Upgrade to ElasticMS v6.x

.build.env

@@ -2,4 +2,4 @@
 DOCKER_IMAGE_NAME=docker.io/elasticms/website-skeleton
 
 # Default ElasticMS Website Skeleton Version
-ELASTICMS_WEB_VERSION=5.7.0
+ELASTICMS_WEB_VERSION=6.0.0

.github/workflows/docker-release.yml

@@ -197,7 +197,7 @@ jobs:
           CONTAINER_ENGINE: docker
         run: |
           docker network create docker_default
-          docker pull docker.io/curlimages/curl:8.1.2
+          docker pull docker.io/curlimages/curl:8.11.1
           bats -r test/tests.bats
 
   sign-dev:

Dockerfiles/Builder.m4

@@ -1,9 +1,9 @@
-ENV ELASTICMS_VERSION=${VERSION_ARG:-5.1.2} \
+ENV ELASTICMS_VERSION=${VERSION_ARG:-6.0.0} \
     ELASTICMS_DOWNLOAD_URL="https://github.com/ems-project/elasticms-web/archive"
 
-RUN echo "Download and install ElastiCMS ..." \
-    && mkdir -p /opt/src \
-    && curl -sSfLk ${ELASTICMS_DOWNLOAD_URL}/${ELASTICMS_VERSION}.tar.gz \
-       | tar -xzC /opt/src --strip-components=1 \
-    && COMPOSER_MEMORY_LIMIT=-1 composer -vvvv install --no-interaction --no-suggest --no-scripts --working-dir /opt/src -o  \
-    && rm -rf /opt/src/bootstrap/cache/* /opt/src/.env /opt/src/.env.dist
+RUN set -x ; \
+    mkdir -p /app/src/elasticms ; \
+    curl -sSfLk ${ELASTICMS_DOWNLOAD_URL}/${ELASTICMS_VERSION}.tar.gz \
+       | tar -xzC /app/src/elasticms --strip-components=1 ; \
+    COMPOSER_MEMORY_LIMIT=-1 composer -vvv install --no-interaction --no-suggest --no-scripts --working-dir /app/src/elasticms -o ; \
+    mkdir -p /app/src/elasticms/public/bundles /app/src/elasticms/var ;

Dockerfiles/Common.m4

@@ -11,23 +11,20 @@ LABEL be.fgov.elasticms.web.build-date=$BUILD_DATE_ARG \
 
 USER root
 
-COPY bin/ /opt/bin/container-entrypoint.d/
-COPY etc/ /usr/local/etc/
-COPY --from=builder /opt/src /opt/src
+COPY --chmod=775 --chown=${PUID:-1001}:0 bin/ /app/bin/
+COPY --chmod=664 --chown=${PUID:-1001}:0 config/ /app/config/
 
-ENV APP_DISABLE_DOTENV=true
-ENV EMS_METRIC_PORT="9090"
+COPY --chmod=664 --chown=${PUID:-1001}:0 --from=builder /app/src/elasticms /app/src/elasticms
 
-RUN echo -e "\nListen ${EMS_METRIC_PORT}\n" >> /etc/apache2/httpd.conf \
-    && echo "Setup permissions on filesystem for non-privileged user ..." \
-    && chmod -Rf +x /opt/bin \
-    && chown -Rf ${PUID:-1001}:0 /opt \
-    && chmod -R ug+rw /opt \
-    && find /opt -type d -exec chmod ug+x {} \;
+ENV APP_DISABLE_DOTENV=true \
+    EMS_METRIC_PORT="9090" \
+    PATH=/app/bin:/app/sbin:/usr/local/bin:/usr/bin:$PATH
+
+RUN find /app -type d -exec chmod ugo+x {} \;
 
 USER ${PUID:-1001}
 
 EXPOSE ${EMS_METRIC_PORT}/tcp
 
-HEALTHCHECK --start-period=10s --interval=1m --timeout=5s --retries=5 \
+HEALTHCHECK --start-period=5s --interval=1m --timeout=2s --retries=5 \
         CMD curl --fail --header "Host: default.localhost" http://localhost:9000/index.php || exit 1

