Commit 6655f13d authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

Merge branch 'development' into '1023-paypal-link-is-not-working-for-en-version'

Development

See merge request !1895
parents 28ca0eef ff8d7da0
......@@ -40,4 +40,10 @@ PUSHER_SECRET=
PROJECT_NAME=MetaGer
BRANCH_NAME=Local
COMMIT_NAME=Testing
\ No newline at end of file
COMMIT_NAME=Testing
BROWSERSTACK_BROWSER=WINDOWS_10_FIREFOX
BROWSERSTACK_SEPARATE_SESSIONS=true
#PROXY_HOST=
#PROXY_PORT=
\ No newline at end of file
......@@ -6,7 +6,6 @@ Homestead.json
Homestead.yaml
.env
.orig
.vscode
langfiles.zip
npm-debug.log
# The Files created by Webpack in the build process
......@@ -20,8 +19,9 @@ npm-debug.log
/.buildpath
/.project
composer.lock
package-lock.json
local.log
browserstack.err
.npm
.composer
.phpunit.result.cache
......@@ -10,13 +10,16 @@ variables:
PERFORMANCE_DISABLED: "true"
SAST_DISABLED: "true"
TEST_DISABLED: "true"
AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES: "AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,S3_HOST,S3_BUCKETNAME"
include:
- template: Jobs/Build.gitlab-ci.yml
- template: Jobs/Deploy.gitlab-ci.yml
.auto-deploy:
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.12.0"
stages:
- prepare
- build
- deploy # dummy stage to follow the template guidelines
- review
......@@ -33,46 +36,9 @@ stages:
- integrationtest
- cleanup
.auto-deploy:
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v1.0.6"
build:
services:
prepare_node:
stage: prepare
image: node:10
before_script:
- npm install
script:
- npm run prod
artifacts:
paths:
- public/js/
- public/css/
- public/mix-manifest.json
cache:
# Cache per Branch
key: "node-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
paths:
- node_modules
only:
- branches
- tags
prepare_composer:
stage: prepare
image: prooph/composer:7.3
script:
- composer install --no-dev
artifacts:
paths:
- vendor
cache:
key: "composer-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
paths:
- vendor
review:
variables:
HELM_UPGRADE_VALUES_FILE: .gitlab/review-apps-values.yaml
......@@ -126,7 +92,7 @@ stop_review:
- auto-deploy delete rollout
- auto-deploy persist_environment_url
variables:
ADDITIONAL_HOSTS: "www.metager3.de"
ADDITIONAL_HOSTS: "www.metager3.de,test.metager.de"
HELM_UPGRADE_VALUES_FILE: .gitlab/development-values.yaml
ROLLOUT_RESOURCE_TYPE: deployment
environment:
......@@ -137,16 +103,19 @@ stop_review:
development:
<<: *development_template
only:
refs:
- development
kubernetes: active
except:
variables:
- $STAGING_ENABLED
- $CANARY_ENABLED
- $INCREMENTAL_ROLLOUT_ENABLED
- $INCREMENTAL_ROLLOUT_MODE
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$STAGING_ENABLED'
when: never
- if: '$CANARY_ENABLED'
when: never
- if: '$INCREMENTAL_ROLLOUT_ENABLED'
when: never
- if: '$INCREMENTAL_ROLLOUT_MODE'
when: never
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
production:
......@@ -156,22 +125,45 @@ production:
ROLLOUT_RESOURCE_TYPE: deployment
environment:
url: https://metager.de
rules:
- if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
when: never
- if: '$STAGING_ENABLED'
when: never
- if: '$CANARY_ENABLED'
when: never
- if: '$INCREMENTAL_ROLLOUT_ENABLED'
when: never
- if: '$INCREMENTAL_ROLLOUT_MODE'
when: never
- if: '$CI_COMMIT_BRANCH == "master"'
integrationtest:
stage: integrationtest
image:
name: prooph/composer:7.3
name: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
entrypoint: ["/bin/sh"]
script:
# Install Dev Dependencies
- composer install
- cp .env.example .env
- echo "WEBDRIVER_USER=\"$WEBDRIVER_KEY\"" >> .env
- echo "WEBDRIVER_URL=\"$WEBDRIVER_URL\"" >> .env
