From e22bd0ee68c64e13adbae7f9167336c9206fdb8e Mon Sep 17 00:00:00 2001 From: test Date: Thu, 20 Jun 2019 15:10:55 +0100 Subject: [PATCH] publish 'wordpress' harness --- _twig/docker-compose.yml/application.yml.twig | 64 +++++++ .../service/chrome.yml.twig | 7 + .../service/memcached.yml.twig | 6 + .../docker-compose.yml/service/mysql.yml.twig | 13 ++ .../service/postgres.yml.twig | 12 ++ .../service/redis-session.yml.twig | 8 + .../docker-compose.yml/service/redis.yml.twig | 8 + application/overlay/.dockerignore.twig | 8 + application/overlay/Jenkinsfile.twig | 48 +++++ .../overlay/_twig/.dockerignore/dynamic.twig | 2 + .../overlay/_twig/.dockerignore/static.twig | 1 + application/overlay/auth.json.twig | 15 ++ application/skeleton/README.md.twig | 119 ++++++++++++ docker-compose.yml.twig | 22 +++ docker-sync.yml.twig | 16 ++ docker/image/console/.dockerignore | 1 + docker/image/console/Dockerfile.twig | 31 +++ docker/image/console/root/app/.gitkeep | 0 docker/image/console/root/bin/app | 18 ++ .../image/console/root/entrypoint.dynamic.sh | 54 ++++++ docker/image/console/root/entrypoint.sh | 27 +++ .../console/root/home/build/.my.cnf.twig | 4 + docker/image/console/root/lib/sidekick.sh | 81 ++++++++ .../root/lib/task/assets/apply.sh.twig | 38 ++++ .../console/root/lib/task/assets/dump.sh.twig | 19 ++ docker/image/console/root/lib/task/build.sh | 13 ++ .../root/lib/task/build/backend.sh.twig | 15 ++ .../root/lib/task/build/frontend.sh.twig | 15 ++ .../console/root/lib/task/composer/install.sh | 6 + .../root/lib/task/database/available.sh.twig | 28 +++ .../image/console/root/lib/task/init.sh.twig | 14 ++ .../console/root/lib/task/install.sh.twig | 11 ++ .../console/root/lib/task/migrate.sh.twig | 10 + .../console/root/lib/task/overlay/apply.sh | 6 + .../console/root/lib/task/skeleton/apply.sh | 6 + docker/image/console/root/lib/task/state.sh | 8 + docker/image/console/root/lib/task/welcome.sh | 13 ++ .../php/conf.d/docker-php-ext-xdebug.ini.twig | 8 + .../root/usr/local/etc/php/php.ini.twig | 10 + docker/image/nginx/Dockerfile.twig | 13 ++ .../root/etc/nginx/conf.d/0-nginx.conf.twig | 3 + .../root/etc/nginx/snippets/certificate.conf | 2 + .../root/etc/nginx/snippets/ssl-params.conf | 17 ++ .../nginx/root/etc/ssl/certs/app.crt.twig | 1 + .../nginx/root/etc/ssl/private/app.key.twig | 1 + docker/image/php-fpm/.dockerignore | 1 + docker/image/php-fpm/Dockerfile.twig | 15 ++ docker/image/php-fpm/root/app/.gitkeep | 0 .../image/php-fpm/root/entrypoint.dynamic.sh | 65 +++++++ docker/image/php-fpm/root/entrypoint.sh | 4 + .../root/etc/supervisor/conf.d/php-fpm.conf | 9 + .../root/etc/supervisor/supervisord.conf | 18 ++ .../php-fpm/root/fix_app_permissions.sh.twig | 55 ++++++ .../php/conf.d/docker-php-ext-xdebug.ini.twig | 8 + .../root/usr/local/etc/php/php.ini.twig | 10 + docs/.gitkeep | 0 harness/attributes/common.yml | 179 ++++++++++++++++++ harness/attributes/environment/local.yml | 6 + harness/attributes/environment/pipeline.yml | 7 + harness/config/commands.yml | 175 +++++++++++++++++ harness/config/events.yml | 10 + harness/config/functions.yml | 17 ++ harness/config/pipeline.yml | 40 ++++ harness/scripts/destroy.sh | 15 ++ harness/scripts/disable.sh | 7 + harness/scripts/enable.sh | 53 ++++++ helm/app/Chart.yaml | 5 + .../_twig/values.yaml/environment.yml.twig | 8 + helm/app/templates/application/app-init.yaml | 22 +++ .../templates/application/app-migrate.yaml | 23 +++ .../application/console/deployment.yaml | 38 ++++ .../templates/application/docker-config.yaml | 7 + .../application/nginx/deployment.yaml | 32 ++++ .../templates/application/nginx/ingress.yaml | 17 ++ .../templates/application/nginx/service.yaml | 15 ++ .../application/php-fpm/deployment.yaml | 37 ++++ .../application/php-fpm/service.yaml | 15 ++ helm/app/templates/service/memcached/.gitkeep | 0 .../templates/service/mysql/deployment.yaml | 51 +++++ helm/app/templates/service/mysql/pvc.yaml | 12 ++ helm/app/templates/service/mysql/service.yaml | 17 ++ .../service/postgres/deployment.yaml | 48 +++++ helm/app/templates/service/postgres/pvc.yaml | 12 ++ .../templates/service/postgres/service.yaml | 17 ++ .../service/redis-session/deployment.yaml | 47 +++++ .../service/redis-session/service.yaml | 17 ++ .../templates/service/redis/deployment.yaml | 48 +++++ helm/app/templates/service/redis/service.yaml | 17 ++ helm/app/values.yaml.twig | 15 ++ helm/qa/Chart.yaml | 5 + helm/qa/requirements.yaml | 4 + helm/qa/values.yaml.twig | 3 + 92 files changed, 2048 insertions(+) create mode 100644 _twig/docker-compose.yml/application.yml.twig create mode 100644 _twig/docker-compose.yml/service/chrome.yml.twig create mode 100644 _twig/docker-compose.yml/service/memcached.yml.twig create mode 100644 _twig/docker-compose.yml/service/mysql.yml.twig create mode 100644 _twig/docker-compose.yml/service/postgres.yml.twig create mode 100644 _twig/docker-compose.yml/service/redis-session.yml.twig create mode 100644 _twig/docker-compose.yml/service/redis.yml.twig create mode 100644 application/overlay/.dockerignore.twig create mode 100644 application/overlay/Jenkinsfile.twig create mode 100644 application/overlay/_twig/.dockerignore/dynamic.twig create mode 100644 application/overlay/_twig/.dockerignore/static.twig create mode 100644 application/overlay/auth.json.twig create mode 100644 application/skeleton/README.md.twig create mode 100644 docker-compose.yml.twig create mode 100644 docker-sync.yml.twig create mode 100644 docker/image/console/.dockerignore create mode 100644 docker/image/console/Dockerfile.twig create mode 100644 docker/image/console/root/app/.gitkeep create mode 100755 docker/image/console/root/bin/app create mode 100755 docker/image/console/root/entrypoint.dynamic.sh create mode 100755 docker/image/console/root/entrypoint.sh create mode 100644 docker/image/console/root/home/build/.my.cnf.twig create mode 100644 docker/image/console/root/lib/sidekick.sh create mode 100644 docker/image/console/root/lib/task/assets/apply.sh.twig create mode 100644 docker/image/console/root/lib/task/assets/dump.sh.twig create mode 100644 docker/image/console/root/lib/task/build.sh create mode 100644 docker/image/console/root/lib/task/build/backend.sh.twig create mode 100644 docker/image/console/root/lib/task/build/frontend.sh.twig create mode 100644 docker/image/console/root/lib/task/composer/install.sh create mode 100644 docker/image/console/root/lib/task/database/available.sh.twig create mode 100644 docker/image/console/root/lib/task/init.sh.twig create mode 100644 docker/image/console/root/lib/task/install.sh.twig create mode 100644 docker/image/console/root/lib/task/migrate.sh.twig create mode 100644 docker/image/console/root/lib/task/overlay/apply.sh create mode 100644 docker/image/console/root/lib/task/skeleton/apply.sh create mode 100644 docker/image/console/root/lib/task/state.sh create mode 100644 docker/image/console/root/lib/task/welcome.sh create mode 100644 docker/image/console/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig create mode 100644 docker/image/console/root/usr/local/etc/php/php.ini.twig create mode 100644 docker/image/nginx/Dockerfile.twig create mode 100644 docker/image/nginx/root/etc/nginx/conf.d/0-nginx.conf.twig create mode 100644 docker/image/nginx/root/etc/nginx/snippets/certificate.conf create mode 100644 docker/image/nginx/root/etc/nginx/snippets/ssl-params.conf create mode 100644 docker/image/nginx/root/etc/ssl/certs/app.crt.twig create mode 100644 docker/image/nginx/root/etc/ssl/private/app.key.twig create mode 100644 docker/image/php-fpm/.dockerignore create mode 100644 docker/image/php-fpm/Dockerfile.twig create mode 100644 docker/image/php-fpm/root/app/.gitkeep create mode 100755 docker/image/php-fpm/root/entrypoint.dynamic.sh create mode 100755 docker/image/php-fpm/root/entrypoint.sh create mode 100644 docker/image/php-fpm/root/etc/supervisor/conf.d/php-fpm.conf create mode 100644 docker/image/php-fpm/root/etc/supervisor/supervisord.conf create mode 100755 docker/image/php-fpm/root/fix_app_permissions.sh.twig create mode 100644 docker/image/php-fpm/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig create mode 100644 docker/image/php-fpm/root/usr/local/etc/php/php.ini.twig create mode 100644 docs/.gitkeep create mode 100644 harness/attributes/common.yml create mode 100644 harness/attributes/environment/local.yml create mode 100644 harness/attributes/environment/pipeline.yml create mode 100644 harness/config/commands.yml create mode 100644 harness/config/events.yml create mode 100644 harness/config/functions.yml create mode 100644 harness/config/pipeline.yml create mode 100755 harness/scripts/destroy.sh create mode 100755 harness/scripts/disable.sh create mode 100755 harness/scripts/enable.sh create mode 100644 helm/app/Chart.yaml create mode 100644 helm/app/_twig/values.yaml/environment.yml.twig create mode 100644 helm/app/templates/application/app-init.yaml create mode 100644 helm/app/templates/application/app-migrate.yaml create mode 100644 helm/app/templates/application/console/deployment.yaml create mode 100644 helm/app/templates/application/docker-config.yaml create mode 100644 helm/app/templates/application/nginx/deployment.yaml create mode 100644 helm/app/templates/application/nginx/ingress.yaml create mode 100644 helm/app/templates/application/nginx/service.yaml create mode 100644 helm/app/templates/application/php-fpm/deployment.yaml create mode 100644 helm/app/templates/application/php-fpm/service.yaml create mode 100644 helm/app/templates/service/memcached/.gitkeep create mode 100644 helm/app/templates/service/mysql/deployment.yaml create mode 100644 helm/app/templates/service/mysql/pvc.yaml create mode 100644 helm/app/templates/service/mysql/service.yaml create mode 100644 helm/app/templates/service/postgres/deployment.yaml create mode 100644 helm/app/templates/service/postgres/pvc.yaml create mode 100644 helm/app/templates/service/postgres/service.yaml create mode 100644 helm/app/templates/service/redis-session/deployment.yaml create mode 100644 helm/app/templates/service/redis-session/service.yaml