Multitenant migrations execution (#431)

* feat: async tenant migrations

* feat: monitoring with grafana & prometheus

docker-compose-infra.yml → .docker/docker-compose-infra.yml

@@ -48,7 +48,7 @@ services:
       PGBOUNCER_STATS_USERS: postgres
 
   supavisor:
-    image: supabase/supavisor:1.1.6
+    image: supabase/supavisor:1.1.23
     depends_on:
       multitenant_db:
         condition: service_healthy
@@ -78,7 +78,7 @@ services:
     command: sh -c "/app/bin/migrate && /app/bin/server"
 
   supavisor_setup:
-    image: supabase/supavisor:1.1.6
+    image: supabase/supavisor:1.1.23
     command: |
       curl -X PUT \
         "http://supavisor:4000/api/tenants/bjhaohmqunupljrqypxz" \
@@ -102,7 +102,8 @@ services:
                 \"db_password\": \"postgres\",
                 \"mode_type\": \"transaction\",
                 \"pool_size\": 15,
-                \"pool_checkout_timeout\": 100
+                \"max_clients\": 200,
+                \"pool_checkout_timeout\": 5000
               }
             ]
           }

.docker/docker-compose-monitoring.yml

@@ -0,0 +1,46 @@
+version: '3'
+services:
+  pg_bouncer_exporter:
+    image: spreaker/prometheus-pgbouncer-exporter
+    environment:
+      PGBOUNCER_EXPORTER_HOST: 0.0.0.0
+      PGBOUNCER_EXPORTER_PORT: 9127
+      PGBOUNCER_HOST: pg_bouncer
+      PGBOUNCER_PORT: 6432
+      PGBOUNCER_USER: postgres
+      PGBOUNCER_PASS: postgres
+    depends_on:
+      - pg_bouncer
+    ports:
+      - 9127:9127
+
+  postgres_exporter:
+    image: quay.io/prometheuscommunity/postgres-exporter
+    ports:
+      - "9187:9187"
+    environment:
+      DATA_SOURCE_NAME: postgres://postgres:postgres@tenant_db:5432/postgres?sslmode=disable
+
+  prometheus:
+    image: prom/prometheus
+    container_name: prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+    ports:
+      - 9090:9090
+    restart: unless-stopped
+    volumes:
+      - ../monitoring/prometheus:/etc/prometheus
+
+  grafana:
+    image: grafana/grafana
+    container_name: grafana
+    ports:
+      - 3000:3000
+    restart: unless-stopped
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=grafana
+    volumes:
+      - ../monitoring/grafana/config:/etc/grafana/provisioning
+      - ../monitoring/grafana/dashboards:/var/lib/grafana/dashboards

.env.sample

@@ -6,7 +6,7 @@ SERVER_PORT=5000
 SERVER_ADMIN_PORT=5001
 SERVER_KEEP_ALIVE_TIMEOUT=61
 SERVER_HEADERS_TIMEOUT=65
-SERVER_REGION=region-of-where-your-service-is-running
+SERVER_REGION=local
 
 
 #######################################
@@ -24,20 +24,13 @@ RESPONSE_S_MAXAGE=0
 AUTH_JWT_SECRET=f023d3db-39dc-4ac9-87b2-b2be72e9162b
 AUTH_JWT_ALGORITHM=HS256
 
-
-#######################################
-# Single Tenant
-#######################################
-TENANT_ID=bjhaohmqunupljrqypxz
-
 #######################################
 # Multi Tenancy
 # uncomment MULTI_TENANT=true to enable multi tenancy
-# the [Single Tenant] configurations will be ignored
 #######################################
 # MULTI_TENANT=true
 DATABASE_MULTITENANT_URL=postgresql://postgres:[email protected]:5433/postgres
-REQUEST_X_FORWARDED_HOST_REGEXP=
+REQUEST_X_FORWARDED_HOST_REGEXP=^([a-z]{20}).local.(?:com|dev)$
 SERVER_ADMIN_API_KEYS=apikey
 AUTH_ENCRYPTION_KEY=encryptionkey
 
