diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index f272a784..cc8c0aae 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -24,7 +24,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - uses: actions/checkout@v3 @@ -56,6 +56,23 @@ jobs: org.opencontainers.image.source=https://github.com/${{ github.repository }}/tree/${{ (contains(fromJson('["opened","synchronize"]'), github.event.action)) && github.head_ref || github.event.action == 'closed' && github.base_ref || github.ref_name }}/images/${{ matrix.images }}/Dockerfile org.opencontainers.image.description=Test annotation description for ghcr + - name: Create the AWX-EE context + if: matrix.images == 'awx-ee' + run: | + pip install --upgrade ansible-builder + ansible-builder create \ + --output-filename Dockerfile \ + --verbosity 3 + working-directory: ./images/awx-ee + + - name: Upload AWX-EE context for review + if: matrix.images == 'awx-ee' + uses: actions/upload-artifact@v4 + with: + name: awx-ee-context + path: ./images/awx-ee/context + retention-days: 1 + - name: Build and push the images uses: docker/bake-action@v3.1.0 with: diff --git a/.github/workflows/vulnerability-scan-build.yml b/.github/workflows/vulnerability-scan-build.yml index 2b63e789..4fc8524c 100644 --- a/.github/workflows/vulnerability-scan-build.yml +++ b/.github/workflows/vulnerability-scan-build.yml @@ -21,7 +21,7 @@ jobs: echo "SANITISED-REF-NAME=${{ github.ref_name }}" | tr '/' '-' >> "$GITHUB_OUTPUT" - name: Scan for vulnerabilities id: scan - uses: crazy-max/ghaction-container-scan@v2 + uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{ steps.sanitise-ref-name.outputs.SANITISED-REF-NAME }} dockerfile: ./images/${{ matrix.images }} diff --git a/.github/workflows/vulnerability-scan-schedule.yml b/.github/workflows/vulnerability-scan-schedule.yml index 6e2823e7..69a77ee0 100644 --- a/.github/workflows/vulnerability-scan-schedule.yml +++ b/.github/workflows/vulnerability-scan-schedule.yml @@ -32,10 +32,12 @@ jobs: branches: 4.x - images: ripple-static branches: 4.x + - images: mailpit + branches: 5.x steps: - name: Scan for vulnerabilities id: scan - uses: crazy-max/ghaction-container-scan@v2 + uses: crazy-max/ghaction-container-scan@v3 with: image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{matrix.branches}} dockerfile: ./images/${{ matrix.images }} diff --git a/gh-actions-bake.hcl b/gh-actions-bake.hcl index 8915f491..9e080ff6 100755 --- a/gh-actions-bake.hcl +++ b/gh-actions-bake.hcl @@ -20,7 +20,14 @@ target "elasticsearch" { } target "mailhog" { inherits = ["docker-metadata-action"] - context = "${CONTEXT}/mailhog" + context = "${CONTEXT}/mailpit" + dockerfile = "Dockerfile" + + platforms = ["linux/amd64", "linux/arm64"] +} +target "mailpit" { + inherits = ["docker-metadata-action"] + context = "${CONTEXT}/mailpit" dockerfile = "Dockerfile" platforms = ["linux/amd64", "linux/arm64"] @@ -86,4 +93,12 @@ target "ripple-static" { "org.opencontainers.image.description" = "Ripple static site generator image optimised for the Bay container platform" } } - +target "awx-ee" { + inherits = ["docker-metadata-action"] + context = "${CONTEXT}/awx-ee/context" + platforms = ["linux/amd64", "linux/arm64"] + args = { + PYCMD = "/usr/local/bin/python3" + PKGMGR = "/usr/bin/apt-get" + } +} diff --git a/images/awx-ee/README.md b/images/awx-ee/README.md index 654f47fd..0b9eea21 100644 --- a/images/awx-ee/README.md +++ b/images/awx-ee/README.md @@ -9,7 +9,7 @@ The AWX execution environment is a container image that AWX will use to execute - `requirements.txt`: Defined python dependencies - `requirements.yml`: Ansible collections to install -AWX has `singledigital/awx-ee:latest` added as an execution environment with a pull policy of always, when the image is updated kuberenetes will pull a new image to run the plays in. +AWX has `ghcr.io/dpc-sdp/bay/awx-ee:6.x` added as an execution environment with a pull policy of always, when the image is updated kuberenetes will pull a new image to run the plays in. ## Dependencies @@ -20,7 +20,7 @@ AWX has `singledigital/awx-ee:latest` added as an execution environment with a p Commands run from this directory if you have ansible-builder installed locally. ``` -$ ansible-builder build --tag singledigital/awx-ee:latest --container-runtime docker +$ ansible-builder build --tag ghcr.io/dpc-sdp/bay/awx-ee:6.x --container-runtime docker ``` OR run with docker. @@ -31,14 +31,14 @@ $ docker run --rm -it \ -v $(pwd):/data \ -w /data \ quay.io/ansible/ansible-builder:latest \ - ansible-builder build --tag singledigital/awx-ee:latest --container-runtime docker + ansible-builder build --tag ghcr.io/dpc-sdp/bay/awx-ee:6.x --container-runtime docker # Build the image -$ docker build -f context/Dockerfile -t singledigital/awx-ee:latest context +$ docker build -f context/Dockerfile -t ghcr.io/dpc-sdp/bay/awx-ee:6.x context ``` ## Deploying the image ``` -$ docker push singledigital/awx-ee:latest +$ docker push ghcr.io/dpc-sdp/bay/awx-ee:6.x ``` diff --git a/images/awx-ee/bindep.txt b/images/awx-ee/bindep.txt index 166af1c3..44248767 100644 --- a/images/awx-ee/bindep.txt +++ b/images/awx-ee/bindep.txt @@ -22,3 +22,4 @@ curl openssl jq rsync +apache2-utils diff --git a/images/awx-ee/docker-bake.hcl b/images/awx-ee/docker-bake.hcl index 03806621..363fbfd8 100644 --- a/images/awx-ee/docker-bake.hcl +++ b/images/awx-ee/docker-bake.hcl @@ -7,17 +7,15 @@ variable "IMAGE_TAG" { } group "default" { - targets = ["ee"] + targets = ["awx-ee"] } -target "ee" { +target "docker-metadata-action" {} + +target "awx-ee" { + inherits = ["docker-metadata-action"] context = "./context" - dockerfile = "Dockerfile" platforms = ["linux/amd64", "linux/arm64"] - tags = [ - // "singledigital/awx-ee:${IMAGE_TAG}", - "${GHCR}/dpc-sdp/bay/awx-ee:${IMAGE_TAG}" - ] args = { PYCMD = "/usr/local/bin/python3" PKGMGR = "/usr/bin/apt-get" diff --git a/images/awx-ee/execution-environment.yml b/images/awx-ee/execution-environment.yml index 28ab2ef8..4f48a805 100644 --- a/images/awx-ee/execution-environment.yml +++ b/images/awx-ee/execution-environment.yml @@ -19,19 +19,23 @@ additional_build_steps: append_base: [] prepend_final: - - LABEL org.opencontainers.image.authors="Digital Victoria" - - LABEL org.opencontainers.image.description="Provides an AWX execution environment image optimised for use with SDP." - - LABEL