Adding the files to build the prod docker image (#270)

* Adding the files to build the prod docker image * Moving from CMD to ENTRYPOINT * Moving back to CMD * Docker: minor path fixes * GHA docker: Update actions to their latest versions * Add devconf config to parameters.yaml.dist --------- Co-authored-by: Bart Geesink <[email protected]>
OpenConext · Apr 2, 2024 · f269e05 · f269e05
1 parent 367be28
commit f269e05
Show file tree

Hide file tree

Showing 6 changed files with 154 additions and 60 deletions.
diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml
@@ -0,0 +1,59 @@
+name: build-push-docker-image
+
+on:
+  push:
+    branches: feature/docker_configs
+  workflow_dispatch:
+
+jobs:
+  build-push-docker-image:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get the latest release
+        id: release
+        uses: robinraju/[email protected]
+        with:
+          latest: true
+          fileName: "*.tar.gz"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set docker metadata for the container
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/openconext/openconext-profile/profile
+          tags: |
+            type=ref,event=tag
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build and push the Production image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: docker/Dockerfile.prod
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
@@ -52,4 +52,13 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          release_id: ${{ steps.create_release.outputs.id }}
+          release_id: ${{ steps.create_release.outputs.id }}
+
+  after_build:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger Docker container build
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: build-push-docker-image.yml
diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist
@@ -1,59 +1,59 @@
 parameters:
-    secret: ThisTokenIsNotSoSecretChangeIt
-    # Available translation languages: en, nl, pt
-    locales: [en, nl]
-    default_locale: en
-    open_conext_locale_cookie_key: lang
-    open_conext_locale_cookie_domain: .vm.openconext.org
-    open_conext_locale_cookie_expires_in: "+2 months"
-    open_conext_locale_cookie_http_only: false
-    open_conext_locale_cookie_secure: true
-
-    saml_sp_publickey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
-    saml_sp_privatekey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
-    saml_metadata_publickey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
-    saml_metadata_privatekey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
-
-    saml_remote_idp_entity_id: https://engine.vm.openconext.org/authentication/idp/metadata
-    saml_remote_idp_sso_url: https://engine.vm.openconext.org/authentication/idp/single-sign-on
-    saml_remote_idp_host: engine.vm.openconext.org
-    saml_remote_idp_certificate_file: /etc/openconext/engineblock.crt
-
-    engineblock_api_base_url: 'https://engine-api.vm.openconext.org/'
-    engineblock_api_username: profile
-    engineblock_api_password: secret
-    engineblock_api_verify_ssl: true
-
-    user_lifecycle_enabled: true
-    user_lifecycle_api_base_url: 'https://userlifecycle.vm.openconext.org/'
-    user_lifecycle_api_username: userlifecycle
-    user_lifecycle_api_password: secret
-    user_lifecycle_api_verify_ssl: true
-
-    attribute_aggregation_api_base_url: 'https://aa.vm.openconext.org/aa/api/internal/'
-    attribute_aggregation_api_username: eb
-    attribute_aggregation_api_password: secret
-    attribute_aggregation_api_verify_ssl: true
-
-    # orcid aa attribute settings for orcid
-    attribute_aggregation_orcid_logo_path: 'build/images/orcid.png'
-    attribute_aggregation_orcid_connect_url: 'https://link.surfconext.nl/orcid?redirectUrl=https://profile.surfconext.nl/my-connections'
-
-    # Example: smtp://user:pass@host:port/?timeout=60&encryption=ssl&auth_mode=login&...
-    mailer_url: smtp://localhost:25
-
-    attribute_support_email_from: [email protected]
-    attribute_support_email_to: [email protected]
-
-    # The email addresses used for sending the information request email message
-    information_request_email_from: [email protected]
-    information_request_email_to: [email protected]
-
-    remove_consent_enabled: false
-
-    # Session handler override
-    # Change to the following to use the database to store sessions:  
-    #session_handler: 'Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler'
-    session_handler: ~
-    # Database settings when using a db to store sessions. Unused in the default setup
-    dsn: mysql://profilerw:secret@localhost/profile?serverVersion=5.7
+  secret: ThisTokenIsNotSoSecretChangeIt
+  # Available translation languages: en, nl, pt
+  locales: [en, nl]
+  default_locale: en
+  open_conext_locale_cookie_key: lang
+  open_conext_locale_cookie_domain: .dev.openconext.local
+  open_conext_locale_cookie_expires_in: "+2 months"
+  open_conext_locale_cookie_http_only: false
+  open_conext_locale_cookie_secure: true
+
+  saml_sp_publickey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
+  saml_sp_privatekey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
+  saml_metadata_publickey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_publickey.cer
+  saml_metadata_privatekey: ../vendor/surfnet/stepup-saml-bundle/src/Resources/keys/development_privatekey.pem
+
+  saml_remote_idp_entity_id: https://engine.dev.openconext.local/authentication/idp/metadata
+  saml_remote_idp_sso_url: https://engine.dev.openconext.local/authentication/idp/single-sign-on
+  saml_remote_idp_host: engine.dev.openconext.local
+  saml_remote_idp_certificate_file: /config/engine/engineblock.crt
+
+  engineblock_api_base_url: "https://engine-api.dev.openconext.local/"
+  engineblock_api_username: profile
+  engineblock_api_password: secret
+  engineblock_api_verify_ssl: true
+
+  user_lifecycle_enabled: true
+  user_lifecycle_api_base_url: "https://userlifecycle.dev.openconext.local/"
+  user_lifecycle_api_username: userlifecycle
+  user_lifecycle_api_password: secret
+  user_lifecycle_api_verify_ssl: true
+
+  attribute_aggregation_api_base_url: "https://aa.dev.openconext.local/aa/api/internal/"
+  attribute_aggregation_api_username: eb
+  attribute_aggregation_api_password: secret
+  attribute_aggregation_api_verify_ssl: true
+
+  # orcid aa attribute settings for orcid
+  attribute_aggregation_orcid_logo_path: "build/images/orcid.png"
+  attribute_aggregation_orcid_connect_url: "https://link.surfconext.nl/orcid?redirectUrl=https://profile.surfconext.nl/my-connections"
+
+  # Example: smtp://user:pass@host:port/?timeout=60&encryption=ssl&auth_mode=login&...
+  mailer_url: smtp://mailcatcher:25
+
+  attribute_support_email_from: [email protected]
+  attribute_support_email_to: [email protected]
+
+  # The email addresses used for sending the information request email message
+  information_request_email_from: [email protected]
+  information_request_email_to: [email protected]
+
+  remove_consent_enabled: false
+
+  # Session handler override
+  # Change to the following to use the database to store sessions:
+  #session_handler: 'Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler'
+  session_handler: ~
+  # Database settings when using a db to store sessions. Unused in the default setup
+  dsn: mysql://profilerw:secret@localhost/profile?serverVersion=5.7
diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod
@@ -0,0 +1,15 @@
+FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest
+COPY *.tar.gz /tmp/
+RUN tar --strip-components=1 -xvzf /tmp/*.tar.gz -C /var/www/html/ && \
+  rm -rf /tmp/*.tar.bz2
+
+# Add the config files for Apache2
+RUN rm -rf /etc/apache2/sites-enabled/*
+COPY ./docker/conf/000-default.conf /etc/apache2/sites-enabled/profile.conf
+COPY ./docker/conf/monolog.yaml /var/www/html/config/packages/
+
+
+# Set the default workdir
+WORKDIR /var/www/html
+EXPOSE 80
+CMD ["apache2-foreground"]
diff --git a/docker/conf/000-default.conf b/docker/conf/000-default.conf
@@ -14,8 +14,9 @@ ServerTokens Prod
 
 Header set Referrer-Policy "origin-when-cross-origin"
 
+# Set the php application handler so mod_php interpets the files
 <FilesMatch \.php$>
-  SetHandler "proxy:fcgi://profile_php-fpm:9000"
+    SetHandler application/x-httpd-php
 </FilesMatch>
 
 ExpiresActive on

diff --git a/docker/conf/monolog.yaml b/docker/conf/monolog.yaml
@@ -0,0 +1,10 @@
+monolog:
+  handlers:
+    main:
+      type: fingers_crossed
+      action_level: ERROR
+      passthru_level: NOTICE
+      handler: stdout
+    stdout:
+      type:     stream
+      path:     php://stderr