github/oneuptime
1
1
Fork 0
mirror of https://github.com/OneUptime/oneuptime.git synced 2026-04-06 00:32:12 +02:00
Code Issues 193 Packages Projects Releases Wiki Activity

Remove IsolatedVM service and related configurations from the project

Browse Source 
- Deleted package.json and tsconfig.json for IsolatedVM.
- Removed isolated-vm upstream configuration from Nginx default.conf.template.
- Removed ISOLATED_VM_PORT and telemetry settings from config.example.env.
- Cleaned up docker-compose.base.yml by removing isolated-vm service and its environment variables.
- Updated docker-compose.dev.yml to eliminate isolated-vm service and its associated volumes.
- Removed isolated-vm service from docker-compose.yml.
This commit is contained in:
Nawaz Dhandala
2026-03-03 12:25:31 +00:00
parent a6f2e83c72
commit c309fafdb6
28 changed files with 9 additions and 5523 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/build.yml vendored
View File

@@ -33,29 +33,6 @@ jobs:
max_attempts: 3
command: sudo docker build --no-cache -f ./Accounts/Dockerfile .
docker-build-isolated-vm:
runs-on: ubuntu-latest
env:
CI_PIPELINE_ID: ${{github.run_number}}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Preinstall
uses: nick-fields/retry@v3
with:
timeout_minutes: 10
max_attempts: 3
command: npm run prerun
# build image for accounts service
- name: build docker image
uses: nick-fields/retry@v3
with:
timeout_minutes: 45
max_attempts: 3
command: sudo docker build --no-cache -f ./IsolatedVM/Dockerfile .
docker-build-home:
runs-on: ubuntu-latest
env:

17
.github/workflows/compile.yml vendored
View File

@@ -27,23 +27,6 @@ jobs:
max_attempts: 3
command: cd Accounts && npm install && npm run compile && npm run dep-check
compile-isolated-vm:
runs-on: ubuntu-latest
env:
CI_PIPELINE_ID: ${{github.run_number}}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: latest
- run: cd Common && npm install
- name: Compile IsolatedVM
uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 3
command: cd IsolatedVM && npm install && npm run compile && npm run dep-check
compile-common:
runs-on: ubuntu-latest
env:

76
.github/workflows/release.yml vendored
View File

@@ -284,74 +284,6 @@ jobs:
--platforms linux/amd64,linux/arm64 \
--git-sha "${{ github.sha }}"
isolated-vm-docker-image-deploy:
needs: [generate-build-number, read-version]
runs-on: ubuntu-latest
env:
QEMU_CPU: max
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: true
swap-storage: true
- name: Docker Meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
oneuptime/isolated-vm
ghcr.io/oneuptime/isolated-vm
tags: |
type=raw,value=release,enable=true
type=semver,value=${{needs.read-version.outputs.major_minor}},pattern={{version}},enable=true
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
- uses: actions/setup-node@v4
with:
node-version: latest
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:qemu-v10.0.4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Generate Dockerfile from Dockerfile.tpl
run: npm run prerun
# Build and deploy isolated-vm.
- name: Login to Docker Hub
run: |
echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
- name: Login to GitHub Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io --username "${{ github.repository_owner }}" --password-stdin
- name: Build and push
run: |
bash ./Scripts/GHA/build_docker_images.sh \
--image isolated-vm \
--version "${{needs.read-version.outputs.major_minor}}" \
--dockerfile ./IsolatedVM/Dockerfile \
--context . \
--platforms linux/amd64,linux/arm64 \
--git-sha "${{ github.sha }}"
home-docker-image-deploy:
needs: [generate-build-number, read-version]
runs-on: ubuntu-latest
@@ -400,7 +332,7 @@ jobs:
- name: Generate Dockerfile from Dockerfile.tpl
run: npm run prerun
# Build and deploy isolated-vm.
# Build and deploy home.
- name: Login to Docker Hub
run: |
@@ -1481,7 +1413,6 @@ jobs:
- generate-build-number
- nginx-docker-image-deploy
- e2e-docker-image-deploy
- isolated-vm-docker-image-deploy
- home-docker-image-deploy
- test-server-docker-image-deploy
- otel-collector-docker-image-deploy
@@ -1507,7 +1438,6 @@ jobs:
"mcp",
"nginx",
"e2e",
"isolated-vm",
"home",
"test-server",
"otel-collector",
@@ -1569,7 +1499,7 @@ jobs:
test-e2e-release-saas:
runs-on: ubuntu-latest
needs: [telemetry-docker-image-deploy, docs-docker-image-deploy, workflow-docker-image-deploy, accounts-docker-image-deploy, ai-agent-docker-image-deploy, admin-dashboard-docker-image-deploy, app-docker-image-deploy, dashboard-docker-image-deploy, isolated-vm-docker-image-deploy, home-docker-image-deploy, worker-docker-image-deploy, otel-collector-docker-image-deploy, probe-docker-image-deploy, status-page-docker-image-deploy, test-docker-image-deploy, test-server-docker-image-deploy, publish-npm-packages, e2e-docker-image-deploy, helm-chart-deploy, generate-build-number, read-version, nginx-docker-image-deploy]
needs: [telemetry-docker-image-deploy, docs-docker-image-deploy, workflow-docker-image-deploy, accounts-docker-image-deploy, ai-agent-docker-image-deploy, admin-dashboard-docker-image-deploy, app-docker-image-deploy, dashboard-docker-image-deploy, home-docker-image-deploy, worker-docker-image-deploy, otel-collector-docker-image-deploy, probe-docker-image-deploy, status-page-docker-image-deploy, test-docker-image-deploy, test-server-docker-image-deploy, publish-npm-packages, e2e-docker-image-deploy, helm-chart-deploy, generate-build-number, read-version, nginx-docker-image-deploy]
env:
CI_PIPELINE_ID: ${{github.run_number}}
steps:
@@ -1700,7 +1630,7 @@ jobs:
test-e2e-release-self-hosted:
runs-on: ubuntu-latest
# After all the jobs runs
needs: [telemetry-docker-image-deploy, docs-docker-image-deploy, workflow-docker-image-deploy, accounts-docker-image-deploy, ai-agent-docker-image-deploy, admin-dashboard-docker-image-deploy, app-docker-image-deploy, dashboard-docker-image-deploy, isolated-vm-docker-image-deploy, home-docker-image-deploy, worker-docker-image-deploy, otel-collector-docker-image-deploy, probe-docker-image-deploy, status-page-docker-image-deploy, test-docker-image-deploy, test-server-docker-image-deploy, publish-npm-packages, e2e-docker-image-deploy, helm-chart-deploy, generate-build-number, read-version, nginx-docker-image-deploy]
needs: [telemetry-docker-image-deploy, docs-docker-image-deploy, workflow-docker-image-deploy, accounts-docker-image-deploy, ai-agent-docker-image-deploy, admin-dashboard-docker-image-deploy, app-docker-image-deploy, dashboard-docker-image-deploy, home-docker-image-deploy, worker-docker-image-deploy, otel-collector-docker-image-deploy, probe-docker-image-deploy, status-page-docker-image-deploy, test-docker-image-deploy, test-server-docker-image-deploy, publish-npm-packages, e2e-docker-image-deploy, helm-chart-deploy, generate-build-number, read-version, nginx-docker-image-deploy]
env:
CI_PIPELINE_ID: ${{github.run_number}}
steps:

