Working n8n with Oauth

Author: KevyVo

samples/n8n/.env

@@ -7,15 +7,22 @@ on:
 
 jobs:
   deploy:
-    environment: playground
     runs-on: ubuntu-latest
     permissions:
       contents: read
       id-token: write
 
     steps:
-    - name: Checkout Repo
-      uses: actions/checkout@v4
+      - name: Checkout Repo
+        uses: actions/checkout@v4
 
-    - name: Deploy
-      uses: DefangLabs/[email protected]
+      - name: Deploy
+        uses: DefangLabs/[email protected]
+        with:
+          config-env-vars: POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DB POSTGRES_NON_ROOT_USER POSTGRES_NON_ROOT_PASSWORD
+        env:
+          POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+          POSTGRES_NON_ROOT_USER: ${{ secrets.POSTGRES_NON_ROOT_USER }}
+          POSTGRES_NON_ROOT_PASSWORD: ${{ secrets.POSTGRES_NON_ROOT_PASSWORD }}

samples/n8n/.github/workflows/deploy.yaml

@@ -47,11 +47,11 @@ The name of your Postgres database. You need to set this before deploying for th
 
 ### `POSTGRES_NON_ROOT_USER`
 
-The non-root user for your Postgres database, it will be used in the service release to setup non-root access for your Postgres database. It is also used in the script called `init-data.sh`. You need to set this before deploying for the first time.
+The non-root user for your Postgres database, it will be used in the service setup to setup non-root access for your Postgres database. It is also used in the script called `init-data.sh`. You need to set this before deploying for the first time.
 
 ### `POSTGRES_NON_ROOT_PASSWORD`
 
-The POSTGRES_NON_ROOT_USER's password for your Postgres database, it will be used in the service release to setup non-root access for your Postgres database. It is also used in the script called `init-data.sh`. You need to set this before deploying for the first time.
+The POSTGRES_NON_ROOT_USER's password for your Postgres database, it will be used in the service setup to setup non-root access for your Postgres database. It is also used in the script called `init-data.sh`. You need to set this before deploying for the first time.
 
 ## Deployment
 
@@ -75,7 +75,7 @@ This will use `compose.yaml` which extends `compose.dev.yaml` but:
 
 - Removes volume mounts (not supported by Defang)
 - Removes PostgreSQL port exposure for security
-- Adds a `release` service to initialize the database with proper user permissions
+- Adds a `setup` service to initialize the database with proper user permissions
 - Optimizes environment variables for cloud deployment
 
 ### BYOC (AWS)

samples/n8n/README.md

@@ -1,29 +1,23 @@
-version: '3.8'
-
-# Defang does not support volumes, therefore these volumes are only used for local development and will be ignored in production. 
-# Consider using s3 buckets instead: https://docs.n8n.io/hosting/scaling/external-storage/
 volumes:
   db_storage:
   n8n_storage:
 
 services:
   postgres:
-    image: postgres:16
-    restart: always
+    extends:
+      file: compose.yaml
+      service: postgres
     environment:
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=${POSTGRES_DB}
-      - POSTGRES_NON_ROOT_USER=${POSTGRES_NON_ROOT_USER}
-      - POSTGRES_NON_ROOT_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=defang12345
+      - POSTGRES_DB=n8n
+      - POSTGRES_NON_ROOT_USER=defang_user
+      - POSTGRES_NON_ROOT_PASSWORD=defang12345
     volumes:
       - db_storage:/var/lib/postgresql/data
       - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
     healthcheck:
-      test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}']
-      interval: 5s
-      timeout: 5s
-      retries: 10
+      test: ["CMD-SHELL", "pg_isready -h localhost -U postgres -d n8n"]
 
   n8n:
     image: docker.n8n.io/n8nio/n8n
@@ -32,9 +26,9 @@ services:
       - DB_TYPE=postgresdb
       - DB_POSTGRESDB_HOST=postgres
       - DB_POSTGRESDB_PORT=5432
-      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
-      - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
-      - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
+      - DB_POSTGRESDB_DATABASE=n8n
+      - DB_POSTGRESDB_USER=defang_user
+      - DB_POSTGRESDB_PASSWORD=defang12345
     ports:
       - 5678:5678
     links:
@@ -43,4 +37,4 @@ services:
       - n8n_storage:/home/node/.n8n
     depends_on:
       postgres:
-        condition: service_healthy
+        condition: service_healthy

samples/n8n/compose.dev.yaml

@@ -0,0 +1,63 @@
+services:
+  setup:
+    # This is a one-off job to initialize the database with a non-root user
+    build:
+      dockerfile: setup.Dockerfile
+    command: "/init-data.sh"
+    environment:
+      - POSTGRES_USER
+      - POSTGRES_HOST=${POSTGRES_USER}
+      # Need to pass PGPASSWORD so the password can be used by psql in the script init-data.sh
+      - PGPASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB
+      - POSTGRES_NON_ROOT_USER
+      - POSTGRES_NON_ROOT_PASSWORD
+    restart: "no"
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+  postgres:
+    image: postgres:16
+    restart: always
+    environment:
+      - POSTGRES_USER
+      - POSTGRES_PASSWORD
+      - POSTGRES_DB
+      - POSTGRES_NON_ROOT_USER
+      - POSTGRES_NON_ROOT_PASSWORD
+    healthcheck:
+      test:
+        [
+          "CMD-SHELL",
+          "pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}",
+        ]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+  n8n:
+    image: docker.n8n.io/n8nio/n8n
+    restart: always
+    environment:
+      - DB_TYPE=postgresdb
+      - DB_POSTGRESDB_HOST=postgres
+      - DB_POSTGRESDB_PORT=5432
+      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
+      - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
+      - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
+      # https://community.n8n.io/t/how-to-change-localhost-5678-from-webhook-url/27033/8
+      - N8N_HOST=n8n--5678.n8n.kevyvo.defang.app
+      - N8N_PORT=5678
+      - N8N_PROTOCOL=https
+      - NODE_ENV=production
+      - WEBHOOK_URL=https://n8n--5678.n8n.kevyvo.defang.app
+    ports:
+      - 5678:5678
+    links:
+      - postgres
+    depends_on:
+      setup:
+        condition: service_completed_successfully
+      postgres:
+        condition: service_healthy

samples/n8n/compose.yaml

@@ -3,12 +3,35 @@ set -e;
 
 
 if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then
-# Need to add --host because it is run in a separate container
-	psql -v ON_ERROR_STOP=1 --host="$POSTGRES_HOST" --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-		CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}';
-		GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER};
-		GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER};
-	EOSQL
+	# Retry logic with maximum 20 attempts and 3-second delays
+	max_attempts=20
+	attempt=1
+	
+	while [ $attempt -le $max_attempts ]; do
+		echo "Attempt $attempt of $max_attempts to initialize database..."
+		
+		# Need to add --host because it is run in a separate container
+		if psql -v ON_ERROR_STOP=1 --host="$POSTGRES_HOST" --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+			CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}';
+			GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER};
+			GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER};
+		EOSQL
+		then
+			echo "Database initialization successful on attempt $attempt"
+			break
+		else
+			echo "Database initialization failed on attempt $attempt"
+			if [ $attempt -lt $max_attempts ]; then
+				echo "Waiting 3 seconds before retry..."
+				sleep 3
+			else
+				echo "All $max_attempts attempts failed. Exiting."
+				exit 1
+			fi
+		fi
+		
+		attempt=$((attempt + 1))
+	done
 else
 	echo "SETUP INFO: No Environment variables given!"
 fi