Skip to content

Commit

Permalink
Merge pull request #175 from OpenConext/feature/docker_configs
Browse files Browse the repository at this point in the history
Feature/docker configs
  • Loading branch information
MKodde authored Dec 19, 2023
2 parents c24aadc + 8e82d6c commit 2985ef9
Show file tree
Hide file tree
Showing 6 changed files with 134 additions and 11 deletions.
48 changes: 48 additions & 0 deletions .github/workflows/build-push-docker-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: build-push-docker-image

#on: workflow_dispatch
on:
push:
branches: feature/docker_configs
workflow_dispatch:

jobs:
build-push-docker-image:
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Get the latest release
id: release
uses: robinraju/[email protected]
with:
latest: true
fileName: "*.tar.bz2"

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push the Production image
uses: docker/build-push-action@v4
with:
context: .
file: docker/Dockerfile.prod
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod
ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ github.sha }}
ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ steps.release.outputs.tag_name }}
11 changes: 10 additions & 1 deletion .github/workflows/tag-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,4 +60,13 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
release_id: ${{ steps.create_release.outputs.id }}
release_id: ${{ steps.create_release.outputs.id }}

after_build:
needs: build
runs-on: ubuntu-latest
steps:
- name: Trigger Docker container build
uses: benc-uk/workflow-dispatch@v1
with:
workflow: build-push-docker-image.yml
19 changes: 9 additions & 10 deletions config/legacy/parameters.yaml.dist
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,17 @@ parameters:
- en_GB

# SAML configuration
saml_idp_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer'
saml_idp_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem'
saml_metadata_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer'
saml_metadata_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem'
saml_remote_sp_entity_id: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/metadata.php/default-sp'
saml_remote_sp_sso_url: '"https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp"'
saml_remote_sp_certificate: '%kernel.root_dir%/../vendor/surfnet/stepup-gssp-bundle/src/Resources/keys/pieter.aai.surfnet.nl.pem'
saml_remote_sp_acs: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp'
saml_idp_publickey: '/config/tiqr/tiqr_idp.crt'
saml_idp_privatekey: '/config/tiqr/tiqr_idp.key'
saml_metadata_publickey: '/config/tiqr/tiqr_idp.crt'
saml_metadata_privatekey: '/config/tiqr/tiqr_idp.key'
saml_remote_sp_entity_id: 'https://gateway.dev.openconext.local/gssp/tiqr/metadata'
saml_remote_sp_certificate: '/config/gateway/gateway_gssp_sp.crt'
saml_remote_sp_acs: 'https://gateway.dev.openconext.local/gssp/tiqr/consume-assertion'

# Hosting settings (own URL)
base_url: 'https://tiqr.stepup.example.com'
tiqr_identity: 'tiqr.stepup.example.com'
base_url: 'https://tiqr.dev.openconext.local'
tiqr_identity: 'tiqr.dev.openconext.local'

# View parameters, 'en' entry was added as this is the default used by Translator. Was unable to configure it to
# use en_GB. TODO: look into configuring this the right way.
Expand Down
12 changes: 12 additions & 0 deletions config/packages/prod/monolog.yaml.docker
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
monolog:
handlers:
prod-signaler:
type: fingers_crossed
action_level: ERROR
passthru_level: NOTICE # this means that all message of level NOTICE or higher are always logged
handler: main_syslog
bubble: false # if we handle it, nothing else should
main_syslog:
type: stream
path: "php://stderr"
formatter: surfnet_stepup.monolog.json_formatter
22 changes: 22 additions & 0 deletions docker/Dockerfile.prod
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build
COPY *.tar.bz2 /tmp/
RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \
rm -rf /tmp/*.tar.bz2

# Add the application configuration files
COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml
COPY config/packages/prod/monolog.yaml.docker config/packages/prod/monolog.yaml

# TIQR needs some assests to be installed
RUN bin/console assets:install

# Add the config files for Apache2
RUN rm -rf /etc/apache2/sites-enabled/*
COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf
RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var
EXPOSE 80

# Set the default workdir
WORKDIR /var/www/html

ENTRYPOINT ["apache2-foreground"]
33 changes: 33 additions & 0 deletions docker/conf/tiqr-apache2.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<Virtualhost *:80>
ServerName tiqr
ServerAdmin [email protected]

DocumentRoot /var/www/html/public

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

<Directory "/var/www/html/public">
Require all granted

Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</Directory>
<Location />
Require all granted
</Location>

Header always set X-Content-Type-Options "nosniff"

# Set the php application handler so mod_php interpets the files
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

ExpiresActive on
ExpiresByType font/* "access plus 1 year"
ExpiresByType image/* "access plus 6 months"
ExpiresByType text/css "access plus 1 year"
ExpiresByType text/js "access plus 1 year"
</VirtualHost>

0 comments on commit 2985ef9

Please sign in to comment.