
+# RUN vgo install
+
+# https://github.com/ethereum/go-ethereum/issues/2738
+# Build static binary "-getmode=vendor" does not work with go-ethereum
+
+RUN go build -ldflags="-X 'main.Version=${COMMIT_SHA}'" -o backend_exe ./ee/backend/
+
+# Multi-stage build will just copy the binary to an alpine image.
+FROM ubuntu:24.04 as runner
+ENV ATLAS_VERSION v0.16.0
+ARG COMMIT_SHA
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y ca-certificates curl && apt-get install -y git && apt-get clean all
+RUN update-ca-certificates
+
+RUN echo "commit sha: ${COMMIT_SHA}"
+
+# install atlas
+RUN curl -sSf https://atlasgo.sh | sh
+
+
+
+# Set gin to production
+#ENV GIN_MODE=release
+
+# Expose the running port
+EXPOSE 3000
+
+# Copy the binary to the corresponding folder
+COPY --from=builder /go/src/github.com/diggerhq/digger/backend_exe /app/backend
+COPY --from=builder /go/src/github.com/diggerhq/digger/backend/scripts/entrypoint.sh /app/entrypoint.sh
+COPY --from=builder /go/src/github.com/diggerhq/digger/backend/migrations /app/migrations
+ADD backend/templates ./templates
+
+# Run the binary
+ENTRYPOINT ["/bin/bash", "/app/entrypoint.sh"]

