Update to 2021-12-01 19:13

roles/appsmith/defaults/main.yml

@@ -0,0 +1,53 @@
+---
+
+# Version to deploy
+appsmith_version: 1.5.25
+# URL of the source archive
+appsmith_archive_url: https://github.com/appsmithorg/appsmith/archive/v{{ appsmith_version }}.tar.gz
+# sha1sum of the archive
+appsmith_archive_sha1: dceebde21c7b0a989aa7fb96bac044df4f2ddf50
+
+# Root directory where appsmith will be installed
+appsmith_root_dir: /opt/appsmith
+# Should ansible handle upgrades (True) or only initial install (False)
+appsmith_manage_upgrade: True
+
+# User account under which appsmith will run
+appsmith_user: appsmith
+
+# appsmith needs a redis server and a mongodb one
+appsmith_redis_url: redis://localhost:6379
+# A random one will be created and stored in the meta directory if not defined here
+appsmith_mongo_user: appsmith
+# appsmith_mongo_pass: S3cr3t.
+# Note: if appsmith_mongo_pass is defined, it'll be used with appsmith_mongo_user to connect, even if not indicated in appsmith_mongo_url
+# Else, anonymous connection is made. By default, if you do not set appsmith_mongo_pass, a random one will be created
+# If you insist on using anonymous connections, you should set appsmith_mongo_pass to False
+appsmith_mongo_url: mongodb://localhost/appsmith?retryWrites=true
+
+# appsmith server component
+appsmith_server_port: 8088
+# List of IP/CIDR having access to appsmith_server_port
+appsmith_server_src_ip: []
+
+# Email settings
+appsmith_email_from: noreply@{{ ansible_domain }}
+appsmith_email_server: localhost
+appsmith_email_port: 25
+appsmith_email_tls: "{{ (appsmith_email_port == 587) | ternary(True,False) }}"
+# appsmith_email_user: account
+# appsmith_email_pass: S3Cr3T4m@1l
+
+# Encryption settings. If not defined, random values will be created and used
+# appsmith_encryption_pass: p@ssw0rd
+# appsmith_encryption_salt: Salt
+
+# Public URL used to access appsmith
+appsmith_public_url: http://{{ inventory_hostname }}
+
+# User signup can be disabled
+appsmith_user_signup: True
+# If signup is enabled, you can restrict which domains are allowed to signup (an empty list means no restriction)
+appsmith_signup_whitelist: []
+# If signup is disabled, you can set a list of whitelisted email which will be allowed
+appsmith_admin_emails: []

roles/appsmith/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart appsmith-server
+  service: name=appsmith-server state=restarted

roles/appsmith/meta/main.yml

@@ -0,0 +1,11 @@
+---
+
+dependencies:
+  - role: mkdir
+  - role: maven
+  - role: repo_mongodb
+  - role: redis_server
+    when: appsmith_redis_url | urlsplit('hostname') in ['localhost','127.0.0.1']
+  - role: mongodb_server
+    when: appsmith_mongo_url | urlsplit('hostname') in ['localhost','127.0.0.1']
+  - role: nginx

roles/appsmith/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}.tar.zst --use-compress-program=zstd ./
+  environment:
+    ZST_CLEVEL: 10
+  args:
+    chdir: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}"
+    warn: False
+  tags: appsmith

roles/appsmith/tasks/archive_pre.yml

@@ -0,0 +1,33 @@
+---
+
+- name: Create the archive dir
+  file:
+    path: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}"
+    state: directory
+  tags: appsmith
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ appsmith_root_dir }}/{{ item }}"
+    dest: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}"
+    recursive: True
+    delete: True
+  loop:
+    - server
+    - client
+    - etc
+    - meta
+  delegate_to: "{{ inventory_hostname }}"
+  tags: appsmith
+
+- name: Dump mongo database
+  shell: |
+    mongodump --quiet \
+      --out {{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}/ \
+      --uri \
+      {% if  appsmith_mongo_pass is defined and appsmith_mongo_pass != False %}
+      {{ appsmith_mongo_url | urlsplit('scheme') }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url | urlsplit('hostname') }}{% if appsmith_mongo_url | urlsplit('port') %}:{{ appsmith_mongo_url | urlsplit('port') }}{% endif %}{{ appsmith_mongo_url | urlsplit('path') }}?{{ appsmith_mongo_url | urlsplit('query') }}
+      {% else %}
+      {{ appsmith_mongo_url }}
+      {% endif %}
+  tags: appsmith

roles/appsmith/tasks/cleanup.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Remove tmp and unused files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}"
+    - "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}"
+    - "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}.tar.gz"
+  tags: appsmith

roles/appsmith/tasks/conf.yml

@@ -0,0 +1,30 @@
+---
+
+- name: Deploy appsmith server conf
+  template: src={{ item }}.j2 dest={{ appsmith_root_dir }}/etc/{{ item }} group={{ appsmith_user }} mode=640
+  loop:
+    - env
+  notify: restart appsmith-server
+  tags: appsmith
+
+- name: Deploy nginx conf
+  template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/appsmith.conf
+  notify: reload nginx
+  tags: appsmith
+
+- name: Create the mongodb user
+  mongodb_user:
+    database: "{{ appsmith_mongo_url | urlsplit('path') | regex_replace('^\\/', '') }}"
+    name: "{{ appsmith_mongo_user }}"
+    password: "{{ appsmith_mongo_pass }}"
+    login_database: admin
+    login_host: "{{ appsmith_mongo_url | urlsplit('hostname') }}"
+    login_port: "{{ appsmith_mongo_url | urlsplit('port') | ternary(appsmith_mongo_url | urlsplit('port'),omit) }}"
+    login_user: mongoadmin
+    login_password: "{{ mongo_admin_pass }}"
+    roles:
+      - readWrite
+  when:
+    - appsmith_mongo_pass is defined
+    - appsmith_mongo_pass != False
+  tags: appsmith

roles/appsmith/tasks/directories.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ appsmith_root_dir }}"
+      mode: 755
+    - dir: "{{ appsmith_root_dir }}/archives"
+      mode: 700
+    - dir: "{{ appsmith_root_dir }}/backup"
+      mode: 700
+    - dir: "{{ appsmith_root_dir }}/tmp"
+      owner: "{{ appsmith_user }}"
+      mode: 700
+    - dir: "{{ appsmith_root_dir }}/src"
+      owner: "{{ appsmith_user }}"
+    - dir: "{{ appsmith_root_dir }}/server"
+      owner: "{{ appsmith_user }}"
+    - dir: "{{ appsmith_root_dir }}/server/plugins"
+      owner: "{{ appsmith_user }}"
+    - dir: "{{ appsmith_root_dir }}/client"
+    - dir: "{{ appsmith_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ appsmith_root_dir }}/etc"
+      group: "{{ appsmith_user }}"
+      mode: 750
+    - dir: "{{ appsmith_root_dir }}/bin"
+  tags: appsmith

roles/appsmith/tasks/facts.yml

@@ -0,0 +1,61 @@
+---
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ appsmith_root_dir }}"
+        - version: "{{ appsmith_version }}"
+    - set_fact: appsmith_install_mode={{ (install_mode == 'upgrade' and not appsmith_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: appsmith_current_version={{ current_version | default('') }}
+  tags: appsmith
+
+# Create a random encryption password
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ appsmith_root_dir }}/meta/ansible_encryption_pass"
+    - set_fact: appsmith_encryption_pass={{ rand_pass }}
+  when: appsmith_encryption_pass is not defined
+  tags: appsmith
+
+# Create a random encryption salt
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ appsmith_root_dir }}/meta/ansible_encryption_salt"
+        - complex: False
+        - pass_size: 10
+    - set_fact: appsmith_encryption_salt={{ rand_pass }}
+  when: appsmith_encryption_salt is not defined
+  tags: appsmith
+
+- set_fact: appsmith_mongo_pass={{ appsmith_mongo_url | urlsplit('password') | urldecode }}
+  when:
+    - appsmith_mongo_pass is not defined
+    - appsmith_mongo_url | urlsplit('password') is string
+  tags: mongo
+
+# Create a random password for mongo
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ appsmith_root_dir }}/meta/ansible_mongo_pass"
+    - set_fact: appsmith_mongo_pass={{ rand_pass }}
+  when: appsmith_mongo_pass is not defined
+  tags: appsmith
+
+# Try to read mongo admin pass
+- name: Check if mongo pass file exists
+  stat: path=/root/.mongo.pw
+  register: appsmith_mongo_pw
+  tags: appsmith
+- when: appsmith_mongo_pw.stat.exists and mongo_admin_pass is not defined
+  block:
+    - slurp: src=/root/.mongo.pw
+      register: appsmith_mongo_admin_pass
+    - set_fact: mongo_admin_pass={{ appsmith_mongo_admin_pass.content | b64decode | trim }}
+  tags: appsmith
+- fail: msg='mongo_admin_pass must be provided'
+  when: not appsmith_mongo_pw.stat.exists and mongo_admin_pass is not defined
+  tags: appsmith