- echo "WEBDRIVER_KEY=\"$WEBDRIVER_USER\"" >> .env
- php artisan key:generate
- echo "" >> .env
- echo "BROWSERSTACK_USERNAME=\"$BROWSERSTACK_USERNAME\"" >> .env
- echo "BROWSERSTACK_ACCESS_KEY=\"$BROWSERSTACK_ACCESS_KEY\"" >> .env
- echo "BROWSERSTACK_LOCAL_TUNNEL=\"$BROWSERSTACK_LOCAL_TUNNEL\"" >> .env
- URL=$(cat environment_url.txt | tr -d '\n')
- sed -i "s#^APP_URL=.*#APP_URL=$URL#g" .env
- sed -i "s#^BRANCH_NAME=.*#BRANCH_NAME=$CI_COMMIT_REF_NAME#g" .env
- sed -i "s#^COMMIT_NAME=.*#COMMIT_NAME=$CI_COMMIT_REF_SLUG#g" .env
- php artisan dusk
- mc alias set --path=on --api S3v4 packages $S3_HOST $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
- if mc cp packages/$S3_BUCKETNAME/packages.tar /tmp/; then tar -xf /tmp/packages.tar; fi
- export COMPOSER_HOME=.composer
- composer install
- tar -cf /tmp/packages.tar .npm .composer
- mc cp /tmp/packages.tar packages/$S3_BUCKETNAME/
- rm /tmp/packages.tar
- rm -rf .npm .composer
- php artisan test --parallel --processes=5
except:
refs:
- master
......@@ -2,11 +2,15 @@ postgresql:
enabled: false
service:
externalPort: 80
internalPort: 80
internalPort: 8080
hpa:
enabled: true
minReplicas: 1
maxReplicas: 5
livenessProbe:
initialDelaySeconds: 0
readinessProbe:
initialDelaySeconds: 0
resourcesPhpfpm:
requests:
cpu: 500m
......@@ -27,10 +31,19 @@ resourcesFetcher:
cpu: 500m
memory: 100M
limits:
resourcesScheduler:
requests:
cpu: 100m
memory: 100M
limits:
resources:
requests:
cpu: 500m
memory: 500M
podDisruptionBudget:
enabled: true
minAvailable:
maxUnavailable: 0
enabled: false
minAvailable: 1
maxUnavailable:
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
......@@ -39,12 +52,15 @@ deploymentApiVersion: apps/v1
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
nginx.ingress.kubernetes.io/proxy-body-size: "30m"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
more_set_headers "X-Frame-Options: sameorigin";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "ReferrerPolicy: origin";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "Permissions-Policy: interest-cohort=()";
if ($arg_out = "results-with-style") {
more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
}
......
......@@ -2,20 +2,24 @@ postgresql:
enabled: false
service:
externalPort: 80
internalPort: 80
internalPort: 8080
hpa:
enabled: true
minReplicas: 3
maxReplicas: 100
podDisruptionBudget:
enabled: true
minAvailable:
maxUnavailable: 0
minAvailable: 1
maxUnavailable:
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
prometheus.io/port: "80"
deploymentApiVersion: apps/v1
livenessProbe:
initialDelaySeconds: 0
readinessProbe:
initialDelaySeconds: 0
resources:
requests:
limits:
......@@ -39,15 +43,44 @@ resourcesFetcher:
cpu: 500m
memory: 100M
limits:
resourcesScheduler:
requests:
cpu: 100m
memory: 100M
limits:
resources:
requests:
cpu: 500m
memory: 500M
ingress:
tls:
enabled: true
custom:
tls:
- hosts:
- metager.de
- www.metager.de
secretName: metager-de-tls
- hosts:
- metager.org
- www.metager.org
- klassik.metager.org
secretName: metager-org-tls
- hosts:
- metager.es
- www.metager.es
secretName: production-auto-deploy-tls
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
nginx.ingress.kubernetes.io/proxy-body-size: "30m"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
more_set_headers "X-Frame-Options: sameorigin";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "ReferrerPolicy: origin";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "Permissions-Policy: interest-cohort=()";
if ($arg_out = "results-with-style") {
more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
}
......
......@@ -2,6 +2,10 @@ postgresql:
enabled: false
hpa:
enabled: false
livenessProbe:
initialDelaySeconds: 0
readinessProbe:
initialDelaySeconds: 0
resources:
requests:
limits:
......@@ -9,12 +13,15 @@ ingress:
annotations:
kubernetes.io/tls-acme: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
nginx.ingress.kubernetes.io/proxy-body-size: "30m"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self'; base-uri; manifest-src; plugin-types; report-uri; report-to";
more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
more_set_headers "X-Frame-Options: sameorigin";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "ReferrerPolicy: origin";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "Permissions-Policy: interest-cohort=()";
if ($arg_out = "results-with-style") {
more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
}
......@@ -23,7 +30,7 @@ ingress:
service:
commonName: ""
externalPort: 80
internalPort: 80
internalPort: 8080
deploymentApiVersion: apps/v1
resourcesPhpfpm:
requests:
......@@ -36,4 +43,7 @@ resourcesRedis:
limits:
resourcesFetcher:
requests:
limits:
\ No newline at end of file
limits:
resourcesScheduler:
requests:
limits:
%{NOTE_TEXT}
Team SUMA-EV & MetaGer, Röselerstraße 3, 30159 Hannover
Tel.: +4951134000070, E-Mail: support@suma-ev.de, Fax: +4951134001023
[suma-ev.de](https://suma-ev.de) & [metager.de](https://metager.de)
vielen Dank für Ihre Kontaktaufnahme. Wie Sie vielleicht schon vermuten ist dies zunächst lediglich eine automatisch generierte Antwort, in der wir über unseren Datenschutz aufklären. In unserer [Datenschutzerklärung](https://metager.de/datenschutz#contact) können Sie mehr darüber erfahren, wie lange wir Daten über unsere Konversation aufbewahren und welche Daten überhaupt anfallen.
Ein Mitarbeiter wird sich aber möglichst schnell mit Ihrem Anliegen befassen.
##### English Version
Thank you for contacting us. As you might already suspect, this is initially just an automatically generated answer in which we explain our data protection. In our [data protection declaration](https://metager.org/datenschutz#contact) you can find out more about how long we keep data about our conversation and what data is actually generated.
However, an employee will deal with your request as quickly as possible.
Team SUMA-EV & MetaGer, Röselerstraße 3, 30159 Hannover
Tel.: +4951134000070, E-Mail: support@suma-ev.de, Fax: +4951134001023
[suma-ev.de](https://suma-ev.de) & [metager.de](https://metager.de)
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "PHP - Listen for XDebug",
"type": "php",
"request": "launch",
"port": 9003,
"pathMappings": {
"/html": "${workspaceRoot}"
}
},
{
"name": "PHP - Launch currently open script",
"type": "php",
"request": "launch",
"port": 9003,
"program": "${file}",
"cwd": "${fileDirname}",
"pathMappings": {
"/html": "${workspaceRoot}"
}
}
]
}
\ No newline at end of file
FROM alpine:3.11.3
# syntax = docker/dockerfile:experimental
FROM debian:10 AS dependencies
RUN apk add --update \
EXPOSE 8080
# Install System Components
RUN apt update \
&& apt install -y \
nginx \
tzdata \
ca-certificates \
dcron \
zip \
redis \
libpng \
php7 \
php7-fpm \
php7-common \
php7-curl \
php7-mbstring \
php7-sqlite3 \
php7-pdo_mysql \
php7-pdo_sqlite \
php7-dom \
php7-simplexml \
php7-tokenizer \
php7-zip \
php7-redis \
php7-gd \
php7-json \
php7-pcntl \
php7-opcache \
php7-fileinfo \
&& rm -rf /var/cache/apk/*
cron \
lsb-release \
apt-transport-https \
curl \
zip
WORKDIR /html
# Install PHP Components
RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
&& echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
RUN apt update \
&& apt install -y \
php7.4 \
php7.4-xml \
php7.4-fpm \
php7.4-common \
php7.4-curl \
php7.4-mbstring \
php7.4-sqlite3 \
php7.4-mysql \
php7.4-sqlite \
php7.4-zip \
php7.4-redis \
php7.4-gd \
php7.4-json \
php7.4-opcache \
php7.4-xdebug
# Install Composer
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
/usr/bin/installComposer && \
