Merge branch 'main' into fix-tokencreated-dialog

Author: cstns

.github/scripts/initial-setup.sh

@@ -8,7 +8,8 @@ INIT_CONFIG_PASSWORD_HASH=$2
 INIT_CONFIG_ACCESS_TOKEN_HASH=$3
 INIT_CONFIG_ACCESS_TOKEN=$4
 INIT_CONFIG_PASSWORD=$5
-FLOWFUSE_URL="${6:-$PR_NUMBER.flowfuse.dev}"
+FF_NODES_TOKEN=$6
+FLOWFUSE_URL="${7:-$PR_NUMBER.flowfuse.dev}"
 
 
 create_user() {
@@ -166,6 +167,14 @@ kubectl run flowfuse-setup-2 \
   "INSERT INTO public.\"AccessTokens\" (token,\"expiresAt\",scope,\"ownerId\",\"ownerType\",\"refreshToken\",name,\"createdAt\",\"updatedAt\") \
     VALUES ('$INIT_CONFIG_ACCESS_TOKEN_HASH',NULL,'','1','user',NULL,'setup','2024-03-18 10:46:54.055+01','2024-03-18 10:46:54.055+01');"
 
+### Configure ff-npm-registry token
+echo "Configuring ff-npm-registry token"
+curl -ks -w "\n" -XPUT \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $INIT_CONFIG_ACCESS_TOKEN" \
+  -d '{"platform:ff-npm-registry:token": "'"$FF_NODES_TOKEN"'"}' \
+  https://$FLOWFUSE_URL/api/v1/settings/
+
 ### Create project type
 echo "Creating project type"
 curl -ks -w "\n" -XPOST \
@@ -175,7 +184,8 @@ curl -ks -w "\n" -XPOST \
   https://$FLOWFUSE_URL/api/v1/project-types/
 
 ### Create stacks
-create_stack "Default" "Default" 30 256 "flowfuse/node-red:$(get_latest_image_tag "4.0.x")"
+create_stack "Default" "Default (4.1.x)" 30 256 "flowfuse/node-red:$(get_latest_image_tag "4.1.x")"
+create_stack "NR-40x" "4.0.x" 30 256 "flowfuse/node-red:$(get_latest_image_tag "4.0.x")"
 create_stack "NR-30x" "3.0.x" 30 256 "flowfuse/node-red:latest"
 create_stack "NR-31x" "3.1.x" 30 256 "flowfuse/node-red:$(get_latest_image_tag "3.1.x")"
 
@@ -211,22 +221,23 @@ curl -ks -w "\n" -XPOST \
                       "limit": 10
                   },
                   "features": {
-                       "shared-library": false,
-                       "projectComms": false,
+                       "shared-library": true,
+                       "projectComms": true,
                        "ha": false,
                        "teamHttpSecurity": false,
                        "customCatalogs": false,
                        "deviceGroups": false,
                        "emailAlerts": false,
                        "protectedInstance": false,
-                       "deviceAutoSnapshot": false,
+                       "deviceAutoSnapshot": true,
                        "instanceAutoSnapshot": false,
                        "editorLimits": false,
                        "fileStorageLimit": null,
                        "contextLimit": null,
                        "customHostnames":false,
                        "staticAssets":false,
-                       "teamBroker":false
+                       "teamBroker":false,
+                       "ffNodes": true
                   },
                   "instances": {
                       "'"$projectTypeId"'": {
@@ -254,7 +265,7 @@ curl -ks -w "\n" -XPOST \
                         "limit": 10
                     },
                     "features":{
-                        "ha":true,
+                        "ha":false,
                         "shared-library":true,
                         "projectComms":true,
                         "teamHttpSecurity":true,
@@ -267,11 +278,14 @@ curl -ks -w "\n" -XPOST \
                         "instanceAutoSnapshot":true,
                         "protectedInstance":true,
                         "editorLimits":true,
-                        "customHostnames":true,
+                        "customHostnames":false,
                         "staticAssets":true,
                         "projectHistory":true,
                         "teamBroker":true,
-                        "generatedSnapshotDescription":true
+                        "generatedSnapshotDescription":true,
+                        "assistantInlineCompletions": true,
+                        "npm": true,
+                        "ffNodes": true
                     },
                     "instances": {
                         "'"$projectTypeId"'": {
@@ -319,7 +333,13 @@ curl -ks -w "\n" -XPOST \
                         "teamBroker":true,
                         "gitIntegration": true,
                         "instanceResources":true,
-                        "generatedSnapshotDescription":true
+                        "generatedSnapshotDescription":true,
+                        "assistantInlineCompletions": true,
+                        "ffNodes": true,
+                        "rbacApplication": true,
+                        "npm": true,
+                        "ffNodes": true,
+                        "tables": true
                     },
                     "instances": {
                         "'"$projectTypeId"'": {

