Merge pull request #2084 from bluewave-labs/develop-saas

Merging develop-saas into master-saas

Author: HarshP4585

.claude/settings.local.json

@@ -0,0 +1,42 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(npm run build:*)",
+      "Bash(mkdir:*)",
+      "Bash(npm run lint)",
+      "Bash(npm run lint:*)",
+      "Bash(npx tsc:*)",
+      "Bash(npx eslint:*)",
+      "Bash(git checkout:*)",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(git push:*)",
+      "Bash(gh pr create:*)",
+      "Bash(grep:*)",
+      "Bash(git pull:*)",
+      "Bash(node:*)",
+      "Bash(npm start)",
+      "Bash(npx swagger-jsdoc:*)",
+      "Bash(gh pr list:*)",
+      "Bash(find:*)",
+      "Bash(cat:*)",
+      "Bash(git fetch:*)",
+      "Bash(git merge:*)",
+      "Bash(git stash:*)",
+      "Bash(gh pr view:*)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "mcp__ide__getDiagnostics",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "Read(/A:\\VerifyWiseRepository\\verifywise\\Clients\\src\\presentation\\components\\AddNewRiskForm\\MitigationSection/**)",
+      "WebFetch(domain:github.com)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}

.env.dev

@@ -10,6 +10,10 @@ NODE_ENV=development
 
 MULTI_TENANCY_ENABLED=false
 
+# Google Authentication
+# Get your Google Client ID from: https://console.developers.google.com/
+GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
+
 RESEND_API_KEY=your-resend-api-key
 
 # Database

.env.prod

@@ -12,6 +12,10 @@ DB_SSL=false
 
 MULTI_TENANCY_ENABLED=false
 
+# Google Authentication
+# Get your Google Client ID from: https://console.developers.google.com/
+GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
+
 RESEND_API_KEY=your-resend-api-key
 
 # Database

.github/workflows/docker-image-saas-test.yml

@@ -0,0 +1,86 @@
+name: Build and Push Images to GitHub Container Registry
+
+on:
+  push:
+    branches:
+      - develop-saas
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    environment: Build
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Debug GitHub Token Access
+        run: |
+          if [ -z "${{ secrets.GITHUB_TOKEN }}" ]; then
+            echo "GITHUB_TOKEN is NOT available"
+            exit 1
+          else
+            echo "GITHUB_TOKEN is available"
+          fi
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify Google Client ID Secret
+        run: |
+          if [ -z "${{ secrets.GOOGLE_CLIENT_ID }}" ]; then
+            echo "GOOGLE_CLIENT_ID secret is NOT available"
+            exit 1
+          fi
+
+      - name: Build and push Clients image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./Clients
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/verifywise-frontend-saas:test
+          build-args: |
+            VITE_GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}
+
+      - name: Build and push Servers image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./Servers
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/verifywise-backend-saas:test
+
+      - name: Build and push BiasAndFairnessServers image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./BiasAndFairnessServers
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/verifywise-bias-and-fairness-backend-saas:test
+
+      - name: Deploy to Testing
+        uses: appleboy/ssh-action@v0.1.5
+        with:
+          host: ${{ secrets.TEST_HOST }}
+          username: ${{ secrets.TEST_USER }}
+          key: ${{ secrets.TEST_SSH_KEY }}
+          script: |
+            cd /root/verifywise
+            docker-compose --env-file .env.prod down
+            docker images --format "table {{.Repository}}:{{.Tag}}\t{{.ID}}" | grep -v -E "(redis|postgres)" | awk 'NR>1 {print $2}' | xargs -r docker rmi -f || true
+            ./install.sh