Dockerfiles/Dockerfile.in

@@ -1,17 +1,17 @@
 # syntax=docker/dockerfile:1.3
-FROM docker.io/elasticms/base-php:8.1-apache-dev as builder
+FROM docker.io/elasticms/base-php:8.4-apache-dev as builder
 
 # include(Args.m4)
 # include(Builder.m4)
 
-FROM docker.io/elasticms/base-php:8.1-apache as prd
+FROM docker.io/elasticms/base-php:8.4-apache as prd
 
 LABEL be.fgov.elasticms.web.environment="prd"
 
 # include(Args.m4)
 # include(Common.m4)
 
-FROM docker.io/elasticms/base-php:8.1-apache-dev as dev
+FROM docker.io/elasticms/base-php:8.4-apache-dev as dev
 
 LABEL be.fgov.elasticms.web.environment="dev"
 

README.md

@@ -187,4 +187,46 @@ Return WebSite Skeleton Prometheus metrics.
 | Variable Name | Description | Default |
 | - | - | - |
 | METRICS_ENABLED | Add metrics dedicated vhost running on a specific port (9090). | `empty` |
-| METRICS_VHOST_SERVER_NAME_CUSTOM | Apache ServerName directive used for dedicated vhost. | `$(hostname -i)` |
+| METRICS_VHOST_SERVER_NAME | Apache ServerName directive used for dedicated vhost. | `$(hostname -i)` |
+
+# 6.x ( PHP v8.4 - Road to ReadOnly Containers ... )
+
+- paths :
+  - /opt/(configs|secrets) -> /app/config/elasticms
+      -> plus de distinction entre secrets et configmaps 
+
+  - /opt/src -> /app/src/elasticms
+  - /opt/bin -> /app/sbin ( scripts créés dynamiquement , peut-etre être un volume )
+  - /tmp -> /app/tmp/elasticms.d 
+  - /var/lib/ems -> deleted
+
+- utilisation des variables environment non prefixee dans les scripts
+  - METRICS_ENABLED vs EMS_METRIC_ENABLED
+
+- rename variables
+  METRICS_VHOST_SERVER_NAME_CUSTOM -> METRICS_VHOST_SERVER_NAME
+  ENVIRONMENT_ALIAS -> APACHE_ENVIRONMENT_ALIAS
+
+- new variables
+
+export APP_BIN_DIR="/app/sbin"
+export APP_SRC_DIR="/app/src/elasticms"
+export APP_TMP_DIR="${TMPDIR}"
+
+export APP_CONFIG_DIR="${APP_TMP_DIR}/elasticms.d"
+export APP_CACHE_DIR="/app/var/cache/elasticms"
+export APP_LOG_DIR="/app/var/log/elasticms"
+
+export APACHE_PUBLIC_DIR="${APP_SRC_DIR}/public"
+export APACHE_ASSETS_DIR="${APACHE_PUBLIC_DIR}/bundles"
+
+HTPASSWD_FILE
+
+true
+
+
+
+APP_PUBLIC_DIR
+APP_ASSETS_DIR
+
+- use gtpl ald. tmpl pour éviter gomplate standard de l'image de base.  les templates reprennent des variables lues plus tard (dans les fichiers de config ems) 

bin/container-entrypoint.d/01-install.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+log "INFO" "- Install ElasticMS WebSite Configuration files"
+
+mkdir -p ${APP_CONFIG_DIR}
+
+if [ ! -z "$AWS_S3_CONFIG_BUCKET_NAME" ]; then
+
+  export AWS_S3_CONFIG_BUCKET_NAME=${AWS_S3_CONFIG_BUCKET_NAME#s3://}
+
+  list=(`aws s3 ls ${AWS_S3_CONFIG_BUCKET_NAME%/}/ ${AWS_CLI_EXTRA_ARGS} | awk '{print $4}'`)
+
+  for config in ${list[@]};
+  do
+    name=${config%.*}
+    log "INFO" "+ Install s3://${AWS_S3_CONFIG_BUCKET_NAME%/}/$config to ${APP_CONFIG_DIR}/$name"
+    aws s3 cp s3://${AWS_S3_CONFIG_BUCKET_NAME%/}/$config ${AWS_CLI_EXTRA_ARGS} - | envsubst > ${APP_CONFIG_DIR}/$name
+  done
+
+elif [ "$(ls -A /app/config/elasticms)" ]; then
+
+  for file in /app/config/elasticms/*; do
+    name=$(basename "$file" .${file##*.})
+    log "INFO" "+ Install $file to ${APP_CONFIG_DIR}/$name"
+    envsubst < $file > ${APP_CONFIG_DIR}/$name
+  done
+
+else
+
+  log "INFO" "+ Install default to ${APP_CONFIG_DIR}/default"
+  env | envsubst > ${APP_CONFIG_DIR}/default
+
+fi

bin/container-entrypoint.d/02-setup.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+log "INFO" "- Configure ElasticMS WebSite Container"
+
+for I in $(find ${APP_CONFIG_DIR}/* | sort)
+do
+
+  log "INFO" "+ Configure ElasticMS [$(basename "$I" .${I##*.})] WebSite instance"
+
+  for FILE in $(find /app/bin/container-entrypoint.d/elasticms.d -iname \*.sh | sort)
+  do
+    ELASTICMS_INSTANCE_NAME=$(basename "$I" .${I##*.}) \
+    ELASTICMS_INSTANCE_CONFIG_FILE=${I} \
+    source ${FILE}
+  done
+
+done

bin/container-entrypoint.d/elasticms.d/01-core.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -a
+source ${ELASTICMS_INSTANCE_CONFIG_FILE}
+set +a

bin/container-entrypoint.d/elasticms.d/10-folders.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+log "INFO" "| Create required folders"
+
+OUTDIR="${APP_CONFIG_DIR} ${APP_LOG_DIR} ${APP_CACHE_DIR}"
+
+mkdir -p $OUTDIR

bin/container-entrypoint.d/elasticms.d/20-shell-scripts.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+log "INFO" "| Create ElasticMS WebSite Shell script in ${APP_BIN_DIR}"
+
+gomplate -f /app/config/sbin/instance.sh.gtpl \
+         -o ${APP_BIN_DIR}/${ELASTICMS_INSTANCE_NAME}
+
+chmod a+x ${APP_BIN_DIR}/${ELASTICMS_INSTANCE_NAME}

bin/container-entrypoint.d/elasticms.d/30-varnish.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+log "INFO" "| Configure Varnish VCL file"
+
+if [[ ! -z ${VARNISH_ENABLED} ]] && [[ ${VARNISH_ENABLED,,} = true ]]; then
+
+  if [[ -f ${VARNISH_VCL_CONF} ]]; then
+
+    log "INFO" "+ Varnish VCL file [ ${VARNISH_VCL_CONF} ] already exist.  Using this VCL with Varnish."
+
+  else
+
+    log "INFO" "+ Varnish VCL file [ ${VARNISH_VCL_CONF} ] not exist.  Generation of the VCL dynamically."
+
+    gomplate -f /app/config/varnish/default.vcl.gtpl \
+             -o ${VARNISH_VCL_CONF}
+
+  fi
+
+fi

