diff --git a/.env b/.env index 908d6f10..afe3f33e 100644 --- a/.env +++ b/.env @@ -33,7 +33,7 @@ APP_TYPE=component # The urls/ip's and hosts on wich this api is available TRUSTED_PROXIES=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 -TRUSTED_HOSTS=^.+$ +TRUSTED_HOSTS= # Key that other applications can use to connect to this application (hier mag wel iets meer toelichtende tekst bij) @@ -124,7 +124,7 @@ APP_REPRO=https://github.com/ConductionNL/skeleton-app CONTAINER_REGISTRY_BASE=ghcr.io/conductionnl HELM_REPOSITORY=https://raw.githubusercontent.com/ConductionNL/skeleton-app/master/api/helm/ -CONTAINER_PROJECT_NAME=skeleton-app +CONTAINER_PROJECT_NAME=woo-website ################################################## # Notifcation settings diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml new file mode 100644 index 00000000..f41c38f9 --- /dev/null +++ b/.github/workflows/dockerimage.yml @@ -0,0 +1,109 @@ +name: Docker Image CI + +on: + pull_request: + branches: + - master + - staging + - development + - refinement-demo + push: + branches: + - master + - staging + - development + - refinement-demo + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-node@v1 + - name: Export release code + if: (success() || failure()) + id: releasecode #version number in a more comprehensible format: 0.1.YearMonthDay in UTC + run: | + export VERSION=$(grep APP_VERSION= .env | cut -d '=' -f2) + export RELEASE=$VERSION.$(date --utc +%y%m%d) + echo "RELEASE=$RELEASE" >> $GITHUB_ENV + echo "##[set-output name=releasename]$RELEASE" + - name: Setting APP_NAME + run: | + export NAME=$(grep APP_NAME= .env | cut -d '=' -f2) + echo "APP_NAME=$NAME" >> $GITHUB_ENV + - name: Print app name + run: echo "APP_NAME = $APP_NAME" + - name: Setting APP_ENV to dev + run: | + echo "APP_ENV=dev">> $GITHUB_ENV + echo "APP_BUILD=dev">> $GITHUB_ENV + echo "set APP_ENV to $APP_ENV" + - name: Setting APP_ENV to prod + if: contains( github.ref, 'master' ) || contains( github.base_ref, 'master' ) + run: | + echo "APP_ENV=latest">> $GITHUB_ENV + echo "APP_BUILD=latest">> $GITHUB_ENV + echo "set APP_ENV to $APP_ENV" + - name: Setting APP_ENV to stag + if: contains( github.ref, 'staging' ) || contains( github.base_ref, 'staging' ) + run: | + echo "APP_ENV=stag">> $GITHUB_ENV + echo "APP_BUILD=stag">> $GITHUB_ENV + echo "set APP_ENV to $APP_ENV" + - name: Print definitive APP_ENV + run: echo "APP_ENV is now $APP_ENV and APP_BUILD is now $APP_BUILD" + - name: Build the Docker image + run: docker-compose build --build-arg APP_ENV=$APP_ENV --build-arg APP_BUILD=$APP_BUILD --build-arg APP_BUILD_ALL_FIXTURES=true + - name: Run the docker image + run: docker-compose up -d + - name: Taking some sleep (for containers to come up) + run: sleep 20 + - name: Check if all containers are running + run: docker ps + - name: Dumping the logs + run: docker-compose logs + - name: Show all images + run: docker images + - name: Login to Container Registry + id: containerregistry-login + run: | + if [ "${{ secrets.GITHUB_TOKEN }}" != "" ]; then + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $(cut -d'/' -f1 <<< $GITHUB_REPOSITORY) --password-stdin + echo "##[set-output name=success;]true" + else + echo "##[set-output name=success;]false" + fi + - if: steps.containerregistry-login.outputs.success == 'true' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/development' || github.ref == 'refs/heads/refinement-demo') + name: Push to Container Registry + run: docker-compose push + + - if: steps.containerregistry-login.outputs.success == 'true' && github.ref == 'refs/heads/master' + name: Push versioned containers to Container Registry + id: version-push + run: | + images=$(docker-compose images -q | xargs docker inspect --format='{{ index .RepoTags 0}}' | cut -d':' -f1 | grep $APP_NAME) + for image in $images + do + docker push "${image}":"${APP_BUILD}" + done + - name: Print release name + if: (success() || failure()) + run: echo $RELEASENAME + env: + RELEASENAME: ${{ steps.releasecode.outputs.releasename }} + - name: Create Release + if: contains( github.ref, 'master' ) && steps.version-push.outputs.success == 'true' && ( success() || failure() ) + id: create_release + uses: actions/create-release@v1 + continue-on-error: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + tag_name: ${{ steps.releasecode.outputs.releasename }} + release_name: ${{ steps.releasecode.outputs.releasename }} + draft: false + prerelease: false + - name: Chores + if: (success() || failure()) + run: docker-compose down diff --git a/docker-compose.yml b/docker-compose.yml index b1df67e6..27055b37 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,111 +1,12 @@ version: "3.4" services: - php: &php - image: ghcr.io/conductionnl/commonground-gateway-php:cleanup - depends_on: - - db - volumes: - - ./gateway:/srv/api/fixtures:rw,cached - - ./certs:/var/certs:rw,cached - environment: - - DATABASE_URL=postgres://api-platform:!ChangeMe!@db/api?serverVersion=10.1 -# - DATABASE_URL=mysql://api-platform:!ChangeMe!