rm /usr/bin/installComposer
# Install Nodejs
COPY ./helpers/installNodejs.sh /usr/bin/installNodejs
RUN chmod +x /usr/bin/installNodejs && \
/usr/bin/installNodejs && \
rm /usr/bin/installNodejs
ENV PATH /usr/local/lib/nodejs/bin:$PATH
RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \
sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \
sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/pm.start_servers = 2/pm.start_servers = 50/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \
# Opcache configuration
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php7/php.ini && \
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php7/php.ini && \
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php7/php.ini && \
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php7/php.ini && \
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php7/php.ini && \
sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php7/php.ini && \
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php7/php.ini && \
echo "daemonize yes" >> /etc/redis.conf && \
ln -s /dev/null /var/log/nginx/access.log && \
ln -s /dev/stdout /var/log/nginx/error.log && \
# Install Minio Client
RUN curl -o /usr/bin/mc "https://dl.min.io/client/mc/release/linux-amd64/mc" &&\
chmod +x /usr/bin/mc
FROM dependencies AS development
RUN sed -i 's/pid = \/run\/php\/php7.4-fpm.pid/;pid = \/run\/php\/php7.4-fpm.pid/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.start_servers = 2/pm.start_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 30M/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/post_max_size = 8M/post_max_size = 30M/g' /etc/php/7.4/fpm/php.ini && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone && \
(crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
echo "Europe/Berlin" > /etc/timezone
# (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab - # TODO: Fix crontab
# Using image as non-root
RUN groupadd -g 1000 metager && \
useradd -b /home/metager -g 1000 -u 1000 -M -s /bin/bash metager
RUN chown -R 1000:1000 /var/lib/nginx /var/log/nginx
RUN mkdir -p /home/metager &&\
chown 1000:1000 /home/metager
RUN touch /run/nginx.pid && \
chown 1000:1000 /run/nginx.pid
USER 1000:1000
WORKDIR /html
CMD /html/helpers/entrypointDev.sh
FROM development AS production
USER 0:0
# Opcache configuration
RUN apt purge -y php7.4-xdebug
RUN sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini
COPY config/nginx.conf /etc/nginx/nginx.conf
COPY config/nginx-default.conf /etc/nginx/conf.d/default.conf
RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/conf.d/default.conf
COPY --chown=root:nginx . /html
COPY config/nginx-default.conf /etc/nginx/sites-available/default
RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/sites-available/default
WORKDIR /html
EXPOSE 80
CMD cp /root/.env .env && \
sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env && \
if [ "$GITLAB_ENVIRONMENT_NAME" = "production" ]; then sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env; else sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env; fi && \
cp database/useragents.sqlite.example database/useragents.sqlite && \
chown -R root:nginx storage/logs/metager bootstrap/cache && \
chmod -R g+w storage/logs/metager bootstrap/cache && \
crond -L /dev/stdout && \
php-fpm7
COPY --chown=1000:1000 . /html
RUN chmod +x /html/helpers/*.sh
# Install packages
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && \
chmod +x ./helpers/installPackages.sh && \
/bin/sh -c ./helpers/installPackages.sh
USER 1000:1000
CMD /html/helpers/entrypointProduction.sh
#CMD cp /root/.env .env && \
# cron -L /dev/stdout && \
FROM alpine:3.11.3
FROM debian:10
RUN apk add --update \
# Install System Components
RUN apt update \
&& apt install -y \
nginx \
tzdata \
ca-certificates \
dcron \
zip \
redis \
php7 \
php7-fpm \
php7-common \
php7-curl \
php7-mbstring \
php7-sqlite3 \
php7-pdo_mysql \
php7-pdo_sqlite \
php7-dom \
php7-simplexml \
php7-tokenizer \
php7-zip \