From 01611944bd30818dfa0cfd3a4584bb5a82643136 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 15:58:50 +0300 Subject: [PATCH 1/9] Adding the github actions pipelines for this app --- .github/workflows/build-push-docker-image.yml | 58 +++++++++++++++++++ .github/workflows/tag-release.yml | 11 +++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build-push-docker-image.yml diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml new file mode 100644 index 00000000..97207eef --- /dev/null +++ b/.github/workflows/build-push-docker-image.yml @@ -0,0 +1,58 @@ +name: build-push-docker-image + +#on: workflow_dispatch +on: + push: + branches: feature/docker_configs + workflow_dispatch: + +jobs: + build-push-docker-image: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Get the latest release + id: release + uses: robinraju/release-downloader@v1.7 + with: + latest: true + fileName: "*.tar.bz2" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push the Production image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.prod + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ github.sha }} + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ steps.release.outputs.tag_name }} + + - name: Build and push the Development image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.dev + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-tiqr/stepup-tiqr:dev diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index a8b8d531..fdffb2ac 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -60,4 +60,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - release_id: ${{ steps.create_release.outputs.id }} \ No newline at end of file + release_id: ${{ steps.create_release.outputs.id }} + + after_build: + needs: build + runs-on: ubuntu-latest + steps: + - name: Trigger Docker container build + uses: benc-uk/workflow-dispatch@v1 + with: + workflow: build-push-docker-image.yml From 8a784de4694ac095f142a5c3bb9e95895da98c28 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 16:01:27 +0300 Subject: [PATCH 2/9] Adding the Dockerfiles for this app --- docker/Dockerfile.dev | 10 ++++++++++ docker/Dockerfile.prod | 18 ++++++++++++++++++ docker/conf/tiqr-apache2.conf | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 docker/Dockerfile.dev create mode 100644 docker/Dockerfile.prod create mode 100644 docker/conf/tiqr-apache2.conf diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev new file mode 100644 index 00000000..4cc232be --- /dev/null +++ b/docker/Dockerfile.dev @@ -0,0 +1,10 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2-node14-composer2:latest + +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf +EXPOSE 80 + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod new file mode 100644 index 00000000..fe5319f8 --- /dev/null +++ b/docker/Dockerfile.prod @@ -0,0 +1,18 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build +COPY *.tar.bz2 /tmp/ +RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ + rm -rf /tmp/*.tar.bz2 + +# Add the application configuration files +COPY .env .env +COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml + +# Add the config files for Apache2 +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf +EXPOSE 80 + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/conf/tiqr-apache2.conf b/docker/conf/tiqr-apache2.conf new file mode 100644 index 00000000..c331a8fc --- /dev/null +++ b/docker/conf/tiqr-apache2.conf @@ -0,0 +1,34 @@ + + ServerName tiqr + ServerAdmin admin@surf.nl + + DocumentRoot /var/www/html/public + + SetEnv APP_ENV prod + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + + + Require all granted + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ index.php [QSA,L] + + + Require all granted + + + Header always set X-Content-Type-Options "nosniff" + + # Set the php application handler so mod_php interpets the files + + SetHandler application/x-httpd-php + + + ExpiresActive on + ExpiresByType font/* "access plus 1 year" + ExpiresByType image/* "access plus 6 months" + ExpiresByType text/css "access plus 1 year" + ExpiresByType text/js "access plus 1 year" + From 192b22b1c1900f81e2556118160b39216e835d9d Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 16:07:43 +0300 Subject: [PATCH 3/9] We do not need this --- docker/Dockerfile.prod | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index fe5319f8..723a618f 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -4,7 +4,6 @@ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ rm -rf /tmp/*.tar.bz2 # Add the application configuration files -COPY .env .env COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml # Add the config files for Apache2 From abb3782f1495fb20fd323f30d2b22511b0fb0d6c Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Thu, 17 Aug 2023 16:59:29 +0200 Subject: [PATCH 4/9] Docker: Add default config parameters in order to work with the other apps in the docker development environment --- config/legacy/parameters.yaml.dist | 19 +++++++++---------- docker/Dockerfile.prod | 5 ++++- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index 7cee6227..3fcef45c 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -12,18 +12,17 @@ parameters: - en_GB # SAML configuration - saml_idp_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer' - saml_idp_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem' - saml_metadata_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer' - saml_metadata_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem' - saml_remote_sp_entity_id: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/metadata.php/default-sp' - saml_remote_sp_sso_url: '"https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp"' - saml_remote_sp_certificate: '%kernel.root_dir%/../vendor/surfnet/stepup-gssp-bundle/src/Resources/keys/pieter.aai.surfnet.nl.pem' - saml_remote_sp_acs: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp' + saml_idp_publickey: '/config/tiqr/tiqr_idp.crt' + saml_idp_privatekey: '/config/tiqr/tiqr_idp.key' + saml_metadata_publickey: '/config/tiqr/tiqr_idp.crt' + saml_metadata_privatekey: '/config/tiqr/tiqr_idp.key' + saml_remote_sp_entity_id: 