74
.github/workflows/test-release.yaml vendored
View File

@@ -367,76 +367,6 @@ jobs:
--extra-tags test \
--extra-enterprise-tags enterprise-test
isolated-vm-docker-image-deploy:
needs: [read-version, generate-build-number]
runs-on: ubuntu-latest
env:
QEMU_CPU: max
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
tool-cache: false
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: true
swap-storage: true
- name: Docker Meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
oneuptime/isolated-vm
ghcr.io/oneuptime/isolated-vm
tags: |
type=raw,value=test,enable=true
type=raw,value=${{needs.read-version.outputs.major_minor}}-test,enable=true
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
- uses: actions/setup-node@v4
with:
node-version: latest
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
image: tonistiigi/binfmt:qemu-v10.0.4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Generate Dockerfile from Dockerfile.tpl
run: npm run prerun
# Build and deploy isolated-vm.
- name: Login to Docker Hub
run: |
echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
- name: Login to GitHub Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io --username "${{ github.repository_owner }}" --password-stdin
- name: Build and push
run: |
bash ./Scripts/GHA/build_docker_images.sh \
--image isolated-vm \
--version "${{needs.read-version.outputs.major_minor}}-test" \
--dockerfile ./IsolatedVM/Dockerfile \
--context . \
--platforms linux/amd64,linux/arm64 \
--git-sha "${{ github.sha }}" \
--extra-tags test \
--extra-enterprise-tags enterprise-test
home-docker-image-deploy:
needs: [read-version, generate-build-number]
runs-on: ubuntu-latest
@@ -485,7 +415,7 @@ jobs:
- name: Generate Dockerfile from Dockerfile.tpl
run: npm run prerun
# Build and deploy isolated-vm.
# Build and deploy home.
- name: Login to Docker Hub
run: |
@@ -1372,7 +1302,7 @@ jobs:
test-helm-chart:
runs-on: ubuntu-latest
needs: [infrastructure-agent-deploy, publish-terraform-provider, telemetry-docker-image-deploy, docs-docker-image-deploy, worker-docker-image-deploy, workflow-docker-image-deploy, isolated-vm-docker-image-deploy, home-docker-image-deploy, test-server-docker-image-deploy, test-docker-image-deploy, probe-docker-image-deploy, dashboard-docker-image-deploy, admin-dashboard-docker-image-deploy, app-docker-image-deploy, accounts-docker-image-deploy, ai-agent-docker-image-deploy, otel-collector-docker-image-deploy, status-page-docker-image-deploy, nginx-docker-image-deploy, e2e-docker-image-deploy]
needs: [infrastructure-agent-deploy, publish-terraform-provider, telemetry-docker-image-deploy, docs-docker-image-deploy, worker-docker-image-deploy, workflow-docker-image-deploy, home-docker-image-deploy, test-server-docker-image-deploy, test-docker-image-deploy, probe-docker-image-deploy, dashboard-docker-image-deploy, admin-dashboard-docker-image-deploy, app-docker-image-deploy, accounts-docker-image-deploy, ai-agent-docker-image-deploy, otel-collector-docker-image-deploy, status-page-docker-image-deploy, nginx-docker-image-deploy, e2e-docker-image-deploy]
env:
CI_PIPELINE_ID: ${{github.run_number}}
steps:

14
.vscode/launch.json vendored
View File

@@ -147,20 +147,6 @@
"restart": true,
"autoAttachChildProcesses": true
},
{
"address": "127.0.0.1",
"localRoot": "${workspaceFolder}/IsolatedVM",
"name": "Isolated VM: Debug with Docker",
"port": 9974,
"remoteRoot": "/usr/src/app",
"request": "attach",
"skipFiles": [
"<node_internals>/**"
],
"type": "node",
"restart": true,
"autoAttachChildProcesses": true
},
{
"address": "127.0.0.1",
"localRoot": "${workspaceFolder}/Workflow",

6
Common/Server/EnvironmentConfig.ts
View File

@@ -181,12 +181,6 @@ export const OpenTelemetryIngestHostname: Hostname = Hostname.fromString(
}`,
);
export const IsolatedVMHostname: Hostname = Hostname.fromString(
`${process.env["SERVER_ISOLATED_VM_HOSTNAME"] || "localhost"}:${
process.env["ISOLATED_VM_PORT"] || 80
}`,
);
export const WorkerHostname: Hostname = Hostname.fromString(
`${process.env["SERVER_WORKER_HOSTNAME"] || "localhost"}:${
process.env["WORKER_PORT"] || 80

33
Common/Server/Utils/VM/VMAPI.ts
View File

@@ -1,15 +1,8 @@
import { IsolatedVMHostname } from "../../../Server/EnvironmentConfig";
import ClusterKeyAuthorization from "../../Middleware/ClusterKeyAuthorization";
import HTTPErrorResponse from "../../../Types/API/HTTPErrorResponse";
import HTTPResponse from "../../../Types/API/HTTPResponse";
import Protocol from "../../../Types/API/Protocol";
import Route from "../../../Types/API/Route";
import URL from "../../../Types/API/URL";
import ReturnResult from "../../../Types/IsolatedVM/ReturnResult";
import { JSONObject, JSONValue } from "../../../Types/JSON";
import API from "../../../Utils/API";
import logger from "../Logger";
import CaptureSpan from "../Telemetry/CaptureSpan";
import VMRunner from "./VMRunner";
export default class VMUtil {
@CaptureSpan()
@@ -20,29 +13,7 @@ export default class VMUtil {
timeout?: number | undefined;
};
}): Promise<ReturnResult> {
const returnResultHttpResponse:
| HTTPErrorResponse
| HTTPResponse<JSONObject> = await API.post<JSONObject>({
url: new URL(
Protocol.HTTP,
IsolatedVMHostname,
new Route("/isolated-vm/run-code"),
),
data: {
...data,
},
headers: {
...ClusterKeyAuthorization.getClusterKeyHeaders(),
},
});
if (returnResultHttpResponse instanceof HTTPErrorResponse) {
throw returnResultHttpResponse;
}
const returnResult: ReturnResult = returnResultHttpResponse.data as any;
return returnResult;
return VMRunner.runCodeInSandbox(data);
}
@CaptureSpan()

19
Common/Tests/Server/Utils/VM/VMAPI.test.ts
View File

@@ -1,28 +1,13 @@
// Mock all heavy dependencies so the test focuses on template logic only
jest.mock("../../../../Server/EnvironmentConfig", () => {
return {
IsolatedVMHostname: "localhost",
};
});
jest.mock("../../../../Server/Middleware/ClusterKeyAuthorization", () => {
jest.mock("../../../../Server/Utils/VM/VMRunner", () => {
return {
__esModule: true,
default: {
getClusterKeyHeaders: () => {
return {};
},
runCodeInSandbox: jest.fn(),
},
};
});
jest.mock("../../../../Utils/API", () => {
return {
__esModule: true,
default: { post: jest.fn() },
};
});
jest.mock("../../../../Server/Utils/Logger", () => {
return {
__esModule: true,

4
HelmChart/Public/oneuptime/templates/_helpers.tpl
View File

@@ -105,8 +105,6 @@ Usage:
value: {{ default "" $.Values.inboundEmail.webhookSecret | quote }}
- name: SERVER_ACCOUNTS_HOSTNAME
value: {{ $.Release.Name }}-accounts.{{ $.Release.Namespace }}.svc.{{ $.Values.global.clusterDomain }}
- name: SERVER_ISOLATED_VM_HOSTNAME
value: {{ $.Release.Name }}-isolated-vm.{{ $.Release.Namespace }}.svc.{{ $.Values.global.clusterDomain }}
- name: SERVER_WORKFLOW_HOSTNAME
value: {{ $.Release.Name }}-workflow.{{ $.Release.Namespace }}.svc.{{ $.Values.global.clusterDomain }}
- name: SERVER_WORKER_HOSTNAME
@@ -139,8 +137,6 @@ Usage:
value: {{ $.Values.testServer.ports.http | squote }}
- name: ACCOUNTS_PORT
value: {{ $.Values.accounts.ports.http | squote }}
- name: ISOLATED_VM_PORT
value: {{ $.Values.isolatedVM.ports.http | squote }}
- name: HOME_PORT
value: {{ $.Values.home.ports.http | squote }}
- name: WORKER_PORT

