Skip to content

Latest commit

 

History

History
274 lines (201 loc) · 10.5 KB

README.md

File metadata and controls

274 lines (201 loc) · 10.5 KB

windmill.dev

.

Open-source and self-hostable alternative to Airplane, Pipedream, Superblocks and a simplified Temporal with autogenerated UIs to trigger flows and scripts as internal apps. Convert code to no-code modules and, if the auto-generated UI is not sufficient, use it solely as an highly scalable backend layer. Add automation to your product or build your own no-code tool and delegate the core layer to Windmill. The script languages supported are: Python, Typescript and Go.

Docker Image CI Package version Discord Shield


Join the beta (personal workspaces are free forever): https://app.windmill.dev

Documentation: https://docs.windmill.dev

Discord: https://discord.gg/V7PM2YHsPB

Hub: https://hub.windmill.dev

Contributor's guide: https://docs.windmill.dev/docs/contributors_guide

Roadmap: https://github.com/orgs/windmill-labs/projects/2

Self-host instruction

You can show your support for the project by starring this repo.


Windmill Labs offers commercial licenses and support to convert your existing automation and help you scale it in production. If interested, contact ruben@windmill.dev (founder of Windmill).


Windmill

Disclaimer: Windmill is in BETA. It is secure to run in production but we are still improving the product fast.

Windmill Screenshot

Windmill is fully open-sourced:

  • community/, python-client/ and deno-client/ are Apache 2.0
  • backend, frontend and everything else under AGPLv3.

What is the general idea behind Windmill

  1. Define a minimal and generic script in Python, Typescript or Go that solves a specific task. Here sending an email with SMTP. The code can be defined in the provided Web IDE or synchronized with your own github repo: Step 1

  2. Your scripts parameters are automatically parsed and generate a frontend. You can narrow down the types during task definition to specify regex for string, an enum or a specific format for objects. Each script correspond to an app by itself: Step 2

  3. Make it flow! You can chain your scripts or scripts made by the community shared on WindmillHub. There is tight integration between Windmill and the hub to make it easy to build flows from a soon-to-be exhaustive library of generic modules. In flows, one can pipe output to input using "Dynamic" expressions that are just plain Javascript underneath. Flows can contain for-loops, branching (coming soon). As such and coupled with inputs being able to refer to any step's output, they are actual DAG rather than just linear sequences. They are backed by an open JSON spec we call OpenFlow

Both scripts and flows are not restricted to be triggered by the UI. They can be triggered by a schedule, watch for changes (using internal states) or triggered through API with either an async or sync webhook. The latter kind of endpoints make Windmill akin to a self-hostable AWS Lambda. Windmill can be the central place to host, build and run all of your integrations, automation and internal apps. We include credentials management and OAuth integration, groups and much more!

Layout

  • backend/: The whole Rust backend
  • frontend: The whole Svelte frontend
  • community/: Scripts and resource types included in every workspace. It is useful for Python scripts since the WindmillHub only allow deno scripts and for sharing resource types that will be included in every workspace.
  • lsp/: The lsp asssistant for the monaco editor
  • nsjail/: The nsjail configuration files for sandboxing of the scripts' execution
  • python-client/: The wmill python client used within scripts to interact with the windmill platform
  • deno-client/: The wmill deno client used within scripts to interact with the windmill platform

Stack

  • Postgres as the database
  • backend in Rust with the following highly-available and horizontally scalable architecture:
    • stateless API backend
    • workers that pull jobs from a queue in Postgres (and later, Kafka or Redis. Upvote #173 if interested )
  • frontend in Svelte
  • scripts executions are sandboxed using google's nsjail
  • javascript runtime is the deno_core rust library (which itself uses the rusty_v8 and hence V8 underneath)
  • typescript runtime is deno
  • python runtime is python3

Security

Sandboxing and workload isolation

Windmill uses nsjail on top of the deno sandboxing. It is production multi-tenant grade secure. Do not take our word for it, take fly.io's one

Secrets, credentials and sensitive values

There is one encryption key per workspace to encrypt the credentials and secrets stored in Windmill's K/V store.

In addition, we strongly recommend that you encrypt the whole Postgres database. That is what we do at https://app.windmill.dev.

Performance

The performances are great, as long as you do not exceed the parrallelism of the workers, we are worse than AWS Lambda for small workloads but not by that much

Architecture

Big-picture Architecture

Technical Architecture

How to self-host

We only provide docker-compose setup here. For more advanced setups, like compiling from source or using without a postgres super user, see documentation

Docker compose

docker compose up with the following docker-compose is sufficient: https://github.com/windmill-labs/windmill/blob/main/docker-compose.yml

For older kernels < 4.18, set DISABLE_NUSER=true as env variable, otherwise nsjail will not be able to launch the isolated scripts.

To disable nsjail altogether, set DISABLE_NSJAIL=true.

The default super-admin user is: admin@windmill.dev / changeme

From there, you can create other users (do not forget to change the password!)

Commercial license

To self-host Windmill, you must respect the terms of the AGPLv3 license which you do not need to worry about for personal uses. For business uses, you should be fine if you do not re-expose it in any way Windmill to your users and are comfortable with AGPLv3.

To re-expose any Windmill parts to your users as a feature of your product, or to build a feature on top of Windmill, to comply with AGPLv3 your product must be AGPLv3 or you must get a commercial license. Contact us at license@windmill.dev if you have any doubts.

In addition, a commercial license grants you a dedicated engineer to transition your current infrastructure to Windmill, support with tight SLA, audit logs export features, SSO, unlimited users creation, advanced permissioning features such as groups and the ability to create more than one workspace.

OAuth for self-hosting (very optional)

To get the same oauth integrations as Windmill Cloud, mount oauth.json with the following format:

{
  "<client>": {
    "id": "<CLIENT_ID>",
    "secret": "<CLIENT_SECRET>"
  }
}

and mount it at /usr/src/app/oauth.json.

The list of all possible "connect an app" oauth clients

To add more "connect an app" OAuth clients to the Windmill project, read the Contributor's guide. We welcome contributions!

Resource types

You will also want to import all the approved resource types from WindmillHub. There is no automatic way to do this automatically currently, but it will be possible using a command with the upcoming CLI tool.

Run a local dev setup

only Frontend

This will use the backend of https://app.windmill.dev but your own frontend with hot-code reloading.

  1. Install caddy
  2. Go to frontend/:
    1. npm install, npm run generate-backend-client then npm run dev
    2. In another shell sudo caddy run --config CaddyfileRemote
  3. Et voilà, windmill should be available at http://localhost/

Backend + Frontend

See the ./frontend/README_DEV.md file for all running options.

  1. Create a Postgres Database for Windmill and create an admin role inside your Postgres setup. The easiest way to get a working postgres is running cargo install sqlx-cli && sqlx migrate run. This will also avoid compile time issue with sqlx's query! macro
  2. Install nsjail and have it accessible in your PATH
  3. Install deno and python3, have the bins at /usr/bin/deno and /usr/local/bin/python3
  4. Install caddy
  5. Install the lld linker
  6. Go to frontend/:
    1. npm install, npm run generate-backend-client then npm run dev
    2. In another shell npm run build otherwise the backend will not find the frontend/build folder and will crash
    3. In another shell sudo caddy run --config Caddyfile
  7. Go to backend/: DATABASE_URL=<DATABASE_URL_TO_YOUR_WINDMILL_DB> RUST_LOG=info cargo run
  8. Et voilà, windmill should be available at http://localhost/

Contributors

Copyright

Windmill Labs, Inc 2022