Skip to content

[DevPortal] Fix distribution and configs#2734

Merged
Piumal1999 merged 8 commits into
wso2:mainfrom
lasanthaS:main
Jul 17, 2026
Merged

[DevPortal] Fix distribution and configs#2734
Piumal1999 merged 8 commits into
wso2:mainfrom
lasanthaS:main

Conversation

@lasanthaS

Copy link
Copy Markdown
Contributor

Purpose

This PR fixes distribution with secret generation and sample seeder scripts. Also, included a config restructure to use {{ env "value" "default" }} and {{ file "/path" "value" }} convention.

Security checks

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@lasanthaS, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 17 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f37a658c-44aa-43e1-bf21-99287ffe5f65

📥 Commits

Reviewing files that changed from the base of the PR and between 85d5daf and 5ab6139.

📒 Files selected for processing (44)
  • portals/developer-portal/.dockerignore
  • portals/developer-portal/.gitignore
  • portals/developer-portal/Dockerfile
  • portals/developer-portal/Makefile
  • portals/developer-portal/README.md
  • portals/developer-portal/configs/config-platform-api-template.toml
  • portals/developer-portal/configs/config-template.toml
  • portals/developer-portal/configs/config.toml
  • portals/developer-portal/database/schema.postgres.sql
  • portals/developer-portal/distribution/README.md
  • portals/developer-portal/distribution/docker-compose.yaml
  • portals/developer-portal/docker-compose.override.yaml
  • portals/developer-portal/docker-compose.platform-api.yaml
  • portals/developer-portal/docker-compose.yaml
  • portals/developer-portal/docker-entrypoint.sh
  • portals/developer-portal/docs/administer/manage-organizations.md
  • portals/developer-portal/docs/introduction/quick-start.md
  • portals/developer-portal/it/configs/config-platform-api-it.toml
  • portals/developer-portal/it/docker-compose.test.postgres.yaml
  • portals/developer-portal/it/docker-compose.test.yaml
  • portals/developer-portal/it/test-config.toml
  • portals/developer-portal/package.json
  • portals/developer-portal/scripts/seed-samples.sh
  • portals/developer-portal/scripts/setup.sh
  • portals/developer-portal/seeders/seed-apis.sh
  • portals/developer-portal/src/app.js
  • portals/developer-portal/src/config/configDefaults.js
  • portals/developer-portal/src/config/configLoader.js
  • portals/developer-portal/src/controllers/apiContentController.js
  • portals/developer-portal/src/controllers/orgContentController.js
  • portals/developer-portal/src/controllers/viewConfigureController.js
  • portals/developer-portal/src/dao/apiDao.js
  • portals/developer-portal/src/defaultContent/pages/home/page.hbs
  • portals/developer-portal/src/defaultContent/pages/home/partials/onboarding-overlay.hbs
  • portals/developer-portal/src/pages/settings/partials/cfg-apis-panel.hbs
  • portals/developer-portal/src/routes/pages/apiContentRoute.js
  • portals/developer-portal/src/scripts/onboarding-overlay.js
  • portals/developer-portal/src/scripts/settings-apis.js
  • portals/developer-portal/src/server.js
  • portals/developer-portal/src/services/apiMetadataService.js
  • portals/developer-portal/src/services/sampleSeederService.js
  • portals/developer-portal/src/utils/util.js
  • portals/developer-portal/tools/drift_check.js
  • portals/developer-portal/tools/generate-ddl.js
📝 Walkthrough

Walkthrough

The Developer Portal now uses explicit configuration interpolation and fail-closed secrets, generated local TLS and admin credentials, simplified Docker Compose services, external sample seeding, removed demo onboarding, and updated standalone distribution packaging and documentation.

Changes

Developer Portal standalone runtime

Layer / File(s) Summary
Configuration and security contracts
portals/developer-portal/configs/*, portals/developer-portal/src/config/*, portals/developer-portal/src/app.js, portals/developer-portal/it/*
Configuration now resolves explicit env/file references, validates security secrets, configures HTTPS, and removes demo defaults.
Provisioning and Compose runtime
portals/developer-portal/scripts/setup.sh, portals/developer-portal/docker-compose*.yaml, portals/developer-portal/docker-entrypoint.sh, portals/developer-portal/Dockerfile, portals/developer-portal/package.json
Setup generates secrets, admin credentials, and certificates; Compose mounts them into runtime services, and TLS startup validation now fails closed.
External sample management and portal cleanup
portals/developer-portal/scripts/seed-samples.sh, portals/developer-portal/src/controllers/*, portals/developer-portal/src/routes/*, portals/developer-portal/src/services/*, portals/developer-portal/src/defaultContent/*, portals/developer-portal/src/pages/*
Built-in demo onboarding and seeding routes are removed, while sample APIs and MCP servers are seeded through the standalone REST script.
Distribution packaging and guidance
portals/developer-portal/Makefile, portals/developer-portal/distribution/*, portals/developer-portal/README.md, portals/developer-portal/docs/*, portals/developer-portal/tools/*
Distribution assembly, setup instructions, configuration references, and DDL tooling are updated for the standalone layout.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant setup.sh
  participant DockerCompose
  participant platform-api
  participant devportal
  setup.sh->>setup.sh: Generate secrets and TLS files
  DockerCompose->>platform-api: Start with env file and mounted certificates
  DockerCompose->>devportal: Start with env file and mounted certificates
  platform-api-->>devportal: Healthcheck succeeds
  devportal->>devportal: Validate configuration and TLS files
Loading

Possibly related PRs

Suggested reviewers: renuka-fernando, malinthaprasan, tharsanan1

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description covers purpose and security checks, but most required template sections are missing or empty. Add the missing template sections for Goals, Approach, User stories, Documentation, Automation tests, Samples, Related PRs, and Test environment.
Docstring Coverage ⚠️ Warning Docstring coverage is 63.16% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and matches the main focus on distribution and config changes.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Piumal1999
Piumal1999 previously approved these changes Jul 17, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 9

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
portals/developer-portal/src/config/configLoader.js (1)

220-224: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Preserve each field’s declared type during interpolation.

This converts every numeric-looking string into a Number; values such as numeric usernames, IDs, passwords, or zero-prefixed keys are altered or lose precision. Coerce according to the corresponding configuration schema/default type, or introduce explicitly typed helpers.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@portals/developer-portal/src/config/configLoader.js` around lines 220 - 224,
Update coerceValue and its interpolation call sites to preserve each field’s
declared schema/default type instead of converting every numeric-looking string
to Number. Coerce only when the corresponding configuration field is explicitly
boolean or numeric; retain strings unchanged for identifiers, passwords,
zero-prefixed values, and other string-typed fields.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@portals/developer-portal/configs/config-platform-api-template.toml`:
- Around line 19-25: Update the manual setup instruction in the configuration
comment to direct operators to place both generated values in api-platform.env
instead of keys.env, matching setup.sh and the env lookups already described.

In `@portals/developer-portal/configs/config.toml`:
- Around line 70-72: Update the `insecure` setting in the Platform API
configuration to default to `false` instead of `true`, while preserving the
existing environment-variable override and certificate trust behavior.
- Around line 69-71: Update the local authentication configuration around
base_url and jwt_secret so the Platform API JWT verification key is required
when idp.clientId is empty. Remove the empty-string fallback for
APIP_DP_PLATFORMAPI_JWTSECRET or add conditional startup validation that fails
when local authentication is active without the key, while preserving non-local
authentication behavior.

In `@portals/developer-portal/scripts/seed-samples.sh`:
- Around line 88-89: Update the login request in the TOKEN assignment to
URL-encode both ADMIN_USERNAME and ADMIN_PASSWORD using curl’s --data-urlencode
options, while preserving the existing authentication endpoint and token
extraction.
- Around line 98-113: Update the temporary archive setup in the sample seeding
flow to create a private temporary directory with mktemp -d, then write the ZIP
inside that directory without deleting and reusing a temporary file path. Use
the resulting archive path for the curl upload and clean up the temporary
directory after the request completes.

In `@portals/developer-portal/scripts/setup.sh`:
- Around line 137-144: Update the JWT secret provisioning flow around
APIP_CP_AUTH_JWT_SECRET_KEY and APIP_DP_PLATFORMAPI_JWTSECRET so both aliases
are validated and provisioned atomically. Detect differing existing values and
fail with clear rotation instructions, or generate/reuse one secret and write
the same value to both entries together; do not let set_env_var preserve a stale
Developer Portal value.
- Around line 75-86: Update the setup flow around touch "$ENV_FILE" to enforce
mode 0600 for the generated environment file, and change CERT_FILE_MODE from 644
to owner/group-restricted permissions for key.pem. Ensure the container can
still read the mounted key by adjusting its ownership or using Docker secrets,
without leaving either secret globally readable.
- Around line 211-215: Update the admin credential provisioning logic around
APIP_CP_ADMIN_USERNAME and the corresponding password-hash variable to validate
them as a pair. Provision both credentials when neither exists, preserve both
when present, and explicitly fail when exactly one is set; ensure
CREDENTIALS_PROVISIONED reflects the pair’s valid state.
- Line 233: Update the ADMIN_HASH generation around docker run to provide
ADMIN_PASSWORD through standard input rather than exposing it as a command-line
argument, while preserving htpasswd output handling. In the fresh-provisioning
password display logic, print a generated password only when both stdin and
stdout are interactive; suppress it for non-interactive CI runs.