create mode 100644 helm/app/templates/service/redis/deployment.yaml create mode 100644 helm/app/templates/service/redis/service.yaml create mode 100644 helm/app/values.yaml.twig create mode 100644 helm/qa/Chart.yaml create mode 100644 helm/qa/requirements.yaml create mode 100644 helm/qa/values.yaml.twig diff --git a/_twig/docker-compose.yml/application.yml.twig b/_twig/docker-compose.yml/application.yml.twig new file mode 100644 index 0000000..0b30efd --- /dev/null +++ b/_twig/docker-compose.yml/application.yml.twig @@ -0,0 +1,64 @@ +{% set blocks = '_twig/docker-compose.yml/' %} +{% set dockersync = false %} +{% if @('host.os') == 'darwin' and @('docker-sync') == 'yes' %} +{% set dockersync = true %} +{% endif %} + + console: +{% if @('app.build') == 'dynamic' %} + build: + context: ./ + dockerfile: .my127ws/docker/image/console/Dockerfile + entrypoint: /entrypoint.dynamic.sh + volumes: + - {{ (dockersync) ? @('workspace.name') ~ '-sync:/app:nocopy' : './:/app:delegated' }} + - ./.my127ws/application:/home/build/application + - ./.my127ws/docker/image/console/root/lib/task:/lib/task + - ./.my127ws:/.my127ws +{% else %} + image: {{ @('docker.repository') ~ ':' ~ @('app.version') ~ '-console' }} +{% endif %} + labels: + - traefik.enable=false + environment: &APP_ENV_VARS +{% include blocks ~ 'environment.yml.twig' %} + networks: + - private + + nginx: +{% if @('app.build') == 'dynamic' %} + build: .my127ws/docker/image/nginx + volumes: + - {{ (dockersync) ? @('workspace.name') ~ '-sync:/app:nocopy' : './:/app:delegated' }} +{% else %} + image: {{ @('docker.repository') ~ ':' ~ @('app.version') ~ '-nginx' }} +{% endif %} + labels: + - traefik.backend={{ @('workspace.name') }} + - traefik.frontend.rule=Host:{{ @('hostname') }} + - traefik.docker.network=my127ws + - traefik.port=80 + links: + - php-fpm:php-fpm + networks: + private: + aliases: + - {{ @('hostname') }} + shared: {} + + php-fpm: +{% if @('app.build') == 'dynamic' %} + build: .my127ws/docker/image/php-fpm + entrypoint: /entrypoint.dynamic.sh + volumes: + - {{ (dockersync) ? @('workspace.name') ~ '-sync:/app:nocopy' : './:/app:delegated' }} + - ./.my127ws:/.my127ws +{% else %} + image: {{ @('docker.repository') ~ ':' ~ @('app.version') ~ '-php-fpm' }} +{% endif %} + labels: + - traefik.enable=false + networks: + - private + environment: + <<: *APP_ENV_VARS diff --git a/_twig/docker-compose.yml/service/chrome.yml.twig b/_twig/docker-compose.yml/service/chrome.yml.twig new file mode 100644 index 0000000..c8a1c81 --- /dev/null +++ b/_twig/docker-compose.yml/service/chrome.yml.twig @@ -0,0 +1,7 @@ + chrome: + image: yukinying/chrome-headless-browser:latest + command: ["--no-sandbox", "--disable-gpu", "--headless", "--disable-dev-shm-usage", "--remote-debugging-address=0.0.0.0", "--remote-debugging-port=9222", "--user-data-dir=/data"] + labels: + - traefik.enable=false + networks: + - private diff --git a/_twig/docker-compose.yml/service/memcached.yml.twig b/_twig/docker-compose.yml/service/memcached.yml.twig new file mode 100644 index 0000000..f4116b0 --- /dev/null +++ b/_twig/docker-compose.yml/service/memcached.yml.twig @@ -0,0 +1,6 @@ + memcached: + image: memcached:1-alpine + labels: + - traefik.enable=false + networks: + - private diff --git a/_twig/docker-compose.yml/service/mysql.yml.twig b/_twig/docker-compose.yml/service/mysql.yml.twig new file mode 100644 index 0000000..3c2dbed --- /dev/null +++ b/_twig/docker-compose.yml/service/mysql.yml.twig @@ -0,0 +1,13 @@ + mysql: + image: mysql:5.7 + labels: + - traefik.enable=false + environment: + - MYSQL_ROOT_PASSWORD={{ @('database.root_pass') }} + - MYSQL_DATABASE={{ @('database.name') }} + - MYSQL_USER={{ @('database.user') }} + - MYSQL_PASSWORD={{ @('database.pass') }} + networks: + - private + ports: + - 3306 diff --git a/_twig/docker-compose.yml/service/postgres.yml.twig b/_twig/docker-compose.yml/service/postgres.yml.twig new file mode 100644 index 0000000..e203a46 --- /dev/null +++ b/_twig/docker-compose.yml/service/postgres.yml.twig @@ -0,0 +1,12 @@ + postgres: + image: postgres:9.6 + labels: + - traefik.enable=false + environment: + - POSTGRES_DB={{ @('database.name') }} + - POSTGRES_USER={{ @('database.user') }} + - POSTGRES_PASSWORD={{ @('database.pass') }} + networks: + - private + ports: + - 5432 diff --git a/_twig/docker-compose.yml/service/redis-session.yml.twig b/_twig/docker-compose.yml/service/redis-session.yml.twig new file mode 100644 index 0000000..44c6072 --- /dev/null +++ b/_twig/docker-compose.yml/service/redis-session.yml.twig @@ -0,0 +1,8 @@ + redis-session: + image: redis:4-alpine + # 1GB; evict key that would expire soonest + command: redis-server --maxmemory 1073742000 --maxmemory-policy volatile-ttl --save 3600 1 --save 300 100 --save 60 10000 + labels: + - traefik.enable=false + networks: + - private diff --git a/_twig/docker-compose.yml/service/redis.yml.twig b/_twig/docker-compose.yml/service/redis.yml.twig new file mode 100644 index 0000000..978a77f --- /dev/null +++ b/_twig/docker-compose.yml/service/redis.yml.twig @@ -0,0 +1,8 @@ + redis: + image: redis:4-alpine + # 1GB; evict any least recently used key even if they don't have a TTL + command: redis-server --maxmemory 1073742000 --maxmemory-policy allkeys-lru --save 3600 1 --save 300 100 --save 60 10000 + labels: + - traefik.enable=false + networks: + - private diff --git a/application/overlay/.dockerignore.twig b/application/overlay/.dockerignore.twig new file mode 100644 index 0000000..96c90ad --- /dev/null +++ b/application/overlay/.dockerignore.twig @@ -0,0 +1,8 @@ +{% set build = @('app.build') %} +{% set blocks = 'application/overlay/_twig/.dockerignore/' %} + +{% if build == 'dynamic' %} +{% include blocks ~ 'dynamic.twig' %} +{% else %} +{% include blocks ~ 'static.twig' %} +{% endif %} diff --git a/application/overlay/Jenkinsfile.twig b/application/overlay/Jenkinsfile.twig new file mode 100644 index 0000000..9350ce0 --- /dev/null +++ b/application/overlay/Jenkinsfile.twig @@ -0,0 +1,48 @@ +pipeline { + agent { label "my127ws" } + environment { + MY127WS_KEY = credentials('{{ @('workspace.name') }}-my127ws-key') + MY127WS_ENV = "pipeline" + } + triggers { cron(env.BRANCH_NAME == '{{ @('git.main_branch') }}' ? 'H H(0-6) * * *' : '') } + stages { + stage('Build') { + steps { sh 'ws install' } + } + stage('Test') { + parallel { + stage('quality') { steps { sh 'ws exec composer test-quality' } } + stage('unit') { steps { sh 'ws exec composer test-unit' } } + stage('acceptance') { steps { sh 'ws exec composer test-acceptance' } } + } + } +{% if @('pipeline.publish.enabled') == 'yes' %} + stage('Publish') { + when { not { triggeredBy 'TimerTrigger' } } + steps { sh 'ws app publish' } + } +{% endif %} +{% if @('pipeline.qa.enabled') == 'yes' %} + stage('Deploy (QA)') { + environment { +{% for key, value in @('pipeline.qa.environment') %} + {{ key }} = {{ value|raw }} +{% endfor %} + } + when { + not { triggeredBy 'TimerTrigger' } + branch '{{ @('pipeline.qa.branch') }}' + } + steps { + sh 'ws app deploy qa' + } + } +{% endif %} + } + post { + always { + sh 'ws destroy' + cleanWs() + } + } +} diff --git a/application/overlay/_twig/.dockerignore/dynamic.twig b/application/overlay/_twig/.dockerignore/dynamic.twig new file mode 100644 index 0000000..4ebb7d2 --- /dev/null +++ b/application/overlay/_twig/.dockerignore/dynamic.twig @@ -0,0 +1,2 @@ +* +!.my127ws diff --git a/application/overlay/_twig/.dockerignore/static.twig b/application/overlay/_twig/.dockerignore/static.twig new file mode 100644 index 0000000..c007eac --- /dev/null +++ b/application/overlay/_twig/.dockerignore/static.twig @@ -0,0 +1 @@ +# no need for exclusions for now diff --git a/application/overlay/auth.json.twig b/application/overlay/auth.json.twig new file mode 100644 index 0000000..0731d87 --- /dev/null +++ b/application/overlay/auth.json.twig @@ -0,0 +1,15 @@ +{ + "http-basic": { + {% for repo in @('composer.auth.basic') %} + "{{ repo.path }}": { + "username": "{{ repo.username }}", + "password": "{{ repo.password }}" + }{% if not loop.last %},{% endif %} + {% endfor %} + }, + "github-oauth": { + {% if @('composer.auth.github') %} + "github.com": "{{ @('composer.auth.github') }}" + {% endif %} + } +} diff --git a/application/skeleton/README.md.twig b/application/skeleton/README.md.twig new file mode 100644 index 0000000..08d5726 --- /dev/null +++ b/application/skeleton/README.md.twig @@ -0,0 +1,119 @@ +# {{ @('workspace.name') }} + +Please follow the below steps to get started, if you encounter any issues installing the dependencies or provisioning the development environment, please check the [Common Issues](#common-issues) section first. + +## Development Environment + +### Getting Started + +#### Prerequisites + +##### General + +- Access to LastPass folders + - `Shared-{{ @('workspace.name') }}-Servers` and `Shared-{{ @('workspace.name') }}-Accounts` + +##### Docker + +- A working Docker setup + - On MacOS, use [Docker for Mac](https://docs.docker.com/docker-for-mac/install/). + - On Linux, add the official Docker repository and install the "docker-ce" package. + You will also need to have a recent [docker-compose](https://docs.docker.com/compose/install/) version - at least `1.24.0`. + +#### Setup + +1. Install [workspace](https://github.com/my127/workspace) +2. Copy the LastPass entry "{{ @('workspace.name') }}: Development Environment Key" to a file named `workspace.override.yml` in the project root. +3. Run `ws install` + +Once installed, the site should be available at [https://{{ @('hostname') }}](https://{{ @('hostname') }}). + +### Development environment cleanup + +To stop the development environment, run `ws disable`. + +To start the development environment again, run `ws enable`. + +To remove the development environment, run `ws destroy`. + +### Frontend + +The frontend build should be automatically done as part of bringing up the environment. + +To trigger a rebuild, run `ws frontend build`. + +To watch for changes, run `ws frontend watch`. + +To gain access to the `console` container where the builds