From 15ae872bf004420fb7ed51395d96e891918a8d6e Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 01/91] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7b66316..ac87b8a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -47,7 +47,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From 7bd36be276b282fe06b2a3098c55aa2857e156e1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 02/91] trigger cd From 6c7dbab376f99a4e8fd87398bfe53ae6b1d708d9 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 03/91] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From 1d23948d74a9d6146038e6b6d42cd148a2b69989 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 04/91] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ac87b8a..369d3e4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -42,6 +42,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -53,6 +54,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=${{ github.ref_name }} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -125,6 +129,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index d9a56fe..5d978fa 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -50,7 +53,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 1338bcec390e27ac083e6c104845a16cb518c172 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 05/91] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5d978fa..e9f16a8 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -53,7 +53,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From bd75668f3dcbdde6ac3ef8fc83916e3482d6de41 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:52:45 +0200 Subject: [PATCH 06/91] Fix Dockerfile --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index becedd2..bc3bb4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact ARG PHP_VERSION=8.1 -ARG CADDY_VERSION=2 +ARG CADDY_VERSION=2.8.4 # yarn build FROM gmolaire/yarn AS yarn_build @@ -24,7 +24,7 @@ RUN yarn build FROM php:${PHP_VERSION}-fpm-alpine AS app_php # needed for security update until base image is updated -RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto3 libssl3 +#RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto3 libssl3 # Allow to use development versions of Symfony ARG STABILITY="stable" @@ -188,7 +188,7 @@ RUN rm -f .env.local.php # Temporary fix for https://github.com/dunglas/mercure/issues/770 # https://github.com/dunglas/symfony-docker/pull/407/files -FROM caddy:2.7-builder-alpine AS app_caddy_builder +FROM caddy:2.8.4-builder-alpine AS app_caddy_builder # RUN xcaddy build \ # --with github.com/dunglas/mercure \ @@ -204,7 +204,7 @@ RUN xcaddy build \ FROM caddy:${CADDY_VERSION} AS app_caddy # needed for security update until base image is updated -RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto1.1 libssl1.1 libcrypto3 libssl3 +#RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto1.1 libssl1.1 libcrypto3 libssl3 WORKDIR /srv/app From 628ee95a596f9fcd0692e24cf07ca809b67f0817 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 07/91] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 ++ helm/chart/templates/fixtures-job.yaml | 2 ++ helm/chart/values.yaml | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index fa244e2..2d6a0fb 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.php.fixtureCron.enabled }} apiVersion: batch/v1 kind: CronJob metadata: @@ -197,3 +198,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} +{{ - end }} \ No newline at end of file diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 45f9245..55c2a86 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -208,3 +209,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{ - end }} \ No newline at end of file diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index e9f16a8..c718313 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -33,6 +33,10 @@ php: usePathStyleEndpoint: true publicKey: "" secret: "" + fixtureJob: + enabled: false + fixtureCron: + enabled: false maildev: enabled: false From 9350f9fd4f4b05da98db9d757256447d194ac191 Mon Sep 17 00:00:00 2001 From: Thomas SAMSON <93578303+ThomasSamson@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:35:00 +0200 Subject: [PATCH 08/91] Update fixtures-job.yaml --- helm/chart/templates/fixtures-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 55c2a86..485e5ed 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -209,4 +209,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{ - end }} \ No newline at end of file +{{- end }} From 86636774cf2c9a18a934b20f78aabd4772cf057a Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:47:54 +0200 Subject: [PATCH 09/91] Fix cron --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index 2d6a0fb..ea38541 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -198,4 +198,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{ - end }} \ No newline at end of file +{{- end }} \ No newline at end of file From b7ccc3862c7d24362b19b18c264fde3be32fdea2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 10/91] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From d27429219cd70bcab14c139f9bee110f4aed56fd Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 11/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 619370e9bc2e6ff3a102f065d2f83ef58a370a31 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 12/91] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 369d3e4..4c2e706 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,6 +27,9 @@ on: mailer-dsn: description: Mailer DSN required: true + sms-dsn: + description: SMS DSN + required: true jobs: @@ -123,6 +126,7 @@ jobs: --set=postgresql.url="${{ secrets.database-url }}" \ --set=payum.apikey="${{ secrets.payum-apikey }}" \ --set=mailer.dsn="${{ secrets.mailer-dsn }}" \ + --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=php.storage.bucket="${{ vars.STORAGE_BUCKET }}" \ --set=php.storage.endpoint="https://storage.googleapis.com" \ --set=php.storage.region="eu-west-1" \ From 1df6f8174f5c3fc19d9690c32c27262aad29b803 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 13/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 558746682f6853085573799dbca11fff3c820f36 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 14/91] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 031a4ac..a963c43 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -49,7 +49,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From 10a965b147baac2ca531453fc08a448aa10a7ed3 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 15/91] trigger cd From a6bdb76dc7cda8e7edf531df6a1fcfcc44c535fe Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 16/91] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From 3a61d684a1d53bedaa217cf211e50744e36aa2e8 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 17/91] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a963c43..de6b38a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -55,6 +56,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=${{ github.ref_name }} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -129,6 +133,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5eee356..30dbabc 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -54,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From e6fff0a638db8560ff006e6adb178b8413f86bce Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 18/91] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 30dbabc..08f2711 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -57,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From d70ce193f62959fbf3d3e5e07620ac776de1862c Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 19/91] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- helm/chart/templates/fixtures-job.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index dbd1d58..922046e 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -200,4 +200,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 09eca03..7fe2af5 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.php.fixtureJob.enabled -}} +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -205,4 +205,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From bdf5f805546bc6d60ccb4f034eda5e4a831e655b Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 20/91] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From 5d6b62caf25381f83ff189b346aa470339190dc2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 21/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 132b78615983366e39cf2583c2313f8a2eae1aa1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 22/91] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index de6b38a..392d2aa 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,11 +9,6 @@ on: payum-apikey: description: Payum API Key required: true - # sms-dsn: - # description: SMS DSN - # required: true - mailer-dsn: - description: MAILER DSN storage-key: description: storage key required: true @@ -29,6 +24,12 @@ on: database-url: description: Database URL required: true + mailer-dsn: + description: Mailer DSN + required: true + sms-dsn: + description: SMS DSN + required: true jobs: From 21fb6ba6562fb7b517f9e29aa63aa9341470d568 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 23/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 23a100573d1c99b830f2cbc850f7318c640da3ca Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:21:19 +0100 Subject: [PATCH 24/91] Disable fixture --- helm/chart/values-prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/values-prod.yml b/helm/chart/values-prod.yml index c644cc5..e810596 100644 --- a/helm/chart/values-prod.yml +++ b/helm/chart/values-prod.yml @@ -33,6 +33,6 @@ postgresql: php: fixtureJob: - enabled: true + enabled: false fixtureCron: - enabled: true + enabled: false From 35f22d9598ee6ccdb076ea3bb307a58a9076f221 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:23:35 +0100 Subject: [PATCH 25/91] Add security on fixture disabled --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9b99806..5416cf8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,6 +135,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob=false + --set=php.fixtureCron=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 7e50abfdb62faf46bc4b50bba7d884333bc0ea23 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:36:14 +0100 Subject: [PATCH 26/91] fix: 500 error in prod MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit │ {"message":"Uncaught PHP Exception TypeError: \"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned\" at ConfigurationRepository.php line 71","context":{"exception":{"class │ │ ":"TypeError","message":"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned","code":0,"file":"/srv/app/src/Repository/ConfigurationRepository.php:71"}},"level":500,"level_ │ │ name":"CRITICAL","channel":"request","datetime":"2024-10-28T10:38:49.791926+01:00","extra":{}} --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index c2f392d..1c2ec98 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -68,6 +68,6 @@ final class ConfigurationRepository extends ServiceEntityRepository ->setMaxResults(1) ->getQuery()->getOneOrNullResult(); - return $config['configuration']['global']['globalServicesEnabled']; + return $config['configuration']['global']['globalServicesEnabled'] ?? false; } } From aa2565697e3d4b2aba196364505e9caa9807e1e0 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:47:59 +0100 Subject: [PATCH 27/91] fix(ci): was not deploying Error: UPGRADE FAILED: template: plateforme-ebs/templates/fixtures-job.yaml:1:14: executing "plateforme-ebs/templates/fixtures-job.yaml" at <.Values.php.fixtureJob.enabled>: can't evaluate field enabled in type interface {} --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5416cf8..816b6ae 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,8 +135,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob=false - --set=php.fixtureCron=false + --set=php.fixtureJob.enabled=false + --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 866abe755bb22ce847461d729bb45a75b3ad6a1f Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 14:28:11 +0100 Subject: [PATCH 28/91] fix(cd): error when deploying cannot patch "prod-redis-master" with kind StatefulSet: StatefulSet.apps "prod-redis-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden --- .github/workflows/deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 816b6ae..9b99806 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,8 +135,6 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob.enabled=false - --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From fe414dc8629f5e450e69d76c6ae79feaea0d7fb1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:04:17 +0100 Subject: [PATCH 29/91] Switch image tag on short sha --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9b99806..aa8266c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -55,7 +55,7 @@ jobs: # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod - IMAGE_TAG=${{ github.ref_name }} + IMAGE_TAG=sha-${GITHUB_SHA::7} RELEASE_NAME=prod TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') From 54b3f14a339053bfcd38d0c012a23085baad7382 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 14:47:34 +0100 Subject: [PATCH 30/91] Fix syntax helm --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index aa8266c..d680c78 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,6 +135,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob.enabled=false \ + --set=php.fixtureCron.anabled=false \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From c575a603a3e2ec0ad4574bc09c4dcf6211413935 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Wed, 20 Nov 2024 14:17:10 +0100 Subject: [PATCH 31/91] (ci) updated symfony/runtime MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Trivy was complaining about vulnerability ┌───────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────────────────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ symfony/runtime │ CVE-2024-50340 │ HIGH │ fixed │ v6.4.12 │ 5.4.0, 6.1.0, 6.2.0, 6.3.0, 7.1.0, 7.1.7, 5.4.46, 6.4.0, │ symfony/runtime is a module for the Symphony PHP framework │ │ │ │ │ │ │ 6.4.14 │ which enabl ...... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-50340 │ ├───────────────────────┼────────────────┤ │ │ ├───────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ symfony/security-http │ CVE-2024-51996 │ │ │ │ 6.3.0, 6.4.15, 6.4.0, 7.1.0, 7.1.8, 5.4.0, 5.4.47, 6.1.0, │ Symphony process is a module for the Symphony PHP framework │ │ │ │ │ │ │ 6.2.0 │ which exec... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-51996 │ └───────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────────────────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ --- composer.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/composer.lock b/composer.lock index 9d512f5..5d553d6 100644 --- a/composer.lock +++ b/composer.lock @@ -13011,16 +13011,16 @@ }, { "name": "symfony/runtime", - "version": "v6.4.12", + "version": "v6.4.14", "source": { "type": "git", "url": "https://github.com/symfony/runtime.git", - "reference": "bfe32a1adf41da4dd7f6b939a039779d7af5497f" + "reference": "4facd4174f45cd37c65860403412b67c7381136a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/runtime/zipball/bfe32a1adf41da4dd7f6b939a039779d7af5497f", - "reference": "bfe32a1adf41da4dd7f6b939a039779d7af5497f", + "url": "https://api.github.com/repos/symfony/runtime/zipball/4facd4174f45cd37c65860403412b67c7381136a", + "reference": "4facd4174f45cd37c65860403412b67c7381136a", "shasum": "" }, "require": { @@ -13070,7 +13070,7 @@ "runtime" ], "support": { - "source": "https://github.com/symfony/runtime/tree/v6.4.12" + "source": "https://github.com/symfony/runtime/tree/v6.4.14" }, "funding": [ { @@ -13086,7 +13086,7 @@ "type": "tidelift" } ], - "time": "2024-09-19T13:29:10+00:00" + "time": "2024-11-05T16:39:55+00:00" }, { "name": "symfony/security-bundle", @@ -13356,16 +13356,16 @@ }, { "name": "symfony/security-http", - "version": "v6.4.12", + "version": "v6.4.15", "source": { "type": "git", "url": "https://github.com/symfony/security-http.git", - "reference": "f6df97af71943cda726dc852335204eac02a716b" + "reference": "ded1e078f952e686b058d9eac98e497bea47b308" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/security-http/zipball/f6df97af71943cda726dc852335204eac02a716b", - "reference": "f6df97af71943cda726dc852335204eac02a716b", + "url": "https://api.github.com/repos/symfony/security-http/zipball/ded1e078f952e686b058d9eac98e497bea47b308", + "reference": "ded1e078f952e686b058d9eac98e497bea47b308", "shasum": "" }, "require": { @@ -13424,7 +13424,7 @@ "description": "Symfony Security Component - HTTP Integration", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/security-http/tree/v6.4.12" + "source": "https://github.com/symfony/security-http/tree/v6.4.15" }, "funding": [ { @@ -13440,7 +13440,7 @@ "type": "tidelift" } ], - "time": "2024-09-20T08:18:25+00:00" + "time": "2024-11-13T13:40:18+00:00" }, { "name": "symfony/serializer", From 2a135f4a8549593ce72eab50bc8c70fedd8d20ae Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 32/91] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 486ab2b..9ca345f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -49,7 +49,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From ac7fffb1f28da2170887ece1ff6ba8f8226f0414 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 33/91] trigger cd From 52d122ad22ef4810d020dd1e3f09a27b04086d44 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 34/91] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From b72dc122a01561771d069a2c41f41ecfd74ad81f Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 35/91] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9ca345f..7505717 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -55,6 +56,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=sha-${GITHUB_SHA::7} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -129,6 +133,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5eee356..30dbabc 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -54,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 43c62e67e0566bcf39ece782d1fcf692b59e0180 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 36/91] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 30dbabc..08f2711 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -57,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 3f2487c7e1fc32f91ed4d4eb0e1d20142bc8d3ed Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 37/91] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- helm/chart/templates/fixtures-job.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index f061c69..e763fa4 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -200,4 +200,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 7faa6cf..09363bb 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.php.fixtureJob.enabled -}} +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: From f0eb48afd90c60a1448b609ba36c89c6a8a43a8d Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 38/91] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From 817960cc917cad01ab53ec15d3414800c3b1913b Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 39/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 323c16204c15154d7c5baccf62483fa62d057ce8 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 40/91] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7505717..b5fa6b2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,11 +9,6 @@ on: payum-apikey: description: Payum API Key required: true - # sms-dsn: - # description: SMS DSN - # required: true - mailer-dsn: - description: MAILER DSN storage-key: description: storage key required: true @@ -29,6 +24,12 @@ on: database-url: description: Database URL required: true + mailer-dsn: + description: Mailer DSN + required: true + sms-dsn: + description: SMS DSN + required: true jobs: From 65f98aba98fd84675cf9f0c0ca883021fa07c490 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 41/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 5636a3f64c7dbb1d975a1f7bae0f2a4b2c8e831a Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 42/91] trigger cd From 97576aa0146c8ad2a9692e80761a707566d6c888 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 43/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From f449c1b55c5d4ac47f6c4722265b6ca7bc5d4c7e Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 44/91] Fix deployment --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b5fa6b2..36926b7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -128,6 +128,7 @@ jobs: --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=payum.apikey="${{ secrets.payum-apikey }}" \ --set=mailer.dsn="${{ secrets.mailer-dsn }}" \ + --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=php.storage.bucket="${{ vars.STORAGE_BUCKET }}" \ --set=php.storage.endpoint="https://storage.googleapis.com" \ --set=php.storage.region="eu-west-1" \ From a008b81e3f3163d1fbf0ea77c453d947b2d9faa2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 45/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From e88368d5a3d2bb5e85a30d308b7d5ff94cae44b3 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:21:19 +0100 Subject: [PATCH 46/91] Disable fixture --- helm/chart/values-prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/values-prod.yml b/helm/chart/values-prod.yml index c644cc5..e810596 100644 --- a/helm/chart/values-prod.yml +++ b/helm/chart/values-prod.yml @@ -33,6 +33,6 @@ postgresql: php: fixtureJob: - enabled: true + enabled: false fixtureCron: - enabled: true + enabled: false From 2d0b592a4996b244696ae543eb7bb24bc2ea7e75 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:23:35 +0100 Subject: [PATCH 47/91] Add security on fixture disabled --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36926b7..dceacd8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,6 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob=false + --set=php.fixtureCron=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 8ed75b4b53a88058469feba29574d4f008df3633 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:36:14 +0100 Subject: [PATCH 48/91] fix: 500 error in prod MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit │ {"message":"Uncaught PHP Exception TypeError: \"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned\" at ConfigurationRepository.php line 71","context":{"exception":{"class │ │ ":"TypeError","message":"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned","code":0,"file":"/srv/app/src/Repository/ConfigurationRepository.php:71"}},"level":500,"level_ │ │ name":"CRITICAL","channel":"request","datetime":"2024-10-28T10:38:49.791926+01:00","extra":{}} --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index c2f392d..1c2ec98 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -68,6 +68,6 @@ final class ConfigurationRepository extends ServiceEntityRepository ->setMaxResults(1) ->getQuery()->getOneOrNullResult(); - return $config['configuration']['global']['globalServicesEnabled']; + return $config['configuration']['global']['globalServicesEnabled'] ?? false; } } From 5c6b93459b85b8552e613510566805fa832af232 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:47:59 +0100 Subject: [PATCH 49/91] fix(ci): was not deploying Error: UPGRADE FAILED: template: plateforme-ebs/templates/fixtures-job.yaml:1:14: executing "plateforme-ebs/templates/fixtures-job.yaml" at <.Values.php.fixtureJob.enabled>: can't evaluate field enabled in type interface {} --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dceacd8..22a4149 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,8 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob=false - --set=php.fixtureCron=false + --set=php.fixtureJob.enabled=false + --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 9d528f5aeeace90305a056715b0ed9a076308116 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 14:28:11 +0100 Subject: [PATCH 50/91] fix(cd): error when deploying cannot patch "prod-redis-master" with kind StatefulSet: StatefulSet.apps "prod-redis-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden --- .github/workflows/deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 22a4149..36926b7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,8 +136,6 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob.enabled=false - --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 320073192cdbd4edd5c8e47db0984438af637d96 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 14:47:34 +0100 Subject: [PATCH 51/91] Fix syntax helm --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36926b7..342ae3b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,6 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob.enabled=false \ + --set=php.fixtureCron.anabled=false \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 465f51b18ebb2ceda186b2e3c2092fa14acc0e84 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 2 Dec 2024 17:27:04 +0100 Subject: [PATCH 52/91] Fixed(ci): phpstan complaint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Error: Offset 'globalServicesEnabl…' on array{globalServicesEnabled: bool} on left side of ?? always exists and is not nullable. --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index 1c2ec98..18ff75d 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -61,7 +61,7 @@ final class ConfigurationRepository extends ServiceEntityRepository public function getServicesParameter(): bool { - /** @var array{configuration: array{ global: array{ globalServicesEnabled: bool }}} $config */ + /** @var array{configuration: array{ global: array{ globalServicesEnabled: bool|null }}} $config */ $config = $this ->createQueryBuilder('c') ->select('c.configuration') From 3f2a73c3ffa1942d7d0ac87f5d9acf90deb88977 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 53/91] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0c55cdd..f767fcd 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -49,7 +49,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From d8c93a44dccbb2a3ce591725df32a8aca2bca60b Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 54/91] trigger cd From 3ad45ea139bd655476d1cfd989951803d8813db0 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 55/91] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From 776cf64b7894ae453a45bf4a724fedd83fcff57e Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 56/91] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f767fcd..713abcd 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -55,6 +56,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=sha-${GITHUB_SHA::7} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -129,6 +133,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5eee356..30dbabc 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -54,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 25c90ec21223507acc76ff34ddb96d37dce8dbd3 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 57/91] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 30dbabc..08f2711 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -57,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 2009cce7c2f7d76a5536f2461ac123789046f6e1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 58/91] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- helm/chart/templates/fixtures-job.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index f061c69..e763fa4 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -200,4 +200,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 7faa6cf..09363bb 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.php.fixtureJob.enabled -}} +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: From 1ff74cbd37ad22161e6881194d68d869d977d5cc Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 59/91] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From 1537c042599715a80e29910987231817a4ef7594 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 60/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 771a64d82c2174e3dc8fafa32844bcce82d09d22 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 61/91] Fix deployment --- .github/workflows/deploy.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 713abcd..b5fa6b2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,11 +9,6 @@ on: payum-apikey: description: Payum API Key required: true - sms-dsn: - description: SMS DSN - required: true - mailer-dsn: - description: MAILER DSN storage-key: description: storage key required: true @@ -29,6 +24,12 @@ on: database-url: description: Database URL required: true + mailer-dsn: + description: Mailer DSN + required: true + sms-dsn: + description: SMS DSN + required: true jobs: From 5557a35a9bc22e09cec38341dbcd70f433b19166 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 62/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 6502f907527eac9e2d00cbf812b639a6b4188f06 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 63/91] trigger cd From b205a0f211a69959f5a094c7238da1eb68cb091a Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 64/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 391b2860ac79bfd184fbe21943a56594be9eba0f Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 65/91] Fix deployment --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b5fa6b2..36926b7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -128,6 +128,7 @@ jobs: --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=payum.apikey="${{ secrets.payum-apikey }}" \ --set=mailer.dsn="${{ secrets.mailer-dsn }}" \ + --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=php.storage.bucket="${{ vars.STORAGE_BUCKET }}" \ --set=php.storage.endpoint="https://storage.googleapis.com" \ --set=php.storage.region="eu-west-1" \ From e7c4bafd66bb609bcf8b0268a3cb9564160b4af2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 66/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 2ff9d984ef6e0bbcd7534c3b9d53d9b07dde948b Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:21:19 +0100 Subject: [PATCH 67/91] Disable fixture --- helm/chart/values-prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/values-prod.yml b/helm/chart/values-prod.yml index c644cc5..e810596 100644 --- a/helm/chart/values-prod.yml +++ b/helm/chart/values-prod.yml @@ -33,6 +33,6 @@ postgresql: php: fixtureJob: - enabled: true + enabled: false fixtureCron: - enabled: true + enabled: false From a3ad5c864933b8ca8b82ceb30a83d192b03f8d6c Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:23:35 +0100 Subject: [PATCH 68/91] Add security on fixture disabled --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36926b7..dceacd8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,6 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob=false + --set=php.fixtureCron=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 8e9f71d6a12b9f552dc9be79381e422dd61156cd Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:36:14 +0100 Subject: [PATCH 69/91] fix: 500 error in prod MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit │ {"message":"Uncaught PHP Exception TypeError: \"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned\" at ConfigurationRepository.php line 71","context":{"exception":{"class │ │ ":"TypeError","message":"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned","code":0,"file":"/srv/app/src/Repository/ConfigurationRepository.php:71"}},"level":500,"level_ │ │ name":"CRITICAL","channel":"request","datetime":"2024-10-28T10:38:49.791926+01:00","extra":{}} --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index c2f392d..1c2ec98 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -68,6 +68,6 @@ final class ConfigurationRepository extends ServiceEntityRepository ->setMaxResults(1) ->getQuery()->getOneOrNullResult(); - return $config['configuration']['global']['globalServicesEnabled']; + return $config['configuration']['global']['globalServicesEnabled'] ?? false; } } From 1b1c809b8006f69a4c43bb182326aa54d107bc3f Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:47:59 +0100 Subject: [PATCH 70/91] fix(ci): was not deploying Error: UPGRADE FAILED: template: plateforme-ebs/templates/fixtures-job.yaml:1:14: executing "plateforme-ebs/templates/fixtures-job.yaml" at <.Values.php.fixtureJob.enabled>: can't evaluate field enabled in type interface {} --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dceacd8..22a4149 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,8 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob=false - --set=php.fixtureCron=false + --set=php.fixtureJob.enabled=false + --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 702c4d18303658aa1005800c9f06b6e2e4f343da Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 14:28:11 +0100 Subject: [PATCH 71/91] fix(cd): error when deploying cannot patch "prod-redis-master" with kind StatefulSet: StatefulSet.apps "prod-redis-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden --- .github/workflows/deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 22a4149..36926b7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,8 +136,6 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob.enabled=false - --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 2cda347665b9feee8d3e487173930bc6a093f7af Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 14:47:34 +0100 Subject: [PATCH 72/91] Fix syntax helm --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36926b7..342ae3b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,6 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob.enabled=false \ + --set=php.fixtureCron.anabled=false \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 4ff04415ec70d76152506f65ace63232f113291c Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 73/91] trigger cd From 8e33a85559d193162bd89079f8f84d237e933c76 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 74/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 4076f910d8cc39a7635774027d534a7ffbe9e006 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 75/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 2d481475aedf3483b5d82bb23c0d64c5c01b0089 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 76/91] trigger cd From 23968d5b7be1a2b0d8acd2fa3591f0eec695c565 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 77/91] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 85ab08db522d5a7b8f6793d8dd708ef66e890720 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 78/91] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 85876f17c9db1efb550fc9b669f1acf030d08350 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:23:35 +0100 Subject: [PATCH 79/91] Add security on fixture disabled --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 342ae3b..e30dfa2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -137,7 +137,7 @@ jobs: --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --set=php.fixtureJob.enabled=false \ - --set=php.fixtureCron.anabled=false \ + --set=php.fixtureCron.enabled=false \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From aaa32d10813d53d9cc556237dc23a50e251abec0 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 2 Dec 2024 17:27:04 +0100 Subject: [PATCH 80/91] Fixed(ci): phpstan complaint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Error: Offset 'globalServicesEnabl…' on array{globalServicesEnabled: bool} on left side of ?? always exists and is not nullable. --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index 1c2ec98..18ff75d 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -61,7 +61,7 @@ final class ConfigurationRepository extends ServiceEntityRepository public function getServicesParameter(): bool { - /** @var array{configuration: array{ global: array{ globalServicesEnabled: bool }}} $config */ + /** @var array{configuration: array{ global: array{ globalServicesEnabled: bool|null }}} $config */ $config = $this ->createQueryBuilder('c') ->select('c.configuration') From 0ec21f2365282356b150b8ea5d7158f6419d9a58 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 10 Dec 2024 11:30:14 +0100 Subject: [PATCH 81/91] fix(ci): trivy detected a vulnerability MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ┌───────────────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤ │ league/commonmark │ GHSA-c2pc-g5qf-rfrf │ HIGH │ fixed │ 2.5.3 │ 2.6.0 │ league/commonmark's quadratic complexity bugs may lead to a │ │ │ │ │ │ │ │ denial of service │ │ │ │ │ │ │ │ https://github.com/advisories/GHSA-c2pc-g5qf-rfrf │ └───────────────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘ --- composer.lock | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/composer.lock b/composer.lock index 357f301..97db592 100644 --- a/composer.lock +++ b/composer.lock @@ -4512,16 +4512,16 @@ }, { "name": "league/commonmark", - "version": "2.5.3", + "version": "2.6.0", "source": { "type": "git", "url": "https://github.com/thephpleague/commonmark.git", - "reference": "b650144166dfa7703e62a22e493b853b58d874b0" + "reference": "d150f911e0079e90ae3c106734c93137c184f932" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/commonmark/zipball/b650144166dfa7703e62a22e493b853b58d874b0", - "reference": "b650144166dfa7703e62a22e493b853b58d874b0", + "url": "https://api.github.com/repos/thephpleague/commonmark/zipball/d150f911e0079e90ae3c106734c93137c184f932", + "reference": "d150f911e0079e90ae3c106734c93137c184f932", "shasum": "" }, "require": { @@ -4546,8 +4546,9 @@ "phpstan/phpstan": "^1.8.2", "phpunit/phpunit": "^9.5.21 || ^10.5.9 || ^11.0.0", "scrutinizer/ocular": "^1.8.1", - "symfony/finder": "^5.3 | ^6.0 || ^7.0", - "symfony/yaml": "^2.3 | ^3.0 | ^4.0 | ^5.0 | ^6.0 || ^7.0", + "symfony/finder": "^5.3 | ^6.0 | ^7.0", + "symfony/process": "^5.4 | ^6.0 | ^7.0", + "symfony/yaml": "^2.3 | ^3.0 | ^4.0 | ^5.0 | ^6.0 | ^7.0", "unleashedtech/php-coding-standard": "^3.1.1", "vimeo/psalm": "^4.24.0 || ^5.0.0" }, @@ -4557,7 +4558,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "2.6-dev" + "dev-main": "2.7-dev" } }, "autoload": { @@ -4614,7 +4615,7 @@ "type": "tidelift" } ], - "time": "2024-08-16T11:46:16+00:00" + "time": "2024-12-07T15:34:16+00:00" }, { "name": "league/config", @@ -19750,7 +19751,7 @@ ], "aliases": [], "minimum-stability": "beta", - "stability-flags": {}, + "stability-flags": [], "prefer-stable": true, "prefer-lowest": false, "platform": { @@ -19762,6 +19763,6 @@ "ext-xsl": "*", "ext-zip": "*" }, - "platform-dev": {}, + "platform-dev": [], "plugin-api-version": "2.6.0" } From 11dff103066e6186ff0ce08a92a58860161065de Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 13 Jan 2025 17:55:53 +0100 Subject: [PATCH 82/91] Added(cicd) trigger deploy manually --- .github/workflows/cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index da457b2..37a4d21 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -5,6 +5,7 @@ on: push: branches: - main + workflow_dispatch: permissions: pull-requests: write id-token: write From c8289266d149288b56c1a9079fa36ecad052a75e Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 14 Jan 2025 09:18:03 +0100 Subject: [PATCH 83/91] Fixed(cicd) needed to update Caddy to 2.9.1 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bc3bb4c..d654d1c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact ARG PHP_VERSION=8.1 -ARG CADDY_VERSION=2.8.4 +ARG CADDY_VERSION=2.9.1 # yarn build FROM gmolaire/yarn AS yarn_build From 7945b1b765990e0c7004fc4e9b71fcb180e61ac1 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Tue, 14 Jan 2025 09:41:57 +0100 Subject: [PATCH 84/91] Fixed(cicd) needed to update Caddy to 2.9.1 --- Dockerfile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index d654d1c..77830db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -183,12 +183,7 @@ RUN set -eux; \ RUN rm -f .env.local.php # Build Caddy with the Mercure and Vulcain modules -# FROM caddy:${CADDY_VERSION}-builder-alpine AS app_caddy_builder - -# Temporary fix for https://github.com/dunglas/mercure/issues/770 -# https://github.com/dunglas/symfony-docker/pull/407/files - -FROM caddy:2.8.4-builder-alpine AS app_caddy_builder +FROM caddy:${CADDY_VERSION}-builder-alpine AS app_caddy_builder # RUN xcaddy build \ # --with github.com/dunglas/mercure \ From 90c16cad263628ca9f66a5012c4f961783b2b89c Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Wed, 15 Jan 2025 09:43:58 +0100 Subject: [PATCH 85/91] Removed deprecation messages from log in prod --- config/packages/monolog.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/packages/monolog.yaml b/config/packages/monolog.yaml index 8c9efa9..53c4fd0 100644 --- a/config/packages/monolog.yaml +++ b/config/packages/monolog.yaml @@ -56,6 +56,6 @@ when@prod: process_psr_3_messages: false channels: ["!event", "!doctrine"] deprecation: - type: stream + type: "null" channels: [deprecation] path: php://stderr From de254d3d691ec4e8b5b9261d5fc8a3cfa68a5895 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Wed, 15 Jan 2025 10:28:14 +0100 Subject: [PATCH 86/91] WIP added sms as a channel for notifier --- config/packages/notifier.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/packages/notifier.yaml b/config/packages/notifier.yaml index ce92ec6..c2fe07d 100644 --- a/config/packages/notifier.yaml +++ b/config/packages/notifier.yaml @@ -6,10 +6,10 @@ framework: channel_policy: # use chat/slack, chat/telegram, sms/twilio or sms/nexmo - urgent: ['email'] - high: ['email'] - medium: ['email'] - low: ['email'] + urgent: ['sms','email'] + high: ['sms','email'] + medium: ['sms','email'] + low: ['sms','email'] admin_recipients: - { email: admin@example.com } From 9cc381a709dc7e496dd33d3f35beb221fb624932 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Thu, 16 Jan 2025 09:17:44 +0100 Subject: [PATCH 87/91] Activated brevo specific env variable --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index daf980d..822ccf0 100644 --- a/.env +++ b/.env @@ -109,5 +109,5 @@ STORAGE_SECRET=!ChangeMe! ###< league/flysystem-bundle ### ###> symfony/brevo-notifier ### -# BREVO_DSN=brevo://API_KEY@default?sender=SENDER +BREVO_DSN=brevo://API_KEY@default?sender=SENDER ###< symfony/brevo-notifier ### From a38d47809a65c3015fbfbca23eb615780b7363c5 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Thu, 16 Jan 2025 16:15:54 +0100 Subject: [PATCH 88/91] Added logging for SMS --- src/Notifier/SmsNotifier.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Notifier/SmsNotifier.php b/src/Notifier/SmsNotifier.php index 6733658..bf7333e 100644 --- a/src/Notifier/SmsNotifier.php +++ b/src/Notifier/SmsNotifier.php @@ -26,7 +26,9 @@ final class SmsNotifier public function notify(User $user, string $subject): ?SentMessage { + $this->logger->info('SMS Notification'); if (!$user->canBeNotifiedBySms()) { + $this->logger->warning('User cannot be notified by SMS'); return null; } @@ -54,5 +56,6 @@ final class SmsNotifier return null; } + $this->logger->info('SMS Sent Successfully'); } } From 7035adf5f358208c35f83ff98a550d524ea6e7a4 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Thu, 16 Jan 2025 16:26:48 +0100 Subject: [PATCH 89/91] Fixed phpcsfixer style complaint --- src/Notifier/SmsNotifier.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Notifier/SmsNotifier.php b/src/Notifier/SmsNotifier.php index bf7333e..eb0bd89 100644 --- a/src/Notifier/SmsNotifier.php +++ b/src/Notifier/SmsNotifier.php @@ -29,6 +29,7 @@ final class SmsNotifier $this->logger->info('SMS Notification'); if (!$user->canBeNotifiedBySms()) { $this->logger->warning('User cannot be notified by SMS'); + return null; } From 682c6bf375f24a96f9e63e34c2056bf1e42468c3 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Thu, 16 Jan 2025 17:03:22 +0100 Subject: [PATCH 90/91] Fixed: was not logging successful sms properly --- src/Notifier/SmsNotifier.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Notifier/SmsNotifier.php b/src/Notifier/SmsNotifier.php index eb0bd89..2cd959b 100644 --- a/src/Notifier/SmsNotifier.php +++ b/src/Notifier/SmsNotifier.php @@ -46,10 +46,13 @@ final class SmsNotifier } try { - return $this->texter->send(new SmsMessage( + $response = $this->texter->send(new SmsMessage( phone: $phoneNumber, subject: $subject )); + $this->logger->info('SMS Sent Successfully'); + + return $response; } catch (\Exception $e) { // OK, the sms cannot be delivered, but this is not critical as the an // email is always sent @@ -57,6 +60,5 @@ final class SmsNotifier return null; } - $this->logger->info('SMS Sent Successfully'); } } From b6fb4089956c68c61c958f17a1432a6e48d19a98 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Wed, 2 Apr 2025 10:04:58 +0100 Subject: [PATCH 91/91] Ignoring CVE-2025-30204 because it was blocking deployment there's no image build of patched Caddy for the moment --- .trivyignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.trivyignore b/.trivyignore index e69de29..ee6b711 100644 --- a/.trivyignore +++ b/.trivyignore @@ -0,0 +1 @@ +CVE-2025-30204