org.opencontainers.image.source="https://github.com/dpc-sdp/bay/blob/6.x/images/awx-ee/context/Dockerfile" - - ARG LAGOON_CLI_VERSION=v0.15.4 - - ARG NVM_INSTALL_VERSION=v0.39.1 - - ARG NODE_VERSION=v14.15.1 + - LABEL maintainer="Department of Government Services (Victoria)" + - LABEL org.opencontainers.image.title="SDP AWX Execution Environment image." + - LABEL org.opencontainers.image.description="Provides an AWX execution environment image optimised for use with SDP. Built with ansible-builder." + - LABEL org.opencontainers.image.source="https://github.com/dpc-sdp/bay/blob/6.x/images/awx-ee/" + - ARG LAGOON_CLI_VERSION=v0.21.3 + - ARG NVM_INSTALL_VERSION=v0.39.7 + - ARG NODE_VERSION=v20.9.0 + - ARG NVM_DIR="/runner/.nvm" + - ARG PHP_VERSION="8.3" append_final: - | # Required dependencies. RUN set -eux; \ - apt-get update && apt-get install -y \ + apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ git git-lfs \ jq \ + apache2-utils \ rsync \ zip unzip; \ rm -rf /var/lib/apt/lists/*; @@ -39,10 +43,12 @@ additional_build_steps: - | # Install php & composer. RUN set -eux; \ curl -sSL https://packages.sury.org/php/README.txt | bash -x; \ - apt-get update && apt-get install -y \ - php8.3-cli \ - php8.3-gd \ - php8.3-zip; \ + apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ + php${PHP_VERSION}-cli \ + php${PHP_VERSION}-curl \ + php${PHP_VERSION}-gd \ + php${PHP_VERSION}-xml \ + php${PHP_VERSION}-zip; \ rm -rf /var/lib/apt/lists/*; - | # Install cli tools. @@ -66,11 +72,20 @@ additional_build_steps: - RUN tar -C /tmp -xvf /tmp/gojq_v0.12.4_linux_amd64.tar.gz - RUN chmod +x /tmp/gojq_v0.12.4_linux_amd64/gojq - RUN mv /tmp/gojq_v0.12.4_linux_amd64/gojq /usr/local/bin - - RUN touch $HOME/.bashrc && chmod +x $HOME/.bashrc - - RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/$NVM_INSTALL_VERSION/install.sh | bash + - RUN touch /runner/.bashrc && chmod +x /runner/.bashrc + - RUN mkdir -p /runner/.nvm && chgrp 0 /runner/.nvm && chmod -R ug+rwx /runner/.nvm + - RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/$NVM_INSTALL_VERSION/install.sh | PROFILE="/runner/.bashrc" bash - RUN curl -L "https://get.helm.sh/helm-v3.12.2-linux-amd64.tar.gz" -o /tmp/helm && tar -xvf /tmp/helm -C /tmp && mv /tmp/linux-amd64/helm /usr/local/bin - RUN chmod +x /usr/local/bin/helm - - RUN curl -L https://github.com/google/yamlfmt/releases/download/v0.10.0/yamlfmt_0.10.0_Linux_x86_64.tar.gz --output /tmp/yamlfmt_0.10.0_Linux_x86_64.tar.gz - - RUN tar -C /tmp -xvf /tmp/yamlfmt_0.10.0_Linux_x86_64.tar.gz + - RUN curl -L https://github.com/google/yamlfmt/releases/download/v0.12.1/yamlfmt_0.12.1_Linux_x86_64.tar.gz --output /tmp/yamlfmt_0.12.1_Linux_x86_64.tar.gz + - RUN tar -C /tmp -xvf /tmp/yamlfmt_0.12.1_Linux_x86_64.tar.gz - RUN chmod +x /tmp/yamlfmt - - RUN mv /tmp/yamlfmt /usr/local/bin \ No newline at end of file + - RUN mv /tmp/yamlfmt /usr/local/bin + - | # Install GitHub gh cli tool + SHELL ["/bin/bash", "-c"] + RUN set -eux; \ + curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ + && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ + && apt update \ + && DEBIAN_FRONTEND=noninteractive apt install gh -y diff --git