feat: unify Docker image by removing SageMaker variant#1773
Draft
kmcginnes wants to merge 4 commits into
Draft
Conversation
Documents the decision to eliminate the separate SageMaker Docker image build in favor of a single image with runtime configuration.
Eliminate the separate SageMaker Docker build by switching the client to relative API paths and always routing through the proxy server. This halves CI Docker time, removes user-facing proxy configuration, and makes the app work behind any reverse proxy without build-time config. Key changes: - Remove `url` and `proxyConnection` from ConnectionConfig; `graphDbUrl` is now the single required field - Add `apiUrl()` utility resolving endpoints relative to document.baseURI - Explorers use relative URLs via injectable baseURI parameter - `fetchDatabaseRequest` always sends graph-db-connection-url header - `defaultConnection.ts` uses single relative fetch (no SageMaker fallback) - Vite base changed to "./" with <base href="./"> in index.html - Connection form simplified: removed proxy endpoint/toggle fields - Dockerfile removes ARG NEPTUNE_NOTEBOOK and conditional ENV logic - process-environment.sh: NEPTUNE_NOTEBOOK=true writes port/log-style at runtime instead of build-time - CI builds one image, publishes under both regular and sagemaker-* tags - Legacy stored connections migrated via migrateLegacyConnection()
Remove references to PUBLIC_OR_PROXY_ENDPOINT, USING_PROXY_SERVER, and GRAPH_EXP_ENV_ROOT_FOLDER from configuration docs and deployment guides. Simplify connection setup instructions to reflect the single GRAPH_CONNECTION_URL field. Remove legacy fields from the DefaultConnectionDataSchema since they are no longer produced.
All requests now flow through the proxy server, so the server must have network access to the target database. This is a known limitation for deployments in restricted networks (e.g., private subnets without NAT).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
All client requests now always route through the same-origin proxy server using relative URLs. Users no longer need to configure a "Public or Proxy Endpoint" — the connection form simplifies to just the database URL and optional IAM settings.
This also eliminates the separate SageMaker Docker build. One image serves all deployment modes (standalone, SageMaker, arbitrary reverse proxies) without build-time path configuration.
Key changes:
new URL("../endpoint", document.baseURI)— works behind any reverse proxy without configurationurl(proxy endpoint) andproxyConnectiontoggle from the connection model;graphDbUrlis now the single required fieldgraph-db-connection-url) are always sent — no toggle neededNEPTUNE_NOTEBOOK=truebecomes a runtime-only preset (port 9250, cloudwatch logs, SSL off)sagemaker-*tags during transitionmigrateLegacyConnection()Breaking change
All database requests now flow through the proxy server. Deployments where the server is in a restricted network (e.g., a private subnet without a NAT gateway) will not be able to reach databases outside that network, even if the user's browser previously could via direct connections. Users in this scenario need to add appropriate network routing (VPC peering, NAT gateway, etc.).
Validation
aws-neptune-gx-air-routes) — connections work with no lifecycle script changes/proxy/9250/explorer/, verify relative URLs resolve correctlyPUBLIC_OR_PROXY_ENDPOINT,USING_PROXY_SERVER) — silently ignoredurl/proxyConnection), verify migration worksRelated Issues
docs/adr/0001-unify-docker-image-remove-sagemaker-variant.mdCheck List
pnpm checkspasses with no errors.pnpm testpasses with no failures.