diff --git a/.circleci/config.yml b/.circleci/config.yml index 40a788fc3..2955bfcf0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,7 +1,7 @@ version: 2.1 orbs: - shellcheck: circleci/shellcheck@1.3.16 + shellcheck: circleci/shellcheck@3.2.0 executors: docker-executor: @@ -10,22 +10,63 @@ executors: resource_class: medium commands: - build-multiarch: - parameters: - image: - type: string - workdir: - type: string + setup-buildx: + steps: + - run: + name: Install Docker Buildx + command: | + mkdir -p ~/.docker/cli-plugins + BUILDX_VERSION=v0.12.1 + wget -q "https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.linux-amd64" \ + -O ~/.docker/cli-plugins/docker-buildx + chmod +x ~/.docker/cli-plugins/docker-buildx + docker buildx version + + - run: + name: Create buildx builder + command: | + docker buildx create --name multiarch --driver docker-container --use --bootstrap + docker buildx inspect multiarch + + set-build-tag: + description: "Set BUILD_TAG environment variable based on branch or tag" + steps: + - run: + name: Set build tag + command: | + if [ -n "${CIRCLE_TAG}" ]; then + TAG="${CIRCLE_TAG}" + else + TAG="${CIRCLE_BRANCH}-${CIRCLE_SHA1:0:7}" + fi + # lowercase + TAG=$(echo "$TAG" | tr '[:upper:]' '[:lower:]') + # replace invalid chars with '-' + echo "export BUILD_TAG=$(echo "$TAG" | sed 's/[^a-z0-9._-]/-/g')" >> $BASH_ENV + source $BASH_ENV + echo "Build tag: ${BUILD_TAG}" + +jobs: + shellcheck: + docker: + - image: koalaman/shellcheck-alpine:stable + steps: + - checkout + - run: + name: Run shellcheck + command: | + find . -type f -name "*.sh" -exec shellcheck --exclude=SC2154,SC1091,SC2034,SC2096,SC2038 {} + + + build-x86_64: + executor: docker-executor steps: - checkout - setup_remote_docker: - version: 20.10.18 + version: docker24 docker_layer_caching: true - - run: - name: Enable QEMU for multi-arch - command: | - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - setup-buildx + - set-build-tag - run: name: Login to Docker Hub @@ -33,133 +74,173 @@ commands: echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin - run: - name: Build amd64 + name: Build and push x86_64 command: | - cd << parameters.workdir >> - docker build \ - --platform linux/amd64 \ - -t "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-x86_64" \ - -f Dockerfile.x86_64 . - docker push "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-x86_64" + export DOCKER_ORG=${DOCKER_USER} + export BAKE_TAG=${BUILD_TAG} + export BALENA_ARCH=x86_64 + export PLATFORM=linux/amd64 + + echo "Building ${DOCKER_ORG}/*:${BAKE_TAG} for ${PLATFORM}" + cp -vf "docker-compose.${BALENA_ARCH}" docker-compose.yml + docker buildx bake -f docker-bake.hcl \ + --set "*.platform=${PLATFORM}" \ + --push - run: - name: Build arm64 + name: Tag images with architecture suffix command: | - cd << parameters.workdir >> - docker build \ - --platform linux/arm64 \ - -t "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-aarch64" \ - -f Dockerfile.aarch64 . - docker push "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-aarch64" + for service in mysqldb php-fpm httpd balena-storage; do + docker buildx imagetools create \ + --tag ${DOCKER_USER}/${service}:${BUILD_TAG}-x86_64 \ + ${DOCKER_USER}/${service}:${BUILD_TAG} + done + + build-aarch64: + executor: docker-executor + steps: + - checkout + - setup_remote_docker: + version: docker24 + docker_layer_caching: true + + - setup-buildx + - set-build-tag - run: - name: Build armhf + name: Login to Docker Hub command: | - cd << parameters.workdir >> - docker build \ - --platform linux/arm/v7 \ - -t "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-armhf" \ - -f Dockerfile.armhf . - docker push "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-armhf" + echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin - run: - name: Create multi-arch manifest + name: Build and push aarch64 command: | - docker manifest create "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}" \ - "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-x86_64" \ - "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-aarch64" \ - "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}-armhf" - - docker manifest push "$DOCKER_USER/<< parameters.image >>:${CIRCLE_TAG}" + export DOCKER_ORG=${DOCKER_USER} + export BAKE_TAG=${BUILD_TAG} + export BALENA_ARCH=aarch64 + export PLATFORM=linux/arm64 + + echo "Building ${DOCKER_ORG}/*:${BAKE_TAG} for ${PLATFORM}" + cp -vf "docker-compose.${BALENA_ARCH}" docker-compose.yml + docker buildx bake -f docker-bake.hcl \ + --set "*.platform=${PLATFORM}" \ + --push + - run: + name: Tag images with architecture suffix + command: | + for service in mysqldb php-fpm httpd balena-storage; do + docker buildx imagetools create \ + --tag ${DOCKER_USER}/${service}:${BUILD_TAG}-aarch64 \ + ${DOCKER_USER}/${service}:${BUILD_TAG} + done -jobs: - httpd: + build-armhf: executor: docker-executor steps: - - build-multiarch: - image: httpd - workdir: deployment/images/httpd + - checkout + - setup_remote_docker: + version: docker24 + docker_layer_caching: true - mysql: - executor: docker-executor - steps: - - build-multiarch: - image: mysql - workdir: deployment/images/mysql + - setup-buildx + - set-build-tag - php-fpm: - executor: docker-executor - steps: - - build-multiarch: - image: php-fpm - workdir: deployment/images/php-fpm + - run: + name: Login to Docker Hub + command: | + echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin + + - run: + name: Build and push armhf + command: | + export DOCKER_ORG=${DOCKER_USER} + export BAKE_TAG=${BUILD_TAG} + export BALENA_ARCH=armhf + export PLATFORM=linux/arm/v7 + + echo "Building ${DOCKER_ORG}/*:${BAKE_TAG} for ${PLATFORM}" + cp -vf "docker-compose.${BALENA_ARCH}" docker-compose.yml + docker buildx bake -f docker-bake.hcl \ + --set "*.platform=${PLATFORM}" \ + --push + + - run: + name: Tag images with architecture suffix + command: | + for service in mysqldb php-fpm httpd balena-storage; do + docker buildx imagetools create \ + --tag ${DOCKER_USER}/${service}:${BUILD_TAG}-armhf \ + ${DOCKER_USER}/${service}:${BUILD_TAG} + done - build-and-compose: + create-manifests: executor: docker-executor steps: - checkout - setup_remote_docker: - version: 20.10.18 - docker_layer_caching: true + version: docker24 + + - set-build-tag + - run: name: Login to Docker Hub command: | echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin + - run: - name: Deploy with docker compose + name: Create and push multi-arch manifests command: | - cd deployment - docker compose pull - docker compose up -d + for service in mysqldb php-fpm httpd balena-storage; do + echo "Creating manifest for ${service}:${BUILD_TAG}" + + # Create multi-arch manifest + docker manifest create ${DOCKER_USER}/${service}:${BUILD_TAG} \ + ${DOCKER_USER}/${service}:${BUILD_TAG}-x86_64 \ + ${DOCKER_USER}/${service}:${BUILD_TAG}-aarch64 \ + ${DOCKER_USER}/${service}:${BUILD_TAG}-armhf + + docker manifest push ${DOCKER_USER}/${service}:${BUILD_TAG} + + # Also create/update latest tag for main branch + if [ "${CIRCLE_BRANCH}" = "main" ] || [ "${CIRCLE_BRANCH}" = "master" ]; then + echo "Updating latest tag for ${service}" + docker manifest create ${DOCKER_USER}/${service}:latest \ + ${DOCKER_USER}/${service}:${BUILD_TAG}-x86_64 \ + ${DOCKER_USER}/${service}:${BUILD_TAG}-aarch64 \ + ${DOCKER_USER}/${service}:${BUILD_TAG}-armhf + + docker manifest push ${DOCKER_USER}/${service}:latest + fi + done + - run: + name: Verify manifests + command: | + for service in mysqldb php-fpm httpd balena-storage; do + echo "Verifying ${service}:${BUILD_TAG}" + docker manifest inspect ${DOCKER_USER}/${service}:${BUILD_TAG} + done workflows: - version: 2 - build: + build-all-branches: jobs: - - shellcheck/check: - ignore: 'SC2154,SC1091,SC2034,SC2096,SC2038' - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ - - - httpd: + - shellcheck + + - build-x86_64: requires: - - shellcheck/check - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ - - - mysql: + - shellcheck + + - build-aarch64: requires: - - shellcheck/check - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ - - - php-fpm: + - shellcheck + + - build-armhf: requires: - - shellcheck/check - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ - - - build-and-compose: + - shellcheck + + - create-manifests: requires: - - httpd - - mysql - - php-fpm - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ + - build-x86_64 + - build-aarch64 + - build-armhf diff --git a/.env b/.env index dedf908af..4382e4c94 120000 --- a/.env +++ b/.env @@ -1 +1 @@ -/home/brunotr/acake2php/armhf.env \ No newline at end of file +/var/www/html/armhf.env \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 358dd65d6..db9d9ba5a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,33 +1,25 @@ name: Multi-Arch Build - on: push: branches: [ "main", "development" ] pull_request: - env: DOCKER_ORG: ${{ secrets.DOCKER_USER }} - jobs: - compose: - #runs-on: self-hosted + build-services: runs-on: ubuntu-latest +# runs-on: self-hosted environment: AUTH - strategy: fail-fast: false matrix: arch: [ x86_64, aarch64, armhf ] - steps: - uses: actions/checkout@v4 - - name: Enable QEMU uses: docker/setup-qemu-action@v3 - - name: Enable Buildx uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -37,22 +29,47 @@ jobs: id: sanitize run: | RAW="${{ github.ref_name }}" - # lowercase TAG=$(echo "$RAW" | tr '[:upper:]' '[:lower:]') - # replace invalid chars with '-' TAG=$(echo "$TAG" | sed 's/[^a-z0-9._-]/-/g') echo "tag=$TAG" >> $GITHUB_OUTPUT + - name: Build docker-compose stack + env: + BALENA_ARCH: ${{ matrix.arch }} + BAKE_TAG: ${{ steps.sanitize.outputs.tag }} + MYSQL_ROOT_PASSWORD: ${{ secrets.MYSQL_ROOT_PASSWORD }} + MYSQL_USER: ${{ secrets.MYSQL_USER }} + MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }} + HASH_PASSWORD: ${{ secrets.HASH_PASSWORD }} + run: | + case "${BALENA_ARCH}" in + "armhf") export PLATFORM="linux/arm/v7" ;; + "aarch64") export PLATFORM="linux/arm64" ;; + "x86_64") export PLATFORM="linux/amd64" ;; + *) export PLATFORM="linux/$(uname -m)" ;; + esac + cp -vf "docker-compose.