.github/workflows/docker-image-saas.yml

@@ -8,6 +8,7 @@ jobs:
   build-and-push:
     if: ${{ endsWith(github.event.release.tag_name, '-saas') }}
     runs-on: ubuntu-latest
+    environment: Build
 
     env:
       FULL_TAG: ${{ github.event.release.tag_name }}
@@ -45,6 +46,13 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Verify Google Client ID Secret
+        run: |
+          if [ -z "${{ secrets.GOOGLE_CLIENT_ID }}" ]; then
+            echo "GOOGLE_CLIENT_ID secret is NOT available"
+            exit 1
+          fi
+
       - name: Build and push Clients image
         uses: docker/build-push-action@v4
         with:
@@ -54,6 +62,8 @@ jobs:
           tags: |
             ghcr.io/${{ github.repository_owner }}/verifywise-frontend-saas:${{ env.TAG }}
             ghcr.io/${{ github.repository_owner }}/verifywise-frontend-saas:latest
+          build-args: |
+            VITE_GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}
 
       - name: Build and push Servers image
         uses: docker/build-push-action@v4
@@ -74,3 +84,15 @@ jobs:
           tags: |
             ghcr.io/${{ github.repository_owner }}/verifywise-bias-and-fairness-backend-saas:${{ env.TAG }}
             ghcr.io/${{ github.repository_owner }}/verifywise-bias-and-fairness-backend-saas:latest
+
+      - name: Deploy to Production
+        uses: appleboy/ssh-action@v0.1.5
+        with:
+          host: ${{ secrets.PROD_HOST }}
+          username: ${{ secrets.PROD_USER }}
+          key: ${{ secrets.PROD_SSH_KEY }}
+          script: |
+            cd /root/verifywise
+            docker-compose --env-file .env.prod down
+            docker images --format "table {{.Repository}}:{{.Tag}}\t{{.ID}}" | grep -v -E "(redis|postgres)" | awk 'NR>1 {print $2}' | xargs -r docker rmi -f || true
+            ./install.sh

Clients/Dockerfile

@@ -13,20 +13,27 @@ RUN npm install
 # Step 5: Copy the rest of the application files
 COPY . .
 
-# Step 6: Build the application
+# Step 6: Accept env variables for Vite
+ARG VITE_GOOGLE_CLIENT_ID
+ENV VITE_GOOGLE_CLIENT_ID=$VITE_GOOGLE_CLIENT_ID
+
+# Step 7: Build the application
 RUN npm run build
 
-# Step 7: Use a lightweight web server for production
+# Step 8: Use a lightweight web server for production
 FROM nginx:1.25-alpine
 
-# Step 8: Copy the build output to NGINX's default public directory
+# Step 9: Copy the build output to NGINX's default public directory
 COPY --from=build /app/dist /usr/share/nginx/html
 
-# Step 9: Copy the custom NGINX configuration
+# Step 9: Copy the custom error page
+# COPY upgrade.html /usr/share/nginx/html/upgrade.html
+
+# Step 10: Copy the custom NGINX configuration
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
-# Step 10: Expose port 80
+# Step 11: Expose port 80
 EXPOSE 80
 
-# Step 11: Start NGINX server
+# Step 12: Start NGINX server
 CMD ["nginx", "-g", "daemon off;"]

Clients/env.vars.ts

@@ -4,8 +4,9 @@ export const ENV_VARs = {
     (typeof window !== "undefined" // only run in browser
       ? `${window.location.protocol}//${window.location.hostname}${
           window.location.protocol === "https:" ? "" : ":3000"
-        }` // use current URL if not set
+      }` // use current URL if not set
       : "http://localhost:3000/"), // final Node/SSR fallback
   IS_DEMO_APP: import.meta.env.VITE_IS_DEMO_APP === "true",
   IS_MULTI_TENANT: import.meta.env.VITE_IS_MULTI_TENANT === "true",
+  GOOGLE_CLIENT_ID: import.meta.env.VITE_GOOGLE_CLIENT_ID ?? "",
 };

Clients/nginx.conf

@@ -9,6 +9,7 @@ server {
     }
 
     error_page 404 /index.html;
+    # error_page 502 503 504 /upgrade.html;
 
     location ~* \.(?:ico|css|js|gif|jpe?g|png|woff2?|eot|ttf|svg|map)$ {
         expires max;