From 15ae872bf004420fb7ed51395d96e891918a8d6e Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 01/52] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7b66316..ac87b8a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -47,7 +47,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From 7bd36be276b282fe06b2a3098c55aa2857e156e1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 02/52] trigger cd From 6c7dbab376f99a4e8fd87398bfe53ae6b1d708d9 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 03/52] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From 1d23948d74a9d6146038e6b6d42cd148a2b69989 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 04/52] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ac87b8a..369d3e4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -42,6 +42,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -53,6 +54,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=${{ github.ref_name }} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -125,6 +129,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index d9a56fe..5d978fa 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -50,7 +53,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 1338bcec390e27ac083e6c104845a16cb518c172 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 05/52] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5d978fa..e9f16a8 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -53,7 +53,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From bd75668f3dcbdde6ac3ef8fc83916e3482d6de41 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:52:45 +0200 Subject: [PATCH 06/52] Fix Dockerfile --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index becedd2..bc3bb4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact ARG PHP_VERSION=8.1 -ARG CADDY_VERSION=2 +ARG CADDY_VERSION=2.8.4 # yarn build FROM gmolaire/yarn AS yarn_build @@ -24,7 +24,7 @@ RUN yarn build FROM php:${PHP_VERSION}-fpm-alpine AS app_php # needed for security update until base image is updated -RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto3 libssl3 +#RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto3 libssl3 # Allow to use development versions of Symfony ARG STABILITY="stable" @@ -188,7 +188,7 @@ RUN rm -f .env.local.php # Temporary fix for https://github.com/dunglas/mercure/issues/770 # https://github.com/dunglas/symfony-docker/pull/407/files -FROM caddy:2.7-builder-alpine AS app_caddy_builder +FROM caddy:2.8.4-builder-alpine AS app_caddy_builder # RUN xcaddy build \ # --with github.com/dunglas/mercure \ @@ -204,7 +204,7 @@ RUN xcaddy build \ FROM caddy:${CADDY_VERSION} AS app_caddy # needed for security update until base image is updated -RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto1.1 libssl1.1 libcrypto3 libssl3 +#RUN apk upgrade libcurl curl openssl openssl-dev libressl libcrypto1.1 libssl1.1 libcrypto3 libssl3 WORKDIR /srv/app From 628ee95a596f9fcd0692e24cf07ca809b67f0817 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 07/52] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 ++ helm/chart/templates/fixtures-job.yaml | 2 ++ helm/chart/values.yaml | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index fa244e2..2d6a0fb 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.php.fixtureCron.enabled }} apiVersion: batch/v1 kind: CronJob metadata: @@ -197,3 +198,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} +{{ - end }} \ No newline at end of file diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 45f9245..55c2a86 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,3 +1,4 @@ +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -208,3 +209,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{ - end }} \ No newline at end of file diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index e9f16a8..c718313 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -33,6 +33,10 @@ php: usePathStyleEndpoint: true publicKey: "" secret: "" + fixtureJob: + enabled: false + fixtureCron: + enabled: false maildev: enabled: false From 9350f9fd4f4b05da98db9d757256447d194ac191 Mon Sep 17 00:00:00 2001 From: Thomas SAMSON <93578303+ThomasSamson@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:35:00 +0200 Subject: [PATCH 08/52] Update fixtures-job.yaml --- helm/chart/templates/fixtures-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 55c2a86..485e5ed 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -209,4 +209,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{ - end }} \ No newline at end of file +{{- end }} From 86636774cf2c9a18a934b20f78aabd4772cf057a Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:47:54 +0200 Subject: [PATCH 09/52] Fix cron --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index 2d6a0fb..ea38541 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -198,4 +198,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{ - end }} \ No newline at end of file +{{- end }} \ No newline at end of file From b7ccc3862c7d24362b19b18c264fde3be32fdea2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 10/52] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From d27429219cd70bcab14c139f9bee110f4aed56fd Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 11/52] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 619370e9bc2e6ff3a102f065d2f83ef58a370a31 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 12/52] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 369d3e4..4c2e706 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -27,6 +27,9 @@ on: mailer-dsn: description: Mailer DSN required: true + sms-dsn: + description: SMS DSN + required: true jobs: @@ -123,6 +126,7 @@ jobs: --set=postgresql.url="${{ secrets.database-url }}" \ --set=payum.apikey="${{ secrets.payum-apikey }}" \ --set=mailer.dsn="${{ secrets.mailer-dsn }}" \ + --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=php.storage.bucket="${{ vars.STORAGE_BUCKET }}" \ --set=php.storage.endpoint="https://storage.googleapis.com" \ --set=php.storage.region="eu-west-1" \ From 1df6f8174f5c3fc19d9690c32c27262aad29b803 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 13/52] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 558746682f6853085573799dbca11fff3c820f36 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 14/52] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 031a4ac..a963c43 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -49,7 +49,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From 10a965b147baac2ca531453fc08a448aa10a7ed3 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 15/52] trigger cd From a6bdb76dc7cda8e7edf531df6a1fcfcc44c535fe Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 16/52] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From 3a61d684a1d53bedaa217cf211e50744e36aa2e8 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 17/52] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a963c43..de6b38a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -55,6 +56,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=${{ github.ref_name }} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -129,6 +133,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5eee356..30dbabc 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -54,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From e6fff0a638db8560ff006e6adb178b8413f86bce Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 18/52] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 30dbabc..08f2711 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -57,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From d70ce193f62959fbf3d3e5e07620ac776de1862c Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 19/52] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- helm/chart/templates/fixtures-job.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index dbd1d58..922046e 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -200,4 +200,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 09eca03..7fe2af5 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.php.fixtureJob.enabled -}} +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -205,4 +205,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From bdf5f805546bc6d60ccb4f034eda5e4a831e655b Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 20/52] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From 5d6b62caf25381f83ff189b346aa470339190dc2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 21/52] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 132b78615983366e39cf2583c2313f8a2eae1aa1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 22/52] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index de6b38a..392d2aa 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,11 +9,6 @@ on: payum-apikey: description: Payum API Key required: true - # sms-dsn: - # description: SMS DSN - # required: true - mailer-dsn: - description: MAILER DSN storage-key: description: storage key required: true @@ -29,6 +24,12 @@ on: database-url: description: Database URL required: true + mailer-dsn: + description: Mailer DSN + required: true + sms-dsn: + description: SMS DSN + required: true jobs: From 21fb6ba6562fb7b517f9e29aa63aa9341470d568 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 23/52] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 23a100573d1c99b830f2cbc850f7318c640da3ca Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:21:19 +0100 Subject: [PATCH 24/52] Disable fixture --- helm/chart/values-prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/values-prod.yml b/helm/chart/values-prod.yml index c644cc5..e810596 100644 --- a/helm/chart/values-prod.yml +++ b/helm/chart/values-prod.yml @@ -33,6 +33,6 @@ postgresql: php: fixtureJob: - enabled: true + enabled: false fixtureCron: - enabled: true + enabled: false From 35f22d9598ee6ccdb076ea3bb307a58a9076f221 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:23:35 +0100 Subject: [PATCH 25/52] Add security on fixture disabled --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9b99806..5416cf8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,6 +135,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob=false + --set=php.fixtureCron=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 7e50abfdb62faf46bc4b50bba7d884333bc0ea23 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:36:14 +0100 Subject: [PATCH 26/52] fix: 500 error in prod MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit │ {"message":"Uncaught PHP Exception TypeError: \"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned\" at ConfigurationRepository.php line 71","context":{"exception":{"class │ │ ":"TypeError","message":"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned","code":0,"file":"/srv/app/src/Repository/ConfigurationRepository.php:71"}},"level":500,"level_ │ │ name":"CRITICAL","channel":"request","datetime":"2024-10-28T10:38:49.791926+01:00","extra":{}} --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index c2f392d..1c2ec98 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -68,6 +68,6 @@ final class ConfigurationRepository extends ServiceEntityRepository ->setMaxResults(1) ->getQuery()->getOneOrNullResult(); - return $config['configuration']['global']['globalServicesEnabled']; + return $config['configuration']['global']['globalServicesEnabled'] ?? false; } } From aa2565697e3d4b2aba196364505e9caa9807e1e0 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:47:59 +0100 Subject: [PATCH 27/52] fix(ci): was not deploying Error: UPGRADE FAILED: template: plateforme-ebs/templates/fixtures-job.yaml:1:14: executing "plateforme-ebs/templates/fixtures-job.yaml" at <.Values.php.fixtureJob.enabled>: can't evaluate field enabled in type interface {} --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5416cf8..816b6ae 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,8 +135,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob=false - --set=php.fixtureCron=false + --set=php.fixtureJob.enabled=false + --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 866abe755bb22ce847461d729bb45a75b3ad6a1f Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 14:28:11 +0100 Subject: [PATCH 28/52] fix(cd): error when deploying cannot patch "prod-redis-master" with kind StatefulSet: StatefulSet.apps "prod-redis-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden --- .github/workflows/deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 816b6ae..9b99806 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,8 +135,6 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob.enabled=false - --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From fe414dc8629f5e450e69d76c6ae79feaea0d7fb1 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:04:17 +0100 Subject: [PATCH 29/52] Switch image tag on short sha --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9b99806..aa8266c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -55,7 +55,7 @@ jobs: # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod - IMAGE_TAG=${{ github.ref_name }} + IMAGE_TAG=sha-${GITHUB_SHA::7} RELEASE_NAME=prod TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') From 54b3f14a339053bfcd38d0c012a23085baad7382 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 14:47:34 +0100 Subject: [PATCH 30/52] Fix syntax helm --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index aa8266c..d680c78 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -135,6 +135,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob.enabled=false \ + --set=php.fixtureCron.anabled=false \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From c575a603a3e2ec0ad4574bc09c4dcf6211413935 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Wed, 20 Nov 2024 14:17:10 +0100 Subject: [PATCH 31/52] (ci) updated symfony/runtime MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Trivy was complaining about vulnerability ┌───────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────────────────────────────────────────────────┬─────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ symfony/runtime │ CVE-2024-50340 │ HIGH │ fixed │ v6.4.12 │ 5.4.0, 6.1.0, 6.2.0, 6.3.0, 7.1.0, 7.1.7, 5.4.46, 6.4.0, │ symfony/runtime is a module for the Symphony PHP framework │ │ │ │ │ │ │ 6.4.14 │ which enabl ...... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-50340 │ ├───────────────────────┼────────────────┤ │ │ ├───────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────────┤ │ symfony/security-http │ CVE-2024-51996 │ │ │ │ 6.3.0, 6.4.15, 6.4.0, 7.1.0, 7.1.8, 5.4.0, 5.4.47, 6.1.0, │ Symphony process is a module for the Symphony PHP framework │ │ │ │ │ │ │ 6.2.0 │ which exec... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-51996 │ └───────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────────────────────────────────────────────────┴─────────────────────────────────────────────────────────────┘ --- composer.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/composer.lock b/composer.lock index 9d512f5..5d553d6 100644 --- a/composer.lock +++ b/composer.lock @@ -13011,16 +13011,16 @@ }, { "name": "symfony/runtime", - "version": "v6.4.12", + "version": "v6.4.14", "source": { "type": "git", "url": "https://github.com/symfony/runtime.git", - "reference": "bfe32a1adf41da4dd7f6b939a039779d7af5497f" + "reference": "4facd4174f45cd37c65860403412b67c7381136a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/runtime/zipball/bfe32a1adf41da4dd7f6b939a039779d7af5497f", - "reference": "bfe32a1adf41da4dd7f6b939a039779d7af5497f", + "url": "https://api.github.com/repos/symfony/runtime/zipball/4facd4174f45cd37c65860403412b67c7381136a", + "reference": "4facd4174f45cd37c65860403412b67c7381136a", "shasum": "" }, "require": { @@ -13070,7 +13070,7 @@ "runtime" ], "support": { - "source": "https://github.com/symfony/runtime/tree/v6.4.12" + "source": "https://github.com/symfony/runtime/tree/v6.4.14" }, "funding": [ { @@ -13086,7 +13086,7 @@ "type": "tidelift" } ], - "time": "2024-09-19T13:29:10+00:00" + "time": "2024-11-05T16:39:55+00:00" }, { "name": "symfony/security-bundle", @@ -13356,16 +13356,16 @@ }, { "name": "symfony/security-http", - "version": "v6.4.12", + "version": "v6.4.15", "source": { "type": "git", "url": "https://github.com/symfony/security-http.git", - "reference": "f6df97af71943cda726dc852335204eac02a716b" + "reference": "ded1e078f952e686b058d9eac98e497bea47b308" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/security-http/zipball/f6df97af71943cda726dc852335204eac02a716b", - "reference": "f6df97af71943cda726dc852335204eac02a716b", + "url": "https://api.github.com/repos/symfony/security-http/zipball/ded1e078f952e686b058d9eac98e497bea47b308", + "reference": "ded1e078f952e686b058d9eac98e497bea47b308", "shasum": "" }, "require": { @@ -13424,7 +13424,7 @@ "description": "Symfony Security Component - HTTP Integration", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/security-http/tree/v6.4.12" + "source": "https://github.com/symfony/security-http/tree/v6.4.15" }, "funding": [ { @@ -13440,7 +13440,7 @@ "type": "tidelift" } ], - "time": "2024-09-20T08:18:25+00:00" + "time": "2024-11-13T13:40:18+00:00" }, { "name": "symfony/serializer", From 2a135f4a8549593ce72eab50bc8c70fedd8d20ae Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:12:30 +0200 Subject: [PATCH 32/52] Edit destination ns --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 486ab2b..9ca345f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -49,7 +49,7 @@ jobs: id: meta run: | set -xo pipefail - PROJECT=plateforme-ebs + PROJECT=tipimi-ebs # Tags are deployed in prod CONTEXT=prod ENVIRONMENT=prod From ac7fffb1f28da2170887ece1ff6ba8f8226f0414 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 33/52] trigger cd From 52d122ad22ef4810d020dd1e3f09a27b04086d44 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 34/52] Fix build destination --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52bf249..0fe6112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr build-push-caddy: # Same Dockerfile as php, with a build target which is after @@ -30,4 +30,4 @@ jobs: BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} - IMAGE_REPOSITORY: ghcr.io/Apes-HDF + IMAGE_REPOSITORY: ghcr.io/Tipimi-fr From b72dc122a01561771d069a2c41f41ecfd74ad81f Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:39:37 +0200 Subject: [PATCH 35/52] Fix trusted host --- .github/workflows/deploy.yml | 5 +++++ helm/chart/templates/configmap.yaml | 2 +- helm/chart/values.yaml | 9 ++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9ca345f..7505717 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,7 @@ jobs: project: ${{ steps.meta.outputs.project }} namespace: ${{ steps.meta.outputs.namespace }} storage_name: ${{ steps.meta.outputs.storage_name }} + trusted_host: ${{ steps.meta.outputs.trusted_host }} steps: - name: Generate metadata id: meta @@ -55,6 +56,9 @@ jobs: ENVIRONMENT=prod IMAGE_TAG=sha-${GITHUB_SHA::7} RELEASE_NAME=prod + TRUSTED_HOST=$(echo ${{ vars.DOMAIN }} | sed 's/\./\\\\\\\\./g') + + echo "trusted_host=${TRUSTED_HOST}" >> $GITHUB_OUTPUT echo "context=${CONTEXT}" >> $GITHUB_OUTPUT echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT @@ -129,6 +133,7 @@ jobs: --set=php.storage.usePathStyleEndpoint=true \ --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ + --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" diff --git a/helm/chart/templates/configmap.yaml b/helm/chart/templates/configmap.yaml index f15cbd2..67bbe47 100644 --- a/helm/chart/templates/configmap.yaml +++ b/helm/chart/templates/configmap.yaml @@ -10,7 +10,7 @@ data: php-app-env: {{ .Values.php.appEnv | quote }} php-app-debug: {{ .Values.php.appDebug | quote }} php-cors-allow-origin: {{ .Values.php.corsAllowOrigin | quote }} - php-trusted-hosts: {{ .Values.php.trustedHosts | quote }} + php-trusted-hosts: {{ join "|" .Values.php.trustedHosts | quote }} php-trusted-proxies: "{{ join "," .Values.php.trustedProxies }}" mercure-url: "http://{{ include "plateforme-ebs" . }}/.well-known/mercure" mercure-public-url: {{ .Values.mercure.publicUrl | default "http://127.0.0.1/.well-known/mercure" | quote }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 5eee356..30dbabc 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -12,7 +12,10 @@ php: appDebug: "0" appSecret: "" corsAllowOrigin: "^https?://.*?\\.chart-example\\.local$" - trustedHosts: "^127\\.0\\.0\\.1|localhost|.*\\.chart-example\\.local$" + trustedHosts: + - "^127\\.0\\.0\\.1" + - "localhost" + - ".*\\.chart-example\\.local$" trustedProxies: - "127.0.0.1" - "10.0.0.0/8" @@ -54,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/apes-hdf/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 43c62e67e0566bcf39ece782d1fcf692b59e0180 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:47:42 +0200 Subject: [PATCH 36/52] Make image name shorter --- .github/workflows/build.yml | 4 ++-- helm/chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0fe6112..b5c2653 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-php + IMAGE_NAME: ebs-php BUILD_CONTEXT: . BUILD_TARGET: app_php REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} @@ -26,7 +26,7 @@ jobs: - name: Build/Push uses: coopTilleuls/action-docker-build-push@v10 with: - IMAGE_NAME: plateforme-ebs-caddy + IMAGE_NAME: ebs-caddy BUILD_CONTEXT: . BUILD_TARGET: app_caddy REGISTRY_JSON_KEY: ${{ secrets.GITHUB_TOKEN }} diff --git a/helm/chart/values.yaml b/helm/chart/values.yaml index 30dbabc..08f2711 100644 --- a/helm/chart/values.yaml +++ b/helm/chart/values.yaml @@ -4,7 +4,7 @@ php: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-php" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-php" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -57,7 +57,7 @@ consumer: caddy: image: - repository: "ghcr.io/tipimi-fr/plateforme-ebs-caddy" # CHANGE ME + repository: "ghcr.io/tipimi-fr/ebs-caddy" # CHANGE ME pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" From 3f2487c7e1fc32f91ed4d4eb0e1d20142bc8d3ed Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 14:25:25 +0200 Subject: [PATCH 37/52] Disable fixture --- helm/chart/templates/cronjob-fixture-reset.yaml | 2 +- helm/chart/templates/fixtures-job.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/templates/cronjob-fixture-reset.yaml b/helm/chart/templates/cronjob-fixture-reset.yaml index f061c69..e763fa4 100644 --- a/helm/chart/templates/cronjob-fixture-reset.yaml +++ b/helm/chart/templates/cronjob-fixture-reset.yaml @@ -200,4 +200,4 @@ spec: periodSeconds: 3 resources: {{- toYaml .Values.resources.fixtures | nindent 16 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/chart/templates/fixtures-job.yaml b/helm/chart/templates/fixtures-job.yaml index 7faa6cf..09363bb 100644 --- a/helm/chart/templates/fixtures-job.yaml +++ b/helm/chart/templates/fixtures-job.yaml @@ -1,4 +1,4 @@ -{{- if .Values.php.fixtureJob.enabled -}} +{{- if .Values.php.fixtureJob.enabled }} apiVersion: batch/v1 kind: Job metadata: From f0eb48afd90c60a1448b609ba36c89c6a8a43a8d Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 15:30:08 +0200 Subject: [PATCH 38/52] Switch sym link --- fixtures/prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fixtures/prod b/fixtures/prod index b59f7e3..63e96b8 120000 --- a/fixtures/prod +++ b/fixtures/prod @@ -1 +1 @@ -test/ \ No newline at end of file +prod-boot/ \ No newline at end of file From 817960cc917cad01ab53ec15d3414800c3b1913b Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 39/52] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 323c16204c15154d7c5baccf62483fa62d057ce8 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 40/52] Fix deployment --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 72d62f3..da457b2 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -40,3 +40,4 @@ jobs: workload-identity-provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} database-url: ${{ secrets.DATABASE_URL }} mailer-dsn: ${{ secrets.MAILER_DSN }} + sms-dsn: ${{ secrets.SMS_DSN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7505717..b5fa6b2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,11 +9,6 @@ on: payum-apikey: description: Payum API Key required: true - # sms-dsn: - # description: SMS DSN - # required: true - mailer-dsn: - description: MAILER DSN storage-key: description: storage key required: true @@ -29,6 +24,12 @@ on: database-url: description: Database URL required: true + mailer-dsn: + description: Mailer DSN + required: true + sms-dsn: + description: SMS DSN + required: true jobs: From 65f98aba98fd84675cf9f0c0ca883021fa07c490 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 41/52] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From 5636a3f64c7dbb1d975a1f7bae0f2a4b2c8e831a Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 31 Jul 2024 13:14:25 +0200 Subject: [PATCH 42/52] trigger cd From 97576aa0146c8ad2a9692e80761a707566d6c888 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:32:53 +0200 Subject: [PATCH 43/52] Fix sms_dns --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3efba32..3214a6c 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} + sms-dsn: {{ .Values.sms.dsn | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From f449c1b55c5d4ac47f6c4722265b6ca7bc5d4c7e Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:38:01 +0200 Subject: [PATCH 44/52] Fix deployment --- .github/workflows/deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b5fa6b2..36926b7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -128,6 +128,7 @@ jobs: --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=payum.apikey="${{ secrets.payum-apikey }}" \ --set=mailer.dsn="${{ secrets.mailer-dsn }}" \ + --set=sms.dsn="${{ secrets.sms-dsn }}" \ --set=php.storage.bucket="${{ vars.STORAGE_BUCKET }}" \ --set=php.storage.endpoint="https://storage.googleapis.com" \ --set=php.storage.region="eu-west-1" \ From a008b81e3f3163d1fbf0ea77c453d947b2d9faa2 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Wed, 7 Aug 2024 09:50:52 +0200 Subject: [PATCH 45/52] Add benc --- helm/chart/templates/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/chart/templates/secrets.yaml b/helm/chart/templates/secrets.yaml index 3214a6c..3efba32 100644 --- a/helm/chart/templates/secrets.yaml +++ b/helm/chart/templates/secrets.yaml @@ -21,7 +21,7 @@ data: {{- else }} mailer-dsn: {{ .Values.mailer.dsn | b64enc | quote }} {{- end }} - sms-dsn: {{ .Values.sms.dsn | quote }} + sms-dsn: {{ .Values.sms.dsn | b64enc | quote }} payum-apikey: {{ .Values.payum.apikey | b64enc | quote }} php-storage-key: {{ .Values.php.storage.key | b64enc | quote }} php-storage-secret: {{ .Values.php.storage.secret | b64enc | quote }} \ No newline at end of file From e88368d5a3d2bb5e85a30d308b7d5ff94cae44b3 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:21:19 +0100 Subject: [PATCH 46/52] Disable fixture --- helm/chart/values-prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/chart/values-prod.yml b/helm/chart/values-prod.yml index c644cc5..e810596 100644 --- a/helm/chart/values-prod.yml +++ b/helm/chart/values-prod.yml @@ -33,6 +33,6 @@ postgresql: php: fixtureJob: - enabled: true + enabled: false fixtureCron: - enabled: true + enabled: false From 2d0b592a4996b244696ae543eb7bb24bc2ea7e75 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 10:23:35 +0100 Subject: [PATCH 47/52] Add security on fixture disabled --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36926b7..dceacd8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,6 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob=false + --set=php.fixtureCron=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 8ed75b4b53a88058469feba29574d4f008df3633 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:36:14 +0100 Subject: [PATCH 48/52] fix: 500 error in prod MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit │ {"message":"Uncaught PHP Exception TypeError: \"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned\" at ConfigurationRepository.php line 71","context":{"exception":{"class │ │ ":"TypeError","message":"App\\Repository\\ConfigurationRepository::getServicesParameter(): Return value must be of type bool, null returned","code":0,"file":"/srv/app/src/Repository/ConfigurationRepository.php:71"}},"level":500,"level_ │ │ name":"CRITICAL","channel":"request","datetime":"2024-10-28T10:38:49.791926+01:00","extra":{}} --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index c2f392d..1c2ec98 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -68,6 +68,6 @@ final class ConfigurationRepository extends ServiceEntityRepository ->setMaxResults(1) ->getQuery()->getOneOrNullResult(); - return $config['configuration']['global']['globalServicesEnabled']; + return $config['configuration']['global']['globalServicesEnabled'] ?? false; } } From 5c6b93459b85b8552e613510566805fa832af232 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 11:47:59 +0100 Subject: [PATCH 49/52] fix(ci): was not deploying Error: UPGRADE FAILED: template: plateforme-ebs/templates/fixtures-job.yaml:1:14: executing "plateforme-ebs/templates/fixtures-job.yaml" at <.Values.php.fixtureJob.enabled>: can't evaluate field enabled in type interface {} --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index dceacd8..22a4149 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,8 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob=false - --set=php.fixtureCron=false + --set=php.fixtureJob.enabled=false + --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 9d528f5aeeace90305a056715b0ed9a076308116 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 28 Oct 2024 14:28:11 +0100 Subject: [PATCH 50/52] fix(cd): error when deploying cannot patch "prod-redis-master" with kind StatefulSet: StatefulSet.apps "prod-redis-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals', 'template', 'updateStrategy', 'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden --- .github/workflows/deploy.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 22a4149..36926b7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,8 +136,6 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ - --set=php.fixtureJob.enabled=false - --set=php.fixtureCron.enabled=false --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 320073192cdbd4edd5c8e47db0984438af637d96 Mon Sep 17 00:00:00 2001 From: ThomasSamson Date: Mon, 28 Oct 2024 14:47:34 +0100 Subject: [PATCH 51/52] Fix syntax helm --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 36926b7..342ae3b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -136,6 +136,8 @@ jobs: --set=php.storage.key="${{ secrets.storage-key }}" \ --set=php.storage.secret="${{ secrets.storage-secret-key }}" \ --set=php.trustedHosts[2]=${{ needs.meta.outputs.trusted_host }} \ + --set=php.fixtureJob.enabled=false \ + --set=php.fixtureCron.anabled=false \ --values ./helm/chart/values-${{ needs.meta.outputs.context }}.yml \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' ; then echo "Deployment has failed!" From 465f51b18ebb2ceda186b2e3c2092fa14acc0e84 Mon Sep 17 00:00:00 2001 From: Slim Amamou Date: Mon, 2 Dec 2024 17:27:04 +0100 Subject: [PATCH 52/52] Fixed(ci): phpstan complaint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Error: Offset 'globalServicesEnabl…' on array{globalServicesEnabled: bool} on left side of ?? always exists and is not nullable. --- src/Repository/ConfigurationRepository.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Repository/ConfigurationRepository.php b/src/Repository/ConfigurationRepository.php index 1c2ec98..18ff75d 100644 --- a/src/Repository/ConfigurationRepository.php +++ b/src/Repository/ConfigurationRepository.php @@ -61,7 +61,7 @@ final class ConfigurationRepository extends ServiceEntityRepository public function getServicesParameter(): bool { - /** @var array{configuration: array{ global: array{ globalServicesEnabled: bool }}} $config */ + /** @var array{configuration: array{ global: array{ globalServicesEnabled: bool|null }}} $config */ $config = $this ->createQueryBuilder('c') ->select('c.configuration')