120
HelmChart/Public/oneuptime/templates/isolated-vm.yaml
View File

@@ -1,120 +0,0 @@
{{- if $.Values.isolatedVM.enabled }}
# OneUptime isolated-vm Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ printf "%s-%s" $.Release.Name "isolated-vm" }}
namespace: {{ $.Release.Namespace }}
labels:
app: {{ printf "%s-%s" $.Release.Name "isolated-vm" }}
app.kubernetes.io/part-of: oneuptime
app.kubernetes.io/managed-by: Helm
appname: oneuptime
{{- if $.Values.deployment.includeTimestampLabel }}
date: "{{ now | unixEpoch }}"
{{- end }}
spec:
selector:
matchLabels:
app: {{ printf "%s-%s" $.Release.Name "isolated-vm" }}
{{- if $.Values.isolatedVM.replicaCount }}
replicas: {{ $.Values.isolatedVM.replicaCount }}
{{- else }}
{{- if or (not $.Values.autoscaling.enabled) ($.Values.isolatedVM.disableAutoscaler) }}
replicas: {{ $.Values.deployment.replicaCount }}
{{- end }}
{{- end }}
strategy: {{- toYaml $.Values.deployment.updateStrategy | nindent 4 }}
template:
metadata:
labels:
app: {{ printf "%s-%s" $.Release.Name "isolated-vm" }}
{{- if $.Values.deployment.includeTimestampLabel }}
date: "{{ now | unixEpoch }}"
{{- end }}
appname: oneuptime
spec:
{{- if $.Values.podSecurityContext }}
securityContext: {{- $.Values.podSecurityContext | toYaml | nindent 8 }}
{{- end }}
{{- if $.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml $.Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if $.Values.affinity }}
affinity: {{- $.Values.affinity | toYaml | nindent 8 }}
{{- end }}
{{- if $.Values.tolerations }}
tolerations: {{- $.Values.tolerations | toYaml | nindent 8 }}
{{- end }}
{{- if $.Values.isolatedVM.podSecurityContext }}
securityContext:
{{- toYaml $.Values.isolatedVM.podSecurityContext | nindent 8 }}
{{- else if $.Values.podSecurityContext }}
securityContext:
{{- toYaml $.Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- if $.Values.isolatedVM.nodeSelector }}
nodeSelector:
{{- toYaml $.Values.isolatedVM.nodeSelector | nindent 8 }}
{{- else if $.Values.nodeSelector }}
nodeSelector:
{{- toYaml $.Values.nodeSelector | nindent 8 }}
{{- end }}
containers:
- image: {{ include "oneuptime.image" (dict "Values" $.Values "ServiceName" "isolated-vm") }}
name: {{ printf "%s-%s" $.Release.Name "isolated-vm" }}
{{- if $.Values.isolatedVM.containerSecurityContext }}
securityContext:
{{- toYaml $.Values.isolatedVM.containerSecurityContext | nindent 12 }}
{{- else if $.Values.containerSecurityContext }}
securityContext:
{{- toYaml $.Values.containerSecurityContext | nindent 12 }}
{{- end }}
imagePullPolicy: {{ $.Values.image.pullPolicy }}
env:
{{- include "oneuptime.env.oneuptimeSecret" . | nindent 12 }}
- name: PORT
value: {{ $.Values.isolatedVM.ports.http | quote }}
- name: LOG_LEVEL
value: {{ $.Values.logLevel }}
- name: NODE_ENV
value: {{ $.Values.nodeEnvironment }}
- name: DISABLE_TELEMETRY
value: {{ $.Values.isolatedVM.disableTelemetryCollection | quote }}
{{- if $.Values.openTelemetryExporter.endpoint }}
- name: OPENTELEMETRY_EXPORTER_OTLP_ENDPOINT
value: {{ $.Values.openTelemetryExporter.endpoint }}
{{- end }}
{{- if $.Values.openTelemetryExporter.headers }}
- name: OPENTELEMETRY_EXPORTER_OTLP_HEADERS
value: {{ $.Values.openTelemetryExporter.headers }}
{{- end }}
ports:
- containerPort: {{ $.Values.isolatedVM.ports.http }}
protocol: TCP
name: http
{{- if $.Values.isolatedVM.resources }}
resources:
{{- toYaml $.Values.isolatedVM.resources | nindent 12 }}
{{- end }}
restartPolicy: {{ $.Values.image.restartPolicy }}
---
# OneUptime isolatedVM autoscaler
{{- if not $.Values.isolatedVM.disableAutoscaler }}
{{- $isolatedVMAutoScalerArgs := dict "ServiceName" "isolated-vm" "Release" $.Release "Values" $.Values -}}
{{- include "oneuptime.autoscaler" $isolatedVMAutoScalerArgs }}
{{- end }}
---
{{- end }}
# OneUptime isolatedVM Service
{{- $isolatedVMPorts := $.Values.isolatedVM.ports -}}
{{- $isolatedVMServiceArgs := dict "ServiceName" "isolated-vm" "Ports" $isolatedVMPorts "Release" $.Release "Values" $.Values -}}
{{- include "oneuptime.service" $isolatedVMServiceArgs }}
---

39
HelmChart/Public/oneuptime/values.schema.json
View File

@@ -1760,45 +1760,6 @@
},
"additionalProperties": false
},
"isolatedVM": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"replicaCount": {
"type": "integer"
},
"disableTelemetryCollection": {
"type": "boolean"
},
"disableAutoscaler": {
"type": "boolean"
},
"ports": {
"type": "object",
"properties": {
"http": {
"type": "integer"
}
},
"additionalProperties": false
},
"resources": {
"type": ["object", "null"]
},
"nodeSelector": {
"type": "object"
},
"podSecurityContext": {
"type": "object"
},
"containerSecurityContext": {
"type": "object"
}
},
"additionalProperties": false
},
"slackApp": {
"type": "object",
"properties": {

