Skip to content

Commit 2106260

Browse files
committed
Use read-only project-scoped s2 tokens for streaming deployment logs
1 parent 9fdf91a commit 2106260

2 files changed

Lines changed: 27 additions & 1 deletion

File tree

apps/webapp/app/env.server.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1201,6 +1201,9 @@ const EnvironmentSchema = z
12011201
EVENT_LOOP_MONITOR_UTILIZATION_SAMPLE_RATE: z.coerce.number().default(0.05),
12021202

12031203
VERY_SLOW_QUERY_THRESHOLD_MS: z.coerce.number().int().optional(),
1204+
1205+
S2_ACCESS_TOKEN: z.string(),
1206+
S2_DEPLOYMENT_LOGS_BASIN_NAME: z.string(),
12041207
})
12051208
.and(GithubAppEnvSchema);
12061209

apps/webapp/app/presenters/v3/DeploymentPresenter.server.ts

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,16 @@ import {
33
ExternalBuildData,
44
prepareDeploymentError,
55
} from "@trigger.dev/core/v3";
6-
import { RuntimeEnvironment, type WorkerDeployment } from "@trigger.dev/database";
6+
import { type RuntimeEnvironment, type WorkerDeployment } from "@trigger.dev/database";
77
import { type PrismaClient, prisma } from "~/db.server";
88
import { type Organization } from "~/models/organization.server";
99
import { type Project } from "~/models/project.server";
1010
import { findEnvironmentBySlug } from "~/models/runtimeEnvironment.server";
1111
import { type User } from "~/models/user.server";
1212
import { getUsername } from "~/utils/username";
1313
import { processGitMetadata } from "./BranchesPresenter.server";
14+
import { S2 } from "@s2-dev/streamstore";
15+
import { env } from "~/env.server";
1416

1517
export type ErrorData = {
1618
name: string;
@@ -43,6 +45,7 @@ export class DeploymentPresenter {
4345
select: {
4446
id: true,
4547
organizationId: true,
48+
externalRef: true,
4649
},
4750
where: {
4851
slug: projectSlug,
@@ -142,7 +145,27 @@ export class DeploymentPresenter {
142145
? ExternalBuildData.safeParse(deployment.externalBuildData)
143146
: undefined;
144147

148+
const s2 = new S2({ accessToken: env.S2_ACCESS_TOKEN });
149+
const projectS2AccessToken = await s2.accessTokens.issue({
150+
id: `${project.externalRef}-${new Date().getTime()}`,
151+
expires_at: new Date(Date.now() + 60 * 60 * 1000).toISOString(), // 1 hour
152+
scope: {
153+
ops: ["read"],
154+
basins: {
155+
exact: env.S2_DEPLOYMENT_LOGS_BASIN_NAME,
156+
},
157+
streams: {
158+
prefix: `projects/${project.externalRef}/deployments/`,
159+
},
160+
},
161+
});
162+
145163
return {
164+
s2Logs: {
165+
basin: env.S2_DEPLOYMENT_LOGS_BASIN_NAME,
166+
stream: `projects/${project.externalRef}/deployments/${deployment.shortCode}`,
167+
accessToken: projectS2AccessToken.access_token,
168+
},
146169
deployment: {
147170
id: deployment.id,
148171
shortCode: deployment.shortCode,

0 commit comments

Comments
 (0)