Verify build fix with prisma field encryption inclusion

[BMartinos]

This is a temp fix to see if this will fix the noted buidl issue. prisma field encryption variables seems to be needed during the build process and currently fails without that value being set A short term solution is to populate it is build time, but this needs to be refactored as this presents a securoty issue

Summary by CodeRabbit

• New Features

  • Enhanced security with the addition of environment variables for field encryption.
  • Introduced a new CI/CD job for testing, building, and pushing Docker images based on branch conditions.

• Chores

  • Removed outdated test workflow to streamline CI/CD processes.
  • Improved Dockerfile for better build performance and environment configuration.

[coderabbitai]

Walkthrough

This pull request introduces two new environment variables for field encryption in Prisma within the .env.production.example file, enhancing security measures for sensitive data. It also removes the existing test workflow in .github/workflows/run-tests.yml, which previously automated testing and coverage checks. Additionally, the workflow in .github/workflows/tests-build-push.yml is modified to integrate testing into the build process and refine conditions for building and pushing Docker images.

Changes

File Path	Change Summary
.env.production.example	Added PRISMA_FIELD_ENCRYPTION_KEY and PRISMA_FIELD_ENCRYPTION_HASH_SALT environment variables.
.github/workflows/run-tests.yml	Removed the workflow that defined automated testing and coverage checks.
.github/workflows/tests-build-push.yml	Modified to include a new test job and updated conditions for the build-and-push job.
docker/production/Dockerfile	Expanded dependency installation and updated build command for optimization.

Possibly related PRs

• Fix/docker image build for production #52: The changes in this PR include updates to the .env file, specifically the addition of PRISMA_FIELD_ENCRYPTION_KEY and PRISMA_FIELD_ENCRYPTION_HASH_SALT, which are directly related to the changes made in the main PR regarding field encryption configuration.
• Updated docker build to create relevant postgres databases #62: This PR also modifies the .env file, retaining the PRISMA_FIELD_ENCRYPTION_KEY and PRISMA_FIELD_ENCRYPTION_HASH_SALT values, indicating a focus on maintaining encryption configurations, which aligns with the changes in the main PR.

Poem

In the garden of code, where rabbits play,
New keys and salts brighten the day.
With Docker images ready to hop,
Our builds will soar, never to stop!
Let’s encrypt our fields, keep data tight,
A secure future, oh what a delight! 🐇✨

---

Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 790467e and 739005d.

Files selected for processing (1)

• .github/workflows/tests-build-push.yml (2 hunks)

Additional comments not posted (8)

.github/workflows/tests-build-push.yml (8)

1-1: LGTM!

The updated workflow name accurately reflects the addition of the testing phase.

---

4-9: LGTM!

The updated trigger events are appropriate for the workflow.

---

12-27: Great addition of the test job!

The test job is a good practice to ensure the code is tested before building and pushing the Docker image. The job steps are appropriate for running tests.

---

41-46: LGTM!

The addition of the conditional "Test Docker build" step is a good practice to ensure the Docker image can be built successfully on non-main branches. The step uses the appropriate action and configuration to test the build without pushing the image.

---

49-54: LGTM!

The conditional login step is a good practice to ensure the login is performed only when necessary (i.e., when pushing the image on the main branch). The step uses the appropriate action and secrets for logging in to DockerHub.

---

45-45: LGTM!

The platforms configuration is appropriate for testing the Docker build on a single platform.

---

50-50: LGTM!

The use of github.ref_name is more appropriate for checking the branch name in the condition.

---

41-41: LGTM!

The use of github.ref_name is appropriate for checking the branch name in the condition.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai generate interesting stats about this repository and render them as a table.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0ec76f8 and c30edd1.

Files selected for processing (2)

• .env.production.example (1 hunks)
• .github/workflows/run-tests.yml (2 hunks)

Additional context used

Gitleaks

.env.production.example

25-26: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (2)

.github/workflows/run-tests.yml (2)

11-11: LGTM!

The addition of the fix/production-build-prisma-field-encryption branch to the pull_request trigger aligns with the PR objective to verify the build fix. This change ensures that the workflow runs for pull requests targeting this branch.

---

31-66: Great addition to the CI/CD pipeline!

The new build-and-push job is a valuable enhancement to the workflow. It automates the process of building and pushing Docker images based on the branch being used, which facilitates better version control and deployment strategies.

The conditional logic based on the branch name ensures that the appropriate image tag is used, and the use of the docker/build-push-action and secrets for DockerHub authentication follows recommended practices.

This addition will reduce manual effort and potential errors in the deployment process.

[jacob-khoza-symb]

Should we not check if it is nit on pull request before we push the image?

[BMartinos]

@jacob-khoza-symb Yup thats correct, I still need to make some updates on this action script.
The current changes are just intended for testing purposes to have an image build and sent to dockerhub to verify the build works as intended (without having to merge into master multiple times)

Side note: The entire GHA needs a bit of refactoring and improvement

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c30edd1 and 790467e.

Files selected for processing (3)

• .github/workflows/run-tests.yml (0 hunks)
• .github/workflows/tests-build-push.yml (2 hunks)
• docker/production/Dockerfile (3 hunks)

Files not reviewed due to no reviewable changes (1)

• .github/workflows/run-tests.yml

Additional context used

actionlint

.github/workflows/tests-build-push.yml

42-42: property "get_branch" is not defined in object type {}

(expression)

---

50-50: property "get_branch" is not defined in object type {}

(expression)

---

57-57: property "get_branch" is not defined in object type {}

(expression)

Additional comments not posted (8)

docker/production/Dockerfile (3)

6-6: LGTM!

The addition of python3, make, and g++ packages to the apk add command in the deps stage is a good change. These are common build tools and dependencies that are likely needed for compiling native modules or other build tasks.

Installing these packages in the deps stage helps keep the final image size small.

---

23-23: Great optimization!

Updating the build command to use npm run build --turbo is an excellent change. The --turbo flag suggests the project is leveraging TurboRepo for optimized builds.

TurboRepo can significantly improve build performance and efficiency, especially for larger projects. This change is likely to lead to faster build times and an improved developer experience, without introducing any bugs or regressions.

---

45-46: Improved clarity and consistency!

Reformatting the environment variable declarations for PORT and HOSTNAME to use the = syntax instead of spaces is a good change. This is a more standard practice in Dockerfiles and improves the clarity and consistency of the environment variable definitions.

While this change doesn't alter the functionality, it enhances the readability and maintainability of the Dockerfile.

.github/workflows/tests-build-push.yml (5)

1-1: LGTM!

The new workflow name accurately reflects the inclusion of the testing step, aligning with the PR objective.

---

4-9: LGTM!

The updated triggering events ensure that the workflow runs on both push and pull_request events for the main branch, which is a sensible configuration.

---

12-27: LGTM!

The new test job is a valuable addition to the workflow, ensuring that tests are run before building and pushing the Docker image. The job configuration and steps are well-structured and appropriate for the purpose of verifying the build fix.

---

50-50: Fix the undefined get_branch property.

Similar to the previous comment, the static analysis tool has identified that the get_branch property is not defined in the object type. This could cause the workflow to fail when running on the main branch.

To fix this issue, define the get_branch step as suggested in the previous comment and update the condition to use the get_branch output:

if: ${{ steps.get_branch.outputs.branch_name == 'main' }}

Tools

actionlint

50-50: property "get_branch" is not defined in object type {}

(expression)

---

57-57: Fix the undefined get_branch property.

Once again, the static analysis tool has identified that the get_branch property is not defined in the object type. This could cause the workflow to fail when running on the main branch.

To fix this issue, define the get_branch step as suggested in the previous comments and update the condition to use the get_branch output:

if: ${{ steps.get_branch.outputs.branch_name == 'main' }}

Tools

actionlint

57-57: property "get_branch" is not defined in object type {}

(expression)