12
HelmChart/Public/oneuptime/values.yaml
View File

@@ -720,18 +720,6 @@ telemetry:
# Cooldown period after scaling (in seconds)
cooldownPeriod: 300
isolatedVM:
enabled: true
replicaCount: 1
disableTelemetryCollection: false
disableAutoscaler: false
ports:
http: 4572
resources:
nodeSelector: {}
podSecurityContext: {}
containerSecurityContext: {}
# AI Agent Configuration
# Deploy this to run an AI Agent within your Kubernetes cluster
# Note: This is disabled by default. To enable, set enabled to true and provide the AI Agent credentials

56
IsolatedVM/.dockerignore
View File

@@ -1,56 +0,0 @@
.git
node_modules
# See https://help.github.com/ignore-files/ for more about ignoring files.
# dependencies
/node_modules
node_modules
.idea
# testing
/coverage
# production
/build
# misc
.DS_Store
env.js
npm-debug.log*
yarn-debug.log*
yarn-error.log*
yarn.lock
Untitled-1
*.local.sh
*.local.yaml
run
stop
nohup.out*
encrypted-credentials.tar
encrypted-credentials/
_README.md
# Important Add production values to gitignore.
values-saas-production.yaml
kubernetes/values-saas-production.yaml
/private
/tls_cert.pem
/tls_key.pem
/keys
temp_readme.md
tests/coverage
settings.json
GoSDK/tester/

1
IsolatedVM/.gitattributes vendored
View File

@@ -1 +0,0 @@
*.js text eol=lf

16
IsolatedVM/.gitignore vendored
View File

@@ -1,16 +0,0 @@
# See https://help.github.com/ignore-files/ for more about ignoring files.
# dependencies
#/backend/node_modules
/kubernetes
/node_modules
.idea
# misc
.DS_Store
npm-debug.log*
yarn-debug.log*
yarn-error.log*
yarn.lock

75
IsolatedVM/API/VM.ts
View File

@@ -1,75 +0,0 @@
import BadDataException from "Common/Types/Exception/BadDataException";
import ReturnResult from "Common/Types/IsolatedVM/ReturnResult";
import JSONFunctions from "Common/Types/JSONFunctions";
import { JSONObject, JSONValue } from "Common/Types/JSON";
import ClusterKeyAuthorization from "Common/Server/Middleware/ClusterKeyAuthorization";
import Express, {
ExpressRequest,
ExpressResponse,
ExpressRouter,
NextFunction,
} from "Common/Server/Utils/Express";
import logger from "Common/Server/Utils/Logger";
import Response from "Common/Server/Utils/Response";
import VMRunner from "Common/Server/Utils/VM/VMRunner";
const router: ExpressRouter = Express.getRouter();
router.post(
"/run-code",
ClusterKeyAuthorization.isAuthorizedServiceMiddleware,
async (
req: ExpressRequest,
res: ExpressResponse,
next: NextFunction,
): Promise<void> => {
try {
if (!req.body.code) {
return Response.sendErrorResponse(
req,
res,
new BadDataException("Code is missing"),
);
}
logger.debug("Running code in sandbox");
logger.debug(req.body);
let result: ReturnResult | null = null;
try {
result = await VMRunner.runCodeInSandbox({
code: req.body.code,
options: {
timeout: req.body?.["options"]?.["timeout"] || 5000,
args: req.body?.["options"]?.["args"] || {},
},
});
} catch (err) {
logger.error(err);
throw new BadDataException((err as Error).message);
}
logger.debug("Code execution completed");
logger.debug(result.returnValue);
logger.debug("Code Logs ");
logger.debug(result.logMessages);
if (typeof result.returnValue === "object") {
result.returnValue = JSONFunctions.removeCircularReferences(
result.returnValue as JSONObject,
);
}
return Response.sendJsonObjectResponse(req, res, {
returnValue: result.returnValue as JSONValue,
logMessages: result.logMessages,
});
} catch (err) {
return next(err);
}
},
);
export default router;