'https://gateway.dev.openconext.local/gssp/tiqr/metadata' + saml_remote_sp_certificate: '/config/gateway/gateway_gssp_sp.crt' + saml_remote_sp_acs: 'https://gateway.dev.openconext.local/gssp/tiqr/consume-assertion' # Hosting settings (own URL) - base_url: 'https://tiqr.stepup.example.com' - tiqr_identity: 'tiqr.stepup.example.com' + base_url: 'https://tiqr.dev.openconext.local' + tiqr_identity: 'tiqr.dev.openconext.local' # View parameters, 'en' entry was added as this is the default used by Translator. Was unable to configure it to # use en_GB. TODO: look into configuring this the right way. diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 723a618f..5ba00cc8 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -1,11 +1,14 @@ FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build COPY *.tar.bz2 /tmp/ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ - rm -rf /tmp/*.tar.bz2 + rm -rf /tmp/*.tar.bz2 # Add the application configuration files COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml +# TIQR needs some assests to be installed +RUN bin/console assets:install + # Add the config files for Apache2 RUN rm -rf /etc/apache2/sites-enabled/* COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf From b8b4662eb40615a714223d61c4f88e1fde69a973 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 21 Aug 2023 16:01:33 +0200 Subject: [PATCH 5/9] Docker: Add monolog configuration when running as a container This will let the logs go to stdout when running as a container, which is the Docker way to send logs --- config/packages/prod/monolog.yaml.docker | 12 ++++++++++++ docker/Dockerfile.prod | 1 + 2 files changed, 13 insertions(+) create mode 100644 config/packages/prod/monolog.yaml.docker diff --git a/config/packages/prod/monolog.yaml.docker b/config/packages/prod/monolog.yaml.docker new file mode 100644 index 00000000..f1a1e7e9 --- /dev/null +++ b/config/packages/prod/monolog.yaml.docker @@ -0,0 +1,12 @@ +monolog: + handlers: + prod-signaler: + type: fingers_crossed + action_level: ERROR + passthru_level: NOTICE # this means that all message of level NOTICE or higher are always logged + handler: main_syslog + bubble: false # if we handle it, nothing else should + main_syslog: + type: stream + path: "php://stderr" + formatter: surfnet_stepup.monolog.json_formatter diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 5ba00cc8..76169ba4 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -5,6 +5,7 @@ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ # Add the application configuration files COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml +COPY config/packages/prod/monolog.yaml.docker config/packages/prod/monolog.yaml # TIQR needs some assests to be installed RUN bin/console assets:install From a136680d0b04f70b9b883acb623d2448d47b2f10 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 21 Aug 2023 16:15:44 +0200 Subject: [PATCH 6/9] Docker: Clean and chown the cache dir --- docker/Dockerfile.prod | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 76169ba4..3dac3f69 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -13,6 +13,7 @@ RUN bin/console assets:install # Add the config files for Apache2 RUN rm -rf /etc/apache2/sites-enabled/* COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf +RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var EXPOSE 80 # Set the default workdir From c63234ad52717baca09334492b6637d2fb900ce5 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 6 Nov 2023 21:08:58 +0100 Subject: [PATCH 7/9] Docker: Remove APP_ENV from Apache. It is not overrideable when set by Apache --- docker/conf/tiqr-apache2.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/conf/tiqr-apache2.conf b/docker/conf/tiqr-apache2.conf index c331a8fc..c5e90392 100644 --- a/docker/conf/tiqr-apache2.conf +++ b/docker/conf/tiqr-apache2.conf @@ -4,7 +4,6 @@ DocumentRoot /var/www/html/public - SetEnv APP_ENV prod SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 From e07636c3330b70991d7dc13fb0d50b3d6e446c53 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 5 Dec 2023 17:45:43 +0200 Subject: [PATCH 8/9] Moving from CMD to ENTRYPOINT --- docker/Dockerfile.dev | 2 +- docker/Dockerfile.prod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev index 4cc232be..6e77763a 100644 --- a/docker/Dockerfile.dev +++ b/docker/Dockerfile.dev @@ -7,4 +7,4 @@ EXPOSE 80 # Set the default workdir WORKDIR /var/www/html -CMD ["apache2-foreground"] +ENTRYPOINT ["apache2-foreground"] diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 3dac3f69..96da752f 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -19,4 +19,4 @@ EXPOSE 80 # Set the default workdir WORKDIR /var/www/html -CMD ["apache2-foreground"] +ENTRYPOINT ["apache2-foreground"] From 8e82d6c3c3d4a916d555d3c99621688e9f2d5a1f Mon Sep 17 00:00:00 2001 From: Dan Date: Thu, 14 Dec 2023 17:04:23 +0200 Subject: [PATCH 9/9] Removing the dev image --- .github/workflows/build-push-docker-image.yml | 10 ---------- docker/Dockerfile.dev | 10 ---------- 2 files changed, 20 deletions(-) delete mode 100644 docker/Dockerfile.dev diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml index 97207eef..5edf8fcf 100644 --- a/.github/workflows/build-push-docker-image.yml +++ b/.github/workflows/build-push-docker-image.yml @@ -46,13 +46,3 @@ jobs: ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ github.sha }} ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ steps.release.outputs.tag_name }} - - - name: Build and push the Development image - uses: docker/build-push-action@v4 - with: - context: . - file: docker/Dockerfile.dev - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ghcr.io/openconext/stepup-tiqr/stepup-tiqr:dev diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev deleted file mode 100644 index 6e77763a..00000000 --- a/docker/Dockerfile.dev +++ /dev/null @@ -1,10 +0,0 @@ -FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2-node14-composer2:latest - -RUN rm -rf /etc/apache2/sites-enabled/* -COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf -EXPOSE 80 - -# Set the default workdir -WORKDIR /var/www/html - -ENTRYPOINT ["apache2-foreground"]