diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..baac920236 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +**/node_modules +**/dist +**/coverage +**/.nx +.git +.github +**/.env +**/.env.* +!**/.env.example +**/*.log +**/*.tsbuildinfo +api-reference diff --git a/.gitignore b/.gitignore index 7f68fbc18c..2246c5657a 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ lerna-debug.log # Configuration .env .env-test +.env.executors .forestadmin-schema.json # yarn diff --git a/packages/_example/package.json b/packages/_example/package.json index b3cd1a6dca..f13c73d853 100644 --- a/packages/_example/package.json +++ b/packages/_example/package.json @@ -50,7 +50,8 @@ "start:with-executor:ai-error": "concurrently --kill-others --names 'agent,executor' \"yarn start\" \"bash -c 'set -a && source .env && AGENT_URL=\\$EXECUTOR_AGENT_URL && DATABASE_URL=\\$EXECUTOR_DATABASE_URL && FORCE_AI_ERROR=true && until curl -s \\$EXECUTOR_AGENT_URL >/dev/null 2>&1; do sleep 1; done && tsx watch ../workflow-executor/src/cli.ts --pretty'\"", "db:executor:up": "cd ../workflow-executor/example && docker compose up -d", "db:executor:down": "cd ../workflow-executor/example && docker compose down", - "db:executor:reset": "cd ../workflow-executor/example && docker compose down -v && docker compose up -d" + "db:executor:reset": "cd ../workflow-executor/example && docker compose down -v && docker compose up -d", + "executor:docker": "docker compose --env-file ../workflow-executor/example/.env.executors -f ../workflow-executor/example/docker-compose.executors.yml up" }, "devDependencies": { "@types/node": "^20.12.12", diff --git a/packages/workflow-executor/Dockerfile b/packages/workflow-executor/Dockerfile new file mode 100644 index 0000000000..751b251d5d --- /dev/null +++ b/packages/workflow-executor/Dockerfile @@ -0,0 +1,37 @@ +# syntax=docker/dockerfile:1 +# +# Local/dev image for @forestadmin/workflow-executor. +# The build context MUST be the monorepo root (yarn workspaces + yarn.lock): +# +# docker build -f packages/workflow-executor/Dockerfile -t forest-workflow-executor:local . +# +# It is NOT optimized for production (ships the full workspace node_modules). + +FROM node:22-bookworm-slim AS builder +WORKDIR /app + +# --ignore-scripts skips husky, native (node-gyp) builds and binary downloads +# we don't need here: the runtime path is Postgres and `pg` is pure JS. The only +# native dep (sqlite3) is dev-only and unused at runtime. +COPY . . +RUN yarn install --frozen-lockfile --ignore-scripts + +# Build the executor and only its workspace dependencies (6 packages), in order. +RUN node_modules/.bin/lerna run build \ + --scope @forestadmin/workflow-executor \ + --include-dependencies + +FROM node:22-bookworm-slim AS runtime +WORKDIR /app +ENV NODE_ENV=production + +# Hoisted node_modules symlink into packages/*, so the whole tree must come along +# for the @forestadmin/* workspace symlinks to resolve. +COPY --from=builder /app ./ + +USER node + +# HTTP server (GET /runs/:runId, POST /runs/:runId/trigger). Override with HTTP_PORT. +EXPOSE 3400 + +CMD ["node", "packages/workflow-executor/dist/cli.js", "--json"] diff --git a/packages/workflow-executor/example/.env.executors.example b/packages/workflow-executor/example/.env.executors.example new file mode 100644 index 0000000000..05c3a6e5dd --- /dev/null +++ b/packages/workflow-executor/example/.env.executors.example @@ -0,0 +1,25 @@ +# Copy to .env.executors and fill in. Used by docker-compose.executors.yml. + +# Forest Admin secrets — Settings -> Environments. FOREST_AUTH_SECRET MUST match +# the auth secret of the agent that signs forest_session_token, or every request +# proxied to the executor gets a 401. +FOREST_ENV_SECRET= +FOREST_AUTH_SECRET= + +# IMPORTANT: inside the containers, localhost/127.0.0.1 means the container +# itself, NOT your host. Anything on your machine (agent, Forest backend, +# Postgres) must be reached via host.docker.internal with its real port. + +# Your existing local Postgres run store. Both executors share it. +DATABASE_URL=postgres://user:password@host.docker.internal:5432/workflow_executor + +# Your agent, reachable from inside the containers. +AGENT_URL=http://host.docker.internal:3351 + +# The Forest orchestrator. Defaults to https://api.forestadmin.com. For a LOCAL +# backend use http(s)://host.docker.internal: (NOT localhost). Use http:// +# if it serves plaintext, else you'll hit an SSL "wrong version number" error. +# FOREST_SERVER_URL=http://host.docker.internal:3001 + +# Optional — default shown. +POLLING_INTERVAL_MS=5000 \ No newline at end of file diff --git a/packages/workflow-executor/example/docker-compose.executors.yml b/packages/workflow-executor/example/docker-compose.executors.yml new file mode 100644 index 0000000000..7df7b7f339 --- /dev/null +++ b/packages/workflow-executor/example/docker-compose.executors.yml @@ -0,0 +1,56 @@ +# Two workflow-executor instances behind an nginx round-robin gateway, sharing a +# single Postgres run store (so the write-ahead idempotency log is shared across +# instances). The store is YOUR existing local Postgres, reached via DATABASE_URL. +# +# cp .env.executors.example .env.executors # fill in secrets + DATABASE_URL +# docker compose --env-file .env.executors -f docker-compose.executors.yml up --build +# +# Point your agent at the gateway: workflowExecutorUrl: "http://localhost:3400". +# Your agent must be running on the host (executors probe AGENT_URL on startup). +# +# DATABASE_URL must use host.docker.internal (NOT localhost) to reach a Postgres +# running on your host, e.g. postgres://user:pass@host.docker.internal:5432/db + +name: workflow-executor-gateway + +x-executor-env: &executor-env + FOREST_ENV_SECRET: ${FOREST_ENV_SECRET} + FOREST_AUTH_SECRET: ${FOREST_AUTH_SECRET} + AGENT_URL: ${AGENT_URL:-http://host.docker.internal:3351} + FOREST_SERVER_URL: ${FOREST_SERVER_URL:-https://api.forestadmin.com} + DATABASE_URL: ${DATABASE_URL} + POLLING_INTERVAL_MS: ${POLLING_INTERVAL_MS:-5000} + HTTP_PORT: "3400" + NODE_TLS_REJECT_UNAUTHORIZED: 0 + +x-executor-common: &executor-common + image: forest-workflow-executor:local + restart: unless-stopped + extra_hosts: + - "host.docker.internal:host-gateway" + +services: + executor-1: + <<: *executor-common + build: + context: ../.. + dockerfile: packages/workflow-executor/Dockerfile + environment: *executor-env + + executor-2: + <<: *executor-common + environment: *executor-env + depends_on: + executor-1: + condition: service_started + + gateway: + image: nginx:1.27-alpine + restart: unless-stopped + ports: + - "3400:3400" + volumes: + - ./nginx-executor-gateway.conf:/etc/nginx/conf.d/default.conf:ro + depends_on: + - executor-1 + - executor-2 diff --git a/packages/workflow-executor/example/nginx-executor-gateway.conf b/packages/workflow-executor/example/nginx-executor-gateway.conf new file mode 100644 index 0000000000..bda730dc60 --- /dev/null +++ b/packages/workflow-executor/example/nginx-executor-gateway.conf @@ -0,0 +1,26 @@ +# Round-robin gateway in front of the two workflow-executor instances. +# Stateless: trigger re-fetches the run server-side and getRun reads the shared +# DB, so any instance serves any request — no sticky sessions needed. + +upstream executors { + server executor-1:3400; + server executor-2:3400; +} + +server { + listen 3400; + + location / { + proxy_pass http://executors; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # Authorization / Cookie are forwarded by default; AI/MCP steps can be slow. + proxy_read_timeout 600s; + proxy_send_timeout 600s; + + # Retry the other instance on connection/5xx failure. + proxy_next_upstream error timeout http_502 http_503 http_504; + } +}