bin/container-entrypoint.d/elasticms.d/40-apache.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+log "INFO" "| Configure ElasticMS Apache VirtualHosts ..."
+
+if [[ ! -z ${APACHE_ENABLED} ]] && [[ ${APACHE_ENABLED,,} = true ]]; then
+
+  log "INFO" "+ Configure [ ${ELASTICMS_INSTANCE_NAME} ] VirtualHost for ElasticMS WebSite on [ ${SERVER_NAME} ]."
+
+  gomplate -f /app/config/apache2/conf.d/elasticms.conf.gtpl \
+           -o /app/etc/apache2/conf.d/${ELASTICMS_INSTANCE_NAME}-app.conf
+
+  cat ${APP_CONFIG_DIR}/${ELASTICMS_INSTANCE_NAME} | sed '/^\s*$/d' | grep  -v '^#' | sed "s/\([a-zA-Z0-9_]*\)\=\(.*\)/        SetEnv \1 \2/g" >> /app/etc/apache2/conf.d/${ELASTICMS_INSTANCE_NAME}-app.env
+
+  if [[ ! -z ${METRICS_ENABLED} ]] && [[ ${METRICS_ENABLED,,} = true ]]; then
+
+    if [ ! -f /app/etc/apache2/conf.d/__metrics.conf ] ; then
+
+      if [[ ! -z ${EMS_METRIC_ENABLED} ]] && [[ ${EMS_METRIC_ENABLED,,} = true ]]; then
+
+        log "INFO" "+ Configure [ metrics ] VirtualHost for ElasticMS WebSite on [ ${METRICS_VHOST_SERVER_NAME} ]."
+
+        gomplate -f /app/config/apache2/conf.d/metrics.conf.gtpl \
+                 -o /app/etc/apache2/conf.d/__metrics.conf
+
+        cat ${APP_CONFIG_DIR}/${ELASTICMS_INSTANCE_NAME} | sed '/^\s*$/d' | grep  -v '^#' | sed "s/\([a-zA-Z0-9_]*\)\=\(.*\)/SetEnv \1 \2/g" >> /app/etc/apache2/conf.d/__metrics.env
+
+      fi
+
+    fi
+
+  fi
+
+fi

bin/container-entrypoint.d/elasticms.d/41-basicauth.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+if [[ -n ${APACHE_PROTECTED_URL} ]]; then
+
+  log "INFO" "+ Configure Basic Authentification on [ ${APACHE_PROTECTED_URL} ]."
+
+  if ! [ -w ${HTPASSWD_FILE} ]; then
+
+    htpasswd -bc ${HTPASSWD_FILE} ${HTPASSWD_USERNAME} ${HTPASSWD_PASSWORD}
+
+    if [ $? -ne 0 ]; then
+      log "ERROR" "! Something was wrong when we create .htpasswd file !"
+    fi
+
+  else
+    log "WARN" "! .htpasswd file already exist.  We use it to protect !"
+  fi
+
+fi

bin/container-entrypoint.d/elasticms.d/60-assets.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+log "INFO" "+ Running ElasticMS assets installation to ${APACHE_ASSETS_DIR} folder for [ ${ELASTICMS_INSTANCE_NAME} ] WebSite Domain ..."
+
+${APP_BIN_DIR}/${ELASTICMS_INSTANCE_NAME} asset:install ${APACHE_PUBLIC_DIR} --symlink --no-interaction --env=prod
+
+if [ $? -ne 0 ]; then
+  log "WARN" "! Something doesn't work with ElasticMS assets installation !"
+fi

bin/container-entrypoint.d/elasticms.d/70-cache.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+log "INFO" "+ Running ElasticMS cache warming up for [ ${ELASTICMS_INSTANCE_NAME} ] WebSite Domain ..."
+
+${APP_BIN_DIR}/${ELASTICMS_INSTANCE_NAME} cache:warm --no-interaction --env=prod
+
+if [ $? -ne 0 ]; then
+  log "WARN" "! Something doesn't work with ElasticMS cache warming up !"
+fi

bin/container-entrypoint.d/elasticms.d/80-metrics.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+if [[ ! -z ${EMS_METRICS_ENABLED} ]] && [[ ${EMS_METRICS_ENABLED,,} = true ]]; then
+
+  log "INFO" "+ Clear ElasticMS metrics for [ ${ELASTICMS_INSTANCE_NAME} ] WebSite Domain ..."
+
+  ${APP_BIN_DIR}/${ELASTICMS_INSTANCE_NAME} ems:metric:collect --clear
+
+  if [ $? -ne 0 ]; then
+    log "WARN" "! Something doesn't work with ElasticMS metrics clearing !"
+  fi
+
+fi

bin/container-entrypoint.d/entrypoint.d/01-core.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+LOG_LEVEL_DEFAULT="WARNING"
+CLI_PHP_MEMORY_LIMIT_DEFAULT="512M"
+
+export LOG_LEVEL=${LOG_LEVEL:-"${LOG_LEVEL_DEFAULT}"}
+export CLI_PHP_MEMORY_LIMIT=${CLI_PHP_MEMORY_LIMIT:-"${CLI_PHP_MEMORY_LIMIT_DEFAULT}"}
+
+if [ ! -z "$AWS_S3_ENDPOINT_URL" ]; then
+  export AWS_CLI_EXTRA_ARGS="--endpoint-url ${AWS_S3_ENDPOINT_URL}"
+fi
+
+true