.github/trivy.yaml

@@ -22,7 +22,7 @@ pkg:
   types:
     - os
     - library
-
+  include-dev-deps: true
 
 format: "sarif"
 ignorefile: ".github/.trivyignore.yaml"

.github/workflows/branch-deploy.yaml

@@ -40,7 +40,7 @@ on:
       - 'docs/**'
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.number }}
+  group: ${{ github.workflow }}-${{ github.event.number || inputs.pr_number }}
   cancel-in-progress: false
 
 env:
@@ -55,7 +55,8 @@ jobs:
     runs-on: ubuntu-latest
     if: |
       (github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch') &&
-      github.actor != 'dependabot[bot]'
+      github.actor != 'dependabot[bot]' &&
+      !startsWith(github.head_ref, 'release-')
     outputs:
       is_org_member: ${{ steps.validate.outputs.is_member }}
     steps:
@@ -88,7 +89,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       inputs.driver_k8s_branch != 'main'
-    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.44.0'
+    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.48.0'
     with:
       package_name: driver-k8s
       publish_package: true
@@ -105,7 +106,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       inputs.nr_project_nodes_branch != 'main'
-    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.44.0'
+    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.48.0'
     with:
       package_name: nr-project-nodes
       publish_package: true
@@ -122,7 +123,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       inputs.nr_file_nodes_branch != 'main'
-    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.44.0'
+    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.48.0'
     with:
       package_name: nr-file-nodes
       publish_package: true
@@ -139,7 +140,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       inputs.nr_assistant_branch != 'main'
-    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.44.0'
+    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.48.0'
     with:
       package_name: nr-assistant
       publish_package: true
@@ -156,7 +157,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       inputs.nr_tables_nodes_branch != 'main'
-    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.44.0'
+    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.48.0'
     with:
       package_name: nr-tables-nodes
       publish_package: true
@@ -178,7 +179,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       (always() && inputs.nr_launcher_branch != 'main') || needs.publish_nr_project_nodes.result == 'success' || needs.publish_nr_file_nodes.result == 'success' || needs.publish_nr_assistant.result == 'success' || needs.publish_nr_tables_nodes.result == 'success'
-    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.44.0'
+    uses: 'flowfuse/github-actions-workflows/.github/workflows/publish_node_package.yml@v0.48.0'
     with:
       package_name: flowfuse-nr-launcher
       publish_package: true
@@ -202,7 +203,7 @@ jobs:
       needs.validate-user.outputs.is_org_member == 'true' &&
       github.event_name == 'workflow_dispatch' &&
       (always() && needs.publish_nr_launcher.result == 'success')
-    uses: flowfuse/github-actions-workflows/.github/workflows/build_container_image.yml@v0.43.0
+    uses: flowfuse/github-actions-workflows/.github/workflows/build_container_image.yml@v0.48.0
     with:
       image_name: 'node-red'
       dockerfile_path: Dockerfile
@@ -242,11 +243,11 @@ jobs:
           echo "timestamp=$(date +%s)" >> $GITHUB_ENV
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Configure AWS credentials for ECR interaction
         id: aws-config
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ env.AWS_ECR_PUSH_ROLE }}
           role-session-name: GithubActionsRoleSession
@@ -261,7 +262,7 @@ jobs:
           mask-password: true
 
       - name: Login to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -295,7 +296,7 @@ jobs:
       PR_NUMBER: ${{ github.event.number == '' && inputs.pr_number || github.event.number }}
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set variables
         run: | 
@@ -305,7 +306,7 @@ jobs:
         uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Set build-args if branch is not main
         id: set-build-args
@@ -359,15 +360,15 @@ jobs:
       id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set variables
         run: | 
           echo "tagged_image=${{ env.IMAGE_NAME }}:pr-${{ env.PR_NUMBER}}" >> $GITHUB_ENV
           echo "timestamp=$(date +%s)" >> $GITHUB_ENV
 
       - name: Download artifact
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
         with:
           name: k8s-forge
           path: /tmp
@@ -385,7 +386,7 @@ jobs:
 
       - name: Configure AWS credentials for ECR interaction
         id: aws-config
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ env.AWS_ECR_PUSH_ROLE }}
           role-session-name: GithubActionsRoleSession
@@ -405,7 +406,7 @@ jobs:
           docker push ${{ steps.aws-config.outputs.aws-account-id }}.dkr.ecr.eu-west-1.amazonaws.com/flowforge/${{ env.tagged_image }}-${{ env.timestamp }}
 
       - name: Configure AWS credentials for EKS interaction
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ env.AWS_EKS_DEPLOY_ROLE }}
           role-session-name: GithubActionsRoleSessio
@@ -417,12 +418,12 @@ jobs:
           aws eks update-kubeconfig --region eu-west-1 --name ${{ secrets.EKS_CLUSTER_NAME }}
 
       - name: Install 1Password CLI
-        uses: 1password/install-cli-action@f5d505685ccf986ef535da41cd180792c8ac3a36 # v2.0.1
+        uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2
         with:
           version: 2.25.0
 