---

Outside diff comments:
In `@portals/developer-portal/src/config/configLoader.js`:
- Around line 220-224: Update coerceValue and its interpolation call sites to
preserve each field’s declared schema/default type instead of converting every
numeric-looking string to Number. Coerce only when the corresponding
configuration field is explicitly boolean or numeric; retain strings unchanged
for identifiers, passwords, zero-prefixed values, and other string-typed fields.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4e38d18f-4cbe-437c-90af-0aa32976eb75

📥 Commits

Reviewing files that changed from the base of the PR and between 82c0896 and 85d5daf.

📒 Files selected for processing (44)
  • portals/developer-portal/.dockerignore
  • portals/developer-portal/.gitignore
  • portals/developer-portal/Dockerfile
  • portals/developer-portal/Makefile
  • portals/developer-portal/README.md
  • portals/developer-portal/configs/config-platform-api-template.toml
  • portals/developer-portal/configs/config-template.toml
  • portals/developer-portal/configs/config.toml
  • portals/developer-portal/database/schema.postgres.sql
  • portals/developer-portal/distribution/README.md
  • portals/developer-portal/distribution/docker-compose.yaml
  • portals/developer-portal/docker-compose.override.yaml
  • portals/developer-portal/docker-compose.platform-api.yaml
  • portals/developer-portal/docker-compose.yaml
  • portals/developer-portal/docker-entrypoint.sh
  • portals/developer-portal/docs/administer/manage-organizations.md
  • portals/developer-portal/docs/introduction/quick-start.md
  • portals/developer-portal/it/configs/config-platform-api-it.toml
  • portals/developer-portal/it/docker-compose.test.postgres.yaml
  • portals/developer-portal/it/docker-compose.test.yaml
  • portals/developer-portal/it/test-config.toml
  • portals/developer-portal/package.json
  • portals/developer-portal/scripts/seed-samples.sh
  • portals/developer-portal/scripts/setup.sh
  • portals/developer-portal/seeders/seed-apis.sh
  • portals/developer-portal/src/app.js
  • portals/developer-portal/src/config/configDefaults.js
  • portals/developer-portal/src/config/configLoader.js
  • portals/developer-portal/src/controllers/apiContentController.js
  • portals/developer-portal/src/controllers/orgContentController.js
  • portals/developer-portal/src/controllers/viewConfigureController.js
  • portals/developer-portal/src/dao/apiDao.js
  • portals/developer-portal/src/defaultContent/pages/home/page.hbs
  • portals/developer-portal/src/defaultContent/pages/home/partials/onboarding-overlay.hbs
  • portals/developer-portal/src/pages/settings/partials/cfg-apis-panel.hbs
  • portals/developer-portal/src/routes/pages/apiContentRoute.js
  • portals/developer-portal/src/scripts/onboarding-overlay.js
  • portals/developer-portal/src/scripts/settings-apis.js
  • portals/developer-portal/src/server.js
  • portals/developer-portal/src/services/apiMetadataService.js
  • portals/developer-portal/src/services/sampleSeederService.js
  • portals/developer-portal/src/utils/util.js
  • portals/developer-portal/tools/drift_check.js
  • portals/developer-portal/tools/generate-ddl.js
💤 Files with no reviewable changes (13)
  • portals/developer-portal/distribution/docker-compose.yaml
  • portals/developer-portal/src/scripts/onboarding-overlay.js
  • portals/developer-portal/src/pages/settings/partials/cfg-apis-panel.hbs
  • portals/developer-portal/seeders/seed-apis.sh
  • portals/developer-portal/src/defaultContent/pages/home/partials/onboarding-overlay.hbs
  • portals/developer-portal/src/server.js
  • portals/developer-portal/src/routes/pages/apiContentRoute.js
  • portals/developer-portal/src/utils/util.js
  • portals/developer-portal/src/services/sampleSeederService.js
  • portals/developer-portal/src/controllers/orgContentController.js
  • portals/developer-portal/src/defaultContent/pages/home/page.hbs
  • portals/developer-portal/src/controllers/apiContentController.js
  • portals/developer-portal/src/scripts/settings-apis.js

Comment thread portals/developer-portal/configs/config-platform-api-template.toml
Comment thread portals/developer-portal/configs/config.toml
Comment thread portals/developer-portal/configs/config.toml
Comment thread portals/developer-portal/scripts/seed-samples.sh
Comment thread portals/developer-portal/scripts/seed-samples.sh
Comment thread portals/developer-portal/scripts/setup.sh
Comment thread portals/developer-portal/scripts/setup.sh
Comment thread portals/developer-portal/scripts/setup.sh
Comment thread portals/developer-portal/scripts/setup.sh
@Piumal1999
Piumal1999 merged commit 6f7a777 into wso2:main Jul 17, 2026
5 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants