From 7612ec07a4a0699d8210b9b7de5e1a0d67be0917 Mon Sep 17 00:00:00 2001
From: SashkoMarchuk <sashko.marchuk@speedandfunction.com>
Date: Fri, 24 Oct 2025 22:06:12 +0200
Subject: [PATCH 1/3] Update environment configuration for MN Service
 credentials in n8n

- Added new environment variables for Sembly and Google Service Account credentials in .
- Updated  to include new MN Service environment variables for seamless integration.
- Modified  to install the  package and updated the external modules allowlist.

These changes improve the n8n service by providing required credentials for MN Service integration and enhancing security with the addition of the  package.
---
 .env.example       | 18 ++++++++++++++++++
 Dockerfile.n8n     |  6 ++++--
 docker-compose.yml | 11 +++++++++++
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index a6ca8de..4f8bdca 100644
--- a/.env.example
+++ b/.env.example
@@ -77,3 +77,21 @@ N8N_SMTP_PASS=
 N8N_SMTP_SENDER=
 N8N_SMTP_SSL=false
 N8N_SMTP_TLS=true
+
+# MN Service credentials
+## Sembly credentials
+SEMBLY_USER=sembly_user
+SEMBLY_PASS=sembly_pass
+
+## MN Service — Google Service Account (SA)
+MN_SERVICE_SA_GOOGLE_TYPE=service_account
+MN_SERVICE_SA_GOOGLE_PROJECT_ID=mock-project-id
+MN_SERVICE_SA_GOOGLE_PRIVATE_KEY_ID=mock-private-key-id
+MN_SERVICE_SA_GOOGLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMOCK_PRIVATE_KEY_CONTENT\n-----END PRIVATE KEY-----\n"
+MN_SERVICE_SA_GOOGLE_CLIENT_EMAIL=mock-service-account@mock-project-id.iam.gserviceaccount.com
+MN_SERVICE_SA_GOOGLE_CLIENT_ID=000000000000000000000
+MN_SERVICE_SA_GOOGLE_AUTH_URI=https://accounts.google.com/o/oauth2/auth
+MN_SERVICE_SA_GOOGLE_TOKEN_URI=https://oauth2.googleapis.com/token
+MN_SERVICE_SA_GOOGLE_AUTH_PROVIDER_X509_CERT_URL=https://www.googleapis.com/oauth2/v1/certs
+MN_SERVICE_SA_GOOGLE_CLIENT_X509_CERT_URL=https://www.googleapis.com/robot/v1/metadata/x509/mock-service-account%40mock-project-id.iam.gserviceaccount.com
+MN_SERVICE_SA_GOOGLE_UNIVERSE_DOMAIN=googleapis.com
diff --git a/Dockerfile.n8n b/Dockerfile.n8n
index b8c58ba..caeea95 100644
--- a/Dockerfile.n8n
+++ b/Dockerfile.n8n
@@ -5,6 +5,7 @@ ARG NODE_ENV=production
 ARG N8N_PORT=5678
 ARG SHOWDOWN_VERSION=^2.1.0
 ARG SLACKIFY_MARKDOWN_VERSION=^4.5.0
+ARG CRYPTO_VERSION=^4.2.0
 
 # Install git for backup script and other packages + install external packages in one layer
 USER root
@@ -14,11 +15,12 @@ RUN set -eux; \
     --legacy-peer-deps --no-workspaces \
     --unsafe-perm \
     showdown@${SHOWDOWN_VERSION} \
-    slackify-markdown@${SLACKIFY_MARKDOWN_VERSION} && \
+    slackify-markdown@${SLACKIFY_MARKDOWN_VERSION} \
+    crypto-js@${CRYPTO_VERSION} && \
   npm cache clean --force
 
 # Configure external modules allowlist used by Code/Function nodes
-ENV NODE_FUNCTION_ALLOW_EXTERNAL="showdown,slackify-markdown"
+ENV NODE_FUNCTION_ALLOW_EXTERNAL="showdown,slackify-markdown,crypto-js"
 
 # Create app directory
 WORKDIR /home/node
diff --git a/docker-compose.yml b/docker-compose.yml
index 70679ed..a6efd8d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -34,6 +34,17 @@ services:
       - N8N_LOG_LEVEL=debug
       - N8N_LOG_OUTPUT=console
       - TZ=${TZ:-America/New_York}
+      - MN_SERVICE_SA_GOOGLE_TYPE=${MN_SERVICE_SA_GOOGLE_TYPE:-GOOGLE_TYPE}
+      - MN_SERVICE_SA_GOOGLE_PROJECT_ID=${MN_SERVICE_SA_GOOGLE_PROJECT_ID:-PROJECT_ID}
+      - MN_SERVICE_SA_GOOGLE_PRIVATE_KEY_ID=${MN_SERVICE_SA_GOOGLE_PRIVATE_KEY_ID:-PRIVATE_KEY_ID}
+      - MN_SERVICE_SA_GOOGLE_PRIVATE_KEY=${MN_SERVICE_SA_GOOGLE_PRIVATE_KEY:-PRIVATE_KEY}
+      - MN_SERVICE_SA_GOOGLE_CLIENT_EMAIL=${MN_SERVICE_SA_GOOGLE_CLIENT_EMAIL:-CLIENT_EMAIL}
+      - MN_SERVICE_SA_GOOGLE_CLIENT_ID=${MN_SERVICE_SA_GOOGLE_CLIENT_ID:-CLIENT_ID}
+      - MN_SERVICE_SA_GOOGLE_AUTH_URI=${MN_SERVICE_SA_GOOGLE_AUTH_URI:-AUTH_URI}
+      - MN_SERVICE_SA_GOOGLE_TOKEN_URI=${MN_SERVICE_SA_GOOGLE_TOKEN_URI:-TOKEN_URI}
+      - MN_SERVICE_SA_GOOGLE_AUTH_PROVIDER_X509_CERT_URL=${MN_SERVICE_SA_GOOGLE_AUTH_PROVIDER_X509_CERT_URL:-CERT_URL}
+      - MN_SERVICE_SA_GOOGLE_CLIENT_X509_CERT_URL=${MN_SERVICE_SA_GOOGLE_CLIENT_X509_CERT_URL:-CLIENT_CERT_URL}
+      - MN_SERVICE_SA_GOOGLE_UNIVERSE_DOMAIN=${MN_SERVICE_SA_GOOGLE_UNIVERSE_DOMAIN:-UNIVERSE_DOMAIN}
     volumes:
       - n8n_data:/home/node/.n8n
       - ./scripts:/home/node/scripts

From 0c8eaf27befa3a71d7e18565671d9df386c7bf69 Mon Sep 17 00:00:00 2001
From: SashkoMarchuk <sashko.marchuk@speedandfunction.com>
Date: Tue, 28 Oct 2025 16:51:01 +0100
Subject: [PATCH 2/3] Remove Crypto package

---
 Dockerfile.n8n | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Dockerfile.n8n b/Dockerfile.n8n
index caeea95..b8c58ba 100644
--- a/Dockerfile.n8n
+++ b/Dockerfile.n8n
@@ -5,7 +5,6 @@ ARG NODE_ENV=production
 ARG N8N_PORT=5678
 ARG SHOWDOWN_VERSION=^2.1.0
 ARG SLACKIFY_MARKDOWN_VERSION=^4.5.0
-ARG CRYPTO_VERSION=^4.2.0
 
 # Install git for backup script and other packages + install external packages in one layer
 USER root
@@ -15,12 +14,11 @@ RUN set -eux; \
     --legacy-peer-deps --no-workspaces \
     --unsafe-perm \
     showdown@${SHOWDOWN_VERSION} \
-    slackify-markdown@${SLACKIFY_MARKDOWN_VERSION} \
-    crypto-js@${CRYPTO_VERSION} && \
+    slackify-markdown@${SLACKIFY_MARKDOWN_VERSION} && \
   npm cache clean --force
 
 # Configure external modules allowlist used by Code/Function nodes
-ENV NODE_FUNCTION_ALLOW_EXTERNAL="showdown,slackify-markdown,crypto-js"
+ENV NODE_FUNCTION_ALLOW_EXTERNAL="showdown,slackify-markdown"
 
 # Create app directory
 WORKDIR /home/node

From 1635158545e344dca95a3c8fd05da0b7d91b5dee Mon Sep 17 00:00:00 2001
From: SashkoMarchuk <sashko.marchuk@speedandfunction.com>
Date: Wed, 29 Oct 2025 12:07:17 +0100
Subject: [PATCH 3/3] Add Google Service Account environment variables to
 Docker Compose

- Introduced new environment variables for Google Service Account credentials in docker-compose.prod.yml.
- Ensured required variables are set for seamless integration with Google services.

These changes enhance the n8n service by providing necessary credentials for Google integration.
---
 docker-compose.prod.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index a28e039..b492a7e 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -24,6 +24,18 @@ services:
       - N8N_BINARY_DATA_STORAGE_PATH=/data/n8n/binaryData
       - SEMBLY_USER=${SEMBLY_USER:?SEMBLY_USER is required}
       - SEMBLY_PASS=${SEMBLY_PASS:?SEMBLY_PASS is required}
+      # Google Service Account variables
+      - MN_SERVICE_SA_GOOGLE_TYPE=${MN_SERVICE_SA_GOOGLE_TYPE:?MN_SERVICE_SA_GOOGLE_TYPE is required}
+      - MN_SERVICE_SA_GOOGLE_PROJECT_ID=${MN_SERVICE_SA_GOOGLE_PROJECT_ID:?MN_SERVICE_SA_GOOGLE_PROJECT_ID is required}
+      - MN_SERVICE_SA_GOOGLE_PRIVATE_KEY_ID=${MN_SERVICE_SA_GOOGLE_PRIVATE_KEY_ID:?MN_SERVICE_SA_GOOGLE_PRIVATE_KEY_ID is required}
+      - MN_SERVICE_SA_GOOGLE_PRIVATE_KEY=${MN_SERVICE_SA_GOOGLE_PRIVATE_KEY:?MN_SERVICE_SA_GOOGLE_PRIVATE_KEY is required}
+      - MN_SERVICE_SA_GOOGLE_CLIENT_EMAIL=${MN_SERVICE_SA_GOOGLE_CLIENT_EMAIL:?MN_SERVICE_SA_GOOGLE_CLIENT_EMAIL is required}
+      - MN_SERVICE_SA_GOOGLE_CLIENT_ID=${MN_SERVICE_SA_GOOGLE_CLIENT_ID:?MN_SERVICE_SA_GOOGLE_CLIENT_ID is required}
+      - MN_SERVICE_SA_GOOGLE_AUTH_URI=${MN_SERVICE_SA_GOOGLE_AUTH_URI:?MN_SERVICE_SA_GOOGLE_AUTH_URI is required}
+      - MN_SERVICE_SA_GOOGLE_TOKEN_URI=${MN_SERVICE_SA_GOOGLE_TOKEN_URI:?MN_SERVICE_SA_GOOGLE_TOKEN_URI is required}
+      - MN_SERVICE_SA_GOOGLE_AUTH_PROVIDER_X509_CERT_URL=${MN_SERVICE_SA_GOOGLE_AUTH_PROVIDER_X509_CERT_URL:?MN_SERVICE_SA_GOOGLE_AUTH_PROVIDER_X509_CERT_URL is required}
+      - MN_SERVICE_SA_GOOGLE_CLIENT_X509_CERT_URL=${MN_SERVICE_SA_GOOGLE_CLIENT_X509_CERT_URL:?MN_SERVICE_SA_GOOGLE_CLIENT_X509_CERT_URL is required}
+      - MN_SERVICE_SA_GOOGLE_UNIVERSE_DOMAIN=${MN_SERVICE_SA_GOOGLE_UNIVERSE_DOMAIN:?MN_SERVICE_SA_GOOGLE_UNIVERSE_DOMAIN is required}
     volumes:
     - n8n_data:/data/n8n
   postgresql: !reset null