From 15ae872bf004420fb7ed51395d96e891918a8d6e Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 01/13] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7b66316..ac87b8a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -47,7 +47,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From 7bd36be276b282fe06b2a3098c55aa2857e156e1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 02/13] trigger cd From 6c7dbab376f99a4e8fd87398bfe53ae6b1d708d9 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 03/13] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From 1d23948d74a9d6146038e6b6d42cd148a2b69989 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 04/13] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ac87b8a..369d3e4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -42,6 +42,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -53,6 +54,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=${{ github.ref_name }} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -125,6 +129,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index d9a56fe..5d978fa 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -50,7 +53,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 1338bcec390e27ac083e6c104845a16cb518c172 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 05/13] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5d978fa..e9f16a8 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -53,7 +53,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From bd75668f3dcbdde6ac3ef8fc83916e3482d6de41 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:52:45 +0200 Subject: [PATCH 06/13] Fix Dockerfile --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index becedd2..bc3bb4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact ARG PHP_VERSION=8.1 -ARG CADDY_VERSION=2 +ARG CADDY_VERSION=2.8.4 # yarn build FROM gmolaire/yarn AS yarn_build @@ -24,7 +24,7 @@ RUN yarn build FROM php:${PHP_VERSION}-fpm-alpine AS app_php # needed for security update until base image is updated -RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto3 libssl3 +#RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto3 libssl3 # Allow to use development versions of Symfony ARG STABILITY="stable" @@ -188,7 +188,7 @@ RUN rm -f .env.local.php # Temporary fix for https://github.com/dunglas/mercure/issues/770 # https://github.com/dunglas/symfony-docker/pull/407/files -FROM caddy:2.7-builder-alpine AS app_caddy_builder +FROM caddy:2.8.4-builder-alpine AS app_caddy_builder # RUN xcaddy build \ # --with github.com/dunglas/mercure \ @@ -204,7 +204,7 @@ RUN xcaddy build \ FROM caddy:${CADDY_VERSION} AS app_caddy # needed for security update until base image is updated -RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto1.1 libssl1.1 libcrypto3 libssl3 +#RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto1.1 libssl1.1 libcrypto3 libssl3 WORKDIR /srv/app From 628ee95a596f9fcd0692e24cf07ca809b67f0817 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 07/13] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 ++ helm/chart/templates/fixtures-job.yaml | 2 ++ helm/chart/values.yaml | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index fa244e2..2d6a0fb 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.php.fixtureCron.enabled }} apiVersion: batch/v1 kind: CronJob metadata: @@ -197,3 +198,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} +{{ - end }} \ No newline at end of file diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 45f9245..55c2a86 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -208,3 +209,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{ - end }} \ No newline at end of file diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index e9f16a8..c718313 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -33,6 +33,10 @@ php: usePathStyleEndpoint: true publicKey: "" secret: "" + fixtureJob: + enabled: false + fixtureCron: + enabled: false maildev: enabled: false From 9350f9fd4f4b05da98db9d757256447d194ac191 Mon Sep 17 00:00:00 2001 From: Thomas SAMSON <93578303+ThomasSamson@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:35:00 +0200 Subject: [PATCH 08/13] Update fixtures-job.yaml --- helm/chart/templates/fixtures-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 55c2a86..485e5ed 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -209,4 +209,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{ - end }} \ No newline at end of file +{{- end }} From 86636774cf2c9a18a934b20f78aabd4772cf057a Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:47:54 +0200 Subject: [PATCH 09/13] Fix cron --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index 2d6a0fb..ea38541 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -198,4 +198,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{ - end }} \ No newline at end of file +{{- end }} \ No newline at end of file From b7ccc3862c7d24362b19b18c264fde3be32fdea2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 10/13] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From d27429219cd70bcab14c139f9bee110f4aed56fd Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 11/13] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 619370e9bc2e6ff3a102f065d2f83ef58a370a31 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 12/13] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 369d3e4..4c2e706 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,6 +27,9 @@ on: mailer-dsn: description: Mailer DSN required: true + sms-dsn: + description: SMS DSN + required: true jobs: @@ -123,6 +126,7 @@ jobs: --set=postgresql.url="${{ secrets.database-url }}" \ --set=payum.apikey="${{ secrets.payum-apikey }}" \ --set=mailer.dsn="${{ secrets.mailer-dsn }}" \ + --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=php.storage.bucket="${{ vars.STORAGE_BUCKET }}" \ --set=php.storage.endpoint="https://storage.googleapis.com" \ --set=php.storage.region="eu-west-1" \ From 1df6f8174f5c3fc19d9690c32c27262aad29b803 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 13/13] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file