${BALENA_ARCH}" docker-compose.yml + docker buildx bake -f docker-bake.hcl \ + --set "*.platform=${PLATFORM}" \ + --push - # Install Docker Compose v2 plugin + deploy: + runs-on: ubuntu-latest +# runs-on: self-hosted + environment: AUTH + needs: build-services + if: github.event_name != 'pull_request' + steps: + - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PASS }} - name: Set up Docker Compose uses: docker/setup-compose-action@v1 with: - version: latest # or a specific version like v2.27.0 - - - name: Build docker-compose stack + version: latest + - name: Deploy stack env: - ARCH: ${{ matrix.arch }} - BAKE_TAG: ${{ steps.sanitize.outputs.tag }} - run: | - docker buildx bake --push -f "docker-compose.${ARCH}" - docker compose up -d + BAKE_TAG: ${{ github.ref_name }} + run: docker compose up -d diff --git a/.gitignore b/.gitignore index 6e58a5bc4..c1a652ddd 100644 --- a/.gitignore +++ b/.gitignore @@ -26,8 +26,11 @@ tags *.mo !*empty bin/composer -mysqldb/config/ -mysqldb/conf.d/custom.cnf +balena-storage/*.env +deployment/images/httpd/*.env +deployment/images/mysqldb/*.env +deployment/images/mysqldb/config/ +deployment/images/mysqldb/conf.d/custom.cnf node_modules *.log @@ -49,7 +52,5 @@ Icon? ehthumbs.db Thumbs.db nbproject/private/ -mysqldb/mysqld/ -mysqld/conf.d/custom.cnf upgrade/ package-lock.json diff --git a/.yarn/install-state.gz b/.yarn/install-state.gz index f5c891692..faaa68268 100644 Binary files a/.yarn/install-state.gz and b/.yarn/install-state.gz differ diff --git a/.yarnrc.yml b/.yarnrc.yml index f1556331b..3186f3f07 100644 --- a/.yarnrc.yml +++ b/.yarnrc.yml @@ -1,3 +1 @@ nodeLinker: node-modules - -yarnPath: .yarn/releases/yarn-4.6.0.cjs diff --git a/BUILD.md b/BUILD.md new file mode 100644 index 000000000..7bd1d101d --- /dev/null +++ b/BUILD.md @@ -0,0 +1,75 @@ +# Docker Bake Configuration + +The x-bake configuration has been extracted from `docker-compose.yml` to `docker-bake.hcl`. + +## Usage + +### Building with Docker Buildx Bake + +To build all images, e.g. x86_64 (linux/amd64): +```bash +balena_deploy . x86_64 3 0 +docker buildx bake -f docker-bake.hcl +``` + +To build a specific service: +```bash +docker buildx bake -f docker-bake.hcl db +docker buildx bake -f docker-bake.hcl php-fpm +docker buildx bake -f docker-bake.hcl httpd +docker buildx bake -f docker-bake.hcl balena-storage +``` + +### Setting Variables + +You can override variables using environment variables or command-line flags: + +```bash +# Using environment variables +export DOCKER_ORG=myorg +export BAKE_TAG=v1.0.0 +export PLATFORM=linux/amd64 +export BALENA_ARCH=x86_64 + +# Using command-line +balena_deploy . x86_64 3 0 +docker buildx bake -f docker-bake.hcl \ + --set "*.platform=linux/amd64" \ + --set "db.tags=myorg/mysqldb:v1.0.0" +``` + +### Cross-platform Builds + +To build for other architecture platforms, e.g aarch64 (linux/arm64): +```bash +balena_deploy . aarch64 3 0 +docker buildx bake -f docker-bake.hcl \ + --set "*.platform=linux/arm64" +``` +Multi-arch parallel builds aren't available. Only set 1 platform build at a time! +This is due to the project structure (*.env, multiple Dockerfiles, etc.) + +### Push to Registry + +To build and push to a registry, e.g. x86_64 (linux/amd64): +```bash +balena_deploy . x86_64 3 0 +docker buildx bake -f docker-bake.hcl --push +``` + +## Variables + +- `DOCKER_ORG`: Docker organization/username (default: `betothreeprod`) +- `BAKE_TAG`: Tag for the images (default: `latest`) +- `PLATFORM`: Target platform (default: `linux/amd64`) +- `BALENA_ARCH`: Balena architecture (default: `amd64`) + +## Docker Compose + +The `docker-compose.yml` file has been cleaned up and no longer contains x-bake configuration. You can still use it for local development: + +```bash +docker-compose up -d +``` + +Note: You'll need to use update_templates command line to filter out %%PLATFORM%% and %%BALENA_ARCH%% tags in docker-compose.template to docker-compose.yml. diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 8018c5616..8063f5388 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -6,11 +6,14 @@ WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue COPY package.json yarn.lock .yarnrc.yml ./ -COPY .yarn .yarn -RUN apk update \ - && apk add --no-cache yarn \ - && yarn install --immutable \ - && yarn cache clean +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean # Stage 2: Build PHP-FPM environment FROM php:7.4.33-fpm-alpine3.16 @@ -85,18 +88,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-"db"} ARG MYSQL_TCP_PORT ENV MYSQL_TCP_PORT=${MYSQL_TCP_PORT:-3306} -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-"aria_db"} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-"mariadb"} ARG TEST_MYSQL_DATABASE ENV TEST_MYSQL_DATABASE=${TEST_MYSQL_DATABASE:-"test"} -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-"maria"} -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-"maria-abc"} -ARG HASH_PASSWORD -ENV HASH_PASSWORD=${HASH_PASSWORD:-"password"} + +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent +# ENV HASH_PASSWORD <-- intentionally absent # Install necessary PHP extensions and dependencies COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index fb04f5df1..d23a04cb4 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -6,11 +6,14 @@ WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue COPY package.json yarn.lock .yarnrc.yml ./ -COPY .yarn .yarn -RUN apk update \ - && apk add --no-cache yarn \ - && yarn install --immutable \ - && yarn cache clean +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean # Stage 2: Build PHP-FPM environment FROM php:7.4.33-fpm-alpine3.16 @@ -85,18 +88,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-"db"} ARG MYSQL_TCP_PORT ENV MYSQL_TCP_PORT=${MYSQL_TCP_PORT:-3306} -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-"aria_db"} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-"mariadb"} ARG TEST_MYSQL_DATABASE ENV TEST_MYSQL_DATABASE=${TEST_MYSQL_DATABASE:-"test"} -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-"maria"} -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-"maria-abc"} -ARG HASH_PASSWORD -ENV HASH_PASSWORD=${HASH_PASSWORD:-"password"} + +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent +# ENV HASH_PASSWORD <-- intentionally absent # Install necessary PHP extensions and dependencies COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ diff --git a/Dockerfile.template b/Dockerfile.template index 31506a38d..26db88f95 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -6,11 +6,14 @@ WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue COPY package.json yarn.lock .yarnrc.yml ./ -COPY .yarn yarn -RUN apk update \ - && apk add --no-cache yarn \ - && yarn install --immutable \ - && yarn cache clean +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean # Stage 2: Build PHP-FPM environment FROM php:7.4.33-fpm-alpine3.16 @@ -85,18 +88,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-"db"} ARG MYSQL_TCP_PORT ENV MYSQL_TCP_PORT=${MYSQL_TCP_PORT:-3306} -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-"aria_db"} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-"mariadb"} ARG TEST_MYSQL_DATABASE ENV TEST_MYSQL_DATABASE=${TEST_MYSQL_DATABASE:-"test"} -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-"maria"} -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-"maria-abc"} -ARG HASH_PASSWORD -ENV HASH_PASSWORD=${HASH_PASSWORD:-"password"} + +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent +# ENV HASH_PASSWORD <-- intentionally absent # Install necessary PHP extensions and dependencies COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ diff --git a/Dockerfile.x86_64 b/Dockerfile.x86_64 index c031f8f6d..a378b2aac 100644 --- a/Dockerfile.x86_64 +++ b/Dockerfile.x86_64 @@ -7,10 +7,13 @@ WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue COPY package.json yarn.lock .yarnrc.yml ./ COPY .yarn .yarn -RUN apk update \ - && apk add --no-cache yarn \ - && yarn install --immutable \ - && yarn cache clean +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean # Stage 2: Build PHP-FPM environment FROM php:7.4.33-fpm-alpine3.16 @@ -85,18 +88,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-"db"} ARG MYSQL_TCP_PORT ENV MYSQL_TCP_PORT=${MYSQL_TCP_PORT:-3306} -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-"aria_db"} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-"mariadb"} ARG TEST_MYSQL_DATABASE ENV TEST_MYSQL_DATABASE=${TEST_MYSQL_DATABASE:-"test"} -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-"maria"} -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-"maria-abc"} -ARG HASH_PASSWORD -ENV HASH_PASSWORD=${HASH_PASSWORD:-"password"} + +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent +# ENV HASH_PASSWORD <-- intentionally absent # Install necessary PHP extensions and dependencies COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ diff --git a/Scripts/composer.sh b/Scripts/composer.sh index 98094574b..d61e0e350 100755 --- a/Scripts/composer.sh +++ b/Scripts/composer.sh @@ -10,7 +10,7 @@ TOPDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd) composer="${TOPDIR}/bin/composer" if [ -n "$(command -v composer)" ]; then composer="composer" -elif [ ! -f $composer ]; then +elif [ ! -f "$composer" ]; then slogger -st "$0" "Composer setup...\n" mkdir -p "$(dirname "$composer")" curl -sS https://getcomposer.org/installer | php -- --install-dir="$(dirname "$composer")" --filename=composer diff --git a/Scripts/lib/util.sh b/Scripts/lib/util.sh index 9eac628ca..8a1335aa7 100755 --- a/Scripts/lib/util.sh +++ b/Scripts/lib/util.sh @@ -3,11 +3,13 @@ set -e TOPDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd) . init_functions . function relative_path() { - relative_path="${2#$1}" + [ "$#" -lt 1 ] && echo "${FUNCNAME[0]} ''" && exit 1 + relative_path="${2#"$1"}" echo "${relative_path#./}" } #; export -f relative_path function cake_path() { + [ "$#" -lt 1 ] && echo "${FUNCNAME[0]} ''" && exit 1 bash -c "php -r '\ require \"${TOPDIR}/Config/paths.php\"; \ printf(constant(\"$1\"));\ diff --git a/balena-storage/.env b/balena-storage/.env index dedf908af..4382e4c94 120000 --- a/balena-storage/.env +++ b/balena-storage/.env @@ -1 +1 @@ -/home/brunotr/acake2php/armhf.env \ No newline at end of file +/var/www/html/armhf.env \ No newline at end of file diff --git a/balena-storage/Dockerfile.armhf.sed b/balena-storage/Dockerfile.armhf.sed index abc2bb757..8d6b53339 100644 --- a/balena-storage/Dockerfile.armhf.sed +++ b/balena-storage/Dockerfile.armhf.sed @@ -1 +1,3 @@ /### ARM BEGIN/,/### ARM END/s/^(# )+(.