Commit b9db8ff2 authored by Jacob Priddy's avatar Jacob Priddy 👌
Browse files

Merge branch '102-make-overrides-work-like-schedues' into 'master'

Resolve "Make Overrides work like schedues"

Closes #102

See merge request !96
parents 3032ac67 2ca7e298
Pipeline #13203 passed with stages
in 11 minutes and 10 seconds
......@@ -2,10 +2,13 @@ image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:latest
services:
- postgres:13-alpine
variables:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
DOORCODE_IMAGE_NAME: doorcode/app:$CI_COMMIT_REF_SLUG
NGINX_IMAGE_NAME: doorcode/web:$CI_COMMIT_REF_SLUG
stages:
- build
......@@ -81,50 +84,95 @@ generate_code_coverage:
- src/backend/cov
expire_in: 30 days
deploy_backend_production:
deploy application:
image: tiangolo/docker-with-compose
tags:
- elock
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
- SSH_COMMAND_STRING="cd doorcode"
# get newest changes
- SSH_COMMAND_STRING+=" && git pull"
- SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)"
# the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
- SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
- echo "$SSH_COMMAND_STRING"
# Execute the deploy
- ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
# Delete previous unneeded artifacts
- >
rm -rf src/backend/cov
src/backend/vendor
src/backend/tests
src/frontend
src/install-dev.sh
src/backend/node_modules
- docker-compose -f docker-compose.prod.yml build
- docker build -t $DOORCODE_IMAGE_NAME -f prod.Dockerfile .
- docker build -t $NGINX_IMAGE_NAME -f nginx.Dockerfile .
- docker-compose -f docker-compose.prod.yml down
- sed -i "s/\(^DB_PASSWORD=\).*/\1$(< POSTGRES_PASSWORD)/" $PROJ_DIR/.env
- docker-compose -f docker-compose.prod.yml up -d
# Give it some time to spin up...
- sleep 10
# Make sure app is running
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api"
- "curl --fail --insecure --location https://${DEPLOY_ADDRESS}/api/docs"
environment:
name: production_api
name: production
url: https://elock.cs.wallawalla.edu/api
on_stop: stop-prod
when: manual
only:
- master
deploy_api_docs:
stop-prod:
stage: deploy
before_script:
- eval $(ssh-agent -s)
- ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
script:
# Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
- "rsync -a --delete src/backend/public/docs $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/backend/public/"
# Make sure it is running
- "curl --insecure --location https://${SSH_HOST}/api/docs/ | grep \"Welcome to the generated API reference.\""
environment:
name: production_api_docs
url: https://elock.cs.wallawalla.edu/api/docs/
when: manual
- docker-compose -f docker-compose.prod.yml down
only:
- master
when: manual
environment:
name: production
action: stop
#deploy_backend_production:
# stage: deploy
# before_script:
# - eval $(ssh-agent -s)
# - ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# script:
# - SSH_COMMAND_STRING="cd doorcode"
# # get newest changes
# - SSH_COMMAND_STRING+=" && git pull"
# - SSH_COMMAND_STRING+=" && (docker-compose restart || docker-compose up -d)"
# # the -T fixes the input device is not a TTY .. see https://github.com/docker/compose/issues/5696
# - SSH_COMMAND_STRING+=" && docker-compose exec -T api ./update-prod.sh"
# - echo "$SSH_COMMAND_STRING"
# # Execute the deploy
# - ssh $SSH_USER@$SSH_HOST "${SSH_COMMAND_STRING}"
# # Make sure it is running
# - "curl --insecure --location https://${SSH_HOST}/api | grep \"Welcome to the elock API.\""
# environment:
# name: production_api
# url: https://elock.cs.wallawalla.edu/api
# when: manual
# only:
# - master
#
#deploy_api_docs:
# stage: deploy
# before_script:
# - eval $(ssh-agent -s)
# - ssh-add <(echo "${SSH_PRIVATE_KEY}" | base64 -d -w 0)
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# script:
# # Can't use the CI job token to deploy the artifact because that's a "pRemiUm FEATurE"
# - "rsync -a --delete src/backend/public/docs $SSH_USER@$SSH_HOST:/home/$SSH_USER/doorcode/src/backend/public/"
# # Make sure it is running
# - "curl --insecure --location https://${SSH_HOST}/api/docs/ | grep \"Welcome to the generated API reference.\""
# environment:
# name: production_api_docs
# url: https://elock.cs.wallawalla.edu/api/docs/
# when: manual
# only:
# - master
#deploy_frontend_production:
# stage: deploy
......
FROM php:7.4-fpm-alpine
FROM php:8.0-fpm-alpine
ENV PROJECT_DIR /var/www
# Make php-cs-fixer work with PHP 8 as it is not fully supported yet
ENV PHP_CS_FIXER_IGNORE_ENV 1
# Set working directory
WORKDIR ${PROJECT_DIR}
......@@ -16,14 +19,12 @@ RUN apk update && apk add --no-cache \
bash-completion \
vim \
curl \
openssh-client \
coreutils \
rsync \
npm\
&& apk add --no-cache $PHPIZE_DEPS \
&& npm install -g @vue/cli \
&& pecl install xdebug \
&& docker-php-ext-enable xdebug
npm \
&& apk add --no-cache $PHPIZE_DEPS
# && npm install -g @vue/cli \
# && pecl install xdebug \
# && docker-php-ext-enable xdebug
# Install PHP Extensions
RUN docker-php-ext-install pdo \
......@@ -41,13 +42,12 @@ RUN groupadd -g 1000 www && \
# Copy existing application directory permissions
COPY --chown=www:www src/ ${WORKDIR}
COPY --chown=www:www simplesamlphp-1.18.7/ ${WORKDIR}../simplesamlphp
COPY --chown=www:www simplesamlphp-1.19.0-rc1/ ${WORKDIR}../simplesamlphp
COPY --chown=www:www simple-saml/ ${WORKDIR}../simplesamlphp
COPY php/dev.ini /usr/local/etc/php/conf.d/local.ini
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
# Start php-fpm server
CMD ["php-fpm"]
......@@ -21,6 +21,8 @@ If you know you won't have any conflicts, you can use all the defaults in the .e
If you did make changes to the [docker-compose.yml](docker-compose.yml) file, make sure those changes
are also reflected in the .env file that is created in step 3.
1. Generate secrets by running the shell scripts located in the `secrets` folder. `./gen-certs.sh && ./gen-webserver.sh`
1. Spin up the docker containers with the docker compose command `docker-compose up -d`. It will take a while the
first time around as the containers need to be built. Anytime they are launched after they have been built will be
very quick.
......
#!/usr/bin/env sh
set -e
cd ${PROJECT_DIR}/backend || exit 1
# Apply new migrations
php artisan migrate --force
php-fpm
version: '3.8'
networks:
doorcode:
driver: bridge
secrets:
webserver_cert:
file: $WEBSERVER_CERT
webserver_key:
file: $WEBSERVER_KEY
root_cert:
file: $ROOT_CERT
wwu_webserver_cert:
file: $WWU_WEBSERVER_CERT
wwu_webserver_key:
file: $WWU_WEBSERVER_KEY
wwu_root_cert:
file: $WWU_ROOT_CERT
postgres_password:
file: $POSTGRES_PASSWORD
volumes:
db-data:
pgadmin-data:
services:
webserver:
image: $NGINX_IMAGE_NAME
restart: always
secrets:
- webserver_cert
- webserver_key
- root_cert
- wwu_webserver_cert
- wwu_webserver_key
- wwu_root_cert
ports:
- "4433:4433"
- "443:443"
- "80:80"
volumes:
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
- $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
depends_on:
- dbadmin
- api
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
postgres:
image: postgres:13-alpine
restart: always
secrets:
- postgres_password
ports:
- "127.0.0.1:5432:5432"
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_DB: doorcode
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
dbadmin:
image: dpage/pgadmin4:4.24
restart: always
depends_on:
- postgres
volumes:
- pgadmin-data:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: admin@elock
PGADMIN_DEFAULT_PASSWORD: Please change the default password.
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
api:
image: $DOORCODE_IMAGE_NAME
restart: always
volumes:
- $PROJ_DIR/.env:/var/www/backend/.env:ro
- $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
- $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
- $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
- $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
version: '3.7'
networks:
doorcode:
driver: bridge
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
webserver_key:
file: ./secrets/certs/webserver.key
root_cert:
file: ./secrets/certs/root.cert
volumes:
db-data:
pgadmin-data:
services:
webserver:
image: nginx:1-alpine
container_name: webserver
restart: unless-stopped
tty: true
secrets:
- webserver_cert
- webserver_key
- root_cert
ports:
- "8080:443"
volumes:
- ./src:/var/www
- ./nginx/conf.d/app.conf:/etc/nginx/conf.d/app.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
depends_on:
- dbadmin
- api
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
postgres:
image: postgres:13-alpine
container_name: postgres
restart: unless-stopped
tty: true
ports:
- "5432:5432"
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD: secret
POSTGRES_DB: doorcode
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
dbadmin:
image: dpage/pgadmin4:latest
container_name: dbadmin
restart: unless-stopped
tty: true
ports:
- "8081:80"
depends_on:
- postgres
volumes:
- pgadmin-data:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: admin@elock
PGADMIN_DEFAULT_PASSWORD: secret
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
api:
build:
context: .
dockerfile: Dockerfile
container_name: api
environment:
XDEBUG_MODE: debug
volumes:
- ./src:/var/www
- ./php/dev.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
ports:
# For xdebug
- "9003:9003"
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
......@@ -33,11 +33,11 @@ services:
- ./nginx/conf.d/app.conf:/etc/nginx/conf.d/app.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.18.7:/var/simplesamlphp
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.18.7:/var/simplesamlphp-idp
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
......@@ -98,11 +98,11 @@ services:
- ./src:/var/www
- ./php/dev.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.18.7:/var/simplesamlphp
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp
- ./simple-saml/cert:/var/simplesamlphp/cert
- ./simple-saml/config:/var/simplesamlphp/config
- ./simple-saml/metadata:/var/simplesamlphp/metadata
- ./simplesamlphp-1.18.7:/var/simplesamlphp-idp
- ./simplesamlphp-1.19.0-rc1:/var/simplesamlphp-idp
- ./simple-saml-idp/cert:/var/simplesamlphp-idp/cert
- ./simple-saml-idp/config:/var/simplesamlphp-idp/config
- ./simple-saml-idp/metadata:/var/simplesamlphp-idp/metadata
......
version: '3.7'
networks:
doorcode:
driver: bridge
secrets:
webserver_cert:
file: ./secrets/certs/webserver.cert
webserver_key:
file: ./secrets/certs/webserver.key
root_cert:
file: ./secrets/certs/root.cert
wwu_webserver_cert:
file: ./secrets/certs/wwu-granted-elock-cert.cer
wwu_webserver_key:
file: ./secrets/certs/wwu-webserver-request-root.key
wwu_root_cert:
file: ./secrets/certs/wwu-webserver-intermediate.pem
postgres_password:
file: ./secrets/passwords/postgres
volumes:
db-data:
pgadmin-data:
services:
webserver:
image: nginx:1.17.10-alpine
container_name: webserver
restart: always
secrets:
- webserver_cert
- webserver_key
- root_cert
- wwu_webserver_cert
- wwu_webserver_key
- wwu_root_cert
ports:
- "4433:4433"
- "443:443"
- "80:80"
volumes:
- ./src:/var/www
- ./nginx/conf.d/prod.conf:/etc/nginx/conf.d/prod.conf
- ./nginx/dhparam/:/run/dhparam
# Saml config
- ./simplesamlphp-1.18.7:/var/simplesamlphp
- ./simple-saml-prod/cert:/var/simplesamlphp/cert
- ./simple-saml-prod/config:/var/simplesamlphp/config
- ./simple-saml-prod/metadata:/var/simplesamlphp/metadata
depends_on:
- dbadmin
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
postgres:
image: postgres:13-alpine
container_name: postgres
restart: always
secrets:
- postgres_password
ports:
- "127.0.0.1:5432:5432"
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_USER: web
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_DB: doorcode
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
dbadmin:
image: dpage/pgadmin4:4.24
container_name: dbadmin
restart: always
depends_on:
- postgres
volumes:
- pgadmin-data:/var/lib/pgadmin
environment:
PGADMIN_DEFAULT_EMAIL: admin@elock
PGADMIN_DEFAULT_PASSWORD: Please change the default password.
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
api:
image: gitlab.cs.wallawalla.edu:5050/elock/doorcode:prod
container_name: api
restart: always
volumes:
- ./src:/var/www
- ./php/prod.ini:/usr/local/etc/php/conf.d/local.ini
# Map saml files to the php-fpm server so it has access to them as well
- ./simplesamlphp-1.18.7:/var/simplesamlphp
- ./simple-saml-prod/cert:/var/simplesamlphp/cert
- ./simple-saml-prod/config:/var/simplesamlphp/config
- ./simple-saml-prod/metadata:/var/simplesamlphp/metadata
logging:
options:
max-size: "10m"
max-file: "3"
networks:
- doorcode
FROM node:15.4-alpine as frontend_assets
WORKDIR /app
COPY src/backend/public public
COPY src/backend/resources resources
COPY src/backend/package.json src/backend/package-lock.json src/backend/webpack.mix.js ./
RUN npm install && npm run prod
FROM nginx:1.19.5-alpine
WORKDIR /var/www
COPY src/ ${WORKDIR}
COPY simplesamlphp-1.19.0-rc1/ ../simplesamlphp
COPY nginx/conf.d/prod.conf /etc/nginx/conf.d/prod.conf
COPY nginx/dhparam/ /run/dhparam
RUN rm -rf backend/cov backend/vendor backend/public \
../simplesamlphp/modules/exampleauth/enable \
backend/tests frontend backend/install-dev.sh install-dev.sh \
backend/node_modules
COPY --from=frontend_assets /app/public backend/public
error_reporting = E_ALL
error_reporting = E_ALL & ~E_DEPRECATED
display_startup_errors = On
display_errors = On
xdebug.remote_enable=1
xdebug.remote_connect_back=1
xdebug.idekey="PHPSTORM"
xdebug.remote_port=9000
xdebug.remote_autostart=1
# DockerNAT gateway IP
xdebug.remote.host=host.docker.internal
xdebug.remote.mode=req
xdebug.remote.handler=dbgp
;xdebug.mode=debug
;xdebug.start_with_request=yes
;xdebug.idekey="PHPSTORM"
; DockerNAT gateway IP
;xdebug.client_host=host.docker.internal
date.timezone = "America/Los_Angeles"
memory_limit = 256M
FROM php:7.4-fpm-alpine
FROM node:15.4-alpine as frontend_assets
WORKDIR /app
COPY src/backend/public public
COPY src/backend/resources resources
COPY src/backend/package.json src/backend/package-lock.json src/backend/webpack.mix.js ./
RUN npm install && npm run prod
FROM php:8.0-fpm-alpine
ENV PROJECT_DIR /var/www
......@@ -11,10 +20,7 @@ RUN apk update && apk add --no-cache \