83
IsolatedVM/Dockerfile.tpl
View File

@@ -1,83 +0,0 @@
#
# OneUptime-IsolatedVM Dockerfile
#
# Pull base image nodejs image.
FROM public.ecr.aws/docker/library/node:24.9-alpine3.21
RUN mkdir /tmp/npm && chmod 2777 /tmp/npm && chown 1000:1000 /tmp/npm && npm config set cache /tmp/npm --global
RUN npm config set fetch-retries 5
RUN npm config set fetch-retry-mintimeout 20000
RUN npm config set fetch-retry-maxtimeout 60000
ARG GIT_SHA
ARG APP_VERSION
ARG IS_ENTERPRISE_EDITION=false
ENV GIT_SHA=${GIT_SHA}
ENV APP_VERSION=${APP_VERSION}
ENV IS_ENTERPRISE_EDITION=${IS_ENTERPRISE_EDITION}
# IF APP_VERSION is not set, set it to 1.0.0
RUN if [ -z "$APP_VERSION" ]; then export APP_VERSION=1.0.0; fi
# Install bash.
RUN apk add bash && apk add curl
# Install python
RUN apk update && apk add --no-cache --virtual .gyp python3 make g++
#Use bash shell by default
SHELL ["/bin/bash", "-c"]
RUN mkdir /usr/src
WORKDIR /usr/src/Common
COPY ./Common/package*.json /usr/src/Common/
# Set version in ./Common/package.json to the APP_VERSION
RUN sed -i "s/\"version\": \".*\"/\"version\": \"$APP_VERSION\"/g" /usr/src/Common/package.json
RUN npm install
COPY ./Common /usr/src/Common
ENV PRODUCTION=true
WORKDIR /usr/src/app
# Install app dependencies
COPY ./IsolatedVM/package*.json /usr/src/app/
RUN npm install
# Expose ports.
# - 4572: OneUptime-IsolatedVM
EXPOSE 4572
{{ if eq .Env.ENVIRONMENT "development" }}
#Run the app
CMD [ "npm", "run", "dev" ]
{{ else }}
# Copy app source
COPY ./IsolatedVM /usr/src/app
# Bundle app source
RUN npm run compile
# Set permission to write logs and cache in case container run as non root
RUN chown -R 1000:1000 "/tmp/npm" && chmod -R 2777 "/tmp/npm"
#Run the app
CMD [ "npm", "start" ]
{{ end }}

47
IsolatedVM/Index.ts
View File

@@ -1,47 +0,0 @@
import VmAPI from "./API/VM";
import { PromiseVoidFunction } from "Common/Types/FunctionTypes";
import Express, { ExpressApplication } from "Common/Server/Utils/Express";
import logger from "Common/Server/Utils/Logger";
import App from "Common/Server/Utils/StartServer";
import Telemetry from "Common/Server/Utils/Telemetry";
import process from "process";
const APP_NAME: string = "isolated-vm";
const app: ExpressApplication = Express.getExpressApp();
app.use([`/${APP_NAME}`, "/"], VmAPI);
const init: PromiseVoidFunction = async (): Promise<void> => {
try {
// Initialize telemetry
Telemetry.init({
serviceName: APP_NAME,
});
// init the app
await App.init({
appName: APP_NAME,
port: undefined,
isFrontendApp: false,
statusOptions: {
liveCheck: async () => {},
readyCheck: async () => {},
},
});
logger.debug("App Init Success");
// add default routes
await App.addDefaultRoutes();
} catch (err) {
logger.error("App Init Failed:");
logger.error(err);
throw err;
}
};
init().catch((err: Error) => {
logger.error(err);
logger.error("Exiting node process");
process.exit(1);
});

32
IsolatedVM/jest.config.json
View File

@@ -1,32 +0,0 @@
{
"preset": "ts-jest",
"testPathIgnorePatterns": [
"node_modules",
"dist"
],
"verbose": true,
"globals": {
"ts-jest": {
"tsconfig": "tsconfig.json",
"babelConfig": false
}
},
"moduleFileExtensions": ["ts", "js", "json"],
"transform": {
".(ts|tsx)": "ts-jest"
},
"testEnvironment": "node",
"collectCoverage": false,
"coverageReporters": ["text", "lcov"],
"testRegex": "./Tests/(.*).test.ts",
"collectCoverageFrom": ["./**/*.(tsx||ts)"],
"coverageThreshold": {
"global": {
"lines": 0,
"functions": 0,
"branches": 0,
"statements": 0
}
}
}

8
IsolatedVM/nodemon.json
View File

@@ -1,8 +0,0 @@
{
"watch": ["./","../Common"],
"ext": "ts,tsx",
"ignore": ["./node_modules/**", "./public/**", "./bin/**", "./build/**"],
"watchOptions": {"useFsEvents": false, "interval": 500},
"env": {"TS_NODE_TRANSPILE_ONLY": "1", "TS_NODE_FILES": "false"},
"exec": "node -r ts-node/register/transpile-only Index.ts"
}

4565
IsolatedVM/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

33
IsolatedVM/package.json
View File

@@ -1,33 +0,0 @@
{
"name": "@oneuptime/isolated-vm",
"version": "1.0.0",
"description": "",
"repository": {
"type": "git",
"url": "https://github.com/OneUptime/oneuptime"
},
"main": "index.js",
"scripts": {
"start": "export NODE_OPTIONS='--max-old-space-size=8096' && node --require ts-node/register Index.ts",
"compile": "tsc",
"clear-modules": "rm -rf node_modules && rm package-lock.json && npm install",
"dev": "npx nodemon",
"audit": "npm audit --audit-level=low",
"dep-check": "npm install -g depcheck && depcheck ./ --skip-missing=true",
"test": "jest --passWithNoTests"
},
"author": "OneUptime <hello@oneuptime.com> (https://oneuptime.com/)",
"license": "Apache-2.0",
"dependencies": {
"Common": "file:../Common",
"ts-node": "^10.9.1"
},
"devDependencies": {
"@types/jest": "^27.5.0",
"@types/node": "^17.0.31",
"jest": "^28.1.0",
"nodemon": "^2.0.20",
"ts-jest": "^28.0.2"
}
}