@@ -85,7 +78,7 @@ STORAGE_BACKEND=s3
 #######################################
 # S3 Backend
 #######################################
-STORAGE_S3_BUCKET=name-of-your-s3-bucket
+STORAGE_S3_BUCKET=supa-storage-bucket
 STORAGE_S3_MAX_SOCKETS=200
 STORAGE_S3_ENDPOINT=http://127.0.0.1:9000
 STORAGE_S3_FORCE_PATH_STYLE=true

.env.test.sample

@@ -1,7 +1,20 @@
 AUTHENTICATED_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwic3ViIjoiMzE3ZWFkY2UtNjMxYS00NDI5LWEwYmItZjE5YTdhNTE3YjRhIiwiZW1haWwiOiJpbmlhbit0ZXN0MUBzdXBhYmFzZS5pbyIsImV4cCI6MTkzOTEwNzk4NSwiYXBwX21ldGFkYXRhIjp7InByb3ZpZGVyIjoiZW1haWwifSwidXNlcl9tZXRhZGF0YSI6e30sInJvbGUiOiJhdXRoZW50aWNhdGVkIn0.E-x3oYcHIjFCdUO1M3wKDl1Ln32mik0xdHT2PjrvN70
+ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlhdCI6MTYxMzUzMTk4NSwiZXhwIjoxOTI5MTA3OTg1fQ.mqfi__KnQB4v6PkIjkhzfwWrYyF94MEbSC6LnuvVniE
+SERVICE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjEzNTMxOTg1LCJleHAiOjE5MjkxMDc5ODV9.th84OKK0Iz8QchDyXZRrojmKSEZ-OuitQm_5DvLiSIc
+
+TENANT_ID=bjhaohmqunupljrqypxz
+ENABLE_DEFAULT_METRICS=false
+PG_QUEUE_ENABLE=false
+MULTI_TENANT=false
+ADMIN_API_KEYS=apikey
+
+DB_INSTALL_ROLES=true
+IMAGE_TRANSFORMATION_ENABLED=true
+
 AWS_ACCESS_KEY_ID=supa-storage
 AWS_SECRET_ACCESS_KEY=secret1234
 AWS_DEFAULT_REGION=ap-southeast-1
-GLOBAL_S3_ENDPOINT=http://127.0.0.1:9000
-GLOBAL_S3_PROTOCOL=http
-GLOBAL_S3_FORCE_PATH_STYLE=true
+
+STORAGE_S3_ENDPOINT=http://127.0.0.1:9000
+STORAGE_S3_PROTOCOL=http
+STORAGE_S3_FORCE_PATH_STYLE=true

.github/workflows/ci.yml

@@ -76,6 +76,9 @@ jobs:
           GLOBAL_S3_PROTOCOL: http
           GLOBAL_S3_FORCE_PATH_STYLE: true
           DB_INSTALL_ROLES: true
+          ENABLE_DEFAULT_METRICS: false
+          PG_QUEUE_ENABLE: false
+          MULTI_TENANT: false
 
       - name: Upload coverage results to Coveralls
         uses: coverallsapp/github-action@master

Dockerfile

@@ -1,24 +1,36 @@
-FROM node:18-alpine
+# Base stage for shared environment setup
+FROM node:18-alpine as base
 RUN apk add --no-cache g++ make python3
 WORKDIR /app
 COPY package.json package-lock.json ./
-RUN npm ci --production
 
-FROM node:18-alpine
-RUN apk add --no-cache g++ make python3
-WORKDIR /app
-COPY . .
+# Dependencies stage - install and cache all dependencies
+FROM base as dependencies
 RUN npm ci
+# Cache the installed node_modules for later stages
+RUN cp -R node_modules /node_modules_cache
+
+# Build stage - use cached node_modules for building the application
+FROM base as build
+COPY --from=dependencies /node_modules_cache ./node_modules
+COPY . .
 RUN npm run build
 
