From edd9cb625b5a656c8b00e514017eba6799a00759 Mon Sep 17 00:00:00 2001 From: Abhinav Kumar Date: Thu, 18 Apr 2019 01:00:43 +0530 Subject: [PATCH 1/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bc62673..83f203d 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ Passbolt docker image provides several environment variables to configure differ | PASSBOLT_SECURITY_SET_HEADERS | Send CSP Headers | true | | SECURITY_SALT | CakePHP security salt | __SALT__ | For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php) -For more env variables supported please check [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php) +and [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php) ### Configuration files From cab0b711340893b63d677f6722418f069fd985f0 Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Thu, 18 Apr 2019 08:55:28 +0200 Subject: [PATCH 2/7] cleanup gitlab files --- .gitlab-ci.yml | 11 ----------- .gitlab-ci/Jobs/build_image.yml | 15 --------------- Dockerfile | 2 +- 3 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 .gitlab-ci.yml delete mode 100644 .gitlab-ci/Jobs/build_image.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 1b5496a..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,11 +0,0 @@ -image: alpine:latest - -variables: - DOCKER_DRIVER: overlay2 - -stages: - - build - -include: - - '/.gitlab-ci/Jobs/build_image.yml' - diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml deleted file mode 100644 index 2a7c6a2..0000000 --- a/.gitlab-ci/Jobs/build_image.yml +++ /dev/null @@ -1,15 +0,0 @@ -passbolt-prerelease: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - script: - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - - | - /kaniko/executor --context $CI_PROJECT_DIR \ - --build-arg PASSBOLT_URL="$PASSBOLT_URL" \ - --build-arg PHP_EXTENSIONS="$PHP_EXTENSIONS" \ - --build-arg PASSBOLT_BASE_PACKAGES="$PASSBOLT_BASE_PACKAGES" \ - --build-arg PASSBOLT_DEV_PACKAGES="$PASSBOLT_DEV_PACKAGES" \ - --dockerfile $CI_PROJECT_DIR/Dockerfile \ - --destination $CI_REGISTRY_IMAGE:$PASSBOLT_FLAVOUR-$UPSTREAM_COMMIT_SHA diff --git a/Dockerfile b/Dockerfile index 036339a..3f1c0a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,6 +62,7 @@ RUN apt-get update \ fi \ && php composer-setup.php \ && mv composer.phar /usr/local/bin/composer \ + && rm composer-setup.php \ && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \ && composer install -n --no-dev --optimize-autoloader \ && chown -R www-data:www-data . \ @@ -77,7 +78,6 @@ RUN apt-get update \ && sed -i 's/# server_tokens/server_tokens/' /etc/nginx/nginx.conf \ && mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" - COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf COPY conf/supervisor/*.conf /etc/supervisor/conf.d/ COPY bin/docker-entrypoint.sh /docker-entrypoint.sh From f47605ab44b03283e21392b6dd524327d0a17f1a Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Fri, 19 Apr 2019 13:09:52 +0200 Subject: [PATCH 3/7] removed: git --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3f1c0a6..8ad848b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,8 +21,7 @@ ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \ libicu-dev \ libxslt1-dev \ libmcrypt-dev \ - unzip \ - git" + unzip" ARG PASSBOLT_BASE_PACKAGES="nginx \ gnupg \ From b57aff56d4a8d6008459450eb3413c10ebfb0596 Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Wed, 24 Apr 2019 13:30:07 +0200 Subject: [PATCH 4/7] Added support for curl headers on build --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8ad848b..8e7cf96 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ LABEL maintainer="diego@passbolt.com" ARG PASSBOLT_VERSION="2.8.4" ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" +ARG PASSBOLT_CURL_HEADERS="" ARG PHP_EXTENSIONS="gd \ intl \ @@ -62,7 +63,7 @@ RUN apt-get update \ && php composer-setup.php \ && mv composer.phar /usr/local/bin/composer \ && rm composer-setup.php \ - && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \ + && curl -sSL -H "$PASSBOLT_CURL_HEADERS" "$PASSBOLT_URL" | tar zxf - -C . --strip-components 1 \ && composer install -n --no-dev --optimize-autoloader \ && chown -R www-data:www-data . \ && chmod 775 $(find /var/www/passbolt/tmp -type d) \ From 5c12147d05fee544d2fe3caf307c22b39587e27a Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Wed, 24 Apr 2019 14:16:48 +0200 Subject: [PATCH 5/7] version bump 2.9.0 --- Dockerfile | 2 +- docker-compose-pro.yml | 2 +- docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8e7cf96..68819bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM php:7.2-fpm LABEL maintainer="diego@passbolt.com" -ARG PASSBOLT_VERSION="2.8.4" +ARG PASSBOLT_VERSION="2.9.0" ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" ARG PASSBOLT_CURL_HEADERS="" diff --git a/docker-compose-pro.yml b/docker-compose-pro.yml index 3f8a353..e1ab1d3 100644 --- a/docker-compose-pro.yml +++ b/docker-compose-pro.yml @@ -10,7 +10,7 @@ services: - "127.0.0.1:3306:3306" passbolt: - image: passbolt/passbolt:2.8.4-pro-debian + image: passbolt/passbolt:2.9.0-pro-debian tty: true depends_on: - db diff --git a/docker-compose.yml b/docker-compose.yml index f5756c2..5bf7ca5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - "127.0.0.1:3306:3306" passbolt: - image: passbolt/passbolt:2.8.4-debian + image: passbolt/passbolt:2.9.0-debian tty: true depends_on: - db From 69d62c9a3a5181dad4d54ac3fcfe03bd4ad64c59 Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Wed, 24 Apr 2019 14:24:38 +0200 Subject: [PATCH 6/7] updated CHANGELOG --- CHANGELOG.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index feff0a7..bbad0e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,18 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.4...HEAD) +## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.9.0...HEAD) + +## [2.9.0](https://github.com/passbolt/passbolt_docker/compare/v2.8.4...v2.9.0) - 2019-04-24 + +### Added + +- Build arg to pass headers to curl +- Removed git as dev dependency + +### Fixed + +- Fix typo in Readme [#125](https://github.com/passbolt/passbolt_docker/pull/125) ## [2.8.4](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...v2.8.4) - 2019-04-17 From d020281854a07c7faf0208ce79010b9d5d300247 Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Wed, 24 Apr 2019 14:26:15 +0200 Subject: [PATCH 7/7] Cleanup tests --- spec/docker_runtime_gitlab/runtime_spec.rb | 105 ------------------ .../runtime_no_envs_spec.rb | 104 ----------------- 2 files changed, 209 deletions(-) delete mode 100644 spec/docker_runtime_gitlab/runtime_spec.rb delete mode 100644 spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb diff --git a/spec/docker_runtime_gitlab/runtime_spec.rb b/spec/docker_runtime_gitlab/runtime_spec.rb deleted file mode 100644 index e226408..0000000 --- a/spec/docker_runtime_gitlab/runtime_spec.rb +++ /dev/null @@ -1,105 +0,0 @@ -require 'spec_helper' - -describe 'passbolt_api service' do - - before(:all) do - @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) - @container = Docker::Container.create( - 'Env' => [ - "DATASOURCES_DEFAULT_HOST=db", - 'DATASOURCES_DEFAULT_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?', - 'DATASOURCES_DEFAULT_USERNAME=passbolt', - 'DATASOURCES_DEFAULT_DATABASE=passbolt', - 'PASSBOLT_SSL_FORCE=true' - ], - 'Image' => @image.id) - @container.start - @container.logs(stdout: true) - - set :docker_container, @container.id - sleep 17 - end - - after(:all) do - @container.kill - end - - let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } - let(:uri) { "/healthcheck/status.json" } - let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } - - describe 'php service' do - it 'is running supervised' do - expect(service('php-fpm')).to be_running.under('supervisor') - end - - it 'has its port open' do - expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp') - end - end - - describe 'email cron' do - it 'is running supervised' do - expect(service('cron')).to be_running.under('supervisor') - end - end - - describe 'web service' do - it 'is running supervised' do - expect(service('nginx')).to be_running.under('supervisor') - end - - it 'is listening on port 80' do - expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') - end - - it 'is listening on port 443' do - expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') - end - end - - describe 'passbolt status' do - it 'returns 200' do - expect(command(curl).stdout).to eq '200' - end - end - - describe 'passbolt serverkey unaccessible' do - let(:uri) { '/config/gpg/serverkey.asc' } - it "returns 404" do - expect(command(curl).stdout).to eq '404' - end - end - - describe 'passbolt serverkey private unaccessible' do - let(:uri) { '/config/gpg/serverkey_private.asc' } - it 'returns 404' do - expect(command(curl).stdout).to eq '404' - end - end - - describe 'passbolt conf unaccessible' do - let(:uri) { '/config/app.php' } - it 'returns 404' do - expect(command(curl).stdout).to eq '404' - end - end - describe 'passbolt tmp folder is unaccessible' do - let(:uri) { '/tmp/cache/database/empty' } - it 'returns 404' do - expect(command(curl).stdout).to eq '404' - end - end - - describe 'hide information' do - let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" } - it 'hides php version' do - expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty - end - - it 'hides nginx version' do - expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/) - end - end - -end diff --git a/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb b/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb deleted file mode 100644 index a82c00d..0000000 --- a/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb +++ /dev/null @@ -1,104 +0,0 @@ -require 'spec_helper' - -describe 'passbolt_api service' do - - before(:all) do - @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) - - @container = Docker::Container.create( - 'Env' => [ - "DATASOURCES_DEFAULT_HOST=db", - ], - 'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ], - 'Image' => @image.id) - - @container.start - @container.logs(stdout: true) - - set :docker_container, @container.id - sleep 17 - end - - after(:all) do - @container.kill - end - - let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } - let(:uri) { "/healthcheck/status.json" } - let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } - - describe 'php service' do - it 'is running supervised' do - expect(service('php-fpm')).to be_running.under('supervisor') - end - - it 'has its port open' do - expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp') - end - end - - describe 'email cron' do - it 'is running supervised' do - expect(service('cron')).to be_running.under('supervisor') - end - end - - describe 'web service' do - it 'is running supervised' do - expect(service('nginx')).to be_running.under('supervisor') - end - - it 'is listening on port 80' do - expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') - end - - it 'is listening on port 443' do - expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') - end - end - - describe 'passbolt status' do - it 'returns 200' do - expect(command(curl).stdout).to eq '200' - end - end - - describe 'passbolt serverkey unaccessible' do - let(:uri) { '/config/gpg/serverkey.asc' } - it "returns 404" do - expect(command(curl).stdout).to eq '404' - end - end - - describe 'passbolt serverkey private unaccessible' do - let(:uri) { '/config/gpg/serverkey_private.asc' } - it 'returns 404' do - expect(command(curl).stdout).to eq '404' - end - end - - describe 'passbolt conf unaccessible' do - let(:uri) { '/config/app.php' } - it 'returns 404' do - expect(command(curl).stdout).to eq '404' - end - end - describe 'passbolt tmp folder is unaccessible' do - let(:uri) { '/tmp/cache/database/empty' } - it 'returns 404' do - expect(command(curl).stdout).to eq '404' - end - end - - describe 'hide information' do - let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" } - it 'hides php version' do - expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty - end - - it 'hides nginx version' do - expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/) - end - end - -end