diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..baac920236 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +**/node_modules +**/dist +**/coverage +**/.nx +.git +.github +**/.env +**/.env.* +!**/.env.example +**/*.log +**/*.tsbuildinfo +api-reference diff --git a/.gitignore b/.gitignore index 7f68fbc18c..2246c5657a 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ lerna-debug.log # Configuration .env .env-test +.env.executors .forestadmin-schema.json # yarn diff --git a/packages/_example/.env.example b/packages/_example/.env.example index ee5c43ae8f..7c4ebaf6e7 100644 --- a/packages/_example/.env.example +++ b/packages/_example/.env.example @@ -21,3 +21,7 @@ FOREST_AUTH_SECRET= EXECUTOR_AGENT_URL=http://localhost:3351 WORKFLOW_EXECUTOR_URL=http://localhost:3400 EXECUTOR_DATABASE_URL=postgresql://executor:password@localhost:5459/workflow_executor +# when start:with-executor:multiple-instances command +# EXECUTOR_AGENT_URL=http://host.docker.internal:3351 +# WORKFLOW_EXECUTOR_URL=http://localhost:3400 +# EXECUTOR_DATABASE_URL=postgresql://executor:password@host.docker.internal:5459/workflow_executor diff --git a/packages/_example/package.json b/packages/_example/package.json index b3cd1a6dca..067902287a 100644 --- a/packages/_example/package.json +++ b/packages/_example/package.json @@ -48,9 +48,12 @@ "start:with-executor:with-openai": "concurrently --kill-others --names 'agent,executor' \"yarn start\" \"bash -c 'set -a && source .env && AGENT_URL=\\$EXECUTOR_AGENT_URL && DATABASE_URL=\\$EXECUTOR_DATABASE_URL && AI_PROVIDER=openai && AI_MODEL=gpt-4o && AI_API_KEY=\\$OPENAI_API_KEY && until curl -s \\$EXECUTOR_AGENT_URL >/dev/null 2>&1; do sleep 1; done && tsx watch ../workflow-executor/src/cli.ts --pretty'\"", "start:with-executor:with-anthropic": "concurrently --kill-others --names 'agent,executor' \"yarn start\" \"bash -c 'set -a && source .env && AGENT_URL=\\$EXECUTOR_AGENT_URL && DATABASE_URL=\\$EXECUTOR_DATABASE_URL && AI_PROVIDER=anthropic && AI_MODEL=claude-sonnet-4-6 && AI_API_KEY=\\$ANTHROPIC_API_KEY && until curl -s \\$EXECUTOR_AGENT_URL >/dev/null 2>&1; do sleep 1; done && tsx watch ../workflow-executor/src/cli.ts --pretty'\"", "start:with-executor:ai-error": "concurrently --kill-others --names 'agent,executor' \"yarn start\" \"bash -c 'set -a && source .env && AGENT_URL=\\$EXECUTOR_AGENT_URL && DATABASE_URL=\\$EXECUTOR_DATABASE_URL && FORCE_AI_ERROR=true && until curl -s \\$EXECUTOR_AGENT_URL >/dev/null 2>&1; do sleep 1; done && tsx watch ../workflow-executor/src/cli.ts --pretty'\"", + "start:with-executor:multiple-instances": "concurrently --kill-others --names 'agent,executors' \"yarn start\" \"bash -c 'set -a && source .env && yarn start:executors:docker'\"", "db:executor:up": "cd ../workflow-executor/example && docker compose up -d", "db:executor:down": "cd ../workflow-executor/example && docker compose down", - "db:executor:reset": "cd ../workflow-executor/example && docker compose down -v && docker compose up -d" + "db:executor:reset": "cd ../workflow-executor/example && docker compose down -v && docker compose up -d", + "start:executors:docker": "docker compose --env-file .env -f ../workflow-executor/example/docker-compose.executors.yml up", + "build:executors:docker": "docker compose -f ../workflow-executor/example/docker-compose.executors.yml build" }, "devDependencies": { "@types/node": "^20.12.12", diff --git a/packages/workflow-executor/Dockerfile b/packages/workflow-executor/Dockerfile new file mode 100644 index 0000000000..751b251d5d --- /dev/null +++ b/packages/workflow-executor/Dockerfile @@ -0,0 +1,37 @@ +# syntax=docker/dockerfile:1 +# +# Local/dev image for @forestadmin/workflow-executor. +# The build context MUST be the monorepo root (yarn workspaces + yarn.lock): +# +# docker build -f packages/workflow-executor/Dockerfile -t forest-workflow-executor:local . +# +# It is NOT optimized for production (ships the full workspace node_modules). + +FROM node:22-bookworm-slim AS builder +WORKDIR /app + +# --ignore-scripts skips husky, native (node-gyp) builds and binary downloads +# we don't need here: the runtime path is Postgres and `pg` is pure JS. The only +# native dep (sqlite3) is dev-only and unused at runtime. +COPY . . +RUN yarn install --frozen-lockfile --ignore-scripts + +# Build the executor and only its workspace dependencies (6 packages), in order. +RUN node_modules/.bin/lerna run build \ + --scope @forestadmin/workflow-executor \ + --include-dependencies + +FROM node:22-bookworm-slim AS runtime +WORKDIR /app +ENV NODE_ENV=production + +# Hoisted node_modules symlink into packages/*, so the whole tree must come along +# for the @forestadmin/* workspace symlinks to resolve. +COPY --from=builder /app ./ + +USER node + +# HTTP server (GET /runs/:runId, POST /runs/:runId/trigger). Override with HTTP_PORT. +EXPOSE 3400 + +CMD ["node", "packages/workflow-executor/dist/cli.js", "--json"] diff --git a/packages/workflow-executor/example/.env.example b/packages/workflow-executor/example/.env.example index 9e25c0d372..76e7dfaeb6 100644 --- a/packages/workflow-executor/example/.env.example +++ b/packages/workflow-executor/example/.env.example @@ -10,7 +10,7 @@ DATABASE_URL=postgres://executor:password@localhost:5459/workflow_executor # Optional — defaults shown HTTP_PORT=3400 -FOREST_SERVER_URL=https://api.forestadmin.com +FOREST_SERVER_URL=https://api.development.forestadmin.com POLLING_INTERVAL_MS=5000 # Optional local AI (all-or-nothing — falls back to server AI if any is missing) diff --git a/packages/workflow-executor/example/.env.executors.example b/packages/workflow-executor/example/.env.executors.example new file mode 100644 index 0000000000..86ee59cfbc --- /dev/null +++ b/packages/workflow-executor/example/.env.executors.example @@ -0,0 +1,27 @@ +# Copy to .env.executors and fill in. Used by docker-compose.executors.yml. + +# Forest Admin secrets — Settings -> Environments. FOREST_AUTH_SECRET MUST match +# the auth secret of the agent that signs forest_session_token, or every request +# proxied to the executor gets a 401. +FOREST_ENV_SECRET= +FOREST_AUTH_SECRET= + +# IMPORTANT: inside the containers, localhost/127.0.0.1 means the container +# itself, NOT your host. Anything on your machine (agent, Forest backend, +# Postgres) must be reached via host.docker.internal with its real port. + +# Your existing local Postgres run store. Both executors share it. +EXECUTOR_DATABASE_URL=postgres://user:password@host.docker.internal:5432/workflow_executor + +# Your agent, reachable from inside the containers. +EXECUTOR_AGENT_URL=http://host.docker.internal:3351 + +# The Forest orchestrator. Defaults to https://api.development.forestadmin.com. For a LOCAL +# backend use http(s)://host.docker.internal: (NOT localhost). Use http:// +# if it serves plaintext, else you'll hit an SSL "wrong version number" error. +# FOREST_SERVER_URL=http://host.docker.internal:3001 +NODE_TLS_REJECT_UNAUTHORIZED=0 + + +# Optional — default shown. +POLLING_INTERVAL_MS=5000 \ No newline at end of file diff --git