-FROM node:18-alpine
+# Production dependencies stage - use npm cache to install only production dependencies
+FROM base as production-deps
+COPY --from=dependencies /node_modules_cache ./node_modules
+RUN npm ci --production
+
+# Final stage - for the production build
+FROM base as final
 ARG VERSION
 ENV VERSION=$VERSION
-WORKDIR /app
 COPY migrations migrations
-COPY ecosystem.config.js package.json ./
-COPY --from=0 /app/node_modules node_modules
-COPY --from=1 /app/dist dist
+
+# Copy production node_modules from the production dependencies stage
+COPY --from=production-deps /app/node_modules node_modules
+# Copy build artifacts from the build stage
+COPY --from=build /app/dist dist
+
 EXPOSE 5000
-ENTRYPOINT ["docker-entrypoint.sh"]
-CMD ["node", "dist/server.js"]
+CMD ["node", "dist/server.js"]

README.md

@@ -23,9 +23,10 @@ A scalable, light-weight object storage service.
 
 - Copy `.env.sample` to `.env` file.
 - Copy `.env.test.sample` to `.env.test`.
-- Change `GLOBAL_S3_BUCKET` and `REGION` to the name and region of a S3 bucket.
-  - If you just want to run the tests and not develop locally, you can skip this step because S3 calls are mocked in our tests.
-- [Set up your AWS credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). Your user must have permissions to `s3:PutObject, s3:GetObject, s3:DeleteObject` in the bucket you have chosen.
+
+```bash
+cp .env.sample .env && cp .env.test.sample .env.test
+````
 
 **Your root directory should now have both `.env` and `.env.test` files.**
 

docker-compose-multi-tenant.yml

@@ -51,51 +51,70 @@ services:
       IMGPROXY_URL: http://imgproxy:8080
       IMGPROXY_REQUEST_TIMEOUT: 15
 
+      PG_QUEUE_ENABLE: "true"
+
   tenant_db:
     extends:
       service: tenant_db
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   multitenant_db:
     extends:
       service: multitenant_db
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   supavisor:
     extends:
       service: supavisor
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   supavisor_setup:
     depends_on:
       supavisor:
         condition: service_healthy
     extends:
       service: supavisor_setup
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   minio:
     extends:
       service: minio
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   minio_setup:
     extends:
       service: minio_setup
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
     depends_on:
       - minio
 
   imgproxy:
     extends:
       service: imgproxy
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
 #  Optional for rate-limiting
 #  redis:
 #    extends:
 #      service: redis
-#      file: docker-compose-infra.yml
+#      file: ./.docker/docker-compose-infra.yml
+
+# Optional for monitoring:
+#  grafana:
+#    extends:
+#      service: grafana
+#      file: ./.docker/docker-compose-monitoring.yml
+#
+#  prometheus:
+#    extends:
+#      service: prometheus
+#      file: ./.docker/docker-compose-monitoring.yml
+#
+#  postgres_exporter:
+#    extends:
+#      service: postgres_exporter
+#      file: ./.docker/docker-compose-monitoring.yml
+
 
 configs:
   init.sql:

docker-compose.yml

@@ -47,33 +47,54 @@ services:
   tenant_db:
     extends:
       service: tenant_db
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   pg_bouncer:
     extends:
       service: pg_bouncer
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   minio:
     extends:
       service: minio
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
   minio_setup:
     extends:
       service: minio_setup
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
     depends_on:
       minio:
         condition: service_healthy
 
   imgproxy:
     extends:
       service: imgproxy
-      file: docker-compose-infra.yml
+      file: ./.docker/docker-compose-infra.yml
 
 #  Optional for rate-limiting
 #  redis:
 #    extends:
 #      service: redis
-#      file: docker-compose-infra.yml
+#      file: ./.docker/docker-compose-infra.yml
+
+#  Optional for monitoring
+#  pg_bouncer_exporter:
+#    extends:
+#      service: pg_bouncer_exporter
+#      file: ./.docker/docker-compose-monitoring.yml
+
+#  postgres_exporter:
+#    extends:
+#      service: postgres_exporter
+#      file: ./.docker/docker-compose-monitoring.yml
+#
+#  grafana:
+#    extends:
+#      service: grafana
+#      file: ./.docker/docker-compose-monitoring.yml
+#
+#  prometheus:
+#    extends:
+#      service: prometheus
+#      file: ./.docker/docker-compose-monitoring.yml