Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/docker configs #175

Merged
merged 9 commits into from
Dec 19, 2023
Merged

Feature/docker configs #175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0161194
Adding the github actions pipelines for this app
danakim Jun 20, 2023
8a784de
Adding the Dockerfiles for this app
danakim Jun 20, 2023
192b22b
We do not need this
danakim Jun 20, 2023
abb3782
Docker: Add default config parameters in order to work with the other…
quartje Aug 17, 2023
b8b4662
Docker: Add monolog configuration when running as a container
quartje Aug 21, 2023
a136680
Docker: Clean and chown the cache dir
quartje Aug 21, 2023
c63234a
Docker: Remove APP_ENV from Apache. It is not overrideable when set b…
quartje Nov 6, 2023
e07636c
Moving from CMD to ENTRYPOINT
danakim Dec 5, 2023
8e82d6c
Removing the dev image
danakim Dec 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions .github/workflows/build-push-docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: build-push-docker-image

#on: workflow_dispatch
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scratch that?

on:
push:
branches: feature/docker_configs
workflow_dispatch:

jobs:
build-push-docker-image:
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Get the latest release
id: release
uses: robinraju/[email protected]
with:
latest: true
fileName: "*.tar.bz2"

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push the Production image
uses: docker/build-push-action@v4
with:
context: .
file: docker/Dockerfile.prod
platforms: linux/amd64,linux/arm64
push: true
tags: |
ghcr.io/openconext/stepup-tiqr/stepup-tiqr:prod
ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ github.sha }}
ghcr.io/openconext/stepup-tiqr/stepup-tiqr:${{ steps.release.outputs.tag_name }}
11 changes: 10 additions & 1 deletion .github/workflows/tag-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,4 +60,13 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
release_id: ${{ steps.create_release.outputs.id }}
release_id: ${{ steps.create_release.outputs.id }}

after_build:
needs: build
runs-on: ubuntu-latest
steps:
- name: Trigger Docker container build
uses: benc-uk/workflow-dispatch@v1
with:
workflow: build-push-docker-image.yml
19 changes: 9 additions & 10 deletions config/legacy/parameters.yaml.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,17 @@ parameters:
- en_GB

# SAML configuration
saml_idp_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer'
saml_idp_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem'
saml_metadata_publickey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer'
saml_metadata_privatekey: '%kernel.root_dir%/../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem'
saml_remote_sp_entity_id: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/metadata.php/default-sp'
saml_remote_sp_sso_url: '"https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp"'
saml_remote_sp_certificate: '%kernel.root_dir%/../vendor/surfnet/stepup-gssp-bundle/src/Resources/keys/pieter.aai.surfnet.nl.pem'
saml_remote_sp_acs: 'https://pieter.aai.surfnet.nl/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp'
saml_idp_publickey: '/config/tiqr/tiqr_idp.crt'
saml_idp_privatekey: '/config/tiqr/tiqr_idp.key'
saml_metadata_publickey: '/config/tiqr/tiqr_idp.crt'
saml_metadata_privatekey: '/config/tiqr/tiqr_idp.key'
saml_remote_sp_entity_id: 'https://gateway.dev.openconext.local/gssp/tiqr/metadata'
saml_remote_sp_certificate: '/config/gateway/gateway_gssp_sp.crt'
saml_remote_sp_acs: 'https://gateway.dev.openconext.local/gssp/tiqr/consume-assertion'

# Hosting settings (own URL)
base_url: 'https://tiqr.stepup.example.com'
tiqr_identity: 'tiqr.stepup.example.com'
base_url: 'https://tiqr.dev.openconext.local'
tiqr_identity: 'tiqr.dev.openconext.local'

# View parameters, 'en' entry was added as this is the default used by Translator. Was unable to configure it to
# use en_GB. TODO: look into configuring this the right way.
Expand Down
12 changes: 12 additions & 0 deletions config/packages/prod/monolog.yaml.docker
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
monolog:
handlers:
prod-signaler:
type: fingers_crossed
action_level: ERROR
passthru_level: NOTICE # this means that all message of level NOTICE or higher are always logged
handler: main_syslog
bubble: false # if we handle it, nothing else should
main_syslog:
type: stream
path: "php://stderr"
formatter: surfnet_stepup.monolog.json_formatter
22 changes: 22 additions & 0 deletions docker/Dockerfile.prod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build
COPY *.tar.bz2 /tmp/
RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \
rm -rf /tmp/*.tar.bz2

# Add the application configuration files
COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml
COPY config/packages/prod/monolog.yaml.docker config/packages/prod/monolog.yaml

# TIQR needs some assests to be installed
RUN bin/console assets:install

# Add the config files for Apache2
RUN rm -rf /etc/apache2/sites-enabled/*
COPY ./docker/conf/tiqr-apache2.conf /etc/apache2/sites-enabled/tiqr.conf
RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var
EXPOSE 80

# Set the default workdir
WORKDIR /var/www/html

ENTRYPOINT ["apache2-foreground"]
33 changes: 33 additions & 0 deletions docker/conf/tiqr-apache2.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<Virtualhost *:80>
ServerName tiqr
ServerAdmin [email protected]

DocumentRoot /var/www/html/public

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

<Directory "/var/www/html/public">
Require all granted

Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</Directory>
<Location />
Require all granted
</Location>

Header always set X-Content-Type-Options "nosniff"

# Set the php application handler so mod_php interpets the files
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

ExpiresActive on
ExpiresByType font/* "access plus 1 year"
ExpiresByType image/* "access plus 6 months"
ExpiresByType text/css "access plus 1 year"
ExpiresByType text/js "access plus 1 year"
</VirtualHost>
Loading