From 6f0b61f711ac10fedceb59751a9727c5a8487939 Mon Sep 17 00:00:00 2001 From: tuutti Date: Tue, 26 Nov 2024 10:52:52 +0200 Subject: [PATCH 01/15] Support php 8.4 --- ci/drupal/Makefile | 52 +++++++++++----------- ci/drupal/README.md | 8 ++-- ci/drupal/tests/{php81.yaml => php84.yaml} | 2 +- 3 files changed, 31 insertions(+), 31 deletions(-) rename ci/drupal/tests/{php81.yaml => php84.yaml} (75%) diff --git a/ci/drupal/Makefile b/ci/drupal/Makefile index 0d948f7..974a8fd 100644 --- a/ci/drupal/Makefile +++ b/ci/drupal/Makefile @@ -1,46 +1,41 @@ PHONY := REPOSITORY = ghcr.io/city-of-helsinki/drupal-php-docker -PHONY += run-php81 -run-php81: - docker run -it --rm -u 100000 $(REPOSITORY):8.1-alpine /bin/sh - -PHONY += build-php81 -build-php81: - $(call build_image,8.1) - -PHONY += push-php81 -push-php81: test-php81 - docker push $(REPOSITORY):8.1-alpine - PHONY += run-php82 run-php82: docker run -it --rm -u 100000 $(REPOSITORY):8.2-alpine /bin/sh -PHONY += build-php82 -build-php82: - $(call build_image,8.2) - -PHONY += push-php82 -push-php82: test-php82 - docker push $(REPOSITORY):8.2-alpine - PHONY += run-php83 run-php83: docker run -it --rm -u 100000 $(REPOSITORY):8.3-alpine /bin/sh +PHONY += run-php84 +run-php84: + docker run -it --rm -u 100000 $(REPOSITORY):8.4-alpine /bin/sh + +PHONY += build-php82 +build-php82: + $(call build_image,8.2) + PHONY += build-php83 build-php83: $(call build_image,8.3) +PHONY += build-php84 +build-php84: + $(call build_image,8.4) + +PHONY += push-php82 +push-php82: test-php82 + docker push $(REPOSITORY):8.2-alpine + PHONY += push-php83 push-php83: test-php83 docker push $(REPOSITORY):8.3-alpine -PHONY += test-php81 -test-php81: build-php81 - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.1-alpine --config tests/php81.yaml - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.1-alpine --config tests/php.yaml +PHONY += push-php84 +push-php84: test-php84 + docker push $(REPOSITORY):8.4-alpine PHONY += test-php82 test-php82: build-php82 @@ -52,11 +47,16 @@ test-php83: build-php83 container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.3-alpine --config tests/php83.yaml container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.3-alpine --config tests/php.yaml +PHONY += test-php84 +test-php84: build-php84 + container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.4-alpine --config tests/php84.yaml + container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.4-alpine --config tests/php.yaml + PHONY += test-php -test-php: test-php81 test-php82 test-php83 +test-php: test-php82 test-php83 test-php84 PHONY += push-php -push-php: push-php81 push-php82 push-php83 +push-php: push-php82 push-php83 push-php84 define build_image docker build --pull -t $(REPOSITORY):$(1)-alpine --build-arg BASE_IMAGE_TAG=$(1)-alpine ./ diff --git a/ci/drupal/README.md b/ci/drupal/README.md index 2e96052..2ba79bf 100644 --- a/ci/drupal/README.md +++ b/ci/drupal/README.md @@ -30,11 +30,11 @@ See: To build a specific image, call: -- `8.1-alpine` tag: `make build-php81` +- `8.4-alpine` tag: `make build-php84` To run built image locally: -- `8.1-alpine` tag: `make run-php81` +- `8.4-alpine` tag: `make run-php84` ### Testing @@ -42,7 +42,7 @@ We use [GoogleContainerTools/container-structure-test](https://github.com/Google Running tests will always rebuild the image first. -- Run tests against `8.1-alpine` tag: `make test-php81` +- Run tests against `8.4-alpine` tag: `make test-php84` ### Release process @@ -53,6 +53,6 @@ Calling `make push-php*` will: Release a specific tag: -- Release `8.1-alpine` tag: `make push-php81` +- Release `8.4-alpine` tag: `make push-php84` Release all tags at once: `make push-php`. diff --git a/ci/drupal/tests/php81.yaml b/ci/drupal/tests/php84.yaml similarity index 75% rename from ci/drupal/tests/php81.yaml rename to ci/drupal/tests/php84.yaml index f1705ce..def9246 100644 --- a/ci/drupal/tests/php81.yaml +++ b/ci/drupal/tests/php84.yaml @@ -3,4 +3,4 @@ commandTests: - name: 'PHP version' command: php args: ['--version'] - expectedOutput: ['PHP 8.1.*'] + expectedOutput: ['PHP 8.3.*'] From 0a0e56c6181f148f6988773d715e87acfa5f5f1b Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 27 Nov 2024 07:48:12 +0200 Subject: [PATCH 02/15] Fixed test --- ci/drupal/tests/php84.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/drupal/tests/php84.yaml b/ci/drupal/tests/php84.yaml index def9246..bdcdb20 100644 --- a/ci/drupal/tests/php84.yaml +++ b/ci/drupal/tests/php84.yaml @@ -3,4 +3,4 @@ commandTests: - name: 'PHP version' command: php args: ['--version'] - expectedOutput: ['PHP 8.3.*'] + expectedOutput: ['PHP 8.4.*'] From ce317e248942967d8417a7864ad231c0d70e549d Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 27 Nov 2024 08:12:04 +0200 Subject: [PATCH 03/15] Updated drupal-repository to php 8.3 --- openshift/drupal-repository/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openshift/drupal-repository/Dockerfile b/openshift/drupal-repository/Dockerfile index eab6a17..5ad19df 100644 --- a/openshift/drupal-repository/Dockerfile +++ b/openshift/drupal-repository/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.19 +FROM alpine:3.20 COPY --from=almir/webhook /usr/local/bin/webhook /usr/local/bin/webhook # We need php and git to build satis. -RUN apk add --no-cache git php82 php82-openssl php82-common php82-json php82-phar php82-mbstring php82-pecl-apcu php82-zip php82-simplexml make tini +RUN apk add --no-cache git php83 php83-openssl php83-common php83-json php83-phar php83-mbstring php83-pecl-apcu php83-zip php83-simplexml make tini ENV COMPOSER_HOME=/.composer ENV PROJECT_DIR=/var/www/html From e3b72af8cafa583db4a2c3e865ba23e9a75fc1f4 Mon Sep 17 00:00:00 2001 From: tuutti Date: Thu, 28 Nov 2024 09:25:53 +0200 Subject: [PATCH 04/15] Fix git permissions --- openshift/drupal-repository/Dockerfile | 7 +++++++ .../files/entrypoints/10-fix-permission.sh | 2 ++ .../files/entrypoints/{10-queue.sh => 20-queue.sh} | 0 3 files changed, 9 insertions(+) create mode 100644 openshift/drupal-repository/files/entrypoints/10-fix-permission.sh rename openshift/drupal-repository/files/entrypoints/{10-queue.sh => 20-queue.sh} (100%) diff --git a/openshift/drupal-repository/Dockerfile b/openshift/drupal-repository/Dockerfile index 5ad19df..ca2510f 100644 --- a/openshift/drupal-repository/Dockerfile +++ b/openshift/drupal-repository/Dockerfile @@ -18,8 +18,15 @@ EXPOSE 9000 # Copy configuration files and scripts COPY files/ / + +RUN { \ + echo '[safe]'; \ + echo "directory = /var/www/html"; \ +} > /.gitconfig + RUN chmod +x /entrypoints/* && \ chmod +x /usr/local/bin/entrypoint + ENTRYPOINT ["/sbin/tini", "--"] # Default command: Start up multiple services via entrypoint diff --git a/openshift/drupal-repository/files/entrypoints/10-fix-permission.sh b/openshift/drupal-repository/files/entrypoints/10-fix-permission.sh new file mode 100644 index 0000000..012d5a4 --- /dev/null +++ b/openshift/drupal-repository/files/entrypoints/10-fix-permission.sh @@ -0,0 +1,2 @@ +#!/bin/sh +git config --global --add safe.directory $PROJECT_DIR diff --git a/openshift/drupal-repository/files/entrypoints/10-queue.sh b/openshift/drupal-repository/files/entrypoints/20-queue.sh similarity index 100% rename from openshift/drupal-repository/files/entrypoints/10-queue.sh rename to openshift/drupal-repository/files/entrypoints/20-queue.sh From 503b3214d10691a54be6a35fcf5220c4b7070078 Mon Sep 17 00:00:00 2001 From: tuutti Date: Mon, 9 Dec 2024 13:34:31 +0200 Subject: [PATCH 05/15] Local php 8.4 image --- local/drupal/Dockerfile | 31 ++++++++--------- local/drupal/Makefile | 34 ++++++------------- local/drupal/entrypoints/.keep | 0 local/drupal/entrypoints/15-syslog.sh | 11 ------ local/drupal/entrypoints/30-drush-server.sh | 7 ---- .../files/etc/nginx/http.d/custom.locations | 8 ----- .../files/etc/nginx/http.d/default.conf | 9 +++++ .../files/etc/nginx/http.d/ssl-proxy.conf | 18 ++++++++++ 8 files changed, 52 insertions(+), 66 deletions(-) create mode 100644 local/drupal/entrypoints/.keep delete mode 100644 local/drupal/entrypoints/15-syslog.sh delete mode 100755 local/drupal/entrypoints/30-drush-server.sh create mode 100644 local/drupal/files/etc/nginx/http.d/ssl-proxy.conf diff --git a/local/drupal/Dockerfile b/local/drupal/Dockerfile index 878bfc0..1f41fcb 100644 --- a/local/drupal/Dockerfile +++ b/local/drupal/Dockerfile @@ -1,44 +1,41 @@ ARG PHP_VERSION ARG PHP_SHORT_VERSION -FROM druidfi/drupal-web:php-${PHP_VERSION} as base +FROM druidfi/drupal-web:php-${PHP_VERSION} AS base COPY --from=ghcr.io/city-of-helsinki/drupal-oc-cli:latest /usr/bin/oc /usr/bin/oc -RUN sudo apk add --no-cache jq +RUN sudo apk add --no-cache jq openssl RUN sudo composer self-update -# Autostart drush server and syslog services. COPY entrypoints/ /entrypoints - COPY files/ / # Override default fpm pool conf to run nginx and php-fpm as same user. COPY php-fpm-pool.conf /etc/php${PHP_SHORT_VERSION}/php-fpm.d/www.conf -RUN grep -qxF 'xdebug.log' /etc/php${PHP_SHORT_VERSION}/conf.d/xdebug.ini || echo 'xdebug.log=/tmp/xdebug.log' | sudo tee -a /etc/php${PHP_SHORT_VERSION}/conf.d/xdebug.ini && \ - sudo -u root touch /tmp/xdebug.log && \ - sudo chmod 666 /tmp/xdebug.log - # Add druid user to nginx group to prevent permission issues with drush and 'asset://' # files. RUN sudo addgroup druid nginx -ENV SIMPLETEST_DB="mysql://${DRUPAL_DB_USER}:${DRUPAL_DB_PASS}@${DRUPAL_DB_HOST}:${DRUPAL_DB_PORT}/${DRUPAL_DB_NAME}" +RUN sudo -u root touch /tmp/xdebug.log && \ + sudo chmod 666 /tmp/xdebug.log -FROM base as php81 -RUN sudo apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community add php81-pecl-pcov php81-pecl-imagick +RUN sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ + -subj "/C=FI/ST=Uusimaa/L=Helsinki" \ + -keyout /etc/ssl/private/cert.key \ + -out /etc/ssl/certs/cert.crt -FROM base as php82 +ENV SIMPLETEST_DB="mysql://${DRUPAL_DB_USER}:${DRUPAL_DB_PASS}@${DRUPAL_DB_HOST}:${DRUPAL_DB_PORT}/${DRUPAL_DB_NAME}" + +FROM base AS php83 RUN sudo apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php82-pecl-imagick php82-pecl-pcov + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php83-pecl-imagick php83-pecl-pcov -FROM base as php83 +FROM base AS php84 RUN sudo apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php83-pecl-imagick php83-pecl-pcov + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php84-pecl-imagick php84-pecl-pcov diff --git a/local/drupal/Makefile b/local/drupal/Makefile index 73cc0ae..ffece82 100644 --- a/local/drupal/Makefile +++ b/local/drupal/Makefile @@ -1,44 +1,32 @@ PHONY := REPOSITORY = ghcr.io/city-of-helsinki/drupal-web +PHONY += run-php84-amd64 +run-php84-amd64: + $(call run_image,linux/amd64,php84,8.4,84) + PHONY += run-php83-amd64 run-php83-amd64: $(call run_image,linux/amd64,php83,8.3,83) -PHONY += run-php82-amd64 -run-php82-amd64: - $(call run_image,linux/amd64,php82,8.2,82) - -PHONY += run-php81-amd64 -run-php81-amd64: - $(call run_image,linux/amd64,php81,8.1,81) +PHONY += run-php84-arm64 +run-php84-arm64: + $(call run_image,linux/arm64,php84,8.4,84) PHONY += run-php83-arm64 run-php83-arm64: $(call run_image,linux/arm64,php83,8.3,83) -PHONY += run-php82-arm64 -run-php82-arm64: - $(call run_image,linux/arm64,php82,8.2,82) - -PHONY += run-php81-arm64 -run-php81-arm64: - $(call run_image,linux/arm64,php81,8.1,81) +PHONY += push-php84 +push-php84: + $(call push_image,php84,8.4,84) PHONY += push-php83 push-php83: $(call push_image,php83,8.3,83) -PHONY += push-php82 -push-php82: - $(call push_image,php82,8.2,82) - -PHONY += push-php81 -push-php81: - $(call push_image,php81,8.1,81) - PHONY += push-php -push-php: push-php81 push-php82 push-php83 +push-php: push-php83 push-php84 define run_image docker buildx build --load --platform $(1) --target=$(2) -t $(REPOSITORY):$(3) --build-arg PHP_VERSION=$(3) --build-arg PHP_SHORT_VERSION=$(4) ./ diff --git a/local/drupal/entrypoints/.keep b/local/drupal/entrypoints/.keep new file mode 100644 index 0000000..e69de29 diff --git a/local/drupal/entrypoints/15-syslog.sh b/local/drupal/entrypoints/15-syslog.sh deleted file mode 100644 index 80b90a2..0000000 --- a/local/drupal/entrypoints/15-syslog.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -cd /app - -# @todo Remove this once all projects use monolog. -if ! composer show drupal/monolog -q 2>/dev/null; then - sudo touch /tmp/drupal.log && sudo chmod a+rw /tmp/drupal.log - tail -f /tmp/drupal.log & -else - echo "Found drupal/monolog. Skipping logger entrypoint ..." -fi diff --git a/local/drupal/entrypoints/30-drush-server.sh b/local/drupal/entrypoints/30-drush-server.sh deleted file mode 100755 index c5d1a6e..0000000 --- a/local/drupal/entrypoints/30-drush-server.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -if command -v drush &> /dev/null -then - sleep 5 && drush runserver $SIMPLETEST_BASE_URL --dns & -fi - diff --git a/local/drupal/files/etc/nginx/http.d/custom.locations b/local/drupal/files/etc/nginx/http.d/custom.locations index ce6470c..e69de29 100644 --- a/local/drupal/files/etc/nginx/http.d/custom.locations +++ b/local/drupal/files/etc/nginx/http.d/custom.locations @@ -1,8 +0,0 @@ -location ~* \.(css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg|mp4|svgz|ogg|ogv|pdf|pptx?|zip|tgz|gz|rar|bz2|doc|xls|exe|tar|mid|midi|wav|bmp|rtf|txt|map)$ { - add_header Access-Control-Allow-Origin "*"; - try_files $uri @rewrite; - expires 1y; - add_header Pragma "cache"; - add_header Cache-Control "public"; - log_not_found off; -} diff --git a/local/drupal/files/etc/nginx/http.d/default.conf b/local/drupal/files/etc/nginx/http.d/default.conf index 9840736..844526b 100644 --- a/local/drupal/files/etc/nginx/http.d/default.conf +++ b/local/drupal/files/etc/nginx/http.d/default.conf @@ -18,6 +18,15 @@ server { # Allow locations to be added without overriding the whole conf. include http.d/custom.locations; + location ~* \.(css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg|mp4|svgz|ogg|ogv|pdf|pptx?|zip|tgz|gz|rar|bz2|doc|xls|exe|tar|mid|midi|wav|bmp|rtf|txt|map)$ { + add_header Access-Control-Allow-Origin "*"; + try_files $uri @rewrite; + expires 1y; + add_header Pragma "cache"; + add_header Cache-Control "public"; + log_not_found off; + } + # rewriting /index.php to / because after https://www.drupal.org/node/2599326 # autocomplete URLs are forced to go to index.php rewrite ^/index.php / last; diff --git a/local/drupal/files/etc/nginx/http.d/ssl-proxy.conf b/local/drupal/files/etc/nginx/http.d/ssl-proxy.conf new file mode 100644 index 0000000..52c8e9d --- /dev/null +++ b/local/drupal/files/etc/nginx/http.d/ssl-proxy.conf @@ -0,0 +1,18 @@ +server { + listen 443 ssl; + server_name _; + ssl_certificate /etc/ssl/certs/cert.crt; + ssl_certificate_key /etc/ssl/private/cert.key; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + client_max_body_size 32M; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_redirect off; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Port 443; + proxy_set_header Host app; + } +} From 716a7d6fafad9c6520786a92afae69bee99a33f1 Mon Sep 17 00:00:00 2001 From: tuutti Date: Tue, 10 Dec 2024 09:25:56 +0200 Subject: [PATCH 06/15] Drop support for 8.1 and 8.2 php --- openshift/drupal/Dockerfile | 104 +++++---------- openshift/drupal/Makefile | 126 ++++++------------ openshift/drupal/README.md | 28 ++-- openshift/drupal/docker-bake.hcl | 41 ++---- openshift/drupal/tests/php81.yaml | 16 --- .../drupal/tests/{php82.yaml => php84.yaml} | 5 +- 6 files changed, 105 insertions(+), 215 deletions(-) delete mode 100644 openshift/drupal/tests/php81.yaml rename openshift/drupal/tests/{php82.yaml => php84.yaml} (80%) diff --git a/openshift/drupal/Dockerfile b/openshift/drupal/Dockerfile index db48e80..a1b355b 100644 --- a/openshift/drupal/Dockerfile +++ b/openshift/drupal/Dockerfile @@ -2,7 +2,7 @@ ARG PHP_VERSION ARG PHP_SHORT_VERSION ARG ALPINE_VERSION -FROM alpine:${ALPINE_VERSION} as php +FROM alpine:${ALPINE_VERSION} AS php RUN echo 'export PS1="[${APP_ENV:-env}] \[\e[1;31m\][${HOSTNAME:-hostname}] \[\e[1;33m\]\w\[\e[0m\] $ "' >> /etc/profile ENV ENV="/etc/profile" @@ -48,10 +48,9 @@ COPY files/ / RUN chmod +x /entrypoints/* && \ chmod +x /usr/local/bin/entrypoint -# Create missing nginx folder. -RUN mkdir -p /run/nginx - RUN \ + # Create missing nginx folder. + mkdir -p /run/nginx && \ # COMPOSER_HOME permissions. mkdir -p $COMPOSER_HOME && \ chmod -R a+rwx $COMPOSER_HOME && \ @@ -68,68 +67,7 @@ ENTRYPOINT ["/sbin/tini", "--"] # Default command: Start up multiple services via entrypoint CMD ["entrypoint"] -FROM php as php81 -RUN set -eux; \ - apk --no-cache add \ - php81-pear \ - php81-fpm \ - php81-curl \ - php81-fileinfo \ - php81-iconv \ - php81-mbstring \ - php81-opcache \ - php81-openssl \ - php81-phar \ - php81-session \ - php81-zip \ - php81-dom \ - php81-pdo \ - php81-pdo_mysql \ - php81-tokenizer \ - php81-xmlreader \ - php81-xmlwriter \ - php81-simplexml \ - php81-ctype \ - php81-gd \ - php81-sodium \ - php81-pecl-apcu \ - php81-pecl-imagick \ - php81-pecl-redis; \ - ln -sfn /usr/bin/php81 /usr/bin/php && \ - ln -sfn /usr/sbin/php-fpm81 /usr/bin/php-fpm; - -FROM php as php82 -RUN set -eux; \ - apk --no-cache add \ - php82-pear \ - php82-fpm \ - php82-curl \ - php82-fileinfo \ - php82-iconv \ - php82-mbstring \ - php82-opcache \ - php82-openssl \ - php82-phar \ - php82-session \ - php82-zip \ - php82-dom \ - php82-pdo \ - php82-pdo_mysql \ - php82-tokenizer \ - php82-xmlreader \ - php82-xmlwriter \ - php82-simplexml \ - php82-ctype \ - php82-gd \ - php82-sodium \ - php82-pecl-apcu \ - php82-pecl-redis; \ - apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main add \ - php82-pecl-imagick; \ - ln -sfn /usr/bin/php82 /usr/bin/php && \ - ln -sfn /usr/sbin/php-fpm82 /usr/bin/php-fpm; - -FROM php as php83 +FROM php AS php83 RUN set -eux; \ apk --no-cache add \ php83-pear \ @@ -160,7 +98,37 @@ RUN set -eux; \ ln -sfn /usr/bin/php83 /usr/bin/php && \ ln -sfn /usr/sbin/php-fpm83 /usr/bin/php-fpm; -FROM php${PHP_SHORT_VERSION} as final +FROM php AS php84 +RUN set -eux; \ + apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main add \ + php84-pear \ + php84-fpm \ + php84-curl \ + php84-fileinfo \ + php84-iconv \ + php84-mbstring \ + php84-opcache \ + php84-openssl \ + php84-phar \ + php84-session \ + php84-zip \ + php84-dom \ + php84-pdo \ + php84-pdo_mysql \ + php84-tokenizer \ + php84-xmlreader \ + php84-xmlwriter \ + php84-simplexml \ + php84-ctype \ + php84-gd \ + php84-sodium \ + php84-pecl-apcu \ + php84-pecl-redis \ + php84-pecl-imagick; \ + ln -sfn /usr/bin/php84 /usr/bin/php && \ + ln -sfn /usr/sbin/php-fpm84 /usr/bin/php-fpm; + +FROM php${PHP_SHORT_VERSION} AS final ARG PHP_SHORT_VERSION @@ -175,8 +143,6 @@ RUN { \ echo 'opcache.validate_timestamps=0'; \ } > /etc/php${PHP_SHORT_VERSION}/conf.d/opcache-recommended.ini -# Override memory limit and upload max filesize and post max size -# to enable bigger uploads RUN { \ echo 'memory_limit=512M'; \ echo 'upload_max_filesize=32M'; \ diff --git a/openshift/drupal/Makefile b/openshift/drupal/Makefile index 32473a3..bad7511 100644 --- a/openshift/drupal/Makefile +++ b/openshift/drupal/Makefile @@ -10,101 +10,25 @@ help: # php-dev # ########### PHONY += build-php-dev -build-php-dev: build-php81-dev build-php82-dev build-php83-dev +build-php-dev: build-php83-dev build-php84-dev PHONY += push-php-dev -push-php-dev: push-php81-dev push-php82-dev push-php83-dev +push-php-dev: push-php83-dev push-php84-dev PHONY += test-php-dev -test-php-dev: test-php81-dev test-php82-dev test-php83-dev +test-php-dev: test-php83-dev test-php84-dev ####### # php # ####### PHONY += test-php -test-php: test-php81 test-php82 test-php83 +test-php: test-php83 test-php84 PHONY += push-php -push-php: push-php81 push-php82 push-php83 +push-php: push-php83 push-php84 PHONY += build-php -build-php: build-php81 build-php82 build-php83 - -########### -# 8.1-dev # -########### -PHONY += build-php81-dev -build-php81-dev: - $(call build_image,php81-dev) - -PHONY += run-php81-dev -run-php81-dev: - docker run -it --rm -u 100000 $(REPOSITORY):8.1-dev /bin/sh - -PHONY += push-php81-dev -push-php81-dev: test-php81-dev - docker push $(REPOSITORY):8.1-dev - -PHONY += test-php81-dev -test-php81-dev: build-php81-dev - $(call run_tests,8.1-dev) - -####### -# 8.1 # -####### -PHONY += build-php81 -build-php81: - $(call build_image,php81) - -PHONY += run-php81 -run-php81: - docker run -it --rm -u 100000 $(REPOSITORY):8.1 /bin/sh - -PHONY += push-php81 -push-php81: test-php81 - docker push $(REPOSITORY):8.1 - -PHONY += test-php81 -test-php81: build-php81 - $(call run_tests,8.1) - -########### -# 8.2-dev # -########### -PHONY += build-php82-dev -build-php82-dev: - $(call build_image,php82-dev) - -PHONY += run-php82-dev -run-php82-dev: - docker run -it --rm -u 100000 $(REPOSITORY):8.2-dev /bin/sh - -PHONY += test-php82-dev -test-php82-dev: build-php82-dev - $(call run_tests,8.2-dev) - -PHONY += push-php82-dev -push-php82-dev: test-php82-dev - docker push $(REPOSITORY):8.2-dev - -####### -# 8.2 # -####### -PHONY += build-php82 -build-php82: - $(call build_image,php82) - -PHONY += run-php82 -run-php82: - docker run -it --rm -u 100000 $(REPOSITORY):8.2 /bin/sh - -PHONY += test-php82 -test-php82: build-php82 - $(call run_tests,8.2) - -PHONY += push-php82 -push-php82: test-php82 - docker push $(REPOSITORY):8.2 +build-php: build-php83 build-php84 ########### # 8.3-dev # @@ -144,6 +68,44 @@ PHONY += push-php83 push-php83: test-php83 docker push $(REPOSITORY):8.3 +########### +# 8.4-dev # +########### +PHONY += build-php84-dev +build-php84-dev: + $(call build_image,php84-dev) + +PHONY += run-php84-dev +run-php84-dev: + docker run -it --rm -u 100000 $(REPOSITORY):8.4-dev /bin/sh + +PHONY += test-php84-dev +test-php84-dev: build-php84-dev + $(call run_tests,8.4-dev) + +PHONY += push-php84-dev +push-php84-dev: test-php84-dev + docker push $(REPOSITORY):8.4-dev + +####### +# 8.4 # +####### +PHONY += build-php84 +build-php84: + $(call build_image,php84) + +PHONY += run-php84 +run-php84: + docker run -it --rm -u 100000 $(REPOSITORY):8.4 /bin/sh + +PHONY += test-php84 +test-php84: build-php84 + $(call run_tests,8.4) + +PHONY += push-php84 +push-php84: test-php84 + docker push $(REPOSITORY):8.4 + define run_tests container-structure-test test --image $(REPOSITORY):$(1) --config tests/php$(subst -dev,,$(subst .,,$(1))).yaml container-structure-test test --image $(REPOSITORY):$(1) --config tests/php.yaml diff --git a/openshift/drupal/README.md b/openshift/drupal/README.md index 9b4c44d..5a75574 100644 --- a/openshift/drupal/README.md +++ b/openshift/drupal/README.md @@ -1,15 +1,13 @@ # OpenShift Drupal base images -Supported PHP versions: `8.3`, `8.2`, `8.1`: +Supported PHP versions: `8.3`, `8.4`: - `ghcr.io/city-of-helsinki/drupal-docker-base:8.3-dev` - `ghcr.io/city-of-helsinki/drupal-docker-base:8.3` -- `ghcr.io/city-of-helsinki/drupal-docker-base:8.2-dev` -- `ghcr.io/city-of-helsinki/drupal-docker-base:8.2` -- `ghcr.io/city-of-helsinki/drupal-docker-base:8.1-dev` -- `ghcr.io/city-of-helsinki/drupal-docker-base:8.1` +- `ghcr.io/city-of-helsinki/drupal-docker-base:8.4-dev` +- `ghcr.io/city-of-helsinki/drupal-docker-base:8.4` -Testing environment uses `*-dev` images by default and it's highly recommended to push changes to `*-dev` tag first and test them on testing environment before pushing them into production (`8.0` tag for example). +Testing environment uses `*-dev` images by default, and it's highly recommended to push changes to `*-dev` tag first and test them on testing environment before pushing them into production (`8.0` tag for example). ## Development @@ -20,7 +18,7 @@ Testing environment uses `*-dev` images by default and it's highly recommended t ### Testing production image locally -- Build the image: `make build-php81-dev` (change `php81` to whatever is your actual PHP version) +- Build the image: `make build-php84-dev` (change `php84` to whatever is your actual PHP version) - Find the image ID of latest `docker images ghcr.io/city-of-helsinki/drupal-docker-base` image and copy the image ID - Change project's `DRUPAL_IMAGE` (in `.env` file) to image ID from previous step - Add `SIMPLETEST_DB: "mysql://drupal:drupal@db:3306/drupal"` to `app` service's environments in `compose.yaml` @@ -31,13 +29,13 @@ Testing environment uses `*-dev` images by default and it's highly recommended t To build a specific image, call: -- `8.1-dev` tag: `make build-php81-dev` -- `8.1` tag: `make build-php81` +- `8.4-dev` tag: `make build-php84-dev` +- `8.4` tag: `make build-php84` To run built image locally: -- `8.1-dev` tag: `make run-php81-dev` -- `8.1` tag: `make run-php81` +- `8.4-dev` tag: `make run-php84-dev` +- `8.4` tag: `make run-php84` You can also build all tags at once: `make build-php-dev` (builds all `*-dev` tags) or `make build-php` (builds stable tags). @@ -47,8 +45,8 @@ We use [GoogleContainerTools/container-structure-test](https://github.com/Google Running tests will always re/build the image first. -- Run tests against `8.1-dev` tag: `make test-php81-dev` -- Run tests against `8.1` tag: `make test-php81` +- Run tests against `8.4-dev` tag: `make test-php84-dev` +- Run tests against `8.4` tag: `make test-php84` ### Release process @@ -61,5 +59,5 @@ Call `make push-php` or `make push-php-dev` to: You can also release a specific tag by: -- `make push-php81-dev`: Build, tests and push the `8.1-dev` tag -- `make push-php81`: Builds, tests and push the `8.1` tag +- `make push-php84-dev`: Build, tests and push the `8.4-dev` tag +- `make push-php84`: Builds, tests and push the `8.4` tag diff --git a/openshift/drupal/docker-bake.hcl b/openshift/drupal/docker-bake.hcl index 8f4765e..a2b5528 100644 --- a/openshift/drupal/docker-bake.hcl +++ b/openshift/drupal/docker-bake.hcl @@ -6,11 +6,11 @@ group "default" { } group "dev" { - targets = ["php81-dev", "php82-dev", "php83-dev"] + targets = ["php83-dev", "php84-dev"] } group "prod" { - targets = ["php81", "php82", "php83"] + targets = ["php83", "php84"] } target "php" { @@ -42,46 +42,25 @@ target "php83" { platforms = ["linux/amd64"] } -target "php82-dev" { +target "php84-dev" { inherits = ["php"] args = { - PHP_VERSION = "8.2" - PHP_SHORT_VERSION = "82" + PHP_VERSION = "8.4" + PHP_SHORT_VERSION = "84" ALPINE_VERSION = "3.20" } - tags = ["${REPO_BASE}:8.2-dev"] + tags = ["${REPO_BASE}:8.4-dev"] platforms = ["linux/amd64"] } -target "php82" { +target "php84" { inherits = ["php"] args = { - PHP_VERSION = "8.2" - PHP_SHORT_VERSION = "82" + PHP_VERSION = "8.4" + PHP_SHORT_VERSION = "84" ALPINE_VERSION = "3.20" } - tags = ["${REPO_BASE}:8.2"] + tags = ["${REPO_BASE}:8.4"] platforms = ["linux/amd64"] } -target "php81-dev" { - inherits = ["php"] - args = { - PHP_VERSION = "8.1" - PHP_SHORT_VERSION = "81" - ALPINE_VERSION = "3.19" - } - tags = ["${REPO_BASE}:8.1-dev"] - platforms = ["linux/amd64"] -} - -target "php81" { - inherits = ["php"] - args = { - PHP_VERSION = "8.1" - PHP_SHORT_VERSION = "81" - ALPINE_VERSION = "3.19" - } - tags = ["${REPO_BASE}:8.1"] - platforms = ["linux/amd64"] -} diff --git a/openshift/drupal/tests/php81.yaml b/openshift/drupal/tests/php81.yaml deleted file mode 100644 index 4d2e03c..0000000 --- a/openshift/drupal/tests/php81.yaml +++ /dev/null @@ -1,16 +0,0 @@ -schemaVersion: '2.0.0' -commandTests: - - name: 'PHP version' - command: php - args: ['--version'] - expectedOutput: ['PHP 8.1.*'] - - - name: 'PHP version' - command: php-fpm - args: ['--version'] - expectedOutput: ['PHP 8.1.*'] - - - name: 'Alpine version' - command: cat - args: ['/etc/alpine-release'] - expectedOutput: ['3.19.*'] diff --git a/openshift/drupal/tests/php82.yaml b/openshift/drupal/tests/php84.yaml similarity index 80% rename from openshift/drupal/tests/php82.yaml rename to openshift/drupal/tests/php84.yaml index 915bdfc..441dee2 100644 --- a/openshift/drupal/tests/php82.yaml +++ b/openshift/drupal/tests/php84.yaml @@ -1,14 +1,15 @@ + schemaVersion: '2.0.0' commandTests: - name: 'PHP version' command: php args: ['--version'] - expectedOutput: ['PHP 8.2.*'] + expectedOutput: ['PHP 8.4.*'] - name: 'PHP version' command: php-fpm args: ['--version'] - expectedOutput: ['PHP 8.2.*'] + expectedOutput: ['PHP 8.4.*'] - name: 'Alpine version' command: cat From 0231d5c62b7d959086087e41de822ed8aecbebad Mon Sep 17 00:00:00 2001 From: tuutti Date: Tue, 10 Dec 2024 13:59:03 +0200 Subject: [PATCH 07/15] Changed local base image to use prod as base --- local/drupal/Dockerfile | 56 ++++--- local/drupal/README.md | 10 +- local/drupal/entrypoints/.keep | 0 local/drupal/entrypoints/15-xdebug.sh | 20 +++ local/drupal/files/etc/nginx/fastcgi.conf | 55 ------- .../files/etc/nginx/http.d/custom.locations | 0 .../files/etc/nginx/http.d/default.conf | 149 ------------------ local/drupal/files/etc/nginx/nginx.conf | 146 ----------------- local/drupal/files/etc/php/conf.d/xdebug.ini | 5 + local/drupal/php-fpm-pool.conf | 30 ---- openshift/drupal/.gitignore | 3 + openshift/drupal/Dockerfile | 28 ++-- openshift/drupal/Makefile | 42 +---- openshift/drupal/README.md | 15 +- openshift/drupal/docker-bake.hcl | 17 +- .../drupal/files/entrypoints/15-syslog.sh | 2 +- openshift/drupal/tests/composer.json | 5 + openshift/drupal/tests/nginx.yaml | 26 --- openshift/drupal/tests/php.yaml | 43 ----- openshift/drupal/tests/php83.yaml | 17 -- openshift/drupal/tests/php84.yaml | 17 -- openshift/drupal/tests/phpunit.xml | 25 +++ .../drupal/tests/tests/EnvVariableTest.php | 25 +++ .../tests/tests/InstalledPackagesTest.php | 31 ++++ .../drupal/tests/tests/NginxUnitTest.php | 33 ++++ openshift/drupal/tests/tests/PhpTest.php | 51 ++++++ 26 files changed, 274 insertions(+), 577 deletions(-) delete mode 100644 local/drupal/entrypoints/.keep create mode 100644 local/drupal/entrypoints/15-xdebug.sh delete mode 100644 local/drupal/files/etc/nginx/fastcgi.conf delete mode 100644 local/drupal/files/etc/nginx/http.d/custom.locations delete mode 100644 local/drupal/files/etc/nginx/http.d/default.conf delete mode 100644 local/drupal/files/etc/nginx/nginx.conf create mode 100644 local/drupal/files/etc/php/conf.d/xdebug.ini delete mode 100644 local/drupal/php-fpm-pool.conf create mode 100644 openshift/drupal/.gitignore create mode 100644 openshift/drupal/tests/composer.json delete mode 100644 openshift/drupal/tests/nginx.yaml delete mode 100644 openshift/drupal/tests/php.yaml delete mode 100644 openshift/drupal/tests/php83.yaml delete mode 100644 openshift/drupal/tests/php84.yaml create mode 100644 openshift/drupal/tests/phpunit.xml create mode 100644 openshift/drupal/tests/tests/EnvVariableTest.php create mode 100644 openshift/drupal/tests/tests/InstalledPackagesTest.php create mode 100644 openshift/drupal/tests/tests/NginxUnitTest.php create mode 100644 openshift/drupal/tests/tests/PhpTest.php diff --git a/local/drupal/Dockerfile b/local/drupal/Dockerfile index 1f41fcb..98ee091 100644 --- a/local/drupal/Dockerfile +++ b/local/drupal/Dockerfile @@ -1,41 +1,45 @@ -ARG PHP_VERSION -ARG PHP_SHORT_VERSION -FROM druidfi/drupal-web:php-${PHP_VERSION} AS base +ARG PHP_VERSION=8.4 +ARG PHP_SHORT_VERSION=84 +FROM ghcr.io/city-of-helsinki/drupal-docker-base:${PHP_VERSION}-dev AS base -COPY --from=ghcr.io/city-of-helsinki/drupal-oc-cli:latest /usr/bin/oc /usr/bin/oc +ENV DRUPAL_DB_NAME=drupal \ + DRUPAL_DB_USER=drupal \ + DRUPAL_DB_PASS=drupal \ + DRUPAL_DB_HOST=db \ + DRUPAL_DB_PORT=3306 -RUN sudo apk add --no-cache jq openssl +ENV SIMPLETEST_DB="mysql://${DRUPAL_DB_USER}:${DRUPAL_DB_PASS}@${DRUPAL_DB_HOST}:${DRUPAL_DB_PORT}/${DRUPAL_DB_NAME}" -RUN sudo composer self-update +COPY --from=ghcr.io/city-of-helsinki/drupal-oc-cli:latest /usr/bin/oc /usr/bin/oc COPY entrypoints/ /entrypoints -COPY files/ / - -# Override default fpm pool conf to run nginx and php-fpm as same user. -COPY php-fpm-pool.conf /etc/php${PHP_SHORT_VERSION}/php-fpm.d/www.conf +RUN chmod +x /entrypoints/* -# Add druid user to nginx group to prevent permission issues with drush and 'asset://' -# files. -RUN sudo addgroup druid nginx +COPY files/etc/nginx /etc/nginx -RUN sudo -u root touch /tmp/xdebug.log && \ - sudo chmod 666 /tmp/xdebug.log +# The old druidfi/drupal-web image used /app folder. Symlink it to +# keep this compatible with it. +RUN ln -s /var/www/html /app -RUN sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ +ARG PHP_SHORT_VERSION +# Remove opcache-recommended.ini because we make several performance +# changes to OPcache settings that may hinder local development. +RUN rm /etc/php${PHP_SHORT_VERSION}/conf.d/opcache-recommended.ini + +# Generate a self-signed cert for nginx. We use selenium+chromium to run +# Functional javascript tests and it forces all requests to use https now. +# We have a nginx config with a self-signed cert to proxy https requests +# to 8080 port. +# @see files/etc/nginx/http.d/ssl-proxy.conf +RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -subj "/C=FI/ST=Uusimaa/L=Helsinki" \ -keyout /etc/ssl/private/cert.key \ -out /etc/ssl/certs/cert.crt -ENV SIMPLETEST_DB="mysql://${DRUPAL_DB_USER}:${DRUPAL_DB_PASS}@${DRUPAL_DB_HOST}:${DRUPAL_DB_PORT}/${DRUPAL_DB_NAME}" - -FROM base AS php83 -RUN sudo apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php83-pecl-imagick php83-pecl-pcov - FROM base AS php84 -RUN sudo apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ +RUN apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php84-pecl-imagick php84-pecl-pcov + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php84-pecl-xdebug php84-pecl-pcov + +COPY files/etc/php /etc/php84 diff --git a/local/drupal/README.md b/local/drupal/README.md index 91507f5..4780ecf 100644 --- a/local/drupal/README.md +++ b/local/drupal/README.md @@ -1,16 +1,14 @@ # Local Drupal docker image -Based on [druidfi/drupal-web](https://github.com/druidfi/docker-images) with few additions: +Based on [City-of-Helsinki/drupal-docker-base](/openshift/drupal) image with a few additions: - [OpenShift origin client (OC)](/local/oc) -- Force HTTPS nginx fastcgi parameter `on` to make sure Drupal generates URLs using `https` -- Run php-fpm and nginx as same user to prevent some weird permission issues +- Xdebug -Available PHP versions: `8.3`, `8.2`, `8.1`: +Available PHP versions: `8.3`, `8.4`: - `ghcr.io/city-of-helsinki/drupal-web:8.3` -- `ghcr.io/city-of-helsinki/drupal-web:8.2` -- `ghcr.io/city-of-helsinki/drupal-web:8.1` +- `ghcr.io/city-of-helsinki/drupal-web:8.4` ## Development diff --git a/local/drupal/entrypoints/.keep b/local/drupal/entrypoints/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/local/drupal/entrypoints/15-xdebug.sh b/local/drupal/entrypoints/15-xdebug.sh new file mode 100644 index 0000000..5aefa34 --- /dev/null +++ b/local/drupal/entrypoints/15-xdebug.