merge dev -> main (#815)

* #480 Docs for rest api (#667) * add utoipa dependencies * add tags * add full description to /user endpoints * Apply suggestions from code review Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> --------- Co-authored-by: cpprian <cyprian@MacBook-Air-Cyprian.local> Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * Docs for rest api - /device endpoints (#672) * add utoipa dependencies * feat: init openapi to describe /api/v1/user * nest /swagger-ui into /api/v1 * get json with api details * add group section * add api description for enrollment * update description of start_enrollment, start_remote_desktop_configuration, username_available * add description of update and delete user api * add description of change_self_password, change_password and reset_password endpoints * add description of wallet challenge, updatte wallet, delete wallet and set wallet endpoints * add description of delete_authorized_app, delete_security_key, me endpoints * fix typo in path to delete_security_key * add status code 500 description to few endpoints * return .env vars to default * update comment for not misunderstanding * fix rustfmt format errors * add tags * add full description to /user endpoints part 1 * add full description to /user endpoints part 2 * update .env and delete pnpm-lock.yaml * fix rust fmt errors * Apply suggestions from code review Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * add description of /device endpoints * describe tag wireguard * add description of /group endpoints * add swagger-ui lib * rename endpoint * Apply suggestions from code review Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * change name of the wireguard tag to device * Apply suggestions from code review #2 Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * fix params, requests and imports --------- Co-authored-by: cpprian <cyprian@MacBook-Air-Cyprian.local> Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * update defguard logo in email template (#686) * update defguard logo in email template * rename path for logo image * Defguard log level should be set for tower httptrace logs (#693) * set tower_http::trace log level by DEFGUARD_LOG_LEVEL * set all log events by DEFGUARD_LOG_LEVEL * undo .env values * chore(deps): bump braces from 3.0.2 to 3.0.3 in /web + readme update (#694) * Update README.md * chore(deps): bump braces from 3.0.2 to 3.0.3 in /web Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> Co-authored-by: Robert Olejnik <robert@teonite.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: updated actions to use the correct runner (#695) * fix: fix pnpm lockfile (#696) * Fixes in the enrollment process (#687) * update mail_enrollment with information about token * separate TokenExpired error from the other TokenError * feat: Add external OpenID login (#676) * wip: OIDC structures & migration * wip: callback handler * handler expects id_token as query parameter, should be after '#' * extract user info * wip: try and parse the claims ISSUE: no jwks keys * wip: Decoded the claims using openidconnect client * proper nonce * Simple OpenID settings tab * Fetch openid providers from API * wip: display providers * rudimentary openid flow * openid flow 2 * openid buttons and polishing * cleanup * cargo lock * parse url * format * cleanup and comments * sqlx prepare * fixes * cleanup, refactoring, tests * cargo fix * fix type * fmt * compress migrations * cleanup * fix frontend * enable e2e and dev deployment * license update * fix test * make changes according to the review * flow rework and fixes * cargo fix * change action to amd64 and temporarily disable e2e tests * x64 * assign correct runner to most workflows * cargo fmt * remove double slash * dfg mfa support * cargo fmt * remove temporary code --------- Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> * impl gRPC health service (#700) * Prepare the database for licenses (#710) * Logs in critical places (#707) * add info log that proxy has been disconnected from core * move WireguardPeerStatus stats log to debug from info * del .env config * set SQLX_OFFLINE to false * undo last commit * update sqlx * run cargo sqlx prepare * add for test purpose sqlx::test * sqlx prepare for all targets * Update src/grpc/mod.rs Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> --------- Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * Add CI linting on dev branch (#713) * add version * print only version * swap auth-secret-key to default * Fix: e-mail MFA code verification (#714) * Fix: e-mail MFA code verification * Expand comments * Fix doctests --------- Co-authored-by: Robert Olejnik <robert@teonite.com> * Update logo in emails (#699) * update defguard logo in email template * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * rename path for logo image * Update README.md * Update README.md * Update README.md * change dimensions of new-logo on emails --------- Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> Co-authored-by: Robert Olejnik <robert@teonite.com> * add toaster Too many bad login attempts (#711) * add toaster Too many bad login attempts * sqlx prepare * Update web/src/i18n/en/index.ts Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * Add polish translation for tooManyBadLoginAttempts --------- Co-authored-by: Robert Olejnik <robert@teonite.com> Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * fix: fix a loop when logging in through external openid (#720) * remove dependencies from array * disable linting * add debugs logs for enrollment process (#708) * add debugs logs for enrollment process * add more debug logs for desktop activation, enrollment and create device * comment arm build * cargo fmt * add more debug logs v2 * uncomment arm build and change defguard version from 0.11.1 to 1.0.0 * Apply suggestions from code review Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * apply cargo fmt --------- Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> Co-authored-by: Robert Olejnik <robert@teonite.com> * Fix: TOTP (#722) Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * feat: Enterprise license (#709) * wip: OIDC structures & migration * wip: callback handler TODO: * handler expects id_token as query parameter, should be after '#' * extract user info * wip: try and parse the claims ISSUE: no jwks keys * wip: Decoded the claims using openidconnect client TODO: * proper nonce * Simple OpenID settings tab * Fetch openid providers from API * wip: display providers * rudimentary openid flow * openid flow 2 * openid buttons and polishing * cleanup * cargo lock * parse url * format * cleanup and comments * sqlx prepare * fixes * cleanup, refactoring, tests * cargo fix * fix type * fmt * compress migrations * cleanup * fix frontend * enable e2e and dev deployment * license update * fix test * make changes according to the review * flow rework and fixes * cargo fix * change action to amd64 and temporarily disable e2e tests * x64 * assign correct runner to most workflows * cargo fmt * remove double slash * dfg mfa support * cargo fmt * rudimentary license handling * further improvements, renewal service * cleanup * move license protobuf * cleanup * tweaks, env variables * add better comment * remove old migrations * cleanup * add temporary build * sqlx prepare * fixes, more logs * fix log levels * cleanup * Apply suggestions from code review Co-authored-by: Adam <aciarcinski@teonite.com> * sort dependencies * organize imports * remove redundant arguments * fix redundant argument * missing enterprise version view * global state rework * cargo fmt * cleanup * fix tests * delete unused import * fixes * cleanup * fix tests * eslint fix * add a test * add comment * fix css * cleanup * change logs * ux changes * linter fixes --------- Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> Co-authored-by: Robert Olejnik <robert@teonite.com> Co-authored-by: Adam <aciarcinski@teonite.com> * Implement new token for gateway in location (#721) * provide toaster with too many bad login attempts by error code 429 * undo docker & .env changes * auth token, from package, one line install * getNetworkActions * add button * gateway location setup v1 * add polish translation * fix lint issue * apply suggestions * render markdown instead of html tags from types * run prettier --------- Co-authored-by: Robert Olejnik <robert@teonite.com> * Build FreeBSD package * Fix copy-paste typos * Use newer rust and postgres for tests * fix: fix e2e pnpm lockfile (#730) * rebuild lockfile * revert the lockfile * cleanup * Build multi-arch (#481) * Unclog E2E and dev deployment * CI: fix architecutre; do not build for armv7 anymore * Add git commit SHA to version string * fix: fix "current" workflow (#732) * Manifest tag fix * Manifest tag fix, take 2 * Manifest tag fix, take 3 * Manifest tag fix, take 4 * feat: enterprise behavior settings (#715) * Prepare the license feature for the experimental version (#734) * prepare the license feature for a pre-release version * fixes * Build multi-arch with --amend * Rename tab "Behavior" -> "Enterprise features" * Refetch enterprise settings on window focus * fix: remove enterprise settings toast (#737) * change username creation logic * refactor * Mfa code email reformat (#743) * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * video intro * Update README.md * Update README.md * Update README.md * center Date section & Copyright * add name into email context * change link to client download page * cargo fmt * fix bugs * add span * del <b> tag from EMAIL_CODE_REGEX in test auth.rs * try b tag * Update templates/mail_email_mfa_code.tera Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * Update src/templates.rs Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * Update src/templates.rs Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> --------- Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> Co-authored-by: Robert Olejnik <robert@teonite.com> * Fix email footer (#748) * fix footer --------- Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> Co-authored-by: Robert Olejnik <robert@teonite.com> * update max overdue time * display license info * eslint fix * add version * fix constraints * enterprise_enabled -> state.enterprise_status?.enabled * fix: remove devices from network when deleting a user (#754) * sync network state when deleting a user * cleanup, optimization * revert query * add comment --------- Co-authored-by: Robert Olejnik <robert@teonite.com> * add link to documentation (#757) * add link to documentation * Add link to documentation in use enrollment process (#760) * clicking link opens a new page * fix lint errors * Unable to delete configuration for ldap and smtp when it is configured (#759) * del ldap button * add del button for smtp * Update web/src/i18n/pl/index.ts Co-authored-by: Adam <aciarcinski@teonite.com> * Update web/src/i18n/pl/index.ts Co-authored-by: Adam <aciarcinski@teonite.com> --------- Co-authored-by: Adam <aciarcinski@teonite.com> * fix bugs in global settings page (#761) * fix bugs in global settings page * change values in restore button * set default values in form * fix: update license server url, set timeout (#762) * feat: disable showing manual wireguard configuration (#763) * manual wg config disabling * cleanup * cleanup * update protobufs * sqlx prepare * sqlx prepare --------- Co-authored-by: Robert Olejnik <robert@teonite.com> * fix e2e tests (#768) * fix log message (#771) * Change public key, extract signing keys (#773) * extract subkeys from key * fallback to primary key * unwrap -> expect * Code cleanup (#775) * Display warning modal when trying to change the username or email (#777) * display warning modal * eslint fix * Apply suggestions from code review Co-authored-by: Cyprian <46838495+cpprian@users.noreply.github.com> * generate translation types --------- Co-authored-by: Cyprian <46838495+cpprian@users.noreply.github.com> * add more tests (#778) * Add korean translation (#781) * Add korean translation * Fix korean translations * chore: revert to default locale --------- Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com> * fix phrasing (#782) * generate localization types (#784) * feat: config polling (#758) Enables desktop clients to get configuration updates without issuing new enrollment token. * CI: fix re-creating manifests * chore: more logs for enrollment process (#786) * feat: Display license status (#787) * display license status * orange -> red * inform about the status on tabs * feat: add option to prevent routing all traffic through the vpn (#765) * add option * sqlx prepare * prepare * send the value via config polling * cargo fix * disable_route_all_traffic -> disable_all_traffic * update protobufs * cargo fmt * Update src/grpc/utils.rs Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> --------- Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> * match users logging in through openid by the sub claim (#788) * match logging in users through sub claim * sqlx prepare * move the account creation check * Rework instance config fetching (#791) * instance settings fetching rework * Log errors * debug -> error * update protobufs * cargo fmt --------- Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> * Generate polling token on instance update (#793) * issue a new token on instance update * prepare * Update src/grpc/utils.rs Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> --------- Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> * Quick fixes (#795) * change the behavior of the username change warning modal (#798) * fix dns regex check (#799) * fix: restore group fetching on the user edit page, update urls (#802) * fix groups * update url * Database model with type states (#750) * Add nix flake * fix: Change enterprise setting phrasing and remove the ability to close a message box (#812) * change phrasing * add information about the desktop client * feat(CI): enable armv7 docker builds (#813) * build ARMv7 Docker images * add quotes --------- Co-authored-by: Maciej Wójcik <maciek@wjck.pl> * Enterprise license * trigger build * Enterprise license info in the AGPL license --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Cyprian <46838495+cpprian@users.noreply.github.com> Co-authored-by: cpprian <cyprian@MacBook-Air-Cyprian.local> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Robert Olejnik <robert@teonite.com> Co-authored-by: Jacek Chmielewski <jchmielewski@teonite.com> Co-authored-by: cpprian <cpprian456@gmail.com> Co-authored-by: Adam <aciarcinski@teonite.com> Co-authored-by: Tim Lee <hwiorn@gmail.com> Co-authored-by: Maciek <mwojcik@teonite.com> Co-authored-by: Maciej Wójcik <maciek@wjck.pl>
DefGuard · Oct 9, 2024 · e4039c4 · e4039c4
1 parent 43b4ab0
commit e4039c4
Show file tree