*)/\2/g +s/(# )+(RUN [^a-z]*cross-build-start[^a-z]*)/\2/g +s/(# )+(RUN [^a-z]*cross-build-end[^a-z]*)/\2/g diff --git a/balena-storage/Dockerfile.template.sed b/balena-storage/Dockerfile.template.sed index 4a63a94cc..6c38d95fe 100644 --- a/balena-storage/Dockerfile.template.sed +++ b/balena-storage/Dockerfile.template.sed @@ -2,6 +2,8 @@ s/%%BALENA_MACHINE_NAME%%/raspberrypi3/g s/(Dockerfile\.)[^\.]*/\1armhf/g s/%%BALENA_ARCH%%/armhf/g s/(BALENA_ARCH[=:-]+)[^$ }]+/\1armhf/g +s#(PLATFORM[=:-]+)[^$ }]+#\1linux/arm/v7#g +s#%%PLATFORM%%#linux/arm/v7#g s#(IMG_TAG[=:-]+)[^$ }]+#\1latest#g s#%%IMG_TAG%%#latest#g s#(SECONDARY_HUB[=:-]+)[^$ }]+#\1linuxserver/mariadb#g diff --git a/balena-storage/build.aarch64.sh b/balena-storage/build.aarch64.sh new file mode 100644 index 000000000..093648fac --- /dev/null +++ b/balena-storage/build.aarch64.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")" && pwd)" +ln -s "${TOPDIR}/aarch64.env" aarch64.env +balena_deploy "${TOPDIR}" aarch64 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" balena-storage \ + --set "*.platform=linux/arm64" --push diff --git a/balena-storage/build.armhf.sh b/balena-storage/build.armhf.sh new file mode 100644 index 000000000..78594e65d --- /dev/null +++ b/balena-storage/build.armhf.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")" && pwd)" +ln -s "${TOPDIR}/armhf.env" armhf.env +balena_deploy "${TOPDIR}" armhf 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" balena-storage \ + --set "*.platform=linux/arm/v7" --push diff --git a/balena-storage/build.template b/balena-storage/build.template new file mode 100644 index 000000000..1c108f292 --- /dev/null +++ b/balena-storage/build.template @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")" && pwd)" +ln -s "${TOPDIR}/%%BALENA_ARCH%%.env" %%BALENA_ARCH%%.env +balena_deploy "${TOPDIR}" %%BALENA_ARCH%% 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" balena-storage \ + --set "*.platform=%%PLATFORM%%" --push diff --git a/balena-storage/build.x86_64.sh b/balena-storage/build.x86_64.sh new file mode 100644 index 000000000..dd568b6ac --- /dev/null +++ b/balena-storage/build.x86_64.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")" && pwd)" +ln -s "${TOPDIR}/x86_64.env" x86_64.env +balena_deploy "${TOPDIR}" x86_64 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" balena-storage \ + --set "*.platform=linux/amd64" --push diff --git a/balena-storage/common.env b/balena-storage/common.env deleted file mode 120000 index ecb1e7940..000000000 --- a/balena-storage/common.env +++ /dev/null @@ -1 +0,0 @@ -/home/brunotr/acake2php/common.env \ No newline at end of file diff --git a/build.aarch64.sh b/build.aarch64.sh new file mode 100755 index 000000000..242875c1e --- /dev/null +++ b/build.aarch64.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -eu +TOPDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +balena_deploy . aarch64 3 0 +docker buildx bake -f docker-bake.hcl php-fpm \ + --set "*.platform=linux/arm64" --push diff --git a/build.armhf.sh b/build.armhf.sh new file mode 100755 index 000000000..3c7c087d1 --- /dev/null +++ b/build.armhf.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -eu +TOPDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +balena_deploy . armhf 3 0 +docker buildx bake -f docker-bake.hcl php-fpm \ + --set "*.platform=linux/arm/v7" --push diff --git a/build.template b/build.template new file mode 100755 index 000000000..aa2d2c0c7 --- /dev/null +++ b/build.template @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -eu +TOPDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +balena_deploy . %%BALENA_ARCH%% 3 0 +docker buildx bake -f docker-bake.hcl php-fpm \ + --set "*.platform=%%PLATFORM%%" --push diff --git a/build.x86_64.sh b/build.x86_64.sh new file mode 100755 index 000000000..b2ece89b7 --- /dev/null +++ b/build.x86_64.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +set -eu +TOPDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +balena_deploy . x86_64 3 0 +docker buildx bake -f docker-bake.hcl php-fpm \ + --set "*.platform=linux/amd64" --push diff --git a/build/.travis_linux_php.ini b/build/.travis_linux_php.ini deleted file mode 100644 index df68960bf..000000000 --- a/build/.travis_linux_php.ini +++ /dev/null @@ -1 +0,0 @@ -timezone=Europe/Paris diff --git a/build/.travis_osx_php.ini b/build/.travis_osx_php.ini deleted file mode 100644 index df68960bf..000000000 --- a/build/.travis_osx_php.ini +++ /dev/null @@ -1 +0,0 @@ -timezone=Europe/Paris diff --git a/build/.travis_windows_php.ini b/build/.travis_windows_php.ini deleted file mode 100644 index df68960bf..000000000 --- a/build/.travis_windows_php.ini +++ /dev/null @@ -1 +0,0 @@ -timezone=Europe/Paris diff --git a/deploy.sh b/deploy.sh index 823093852..e62635601 100755 --- a/deploy.sh +++ b/deploy.sh @@ -23,21 +23,7 @@ export COLUMNS=0 export LINES=0 export SYSTEMD_NO_WRAP=0 -# Fixes: Agent pid alive -pid="$SSH_AGENT_PID" - -while kill -0 "$pid" 2>/dev/null; do - echo "Agent $pid alive" - sleep 1 -done - -echo "Agent $pid is gone" - -if [ -n "$pid" ]; then - balena_deploy "${BASH_SOURCE[0]}" "$@" -else - update_templates -fi +balena_deploy . "$@" if [ -n "$REV" ]; then git add docker-compose.yml diff --git a/deployment/images/build.sh b/deployment/images/build.sh deleted file mode 100755 index ddce31d83..000000000 --- a/deployment/images/build.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -docker_build "${BASH_SOURCE[0]}" "$@" diff --git a/deployment/images/httpd/.env b/deployment/images/httpd/.env index dedf908af..4382e4c94 120000 --- a/deployment/images/httpd/.env +++ b/deployment/images/httpd/.env @@ -1 +1 @@ -/home/brunotr/acake2php/armhf.env \ No newline at end of file +/var/www/html/armhf.env \ No newline at end of file diff --git a/deployment/images/httpd/.yarn/install-state.gz b/deployment/images/httpd/.yarn/install-state.gz new file mode 100644 index 000000000..4e375238b Binary files /dev/null and b/deployment/images/httpd/.yarn/install-state.gz differ diff --git a/deployment/images/httpd/.yarnrc.yml b/deployment/images/httpd/.yarnrc.yml new file mode 100644 index 000000000..3186f3f07 --- /dev/null +++ b/deployment/images/httpd/.yarnrc.yml @@ -0,0 +1 @@ +nodeLinker: node-modules diff --git a/deployment/images/httpd/Dockerfile.aarch64 b/deployment/images/httpd/Dockerfile.aarch64 index e7d984e05..e793f330e 100644 --- a/deployment/images/httpd/Dockerfile.aarch64 +++ b/deployment/images/httpd/Dockerfile.aarch64 @@ -1,16 +1,21 @@ # BEGIN - Multi-stage Build # Stage 1: Install NodeJS dependencies -FROM node:20-alpine3.16 AS node-build +FROM node:20-alpine3.22 AS node-build WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue -RUN apk update \ - && apk add --no-cache yarn \ - && yarn add balena-cloud-apps \ - && yarn cache clean +COPY package.json yarn.lock .yarnrc.yml ./ +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean -# Stage 2: Build environment +# Stage 2: Build HTTPD environment FROM httpd:2.4-alpine3.22 # Set up working directory and environment @@ -19,8 +24,8 @@ ENV HTDOCS=${HTDOCS:-"/usr/local/apache2/htdocs"} WORKDIR ${HTDOCS} # Add mor NodeJS, CakePHP and Composer commands to system path -COPY --from=node-build /usr/local/project/node_modules/ node_modules -ENV PATH="${HTDOCS}/node_modules/.bin:${PATH}" +ENV PATH="${HTDOCS}/node_modules/.bin:${HTDOCS}/app/bin:${HTDOCS}/bin:${PATH}" +COPY --from=node-build /usr/local/project/node_modules node_modules # END - Multi-stage Build # Install base packages @@ -76,3 +81,4 @@ RUN chmod +x Scripts/*.sh \ && Scripts/a2enmod.sh ENTRYPOINT ["apachectl", "-D", "FOREGROUND"] + diff --git a/deployment/images/httpd/Dockerfile.armhf b/deployment/images/httpd/Dockerfile.armhf index e7d984e05..e793f330e 100644 --- a/deployment/images/httpd/Dockerfile.armhf +++ b/deployment/images/httpd/Dockerfile.armhf @@ -1,16 +1,21 @@ # BEGIN - Multi-stage Build # Stage 1: Install NodeJS dependencies -FROM node:20-alpine3.16 AS node-build +FROM node:20-alpine3.22 AS node-build WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue -RUN apk update \ - && apk add --no-cache yarn \ - && yarn add balena-cloud-apps \ - && yarn cache clean +COPY package.json yarn.lock .yarnrc.yml ./ +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean -# Stage 2: Build environment +# Stage 2: Build HTTPD environment FROM httpd:2.4-alpine3.22 # Set up working directory and environment @@ -19,8 +24,8 @@ ENV HTDOCS=${HTDOCS:-"/usr/local/apache2/htdocs"} WORKDIR ${HTDOCS} # Add mor NodeJS, CakePHP and Composer commands to system path -COPY --from=node-build /usr/local/project/node_modules/ node_modules -ENV PATH="${HTDOCS}/node_modules/.bin:${PATH}" +ENV PATH="${HTDOCS}/node_modules/.bin:${HTDOCS}/app/bin:${HTDOCS}/bin:${PATH}" +COPY --from=node-build /usr/local/project/node_modules node_modules # END - Multi-stage Build # Install base packages @@ -76,3 +81,4 @@ RUN chmod +x Scripts/*.sh \ && Scripts/a2enmod.sh ENTRYPOINT ["apachectl", "-D", "FOREGROUND"] + diff --git a/deployment/images/httpd/Dockerfile.template b/deployment/images/httpd/Dockerfile.template index e7d984e05..e793f330e 100644 --- a/deployment/images/httpd/Dockerfile.template +++ b/deployment/images/httpd/Dockerfile.template @@ -1,16 +1,21 @@ # BEGIN - Multi-stage Build # Stage 1: Install NodeJS dependencies -FROM node:20-alpine3.16 AS node-build +FROM node:20-alpine3.22 AS node-build WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue -RUN apk update \ - && apk add --no-cache yarn \ - && yarn add balena-cloud-apps \ - && yarn cache clean +COPY package.json yarn.lock .yarnrc.yml ./ +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean -# Stage 2: Build environment +# Stage 2: Build HTTPD