happen: `ws frontend console`. + +### Xdebug + +Xdebug is turned off by default as it drastically slows down requests for all developers. + +To enable, run `ws feature xdebug on`. To turn off again, `ws feature xdebug off`. + +To enable on CLI in `ws console`, run `ws feature xdebug cli on`. To turn off again, `ws feature xdebug cli off`. + +Xdebug is set up to listen to your computer's 9000 port once enabled, so all you would need to do in your IDE is: +1. Create a mapping from the project root to `/app` for name `workspace`, hostname `localhost` and port 80. +2. Listen for connections. + +[Here's a good guide for PhpStorm](https://www.jetbrains.com/help/phpstorm/zero-configuration-debugging.html). + +If you have trouble with triggered requests not starting connections to your IDE, check that +`sudo lsof -i :9000 | grep LISTEN` on your host shows process from your IDE. +If it doesn't, stop the indicated process (e.g. `php-fpm`) and toggle the Xdebug listen button off and on again in PhpStorm. + +### Performance on MacOS + +Page load times with Docker for Mac can vary considerably. This is especially so when there is a large +quantity of small files, such as with a large composer vendor folder. + +{% if @('docker-sync') == 'yes' %} +[docker-sync](https://github.com/EugenMayer/docker-sync/) is enabled on this workspace environment to +try to overcome this. +It enables production-like performance at the cost of having to synchronise files with an intermediate +"data" container. +{% else %} +If it takes over 2 seconds to load a page, you can consider enabling +[docker-sync](https://github.com/EugenMayer/docker-sync/) which should enable production-like performance +at the cost of having to synchronise files with an intermediate "data" container. + +You can enable docker-sync with `ws feature docker-sync on` - it takes a while to initially sync. +{% endif %} + +If you don't like the tradeoff of having to synchronise files, you can turn docker-sync off +with `ws feature docker-sync off`. + +{% if @('docker-sync') == 'yes' %} +If your page loads too slowly, you can turn docker-sync back on again with `ws feature docker-sync on` +{% endif %} + +### Common Issues + +As setup issues are encountered please detail with step by step fix instructions, and where possible update the project or the upstream workspace harness itself to provide a more permanent fix. + +* If you use docker-sync and notice that your changes aren't synchronising to the environment: + * Check if your file exists with your changes in `ws console` + * If your file in `ws console` has changed okay, check your project for any caching that + would prevent changes to source code appearing immediately. + * If the file changes do not appear in `ws console` reasonably quickly, it might be that + Docker for Mac is overwhelmed with file change events. + * Restarting Docker for Mac using the system tray icon's menu and then running `ws enable` again + will fix it. + +# License + +Copyright 2019, Inviqa + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/docker-compose.yml.twig b/docker-compose.yml.twig new file mode 100644 index 0000000..ee7fe0d --- /dev/null +++ b/docker-compose.yml.twig @@ -0,0 +1,22 @@ +{% set blocks = '_twig/docker-compose.yml/' %} +{% set dockersync = false %} +{% if @('host.os') == 'darwin' and @('docker-sync') == 'yes' %} +{% set dockersync = true %} +{% endif %} +version: '3' +services: +{% include blocks ~ 'application.yml.twig' %} +{% for service in @('app.services') %} +{% include blocks ~ 'service/' ~ service ~ '.yml.twig' %} +{% endfor %} +networks: + private: + external: false + shared: + external: + name: my127ws +{% if dockersync %} +volumes: + {{ @('workspace.name') }}-sync: + external: true +{% endif %} diff --git a/docker-sync.yml.twig b/docker-sync.yml.twig new file mode 100644 index 0000000..9510ee5 --- /dev/null +++ b/docker-sync.yml.twig @@ -0,0 +1,16 @@ +version: '2' +options: + compose-file-path: + - docker-compose.yml + project_root: config_path +syncs: + {{ @('workspace.name') }}-sync: + src: ./ + sync_userid: '1000' + sync_excludes_type: BelowPath + sync_excludes: &IGNORE + - .docker-sync + - .idea + - .git + - var + watch_excludes: *IGNORE diff --git a/docker/image/console/.dockerignore b/docker/image/console/.dockerignore new file mode 100644 index 0000000..cf49d54 --- /dev/null +++ b/docker/image/console/.dockerignore @@ -0,0 +1 @@ +**/*.twig diff --git a/docker/image/console/Dockerfile.twig b/docker/image/console/Dockerfile.twig new file mode 100644 index 0000000..a838606 --- /dev/null +++ b/docker/image/console/Dockerfile.twig @@ -0,0 +1,31 @@ +FROM {{ @('docker.image.console') }} + +COPY .my127ws/docker/image/console/root / +RUN chown -R build:build /home/build + +ENV APP_MODE={{ @('app.mode') }} \ + ASSETS_DIR={{ @('assets.local') }} + +{% if @('node.version') is not null %} +USER build +RUN . /home/build/.nvm/nvm.sh \ + && nvm install {{ @('node.version') }} \ + && nvm use {{ @('node.version') }} \ + && nvm alias default {{ @('node.version') }} \ + && npm install -g yarn +USER root +{% endif %} + +{% if @('app.build') == 'static' %} +RUN chown build:build /app +COPY --chown=build:build .my127ws/application /home/build/application +COPY --chown=build:build ./ /app +USER build +RUN app build +USER root +{% else %} +VOLUME /app +VOLUME /home/build/application +{% endif %} + +ENTRYPOINT /entrypoint.sh diff --git a/docker/image/console/root/app/.gitkeep b/docker/image/console/root/app/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/image/console/root/bin/app b/docker/image/console/root/bin/app new file mode 100755 index 0000000..e80527d --- /dev/null +++ b/docker/image/console/root/bin/app @@ -0,0 +1,18 @@ +#!/bin/bash +set -e + +main() +{ + task "$@" +} + +bootstrap() +{ + export NVM_DIR="$HOME/.nvm" + # shellcheck source=/home/build/nvm.sh + [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" + . /lib/sidekick.sh +} + +bootstrap +main "$@" diff --git a/docker/image/console/root/entrypoint.dynamic.sh b/docker/image/console/root/entrypoint.dynamic.sh new file mode 100755 index 0000000..7b0dc84 --- /dev/null +++ b/docker/image/console/root/entrypoint.dynamic.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +main() +{ + source /entrypoint.sh +} + +setup_app_volume_permissions() +{ + case "$STRATEGY" in + "host-linux-normal") + usermod -u "$(stat -c '%u' /app)" build + groupmod -g "$(stat -c '%g' /app)" build + ;; + "host-osx-normal") + usermod -u 1000 build + groupmod -g 1000 build + ;; + "host-osx-dockersync") + usermod -u 1000 build + groupmod -g 1000 build + ;; + *) + exit 1 + esac + + chown build:build /app +} + +resolve_volume_mount_strategy() +{ + if [ "${HOST_OS_FAMILY}" = "linux" ]; then + STRATEGY="host-linux-normal" + elif [ "${HOST_OS_FAMILY}" = "darwin" ]; then + if (mount | grep "/app type fuse.osxfs") > /dev/null 2>&1; then + STRATEGY="host-osx-normal" + elif (mount | grep "/app type ext4") > /dev/null 2>&1; then + STRATEGY="host-osx-dockersync" + else + exit 1 + fi + else + exit 1 + fi +} + +bootstrap() +{ + resolve_volume_mount_strategy + setup_app_volume_permissions +} + +bootstrap +main diff --git a/docker/image/console/root/entrypoint.sh b/docker/image/console/root/entrypoint.sh new file mode 100755 index 0000000..1bbbb9c --- /dev/null +++ b/docker/image/console/root/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +main() +{ + su - build + sh -c 'while sleep 3600; do :; done' +} + +setup_app_networking() +{ + # make linux consistent with docker-for-mac + if [ "${HOST_OS_FAMILY}" = "linux" ]; then + DOCKER_INTERNAL_HOST="host.docker.internal" + if ! grep $DOCKER_INTERNAL_HOST /etc/hosts > /dev/null ; then + DOCKER_INTERNAL_IP=$(/sbin/ip route|awk '/default/ { print $3 }') + echo -e "$DOCKER_INTERNAL_IP $DOCKER_INTERNAL_HOST" | tee -a /etc/hosts > /dev/null + fi + fi +} + +bootstrap() +{ + setup_app_networking +} + +bootstrap +main diff --git a/docker/image/console/root/home/build/.my.cnf.twig b/docker/image/console/root/home/build/.my.cnf.twig new file mode 100644 index 0000000..ef83bda --- /dev/null +++ b/docker/image/console/root/home/build/.my.cnf.twig @@ -0,0 +1,4 @@ +[client] +host=mysql +user=root +password={{ @('database.root_pass') }} diff --git a/docker/image/console/root/lib/sidekick.sh b/docker/image/console/root/lib/sidekick.sh new file mode 100644 index 0000000..a5df7c9 --- /dev/null +++ b/docker/image/console/root/lib/sidekick.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +VERBOSE="no" + +RUN_CWD="" + +INDICATOR_RUNNING="34m" +INDICATOR_SUCCESS="32m" +INDICATOR_ERROR="31m" +INDICATOR_PASSTHRU="37m" + +TASKS="/lib/task" + +task() +{ + local task_file="${TASKS}/${1//:/\/}.sh" + local task_name="task_${1//:/_}" + + # shellcheck source=/dev/null + declare -F "$task_name" &>/dev/null || source "$task_file" + + shift + + $task_name "$@" +} + +prompt() +{ + if [ "${RUN_CWD}" != "$(pwd)" ]; then + RUN_CWD="$(pwd)" + echo -e "\\033[1m[\\033[0mdocker(console):$(pwd)\\033[1m]:\\033[0m" + fi +} + +run() +{ + local COMMAND="$*" + if [ "$VERBOSE" = "no" ]; then + prompt + + echo " > ${COMMAND[*]}" + setCommandIndicator $INDICATOR_RUNNING + + if ! bash -c "${COMMAND[@]}" > /tmp/my127ws-stdout.txt 2> /tmp/my127ws-stderr.txt; then + setCommandIndicator $INDICATOR_ERROR + + cat /tmp/my127ws-stderr.txt + + echo "----------------------------------" + echo "Full Logs :-" + echo " stdout: /tmp/my127ws-stdout.txt" + echo " stdout: /tmp/my127ws-stderr.txt" + + exit 1 + else + setCommandIndicator $INDICATOR_SUCCESS + fi + else + passthru "${COMMAND[@]}" + fi +} + +passthru() +{ + prompt + + echo -e "\\033[${INDICATOR_PASSTHRU}■\\033[0m > $*" + + if ! bash -c "$@"; then + exit 1 + fi +} + +setCommandIndicator() +{ + echo -ne "\\033[1A"; + echo -ne "\\033[$1" + echo -n "■" + echo -ne "\\033[0m" + echo -ne "\\033[1E"; +} diff --git a/docker/image/console/root/lib/task/assets/apply.sh.twig b/docker/image/console/root/lib/task/assets/apply.sh.twig new file mode 100644 index 0000000..f099436 --- /dev/null +++ b/docker/image/console/root/lib/task/assets/apply.sh.twig @@ -0,0 +1,38 @@ +#!/bin/bash + +function task_assets_apply() +{ + local ASSETS_DIR="${ASSETS_DIR:-tools/assets/development}" + local IMPORT_COMMAND="" + + if [ "{{ @('database.type')|raw }}" == "mysql" ]; then + SQL="SELECT IF (COUNT(*) = 0, 'no', 'yes') FROM information_schema.tables WHERE table_schema = '$DB_NAME';" + IS_DATABASE_APPLIED="$(mysql -ss -h "$DB_HOST" -u "$DB_USER" -p"$DB_PASS" -e "$SQL")" + IMPORT_COMMAND="mysql -h $DB_HOST -u root -p$DB_ROOT_PASS $DB_NAME" + elif [ "{{ @('database.type')|raw }}" == "postgres" ]; then + SQL="SELECT CASE WHEN COUNT(*) = 0 THEN 'no' ELSE 'yes' END FROM information_schema.tables WHERE table_catalog = '$DB_NAME' and table_schema='public';" + IS_DATABASE_APPLIED="$(PGPASSWORD=$DB_PASS psql -qtAX -h "$DB_HOST" -U "$DB_USER" -c "$SQL")" + IMPORT_COMMAND="PGPASSWORD=$DB_PASS psql -h $DB_HOST -U $DB_USER $DB_NAME" + else + (>&2 echo "invalid database type") + exit 1 + fi + + if [ "$IS_DATABASE_APPLIED" = "no" ]; then + local DATABASE_FILE="/app/${ASSETS_DIR}/${DB_NAME}.sql.gz" + if [ ! -f "$DATABASE_FILE" ]; then + DATABASE_FILE="$(find "/app/${ASSETS_DIR}/" -maxdepth 1 -name "${DB_NAME}*.sql.gz" -print | head -n1)" + fi + + if [ -f "$DATABASE_FILE" ]; then + passthru "pv --force $DATABASE_FILE | zcat - | $IMPORT_COMMAND" + else + task "install" + fi + fi + + for file in "/app/${ASSETS_DIR}/"*.files.{tgz,tar.gz}; do + [ -f "$file" ] || continue + run "tar -xvf ${file} -C /app" + done +} diff --git a/docker/image/console/root/lib/task/assets/dump.sh.twig b/docker/image/console/root/lib/task/assets/dump.sh.twig new file mode 100644 index 0000000..26dd6e3 --- /dev/null +++ b/docker/image/console/root/lib/task/assets/dump.sh.twig @@ -0,0 +1,19 @@ +#!/bin/bash + +function task_assets_dump() +{ + local ASSETS_DIR="${ASSETS_DIR:-tools/assets/development}" + + if [ ! -d "/app/${ASSETS_DIR}" ]; then + run "mkdir -p /app/${ASSETS_DIR}" + fi + + if [ "{{ @('database.type')|raw }}" == "mysql" ]; then + run "mysqldump -h ${DB_HOST} -u ${DB_USER} -p${DB_PASS} ${DB_NAME} | gzip > /app/${ASSETS_DIR}/${DB_NAME}.sql.gz" + elif [ "{{ @('database.type')|raw }}" == "postgres" ]; then + run "PGPASSWORD=$DB_PASS pg_dump -h ${DB_HOST} -U ${DB_USER} ${DB_NAME} | gzip > /app/${ASSETS_DIR}/${DB_NAME}.sql.gz" + else + (>&2 echo "invalid database type") + exit 1 + fi +} diff --git a/docker/image/console/root/lib/task/build.sh b/docker/image/console/root/lib/task/build.sh new file mode 100644 index 0000000..73b0962 --- /dev/null +++ b/docker/image/console/root/lib/task/build.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +function task_build() +{ + if [ ! -f /app/composer.json ]; then + task "skeleton:apply" + fi + + task "overlay:apply" + + task "build:backend" + task "build:frontend" +} diff --git a/docker/image/console/root/lib/task/build/backend.sh.twig b/docker/image/console/root/lib/task/build/backend.sh.twig new file mode 100644 index 0000000..418fa62 --- /dev/null +++ b/docker/image/console/root/lib/task/build/backend.sh.twig @@ -0,0 +1,15 @@ +#!/bin/bash + +function task_build_backend() +{( + cd {{ @('backend.path') }} + + if [ ! {{ @('backend.build.when')|raw }} ]; then + return 0; + fi + + {% for step in @('backend.build.steps') -%} + {{ step|raw }} + {% endfor %} + +)} diff --git a/docker/image/console/root/lib/task/build/frontend.sh.twig b/docker/image/console/root/lib/task/build/frontend.sh.twig new file mode 100644 index 0000000..deff49a --- /dev/null +++ b/docker/image/console/root/lib/task/build/frontend.sh.twig @@ -0,0 +1,15 @@ +#!/bin/bash + +function task_build_frontend() +{( + cd {{ @('frontend.path') }} + + if [ ! {{ @('frontend.build.when')|raw }} ]; then + return 0; + fi + + {% for step in @('frontend.build.steps') -%} + {{ step|raw }} + {% endfor %} + +)} diff --git a/docker/image/console/root/lib/task/composer/install.sh b/docker/image/console/root/lib/task/composer/install.sh new file mode 100644 index 0000000..119ad13 --- /dev/null +++ b/docker/image/console/root/lib/task/composer/install.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +function task_composer_install() +{ + passthru "composer install --no-interaction" +} diff --git a/docker/image/console/root/lib/task/database/available.sh.twig b/docker/image/console/root/lib/task/database/available.sh.twig new file mode 100644 index 0000000..c980ea4 --- /dev/null +++ b/docker/image/console/root/lib/task/database/available.sh.twig @@ -0,0 +1,28 @@ +#!/bin/bash + +function task_database_available() +{ + local command="" + + if [ "{{ @('database.type')|raw }}" == "mysql" ]; then + command="mysqladmin -h $DB_HOST -u root -p$DB_ROOT_PASS ping" + elif [ "{{ @('database.type')|raw }}" == "postgres" ]; then + command="pg_isready -h $DB_HOST" + else + (>&2 echo "invalid database type") + exit 1 + fi + + local counter=0 + + while ! $command &> /dev/null; do + + if (( counter > 30 )); then + (>&2 echo "timeout while waiting on {{ @('database.type')|raw }} to become available") + exit 1 + fi + + sleep 1 + ((++counter)) + done +} \ No newline at end of file diff --git a/docker/image/console/root/lib/task/init.sh.twig b/docker/image/console/root/lib/task/init.sh.twig new file mode 100644 index 0000000..2815120 --- /dev/null +++ b/docker/image/console/root/lib/task/init.sh.twig @@ -0,0 +1,14 @@ +#!/bin/bash + +function task_init() +{ + task "database:available" + task "assets:apply" + + {% for step in @('backend.init.steps') -%} + {{ step|raw }} + {% endfor %} + + task "migrate" + task "welcome" +} diff --git a/docker/image/console/root/lib/task/install.sh.twig b/docker/image/console/root/lib/task/install.sh.twig new file mode 100644 index 0000000..4389d61 --- /dev/null +++ b/docker/image/console/root/lib/task/install.sh.twig @@ -0,0 +1,11 @@ +#!/bin/bash + +function task_install() +{ + task "database:available" + + {% for step in @('backend.install.steps') -%} + {{ step|raw }} + {% endfor %} + +} diff --git a/docker/image/console/root/lib/task/migrate.sh.twig b/docker/image/console/root/lib/task/migrate.sh.twig new file mode 100644 index 0000000..a778b3e --- /dev/null +++ b/docker/image/console/root/lib/task/migrate.sh.twig @@ -0,0 +1,10 @@ +#!/bin/bash + +function task_migrate() +{ + task "database:available" + + {% for step in @('backend.migrate.steps') -%} + {{ step|raw }} + {% endfor %} +} diff --git a/docker/image/console/root/lib/task/overlay/apply.sh b/docker/image/console/root/lib/task/overlay/apply.sh new file mode 100644 index 0000000..8dc3638 --- /dev/null +++ b/docker/image/console/root/lib/task/overlay/apply.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +function task_overlay_apply() +{ + run "rsync --exclude='*.twig' --exclude='_twig' -a /home/build/application/overlay/ /app/" +} diff --git a/docker/image/console/root/lib/task/skeleton/apply.sh b/docker/image/console/root/lib/task/skeleton/apply.sh new file mode 100644 index 0000000..c256f9e --- /dev/null +++ b/docker/image/console/root/lib/task/skeleton/apply.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +function task_skeleton_apply() +{ + run "rsync --exclude='*.twig' --exclude='_twig' -a /home/build/application/skeleton/ /app/" +} diff --git a/docker/image/console/root/lib/task/state.sh b/docker/image/console/root/lib/task/state.sh new file mode 100644 index 0000000..bdd6b68 --- /dev/null +++ b/docker/image/console/root/lib/task/state.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +function task_state() +{ + task "database:available" + + echo "Ready!" +} diff --git a/docker/image/console/root/lib/task/welcome.sh b/docker/image/console/root/lib/task/welcome.sh new file mode 100644 index 0000000..17e3188 --- /dev/null +++ b/docker/image/console/root/lib/task/welcome.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +function task_welcome() +{ + echo "" + echo "Welcome!" + echo "--------" + echo "URL: https://${APP_HOST}" + echo "Admin: /admin" + echo " Username: admin" + echo " Password: admin123" + echo "" +} diff --git a/docker/image/console/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig b/docker/image/console/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig new file mode 100644 index 0000000..858a33a --- /dev/null +++ b/docker/image/console/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig @@ -0,0 +1,8 @@ +{% set xdebug = @('php.ext-xdebug') %} + +{% if xdebug.cli.enable == 'yes' %} + zend_extension=xdebug.so + {% for key, value in xdebug.config -%} + xdebug.{{ key }}={{ value }} + {% endfor %} +{% endif %} diff --git a/docker/image/console/root/usr/local/etc/php/php.ini.twig b/docker/image/console/root/usr/local/etc/php/php.ini.twig new file mode 100644 index 0000000..b76369c --- /dev/null +++ b/docker/image/console/root/usr/local/etc/php/php.ini.twig @@ -0,0 +1,10 @@ +{% for name, value in @('php.ini') %} +{{ name }} = {{ value }} +{% endfor %} +{% for name, value in @('php.cli.ini') %} +{{ name }} = {{ value }} +{% endfor %} + +; UTC for consistent logging that doesn't vary for Daylight Savings +; If you need to change it, configure your application to display dates offset from UTC. +date.timezone = UTC diff --git a/docker/image/nginx/Dockerfile.twig b/docker/image/nginx/Dockerfile.twig new file mode 100644 index 0000000..35eb35c --- /dev/null +++ b/docker/image/nginx/Dockerfile.twig @@ -0,0 +1,13 @@ +{% if @('app.build') == 'static' %} +FROM {{ @('docker.repository') ~ ':' ~ @('app.version') }}-console as console +{% endif %} + +FROM nginx:1.15-alpine +COPY root / + +{% if @('app.build') == 'static' %} +COPY --from=console /app /app +{% else %} +VOLUME /app +{% endif %} + diff --git a/docker/image/nginx/root/etc/nginx/conf.d/0-nginx.conf.twig b/docker/image/nginx/root/etc/nginx/conf.d/0-nginx.conf.twig new file mode 100644 index 0000000..c9efff8 --- /dev/null +++ b/docker/image/nginx/root/etc/nginx/conf.d/0-nginx.conf.twig @@ -0,0 +1,3 @@ +{% for name, value in @('nginx.global.conf') %} + {{ name }} {{ value }}; +{% endfor %} diff --git a/docker/image/nginx/root/etc/nginx/snippets/certificate.conf b/docker/image/nginx/root/etc/nginx/snippets/certificate.conf new file mode 100644 index 0000000..80e7be3 --- /dev/null +++ b/docker/image/nginx/root/etc/nginx/snippets/certificate.conf @@ -0,0 +1,2 @@ +ssl_certificate /etc/ssl/certs/app.crt; +ssl_certificate_key /etc/ssl/private/app.key; diff --git a/docker/image/nginx/root/etc/nginx/snippets/ssl-params.conf b/docker/image/nginx/root/etc/nginx/snippets/ssl-params.conf new file mode 100644 index 0000000..9b37b60 --- /dev/null +++ b/docker/image/nginx/root/etc/nginx/snippets/ssl-params.conf @@ -0,0 +1,17 @@ +# from https://cipherli.st/ +# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + +ssl_protocols TLSv1.1 TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; +ssl_ecdh_curve secp384r1; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; + +resolver 1.1.1.1 8.8.8.8 valid=300s; +resolver_timeout 5s; + +add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; +add_header X-Content-Type-Options nosniff; diff --git a/docker/image/nginx/root/etc/ssl/certs/app.crt.twig b/docker/image/nginx/root/etc/ssl/certs/app.crt.twig new file mode 100644 index 0000000..0d94581 --- /dev/null +++ b/docker/image/nginx/root/etc/ssl/certs/app.crt.twig @@ -0,0 +1 @@ +{{ @('tls.crt') }} \ No newline at end of file diff --git a/docker/image/nginx/root/etc/ssl/private/app.key.twig b/docker/image/nginx/root/etc/ssl/private/app.key.twig new file mode 100644 index 0000000..6bb8bcb --- /dev/null +++ b/docker/image/nginx/root/etc/ssl/private/app.key.twig @@ -0,0 +1 @@ +{{ @('tls.key') }} \ No newline at end of file diff --git a/docker/image/php-fpm/.dockerignore b/docker/image/php-fpm/.dockerignore new file mode 100644 index 0000000..cf49d54 --- /dev/null +++ b/docker/image/php-fpm/.dockerignore @@ -0,0 +1 @@ +**/*.twig diff --git a/docker/image/php-fpm/Dockerfile.twig b/docker/image/php-fpm/Dockerfile.twig new file mode 100644 index 0000000..d192bbc --- /dev/null +++ b/docker/image/php-fpm/Dockerfile.twig @@ -0,0 +1,15 @@ +{% if @('app.build') == 'static' %} +FROM {{ @('docker.repository') ~ ':' ~ @('app.version') }}-console as console +{% endif %} + +FROM {{ @('docker.image.php-fpm') }} +WORKDIR /app +COPY root / + +{% if @('app.build') == 'static' %} +COPY --from=console --chown=root:root /app /app +RUN bash /fix_app_permissions.sh +{% else %} +VOLUME /app +{% endif %} +ENV APP_MODE {{ @('app.mode') }} diff --git a/docker/image/php-fpm/root/app/.gitkeep b/docker/image/php-fpm/root/app/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker/image/php-fpm/root/entrypoint.dynamic.sh b/docker/image/php-fpm/root/entrypoint.dynamic.sh new file mode 100755 index 0000000..06593e7 --- /dev/null +++ b/docker/image/php-fpm/root/entrypoint.dynamic.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +main() +{ + source /entrypoint.sh +} + +setup_app_networking() +{ + # make linux consistent with docker-for-mac + if [ "${HOST_OS_FAMILY}" = "linux" ]; then + DOCKER_INTERNAL_HOST="host.docker.internal" + if ! grep $DOCKER_INTERNAL_HOST /etc/hosts > /dev/null ; then + DOCKER_INTERNAL_IP=$(/sbin/ip route|awk '/default/ { print $3 }') + echo -e "$DOCKER_INTERNAL_IP $DOCKER_INTERNAL_HOST" | tee -a /etc/hosts > /dev/null + fi + fi +} + +setup_app_volume_permissions() +{ + case "$STRATEGY" in + "host-linux-normal") + usermod -u "$(stat -c '%u' /app)" www-data + groupmod -g "$(stat -c '%g' /app)" www-data + ;; + "host-osx-normal") + usermod -u 1000 www-data + groupmod -g 1000 www-data + ;; + "host-osx-dockersync") + usermod -u 1000 www-data + groupmod -g 1000 www-data + ;; + *) + exit 1 + esac +} + +resolve_volume_mount_strategy() +{ + if [ "${HOST_OS_FAMILY}" = "linux" ]; then + STRATEGY="host-linux-normal" + elif [ "${HOST_OS_FAMILY}" = "darwin" ]; then + if (mount | grep "/app type fuse.osxfs") > /dev/null 2>&1; then + STRATEGY="host-osx-normal" + elif (mount | grep "/app type ext4") > /dev/null 2>&1; then + STRATEGY="host-osx-dockersync" + else + exit 1 + fi + else + exit 1 + fi +} + +bootstrap() +{ + resolve_volume_mount_strategy + setup_app_volume_permissions + setup_app_networking +} + +bootstrap +main diff --git a/docker/image/php-fpm/root/entrypoint.sh b/docker/image/php-fpm/root/entrypoint.sh new file mode 100755 index 0000000..7a3cc9c --- /dev/null +++ b/docker/image/php-fpm/root/entrypoint.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# run +exec supervisord -c /etc/supervisor/supervisord.conf -n diff --git a/docker/image/php-fpm/root/etc/supervisor/conf.d/php-fpm.conf b/docker/image/php-fpm/root/etc/supervisor/conf.d/php-fpm.conf new file mode 100644 index 0000000..4819202 --- /dev/null +++ b/docker/image/php-fpm/root/etc/supervisor/conf.d/php-fpm.conf @@ -0,0 +1,9 @@ +[program:php-fpm] +command=docker-php-entrypoint php-fpm +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +user = root +autostart = true +autorestart = true diff --git a/docker/image/php-fpm/root/etc/supervisor/supervisord.conf b/docker/image/php-fpm/root/etc/supervisor/supervisord.conf new file mode 100644 index 0000000..6cfe17a --- /dev/null +++ b/docker/image/php-fpm/root/etc/supervisor/supervisord.conf @@ -0,0 +1,18 @@ +[supervisord] +nodaemon = true +logfile=/dev/stdout +logfile_maxbytes=0 +pidfile = /var/run/supervisord.pid + +[include] +files = /etc/supervisor/conf.d/*.conf + +[supervisorctl] +serverurl = unix:///var/run/supervisor.sock + +[unix_http_server] +file = /var/run/supervisor.sock +chmod = 0700 + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface diff --git a/docker/image/php-fpm/root/fix_app_permissions.sh.twig b/docker/image/php-fpm/root/fix_app_permissions.sh.twig new file mode 100755 index 0000000..c211659 --- /dev/null +++ b/docker/image/php-fpm/root/fix_app_permissions.sh.twig @@ -0,0 +1,55 @@ +#!/bin/bash + +set -o errexit +set -o pipefail +set -o nounset + + +main() +{ + app_permissions_fix +} + + +function app_permissions_fix() +{ + local APP_OWNER="{{ @('app.web_owner') }}" + local APP_GROUP="{{ @('app.web_group') }}" + DIRS=("{{ @('app.web_writable_dirs') | join('" "') | raw }}") + FILES=("{{ @('app.web_writable_files') | join('" "') | raw }}") + + for DIR in "${DIRS[@]}" + do + if [ -n "${DIR}" ]; then + if [ ! -d "${DIR}" ]; then + echo "${DIR} does not exist. Creating ${DIR}..." + mkdir -p "${DIR}" + fi + chown -R "${APP_OWNER}":"${APP_GROUP}" "${DIR}" + chmod -R ug+rw,o-w "${DIR}" + chmod -R a+r "${DIR}" + echo "fixed permissions for ${DIR}" + else + echo "No directory was specified for permissions fixing." + fi + done + + for FILE in "${FILES[@]}" + do + if [ -n "${FILE}" ]; then + if [ ! -f "${FILE}" ]; then + echo "${FILE} does not exist. Creating ${FILE}..." + touch "${FILE}" + fi + chown "${APP_OWNER}":"${APP_GROUP}" "${FILE}" + chmod ug+rw,o-w "${FILE}" + chmod a+r "${FILE}" + echo "fixed permissions for ${FILE}" + else + echo "No file was specified for permissions fixing." + fi + done + +} + +main diff --git a/docker/image/php-fpm/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig b/docker/image/php-fpm/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig new file mode 100644 index 0000000..1c319da --- /dev/null +++ b/docker/image/php-fpm/root/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini.twig @@ -0,0 +1,8 @@ +{% set xdebug = @('php.ext-xdebug') %} + +{% if xdebug.enable == 'yes' %} + zend_extension=xdebug.so + {% for key, value in xdebug.config -%} + xdebug.{{ key }}={{ value }} + {% endfor %} +{% endif %} diff --git a/docker/image/php-fpm/root/usr/local/etc/php/php.ini.twig b/docker/image/php-fpm/root/usr/local/etc/php/php.ini.twig new file mode 100644 index 0000000..90f4ad6 --- /dev/null +++ b/docker/image/php-fpm/root/usr/local/etc/php/php.ini.twig @@ -0,0 +1,10 @@ +{% for name, value in @('php.ini') %} +{{ name }} = {{ value }} +{% endfor %} +{% for name, value in @('php.fpm.ini') %} +{{ name }} = {{ value }} +{% endfor %} + +; UTC for consistent logging that doesn't vary for Daylight Savings +; If you need to change it, configure your application to display dates offset from UTC. +date.timezone = UTC diff --git a/docs/.gitkeep b/docs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/harness/attributes/common.yml b/harness/attributes/common.yml new file mode 100644 index 0000000..d616509 --- /dev/null +++ b/harness/attributes/common.yml @@ -0,0 +1,179 @@ + + +attributes.default: + + app: + # build - static|dynamic + # dynamic - volumes are mounted and the build step is run once the containers have started + # static - app is copied into console, built, then the resulting build is copied into the web image + build: dynamic + + # mode - development|production + # development - additional tooling is made available and application is run in development mode + # production - leaner images with less tooling and application is run in production mode + mode: development + + services: [mysql] + web_owner: www-data + web_group: www-data + web_writable_dirs: [] + web_writable_files: [] + + docker-sync: yes + + pipeline: + publish: + enabled: no + preview: + enabled: no + environment: ~ + cluster: + name: null + namespace: = @('workspace.name') ~ '-' ~ slugify(branch()) + hostname: = @('pipeline.preview.namespace') ~ '.example.com' + qa: + enabled: no + environment: ~ + branch: develop + cluster: + name: null + namespace: = @('workspace.name') ~ '-' ~ 'qa' + hostname: = @('pipeline.qa.namespace') ~ '.example.com' + + docker: + repository: = @("workspace.name") + config: null + image: + console: = 'my127/php:' ~ @('php.version') ~ '-fpm-stretch-console' + php-fpm: = 'my127/php:' ~ @('php.version') ~ '-fpm-stretch' + + composer: + auth: + basic: ~ + github: ~ + + backend: + path: /app + build: + when: -f "composer.json" + steps: + - task "composer:install" + install: + steps: [] + init: + steps: [] + migrate: + steps: [] + + frontend: + path: /app + watch: npm watch + build: + when: -f "package.json" + steps: + - run "npm install" + + git: + main_branch: develop + + nginx: + # used to set site specific configurations under server directive + site: + conf: [] + # used to set nginx global configurations under http directive + global: + conf: [] + + node: + # only set this attribute if you wish to override the supplied node version, by default + # the supplied version will be the current LTS. + version: null + + php: + version: 7.3 + cli: + ini: + memory_limit: -1 + fpm: + ini: + memory_limit: 1024M + ini: ~ + ext-xdebug: + enable: no + cli: + enable: no + config: + remote_enable: 1 + remote_autostart: 1 + remote_port: 9000 + remote_host: host.docker.internal + + assets: + remote: ="s3://"~@("aws.bucket")~"/development" + local: tools/assets/development + + database: + # possible types are mysql|postgres + type: mysql + host: mysql + user: app + pass: app + name: app + root_pass: DV6RdNY3QcFsBk7V + + domain: my127.site + hostname: = @('namespace') ~ '.' ~ @('domain') + + helm: + timeout: 300 + + tls: + key: | + -----BEGIN PRIVATE KEY----- + MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC9q3EMGDtDNKAt + CHyM1MfWUaIGsv5Zka7pfjIOKL/KvrSIVpZyyJ3lSALeRyyDDRZeYwkbkNdDJgir + FmD0vJkYifYWfGdIJmbjdm62LGyzDf79Ve8aQF0lLcedMhoCfu7+qciIYnjHdvkx + Y6Fo9CTZP7m+oSNmUjHdJD3scX4l3vodBK67Hpk+W2eEhwAxG5aFsspDnPi4L9ha + KlMps+eSn1hLLGYrmthtP2assckvdyL10hS7+OOZFmj5vxGNbQn2F4whiu06JmXL + oO8T9yd8XNN383FjREYKjrQcyJo3izvawEgrRi9mNKM9DhWuBdbYNe/cSgGfwBK6 + Kc9e8zCLAgMBAAECggEAVL6fOgoxoGuJDdX24G3KBCZhQKEFKDwBbO4nq0/lsc7X + lvspKYwdkG5Gac5fQwa78dxKG3jx1VzPDrJnC7KgrOgnfhCDjScrXYJzIQ5kWvRr + 9AFLXe1YMN5ti/zwxiC05DA0G0v0LxsnaDvdyKkdNbxVX6lbycH76ZTh3h0vgfeD + Wc8MMlRTa+ORWKoIZsm+qnNLhWQhhbmoA8LNkZqtJIOBZuyAu8vyXzrEFIhKqVzU + Jdz0S+xtgYUkoXCTgdYiqoFjlKhaIIV2Fc0vbc68ziIiu3ZtaVch7wNyftoXyjBr + hjI1GT1dr7NsQpPZ6xtqjGhIvUuVSeCSBZeeXkymAQKBgQDsxFb916gIxl3QQYPV + NiKPi3rZD5iuMTjy0937dhHWGGYlWW2GEE0XjWrmLUnGyLuxwA5kFgS0eMubbhTg + aeewHamHeN/pcJIF6HndJbqXLB148E8ux6grpQrHKpTb2RLOPkd6bAgn1SjPllCL + a/vVanevaJs8U27sKEfGND0aCwKBgQDNE7IzvD1JAUrzqzG9Lxg+NhaHQTQfW45W + cuHvESiyhc93kdufvcCTrrRRXSZOqDN26+64Ni62O/ulduq4qZmhG/lxqSz5mnpr + 2oV2Kg1C1EUC4V2B9WQoMOhvOa0esTVSm9hC4oX0kYIzl6HbVAUGe8JMXOoKTJkV + 3sAz0FbTgQKBgQC1CX+2wvIiG4NaHO4v1h/hAHajiDBnaQ2xZtzCTMpgmPFpt5Ju + QwKfcqt9ar2RuKUDyeV3E/ru/7o3k5l06qWUXWnmQz96oG+XAuZDeXjN5JZ4hc8V + 5uYo0R6HoYCHBdlCSA6hhf9Kbcuxxq65nIzH54uyXNrt6qHTAw22ePULdwKBgQCK + vp+a1ukToldGQfV1zA330Pou6dNMv9Gt9S2cY5yII3W4rKrNCUDn6ZO/VGkdYDjp + ZTft02KJEk3vpWOqKbxxvo5l8pImEPhwTbhruImeRCSojTaJPS9U7bnjvj68/CFa + UWvf3IfKbkOLijQMQmzf9Q0AQwBolWgg3sJki7iigQKBgQCf82eve3W/s/pZzKGi + WWACcZLmDTHeH2AU3ZDfFaEAKObe/cdHMgk8MGewf1IF6QDQXtaxHlM5/FKQ1ohu + uoe7Xo1R+KlrVRxKAlNQ5lfzhAAgDNaOhpgkH4cehfPrIIh9rwNMSkHDRS0DELvY + DPyRumPy7zTg5YPzzl7tM1/OPA== + -----END PRIVATE KEY----- + + crt: | + -----BEGIN CERTIFICATE----- + MIIC6zCCAdOgAwIBAgIJAI4syJyPEWAMMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNV + BAMMASowHhcNMTgwNzI0MTE1MjQ0WhcNMTkwNzI0MTE1MjQ0WjAMMQowCAYDVQQD + DAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvatxDBg7QzSgLQh8 + jNTH1lGiBrL+WZGu6X4yDii/yr60iFaWcsid5UgC3kcsgw0WXmMJG5DXQyYIqxZg + 9LyZGIn2FnxnSCZm43Zutixssw3+/VXvGkBdJS3HnTIaAn7u/qnIiGJ4x3b5MWOh + aPQk2T+5vqEjZlIx3SQ97HF+Jd76HQSuux6ZPltnhIcAMRuWhbLKQ5z4uC/YWipT + KbPnkp9YSyxmK5rYbT9mrLHJL3ci9dIUu/jjmRZo+b8RjW0J9heMIYrtOiZly6Dv + E/cnfFzTd/NxY0RGCo60HMiaN4s72sBIK0YvZjSjPQ4VrgXW2DXv3EoBn8ASuinP + XvMwiwIDAQABo1AwTjAdBgNVHQ4EFgQUK4SXDSeyVYbCWr31rz2K6GLRFoYwHwYD + VR0jBBgwFoAUK4SXDSeyVYbCWr31rz2K6GLRFoYwDAYDVR0TBAUwAwEB/zANBgkq + hkiG9w0BAQUFAAOCAQEAjz2PUbdi2S+h4UB3P2UBLdgDClkiSPF+gAqfw4D82faf + M8hpMuCcd3148dejU4tFPUdLx1MASK8ucCk7rcwVtafWPYU4nMDlmZ9Zj9F2Y8KY + dVfHfTIOblTSYc90g+nTFsTchkEFOH0nRZAKhCT3HphXNTZFNIQWoqe63SJZ8LTs + 8RBO/zcoh5E31+Rm0WxKlYH4QElLp9dXAtKueWGTafh2E8Re96IS+Uig+yC3RIYJ + MWLcATwR3lSnqN2ifByic5VGWbRKkGNsh3wAWlejL2FGv8mLU1q8nLK36UcU/HzZ + ziLtpidJOJHDpyDSAxDSxcP9fJ6gssMQln92DJ/SUQ== + -----END CERTIFICATE----- diff --git a/harness/attributes/environment/local.yml b/harness/attributes/environment/local.yml new file mode 100644 index 0000000..41505a5 --- /dev/null +++ b/harness/attributes/environment/local.yml @@ -0,0 +1,6 @@ + +attributes: + app: + build: dynamic + mode: development + version: develop \ No newline at end of file diff --git a/harness/attributes/environment/pipeline.yml b/harness/attributes/environment/pipeline.yml new file mode 100644 index 0000000..868faee --- /dev/null +++ b/harness/attributes/environment/pipeline.yml @@ -0,0 +1,7 @@ + +attributes: + namespace: =exec("git log -n 1 --pretty=format:'%H'") + hostname: =@('workspace.name') ~ '.' ~ @('domain') + app: + build: static + version: =exec("git log -n 1 --pretty=format:'%H'") diff --git a/harness/config/commands.yml b/harness/config/commands.yml new file mode 100644 index 0000000..ca90c7d --- /dev/null +++ b/harness/config/commands.yml @@ -0,0 +1,175 @@ + +command('enable'): + env: + USE_DOCKER_SYNC: = @('host.os') == 'darwin' and @('docker-sync') == 'yes' ? 'yes':'no' + APP_BUILD: = @('app.build') + APP_MODE: = @('app.mode') + NAMESPACE: = @('namespace') + HAS_ASSETS: = @('aws.bucket') !== null ? 'yes':'no' + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/) + source .my127ws/harness/scripts/enable.sh + +command('disable'): + env: + USE_DOCKER_SYNC: = (@('host.os') == 'darwin' and @('docker-sync') == 'yes') ? 'yes':'no' + NAMESPACE: = @('namespace') + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/) + source .my127ws/harness/scripts/disable.sh + +command('destroy'): + env: + NAMESPACE: = @('namespace') + APP_BUILD: = @('app.build') + APP_VERSION: = @('app.version') + DOCKER_REPOSITORY: = @('docker.repository') + USE_DOCKER_SYNC: = (@('host.os') == 'darwin' and @('docker-sync') == 'yes') ? 'yes':'no' + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + source .my127ws/harness/scripts/destroy.sh + +command('exec %'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|= + docker-compose exec -T -u build console ={ input.argument('%') } + +command('console'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + passthru docker-compose exec -u build console bash + +command('db-console'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + passthru "docker-compose exec console bash -c 'mysql -h\"\$DB_HOST\" -u\"\$DB_USER\" -p\"\$DB_PASS\" \"\$DB_NAME\"'" + +command('assets download'): + env: + AWS_ID: =@('aws.id') + AWS_KEY: =@('aws.key') + exec: | + #!bash(workspace:/)|@ + passthru ws.aws s3 sync @('assets.remote') @('assets.local') + +command('assets upload'): + env: + AWS_ID: =@('aws.id') + AWS_KEY: =@('aws.key') + exec: | + #!bash(workspace:/)|@ + passthru ws.aws s3 sync @('assets.local') @('assets.remote') + +command('feature docker-sync (on|off)'): + env: + ATTR_KEY: 'docker-sync' + ATTR_VAL: = input.command(3) == 'on' ? 'yes':'no' + exec: | + #!bash(workspace:/)|= + ws set $ATTR_KEY $ATTR_VAL + echo 'Updating docker-compose.yml' + run ws install --step=prepare + echo 'Bringing up the environment with the new setting' + if [[ "$ATTR_VAL" = "yes" ]]; then + passthru docker-sync start + fi + passthru ws enable + if [[ "$ATTR_VAL" = "no" ]]; then + passthru docker-sync stop + passthru docker-sync clean + fi + echo 'Done' + +command('frontend build'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + passthru "docker-compose exec -u build console bash -i -c 'app build:frontend'" + +command('frontend watch'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + passthru "docker-compose exec -u build console bash -i -c 'cd @('frontend.path'); @('frontend.watch')'" + +command('frontend console'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + passthru "docker-compose exec -u build console bash -i -c 'cd @('frontend.path'); bash'" + +command('port '): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|= + passthru docker port $(docker-compose ps -q ={input.argument('service')}) + +command('service php-fpm restart'): + env: + COMPOSE_PROJECT_NAME: = @('namespace') + exec: | + #!bash(workspace:/)|@ + passthru ws install --step=prepare + passthru "docker-compose exec console bash -c 'cp -r /.my127ws/docker/image/console/root/usr/local/etc/php/conf.d/* /usr/local/etc/php/conf.d/'" + passthru "docker-compose exec php-fpm bash -c 'cp -r /.my127ws/docker/image/php-fpm/root/usr/local/etc/php/conf.d/* /usr/local/etc/php/conf.d/'" + passthru docker-compose exec php-fpm supervisorctl restart php-fpm + +command('set '): + env: + ATTR_KEY: = input.argument('attribute') + ATTR_VAL: = input.argument('value') + exec: | + #!bash(workspace:/)|= + if [ ! -f workspace.override.yml ]; then + touch workspace.override.yml + fi + if grep -q "attribute('${ATTR_KEY}'):" workspace.override.yml; then + echo "Removing old '${ATTR_KEY}' setting from workspace.override.yml" + sed "/^attribute('${ATTR_KEY}'): .*$/d" workspace.override.yml > workspace.override.yml.tmp && mv workspace.override.yml.tmp workspace.override.yml + fi + if grep -q "attribute('${ATTR_KEY}'):" workspace.override.yml; then + echo 'Could not remove line from workspace.override.yml, failing' + exit 1 + fi + echo "Setting '${ATTR_KEY}' setting to '${ATTR_VAL}' in workspace.override.yml" + echo "attribute('${ATTR_KEY}'): ${ATTR_VAL}" >> workspace.override.yml + +command('feature xdebug (on|off)'): + env: + ATTR_KEY: 'php.ext-xdebug.enable' + ATTR_VAL: = input.command(3) == 'on' ? 'yes':'no' + exec: | + #!bash(workspace:/)|= + ws set $ATTR_KEY $ATTR_VAL + echo 'Updating templates in .my127ws/' + run ws install --step=prepare + echo 'Bringing up php-fpm with the new setting' + run ws service php-fpm restart + echo 'Done' + +command('feature xdebug cli (on|off)'): + env: + ATTR_KEY: 'php.ext-xdebug.cli.enable' + ATTR_VAL: = input.command(4) == 'on' ? 'yes':'no' + exec: | + #!bash(workspace:/)|= + ws set $ATTR_KEY $ATTR_VAL + echo 'Updating templates in .my127ws/' + run ws install --step=prepare + echo 'Bringing up console with the new setting' + run ws service php-fpm restart + echo 'Done' + diff --git a/harness/config/events.yml b/harness/config/events.yml new file mode 100644 index 0000000..6139a17 --- /dev/null +++ b/harness/config/events.yml @@ -0,0 +1,10 @@ + +after('harness.install'): | + #!bash + ws enable + +after('harness.refresh'): | + #!bash(harness:/)|@ + run docker-compose -p @('namespace') stop + run docker-compose -p @('namespace') pull + run docker-compose -p @('namespace') up -d --build diff --git a/harness/config/functions.yml b/harness/config/functions.yml new file mode 100644 index 0000000..119b294 --- /dev/null +++ b/harness/config/functions.yml @@ -0,0 +1,17 @@ +function('to_yaml', [text]): | + #!php + = preg_replace('/^/m', ' ', \Symfony\Component\Yaml\Yaml::dump($text, 100, 2)); + +function('branch'): | + #!bash(workspace:/) + =$(git branch | grep \* | cut -d ' ' -f2) + +function('slugify', [text]): | + #!php + $text = preg_replace('~[^\pL\d]+~u', '-', $text); + $text = iconv('utf-8', 'us-ascii//TRANSLIT', $text); + $text = preg_replace('~[^-\w]+~', '', $text); + $text = trim($text, '-'); + $text = preg_replace('~-+~', '-', $text); + $text = strtolower($text); + = $text; diff --git a/harness/config/pipeline.yml b/harness/config/pipeline.yml new file mode 100644 index 0000000..b14c795 --- /dev/null +++ b/harness/config/pipeline.yml @@ -0,0 +1,40 @@ + +command('app build'): | + #!bash(workspace:/)|@ + ws app build console + ws app build php-fpm + ws app build nginx + +command('app build console'): | + #!bash(workspace:/)|@ + passthru docker build -t @('docker.repository'):@('app.version')-console -f .my127ws/docker/image/console/Dockerfile . + +command('app build php-fpm'): | + #!bash(harness:/docker/image/php-fpm)|@ + passthru docker build -t @('docker.repository'):@('app.version')-php-fpm . + +command('app build nginx'): | + #!bash(harness:/docker/image/nginx)|@ + passthru docker build -t @('docker.repository'):@('app.version')-nginx . + +command('app publish'): | + #!bash(workspace:/)|@ + run docker login -u="@('docker.username')" -p="@('docker.password')" @('docker.repository') + run docker push @('docker.repository'):@('app.version')-console + run docker push @('docker.repository'):@('app.version')-php-fpm + run docker push @('docker.repository'):@('app.version')-nginx + run docker logout @('docker.repository') + +command('app deploy '): + env: + ENVIRONMENT: = input.argument('environment') + NAMESPACE: = @('pipeline.' ~ input.argument('environment') ~ '.namespace') + CLUSTER: = @('pipeline.' ~ input.argument('environment') ~ '.cluster.name') + TIMEOUT: = @('helm.timeout') + exec: | + #!bash(harness:/helm)|= + cd "${ENVIRONMENT}" + doctl -t $DO_ACCESS_TOKEN kubernetes cluster kubeconfig show $CLUSTER > kubectl.config.yaml + passthru helm init --client-only + passthru helm dependency build + passthru helm --kubeconfig=$PWD/kubectl.config.yaml upgrade --wait --install --timeout "${TIMEOUT}" --namespace "${NAMESPACE}" "${NAMESPACE}" ./ diff --git a/harness/scripts/destroy.sh b/harness/scripts/destroy.sh new file mode 100755 index 0000000..ee037a8 --- /dev/null +++ b/harness/scripts/destroy.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +run docker-compose down --rmi local --volumes --remove-orphans + +if [[ "$USE_DOCKER_SYNC" = "yes" ]]; then + run docker-sync stop + run docker rm "${NAMESPACE}-sync" + run docker volume rm "${NAMESPACE}-sync" +fi + +if [[ "$APP_BUILD" = "static" ]]; then + run "docker images --filter=reference='${DOCKER_REPOSITORY}:${APP_VERSION}-*' -q | xargs --no-run-if-empty docker image rm --force" +fi + +run rm -f .my127ws/.flag-built diff --git a/harness/scripts/disable.sh b/harness/scripts/disable.sh new file mode 100755 index 0000000..fcb356b --- /dev/null +++ b/harness/scripts/disable.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +if [[ "$USE_DOCKER_SYNC" = "yes" ]]; then + run docker-sync stop +fi + +run docker-compose stop diff --git a/harness/scripts/enable.sh b/harness/scripts/enable.sh new file mode 100755 index 0000000..bf1db5f --- /dev/null +++ b/harness/scripts/enable.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash + +main() +{ + if [ ! -f .my127ws/.flag-built ]; then + + passthru docker-compose down + + if [[ "$HAS_ASSETS" = "yes" ]]; then + ws assets download + fi + + $APP_BUILD + touch .my127ws/.flag-built + + else + passthru docker-compose up -d + passthru docker-compose exec -T -u build console app welcome + fi + + if [[ "$APP_BUILD" = "dynamic" && "$USE_DOCKER_SYNC" = "yes" ]]; then + passthru docker-sync start + fi +} + +dynamic() +{ + # we synchronise then stop docker-sync as leaving it running during the build + # will often cause it to crash. + + if [[ "$USE_DOCKER_SYNC" = "yes" ]]; then + passthru gem install docker-sync --no-ri --no-rdoc + passthru docker-sync start + passthru docker-sync stop + fi + + passthru docker-compose pull + passthru docker-compose build --pull + passthru docker-compose up -d + + passthru docker-compose exec -T -u build console app build + passthru docker-compose exec -T -u build console app init +} + +static() +{ + ws app build + + passthru docker-compose up -d + passthru docker-compose exec -T -u build console app init +} + +main diff --git a/helm/app/Chart.yaml b/helm/app/Chart.yaml new file mode 100644 index 0000000..2667212 --- /dev/null +++ b/helm/app/Chart.yaml @@ -0,0 +1,5 @@ +name: app +description: Base helm chart for the app +version: 0.0.1 +sources: +home: diff --git a/helm/app/_twig/values.yaml/environment.yml.twig b/helm/app/_twig/values.yaml/environment.yml.twig new file mode 100644 index 0000000..2f640a0 --- /dev/null +++ b/helm/app/_twig/values.yaml/environment.yml.twig @@ -0,0 +1,8 @@ + HOST_OS_FAMILY: {{ @('host.os') }} + APP_NAME: {{ @('workspace.name') }} + APP_HOST: {{ @('workspace.name') }} + DB_HOST: {{ @('database.host') }} + DB_USER: {{ @('database.user') }} + DB_PASS: {{ @('database.pass') }} + DB_NAME: {{ @('database.name') }} + DB_ROOT_PASS: {{ @('database.root_pass') }} diff --git a/helm/app/templates/application/app-init.yaml b/helm/app/templates/application/app-init.yaml new file mode 100644 index 0000000..b2adae6 --- /dev/null +++ b/helm/app/templates/application/app-init.yaml @@ -0,0 +1,22 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: app-init + annotations: + helm.sh/hook: "post-install" +spec: + template: + spec: + containers: + - env: + {{ range $key, $value := .Values.environment }} + - name: {{ $key }} + value: "{{ $value }}" + {{ end }} + image: {{ .Values.docker.image.console }} + imagePullPolicy: Always + name: app-init + command: ["app", "init"] + imagePullSecrets: + - name: docker-config + restartPolicy: Never diff --git a/helm/app/templates/application/app-migrate.yaml b/helm/app/templates/application/app-migrate.yaml new file mode 100644 index 0000000..e2e0c26 --- /dev/null +++ b/helm/app/templates/application/app-migrate.yaml @@ -0,0 +1,23 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: app-migrate + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-delete-policy: "before-hook-creation" +spec: + template: + spec: + containers: + - env: + {{ range $key, $value := .Values.environment }} + - name: {{ $key }} + value: "{{ $value }}" + {{ end }} + image: {{ .Values.docker.image.console }} + imagePullPolicy: Always + name: app-migrate + command: ["app", "migrate"] + imagePullSecrets: + - name: docker-config + restartPolicy: Never diff --git a/helm/app/templates/application/console/deployment.yaml b/helm/app/templates/application/console/deployment.yaml new file mode 100644 index 0000000..2225cc0 --- /dev/null +++ b/helm/app/templates/application/console/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: console + labels: + app.service: console +spec: + replicas: 1 + selector: + matchLabels: + app.service: console + template: + metadata: + labels: + app.service: console + spec: + containers: + - env: + {{ range $key, $value := .Values.environment }} + - name: {{ $key }} + value: "{{ $value }}" + {{ end }} + image: {{ .Values.docker.image.console }} + imagePullPolicy: Always + name: console + resources: {} + readinessProbe: + exec: + command: + - app + - state + initialDelaySeconds: 20 + periodSeconds: 10 + imagePullSecrets: + - name: docker-config + restartPolicy: Always + +status: {} diff --git a/helm/app/templates/application/docker-config.yaml b/helm/app/templates/application/docker-config.yaml new file mode 100644 index 0000000..95ecd31 --- /dev/null +++ b/helm/app/templates/application/docker-config.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: docker-config +data: + .dockerconfigjson: {{ .Values.docker.config }} +type: kubernetes.io/dockerconfigjson diff --git a/helm/app/templates/application/nginx/deployment.yaml b/helm/app/templates/application/nginx/deployment.yaml new file mode 100644 index 0000000..85319da --- /dev/null +++ b/helm/app/templates/application/nginx/deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + labels: + app.service: nginx +spec: + replicas: 1 + selector: + matchLabels: + app.service: nginx + template: + metadata: + labels: + app.service: nginx + spec: + containers: + - image: {{ .Values.docker.image.nginx }} + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + resources: {} + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 5 + periodSeconds: 10 + imagePullSecrets: + - name: docker-config + restartPolicy: Always +status: {} diff --git a/helm/app/templates/application/nginx/ingress.yaml b/helm/app/templates/application/nginx/ingress.yaml new file mode 100644 index 0000000..19f44b4 --- /dev/null +++ b/helm/app/templates/application/nginx/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + creationTimestamp: null + labels: + app.service: nginx + name: nginx +spec: + rules: + - host: {{ .Values.environment.APP_HOST }} + http: + paths: + - backend: + serviceName: nginx + servicePort: 80 +status: + loadBalancer: {} diff --git a/helm/app/templates/application/nginx/service.yaml b/helm/app/templates/application/nginx/service.yaml new file mode 100644 index 0000000..1110d48 --- /dev/null +++ b/helm/app/templates/application/nginx/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.service: nginx + name: nginx +spec: + ports: + - name: "80" + port: 80 + targetPort: 80 + selector: + app.service: nginx +status: + loadBalancer: {} diff --git a/helm/app/templates/application/php-fpm/deployment.yaml b/helm/app/templates/application/php-fpm/deployment.yaml new file mode 100644 index 0000000..fa42dd2 --- /dev/null +++ b/helm/app/templates/application/php-fpm/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: php-fpm + labels: + app.service: php-fpm +spec: + replicas: 1 + selector: + matchLabels: + app.service: php-fpm + template: + metadata: + labels: + app.service: php-fpm + spec: + containers: + - env: + {{ range $key, $value := .Values.environment }} + - name: {{ $key }} + value: "{{ $value }}" + {{ end }} + image: {{ .Values.docker.image.fpm }} + imagePullPolicy: Always + name: php-fpm + ports: + - containerPort: 9000 + resources: {} + readinessProbe: + tcpSocket: + port: 9000 + initialDelaySeconds: 5 + periodSeconds: 10 + imagePullSecrets: + - name: docker-config + restartPolicy: Always +status: {} diff --git a/helm/app/templates/application/php-fpm/service.yaml b/helm/app/templates/application/php-fpm/service.yaml new file mode 100644 index 0000000..e8b1b2e --- /dev/null +++ b/helm/app/templates/application/php-fpm/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.service: php-fpm + name: php-fpm +spec: + ports: + - name: "9000" + port: 9000 + targetPort: 9000 + selector: + app.service: php-fpm +status: + loadBalancer: {} diff --git a/helm/app/templates/service/memcached/.gitkeep b/helm/app/templates/service/memcached/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/helm/app/templates/service/mysql/deployment.yaml b/helm/app/templates/service/mysql/deployment.yaml new file mode 100644 index 0000000..f8e3911 --- /dev/null +++ b/helm/app/templates/service/mysql/deployment.yaml @@ -0,0 +1,51 @@ +{{ if .Values.service.mysql }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + app.service: mysql +spec: + replicas: 1 + selector: + matchLabels: + app.service: mysql + template: + metadata: + labels: + app.service: mysql + spec: + containers: + - env: + - name: MYSQL_DATABASE + value: {{ .Values.environment.DB_NAME }} + - name: MYSQL_PASSWORD + value: {{ .Values.environment.DB_PASS }} + - name: MYSQL_ROOT_PASSWORD + value: {{ .Values.environment.DB_ROOT_PASS }} + - name: MYSQL_USER + value: {{ .Values.environment.DB_USER }} + image: mysql:5.7 + imagePullPolicy: Always + name: mysql + args: + - --ignore-db-dir + - lost+found + ports: + - containerPort: 3306 + resources: {} + readinessProbe: + tcpSocket: + port: 3306 + initialDelaySeconds: 5 + periodSeconds: 10 + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + restartPolicy: Always + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +status: {} +{{ end }} diff --git a/helm/app/templates/service/mysql/pvc.yaml b/helm/app/templates/service/mysql/pvc.yaml new file mode 100644 index 0000000..5336639 --- /dev/null +++ b/helm/app/templates/service/mysql/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim + labels: + app.service: mysql +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi diff --git a/helm/app/templates/service/mysql/service.yaml b/helm/app/templates/service/mysql/service.yaml new file mode 100644 index 0000000..7aff908 --- /dev/null +++ b/helm/app/templates/service/mysql/service.yaml @@ -0,0 +1,17 @@ +{{ if .Values.service.mysql }} +apiVersion: v1 +kind: Service +metadata: + labels: + app.service: mysql + name: mysql +spec: + ports: + - name: "3306" + port: 3306 + targetPort: 3306 + selector: + app.service: mysql +status: + loadBalancer: {} +{{ end }} diff --git a/helm/app/templates/service/postgres/deployment.yaml b/helm/app/templates/service/postgres/deployment.yaml new file mode 100644 index 0000000..1a522da --- /dev/null +++ b/helm/app/templates/service/postgres/deployment.yaml @@ -0,0 +1,48 @@ +{{ if .Values.service.postgres }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres + labels: + app.service: postgres +spec: + replicas: 1 + selector: + matchLabels: + app.service: postgres + template: + metadata: + labels: + app.service: postgres + spec: + containers: + - env: + - name: POSTGRES_DB + value: {{ .Values.environment.DB_NAME }} + - name: POSTGRES_PASSWORD + value: {{ .Values.environment.DB_PASS }} + - name: POSTGRES_USER + value: {{ .Values.environment.DB_USER }} + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + image: postgres:9.6 + imagePullPolicy: Always + name: postgres + ports: + - containerPort: 5432 + resources: {} + readinessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + volumeMounts: + - name: postgres-persistent-storage + mountPath: /var/lib/postgresql/data + restartPolicy: Always + volumes: + - name: postgres-persistent-storage + persistentVolumeClaim: + claimName: postgres-pv-claim +status: {} +{{ end }} diff --git a/helm/app/templates/service/postgres/pvc.yaml b/helm/app/templates/service/postgres/pvc.yaml new file mode 100644 index 0000000..7949d6a --- /dev/null +++ b/helm/app/templates/service/postgres/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-pv-claim + labels: + app.service: postgres +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi \ No newline at end of file diff --git a/helm/app/templates/service/postgres/service.yaml b/helm/app/templates/service/postgres/service.yaml new file mode 100644 index 0000000..41a79f6 --- /dev/null +++ b/helm/app/templates/service/postgres/service.yaml @@ -0,0 +1,17 @@ +{{ if .Values.service.postgres }} +apiVersion: v1 +kind: Service +metadata: + labels: + app.service: postgres + name: postgres +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + selector: + app.service: postgres +status: + loadBalancer: {} +{{ end }} diff --git a/helm/app/templates/service/redis-session/deployment.yaml b/helm/app/templates/service/redis-session/deployment.yaml new file mode 100644 index 0000000..a934d84 --- /dev/null +++ b/helm/app/templates/service/redis-session/deployment.yaml @@ -0,0 +1,47 @@ +{{ if .Values.service.redis_session }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-session + labels: + app.service: redis-session +spec: + replicas: 1 + selector: + matchLabels: + app.service: php-fpm + template: + metadata: + labels: + app.service: redis-session + spec: + containers: + - args: + - redis-server + - --maxmemory + - "1073742000" + - --maxmemory-policy + - volatile-ttl + - --save + - "3600" + - "1" + - --save + - "300" + - "100" + - --save + - "60" + - "10000" + image: redis:4-alpine + imagePullPolicy: Always + name: redis-session + ports: + - containerPort: 6379 + resources: {} + readinessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 5 + periodSeconds: 10 + restartPolicy: Always +status: {} +{{ end }} \ No newline at end of file diff --git a/helm/app/templates/service/redis-session/service.yaml b/helm/app/templates/service/redis-session/service.yaml new file mode 100644 index 0000000..459b4c6 --- /dev/null +++ b/helm/app/templates/service/redis-session/service.yaml @@ -0,0 +1,17 @@ +{{ if .Values.service.redis_session }} +apiVersion: v1 +kind: Service +metadata: + labels: + app.service: redis-session + name: redis-session +spec: + ports: + - name: "6379" + port: 6379 + targetPort: 6379 + selector: + app.service: redis-session +status: + loadBalancer: {} +{{ end }} \ No newline at end of file diff --git a/helm/app/templates/service/redis/deployment.yaml b/helm/app/templates/service/redis/deployment.yaml new file mode 100644 index 0000000..f7164c9 --- /dev/null +++ b/helm/app/templates/service/redis/deployment.yaml @@ -0,0 +1,48 @@ +{{ if .Values.service.redis }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + labels: + app.service: redis +spec: + replicas: 1 + selector: + matchLabels: + app.service: redis + template: + metadata: + creationTimestamp: null + labels: + app.service: redis + spec: + containers: + - args: + - redis-server + - --maxmemory + - "1073742000" + - --maxmemory-policy + - allkeys-lru + - --save + - "3600" + - "1" + - --save + - "300" + - "100" + - --save + - "60" + - "10000" + image: redis:4-alpine + imagePullPolicy: Always + name: redis + ports: + - containerPort: 6379 + resources: {} + readinessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 5 + periodSeconds: 10 + restartPolicy: Always +status: {} +{{ end }} \ No newline at end of file diff --git a/helm/app/templates/service/redis/service.yaml b/helm/app/templates/service/redis/service.yaml new file mode 100644 index 0000000..a117995 --- /dev/null +++ b/helm/app/templates/service/redis/service.yaml @@ -0,0 +1,17 @@ +{{ if .Values.service.redis }} +apiVersion: v1 +kind: Service +metadata: + labels: + app.service: redis + name: redis +spec: + ports: + - name: "6379" + port: 6379 + targetPort: 6379 + selector: + app.service: redis +status: + loadBalancer: {} +{{ end }} \ No newline at end of file diff --git a/helm/app/values.yaml.twig b/helm/app/values.yaml.twig new file mode 100644 index 0000000..a549fb4 --- /dev/null +++ b/helm/app/values.yaml.twig @@ -0,0 +1,15 @@ +{% set blocks = 'helm/app/_twig/values.yaml/' %} +environment: +{% include blocks ~ 'environment.yml.twig' %} +docker: + config: {{ @('docker.config') }} + image: + console: {{ @('docker.repository') ~ ':' ~ @('app.version') ~ '-console' }} + fpm: {{ @('docker.repository') ~ ':' ~ @('app.version') ~ '-php-fpm' }} + nginx: {{ @('docker.repository') ~ ':' ~ @('app.version') ~ '-nginx' }} +service: + mysql: {{ ("mysql" in @('app.services')) ? 'true' : 'false' }} + postgres: {{ ("postgres" in @('app.services')) ? 'true' : 'false' }} + redis: {{ ("redis" in @('app.services')) ? 'true' : 'false' }} + redis_session: {{ ("redis-session" in @('app.services')) ? 'true' : 'false' }} + memcached: {{ ("memcached" in @('app.services')) ? 'true' : 'false' }} diff --git a/helm/qa/Chart.yaml b/helm/qa/Chart.yaml new file mode 100644 index 0000000..89e4ca1 --- /dev/null +++ b/helm/qa/Chart.yaml @@ -0,0 +1,5 @@ +name: app-qa +description: Base helm chart for the app-qa environment +version: 0.0.1 +sources: +home: diff --git a/helm/qa/requirements.yaml b/helm/qa/requirements.yaml new file mode 100644 index 0000000..ab863cb --- /dev/null +++ b/helm/qa/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: app + version: 0.0.1 + repository: "file://../app" diff --git a/helm/qa/values.yaml.twig b/helm/qa/values.yaml.twig new file mode 100644 index 0000000..81bedf1 --- /dev/null +++ b/helm/qa/values.yaml.twig @@ -0,0 +1,3 @@ +app: + environment: + APP_HOST: {{ @('pipeline.qa.hostname') }}