backend/bootstrap/main.go

@@ -0,0 +1,156 @@
+package bootstrap
+
+import (
+	"embed"
+	"github.com/diggerhq/digger/backend/config"
+	"github.com/diggerhq/digger/backend/segment"
+	"html/template"
+	"io/fs"
+	"log"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/diggerhq/digger/backend/controllers"
+	"github.com/diggerhq/digger/backend/middleware"
+	"github.com/diggerhq/digger/backend/models"
+	"github.com/getsentry/sentry-go"
+	sentrygin "github.com/getsentry/sentry-go/gin"
+	"github.com/gin-contrib/sessions"
+	gormsessions "github.com/gin-contrib/sessions/gorm"
+	"github.com/gin-gonic/gin"
+)
+
+// based on https://www.digitalocean.com/community/tutorials/using-ldflags-to-set-version-information-for-go-applications
+var Version = "dev"
+
+func Bootstrap(templates embed.FS) *gin.Engine {
+	defer segment.CloseClient()
+	initLogging()
+	cfg := config.DiggerConfig
+
+	if err := sentry.Init(sentry.ClientOptions{
+		Dsn:           os.Getenv("SENTRY_DSN"),
+		EnableTracing: true,
+		// Set TracesSampleRate to 1.0 to capture 100%
+		// of transactions for performance monitoring.
+		// We recommend adjusting this value in production,
+		TracesSampleRate: 0.1,
+		Release:          "api@" + Version,
+		Debug:            true,
+	}); err != nil {
+		log.Printf("Sentry initialization failed: %v\n", err)
+	}
+
+	//database migrations
+	models.ConnectDatabase()
+
+	r := gin.Default()
+	// TODO: check "secret"
+	store := gormsessions.NewStore(models.DB.GormDB, true, []byte("secret"))
+
+	r.Use(sessions.Sessions("digger-session", store))
+
+	r.Use(sentrygin.New(sentrygin.Options{Repanic: true}))
+
+	r.GET("/health", func(c *gin.Context) {
+		c.JSON(http.StatusOK, gin.H{
+			"build_date":  cfg.GetString("build_date"),
+			"deployed_at": cfg.GetString("deployed_at"),
+			"version":     Version,
+			"commit_sha":  Version,
+		})
+	})
+
+	r.SetFuncMap(template.FuncMap{
+		"formatAsDate": func(msec int64) time.Time {
+			return time.UnixMilli(msec)
+		},
+	})
+
+	if _, err := os.Stat("templates"); err != nil {
+		matches, _ := fs.Glob(templates, "templates/*.tmpl")
+		for _, match := range matches {
+			r.LoadHTMLFiles(match)
+		}
+		r.StaticFS("/static", http.FS(templates))
+	} else {
+		r.Static("/static", "./templates/static")
+		r.LoadHTMLGlob("templates/*.tmpl")
+	}
+
+	r.POST("/github-app-webhook", controllers.GithubAppWebHook)
+	r.POST("/github-app-webhook/aam", controllers.GithubAppWebHookAfterMerge)
+
+	tenantActionsGroup := r.Group("/api/tenants")
+	tenantActionsGroup.Use(middleware.CORSMiddleware())
+	tenantActionsGroup.Any("/associateTenantIdToDiggerOrg", controllers.AssociateTenantIdToDiggerOrg)
+
+	githubGroup := r.Group("/github")
+	githubGroup.Use(middleware.GetWebMiddleware())
+	githubGroup.GET("/callback", controllers.GithubAppCallbackPage)
+	githubGroup.GET("/repos", controllers.GithubReposPage)
+	githubGroup.GET("/setup", controllers.GithubAppSetup)
+	githubGroup.GET("/exchange-code", controllers.GithubSetupExchangeCode)
+
+	authorized := r.Group("/")
+	authorized.Use(middleware.GetApiMiddleware(), middleware.AccessLevel(models.CliJobAccessType, models.AccessPolicyType, models.AdminPolicyType))
+
+	admin := r.Group("/")
+	admin.Use(middleware.GetApiMiddleware(), middleware.AccessLevel(models.AdminPolicyType))
+
+	fronteggWebhookProcessor := r.Group("/")
+	fronteggWebhookProcessor.Use(middleware.SecretCodeAuth())
+
+	authorized.GET("/repos/:repo/projects/:projectName/access-policy", controllers.FindAccessPolicy)
+	authorized.GET("/orgs/:organisation/access-policy", controllers.FindAccessPolicyForOrg)
+
+	authorized.GET("/repos/:repo/projects/:projectName/plan-policy", controllers.FindPlanPolicy)
+	authorized.GET("/orgs/:organisation/plan-policy", controllers.FindPlanPolicyForOrg)
+
+	authorized.GET("/repos/:repo/projects/:projectName/drift-policy", controllers.FindDriftPolicy)
+	authorized.GET("/orgs/:organisation/drift-policy", controllers.FindDriftPolicyForOrg)
+
+	authorized.GET("/repos/:repo/projects/:projectName/runs", controllers.RunHistoryForProject)
+	authorized.POST("/repos/:repo/projects/:projectName/runs", controllers.CreateRunForProject)
+
+	authorized.POST("/repos/:repo/projects/:projectName/jobs/:jobId/set-status", controllers.SetJobStatusForProject)
+
+	authorized.GET("/repos/:repo/projects", controllers.FindProjectsForRepo)
+	authorized.POST("/repos/:repo/report-projects", controllers.ReportProjectsForRepo)
+
+	authorized.GET("/orgs/:organisation/projects", controllers.FindProjectsForOrg)
+
+	admin.PUT("/repos/:repo/projects/:projectName/access-policy", controllers.UpsertAccessPolicyForRepoAndProject)
+	admin.PUT("/orgs/:organisation/access-policy", controllers.UpsertAccessPolicyForOrg)
+
+	admin.PUT("/repos/:repo/projects/:projectName/plan-policy", controllers.UpsertPlanPolicyForRepoAndProject)
+	admin.PUT("/orgs/:organisation/plan-policy", controllers.UpsertPlanPolicyForOrg)
+
+	admin.PUT("/repos/:repo/projects/:projectName/drift-policy", controllers.UpsertDriftPolicyForRepoAndProject)
+	admin.PUT("/orgs/:organisation/drift-policy", controllers.UpsertDriftPolicyForOrg)
+
+	admin.POST("/tokens/issue-access-token", controllers.IssueAccessTokenForOrg)
+
+	r.Use(middleware.CORSMiddleware())
+	projectsApiGroup := r.Group("/api/projects")
+	projectsApiGroup.Use(middleware.GetApiMiddleware())
+	projectsApiGroup.GET("/", controllers.FindProjectsForOrg)
+	projectsApiGroup.GET("/:project_id", controllers.ProjectDetails)
+	projectsApiGroup.GET("/:project_id/runs", controllers.RunsForProject)
+
+	runsApiGroup := r.Group("/api/runs")
+	runsApiGroup.Use(middleware.CORSMiddleware(), middleware.GetApiMiddleware())
+	runsApiGroup.GET("/:run_id", controllers.RunDetails)
+	runsApiGroup.POST("/:run_id/approve", controllers.ApproveRun)
+
+	fronteggWebhookProcessor.POST("/create-org-from-frontegg", controllers.CreateFronteggOrgFromWebhook)
+
+	return r
+}
+
+func initLogging() {
+	log.SetOutput(os.Stdout)
+	log.SetFlags(log.Ldate | log.Ltime | log.Lshortfile)
+	log.Println("Initialized the logger successfully")
+}

backend/controllers/helpers.go

@@ -0,0 +1,10 @@
+package controllers
+
+import (
+	"github.com/gin-gonic/gin"
+	"net/http"
+)
+
+func Home(c *gin.Context) {
+	c.HTML(http.StatusOK, "home.tmpl", gin.H{})
+}