Hide file tree

Showing 301 changed files with 28,608 additions and 14,504 deletions.
diff --git a/.fpm b/.fpm
@@ -1,6 +1,5 @@
 -s dir
 --name defguard
---architecture x86_64
 --description "defguard core service"
 --url "https://defguard.net/"
 --maintainer "teonite"
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -0,0 +1,86 @@
+name: Build Docker image
+
+on:
+  workflow_call:
+    inputs:
+      tags:
+        description: "List of tags as key-value pair attributes"
+        required: false
+        type: string
+
+env:
+  GHCR_REPO: ghcr.io/defguard/defguard
+
+jobs:
+  build-docker:
+    runs-on:
+      - self-hosted
+      - Linux
+      - ${{ matrix.runner }}
+    strategy:
+      matrix:
+        cpu: [arm64, amd64, arm/v7]
+        include:
+          - cpu: arm64
+            runner: ARM64
+            tag: arm64
+          - cpu: amd64
+            runner: X64
+            tag: amd64
+          - cpu: arm/v7
+            runner: ARM
+            tag: armv7
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["dockerhub-proxy.teonite.net"]
+      - name: Build container
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/${{ matrix.cpu }}
+          provenance: false
+          push: true
+          tags: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  docker-manifest:
+    runs-on: [self-hosted, Linux]
+    needs: [build-docker]
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.GHCR_REPO }}
+          tags: ${{ inputs.tags }}
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create and push manifests
+        run: |
+          tags='${{ env.GHCR_REPO }}:${{ github.sha }} ${{ steps.meta.outputs.tags }}'
+          for tag in ${tags}
+          do
+            docker manifest rm ${tag} || true
+            docker manifest create ${tag} ${{ env.GHCR_REPO }}:${{ github.sha }}-amd64 ${{ env.GHCR_REPO }}:${{ github.sha }}-arm64 ${{ env.GHCR_REPO }}:${{ github.sha }}-armv7
+            docker manifest push ${tag}
+          done
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,12 +21,12 @@ env:
 
 jobs:
   test:
-    runs-on: [self-hosted, Linux]
-    container: rust:1.77
+    runs-on: [self-hosted, Linux, X64]
+    container: rust:1
 
     services:
       postgres:
-        image: postgres:14-alpine
+        image: postgres:15-alpine
         env:
           POSTGRES_DB: defguard
           POSTGRES_USER: defguard

diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
@@ -5,50 +5,23 @@ on:
       - main
       - dev
     paths-ignore:
-      - '*.md'
-      - 'LICENSE'
+      - "*.md"
+      - "LICENSE"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  build-docker:
-    runs-on: [self-hosted, Linux]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/defguard/defguard
-          tags: |
-            type=raw,value=current
-            type=ref,event=branch
-            type=sha
-      - name: Login to GitHub container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          buildkitd-config-inline: |
-            [registry."docker.io"]
-              mirrors = ["dockerhub-proxy.teonite.net"]
-      - name: Build container
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+  build-current:
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=current
+        type=ref,event=branch
+        type=sha
+
   trigger-e2e:
-    needs: build-docker
+    needs: build-current
     uses: ./.github/workflows/e2e.yml
     secrets: inherit
diff --git a/.github/workflows/dev-deployment.yml b/.github/workflows/dev-deployment.yml
@@ -4,7 +4,7 @@ on:
 
 jobs:
   deploy-dev:
-    runs-on: [self-hosted, Linux]
+    runs-on: [self-hosted, Linux, X64]
     environment: DEV
     if: ${{ github.event_name != 'pull_request' && github.ref_name == 'dev' }}
     env:
@@ -15,6 +15,6 @@ jobs:
       - name: Add SHORT_SHA env variable
         run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
       - name: Deploy new image version
-        uses: actions-hub/kubectl@v1.30.0
+        uses: actions-hub/kubectl@v1.30.3
         with:
           args: --namespace defguard-dev set image deployment/defguard defguard=ghcr.io/defguard/defguard:sha-${{ env.SHORT_SHA }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -15,45 +15,24 @@ env:
 
 jobs:
   rustdoc:
-    runs-on: [self-hosted, Linux]
-    container: rust:1.77
-    services:
-      postgres:
-        image: postgres:15-alpine
-        env:
-          POSTGRES_DB: defguard
-          POSTGRES_USER: defguard
-          POSTGRES_PASSWORD: defguard
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
+    runs-on: [self-hosted, Linux, X64]
+    container: rust:1-slim
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           submodules: recursive
 
-      - name: Set database URL
-        run: sed -i -e 's,localhost,postgres,' .env
-
       - name: Install protoc
         run: apt-get update && apt-get -y install protobuf-compiler
 
       - name: Build Docs
         env:
-          DEFGUARD_DB_HOST: postgres
-          DEFGUARD_DB_PORT: 5432
-          DEFGUARD_DB_NAME: defguard
-          DEFGUARD_DB_USER: defguard
-          DEFGUARD_DB_PASSWORD: defguard
           SQLX_OFFLINE: true
-        run: cargo doc --all --no-deps
+        run: cargo doc --no-deps --workspace
 
       - name: Deploy Docs
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_branch: gh-pages

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   test:
-    runs-on: [self-hosted, Linux]
+    runs-on: [self-hosted, Linux, X64]
     steps:
       - uses: actions/checkout@v4
       - name: Set up Docker Buildx

diff --git a/.github/workflows/lint-e2e.yml b/.github/workflows/lint-e2e.yml
@@ -2,22 +2,24 @@ on:
   push:
     branches:
       - main
+      - dev
     paths:
       - "e2e/**"
   pull_request:
     branches:
       - main
+      - dev
     paths:
       - "e2e/**"
 
 jobs:
   lint-e2e:
-    runs-on: [self-hosted, Linux]
+    runs-on: [self-hosted, Linux, X64]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 19
+          node-version: 20
       - name: install deps
         working-directory: ./e2e
         run: |

diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml
@@ -2,24 +2,26 @@ on:
   push:
     branches:
       - main
+      - dev
     paths:
       - "web/**"
   pull_request:
     branches:
       - main
+      - dev
     paths:
       - "web/**"
 
 jobs:
   lint-web:
-    runs-on: [self-hosted, Linux]
+    runs-on: [self-hosted, Linux, X64]
     steps:
       - uses: actions/checkout@v4
         with:
-          submodules: 'recursive'
+          submodules: "recursive"
       - uses: actions/setup-node@v4
         with:
-          node-version: 19
+          node-version: 20
       - name: install deps
         working-directory: ./web
         run: |