roles/appsmith/tasks/install.yml

@@ -0,0 +1,141 @@
+---
+
+- name: Install dependencies
+  yum:
+    name:
+      - nodejs
+      - java-11-openjdk
+      - java-11-openjdk-devel
+      - mongodb-org-tools
+      - make
+      - gcc-c++
+  tags: appsmith
+
+- name: Detect exact JRE version
+  command: rpm -q java-11-openjdk
+  args:
+    warn: False
+  changed_when: False
+  register: appsmith_jre11_version
+  tags: appsmith
+
+- name: Select JRE 11 as default version
+  alternatives:
+    name: "{{ item.name }}"
+    link: "{{ item.link }}"
+    path: "{{ item.path }}"
+  loop:
+    - name: java
+      link: /usr/bin/java
+      path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}/bin/java
+    - name: javac
+      link: /usr/bin/javac
+      path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}/bin/javac
+    - name: jre_openjdk
+      link: /usr/lib/jvm/jre-openjdk
+      path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}
+    - name: java_sdk_openjdk
+      link: /usr/lib/jvm/java-openjdk
+      path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}
+  tags: appsmith
+
+- name: Stop the service during upgrade
+  service: name=appsmith-server state=stopped
+  when: appsmith_install_mode == 'upgrade'
+  tags: appsmith
+
+- when: appsmith_install_mode != 'none'
+  block:
+
+    - name: Download appsmith
+      get_url:
+        url: "{{ appsmith_archive_url }}"
+        dest: "{{ appsmith_root_dir }}/tmp"
+        checksum: sha1:{{ appsmith_archive_sha1 }}
+
+    - name: Extract appsmith archive
+      unarchive:
+        src: "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}.tar.gz"
+        dest: "{{ appsmith_root_dir }}/tmp"
+        remote_src: True
+
+    - name: Move sources
+      synchronize:
+        src: "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}/"
+        dest: "{{ appsmith_root_dir }}/src/"
+        compress: False
+        delete: True
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Compile the server
+      command: /opt/maven/apache-maven/bin/mvn -DskipTests clean package
+      args:
+        chdir: "{{ appsmith_root_dir }}/src/app/server"
+
+    - name: Remove previous server version
+      shell: find {{ appsmith_root_dir }}/server -name \*.jar -exec rm -f "{}" \;
+
+    - name: Copy server jar
+      copy: src={{ appsmith_root_dir }}/src/app/server/appsmith-server/target/server-1.0-SNAPSHOT.jar dest={{ appsmith_root_dir }}/server/ remote_src=True
+      notify: restart appsmith-server
+
+    - name: List plugins
+      shell: find {{ appsmith_root_dir }}/src/app/server/appsmith-*/*/target -maxdepth 1 -name \*.jar \! -name original\*
+      register: appsmith_plugins_jar
+
+    - name: Install plugins jar
+      copy: src={{ item }} dest={{ appsmith_root_dir }}/server/plugins/ remote_src=True
+      loop: "{{ appsmith_plugins_jar.stdout_lines }}"
+
+    - name: Install yarn
+      npm:
+        name: yarn
+        path: "{{ appsmith_root_dir }}/src/app/client"
+
+    - name: Install NodeJS dependencies
+      command: ./node_modules/yarn/bin/yarn install --ignore-engines
+      args:
+        chdir: "{{ appsmith_root_dir }}/src/app/client"
+
+    # Not sure why but yarn installs webpack 4.46.0 while appsmith wants 4.44.2
+    - name: Install correct webpack version
+      command: ./node_modules/yarn/bin/yarn add webpack@4.44.2 --ignore-engines
+      args:
+        chdir: "{{ appsmith_root_dir }}/src/app/client"
+
+    - name: Build the client
+      command: ./node_modules/.bin/craco --max-old-space-size=3072 build --config craco.build.config.js
+      args:
+        chdir: "{{ appsmith_root_dir }}/src/app/client"
+
+  # Note : the client will be deployed in {{ appsmith_root_dir }}/client
+  # with a ExecStartPre hook of the server, which will take care of replacing
+  # placeholders with current settings. So no need to do it here
+
+  become_user: "{{ appsmith_user }}"
+  tags: appsmith
+
+- name: Deploy systemd unit
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
+  loop:
+    - appsmith-server.service
+  register: appsmith_units
+  notify: restart appsmith-server
+  tags: appsmith
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: appsmith_units.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: appsmith
+
+- name: Install pre-start script
+  template: src=pre-start.sh.j2 dest={{ appsmith_root_dir }}/bin/pre-start mode=755
+  notify: restart appsmith-server
+  tags: appsmith
+
+- name: Install pre/post backup hoooks
+  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/appsmith mode=700
+  loop:
+    - pre
+    - post
+  tags: appsmith

