Paulo Gomes
2e3feca05f
security: run Docker container as non-root user
...
Running containers as a non-root user is a long standing security practice.
The changes ensure that the sourcebot user is created and has the correct
level of permissions to run all its dependencies (postgres, redis and node).
Please note that as a side effect, existing mounted volumes would need to
have their ownership reviewed or it may not be able to access the files.
This is specially the case for previous versions that would create said
files as 0:0.
To fix that, users can run chown -R 1500:1500 /path/.sourcebot. The chmod
may also need to be a bit more strict in such cases, so changing that is
advised: chown -R 0750 /path/.sourcebot.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
2025-11-05 11:03:14 -08:00
bkellam
33c732855f
sourcebot v4.9.0
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
Update Roadmap Released / update (push) Waiting to run
2025-11-04 21:29:33 -08:00
msukkari
5fe00a6b48
typo in linked account settings
2025-11-04 21:26:19 -08:00
Brendan Kellam
1908051daa
feat(web,worker): Environment overrides ( #597 )
2025-11-04 21:22:31 -08:00
Brendan Kellam
5fde901356
chore(worker): Refactor permission syncing join table to be between Account <> Repo ( #600 )
2025-11-04 20:12:07 -08:00
Michael Sukkarieh
449c76fdcc
feat(ee): Add ability to link external accounts ( #595 )
2025-11-04 20:08:04 -08:00
Brendan Kellam
26ec7af7f0
feat(worker,web): Support google secrets as a token type ( #594 )
Update Roadmap Released / update (push) Has been cancelled
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Has been cancelled
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Has been cancelled
Publish to ghcr / merge (push) Has been cancelled
2025-11-01 22:02:55 -07:00
bkellam
7e161e6df3
alter roadmap release update trigger
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
Update Roadmap Released / update (push) Waiting to run
2025-11-01 15:17:51 -07:00
Derek Miller
2c0540f6bf
fix(backend): Limit concurrent git operations to prevent resource exhaustion ( #590 ) ( #593 )
...
When syncing generic-git-host connections with thousands of repositories,
unbounded Promise.all caused resource exhaustion (EAGAIN errors) by spawning
too many concurrent git processes. This resulted in valid repositories being
incorrectly skipped during sync.
- Add p-limit to control concurrent git operations (max 100)
- Follow existing pattern from github.ts for consistency
- Prevents file descriptor and process limit exhaustion
- Uses rolling concurrency to avoid head-of-line blocking
Fixes #590
2025-11-01 15:15:09 -07:00
bkellam
d1655d4587
run update roadmap on pushes to main
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
Update Roadmap Released / update (push) Waiting to run
2025-10-31 14:58:33 -07:00
Brian Phillips
58456d616b
add p-limit to GitHub API calls to avoid overwhelming the node process (or the API rate limits) ( #591 )
2025-10-31 14:49:43 -07:00
Michael Sukkarieh
fd17871da4
chore(tech-debt): Remove built-in secret manager ( #592 )
2025-10-31 14:33:28 -07:00
Brendan Kellam
581a5a0bd8
fix(web): Fix /settings/connections throwing a error when there is a git connection present ( #588 )
2025-10-31 13:08:51 -07:00
Brendan Kellam
4899c9fbc7
feat(ee): GitLab permission syncing ( #585 )
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-30 11:08:10 -07:00
Brendan Kellam
384aa9ebe6
fix(web): Fix "The account is already associated with another user" errors when signing in with GitLab ( #584 )
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-29 21:25:48 -07:00
Michael Sukkarieh
bbb197a9bf
fix(github app): Generate installation tokens each time ( #583 )
...
* generate installation tokens each time
* changelog
2025-10-29 18:05:18 -07:00
Brendan Kellam
d09d65dce7
fix(ask): Extract reasoning tokens for openai compatible models ( #582 )
2025-10-29 17:13:31 -07:00
msukkari
727a6da105
remove old config files
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-29 16:04:30 -07:00
bkellam
86be06928b
sourcebot v4.8.1
2025-10-29 14:09:26 -07:00
Brendan Kellam
63cf48264d
chore(web): Bug fixes related to v4.8.0 release ( #581 )
2025-10-29 14:05:48 -07:00
bkellam
bc592addad
@sourcebot/mcp v1.0.7
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-28 23:03:11 -07:00
bkellam
6a56296a76
sourcebot v4.8.0
2025-10-28 22:38:54 -07:00
bkellam
b40b204408
nit(web): Change how no jobs is represented in connections & repos tables
2025-10-28 22:25:02 -07:00
Brendan Kellam
0d738a27b6
chore: Specify shutdown order in supervisord.conf ( #580 )
2025-10-28 22:23:10 -07:00
Brendan Kellam
a167accd7e
feat(worker,web): Improved connection management ( #579 )
2025-10-28 21:31:28 -07:00
Michael Sukkarieh
3ff88da33b
feat(ee): Add REST API to get users and delete a user ( #578 )
...
* add get users and delete user endpoints
* changelog
* changelog typo
* update license
* add tags to changelog
2025-10-28 17:05:47 -07:00
Michael Sukkarieh
5b1caae854
feat(security): Add env var to restrict api key creation ( #577 )
...
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
* add env var to restrict api key creation
* changelog
2025-10-28 15:36:29 -07:00
bkellam
336b07d41c
Add github commit issue # to todo comment
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-27 11:49:03 -07:00
msukkari
b939d1e420
enforce permitted user check even when no where clause
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-26 21:11:42 -07:00
msukkari
0bd545359e
fix bug with octokit url for github cloud
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-25 21:57:13 -07:00
Brendan Kellam
2d3b03bf12
feat(web): Improved repository table ( #572 )
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-25 14:51:41 -04:00
msukkari
4b86bcd182
add debug log for github auth app
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-24 11:49:40 -07:00
Brendan Kellam
a470ab8463
chore(worker): Prometheus metrics for repo index manager ( #571 )
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Has been cancelled
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Has been cancelled
Publish to ghcr / merge (push) Has been cancelled
2025-10-21 20:43:33 -07:00
msukkari
ef77e212a0
fix bug from github app pr
2025-10-21 20:39:59 -07:00
Michael Sukkarieh
c2299aa86b
feat(auth): github app ( #570 )
...
* properly handle emails for github app auth case
* add docs info for auth through github app
* more info in docs for user auth perms
* modify review agent env var names
* github app service auth
* coderabbit suggestions
* fixes
* fix build
2025-10-21 20:17:28 -07:00
Brendan Kellam
03999f0de0
fix(worker): Use indexTimeoutMs setting for job timeout ( #567 )
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
2025-10-20 12:41:09 -07:00
Brendan Kellam
4ebe4e0475
chore(worker,web): Repo indexing stability improvements + perf improvements to web ( #563 )
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Has been cancelled
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Has been cancelled
Publish to ghcr / merge (push) Has been cancelled
2025-10-18 16:31:22 -07:00
prateek singh
5b09757e92
feat(browse): Implement dynamic tab titles for files and folders ( #560 )
...
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Has been cancelled
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Has been cancelled
Publish to ghcr / merge (push) Has been cancelled
* feat(metadata): Enhance metadata generation for repository browsing
feat(utils): Add parseRepoPath function to extract repository name and revision from URL path
* feat(metadata): update tab title with appropriate file name, path or repository name.
* fix: remove left-over console logs and Async Params resolution.
* feat: refactor parsePathForTitle to utilize getBrowseParamsFromPathParam for cleaner code.
* minor refactoring and adding changelog.
* Remove unused import
* refactor: change parsePathForTitle to a non-exported function
---------
Co-authored-by: Brendan Kellam <bshizzle1234@gmail.com>
2025-10-15 11:44:30 -07:00
Brendan Kellam
c3fae1aaab
feat(web): Improved search performance on unbounded searches ( #555 )
2025-10-07 23:55:36 -07:00
Brendan Kellam
18ba1d2492
update demo deploy cadence ( #556 )
2025-10-07 23:51:52 -07:00
bkellam
8d7babc8d2
chore(worker): Change log message to debug
2025-10-07 16:38:56 -07:00
bkellam
595abc12be
use blacksmith arm machine for arm builds
2025-10-07 10:21:19 -07:00
blacksmith-sh[bot]
0e8fdf0f97
Migrate workflows to Blacksmith ( #554 )
...
Co-authored-by: blacksmith-sh[bot] <157653362+blacksmith-sh[bot]@users.noreply.github.com>
2025-10-07 10:05:27 -07:00
Brendan Kellam
83c6704b01
fix: Fix git dubious ownership errors ( #553 )
2025-10-06 19:54:17 -07:00
Brendan Kellam
5e3e4f000a
chore(web): Remove spam "login page loaded" log ( #552 )
2025-10-06 15:04:41 -07:00
msukkari
623c794a75
update description in docs
2025-10-04 10:03:29 -07:00
Brendan Kellam
425a816fb6
Update README.md
2025-10-03 21:38:49 -07:00
bkellam
6a4c9220bd
chore: try including platform pair in cache key
2025-10-03 21:24:14 -07:00
Brendan Kellam
eeb6b73a64
chore: Move helm chart to seperate repo ( #549 )
2025-10-03 15:45:36 -07:00
Andre Nogueira
9c8224e39f
Add Sourcebot Helm Chart ( #370 )
...
* feat: add helm chart
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* feat: add sts support to use internal DB and improve values docs
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* fix: include postgresql extra dependency
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* fix: remove autoscaler
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* fix: remove sts
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* fix: add more suggestive env var example
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* fix: add chart dependency lock
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
* fix: add host infer to the chart docs
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
---------
Signed-off-by: Andre Nogueira <andre.nogueira@mollie.com>
2025-10-03 15:39:26 -07:00
