From 8695c63af7bdcddee9c5bc16c91e5ede96d1f32f Mon Sep 17 00:00:00 2001
From: Adish M <44204658+adishM98@users.noreply.github.com>
Date: Tue, 8 Jul 2025 13:09:41 +0530
Subject: [PATCH] Enhance Neo4j configuration and installation in Try tooljet
 Dockerfiles with APOC plugin support (#13248)

* Enhance Neo4j configuration and installation in Try tooljet Dockerfiles with APOC plugin support

* fix: Update Dockerfile to use the latest ToolJet image version
---
 docker/ee/ee-try-entrypoint-lts.sh      | 110 ++++++++++++++++++++++++
 docker/ee/ee-try-entrypoint.sh          | 109 +++++++++++++++++++++++
 docker/ee/ee-try-tooljet-lts.Dockerfile |  14 ++-
 docker/ee/ee-try-tooljet.Dockerfile     |  14 ++-
 4 files changed, 245 insertions(+), 2 deletions(-)

diff --git a/docker/ee/ee-try-entrypoint-lts.sh b/docker/ee/ee-try-entrypoint-lts.sh
index f716ae8a20..c46d799a5b 100755
--- a/docker/ee/ee-try-entrypoint-lts.sh
+++ b/docker/ee/ee-try-entrypoint-lts.sh
@@ -3,6 +3,116 @@ set -e
 
 echo "🚀 Starting Try ToolJet container initialization..."
 
