diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..1b5496a --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,11 @@ +image: alpine:latest + +variables: + DOCKER_DRIVER: overlay2 + +stages: + - build + +include: + - '/.gitlab-ci/Jobs/build_image.yml' + diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml new file mode 100644 index 0000000..2a7c6a2 --- /dev/null +++ b/.gitlab-ci/Jobs/build_image.yml @@ -0,0 +1,15 @@ +passbolt-prerelease: + stage: build + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + script: + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json + - | + /kaniko/executor --context $CI_PROJECT_DIR \ + --build-arg PASSBOLT_URL="$PASSBOLT_URL" \ + --build-arg PHP_EXTENSIONS="$PHP_EXTENSIONS" \ + --build-arg PASSBOLT_BASE_PACKAGES="$PASSBOLT_BASE_PACKAGES" \ + --build-arg PASSBOLT_DEV_PACKAGES="$PASSBOLT_DEV_PACKAGES" \ + --dockerfile $CI_PROJECT_DIR/Dockerfile \ + --destination $CI_REGISTRY_IMAGE:$PASSBOLT_FLAVOUR-$UPSTREAM_COMMIT_SHA diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d6d369..feff0a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,13 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...HEAD) +## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.4...HEAD) -## [2.8.2](https://github.com/passbolt/passbolt_docker/compare/v2.8.2...v2.8.3) - 2019-04-02 +## [2.8.4](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...v2.8.4) - 2019-04-17 + +This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v2.8.3...v2.8.4) for passbolt_api + +## [2.8.3](https://github.com/passbolt/passbolt_docker/compare/v2.8.2...v2.8.3) - 2019-04-02 ### Added diff --git a/Dockerfile b/Dockerfile index b8e4e93..036339a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM php:7.2-fpm LABEL maintainer="diego@passbolt.com" -ARG PASSBOLT_VERSION="2.8.3" +ARG PASSBOLT_VERSION="2.8.4" ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" ARG PHP_EXTENSIONS="gd \ @@ -24,19 +24,22 @@ ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \ unzip \ git" -ENV PECL_BASE_URL="https://pecl.php.net/get" -ENV PHP_EXT_DIR="/usr/src/php/ext" - -WORKDIR /var/www/passbolt -RUN apt-get update \ - && apt-get -y install --no-install-recommends $PASSBOLT_DEV_PACKAGES \ - nginx \ +ARG PASSBOLT_BASE_PACKAGES="nginx \ gnupg \ libgpgme11 \ libmcrypt4 \ mysql-client \ supervisor \ - cron \ + cron" + +ENV PECL_BASE_URL="https://pecl.php.net/get" +ENV PHP_EXT_DIR="/usr/src/php/ext" + +WORKDIR /var/www/passbolt +RUN apt-get update \ + && apt-get -y install --no-install-recommends \ + $PASSBOLT_DEV_PACKAGES \ + $PASSBOLT_BASE_PACKAGES \ && mkdir /home/www-data \ && chown -R www-data:www-data /home/www-data \ && usermod -d /home/www-data www-data \ diff --git a/docker-compose-pro.yml b/docker-compose-pro.yml index 5eadd6f..3f8a353 100644 --- a/docker-compose-pro.yml +++ b/docker-compose-pro.yml @@ -10,7 +10,7 @@ services: - "127.0.0.1:3306:3306" passbolt: - image: passbolt/passbolt:2.8.3-pro-debian + image: passbolt/passbolt:2.8.4-pro-debian tty: true depends_on: - db diff --git a/docker-compose.yml b/docker-compose.yml index 83b24a9..f5756c2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - "127.0.0.1:3306:3306" passbolt: - image: passbolt/passbolt:2.8.3-debian + image: passbolt/passbolt:2.8.4-debian tty: true depends_on: - db diff --git a/spec/docker_runtime_gitlab/runtime_spec.rb b/spec/docker_runtime_gitlab/runtime_spec.rb new file mode 100644 index 0000000..e226408 --- /dev/null +++ b/spec/docker_runtime_gitlab/runtime_spec.rb @@ -0,0 +1,105 @@ +require 'spec_helper' + +describe 'passbolt_api service' do + + before(:all) do + @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) + @container = Docker::Container.create( + 'Env' => [ + "DATASOURCES_DEFAULT_HOST=db", + 'DATASOURCES_DEFAULT_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?', + 'DATASOURCES_DEFAULT_USERNAME=passbolt', + 'DATASOURCES_DEFAULT_DATABASE=passbolt', + 'PASSBOLT_SSL_FORCE=true' + ], + 'Image' => @image.id) + @container.start + @container.logs(stdout: true) + + set :docker_container, @container.id + sleep 17 + end + + after(:all) do + @container.kill + end + + let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } + let(:uri) { "/healthcheck/status.json" } + let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } + + describe 'php service' do + it 'is running supervised' do + expect(service('php-fpm')).to be_running.under('supervisor') + end + + it 'has its port open' do + expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp') + end + end + + describe 'email cron' do + it 'is running supervised' do + expect(service('cron')).to be_running.under('supervisor') + end + end + + describe 'web service' do + it 'is running supervised' do + expect(service('nginx')).to be_running.under('supervisor') + end + + it 'is listening on port 80' do + expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') + end + + it 'is listening on port 443' do + expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') + end + end + + describe 'passbolt status' do + it 'returns 200' do + expect(command(curl).stdout).to eq '200' + end + end + + describe 'passbolt serverkey unaccessible' do + let(:uri) { '/config/gpg/serverkey.asc' } + it "returns 404" do + expect(command(curl).stdout).to eq '404' + end + end + + describe 'passbolt serverkey private unaccessible' do + let(:uri) { '/config/gpg/serverkey_private.asc' } + it 'returns 404' do + expect(command(curl).stdout).to eq '404' + end + end + + describe 'passbolt conf unaccessible' do + let(:uri) { '/config/app.php' } + it 'returns 404' do + expect(command(curl).stdout).to eq '404' + end + end + describe 'passbolt tmp folder is unaccessible' do + let(:uri) { '/tmp/cache/database/empty' } + it 'returns 404' do + expect(command(curl).stdout).to eq '404' + end + end + + describe 'hide information' do + let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" } + it 'hides php version' do + expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty + end + + it 'hides nginx version' do + expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/) + end + end + +end diff --git a/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb b/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb new file mode 100644 index 0000000..a82c00d --- /dev/null +++ b/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb @@ -0,0 +1,104 @@ +require 'spec_helper' + +describe 'passbolt_api service' do + + before(:all) do + @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES) + + @container = Docker::Container.create( + 'Env' => [ + "DATASOURCES_DEFAULT_HOST=db", + ], + 'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ], + 'Image' => @image.id) + + @container.start + @container.logs(stdout: true) + + set :docker_container, @container.id + sleep 17 + end + + after(:all) do + @container.kill + end + + let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] } + let(:uri) { "/healthcheck/status.json" } + let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" } + + describe 'php service' do + it 'is running supervised' do + expect(service('php-fpm')).to be_running.under('supervisor') + end + + it 'has its port open' do + expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp') + end + end + + describe 'email cron' do + it 'is running supervised' do + expect(service('cron')).to be_running.under('supervisor') + end + end + + describe 'web service' do + it 'is running supervised' do + expect(service('nginx')).to be_running.under('supervisor') + end + + it 'is listening on port 80' do + expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp') + end + + it 'is listening on port 443' do + expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp') + end + end + + describe 'passbolt status' do + it 'returns 200' do + expect(command(curl).stdout).to eq '200' + end + end + + describe 'passbolt serverkey unaccessible' do + let(:uri) { '/config/gpg/serverkey.asc' } + it "returns 404" do + expect(command(curl).stdout).to eq '404' + end + end + + describe 'passbolt serverkey private unaccessible' do + let(:uri) { '/config/gpg/serverkey_private.asc' } + it 'returns 404' do + expect(command(curl).stdout).to eq '404' + end + end + + describe 'passbolt conf unaccessible' do + let(:uri) { '/config/app.php' } + it 'returns 404' do + expect(command(curl).stdout).to eq '404' + end + end + describe 'passbolt tmp folder is unaccessible' do + let(:uri) { '/tmp/cache/database/empty' } + it 'returns 404' do + expect(command(curl).stdout).to eq '404' + end + end + + describe 'hide information' do + let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" } + it 'hides php version' do + expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty + end + + it 'hides nginx version' do + expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/) + end + end + +end