bin/container-entrypoint.d/entrypoint.d/02-php.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+PHP_POST_MAX_SIZE_DEFAULT="128"
+PHP_UPLOAD_MAX_FILESIZE_DEFAULT="128"
+
+export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-"${PHP_POST_MAX_SIZE_DEFAULT}"}
+export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-"${PHP_UPLOAD_MAX_FILESIZE_DEFAULT}"}
+
+true

bin/container-entrypoint.d/entrypoint.d/10-folders.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+export APP_BIN_DIR="/app/sbin"
+export APP_SRC_DIR="/app/src/elasticms"
+export APP_TMP_DIR="${TMPDIR}"
+
+export APP_CONFIG_DIR="${APP_TMP_DIR}/elasticms.d"
+export APP_CACHE_DIR="/app/var/cache/elasticms"
+export APP_LOG_DIR="/app/var/log/elasticms"
+
+true

bin/container-entrypoint.d/entrypoint.d/30-varnish.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_METHOD_DEFAULT="HEAD"
+VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_URI_DEFAULT="/index.php?varnish"
+VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_VERSION_DEFAULT="HTTP/1.1"
+VARNISH_VCL_BACKEND_PROBE_REQUEST_HOST_DEFAULT="default.localhost"
+VARNISH_VCL_BACKEND_PROBE_TIMEOUT_DEFAULT="1s"
+VARNISH_VCL_BACKEND_PROBE_INTERVAL_DEFAULT="5s"
+VARNISH_VCL_BACKEND_PROBE_WINDOW_DEFAULT="5"
+VARNISH_VCL_BACKEND_PROBE_THRESHOLD_DEFAULT="3"
+
+VARNISH_VCL_RECV_REQUEST_X_FORWARDED_PROTO_HEADER_NAME_DEFAULT="X-Forwarded-Proto"
+
+VARNISH_VCL_BACKEND_RESPONSE_TTL_DEFAULT="10s"
+VARNISH_VCL_BACKEND_RESPONSE_GRACE_DEFAULT="24h"
+
+export VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_METHOD=${VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_METHOD_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_METHOD_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_URI=${VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_URI_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_URI_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_VERSION=${VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_VERSION_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_VERSION_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_REQUEST_HOST=${VARNISH_VCL_BACKEND_PROBE_REQUEST_HOST_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_REQUEST_HOST_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_TIMEOUT=${VARNISH_VCL_BACKEND_PROBE_TIMEOUT_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_TIMEOUT_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_INTERVAL=${VARNISH_VCL_BACKEND_PROBE_INTERVAL_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_INTERVAL_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_WINDOW=${VARNISH_VCL_BACKEND_PROBE_WINDOW_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_WINDOW_DEFAULT}"}
+export VARNISH_VCL_BACKEND_PROBE_THRESHOLD=${VARNISH_VCL_BACKEND_PROBE_THRESHOLD_CUSTOM:-"${VARNISH_VCL_BACKEND_PROBE_THRESHOLD_DEFAULT}"}
+
+export VARNISH_VCL_RECV_REQUEST_X_FORWARDED_PROTO_HEADER_NAME=${VARNISH_VCL_RECV_REQUEST_X_FORWARDED_PROTO_HEADER_NAME_CUSTOM:-"${VARNISH_VCL_RECV_REQUEST_X_FORWARDED_PROTO_HEADER_NAME_DEFAULT}"}
+
+export VARNISH_VCL_BACKEND_RESPONSE_TTL=${VARNISH_VCL_BACKEND_RESPONSE_TTL_CUSTOM:-"${VARNISH_VCL_BACKEND_RESPONSE_TTL_DEFAULT}"}
+export VARNISH_VCL_BACKEND_RESPONSE_GRACE=${VARNISH_VCL_BACKEND_RESPONSE_GRACE_CUSTOM:-"${VARNISH_VCL_BACKEND_RESPONSE_GRACE_DEFAULT}"}
+
+true