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +XDEBUG_INI=/etc/php$PHP_INSTALL_VERSION/conf.d/xdebug.ini + +if [ "$XDEBUG_ENABLE" = "true" ]; then + echo "- Start with Xdebug enabled. Remove XDEBUG_ENABLE=true ENV variable to disable it." + if [ -f "$XDEBUG_INI" ]; then + echo "- Already enabled..." + else + mv "$XDEBUG_INI".disabled "$XDEBUG_INI" + touch /tmp/xdebug.log && chmod 666 /tmp/xdebug.log + fi +else + echo "- Start with Xdebug disabled. Add XDEBUG_ENABLE=true ENV variable to enable it." + if [ -f "$XDEBUG_INI" ]; then + mv "$XDEBUG_INI" "$XDEBUG_INI".disabled + else + echo "- Already disabled..." + fi +fi diff --git a/local/drupal/files/etc/nginx/fastcgi.conf b/local/drupal/files/etc/nginx/fastcgi.conf deleted file mode 100644 index 613077e..0000000 --- a/local/drupal/files/etc/nginx/fastcgi.conf +++ /dev/null @@ -1,55 +0,0 @@ -set $fastcgi_port "80"; -set $fastcgi_https "off"; -if ($http_x_forwarded_proto = 'https') { - set $fastcgi_https "on"; - set $fastcgi_port "443"; -} - -fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; -fastcgi_param HTTPS $fastcgi_https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; - -# Setting to Port 80 and 443 based on if we have an upstream https or not -fastcgi_param SERVER_PORT $fastcgi_port; - -# Setting to $host as $server_name is empty all the time -fastcgi_param SERVER_NAME $host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; - -# Mitigate https://httpoxy.org/ vulnerabilities -fastcgi_param HTTP_PROXY ""; - -# Mitigate CVE-2018-14773: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers -fastcgi_param HTTP_X-ORIGINAL-URL ""; -fastcgi_param HTTP_X_ORIGINAL_URL ""; -fastcgi_param HTTP_X-REWRITE-URL ""; -fastcgi_param HTTP_X_REWRITE_URL ""; - -fastcgi_keep_conn on; -fastcgi_index index.php; -fastcgi_hide_header 'X-Generator'; - -fastcgi_buffers 256 32k; -fastcgi_buffer_size 32k; -fastcgi_read_timeout 3600s; -fastcgi_temp_path /tmp/fastcgi_temp; diff --git a/local/drupal/files/etc/nginx/http.d/custom.locations b/local/drupal/files/etc/nginx/http.d/custom.locations deleted file mode 100644 index e69de29..0000000 diff --git a/local/drupal/files/etc/nginx/http.d/default.conf b/local/drupal/files/etc/nginx/http.d/default.conf deleted file mode 100644 index 844526b..0000000 --- a/local/drupal/files/etc/nginx/http.d/default.conf +++ /dev/null @@ -1,149 +0,0 @@ -server { - listen [::]:8080 default_server; - listen 8080 default_server; - server_name _; - - root /app/public; - index index.php; - - location ~ ^/(?:.*)-assets/(.*)$ { - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:8080/$1$is_args$args; - } - - # Allow locations to be added without overriding the whole conf. - include http.d/custom.locations; - - location ~* \.(css|cur|js|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg|mp4|svgz|ogg|ogv|pdf|pptx?|zip|tgz|gz|rar|bz2|doc|xls|exe|tar|mid|midi|wav|bmp|rtf|txt|map)$ { - add_header Access-Control-Allow-Origin "*"; - try_files $uri @rewrite; - expires 1y; - add_header Pragma "cache"; - add_header Cache-Control "public"; - log_not_found off; - } - - # rewriting /index.php to / because after https://www.drupal.org/node/2599326 - # autocomplete URLs are forced to go to index.php - rewrite ^/index.php / last; - - # The 'default' location. - location / { - # This has to come before any *.txt path-based blocking - # Support for the securitytxt module - # http://drupal.org/project/securitytxt. - # RFC8615 standard path. - location ~* /\.well-known/security\.txt(\.sig)?$ { - access_log off; - try_files $uri @rewrite; - } - - location ~ ^/(status|ping)$ { - include fastcgi_params; - fastcgi_pass 127.0.0.1:9000; - fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; - allow 127.0.0.1; - deny all; - } - - # Do not allow access to .txt and .md unless inside sites/*/files/ - location ~* ^(?!.+sites\/.+\/files\/).+\.(txt|md)$ { - deny all; - access_log off; - log_not_found off; - } - - # Replicate the Apache directive of Drupal standard - # .htaccess. Disable access to any code files. Return a 404 to curtail - # information disclosure. - location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.*sql\.gz|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^\/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|web\.config)$|composer\.(json|lock)$|^\/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { - deny all; - access_log off; - log_not_found off; - return 404; - } - - ## Directives for installing drupal. - #location ~* ^(/install.php|/core/install.php) { - # try_files /dev/null @php; - #} - - # Disallow access to any dot files, but send the request to Drupal - location ~* /\. { - try_files /dev/null @rewrite; - } - - # Direct Access to .php files is not allowed and is sent to Drupal instead - location ~* ^.+\.php$ { - try_files /dev/null @rewrite; - } - - # Try to find a file with given URL, if not pass to Drupal - try_files $uri @rewrite; - } - - # PHP Location. - # Warning: This allows to execute any PHP files, use with care! - location @php { - include /etc/nginx/fastcgi.conf; - fastcgi_pass 127.0.0.1:9000; - } - - location @rewrite { - include /etc/nginx/fastcgi.conf; - fastcgi_param SCRIPT_NAME /index.php; - fastcgi_param SCRIPT_FILENAME $realpath_root/index.php; - fastcgi_pass 127.0.0.1:9000; - } - - # Trying to access private files directly returns a 404. - location /sites/default/files/private/ { - internal; - } - - # Disallow access to vendor directory. - location ^~ /core/vendor/ { - deny all; - access_log off; - log_not_found off; - } - - # Disallow access to vendor directory. - location ^~ /vendor/ { - deny all; - access_log off; - log_not_found off; - } - - # Support for the robotstxt module - # http://drupal.org/project/robotstxt. - location = /robots.txt { - access_log off; - try_files $uri @rewrite; - } - - # Add support for the humanstxt module - # http://drupal.org/project/humanstxt. - location = /humans.txt { - access_log off; - try_files $uri @rewrite; - } - - # Support for favicon. Return an 1x1 transparent GIF if it doesn't - # exist. - location = /favicon.ico { - expires 30d; - try_files /favicon.ico @empty; - } - - # Return an in memory 1x1 transparent GIF. - location @empty { - expires 30d; - empty_gif; - } - -} diff --git a/local/drupal/files/etc/nginx/nginx.conf b/local/drupal/files/etc/nginx/nginx.conf deleted file mode 100644 index a627d27..0000000 --- a/local/drupal/files/etc/nginx/nginx.conf +++ /dev/null @@ -1,146 +0,0 @@ -# /etc/nginx/nginx.conf - -user nginx; -daemon off; -# Set number of worker processes automatically based on number of CPU cores. -worker_processes auto; - -# Enables the use of JIT for regular expressions to speed-up their processing. -pcre_jit on; - -# Configures default error logger. -error_log /dev/stderr warn; - -pid /var/run/nginx.pid; - -# Includes files with directives to load dynamic modules. -include /etc/nginx/modules/*.conf; - -events { - # The maximum number of simultaneous connections that can be opened by - # a worker process. - worker_connections 1024; -} - -http { - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; - - # Don't tell nginx version to the clients. Default is 'on'. - server_tokens off; - - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. Default is '1m'. - client_body_buffer_size 32M; - client_max_body_size 40M; - - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). Default is off. - sendfile on; - - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. Default is 'off'. - tcp_nopush on; - - - # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. - # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - - # Path of the file with Diffie-Hellman parameters for EDH ciphers. - # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` - #ssl_dhparam /etc/ssl/nginx/dh2048.pem; - - # Specifies that our cipher suits should be preferred over client ciphers. - # Default is 'off'. - ssl_prefer_server_ciphers on; - - # Enables a shared SSL cache with size that can hold around 8000 sessions. - # Default is 'none'. - ssl_session_cache shared:SSL:2m; - - # Specifies a time during which a client may reuse the session parameters. - # Default is '5m'. - ssl_session_timeout 1h; - - # Disable TLS session tickets (they are insecure). Default is 'on'. - ssl_session_tickets off; - - # Enable gzipping of responses. - gzip on; - gzip_buffers 16 8k; - gzip_comp_level 1; - gzip_http_version 1.1; - gzip_min_length 20; - gzip_vary on; - gzip_proxied any; - gzip_disable msie6; - gzip_types application/atom+xml - application/geo+json - application/javascript - application/json - application/ld+json - application/manifest+json - application/rdf+xml - application/rss+xml - application/vnd.ms-fontobject - application/wasm - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/otf - image/bmp - image/svg+xml - text/cache-manifest - text/calendar - text/css - text/javascript - text/markdown - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; - - # Helper variable for proxying websockets. - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - - # Specifies the main log format. - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Specifies the logger-json log format. - log_format logger-json escape=json '{"source": "nginx", "time": $msec, "resp_body_size": $body_bytes_sent, "host": "$http_host", "address": "$remote_addr", "request_length": $request_length, "method": "$request_method", "uri": "$request_uri", "status": $status, "user_agent": "$http_user_agent", "resp_time": $request_time, "upstream_addr": "$upstream_addr", "x_forwarderd_for": "$http_x_forwarded_for"}'; - - map $request_uri $loggable { - /health 0; - default 1; - } - - # Sets the path, format, and configuration for a buffered log write. - access_log /dev/stdout logger-json if=$loggable; - - # Includes virtual hosts configs. - include /etc/nginx/http.d/*.conf; - - # WARNING: Don't use this directory for virtual hosts anymore. - # This include will be moved to the root context in Alpine 3.14. - #include /etc/nginx/conf.d/*.conf; -} - -# TIP: Uncomment if you use stream module. -#include /etc/nginx/stream.conf; diff --git a/local/drupal/files/etc/php/conf.d/xdebug.ini b/local/drupal/files/etc/php/conf.d/xdebug.ini new file mode 100644 index 0000000..f0e9324 --- /dev/null +++ b/local/drupal/files/etc/php/conf.d/xdebug.ini @@ -0,0 +1,5 @@ +zend_extension=xdebug.so +xdebug.mode=debug +xdebug.client_host=host.docker.internal +xdebug.idekey=PHPSTORM +xdebug.log=/tmp/xdebug.log diff --git a/local/drupal/php-fpm-pool.conf b/local/drupal/php-fpm-pool.conf deleted file mode 100644 index 64c1dc0..0000000 --- a/local/drupal/php-fpm-pool.conf +++ /dev/null @@ -1,30 +0,0 @@ -[global] -; Log to stderr -error_log = /dev/stderr -; Error log level. Possible values: alert, error, warning, notice, debug. Default value: notice. -log_level = warning - -[www] -listen = [::]:9000 - -; Make sure the FPM workers can reach the environment variables for configuration -clear_env = no - -pm = dynamic -pm.max_children = 60 -pm.start_servers = 2 -pm.min_spare_servers = 2 -pm.max_spare_servers = 20 -pm.max_requests = 500 - -user=nginx -group=nginx - -; Catch output from PHP -catch_workers_output = yes - -; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message -decorate_workers_output = no - -php_value[memory_limit] = 512M - diff --git a/openshift/drupal/.gitignore b/openshift/drupal/.gitignore new file mode 100644 index 0000000..639cf40 --- /dev/null +++ b/openshift/drupal/.gitignore @@ -0,0 +1,3 @@ +tests/.phpunit.cache +tests/composer.lock +tests/vendor diff --git a/openshift/drupal/Dockerfile b/openshift/drupal/Dockerfile index a1b355b..74b36f9 100644 --- a/openshift/drupal/Dockerfile +++ b/openshift/drupal/Dockerfile @@ -1,17 +1,15 @@ -ARG PHP_VERSION -ARG PHP_SHORT_VERSION -ARG ALPINE_VERSION +ARG PHP_VERSION=8.4 +ARG PHP_SHORT_VERSION=84 +ARG ALPINE_VERSION=3.20 FROM alpine:${ALPINE_VERSION} AS php -RUN echo 'export PS1="[${APP_ENV:-env}] \[\e[1;31m\][${HOSTNAME:-hostname}] \[\e[1;33m\]\w\[\e[0m\] $ "' >> /etc/profile -ENV ENV="/etc/profile" - # Install required tools (https://docs.acquia.com/blt/install/) # alpine-sdk required for the make script in composer.json RUN set -eux; \ apk update && apk upgrade && \ apk add --no-cache git \ + curl \ patch \ rsync \ bash \ @@ -22,6 +20,11 @@ RUN set -eux; \ jq \ tini +RUN \ + touch /etc/bash/ps1.sh && \ + echo 'export PS1="[${APP_ENV:-env}] \[\e[1;31m\][${HOSTNAME:-hostname}] \[\e[1;33m\]\w\[\e[0m\] $ "' | tee /etc/profile /etc/bash/ps1.sh +ENV ENV="/etc/profile" + # Install Composer COPY --from=composer:latest /usr/bin/composer /usr/local/bin/ @@ -29,11 +32,11 @@ ENV PATH=${PATH}:/app/vendor/bin:/var/www/html/vendor/bin ENV COMPOSER_HOME=/.composer # Fetch the required certificate for the Azure MySQL flexible server service -ENV AZURE_SQL_SSL_CA_PATH /usr/local/share/ca-certificates/DigiCertGlobalRootCA.crt.pem +ENV AZURE_SQL_SSL_CA_PATH=/usr/local/share/ca-certificates/DigiCertGlobalRootCA.crt.pem RUN wget https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem -O $AZURE_SQL_SSL_CA_PATH # Fetch the required certificates for the Azure MariaDB service and combine them -ENV AZURE_SQL_SSL_CA_PATH /usr/local/share/ca-certificates/BaltimoreCyberTrustRoot.crt.pem +ENV AZURE_SQL_SSL_CA_PATH=/usr/local/share/ca-certificates/BaltimoreCyberTrustRoot.crt.pem RUN wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem -O /tmp/baltimore.crt.pem && \ wget https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -O /tmp/g2.crt.pem && \ cat /tmp/g2.crt.pem >> $AZURE_SQL_SSL_CA_PATH && \ @@ -49,7 +52,7 @@ RUN chmod +x /entrypoints/* && \ chmod +x /usr/local/bin/entrypoint RUN \ - # Create missing nginx folder. + # Create missing nginx folder. mkdir -p /run/nginx && \ # COMPOSER_HOME permissions. mkdir -p $COMPOSER_HOME && \ @@ -131,6 +134,7 @@ RUN set -eux; \ FROM php${PHP_SHORT_VERSION} AS final ARG PHP_SHORT_VERSION +ARG PHP_VERSION # Set recommended PHP.ini settings # see https://secure.php.net/manual/en/opcache.installation.php @@ -154,3 +158,9 @@ RUN { \ # Override default fpm pool conf to run nginx and php-fpm as same user. COPY php-fpm-pool.conf /etc/php${PHP_SHORT_VERSION}/php-fpm.d/www.conf + +FROM final AS test +COPY tests/ /tests +WORKDIR /tests +RUN composer install && \ + vendor/bin/phpunit diff --git a/openshift/drupal/Makefile b/openshift/drupal/Makefile index bad7511..dfb65bb 100644 --- a/openshift/drupal/Makefile +++ b/openshift/drupal/Makefile @@ -37,10 +37,6 @@ PHONY += build-php83-dev build-php83-dev: $(call build_image,php83-dev) -PHONY += run-php83-dev -run-php83-dev: - docker run -it --rm -u 100000 $(REPOSITORY):8.3-dev /bin/sh - PHONY += test-php83-dev test-php83-dev: build-php83-dev $(call run_tests,8.3-dev) @@ -56,10 +52,6 @@ PHONY += build-php83 build-php83: $(call build_image,php83) -PHONY += run-php83 -run-php83: - docker run -it --rm -u 100000 $(REPOSITORY):8.3 /bin/sh - PHONY += test-php83 test-php83: build-php83 $(call run_tests,8.3) @@ -71,49 +63,31 @@ push-php83: test-php83 ########### # 8.4-dev # ########### -PHONY += build-php84-dev -build-php84-dev: - $(call build_image,php84-dev) - -PHONY += run-php84-dev -run-php84-dev: - docker run -it --rm -u 100000 $(REPOSITORY):8.4-dev /bin/sh - PHONY += test-php84-dev -test-php84-dev: build-php84-dev - $(call run_tests,8.4-dev) +test-php84-dev: + $(call run_tests,php84-dev) PHONY += push-php84-dev push-php84-dev: test-php84-dev - docker push $(REPOSITORY):8.4-dev + $(call build_image,php84-dev) ####### # 8.4 # ####### -PHONY += build-php84 -build-php84: - $(call build_image,php84) - -PHONY += run-php84 -run-php84: - docker run -it --rm -u 100000 $(REPOSITORY):8.4 /bin/sh - PHONY += test-php84 -test-php84: build-php84 - $(call run_tests,8.4) +test-php84: + $(call run_tests,php84) PHONY += push-php84 push-php84: test-php84 - docker push $(REPOSITORY):8.4 + $(call build_image,php84) define run_tests - container-structure-test test --image $(REPOSITORY):$(1) --config tests/php$(subst -dev,,$(subst .,,$(1))).yaml - container-structure-test test --image $(REPOSITORY):$(1) --config tests/php.yaml - container-structure-test test --image $(REPOSITORY):$(1) --config tests/nginx.yaml + docker buildx bake test $(1) test endef define build_image - DOCKER_BUILDKIT=1 docker buildx bake $(BUILD_EXTRA_ARGS) --load --pull -f docker-bake.hcl $(1) + docker buildx bake $(BUILD_EXTRA_ARGS) --pull --push -f docker-bake.hcl $(1) endef .PHONY: $(PHONY) diff --git a/openshift/drupal/README.md b/openshift/drupal/README.md index 5a75574..060c2f8 100644 --- a/openshift/drupal/README.md +++ b/openshift/drupal/README.md @@ -16,15 +16,6 @@ Testing environment uses `*-dev` images by default, and it's highly recommended - Install [GoogleContainerTools/container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) - [docker/buildx](https://github.com/docker/buildx) (most likely already included by default) -### Testing production image locally - -- Build the image: `make build-php84-dev` (change `php84` to whatever is your actual PHP version) -- Find the image ID of latest `docker images ghcr.io/city-of-helsinki/drupal-docker-base` image and copy the image ID -- Change project's `DRUPAL_IMAGE` (in `.env` file) to image ID from previous step -- Add `SIMPLETEST_DB: "mysql://drupal:drupal@db:3306/drupal"` to `app` service's environments in `compose.yaml` -- Change app container's volume from `/app` to `/var/www/html` (in `compose.yaml` file) -- Re/start containers: `docker-compose stop && docker compose up -d` - ### Building To build a specific image, call: @@ -41,16 +32,12 @@ You can also build all tags at once: `make build-php-dev` (builds all `*-dev` ta ### Testing -We use [GoogleContainerTools/container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) to test images. See [tests/](tests/) for available tests. - -Running tests will always re/build the image first. - - Run tests against `8.4-dev` tag: `make test-php84-dev` - Run tests against `8.4` tag: `make test-php84` ### Release process -Make sure youre logged in to `ghcr.io` Docker repository: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry +Make sure you're logged in to `ghcr.io` Docker repository: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry Call `make push-php` or `make push-php-dev` to: - Build all PHP versions at once diff --git a/openshift/drupal/docker-bake.hcl b/openshift/drupal/docker-bake.hcl index a2b5528..fd290da 100644 --- a/openshift/drupal/docker-bake.hcl +++ b/openshift/drupal/docker-bake.hcl @@ -18,6 +18,19 @@ target "php" { args = { ALPINE_VERSION = "3.20" } + platforms = ["linux/amd64", "linux/arm64"] + labels = { + "org.opencontainers.image.url" = "https://github.com/City-of-Helsinki/drupal-docker-images" + "org.opencontainers.image.source" = "https://github.com/City-of-Helsinki/drupal-docker-images" + "org.opencontainers.image.licenses" = "MIT" + "org.opencontainers.image.vendor" = "City of Helsinki" + "org.opencontainers.image.created" = "${timestamp()}" + } +} + +target "test" { + target = "test" + output = ["type=cacheonly"] } target "php83-dev" { @@ -28,7 +41,6 @@ target "php83-dev" { ALPINE_VERSION = "3.20" } tags = ["${REPO_BASE}:8.3-dev"] - platforms = ["linux/amd64"] } target "php83" { @@ -39,7 +51,6 @@ target "php83" { ALPINE_VERSION = "3.20" } tags = ["${REPO_BASE}:8.3"] - platforms = ["linux/amd64"] } target "php84-dev" { @@ -50,7 +61,6 @@ target "php84-dev" { ALPINE_VERSION = "3.20" } tags = ["${REPO_BASE}:8.4-dev"] - platforms = ["linux/amd64"] } target "php84" { @@ -61,6 +71,5 @@ target "php84" { ALPINE_VERSION = "3.20" } tags = ["${REPO_BASE}:8.4"] - platforms = ["linux/amd64"] } diff --git a/openshift/drupal/files/entrypoints/15-syslog.sh b/openshift/drupal/files/entrypoints/15-syslog.sh index 0120eea..c040b8a 100644 --- a/openshift/drupal/files/entrypoints/15-syslog.sh +++ b/openshift/drupal/files/entrypoints/15-syslog.sh @@ -4,7 +4,7 @@ cd /var/www/html # @todo Remove this once all projects use monolog. if ! composer show drupal/monolog -q 2>/dev/null; then - sudo touch /tmp/drupal.log && sudo chmod a+rw /tmp/drupal.log + touch /tmp/drupal.log && chmod a+rw /tmp/drupal.log tail -f /tmp/drupal.log & else echo "Found drupal/monolog. Skipping logger entrypoint ..." diff --git a/openshift/drupal/tests/composer.json b/openshift/drupal/tests/composer.json new file mode 100644 index 0000000..7e62adf --- /dev/null +++ b/openshift/drupal/tests/composer.json @@ -0,0 +1,5 @@ +{ + "require-dev": { + "phpunit/phpunit": "^11.5" + } +} diff --git a/openshift/drupal/tests/nginx.yaml b/openshift/drupal/tests/nginx.yaml deleted file mode 100644 index 5a574b0..0000000 --- a/openshift/drupal/tests/nginx.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# @todo Improve these -schemaVersion: '2.0.0' -commandTests: - - name: 'Nginx is installed' - command: which - args: ['nginx'] - - name: 'Nginx config test' - command: nginx - args: ['-t'] - -fileExistenceTests: -- name: 'Nginx fastcgi.conf' - path: '/etc/nginx/fastcgi.conf' - shouldExist: true - -- name: 'Nginx nginx.conf' - path: '/etc/nginx/nginx.conf' - shouldExist: true - -- name: 'Nginx default.conf' - path: '/etc/nginx/http.d/default.conf' - shouldExist: true - -- name: 'Nginx custom.locations' - path: '/etc/nginx/conf.d/custom.locations' - shouldExist: true diff --git a/openshift/drupal/tests/php.yaml b/openshift/drupal/tests/php.yaml deleted file mode 100644 index 9e0f31d..0000000 --- a/openshift/drupal/tests/php.yaml +++ /dev/null @@ -1,43 +0,0 @@ -schemaVersion: '2.0.0' -commandTests: - - name: 'Composer is installed' - command: composer - args: ['--version'] - expectedOutput: ['Composer version*'] - - name: 'PHP extensions' - command: bash - args: - - -c - - | - php -m | grep -e json -e apcu -e curl -e gd -e mbstring -e openssl -e pdo -e redis -e sodium -e "Zend OPcache" -e tokenizer -e xml -e SimpleXML -e ctype -e imagick | sort -uf - expectedOutput: ["apcu\nctype\ncurl\ngd\nimagick\njson\nlibxml\nmbstring\nopenssl\npdo_mysql\nredis\nSimpleXML\nsodium\ntokenizer\nxml\nxmlreader\nxmlwriter\nZend OPcache"] - - name: 'Git is installed' - command: which - args: ['git'] - - name: 'Patch is installed' - command: which - args: ['patch'] - - name: 'MariaDB client is installed' - command: which - args: ['mysql'] - - name: 'Bash is installed' - command: which - args: ['bash'] - - name: 'JQ is installed' - command: which - args: ['jq'] - - name: 'make is installed' - command: which - args: ['make'] - - name: 'php-fpm config test' - command: php-fpm - args: ['--test'] - -metadataTest: - envVars: - - key: 'PATH' - value: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/app/vendor/bin:/var/www/html/vendor/bin' - - key: 'COMPOSER_HOME' - value: '/.composer' - - key: 'AZURE_SQL_SSL_CA_PATH' - value: '/usr/local/share/ca-certificates/BaltimoreCyberTrustRoot.crt.pem' diff --git a/openshift/drupal/tests/php83.yaml b/openshift/drupal/tests/php83.yaml deleted file mode 100644 index 9cb9bea..0000000 --- a/openshift/drupal/tests/php83.yaml +++ /dev/null @@ -1,17 +0,0 @@ - -schemaVersion: '2.0.0' -commandTests: - - name: 'PHP version' - command: php - args: ['--version'] - expectedOutput: ['PHP 8.3.*'] - - - name: 'PHP version' - command: php-fpm - args: ['--version'] - expectedOutput: ['PHP 8.3.*'] - - - name: 'Alpine version' - command: cat - args: ['/etc/alpine-release'] - expectedOutput: ['3.20.*'] diff --git a/openshift/drupal/tests/php84.yaml b/openshift/drupal/tests/php84.yaml deleted file mode 100644 index 441dee2..0000000 --- a/openshift/drupal/tests/php84.yaml +++ /dev/null @@ -1,17 +0,0 @@ - -schemaVersion: '2.0.0' -commandTests: - - name: 'PHP version' - command: php - args: ['--version'] - expectedOutput: ['PHP 8.4.*'] - - - name: 'PHP version' - command: php-fpm - args: ['--version'] - expectedOutput: ['PHP 8.4.*'] - - - name: 'Alpine version' - command: cat - args: ['/etc/alpine-release'] - expectedOutput: ['3.20.*'] diff --git a/openshift/drupal/tests/phpunit.xml b/openshift/drupal/tests/phpunit.xml new file mode 100644 index 0000000..da2563d --- /dev/null +++ b/openshift/drupal/tests/phpunit.xml @@ -0,0 +1,25 @@ + + + + + tests + + + + + + src + + + diff --git a/openshift/drupal/tests/tests/EnvVariableTest.php b/openshift/drupal/tests/tests/EnvVariableTest.php new file mode 100644 index 0000000..8c05905 --- /dev/null +++ b/openshift/drupal/tests/tests/EnvVariableTest.php @@ -0,0 +1,25 @@ +assertEquals($expectedValue, getenv($envVariable)); + } + + public static function envVariableData() : array { + return [ + ['PATH', '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/app/vendor/bin:/var/www/html/vendor/bin'], + ['COMPOSER_HOME', '/.composer'], + ['AZURE_SQL_SSL_CA_PATH', '/usr/local/share/ca-certificates/BaltimoreCyberTrustRoot.crt.pem'], + ]; + } + +} diff --git a/openshift/drupal/tests/tests/InstalledPackagesTest.php b/openshift/drupal/tests/tests/InstalledPackagesTest.php new file mode 100644 index 0000000..b23547a --- /dev/null +++ b/openshift/drupal/tests/tests/InstalledPackagesTest.php @@ -0,0 +1,31 @@ +assertEquals(0, $returnCode); + } + + public static function expectedPackages() : array { + return [ + ['which git'], + ['which patch'], + ['which mysql'], + ['which bash'], + ['which jq'], + ['which make'], + ['php-fpm --test'], + ]; + } + +} diff --git a/openshift/drupal/tests/tests/NginxUnitTest.php b/openshift/drupal/tests/tests/NginxUnitTest.php new file mode 100644 index 0000000..0b09d80 --- /dev/null +++ b/openshift/drupal/tests/tests/NginxUnitTest.php @@ -0,0 +1,33 @@ +assertFileExists($conf); + } + + public static function configNames() : array { + return [ + ['/etc/nginx/nginx.conf'], + ['/etc/nginx/fastcgi.conf'], + ['/etc/nginx/http.d/default.conf'], + ['/etc/nginx/conf.d/global-headers'], + ['/etc/nginx/conf.d/custom.locations'], + ]; + } + + public function testNginxCommand() { + $returnCode = NULL; + exec('nginx -t', result_code: $returnCode); + $this->assertEquals(0, $returnCode); + } + +} diff --git a/openshift/drupal/tests/tests/PhpTest.php b/openshift/drupal/tests/tests/PhpTest.php new file mode 100644 index 0000000..7b151d0 --- /dev/null +++ b/openshift/drupal/tests/tests/PhpTest.php @@ -0,0 +1,51 @@ +shortVersion = getenv('PHP_SHORT_VERSION'); + $this->phpVersion = getenv('PHP_VERSION'); + $this->assertNotEmpty($this->shortVersion); + $this->assertNotEmpty($this->phpVersion); + } + + #[DataProvider(methodName: 'extensionNames')] + public function testExtension(string $extension) : void { + $this->assertTrue(extension_loaded($extension)); + } + + public static function extensionNames() : array { + return [ + ['json'], + ['apcu'], + ['curl'], + ['mbstring'], + ['openssl'], + ['pdo'], + ['redis'], + ['sodium'], + ['ctype'], + ['zend opcache'], + ['tokenizer'], + ['xml'], + ['simplexml'], + ['imagick'], + ]; + } + + public function testPhpVersion() { + $actual = PHP_MAJOR_VERSION . '.' . PHP_MINOR_VERSION; + $this->assertTrue(version_compare($this->phpVersion, $actual, 'eq')); + } + +} From 43a4ff32a3701867f24e20e6d7757ad837d8278c Mon Sep 17 00:00:00 2001 From: tuutti Date: Tue, 10 Dec 2024 14:11:46 +0200 Subject: [PATCH 08/15] Documentation fixes --- openshift/drupal/Makefile | 28 +++++++--------------------- openshift/drupal/README.md | 11 +++-------- 2 files changed, 10 insertions(+), 29 deletions(-) diff --git a/openshift/drupal/Makefile b/openshift/drupal/Makefile index dfb65bb..67dd188 100644 --- a/openshift/drupal/Makefile +++ b/openshift/drupal/Makefile @@ -9,9 +9,6 @@ help: ########### # php-dev # ########### -PHONY += build-php-dev -build-php-dev: build-php83-dev build-php84-dev - PHONY += push-php-dev push-php-dev: push-php83-dev push-php84-dev @@ -27,38 +24,27 @@ test-php: test-php83 test-php84 PHONY += push-php push-php: push-php83 push-php84 -PHONY += build-php -build-php: build-php83 build-php84 - ########### # 8.3-dev # ########### -PHONY += build-php83-dev -build-php83-dev: - $(call build_image,php83-dev) - PHONY += test-php83-dev -test-php83-dev: build-php83-dev - $(call run_tests,8.3-dev) +test-php83-dev: + $(call run_tests,php83-dev) PHONY += push-php83-dev -push-php83-dev: test-php83-dev - docker push $(REPOSITORY):8.3-dev +push-php83-dev: + $(call build_image,php83-dev) ####### # 8.3 # ####### -PHONY += build-php83 -build-php83: - $(call build_image,php83) - PHONY += test-php83 -test-php83: build-php83 - $(call run_tests,8.3) +test-php83: + $(call run_tests,php83) PHONY += push-php83 push-php83: test-php83 - docker push $(REPOSITORY):8.3 + $(call build_image,php83) ########### # 8.4-dev # diff --git a/openshift/drupal/README.md b/openshift/drupal/README.md index 060c2f8..bef5230 100644 --- a/openshift/drupal/README.md +++ b/openshift/drupal/README.md @@ -20,15 +20,10 @@ Testing environment uses `*-dev` images by default, and it's highly recommended To build a specific image, call: -- `8.4-dev` tag: `make build-php84-dev` -- `8.4` tag: `make build-php84` +- `8.4-dev` tag: `make push-php84-dev` +- `8.4` tag: `make push-php84` -To run built image locally: - -- `8.4-dev` tag: `make run-php84-dev` -- `8.4` tag: `make run-php84` - -You can also build all tags at once: `make build-php-dev` (builds all `*-dev` tags) or `make build-php` (builds stable tags). +You can also build all tags at once: `make push-php-dev` (builds all `*-dev` tags) or `make push-php` (builds stable tags). ### Testing From 6bbfabb838c0d07832ed23ae1b79efa7427ad52e Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 11 Dec 2024 13:27:48 +0200 Subject: [PATCH 09/15] Deprecate CI images --- ci/drupal/Dockerfile | 126 ------------------------------------- ci/drupal/Makefile | 65 ------------------- ci/drupal/README.md | 57 +---------------- ci/drupal/files/bin/drush | 18 ------ ci/drupal/tests/php.yaml | 56 ----------------- ci/drupal/tests/php82.yaml | 6 -- ci/drupal/tests/php83.yaml | 6 -- ci/drupal/tests/php84.yaml | 6 -- 8 files changed, 2 insertions(+), 338 deletions(-) delete mode 100644 ci/drupal/Dockerfile delete mode 100644 ci/drupal/Makefile delete mode 100755 ci/drupal/files/bin/drush delete mode 100644 ci/drupal/tests/php.yaml delete mode 100644 ci/drupal/tests/php82.yaml delete mode 100644 ci/drupal/tests/php83.yaml delete mode 100644 ci/drupal/tests/php84.yaml diff --git a/ci/drupal/Dockerfile b/ci/drupal/Dockerfile deleted file mode 100644 index 407a5b7..0000000 --- a/ci/drupal/Dockerfile +++ /dev/null @@ -1,126 +0,0 @@ -ARG BASE_IMAGE_TAG -FROM php:${BASE_IMAGE_TAG} as base - -# Install required tools -RUN apk add --no-cache \ - sqlite \ - sqlite-dev \ - git \ - patch \ - mariadb-client \ - # druidfi/tools has dependency to make and - # 'make cast-spell' has dependency to bash - make \ - bash \ - grep \ - jq \ - gnupg \ - coreutils \ - # This is required by MySQL 8 (caching_sha2_password plugin) - mariadb-connector-c - -# install the PHP extensions we need -RUN set -eux; \ - \ - apk add --no-cache --virtual .build-deps \ - coreutils \ - freetype-dev \ - libjpeg-turbo-dev \ - libpng-dev \ - libzip-dev \ - autoconf \ - linux-headers \ - g++ \ - libtool \ - ; \ - \ - pecl install apcu pcov; \ - \ - docker-php-ext-configure gd \ - --with-freetype \ - --with-jpeg=/usr/include \ - ; \ - \ - docker-php-ext-enable apcu.so pcov.so; \ - \ - docker-php-ext-install -j "$(nproc)" \ - sockets \ - gd \ - opcache \ - bcmath \ - pdo_mysql \ - zip \ - pdo_sqlite \ - ; \ - \ - runDeps="$( \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ - | tr ',' '\n' \ - | sort -u \ - | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ - )"; \ - apk add --virtual .drupal-phpexts-rundeps $runDeps; \ - apk del .build-deps; \ - rm /usr/local/bin/phpdbg \ - /usr/local/bin/php-cgi - -# We can't remove files from base layer (php container) so we have to copy everything -# into a new layer to not waste space. -FROM scratch -COPY --from=base / / - -# set recommended PHP.ini settings -# see https://secure.php.net/manual/en/opcache.installation.php -RUN { \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=4000'; \ - echo 'opcache.revalidate_freq=60'; \ - echo 'opcache.fast_shutdown=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini - -# override memory limit and upload max filesize and post max size -# to enable bigger uploads -RUN { \ - echo 'memory_limit=512M'; \ - echo 'upload_max_filesize=32M'; \ - echo 'post_max_size=32M'; \ - } > /usr/local/etc/php/conf.d/php-overrides.ini - -RUN apk add --no-cache \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - github-cli - -# Copy scripts and configuration files. -COPY files/ / - -# Install Composer -COPY --from=composer:latest /usr/bin/composer /usr/local/bin/ - -ENV SIMPLETEST_BASE_URL=http://127.0.0.1:8888 -ENV SIMPLETEST_DB=mysql://drupal:drupal@db:3306/drupal -ENV COMPOSER_HOME=/tmp/.composer - -# Individual module tests use `composer config repositories N $GITHUB_WORKSPACE && composer require drupal/$MODULE_NAME` to -# symlink module's codebase from $GITHUB_WORKSPACE to public/modules/contrib folder. PHPUnit seems to report an incorrect -# test coverage if the test folder is a symlink. -# -# This setting changes composer to mirror the content instead of symlinking it. -# @see https://helsinkisolutionoffice.atlassian.net/browse/UHF-8566 -ENV COMPOSER_MIRROR_PATH_REPOS=1 - -# Automatically discard uncommitted changes. This usually happens when attempting to update a package that -# has any patches applied. -ENV COMPOSER_DISCARD_CHANGES=true - -RUN curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import; \ - curl -Os https://uploader.codecov.io/latest/alpine/codecov; \ - curl -Os https://uploader.codecov.io/latest/alpine/codecov.SHA256SUM; \ - curl -Os https://uploader.codecov.io/latest/alpine/codecov.SHA256SUM.sig; \ - gpgv codecov.SHA256SUM.sig codecov.SHA256SUM; \ - sha256sum -c codecov.SHA256SUM; \ - rm codecov.*; \ - chmod +x codecov; \ - mv codecov /usr/bin/; - -USER 1001 diff --git a/ci/drupal/Makefile b/ci/drupal/Makefile deleted file mode 100644 index 974a8fd..0000000 --- a/ci/drupal/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -PHONY := -REPOSITORY = ghcr.io/city-of-helsinki/drupal-php-docker - -PHONY += run-php82 -run-php82: - docker run -it --rm -u 100000 $(REPOSITORY):8.2-alpine /bin/sh - -PHONY += run-php83 -run-php83: - docker run -it --rm -u 100000 $(REPOSITORY):8.3-alpine /bin/sh - -PHONY += run-php84 -run-php84: - docker run -it --rm -u 100000 $(REPOSITORY):8.4-alpine /bin/sh - -PHONY += build-php82 -build-php82: - $(call build_image,8.2) - -PHONY += build-php83 -build-php83: - $(call build_image,8.3) - -PHONY += build-php84 -build-php84: - $(call build_image,8.4) - -PHONY += push-php82 -push-php82: test-php82 - docker push $(REPOSITORY):8.2-alpine - -PHONY += push-php83 -push-php83: test-php83 - docker push $(REPOSITORY):8.3-alpine - -PHONY += push-php84 -push-php84: test-php84 - docker push $(REPOSITORY):8.4-alpine - -PHONY += test-php82 -test-php82: build-php82 - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.2-alpine --config tests/php82.yaml - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.2-alpine --config tests/php.yaml - -PHONY += test-php83 -test-php83: build-php83 - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.3-alpine --config tests/php83.yaml - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.3-alpine --config tests/php.yaml - -PHONY += test-php84 -test-php84: build-php84 - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.4-alpine --config tests/php84.yaml - container-structure-test test --image ghcr.io/city-of-helsinki/drupal-php-docker:8.4-alpine --config tests/php.yaml - -PHONY += test-php -test-php: test-php82 test-php83 test-php84 - -PHONY += push-php -push-php: push-php82 push-php83 push-php84 - -define build_image - docker build --pull -t $(REPOSITORY):$(1)-alpine --build-arg BASE_IMAGE_TAG=$(1)-alpine ./ -endef - -.PHONY: $(PHONY) diff --git a/ci/drupal/README.md b/ci/drupal/README.md index 2ba79bf..6ca2e4e 100644 --- a/ci/drupal/README.md +++ b/ci/drupal/README.md @@ -1,58 +1,5 @@ # Drupal CI image -Available PHP versions: `8.3`, `8.2`, `8.1`: +CI image is deprecated and no longer updated. Please update your code to use [ghcr.io/city-of-helsinki/drupal-web](/local/drupal) image instead. -- `ghcr.io/city-of-helsinki/drupal-php-docker:8.3-alpine` -- `ghcr.io/city-of-helsinki/drupal-php-docker:8.2-alpine` -- `ghcr.io/city-of-helsinki/drupal-php-docker:8.1-alpine` - -All images should include all packages necessary to run all Drupal tests. - -See: -- [test.yml](https://github.com/City-of-Helsinki/drupal-helfi-platform/blob/main/.github/workflows/test.yml.dist) for an example how to run tests using this image. -- [Automated testing documentation](https://github.com/City-of-Helsinki/drupal-helfi-platform/blob/main/documentation/testing.md) - -## Environment variables - -- `SIMPLETEST_DB=mysql://drupal:drupal@db:3306/drupal` -- `SIMPLETEST_BASE_URL=http://127.0.0.1:8888` -- `COMPOSER_HOME=/tmp/.composer`: The composer home is overridden to mitigate permission issues -- `COMPOSER_MIRROR_PATH_REPOS=1`: Individual module tests use `composer config repositories N $GITHUB_WORKSPACE && composer require drupal/$MODULE_NAME` to symlink module's codebase from $GITHUB_WORKSPACE to public/modules/contrib folder. PHPUnit seems to sometimes report an incorrect test coverage if the test folder is a symlink. This setting changes composer to mirror the content instead of symlinking it. See https://helsinkisolutionoffice.atlassian.net/browse/UHF-8566 -- `COMPOSER_DISCARD_CHANGES=true`: Automatically discard uncommitted changes - -## Development - -### Requirements - -- [GoogleContainerTools/container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) - -### Building - -To build a specific image, call: - -- `8.4-alpine` tag: `make build-php84` - -To run built image locally: - -- `8.4-alpine` tag: `make run-php84` - -### Testing - -We use [GoogleContainerTools/container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) to test images. See [tests/](tests/) for available tests. - -Running tests will always rebuild the image first. - -- Run tests against `8.4-alpine` tag: `make test-php84` - -### Release process - -Calling `make push-php*` will: -- Run the build script -- Run all tests -- Push the image to docker repository - -Release a specific tag: - -- Release `8.4-alpine` tag: `make push-php84` - -Release all tags at once: `make push-php`. +See [Docker image](/local/drupal/README.md) and [Drupal Platform testing](https://github.com/City-of-Helsinki/drupal-helfi-platform/blob/main/documentation/testing.md) documentation for more information. diff --git a/ci/drupal/files/bin/drush b/ci/drupal/files/bin/drush deleted file mode 100755 index aac092d..0000000 --- a/ci/drupal/files/bin/drush +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -# Start at the current directory -dir=$PWD - -# While not at the root (/) -while [[ "$dir" != "/" ]]; do - # If vendor/bin/drush exists, run it - if [[ -x "$dir/vendor/bin/drush" ]]; then - "$dir/vendor/bin/drush" "$@" - exit $? - fi - # Go up one directory level - dir=$(dirname "$dir") -done - -echo "Could not find drush in any parent directory." -exit 1 diff --git a/ci/drupal/tests/php.yaml b/ci/drupal/tests/php.yaml deleted file mode 100644 index 7513d8b..0000000 --- a/ci/drupal/tests/php.yaml +++ /dev/null @@ -1,56 +0,0 @@ -schemaVersion: '2.0.0' -commandTests: - - name: 'Composer is installed' - command: composer - args: ['--version'] - expectedOutput: ['Composer version*'] - - name: 'PHP extensions' - command: bash - args: - - -c - - | - php -m | grep -e apcu -e bcmath -e gd -e pcov -e sqlite3 -e curl -e "Zend OPcache" -e zip -e sockets -e pdo - expectedOutput: ["apcu\nbcmath\ncurl\ngd\npcov\npdo_mysql\npdo_sqlite\nsockets\nsqlite3\nZend OPcache\nzip\nZend OPcache"] - - name: 'Git is installed' - command: which - args: ['git'] - - name: 'Patch is installed' - command: which - args: ['patch'] - - name: 'MariaDB client is installed' - command: which - args: ['mysql'] - - name: 'Bash is installed' - command: which - args: ['bash'] - - name: 'JQ is installed' - command: which - args: ['jq'] - - name: 'gpg is installed' - command: which - args: ['gpg'] - - name: 'make is installed' - command: which - args: ['make'] - - name: 'sqlite is installed' - command: which - args: ['sqlite3'] - - name: 'codecov is installed' - command: codecov - args: ['--version'] - - name: 'Github cli is installed' - command: gh - args: ['--version'] - -metadataTest: - envVars: - - key: 'COMPOSER_HOME' - value: '/tmp/.composer' - - key: 'SIMPLETEST_DB' - value: 'mysql://drupal:drupal@db:3306/drupal' - - key: 'SIMPLETEST_BASE_URL' - value: 'http://127.0.0.1:8888' - - key: 'COMPOSER_MIRROR_PATH_REPOS' - value: '1' - - key: 'COMPOSER_DISCARD_CHANGES' - value: 'true' diff --git a/ci/drupal/tests/php82.yaml b/ci/drupal/tests/php82.yaml deleted file mode 100644 index 1ef7c64..0000000 --- a/ci/drupal/tests/php82.yaml +++ /dev/null @@ -1,6 +0,0 @@ -schemaVersion: '2.0.0' -commandTests: - - name: 'PHP version' - command: php - args: ['--version'] - expectedOutput: ['PHP 8.2.*'] diff --git a/ci/drupal/tests/php83.yaml b/ci/drupal/tests/php83.yaml deleted file mode 100644 index def9246..0000000 --- a/ci/drupal/tests/php83.yaml +++ /dev/null @@ -1,6 +0,0 @@ -schemaVersion: '2.0.0' -commandTests: - - name: 'PHP version' - command: php - args: ['--version'] - expectedOutput: ['PHP 8.3.*'] diff --git a/ci/drupal/tests/php84.yaml b/ci/drupal/tests/php84.yaml deleted file mode 100644 index bdcdb20..0000000 --- a/ci/drupal/tests/php84.yaml +++ /dev/null @@ -1,6 +0,0 @@ -schemaVersion: '2.0.0' -commandTests: - - name: 'PHP version' - command: php - args: ['--version'] - expectedOutput: ['PHP 8.4.*'] From 0224ffbcaa1d0d3e6b84cac4a752cbc43d6276b1 Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 11 Dec 2024 13:28:00 +0200 Subject: [PATCH 10/15] Update oc image --- local/oc/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/local/oc/Dockerfile b/local/oc/Dockerfile index f01b3bd..3f4598e 100644 --- a/local/oc/Dockerfile +++ b/local/oc/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.18 +FROM alpine:3.20 -ENV OC_TAG=openshift-clients-4.13.0-202304190216 +ENV OC_TAG=openshift-clients-4.17.0-202409111134 RUN \ apk add --no-cache --virtual .build-deps \ git \ From b1fb1402a24f64c5c1ba78e3c52b1bdcd4eb6f86 Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 11 Dec 2024 13:28:15 +0200 Subject: [PATCH 11/15] Remove oc dependency --- local/drupal/Dockerfile | 30 ++++++++++++++++++++++++------ local/drupal/Makefile | 29 ++++++++++------------------- 2 files changed, 34 insertions(+), 25 deletions(-) diff --git a/local/drupal/Dockerfile b/local/drupal/Dockerfile index 98ee091..c7f9b82 100644 --- a/local/drupal/Dockerfile +++ b/local/drupal/Dockerfile @@ -1,6 +1,6 @@ ARG PHP_VERSION=8.4 ARG PHP_SHORT_VERSION=84 -FROM ghcr.io/city-of-helsinki/drupal-docker-base:${PHP_VERSION}-dev AS base +FROM ghcr.io/city-of-helsinki/drupal-docker-base:${PHP_VERSION} AS base ENV DRUPAL_DB_NAME=drupal \ DRUPAL_DB_USER=drupal \ @@ -9,17 +9,20 @@ ENV DRUPAL_DB_NAME=drupal \ DRUPAL_DB_PORT=3306 ENV SIMPLETEST_DB="mysql://${DRUPAL_DB_USER}:${DRUPAL_DB_PASS}@${DRUPAL_DB_HOST}:${DRUPAL_DB_PORT}/${DRUPAL_DB_NAME}" +ENV SIMPLETEST_BASE_URL=https://app +ENV COMPOSER_HOME=/tmp/.composer -COPY --from=ghcr.io/city-of-helsinki/drupal-oc-cli:latest /usr/bin/oc /usr/bin/oc +RUN apk add --no-cache \ + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ + github-cli \ + gnupg COPY entrypoints/ /entrypoints RUN chmod +x /entrypoints/* COPY files/etc/nginx /etc/nginx -# The old druidfi/drupal-web image used /app folder. Symlink it to -# keep this compatible with it. -RUN ln -s /var/www/html /app +WORKDIR /app ARG PHP_SHORT_VERSION # Remove opcache-recommended.ini because we make several performance @@ -36,10 +39,25 @@ RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/cert.key \ -out /etc/ssl/certs/cert.crt +RUN chmod a+r /etc/ssl/certs/cert.crt \ + /etc/ssl/private/cert.key + +FROM base AS php83 +RUN apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add \ + php83-pecl-xdebug \ + php83-pecl-pcov + +COPY files/etc/php /etc/php83 + FROM base AS php84 RUN apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \ - --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add php84-pecl-xdebug php84-pecl-pcov + --repository=https://dl-cdn.alpinelinux.org/alpine/edge/releases add \ + php84-pecl-xdebug \ + php84-pecl-pcov COPY files/etc/php /etc/php84 diff --git a/local/drupal/Makefile b/local/drupal/Makefile index ffece82..3bfc8ae 100644 --- a/local/drupal/Makefile +++ b/local/drupal/Makefile @@ -1,26 +1,18 @@ PHONY := REPOSITORY = ghcr.io/city-of-helsinki/drupal-web -PHONY += run-php84-amd64 -run-php84-amd64: - $(call run_image,linux/amd64,php84,8.4,84) - -PHONY += run-php83-amd64 -run-php83-amd64: - $(call run_image,linux/amd64,php83,8.3,83) - -PHONY += run-php84-arm64 -run-php84-arm64: - $(call run_image,linux/arm64,php84,8.4,84) - -PHONY += run-php83-arm64 -run-php83-arm64: - $(call run_image,linux/arm64,php83,8.3,83) +PHONY += push-php84-dev +push-php84-dev: + $(call push_image,php84,8.4-dev,84) PHONY += push-php84 push-php84: $(call push_image,php84,8.4,84) +PHONY += push-php83-dev +push-php83-dev: + $(call push_image,php83,8.3-dev,83) + PHONY += push-php83 push-php83: $(call push_image,php83,8.3,83) @@ -28,12 +20,11 @@ push-php83: PHONY += push-php push-php: push-php83 push-php84 -define run_image - docker buildx build --load --platform $(1) --target=$(2) -t $(REPOSITORY):$(3) --build-arg PHP_VERSION=$(3) --build-arg PHP_SHORT_VERSION=$(4) ./ -endef +PHONY += push-php-dev +push-php-dev: push-php83-dev push-php84-dev define push_image - docker buildx build --pull --platform linux/arm64,linux/amd64 --target=$(1) -t $(REPOSITORY):$(2) --build-arg PHP_VERSION=$(2) --build-arg PHP_SHORT_VERSION=$(3) ./ --push + docker buildx build --no-cache --pull --platform linux/arm64,linux/amd64 --target=$(1) -t $(REPOSITORY):$(2) --build-arg PHP_VERSION=$(2) --build-arg PHP_SHORT_VERSION=$(3) ./ --push endef .PHONY: $(PHONY) From 05a5839ef60f4455fbf46021f999cf69c38fb2aa Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 11 Dec 2024 13:28:23 +0200 Subject: [PATCH 12/15] Support custom webroot --- openshift/drupal/Dockerfile | 18 ++++++++++++++---- openshift/drupal/Makefile | 2 +- .../drupal/files/entrypoints/15-syslog.sh | 12 ------------ .../files/entrypoints/20-prepare-nginx.sh | 7 +++++++ openshift/drupal/files/entrypoints/99-nginx.sh | 5 ----- .../drupal/files/etc/nginx/http.d/default.conf | 2 +- 6 files changed, 23 insertions(+), 23 deletions(-) delete mode 100644 openshift/drupal/files/entrypoints/15-syslog.sh create mode 100644 openshift/drupal/files/entrypoints/20-prepare-nginx.sh diff --git a/openshift/drupal/Dockerfile b/openshift/drupal/Dockerfile index 74b36f9..181d8a9 100644 --- a/openshift/drupal/Dockerfile +++ b/openshift/drupal/Dockerfile @@ -5,7 +5,6 @@ ARG ALPINE_VERSION=3.20 FROM alpine:${ALPINE_VERSION} AS php # Install required tools (https://docs.acquia.com/blt/install/) -# alpine-sdk required for the make script in composer.json RUN set -eux; \ apk update && apk upgrade && \ apk add --no-cache git \ @@ -14,7 +13,13 @@ RUN set -eux; \ rsync \ bash \ mariadb-client \ - alpine-sdk \ + # This is required by MySQL 8 (caching_sha2_password plugin) + mariadb-connector-c \ + grep \ + make \ + git \ + tar \ + openssl \ nginx \ bash \ jq \ @@ -25,8 +30,8 @@ RUN \ echo 'export PS1="[${APP_ENV:-env}] \[\e[1;31m\][${HOSTNAME:-hostname}] \[\e[1;33m\]\w\[\e[0m\] $ "' | tee /etc/profile /etc/bash/ps1.sh ENV ENV="/etc/profile" -# Install Composer COPY --from=composer:latest /usr/bin/composer /usr/local/bin/ +COPY --from=amazeeio/envplate:v1.0.3 /usr/local/bin/ep /usr/local/bin/ep ENV PATH=${PATH}:/app/vendor/bin:/var/www/html/vendor/bin ENV COMPOSER_HOME=/.composer @@ -63,7 +68,8 @@ RUN \ # Correct permissions to nginx folders. chmod -R a+rwx /var/lib/nginx && \ chmod -R a+rwx /var/log/nginx && \ - chmod -R a+rwx /etc/nginx/conf.d + chmod -R a+rwx /etc/nginx/conf.d && \ + chmod -R a+rwx /etc/nginx/http.d ENTRYPOINT ["/sbin/tini", "--"] @@ -91,9 +97,11 @@ RUN set -eux; \ php83-xmlreader \ php83-xmlwriter \ php83-simplexml \ + php83-sockets \ php83-ctype \ php83-gd \ php83-sodium \ + php83-bcmath \ php83-pecl-apcu \ php83-pecl-redis; \ apk --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main add \ @@ -114,6 +122,7 @@ RUN set -eux; \ php84-openssl \ php84-phar \ php84-session \ + php84-sockets \ php84-zip \ php84-dom \ php84-pdo \ @@ -125,6 +134,7 @@ RUN set -eux; \ php84-ctype \ php84-gd \ php84-sodium \ + php84-bcmath \ php84-pecl-apcu \ php84-pecl-redis \ php84-pecl-imagick; \ diff --git a/openshift/drupal/Makefile b/openshift/drupal/Makefile index 67dd188..8f213e1 100644 --- a/openshift/drupal/Makefile +++ b/openshift/drupal/Makefile @@ -73,7 +73,7 @@ define run_tests endef define build_image - docker buildx bake $(BUILD_EXTRA_ARGS) --pull --push -f docker-bake.hcl $(1) + docker buildx bake $(BUILD_EXTRA_ARGS) --no-cache --pull --push -f docker-bake.hcl $(1) endef .PHONY: $(PHONY) diff --git a/openshift/drupal/files/entrypoints/15-syslog.sh b/openshift/drupal/files/entrypoints/15-syslog.sh deleted file mode 100644 index c040b8a..0000000 --- a/openshift/drupal/files/entrypoints/15-syslog.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -cd /var/www/html - -# @todo Remove this once all projects use monolog. -if ! composer show drupal/monolog -q 2>/dev/null; then - touch /tmp/drupal.log && chmod a+rw /tmp/drupal.log - tail -f /tmp/drupal.log & -else - echo "Found drupal/monolog. Skipping logger entrypoint ..." -fi - diff --git a/openshift/drupal/files/entrypoints/20-prepare-nginx.sh b/openshift/drupal/files/entrypoints/20-prepare-nginx.sh new file mode 100644 index 0000000..99404e6 --- /dev/null +++ b/openshift/drupal/files/entrypoints/20-prepare-nginx.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if echo "$APP_ENV" | grep -Eq '(local|dev|development|test|testing|stage|staging)'; then + echo 'add_header X-Robots-Tag "noindex, nofollow";' >> /etc/nginx/conf.d/global-headers +fi + +ep /etc/nginx/http.d/default.conf diff --git a/openshift/drupal/files/entrypoints/99-nginx.sh b/openshift/drupal/files/entrypoints/99-nginx.sh index b1a00d8..0c3bdf1 100644 --- a/openshift/drupal/files/entrypoints/99-nginx.sh +++ b/openshift/drupal/files/entrypoints/99-nginx.sh @@ -1,9 +1,4 @@ #!/bin/sh - -if echo "$APP_ENV" | grep -Eq '(local|dev|development|test|testing|stage|staging)'; then - echo 'add_header X-Robots-Tag "noindex, nofollow";' >> /etc/nginx/conf.d/global-headers -fi - echo "Start up Nginx..." nginx -g 'daemon off;' diff --git a/openshift/drupal/files/etc/nginx/http.d/default.conf b/openshift/drupal/files/etc/nginx/http.d/default.conf index e60d0e4..df2c598 100644 --- a/openshift/drupal/files/etc/nginx/http.d/default.conf +++ b/openshift/drupal/files/etc/nginx/http.d/default.conf @@ -3,7 +3,7 @@ server { listen 8080 default_server; server_name _; - root /var/www/html/public; + root ${WEBROOT:-/var/www/html/public}; index index.php; # Support for the helfi_proxy module From adc7813adb25eea825d189d0c9e4f277c7a5ad56 Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 11 Dec 2024 16:05:39 +0200 Subject: [PATCH 13/15] Fixed tests --- openshift/drupal/Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openshift/drupal/Dockerfile b/openshift/drupal/Dockerfile index 181d8a9..c6894b5 100644 --- a/openshift/drupal/Dockerfile +++ b/openshift/drupal/Dockerfile @@ -28,13 +28,13 @@ RUN set -eux; \ RUN \ touch /etc/bash/ps1.sh && \ echo 'export PS1="[${APP_ENV:-env}] \[\e[1;31m\][${HOSTNAME:-hostname}] \[\e[1;33m\]\w\[\e[0m\] $ "' | tee /etc/profile /etc/bash/ps1.sh -ENV ENV="/etc/profile" COPY --from=composer:latest /usr/bin/composer /usr/local/bin/ COPY --from=amazeeio/envplate:v1.0.3 /usr/local/bin/ep /usr/local/bin/ep ENV PATH=${PATH}:/app/vendor/bin:/var/www/html/vendor/bin ENV COMPOSER_HOME=/.composer +ENV ENV="/etc/profile" # Fetch the required certificate for the Azure MySQL flexible server service ENV AZURE_SQL_SSL_CA_PATH=/usr/local/share/ca-certificates/DigiCertGlobalRootCA.crt.pem @@ -172,5 +172,8 @@ COPY php-fpm-pool.conf /etc/php${PHP_SHORT_VERSION}/php-fpm.d/www.conf FROM final AS test COPY tests/ /tests WORKDIR /tests -RUN composer install && \ +# Make sure all envplate substitutions are executed before +# running tests. +RUN /entrypoints/20-prepare-nginx.sh && \ + composer install && \ vendor/bin/phpunit From 89df7cdff08207bce31e3fb64f080e763f7ce693 Mon Sep 17 00:00:00 2001 From: tuutti Date: Wed, 11 Dec 2024 18:24:55 +0200 Subject: [PATCH 14/15] Removed unsued php-ci.yml, removed CST since it is no longer used --- .github/workflows/php-ci.yml | 36 ----------------------------- .github/workflows/php-openshift.yml | 6 ----- 2 files changed, 42 deletions(-) delete mode 100644 .github/workflows/php-ci.yml diff --git a/.github/workflows/php-ci.yml b/.github/workflows/php-ci.yml deleted file mode 100644 index c7fb188..0000000 --- a/.github/workflows/php-ci.yml +++ /dev/null @@ -1,36 +0,0 @@ -on: - pull_request: - paths: - - '!**.md' - - 'ci/drupal/**' - - '.github/workflows/php-ci.yml' - push: - branches: [ main ] - paths: - - '!**.md' - - 'ci/drupal/**' - - '.github/workflows/php-ci.yml' -jobs: - php-ci: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:latest - platforms: amd64,arm64 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Install CST - run: | - curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 && \ - chmod +x container-structure-test-linux-amd64 && \ - sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test - - - name: Run tests - working-directory: ci/drupal - run: make test-php diff --git a/.github/workflows/php-openshift.yml b/.github/workflows/php-openshift.yml index c736865..c1633e3 100644 --- a/.github/workflows/php-openshift.yml +++ b/.github/workflows/php-openshift.yml @@ -25,12 +25,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Install CST - run: | - curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 && \ - chmod +x container-structure-test-linux-amd64 && \ - sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test - - name: Run tests working-directory: openshift/drupal run: make test-php From eb5b80075939d8167b175d67075ee5c623d63d01 Mon Sep 17 00:00:00 2001 From: tuutti Date: Thu, 12 Dec 2024 10:12:55 +0200 Subject: [PATCH 15/15] Fixed drush in CI --- local/drupal/Dockerfile | 5 ++++- local/drupal/files/usr/local/bin/drush | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 local/drupal/files/usr/local/bin/drush diff --git a/local/drupal/Dockerfile b/local/drupal/Dockerfile index c7f9b82..84b87ed 100644 --- a/local/drupal/Dockerfile +++ b/local/drupal/Dockerfile @@ -18,7 +18,10 @@ RUN apk add --no-cache \ gnupg COPY entrypoints/ /entrypoints -RUN chmod +x /entrypoints/* +COPY files/usr /usr +RUN chmod +x /entrypoints/* \ + # Drush binary is needed in CI. + /usr/local/bin/drush COPY files/etc/nginx /etc/nginx diff --git a/local/drupal/files/usr/local/bin/drush b/local/drupal/files/usr/local/bin/drush new file mode 100644 index 0000000..aac092d --- /dev/null +++ b/local/drupal/files/usr/local/bin/drush @@ -0,0 +1,18 @@ +#!/bin/sh + +# Start at the current directory +dir=$PWD + +# While not at the root (/) +while [[ "$dir" != "/" ]]; do + # If vendor/bin/drush exists, run it + if [[ -x "$dir/vendor/bin/drush" ]]; then + "$dir/vendor/bin/drush" "$@" + exit $? + fi + # Go up one directory level + dir=$(dirname "$dir") +done + +echo "Could not find drush in any parent directory." +exit 1