@HrushikeshAnandSarangi has signed the CLA in windmill-labs/windmill#8739

.devcontainer/Dockerfile

@@ -1,42 +0,0 @@
-FROM python:3.10-slim-bullseye as nsjail
-
-WORKDIR /nsjail
-
-RUN apt-get -y update \
-    && apt-get install -y \
-    bison \
-    flex \
-    g++ \
-    gcc \
-    git \
-    libprotobuf-dev \
-    libnl-route-3-dev \
-    make \
-    pkg-config \
-    protobuf-compiler \
-    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
-
-RUN git clone -b master --single-branch https://github.com/google/nsjail.git . \
-    && git checkout dccf911fd2659e7b08ce9507c25b2b38ec2c5800
-RUN make
-
-FROM mcr.microsoft.com/vscode/devcontainers/rust:bullseye as rust-deps
-
-RUN cargo install sqlx-cli --no-default-features --features native-tls,postgres 
-RUN cargo install deno --locked
-
-FROM mcr.microsoft.com/vscode/devcontainers/rust:bullseye
-
-RUN apt update \
-    && apt-get install -y \
-    lld \
-    python3 \
-    libprotobuf-dev \ 
-    libnl-route-3-dev \
-    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
-
-USER vscode
-
-COPY --from=rust-deps /usr/local/cargo/bin/sqlx /usr/local/cargo/bin/sqlx
-COPY --from=rust-deps /usr/local/cargo/bin/deno /usr/local/cargo/bin/deno
-COPY --from=nsjail /nsjail/nsjail /bin/nsjail

.devcontainer/docker-compose.yml

@@ -1,25 +0,0 @@
-version: '3.7'
-services:
-  windmill:
-    build:
-      context: .
-      dockerfile: .devcontainer/Dockerfile
-    # image: mcr.microsoft.com/vscode/devcontainers/rust:bullseye
-    environment:
-      - DENO_PATH=/usr/local/cargo/bin/deno
-      - PYTHON_PATH=/usr/bin/python3
-      - NSJAIL_PATH=/bin/nsjail
-    volumes:
-      - .:/workspace:cached
-      - ~/.ssh:/home/vscode/.ssh:ro
-
-    command: /bin/sh -c "while sleep 1000; do :; done"
- 
-
-  front:
-    image: mcr.microsoft.com/vscode/devcontainers/typescript-node:16
-    volumes:
-      - .:/workspace:cached
-      - ~/.ssh:/home/node/.ssh:ro
-
-    command: /bin/sh -c "while sleep 1000; do :; done"

.env

@@ -1,2 +1,2 @@
+SITE_URL=localhost
 DB_PASSWORD=changeme
-WM_BASE_URL=localhost

.github/CODEOWNERS

@@ -1,4 +0,0 @@
-*       @rubenfiszel
-
-/community/ @fatonramadani @rubenfiszel
-/frontend/ @fatonramadani @rubenfiszel

.github/DockerfileBackendTests

@@ -1,66 +0,0 @@
-FROM python:3.10-slim-buster as nsjail
-
-WORKDIR /nsjail
-
-RUN apt-get -y update \
-    && apt-get install -y \
-    bison=2:3.3.* \
-    flex=2.6.* \
-    g++=4:8.3.* \
-    gcc=4:8.3.* \
-    git=1:2.20.* \
-    libprotobuf-dev=3.6.* \
-    libnl-route-3-dev=3.4.* \
-    make=4.2.* \
-    pkg-config=0.29-6 \
-    protobuf-compiler=3.6.*
-
-RUN git clone -b master --single-branch https://github.com/google/nsjail.git . \
-    && git checkout dccf911fd2659e7b08ce9507c25b2b38ec2c5800
-RUN make
-
-
-FROM rust:slim-buster as builder
-
-RUN apt-get update && apt-get install -y git libssl-dev pkg-config
-
-RUN apt-get -y update \
-    && apt-get install -y \
-    curl lld
-
-ENV SQLX_OFFLINE=true
-
-
-RUN mkdir -p /frontend/build
-RUN apt-get update \
-    && apt-get install -y ca-certificates tzdata libpq5 \
-    make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev \
-    libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libxml2-dev \
-    libxmlsec1-dev libffi-dev liblzma-dev mecab-ipadic-utf8 libgdbm-dev libc6-dev git libprotobuf-dev=3.6.* libnl-route-3-dev=3.4.* \
-    libv8-dev tesseract-ocr nodejs npm\
-    && rm -rf /var/lib/apt/lists/*
-
-RUN wget https://golang.org/dl/go1.19.1.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.19.1.linux-amd64.tar.gz
-ENV PATH="${PATH}:/usr/local/go/bin"
-ENV GO_PATH=/usr/local/go/bin/go
-
-ENV TZ=Etc/UTC
-
-ENV PYTHON_VERSION 3.10.4
-
-RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz \
-    && tar -xf Python-${PYTHON_VERSION}.tgz && cd Python-${PYTHON_VERSION}/ && ./configure --enable-optimizations \
-    && make -j 4 && make install
-
-RUN /usr/local/bin/python3 -m pip install pip-tools
-RUN /usr/local/bin/python3 -m pip install nltk
-RUN mkdir -p /nsjail_data/python && HOME=/nsjail_data/python /usr/local/bin/python3 -m nltk.downloader vader_lexicon
-
-COPY --from=nsjail /nsjail/nsjail /bin/nsjail
-
-COPY --from=denoland/deno:latest /usr/bin/deno /usr/bin/deno
-
-RUN apt-get update \
-    && apt-get install -y postgresql-client --allow-unauthenticated
-
-RUN rustup component add rustfmt

.github/DockerfilePypiBuilder

@@ -1,7 +0,0 @@
-FROM nikolaik/python-nodejs:python3.11-nodejs19
-
-RUN python3 -m pip install pipx poetry
-RUN python3 -m pipx ensurepath
-ENV PATH="/root/.local/bin:${PATH}"
-ENV PATH="/usr/local/bin:${PATH}"
-RUN pipx install openapi-python-client==0.11.6 --include-deps

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,62 +0,0 @@
-name: Bug report
-description: Create a report to help us improve.
-title: 'bug:'
-labels: 'bug'
-assignees: 'rubenfiszel'
-body:
-  - type: textarea
-    id: description
-    attributes:
-      label: Describe the bug
-      description: A clear and concise description of what the bug is.
-    validations:
-      required: true
-  - type: textarea
-    id: reproduction-steps
-    attributes:
-      label: To reproduce
-      description: Steps to reproduce the behavior
-      value: |
-        1. Go to '...'
-        2. Click on '....'
-        3. Scroll down to '....'
-        4. See error
-    validations:
-      required: true
-  - type: textarea
-    id: expected-behaviour
-    attributes:
-      label: Expected behavior
-      placeholder: A clear and concise description of what you expected to happen.
-    validations:
-      required: true
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      placeholder: If applicable, add screenshots to help explain your problem.
-    validations:
-      required: false
-  - type: input
-    id: browser
-    attributes:
-      label: Browser information
-      description: Which browser are you using? Which version? 
-      placeholder: e.g. Chromium Version 92.0.4515.131
-    validations:
-      required: false
-  - type: input
-    id: version
-    attributes:
-      label: Application version
-      description: 'Go on the left menu -> <user> -> User Settings and copy the printed version in "Running windmill version (backend): XXX".'
-      placeholder: e.g.  windmill version (backend) v1.35.0-63-ga85302c
-    validations:
-      required: false
-  - type: textarea
-    id: additional-context
-    attributes:
-      label: Additional Context
-      description: Add any other context about the problem here.
-    validations:
-      required: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,8 +0,0 @@
----
-name: Feature Request
-about: Create a feature request
-title: 'feature: '
-labels: 'feature'
-assignees: 'rubenfiszel'
-
----

.github/change-versions.sh

@@ -4,17 +4,13 @@ VERSION=$1
 echo "Updating versions to: $VERSION"
 
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" backend/Cargo.toml
-sed -i -e "/^const VERSION =/s/= .*/= \"v$VERSION\";/" cli/main.ts
-sed -i -e "/version: /s/: .*/: $VERSION/" backend/windmill-api/openapi.yaml
-sed -i -e "/version: /s/: .*/: $VERSION/" openflow.openapi.yaml
+sed -i -e "/version: /s/: .*/: $VERSION/" backend/openapi.yaml
 sed -i -e "/\"version\": /s/: .*,/: \"$VERSION\",/" frontend/package.json
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" python-client/wmill/pyproject.toml
 sed -i -e "/^windmill-api =/s/= .*/= \"\\^$VERSION\"/" python-client/wmill/pyproject.toml
 sed -i -e "/^version =/s/= .*/= \"$VERSION\"/" python-client/wmill_pg/pyproject.toml
-# sed -i -e "/^wmill =/s/= .*/= \"\\^$VERSION\"/" python-client/wmill_pg/pyproject.toml
-sed -i -e "/^wmill =/s/= .*/= \">=$VERSION\"/" lsp/Pipfile
-sed -i -e "/^wmill_pg =/s/= .*/= \">=$VERSION\"/" lsp/Pipfile
+sed -i -e "/^wmill =/s/= .*/= \"\\^$VERSION\"/" python-client/wmill_pg/pyproject.toml
+sed -i -e "/^wmill =/s/= .*/= \">=$VERSION\"/" Pipfile
+sed -i -e "/^wmill_pg =/s/= .*/= \">=$VERSION\"/" Pipfile
 
 sed -i -zE "s/name = \"windmill\"\nversion = \"[^\"]*\"\\n(.*)/name = \"windmill\"\nversion = \"$VERSION\"\\n\\1/" backend/Cargo.lock
-
-cd frontend && npm i --package-lock-only

.github/dependabot.yml

@@ -1,39 +0,0 @@
-# Basic set up for three package managers
-
-version: 2
-updates:
-  # Maintain dependencies for GitHub Actions
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-
-  # Maintain dependencies for npm
-  - package-ecosystem: "npm"
-    directory: "/frontend"
-    schedule:
-      interval: "weekly"
-
-  # Maintain dependencies for cargo
-  - package-ecosystem: "cargo"
-    directory: "/backend"
-    schedule:
-      interval: "weekly"
-
-  # Maintain dependencies for Docker
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-
-  # Maintain dependencies for wmill python client
-  - package-ecosystem: "pip"
-    directory: "/python-client/wmill"
-    schedule:
-      interval: "weekly"
-      
-  # Maintain dependencies for wmill_pg python client
-  - package-ecosystem: "pip"
-    directory: "/python-client/wmill_pg"
-    schedule:
-      interval: "weekly"

.github/pull_hub_items.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-RT=$(curl -s https://hub.windmill.dev/resource_types/list | jq -c -r '.[]')
-for item in ${RT[@]}; do
-    name=$(jq -r '.name' <<< "$item")
-    id=$(jq -r '.id' <<< "$item")
-    echo $name $id 
-    body=$(curl -s -H "accept: application/json" https://hub.windmill.dev/resource_types/${id}/${name})
-    jq -r '.resource_type.schema' <<< "$body" > ./tmp
-    description=$(jq -r '.resource_type.description' <<< "$body")
-    description=$(echo -E $description)
-    echo "{\"workspace_id\": \"admins\", \"name\": \"$name\", \"schema\": $(cat ./tmp), \"description\": \"$description\"} " | jq . > community/resource_types/${name}.json
-    rm ./tmp
-done

.github/uffizzi/caddy/Caddyfile

@@ -1,5 +0,0 @@
-localhost {
-        bind 0.0.0.0
-        reverse_proxy /ws/* http://0.0.0.0:3001
-        reverse_proxy /* http://0.0.0.0:8000
-}

.github/uffizzi/docker-compose.uffizzi.yml

@@ -1,53 +0,0 @@
-version: '3.7'
-
-x-uffizzi:
-  ingress:
-    service: windmill
-    port: 8000
-
-services:
-  db:
-    image: postgres:14
-    environment:
-      POSTGRES_PASSWORD: changeme
-      POSTGRES_DB: windmill
-
-  windmill:
-    image: '${WINDMILL_IMAGE}'
-    ports:
-      - 8000:8000
-    entrypoint: ['/bin/sh', '-c']
-    command: 'echo ${OAUTH_JSON_BASE64} | base64 --decode > /usr/src/app/oauth.json && ./windmill'
-    environment:
-      - DATABASE_URL=postgres://postgres:changeme@localhost/windmill?sslmode=disable
-      - BASE_URL=${EXPECTED_URL}
-      - BASE_INTERNAL_URL=http://localhost:8000
-      - RUST_LOG=info
-      - NUM_WORKERS=3
-      - KEEP_JOB_DIR=false
-      - DENO_PATH=/usr/bin/deno
-      - PYTHON_PATH=/usr/local/bin/python3
-      - METRICS_ADDR=false
-      - OAUTH_JSON_BASE64=${OAUTH_JSON_BASE64}
-    volumes:
-      - worker_dependency_cache:/tmp/windmill/cache
-    deploy:
-      resources:
-        limits:
-          memory: 250M
-
-  lsp:
-    image: '${LSP_IMAGE}'
-    ports:
-      - 3001:3001
-
-  # caddy:
-  #   image: caddy:2.5.2-alpine
-  #   restart: unless-stopped
-  #   volumes:
-  #     - ./.github/uffizzi/caddy:/etc/caddy
-  #   environment:
-  #     - BASE_URL=localhost
-
-volumes:
-  worker_dependency_cache:

.github/workflows/automerge-dependabot.yml

@@ -1,26 +0,0 @@
-name: dependabot auto-merge
-
-on: pull_request_target
-
-permissions:
-  contents: read
-  pull-requests: read
-
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.3.6
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' ||  steps.metadata.outputs.update-type == 'version-update:semver-minor'
-        run: |
-          echo ${{ secrets.RUBEN_PAT }} | gh auth login --with-token
-          gh pr review --approve "$PR_URL"
-          gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}

.github/workflows/backend-test.yml

@@ -1,43 +0,0 @@
-name: Backend only integration tests
-
-on:
-  push:
-    branches:
-      - "main"
-    paths:
-      - "backend/**"
-      - ".github/workflows/backend-test.yml"
-  pull_request:
-    types: [opened, synchronize, reopened]
-    paths:
-      - "backend/**"
-      - ".github/workflows/backend-test.yml"
-
-jobs:
-  cargo_test:
-    runs-on: [self-hosted, new]
-    container:
-      image: ghcr.io/windmill-labs/backend-tests
-      options: --privileged
-    services:
-      postgres:
-        image: postgres
-        env:
-          POSTGRES_DB: windmill
-          POSTGRES_PASSWORD: changeme
-
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-    steps:
-      - uses: actions/checkout@v3
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: |
-            backend
-            backend -> target
-      - name: cargo test
-        timeout-minutes: 10
-        run: mkdir frontend/build && cd backend && touch windmill-api/openapi-deref.yaml && DATABASE_URL=postgres://postgres:changeme@postgres:5432/windmill DISABLE_NSJAIL=false cargo test --all -- --nocapture

.github/workflows/change-versions.yml

@@ -7,15 +7,8 @@ on:
 jobs:
   change_version:
     runs-on: ubuntu-latest
-    container: node:18
     steps:
-      - uses: actions/checkout@v3
-      - run: git config --system --add safe.directory /__w/windmill/windmill
+      - uses: actions/checkout@v2
       - name: Change versions
         run: ./.github/change-versions.sh "$(cat version.txt)"
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-      - name: update lockfile
-        run: cd backend && cargo generate-lockfile
       - uses: stefanzweifel/git-auto-commit-action@v4

.github/workflows/deno_on_release.yml

@@ -1,48 +0,0 @@
-name: Publish deno-client
-on:
-  push:
-    tags:
-      - "v*"
-env:
-  repo: windmill-deno-client
-
-jobs:
-  build_deno_and_push_to_repo:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: generate_deno
-        run: |
-          cd deno-client
-          rm .gitignore
-          ./build.sh
-      - name: Pushes to another repository
-        id: push_directory
-        uses: cpina/github-action-push-to-another-repository@devel
-        env:
-          API_TOKEN_GITHUB: ${{ secrets.DENO_PAT }}
-        with:
-          source-directory: deno-client/
-          destination-github-username: ${{ github.repository_owner }}
-          destination-repository-name: ${{ env.repo }}
-          user-email: ruben@windmill.dev
-          commit-message: See ORIGIN_COMMIT from $GITHUB_REF
-          target-branch: main
-
-  tag_repo:
-    needs: [build_deno_and_push_to_repo]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          repository: ${{ github.repository_owner }}/${{ env.repo }}
-          token: ${{ secrets.DENO_PAT }}
-          path: ./client
-
-      - name: Push client
-        run: |
-          cd ./client
-          git config --global user.email "ruben@windmill.dev"
-          git config --global user.name "rubenfiszel[bot]"
-          git tag -a ${{ github.ref_name }} -m "${{ github.ref_name }}"
-          git push --tags

.github/workflows/deploy_to_windmill.yml

@@ -0,0 +1,20 @@
+name: Deploy to windmill.dev
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "community/*"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Deploy to windmill.dev
+        uses: windmill-labs/windmill-gh-action-deploy@v1.0.0
+        with:
+          dry_run: false
+          input_dir: community
+          windmill_workspace: starter
+          windmill_token: ${{ secrets.WINDMILL_API_TOKEN }}

.github/workflows/docker-310.yml

@@ -1,47 +0,0 @@
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
-name: Build and push windmill with python 3.10 and openbb
-on: workflow_dispatch
-
-concurrency:
-  group: ${{ github.ref }}-openbb
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-  id-token: write
-  packages: write
-  
-jobs:
-  build_ee:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      # - name: Set up Docker Buildx
-      #   uses: docker/setup-buildx-action@v2
-
-      - uses: depot/setup-action@v1
-
-      - name: Login to registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push publicly ee
-        uses: depot/build-push-action@v1
-        with:
-          context: .
-          push: true
-          file: ./docker/DockerfileOpenbb
-          build-args: |
-            features=enterprise
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee:openbb
-          labels: |
-            org.opencontainers.image.licenses=Windmill-Enterprise-License

.github/workflows/docker-image-arm.yml.archived

@@ -1,60 +0,0 @@
-# env:
-#   REGISTRY: ghcr.io
-#   IMAGE_NAME: ${{ github.repository }}
-
-# name: Build and push arm docker image
-# on:
-#   push:
-#     branches: [main]
-#     tags: ["*"]
-
-# concurrency:
-#   group: ${{ github.ref }}-arm
-#   cancel-in-progress: true
-
-# permissions:
-#   contents: read
-#   id-token: write
-#   packages: write
-
-# jobs:
-#   publish_arm:
-#     runs-on: ubuntu-22.04
-#     steps:
-#       - uses: actions/checkout@v3
-#         with:
-#           fetch-depth: 0
-
-#       - uses: depot/setup-action@v1
-
-#       - name: Docker meta
-#         id: meta-slim-public
-#         uses: docker/metadata-action@v4
-#         with:
-#           images: |
-#             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-#           tags: |
-#             type=ref,event=branch
-#             type=ref,event=pr
-#             type=semver,pattern={{version}}
-#             type=semver,pattern={{major}}.{{minor}}
-
-#       - name: Login to registry
-#         uses: docker/login-action@v2
-#         with:
-#           registry: ${{ env.REGISTRY }}
-#           username: ${{ github.actor }}
-#           password: ${{ secrets.GITHUB_TOKEN }}
-
-#       - name: Build and push publicly
-#         uses: depot/build-push-action@v1
-#         with:
-#           context: .
-#           push: true
-#           platforms: linux/amd64,linux/arm64
-#           tags: |
-#             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-#             ${{ steps.meta-slim-public.outputs.tags }}
-#           labels: |
-#             ${{ steps.meta-slim-public.outputs.labels }}
-#             org.opencontainers.image.licenses=AGPLv3

.github/workflows/docker-image.yml

@@ -1,7 +1,6 @@
 env:
   LOCAL_REGISTRY: registry.wimill.xyz
   REGISTRY: ghcr.io
-  ECR_REGISTRY: 976079455550.dkr.ecr.us-east-1.amazonaws.com
   IMAGE_NAME: ${{ github.repository }}
 
 name: Build and push docker image
@@ -9,226 +8,61 @@ on:
   push:
     branches: [main]
     tags: ["*"]
+  pull_request:
+    types: [opened, synchronize, reopened]
 
 concurrency:
   group: ${{ github.ref }}
   cancel-in-progress: true
 
-permissions:
-  contents: read
-  id-token: write
-  packages: write
-  
 jobs:
   build:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      # - name: Set up Docker Buildx
-      #   uses: docker/setup-buildx-action@v2
-      - uses: depot/setup-action@v1
-
-      - name: Login to registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker meta
-        id: meta-public
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-
-
-      - name: Build and push publicly
-        uses: depot/build-push-action@v1
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-            ${{ steps.meta-public.outputs.tags }}
-          labels: |
-            ${{ steps.meta-public.outputs.labels }}
-            org.opencontainers.image.licenses=AGPLv3
-   
-  build_ee:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      # - name: Set up Docker Buildx
-      #   uses: docker/setup-buildx-action@v2
-
-      - uses: depot/setup-action@v1
-
-      - name: Docker meta
-        id: meta-ee-public
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-
-      - name: Login to registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push publicly ee
-        uses: depot/build-push-action@v1
-        with:
-          context: .
-          push: true
-          build-args: |
-            features=enterprise
-            nsjail=true
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-ee:latest
-            ${{ steps.meta-ee-public.outputs.tags }}
-          labels: |
-            ${{ steps.meta-ee-public.outputs.labels }}
-            org.opencontainers.image.licenses=Windmill-Enterprise-License
-
-  # disabled until we make it 100% reliable and add more meaningful tests
-  # playwright:
-  #   runs-on: [self-hosted, new]
-  #   needs: [build]
-  #   services:
-  #     postgres:
-  #       image: postgres
-  #       env:
-  #         POSTGRES_DB: windmill
-  #         POSTGRES_USER: admin
-  #         POSTGRES_PASSWORD: changeme
-  #       ports:
-  #         - 5432:5432
-  #       options: >-
-  #         --health-cmd pg_isready
-  #         --health-interval 10s
-  #         --health-timeout 5s
-  #         --health-retries 5
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - name: "Docker"
-  #       run: echo "::set-output name=id::$(docker run --network=host --rm -d -p 8000:8000 --privileged -it -e DATABASE_URL=postgres://admin:changeme@localhost:5432/windmill -e BASE_INTERNAL_URL=http://localhost:8000 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest)"
-  #       id: docker-container
-  #     - uses: actions/setup-node@v3
-  #       with:
-  #         node-version: 16
-  #     - name: "Playwright run"
-  #       timeout-minutes: 2
-  #       run: cd frontend && npm ci @playwright/test && npx playwright install && export BASE_URL=http://localhost:8000 && npm run test
-  #     - name: "Clean up"
-  #       run: docker kill ${{ steps.docker-container.outputs.id }}
-  #       if: always()
-
-
-  publish_privately_heavy:
-    needs: [build_ee]
     runs-on: [self-hosted, new]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
         with:
           fetch-depth: 0
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-
-      - name: Docker meta
-        id: meta-heavy
+      - name: Docker meta local
+        id: metalocal
         uses: docker/metadata-action@v4
         with:
-          images: |
-            ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.LOCAL_REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
-            type=sha
 
-      - name: Login to ECR
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
         with:
-          registry: ${{ env.ECR_REGISTRY }}
-          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
 
       - name: Login to registry
+        if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and push privately
-        uses: docker/build-push-action@v4
-        if: github.event_name != 'pull_request'
+      - name: Build and push
+        uses: docker/build-push-action@v3
         with:
           context: .
-          push: true
-          file: ./docker/DockerfileHeavy
+          push: ${{ github.event_name != 'pull_request' }}
           tags: |
-            ${{ steps.meta-heavy.outputs.tags }}
-          labels: ${{ steps.meta-heavy.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.LOCAL_REGISTRY }}/${{ env.IMAGE_NAME }}-heavy:buildcache
-          cache-to: type=registry,ref=${{ env.LOCAL_REGISTRY }}/${{ env.IMAGE_NAME }}-heavy:buildcache,mode=max
+            ${{ steps.metalocal.outputs.tags }}
+            ${{ steps.meta.outputs.tags }}
 
-  publish_privately_helm:
-    runs-on: [self-hosted, new]
-    needs: [build_ee]
-    if: github.event_name != 'pull_request'
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
- 
-
-      - name: Login to registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Login to ECR
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.ECR_REGISTRY }}
-          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          
-      - name: Build and push privately
-        uses: docker/build-push-action@v4
-        if: github.event_name != 'pull_request'
-        with:
-          context: .
-          push: true
-          file: ./docker/DockerfileHelm
-          tags: |
-            ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:helm
-          cache-from: type=registry,ref=${{ env.LOCAL_REGISTRY }}/${{ env.IMAGE_NAME }}-helm:buildcache
-          cache-to: type=registry,ref=${{ env.LOCAL_REGISTRY }}/${{ env.IMAGE_NAME }}-helm:buildcache,mode=max
+          labels: ${{ steps.metalocal.outputs.labels }}
+          cache-from: type=registry,ref=registry.wimill.xyz/windmilllabs/windmill:buildcache
+          cache-to: type=registry,ref=registry.wimill.xyz/windmilllabs/windmill:buildcache,mode=max

.github/workflows/frontend-check.yml

@@ -1,17 +0,0 @@
-name: check frontend build
-on:
-  pull_request:
-    types: [opened,synchronize,reopened,closed]
-    paths:
-      - "frontend/**"
-jobs:
-  npm_check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-      - name: "npm check"
-        timeout-minutes: 2
-        run: cd frontend && npm ci && npm run generate-backend-client && npm run check

.github/workflows/go_on_release.yml

@@ -1,53 +0,0 @@
-name: Publish go-client
-on:
-  push:
-    tags:
-      - "v*"
-  workflow_dispatch:
-
-env:
-  repo: windmill-go-client
-
-jobs:
-  build_go_and_push_to_repo:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-      - name: generate_go
-        run: |
-          go install github.com/deepmap/oapi-codegen/cmd/oapi-codegen@v1.11.0
-          cd go-client
-          rm .gitignore
-          ./build.sh
-          go build
-      - name: Pushes to another repository
-        id: push_directory
-        uses: cpina/github-action-push-to-another-repository@devel
-        env:
-          API_TOKEN_GITHUB: ${{ secrets.DENO_PAT }}
-        with:
-          source-directory: go-client/
-          destination-github-username: ${{ github.repository_owner }}
-          destination-repository-name: ${{ env.repo }}
-          user-email: ruben@windmill.dev
-          commit-message: See ORIGIN_COMMIT from $GITHUB_REF
-          target-branch: main
-
-  tag_repo:
-    needs: [build_go_and_push_to_repo]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          repository: ${{ github.repository_owner }}/${{ env.repo }}
-          token: ${{ secrets.DENO_PAT }}
-          path: ./client
-
-      - name: Push client
-        run: |
-          cd ./client
-          git config --global user.email "ruben@windmill.dev"
-          git config --global user.name "rubenfiszel[bot]"
-          git tag -a ${{ github.ref_name }} -m "${{ github.ref_name }}"
-          git push --tags

.github/workflows/lsp_on_release.yml

@@ -0,0 +1,37 @@
+name: Publish LSP Server
+on:
+  push:
+    branches: [main]
+    paths:
+      - "python-client/*W"
+      - "lsp/*"
+    tags:
+      - "*"
+jobs:
+  build:
+    runs-on: [self-hosted, new]
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Docker meta local
+        id: metalocal
+        uses: docker/metadata-action@v4
+        with:
+          images: registry.wimill.xyz/windmilllabs/lsp
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: "{{defaultContext}}:lsp"
+          push: true
+          tags: ${{ steps.metalocal.outputs.tags }}
+          labels: ${{ steps.metalocal.outputs.labels }}
+          cache-from: type=registry,ref=registry.wimill.xyz/windmilllabs/lsp:buildcache
+          cache-to: type=registry,ref=registry.wimill.xyz/windmilllabs/lsp:buildcache,mode=max

.github/workflows/pypi_on_release.yml

@@ -1,80 +1,19 @@
-env:
-  REGISTRY: ghcr.io
-  ECR_REGISTRY: 976079455550.dkr.ecr.us-east-1.amazonaws.com
-  IMAGE_NAME: ${{ github.repository }}-lsp
-
 name: Publish python-client
 on:
   push:
     tags:
       - "v*"
-  workflow_dispatch:
 
 jobs:
-  publish_pypi:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/windmill-labs/python-client-builder
+  build_lsp:
+    runs-on: [self-hosted, new]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - name: Upload python client
         env:
           PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
         run: |
           cd python-client
+          export PATH=$PATH:/usr/local/bin
+          export PATH=$PATH:/root/.local/bin
           ./publish.sh
-
-  publish_lsp:
-    needs: [publish_pypi]
-    runs-on: [self-hosted, new]
-    steps:
-      - name: Sleep for 30 seconds waiting for pypi to update index
-        run: sleep 30s
-        shell: bash
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-            ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-
-      - name: Login to registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Login to ECR
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.ECR_REGISTRY }}
-          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
-      - name: Build and push publicly
-        uses: docker/build-push-action@v4
-        with:
-          context: "{{defaultContext}}:lsp"
-          push: true
-          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-            ${{ env.ECR_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-            ${{ steps.metalocal.outputs.tags }}
-            ${{ steps.meta.outputs.tags }}
-            registry.uffizzi.com/windmill-lsp:60d
-          labels: ${{ steps.metalocal.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
-          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max

.github/workflows/release-please.yml

@@ -8,7 +8,7 @@ jobs:
     name: "Release please"
     runs-on: ubuntu-latest
     steps:
-      - uses: GoogleCloudPlatform/release-please-action@v3
+      - uses: GoogleCloudPlatform/release-please-action@v2
         with:
           release-type: simple
           package-name: windmill

.github/workflows/sign-cla.yml

@@ -12,7 +12,7 @@ jobs:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
         # Beta Release
-        uses: cla-assistant/github-action@v2.2.1
+        uses: cla-assistant/github-action@v2.1.3-beta
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_PAT }}

.github/workflows/uffizzi-build.yml.archived

@@ -1,93 +0,0 @@
-name: Build PR Image
-on:
-  pull_request:
-    types: [opened,synchronize,reopened,closed]
-    paths:
-      - "backend/**"
-      - ".github/uffizzi/**"
-      - ".github/workflows/**"
-  workflow_dispatch:
-      
-jobs:
-  build-windmill:
-    name: Build and Push `windmill`
-    runs-on: ubuntu-latest
-    if: ${{ (github.event_name != 'pull_request' || github.event.action != 'closed')}}
-    outputs:
-      tags: ${{ steps.meta.outputs.tags }}
-    steps:
-      - name: Checkout git repo
-        uses: actions/checkout@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Generate UUID image name
-        id: uuid
-        run: echo "UUID_TAG_APP=$(uuidgen)" >> $GITHUB_ENV
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: registry.uffizzi.com/${{ env.UUID_TAG_APP }}
-          tags: type=raw,value=60d
-      - name: Build and Push Image to registry.uffizzi.com ephemeral registry
-        uses: docker/build-push-action@v4
-        with:
-          push: true
-          context: ./
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-
-  render-compose-file:
-    name: Render Docker Compose File
-    # Pass output of this workflow to another triggered by `workflow_run` event.
-    runs-on: ubuntu-latest
-    needs:
-      - build-windmill
-    outputs:
-      compose-file-cache-key: ${{ steps.hash.outputs.hash }}
-    steps:
-      - name: Checkout git repo
-        uses: actions/checkout@v3
-      - name: Render Compose File
-        run: |
-          WINDMILL_IMAGE=${{ needs.build-windmill.outputs.tags }}
-          export WINDMILL_IMAGE
-          LSP_IMAGE=registry.uffizzi.com/windmill-lsp:60d
-          export LSP_IMAGE
-          envsubst '${WINDMILL_IMAGE} ${LSP_IMAGE}' < ./.github/uffizzi/docker-compose.uffizzi.yml > docker-compose.rendered.yml
-          cat docker-compose.rendered.yml
-      - name: Upload Rendered Compose File as Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: preview-spec
-          path: docker-compose.rendered.yml
-          retention-days: 2
-      - name: Serialize PR Event to File
-        run:  |
-          cat << EOF > event.json
-          ${{ toJSON(github.event) }}
-          EOF
-      - name: Upload PR Event as Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: preview-spec
-          path: event.json
-          retention-days: 2
-
-  delete-preview:
-    name: Call for Preview Deletion
-    runs-on: ubuntu-latest
-    if: ${{ github.event.action == 'closed' }}
-    steps:
-      # If this PR is closing, we will not render a compose file nor pass it to the next workflow.
-      - name: Serialize PR Event to File
-        run: echo '${{ toJSON(github.event) }}' > event.json
-      - name: Upload PR Event as Artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: preview-spec
-          path: event.json
-          retention-days: 2

.github/workflows/uffizzi-preview.yml.archived

@@ -1,115 +0,0 @@
-name: Deploy Uffizzi Preview
-
-on:
-  workflow_run:
-    workflows:
-      - "Build PR Image"
-    types:
-      - completed
-
-jobs:
-  cache-compose-file:
-    name: Cache Compose File
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    outputs:
-      compose-file-cache-key: ${{ env.COMPOSE_FILE_HASH }}
-      pr-number: ${{ env.PR_NUMBER }}
-    steps:
-      - name: 'Download artifacts'
-        # Fetch output (zip archive) from the workflow run that triggered this workflow.
-        uses: actions/github-script@v6
-        with:
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id,
-            });
-            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "preview-spec"
-            })[0];
-            if (matchArtifact === undefined) {
-              throw TypeError('Build Artifact not found!');
-            }
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/preview-spec.zip`, Buffer.from(download.data));
-      - name: 'Unzip artifact'
-        run: unzip preview-spec.zip
-      - name: Read Event into ENV
-        run: |
-          echo 'EVENT_JSON<<EOF' >> $GITHUB_ENV
-          cat event.json >> $GITHUB_ENV
-          echo 'EOF' >> $GITHUB_ENV
-      - name: Read PR Number From Event Object
-        id: pr
-        run: echo "PR_NUMBER=${{ fromJSON(env.EVENT_JSON).number }}" >> $GITHUB_ENV
-      - name: Predict Deployment URL
-        id: url
-        # Replace dots in the repo name with the plus sign
-        run: |
-          REPO=$(echo ${{ github.repository }} | sed 's/\./+/g')
-          echo "EXPECTED_URL=https://app.uffizzi.com/github.com/$REPO/pull/$PR_NUMBER" >> $GITHUB_ENV
-
-      - name: Re-Render Compose File
-        run: |
-          OAUTH_JSON_BASE64=${{ secrets.OAUTH_JSON_BASE64 }}
-          export OAUTH_JSON_BASE64
-          envsubst '${OAUTH_JSON_BASE64} ${EXPECTED_URL}' < docker-compose.rendered.yml > docker-compose.uffizzi.yml
-          # cat docker-compose.uffizzi.yml
-
-      - name: Hash Rendered Compose File
-        id: hash
-        # If the previous workflow was triggered by a PR close event, we will not have a compose file artifact.
-        if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
-        run: echo "COMPOSE_FILE_HASH=$(md5sum docker-compose.uffizzi.yml | awk '{ print $1 }')" >> $GITHUB_ENV
-      - name: Cache Rendered Compose File
-        if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
-        uses: actions/cache@v3
-        with:
-          path: docker-compose.uffizzi.yml
-          key: ${{ env.COMPOSE_FILE_HASH }}
-
-      - name: DEBUG - Print Job Outputs
-        if: ${{ runner.debug }}
-        run: |
-          echo "PR number: ${{ env.PR_NUMBER }}"
-          echo "Compose file hash: ${{ env.COMPOSE_FILE_HASH }}"
-          cat event.json
-
-  deploy-uffizzi-preview:
-    name: Use Remote Workflow to Preview on Uffizzi
-    needs:
-      - cache-compose-file
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
-    uses: UffizziCloud/preview-action/.github/workflows/reusable.yaml@v2
-    with:
-      # If this workflow was triggered by a PR close event, cache-key will be an empty string
-      # and this reusable workflow will delete the preview deployment.
-      compose-file-cache-key: ${{ needs.cache-compose-file.outputs.compose-file-cache-key }}
-      compose-file-cache-path: docker-compose.uffizzi.yml
-      server: https://app.uffizzi.com
-      pr-number: ${{ needs.cache-compose-file.outputs.pr-number }}
-    permissions:
-      contents: read
-      pull-requests: write
-      id-token: write
-
-  playwright:
-    runs-on: ubuntu-latest
-    needs:
-      - deploy-uffizzi-preview
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - name: "Playwright run"
-        timeout-minutes: 2
-        run: cd frontend && npm ci @playwright/test && npx playwright install && export BASE_URL=${{ needs.deploy-uffizzi-preview.outputs.url }} && npm run test

.gitignore

@@ -1,7 +1,5 @@
 target/
 .DS_Store
-nohup.out
 local/
 frontend/src/routes/test.svelte
 CaddyfileRemoteMalo
-*.swp

.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-  "python.analysis.typeCheckingMode": "basic"
-}

CLA.md

@@ -2,8 +2,8 @@
 
 ## Individual Contributor Non-Exclusive License Agreement
 
-Thank you for your interest in contributing to Windmill Labs, Inc's Windmill
-("We" or "Us").
+Thank you for your interest in contributing to Ruben Fiszel's Windmill ("We" or
+"Us").
 
 The purpose of this contributor agreement ("Agreement") is to clarify and
 document the rights granted by contributors to Us.

Caddyfile

@@ -1,15 +1,4 @@
-{
-        auto_https off
-}
-
-http://{$BASE_URL} {
-        bind {$ADDRESS}
-        reverse_proxy /ws/* http://lsp:3001
-        reverse_proxy /* http://windmill_server:8000
-}
-
-https://{$BASE_URL}  {  
-  bind {$ADDRESS}
+{$SITE_URL} {  
   bind {$ADDRESS}
-}
+  reverse_proxy /* windmill:8000
 }

Dockerfile

@@ -1,10 +1,8 @@
-FROM debian:buster-slim as nsjail
+FROM python:3.10-slim-buster as nsjail
 
 WORKDIR /nsjail
 
-ARG nsjail=""
-
-RUN  if [ "$nsjail" = "true" ]; then apt-get -y update \
+RUN apt-get -y update \
     && apt-get install -y \
     bison=2:3.3.* \
     flex=2.6.* \
@@ -15,31 +13,13 @@ RUN  if [ "$nsjail" = "true" ]; then apt-get -y update \
     libnl-route-3-dev=3.4.* \
     make=4.2.* \
     pkg-config=0.29-6 \
-    protobuf-compiler=3.6.*; fi
+    protobuf-compiler=3.6.*
 
+RUN git clone -b master --single-branch https://github.com/google/nsjail.git . \
+    && git checkout dccf911fd2659e7b08ce9507c25b2b38ec2c5800
+RUN make
 
-RUN if [ "$nsjail" = "true" ]; then git clone -b master --single-branch https://github.com/google/nsjail.git . \
-    && git checkout dccf911fd2659e7b08ce9507c25b2b38ec2c5800; fi
-RUN if [ "$nsjail" = "true" ]; then make; else touch nsjail; fi
-
-FROM rust:slim-buster AS rust_base
-
-RUN apt-get update && apt-get install -y git libssl-dev pkg-config npm
-
-RUN apt-get -y update \
-    && apt-get install -y \
-    curl lld nodejs npm
-
-RUN rustup component add rustfmt
-
-RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef 
-
-WORKDIR /windmill
-
-ENV SQLX_OFFLINE=true
-ENV CARGO_INCREMENTAL=1
-
-FROM node:19-alpine as frontend
+FROM mhart/alpine-node:14 as frontend
 
 # install dependencies
 WORKDIR /frontend
@@ -49,91 +29,67 @@ RUN npm ci
 # Copy all local files into the image.
 COPY frontend .
 RUN mkdir /backend
-COPY /backend/windmill-api/openapi.yaml /backend/windmill-api/openapi.yaml
-COPY /openflow.openapi.yaml /openflow.openapi.yaml
-COPY /backend/windmill-api/build_openapi.sh /backend/windmill-api/build_openapi.sh
-RUN cd /backend/windmill-api && . ./build_openapi.sh
-
+COPY /backend/openapi.yaml /backend/openapi.yaml
 RUN npm run generate-backend-client
-ENV NODE_OPTIONS "--max-old-space-size=8192"
 RUN npm run build
-RUN npm run check
+
+FROM rust:slim-buster as builder
+
+RUN apt-get update && apt-get install -y git libssl-dev pkg-config
+
+RUN USER=root cargo new --bin windmill
+WORKDIR /windmill
+
+COPY ./backend/Cargo.toml .
+COPY ./backend/Cargo.lock .
+COPY ./backend/.cargo/ .cargo/
+
+RUN apt-get -y update \
+    && apt-get install -y \
+    curl
+
+ENV CARGO_INCREMENTAL=1
+
+RUN cargo build --release
+RUN rm src/*.rs
+
+RUN rm ./target/release/deps/windmill*
+ENV SQLX_OFFLINE=true
+
+ADD ./backend ./
+ADD ./nsjail /nsjail
+
+COPY --from=1 /frontend /frontend
+ADD .git/ .git/
+
+RUN cargo build --release
 
 
-
-FROM rust_base AS planner
-
-COPY ./openflow.openapi.yaml /openflow.openapi.yaml
-COPY ./backend ./
-
-RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo chef prepare --recipe-path recipe.json
-
-FROM rust_base AS builder
-ARG features=""
-
-COPY --from=planner /windmill/recipe.json recipe.json
-
-RUN CARGO_NET_GIT_FETCH_WITH_CLI=true RUST_BACKTRACE=1 cargo chef cook --release --features "$features" --recipe-path recipe.json
-
-COPY ./openflow.openapi.yaml /openflow.openapi.yaml
-COPY ./backend ./
-
-COPY --from=frontend /frontend /frontend
-COPY --from=frontend /backend/windmill-api/openapi-deref.yaml ./windmill-api/openapi-deref.yaml
-COPY .git/ .git/
-
-RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo build --release --features "$features"
-
-
-FROM python:3.11.2-slim-buster
-ARG TARGETPLATFORM
-
+FROM debian:buster-slim
 ARG APP=/usr/src/app
 
 RUN apt-get update \
-    && apt-get install -y ca-certificates wget curl git jq libprotobuf-dev libnl-route-3-dev unzip \
-    && apt-get install -y ca-certificates wget curl git jq libprotobuf-dev libnl-route-3-dev unzip build-essential \
+    && apt-get install -y ca-certificates tzdata libpq5 python3 python3-pip \
+    make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev \
+    libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libxml2-dev \
+    libxmlsec1-dev libffi-dev liblzma-dev mecab-ipadic-utf8 libgdbm-dev libc6-dev git libprotobuf-dev=3.6.* libnl-route-3-dev=3.4.* \
+    libv8-dev \
     && rm -rf /var/lib/apt/lists/*
 
-RUN arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
-    curl -o rclone.zip "https://downloads.rclone.org/v1.60.1/rclone-v1.60.1-linux-$arch.zip"; \
-    unzip -p rclone.zip rclone-v1.60.1-linux-$arch/rclone > /usr/bin/rclone; rm rclone.zip; \
-    chown root:root /usr/bin/rclone; chmod 755 /usr/bin/rclone
-
-RUN set -eux; \
-    arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
-    url=; \
-    case "$arch" in \
-    'amd64') \
-    targz='go1.19.3.linux-amd64.tar.gz'; \
-    ;; \
-    'arm64') \
-    targz='go1.19.3.linux-arm64.tar.gz'; \
-    ;; \
-    'armhf') \
-    targz='go1.19.3.linux-armv6l.tar.gz'; \
-    ;; \
-    *) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
-    esac; \
-    wget "https://golang.org/dl/$targz" -nv && tar -C /usr/local -xzf "$targz" && rm "$targz";
-
-ENV PATH="${PATH}:/usr/local/go/bin"
-ENV GO_PATH=/usr/local/go/bin/go
-
 ENV TZ=Etc/UTC
 
-RUN /usr/local/bin/python3 -m pip install pip-tools
+ENV PYTHON_VERSION 3.10.4
+
+RUN wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz \
+    && tar -xf Python-${PYTHON_VERSION}.tgz && cd Python-${PYTHON_VERSION}/ && ./configure --enable-optimizations \
+    && make -j 4 && make install
+
+RUN python3 -m pip install pip-tools
 
 COPY --from=builder /windmill/target/release/windmill ${APP}/windmill
 
 COPY --from=nsjail /nsjail/nsjail /bin/nsjail
 
-COPY --from=denoland/deno:latest /usr/bin/deno /usr/bin/deno
-
-# docker does not support conditional COPY and we want to use the same Dockerfile for both amd64 and arm64 and privilege the official image
-COPY --from=lukechannings/deno:latest /usr/bin/deno /usr/bin/deno-arm
-RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then rm /usr/bin/deno-arm; elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then mv /usr/bin/deno-arm /usr/bin/deno; fi
-
 RUN mkdir -p ${APP}
 
 WORKDIR ${APP}

LICENSE

@@ -2,15 +2,11 @@
 Source code in this repository is variously licensed under the Apache License
 Version 2.0 (see file ./LICENSE-APACHE),or the AGPLv3 License (see file ./LICENSE-AGPL)
 
-Every file is under copyright (c) Windmill Labs, Inc 2022 unless otherwise specified.
+Every file is under copyright (c) Ruben Fiszel 2021 unless otherwise specified.
 Every file is under License AGPL unless otherwise specified 
 or belonging to one of the below cases:
 
 The files under backend/ are AGPL Licensed.
 The files under frontend/ are AGPL Licensed.
-The files under python-client/ deno-client/ go-client/ are Apache 2.0 Licensed.
-
-The openapi files, including the OpenFlow spec is Apache 2.0 Licensed.
-
-All third party components incorporated into the Windmill Software are licensed under the
-original license provided by the owner of the applicable component.
+The files under python-client/ are Apache 2.0 Licensed.
+The files under community/ are Apache 2.0 Licensed.

LICENSE-APACHE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2022 Windmill Labs, Inc
+   Copyright 2021 Ruben Fiszel
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NOTICE

@@ -1,4 +1,6 @@
-Copyright (c) 2022  Windmill Labs, Inc
+Ruben Fiszel
+
+Copyright (c) 2021  Ruben Fiszel
 
 Source code in this repository is variously licensed under the Apache License
 Version 2.0 or the GNU Affero General Public License. Please see

README.md

@@ -1,13 +1,9 @@
 <p align="center">
-  <a href="https://app.windmill.dev"><img src="./imgs/windmill-banner.png" alt="windmill.dev"></a>
+  <a href="https://app.windmill.dev"><img src="./imgs/windmill.svg" alt="windmill.dev"></a>
 </p>
 <p align="center">
-    <em>.</em>
+    <em>Windmill.dev is an OSS developer platform to quickly build production-grade multi-steps automations and internal apps from minimal Python and Typescript scripts.</em>
 </p>
-<p align=center>
-Open-source developer infrastructure for internal tools. Self-hostable alternative to Airplane, Pipedream, Superblocks and a simplified Temporal with autogenerated UIs to trigger workflows and scripts as internal apps. Scripts are turned into UIs and no-code modules, no-code modules can be composed into very rich flows, and script and flows can be triggered from internal UIs made with a low-code builder. The script languages supported are: Python, Typescript, Go, Bash, SQL.
-</p>
-
 <p align="center">
 <a href="https://github.com/windmill-labs/windmill/actions/workflows/docker-image.yml" target="_blank">
     <img src="https://github.com/windmill-labs/windmill/actions/workflows/docker-image.yml/badge.svg" alt="Docker Image CI">
@@ -20,352 +16,112 @@ Open-source developer infrastructure for internal tools. Self-hostable alternati
 </a>
 </p>
 
+---
+
+**Join the alpha (personal workspaces are free forever)**:
+<https://app.windmill.dev>
+
+**Documentation**: <https://docs.windmill.dev>
+
+**Discord**: <https://discord.gg/V7PM2YHsPB>
+
+**We are hiring**: Software Engineers, DevOps, Solutions Engineers, Growth:
+<https://docs.windmill.dev/hiring>
+
+You can show your support for the project by starring this repo.
+
+---
+
+# Windmill
+
 <p align="center">
-  <a href="https://app.windmill.dev">Try it</a> - <a href="https://docs.windmill.dev/docs/intro/">Docs</a> - <a href="https://discord.gg/V7PM2YHsPB">Discord</a> - <a href="https://hub.windmill.dev">Hub</a> - <a href="https://docs.windmill.dev/docs/misc/contributing">Contributor's guide</a>
+<b>Disclaimer: </b>Windmill is in <b>BETA</b>. It is secure to run in production but the API might change,
+especially concerning flows.
 </p>
 
-# Windmill - Turn scripts into workflows and UIs that you can share and run at scale
+![Windmill Screenshot](./imgs/windmill.webp)
 
-Windmill is <b>fully open-sourced (AGPLv3)</b> and Windmill Labs offers dedicated instance and commercial support and licenses.
+Windmill is <b>fully open-sourced</b>:
 
-![Windmill Diagram](/imgs/stacks.svg)
+- `community/` and `python-client/` are Apache 2.0
+- backend, frontend and everything else under AGPLv3.
 
-https://user-images.githubusercontent.com/275584/218350457-bc2fdc3b-e667-4da5-a2bd-3bacc1f0ec79.mp4
+## What is the general idea behind Windmill
 
-- [Windmill - Turn scripts into workflows and UIs that you can share and run at scale](#windmill---turn-scripts-into-workflows-and-uis-that-you-can-share-and-run-at-scale)
-  - [Main Concepts](#main-concepts)
-  - [Show me some actual script code](#show-me-some-actual-script-code)
-  - [CLI](#cli)
-    - [Running scripts locally](#running-scripts-locally)
-  - [Stack](#stack)
-  - [Security](#security)
-    - [Sandboxing](#sandboxing)
-    - [Secrets, credentials and sensitive values](#secrets-credentials-and-sensitive-values)
-  - [Performance](#performance)
-  - [Architecture](#architecture)
-  - [How to self-host](#how-to-self-host)
-    - [Docker compose](#docker-compose)
-    - [Kubernetes (k8s) and Helm charts](#kubernetes-k8s-and-helm-charts)
-    - [Postgres without superuser](#postgres-without-superuser)
-    - [Commercial license](#commercial-license)
-    - [OAuth for self-hosting](#oauth-for-self-hosting)
-    - [Resource types](#resource-types)
-  - [Environment Variables](#environment-variables)
-  - [Run a local dev setup](#run-a-local-dev-setup)
-    - [only Frontend](#only-frontend)
-    - [Backend + Frontend](#backend--frontend)
-  - [Contributors](#contributors)
-  - [Copyright](#copyright)
+1. Define a minimal and generic script in Python or Typescript that solve a
+   specific task. Here sending an email with SMTP. The code can be defined in
+   the provided Web IDE or synchronized with your own github repo:
+   ![Step 1](./imgs/step1.png)
 
-## Main Concepts
-
-1. Define a minimal and generic script in Python, Typescript, Go or Bash that
-   solves a specific task. Here sending an email with SMTP. The code can be
-   defined in the provided Web IDE or synchronized with your own github repo:
-   ![Step 1](./imgs/windmill-editor.png)
-
-2. Your scripts parameters are automatically parsed and generate a frontend.
-   ![Step 2](./imgs/windmill-run.png) ![Step 3](./imgs/windmill-result.png)
+2. Your scripts parameters are automatically parsed and generate a frontend. You
+   can narrow down the types during task definition to specify regex for string,
+   an enum or a specific format for objects. Each script correspond to an app by
+   itself: ![Step 2](./imgs/step2.png)
 
 3. Make it flow! You can chain your scripts or scripts made by the community
-   shared on [WindmillHub](https://hub.windmill.dev).
-   ![Step 4](./imgs/windmill-flow.png)
+   inside flow by piping output to input using "Dynamic" fields that are just
+   plain Javascript. You can also refer to external variables, output from any
+   steps or inputs of the flow itself. The flow parameters then generate
+   automatically an intuitive forms that can be triggered by anyone, like for
+   scripts. ![Step 3](./imgs/step3.png)
 
-4. Build complex UI on top of your scripts and flows.
-   ![Step 5](./imgs/windmill-builder.png)
+## Layout
 
-Scripts and flows can also be triggered by a cron schedule '*/5 * * * *' or
-through webhooks.
-
-You can build your entire infra on top of Windmill!
-
-## Show me some actual script code
-
-```typescript
-import * as wmill from "https://deno.land/x/windmill@v1.62.0/mod.ts"
-//import any dependency  from npm
-
-import cowsay from 'npm:cowsay@1.5.0'
-
-export async function main(
-    a: number,
-    // unions generate enums
-    b: "my" | "enum",
-    // default parameters prefill the field 
-    d = "default arg",
-    // nested objects work c = { nested: "object" }, 
-    // permissioned and typed json
-    db: wmill.Resource<"postgresql">) {
-
-    const email = Deno.env.get('WM_EMAIL')
-    // variables are permissioned and by path
-    let variable = await wmill.getVariable('f/company-folder/my_secret')
-    const lastTimeRun = await wmill.getState()
-    // logs are printed and always inspectable
-    console.log(cowsay.say({ text: "hello " + email + " " + lastTimeRun }))
-    await wmill.setState(Date.now())
-
-    // return is serialized as JSON
-    return { foo: d, variable };
-}
-```
-
-## CLI
-
-We have a powerful CLI to interact with the windmill platform and sync your
-scripts from local files, github repos and to run scripts and flows on the instance from local commands. See
-[more details](https://github.com/windmill-labs/windmill/tree/main/cli)
-
-![CLI Screencast](./cli/vhs/output/setup.gif)
-
-
-### Running scripts locally
-
-You can run your script locally easily, you simply need to pass the right environment variables for the `wmill` client library to fetch resource and variables from your instance if necessary. See more: <https://docs.windmill.dev/docs/advanced/local_development/>
+- `backend/`: The whole Rust backend
+- `frontend`: The whole Svelte frontend
+- `community/`: Scripts and resource types created and curated by the community,
+  included in every workspace
+- `lsp/`: The lsp asssistant for the monaco editor
+- `nsjail/`: The nsjail configuration files for sandboxing of the scripts'
+  execution
+- `python-client/`: The wmill python client used within scripts to interact with
+  the windmill platform
 
 ## Stack
 
-- Postgres as the database
-- backend in Rust with the following highly-available and horizontally scalable
+- postgres as the database
+- backend in Rust with the follwing highly-available and horizontally scalable
   architecture:
   - stateless API backend
-  - workers that pull jobs from a queue in Postgres (and later, Kafka or Redis.
-    Upvote [#173](#https://github.com/windmill-labs/windmill/issues/173) if
-    interested )
-- frontend in Svelte
-- scripts executions are sandboxed using google's
-  [nsjail](https://github.com/google/nsjail)
-- javascript runtime is the
-  [deno_core rust library](https://denolib.gitbook.io/guide/) (which itself uses
-  the [rusty_v8](https://github.com/denoland/rusty_v8) and hence V8 underneath)
+  - workers that pull jobs from a queue
+- frontend in svelte
+- scripts executions are sandboxed using google's nsjail
+- javascript runtime is deno_core rust library (which itself uses the rusty_v8
+  and hence V8 underneath)
 - typescript runtime is deno
 - python runtime is python3
-- golang runtime is 1.19.1
 
-## Security
+### Development stack
 
-### Sandboxing
-
-Windmill uses [nsjail](https://github.com/google/nsjail) on top of the deno
-sandboxing. It is production multi-tenant grade secure. Do not take our word for
-it, take [fly.io's one](https://fly.io/blog/sandboxing-and-workload-isolation/)
-
-### Secrets, credentials and sensitive values
-
-There is one encryption key per workspace to encrypt the credentials and secrets
-stored in Windmill's K/V store.
-
-In addition, we strongly recommend that you encrypt the whole Postgres database.
-That is what we do at <https://app.windmill.dev>.
-
-## Performance
-
-Once a job started, there is no overhead compared to running the same script on
-the node with its corresponding runner (Deno/Go/Python/Bash). The added latency
-from a job being pulled from the queue, started, and then having its result sent
-back to the database is ~50ms. A typical lightweight deno job will take around
-100ms total.
+- caddy is the reverse proxy used for local development, see frontend's
+  Caddyfile and CaddyfileRemote
 
 ## Architecture
 
-<p align="center">
-
-<img src="./imgs/diagram.svg">
-
-</p>
+![Architecture](./imgs/architecture.svg)
 
 ## How to self-host
 
-We only provide docker-compose setup here. For more advanced setups, like
-compiling from source or using without a postgres super user, see
-[documentation](https://docs.windmill.dev/docs/advanced/self_host)
-
-### Docker compose
-
-`docker compose up` with the following docker-compose is sufficient:
-<https://github.com/windmill-labs/windmill/blob/main/docker-compose.yml>
-
-Go to http://localhost et voilà :)
-
+`docker volume create caddy_data && docker-compose up` with the following
+docker-compose is sufficient:
+<https://github.com/windmill-labs/windmill-server/blob/main/docker-compose.yml>
 
 The default super-admin user is: admin@windmill.dev / changeme
 
 From there, you can create other users (do not forget to change the password!)
 
-### Kubernetes (k8s) and Helm charts
-
-We publish helm charts at:
-<https://github.com/windmill-labs/windmill-helm-charts>
-
-### Postgres without superuser
-
-If you do not want, or cannot (for instance, in AWS Aurora or Cloud sql) use a postgres superuser,
-you can run `./init-db-as-superuser.sql` to init the required users for windmill.
-
-
-### Commercial license
-
-To self-host Windmill, you must respect the terms of the AGPLv3 license which
-you do not need to worry about for personal uses. For business uses, you should
-be fine if you do not re-expose it in any way Windmill to your users and are
-comfortable with AGPLv3.
-
-To re-expose any Windmill parts to your users as a feature of your product, or
-to build a feature on top of Windmill, to comply with AGPLv3 your product must
-be AGPLv3 or you must get a commercial license. Contact us at
-<ruben@windmill.dev> if you have any doubts.
-
-In addition, a commercial license grants you a dedicated engineer to transition
-your current infrastructure to Windmill, support with tight SLA, audit logs
-export features, SSO, unlimited users creation, advanced permission managing
-features such as groups and the ability to create more than one workspace.
-
-### OAuth for self-hosting
-
-To get the same oauth integrations as Windmill Cloud, mount `oauth.json` with
-the following format:
-
-```json
-{
-  "<client>": {
-    "id": "<CLIENT_ID>",
-    "secret": "<CLIENT_SECRET>",
-    "allowed_domains": ["windmill.dev"] //restrict a client OAuth login to some domains
-  }
-}
-```
-
-and mount it at `/usr/src/app/oauth.json`.
-
-The redirect url for the oauth clients is:
-`<instance_url>/user/login_callback/<client>`
-
-[The list of all possible "connect an app" oauth clients](https://github.com/windmill-labs/windmill/blob/main/backend/oauth_connect.json)
-
-To add more "connect an app" OAuth clients to the Windmill project, read the
-[Contributor's guide](https://docs.windmill.dev/docs/misc/contributing). We
-welcome contributions!
-
-You may also add your own custom OAuth2 IdP and OAuth2 Resource provider:
-
-```json
-{
-  "<client>": {
-    "id": "<CLIENT_ID>",
-    "secret": "<CLIENT_SECRET>",
-    // To add a new OAuth2 IdP
-    "login_config": {
-      "auth_url": "<auth_endpoint>",
-      "token_url": "<token_endpoint>",
-      "userinfo_url": "<userinfo endpoint>",
-      "scopes": ["scope1", "scope2"],
-      "extra_params": "<if_needed>"
-    },
-    // To add a new OAuth2 Resource
-    "connect_config": {
-      "auth_url": "<auth_endpoint>",
-      "token_url": "<token_endpoint>",
-      "scopes": ["scope1", "scope2"],
-      "extra_params": "<if_needed>"
-    }
-  }
-}
-```
-
-### Resource types
-
-You will also want to import all the approved resource types from
-[WindmillHub](https://hub.windmill.dev). A setup script will prompt
-you to have it being synced automatically everyday.
-
-## Environment Variables
-
-| Environment Variable name | Default                | Description                                                                                                                                                                                        | Api Server/Worker/All |
-| ------------------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
-| DATABASE_URL              |                        | The Postgres database url.                                                                                                                                                                         | All                   |
-| DISABLE_NSJAIL            | true                   | Disable Nsjail Sandboxing                                                                                                                                                                          | Worker                |
-| SERVER_BIND_ADDR          | 0.0.0.0                | IP Address on which to bind listening socket                                                                                                                                                       | Server                |
-| PORT                      | 8000                   | Exposed port                                                                                                                                                                                       | Server                |  |
-| NUM_WORKERS               | 3                      | The number of worker per Worker instance (set to 1 on Eks to have 1 pod = 1 worker, set to 0 for an API only instance)                                                                             | Worker                |
-| DISABLE_SERVER            | false                  | Binary would operate as a worker only instance                                                                                                                                                     | Worker                |
-| METRICS_ADDR              | None                   | The socket addr at which to expose Prometheus metrics at the /metrics path. Set to "true" to expose it on port 8001                                                                                | All                   |
-| JSON_FMT                  | false                  | Output the logs in json format instead of logfmt                                                                                                                                                   | All                   |
-| BASE_URL                  | http://localhost:8000  | The base url that is exposed publicly to access your instance                                                                                                                                      | Server                |
-| BASE_INTERNAL_URL         | http://localhost:8000  | The base url that is reachable by your workers to talk to the Servers. This help avoiding going through the external load balancer for VPC-internal requests.                                      | Worker                |
-| TIMEOUT                   | 300                    | The timeout in seconds for the execution of a script                                                                                                                                               | Worker                |
-| SLEEP_QUEUE               | 50                     | The number of ms to sleep in between the last check for new jobs in the DB. It is multiplied by NUM_WORKERS such that in average, for one worker instance, there is one pull every SLEEP_QUEUE ms. | Worker                |
-| MAX_LOG_SIZE              | 500000                 | The maximum number of characters a job can emit (log + result)                                                                                                                                     | Worker                |
-| DISABLE_NUSER             | false                  | If Nsjail is enabled, disable the nsjail's `clone_newuser` setting                                                                                                                                 | Worker                |
-| KEEP_JOB_DIR              | false                  | Keep the job directory after the job is done. Useful for debugging.                                                                                                                                | Worker                |
-| LICENSE_KEY (EE only)     | None                   | License key checked at startup for the Enterprise Edition of Windmill                                                                                                                              | Worker                |
-| S3_CACHE_BUCKET (EE only) | None                   | The S3 bucket to sync the cache of the workers to                                                                                                                                                  | Worker                |
-| TAR_CACHE_RATE (EE only)  | 100                    | The rate at which to tar the cache of the workers. 100 means every 100th job in average (uniformly randomly distributed).                                                                          | Worker                |
-| SLACK_SIGNING_SECRET      | None                   | The signing secret of your Slack app. See [Slack documentation](https://api.slack.com/authentication/verifying-requests-from-slack)                                                                | Server                |
-| COOKIE_DOMAIN             | None                   | The domain of the cookie. If not set, the cookie will be set by the browser based on the full origin                                                                                               | Server                |  |
-| DENO_PATH                 | /usr/bin/deno          | The path to the deno binary.                                                                                                                                                                       | Worker                |
-| PYTHON_PATH               | /usr/local/bin/python3 | The path to the python binary.                                                                                                                                                                     | Worker                |
-| GO_PATH                   | /usr/bin/go            | The path to the go binary.                                                                                                                                                                         | Worker                |
-| PIP_INDEX_URL             | None                   | The index url to pass for pip.                                                                                                                                                                     | Worker                |
-| PIP_EXTRA_INDEX_URL       | None                   | The extra index url to pass to pip.                                                                                                                                                                | Worker                |
-| PIP_TRUSTED_HOST          | None                   | The trusted host to pass to pip.                                                                                                                                                                   | Worker                |
-| PATH                      | None                   | The path environment variable, usually inherited                                                                                                                                                   | Worker                |
-| HOME                      | None                   | The home directory to use for Go and Bash , usually inherited                                                                                                                                      | Worker                |
-| DATABASE_CONNECTIONS      | 50 (Server)/3 (Worker) | The max number of connections in the database connection pool                                                                                                                                      | All                   |
-| SUPERADMIN_SECRET         | None                   | A token that would let the caller act as a virtual superadmin superadmin@windmill.dev                                                                                                              | Server                |
-| TIMEOUT_WAIT_RESULT       | 20                     | The number of seconds to wait before timeout on the 'run_wait_result' endpoint                                                                                                                     | Worker                |
-| QUEUE_LIMIT_WAIT_RESULT   | None                   | The number of max jobs in the queue before rejecting immediately the request in 'run_wait_result' endpoint. Takes precedence on the query arg. If none is specified, there are no limit.           | Worker                |
-| DENO_AUTH_TOKENS          | None                   | Custom DENO_AUTH_TOKENS to pass to worker to allow the use of private modules                                                                                                                      | Worker                |
-| DENO_FLAGS                | None                   | Override the flags passed to deno (default --allow-all) to tighten permissions. Minimum permissions needed are "--allow-read=args.json --allow-write=result.json"                                  | Worker                |
-| PIP_LOCAL_DEPENDENCIES    | None                   | Specify dependencies that are installed locally and do not need to be solved nor installed again                                                                                                   |                       |
-| ADDITIONAL_PYTHON_PATHS   | None                   | Specify python paths (separated by a :) to be appended to the PYTHONPATH of the python jobs. To be used with PIP_LOCAL_DEPENDENCIES to use python codebases within Windmill                        | Worker                |
-| INCLUDE_HEADERS           | None                   | Whitelist of headers that are passed to jobs as args (separated by a comma)                                                                                                                        | Server                |
-| WHITELIST_WORKSPACES      | None                   | Whitelist of workspaces this worker takes job from                                                                                                                                                 | Worker                |
-| BLACKLIST_WORKSPACES      | None                   | Blacklist of workspaces this worker takes job from                                                                                                                                                 | Worker                |
-| NEW_USER_WEBHOOK          | None                   | Webhook to notify of a new user added, signup/invite. Can hook back to windmill to send emails                                                                                                     | Server                |
-
-## Run a local dev setup
-
-### only Frontend
-
-This will use the backend of <https://app.windmill.dev> but your own frontend
-with hot-code reloading.
-
-1. Install [caddy](https://caddyserver.com)
-2. Go to `frontend/`:
-   1. `npm install`, `npm run generate-backend-client` then `npm run dev`
-   2. In another shell `sudo caddy run --config CaddyfileRemote`
-3. Et voilà, windmill should be available at `http://localhost/`
-
-### Backend + Frontend
-
-See the [./frontend/README_DEV.md](./frontend/README_DEV.md) file for all
-running options.
-
-1. Create a Postgres Database for Windmill and create an admin role inside your
-   Postgres setup. The easiest way to get a working postgres is running
-   `cargo install sqlx-cli && sqlx migrate run`. This will also avoid compile
-   time issue with sqlx's `query!` macro
-2. Install [nsjail](https://github.com/google/nsjail) and have it accessible in
-   your PATH
-3. Install deno and python3, have the bins at `/usr/bin/deno` and
-   `/usr/local/bin/python3`
-4. Install [caddy](https://caddyserver.com)
-5. Install the [lld linker](https://lld.llvm.org/)
-6. Go to `frontend/`:
-   1. `npm install`, `npm run generate-backend-client` then `npm run dev`
-   2. In another shell `npm run build` otherwise the backend will not find the
-      `frontend/build` folder and will crash
-   3. In another shell `sudo caddy run --config Caddyfile`
-7. Go to `backend/`:
-   `DATABASE_URL=<DATABASE_URL_TO_YOUR_WINDMILL_DB> RUST_LOG=info cargo run`
-8. Et voilà, windmill should be available at `http://localhost/`
-
-## Contributors
-
-<a href="https://github.com/windmill-labs/windmill/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=windmill-labs/windmill" />
-</a>
+Detailed instructions for more complex deployments will come soon. For simpler
+docker based ones, the docker-compose.yml file contains all the necessary
+informations.
 
 ## Copyright
 
-Windmill Labs, Inc 2023
+2021 [Ruben Fiszel](https://github.com/rubenfiszel)
+
+### Acknowledgement
+
+This project is inspired from a previous project called
+[Delightool](https://github.com/windmill-labs/delightool-legacy) which was also
+led by [Ruben](https://github.com/rubenfiszel) and with large contribution on
+the frontend from [Malo Marrec](https://github.com/malomarrec) who gave his
+blessing to Windmill.

backend/.cargo/config

@@ -0,0 +1,3 @@
+[build]
+rustflags = ["--cfg", "tokio_unstable"]
+incremental = true

backend/.cargo/config.toml

@@ -1,10 +0,0 @@
-[build]
-rustflags = [
-    "--cfg",
-    "tokio_unstable",
-    "-C",
-    "link-arg=-fuse-ld=lld",
-    "-Clink-arg=-Wl,--no-rosegment",
-]
-incremental = true
-

backend/.devcontainer.json

@@ -1,27 +0,0 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/docker-existing-docker-compose
-// If you want to run as a non-root user in the container, see .devcontainer/docker-compose.yml.
-{
-	"name": "Backend Container",
-	"dockerComposeFile": [
-		"../docker-compose.yml",
-		"../.devcontainer/docker-compose.yml"
-	],
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"rust-lang.rust-analyzer",
-				"yzhang.markdown-all-in-one"
-			]
-		}
-	},
-	"service": "windmill",
-	"workspaceFolder": "/workspace",
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	"forwardPorts": [
-		8000
-	],
-	// "postCreateCommand": "sudo apt-get update && sudo apt-get install -y lld python3 && cargo install sqlx-cli --no-default-features --features native-tls,postgres && (cd backend && sqlx migrate run) && cargo install deno --locked && rustup toolchain install nightly-2022-05-23 -c rust-src -c rustc-dev -c llvm-tools-preview",
-	"postCreateCommand": "cd backend && sqlx migrate run",
-	"remoteUser": "vscode"
-}

backend/.gitattributes

@@ -1 +0,0 @@
-sqlx-data.json -diff

backend/.gitignore

@@ -1,4 +1,2 @@
 target/
 .env
-oauth.json
-windmill-api/openapi-deref.yaml

backend/.vscode/settings.json

@@ -1,3 +0,0 @@
-{
-  "python.analysis.typeCheckingMode": "basic"
-}

backend/Cargo.toml

@@ -1,76 +1,13 @@
 [package]
 name = "windmill"
-version = "1.74.2"
-authors.workspace = true
-edition.workspace = true
-
-[workspace]
-members = [
-    "./windmill-api",
-    "./windmill-queue",
-    "./windmill-worker",
-    "./windmill-common",
-    "./windmill-audit",
-    "./windmill-api-client",
-    "./parsers/windmill-parser",
-    "./parsers/windmill-parser-ts",
-    "./parsers/windmill-parser-go",
-    "./parsers/windmill-parser-py",
-]
-
-[workspace.package]
-version = "1.74.2"
-authors = ["Ruben Fiszel <ruben@windmill.dev>"]
+version = "1.5.0"
+authors = ["Ruben Fiszel <ruben@rubenfiszel.com>"]
 edition = "2021"
 
-[[bin]]
-name = "windmill"
-path = "./src/main.rs"
-
-[features]
-enterprise = [
-    "windmill-worker/enterprise",
-    "windmill-queue/enterprise",
-    "windmill-api/enterprise",
-]
+[build-dependencies]
+deno_core = "^0"
 
 [dependencies]
-anyhow.workspace = true
-tokio.workspace = true
-dotenv.workspace = true
-windmill-common = { workspace = true, features = ["tracing_init"] }
-windmill-api.workspace = true
-windmill-api-client.workspace = true
-windmill-worker.workspace = true
-futures.workspace = true
-tracing.workspace = true
-sqlx.workspace = true
-tokio-metrics.workspace = true
-rand.workspace = true
-chrono.workspace = true
-git-version.workspace = true
-rsa.workspace = true
-base64.workspace = true
-sha2.workspace = true
-
-[dev-dependencies]
-serde_json.workspace = true
-reqwest.workspace = true
-windmill-queue.workspace = true
-axum.workspace = true
-
-[workspace.dependencies]
-windmill-api = { path = "./windmill-api" }
-windmill-api-client = { path = "./windmill-api-client" }
-windmill-queue = { path = "./windmill-queue" }
-windmill-worker = { path = "./windmill-worker" }
-windmill-common = { path = "./windmill-common" }
-windmill-audit = { path = "./windmill-audit" }
-windmill-parser = { path = "./parsers/windmill-parser" }
-windmill-parser-ts = { path = "./parsers/windmill-parser-ts" }
-windmill-parser-py = { path = "./parsers/windmill-parser-py" }
-windmill-parser-go = { path = "./parsers/windmill-parser-go" }
-windmill-parser-bash = { path = "./parsers/windmill-parser-bash" }
 axum = { version = "^0", features = ["headers"] }
 headers = "^0"
 hyper = { version = "^0", features = ["full"] }
@@ -80,76 +17,46 @@ tower-http = { version = "^0", features = ["trace"] }
 tower-cookies = "^0"
 serde = "^1"
 serde_json = { version = "^1", features = ["preserve_order"] }
-uuid = { version = "^1", features = ["serde", "v4"] }
+uuid = { version = "^0", features = ["serde", "v4"] }
 thiserror = "^1"
 anyhow = "^1"
-chrono = { version = "^0", features = ["serde"] }
+chrono = { version = "^0", features = ["serde"]}
 tracing = "^0"
-tracing-subscriber = { version = "^0", features = ["env-filter", "json"] }
-prometheus = { version = "^0", default-features = false }
-cookie = { version = "0.17.0" }
-phf = { version = "0.11", features = ["macros"] }
+tracing-subscriber = { version = "^0", features = ["env-filter", "json"]}
+console-subscriber = "^0"
+
 rust-embed = "^6"
 mime_guess = "^2"
 hex = "^0"
 sql-builder = "^3"
 argon2 = "^0"
 retainer = "^0"
-rand = "0.8.5"
-rand_core = { version = "^0", features = ["std"] }
+rand = "^0.8.4"
+rand_core = { version = "^0.6.3", features = ["std"] }
 magic-crypt = "^3"
 git-version = "^0"
-rustpython-parser = { git = "https://github.com/RustPython/RustPython" }
+rustpython-parser = "^0"
 cron = "^0"
-lettre = { version = "^0", features = [
-    "rustls-tls",
-    "tokio1",
-    "tokio1-rustls-tls",
-    "builder",
-    "smtp-transport",
-], default-features = false }
+external-ip = "^4"
+lettre = { version = "^0.10.0-rc.4", features = ["rustls-tls", "tokio1", "tokio1-rustls-tls", "builder", "smtp-transport"],  default-features = false}
 urlencoding = "^2"
+oauth2 = "^4"
 url = "^2"
-async-oauth2 = "^0"
 reqwest = { version = "^0", features = ["json"] }
-time = "0.3.16"
+time = "0.3.7"
+slack-http-verifier = "^0"
 serde_urlencoded = "^0"
 tokio-tar = "^0"
 tempfile = "^3"
-tokio-util = { version = "^0", features = ["io"] }
+tokio-util = { version = "0.7.0", features = ["io"] }
 json-pointer = "^0"
 itertools = "^0"
 regex = "^1"
 deno_core = "^0"
+indexmap = "~1.6.2"
 async-recursion = "^1"
-swc_common = "^0"
-swc_ecma_parser = "0.128.2"
-swc_ecma_ast = "0.98.1"
-base64 = "0.21.0"
-unicode-general-category = "^0"
-hmac = "0.12.1"
-sha2 = "0.10.6"
-sqlx = { version = "^0", features = [
-    "offline",
-    "macros",
-    "migrate",
-    "uuid",
-    "json",
-    "chrono",
-    "postgres",
-    "runtime-tokio-rustls",
-] }
+
+sqlx = { version = "^0", features = ["macros", "offline", "migrate", "uuid", "json", "chrono", "postgres", "runtime-tokio-rustls"]}
 dotenv = "^0"
-ulid = { version = "^1", features = ["uuid"] }
+ulid = { version = "^0", features = ["uuid"] }
 futures = "^0"
-tokio-metrics = "0.1.0"
-lazy_static = "1.4.0"
-serde_derive = "1.0.147"
-const_format = { version = "0.2", features = ["rust_1_64", "rust_1_51"] }
-dyn-iter = "0.2.0"
-rsa = "0.7.2"
-async-stripe = { version = "0.14", features = [
-    "runtime-tokio-hyper",
-    "checkout",
-] }
-async_zip = { version = "0.0.11", features = ["full"] }

backend/NOTICE

@@ -1,5 +1,5 @@
-Windmill Labs, Inc
+Ruben Fiszel
 
-Copyright (c) 2021  Windmill Labs, Inc
+Copyright (c) 2021  Ruben Fiszel
 
 Source code in this directory is licensed the GNU Affero General Public License. 

backend/README.md

@@ -1,15 +0,0 @@
-# Windmill Backend
-
-This folder holds all backend components, the [src/](./src/) folder only contains files used to build the "root" binary.
-
-## Components
-
-| name                                          | description                                                                                               |
-| --------------------------------------------- | --------------------------------------------------------------------------------------------------------- |
-| [windmill-api](./windmill-api/)               | The API server, exposing functionality to other components and the frontend                               |
-| [windmill-api-client](./windmill-api-client/) | An autogenerated Rust API client, used by other components to talk to the API                             |
-| [windmill-audit](./windmill-audit/)           | Contains audit functionality, allowing different components to record important actions                   |
-| [windmill-common](./windmill-common/)         | Common code shared by all crates                                                                          |
-| [windmill-queue](./windmill-queue/)           | Contains job & flow queuing functionality, commonly written to by the API server and read from by workers |
-| [windmill-worker](./windmill-worker/)         | The worker. Used to process and execute flows & jobs.                                                     |
-| [parsers](./parsers/)                         | Contains code to parse signatures in different langauges.                                                 |

backend/build.rs

@@ -1,5 +1,17 @@
-// generated by `sqlx migrate build-script`
+use std::fs::File;
+use std::io::Write;
+
+use deno_core::{JsRuntime, RuntimeOptions};
+
 fn main() {
-    // trigger recompilation when a new migration is added
-    println!("cargo:rerun-if-changed=migrations");
-}
+    println!("cargo:rerun-if-changed=build.rs");
+    let options = RuntimeOptions {
+        will_snapshot: true,
+        ..Default::default()
+    };
+    let mut runtime = JsRuntime::new(options);
+
+    let mut snap = File::create("v8.snap").expect("can create snap file");
+    snap.write_all(&runtime.snapshot())
+        .expect("can write content to snap");
+}

backend/migrations/20220123221903_first.up.sql

@@ -2,7 +2,6 @@
 create SCHEMA IF NOT exists extensions;
 create extension if not exists "uuid-ossp"      with schema extensions;
 
-
 CREATE TABLE workspace (
     id VARCHAR(50) PRIMARY KEY,
     name VARCHAR(50) NOT NULL,
@@ -206,6 +205,12 @@ CREATE TABLE password (
     company VARCHAR(30)
 );
 
+-- CREATE TABLE invite_code (
+--     code VARCHAR(20) PRIMARY KEY,
+--     seats_left INTEGER NOT NULL DEFAULT 0,
+--     seats_given INTEGER NOT NULL DEFAULT 1
+-- );
+
 
 CREATE TABLE workspace_settings (
     workspace_id VARCHAR(50) PRIMARY KEY REFERENCES workspace(id),
@@ -272,6 +277,17 @@ CREATE TABLE variable (
     CONSTRAINT proper_id CHECK (path ~ '^[ug](\/[\w-]+){2,}$')
 );
 
+-- CREATE TABLE oauth(
+--     id VARCHAR(150) NOT NULL PRIMARY KEY,
+--     owner VARCHAR(50),
+--     workspace_id VARCHAR(50) NOT NULL REFERENCES workspace(id),
+--     type VARCHAR(50) NOT NULL,
+--     refresh_token VARCHAR(255), 
+--     access_token VARCHAR(255) NOT NULL
+-- );
+
+-- CREATE INDEX index_oauth ON oauth (workspace_id, type, owner);
+
 CREATE TYPE ACTION_KIND AS ENUM ('create', 'update', 'delete', 'execute');
 
 CREATE TABLE audit (
@@ -404,6 +420,35 @@ CREATE INDEX worker_ping_on_ping_at ON worker_ping (ping_at);
 ALTER TABLE audit ENABLE ROW LEVEL SECURITY;
 CREATE POLICY audit_log_see_own ON audit FOR SELECT
 USING(audit.username = current_setting('session.user') or current_setting('session.is_admin')::boolean);
+-- USING(current_setting('session.is_admin')::boolean);
+
+
+DO
+$do$
+BEGIN
+   IF NOT EXISTS (
+      SELECT FROM pg_catalog.pg_roles
+      WHERE  rolname = 'app') THEN
+
+      CREATE ROLE app LOGIN PASSWORD 'changeme';
+   END IF;
+END
+$do$;
+
+GRANT SELECT ON audit TO app;
+
+REVOKE ALL
+ON ALL TABLES IN SCHEMA public 
+FROM PUBLIC;
+
+GRANT ALL
+ON ALL TABLES IN SCHEMA public 
+TO admin;
+
+ALTER DEFAULT PRIVILEGES 
+    FOR ROLE admin
+    IN SCHEMA public
+    GRANT ALL ON TABLES TO admin;
 
 
 INSERT INTO usr_to_group
@@ -411,10 +456,12 @@ SELECT workspace_id, 'all', username FROM (SELECT workspace_id, username from us
 ;
 
 DROP POLICY audit_log_see_own on audit;
+GRANT ALL ON audit TO app;
 CREATE POLICY see_own ON audit FOR ALL
 USING (audit.username = current_setting('session.user'));
 
 
+GRANT ALL ON queue TO app;
 ALTER TABLE queue ENABLE ROW LEVEL SECURITY;
 
 CREATE POLICY see_own ON queue FOR ALL
@@ -423,6 +470,7 @@ USING (SPLIT_PART(queue.permissioned_as, '/', 1) = 'u' AND SPLIT_PART(queue.perm
 CREATE POLICY see_member ON queue FOR ALL
 USING (SPLIT_PART(queue.permissioned_as, '/', 1) = 'g' AND SPLIT_PART(queue.permissioned_as, '/', 2) = any(regexp_split_to_array(current_setting('session.groups'), ',')::text[]));
 
+GRANT ALL ON completed_job TO app;
 ALTER TABLE completed_job ENABLE ROW LEVEL SECURITY;
 
 
@@ -435,6 +483,16 @@ USING (SPLIT_PART(completed_job.permissioned_as, '/', 1) = 'u' AND SPLIT_PART(co
 CREATE POLICY see_member ON completed_job FOR ALL
 USING (SPLIT_PART(completed_job.permissioned_as, '/', 1) = 'g' AND SPLIT_PART(completed_job.permissioned_as, '/', 2) = any(regexp_split_to_array(current_setting('session.groups'), ',')::text[]));
 
+GRANT SELECT ON pipenv to app;
+GRANT SELECT (email, username, is_admin, workspace_id) ON usr to app;
+
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public to app;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public to admin;
+GRANT SELECT, INSERT ON resource_type to app;
+
+GRANT SELECT ON worker_ping to app;
+GRANT SELECT ON worker_ping to admin;
+
 CREATE POLICY schedule ON audit FOR INSERT
 WITH CHECK (audit.username LIKE 'schedule-%');
 
@@ -450,6 +508,7 @@ $do$
     EXECUTE FORMAT(
       $$
 
+        GRANT ALL ON %1$I TO app;
         ALTER TABLE %1$I ENABLE ROW LEVEL SECURITY;
 
         CREATE POLICY see_starter ON %1$I FOR SELECT
@@ -483,11 +542,13 @@ $do$
   END
 $do$;
 
+GRANT ALL ON group_ TO app;
 ALTER TABLE group_
 ADD COLUMN extra_perms JSONB NOT NULL DEFAULT '{}';
 
 CREATE INDEX group_extra_perms ON group_ USING GIN (extra_perms);
 
+GRANT ALL ON usr_to_group TO app;
 ALTER TABLE usr_to_group ENABLE ROW LEVEL SECURITY;
 
 CREATE POLICY see_extra_perms_user ON usr_to_group FOR ALL
@@ -505,62 +566,10 @@ WITH CHECK (exists(
 DO
 $do$
 BEGIN
-    IF EXISTS (
-        select usesuper from pg_user where usename = CURRENT_USER AND usesuper = 't') 
-    AND NOT EXISTS (
-        SELECT
-        FROM   pg_catalog.pg_roles
-        WHERE  rolname = 'windmill_user') THEN
-
-        LOCK TABLE pg_catalog.pg_roles;
-
-        CREATE ROLE windmill_user;
-
-        GRANT ALL
-        ON ALL TABLES IN SCHEMA public 
-        TO windmill_user;
-
-        GRANT ALL PRIVILEGES 
-        ON ALL SEQUENCES IN SCHEMA public 
-        TO windmill_user;
-
-        ALTER DEFAULT PRIVILEGES 
-            IN SCHEMA public
-            GRANT ALL ON TABLES TO windmill_user;
-
-        ALTER DEFAULT PRIVILEGES 
-            IN SCHEMA public
-            GRANT ALL ON SEQUENCES TO windmill_user;
-
-    END IF;
-END
-$do$;
-
-DO
-$do$
-BEGIN
-    IF EXISTS (select usesuper from pg_user where usename = CURRENT_USER AND usesuper = 't')
-    AND NOT EXISTS (
-        SELECT
-        FROM   pg_catalog.pg_roles
-        WHERE  rolname = 'windmill_admin') THEN
-        CREATE ROLE windmill_admin WITH BYPASSRLS;
-
-        GRANT ALL
-        ON ALL TABLES IN SCHEMA public 
-        TO windmill_admin;
-
-        GRANT ALL PRIVILEGES 
-        ON ALL SEQUENCES IN SCHEMA public 
-        TO windmill_admin;
-
-        ALTER DEFAULT PRIVILEGES 
-            IN SCHEMA public
-            GRANT ALL ON TABLES TO windmill_admin;
-
-        ALTER DEFAULT PRIVILEGES 
-            IN SCHEMA public
-            GRANT ALL ON SEQUENCES TO windmill_admin;
-    END IF;
+   IF NOT EXISTS (
+      SELECT FROM pg_catalog.pg_roles  -- SELECT list can be empty for this
+      WHERE  rolname = 'admin') THEN
+      CREATE ROLE admin WITH BYPASSRLS LOGIN PASSWORD 'changeme';
+   END IF;
 END
 $do$;

backend/migrations/20220428085013_private_key.up.sql

@@ -9,5 +9,8 @@ CREATE TABLE workspace_key (
     PRIMARY KEY (workspace_id, kind)
 );
 
+GRANT SELECT ON workspace_key TO app;
+GRANT SELECT ON workspace_key TO admin;
+
 INSERT INTO workspace_key SELECT id as workspace_id, 'cloud' as kind, 'changeme' as key FROM workspace;
 

backend/migrations/20220504193929_typescript_support.down.sql

@@ -1,12 +0,0 @@
--- Add down migration script here
-DROP TYPE SCRIPT_LANG;
-
-ALTER TABLE script
-DROP COLUMN language SCRIPT_LANG;
-
-ALTER TABLE queue
-DROP COLUMN language SCRIPT_LANG;
-
-ALTER TABLE completed_job
-DROP COLUMN language SCRIPT_LANG;
-

backend/migrations/20220504193929_typescript_support.up.sql

@@ -1,11 +0,0 @@
--- Add up migration script here
-CREATE TYPE SCRIPT_LANG AS ENUM ('python3', 'deno');
-
-ALTER TABLE script
-ADD COLUMN language SCRIPT_LANG NOT NULL DEFAULT 'python3';
-
-ALTER TABLE queue
-ADD COLUMN language SCRIPT_LANG NOT NULL DEFAULT 'python3';
-
-ALTER TABLE completed_job
-ADD COLUMN language SCRIPT_LANG NOT NULL DEFAULT 'python3';

backend/migrations/20220508152326_create_role_if_not_exists.up.sql

@@ -1 +1,24 @@
 -- Add up migration script here
+DO
+$do$
+BEGIN
+    IF NOT EXISTS (
+        SELECT
+        FROM   pg_catalog.pg_roles
+        WHERE  rolname = 'app') THEN
+        CREATE ROLE app LOGIN PASSWORD 'changeme';
+    END IF;
+END
+$do$;
+
+DO
+$do$
+BEGIN
+    IF NOT EXISTS (
+        SELECT
+        FROM   pg_catalog.pg_roles
+        WHERE  rolname = 'admin') THEN
+        CREATE ROLE admin LOGIN PASSWORD 'changeme';
+    END IF;
+END
+$do$;

backend/migrations/20220509191845_started_at_completed_job.down.sql

@@ -1,3 +0,0 @@
--- Add down migration script here
-ALTER TABLE completed_job
-DROP COLUMN started_at;

backend/migrations/20220509191845_started_at_completed_job.up.sql

@@ -1,4 +0,0 @@
--- Add up migration script here
-ALTER TABLE completed_job
-ADD COLUMN started_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW();
-

backend/migrations/20220518211432_make_lang_nullable.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220518211432_make_lang_nullable.up.sql

@@ -1,6 +0,0 @@
--- Add up migration script here
-ALTER TABLE queue
-ALTER COLUMN language DROP NOT NULL;
-
-ALTER TABLE completed_job
-ALTER COLUMN language DROP NOT NULL;

backend/migrations/20220610181005_add_script_hub.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220610181005_add_script_hub.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-ALTER TYPE JOB_KIND ADD VALUE 'script_hub';

backend/migrations/20220615151034_accounts.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220615151034_accounts.up.sql

@@ -1,13 +0,0 @@
--- Add up migration script here
-
-CREATE TABLE account (
-    workspace_id VARCHAR(50) NOT NULL REFERENCES workspace(id),
-    id SERIAL NOT NULL,
-    expires_at TIMESTAMP,
-    refresh_token VARCHAR(255),
-    PRIMARY KEY (workspace_id, id)
-);
-
-ALTER TABLE resource ADD COLUMN account INTEGER;
-ALTER TABLE variable ADD COLUMN account INTEGER;
-ALTER TABLE password ALTER COLUMN login_type TYPE VARCHAR(50);

backend/migrations/20220620210708_regex_fix.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220620210708_regex_fix.up.sql

@@ -1,9 +0,0 @@
--- Add up migration script here
-
-ALTER TABLE usr DROP CONSTRAINT proper_email;
-ALTER TABLE usr ADD CONSTRAINT proper_email
-CHECK (email ~* '^(?:[a-z0-9!#$%&''*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&''*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$');
-
-ALTER TABLE workspace_invite DROP CONSTRAINT proper_email;
-ALTER TABLE workspace_invite ADD CONSTRAINT proper_email
-CHECK (email ~* '^(?:[a-z0-9!#$%&''*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&''*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])$');

backend/migrations/20220624170622_workspace_premium.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220624170622_workspace_premium.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-ALTER TABLE workspace ADD COLUMN premium BOOLEAN NOT NULL DEFAULT false;

backend/migrations/20220624180013_workspace_premium_grant.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220624180013_workspace_premium_grant.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-

backend/migrations/20220707094935_add_client_to_account.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220707094935_add_client_to_account.up.sql

@@ -1,20 +0,0 @@
--- Add up migration script here
-ALTER TABLE account ADD COLUMN owner VARCHAR(50) NOT NULL;
-ALTER TABLE account ADD COLUMN client VARCHAR(50) NOT NULL;
-ALTER TABLE resource ADD COLUMN is_oauth BOOLEAN NOT NULL DEFAULT false;
-ALTER TABLE variable ADD COLUMN is_oauth BOOLEAN NOT NULL DEFAULT false;
-ALTER TABLE resource DROP COLUMN account;
-
-ALTER TABLE account ALTER COLUMN expires_at TYPE TIMESTAMP WITH TIME ZONE;
-
-ALTER TABLE account ALTER COLUMN expires_at SET NOT NULL;
-ALTER TABLE account ALTER COLUMN refresh_token SET NOT NULL;
-
-ALTER TABLE account ENABLE ROW LEVEL SECURITY;
-
-
-CREATE POLICY see_own ON account FOR ALL
-USING (SPLIT_PART(account.owner, '/', 1) = 'u' AND SPLIT_PART(account.owner, '/', 2) = current_setting('session.user'));
-
-CREATE POLICY see_member ON account FOR ALL
-USING (SPLIT_PART(account.owner, '/', 1) = 'g' AND SPLIT_PART(account.owner, '/', 2) = any(regexp_split_to_array(current_setting('session.groups'), ',')::text[]));

backend/migrations/20220713142758_script_trigger.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220713142758_script_trigger.up.sql

@@ -1,3 +0,0 @@
--- Add up migration script here
-ALTER TABLE script ADD COLUMN trigger_reco_interval INTEGER;
-ALTER TABLE completed_job ADD COLUMN is_skipped BOOLEAN NOT NULL DEFAULT FALSE;

backend/migrations/20220719101639_script_trigger_2.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220719101639_script_trigger_2.up.sql

@@ -1,4 +0,0 @@
--- Add up migration script here
-ALTER TABLE script DROP COLUMN trigger_reco_interval;
-ALTER TABLE script ADD COLUMN is_trigger BOOLEAN NOT NULL DEFAULT false;
-

backend/migrations/20220728222351_job_duration_ms.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220728222351_job_duration_ms.up.sql

@@ -1,4 +0,0 @@
-ALTER TABLE completed_job
-     RENAME duration to duration_ms;
-UPDATE completed_job
-   SET duration_ms = duration_ms * 1000;

backend/migrations/20220802211304_capture.down.sql

@@ -1 +0,0 @@
-DROP TABLE capture;

backend/migrations/20220802211304_capture.up.sql

@@ -1,21 +0,0 @@
-CREATE TABLE capture (
-    workspace_id  VARCHAR(50)   NOT NULL,
-    path          VARCHAR(255)  NOT NULL,
-    created_at    TIMESTAMPTZ   NOT NULL DEFAULT now(),
-    created_by    VARCHAR(50)   NOT NULL,
-    payload       JSONB         NOT NULL DEFAULT 'null'::jsonb
-                                CHECK (length(payload::text) < 10 * 1024),
-
-    PRIMARY KEY (workspace_id, path),
-    FOREIGN KEY (workspace_id)  REFERENCES workspace(id)
-);
-
-ALTER TABLE capture ENABLE ROW LEVEL SECURITY;
-
-CREATE POLICY see_own ON capture FOR ALL
-USING (    SPLIT_PART(capture.path, '/', 1) = 'u'
-       AND SPLIT_PART(capture.path, '/', 2) = current_setting('session.user'));
-
-CREATE POLICY see_member ON capture FOR ALL
-USING (    SPLIT_PART(capture.path, '/', 1) = 'g'
-       AND SPLIT_PART(capture.path, '/', 2) = any(regexp_split_to_array(current_setting('session.groups'), ',')::text[]));

backend/migrations/20220816185849_remove_non_admin_users.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220816185849_remove_non_admin_users.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-DELETE FROM password WHERE email = 'user@windmill.dev' OR email = 'ruben@windmill.dev';

backend/migrations/20220818125523_longername.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220818125523_longername.up.sql

@@ -1,3 +0,0 @@
--- Add up migration script here
-ALTER TABLE queue ALTER COLUMN created_by TYPE varchar(255);
-ALTER TABLE completed_job ALTER COLUMN created_by TYPE varchar(255);

backend/migrations/20220901174503_openflow_changes.down.sql

@@ -1,2 +0,0 @@
--- The corresponding migrate up isn't really reversible but should be
--- idempotent...

backend/migrations/20220901174503_openflow_changes.up.sql

@@ -1,56 +0,0 @@
--- https://github.com/windmill-labs/windmill/pull/491
-CREATE FUNCTION migrate_flow(flow jsonb)
-       RETURNS jsonb
-AS $$
-DECLARE module jsonb;
-        i integer := 0;
-BEGIN
-    if flow->'value'?'modules' THEN
-        flow = JSONB_SET(flow, ARRAY['modules'], flow->'value'->'modules') - 'value';
-    END IF;
-
-    FOR module IN SELECT JSONB_ARRAY_ELEMENTS(flow->'modules') LOOP
-        flow = JSONB_SET(flow, ARRAY['modules', i::text], migrate_flow_module(module));
-        i = i + 1;
-    END LOOP;
-
-    RETURN flow;
-END;
-$$ LANGUAGE plpgsql;
-
-CREATE FUNCTION migrate_flow_module(module jsonb)
-       RETURNS jsonb
-AS $$
-BEGIN
-    IF module?'input_transform' AND module->'input_transform' != 'null'::jsonb THEN
-        module = JSONB_SET(module, ARRAY['input_transforms'], module->'input_transform')
-               - 'input_transform';
-    END IF;
-
-    IF module?'stop_after_if_expr' AND module->'stop_after_if_expr' != 'null'::jsonb THEN
-        IF NOT module?'stop_after_if' THEN
-            module = JSONB_SET(module, ARRAY['stop_after_if'], '{}'::jsonb);
-        END IF;
-        module = JSONB_SET(module, ARRAY['stop_after_if', 'expr'], module->'stop_after_if_expr')
-               - 'stop_after_if_expr';
-    END IF;
-
-    IF module?'skip_if_stopped' AND module->'skip_if_stopped' != 'null'::jsonb THEN
-        IF NOT module?'stop_after_if' THEN
-            module = JSONB_SET(module, ARRAY['stop_after_if'], '{}'::jsonb);
-        END IF;
-        module = JSONB_SET(module, ARRAY['stop_after_if', 'skip_if_stopped'], module->'skip_if_stopped')
-               - 'skip_if_stopped';
-    END IF;
-
-    if module->'value'->>'type' = 'forloopflow' THEN
-        module = JSONB_SET(module, ARRAY['value'], migrate_flow(module->'value'));
-    END IF;
-
-    RETURN module;
-END;
-$$ LANGUAGE plpgsql;
-
-UPDATE flow SET value = migrate_flow(value);
-
-DROP FUNCTION migrate_flow_module, migrate_flow;

backend/migrations/20220902211654_job-resume.down.sql

@@ -1,5 +0,0 @@
-DROP TABLE resume_job;
-
-ALTER TABLE queue
-DROP COLUMN suspend,
-DROP COLUMN suspend_until;

backend/migrations/20220902211654_job-resume.up.sql

@@ -1,16 +0,0 @@
-CREATE TABLE resume_job (
-    id            uuid          NOT NULL,
-    job           uuid          NOT NULL,
-    flow          uuid          NOT NULL,
-    created_at    TIMESTAMPTZ   NOT NULL DEFAULT now(),
-    value         JSONB         NOT NULL DEFAULT 'null'::jsonb
-                                CHECK (length(value::text) < 10 * 1024),
-    is_cancel     boolean       NOT NULL default false,
-
-    PRIMARY KEY (id),
-    FOREIGN KEY (flow)  REFERENCES queue(id) ON DELETE CASCADE
-);
-
-ALTER TABLE queue
- ADD COLUMN suspend        INTEGER      NOT NULL  DEFAULT 0,
- ADD COLUMN suspend_until  TIMESTAMPTZ;

backend/migrations/20220903220634_audit_username.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220903220634_audit_username.up.sql

@@ -1,11 +0,0 @@
--- Add up migration script here
-DROP POLICY see_own ON audit;
-DROP POLICY schedule ON audit;
-
-ALTER TABLE audit ALTER COLUMN username TYPE varchar(255);
-
-CREATE POLICY see_own ON audit FOR ALL
-USING (audit.username = current_setting('session.user'));
-CREATE POLICY schedule ON audit FOR INSERT
-WITH CHECK (audit.username LIKE 'schedule-%');
-

backend/migrations/20220904123027_script_kind.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220904123027_script_kind.up.sql

@@ -1,5 +0,0 @@
--- Add up migration script here
-CREATE TYPE SCRIPT_KIND AS ENUM ('script', 'trigger', 'failure', 'command');
-
-ALTER TABLE script ADD COLUMN kind SCRIPT_KIND NOT NULL DEFAULT 'script';
-ALTER TABLE script DROP COLUMN is_trigger;

backend/migrations/20220905175719_go_lang.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20220905175719_go_lang.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-ALTER TYPE SCRIPT_LANG ADD VALUE 'go';

backend/migrations/20221005022757_same_worker.down.sql

@@ -1,2 +0,0 @@
--- Add down migration script here
-ALTER TABLE queue DROP COLUMN same_worker;

backend/migrations/20221005022757_same_worker.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-ALTER TABLE queue ADD COLUMN same_worker BOOLEAN DEFAULT FALSE;

backend/migrations/20221020164416_approval_script.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20221020164416_approval_script.up.sql

@@ -1,2 +0,0 @@
--- Add up migration script here
-ALTER TYPE SCRIPT_KIND ADD VALUE 'approval';

backend/migrations/20221023162721_remove_iscancel_resumejob.down.sql

@@ -1 +0,0 @@
--- Add down migration script here

backend/migrations/20221023162721_remove_iscancel_resumejob.up.sql

@@ -1,3 +0,0 @@
--- Add up migration script here
-ALTER TABLE resume_job DROP COLUMN is_cancel;
-ALTER TABLE resume_job ADD COLUMN approver VARCHAR(50);