roles/appsmith/tasks/iptables.yml

@@ -0,0 +1,12 @@
+---
+
+- name:  Handle appsmith ports in the firewall
+  iptables_raw:
+    name: "{{ item.name }}"
+    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
+  loop:
+    - name: appsmith_server_port
+      port: "{{ appsmith_server_port }}"
+      src_ip: "{{ appsmith_server_src_ip }}"
+  tags: firewall,appsmith

roles/appsmith/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: appsmith_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: appsmith_install_mode == 'upgrade'
+- include: cleanup.yml
+

roles/appsmith/tasks/services.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Start and enable the services
+  service: name={{ item }} state=started enabled=True
+  loop:
+    - appsmith-server
+  tags: appsmith

roles/appsmith/tasks/user.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Create appsmith user
+  user:
+    name: "{{ appsmith_user }}"
+    home: "{{ appsmith_root_dir }}"
+    system: True
+  tags: appsmith

roles/appsmith/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ appsmith_version }} dest={{ appsmith_root_dir }}/meta/ansible_version
+  tags: appsmith

roles/appsmith/templates/appsmith-server.service.j2

@@ -0,0 +1,35 @@
+[Unit]
+Description=Opensource framework to build app and workflows
+After=syslog.target network.target mongodb.service redis.service
+
+[Service]
+Type=simple
+User={{ appsmith_user }}
+Group={{ appsmith_user }}
+EnvironmentFile={{ appsmith_root_dir }}/etc/env
+WorkingDirectory={{ appsmith_root_dir }}/server
+PermissionsStartOnly=yes
+ExecStartPre={{ appsmith_root_dir }}/bin/pre-start
+ExecStart=/bin/java -Djava.net.preferIPv4Stack=true \
+            -Dserver.port={{ appsmith_server_port }} \
+            -Djava.security.egd="file:/dev/./urandom" \
+{% if system_proxy is defined and system_proxy != '' %}
+             -Dhttp.proxyHost={{ system_proxy | urlsplit('hostname') }} \
+             -Dhttp.proxyPort={{ system_proxy | urlsplit('port') }} \
+             -Dhttps.proxyHost={{ system_proxy | urlsplit('hostname') }} \
+             -Dhttps.proxyPort={{ system_proxy | urlsplit('port') }} \
+{% endif %}
+            -jar server-1.0-SNAPSHOT.jar
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=4096M
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+SyslogIdentifier=appsmith-server
+
+[Install]
+WantedBy=multi-user.target
+

roles/appsmith/templates/env.j2

@@ -0,0 +1,25 @@
+APPSMITH_MAIL_ENABLED=true
+APPSMITH_MAIL_FROM={{ appsmith_email_from }}
+APPSMITH_MAIL_HOST={{ appsmith_email_server }}
+APPSMITH_MAIL_PORT={{ appsmith_email_port }}
+APPSMITH_MAIL_SMTP_TLS_ENABLED={{ appsmith_email_tls | ternary('true','false') }}
+{% if appsmith_email_user is defined and appsmith_email_pass is defined %}
+APPSMITH_MAIL_SMTP_AUTH=true
+APPSMITH_MAIL_USERNAME={{ appsmith_email_user }}
+APPSMITH_MAIL_PASSWORD={{ appsmith_email_pass }}
+{% endif %}
+APPSMITH_REDIS_URL={{ appsmith_redis_url }}
+{% if appsmith_mongo_user is defined and appsmith_mongo_pass is defined and appsmith_mongo_pass != False %}
+{% set appsmith_mongo_url_obj = appsmith_mongo_url | urlsplit %}
+APPSMITH_MONGODB_URI={{ appsmith_mongo_url_obj['scheme'] }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url_obj['hostname'] }}{% if appsmith_mongo_url_obj['port'] %}:{{ appsmith_mongo_url_obj['port'] }}{% endif %}{{ appsmith_mongo_url_obj['path'] }}?{{ appsmith_mongo_url_obj['query'] }}
+{% else %}
+APPSMITH_MONGODB_URI={{ appsmith_mongo_url }}
+{% endif %}
+APPSMITH_DISABLE_TELEMETRY=true
+APPSMITH_ENCRYPTION_PASSWORD={{ appsmith_encryption_pass }}
+APPSMITH_ENCRYPTION_SALT={{ appsmith_encryption_salt }}
+APPSMITH_SIGNUP_DISABLED={{ appsmith_user_signup | ternary('false','true') }}
+{% if appsmith_signup_whitelist | length > 0 and appsmith_user_signup %}
+APPSMITH_SIGNUP_ALLOWED_DOMAINS={{ appsmith_signup_whitelist | join(',') }}
+{% endif %}
+APPSMITH_ADMIN_EMAILS={{ appsmith_admin_emails | join(',') }}

roles/appsmith/templates/nginx.conf.j2

@@ -0,0 +1,34 @@
+server {
+  listen 80;
+  server_name {{ appsmith_public_url | urlsplit('hostname') }};
+  include /etc/nginx/ansible_conf.d/acme.inc;
+  root {{ appsmith_root_dir }}/client;
+  client_max_body_size 10M;
+
+  if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE|PATCH)$ ) {
+    return 405;
+  }
+
+  # Send info about the original request to the backend
+  proxy_set_header X-Forwarded-For "$proxy_add_x_forwarded_for";
+  proxy_set_header X-Real-IP "$remote_addr";
+  proxy_set_header X-Forwarded-Proto "$scheme";
+  proxy_set_header X-Forwarded-Host "$host";
+  proxy_set_header Host "$host";
+
+  location / {
+    try_files $uri /index.html =404;
+  }
+  location /f {
+    proxy_pass https://cdn.optimizely.com/;
+  }
+  location /api {
+    proxy_pass http://127.0.0.1:{{ appsmith_server_port }};
+  }
+  location /oauth2 {
+    proxy_pass http://127.0.0.1:{{ appsmith_server_port }};
+  }
+  location /login {
+    proxy_pass http://127.0.0.1:{{ appsmith_server_port }};
+  }
+}

roles/appsmith/templates/post-backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -rf {{ appsmith_root_dir }}/backup/*

roles/appsmith/templates/pre-backup.sh.j2

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -eo pipefail
+
+mongodump \
+{% if appsmith_mongo_pass is defined and appsmith_mongo_pass != False %}
+{% set appsmith_mongo_url_obj = appsmith_mongo_url | urlsplit %}
+  --uri {{ appsmith_mongo_url_obj['scheme'] }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url_obj['hostname'] }}{% if appsmith_mongo_url_obj['port'] %}:{{ appsmith_mongo_url_obj['port'] }}{% endif %}{{ appsmith_mongo_url_obj['path'] }}?{{ appsmith_mongo_url_obj['query'] }} \
+{% else %}
+  --uri {{ appsmith_mongo_url }} \
+{% endif %}
+  --out {{ appsmith_root_dir }}/backup

roles/appsmith/templates/pre-start.sh.j2

@@ -0,0 +1,19 @@
+#!/bin/bash -e
+
+# If the conf changed since the last client deployement, or if the client build is newer than the one deployed, then re-deploy
+if [ {{ appsmith_root_dir }}/etc/env -nt {{ appsmith_root_dir }}/client/ -o {{ appsmith_root_dir }}/src/app/client/build/ -nt {{ appsmith_root_dir }}/client/ ]; then
+  rsync -a --delete {{ appsmith_root_dir }}/src/app/client/build/ {{ appsmith_root_dir }}/client/
+  find {{ appsmith_root_dir }}/client/ -type f | xargs \
+    sed -i \
+{% for var in [
+  "APPSMITH_SENTRY_DSN","APPSMITH_SMART_LOOK_ID","APPSMITH_OAUTH2_GOOGLE_CLIENT_ID",
+  "APPSMITH_OAUTH2_GITHUB_CLIENT_ID","APPSMITH_MARKETPLACE_ENABLED",
+  "APPSMITH_SEGMENT_KEY","APPSMITH_OPTIMIZELY_KEY","APPSMITH_ALGOLIA_API_ID",
+  "APPSMITH_ALGOLIA_SEARCH_INDEX_NAME","APPSMITH_ALGOLIA_API_KEY","APPSMITH_CLIENT_LOG_LEVEL",
+  "APPSMITH_GOOGLE_MAPS_API_KEY","APPSMITH_TNC_PP","APPSMITH_VERSION_ID",
+  "APPSMITH_VERSION_RELEASE_DATE","APPSMITH_INTERCOM_APP_ID","APPSMITH_MAIL_ENABLED","APPSMITH_DISABLE_TELEMETRY"] %}
+      -e "s/__{{ var }}__/${{ '{' ~ var ~ '}' }}/g"{% if not loop.last %} \{% endif %}
+
+{% endfor %}
+
+fi