-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PS-581 Move from Auth to Keycloak, upgrade to Symfony 6, API Platform…
… 3 (#365)
- Loading branch information
Showing
1,665 changed files
with
61,889 additions
and
96,347 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # EditorConfig helps developers define and maintain consistent | ||
| # coding styles between different editors and IDEs | ||
| # editorconfig.org | ||
|
|
||
| root = true | ||
|
|
||
| [*] | ||
| # Change these settings to your own preference | ||
| indent_style = space | ||
| indent_size = 4 | ||
|
|
||
| # We recommend you to keep these unchanged | ||
| end_of_line = lf | ||
| charset = utf-8 | ||
| trim_trailing_whitespace = true | ||
| insert_final_newline = true | ||
|
|
||
| [*.{html}] | ||
| indent_size = 2 | ||
|
|
||
| [*.json] | ||
| indent_size = 2 | ||
|
|
||
| [*.md] | ||
| trim_trailing_whitespace = false | ||
|
|
||
| [*.sh] | ||
| indent_size = 2 | ||
|
|
||
| [.github/workflows/*.{yaml,yml}] | ||
| indent_style = space | ||
| indent_size = 2 | ||
|
|
||
| [composer.json] | ||
| indent_style = space | ||
| indent_size = 4 | ||
|
|
||
| [docker-compose{,.*}.{yaml,yml}] | ||
| indent_style = space | ||
| indent_size = 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| COMPOSE_PROJECT_NAME=ps | ||
| COMPOSE_FILE=docker-compose.yml | ||
| COMPOSE_PROFILES=auth,databox,expose,notify,uploader,auth-worker,databox-worker,expose-worker,notify-worker,uploader-worker,db,report,tools,mailhog,dashboard | ||
| COMPOSE_PROFILES=databox,expose,notify,uploader,databox-worker,expose-worker,notify-worker,uploader-worker,db,report,tools,mailhog,dashboard | ||
|
|
||
| # Leave empty if 443, include ':' otherwise | ||
| HTTPS_PORT_PREFIX=${HTTPS_PORT_PREFIX:-} | ||
|
|
@@ -19,32 +19,27 @@ LETS_ENCRYPT_PROVIDER= | |
| #LETS_ENCRYPT_CA_SERVER=https://acme-v02.api.letsencrypt.org/directory | ||
| LETS_ENCRYPT_CA_SERVER=https://acme-staging-v02.api.letsencrypt.org/directory | ||
|
|
||
| PHRASEA_DOMAIN=${PHRASEA_DOMAIN:-phrasea.local} | ||
| # URLs | ||
| AUTH_API_BASE_URL=https://api-auth.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DASHBOARD_BASE_URL=https://dashboard.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DATABOX_API_BASE_URL=https://api-databox.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DATABOX_CLIENT_BASE_URL=https://databox.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DATABOX_INDEXER_URL=https://databox-indexer.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| ELASTICHQ_BASE_URL=https://elastichq.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| EXPOSE_API_BASE_URL=https://api-expose.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| EXPOSE_CLIENT_BASE_URL=https://expose.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| MAILHOG_BASE_URL=https://mailhog.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| MATOMO_BASE_URL=https://matomo.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| MINIO_CONSOLE_BASE_URL=https://minio-console.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| NOTIFY_API_BASE_URL=https://api-notify.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| PGADMIN_BASE_URL=https://pgadmin.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| PHPMYADMIN_BASE_URL=https://pma.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| PHRASEANET_BASE_URL=https://phraseanet.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| RABBITMQ_CONSOLE_BASE_URL=https://rabbitmq-console.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| REPORT_API_BASE_URL=http://report-api | ||
| PHRASEA_DOMAIN="${PHRASEA_DOMAIN:-phrasea.local}" | ||
| DASHBOARD_URL=https://dashboard.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| S3_ENDPOINT=https://minio.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| SAML2_BASE_URL=https://saml-idp2.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX}/simplesaml | ||
| SAML_BASE_URL=https://saml-idp.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX}/simplesaml | ||
| TRAEFIK_CONSOLE_BASE_URL=https://traefik-console.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| UPLOADER_API_BASE_URL=https://api-uploader.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| UPLOADER_CLIENT_BASE_URL=https://uploader.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| ZIPPY_BASE_URL=https://zippy.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| UPLOADER_API_URL=https://api-uploader.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| EXPOSE_API_URL=https://api-expose.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DATABOX_API_URL=https://api-databox.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| NOTIFY_API_URL=https://api-notify.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DATABOX_CLIENT_URL=https://databox.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| EXPOSE_CLIENT_URL=https://expose.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| UPLOADER_CLIENT_URL=https://uploader.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| ZIPPY_URL=https://zippy.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| MINIO_CONSOLE_URL=https://minio-console.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| MAILHOG_URL=https://mailhog.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| PGADMIN_URL=https://pgadmin.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| PHPMYADMIN_URL=https://pma.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| RABBITMQ_CONSOLE_URL=https://rabbitmq-console.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| TRAEFIK_CONSOLE_URL=https://traefik-console.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| ELASTICHQ_URL=https://elastichq.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
| DATABOX_INDEXER_URL=https://databox-indexer.${PHRASEA_DOMAIN}${HTTPS_PORT_PREFIX} | ||
|
|
||
| REPORT_API_URL=http://report-api | ||
|
|
||
| REGISTRY_NAMESPACE=alchemyfr/ps- | ||
| # Docker image TAG (used only for deployment) | ||
|
|
@@ -65,12 +60,6 @@ S3_SECRET_KEY=__CHANGE_ME_ZFA0x96WHJztksXrKUHYUA | |
| # Can be used to support a single CloudFront distribution with multiple origins | ||
| S3_PATH_PREFIX= | ||
|
|
||
| # Auth | ||
| AUTH_REGISTRATION_VALIDATE_EMAIL=true | ||
| DEFAULT_USER_EMAIL=[email protected] | ||
| DEFAULT_USER_PASSWORD=__CHANGE_ME_Fv2TrQZg | ||
| AUTH_RABBITMQ_VHOST=auth | ||
|
|
||
| # Auto redirect to identity provider when coming from a client app | ||
| AUTO_CONNECT_IDP= | ||
|
|
||
|
|
@@ -92,18 +81,10 @@ DATABOX_SECRETS_SECRET_KEY=Y6cqN347d5ShtLCmR3DGE+A2Z+SBw4S1wOTTFrISF3M= | |
|
|
||
| # OAuth client ID for Databox service | ||
| DATABOX_CLIENT_ID=databox-app | ||
| # OAuth client secret for Databox service (left part) | ||
| DATABOX_CLIENT_RANDOM_ID=12345 | ||
| # OAuth client secret for Databox service (right part) | ||
| DATABOX_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
|
|
||
| # Uploader | ||
| # OAuth client ID for Auth service | ||
| # OAuth client ID | ||
| UPLOADER_CLIENT_ID=uploader-app | ||
| # OAuth client secret for Auth service (left part) | ||
| UPLOADER_CLIENT_RANDOM_ID=12345 | ||
| # OAuth client secret for Auth service (right part) | ||
| UPLOADER_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
| ASSET_CONSUMER_COMMIT_URI=http://localhost:9999/api/v1/upload/enqueue/ | ||
| ASSET_CONSUMER_ACCESS_TOKEN=define-me | ||
| UPLOADER_STORAGE_BUCKET_NAME=uploader-deposit | ||
|
|
@@ -115,33 +96,24 @@ UPLOADER_RABBITMQ_VHOST=uploader | |
| UPLOADER_ALLOWED_FILE_TYPES='image/*(jpg,jpeg,bmp,tif,gif,png,heic),application/*(pdf,doc,docx,xls,xlsx,odt),video/*(mpg,mpeg,mov,avi,mp3,mp2,mp4,m4v,m4a,mkv,hevc)audio/*(aac,aiff,wav)' | ||
|
|
||
| # For admin OAuth clients | ||
| AUTH_ADMIN_CLIENT_ID=auth-admin | ||
| AUTH_ADMIN_CLIENT_RANDOM_ID=12345 | ||
| AUTH_ADMIN_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
|
|
||
| EXPOSE_ADMIN_CLIENT_ID=expose-admin | ||
| EXPOSE_ADMIN_CLIENT_RANDOM_ID=12345 | ||
| EXPOSE_ADMIN_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
|
|
||
| UPLOADER_ADMIN_CLIENT_ID=uploader-admin | ||
| UPLOADER_ADMIN_CLIENT_RANDOM_ID=12345 | ||
| UPLOADER_ADMIN_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
|
|
||
| NOTIFY_ADMIN_CLIENT_ID=notify-admin | ||
| NOTIFY_ADMIN_CLIENT_RANDOM_ID=12345 | ||
| NOTIFY_ADMIN_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
|
|
||
| DATABOX_ADMIN_CLIENT_ID=databox-admin | ||
| DATABOX_ADMIN_CLIENT_RANDOM_ID=12345 | ||
| DATABOX_ADMIN_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
|
|
||
| KEYCLOAK_URL="${KEYCLOAK_URL:-https://keycloak.$PHRASEA_DOMAIN$HTTPS_PORT_PREFIX}" | ||
| KEYCLOAK_REALM_NAME="${KEYCLOAK_REALM_NAME:-phrasea}" | ||
|
|
||
| # Expose | ||
| # OAuth client ID for Expose service | ||
| EXPOSE_CLIENT_ID=expose-app | ||
| # OAuth client secret for Expose service (left part) | ||
| EXPOSE_CLIENT_RANDOM_ID=12345 | ||
| # OAuth client secret for Expose service (right part) | ||
| EXPOSE_CLIENT_SECRET=__CHANGE_ME_cli3nt_s3cr3t | ||
| EXPOSE_STORAGE_ENDPOINT=http://minio:9000 | ||
| EXPOSE_STORAGE_BUCKET_NAME=expose | ||
| EXPOSE_STORAGE_USE_PATH_STYLE_ENDPOINT=true | ||
|
|
@@ -173,10 +145,18 @@ POSTGRES_HOST=db | |
| POSTGRES_PORT=5432 | ||
| POSTGRES_USER=__CHANGE_ME_QmkpoE6I42px1 | ||
| POSTGRES_PASSWORD=__CHANGE_ME_n0EQbOzeEQC1 | ||
| PGADMIN_DEFAULT_EMAIL=admin@phrasea.local | ||
| PGADMIN_DEFAULT_EMAIL=admin@${PHRASEA_DOMAIN} | ||
| PGADMIN_DEFAULT_PASSWORD=__CHANGE_ME_eTRPkJOyniPHmZ | ||
| DB_DEV_PORT=5432 | ||
|
|
||
| # Deprecated | ||
| AUTH_DB_NAME=auth | ||
|
|
||
| DATABOX_DB_NAME=databox | ||
| EXPOSE_DB_NAME=expose | ||
| NOTIFY_DB_NAME=notify | ||
| UPLOADER_DB_NAME=uploader | ||
|
|
||
| MARIADB_ROOT_PASSWORD=__CHANGE_ME_9s0EQbeEn0EQbQC1 | ||
| MARIADB_USER=__CHANGE_ME_oBiOsCDSY | ||
| MARIADB_PASSWORD=__CHANGE_ME_pfdir56eEQC1 | ||
|
|
@@ -185,7 +165,7 @@ MARIADB_PORT=3306 | |
|
|
||
| # Dev | ||
| MAILER_DSN=smtp://mailhog:1025 | ||
| MAIL_FROM=noreply@phrasea.local | ||
| MAIL_FROM=noreply@${PHRASEA_DOMAIN} | ||
|
|
||
| # Mailhog | ||
| MAILHOG_PORT=8125 | ||
|
|
@@ -206,10 +186,28 @@ ELASTICSEARCH_INDEX_PREFIX= | |
| # Report | ||
| REPORT_DB_NAME=report | ||
|
|
||
| # Keycloak | ||
| KEYCLOAK_DB_NAME=keycloak | ||
| KEYCLOAK_ADMIN=admin | ||
| KEYCLOAK_ADMIN_PASSWORD=__CHANGE_ME_rTLDzTAFiFIQiHDm | ||
|
|
||
| DEFAULT_ADMIN_USERNAME=phrasea-admin | ||
| DEFAULT_ADMIN_PASSWORD=__CHANGE_ME_CAZ7B1ZP4os2kZPL | ||
|
|
||
| # Keycloak2 | ||
| KEYCLOAK2_DB_NAME=keycloak2 | ||
| KEYCLOAK2_ADMIN=admin2 | ||
| KEYCLOAK2_ADMIN_PASSWORD=__CHANGE_ME_wijk8OdBY4MW4rTc | ||
|
|
||
| # Zippy SVC | ||
| ZIPPY_CLIENT_ID=client | ||
| ZIPPY_CLIENT_SECRET=secret | ||
|
|
||
| # SAML IDP Test 1 | ||
| SAML_URL=https://saml-idp.${PHRASEA_DOMAIN}/simplesaml | ||
| # SAML IDP Test 2 | ||
| SAML2_URL=https://saml-idp2.${PHRASEA_DOMAIN}/simplesaml | ||
|
|
||
| TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR | ||
| PS_SUBNET=172.30.202.0/16 | ||
| PS_GATEWAY_IP=172.30.0.1 | ||
|
|
@@ -231,11 +229,12 @@ ELK_VERSION=7.11.2 | |
|
|
||
| VERIFY_SSL=true | ||
|
|
||
| PHRASEANET_DOMAIN="${PHRASEANET_DOMAIN:-phraseanet.$PHRASEA_DOMAIN}" | ||
| PHRASEANET_URL=https://${PHRASEANET_DOMAIN} | ||
| PHRASEANET_APP_OAUTH_TOKEN=define-me | ||
|
|
||
| # Indexer | ||
| INDEXER_DATABOX_CLIENT_ID=indexer | ||
| INDEXER_DATABOX_CLIENT_RANDOM_ID=abc | ||
| INDEXER_DATABOX_CLIENT_SECRET=__CHANGE_ME_ad9m88kd8rih5 | ||
| INDEXER_DATABOX_WORKSPACE_SLUG= | ||
| INDEXER_DATABOX_OWNER_ID= | ||
|
|
@@ -266,3 +265,7 @@ LEGO_AWS_SDK_LOAD_CONFIG= | |
|
|
||
| NEWRELIC_ENABLED=0 | ||
| NEWRELIC_LICENSE_KEY= | ||
|
|
||
| SENTRY_DSN= | ||
| SENTRY_ENVIRONMENT=prod | ||
| SENTRY_RELEASE=unknown | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| name: Build and push image | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| prefix: | ||
| required: true | ||
| type: string | ||
| context: | ||
| required: true | ||
| type: string | ||
| withLibs: | ||
| required: false | ||
| default: false | ||
| type: boolean | ||
|
|
||
| env: | ||
| COMPOSE_PROJECT_NAME: build | ||
| REGISTRY_NAMESPACE: ghcr.io/${{ github.repository_owner }}/ps- | ||
| DOCKER_TAG: ${{ github.sha }} | ||
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.repository_owner == 'alchemy-fr' }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - uses: docker/setup-qemu-action@v2 | ||
| - uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Update libs | ||
| if: ${{ inputs.withLibs }} | ||
| shell: bash | ||
| run: | | ||
| bin/update-libs.sh | ||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ${{ env.IMAGE_REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Build and Push API PHP | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: ${{ inputs.context }} | ||
| file: ${{ inputs.context }}/Dockerfile | ||
| target: api-php | ||
| push: true | ||
| cache-from: type=registry,ref=${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-api-php:build-cache | ||
| cache-to: type=registry,mode=max,ref=${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-api-php:build-cache | ||
| build-args: | | ||
| BASE_TAG=${{ env.DOCKER_TAG }} | ||
| REGISTRY_NAMESPACE=${{ env.REGISTRY_NAMESPACE }} | ||
| SENTRY_RELEASE=${{ github.sha }} | ||
| tags: | | ||
| ${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-api-php:${{ env.DOCKER_TAG }} | ||
| - name: Build and Push API NGINX | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: ${{ inputs.context }} | ||
| file: ${{ inputs.context }}/Dockerfile | ||
| target: api-nginx | ||
| push: true | ||
| cache-from: type=registry,ref=${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-api-nginx:build-cache | ||
| cache-to: type=registry,mode=max,ref=${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-api-nginx:build-cache | ||
| build-args: | | ||
| BASE_TAG=${{ env.DOCKER_TAG }} | ||
| REGISTRY_NAMESPACE=${{ env.REGISTRY_NAMESPACE }} | ||
| tags: | | ||
| ${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-api-nginx:${{ env.DOCKER_TAG }} | ||
| - name: Build and Push Worker | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: ${{ inputs.context }} | ||
| file: ${{ inputs.context }}/Dockerfile | ||
| target: worker | ||
| push: true | ||
| cache-from: type=registry,ref=${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-worker:build-cache | ||
| cache-to: type=registry,mode=max,ref=${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-worker:build-cache | ||
| build-args: | | ||
| BASE_TAG=${{ env.DOCKER_TAG }} | ||
| REGISTRY_NAMESPACE=${{ env.REGISTRY_NAMESPACE }} | ||
| SENTRY_RELEASE=${{ github.sha }} | ||
| tags: | | ||
| ${{ env.REGISTRY_NAMESPACE }}${{ inputs.prefix }}-worker:${{ env.DOCKER_TAG }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.