Merge branch 'release/v2.8.4'

.gitlab-ci.yml

@@ -0,0 +1,11 @@
+image: alpine:latest
+
+variables:
+  DOCKER_DRIVER: overlay2
+
+stages:
+  - build
+
+include:
+  - '/.gitlab-ci/Jobs/build_image.yml'
+

.gitlab-ci/Jobs/build_image.yml

@@ -0,0 +1,15 @@
+passbolt-prerelease:
+  stage: build
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  script:
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
+    - |
+      /kaniko/executor --context $CI_PROJECT_DIR \
+        --build-arg PASSBOLT_URL="$PASSBOLT_URL" \
+        --build-arg PHP_EXTENSIONS="$PHP_EXTENSIONS" \
+        --build-arg PASSBOLT_BASE_PACKAGES="$PASSBOLT_BASE_PACKAGES" \
+        --build-arg PASSBOLT_DEV_PACKAGES="$PASSBOLT_DEV_PACKAGES" \
+        --dockerfile $CI_PROJECT_DIR/Dockerfile \
+        --destination $CI_REGISTRY_IMAGE:$PASSBOLT_FLAVOUR-$UPSTREAM_COMMIT_SHA

CHANGELOG.md

@@ -2,9 +2,13 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.8.4...HEAD)
 
-## [2.8.2](https://github.com/passbolt/passbolt_docker/compare/v2.8.2...v2.8.3) - 2019-04-02
+## [2.8.4](https://github.com/passbolt/passbolt_docker/compare/v2.8.3...v2.8.4) - 2019-04-17
+
+This is a sync release. Check [changes](https://github.com/passbolt/passbolt_api/compare/v2.8.3...v2.8.4) for passbolt_api
+
+## [2.8.3](https://github.com/passbolt/passbolt_docker/compare/v2.8.2...v2.8.3) - 2019-04-02
 
 ### Added
 

Dockerfile

@@ -2,7 +2,7 @@ FROM php:7.2-fpm
 
 LABEL maintainer="diego@passbolt.com"
 
-ARG PASSBOLT_VERSION="2.8.3"
+ARG PASSBOLT_VERSION="2.8.4"
 ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
 
 ARG PHP_EXTENSIONS="gd \
@@ -24,19 +24,22 @@ ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \
       unzip \
       git"
 
-ENV PECL_BASE_URL="https://pecl.php.net/get"
-ENV PHP_EXT_DIR="/usr/src/php/ext"
-
-WORKDIR /var/www/passbolt
-RUN apt-get update \
-    && apt-get -y install --no-install-recommends $PASSBOLT_DEV_PACKAGES \
-         nginx \
+ARG PASSBOLT_BASE_PACKAGES="nginx \
          gnupg \
          libgpgme11 \
          libmcrypt4 \
          mysql-client \
          supervisor \
-         cron \
+         cron"
+
+ENV PECL_BASE_URL="https://pecl.php.net/get"
+ENV PHP_EXT_DIR="/usr/src/php/ext"
+
+WORKDIR /var/www/passbolt
+RUN apt-get update \
+    && apt-get -y install --no-install-recommends \
+      $PASSBOLT_DEV_PACKAGES \
+      $PASSBOLT_BASE_PACKAGES \
     && mkdir /home/www-data \
     && chown -R www-data:www-data /home/www-data \
     && usermod -d /home/www-data www-data \

docker-compose-pro.yml

@@ -10,7 +10,7 @@ services:
       - "127.0.0.1:3306:3306"
 
   passbolt:
-    image: passbolt/passbolt:2.8.3-pro-debian
+    image: passbolt/passbolt:2.8.4-pro-debian
     tty: true
     depends_on:
       - db

docker-compose.yml

@@ -10,7 +10,7 @@ services:
       - "127.0.0.1:3306:3306"
 
   passbolt:
-    image: passbolt/passbolt:2.8.3-debian
+    image: passbolt/passbolt:2.8.4-debian
     tty: true
     depends_on:
       - db