       - name: Check out FlowFuse/helm repository (to access latest helm chart)
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           repository: 'FlowFuse/helm'
           ref: 'main'
@@ -459,14 +460,17 @@ jobs:
             --set forge.email.ses.sourceArn=arn:aws:ses:eu-west-1:${{ secrets.AWS_ACCOUNT_ID }}:identity/flowfuse.com \
             --set forge.assistant.service.url=$(op read op://ci/staging_flowfuse/assistant_url) \
             --set forge.assistant.service.token=$(op read op://ci/staging_flowfuse/assistant_token) \
-            --set forge.expert.service.url=$(op read op://ci/staging_flowfuse/expert_url) \
-            --set forge.expert.service.token=$(op read op://ci/staging_flowfuse/expert_token) \
+            --set forge.expert.service.url=$(op read op://ci/prestaging_flowfuse/expert_url) \
+            --set forge.expert.service.token=$(op read op://ci/prestaging_flowfuse/expert_token) \
+            --set forge.tables.driver.options.database.user=$(op read op://ci/prestaging_flowfuse/local_postgres_admin_username) \
+            --set forge.tables.driver.options.database.password=$(op read op://ci/prestaging_flowfuse/local_postgres_admin_password) \
+            --set forge.tables.driver.options.database.host=flowfuse-pr-${{ env.PR_NUMBER }}-postgresql.pr-${{ env.PR_NUMBER }}.svc.cluster.local \
             flowfuse-pr-${{ env.PR_NUMBER }} ./helm-repo/helm/flowfuse
 
       - name: Initial setup
         if: ${{ env.initialSetup == 'true' }}
         run: |
-          ./.github/scripts/initial-setup.sh ${{ env.PR_NUMBER }} ${{ secrets.INIT_CONFIG_PASSWORD_HASH }} ${{ secrets.INIT_CONFIG_ACCESS_TOKEN_HASH }} ${{ secrets.INIT_CONFIG_ACCESS_TOKEN }} ${{ secrets.INIT_CONFIG_PASSWORD }}
+          ./.github/scripts/initial-setup.sh ${{ env.PR_NUMBER }} ${{ secrets.INIT_CONFIG_PASSWORD_HASH }} ${{ secrets.INIT_CONFIG_ACCESS_TOKEN_HASH }} ${{ secrets.INIT_CONFIG_ACCESS_TOKEN }} ${{ secrets.INIT_CONFIG_PASSWORD }} ${{ secrets.PRE_STAGING_FLOWFUSE_NODES_TOKEN }}
           
       - name: Summary
         run: |
@@ -533,11 +537,13 @@ jobs:
 
     - name: Post to a Slack channel
       id: slack
-      uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
+      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
       with:
-        channel-id: 'C067BD0377F'
+        method: 'chat.postMessage'
+        token: ${{ secrets.SLACK_GHBOT_TOKEN }}
         payload: |
           {
+            "channel": "C067BD0377F",
             "blocks": [
               {
                 "type": "header",
@@ -591,7 +597,6 @@ jobs:
         PR_TEXT: |
           *Pull Request:*
           <https://github.com/FlowFuse/flowfuse/pull/${{ env.PR_NUMBER }}|${{ github.event.pull_request.title }}>
-        SLACK_BOT_TOKEN: ${{ secrets.SLACK_GHBOT_TOKEN }}
         GRAFANA_URL: ${{ secrets.STAGING_GRAFANA_URL }}
 
 
@@ -612,7 +617,7 @@ jobs:
       id-token: write
     steps:
       - name: Configure AWS credentials for EKS interaction
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ env.AWS_EKS_DEPLOY_ROLE }}
           role-session-name: GithubActionsRoleSession

.github/workflows/check-migrations.yml

@@ -11,7 +11,7 @@ jobs:
   run:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0

.github/workflows/docs.yml

@@ -13,9 +13,9 @@ jobs:
     name: Test Documentation links
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup Node
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version: '18'
       - name: Install Dependencies
@@ -27,11 +27,11 @@ jobs:
     name: Test Documentation with website
     steps:
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           path: 'flowfuse'
       - name: Check out website repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           repository: 'FlowFuse/website'
           path: 'website'
@@ -42,18 +42,18 @@ jobs:
           app_id: ${{ secrets.GH_BOT_APP_ID }}
           private_key: ${{ secrets.GH_BOT_APP_KEY }}
       - name: Check out FlowFuse/blueprint-library repository (to access the blueprints)
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           repository: 'FlowFuse/blueprint-library'
           ref: main
           path: 'blueprint-library'
           token: ${{ steps.generate_token.outputs.token }}
       - name: Cache image pipeline output
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           key: img-pipeline-cache
           path: website/_site/img         
-      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           cache: 'npm'
           cache-dependency-path: './website/package-lock.json'