a/images/awx-ee/requirements.txt b/images/awx-ee/requirements.txt index f025ae31..efa0d666 100644 --- a/images/awx-ee/requirements.txt +++ b/images/awx-ee/requirements.txt @@ -8,10 +8,11 @@ yamllint kubernetes lxml gql -# Dependencies for the gql requests transport. -requests-toolbelt<1,>=0.9.1 -urllib3>=1.26 -requests<3,>=2.26 ruamel.yaml pygithub -azure-cli \ No newline at end of file +azure-cli + +# Dependencies for the gql requests transport. +requests<3,>=2.26 +requests-toolbelt<1,>=0.10.1 +urllib3<2.0.0 diff --git a/images/ci-builder/Dockerfile b/images/ci-builder/Dockerfile index 534b0ad9..53b2c48b 100644 --- a/images/ci-builder/Dockerfile +++ b/images/ci-builder/Dockerfile @@ -3,7 +3,7 @@ FROM php:8.3-cli-alpine ARG AHOY_VERSION=2.1.1 ARG GOJQ_VERSION=0.12.4 ARG HUB_VERSION=2.14.2 -ARG LAGOON_CLI_VERSION=0.19.0 +ARG LAGOON_CLI_VERSION=0.21.3 # Ensure temp files dont end up in image. VOLUME /tmp diff --git a/images/mailhog/Dockerfile b/images/mailhog/Dockerfile deleted file mode 100644 index 1bc18ca0..00000000 --- a/images/mailhog/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -# -# MailHog Dockerfile -# - -FROM alpine:3 - -# Install ca-certificates, required for the "release message" feature: -RUN apk --no-cache add \ - ca-certificates - -# Install MailHog: -RUN apk --no-cache add --virtual build-dependencies \ - go \ - git \ - && mkdir -p /root/gocode \ - && export GOPATH=/root/gocode \ - && go install github.com/mailhog/MailHog@latest \ - && mv /root/gocode/bin/MailHog /usr/local/bin \ - && rm -rf /root/gocode \ - && apk del --purge build-dependencies - -# Add mailhog user/group with uid/gid 1000. -# This is a workaround for boot2docker issue #581, see -# https://github.com/boot2docker/boot2docker/issues/581 -RUN adduser -D -u 1000 mailhog - -USER mailhog - -WORKDIR /home/mailhog - -ENTRYPOINT ["MailHog"] - -# Expose the SMTP and HTTP ports: -EXPOSE 1025 8025 diff --git a/images/mailpit/Dockerfile b/images/mailpit/Dockerfile new file mode 100644 index 00000000..f6181be5 --- /dev/null +++ b/images/mailpit/Dockerfile @@ -0,0 +1,33 @@ +# +# mailpit Dockerfile +# + +FROM alpine:latest +ARG MAILPIT_VERSION=1.19.0 + +# Install ca-certificates, required for the "release message" feature: +RUN apk --no-cache add \ + ca-certificates \ + curl + +# Install mailpit. +VOLUME /tmp +WORKDIR /tmp +RUN curl -L "https://github.com/axllent/mailpit/releases/download/v${MAILPIT_VERSION}/mailpit-$(echo ${TARGETPLATFORM:-linux-amd64} | tr '/' '-').tar.gz" --output mailpit.tar.gz && \ + tar -vxxzf mailpit.tar.gz && \ + mv mailpit /bin/mailpit && \ + chmod +x /bin/mailpit + +# Add mailpit user/group with uid/gid 1000. +# This is a workaround for boot2docker issue #581, see +# https://github.com/boot2docker/boot2docker/issues/581 +RUN adduser -D -u 1000 mailpit + +USER mailpit + +WORKDIR /home/mailpit + +ENTRYPOINT ["mailpit"] + +# Expose the SMTP and HTTP ports: +EXPOSE 1025 8025 diff --git a/images/mailhog/README.md b/images/mailpit/README.md similarity index 65% rename from images/mailhog/README.md rename to images/mailpit/README.md index ea93a5c9..28fe94da 100644 --- a/images/mailhog/README.md +++ b/images/mailpit/README.md @@ -1,6 +1,6 @@ -# Container Image - bay-mailhog +# Container Image - bay-mailpit -Provides a mailhog image for local development. +Provides a [mailpit](https://github.com/axllent/mailpit) image for local development. ## Usage @@ -12,8 +12,8 @@ You can also use it in your Docker Compose stack with the following snippet: ``` services: - mailhog: - image: singledigital/bay-mailhog:6.x + mailpit: + image: ghcr.io/dpc-sdp/bay/mailpit:6.x ports: - 1025 - 8025 diff --git a/images/nginx/README.md b/images/nginx/README.md index a0f56489..f4c79188 100644 --- a/images/nginx/README.md +++ b/images/nginx/README.md @@ -18,7 +18,7 @@ You can also use it in your Docker Compose stack with the following snippet: ``` services: nginx: - image: singledigital/bay-nginx:6.x + image: ghcr.io/dpc-sdp/bay/nginx:6.x volumes: - path/to/app:/app ports: diff --git a/images/node/Dockerfile b/images/node/Dockerfile index f72128f1..74abd0ac 100644 --- a/images/node/Dockerfile +++ b/images/node/Dockerfile @@ -1,6 +1,18 @@ FROM uselagoon/node-20:latest +ARG BAY_CLI_VERSION=v0.1.1 -RUN apk --update add curl git + +RUN apk --update add curl git findutils openssh-client && \ + rm -rf /var/cache/apk/* + +# Install bay-cli. +RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/${BAY_CLI_VERSION}/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN chmod +x /tmp/bay +RUN mv /tmp/bay /bin/bay + +# Bay entrypoints. +COPY entrypoints/ /lagoon/entrypoints # Prevents installation of large binaries only used for development. ENV CYPRESS_INSTALL_BINARY 0 diff --git a/images/node/README.md b/images/node/README.md index 3803df91..f69a5566 100644 --- a/images/node/README.md +++ b/images/node/README.md @@ -14,7 +14,7 @@ You can also use it in your Docker Compose stack with the following snippet: ``` services: app: - image: singledigital/bay-node:6.x + image: ghcr.io/dpc-sdp/bay/node:6.x volumes: - path/to/app:/app ports: diff --git a/images/node/entrypoints/100-kms-decrypt.sh b/images/node/entrypoints/100-kms-decrypt.sh new file mode 100755 index 00000000..ac4bc630 --- /dev/null +++ b/images/node/entrypoints/100-kms-decrypt.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +set -euo pipefail + +#/ Usage: +#/ Description: Locate files in /app/keys and attempt to decrypt them using stored IAM account details. +#/ Examples: +#/ Requires: +#/ AWS_ACCESS_KEY_ID +#/ AWS_SECRET_ACCESS_KEY +#/ AWS_DEFAULT_REGION +#/ Options: +#/ --help: Display this help message +usage() { grep '^#/' "$0" | cut -c4- ; exit 0 ; } +expr "$*" : ".*--help" > /dev/null && usage + +echoerr() { printf "%s\n" "$*" >&2 ; } +info() { echoerr "[INFO] $*" ; } +warning() { echoerr "[WARNING] $*" ; } +error() { echoerr "[ERROR] $*" ; } +fatal() { echoerr "[FATAL] $*" ; exit 1 ; } + +info "set umask to least permissive for SSH keys by default" +if [ -d "/app/keys" ]; then + umask 0177 +fi + +info "decrypting files" + +encrypted_files="" +if [ -d "/app/keys" ]; then + encrypted_files=$(find /app/keys -type f -name "*.asc" -printf '%p ' 2>/dev/null) +fi + +if [ ! -z "${encrypted_files:-x}" ] && [ ! -z "${AWS_ACCESS_KEY_ID:-x}" ] && [ ! -z "${AWS_SECRET_ACCESS_KEY:-x}" ]; then + for file in $encrypted_files; do + info " - ${file} > ${file%.asc}" + bay kms decrypt < "${file}" > "${file%.asc}" || error "unable to decrypt ${file}" + done +else + info "no files to decrypt" +fi + +# Set options back to previous state. +set +eu diff --git a/images/php/Dockerfile.cli b/images/php/Dockerfile.cli index c779bd26..ffdb4994 100644 --- a/images/php/Dockerfile.cli +++ b/images/php/Dockerfile.cli @@ -1,6 +1,6 @@ ARG PHP_VERSION=8.3 FROM php:${PHP_VERSION}-cli-alpine AS php-cli -FROM ghcr.io/skpr/mtk:latest AS mtk +FROM ghcr.io/skpr/mtk:v2.0.2 AS mtk FROM uselagoon/php-${PHP_VERSION}-cli-drupal:latest COPY --from=php-cli /usr/local/bin/phpdbg /usr/local/bin/ @@ -22,8 +22,10 @@ RUN wget -O /usr/local/bin/dockerize https://github.com/dpc-sdp/dockerize/releas RUN apk add redis --no-cache # Install bay-cli. -RUN wget "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.0/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_')" -O /bin/bay && \ - chmod +x /bin/bay +RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN chmod +x /tmp/bay +RUN mv /tmp/bay /bin/bay RUN mkdir /bay diff --git a/images/php/Dockerfile.fpm b/images/php/Dockerfile.fpm index e845dfd3..1c9767fa 100644 --- a/images/php/Dockerfile.fpm +++ b/images/php/Dockerfile.fpm @@ -24,8 +24,10 @@ RUN apk add --no-cache tzdata \ && echo $TZ > /etc/timezone # Install bay-cli. -RUN wget "https://github.com/dpc-sdp/bay-cli/releases/download/v0.0.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_')" -O /bin/bay && \ - chmod +x /bin/bay +RUN curl -L "https://github.com/dpc-sdp/bay-cli/releases/download/v0.1.1/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz" --output /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN tar -C /tmp -xvf /tmp/bay_$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '_').tar.gz +RUN chmod +x /tmp/bay +RUN mv /tmp/bay /bin/bay ONBUILD ARG BAY_DISABLE_FUNCTIONS=phpinfo,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,exec,shell_exec,passthru,phpinfo,show_source,highlight_file,popen,fopen_with_path,dbmopen,dbase_open,filepro,filepro_rowcount,filepro_retrieve,posix_mkfifo ONBUILD ARG BAY_UPLOAD_LIMIT=100M diff --git a/images/php/README.md b/images/php/README.md index e4532cd5..4172046c 100644 --- a/images/php/README.md +++ b/images/php/README.md @@ -19,7 +19,7 @@ You can also use it in your Docker Compose stack with the following snippet: ``` services: nginx: - image: singledigital/bay-php-fpm:6.x + image: ghcr.io/dpc-sdp/bay/php-fpm:6.x volumes: - path/to/app:/app ports: diff --git a/images/php/settings.php b/images/php/settings.php index 9f4be90f..c95a5ff0 100755 --- a/images/php/settings.php +++ b/images/php/settings.php @@ -346,6 +346,9 @@ $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['use_authentication'] = 0; } +// Override data_pipelines url. +$config['data_pipelines.dataset_destination.sdp_elasticsearch']['destinationSettings']['url'] = (getenv('SEARCH_HASH') && getenv('SEARCH_URL')) ? sprintf('http://%s.%s', getenv('SEARCH_HASH'), getenv('SEARCH_URL')) : "http://elasticsearch:9200"; + // Configure tide_logs. if (getenv('TIDE_LOGS_UDPLOG_HOST')) { $config['tide_logs.settings']['host'] = getenv('TIDE_LOGS_UDPLOG_HOST');