feat(engine): Split runner url into private/public env vars (#135)

TracecatHQ · May 9, 2024 · e3275d6 · e3275d6
1 parent 659143d
commit e3275d6
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 4 deletions.
diff --git a/.env.example b/.env.example
@@ -18,7 +18,8 @@ TRACECAT__API_URL=http://api:8000
 # Runner Service URL
 # We recommend using ngrok here, but feel free to use any other service
 # Run `ngrok http --domain=INSERT_STATIC_NGROK_DOMAIN_HERE 8001` to start ngrok and get the forwarding URL
-TRACECAT__RUNNER_URL=https://your-ngrok-runner-url
+TRACECAT__RUNNER_URL=http://runner:8000
+TRACECAT__PUBLIC_RUNNER_URL=https://your-ngrok-runner-url
 
 # --- RabbitMQ ---
 RABBITMQ_DEFAULT_PASS=guest

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -20,6 +20,7 @@ services:
       TRACECAT__SIGNING_SECRET: ${TRACECAT__SIGNING_SECRET}
       TRACECAT__API_URL: ${TRACECAT__API_URL}
       TRACECAT__RUNNER_URL: ${TRACECAT__RUNNER_URL}
+      TRACECAT__PUBLIC_RUNNER_URL: ${TRACECAT__PUBLIC_RUNNER_URL}
       # Auth
       CLERK_FRONTEND_API_URL: ${CLERK_FRONTEND_API_URL}
       TRACECAT__DISABLE_AUTH: ${TRACECAT__DISABLE_AUTH}
@@ -52,6 +53,7 @@ services:
       TRACECAT__SIGNING_SECRET: ${TRACECAT__SIGNING_SECRET}
       TRACECAT__API_URL: ${TRACECAT__API_URL}
       TRACECAT__RUNNER_URL: ${TRACECAT__RUNNER_URL}
+      TRACECAT__PUBLIC_RUNNER_URL: ${TRACECAT__PUBLIC_RUNNER_URL}
       # Integrations
       OPENAI_API_KEY: ${OPENAI_API_KEY}
       RESEND_API_KEY: ${RESEND_API_KEY}

diff --git a/env.sh b/env.sh
@@ -97,7 +97,7 @@ cp .env.example .env
 dotenv_replace "TRACECAT__SERVICE_KEY" "$service_key" "$env_file"
 dotenv_replace "TRACECAT__SIGNING_SECRET" "$signing_secret" "$env_file"
 dotenv_replace "TRACECAT__DB_ENCRYPTION_KEY" "$db_fernet_key" "$env_file"
-dotenv_replace "TRACECAT__RUNNER_URL" "$runner_url" "$env_file"
+dotenv_replace "TRACECAT__PUBLIC_RUNNER_URL" "$runner_url" "$env_file"
 dotenv_replace "OPENAI_API_KEY" "$openai_api_key" "$env_file"
 dotenv_replace "RESEND_API_KEY" "$resend_api_key" "$env_file"
 

diff --git a/tracecat/config.py b/tracecat/config.py
@@ -12,6 +12,7 @@
 TRACECAT__APP_ENV = os.environ.get("TRACECAT__APP_ENV", "dev")
 TRACECAT__API_URL = os.environ.get("TRACECAT__API_URL", "http://api:8000")
 TRACECAT__RUNNER_URL = os.environ.get("TRACECAT__RUNNER_URL", "http://runner:8000")
+TRACECAT__PUBLIC_RUNNER_URL = os.environ["TRACECAT__PUBLIC_RUNNER_URL"]
 
 TRACECAT__TIMESTAMP_FORMAT = "%Y%m%d%H%M%S"
 TRACECAT__TRIAGE_DIR = TRACECAT_DIR / "triage"

diff --git a/tracecat/db.py b/tracecat/db.py
@@ -23,7 +23,7 @@
 from tracecat import auth, integrations
 from tracecat.config import (
     TRACECAT__APP_ENV,
-    TRACECAT__RUNNER_URL,
+    TRACECAT__PUBLIC_RUNNER_URL,
     TRACECAT_DIR,
 )
 from tracecat.labels.mitre import get_mitre_tactics_techniques
@@ -319,7 +319,7 @@ def secret(self) -> str:
     @computed_field
     @property
     def url(self) -> str:
-        return f"{TRACECAT__RUNNER_URL}/webhook/{self.id}/{self.secret}"
+        return f"{TRACECAT__PUBLIC_RUNNER_URL}/webhook/{self.id}/{self.secret}"
 
 
 def create_db_engine() -> Engine: