From 61690e7d895f1fcb67580bc63126e499d44e3c2a Mon Sep 17 00:00:00 2001 From: Damien Wilson Date: Tue, 23 Apr 2024 17:11:10 +0100 Subject: [PATCH] CDPT 1528 - install wp offload media pro (#545) * Add AS3CF_PRO * Fix unused var * Server name not generated locally * New command: make composer-update * Include composer auth * Use correct var names --- .env.example | 4 + .github/README.md | 71 ++++++++--- .github/workflows/build.yml | 26 +++- .github/workflows/php-composer-test.yml | 2 + .github/workflows/snyk-security.yml | 14 ++- .gitignore | 3 +- Dockerfile | 4 + Makefile | 135 +++++++++++++++----- bin/composer-auth.sh | 6 +- bin/local-composer-assets.sh | 5 + bin/local-composer-update.sh | 20 +++ composer.json | 12 +- composer.lock | 160 ++++++++++++------------ config/wp-offload-media.php | 2 +- deploy/config/local/nginx/php-fpm.conf | 2 +- docker-compose.yml | 6 +- 16 files changed, 320 insertions(+), 152 deletions(-) create mode 100755 bin/local-composer-update.sh diff --git a/.env.example b/.env.example index 034ec58f3..a613ca782 100644 --- a/.env.example +++ b/.env.example @@ -10,6 +10,10 @@ COMPOSER_PASS=some_password # used so composer can access repos COMPOSER_TOKEN=some_token +AS3CF_PRO_LICENCE=license +AS3CF_PRO_USER=username +AS3CF_PRO_PASS=password + # used for wp-cron NGINX_SERVICE_PORT=http://nginx:8080 diff --git a/.github/README.md b/.github/README.md index ed901529c..ff4e4fe39 100644 --- a/.github/README.md +++ b/.github/README.md @@ -18,7 +18,7 @@ https://intranet.justice.gov.uk/ ## Summary -> Nb. `README.md` is located in `.github/`, the preferred location for a clean repository. +> Nb. `README.md` is located in `.github/` ## Installation for development @@ -28,7 +28,7 @@ The application uses Docker. This repository provides two separate local test en 1. Docker Compose 2. Kubernetes -Where `docker compose` provides a pre-production environment to develop features and apply upgrades, Kubernetes allows +Where `docker compose` provides a pre-production environment to apply upgrades and develop features, Kubernetes allows us to test and debug our deployments to the Cloud Platform. ### Setup @@ -45,7 +45,11 @@ Change directories: cd intranet ``` -Next, depending on the environment you would like to launch, do one of the following. +Next, depending on the environment you would like to launch, choose one of the following: + +- [Docker Compose](#1-docker-compose) +- [Kubernetes](#2-kubernetes) + ### 1. Docker Compose @@ -58,7 +62,7 @@ This environment has been set up to develop and improve the application. The following make command will get you up and running. -It creates the environment, starts all services and opens a command prompt on the container that houses our PHP code, +It creates the environment and starts all services, the service is called `php-fpm`: ```bash @@ -69,23 +73,17 @@ During the `make` process, the Dory proxy will attempt to install. You will be g ### Services -You will have five services running with different access points. They are: +You will have ten services running in total, all with different access points. They are: **Nginx**
http://intranet.docker/ -**PHP-FPM**
+**PHP-FPM** ```bash make bash ``` -On first use, the application will need initializing with the following command. - -```bash -composer install -``` - **Node**
This service watches and compiles our assets, no need to access. The output of this service is available on STDOUT. @@ -102,10 +100,53 @@ Internally accessed by PHP-FPM on port 3306 **PHPMyAdmin**
http://intranet.docker:9191/
-Login details located in `docker-compose.yml` +Login information can be found in [.env](https://github.com/ministryofjustice/intranet/blob/develop/.env.example#L16) + + +**Opensearch** + +We use this + +**Opensearch Dashboard** + +Dashboards that allow us to query indexed data. + +**Minio** + +Minio acts just like an AWS S3 bucket. + +**CDN** + +This service acts like a distributed CloudFront service allowing us to imitate a CDN. + +**CRON** + +In production we have a scalable cron container. It's only job right now is to make a head request to `wp-cron.php` +There is no need to access this container. However, with every running container you can reach the OS. + +```bash +docker compose exec -it wp-cron ash +``` + +--- > There is no need to install application software on your computer.
-> All required software is built within the services and all services are ephemeral. +> All required software is built within the services - all services are ephemeral. + +**Composer** + +We match the process that occurs in production CI locally to ensure we test against the same criteria. +As such, during development it will be necessary to rebuild directories when updating composer. + +**After making changes to `composer.json`**... + +```bash +make composer-update +``` + +This will fire off a set of checks, ensuring composer updates and all static assets are distributed correctly. +For more information, review [Dockerfile](https://github.com/ministryofjustice/intranet/blob/develop/Dockerfile#L125) +and [local assets files](https://github.com/ministryofjustice/intranet/blob/develop/bin/local-composer-assets.sh#L10). #### Volumes @@ -130,7 +171,7 @@ Once the above requirements have been met, we are able to launch our application command: ```bash -make local-kube +make kube ``` The following will take place: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c2cd94891..66afdb448 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,15 +32,35 @@ jobs: - name: "Build & Push to ECR" run: | - docker image build -t $REGISTRY/$REPOSITORY:fpm-$IMAGE_TAG --target build-fpm --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" . - docker image build -t $REGISTRY/$REPOSITORY:nginx-$IMAGE_TAG --target build-nginx --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" . - docker image build -t $REGISTRY/$REPOSITORY:cron-$IMAGE_TAG --target build-cron . + + # ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + + docker image build -t $REGISTRY/$REPOSITORY:fpm-$IMAGE_TAG \ + --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" \ + --build-arg AS3CF_PRO_USER="$AS3CF_PRO_USER" --build-arg AS3CF_PRO_PASS="$AS3CF_PRO_PASS" \ + --target build-fpm . + + docker image build -t $REGISTRY/$REPOSITORY:nginx-$IMAGE_TAG \ + --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" \ + --build-arg AS3CF_PRO_USER="$AS3CF_PRO_USER" --build-arg AS3CF_PRO_PASS="$AS3CF_PRO_PASS" \ + --target build-nginx . + + docker image build -t $REGISTRY/$REPOSITORY:cron-$IMAGE_TAG \ + --target build-cron . + + # ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + docker push $REGISTRY/$REPOSITORY:fpm-$IMAGE_TAG docker push $REGISTRY/$REPOSITORY:nginx-$IMAGE_TAG docker push $REGISTRY/$REPOSITORY:cron-$IMAGE_TAG + + # ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + env: REGISTRY: ${{ steps.ecr-login.outputs.registry }} REPOSITORY: ${{ vars.ECR_REPOSITORY }} IMAGE_TAG: ${{ github.sha }} COMPOSER_USER: ${{ secrets.COMPOSER_USER }} COMPOSER_PASS: ${{ secrets.COMPOSER_PASS }} + AS3CF_PRO_USER: ${{ secrets.AS3CF_PRO_USER }} + AS3CF_PRO_PASS: ${{ secrets.AS3CF_PRO_PASS }} diff --git a/.github/workflows/php-composer-test.yml b/.github/workflows/php-composer-test.yml index e294eca48..e2f2b9c14 100644 --- a/.github/workflows/php-composer-test.yml +++ b/.github/workflows/php-composer-test.yml @@ -40,6 +40,8 @@ jobs: env: COMPOSER_USER: ${{ secrets.COMPOSER_USER }} COMPOSER_PASS: ${{ secrets.COMPOSER_PASS }} + AS3CF_PRO_USER: ${{ secrets.AS3CF_PRO_USER }} + AS3CF_PRO_PASS: ${{ secrets.AS3CF_PRO_PASS }} - name: "Run tests" run: make test diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml index 334e9a4b6..410bbd57a 100644 --- a/.github/workflows/snyk-security.yml +++ b/.github/workflows/snyk-security.yml @@ -46,11 +46,21 @@ jobs: # Build the docker images for testing - name: Container monitor ~ build FPM & Nginx Docker images run: | - docker image build --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" -t intranet-fpm:snyk --target build-fpm . - docker image build --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" -t intranet-nginx:snyk --target build-nginx . + docker image build \ + --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" \ + --build-arg AS3CF_PRO_USER="$AS3CF_PRO_USER" --build-arg AS3CF_PRO_PASS="$AS3CF_PRO_PASS" \ + -t intranet-fpm:snyk --target build-fpm . + + docker image build \ + --build-arg COMPOSER_USER="$COMPOSER_USER" --build-arg COMPOSER_PASS="$COMPOSER_PASS" \ + --build-arg AS3CF_PRO_USER="$AS3CF_PRO_USER" --build-arg AS3CF_PRO_PASS="$AS3CF_PRO_PASS" \ + -t intranet-nginx:snyk --target build-nginx . + env: COMPOSER_USER: ${{ secrets.COMPOSER_USER }} COMPOSER_PASS: ${{ secrets.COMPOSER_PASS }} + AS3CF_PRO_USER: ${{ secrets.AS3CF_PRO_USER }} + AS3CF_PRO_PASS: ${{ secrets.AS3CF_PRO_PASS }} # Runs Snyk Container (Container and SCA) analysis. - name: Container monitor ~ analyse diff --git a/.gitignore b/.gitignore index 8ab671660..9826d8b11 100644 --- a/.gitignore +++ b/.gitignore @@ -18,8 +18,7 @@ public/app/mu-plugins/*/ public/app/upgrade public/app/languages/* public/app/uploads/* -vendor -vendor-assets +vendor* .dory.yml !deploy/config/local/.dory.yml auth.json diff --git a/Dockerfile b/Dockerfile index 7b6388bfc..4a9dd0bf0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -66,6 +66,8 @@ USER 101 FROM base-fpm AS fpm-dev +RUN apk add zip + WORKDIR /var/www/html COPY --from=composer:2 /usr/bin/composer /usr/bin/composer @@ -111,6 +113,8 @@ FROM base-fpm AS build-fpm-composer ARG COMPOSER_USER ARG COMPOSER_PASS +ARG AS3CF_PRO_USER +ARG AS3CF_PRO_PASS COPY --from=composer:2 /usr/bin/composer /usr/bin/composer diff --git a/Makefile b/Makefile index 60887d0c6..c141d7d7d 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,23 @@ .DEFAULT_GOAL := d-shell -## populate as needed for testing -## ... never commit! +## █░█ ▄▀█ █▀█ █ ▄▀█ █▄▄ █░░ █▀▀ █▀ +## ▀▄▀ █▀█ █▀▄ █ █▀█ █▄█ █▄▄ ██▄ ▄█ +## populate as needed for testing +## ... never commit! COMPOSER_USER := *** COMPOSER_PASS := *** +AS3CF_PRO_USER := *** +AS3CF_PRO_PASS := *** + +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ kube := kind k8s_prt := 8080:80 k8s_nsp := default k8s_pod := kubectl -n $(k8s_nsp) get pod -l app=intranet-local -o jsonpath="{.items[0].metadata.name}" +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + init: setup run d-compose: local-stop @@ -25,6 +33,10 @@ restart: @docker compose down php-fpm @make d-compose + +# █▄░█ █▀█ █▀▄ █▀▀ +# █░▀█ █▄█ █▄▀ ██▄ + node-assets: npm install npm run watch @@ -33,6 +45,14 @@ node-cdn: npm install npm run watch + +# █▀▀ █▀█ █▀▄▀█ █▀█ █▀█ █▀ █▀▀ █▀█ +# █▄▄ █▄█ █░▀░█ █▀▀ █▄█ ▄█ ██▄ █▀▄ + +composer-update: + @docker compose exec php-fpm ./bin/local-composer-update.sh ash + @make composer + composer-assets: @chmod +x ./bin/local-composer-assets.sh @docker compose exec php-fpm ./bin/local-composer-assets.sh ash @@ -43,7 +63,10 @@ composer-copy: composer: composer-assets composer-copy -# Open a bash shell on the running php container + +# █▀ █░█ █▀▀ █░░ █░░ +# ▄█ █▀█ ██▄ █▄▄ █▄▄ +# 𝕆𝕡𝕖𝕟 𝕒 𝕓𝕒𝕤𝕙 𝕤𝕙𝕖𝕝𝕝 𝕠𝕟 𝕥𝕙𝕖 𝕣𝕦𝕟𝕟𝕚𝕟𝕘 𝕡𝕙𝕡 𝕔𝕠𝕟𝕥𝕒𝕚𝕟𝕖𝕣 bash: docker compose exec php-fpm bash @@ -56,6 +79,7 @@ bash-cron: node: docker compose exec --workdir /node node bash + # Remove ignored git files – e.g. composer dependencies and built theme assets # But keep .env file, .idea directory (PhpStorm config), and uploaded media files clean: @@ -70,7 +94,10 @@ deep-clean: docker-clean: bin/local-docker-clean.sh -# Run the application + +# ▄▀█ █▀▀ ▀█▀ █ █▀█ █▄░█ +# █▀█ █▄▄ ░█░ █ █▄█ █░▀█ +# ℝ𝕦𝕟 𝕥𝕙𝕖 𝕒𝕡𝕡𝕝𝕚𝕔𝕒𝕥𝕚𝕠𝕟 run: local-stop dory up up: @@ -87,10 +114,6 @@ launch: local-stop dory dory: @chmod +x ./bin/local-dory-check.sh && ./bin/local-dory-check.sh -# Starts the application, includes the local-ssh container for migrations. -migrate: - docker compose --profile local-ssh up - # Run tests test: composer test @@ -104,39 +127,69 @@ key-gen: @chmod +x ./bin/local-key-gen.sh && ./bin/local-key-gen.sh -##### -## Mock production, K8S deployment -##### +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# █▀█ █▀█ █▀█ █▀▄ █░█ █▀▀ ▀█▀ █ █▀█ █▄░█ █▀▄▀█ █▀█ █▀▀ █▄▀ +# █▀▀ █▀▄ █▄█ █▄▀ █▄█ █▄▄ ░█░ █ █▄█ █░▀█ █░▀░█ █▄█ █▄▄ █░█ +## 𝕂𝟠𝕊 𝕕𝕖𝕡𝕝𝕠𝕪𝕞𝕖𝕟𝕥 +# +# █▄▄ █░█ █ █░░ █▀▄ +# █▄█ █▄█ █ █▄▄ █▄▀ + build-nginx: @echo "\n--> Building local Nginx <---------------------------|\n"; sleep 3; - docker image build --build-arg COMPOSER_USER="${COMPOSER_USER}" --build-arg COMPOSER_PASS="${COMPOSER_PASS}" -t intranet-nginx:latest --target build-nginx . + docker image build -t intranet-nginx:latest \ + --build-arg COMPOSER_USER="${COMPOSER_USER}" --build-arg COMPOSER_PASS="${COMPOSER_PASS}" \ + --build-arg AS3CF_PRO_USER="${AS3CF_PRO_USER}" --build-arg AS3CF_PRO_PASS="${AS3CF_PRO_PASS}" \ + --target build-nginx . # FastCGI Process Manager for PHP # https://www.php.net/manual/en/install.fpm.php # https://www.plesk.com/blog/various/php-fpm-the-future-of-php-handling/ build-fpm: @echo "\n--> Building local FPM <---------------------------|\n"; sleep 3; - docker image build --build-arg COMPOSER_USER="${COMPOSER_USER}" --build-arg COMPOSER_PASS="${COMPOSER_PASS}" -t intranet-fpm:latest --target build-fpm . + docker image build -t intranet-fpm:latest \ + --build-arg COMPOSER_USER="${COMPOSER_USER}" --build-arg COMPOSER_PASS="${COMPOSER_PASS}" \ + --build-arg AS3CF_PRO_USER="${AS3CF_PRO_USER}" --build-arg AS3CF_PRO_PASS="${AS3CF_PRO_PASS}" \ + --target build-fpm . build-cron: @echo "\n--> Building local CRON (runs wp-cron process) <---------------------------|\n"; sleep 3; - docker image build -t intranet-cron:latest --target cron . - -build: build-fpm build-nginx - @if [ ${kube} == 'kind' ]; then kind load docker-image intranet-fpm:latest; kind load docker-image intranet-nginx:latest; fi + docker image build -t intranet-cron:latest \ + --target build-cron . + +build: build-fpm build-nginx build-cron + @if [ ${kube} == 'kind' ]; then \ + kind load docker-image intranet-fpm:latest; \ + kind load docker-image intranet-nginx:latest; \ + kind load docker-image intranet-cron:latest; \ + fi @echo "\n--> Done.\n" -deploy: clear - @echo "\n--> Local Kubernetes deployment <---------------------------|\n" - kubectl apply -f deploy/local -cluster: - @if [ "${kube}" != 'kind' ]; then echo "\n--> Please, activate the kind cluster to assist in local app development on Kubernetes"; echo "--> Amend the variable named kube on line 3 in Makefile to read 'kind' (without quotes)"; echo "--> ... or, install kind from scratch: https://kind.sigs.k8s.io/docs/user/quick-start/#installation \n"; sleep 8; fi - @if [ "${kube}" == 'kind' ]; then kind create cluster --config=deploy/config/local/kube/cluster.yml; kubectl apply -f https://projectcontour.io/quickstart/contour.yaml; fi - @if [ "${kube}" == 'kind' ]; then kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/control-plane","operator":"Equal","effect":"NoSchedule"},{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}]}}}}'; fi +# █▀▄ █▀▀ █▀█ █░░ █▀█ █▄█ +# █▄▀ ██▄ █▀▀ █▄▄ █▄█ ░█░ -kind: local-kube-start clear cluster local-kube-build - @if [ "${kube}" == 'kind' ]; then echo "\n--> Verifying..."; echo "--> Use ctrl + C to exit when ready\n"; kubectl get pods -w; fi +kube: local-kube-start clear cluster local-kube-build + @if [ "${kube}" == 'kind' ]; then \ + echo "\n--> Verifying..."; \ + echo "--> Use ctrl + C to exit when ready\n"; \ + kubectl get pods -w; \ + fi + +cluster: + @if [ "${kube}" != 'kind' ]; then \ + echo "\n--> Please, activate the kind cluster to assist in local app development on Kubernetes"; \ + echo "--> Amend the variable named kube on line 3 in Makefile to read 'kind' (without quotes)"; \ + echo "--> ... or, install kind from scratch: https://kind.sigs.k8s.io/docs/user/quick-start/#installation \n"; sleep 8; \ + fi + @if [ "${kube}" == 'kind' ]; then \ + kind create cluster --config=deploy/config/local/kube/cluster.yml; \ + kubectl apply -f https://projectcontour.io/quickstart/contour.yaml; \ + fi + @if [ "${kube}" == 'kind' ]; then \ + kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/control-plane","operator":"Equal","effect":"NoSchedule"},{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}]}}}}'; \ + fi local-kube-start: @if [ -n "$(docker ps | grep dory_dnsmasq)" ]; then dory down; fi # lets make sure port 80 is free @@ -147,18 +200,33 @@ local-stop: @docker container stop kind-control-plane || true >/dev/null 2>&1 @echo "--> Done.\n" +deploy: clear + @echo "\n--> Local Kubernetes deployment <---------------------------|\n" + kubectl apply -f deploy/local + local-kube-build: build deploy - @if [ "${kube}" == 'kind' ]; then echo "\n--> Verifying..."; echo "--> Use ctrl + C to exit when ready\n"; kubectl get pods -w; fi + @if [ "${kube}" == 'kind' ]; then \ + echo "\n--> Verifying..."; \ + echo "--> Use ctrl + C to exit when ready\n"; \ + kubectl get pods -w; \ + fi clear: @clear + +# █░░ █▀█ █▀▀ █▀█ █░█ ▀█▀ █▀█ █░█ ▀█▀ +# █▄▄ █▄█ █▄█ █▄█ █▄█ ░█░ █▀▀ █▄█ ░█░ + +logs: clear logs-fpm-flash logs-nginx-flash + @echo "\n---------------------------------------------\n" + log-nginx: clear - @echo "\n--> NGINX LOGS <---------------------------|\n" + @echo "\n--> NGINX LOGS (tail) <---------------------------|\n" @$(k8s_pod) | xargs -t kubectl logs -f -n $(k8s_nsp) -c nginx log-fpm: clear - @echo "\n--> FPM PHP LOGS <-------------------------|\n" + @echo "\n--> FPM PHP LOGS (tail) <-------------------------|\n" @$(k8s_pod) | xargs kubectl logs -f -n $(k8s_nsp) -c fpm logs-nginx-flash: @@ -169,15 +237,14 @@ logs-fpm-flash: @echo "\n--> FPM PHP LOGS <-------------------------|\n" @$(k8s_pod) | xargs kubectl logs -n $(k8s_nsp) -c fpm -logs: clear logs-fpm-flash logs-nginx-flash - @echo "\n---------------------------------------------\n" + + +# █▄▀ █░█ █▄▄ █▀▀ █▀█ █▄░█ █▀▀ ▀█▀ █▀▀ █▀ +# █░█ █▄█ █▄█ ██▄ █▀▄ █░▀█ ██▄ ░█░ ██▄ ▄█ port-forward: @$(k8s_pod) | echo $$(cat -)" "$(k8s_prt) | xargs kubectl -n $(k8s_nsp) port-forward -apply: - kubectl apply -f deploy/local - unapply: @$(k8s_pod) | xargs kubectl -n $(k8s_nsp) delete pod diff --git a/bin/composer-auth.sh b/bin/composer-auth.sh index 9fe8b1e86..6d1bece8d 100755 --- a/bin/composer-auth.sh +++ b/bin/composer-auth.sh @@ -20,10 +20,8 @@ then cat <<- EOF >> auth.json { "http-basic": { - "composer.wp.dsd.io": { - "username": "$COMPOSER_USER", - "password": "$COMPOSER_PASS" - } + "composer.wp.dsd.io": {"username": "$COMPOSER_USER","password": "$COMPOSER_PASS"}, + "composer.deliciousbrains.com": {"username": "$AS3CF_PRO_USER","password": "$AS3CF_PRO_PASS"} } } EOF diff --git a/bin/local-composer-assets.sh b/bin/local-composer-assets.sh index 59eb1a8a3..f13aa6330 100755 --- a/bin/local-composer-assets.sh +++ b/bin/local-composer-assets.sh @@ -4,6 +4,11 @@ source bin/composer-auth.sh if [ ! -d "./vendor" ]; then composer install + + echo "Generating checksum..." + zip -r -f --quiet vendor ./vendor + sha1sum vendor.zip > vendor.sha1 + echo "Done." fi if [ ! -d "./vendor-assets" ]; then diff --git a/bin/local-composer-update.sh b/bin/local-composer-update.sh new file mode 100755 index 000000000..2721fa152 --- /dev/null +++ b/bin/local-composer-update.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env ash + +source bin/composer-auth.sh + +composer update + +## check for changes +echo "Checking for changes..." +zip -r -f --quiet vendor vendor +sha1sum -c -s vendor.sha1 + +## $? = 0 if ok, 1 if not +# remove vendor-assets +if [ $? == "1" ]; then + rm -rf ./vendor-assets + sha1sum vendor.zip > vendor.sha1 +fi + +echo "Done." + diff --git a/composer.json b/composer.json index 9a6bd40eb..3d07cb363 100644 --- a/composer.json +++ b/composer.json @@ -22,6 +22,10 @@ "type": "composer", "url": "https://composer.wp.dsd.io" }, + { + "type": "composer", + "url": "https://composer.deliciousbrains.com" + }, { "type": "composer", "url": "https://wp-languages.github.io" @@ -41,7 +45,7 @@ ], "require": { "php": ">=8.2", - "composer/installers": "^1.0 || ^2.0", + "composer/installers": "2.* || 1.*", "vlucas/phpdotenv": "^5.5", "oscarotero/env": "^2.1", "roots/bedrock-autoloader": "^1.0", @@ -65,13 +69,13 @@ "ministryofjustice/wp-moj-elasticsearch": "^2.3.0", "wpackagist-plugin/elasticpress": "^5.0.0", "php-http/guzzle7-adapter": "^1.0", - "alphagov/notifications-php-client": "^5.0", + "alphagov/notifications-php-client": "^6.0", "aws/aws-sdk-php": "^3.133", "wpackagist-plugin/query-monitor": "^3.15", "wpackagist-plugin/debug-bar": "^1.1", "wpackagist-plugin/debug-bar-elasticpress": "^3.1", - "wpackagist-plugin/wp-migrate-db": "2.6.10", - "wpackagist-plugin/amazon-s3-and-cloudfront": "^3.2", + "deliciousbrains-plugin/wp-offload-media": "^3.2", + "deliciousbrains-plugin/wp-offload-media-assets-pull": "^1.1", "stayallive/wp-sentry": "^7.11", "ext-posix": "*", "ext-mysqli": "*", diff --git a/composer.lock b/composer.lock index 27d77bf1d..6944eb64b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,30 +4,30 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d08066b7cb591092462dcf090d0e47ae", + "content-hash": "6bd7d8c14bbf98d807ff1a392fec2251", "packages": [ { "name": "acf/advanced-custom-fields-pro", - "version": "6.1.6", + "version": "6.2.9", "dist": { "type": "zip", - "url": "https://composer.wp.dsd.io/dist/acf/advanced-custom-fields-pro/acf-advanced-custom-fields-pro-6.1.6.zip", - "shasum": "113871a5221f02295cbc89b3d233237ff4a334fe" + "url": "https://composer.wp.dsd.io/dist/acf/advanced-custom-fields-pro/acf-advanced-custom-fields-pro-6.2.9.zip", + "shasum": "0bff7e6576ca319573e8671d507650f263f9a35f" }, "type": "wordpress-plugin" }, { "name": "alphagov/notifications-php-client", - "version": "5.0.0", + "version": "6.0.0", "source": { "type": "git", "url": "https://github.com/alphagov/notifications-php-client.git", - "reference": "3dbe415415b52c07a986559aae5152481df90213" + "reference": "ffa3cefd063ec951c55ea612ebb11c32454a54dd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/alphagov/notifications-php-client/zipball/3dbe415415b52c07a986559aae5152481df90213", - "reference": "3dbe415415b52c07a986559aae5152481df90213", + "url": "https://api.github.com/repos/alphagov/notifications-php-client/zipball/ffa3cefd063ec951c55ea612ebb11c32454a54dd", + "reference": "ffa3cefd063ec951c55ea612ebb11c32454a54dd", "shasum": "" }, "require": { @@ -65,9 +65,9 @@ "description": "PHP client for GOV.UK Notifications", "support": { "issues": "https://github.com/alphagov/notifications-php-client/issues", - "source": "https://github.com/alphagov/notifications-php-client/tree/5.0.0" + "source": "https://github.com/alphagov/notifications-php-client/tree/6.0.0" }, - "time": "2022-12-16T11:40:31+00:00" + "time": "2024-01-04T12:29:59+00:00" }, { "name": "aws/aws-crt-php", @@ -125,16 +125,16 @@ }, { "name": "aws/aws-sdk-php", - "version": "3.303.2", + "version": "3.305.0", "source": { "type": "git", "url": "https://github.com/aws/aws-sdk-php.git", - "reference": "c087819351de027791d830ffc7f45195488ae988" + "reference": "6992342acf7dd4501163c6cddabe76c74f2020ad" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/c087819351de027791d830ffc7f45195488ae988", - "reference": "c087819351de027791d830ffc7f45195488ae988", + "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/6992342acf7dd4501163c6cddabe76c74f2020ad", + "reference": "6992342acf7dd4501163c6cddabe76c74f2020ad", "shasum": "" }, "require": { @@ -214,9 +214,9 @@ "support": { "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80", "issues": "https://github.com/aws/aws-sdk-php/issues", - "source": "https://github.com/aws/aws-sdk-php/tree/3.303.2" + "source": "https://github.com/aws/aws-sdk-php/tree/3.305.0" }, - "time": "2024-04-03T18:08:21+00:00" + "time": "2024-04-22T18:07:07+00:00" }, { "name": "composer/installers", @@ -442,6 +442,36 @@ ], "time": "2022-01-17T14:14:24+00:00" }, + { + "name": "deliciousbrains-plugin/wp-offload-media", + "version": "3.2.7", + "dist": { + "type": "zip", + "url": "https://composer.deliciousbrains.com/?wc-api=delicious-brains&request=composer_download&package=wp-offload-media&version=3.2.7" + }, + "require": { + "composer/installers": "~1.0 || ~2.0" + }, + "type": "wordpress-plugin", + "extra": { + "installer-name": "amazon-s3-and-cloudfront-pro" + } + }, + { + "name": "deliciousbrains-plugin/wp-offload-media-assets-pull", + "version": "1.1.2", + "dist": { + "type": "zip", + "url": "https://composer.deliciousbrains.com/?wc-api=delicious-brains&request=composer_download&package=wp-offload-media-assets-pull&version=1.1.2" + }, + "require": { + "composer/installers": "~1.0 || ~2.0" + }, + "type": "wordpress-plugin", + "extra": { + "installer-name": "amazon-s3-and-cloudfront-assets-pull" + } + }, { "name": "firebase/php-jwt", "version": "v6.10.0", @@ -949,10 +979,10 @@ }, { "name": "koodimonni-language/core-en_gb", - "version": "6.5", + "version": "6.5.2", "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/translation/core/6.5/en_GB.zip" + "url": "https://downloads.wordpress.org/translation/core/6.5.2/en_GB.zip" }, "require": { "koodimonni/composer-dropin-installer": ">=0.2.3" @@ -2126,7 +2156,7 @@ }, { "name": "roots/wordpress", - "version": "6.5", + "version": "6.5.2", "source": { "type": "git", "url": "https://github.com/roots/wordpress.git", @@ -2157,7 +2187,7 @@ ], "support": { "issues": "https://github.com/roots/wordpress/issues", - "source": "https://github.com/roots/wordpress/tree/6.5" + "source": "https://github.com/roots/wordpress/tree/6.5.2" }, "funding": [ { @@ -2240,22 +2270,22 @@ }, { "name": "roots/wordpress-no-content", - "version": "6.5", + "version": "6.5.2", "source": { "type": "git", "url": "https://github.com/WordPress/WordPress.git", - "reference": "6.5" + "reference": "6.5.2" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/release/wordpress-6.5-no-content.zip", - "shasum": "bc1bb88bbdedbea276cd09c13054765c532701db" + "url": "https://downloads.wordpress.org/release/wordpress-6.5.2-no-content.zip", + "shasum": "09a5fbf3d93546bc54e96ca27888b29bba906492" }, "require": { "php": ">= 7.0.0" }, "provide": { - "wordpress/core-implementation": "6.5" + "wordpress/core-implementation": "6.5.2" }, "suggest": { "ext-curl": "Performs remote request operations.", @@ -2306,7 +2336,7 @@ "type": "other" } ], - "time": "2024-04-02T18:15:04+00:00" + "time": "2024-04-09T22:02:16+00:00" }, { "name": "roots/wp-config", @@ -2435,16 +2465,16 @@ }, { "name": "sentry/sentry", - "version": "4.6.1", + "version": "4.7.0", "source": { "type": "git", "url": "https://github.com/getsentry/sentry-php.git", - "reference": "5a94184175e5830b589bf923da8c9c3af2c0f409" + "reference": "d6769b2a5e6bf19ed3bbfbf52328ceaf8e6fcb1f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/getsentry/sentry-php/zipball/5a94184175e5830b589bf923da8c9c3af2c0f409", - "reference": "5a94184175e5830b589bf923da8c9c3af2c0f409", + "url": "https://api.github.com/repos/getsentry/sentry-php/zipball/d6769b2a5e6bf19ed3bbfbf52328ceaf8e6fcb1f", + "reference": "d6769b2a5e6bf19ed3bbfbf52328ceaf8e6fcb1f", "shasum": "" }, "require": { @@ -2508,7 +2538,7 @@ ], "support": { "issues": "https://github.com/getsentry/sentry-php/issues", - "source": "https://github.com/getsentry/sentry-php/tree/4.6.1" + "source": "https://github.com/getsentry/sentry-php/tree/4.7.0" }, "funding": [ { @@ -2520,20 +2550,20 @@ "type": "custom" } ], - "time": "2024-03-08T08:18:09+00:00" + "time": "2024-04-10T13:22:13+00:00" }, { "name": "stayallive/wp-sentry", - "version": "v7.11.0", + "version": "v7.12.0", "source": { "type": "git", "url": "https://github.com/stayallive/wp-sentry.git", - "reference": "9af54dbc272a4e915e8824cd431f1df585724bfc" + "reference": "d4716b108b6202abcdeb36e74900a570481b813a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/stayallive/wp-sentry/zipball/9af54dbc272a4e915e8824cd431f1df585724bfc", - "reference": "9af54dbc272a4e915e8824cd431f1df585724bfc", + "url": "https://api.github.com/repos/stayallive/wp-sentry/zipball/d4716b108b6202abcdeb36e74900a570481b813a", + "reference": "d4716b108b6202abcdeb36e74900a570481b813a", "shasum": "" }, "require": { @@ -2572,7 +2602,7 @@ "docs": "https://github.com/stayallive/wp-sentry#readme", "forum": "https://github.com/stayallive/wp-sentry/discussions", "issues": "https://github.com/stayallive/wp-sentry/issues", - "source": "https://github.com/stayallive/wp-sentry/tree/v7.11.0" + "source": "https://github.com/stayallive/wp-sentry/tree/v7.12.0" }, "funding": [ { @@ -2580,7 +2610,7 @@ "type": "github" } ], - "time": "2024-03-27T16:13:20+00:00" + "time": "2024-04-10T18:12:36+00:00" }, { "name": "symfony/deprecation-contracts", @@ -3039,24 +3069,6 @@ ], "time": "2023-11-12T22:43:29+00:00" }, - { - "name": "wpackagist-plugin/amazon-s3-and-cloudfront", - "version": "3.2.7", - "source": { - "type": "svn", - "url": "https://plugins.svn.wordpress.org/amazon-s3-and-cloudfront/", - "reference": "tags/3.2.7" - }, - "dist": { - "type": "zip", - "url": "https://downloads.wordpress.org/plugin/amazon-s3-and-cloudfront.3.2.7.zip" - }, - "require": { - "composer/installers": "^1.0 || ^2.0" - }, - "type": "wordpress-plugin", - "homepage": "https://wordpress.org/plugins/amazon-s3-and-cloudfront/" - }, { "name": "wpackagist-plugin/classic-editor", "version": "1.6.3", @@ -3095,15 +3107,15 @@ }, { "name": "wpackagist-plugin/co-authors-plus", - "version": "3.5.15", + "version": "3.6.0", "source": { "type": "svn", "url": "https://plugins.svn.wordpress.org/co-authors-plus/", - "reference": "tags/3.5.15" + "reference": "tags/3.6.0" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/co-authors-plus.3.5.15.zip" + "url": "https://downloads.wordpress.org/plugin/co-authors-plus.3.6.0.zip" }, "require": { "composer/installers": "^1.0 || ^2.0" @@ -3185,15 +3197,15 @@ }, { "name": "wpackagist-plugin/query-monitor", - "version": "3.15.0", + "version": "3.16.2", "source": { "type": "svn", "url": "https://plugins.svn.wordpress.org/query-monitor/", - "reference": "tags/3.15.0" + "reference": "tags/3.16.2" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/query-monitor.3.15.0.zip" + "url": "https://downloads.wordpress.org/plugin/query-monitor.3.16.2.zip" }, "require": { "composer/installers": "^1.0 || ^2.0" @@ -3221,15 +3233,15 @@ }, { "name": "wpackagist-plugin/totalpoll-lite", - "version": "4.10.2", + "version": "4.10.3", "source": { "type": "svn", "url": "https://plugins.svn.wordpress.org/totalpoll-lite/", - "reference": "tags/4.10.2" + "reference": "tags/4.10.3" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/totalpoll-lite.4.10.2.zip" + "url": "https://downloads.wordpress.org/plugin/totalpoll-lite.4.10.3.zip" }, "require": { "composer/installers": "^1.0 || ^2.0" @@ -3254,24 +3266,6 @@ }, "type": "wordpress-plugin", "homepage": "https://wordpress.org/plugins/wp-document-revisions/" - }, - { - "name": "wpackagist-plugin/wp-migrate-db", - "version": "2.6.10", - "source": { - "type": "svn", - "url": "https://plugins.svn.wordpress.org/wp-migrate-db/", - "reference": "tags/2.6.10" - }, - "dist": { - "type": "zip", - "url": "https://downloads.wordpress.org/plugin/wp-migrate-db.2.6.10.zip" - }, - "require": { - "composer/installers": "^1.0 || ^2.0" - }, - "type": "wordpress-plugin", - "homepage": "https://wordpress.org/plugins/wp-migrate-db/" } ], "packages-dev": [ diff --git a/config/wp-offload-media.php b/config/wp-offload-media.php index 655c2d32b..8db44ffb7 100644 --- a/config/wp-offload-media.php +++ b/config/wp-offload-media.php @@ -45,7 +45,7 @@ // Private Prefix for signed URLs (aws only, relative directory, no wildcards) // 'signed-urls-object-prefix' => 'private/', // Serve files over HTTPS - 'force-https' => !!env('AWS_CLOUDFRONT_HOST'), + 'force-https' => (str_contains(env('WP_HOME'), 'justice.gov.uk')), // Remove the local file version once offloaded to bucket 'remove-local-file' => true, // Access Control List for the bucket diff --git a/deploy/config/local/nginx/php-fpm.conf b/deploy/config/local/nginx/php-fpm.conf index c3c455bf7..65ec05e93 100644 --- a/deploy/config/local/nginx/php-fpm.conf +++ b/deploy/config/local/nginx/php-fpm.conf @@ -2,7 +2,7 @@ include fastcgi.conf; fastcgi_index index.php; # server_name.conf is generated at runtime via a script in /etc/my_init.d/ -include server_name.conf; +#include server_name.conf; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; diff --git a/docker-compose.yml b/docker-compose.yml index ded3fddc4..77ee1023c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.8" - volumes: node_modules: dist: @@ -154,6 +152,7 @@ services: retries: 2 minio-init: + container_name: intranet-minio-init image: minio/mc depends_on: - minio @@ -166,6 +165,7 @@ services: " cdn: + container_name: intranet-cdn image: node:20 working_dir: /node entrypoint: make @@ -191,6 +191,6 @@ services: context: . target: build-cron environment: - NGINX_HOST: ${NGINX_HOST} + NGINX_HOST: ${NGINX_SERVICE_PORT} depends_on: - nginx