+# Neo4j configuration
+# ----------------------------------
+# Default Neo4j environment values
+# ----------------------------------
+export NEO4J_USER=${NEO4J_USER:-"neo4j"}
+export NEO4J_PASSWORD=${NEO4J_PASSWORD:-"appaqvyvRLbeukhFE"}
+export NEO4J_AUTH=${NEO4J_AUTH:-"neo4j/appaqvyvRLbeukhFE"}
+export NEO4J_URI=${NEO4J_URI:-"bolt://localhost:7687"}
+export NEO4J_PLUGINS=${NEO4J_PLUGINS:-'["apoc"]'}
+export NEO4J_AUTH
+
+# Extract username and password from NEO4J_AUTH if set
+if [ -n "$NEO4J_AUTH" ]; then
+  # Extract username and password from NEO4J_AUTH (format: username/password)
+  NEO4J_USERNAME=$(echo "$NEO4J_AUTH" | cut -d'/' -f1)
+  NEO4J_PASSWORD=$(echo "$NEO4J_AUTH" | cut -d'/' -f2)
+  
+  # Export these for application use
+  export NEO4J_USERNAME
+  export NEO4J_PASSWORD
+  
+  echo "Neo4j authentication configured with username: $NEO4J_USERNAME" >/dev/null 2>&1
+else
+  echo "NEO4J_AUTH not set, using default authentication" >/dev/null 2>&1
+fi
+
+# Check if Neo4j is already initialized and set password if necessary
+if [ "$NEO4J_AUTH" != "none" ] && [ -n "$NEO4J_PASSWORD" ]; then
+  echo "Setting Neo4j initial password..." >/dev/null 2>&1
+  
+  # Ensure Neo4j is not running before setting the initial password
+  neo4j stop || true
+
+  # Set the initial password using the correct command format for Neo4j 5.x
+  NEO4J_ADMIN_CMD=$(which neo4j-admin)
+  NEO4J_VERSION=$(neo4j --version | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+" | head -n 1)
+  echo "Detected Neo4j version: $NEO4J_VERSION" >/dev/null 2>&1
+  
+  # Use version-specific command format
+  MAJOR_VERSION=$(echo $NEO4J_VERSION | cut -d. -f1)
+  if [ "$MAJOR_VERSION" -ge "5" ]; then
+    # For Neo4j 5.x and higher
+    echo "Using Neo4j 5.x+ password command format" >/dev/null 2>&1
+    $NEO4J_ADMIN_CMD dbms set-initial-password "$NEO4J_PASSWORD" --require-password-change=false >/dev/null 2>&1 || {
+      echo "Warning: Could not set Neo4j password, it may already be set" >/dev/null 2>&1
+    }
+  else
+    # For Neo4j 4.x and lower
+    echo "Using Neo4j 4.x password command format" >/dev/null 2>&1
+    $NEO4J_ADMIN_CMD set-initial-password "$NEO4J_PASSWORD" >/dev/null 2>&1 || {
+      echo "Warning: Could not set Neo4j password, it may already be set" >/dev/null 2>&1
+    }
+  fi
+fi
+
+# Update Neo4j configuration
+echo "Configuring Neo4j..." >/dev/null 2>&1
+cat > /etc/neo4j/neo4j.conf << EOF
+# Neo4j configuration
+dbms.security.auth_enabled=true
+server.bolt.enabled=true
+server.bolt.listen_address=0.0.0.0:7687
+server.directories.data=/var/lib/neo4j/data
+server.directories.logs=/var/log/neo4j
+initial.dbms.default_database=neo4j
+server.directories.plugins=/var/lib/neo4j/plugins
+server.directories.import=/var/lib/neo4j/import
+
+# APOC Settings
+dbms.security.procedures.unrestricted=apoc.*
+dbms.security.procedures.allowlist=apoc.*,algo.*,gds.*
+EOF
+
+if [ -w "$NEO4J_LOG_DIR" ]; then
+  chmod -R 770 "$NEO4J_LOG_DIR" || echo "Warning: Could not set log directory permissions" >/dev/null 2>&1
+fi
+
+# Start Neo4j 
+echo "Starting Neo4j service..."
+neo4j console >/dev/null 2>&1 &
+
+# Add a wait for Neo4j to be ready with more robust checking
+echo "Waiting for Neo4j to be ready..." >/dev/null 2>&1
+NEO4J_READY=false
+for i in {1..60}; do
+  # First try standard status check
+  if neo4j status >/dev/null 2>&1; then
+    echo "Neo4j is ready 🚀"
+    NEO4J_READY=true
+    break
+  fi
+  
+  # Also try connecting to the bolt port as a fallback
+  if command -v nc >/dev/null 2>&1; then
+    if nc -z localhost 7687 >/dev/null 2>&1; then
+      echo "Neo4j is ready (port 7687 is open)"
+      NEO4J_READY=true
+      break
+    fi
+  fi
+  
+  echo "Waiting for Neo4j to start... ($i/60)" >/dev/null 2>&1
+  sleep 2
+done
+
+if [ "$NEO4J_READY" = false ]; then
+  echo "WARNING: Neo4j may not be fully started yet, but continuing..."
+fi
+
+
 # Configure PostgreSQL authentication
 echo "🔧 Configuring PostgreSQL authentication..."
 sed -i 's/^local\s\+all\s\+postgres\s\+\(peer\|md5\)/local all postgres trust/' /etc/postgresql/13/main/pg_hba.conf >/dev/null 2>&1
diff --git a/docker/ee/ee-try-entrypoint.sh b/docker/ee/ee-try-entrypoint.sh
index 8e2332ba19..df6128f9da 100755
--- a/docker/ee/ee-try-entrypoint.sh
+++ b/docker/ee/ee-try-entrypoint.sh
@@ -3,6 +3,115 @@ set -e
 
 echo "🚀 Starting Try ToolJet container initialization..."
 
+# Neo4j configuration
+# ----------------------------------
+# Default Neo4j environment values
+# ----------------------------------
+export NEO4J_USER=${NEO4J_USER:-"neo4j"}
+export NEO4J_PASSWORD=${NEO4J_PASSWORD:-"appaqvyvRLbeukhFE"}
+export NEO4J_AUTH=${NEO4J_AUTH:-"neo4j/appaqvyvRLbeukhFE"}
+export NEO4J_URI=${NEO4J_URI:-"bolt://localhost:7687"}
+export NEO4J_PLUGINS=${NEO4J_PLUGINS:-'["apoc"]'}
+export NEO4J_AUTH
+
+# Extract username and password from NEO4J_AUTH if set
+if [ -n "$NEO4J_AUTH" ]; then
+  # Extract username and password from NEO4J_AUTH (format: username/password)
+  NEO4J_USERNAME=$(echo "$NEO4J_AUTH" | cut -d'/' -f1)
+  NEO4J_PASSWORD=$(echo "$NEO4J_AUTH" | cut -d'/' -f2)
+  
+  # Export these for application use
+  export NEO4J_USERNAME
+  export NEO4J_PASSWORD
+  
+  echo "Neo4j authentication configured with username: $NEO4J_USERNAME" >/dev/null 2>&1
+else
+  echo "NEO4J_AUTH not set, using default authentication" >/dev/null 2>&1
+fi
+
+# Check if Neo4j is already initialized and set password if necessary
+if [ "$NEO4J_AUTH" != "none" ] && [ -n "$NEO4J_PASSWORD" ]; then
+  echo "Setting Neo4j initial password..." >/dev/null 2>&1
+  
+  # Ensure Neo4j is not running before setting the initial password
+  neo4j stop || true
+
+  # Set the initial password using the correct command format for Neo4j 5.x
+  NEO4J_ADMIN_CMD=$(which neo4j-admin)
+  NEO4J_VERSION=$(neo4j --version | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+" | head -n 1)
+  echo "Detected Neo4j version: $NEO4J_VERSION" >/dev/null 2>&1
+  
+  # Use version-specific command format
+  MAJOR_VERSION=$(echo $NEO4J_VERSION | cut -d. -f1)
+  if [ "$MAJOR_VERSION" -ge "5" ]; then
+    # For Neo4j 5.x and higher
+    echo "Using Neo4j 5.x+ password command format" >/dev/null 2>&1
+    $NEO4J_ADMIN_CMD dbms set-initial-password "$NEO4J_PASSWORD" --require-password-change=false >/dev/null 2>&1 || {
+      echo "Warning: Could not set Neo4j password, it may already be set" >/dev/null 2>&1
+    }
+  else
+    # For Neo4j 4.x and lower
+    echo "Using Neo4j 4.x password command format" >/dev/null 2>&1
+    $NEO4J_ADMIN_CMD set-initial-password "$NEO4J_PASSWORD" >/dev/null 2>&1 || {
+      echo "Warning: Could not set Neo4j password, it may already be set" >/dev/null 2>&1
+    }
+  fi
+fi
+
+# Update Neo4j configuration
+echo "Configuring Neo4j..." >/dev/null 2>&1
+cat > /etc/neo4j/neo4j.conf << EOF
+# Neo4j configuration
+dbms.security.auth_enabled=true
+server.bolt.enabled=true
+server.bolt.listen_address=0.0.0.0:7687
+server.directories.data=/var/lib/neo4j/data
+server.directories.logs=/var/log/neo4j
+initial.dbms.default_database=neo4j
+server.directories.plugins=/var/lib/neo4j/plugins
+server.directories.import=/var/lib/neo4j/import
+
+# APOC Settings
+dbms.security.procedures.unrestricted=apoc.*
+dbms.security.procedures.allowlist=apoc.*,algo.*,gds.*
+EOF
+
+if [ -w "$NEO4J_LOG_DIR" ]; then
+  chmod -R 770 "$NEO4J_LOG_DIR" || echo "Warning: Could not set log directory permissions" >/dev/null 2>&1
+fi
+
+# Start Neo4j 
+echo "Starting Neo4j service..."
+neo4j console >/dev/null 2>&1 &
+
+# Add a wait for Neo4j to be ready with more robust checking
+echo "Waiting for Neo4j to be ready..." >/dev/null 2>&1
+NEO4J_READY=false
+for i in {1..60}; do
+  # First try standard status check
+  if neo4j status >/dev/null 2>&1; then
+    echo "Neo4j is ready 🚀"
+    NEO4J_READY=true
+    break
+  fi
+  
+  # Also try connecting to the bolt port as a fallback
+  if command -v nc >/dev/null 2>&1; then
+    if nc -z localhost 7687 >/dev/null 2>&1; then
+      echo "Neo4j is ready (port 7687 is open)"
+      NEO4J_READY=true
+      break
+    fi
+  fi
+  
+  echo "Waiting for Neo4j to start... ($i/60)" >/dev/null 2>&1
+  sleep 2
+done
+
+if [ "$NEO4J_READY" = false ]; then
+  echo "WARNING: Neo4j may not be fully started yet, but continuing..."
+fi
+
 # Configure PostgreSQL authentication
 echo "🔧 Configuring PostgreSQL authentication..."
 sed -i 's/^local\s\+all\s\+postgres\s\+\(peer\|md5\)/local all postgres trust/' /etc/postgresql/13/main/pg_hba.conf >/dev/null 2>&1
diff --git a/docker/ee/ee-try-tooljet-lts.Dockerfile b/docker/ee/ee-try-tooljet-lts.Dockerfile
index 2dcf56edfe..c9fa440db2 100644
--- a/docker/ee/ee-try-tooljet-lts.Dockerfile
+++ b/docker/ee/ee-try-tooljet-lts.Dockerfile
@@ -6,7 +6,7 @@ COPY --from=postgrest/postgrest:v12.2.0 /bin/postgrest /bin
 # Install Postgres
 USER root
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
-RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 RUN echo "deb http://deb.debian.org/debian"
 RUN apt update && apt -y install postgresql-13 postgresql-client-13 supervisor
 USER postgres
@@ -52,6 +52,18 @@ RUN apt update && apt install -y gettext-base curl \
 COPY ./docker/ee/temporal-server.yaml /etc/temporal/temporal-server.template.yaml
 COPY ./docker/ee/temporal-ui-server.yaml /etc/temporal/temporal-ui-server.yaml
 
+# Install Neo4j + APOC
+RUN wget -O - https://debian.neo4j.com/neotechnology.gpg.key | apt-key add - && \
+    echo "deb https://debian.neo4j.com stable 5" > /etc/apt/sources.list.d/neo4j.list && \
+    apt-get update && apt-get install -y neo4j=1:5.26.6 && apt-mark hold neo4j && \
+    mkdir -p /var/lib/neo4j/plugins && \
+    wget -P /var/lib/neo4j/plugins https://github.com/neo4j/apoc/releases/download/5.26.6/apoc-5.26.6-core.jar && \
+    echo "dbms.security.procedures.unrestricted=apoc.*" >> /etc/neo4j/neo4j.conf && \
+    echo "dbms.security.procedures.allowlist=apoc.*,algo.*,gds.*" >> /etc/neo4j/neo4j.conf && \
+    echo "dbms.directories.plugins=/var/lib/neo4j/plugins" >> /etc/neo4j/neo4j.conf && \
+    echo "dbms.security.auth_enabled=true" >> /etc/neo4j/neo4j.conf && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
 # Configure Supervisor to manage PostgREST, ToolJet, and Redis
 RUN echo "[supervisord] \n" \
     "nodaemon=true \n" \
diff --git a/docker/ee/ee-try-tooljet.Dockerfile b/docker/ee/ee-try-tooljet.Dockerfile
index 3aa416b87d..a108f30691 100644
--- a/docker/ee/ee-try-tooljet.Dockerfile
+++ b/docker/ee/ee-try-tooljet.Dockerfile
@@ -6,7 +6,7 @@ COPY --from=postgrest/postgrest:v12.2.0 /bin/postgrest /bin
 # Install Postgres
 USER root
 RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
-RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 RUN echo "deb http://deb.debian.org/debian"
 RUN apt update && apt -y install postgresql-13 postgresql-client-13 supervisor
 USER postgres
@@ -52,6 +52,18 @@ RUN apt update && apt install -y gettext-base curl \
 COPY ./docker/ee/temporal-server.yaml /etc/temporal/temporal-server.template.yaml
 COPY ./docker/ee/temporal-ui-server.yaml /etc/temporal/temporal-ui-server.yaml
 
+# Install Neo4j + APOC
+RUN wget -O - https://debian.neo4j.com/neotechnology.gpg.key | apt-key add - && \
+    echo "deb https://debian.neo4j.com stable 5" > /etc/apt/sources.list.d/neo4j.list && \
+    apt-get update && apt-get install -y neo4j=1:5.26.6 && apt-mark hold neo4j && \
+    mkdir -p /var/lib/neo4j/plugins && \
+    wget -P /var/lib/neo4j/plugins https://github.com/neo4j/apoc/releases/download/5.26.6/apoc-5.26.6-core.jar && \
+    echo "dbms.security.procedures.unrestricted=apoc.*" >> /etc/neo4j/neo4j.conf && \
+    echo "dbms.security.procedures.allowlist=apoc.*,algo.*,gds.*" >> /etc/neo4j/neo4j.conf && \
+    echo "dbms.directories.plugins=/var/lib/neo4j/plugins" >> /etc/neo4j/neo4j.conf && \
+    echo "dbms.security.auth_enabled=true" >> /etc/neo4j/neo4j.conf && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
 # Configure Supervisor to manage PostgREST, ToolJet, and Redis
 RUN echo "[supervisord] \n" \
     "nodaemon=true \n" \