environment FROM httpd:2.4-alpine3.22 # Set up working directory and environment @@ -19,8 +24,8 @@ ENV HTDOCS=${HTDOCS:-"/usr/local/apache2/htdocs"} WORKDIR ${HTDOCS} # Add mor NodeJS, CakePHP and Composer commands to system path -COPY --from=node-build /usr/local/project/node_modules/ node_modules -ENV PATH="${HTDOCS}/node_modules/.bin:${PATH}" +ENV PATH="${HTDOCS}/node_modules/.bin:${HTDOCS}/app/bin:${HTDOCS}/bin:${PATH}" +COPY --from=node-build /usr/local/project/node_modules node_modules # END - Multi-stage Build # Install base packages @@ -76,3 +81,4 @@ RUN chmod +x Scripts/*.sh \ && Scripts/a2enmod.sh ENTRYPOINT ["apachectl", "-D", "FOREGROUND"] + diff --git a/deployment/images/httpd/Dockerfile.x86_64 b/deployment/images/httpd/Dockerfile.x86_64 index e7d984e05..e793f330e 100644 --- a/deployment/images/httpd/Dockerfile.x86_64 +++ b/deployment/images/httpd/Dockerfile.x86_64 @@ -1,16 +1,21 @@ # BEGIN - Multi-stage Build # Stage 1: Install NodeJS dependencies -FROM node:20-alpine3.16 AS node-build +FROM node:20-alpine3.22 AS node-build WORKDIR /usr/local/project # Copy Node.js dependency files, Fixing global modules issue -RUN apk update \ - && apk add --no-cache yarn \ - && yarn add balena-cloud-apps \ - && yarn cache clean +COPY package.json yarn.lock .yarnrc.yml ./ +COPY .yarn .yarn +RUN apk add --no-cache nodejs npm \ + && npm install -g corepack \ + && corepack enable \ + && corepack prepare yarn@4 --activate \ + && corepack install -g yarn \ + && yarn install --immutable \ + && yarn cache clean -# Stage 2: Build environment +# Stage 2: Build HTTPD environment FROM httpd:2.4-alpine3.22 # Set up working directory and environment @@ -19,8 +24,8 @@ ENV HTDOCS=${HTDOCS:-"/usr/local/apache2/htdocs"} WORKDIR ${HTDOCS} # Add mor NodeJS, CakePHP and Composer commands to system path -COPY --from=node-build /usr/local/project/node_modules/ node_modules -ENV PATH="${HTDOCS}/node_modules/.bin:${PATH}" +ENV PATH="${HTDOCS}/node_modules/.bin:${HTDOCS}/app/bin:${HTDOCS}/bin:${PATH}" +COPY --from=node-build /usr/local/project/node_modules node_modules # END - Multi-stage Build # Install base packages @@ -76,3 +81,4 @@ RUN chmod +x Scripts/*.sh \ && Scripts/a2enmod.sh ENTRYPOINT ["apachectl", "-D", "FOREGROUND"] + diff --git a/deployment/images/httpd/README.md b/deployment/images/httpd/README.md new file mode 100644 index 000000000..19b72fab2 --- /dev/null +++ b/deployment/images/httpd/README.md @@ -0,0 +1 @@ +# httpd diff --git a/deployment/images/httpd/build.aarch64.sh b/deployment/images/httpd/build.aarch64.sh new file mode 100755 index 000000000..0f23941eb --- /dev/null +++ b/deployment/images/httpd/build.aarch64.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/aarch64.env" aarch64.env +balena_deploy "${TOPDIR}" aarch64 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" httpd \ + --set "*.platform=linux/arm64" --push diff --git a/deployment/images/httpd/build.armhf.sh b/deployment/images/httpd/build.armhf.sh new file mode 100755 index 000000000..20a8d2947 --- /dev/null +++ b/deployment/images/httpd/build.armhf.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/armhf.env" armhf.env +balena_deploy "${TOPDIR}" armhf 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" httpd \ + --set "*.platform=linux/arm/v7" --push diff --git a/deployment/images/httpd/build.template b/deployment/images/httpd/build.template new file mode 100644 index 000000000..094909904 --- /dev/null +++ b/deployment/images/httpd/build.template @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/%%BALENA_ARCH%%.env" %%BALENA_ARCH%%.env +balena_deploy "${TOPDIR}" %%BALENA_ARCH%% 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" httpd \ + --set "*.platform=%%PLATFORM%%" --push diff --git a/deployment/images/httpd/build.x86_64.sh b/deployment/images/httpd/build.x86_64.sh new file mode 100755 index 000000000..0948b6a31 --- /dev/null +++ b/deployment/images/httpd/build.x86_64.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/x86_64.env" x86_64.env +balena_deploy "${TOPDIR}" x86_64 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" httpd \ + --set "*.platform=linux/amd64" --push diff --git a/deployment/images/httpd/common.env b/deployment/images/httpd/common.env index ecb1e7940..86b46b69b 120000 --- a/deployment/images/httpd/common.env +++ b/deployment/images/httpd/common.env @@ -1 +1 @@ -/home/brunotr/acake2php/common.env \ No newline at end of file +/var/www/html/common.env \ No newline at end of file diff --git a/deployment/images/httpd/package.json b/deployment/images/httpd/package.json new file mode 100644 index 000000000..f319bb1c3 --- /dev/null +++ b/deployment/images/httpd/package.json @@ -0,0 +1,7 @@ +{ + "name": "httpd", + "packageManager": "yarn@4.12.0", + "dependencies": { + "balena-cloud-apps": "^1.0.49" + } +} diff --git a/deployment/images/httpd/yarn.lock b/deployment/images/httpd/yarn.lock new file mode 100644 index 000000000..75c8acda4 --- /dev/null +++ b/deployment/images/httpd/yarn.lock @@ -0,0 +1,335 @@ +# This file is generated by running "yarn install" inside your project. +# Manual changes might be lost - proceed with caution! + +__metadata: + version: 8 + cacheKey: 10c0 + +"@nodelib/fs.scandir@npm:2.1.5": + version: 2.1.5 + resolution: "@nodelib/fs.scandir@npm:2.1.5" + dependencies: + "@nodelib/fs.stat": "npm:2.0.5" + run-parallel: "npm:^1.1.9" + checksum: 10c0/732c3b6d1b1e967440e65f284bd06e5821fedf10a1bea9ed2bb75956ea1f30e08c44d3def9d6a230666574edbaf136f8cfd319c14fd1f87c66e6a44449afb2eb + languageName: node + linkType: hard + +"@nodelib/fs.stat@npm:2.0.5, @nodelib/fs.stat@npm:^2.0.2": + version: 2.0.5 + resolution: "@nodelib/fs.stat@npm:2.0.5" + checksum: 10c0/88dafe5e3e29a388b07264680dc996c17f4bda48d163a9d4f5c1112979f0ce8ec72aa7116122c350b4e7976bc5566dc3ddb579be1ceaacc727872eb4ed93926d + languageName: node + linkType: hard + +"@nodelib/fs.walk@npm:^1.2.3": + version: 1.2.8 + resolution: "@nodelib/fs.walk@npm:1.2.8" + dependencies: + "@nodelib/fs.scandir": "npm:2.1.5" + fastq: "npm:^1.6.0" + checksum: 10c0/db9de047c3bb9b51f9335a7bb46f4fcfb6829fb628318c12115fbaf7d369bfce71c15b103d1fc3b464812d936220ee9bc1c8f762d032c9f6be9acc99249095b1 + languageName: node + linkType: hard + +"balena-cloud-apps@npm:^1.0.49": + version: 1.0.49 + resolution: "balena-cloud-apps@npm:1.0.49" + dependencies: + shelljs: "npm:^0.10.0" + bin: + auto_reboot: vendor/cni/auto_reboot.sh + balena_deploy: vendor/cni/balena_deploy.sh + clone_project: vendor/cni/clone_project.sh + docker_build: vendor/cni/docker_build.sh + git_fix_issue: vendor/cni/git_fix_issue.sh + git_fix_issue_close: vendor/cni/git_fix_issue_close.sh + git_retag: vendor/cni/git_retag.sh + init_functions: vendor/cni/init_functions.sh + post_install: vendor/cni/post_install.sh + update_templates: vendor/cni/update_templates.sh + checksum: 10c0/b744af844935c6660e250eac0c998d91937613c42a87ccb39ec27a29940071c694f56deee70801b3abe6196980a3647723eb01556894c8b017af670af04cff51 + languageName: node + linkType: hard + +"braces@npm:^3.0.3": + version: 3.0.3 + resolution: "braces@npm:3.0.3" + dependencies: + fill-range: "npm:^7.1.1" + checksum: 10c0/7c6dfd30c338d2997ba77500539227b9d1f85e388a5f43220865201e407e076783d0881f2d297b9f80951b4c957fcf0b51c1d2d24227631643c3f7c284b0aa04 + languageName: node + linkType: hard + +"cross-spawn@npm:^7.0.3": + version: 7.0.6 + resolution: "cross-spawn@npm:7.0.6" + dependencies: + path-key: "npm:^3.1.0" + shebang-command: "npm:^2.0.0" + which: "npm:^2.0.1" + checksum: 10c0/053ea8b2135caff68a9e81470e845613e374e7309a47731e81639de3eaeb90c3d01af0e0b44d2ab9d50b43467223b88567dfeb3262db942dc063b9976718ffc1 + languageName: node + linkType: hard + +"execa@npm:^5.1.1": + version: 5.1.1 + resolution: "execa@npm:5.1.1" + dependencies: + cross-spawn: "npm:^7.0.3" + get-stream: "npm:^6.0.0" + human-signals: "npm:^2.1.0" + is-stream: "npm:^2.0.0" + merge-stream: "npm:^2.0.0" + npm-run-path: "npm:^4.0.1" + onetime: "npm:^5.1.2" + signal-exit: "npm:^3.0.3" + strip-final-newline: "npm:^2.0.0" + checksum: 10c0/c8e615235e8de4c5addf2fa4c3da3e3aa59ce975a3e83533b4f6a71750fb816a2e79610dc5f1799b6e28976c9ae86747a36a606655bf8cb414a74d8d507b304f + languageName: node + linkType: hard + +"fast-glob@npm:^3.3.2": + version: 3.3.3 + resolution: "fast-glob@npm:3.3.3" + dependencies: + "@nodelib/fs.stat": "npm:^2.0.2" + "@nodelib/fs.walk": "npm:^1.2.3" + glob-parent: "npm:^5.1.2" + merge2: "npm:^1.3.0" + micromatch: "npm:^4.0.8" + checksum: 10c0/f6aaa141d0d3384cf73cbcdfc52f475ed293f6d5b65bfc5def368b09163a9f7e5ec2b3014d80f733c405f58e470ee0cc451c2937685045cddcdeaa24199c43fe + languageName: node + linkType: hard + +"fastq@npm:^1.6.0": + version: 1.20.1 + resolution: "fastq@npm:1.20.1" + dependencies: + reusify: "npm:^1.0.4" + checksum: 10c0/e5dd725884decb1f11e5c822221d76136f239d0236f176fab80b7b8f9e7619ae57e6b4e5b73defc21e6b9ef99437ee7b545cff8e6c2c337819633712fa9d352e + languageName: node + linkType: hard + +"fill-range@npm:^7.1.1": + version: 7.1.1 + resolution: "fill-range@npm:7.1.1" + dependencies: + to-regex-range: "npm:^5.0.1" + checksum: 10c0/b75b691bbe065472f38824f694c2f7449d7f5004aa950426a2c28f0306c60db9b880c0b0e4ed819997ffb882d1da02cfcfc819bddc94d71627f5269682edf018 + languageName: node + linkType: hard + +"get-stream@npm:^6.0.0": + version: 6.0.1 + resolution: "get-stream@npm:6.0.1" + checksum: 10c0/49825d57d3fd6964228e6200a58169464b8e8970489b3acdc24906c782fb7f01f9f56f8e6653c4a50713771d6658f7cfe051e5eb8c12e334138c9c918b296341 + languageName: node + linkType: hard + +"glob-parent@npm:^5.1.2": + version: 5.1.2 + resolution: "glob-parent@npm:5.1.2" + dependencies: + is-glob: "npm:^4.0.1" + checksum: 10c0/cab87638e2112bee3f839ef5f6e0765057163d39c66be8ec1602f3823da4692297ad4e972de876ea17c44d652978638d2fd583c6713d0eb6591706825020c9ee + languageName: node + linkType: hard + +"httpd@workspace:.": + version: 0.0.0-use.local + resolution: "httpd@workspace:." + dependencies: + balena-cloud-apps: "npm:^1.0.49" + languageName: unknown + linkType: soft + +"human-signals@npm:^2.1.0": + version: 2.1.0 + resolution: "human-signals@npm:2.1.0" + checksum: 10c0/695edb3edfcfe9c8b52a76926cd31b36978782062c0ed9b1192b36bebc75c4c87c82e178dfcb0ed0fc27ca59d434198aac0bd0be18f5781ded775604db22304a + languageName: node + linkType: hard + +"is-extglob@npm:^2.1.1": + version: 2.1.1 + resolution: "is-extglob@npm:2.1.1" + checksum: 10c0/5487da35691fbc339700bbb2730430b07777a3c21b9ebaecb3072512dfd7b4ba78ac2381a87e8d78d20ea08affb3f1971b4af629173a6bf435ff8a4c47747912 + languageName: node + linkType: hard + +"is-glob@npm:^4.0.1": + version: 4.0.3 + resolution: "is-glob@npm:4.0.3" + dependencies: + is-extglob: "npm:^2.1.1" + checksum: 10c0/17fb4014e22be3bbecea9b2e3a76e9e34ff645466be702f1693e8f1ee1adac84710d0be0bd9f967d6354036fd51ab7c2741d954d6e91dae6bb69714de92c197a + languageName: node + linkType: hard + +"is-number@npm:^7.0.0": + version: 7.0.0 + resolution: "is-number@npm:7.0.0" + checksum: 10c0/b4686d0d3053146095ccd45346461bc8e53b80aeb7671cc52a4de02dbbf7dc0d1d2a986e2fe4ae206984b4d34ef37e8b795ebc4f4295c978373e6575e295d811 + languageName: node + linkType: hard + +"is-stream@npm:^2.0.0": + version: 2.0.1 + resolution: "is-stream@npm:2.0.1" + checksum: 10c0/7c284241313fc6efc329b8d7f08e16c0efeb6baab1b4cd0ba579eb78e5af1aa5da11e68559896a2067cd6c526bd29241dda4eb1225e627d5aa1a89a76d4635a5 + languageName: node + linkType: hard + +"isexe@npm:^2.0.0": + version: 2.0.0 + resolution: "isexe@npm:2.0.0" + checksum: 10c0/228cfa503fadc2c31596ab06ed6aa82c9976eec2bfd83397e7eaf06d0ccf42cd1dfd6743bf9aeb01aebd4156d009994c5f76ea898d2832c1fe342da923ca457d + languageName: node + linkType: hard + +"merge-stream@npm:^2.0.0": + version: 2.0.0 + resolution: "merge-stream@npm:2.0.0" + checksum: 10c0/867fdbb30a6d58b011449b8885601ec1690c3e41c759ecd5a9d609094f7aed0096c37823ff4a7190ef0b8f22cc86beb7049196ff68c016e3b3c671d0dac91ce5 + languageName: node + linkType: hard + +"merge2@npm:^1.3.0": + version: 1.4.1 + resolution: "merge2@npm:1.4.1" + checksum: 10c0/254a8a4605b58f450308fc474c82ac9a094848081bf4c06778200207820e5193726dc563a0d2c16468810516a5c97d9d3ea0ca6585d23c58ccfff2403e8dbbeb + languageName: node + linkType: hard + +"micromatch@npm:^4.0.8": + version: 4.0.8 + resolution: "micromatch@npm:4.0.8" + dependencies: + braces: "npm:^3.0.3" + picomatch: "npm:^2.3.1" + checksum: 10c0/166fa6eb926b9553f32ef81f5f531d27b4ce7da60e5baf8c021d043b27a388fb95e46a8038d5045877881e673f8134122b59624d5cecbd16eb50a42e7a6b5ca8 + languageName: node + linkType: hard + +"mimic-fn@npm:^2.1.0": + version: 2.1.0 + resolution: "mimic-fn@npm:2.1.0" + checksum: 10c0/b26f5479d7ec6cc2bce275a08f146cf78f5e7b661b18114e2506dd91ec7ec47e7a25bf4360e5438094db0560bcc868079fb3b1fb3892b833c1ecbf63f80c95a4 + languageName: node + linkType: hard + +"npm-run-path@npm:^4.0.1": + version: 4.0.1 + resolution: "npm-run-path@npm:4.0.1" + dependencies: + path-key: "npm:^3.0.0" + checksum: 10c0/6f9353a95288f8455cf64cbeb707b28826a7f29690244c1e4bb61ec573256e021b6ad6651b394eb1ccfd00d6ec50147253aba2c5fe58a57ceb111fad62c519ac + languageName: node + linkType: hard + +"onetime@npm:^5.1.2": + version: 5.1.2 + resolution: "onetime@npm:5.1.2" + dependencies: + mimic-fn: "npm:^2.1.0" + checksum: 10c0/ffcef6fbb2692c3c40749f31ea2e22677a876daea92959b8a80b521d95cca7a668c884d8b2045d1d8ee7d56796aa405c405462af112a1477594cc63531baeb8f + languageName: node + linkType: hard + +"path-key@npm:^3.0.0, path-key@npm:^3.1.0": + version: 3.1.1 + resolution: "path-key@npm:3.1.1" + checksum: 10c0/748c43efd5a569c039d7a00a03b58eecd1d75f3999f5a28303d75f521288df4823bc057d8784eb72358b2895a05f29a070bc9f1f17d28226cc4e62494cc58c4c + languageName: node + linkType: hard + +"picomatch@npm:^2.3.1": + version: 2.3.1 + resolution: "picomatch@npm:2.3.1" + checksum: 10c0/26c02b8d06f03206fc2ab8d16f19960f2ff9e81a658f831ecb656d8f17d9edc799e8364b1f4a7873e89d9702dff96204be0fa26fe4181f6843f040f819dac4be + languageName: node + linkType: hard + +"queue-microtask@npm:^1.2.2": + version: 1.2.3 + resolution: "queue-microtask@npm:1.2.3" + checksum: 10c0/900a93d3cdae3acd7d16f642c29a642aea32c2026446151f0778c62ac089d4b8e6c986811076e1ae180a694cedf077d453a11b58ff0a865629a4f82ab558e102 + languageName: node + linkType: hard + +"reusify@npm:^1.0.4": + version: 1.1.0 + resolution: "reusify@npm:1.1.0" + checksum: 10c0/4eff0d4a5f9383566c7d7ec437b671cc51b25963bd61bf127c3f3d3f68e44a026d99b8d2f1ad344afff8d278a8fe70a8ea092650a716d22287e8bef7126bb2fa + languageName: node + linkType: hard + +"run-parallel@npm:^1.1.9": + version: 1.2.0 + resolution: "run-parallel@npm:1.2.0" + dependencies: + queue-microtask: "npm:^1.2.2" + checksum: 10c0/200b5ab25b5b8b7113f9901bfe3afc347e19bb7475b267d55ad0eb86a62a46d77510cb0f232507c9e5d497ebda569a08a9867d0d14f57a82ad5564d991588b39 + languageName: node + linkType: hard + +"shebang-command@npm:^2.0.0": + version: 2.0.0 + resolution: "shebang-command@npm:2.0.0" + dependencies: + shebang-regex: "npm:^3.0.0" + checksum: 10c0/a41692e7d89a553ef21d324a5cceb5f686d1f3c040759c50aab69688634688c5c327f26f3ecf7001ebfd78c01f3c7c0a11a7c8bfd0a8bc9f6240d4f40b224e4e + languageName: node + linkType: hard + +"shebang-regex@npm:^3.0.0": + version: 3.0.0 + resolution: "shebang-regex@npm:3.0.0" + checksum: 10c0/1dbed0726dd0e1152a92696c76c7f06084eb32a90f0528d11acd764043aacf76994b2fb30aa1291a21bd019d6699164d048286309a278855ee7bec06cf6fb690 + languageName: node + linkType: hard + +"shelljs@npm:^0.10.0": + version: 0.10.0 + resolution: "shelljs@npm:0.10.0" + dependencies: + execa: "npm:^5.1.1" + fast-glob: "npm:^3.3.2" + checksum: 10c0/3a18d524e2302fedd6e2b143bc17fd1e4583f41d19cb8ab747f8b00cfe39370044835f72adcab63a25ce004cae1605a8825afb3fa4dd5f78217b17b9ef966468 + languageName: node + linkType: hard + +"signal-exit@npm:^3.0.3": + version: 3.0.7 + resolution: "signal-exit@npm:3.0.7" + checksum: 10c0/25d272fa73e146048565e08f3309d5b942c1979a6f4a58a8c59d5fa299728e9c2fcd1a759ec870863b1fd38653670240cd420dad2ad9330c71f36608a6a1c912 + languageName: node + linkType: hard + +"strip-final-newline@npm:^2.0.0": + version: 2.0.0 + resolution: "strip-final-newline@npm:2.0.0" + checksum: 10c0/bddf8ccd47acd85c0e09ad7375409d81653f645fda13227a9d459642277c253d877b68f2e5e4d819fe75733b0e626bac7e954c04f3236f6d196f79c94fa4a96f + languageName: node + linkType: hard + +"to-regex-range@npm:^5.0.1": + version: 5.0.1 + resolution: "to-regex-range@npm:5.0.1" + dependencies: + is-number: "npm:^7.0.0" + checksum: 10c0/487988b0a19c654ff3e1961b87f471702e708fa8a8dd02a298ef16da7206692e8552a0250e8b3e8759270f62e9d8314616f6da274734d3b558b1fc7b7724e892 + languageName: node + linkType: hard + +"which@npm:^2.0.1": + version: 2.0.2 + resolution: "which@npm:2.0.2" + dependencies: + isexe: "npm:^2.0.0" + bin: + node-which: ./bin/node-which + checksum: 10c0/66522872a768b60c2a65a57e8ad184e5372f5b6a9ca6d5f033d4b0dc98aff63995655a7503b9c0a2598936f532120e81dd8cc155e2e92ed662a2b9377cc4374f + languageName: node + linkType: hard diff --git a/deployment/images/mysqldb/.env b/deployment/images/mysqldb/.env index dedf908af..4382e4c94 120000 --- a/deployment/images/mysqldb/.env +++ b/deployment/images/mysqldb/.env @@ -1 +1 @@ -/home/brunotr/acake2php/armhf.env \ No newline at end of file +/var/www/html/armhf.env \ No newline at end of file diff --git a/deployment/images/mysqldb/Dockerfile.aarch64 b/deployment/images/mysqldb/Dockerfile.aarch64 index 317c1ff7b..5d38a38c3 100644 --- a/deployment/images/mysqldb/Dockerfile.aarch64 +++ b/deployment/images/mysqldb/Dockerfile.aarch64 @@ -1,10 +1,7 @@ ARG SECONDARY_HUB +ARG SECONDARY_TAG FROM ${SECONDARY_HUB:-linuxserver/mariadb}:${SECONDARY_TAG:-arm64v8-10.6.13} -# When using volumes (-v flags) permissions issues can arise -# between the host OS and the container, we avoid this issue -# by allowing you to specify the user PUID and group PGID. -# $ id $USER ARG PUID ENV PUID=${PUID:-0} ARG PGID @@ -13,25 +10,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-'localhost'} ARG TZ ENV TZ=${TZ:-'Europe/Paris'} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-'maria-abc'} -# Optional -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-'aria_db'} -# Optional -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-'maria'} -# Optional -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-'maria-abc'} -# Optional ARG MYSQL_BIND_ADDRESS ENV MYSQL_BIND_ADDRESS=${MYSQL_BIND_ADDRESS:-0.0.0.0} -# The MariaDB/MySQL tools read configuration files in the following order: -# 1. "/etc/mysql/my.cnf" to set global defaults, -# 2. "/etc/mysql/conf.d/my.cnf" to set server options. -# 3. "~/.my.cnf" User +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent + COPY conf.d/my.cnf /etc/my.cnf.d/my.cnf RUN sed -i.bind "/bind-address/s/=.*$/= ${MYSQL_BIND_ADDRESS}/" /etc/my.cnf.d/my.cnf RUN sed -i.user "/user/s/=.*$/= ${USER}/" /etc/my.cnf.d/my.cnf @@ -42,23 +30,19 @@ RUN apk update \ build-base \ expect \ xz \ - # auth_ed25519 support package \ mariadb-client \ && apk del build-base \ && rm -rf /var/cache/apk/* -# MYSQL_ROOT_PASSWORD secured configuration COPY mysql_secure_shell . RUN chmod 1755 mysql_secure_shell \ && ./mysql_secure_shell -RUN echo "***** Fix root PRIVILEGES AND CREATE USER ${MYSQL_USER} with ${MYSQL_DATABASE} PRIVILEGES " \ - && echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'% WITH GRANT OPTION;" | tee -a p.sql \ - && echo "CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';" | tee -a p.sql \ - && echo "GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%;" | tee -a p.sql \ - && echo "FLUSH PRIVILEGES;" | tee -a p.sql \ - && mkdir -p /config/initdb.d/ && mv p.sql /config/initdb.d/patch.sql +# This script runs ONCE at first container start, using runtime env vars +COPY init-db.sh /docker-entrypoint-initdb.d/init-db.sh +RUN chmod 755 /docker-entrypoint-initdb.d/init-db.sh +# Splash screen ;) COPY mariadb.ans . RUN cat mariadb.ans diff --git a/deployment/images/mysqldb/Dockerfile.armhf b/deployment/images/mysqldb/Dockerfile.armhf index 0fc4e3bde..db8e509c3 100644 --- a/deployment/images/mysqldb/Dockerfile.armhf +++ b/deployment/images/mysqldb/Dockerfile.armhf @@ -1,10 +1,7 @@ ARG SECONDARY_HUB +ARG SECONDARY_TAG FROM ${SECONDARY_HUB:-linuxserver/mariadb}:${SECONDARY_TAG:-arm32v7-10.6.13} -# When using volumes (-v flags) permissions issues can arise -# between the host OS and the container, we avoid this issue -# by allowing you to specify the user PUID and group PGID. -# $ id $USER ARG PUID ENV PUID=${PUID:-0} ARG PGID @@ -13,25 +10,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-'localhost'} ARG TZ ENV TZ=${TZ:-'Europe/Paris'} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-'maria-abc'} -# Optional -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-'aria_db'} -# Optional -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-'maria'} -# Optional -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-'maria-abc'} -# Optional ARG MYSQL_BIND_ADDRESS ENV MYSQL_BIND_ADDRESS=${MYSQL_BIND_ADDRESS:-0.0.0.0} -# The MariaDB/MySQL tools read configuration files in the following order: -# 1. "/etc/mysql/my.cnf" to set global defaults, -# 2. "/etc/mysql/conf.d/my.cnf" to set server options. -# 3. "~/.my.cnf" User +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent + COPY conf.d/my.cnf /etc/my.cnf.d/my.cnf RUN sed -i.bind "/bind-address/s/=.*$/= ${MYSQL_BIND_ADDRESS}/" /etc/my.cnf.d/my.cnf RUN sed -i.user "/user/s/=.*$/= ${USER}/" /etc/my.cnf.d/my.cnf @@ -42,23 +30,19 @@ RUN apk update \ build-base \ expect \ xz \ - # auth_ed25519 support package \ mariadb-client \ && apk del build-base \ && rm -rf /var/cache/apk/* -# MYSQL_ROOT_PASSWORD secured configuration COPY mysql_secure_shell . RUN chmod 1755 mysql_secure_shell \ && ./mysql_secure_shell -RUN echo "***** Fix root PRIVILEGES AND CREATE USER ${MYSQL_USER} with ${MYSQL_DATABASE} PRIVILEGES " \ - && echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'% WITH GRANT OPTION;" | tee -a p.sql \ - && echo "CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';" | tee -a p.sql \ - && echo "GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%;" | tee -a p.sql \ - && echo "FLUSH PRIVILEGES;" | tee -a p.sql \ - && mkdir -p /config/initdb.d/ && mv p.sql /config/initdb.d/patch.sql +# This script runs ONCE at first container start, using runtime env vars +COPY init-db.sh /docker-entrypoint-initdb.d/init-db.sh +RUN chmod 755 /docker-entrypoint-initdb.d/init-db.sh +# Splash screen ;) COPY mariadb.ans . RUN cat mariadb.ans diff --git a/deployment/images/mysqldb/Dockerfile.armhf.sed b/deployment/images/mysqldb/Dockerfile.armhf.sed index abc2bb757..8d6b53339 100644 --- a/deployment/images/mysqldb/Dockerfile.armhf.sed +++ b/deployment/images/mysqldb/Dockerfile.armhf.sed @@ -1 +1,3 @@ /### ARM BEGIN/,/### ARM END/s/^(# )+(.*)/\2/g +s/(# )+(RUN [^a-z]*cross-build-start[^a-z]*)/\2/g +s/(# )+(RUN [^a-z]*cross-build-end[^a-z]*)/\2/g diff --git a/deployment/images/mysqldb/Dockerfile.template b/deployment/images/mysqldb/Dockerfile.template index 7be52bc45..75c0a50c2 100644 --- a/deployment/images/mysqldb/Dockerfile.template +++ b/deployment/images/mysqldb/Dockerfile.template @@ -1,10 +1,7 @@ ARG SECONDARY_HUB +ARG SECONDARY_TAG FROM ${SECONDARY_HUB:-%%SECONDARY_HUB%%}:${SECONDARY_TAG:-%%SECONDARY_TAG%%} -# When using volumes (-v flags) permissions issues can arise -# between the host OS and the container, we avoid this issue -# by allowing you to specify the user PUID and group PGID. -# $ id $USER ARG PUID ENV PUID=${PUID:-0} ARG PGID @@ -13,25 +10,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-'localhost'} ARG TZ ENV TZ=${TZ:-'Europe/Paris'} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-'maria-abc'} -# Optional -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-'aria_db'} -# Optional -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-'maria'} -# Optional -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-'maria-abc'} -# Optional ARG MYSQL_BIND_ADDRESS ENV MYSQL_BIND_ADDRESS=${MYSQL_BIND_ADDRESS:-0.0.0.0} -# The MariaDB/MySQL tools read configuration files in the following order: -# 1. "/etc/mysql/my.cnf" to set global defaults, -# 2. "/etc/mysql/conf.d/my.cnf" to set server options. -# 3. "~/.my.cnf" User +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent + COPY conf.d/my.cnf /etc/my.cnf.d/my.cnf RUN sed -i.bind "/bind-address/s/=.*$/= ${MYSQL_BIND_ADDRESS}/" /etc/my.cnf.d/my.cnf RUN sed -i.user "/user/s/=.*$/= ${USER}/" /etc/my.cnf.d/my.cnf @@ -42,23 +30,19 @@ RUN apk update \ build-base \ expect \ xz \ - # auth_ed25519 support package \ mariadb-client \ && apk del build-base \ && rm -rf /var/cache/apk/* -# MYSQL_ROOT_PASSWORD secured configuration COPY mysql_secure_shell . RUN chmod 1755 mysql_secure_shell \ && ./mysql_secure_shell -RUN echo "***** Fix root PRIVILEGES AND CREATE USER ${MYSQL_USER} with ${MYSQL_DATABASE} PRIVILEGES " \ - && echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'% WITH GRANT OPTION;" | tee -a p.sql \ - && echo "CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';" | tee -a p.sql \ - && echo "GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%;" | tee -a p.sql \ - && echo "FLUSH PRIVILEGES;" | tee -a p.sql \ - && mkdir -p /config/initdb.d/ && mv p.sql /config/initdb.d/patch.sql +# This script runs ONCE at first container start, using runtime env vars +COPY init-db.sh /docker-entrypoint-initdb.d/init-db.sh +RUN chmod 755 /docker-entrypoint-initdb.d/init-db.sh +# Splash screen ;) COPY mariadb.ans . RUN cat mariadb.ans diff --git a/deployment/images/mysqldb/Dockerfile.template.sed b/deployment/images/mysqldb/Dockerfile.template.sed index 4a63a94cc..6c38d95fe 100644 --- a/deployment/images/mysqldb/Dockerfile.template.sed +++ b/deployment/images/mysqldb/Dockerfile.template.sed @@ -2,6 +2,8 @@ s/%%BALENA_MACHINE_NAME%%/raspberrypi3/g s/(Dockerfile\.)[^\.]*/\1armhf/g s/%%BALENA_ARCH%%/armhf/g s/(BALENA_ARCH[=:-]+)[^$ }]+/\1armhf/g +s#(PLATFORM[=:-]+)[^$ }]+#\1linux/arm/v7#g +s#%%PLATFORM%%#linux/arm/v7#g s#(IMG_TAG[=:-]+)[^$ }]+#\1latest#g s#%%IMG_TAG%%#latest#g s#(SECONDARY_HUB[=:-]+)[^$ }]+#\1linuxserver/mariadb#g diff --git a/deployment/images/mysqldb/Dockerfile.x86_64 b/deployment/images/mysqldb/Dockerfile.x86_64 index e6fb457f4..bad42bc2b 100644 --- a/deployment/images/mysqldb/Dockerfile.x86_64 +++ b/deployment/images/mysqldb/Dockerfile.x86_64 @@ -1,10 +1,7 @@ ARG SECONDARY_HUB +ARG SECONDARY_TAG FROM ${SECONDARY_HUB:-linuxserver/mariadb}:${SECONDARY_TAG:-amd64-10.6.13} -# When using volumes (-v flags) permissions issues can arise -# between the host OS and the container, we avoid this issue -# by allowing you to specify the user PUID and group PGID. -# $ id $USER ARG PUID ENV PUID=${PUID:-0} ARG PGID @@ -13,25 +10,16 @@ ARG MYSQL_HOST ENV MYSQL_HOST=${MYSQL_HOST:-'localhost'} ARG TZ ENV TZ=${TZ:-'Europe/Paris'} -ARG MYSQL_ROOT_PASSWORD -ENV MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-'maria-abc'} -# Optional -ARG MYSQL_DATABASE -ENV MYSQL_DATABASE=${MYSQL_DATABASE:-'aria_db'} -# Optional -ARG MYSQL_USER -ENV MYSQL_USER=${MYSQL_USER:-'maria'} -# Optional -ARG MYSQL_PASSWORD -ENV MYSQL_PASSWORD=${MYSQL_PASSWORD:-'maria-abc'} -# Optional ARG MYSQL_BIND_ADDRESS ENV MYSQL_BIND_ADDRESS=${MYSQL_BIND_ADDRESS:-0.0.0.0} -# The MariaDB/MySQL tools read configuration files in the following order: -# 1. "/etc/mysql/my.cnf" to set global defaults, -# 2. "/etc/mysql/conf.d/my.cnf" to set server options. -# 3. "~/.my.cnf" User +# These are now expected at RUNTIME only — no ARG, no default values baked in +# They must be provided via: docker run --env-file, Docker secrets, or a secrets manager +# ENV MYSQL_ROOT_PASSWORD <-- intentionally absent +# ENV MYSQL_USER <-- intentionally absent +# ENV MYSQL_PASSWORD <-- intentionally absent +# ENV MYSQL_DATABASE <-- intentionally absent + COPY conf.d/my.cnf /etc/my.cnf.d/my.cnf RUN sed -i.bind "/bind-address/s/=.*$/= ${MYSQL_BIND_ADDRESS}/" /etc/my.cnf.d/my.cnf RUN sed -i.user "/user/s/=.*$/= ${USER}/" /etc/my.cnf.d/my.cnf @@ -42,23 +30,19 @@ RUN apk update \ build-base \ expect \ xz \ - # auth_ed25519 support package \ mariadb-client \ && apk del build-base \ && rm -rf /var/cache/apk/* -# MYSQL_ROOT_PASSWORD secured configuration COPY mysql_secure_shell . RUN chmod 1755 mysql_secure_shell \ && ./mysql_secure_shell -RUN echo "***** Fix root PRIVILEGES AND CREATE USER ${MYSQL_USER} with ${MYSQL_DATABASE} PRIVILEGES " \ - && echo "GRANT ALL PRIVILEGES ON *.* TO 'root'@'% WITH GRANT OPTION;" | tee -a p.sql \ - && echo "CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';" | tee -a p.sql \ - && echo "GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%;" | tee -a p.sql \ - && echo "FLUSH PRIVILEGES;" | tee -a p.sql \ - && mkdir -p /config/initdb.d/ && mv p.sql /config/initdb.d/patch.sql +# This script runs ONCE at first container start, using runtime env vars +COPY init-db.sh /docker-entrypoint-initdb.d/init-db.sh +RUN chmod 755 /docker-entrypoint-initdb.d/init-db.sh +# Splash screen ;) COPY mariadb.ans . RUN cat mariadb.ans diff --git a/deployment/images/mysqldb/build.aarch64.sh b/deployment/images/mysqldb/build.aarch64.sh new file mode 100755 index 000000000..57562de7b --- /dev/null +++ b/deployment/images/mysqldb/build.aarch64.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/aarch64.env" aarch64.env +balena_deploy "${TOPDIR}" aarch64 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" db \ + --set "*.platform=linux/arm64" --push diff --git a/deployment/images/mysqldb/build.armhf.sh b/deployment/images/mysqldb/build.armhf.sh new file mode 100755 index 000000000..a460a9818 --- /dev/null +++ b/deployment/images/mysqldb/build.armhf.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/armhf.env" armhf.env +balena_deploy "${TOPDIR}" armhf 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" db \ + --set "*.platform=linux/arm/v7" --push diff --git a/deployment/images/mysqldb/build.template b/deployment/images/mysqldb/build.template new file mode 100644 index 000000000..ff2923188 --- /dev/null +++ b/deployment/images/mysqldb/build.template @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/%%BALENA_ARCH%%.env" %%BALENA_ARCH%%.env +balena_deploy "${TOPDIR}" %%BALENA_ARCH%% 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" db \ + --set "*.platform=%%PLATFORM%%" --push diff --git a/deployment/images/mysqldb/build.x86_64.sh b/deployment/images/mysqldb/build.x86_64.sh new file mode 100755 index 000000000..940e342de --- /dev/null +++ b/deployment/images/mysqldb/build.x86_64.