From a83b2cd5f486f638826d947c40ac52985c230381 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Sat, 13 Apr 2019 17:45:35 +0200
Subject: [PATCH 1/7] initial gitlab tests

---
 spec/docker_runtime_gitlab/runtime_spec.rb    | 105 ++++++++++++++++++
 .../runtime_no_envs_spec.rb                   | 104 +++++++++++++++++
 2 files changed, 209 insertions(+)
 create mode 100644 spec/docker_runtime_gitlab/runtime_spec.rb
 create mode 100644 spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb

diff --git a/spec/docker_runtime_gitlab/runtime_spec.rb b/spec/docker_runtime_gitlab/runtime_spec.rb
new file mode 100644
index 0000000..e226408
--- /dev/null
+++ b/spec/docker_runtime_gitlab/runtime_spec.rb
@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe 'passbolt_api service' do
+
+  before(:all) do
+    @image     = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
+    @container = Docker::Container.create(
+      'Env' => [
+        "DATASOURCES_DEFAULT_HOST=db",
+        'DATASOURCES_DEFAULT_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?',
+        'DATASOURCES_DEFAULT_USERNAME=passbolt',
+        'DATASOURCES_DEFAULT_DATABASE=passbolt',
+        'PASSBOLT_SSL_FORCE=true'
+      ],
+      'Image' => @image.id)
+    @container.start
+    @container.logs(stdout: true)
+
+    set :docker_container, @container.id
+    sleep 17
+  end
+
+  after(:all) do
+    @container.kill
+  end
+
+  let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
+  let(:uri)               { "/healthcheck/status.json" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+
+  describe 'php service' do
+    it 'is running supervised' do
+      expect(service('php-fpm')).to be_running.under('supervisor')
+    end
+
+    it 'has its port open' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
+    end
+  end
+
+  describe 'email cron' do
+    it 'is running supervised' do
+      expect(service('cron')).to be_running.under('supervisor')
+    end
+  end
+
+  describe 'web service' do
+    it 'is running supervised' do
+      expect(service('nginx')).to be_running.under('supervisor')
+    end
+
+    it 'is listening on port 80' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+    end
+
+    it 'is listening on port 443' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+    end
+  end
+
+  describe 'passbolt status' do
+    it 'returns 200' do
+      expect(command(curl).stdout).to eq '200'
+    end
+  end
+
+  describe 'passbolt serverkey unaccessible' do
+    let(:uri) { '/config/gpg/serverkey.asc' }
+    it "returns 404" do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    let(:uri) { '/config/gpg/serverkey_private.asc' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf unaccessible' do
+    let(:uri) { '/config/app.php' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+  describe 'passbolt tmp folder is unaccessible' do
+    let(:uri) { '/tmp/cache/database/empty' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'hide information' do
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    it 'hides php version' do
+      expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
+    end
+
+    it 'hides nginx version' do
+      expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/)
+    end
+  end
+
+end
diff --git a/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb b/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb
new file mode 100644
index 0000000..a82c00d
--- /dev/null
+++ b/spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb
@@ -0,0 +1,104 @@
+require 'spec_helper'
+
+describe 'passbolt_api service' do
+
+  before(:all) do
+    @image     = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
+
+    @container = Docker::Container.create(
+      'Env' => [
+        "DATASOURCES_DEFAULT_HOST=db",
+      ],
+      'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ],
+      'Image' => @image.id)
+
+    @container.start
+    @container.logs(stdout: true)
+
+    set :docker_container, @container.id
+    sleep 17
+  end
+
+  after(:all) do
+    @container.kill
+  end
+
+  let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
+  let(:uri)               { "/healthcheck/status.json" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+
+  describe 'php service' do
+    it 'is running supervised' do
+      expect(service('php-fpm')).to be_running.under('supervisor')
+    end
+
+    it 'has its port open' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
+    end
+  end
+
+  describe 'email cron' do
+    it 'is running supervised' do
+      expect(service('cron')).to be_running.under('supervisor')
+    end
+  end
+
+  describe 'web service' do
+    it 'is running supervised' do
+      expect(service('nginx')).to be_running.under('supervisor')
+    end
+
+    it 'is listening on port 80' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+    end
+
+    it 'is listening on port 443' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+    end
+  end
+
+  describe 'passbolt status' do
+    it 'returns 200' do
+      expect(command(curl).stdout).to eq '200'
+    end
+  end
+
+  describe 'passbolt serverkey unaccessible' do
+    let(:uri) { '/config/gpg/serverkey.asc' }
+    it "returns 404" do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    let(:uri) { '/config/gpg/serverkey_private.asc' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf unaccessible' do
+    let(:uri) { '/config/app.php' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+  describe 'passbolt tmp folder is unaccessible' do
+    let(:uri) { '/tmp/cache/database/empty' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'hide information' do
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    it 'hides php version' do
+      expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
+    end
+
+    it 'hides nginx version' do
+      expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/)
+    end
+  end
+
+end

From eebb5a582ce9eb6436171a574e6c3fbd01e5126e Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Sat, 13 Apr 2019 18:28:10 +0200
Subject: [PATCH 2/7] initial docker image builds

---
 .gitlab-ci.yml                  | 11 +++++++++++
 .gitlab-ci/Jobs/build_image.yml | 30 ++++++++++++++++++++++++++++++
 Dockerfile                      | 19 +++++++++++--------
 3 files changed, 52 insertions(+), 8 deletions(-)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 .gitlab-ci/Jobs/build_image.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..9376025
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,11 @@
+image: alpine:latest
+
+variables:
+  DOCKER_DRIVER: overlay2
+
+stages:
+  - build
+
+include:
+  - template: '/.gitlab-ci/Jobs/build_image.yml'
+
diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
new file mode 100644
index 0000000..3a057dc
--- /dev/null
+++ b/.gitlab-ci/Jobs/build_image.yml
@@ -0,0 +1,30 @@
+.build-template:
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  script:
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
+    - |
+      /kaniko/executor --context $CI_PROJECT_DIR \
+        --build-arg PASSBOLT_URL="$PASSBOLT_URL" \
+        --build-arg PHP_EXTENSIONS="$PHP_EXTENSIONS" \
+        --build-arg PASSBOLT_BASE_PACKAGES="$PASSBOLT_BASE_PACKAGES" \
+        --build-arg PASSBOLT_DEV_PACKAGES="$PASSBOLT_DEV_PACKAGES" \
+        --dockerfile $CI_PROJECT_DIR/Dockerfile \
+        --destination $CI_REGISTRY_IMAGE:$PASSBOLT_FLAVOUR-$CI_COMMIT_TAG
+
+passbolt-ce-prerelease:
+  extends: .build-template
+  variables:
+    PHP_EXTENSIONS: "gnupg redis mcrypt"
+    PASSBOLT_BASE_PACKAGES: "nginx gnupg libgpgme11 libmcrypt4 mysql-client supervisor cron"
+    PASSBOLT_DEV_PACKAGES: "libpng-dev libjpeg62-turbo-dev libicu-dev libxslt1-dev libmcrypt-dev unzip git"
+    PASSBOLT_FLAVOUR: "passbolt-ce"
+
+passbolt-pro-prerelease:
+  extends: .build-template
+  variables:
+    PHP_EXTENSIONS: "gnupg redis mcrypt ldap"
+    PASSBOLT_BASE_PACKAGES: "nginx gnupg libgpgme11 libmcrypt4 mysql-client supervisor cron"
+    PASSBOLT_DEV_PACKAGES: "libldap2-dev libpng-dev libjpeg62-turbo-dev libicu-dev libxslt1-dev libmcrypt-dev unzip git"
+    PASSBOLT_FLAVOUR: "passbolt-pro"
diff --git a/Dockerfile b/Dockerfile
index b8e4e93..08d9bb5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,19 +24,22 @@ ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \
       unzip \
       git"
 
-ENV PECL_BASE_URL="https://pecl.php.net/get"
-ENV PHP_EXT_DIR="/usr/src/php/ext"
-
-WORKDIR /var/www/passbolt
-RUN apt-get update \
-    && apt-get -y install --no-install-recommends $PASSBOLT_DEV_PACKAGES \
-         nginx \
+ARG PASSBOLT_BASE_PACKAGES="nginx \
          gnupg \
          libgpgme11 \
          libmcrypt4 \
          mysql-client \
          supervisor \
-         cron \
+         cron"
+
+ENV PECL_BASE_URL="https://pecl.php.net/get"
+ENV PHP_EXT_DIR="/usr/src/php/ext"
+
+WORKDIR /var/www/passbolt
+RUN apt-get update \
+    && apt-get -y install --no-install-recommends \
+      $PASSBOLT_DEV_PACKAGES \
+      $PASSBOLT_BASE_PACKAGES \
     && mkdir /home/www-data \
     && chown -R www-data:www-data /home/www-data \
     && usermod -d /home/www-data www-data \

From dc8a33437858c7027543c17931bb09f453d5a7e8 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Sat, 13 Apr 2019 18:44:13 +0200
Subject: [PATCH 3/7] updated build template

---
 .gitlab-ci/Jobs/build_image.yml | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
index 3a057dc..39d6a89 100644
--- a/.gitlab-ci/Jobs/build_image.yml
+++ b/.gitlab-ci/Jobs/build_image.yml
@@ -1,4 +1,4 @@
-.build-template:
+passbolt-prerelease:
   image:
     name: gcr.io/kaniko-project/executor:debug
     entrypoint: [""]
@@ -11,20 +11,4 @@
         --build-arg PASSBOLT_BASE_PACKAGES="$PASSBOLT_BASE_PACKAGES" \
         --build-arg PASSBOLT_DEV_PACKAGES="$PASSBOLT_DEV_PACKAGES" \
         --dockerfile $CI_PROJECT_DIR/Dockerfile \
-        --destination $CI_REGISTRY_IMAGE:$PASSBOLT_FLAVOUR-$CI_COMMIT_TAG
-
-passbolt-ce-prerelease:
-  extends: .build-template
-  variables:
-    PHP_EXTENSIONS: "gnupg redis mcrypt"
-    PASSBOLT_BASE_PACKAGES: "nginx gnupg libgpgme11 libmcrypt4 mysql-client supervisor cron"
-    PASSBOLT_DEV_PACKAGES: "libpng-dev libjpeg62-turbo-dev libicu-dev libxslt1-dev libmcrypt-dev unzip git"
-    PASSBOLT_FLAVOUR: "passbolt-ce"
-
-passbolt-pro-prerelease:
-  extends: .build-template
-  variables:
-    PHP_EXTENSIONS: "gnupg redis mcrypt ldap"
-    PASSBOLT_BASE_PACKAGES: "nginx gnupg libgpgme11 libmcrypt4 mysql-client supervisor cron"
-    PASSBOLT_DEV_PACKAGES: "libldap2-dev libpng-dev libjpeg62-turbo-dev libicu-dev libxslt1-dev libmcrypt-dev unzip git"
-    PASSBOLT_FLAVOUR: "passbolt-pro"
+        --destination $CI_REGISTRY_IMAGE:$PASSBOLT_FLAVOUR-$UPSTREAM_COMMIT_SHA

From f734fc21b2cced5a5484076297e548e881018b15 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Sat, 13 Apr 2019 18:46:11 +0200
Subject: [PATCH 4/7] removed template keyword

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9376025..1b5496a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,5 +7,5 @@ stages:
   - build
 
 include:
-  - template: '/.gitlab-ci/Jobs/build_image.yml'
+  - '/.gitlab-ci/Jobs/build_image.yml'
 

From e746e0a1a7c4abbb142ccab0554fdc82e32d7d40 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Sat, 13 Apr 2019 18:47:50 +0200
Subject: [PATCH 5/7] stage parameter should be build

---
 .gitlab-ci/Jobs/build_image.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
index 39d6a89..2a7c6a2 100644
--- a/.gitlab-ci/Jobs/build_image.yml
+++ b/.gitlab-ci/Jobs/build_image.yml
@@ -1,4 +1,5 @@
 passbolt-prerelease:
+  stage: build
   image:
     name: gcr.io/kaniko-project/executor:debug
     entrypoint: [""]

From 01157af417398822ff37eeda62ebe01fbc6b5f14 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Wed, 17 Apr 2019 17:11:06 +0200
Subject: [PATCH 6/7] updated changelog 2.8.4

---
 CHANGELOG.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0d6d369..feff0a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,13 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.4...HEAD)
 
-## [2.8.2](https://github.com/passbolt/passbolt_docker/compare/v2.8.2...v2.8.3) - 2019-04-02
+## [2.8.4](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...v2.8.4) - 2019-04-17
+
+This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v2.8.3...v2.8.4) for passbolt_api
+
+## [2.8.3](https://github.com/passbolt/passbolt_docker/compare/v2.8.2...v2.8.3) - 2019-04-02
 
 ### Added
 

From 16fa9d48073409e6e984289aca1151dd648645dc Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Wed, 17 Apr 2019 17:24:09 +0200
Subject: [PATCH 7/7] version bump 2.8.4

---
 Dockerfile             | 2 +-
 docker-compose-pro.yml | 2 +-
 docker-compose.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 08d9bb5..036339a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM php:7.2-fpm
 
 LABEL maintainer="diego@passbolt.com"
 
-ARG PASSBOLT_VERSION="2.8.3"
+ARG PASSBOLT_VERSION="2.8.4"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
 ARG PHP_EXTENSIONS="gd \
diff --git a/docker-compose-pro.yml b/docker-compose-pro.yml
index 5eadd6f..3f8a353 100644
--- a/docker-compose-pro.yml
+++ b/docker-compose-pro.yml
@@ -10,7 +10,7 @@ services:
       - "127.0.0.1:3306:3306"
 
   passbolt:
-    image: passbolt/passbolt:2.8.3-pro-debian
+    image: passbolt/passbolt:2.8.4-pro-debian
     tty: true
     depends_on:
       - db
diff --git a/docker-compose.yml b/docker-compose.yml
index 83b24a9..f5756c2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,7 @@ services:
       - "127.0.0.1:3306:3306"
 
   passbolt:
-    image: passbolt/passbolt:2.8.3-debian
+    image: passbolt/passbolt:2.8.4-debian
     tty: true
     depends_on:
       - db