spec/docker_runtime_gitlab/runtime_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe 'passbolt_api service' do
+
+  before(:all) do
+    @image     = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
+    @container = Docker::Container.create(
+      'Env' => [
+        "DATASOURCES_DEFAULT_HOST=db",
+        'DATASOURCES_DEFAULT_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?',
+        'DATASOURCES_DEFAULT_USERNAME=passbolt',
+        'DATASOURCES_DEFAULT_DATABASE=passbolt',
+        'PASSBOLT_SSL_FORCE=true'
+      ],
+      'Image' => @image.id)
+    @container.start
+    @container.logs(stdout: true)
+
+    set :docker_container, @container.id
+    sleep 17
+  end
+
+  after(:all) do
+    @container.kill
+  end
+
+  let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
+  let(:uri)               { "/healthcheck/status.json" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+
+  describe 'php service' do
+    it 'is running supervised' do
+      expect(service('php-fpm')).to be_running.under('supervisor')
+    end
+
+    it 'has its port open' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
+    end
+  end
+
+  describe 'email cron' do
+    it 'is running supervised' do
+      expect(service('cron')).to be_running.under('supervisor')
+    end
+  end
+
+  describe 'web service' do
+    it 'is running supervised' do
+      expect(service('nginx')).to be_running.under('supervisor')
+    end
+
+    it 'is listening on port 80' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+    end
+
+    it 'is listening on port 443' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+    end
+  end
+
+  describe 'passbolt status' do
+    it 'returns 200' do
+      expect(command(curl).stdout).to eq '200'
+    end
+  end
+
+  describe 'passbolt serverkey unaccessible' do
+    let(:uri) { '/config/gpg/serverkey.asc' }
+    it "returns 404" do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    let(:uri) { '/config/gpg/serverkey_private.asc' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf unaccessible' do
+    let(:uri) { '/config/app.php' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+  describe 'passbolt tmp folder is unaccessible' do
+    let(:uri) { '/tmp/cache/database/empty' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'hide information' do
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    it 'hides php version' do
+      expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
+    end
+
+    it 'hides nginx version' do
+      expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/)
+    end
+  end
+
+end

spec/docker_runtime_gitlab_no_envs/runtime_no_envs_spec.rb

@@ -0,0 +1,104 @@
+require 'spec_helper'
+
+describe 'passbolt_api service' do
+
+  before(:all) do
+    @image     = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
+
+    @container = Docker::Container.create(
+      'Env' => [
+        "DATASOURCES_DEFAULT_HOST=db",
+      ],
+      'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ],
+      'Image' => @image.id)
+
+    @container.start
+    @container.logs(stdout: true)
+
+    set :docker_container, @container.id
+    sleep 17
+  end
+
+  after(:all) do
+    @container.kill
+  end
+
+  let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
+  let(:uri)               { "/healthcheck/status.json" }
+  let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
+
+  describe 'php service' do
+    it 'is running supervised' do
+      expect(service('php-fpm')).to be_running.under('supervisor')
+    end
+
+    it 'has its port open' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
+    end
+  end
+
+  describe 'email cron' do
+    it 'is running supervised' do
+      expect(service('cron')).to be_running.under('supervisor')
+    end
+  end
+
+  describe 'web service' do
+    it 'is running supervised' do
+      expect(service('nginx')).to be_running.under('supervisor')
+    end
+
+    it 'is listening on port 80' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
+    end
+
+    it 'is listening on port 443' do
+      expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
+    end
+  end
+
+  describe 'passbolt status' do
+    it 'returns 200' do
+      expect(command(curl).stdout).to eq '200'
+    end
+  end
+
+  describe 'passbolt serverkey unaccessible' do
+    let(:uri) { '/config/gpg/serverkey.asc' }
+    it "returns 404" do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt serverkey private unaccessible' do
+    let(:uri) { '/config/gpg/serverkey_private.asc' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'passbolt conf unaccessible' do
+    let(:uri) { '/config/app.php' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+  describe 'passbolt tmp folder is unaccessible' do
+    let(:uri) { '/tmp/cache/database/empty' }
+    it 'returns 404' do
+      expect(command(curl).stdout).to eq '404'
+    end
+  end
+
+  describe 'hide information' do
+    let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
+    it 'hides php version' do
+      expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
+    end
+
+    it 'hides nginx version' do
+      expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/)
+    end
+  end
+
+end