a/packages/workflow-executor/example/docker-compose.executors.yml b/packages/workflow-executor/example/docker-compose.executors.yml new file mode 100644 index 0000000000..5c6b8d00f9 --- /dev/null +++ b/packages/workflow-executor/example/docker-compose.executors.yml @@ -0,0 +1,62 @@ +# Two workflow-executor instances behind an nginx round-robin gateway, sharing a +# single Postgres run store (so the write-ahead idempotency log is shared across +# instances). The store is YOUR existing local Postgres, reached via DATABASE_URL. +# +# cp .env.executors.example .env.executors # fill in secrets + DATABASE_URL +# docker compose --env-file .env.executors -f docker-compose.executors.yml up --build +# +# Point your agent at the gateway: workflowExecutorUrl: "http://localhost:3400". +# Your agent must be running on the host (executors probe AGENT_URL on startup). +# +# DATABASE_URL must use host.docker.internal (NOT localhost) to reach a Postgres +# running on your host, e.g. postgres://user:pass@host.docker.internal:5432/db + +name: workflow-executor-gateway + +x-executor-env: &executor-env + FOREST_ENV_SECRET: ${FOREST_ENV_SECRET} + FOREST_AUTH_SECRET: ${FOREST_AUTH_SECRET} + AGENT_URL: ${EXECUTOR_AGENT_URL:-http://host.docker.internal:3351} + FOREST_SERVER_URL: ${FOREST_SERVER_URL:-https://api.development.forestadmin.com} + DATABASE_URL: ${EXECUTOR_DATABASE_URL} + POLLING_INTERVAL_MS: ${POLLING_INTERVAL_MS:-5000} + HTTP_PORT: "3400" + NODE_TLS_REJECT_UNAUTHORIZED: 0 + +x-executor-common: &executor-common + image: forest-workflow-executor:local + restart: always + extra_hosts: + - "host.docker.internal:host-gateway" + # Forest local-dev domains resolve to 127.0.0.1 via the host's /etc/hosts (the orchestrator + # runs on the host). Inside containers 127.0.0.1 is the container itself, so map them to the + # host. Inert for non-dev setups (prod api.forestadmin.com is unaffected). + - "api.development.forestadmin.com:host-gateway" + - "app.development.forestadmin.com:host-gateway" + - "static.development.forestadmin.com:host-gateway" + +services: + executor-1: + <<: *executor-common + build: + context: ../../.. + dockerfile: packages/workflow-executor/Dockerfile + environment: *executor-env + + executor-2: + <<: *executor-common + environment: *executor-env + depends_on: + executor-1: + condition: service_started + + gateway: + image: nginx:1.27-alpine + restart: unless-stopped + ports: + - "3400:3400" + volumes: + - ./nginx-executor-gateway.conf:/etc/nginx/conf.d/default.conf:ro + depends_on: + - executor-1 + - executor-2 diff --git a/packages/workflow-executor/example/nginx-executor-gateway.conf b/packages/workflow-executor/example/nginx-executor-gateway.conf new file mode 100644 index 0000000000..bda730dc60 --- /dev/null +++ b/packages/workflow-executor/example/nginx-executor-gateway.conf @@ -0,0 +1,26 @@ +# Round-robin gateway in front of the two workflow-executor instances. +# Stateless: trigger re-fetches the run server-side and getRun reads the shared +# DB, so any instance serves any request — no sticky sessions needed. + +upstream executors { + server executor-1:3400; + server executor-2:3400; +} + +server { + listen 3400; + + location / { + proxy_pass http://executors; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # Authorization / Cookie are forwarded by default; AI/MCP steps can be slow. + proxy_read_timeout 600s; + proxy_send_timeout 600s; + + # Retry the other instance on connection/5xx failure. + proxy_next_upstream error timeout http_502 http_503 http_504; + } +}