115
IsolatedVM/tsconfig.json
View File

@@ -1,115 +0,0 @@
{
"ts-node": {
// these options are overrides used only by ts-node
// same as the --compilerOptions flag and the TS_NODE_COMPILER_OPTIONS environment variable
"compilerOptions": {
"module": "commonjs",
"resolveJsonModule": true,
}
},
"compilerOptions": {
/* Visit https://aka.ms/tsconfig.json to read more about this file */
/* Projects */
// "incremental": true, /* Enable incremental compilation */
// "composite": true, /* Enable constraints that allow a TypeScript project to be used with project references. */
// "tsBuildInfoFile": "./", /* Specify the folder for .tsbuildinfo incremental compilation files. */
// "disableSourceOfProjectReferenceRedirect": true, /* Disable preferring source files instead of declaration files when referencing composite projects */
// "disableSolutionSearching": true, /* Opt a project out of multi-project reference checking when editing. */
// "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */
/* Language and Environment */
"target": "es2017" /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */,
// "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */
"jsx": "react" /* Specify what JSX code is generated. */,
"experimentalDecorators": true /* Enable experimental support for TC39 stage 2 draft decorators. */,
"emitDecoratorMetadata": true /* Emit design-type metadata for decorated declarations in source files. */,
// "jsxFactory": "", /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h' */
// "jsxFragmentFactory": "", /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
// "jsxImportSource": "", /* Specify module specifier used to import the JSX factory functions when using `jsx: react-jsx*`.` */
// "reactNamespace": "", /* Specify the object invoked for `createElement`. This only applies when targeting `react` JSX emit. */
// "noLib": true, /* Disable including any library files, including the default lib.d.ts. */
// "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */
/* Modules */
// "module": "es2022" /* Specify what module code is generated. */,
"rootDir": "" /* Specify the root folder within your source files. */,
"moduleResolution": "node" /* Specify how TypeScript looks up a file from a given module specifier. */,
// "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */
// "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */
// "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */
"typeRoots": [
"./node_modules/@types"
] /* Specify multiple folders that act like `./node_modules/@types`. */,
"types": [
"node",
"jest"
] /* Specify type package names to be included without being referenced in a source file. */,
// "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */
// "resolveJsonModule": true, /* Enable importing .json files */
// "noResolve": true, /* Disallow `import`s, `require`s or `<reference>`s from expanding the number of files TypeScript should add to a project. */
/* JavaScript Support */
// "allowJs": true, /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */
// "checkJs": true, /* Enable error reporting in type-checked JavaScript files. */
// "maxNodeModuleJsDepth": 1, /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */
/* Emit */
// "declaration": true, /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
// "declarationMap": true, /* Create sourcemaps for d.ts files. */
// "emitDeclarationOnly": true, /* Only output d.ts files and not JavaScript files. */
"sourceMap": true /* Create source map files for emitted JavaScript files. */,
// "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If `declaration` is true, also designates a file that bundles all .d.ts output. */
"outDir": "build/dist" /* Specify an output folder for all emitted files. */,
// "removeComments": true, /* Disable emitting comments. */
// "noEmit": true, /* Disable emitting files from a compilation. */
// "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
// "importsNotUsedAsValues": "remove", /* Specify emit/checking behavior for imports that are only used for types */
// "downlevelIteration": true, /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
// "sourceRoot": "", /* Specify the root path for debuggers to find the reference source code. */
// "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */
// "inlineSourceMap": true, /* Include sourcemap files inside the emitted JavaScript. */
// "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */
// "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
// "newLine": "crlf", /* Set the newline character for emitting files. */
// "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */
// "noEmitHelpers": true, /* Disable generating custom helper functions like `__extends` in compiled output. */
// "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */
// "preserveConstEnums": true, /* Disable erasing `const enum` declarations in generated code. */
// "declarationDir": "./", /* Specify the output directory for generated declaration files. */
// "preserveValueImports": true, /* Preserve unused imported values in the JavaScript output that would otherwise be removed. */
/* Interop Constraints */
// "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */
// "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */
"esModuleInterop": true /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */,
// "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
"forceConsistentCasingInFileNames": true /* Ensure that casing is correct in imports. */,
/* Type Checking */
"strict": true /* Enable all strict type-checking options. */,
"noImplicitAny": true /* Enable error reporting for expressions and declarations with an implied `any` type.. */,
"strictNullChecks": true /* When type checking, take into account `null` and `undefined`. */,
"strictFunctionTypes": true /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */,
"strictBindCallApply": true /* Check that the arguments for `bind`, `call`, and `apply` methods match the original function. */,
"strictPropertyInitialization": true /* Check for class properties that are declared but not set in the constructor. */,
"noImplicitThis": true /* Enable error reporting when `this` is given the type `any`. */,
"useUnknownInCatchVariables": true /* Type catch clause variables as 'unknown' instead of 'any'. */,
"alwaysStrict": true /* Ensure 'use strict' is always emitted. */,
"noUnusedLocals": true /* Enable error reporting when a local variables aren't read. */,
"noUnusedParameters": true /* Raise an error when a function parameter isn't read */,
"exactOptionalPropertyTypes": true /* Interpret optional property types as written, rather than adding 'undefined'. */,
"noImplicitReturns": true /* Enable error reporting for codepaths that do not explicitly return in a function. */,
"noFallthroughCasesInSwitch": true /* Enable error reporting for fallthrough cases in switch statements. */,
"noUncheckedIndexedAccess": true /* Include 'undefined' in index signature results */,
"noImplicitOverride": true /* Ensure overriding members in derived classes are marked with an override modifier. */,
"noPropertyAccessFromIndexSignature": true /* Enforces using indexed accessors for keys declared using an indexed type */,
// "allowUnusedLabels": true, /* Disable error reporting for unused labels. */
// "allowUnreachableCode": true, /* Disable error reporting for unreachable code. */
/* Completeness */
// "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */
"skipLibCheck": true, /* Skip type checking all .d.ts files. */
"resolveJsonModule": true
}
}

19
Nginx/default.conf.template
View File

@@ -24,10 +24,6 @@ upstream admin-dashboard {
}
upstream isolated-vm {
server ${SERVER_ISOLATED_VM_HOSTNAME}:${ISOLATED_VM_PORT} weight=10 max_fails=3 fail_timeout=30s;
}
upstream worker {
server ${SERVER_WORKER_HOSTNAME}:${WORKER_PORT} weight=10 max_fails=3 fail_timeout=30s;
}
@@ -693,21 +689,6 @@ ${PROVISION_SSL_CERTIFICATE_KEY_DIRECTIVE}
proxy_pass http://admin-dashboard;
}
location /isolated-vm {
# This is for nginx not to crash when service is not available.
resolver 127.0.0.1 valid=30s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# enable WebSockets (for ws://sockjs not connected error in the accounts source: https://stackoverflow.com/questions/41381444/websocket-connection-failed-error-during-websocket-handshake-unexpected-respon)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://isolated-vm;
}
location /worker {
# This is for nginx not to crash when service is not available.
resolver 127.0.0.1 valid=30s;

2
config.example.env
View File

@@ -115,7 +115,6 @@ STATUS_PAGE_PORT=3105
DASHBOARD_PORT=3009
ADMIN_DASHBOARD_PORT=3158
OTEL_COLLECTOR_HTTP_PORT=4318
ISOLATED_VM_PORT=4572
HOME_PORT=1444
WORKER_PORT=1445
WORKFLOW_PORT=3099
@@ -311,7 +310,6 @@ DISABLE_TELEMETRY_FOR_DASHBOARD=true
DISABLE_TELEMETRY_FOR_PROBE=true
DISABLE_TELEMETRY_FOR_ADMIN_DASHBOARD=true
DISABLE_TELEMETRY_FOR_OTEL_COLLECTOR=true
DISABLE_TELEMETRY_FOR_ISOLATED_VM=true
DISABLE_TELEMETRY_FOR_INGRESS=true
DISABLE_TELEMETRY_FOR_WORKER=true

16
docker-compose.base.yml
View File

@@ -37,7 +37,6 @@ x-common-variables: &common-variables
SERVER_DASHBOARD_HOSTNAME: dashboard
SERVER_ADMIN_DASHBOARD_HOSTNAME: admin-dashboard
SERVER_OTEL_COLLECTOR_HOSTNAME: otel-collector
SERVER_ISOLATED_VM_HOSTNAME: isolated-vm
SERVER_WORKER_HOSTNAME: worker
SERVER_HOME_HOSTNAME: home
SERVER_WORKFLOW_HOSTNAME: workflow
@@ -52,7 +51,6 @@ x-common-variables: &common-variables
STATUS_PAGE_PORT: ${STATUS_PAGE_PORT}
DASHBOARD_PORT: ${DASHBOARD_PORT}
ADMIN_DASHBOARD_PORT: ${ADMIN_DASHBOARD_PORT}
ISOLATED_VM_PORT: ${ISOLATED_VM_PORT}
WORKER_PORT: ${WORKER_PORT}
WORKFLOW_PORT: ${WORKFLOW_PORT}
DOCS_PORT: ${DOCS_PORT}
@@ -470,20 +468,6 @@ services:
options:
max-size: "1000m"
isolated-vm:
networks:
- oneuptime
restart: always
environment:
PORT: ${ISOLATED_VM_PORT}
ONEUPTIME_SECRET: ${ONEUPTIME_SECRET}
DISABLE_TELEMETRY: ${DISABLE_TELEMETRY_FOR_ISOLATED_VM}
IS_ENTERPRISE_EDITION: ${IS_ENTERPRISE_EDITION}
logging:
driver: "local"
options:
max-size: "1000m"
telemetry:
networks:
- oneuptime

21
docker-compose.dev.yml
View File

@@ -336,27 +336,6 @@ services:
context: .
dockerfile: ./AIAgent/Dockerfile
isolated-vm:
volumes:
- ./IsolatedVM:/usr/src/app:cached
# Use node modules of the container and not host system.
# https://stackoverflow.com/questions/29181032/add-a-volume-to-docker-but-exclude-a-sub-folder
- /usr/src/app/node_modules/
- ./Common:/usr/src/Common:cached
- /usr/src/Common/node_modules/
ports:
- '9974:9229' # Debugging port.
extends:
file: ./docker-compose.base.yml
service: isolated-vm
build:
network: host
context: .
dockerfile: ./IsolatedVM/Dockerfile
telemetry:
volumes:
- ./Telemetry:/usr/src/app:cached

6
docker-compose.yml
View File

@@ -123,12 +123,6 @@ services:
depends_on:
<<: *common-depends-on
isolated-vm:
image: oneuptime/isolated-vm:${APP_TAG}
extends:
file: ./docker-compose.base.yml
service: isolated-vm
ingress:
image: oneuptime/nginx:${APP_TAG}
extends: