Commit Graph

119 Commits

Author SHA1 Message Date
Jason Zimdars b19770c2a8 Show different things to non-admins 2025-12-16 12:00:23 +01:00
Jason Zimdars 6411268d7a More fancy apostrophes 2025-12-16 12:00:23 +01:00
Jason Zimdars b1a8b3c859 Layout 2025-12-16 12:00:23 +01:00
Jason Zimdars 5957ed6449 Typo 2025-12-16 12:00:23 +01:00
Jason Zimdars 9953508541 Fancy apostrophes 2025-12-16 12:00:23 +01:00
Jason Zimdars d556f051a6 Spelling 2025-12-16 12:00:23 +01:00
Jorge Manrubia e53455d2ca Paid plans never exceed limits! 2025-12-16 12:00:23 +01:00
Jorge Manrubia d5018cab23 Fix typo 2025-12-16 12:00:23 +01:00
Jorge Manrubia ca5095cafd Fix typo with unlimitted 2025-12-16 12:00:23 +01:00
Jorge Manrubia 623d80017f Add stripe envs 2025-12-16 12:00:23 +01:00
Jorge Manrubia c34e29454e Document how to work with Stripe locally 2025-12-16 12:00:23 +01:00
Jorge Manrubia fc0dc9423d Kill previous tunnel automatically 2025-12-16 12:00:23 +01:00
Jorge Manrubia 5baf9d879d Dont't fail if not set 2025-12-16 12:00:23 +01:00
Jorge Manrubia 90eb61bb5f Add script to set stripe env vars from 1password 2025-12-16 12:00:23 +01:00
Jorge Manrubia a25bd9adfd Let's use a single sandbox environment via 1password ENV vars 2025-12-16 12:00:23 +01:00
Jorge Manrubia 5be4dca80e Refresh the subscription instead of relying on event payloads
Events can land out of order. See https://github.com/basecamp/fizzy-saas/pull/23#discussion_r2609909558
2025-12-16 12:00:23 +01:00
Jorge Manrubia 984a5dd4ce Add Stripe-based billing system
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Jason Zimdars <jz@37signals.com>
2025-12-16 12:00:23 +01:00
Jorge Manrubia 2616045476 Add rubocop linting 2025-12-16 11:54:31 +01:00
Jeremy Daer 6050b80fdd Reduce retained containers to free disk space faster (#32)
Beta/staging: 1 (down from default 5)
Production: 2 (registry is local, quick to pull)
2025-12-13 10:32:18 -08:00
Mike Dalessio acc90ec8eb Fix inclusion of Fizzy::Saas::Authorization::Controller 2025-12-12 15:28:27 -05:00
Mike Dalessio 19383b408d Merge pull request #30 from basecamp/flavorjones/limit-staging-beta-to-internal
Restrict logins to employees in staging
2025-12-12 15:10:11 -05:00
Mike Dalessio d82d68fcd0 Restrict logins to employees in staging
as inferred from the email domain, which must be "@37signals.com" or
"@basecamp.com".
2025-12-12 15:07:16 -05:00
Matthew Kent f15121645a Bump queenbee-plugin to pickup the staging host move.
See https://3.basecamp.com/2914079/buckets/21350690/card_tables/cards/9367648417
2025-12-11 11:31:29 -08:00
Fernando Álvarez 88de372f41 Migrate Staging app URL to app.fizzy-staging.com 2025-12-11 17:36:06 +01:00
Kevin McConnell 54a9641dee Also set multi_tenant for SaaS development 2025-12-11 12:22:10 +00:00
Kevin McConnell 03ea5f7b89 Set multi_tenant config option
To allow the non-SaaS version of Fizzy to default to single-tenant mode,
we'll enable a `multi_tenant.enabled` config option here that overrides
the default behaviour.
2025-12-11 11:38:42 +00:00
Jeremy Daer 221e596c5d Enforce CSP (#25) 2025-12-10 17:36:23 -08:00
Jeremy Daer 59d77cf104 CSP: move SaaS-only sources out of OSS (#24) 2025-12-10 17:11:36 -08:00
Jeremy Daer 219f4d60b6 Prefer FQDN 2025-12-10 15:01:32 -08:00
Jeremy Daer e35c1223f4 Sentry: error context and release tracking (#22)
* Sentry: use KAMAL_VERSION for release tracking

Kamal injects KAMAL_VERSION at container runtime with the git SHA,
so no need to bake it into the Docker image via build args.

* Sentry: serve as Rails error reporter

Sentry receives errors from Rails.error.report and Active Job
`retry_on/discard_on report: true`.

Error context is provided by Rails.error.set_context in Fizzy's
Authentication concern and ApplicationJob.
2025-12-08 09:39:35 -08:00
Jeremy Daer 8572fd77b8 Content Security Policy: report-only mode to Sentry (#21) 2025-12-05 10:57:41 -08:00
Mike Dalessio 8f73e1e1be Add console1984 and audits1984
To keep as much of this as we can in the `fizzy-saas` gem, this PR
opts to store console/audits models in a separate database, and so:

- the gem contains the migrations and the database config
- the app contains a separate schema file distinctly for SaaS concerns
  - Rails' current behavior prevents us from easily keeping this file in the gem

Also note that the stock `audits1984` schema is updated to reference
the auditor via a UUID foreign key.

Finally, in order for the database schema file to be located in the
gem directory (and not the application directory), it's necessary to
monkeypatch `AR::DatabaseTasks.schema_dump_path` to support absolute
paths. This functionality has been proposed upstream in
https://github.com/rails/rails/pull/56290 but is awaiting a decision
from the core team.

ref: https://app.fizzy.do/5986089/cards/2469
ref: #17
2025-12-04 11:43:48 -05:00
Mike Dalessio 9876307cf6 Merge pull request #19 from basecamp/flavorjones/gitleaks-allow-20251203
Mark a development token as gitleaks:allow
2025-12-03 17:05:27 -05:00
Mike Dalessio 3ab3bcc580 Mark a development token as gitleaks:allow 2025-12-03 17:03:16 -05:00
Lewis Buckley 23d7c48928 Upgrade prometheus-client-mmap to ~> 1.4.0 2025-12-03 15:54:23 +00:00
Mike Dalessio ca6caa7a92 Add deployment secrets for active record encryption
which is used by console1984 and audits1984.

ref: https://app.fizzy.do/5986089/cards/2469
2025-12-02 22:30:07 -05:00
Olivier 1bba8457e2 Fix typo in README for open source mode instructions (#13) 2025-12-02 13:34:44 -08:00
Jeremy Daer 74e968ba9d Bundler: normalize platforms 2025-12-02 13:34:20 -08:00
Jeremy Daer 9f6f4da363 Release under O'Saasy license (#16) 2025-12-02 13:33:27 -08:00
Mike Dalessio d62e8819a8 Merge pull request #12 from basecamp/flavorjones/gc-tune-20251202
Bump GC parameters
2025-12-02 12:08:35 -05:00
Mike Dalessio bf4573a7df Bump GC parameters
per autotuner advice:

    The following suggestions reduce the number of minor garbage
    collection cycles, specifically a cycle called "malloc". Your app
    runs malloc cycles in approximately 25.00% of all minor garbage
    collection cycles.
2025-12-02 11:57:59 -05:00
Jorge Manrubia a204b188b0 Fix: log identity ids 2025-12-02 15:27:22 +01:00
Jorge Manrubia b3611363a9 Merge pull request #8 from basecamp/drop-healthcheck-metrics
Drop healthcheck metrics
2025-11-30 11:14:41 +01:00
Mike Dalessio d2db893677 We don't run jobs in beta
I think this was hallucinated in the original commit. This is causing
racing between beta and prod, and as a result beta was attempting to
send emails for production.

Fortunately, smtp is not configured in beta and prevented bad emails
from going out. 😅
2025-11-29 19:24:03 -05:00
Jorge Manrubia f7482d5c55 Move solid-queue dev setup to the engine 2025-11-29 21:45:48 +01:00
Jorge Manrubia 17bd37d731 Merge pull request #10 from basecamp/move-env-configs
Move env-specific bits to env files
2025-11-29 16:28:25 +01:00
Jorge Manrubia 5a8b980f20 Update README 2025-11-29 16:26:49 +01:00
Jorge Manrubia 5366b89892 Test moved to the host app as part of making signup code identical 2025-11-29 11:54:01 +01:00
Jorge Manrubia 1a74735218 We need to require this *after* or the mocks won't work 2025-11-29 11:53:47 +01:00
Jorge Manrubia 299212aae1 Move env-specific bits to env files
TIL Rails engines load these by default before loading the host app's
2025-11-29 11:46:23 +01:00