@db/api?serverVersion=10.1 - - AUTH_ENABLED=false - - REDIS_HOST=redis - - REDIS_PORT=6379 - - APP_REPRO=example - - APP_ENV=dev - - APP_DEBUG=1 - - APP_CACHE=true - - RABBITMQ_HOST=rabbitmq - - RABBITMQ_PORT=5672 - - RABBITMQ_USERNAME=${RABBITMQ_USERNAME} - - RABBITMQ_PASSWORD=${RABBITMQ_PASSWORD} + pwa: &pwa + image: ${CONTAINER_REGISTRY_BASE}/${CONTAINER_PROJECT_NAME}:${APP_BUILD} + build: pwa ports: - - "82:80" - - api: &nginx - image: ghcr.io/conductionnl/commonground-gateway-nginx:cleanup - depends_on: - - php - ports: - - "80:80" - environment: - - NGINX_HOST=php - - NGINX_ENV=${APP_ENV} - - # MySQL database: -# db: -# image: mysql:5.7 -# environment: -# - MYSQL_ROOT_PASSWORD=example -# - MYSQL_DATABASE=api -# - MYSQL_USER=api-platform -# - MYSQL_PASSWORD=!ChangeMe! -# volumes: -# - db-mysql:/var/lib/mysql:rw -# ports: -# - "3366:3306" - - # Postgres db: - db: - image: postgres:10 - environment: - - POSTGRES_DB=api - - POSTGRES_USER=api-platform - - POSTGRES_PASSWORD=!ChangeMe! - volumes: - - db-data:/var/lib/postgresql/data:rw - ports: - - "5432:5432" - - redis: - image: redis:4-alpine - - user-component: - image: ghcr.io/conductionnl/user-component-nginx:latest - depends_on: - - user-component-php - environment: - - NGINX_HOST=user-component-php - - user-component-php: - image: ghcr.io/conductionnl/user-component-php:latest - depends_on: - - user-component-postgres - volumes: - - ./user-component:/srv/api/fixtures:rw,cached - environment: - - APP_ENV=dev - - APP_APPLICATION_KEY=45c1a4b6-59d3-4a6e-86bf-88a872f35845 - - APP_CACHE=true - - APP_DEBUG=0 - - APP_URL=http://user-component - - APP_VERSION=V2.0 - - CASE_INSENSITIVE_USERNAME=true - - DATABASE_URL=postgres://user-component:!ChangeMe!@user-component-postgres/uc?serverVersion=10.1 - - PASSWORD_STRENGTH=1 - - PRIVATE_KEY=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV3QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktvd2dnU21BZ0VBQW9JQkFRRFNQU1lacUs3cHdMTWQKd0VqSThkeTA2aVUzQUxESHFOMnBvbmJEb0tIN09KcFVpa0hkT09NVVhNYUhGOWwyb0ZBQmV1VnkrMjJlVHZTQwp3SGdFeUlkTlBEOHhnaWcrUVFlLzBEZlNIaWxGK01ZNGJYbzBUdW0wbDB1MFRDMDNqSUMvUHdiWmJkd3AyczdmClo5TVh1dzdZdnpLS2dzSTdXWWhlSGxGazlkQXc4OUg4SjVUbkY2N050YkdWRkdYTUk5ekpSejZ6N3JRUzJGMjEKcmIyanNhMU4yWkliZW5rbmFrQjdmTEk2VU1mVk5DTXBVZHdERUN6TXNTUTQ4L2dvMzdJYjhzbElGZ2NTUWcrNgp4U1JleG1BT0lBUDIxSitnVjZubGhiMGQ2V2VCcUliQ1hoYkhoY0RGc3NiVGlyTms5UElCcm1FdktGU1prdVV2Cks4Z0hzTituQWdNQkFBRUNnZ0VCQUlFZ1JaSms1R2wxalkyc1dBZnpaUmRJNkdxTDVnZjdVNG1vMjBEMEhBanMKanYxMW5WWitaaHBQa1MvUUdpU2QrZ1d1c2RhWlRvNTQ5L3lHc2pCZDZad3FjTFc3dDNQbEJSbHVqWnBrSS8xeAorbTBWOElUSUl3cGtFbjgrZWxjdjJMT2R4bHNzK3BoS1o5MFhLN1BibEJiVDkvclNyUEUrNEY3T1NEZTJNcFNkClRvVi9XQis1SC90eFM1TVpIRHM3OTA3RFpLemdkdUZyVHBPRUZQeUp3MnoxbWNRbzhnK2ZTbm90Q1ZncUFFRFcKcXFSNHpmK05WTUdId3A3WC9Lc3k1eWdkZnZ3QXpaVEVaUmFzVHVnN1JDdHhyVUp0d2lEMk9rdmNoMzNXYzA1VQoyVnVqdmk5ODhuY1hWeVZOOG8wbnU4aUNRV25veUM5SnJDRnlTU000cjJFQ2dZRUEraWJJb2E2aHlGNkNIcFYxCk9uYmIwT2ZleVhMS01vTkNDN2FYdXFHUVBsTG52K3FXUFJqRXdWR3Mvb3NrS2hFRWhsSEdvamc1dkhSQ1g2T3AKSTlJSis4U201d08xSlJFUFFNdmdza0ZWR3NlZVF5UXNYajJmRmp5cDZ4RGhHMlFzNlFpZHRuZEN6L1hOZWxBQQowNmVkbHl0L0I3Z1d1dWtoYWQ1SjhrT3UzeVVDZ1lFQTF5ZDZmYkhtNFQyMmkxQXZYYTBaSG8rME1oZUVGYTg0ClpaZXVtSmNKaTd3NnFjR016ejkwNno5V0lPT3ZvTk9WZWdVOHMvb2labUZiMXZ3bmE2SnJRZWpid0ZJckN0TlIKYlF3SmsrVkIrY0RJckxtTjhuclBacVM0THY0Y3hOOWlMYWtVMlpid1Jrb1NQSldlaUM2SWt5SWNEYzVxTVpCZwpubTJxSVlxQW45c0NnWUVBbEZwNTlFRlFHemZKYlgvdjFTdDJjKzkvbGZNbzdVb2cyamVBeHFOWW0wMnB1WXpUCmF3cU1iYVlWdGFRcFgzVldQSjYwOGJIc3M5SXpKdXMxdlZPc3JnN1RlUUFlNXd1MkF4U21mckQyV3ZwMTVwWEcKWm1HZlBwM2RtOVlYMnBuUGRLaXlkK3RFeVhhYVZPYXJodHJLUUVRQWcwQnU0b3l1VDA0UWhzZ1RKcTBDZ1lFQQpuWmRTRmkwdmduM1VibGh1U1R3WHNSWHJFK0c3b3JKMEtaMmZpaTdmRkJYc0Zoa3B6VWVhbVJFTVFnemp3SFlaCi80VkVnRU5QM1JPazFHUmZiMnhKQ2I3STd5YUFWbTZRTHNKcFpZVy8vSEtqeWpnamE1OWV1TDBnRjNPVG1QUlMKRWtYTmVzOGU4UzBpREhRKzZWckVPSmo4V1hSK3ZnMFZhQlhGVHNvSENvOENnWUVBOWhpRVlVTXZFNTdQMytmSgptZmZSMytwamJ6WDF0dWY2K0FqcGFrTjNodDFhWUJmaXJzRTlDTHpZdVBqSW4zdU1DRWZvdVFkMGc3c01UcGJnCmxBVXlkaWNPMFNvdDNmSHBLV0F5R3laOVRWYlhIaGUrb1FJYUN1VWFaanlQSFFPWWhHTzZwV0ZDam9aV01JZUwKZjBGcVg0UFExZEJPd3drNDl2Vm16YTJIY1RzPQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== - - PUBLIC_KEY=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4VENDQXRtZ0F3SUJBZ0lVVTlMMXFhdGI5WndXTGd4Rlg1VHB0bjNiQytjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZY3hDekFKQmdOVkJBWVRBazVNTVJZd0ZBWURWUVFJREExT2IyOXlaQ0JJYjJ4c1lXNWtNUkl3RUFZRApWUVFIREFsQmJYTjBaWEprWVcweEV6QVJCZ05WQkFvTUNrTnZibVIxWTNScGIyNHhFakFRQmdOVkJBTU1DV3h2ClkyRnNhRzl6ZERFak1DRUdDU3FHU0liM0RRRUpBUllVY205aVpYSjBRR052Ym1SMVkzUnBiMjR1Ym13d0hoY04KTWpFd09UQXlNRGMxTWpVd1doY05Nakl3T1RBeU1EYzFNalV3V2pDQmh6RUxNQWtHQTFVRUJoTUNUa3d4RmpBVQpCZ05WQkFnTURVNXZiM0prSUVodmJHeGhibVF4RWpBUUJnTlZCQWNNQ1VGdGMzUmxjbVJoYlRFVE1CRUdBMVVFCkNnd0tRMjl1WkhWamRHbHZiakVTTUJBR0ExVUVBd3dKYkc5allXeG9iM04wTVNNd0lRWUpLb1pJaHZjTkFRa0IKRmhSeWIySmxjblJBWTI5dVpIVmpkR2x2Ymk1dWJEQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQwpBUW9DZ2dFQkFOSTlKaG1vcnVuQXN4M0FTTWp4M0xUcUpUY0FzTWVvM2FtaWRzT2dvZnM0bWxTS1FkMDQ0eFJjCnhvY1gyWGFnVUFGNjVYTDdiWjVPOUlMQWVBVEloMDA4UHpHQ0tENUJCNy9RTjlJZUtVWDR4amh0ZWpSTzZiU1gKUzdSTUxUZU1nTDgvQnRsdDNDbmF6dDluMHhlN0R0aS9Nb3FDd2p0WmlGNGVVV1QxMEREejBmd25sT2NYcnMyMQpzWlVVWmN3ajNNbEhQclB1dEJMWVhiV3R2YU94clUzWmtodDZlU2RxUUh0OHNqcFF4OVUwSXlsUjNBTVFMTXl4CkpEanorQ2pmc2h2eXlVZ1dCeEpDRDdyRkpGN0dZQTRnQS9iVW42QlhxZVdGdlIzcFo0R29oc0plRnNlRndNV3kKeHRPS3MyVDA4Z0d1WVM4b1ZKbVM1UzhyeUFldzM2Y0NBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGRlRRbENzNwo3c1RzTXF1V3dCUjFORXZndWRYVk1COEdBMVVkSXdRWU1CYUFGRlRRbENzNzdzVHNNcXVXd0JSMU5Fdmd1ZFhWCk1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJV3ZpZldiV3FQNklUd20KS1d2YW9Lc1JIc1BzZ0dxYUF2OXlkZ24xSVp2WFQzZGg3eXpOdHFJRXNDcHpvc2c0Zis3Rlo2bG5GZHI2RFZVbgpmMGh3bUV4ems3d1lYdjBtd2xCTHg1alJmb0tKbDA2SFdkVHVFYUJwR2JYR1Y3VHZjQ3dEb1hYenlYYkljT1FqCnFMeGM0RlE5dlZXazRQM0Y1dDZ6dFh3TWVYWDhZeVYwaGN4cXRaVHNsL25ZVDFvc2pKUlBlWDBRRXFXTjJKZ1QKTGFwckNwK0ZOOXI2WlRwb3EybXVwNmcxTE9HaW1md1k3VDR4elhEaUNlMk1FMi93azBuczBpZXFmeFpwQk5mMApaYitZTHBPekVIYmNlS3dqSEJxT016VlJTZy93bW9sN05VWEF5YkZUNlMwaU5EQWlVSUJ6Q2xUZDhPQ0ZlYXB6CmdwYmROaDA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= - - - user-component-postgres: - image: postgres:14-alpine - environment: - - POSTGRES_DB=uc - - POSTGRES_USER=user-component - - POSTGRES_PASSWORD=!ChangeMe! - volumes: - - uc-data:/var/lib/postgresql/data:rw - - rabbitmq: - image: rabbitmq:latest - environment: - - RABBITMQ_DEFAULT_USER=${RABBITMQ_USERNAME} - - RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD} - + - "81:8080" volumes: db-data: {} uc-data: {} - db-mysql: {} + db-mysql: {} \ No newline at end of file diff --git a/pwa/Dockerfile b/pwa/Dockerfile index a943c1c4..084f38c2 100644 --- a/pwa/Dockerfile +++ b/pwa/Dockerfile @@ -1,11 +1,28 @@ -FROM node:14 AS builder +FROM node:18 AS builder # Set working directory WORKDIR /app + +COPY package.json package-lock.json ./ + # Copy all files from current directory to working dir in image -COPY . . # install node modules and build assets -RUN yarn install && yarn build +RUN npm install + +COPY . . + +RUN npm run build FROM nginx -EXPOSE 80 COPY --from=builder /app/public /usr/share/nginx/html + +RUN chown -R nginx:nginx /usr/share/nginx && chmod -R 755 /usr/share/nginx && \ + chown -R nginx:nginx /var/cache/nginx && \ + chown -R nginx:nginx /var/log/nginx && \ + chown -R nginx:nginx /etc/nginx/conf.d +RUN touch /var/run/nginx.pid && \ + chown -R nginx:nginx /var/run/nginx.pid + +COPY docker/nginx.conf /etc/nginx/nginx.conf +COPY docker/default.conf /etc/nginx/conf.d/default.conf +USER nginx +EXPOSE 8080 diff --git a/pwa/docker/default.conf b/pwa/docker/default.conf new file mode 100644 index 00000000..e8698034 --- /dev/null +++ b/pwa/docker/default.conf @@ -0,0 +1,48 @@ +server { + listen 8080; + listen [::]:8080; + server_name localhost; + + port_in_redirect off; + absolute_redirect off; + + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} \ No newline at end of file diff --git a/pwa/docker/nginx.conf b/pwa/docker/nginx.conf new file mode 100644 index 00000000..313ccd08 --- /dev/null +++ b/pwa/docker/nginx.conf @@ -0,0 +1,30 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +}