diff --git a/.github/workflows/github_build_release.yml b/.github/workflows/github_build_release.yml new file mode 100644 index 00000000..e3dd56b7 --- /dev/null +++ b/.github/workflows/github_build_release.yml @@ -0,0 +1,45 @@ +on: + push: + tags: + - '*.*.*' + +name: Create Github Release + +permissions: + contents: write + +jobs: + create-release: + runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 + APP_ENV: prod + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Composer install + run: | + docker network create frontend + docker compose run --rm phpfpm composer install --no-dev -o --classmap-authoritative + docker compose run --rm phpfpm composer clear-cache + rm -rf infrastructure + + - name: Make assets dir + run: | + mkdir -p ../assets + + - name: Create archive + run: | + tar \ + -zcf ../assets/${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz ./* + + - name: Create checksum + run: sha256sum ../assets/${{ github.event.repository.name }}-${{ github.ref_name }}.tar.gz > ../assets/checksum.txt + + - name: Create a release in GitHub and uploads assets + run: | + gh release create ${{ github.ref_name }} --verify-tag --generate-notes ../assets/*.* + env: + GITHUB_TOKEN: ${{ github.TOKEN }} + shell: bash diff --git a/.github/workflows/docker_build_develop.yml b/.github/workflows/itkdev_docker_build_develop.yml similarity index 77% rename from .github/workflows/docker_build_develop.yml rename to .github/workflows/itkdev_docker_build_develop.yml index 612d81b8..6bdd7f3f 100644 --- a/.github/workflows/docker_build_develop.yml +++ b/.github/workflows/itkdev_docker_build_develop.yml @@ -3,13 +3,16 @@ on: push: branches: - 'develop' -name: Build docker image (develop) + +# This Action builds to itkdev/* using ./infrastructure/itkdev/* +name: ITK Dev - Build docker image (develop) jobs: docker: runs-on: ubuntu-latest env: APP_VERSION: develop + COMPOSER_ALLOW_SUPERUSER: 1 steps: - name: Checkout uses: actions/checkout@v3 @@ -30,8 +33,8 @@ jobs: - name: Build and push (API) uses: docker/build-push-action@v4 with: - context: ./infrastructure/display-api-service/ - file: ./infrastructure/display-api-service/Dockerfile + context: ./infrastructure/itkdev/display-api-service/ + file: ./infrastructure/itkdev/display-api-service/Dockerfile build-args: | VERSION=${{ env.APP_VERSION }} push: true @@ -48,8 +51,8 @@ jobs: - name: Build and push (Nginx) uses: docker/build-push-action@v4 with: - context: ./infrastructure/nginx/ - file: ./infrastructure/nginx/Dockerfile + context: ./infrastructure/itkdev/nginx/ + file: ./infrastructure/itkdev/nginx/Dockerfile build-args: | APP_VERSION=${{ env.APP_VERSION }} push: true diff --git a/.github/workflows/docker_build_tag.yml b/.github/workflows/itkdev_docker_build_tag.yml similarity index 78% rename from .github/workflows/docker_build_tag.yml rename to .github/workflows/itkdev_docker_build_tag.yml index cf4f3d13..96dcf9cb 100644 --- a/.github/workflows/docker_build_tag.yml +++ b/.github/workflows/itkdev_docker_build_tag.yml @@ -3,11 +3,15 @@ on: push: tags: - '*' -name: Build docker image (tag) + +# This Action builds to itkdev/* using ./infrastructure/itkdev/* +name: ITK Dev - Build docker image (tag) jobs: docker: runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 steps: - name: Checkout uses: actions/checkout@v3 @@ -28,8 +32,8 @@ jobs: - name: Build and push (API) uses: docker/build-push-action@v4 with: - context: ./infrastructure/display-api-service/ - file: ./infrastructure/display-api-service/Dockerfile + context: ./infrastructure/itkdev/display-api-service/ + file: ./infrastructure/itkdev/display-api-service/Dockerfile build-args: | APP_VERSION=${{ github.ref }} push: true @@ -50,8 +54,8 @@ jobs: - name: Build and push (Nginx) uses: docker/build-push-action@v4 with: - context: ./infrastructure/nginx/ - file: ./infrastructure/nginx/Dockerfile + context: ./infrastructure/itkdev/nginx/ + file: ./infrastructure/itkdev/nginx/Dockerfile build-args: | APP_VERSION=${{ steps.get_tag.outputs.git_tag }} push: true diff --git a/.github/workflows/os2display_docker_build_develop.yml b/.github/workflows/os2display_docker_build_develop.yml new file mode 100644 index 00000000..ec238678 --- /dev/null +++ b/.github/workflows/os2display_docker_build_develop.yml @@ -0,0 +1,60 @@ +--- +on: + push: + branches: + - 'develop' + +# This Action builds to os2display/* using ./infrastructure/os2display/* +name: OS2display - Build docker image (develop) + +jobs: + docker: + runs-on: ubuntu-latest + env: + APP_VERSION: develop + COMPOSER_ALLOW_SUPERUSER: 1 + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Build api + - name: Docker meta (API) + id: meta-api + uses: docker/metadata-action@v4 + with: + images: os2display/display-api-service + + - name: Build and push (API) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/os2display/display-api-service/ + file: ./infrastructure/os2display/display-api-service/Dockerfile + build-args: | + VERSION=${{ env.APP_VERSION }} + push: true + tags: ${{ steps.meta-api.outputs.tags }} + labels: ${{ steps.meta-api.outputs.labels }} + + # Build nginx (depends on api build) + - name: Docker meta (Nginx) + id: meta-nginx + uses: docker/metadata-action@v4 + with: + images: os2display/display-api-service-nginx + + - name: Build and push (Nginx) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/os2display/nginx/ + file: ./infrastructure/os2display/nginx/Dockerfile + build-args: | + APP_VERSION=${{ env.APP_VERSION }} + push: true + tags: ${{ steps.meta-nginx.outputs.tags }} + labels: ${{ steps.meta-nginx.outputs.labels }} diff --git a/.github/workflows/os2display_docker_build_tag.yml b/.github/workflows/os2display_docker_build_tag.yml new file mode 100644 index 00000000..22bd2179 --- /dev/null +++ b/.github/workflows/os2display_docker_build_tag.yml @@ -0,0 +1,63 @@ +--- +on: + push: + tags: + - '*' + +# This Action builds to os2display/* using ./infrastructure/os2display/* +name: OS2display - Build docker image (tag) + +jobs: + docker: + runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Build api + - name: Docker meta (API) + id: meta-api + uses: docker/metadata-action@v4 + with: + images: os2display/display-api-service + + - name: Build and push (API) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/os2display/display-api-service/ + file: ./infrastructure/os2display/display-api-service/Dockerfile + build-args: | + APP_VERSION=${{ github.ref }} + push: true + tags: ${{ steps.meta-api.outputs.tags }} + labels: ${{ steps.meta-api.outputs.labels }} + + # Build nginx (depends on api build) + - name: Docker meta (Nginx) + id: meta-nginx + uses: docker/metadata-action@v4 + with: + images: os2display/display-api-service-nginx + + - name: Get the tag + id: get_tag + run: echo ::set-output name=git_tag::$(echo $GITHUB_REF_NAME) + + - name: Build and push (Nginx) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/os2display/nginx/ + file: ./infrastructure/os2display/nginx/Dockerfile + build-args: | + APP_VERSION=${{ steps.get_tag.outputs.git_tag }} + push: true + tags: ${{ steps.meta-nginx.outputs.tags }} + labels: ${{ steps.meta-nginx.outputs.labels }} diff --git a/.github/workflows/php_upgrade.yaml b/.github/workflows/php_upgrade.yaml index f6f67055..a4f99ff9 100644 --- a/.github/workflows/php_upgrade.yaml +++ b/.github/workflows/php_upgrade.yaml @@ -1,8 +1,10 @@ on: pull_request -name: Upgrade +name: PHP Upgrade Check jobs: test-composer-install: runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 strategy: fail-fast: false matrix: @@ -91,7 +93,7 @@ jobs: runs-on: ubuntu-latest services: mariadb: - image: mariadb:latest + image: mariadb:lts ports: - 3306 env: diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 07028a75..bd907ce2 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,8 +1,10 @@ on: pull_request -name: Review +name: Pull Request Review jobs: test-composer-install: runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 strategy: fail-fast: false matrix: @@ -141,7 +143,7 @@ jobs: runs-on: ubuntu-latest services: mariadb: - image: mariadb:latest + image: mariadb:lts ports: - 3306 env: diff --git a/CHANGELOG.md b/CHANGELOG.md index 109eb3e3..b9d49ad3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file. ## [Unreleased] - Update docker build to publish to "os2display" org on docker hub. Update github workflow to latest actions. +- Set up separate image builds for itkdev and os2display - Updated `EventDatabaseApiFeedType` query ensuring started but not finished events are found. - Refactored all feed related classes and services diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml deleted file mode 100644 index 0e734f29..00000000 --- a/docker-compose.dev.yml +++ /dev/null @@ -1,28 +0,0 @@ -# itk-version: 3.0.0 -version: "3" - -services: - phpfpm: - environment: - - PHP_SENDMAIL_PATH='/usr/local/bin/mhsendmail --smtp-addr="mailhog:1025"' - - nginx: - labels: - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=ITKBasicAuth@file" - - mailhog: - image: itkdev/mailhog - networks: - - app - - frontend - labels: - - "traefik.enable=true" - - "traefik.docker.network=frontend" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.entrypoints=web" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.entrypoints=websecure" - - "traefik.http.services.mailhog_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file" diff --git a/docker-compose.redirect.yml b/docker-compose.redirect.yml deleted file mode 100644 index 9c1d2af1..00000000 --- a/docker-compose.redirect.yml +++ /dev/null @@ -1,17 +0,0 @@ -# itk-version: 3.0.0 -version: "3" - -services: - nginx: - labels: - # Add www before domain and set redirect to non-www - - "traefik.http.routers.www_${COMPOSE_PROJECT_NAME}-http.rule=Host(`www.${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.www_${COMPOSE_PROJECT_NAME}-http.entrypoints=web" - - "traefik.http.routers.www_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https,non_www" - - "traefik.http.routers.www_${COMPOSE_PROJECT_NAME}.rule=Host(`www.${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.www_${COMPOSE_PROJECT_NAME}.entrypoints=websecure" - - "traefik.http.routers.www_${COMPOSE_PROJECT_NAME}.middlewares=non_www" - - - traefik.http.middlewares.non_www.redirectregex.regex=^(http|https)?://(?:www\.)?(.+) - - traefik.http.middlewares.non_www.redirectregex.replacement=https://$${2} - - traefik.http.middlewares.non_www.redirectregex.permanent=true diff --git a/docker-compose.server.yml b/docker-compose.server.yml deleted file mode 100644 index 47797eb6..00000000 --- a/docker-compose.server.yml +++ /dev/null @@ -1,48 +0,0 @@ -# itk-version: 3.0.0 -version: "3" - -networks: - frontend: - external: true - app: - driver: bridge - internal: false - -services: - phpfpm: - image: itkdev/php8.1-fpm:alpine - restart: unless-stopped - networks: - - app - extra_hosts: - - "host.docker.internal:host-gateway" - environment: - - PHP_MAX_EXECUTION_TIME=30 - - PHP_MEMORY_LIMIT=128M - - COMPOSER_VERSION=2 - volumes: - - .:/app - - nginx: - image: nginxinc/nginx-unprivileged:alpine - restart: unless-stopped - networks: - - app - - frontend - depends_on: - - phpfpm - ports: - - '8080' - volumes: - - ./.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro - - ./.docker/nginx.conf:/etc/nginx/nginx.conf:ro - - ./:/app:rw - labels: - - "traefik.enable=true" - - "traefik.docker.network=frontend" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.rule=Host(`${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.entrypoints=web" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure" diff --git a/infrastructure/itkdev/Readme.md b/infrastructure/itkdev/Readme.md new file mode 100644 index 00000000..f5566795 --- /dev/null +++ b/infrastructure/itkdev/Readme.md @@ -0,0 +1,3 @@ +# ITK-development image build + +This folder contains the infrastructure files for building the `itkdev/*` images \ No newline at end of file diff --git a/infrastructure/display-api-service/Dockerfile b/infrastructure/itkdev/display-api-service/Dockerfile similarity index 98% rename from infrastructure/display-api-service/Dockerfile rename to infrastructure/itkdev/display-api-service/Dockerfile index f8ec6fe8..7726eb57 100644 --- a/infrastructure/display-api-service/Dockerfile +++ b/infrastructure/itkdev/display-api-service/Dockerfile @@ -44,14 +44,14 @@ RUN mkdir -p ${APP_PATH}/config/secrets \ COPY --from=hipages/php-fpm_exporter:1.1.1 /php-fpm_exporter /usr/local/bin/php-fpm_exporter # Copy configuration. -COPY etc/ /etc/ +COPY etc /etc/ # Install configuration template handler ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd RUN chmod +x /usr/local/bin/confd # Copy confd onfiguration. -COPY etc/ /etc/ +COPY etc /etc/ COPY docker-entrypoint.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/docker-entrypoint.sh diff --git a/infrastructure/display-api-service/docker-entrypoint.sh b/infrastructure/itkdev/display-api-service/docker-entrypoint.sh similarity index 100% rename from infrastructure/display-api-service/docker-entrypoint.sh rename to infrastructure/itkdev/display-api-service/docker-entrypoint.sh diff --git a/infrastructure/display-api-service/etc/confd/conf.d/env.local.toml b/infrastructure/itkdev/display-api-service/etc/confd/conf.d/env.local.toml similarity index 98% rename from infrastructure/display-api-service/etc/confd/conf.d/env.local.toml rename to infrastructure/itkdev/display-api-service/etc/confd/conf.d/env.local.toml index 1b8fded5..d614cc69 100644 --- a/infrastructure/display-api-service/etc/confd/conf.d/env.local.toml +++ b/infrastructure/itkdev/display-api-service/etc/confd/conf.d/env.local.toml @@ -5,4 +5,4 @@ owner = "deploy" mode = "0644" keys = [ "/app-config" -] \ No newline at end of file +] diff --git a/infrastructure/display-api-service/etc/confd/templates/env.local.tmpl b/infrastructure/itkdev/display-api-service/etc/confd/templates/env.local.tmpl similarity index 100% rename from infrastructure/display-api-service/etc/confd/templates/env.local.tmpl rename to infrastructure/itkdev/display-api-service/etc/confd/templates/env.local.tmpl diff --git a/infrastructure/nginx/Dockerfile b/infrastructure/itkdev/nginx/Dockerfile similarity index 100% rename from infrastructure/nginx/Dockerfile rename to infrastructure/itkdev/nginx/Dockerfile diff --git a/infrastructure/nginx/docker-entrypoint.sh b/infrastructure/itkdev/nginx/docker-entrypoint.sh similarity index 100% rename from infrastructure/nginx/docker-entrypoint.sh rename to infrastructure/itkdev/nginx/docker-entrypoint.sh diff --git a/infrastructure/nginx/etc/confd/conf.d/default.conf.toml b/infrastructure/itkdev/nginx/etc/confd/conf.d/default.conf.toml similarity index 98% rename from infrastructure/nginx/etc/confd/conf.d/default.conf.toml rename to infrastructure/itkdev/nginx/etc/confd/conf.d/default.conf.toml index 68f7ecaa..185954f0 100644 --- a/infrastructure/nginx/etc/confd/conf.d/default.conf.toml +++ b/infrastructure/itkdev/nginx/etc/confd/conf.d/default.conf.toml @@ -4,4 +4,4 @@ dest = "/etc/nginx/conf.d/default.conf" mode = "0644" keys = [ "/nginx-config" -] \ No newline at end of file +] diff --git a/infrastructure/nginx/etc/confd/conf.d/nginx.conf.toml b/infrastructure/itkdev/nginx/etc/confd/conf.d/nginx.conf.toml similarity index 98% rename from infrastructure/nginx/etc/confd/conf.d/nginx.conf.toml rename to infrastructure/itkdev/nginx/etc/confd/conf.d/nginx.conf.toml index 9838edc0..7c81a661 100644 --- a/infrastructure/nginx/etc/confd/conf.d/nginx.conf.toml +++ b/infrastructure/itkdev/nginx/etc/confd/conf.d/nginx.conf.toml @@ -4,4 +4,4 @@ dest = "/etc/nginx/nginx.conf" mode = "0644" keys = [ "/nginx-config" -] \ No newline at end of file +] diff --git a/infrastructure/nginx/etc/confd/templates/default.conf.tmpl b/infrastructure/itkdev/nginx/etc/confd/templates/default.conf.tmpl similarity index 100% rename from infrastructure/nginx/etc/confd/templates/default.conf.tmpl rename to infrastructure/itkdev/nginx/etc/confd/templates/default.conf.tmpl diff --git a/infrastructure/nginx/etc/confd/templates/nginx.conf.tmpl b/infrastructure/itkdev/nginx/etc/confd/templates/nginx.conf.tmpl similarity index 100% rename from infrastructure/nginx/etc/confd/templates/nginx.conf.tmpl rename to infrastructure/itkdev/nginx/etc/confd/templates/nginx.conf.tmpl diff --git a/infrastructure/run.sh b/infrastructure/itkdev/run.sh old mode 100755 new mode 100644 similarity index 100% rename from infrastructure/run.sh rename to infrastructure/itkdev/run.sh diff --git a/infrastructure/os2display/Readme.md b/infrastructure/os2display/Readme.md new file mode 100644 index 00000000..f7a40e5d --- /dev/null +++ b/infrastructure/os2display/Readme.md @@ -0,0 +1,3 @@ +# OS2display image build + +This folder contains the infrastructure files for building the `os2display/*` images \ No newline at end of file diff --git a/infrastructure/os2display/display-api-service/Dockerfile b/infrastructure/os2display/display-api-service/Dockerfile new file mode 100644 index 00000000..99ba3975 --- /dev/null +++ b/infrastructure/os2display/display-api-service/Dockerfile @@ -0,0 +1,154 @@ +FROM php:8.1-fpm-alpine +LABEL maintainer="ITK Dev " + +############# SETUP CONTAINER ############# + +USER root + +ARG APP_VERSION="develop" + +ENV APP_PATH=/var/www/html \ + # PHP + TZ="Europe/Copenhagen" \ + PHP_TIMEZONE="Europe/Copenhagen" \ + PHP_MAX_EXECUTION_TIME="30" \ + PHP_MEMORY_LIMIT="128M" \ + PHP_POST_MAX_SIZE="8M" \ + PHP_UPLOAD_MAX_FILESIZE="2M" \ + PHP_USER="www-data" \ + PHP_GROUP="www-data" \ + PHP_SENDMAIL_PATH='/usr/sbin/sendmail -S host.docker.internal -t -i' \ + # OpCache + PHP_OPCACHE_ENABLED="1" \ + PHP_OPCACHE_JIT="off" \ + PHP_OPCACHE_REVALIDATE_FREQ=0 \ + PHP_OPCACHE_VALIDATE_TIMESTAMPS="1" \ + PHP_OPCACHE_MAX_ACCELERATED_FILES="20000" \ + PHP_OPCACHE_MEMORY_CONSUMPTION="64" \ + PHP_OPCACHE_MAX_WASTED_PERCENTAGE="10" \ + # APCU + PHP_APCU_ENABLED=0 \ + PHP_APCU_ENABLED_CLI=0 \ + PHP_APCU_MEMORY_SIZE="16M" \ + PHP_APCU_SEGMENTS=1 \ + PHP_APCU_PRELOAD_PATH='' \ + # FPM pool + PHP_PM_TYPE="static" \ + PHP_PM_MAX_CHILDREN="8" \ + PHP_PM_MAX_REQUESTS="0" \ + PHP_PM_START_SERVERS="5" \ + PHP_PM_MIN_SPARE_SERVERS="5" \ + PHP_PM_MAX_SPARE_SERVERS="8" \ + # Other + PHP_REQUEST_SLOWLOG_TIMEOUT="0" \ + PHP_SLOWLOG="/dev/stderr" \ + COMPOSER_ALLOW_SUPERUSER=1 + +RUN apk upgrade --no-cache --ignore curl +RUN apk --update add --no-cache \ + libxslt-dev \ + libzip-dev \ + libpng-dev \ + gettext-dev \ + git \ + unzip \ + icu-dev \ + icu-data-full \ + openldap-dev \ + libmcrypt-dev \ + mysql-client \ + libmemcached-libs \ + zlib \ + patch \ + tzdata \ + freetype-dev \ + libjpeg-turbo-dev \ + libjpeg-turbo \ + libwebp-dev \ + && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ + && docker-php-ext-install -j$(nproc) \ + bcmath \ + calendar \ + gd \ + gettext \ + intl \ + ldap \ + mysqli \ + opcache \ + pdo_mysql \ + sysvsem \ + soap \ + xsl \ + zip + +# Extension that are not available via ext- +RUN apk --update add --no-cache --virtual .build-deps autoconf g++ make zlib-dev libmemcached-dev cyrus-sasl-dev \ + && pecl channel-update pecl.php.net \ + && pecl install redis memcached apcu \ + && docker-php-ext-enable apcu redis memcached \ + && apk del .build-deps + +# Install AMQP support +RUN apk --update add --no-cache rabbitmq-c +RUN apk --update add --no-cache --virtual .build-deps autoconf g++ make rabbitmq-c-dev \ + && pecl install amqp \ + && docker-php-ext-enable amqp memcached \ + && apk del .build-deps + +# Install composer +COPY --from=composer:2 /usr/bin/composer /usr/local/bin/composer + +# Use default PHP production configuration. +RUN mv ${PHP_INI_DIR}/php.ini-production ${PHP_INI_DIR}/php.ini + +# # Copy custom PHP configuration. +COPY php/opcache.ini ${PHP_INI_DIR}/conf.d/docker-php-ext-opcache.ini +COPY php/php.ini ${PHP_INI_DIR}/conf.d/zz-php.ini +COPY php/apcu.ini ${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini + +# Custom FPM configuration. +COPY php/fpm.ini ${PHP_INI_DIR}/../php-fpm.d/zz-fpm-docker.conf + +# Add mhsendmail for mailhog +ADD https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendmail_linux_amd64 /usr/local/bin/mhsendmail +RUN chmod +x /usr/local/bin/mhsendmail + +# Added FPM health check script (https://github.com/renatomefi/php-fpm-healthcheck) +ADD https://raw.githubusercontent.com/renatomefi/php-fpm-healthcheck/master/php-fpm-healthcheck /usr/local/bin/php-fpm-healthcheck +RUN chmod +x /usr/local/bin/php-fpm-healthcheck + +# Add git global config +COPY gitconfig /root/.gitconfig + +############# SETUP APPLICATION ############# + +# Move site into the container. +ADD https://github.com/os2display/display-api-service/archive/${APP_VERSION}.tar.gz /tmp/app.tar +RUN tar -zxf /tmp/app.tar --strip-components=1 -C ${APP_PATH} \ + && rm /tmp/app.tar + +## Install assets, which requires a HACK as redis is not available (should be removed later on). +RUN APP_ENV=prod composer install --no-dev -o --classmap-authoritative \ + && rm -rf infrastructure \ + && APP_ENV=prod composer clear-cache + +# Install the application. +RUN mkdir -p ${APP_PATH}/config/secrets \ + && chown -R www-data:www-data ${APP_PATH} + +# Copy configuration. +COPY etc /etc/ + +# Install configuration template handler +ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd +RUN chmod +x /usr/local/bin/confd + +# Copy confd onfiguration. +COPY etc /etc/ + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/docker-entrypoint.sh + +WORKDIR ${APP_PATH} + +CMD [ "docker-entrypoint.sh" ] diff --git a/infrastructure/os2display/display-api-service/docker-entrypoint.sh b/infrastructure/os2display/display-api-service/docker-entrypoint.sh new file mode 100644 index 00000000..0ed90848 --- /dev/null +++ b/infrastructure/os2display/display-api-service/docker-entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +set -eux + +## Run templates with configuration. +/usr/local/bin/confd --onetime --backend env --confdir /etc/confd + +## Bump env.local into PHP for better performance. +composer dump-env prod + +## Warm-up Symfony cache (with the current configuration). +/var/www/html/bin/console --env=prod cache:warmup + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- php-fpm "$@" +fi + +## Start the PHP FPM process. +echo "Starting PHP 8.1 FPM" + +exec php-fpm "$@" diff --git a/infrastructure/os2display/display-api-service/etc/confd/conf.d/env.local.toml b/infrastructure/os2display/display-api-service/etc/confd/conf.d/env.local.toml new file mode 100644 index 00000000..e7f303a3 --- /dev/null +++ b/infrastructure/os2display/display-api-service/etc/confd/conf.d/env.local.toml @@ -0,0 +1,8 @@ +[template] +src = "env.local.tmpl" +dest = "/var/www/html/.env.local" +owner = "www-data" +mode = "0644" +keys = [ + "/app-config" +] diff --git a/infrastructure/os2display/display-api-service/etc/confd/templates/env.local.tmpl b/infrastructure/os2display/display-api-service/etc/confd/templates/env.local.tmpl new file mode 100644 index 00000000..5a24a362 --- /dev/null +++ b/infrastructure/os2display/display-api-service/etc/confd/templates/env.local.tmpl @@ -0,0 +1,44 @@ +###> symfony/framework-bundle ### +APP_ENV={{ getenv "APP_ENV" "prod" }} +APP_SECRET={{ getenv "APP_SECRET" "MySuperSecret" }} +TRUSTED_PROXIES={{ getenv "APP_TRUSTED_PROXIES" "127.0.0.1,REMOTE_ADDR" }} +###< symfony/framework-bundle ### + +###> doctrine/doctrine-bundle ### +DATABASE_URL={{ getenv "APP_DATABASE_URL" "mysql://db:db@mariadb:3306/db?serverVersion=mariadb-10.4.0" }} +###< doctrine/doctrine-bundle ### + +###> nelmio/cors-bundle ### +CORS_ALLOW_ORIGIN={{ getenv "APP_CORS_ALLOW_ORIGIN" "'^https?://localhost(:[0-9]+)?$'" }} +###< nelmio/cors-bundle ### + +###> App ### +APP_DEFAULT_DATE_FORMAT='{{ getenv "APP_DEFAULT_DATE_FORMAT" "Y-m-d\\TH:i:s\\Z" }}' +###< App ### + +###> lexik/jwt-authentication-bundle ### +JWT_PASSPHRASE={{ getenv "APP_JWT_PASSPHRASE" }} +JWT_TOKEN_TTL={{ getenv "APP_JWT_TOKEN_TTL" "3600" }} +JWT_SCREEN_TOKEN_TTL={{ getenv "APP_JWT_SCREEN_TOKEN_TTL" "3600" }} +###< lexik/jwt-authentication-bundle ### + +###> gesdinet/jwt-refresh-token-bundle ### +JWT_REFRESH_TOKEN_TTL={{ getenv "APP_JWT_REFRESH_TOKEN_TTL" "2592000" }} +JWT_SCREEN_REFRESH_TOKEN_TTL={{ getenv "APP_JWT_SCREEN_REFRESH_TOKEN_TTL" "2592000" }} +###< gesdinet/jwt-refresh-token-bundle ### + +###> itk-dev/openid-connect-bundle ### +# "admin" open id connect configuration variables (values provided by the OIDC IdP) +OIDC_METADATA_URL={{ getenv "APP_OIDC_METADATA_URL" "" }} +OIDC_CLIENT_ID={{ getenv "APP_OIDC_CLIENT_ID" "" }} +OIDC_CLIENT_SECRET={{ getenv "APP_OIDC_CLIENT_SECRET" "" }} +OIDC_REDIRECT_URI={{ getenv "APP_OIDC_REDIRECT_URI" "" }} +OIDC_LEEWAY={{ getenv "APP_OIDC_LEEWAY" "30" }} + +CLI_REDIRECT={{ getenv "APP_CLI_REDIRECT" "" }} +###< itk-dev/openid-connect-bundle ### + +###> redis ### +REDIS_CACHE_PREFIX={{ getenv "APP_CLI_REDIRECT" "DisplayApiService" }} +REDIS_CACHE_DSN={{ getenv "APP_CLI_REDIRECT" "redis://redis:6379/0" }} +###< redis ### diff --git a/infrastructure/os2display/display-api-service/gitconfig b/infrastructure/os2display/display-api-service/gitconfig new file mode 100644 index 00000000..60a3b020 --- /dev/null +++ b/infrastructure/os2display/display-api-service/gitconfig @@ -0,0 +1,9 @@ +[color] + ui = true + +[alias] + branch-name = !git for-each-ref --format='%(refname:short)' `git symbolic-ref HEAD` + lg = log --graph --pretty=format:'%Cred%h%Creset %Cgreen(%cr) -%C(yellow)%d%Creset %s %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative + +[safe] + directory = * \ No newline at end of file diff --git a/infrastructure/os2display/display-api-service/php/apcu.ini b/infrastructure/os2display/display-api-service/php/apcu.ini new file mode 100644 index 00000000..86164be8 --- /dev/null +++ b/infrastructure/os2display/display-api-service/php/apcu.ini @@ -0,0 +1,7 @@ +extension=apcu +apc.enabled=${PHP_APCU_ENABLED} +apc.shm_segments=${PHP_APCU_SEGMENTS} +apc.shm_size=${PHP_APCU_MEMORY_SIZE} + +apc.enable_cli=${PHP_APCU_ENABLED_CLI} +apc.preload_path=${PHP_APCU_PRELOAD_PATH} \ No newline at end of file diff --git a/infrastructure/os2display/display-api-service/php/fpm.ini b/infrastructure/os2display/display-api-service/php/fpm.ini new file mode 100644 index 00000000..49e0aeb4 --- /dev/null +++ b/infrastructure/os2display/display-api-service/php/fpm.ini @@ -0,0 +1,17 @@ +[www] +pm = ${PHP_PM_TYPE} +pm.max_children = ${PHP_PM_MAX_CHILDREN} +pm.start_servers = ${PHP_PM_START_SERVERS} +pm.min_spare_servers = ${PHP_PM_MIN_SPARE_SERVERS} +pm.max_spare_servers = ${PHP_PM_MAX_SPARE_SERVERS} +pm.max_requests = ${PHP_PM_MAX_REQUESTS} + +request_slowlog_timeout = ${PHP_REQUEST_SLOWLOG_TIMEOUT} +slowlog = ${PHP_SLOWLOG} + +; Enable the FPM status page +pm.status_path = /status + +user = ${PHP_USER} +group = ${PHP_GROUP} + diff --git a/infrastructure/os2display/display-api-service/php/opcache.ini b/infrastructure/os2display/display-api-service/php/opcache.ini new file mode 100644 index 00000000..8ff17863 --- /dev/null +++ b/infrastructure/os2display/display-api-service/php/opcache.ini @@ -0,0 +1,15 @@ +zend_extension=opcache.so + +[opcache] +opcache.jit=${PHP_OPCACHE_JIT} + +opcache.enable=${PHP_OPCACHE_ENABLED} +opcache.revalidate_freq=${PHP_OPCACHE_REVALIDATE_FREQ} +opcache.validate_timestamps=${PHP_OPCACHE_VALIDATE_TIMESTAMPS} +opcache.max_accelerated_files=${PHP_OPCACHE_MAX_ACCELERATED_FILES} +opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION} +opcache.max_wasted_percentage=${PHP_OPCACHE_MAX_WASTED_PERCENTAGE} +opcache.interned_strings_buffer=16 +opcache.fast_shutdown=1 + +opcache.optimization_level=0xFFFFFFEF diff --git a/infrastructure/os2display/display-api-service/php/php.ini b/infrastructure/os2display/display-api-service/php/php.ini new file mode 100644 index 00000000..2bfde2b4 --- /dev/null +++ b/infrastructure/os2display/display-api-service/php/php.ini @@ -0,0 +1,13 @@ +realpath_cache_size = 4096k +realpath_cache_ttl = 600 + +expose_php = Off +max_execution_time = ${PHP_MAX_EXECUTION_TIME} +memory_limit = ${PHP_MEMORY_LIMIT} + +post_max_size = ${PHP_POST_MAX_SIZE} +upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE} + +date.timezone = ${PHP_TIMEZONE} + +sendmail_path = ${PHP_SENDMAIL_PATH} diff --git a/infrastructure/os2display/nginx/Dockerfile b/infrastructure/os2display/nginx/Dockerfile new file mode 100644 index 00000000..bc13dcd1 --- /dev/null +++ b/infrastructure/os2display/nginx/Dockerfile @@ -0,0 +1,37 @@ +ARG APP_VERSION="develop" +FROM os2display/display-api-service:${APP_VERSION} as APPLICATION + +FROM nginxinc/nginx-unprivileged:alpine +LABEL maintainer="ITK Dev " +ARG UID=101 +ARG GID=101 + +ENV APP_PATH=/var/www/html + +USER root + +RUN mkdir -p ${APP_PATH}/public + +COPY --from=APPLICATION ${APP_PATH}/public ${APP_PATH}/public + +WORKDIR ${APP_PATH} + +# Copy configuration. +COPY etc /etc/ + +# Install configuration template handler +ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd +RUN chmod +x /usr/local/bin/confd + +COPY docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh \ + && chown -R $UID:0 ${APP_PATH} \ + && chmod -R g+w ${APP_PATH} + +USER $UID + +EXPOSE 8080 + +ENTRYPOINT [ "/docker-entrypoint.sh" ] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/infrastructure/os2display/nginx/docker-entrypoint.sh b/infrastructure/os2display/nginx/docker-entrypoint.sh new file mode 100644 index 00000000..978fa9f4 --- /dev/null +++ b/infrastructure/os2display/nginx/docker-entrypoint.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +set -eux + +## Run templates with configuration. +/usr/local/bin/confd --onetime --backend env --confdir /etc/confd + +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: Sourcing $f"; + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *) entrypoint_log "$0: Ignoring $f";; + esac + done + + entrypoint_log "$0: Configuration complete; ready for start up" + else + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/infrastructure/os2display/nginx/etc/confd/conf.d/default.conf.toml b/infrastructure/os2display/nginx/etc/confd/conf.d/default.conf.toml new file mode 100644 index 00000000..185954f0 --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/conf.d/default.conf.toml @@ -0,0 +1,7 @@ +[template] +src = "default.conf.tmpl" +dest = "/etc/nginx/conf.d/default.conf" +mode = "0644" +keys = [ + "/nginx-config" +] diff --git a/infrastructure/os2display/nginx/etc/confd/conf.d/nginx.conf.toml b/infrastructure/os2display/nginx/etc/confd/conf.d/nginx.conf.toml new file mode 100644 index 00000000..7c81a661 --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/conf.d/nginx.conf.toml @@ -0,0 +1,7 @@ +[template] +src = "nginx.conf.tmpl" +dest = "/etc/nginx/nginx.conf" +mode = "0644" +keys = [ + "/nginx-config" +] diff --git a/infrastructure/os2display/nginx/etc/confd/templates/default.conf.tmpl b/infrastructure/os2display/nginx/etc/confd/templates/default.conf.tmpl new file mode 100644 index 00000000..b6f32099 --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/templates/default.conf.tmpl @@ -0,0 +1,52 @@ +# @see https://symfony.com/doc/current/setup/web_server_configuration.html +server { + listen 8080; + server_name localhost; + root /var/www/html/public; + + location / { + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + location = /robots.txt { + add_header Content-Type text/plain; + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + return 200 "User-agent: *\nDisallow: /\n"; + } + + location ~ ^/index\.php(/|$) { + fastcgi_pass {{ getenv "PHP_FPM_SERVER" "phpfpm" }}:{{ getenv "PHP_FPM_SERVER_PORT" "9000" }}; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; +} + +server { + listen 8080; + server_name localhost; + root /var/www/html/public; + + error_log off; + access_log off; + + location /stub_status { + stub_status; + } +} diff --git a/infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl b/infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl new file mode 100644 index 00000000..6e77365d --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl @@ -0,0 +1,48 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /tmp/nginx.pid; + +events { + worker_connections 2048; + multi_accept on; +} + + +http { + open_file_cache max=10000 inactive=5m; + open_file_cache_valid 5m; + open_file_cache_min_uses 5; + open_file_cache_errors off; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 15 15; + types_hash_max_size 2048; + + server_tokens off; + + client_max_body_size {{ getenv "NGINX_FPM_UPLOAD_MAX" "8M" }}; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.0; + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + error_log /dev/stderr; + access_log /dev/stdout main; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/infrastructure/os2display/run.sh b/infrastructure/os2display/run.sh new file mode 100755 index 00000000..ae23d67b --- /dev/null +++ b/infrastructure/os2display/run.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eux + +APP_VERSION=develop + +docker pull nginxinc/nginx-unprivileged:alpine + +docker build --pull --no-cache --build-arg APP_VERSION=${APP_VERSION} --tag=os2display/display-api-service:${APP_VERSION} --file="display-api-service/Dockerfile" display-api-service +docker build --no-cache --build-arg VERSION=${APP_VERSION} --tag=os2display/display-api-service-nginx:${APP_VERSION} --file="nginx/Dockerfile" nginx + +# docker push os2display/display-api-service:${APP_VERSION} +# docker push os2display/display-api-service-nginx:${APP_VERSION}