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +set -eu +TOPDIR="$(cd "$(dirname "$(dirname "$(dirname \ +"$(dirname "${BASH_SOURCE[0]}")")")")" && pwd)" +ln -s "${TOPDIR}/x86_64.env" x86_64.env +balena_deploy "${TOPDIR}" x86_64 3 0 +docker buildx bake -f "${TOPDIR}/docker-bake.hcl" db \ + --set "*.platform=linux/amd64" --push diff --git a/deployment/images/mysqldb/common.env b/deployment/images/mysqldb/common.env deleted file mode 120000 index ecb1e7940..000000000 --- a/deployment/images/mysqldb/common.env +++ /dev/null @@ -1 +0,0 @@ -/home/brunotr/acake2php/common.env \ No newline at end of file diff --git a/deployment/images/mysqldb/curl.sh b/deployment/images/mysqldb/curl.sh index f856e1715..54a1f5c7d 100755 --- a/deployment/images/mysqldb/curl.sh +++ b/deployment/images/mysqldb/curl.sh @@ -3,8 +3,8 @@ TOPDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # The top of our source tree is the parent of this scripts dir TOPDIR+="deployment/images/mariadb" -mkdir -p $TOPDIR -cd $TOPDIR || exit 1 +mkdir -p "$TOPDIR" +cd "$TOPDIR" || exit 1 MARIADB_MAJOR=${MARIADB_MAJOR:-10.4} curl -L "https://raw.githubusercontent.com/docker-library/mariadb/master/$MARIADB_MAJOR/docker-entrypoint.sh" -o docker-entrypoint.sh curl -L "https://raw.githubusercontent.com/docker-library/mariadb/master/$MARIADB_MAJOR/Dockerfile" -o Dockerfile.template diff --git a/deployment/images/mysqldb/init-db.sh b/deployment/images/mysqldb/init-db.sh new file mode 100644 index 000000000..9180fa9a0 --- /dev/null +++ b/deployment/images/mysqldb/init-db.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# /docker-entrypoint-initdb.d/init-db.sh +# Runs once on first startup. All values come from runtime environment. + +set -e + +# Fail fast if any required secret is missing +for var in MYSQL_ROOT_PASSWORD MYSQL_USER MYSQL_PASSWORD MYSQL_DATABASE; do + if [ -z "${var}" ]; then + echo "ERROR: $var is not set. Secrets must be provided at runtime." + exit 1 + fi +done + +cat < /tmp/init.sql +GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION; +CREATE USER IF NOT EXISTS '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}'; +GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'%'; +FLUSH PRIVILEGES; +EOF + +mysql -u root -p"${MYSQL_ROOT_PASSWORD}" < /tmp/init.sql +rm -f /tmp/init.sql diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 000000000..ddae26c61 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,109 @@ +variable "DOCKER_ORG" { + default = "betothreeprod" +} + +variable "BAKE_TAG" { + default = "latest" +} + +variable "PLATFORM" { + default = "linux/amd64" +} + +variable "BALENA_ARCH" { + default = "amd64" +} + +# --------------------------------------------------------------------------- +# Secrets — values are NEVER baked into image layers. +# The "env=" in each secrets entry tells BuildKit to read the secret value +# from that environment variable in the shell that runs "bake". +# CI just needs to export these vars before invoking bake — nothing else. +# --------------------------------------------------------------------------- +variable "MYSQL_ROOT_PASSWORD" { + default = "" +# sensitive = true +} +variable "MYSQL_USER" { + default = "" +# sensitive = true +} +variable "MYSQL_PASSWORD" { + default = "" +# sensitive = true +} +variable "HASH_PASSWORD" { + default = "" +# sensitive = true +} + +group "default" { + targets = ["db", "php-fpm", "httpd", "balena-storage"] +} + +target "db" { + context = "deployment/images/mysqldb" + dockerfile = "Dockerfile.${BALENA_ARCH}" + platforms = ["${PLATFORM}"] + tags = [ + "${DOCKER_ORG}/mysqldb:latest", + "${DOCKER_ORG}/mysqldb:${BAKE_TAG}" + ] + args = { + PUID = "1000" + PGID = "1000" + } + secrets = [ + "id=mysql_root_password,env=MYSQL_ROOT_PASSWORD", + "id=mysql_user,env=MYSQL_USER", + "id=mysql_password,env=MYSQL_PASSWORD", + ] +} + +target "php-fpm" { + context = "." + dockerfile = "Dockerfile.${BALENA_ARCH}" + platforms = ["${PLATFORM}"] + tags = [ + "${DOCKER_ORG}/php-fpm:latest", + "${DOCKER_ORG}/php-fpm:${BAKE_TAG}" + ] + args = { + PUID = "1000" + PGID = "1000" + MYPHPCMS_DIR = "app/webroot/php-cms" + MYPHPCMS_LOG = "app/tmp/logs" + HTDOCS = "/var/www/html" + } + secrets = [ + "id=mysql_root_password,env=MYSQL_ROOT_PASSWORD", + "id=mysql_user,env=MYSQL_USER", + "id=mysql_password,env=MYSQL_PASSWORD", + "id=hash_password,env=HASH_PASSWORD", + ] +} + +target "httpd" { + context = "deployment/images/httpd" + dockerfile = "Dockerfile.${BALENA_ARCH}" + platforms = ["${PLATFORM}"] + tags = [ + "${DOCKER_ORG}/httpd:latest", + "${DOCKER_ORG}/httpd:${BAKE_TAG}" + ] + args = { + PUID = "1000" + PGID = "1000" + HTDOCS = "/var/www/html" + } +} + +target "balena-storage" { + context = "balena-storage" + dockerfile = "Dockerfile.${BALENA_ARCH}" + platforms = ["${PLATFORM}"] + tags = [ + "${DOCKER_ORG}/balena-storage:latest", + "${DOCKER_ORG}/balena-storage:${BAKE_TAG}" + ] +} diff --git a/docker-compose.aarch64 b/docker-compose.aarch64 index 8fbfe8d2e..86ad345a5 100644 --- a/docker-compose.aarch64 +++ b/docker-compose.aarch64 @@ -1,14 +1,7 @@ -version: "3.9" - +version: "2.4" services: db: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/mysqldb:latest - - ${DOCKER_ORG}/mysqldb:${BAKE_TAG} context: deployment/images/mysqldb dockerfile: Dockerfile.aarch64 args: @@ -18,6 +11,10 @@ services: environment: MYSQL_RANDOM_ROOT_PASSWORD: yes TZ: Europe/Paris +# secrets: +# - mysql_root_password +# - mysql_user +# - mysql_password volumes: - localtime:/etc/localtime:ro - db-data:/config @@ -34,12 +31,6 @@ services: io.balena.features.dbus: "1" php-fpm: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/php-fpm:latest - - ${DOCKER_ORG}/php-fpm:${BAKE_TAG} context: . dockerfile: Dockerfile.aarch64 args: @@ -52,6 +43,11 @@ services: env_file: - common.env - aarch64.env + # secrets: + # - mysql_root_password + # - mysql_user + # - mysql_password + # - hash_password environment: CAKEPHP_DEBUG_LEVEL: "2" COLLECT_COVERAGE: false @@ -67,12 +63,6 @@ services: - cake httpd: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/httpd:latest - - ${DOCKER_ORG}/httpd:${BAKE_TAG} context: deployment/images/httpd dockerfile: Dockerfile.aarch64 args: @@ -94,12 +84,6 @@ services: - cake balena-storage: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/balena-storage:latest - - ${DOCKER_ORG}/balena-storage:${BAKE_TAG} context: balena-storage dockerfile: Dockerfile.aarch64 image: betothreeprod/balena-storage:latest @@ -109,6 +93,7 @@ services: - aarch64.env networks: - cake +# Docker-Compose >=3.4 only # healthcheck: # test: ["CMD", "/usr/src/scripts/backup-db.sh"] # interval: 720h @@ -130,3 +115,22 @@ volumes: networks: cake: external: false + + +# --------------------------------------------------------------------------- +# Secrets — each file contains a single value, no trailing newline. +# Create them before first run: +# echo -n "s3cr3t" > ./secrets/mysql_root_password.txt +# echo -n "maria" > ./secrets/mysql_user.txt +# ... +# --------------------------------------------------------------------------- +#secrets: +# mysql_root_password: +# file: ./secrets/mysql_root_password.txt +# mysql_user: +# file: ./secrets/mysql_user.txt +# mysql_password: +# file: ./secrets/mysql_password.txt +# hash_password: +# file: ./secrets/hash_password.txt + diff --git a/docker-compose.armhf b/docker-compose.armhf index 4d8953c07..c87bd4e3c 100644 --- a/docker-compose.armhf +++ b/docker-compose.armhf @@ -1,14 +1,7 @@ -version: "3.9" - +version: "2.4" services: db: build: - x-bake: - platforms: - - linux/arm/v7 - tags: - - ${DOCKER_ORG}/mysqldb:latest - - ${DOCKER_ORG}/mysqldb:${BAKE_TAG} context: deployment/images/mysqldb dockerfile: Dockerfile.armhf args: @@ -18,6 +11,10 @@ services: environment: MYSQL_RANDOM_ROOT_PASSWORD: yes TZ: Europe/Paris +# secrets: +# - mysql_root_password +# - mysql_user +# - mysql_password volumes: - localtime:/etc/localtime:ro - db-data:/config @@ -34,12 +31,6 @@ services: io.balena.features.dbus: "1" php-fpm: build: - x-bake: - platforms: - - linux/arm/v7 - tags: - - ${DOCKER_ORG}/php-fpm:latest - - ${DOCKER_ORG}/php-fpm:${BAKE_TAG} context: . dockerfile: Dockerfile.armhf args: @@ -52,6 +43,11 @@ services: env_file: - common.env - armhf.env + # secrets: + # - mysql_root_password + # - mysql_user + # - mysql_password + # - hash_password environment: CAKEPHP_DEBUG_LEVEL: "2" COLLECT_COVERAGE: false @@ -67,12 +63,6 @@ services: - cake httpd: build: - x-bake: - platforms: - - linux/arm/v7 - tags: - - ${DOCKER_ORG}/httpd:latest - - ${DOCKER_ORG}/httpd:${BAKE_TAG} context: deployment/images/httpd dockerfile: Dockerfile.armhf args: @@ -94,12 +84,6 @@ services: - cake balena-storage: build: - x-bake: - platforms: - - linux/arm/v7 - tags: - - ${DOCKER_ORG}/balena-storage:latest - - ${DOCKER_ORG}/balena-storage:${BAKE_TAG} context: balena-storage dockerfile: Dockerfile.armhf image: betothreeprod/balena-storage:latest @@ -109,6 +93,7 @@ services: - armhf.env networks: - cake +# Docker-Compose >=3.4 only # healthcheck: # test: ["CMD", "/usr/src/scripts/backup-db.sh"] # interval: 720h @@ -129,4 +114,23 @@ volumes: db-backup: networks: cake: - external: false \ No newline at end of file + external: false + + +# --------------------------------------------------------------------------- +# Secrets — each file contains a single value, no trailing newline. +# Create them before first run: +# echo -n "s3cr3t" > ./secrets/mysql_root_password.txt +# echo -n "maria" > ./secrets/mysql_user.txt +# ... +# --------------------------------------------------------------------------- +#secrets: +# mysql_root_password: +# file: ./secrets/mysql_root_password.txt +# mysql_user: +# file: ./secrets/mysql_user.txt +# mysql_password: +# file: ./secrets/mysql_password.txt +# hash_password: +# file: ./secrets/hash_password.txt + diff --git a/docker-compose.template b/docker-compose.template index 9fc9575a2..bebf67da6 100644 --- a/docker-compose.template +++ b/docker-compose.template @@ -1,14 +1,7 @@ -version: "3.9" - +version: "2.4" services: db: build: - x-bake: - platforms: - - %%PLATFORM%% - tags: - - ${DOCKER_ORG}/mysqldb:latest - - ${DOCKER_ORG}/mysqldb:${BAKE_TAG} context: deployment/images/mysqldb dockerfile: Dockerfile.%%BALENA_ARCH%% args: @@ -18,6 +11,10 @@ services: environment: MYSQL_RANDOM_ROOT_PASSWORD: yes TZ: Europe/Paris +# secrets: +# - mysql_root_password +# - mysql_user +# - mysql_password volumes: - localtime:/etc/localtime:ro - db-data:/config @@ -34,12 +31,6 @@ services: io.balena.features.dbus: "1" php-fpm: build: - x-bake: - platforms: - - %%PLATFORM%% - tags: - - ${DOCKER_ORG}/php-fpm:latest - - ${DOCKER_ORG}/php-fpm:${BAKE_TAG} context: . dockerfile: Dockerfile.%%BALENA_ARCH%% args: @@ -52,6 +43,11 @@ services: env_file: - common.env - %%BALENA_ARCH%%.env + # secrets: + # - mysql_root_password + # - mysql_user + # - mysql_password + # - hash_password environment: CAKEPHP_DEBUG_LEVEL: "2" COLLECT_COVERAGE: false @@ -67,12 +63,6 @@ services: - cake httpd: build: - x-bake: - platforms: - - %%PLATFORM%% - tags: - - ${DOCKER_ORG}/httpd:latest - - ${DOCKER_ORG}/httpd:${BAKE_TAG} context: deployment/images/httpd dockerfile: Dockerfile.%%BALENA_ARCH%% args: @@ -94,12 +84,6 @@ services: - cake balena-storage: build: - x-bake: - platforms: - - %%PLATFORM%% - tags: - - ${DOCKER_ORG}/balena-storage:latest - - ${DOCKER_ORG}/balena-storage:${BAKE_TAG} context: balena-storage dockerfile: Dockerfile.%%BALENA_ARCH%% image: betothreeprod/balena-storage:latest @@ -109,6 +93,7 @@ services: - %%BALENA_ARCH%%.env networks: - cake +# Docker-Compose >=3.4 only # healthcheck: # test: ["CMD", "/usr/src/scripts/backup-db.sh"] # interval: 720h @@ -129,4 +114,23 @@ volumes: db-backup: networks: cake: - external: false \ No newline at end of file + external: false + + +# --------------------------------------------------------------------------- +# Secrets — each file contains a single value, no trailing newline. +# Create them before first run: +# echo -n "s3cr3t" > ./secrets/mysql_root_password.txt +# echo -n "maria" > ./secrets/mysql_user.txt +# ... +# --------------------------------------------------------------------------- +#secrets: +# mysql_root_password: +# file: ./secrets/mysql_root_password.txt +# mysql_user: +# file: ./secrets/mysql_user.txt +# mysql_password: +# file: ./secrets/mysql_password.txt +# hash_password: +# file: ./secrets/hash_password.txt + diff --git a/docker-compose.x86_64 b/docker-compose.x86_64 index 9659fb516..7e1b8421a 100644 --- a/docker-compose.x86_64 +++ b/docker-compose.x86_64 @@ -1,14 +1,7 @@ -version: "3.9" - +version: "2.4" services: db: build: - x-bake: - platforms: - - linux/amd64 - tags: - - ${DOCKER_ORG}/mysqldb:latest - - ${DOCKER_ORG}/mysqldb:${BAKE_TAG} context: deployment/images/mysqldb dockerfile: Dockerfile.x86_64 args: @@ -18,6 +11,10 @@ services: environment: MYSQL_RANDOM_ROOT_PASSWORD: yes TZ: Europe/Paris +# secrets: +# - mysql_root_password +# - mysql_user +# - mysql_password volumes: - localtime:/etc/localtime:ro - db-data:/config @@ -34,12 +31,6 @@ services: io.balena.features.dbus: "1" php-fpm: build: - x-bake: - platforms: - - linux/amd64 - tags: - - ${DOCKER_ORG}/php-fpm:latest - - ${DOCKER_ORG}/php-fpm:${BAKE_TAG} context: . dockerfile: Dockerfile.x86_64 args: @@ -52,6 +43,11 @@ services: env_file: - common.env - x86_64.env + # secrets: + # - mysql_root_password + # - mysql_user + # - mysql_password + # - hash_password environment: CAKEPHP_DEBUG_LEVEL: "2" COLLECT_COVERAGE: false @@ -67,12 +63,6 @@ services: - cake httpd: build: - x-bake: - platforms: - - linux/amd64 - tags: - - ${DOCKER_ORG}/httpd:latest - - ${DOCKER_ORG}/httpd:${BAKE_TAG} context: deployment/images/httpd dockerfile: Dockerfile.x86_64 args: @@ -94,12 +84,6 @@ services: - cake balena-storage: build: - x-bake: - platforms: - - linux/amd64 - tags: - - ${DOCKER_ORG}/balena-storage:latest - - ${DOCKER_ORG}/balena-storage:${BAKE_TAG} context: balena-storage dockerfile: Dockerfile.x86_64 image: betothreeprod/balena-storage:latest @@ -109,6 +93,7 @@ services: - x86_64.env networks: - cake +# Docker-Compose >=3.4 only # healthcheck: # test: ["CMD", "/usr/src/scripts/backup-db.sh"] # interval: 720h @@ -129,4 +114,23 @@ volumes: db-backup: networks: cake: - external: false \ No newline at end of file + external: false + + +# --------------------------------------------------------------------------- +# Secrets — each file contains a single value, no trailing newline. +# Create them before first run: +# echo -n "s3cr3t" > ./secrets/mysql_root_password.txt +# echo -n "maria" > ./secrets/mysql_user.txt +# ... +# --------------------------------------------------------------------------- +#secrets: +# mysql_root_password: +# file: ./secrets/mysql_root_password.txt +# mysql_user: +# file: ./secrets/mysql_user.txt +# mysql_password: +# file: ./secrets/mysql_password.txt +# hash_password: +# file: ./secrets/hash_password.txt + diff --git a/docker-compose.yml b/docker-compose.yml index 8fbfe8d2e..c87bd4e3c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,16 +1,9 @@ -version: "3.9" - +version: "2.4" services: db: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/mysqldb:latest - - ${DOCKER_ORG}/mysqldb:${BAKE_TAG} context: deployment/images/mysqldb - dockerfile: Dockerfile.aarch64 + dockerfile: Dockerfile.armhf args: PUID: 1000 PGID: 1000 @@ -18,6 +11,10 @@ services: environment: MYSQL_RANDOM_ROOT_PASSWORD: yes TZ: Europe/Paris +# secrets: +# - mysql_root_password +# - mysql_user +# - mysql_password volumes: - localtime:/etc/localtime:ro - db-data:/config @@ -29,19 +26,13 @@ services: - cake env_file: - common.env - - aarch64.env + - armhf.env labels: io.balena.features.dbus: "1" php-fpm: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/php-fpm:latest - - ${DOCKER_ORG}/php-fpm:${BAKE_TAG} context: . - dockerfile: Dockerfile.aarch64 + dockerfile: Dockerfile.armhf args: PUID: 1000 PGID: 1000 @@ -51,7 +42,12 @@ services: image: betothreeprod/php-fpm:latest env_file: - common.env - - aarch64.env + - armhf.env + # secrets: + # - mysql_root_password + # - mysql_user + # - mysql_password + # - hash_password environment: CAKEPHP_DEBUG_LEVEL: "2" COLLECT_COVERAGE: false @@ -67,14 +63,8 @@ services: - cake httpd: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/httpd:latest - - ${DOCKER_ORG}/httpd:${BAKE_TAG} context: deployment/images/httpd - dockerfile: Dockerfile.aarch64 + dockerfile: Dockerfile.armhf args: PUID: 1000 PGID: 1000 @@ -82,7 +72,7 @@ services: image: betothreeprod/httpd:latest env_file: - common.env - - aarch64.env + - armhf.env volumes: - localtime:/etc/localtime:ro - www:/var/www/html @@ -94,21 +84,16 @@ services: - cake balena-storage: build: - x-bake: - platforms: - - linux/arm64 - tags: - - ${DOCKER_ORG}/balena-storage:latest - - ${DOCKER_ORG}/balena-storage:${BAKE_TAG} context: balena-storage - dockerfile: Dockerfile.aarch64 + dockerfile: Dockerfile.armhf image: betothreeprod/balena-storage:latest privileged: true env_file: - common.env - - aarch64.env + - armhf.env networks: - cake +# Docker-Compose >=3.4 only # healthcheck: # test: ["CMD", "/usr/src/scripts/backup-db.sh"] # interval: 720h @@ -130,3 +115,22 @@ volumes: networks: cake: external: false + + +# --------------------------------------------------------------------------- +# Secrets — each file contains a single value, no trailing newline. +# Create them before first run: +# echo -n "s3cr3t" > ./secrets/mysql_root_password.txt +# echo -n "maria" > ./secrets/mysql_user.txt +# ... +# --------------------------------------------------------------------------- +#secrets: +# mysql_root_password: +# file: ./secrets/mysql_root_password.txt +# mysql_user: +# file: ./secrets/mysql_user.txt +# mysql_password: +# file: ./secrets/mysql_password.txt +# hash_password: +# file: ./secrets/hash_password.txt + diff --git a/package.json b/package.json index 2f6f08f0e..ea9475200 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "myphpcms", + "name": "acake2php", "version": "1.0.0", "description": "A CakePHP and MariaDB website", "main": "index.php", @@ -23,8 +23,8 @@ "url": "https://github.com/b23prodtm/acake2php/issues" }, "homepage": "https://github.com/b23prodtm/acake2php#readme", + "packageManager": "yarn@4.12.0+sha512.f45ab632439a67f8bc759bf32ead036a1f413287b9042726b7cc4818b7b49e14e9423ba49b18f9e06ea4941c1ad062385b1d8760a8d5091a1a31e5f6219afca8", "dependencies": { - "balena-cloud-apps": "^1.0.48" - }, - "packageManager": "yarn@4.6.0" + "balena-cloud-apps": "^1.0.49" + } } diff --git a/test-cake.sh b/test-cake.sh index cd8b5859c..14e09a211 100755 --- a/test-cake.sh +++ b/test-cake.sh @@ -58,7 +58,7 @@ while [[ "$#" -gt 0 ]]; do case $1 in --docker ) config_args="--docker ${config_args}" migrate="--docker ${migrate}" - db_data="$(pwd)/mysqld$(echo ${db_data} | cut -d : -f 2)" + db_data="$(pwd)/mysqld$(echo "${db_data}" | cut -d : -f 2)" ;; *) echo "Unknown parameter, passed $0: $1"; exit 1;; esac; shift; done diff --git a/yarn.lock b/yarn.lock index 1c93bac32..f57c26d77 100644 --- a/yarn.lock +++ b/yarn.lock @@ -32,9 +32,17 @@ __metadata: languageName: node linkType: hard -"balena-cloud-apps@npm:^1.0.48": - version: 1.0.48 - resolution: "balena-cloud-apps@npm:1.0.48" +"acake2php@workspace:.": + version: 0.0.0-use.local + resolution: "acake2php@workspace:." + dependencies: + balena-cloud-apps: "npm:^1.0.49" + languageName: unknown + linkType: soft + +"balena-cloud-apps@npm:^1.0.49": + version: 1.0.49 + resolution: "balena-cloud-apps@npm:1.0.49" dependencies: shelljs: "npm:^0.10.0" bin: @@ -48,7 +56,7 @@ __metadata: init_functions: vendor/cni/init_functions.sh post_install: vendor/cni/post_install.sh update_templates: vendor/cni/update_templates.sh - checksum: 10c0/b6ee5caa79558765328470fc9d08792556b563840d8453d7f5b27f4a7bd6df78090095036ebe18e9092f5cb744914ff5c37dce7bd726033711d6b32eed5fab43 + checksum: 10c0/b744af844935c6660e250eac0c998d91937613c42a87ccb39ec27a29940071c694f56deee70801b3abe6196980a3647723eb01556894c8b017af670af04cff51 languageName: node linkType: hard @@ -211,14 +219,6 @@ __metadata: languageName: node linkType: hard -"myphpcms@workspace:.": - version: 0.0.0-use.local - resolution: "myphpcms@workspace:." - dependencies: - balena-cloud-apps: "npm:^1.0.48" - languageName: unknown - linkType: soft - "npm-run-path@npm:^4.0.1": version: 4.0.1 resolution: "npm-run-path@npm:4.0.1"